kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update logging sink to tf1.3 in resman modules

Browse Source
This commit is contained in:
Julio Castillo
2022-11-11 19:05:39 +01:00
parent e6947dd6a6
commit 486d398c7d
21 changed files with 484 additions and 418 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
tests/modules/folder/fixture/test.logging-sinks.tfvars Normal file
View File

@@ -0,0 +1,37 @@
logging_sinks = {
warning = {
destination = {
type = "storage"
target = "mybucket"
}
filter = "severity=WARNING"
}
info = {
destination = {
type = "bigquery"
target = "projects/myproject/datasets/mydataset"
}
filter = "severity=INFO"
disabled = true
}
notice = {
destination = {
type = "pubsub"
target = "projects/myproject/topics/mytopic"
}
filter = "severity=NOTICE"
include_children = false
}
debug = {
destination = {
type = "logging"
target = "projects/myproject/locations/global/buckets/mybucket"
}
filter = "severity=DEBUG"
include_children = false
exclusions = {
no-compute = "logName:compute"
no-container = "logName:container"
}
}
}

148
tests/modules/folder/test_plan_logging.py
View File

@@ -14,47 +14,13 @@
from collections import Counter
from icecream import ic
def test_sinks(plan_runner):
"Test folder-level sinks."
logging_sinks = """ {
warning = {
type = "storage"
destination = "mybucket"
filter = "severity=WARNING"
iam = true
include_children = true
exclusions = {}
}
info = {
type = "bigquery"
destination = "projects/myproject/datasets/mydataset"
filter = "severity=INFO"
iam = true
include_children = true
exclusions = {}
}
notice = {
type = "pubsub"
destination = "projects/myproject/topics/mytopic"
filter = "severity=NOTICE"
iam = true
include_children = false
exclusions = {}
}
debug = {
type = "logging"
destination = "projects/myproject/locations/global/buckets/mybucket"
filter = "severity=DEBUG"
iam = true
include_children = false
exclusions = {
no-compute = "logName:compute"
no-container = "logName:container"
}
}
}
"""
_, resources = plan_runner(logging_sinks=logging_sinks)
tfvars = 'test.logging-sinks.tfvars'
_, resources = plan_runner(tf_var_file=tfvars)
assert len(resources) == 9
resource_types = Counter([r["type"] for r in resources])
@@ -74,65 +40,59 @@ def test_sinks(plan_runner):
"notice",
"warning",
]
values = [
(
r["index"],
r["values"]["filter"],
r["values"]["destination"],
r["values"]["include_children"],
)
for r in sinks
]
values = [(
r["index"],
r["values"]["filter"],
r["values"]["destination"],
r["values"]["description"],
r["values"]["include_children"],
r["values"]["disabled"],
) for r in sinks]
assert sorted(values) == [
(
"debug",
"severity=DEBUG",
"logging.googleapis.com/projects/myproject/locations/global/buckets/mybucket",
False,
),
(
"info",
"severity=INFO",
"bigquery.googleapis.com/projects/myproject/datasets/mydataset",
True,
),
(
"notice",
"severity=NOTICE",
"pubsub.googleapis.com/projects/myproject/topics/mytopic",
False,
),
("warning", "severity=WARNING", "storage.googleapis.com/mybucket", True),
("debug", "severity=DEBUG",
"logging.googleapis.com/projects/myproject/locations/global/buckets/mybucket",
"debug (Terraform-managed).", False, False),
("info", "severity=INFO",
"bigquery.googleapis.com/projects/myproject/datasets/mydataset",
"info (Terraform-managed).", True, True),
("notice", "severity=NOTICE",
"pubsub.googleapis.com/projects/myproject/topics/mytopic",
"notice (Terraform-managed).", False, False),
("warning", "severity=WARNING", "storage.googleapis.com/mybucket",
"warning (Terraform-managed).", True, False),
]
bindings = [r for r in resources if "member" in r["type"]]
values = [(r["index"], r["type"], r["values"]["role"]) for r in bindings]
values = [(r["index"], r["type"], r["values"]["role"],
r["values"]["condition"]) for r in bindings]
assert sorted(values) == [
("debug", "google_project_iam_member", "roles/logging.bucketWriter"),
("info", "google_bigquery_dataset_iam_member", "roles/bigquery.dataEditor"),
("notice", "google_pubsub_topic_iam_member", "roles/pubsub.publisher"),
("warning", "google_storage_bucket_iam_member", "roles/storage.objectCreator"),
("debug", "google_project_iam_member", "roles/logging.bucketWriter", [{
'expression':
"resource.name.endsWith('projects/myproject/locations/global/buckets/mybucket')",
'title':
'debug bucket writer'
}]),
("info", "google_bigquery_dataset_iam_member",
"roles/bigquery.dataEditor", []),
("notice", "google_pubsub_topic_iam_member", "roles/pubsub.publisher",
[]),
("warning", "google_storage_bucket_iam_member",
"roles/storage.objectCreator", []),
]
exclusions = [(r["index"], r["values"]["exclusions"]) for r in sinks]
assert sorted(exclusions) == [
(
"debug",
[
{
"description": None,
"disabled": False,
"filter": "logName:compute",
"name": "no-compute",
},
{
"description": None,
"disabled": False,
"filter": "logName:container",
"name": "no-container",
},
],
),
("debug", [{
"description": None,
"disabled": False,
"filter": "logName:compute",
"name": "no-compute"
}, {
"description": None,
"disabled": False,
"filter": "logName:container",
"name": "no-container"
}]),
("info", []),
("notice", []),
("warning", []),
@@ -141,12 +101,10 @@ def test_sinks(plan_runner):
def test_exclusions(plan_runner):
"Test folder-level logging exclusions."
logging_exclusions = (
"{"
'exclusion1 = "resource.type=gce_instance", '
'exclusion2 = "severity=NOTICE", '
"}"
)
logging_exclusions = ("{"
'exclusion1 = "resource.type=gce_instance", '
'exclusion2 = "severity=NOTICE", '
"}")
_, resources = plan_runner(logging_exclusions=logging_exclusions)
assert len(resources) == 3
exclusions = [

