Migrate project module to new tests

tests/modules/project/examples/basic.yaml

@@ -0,0 +1,39 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+values:
+  module.project.google_project.project[0]:
+    auto_create_network: false
+    billing_account: 123456-123456-123456
+    folder_id: '1234567890'
+    labels: null
+    name: foo-myproject
+    org_id: null
+    project_id: foo-myproject
+    skip_delete: false
+  module.project.google_project_service.project_services["container.googleapis.com"]:
+    disable_dependent_services: false
+    disable_on_destroy: false
+    project: foo-myproject
+    service: container.googleapis.com
+  module.project.google_project_service.project_services["stackdriver.googleapis.com"]:
+    disable_dependent_services: false
+    disable_on_destroy: false
+    project: foo-myproject
+    service: stackdriver.googleapis.com
+
+counts:
+  google_project: 1
+  google_project_service: 2

tests/modules/project/examples/iam-additive-members.yaml

@@ -0,0 +1,36 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.project.google_project.project[0]:
+    project_id: project-example
+  module.project.google_project_iam_member.additive["roles/editor-user:two@example.org"]:
+    condition: []
+    member: user:two@example.org
+    project: project-example
+    role: roles/editor
+  module.project.google_project_iam_member.additive["roles/owner-user:one@example.org"]:
+    condition: []
+    member: user:one@example.org
+    project: project-example
+    role: roles/owner
+  module.project.google_project_iam_member.additive["roles/owner-user:two@example.org"]:
+    condition: []
+    member: user:two@example.org
+    project: project-example
+    role: roles/owner
+
+counts:
+  google_project: 1
+  google_project_iam_member: 3

tests/modules/project/examples/iam-additive.yaml

@@ -0,0 +1,40 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.project.google_project.project[0]: {}
+  module.project.google_project_iam_member.additive["roles/owner-group:three@example.org"]:
+    condition: []
+    member: group:three@example.org
+    project: project-example
+    role: roles/owner
+  module.project.google_project_iam_member.additive["roles/storage.objectAdmin-group:two@example.org"]:
+    condition: []
+    member: group:two@example.org
+    project: project-example
+    role: roles/storage.objectAdmin
+  module.project.google_project_iam_member.additive["roles/viewer-group:one@example.org"]:
+    condition: []
+    member: group:one@example.org
+    project: project-example
+    role: roles/viewer
+  module.project.google_project_iam_member.additive["roles/viewer-group:two@xample.org"]:
+    condition: []
+    member: group:two@xample.org
+    project: project-example
+    role: roles/viewer
+
+counts:
+  google_project: 1
+  google_project_iam_member: 4

tests/modules/project/examples/iam-authoritative.yaml

@@ -0,0 +1,39 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.project.google_project.project[0]: {}
+  module.project.google_project_iam_binding.authoritative["roles/container.hostServiceAgentUser"]:
+    condition: []
+    members:
+    - serviceAccount:my_gke_service_account
+    project: foo-project-example
+    role: roles/container.hostServiceAgentUser
+  module.project.google_project_service.project_services["container.googleapis.com"]:
+    disable_dependent_services: false
+    disable_on_destroy: false
+    project: foo-project-example
+    service: container.googleapis.com
+    timeouts: null
+  module.project.google_project_service.project_services["stackdriver.googleapis.com"]:
+    disable_dependent_services: false
+    disable_on_destroy: false
+    project: foo-project-example
+    service: stackdriver.googleapis.com
+    timeouts: null
+
+counts:
+  google_project: 1
+  google_project_iam_binding: 1
+  google_project_service: 2

tests/modules/project/examples/iam-group.yaml

@@ -0,0 +1,44 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.project.google_project.project[0]: {}
+  module.project.google_project_iam_binding.authoritative["roles/cloudasset.owner"]:
+    condition: []
+    members:
+    - group:gcp-security-admins@example.com
+    project: foo-project-example
+    role: roles/cloudasset.owner
+  module.project.google_project_iam_binding.authoritative["roles/cloudsupport.techSupportEditor"]:
+    condition: []
+    members:
+    - group:gcp-security-admins@example.com
+    project: foo-project-example
+    role: roles/cloudsupport.techSupportEditor
+  module.project.google_project_iam_binding.authoritative["roles/iam.securityReviewer"]:
+    condition: []
+    members:
+    - group:gcp-security-admins@example.com
+    project: foo-project-example
+    role: roles/iam.securityReviewer
+  module.project.google_project_iam_binding.authoritative["roles/logging.admin"]:
+    condition: []
+    members:
+    - group:gcp-security-admins@example.com
+    project: foo-project-example
+    role: roles/logging.admin
+
+counts:
+  google_project: 1
+  google_project_iam_binding: 4