37
tests/modules/organization/fixture/test.logging-sinks.tfvars Normal file
View File

@@ -0,0 +1,37 @@
logging_sinks = {
warning = {
destination = {
type = "storage"
target = "mybucket"
}
filter = "severity=WARNING"
}
info = {
destination = {
type = "bigquery"
target = "projects/myproject/datasets/mydataset"
}
filter = "severity=INFO"
disabled = true
}
notice = {
destination = {
type = "pubsub"
target = "projects/myproject/topics/mytopic"
}
filter = "severity=NOTICE"
include_children = false
}
debug = {
destination = {
type = "logging"
target = "projects/myproject/locations/global/buckets/mybucket"
}
filter = "severity=DEBUG"
include_children = false
exclusions = {
no-compute = "logName:compute"
no-container = "logName:container"
}
}
}

84
tests/modules/organization/test_plan_logging.py
View File

@@ -17,49 +17,8 @@ from collections import Counter
def test_sinks(plan_runner):
"Test folder-level sinks."
logging_sinks = """ {
warning = {
type = "storage"
destination = "mybucket"
filter = "severity=WARNING"
iam = true
include_children = true
bq_partitioned_table = null
exclusions = {}
}
info = {
type = "bigquery"
destination = "projects/myproject/datasets/mydataset"
filter = "severity=INFO"
iam = true
include_children = true
bq_partitioned_table = false
exclusions = {}
}
notice = {
type = "pubsub"
destination = "projects/myproject/topics/mytopic"
filter = "severity=NOTICE"
iam = true
include_children = false
bq_partitioned_table = null
exclusions = {}
}
debug = {
type = "logging"
destination = "projects/myproject/locations/global/buckets/mybucket"
filter = "severity=DEBUG"
iam = true
include_children = false
bq_partitioned_table = null
exclusions = {
no-compute = "logName:compute"
no-container = "logName:container"
}
}
}
"""
_, resources = plan_runner(logging_sinks=logging_sinks)
tfvars = 'test.logging-sinks.tfvars'
_, resources = plan_runner(tf_var_file=tfvars)
assert len(resources) == 8
resource_types = Counter([r["type"] for r in resources])
@@ -71,23 +30,21 @@ def test_sinks(plan_runner):
"google_storage_bucket_iam_member": 1,
}
sinks = [r for r in resources if r["type"]
== "google_logging_organization_sink"]
sinks = [
r for r in resources if r["type"] == "google_logging_organization_sink"
]
assert sorted([r["index"] for r in sinks]) == [
"debug",
"info",
"notice",
"warning",
]
values = [
(
r["index"],
r["values"]["filter"],
r["values"]["destination"],
r["values"]["include_children"],
)
for r in sinks
]
values = [(
r["index"],
r["values"]["filter"],
r["values"]["destination"],
r["values"]["include_children"],
) for r in sinks]
assert sorted(values) == [
(
"debug",
@@ -114,9 +71,11 @@ def test_sinks(plan_runner):
values = [(r["index"], r["type"], r["values"]["role"]) for r in bindings]
assert sorted(values) == [
("debug", "google_project_iam_member", "roles/logging.bucketWriter"),
("info", "google_bigquery_dataset_iam_member", "roles/bigquery.dataEditor"),
("info", "google_bigquery_dataset_iam_member",
"roles/bigquery.dataEditor"),
("notice", "google_pubsub_topic_iam_member", "roles/pubsub.publisher"),
("warning", "google_storage_bucket_iam_member", "roles/storage.objectCreator"),
("warning", "google_storage_bucket_iam_member",
"roles/storage.objectCreator"),
]
exclusions = [(r["index"], r["values"]["exclusions"]) for r in sinks]
@@ -146,16 +105,15 @@ def test_sinks(plan_runner):
def test_exclusions(plan_runner):
"Test folder-level logging exclusions."
logging_exclusions = (
"{"
'exclusion1 = "resource.type=gce_instance", '
'exclusion2 = "severity=NOTICE", '
"}"
)
logging_exclusions = ("{"
'exclusion1 = "resource.type=gce_instance", '
'exclusion2 = "severity=NOTICE", '
"}")
_, resources = plan_runner(logging_exclusions=logging_exclusions)
assert len(resources) == 2
exclusions = [
r for r in resources if r["type"] == "google_logging_organization_exclusion"
r for r in resources
if r["type"] == "google_logging_organization_exclusion"
]
assert sorted([r["index"] for r in exclusions]) == [
"exclusion1",