tests/modules/project/examples/kms.yaml

@@ -0,0 +1,38 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.org.google_tags_tag_key.default["environment"]:
+    description: Environment specification.
+    parent: organizations/1122334455
+    purpose: null
+    purpose_data: null
+    short_name: environment
+  module.org.google_tags_tag_value.default["environment/dev"]:
+    description: Managed by the Terraform organization module.
+    short_name: dev
+  module.org.google_tags_tag_value.default["environment/prod"]:
+    description: Managed by the Terraform organization module.
+    short_name: prod
+  module.project.google_project.project[0]: 
+    project_id: test-project
+  module.project.google_tags_tag_binding.binding["env-prod"]: {}
+  module.project.google_tags_tag_binding.binding["foo"]:
+    tag_value: tagValues/12345678
+
+counts:
+  google_project: 1
+  google_tags_tag_binding: 2
+  google_tags_tag_key: 1
+  google_tags_tag_value: 2

tests/modules/project/examples/logging.yaml

@@ -0,0 +1,94 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.project-host.google_bigquery_dataset_iam_member.bq-sinks-binding["info"]:
+    condition: []
+    role: roles/bigquery.dataEditor
+  module.project-host.google_logging_project_exclusion.logging-exclusion["no-gce-instances"]:
+    description: no-gce-instances (Terraform-managed).
+    disabled: null
+    filter: resource.type=gce_instance
+    name: no-gce-instances
+    project: my-project
+  module.project-host.google_logging_project_sink.sink["debug"]:
+    description: debug (Terraform-managed).
+    disabled: false
+    exclusions:
+    - description: null
+      disabled: false
+      filter: logName:compute
+      name: no-compute
+    filter: severity=DEBUG
+    name: debug
+    project: my-project
+    unique_writer_identity: false
+  module.project-host.google_logging_project_sink.sink["info"]:
+    description: info (Terraform-managed).
+    disabled: false
+    exclusions: []
+    filter: severity=INFO
+    name: info
+    project: my-project
+    unique_writer_identity: false
+  module.project-host.google_logging_project_sink.sink["notice"]:
+    description: notice (Terraform-managed).
+    disabled: false
+    exclusions: []
+    filter: severity=NOTICE
+    name: notice
+    project: my-project
+    unique_writer_identity: false
+  module.project-host.google_logging_project_sink.sink["warnings"]:
+    description: warnings (Terraform-managed).
+    destination: storage.googleapis.com/gcs_sink
+    disabled: false
+    exclusions: []
+    filter: severity=WARNING
+    name: warnings
+    project: my-project
+    unique_writer_identity: false
+  module.project-host.google_project.project[0]:
+    auto_create_network: false
+    billing_account: 123456-123456-123456
+    folder_id: '1234567890'
+    labels: null
+    name: my-project
+    org_id: null
+    project_id: my-project
+    skip_delete: false
+  module.project-host.google_project_iam_member.bucket-sinks-binding["debug"]:
+    condition:
+    - title: debug bucket writer
+    role: roles/logging.bucketWriter
+  module.project-host.google_pubsub_topic_iam_member.pubsub-sinks-binding["notice"]:
+    condition: []
+    role: roles/pubsub.publisher
+  module.project-host.google_storage_bucket_iam_member.gcs-sinks-binding["warnings"]:
+    bucket: gcs_sink
+    condition: []
+    role: roles/storage.objectCreator
+
+counts:
+  google_bigquery_dataset: 1
+  google_bigquery_dataset_iam_member: 1
+  google_logging_project_bucket_config: 1
+  google_logging_project_exclusion: 1
+  google_logging_project_sink: 4
+  google_project: 1
+  google_project_iam_member: 1
+  google_pubsub_topic: 1
+  google_pubsub_topic_iam_member: 1
+  google_storage_bucket: 1
+  google_storage_bucket_iam_member: 1