37
tests/modules/project/fixture/test.logging-sinks.tfvars Normal file
View File

@@ -0,0 +1,37 @@
logging_sinks = {
warning = {
destination = {
type = "storage"
target = "mybucket"
}
filter = "severity=WARNING"
}
info = {
destination = {
type = "bigquery"
target = "projects/myproject/datasets/mydataset"
}
filter = "severity=INFO"
disabled = true
}
notice = {
destination = {
type = "pubsub"
target = "projects/myproject/topics/mytopic"
}
filter = "severity=NOTICE"
unique_writer = true
}
debug = {
destination = {
type = "logging"
target = "projects/myproject/locations/global/buckets/mybucket"
}
filter = "severity=DEBUG"
exclusions = {
no-compute = "logName:compute"
no-container = "logName:container"
}
unique_writer = true
}
}

9
tests/modules/project/fixture/variables.tf
View File

@@ -110,14 +110,7 @@ variable "services" {
}
variable "logging_sinks" {
type = map(object({
destination = string
type = string
filter = string
iam = bool
exclusions = map(string)
unique_writer = bool
}))
type = any
default = {}
}

74
tests/modules/project/test_plan_logging.py
View File

@@ -17,45 +17,8 @@ from collections import Counter
def test_sinks(plan_runner):
"Test folder-level sinks."
logging_sinks = """ {
warning = {
type = "storage"
destination = "mybucket"
filter = "severity=WARNING"
iam = true
exclusions = {}
unique_writer = false
}
info = {
type = "bigquery"
destination = "projects/myproject/datasets/mydataset"
filter = "severity=INFO"
iam = true
exclusions = {}
unique_writer = false
}
notice = {
type = "pubsub"
destination = "projects/myproject/topics/mytopic"
filter = "severity=NOTICE"
iam = true
exclusions = {}
unique_writer = false
}
debug = {
type = "logging"
destination = "projects/myproject/locations/global/buckets/mybucket"
filter = "severity=DEBUG"
iam = true
exclusions = {
no-compute = "logName:compute"
no-container = "logName:container"
}
unique_writer = true
}
}
"""
_, resources = plan_runner(logging_sinks=logging_sinks)
tfvars = 'test.logging-sinks.tfvars'
_, resources = plan_runner(tf_var_file=tfvars)
assert len(resources) == 12
resource_types = Counter([r["type"] for r in resources])
@@ -77,15 +40,12 @@ def test_sinks(plan_runner):
"notice",
"warning",
]
values = [
(
r["index"],
r["values"]["filter"],
r["values"]["destination"],
r["values"]["unique_writer_identity"],
)
for r in sinks
]
values = [(
r["index"],
r["values"]["filter"],
r["values"]["destination"],
r["values"]["unique_writer_identity"],
) for r in sinks]
assert sorted(values) == [
(
"debug",
@@ -103,7 +63,7 @@ def test_sinks(plan_runner):
"notice",
"severity=NOTICE",
"pubsub.googleapis.com/projects/myproject/topics/mytopic",
False,
True,
),
("warning", "severity=WARNING", "storage.googleapis.com/mybucket", False),
]
@@ -112,9 +72,11 @@ def test_sinks(plan_runner):
values = [(r["index"], r["type"], r["values"]["role"]) for r in bindings]
assert sorted(values) == [
("debug", "google_project_iam_member", "roles/logging.bucketWriter"),
("info", "google_bigquery_dataset_iam_member", "roles/bigquery.dataEditor"),
("info", "google_bigquery_dataset_iam_member",
"roles/bigquery.dataEditor"),
("notice", "google_pubsub_topic_iam_member", "roles/pubsub.publisher"),
("warning", "google_storage_bucket_iam_member", "roles/storage.objectCreator"),
("warning", "google_storage_bucket_iam_member",
"roles/storage.objectCreator"),
]
exclusions = [(r["index"], r["values"]["exclusions"]) for r in sinks]
@@ -144,12 +106,10 @@ def test_sinks(plan_runner):
def test_exclusions(plan_runner):
"Test folder-level logging exclusions."
logging_exclusions = (
"{"
'exclusion1 = "resource.type=gce_instance", '
'exclusion2 = "severity=NOTICE", '
"}"
)
logging_exclusions = ("{"
'exclusion1 = "resource.type=gce_instance", '
'exclusion2 = "severity=NOTICE", '
"}")
_, resources = plan_runner(logging_exclusions=logging_exclusions)
assert len(resources) == 6
exclusions = [