tests/modules/project/examples/org-policies.yaml

@@ -0,0 +1,125 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.project.google_org_policy_policy.default["compute.disableGuestAttributesAccess"]:
+    name: projects/foo-project-example/policies/compute.disableGuestAttributesAccess
+    parent: projects/foo-project-example
+    spec:
+    - inherit_from_parent: null
+      reset: null
+      rules:
+      - allow_all: null
+        condition: []
+        deny_all: null
+        enforce: 'TRUE'
+        values: []
+  module.project.google_org_policy_policy.default["constraints/compute.skipDefaultNetworkCreation"]:
+    name: projects/foo-project-example/policies/constraints/compute.skipDefaultNetworkCreation
+    parent: projects/foo-project-example
+    spec:
+    - inherit_from_parent: null
+      reset: null
+      rules:
+      - allow_all: null
+        condition: []
+        deny_all: null
+        enforce: 'TRUE'
+        values: []
+  module.project.google_org_policy_policy.default["constraints/compute.trustedImageProjects"]:
+    name: projects/foo-project-example/policies/constraints/compute.trustedImageProjects
+    parent: projects/foo-project-example
+    spec:
+    - inherit_from_parent: null
+      reset: null
+      rules:
+      - allow_all: null
+        condition: []
+        deny_all: null
+        enforce: null
+        values:
+        - allowed_values:
+          - projects/my-project
+          denied_values: null
+  module.project.google_org_policy_policy.default["constraints/compute.vmExternalIpAccess"]:
+    name: projects/foo-project-example/policies/constraints/compute.vmExternalIpAccess
+    parent: projects/foo-project-example
+    spec:
+    - inherit_from_parent: null
+      reset: null
+      rules:
+      - allow_all: null
+        condition: []
+        deny_all: 'TRUE'
+        enforce: null
+        values: []
+  module.project.google_org_policy_policy.default["constraints/iam.allowedPolicyMemberDomains"]:
+    name: projects/foo-project-example/policies/constraints/iam.allowedPolicyMemberDomains
+    parent: projects/foo-project-example
+    spec:
+    - inherit_from_parent: null
+      reset: null
+      rules:
+      - allow_all: null
+        condition: []
+        deny_all: null
+        enforce: null
+        values:
+        - allowed_values:
+          - C0xxxxxxx
+          - C0yyyyyyy
+          denied_values: null
+  module.project.google_org_policy_policy.default["iam.disableServiceAccountKeyCreation"]:
+    name: projects/foo-project-example/policies/iam.disableServiceAccountKeyCreation
+    parent: projects/foo-project-example
+    spec:
+    - inherit_from_parent: null
+      reset: null
+      rules:
+      - allow_all: null
+        condition: []
+        deny_all: null
+        enforce: 'TRUE'
+        values: []
+  module.project.google_org_policy_policy.default["iam.disableServiceAccountKeyUpload"]:
+    name: projects/foo-project-example/policies/iam.disableServiceAccountKeyUpload
+    parent: projects/foo-project-example
+    spec:
+    - inherit_from_parent: null
+      reset: null
+      rules:
+      - allow_all: null
+        condition: []
+        deny_all: null
+        enforce: 'FALSE'
+        values: []
+      - allow_all: null
+        condition:
+        - description: test condition
+          expression: resource.matchTagId("tagKeys/1234", "tagValues/1234")
+          location: somewhere
+          title: condition
+        deny_all: null
+        enforce: 'TRUE'
+        values: []
+  module.project.google_project.project[0]:
+    billing_account: 123456-123456-123456
+    folder_id: '1234567890'
+    name: foo-project-example
+    org_id: null
+    project_id: foo-project-example
+
+counts:
+  google_org_policy_policy: 7
+  google_project: 1

tests/modules/project/examples/outputs.yaml

@@ -0,0 +1,27 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.project.google_project.project[0]: 
+    project_id: project-example
+  module.project.google_project_service.project_services["compute.googleapis.com"]:
+    project: project-example
+    service: compute.googleapis.com
+
+counts:
+  google_project: 1
+  google_project_service: 1
+
+outputs:
+  compute_robot: __missing__

tests/modules/project/examples/shared-vpc.yaml

@@ -0,0 +1,46 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.host-project.google_compute_shared_vpc_host_project.shared_vpc_host[0]:
+    project: my-host-project
+  module.host-project.google_project.project[0]:
+    project_id: my-host-project
+  module.service-project.google_compute_shared_vpc_service_project.shared_vpc_service[0]:
+    host_project: my-host-project
+    service_project: my-service-project
+  module.service-project.google_project.project[0]:
+    project_id: my-service-project
+  module.service-project.google_project_iam_member.shared_vpc_host_robots["roles/compute.networkUser:cloudservices"]:
+    condition: []
+    project: my-host-project
+    role: roles/compute.networkUser
+  module.service-project.google_project_iam_member.shared_vpc_host_robots["roles/compute.networkUser:container-engine"]:
+    condition: []
+    project: my-host-project
+    role: roles/compute.networkUser
+  module.service-project.google_project_iam_member.shared_vpc_host_robots["roles/container.hostServiceAgentUser:container-engine"]:
+    condition: []
+    project: my-host-project
+    role: roles/container.hostServiceAgentUser
+  module.service-project.google_project_iam_member.shared_vpc_host_robots["roles/vpcaccess.user:cloudrun"]:
+    condition: []
+    project: my-host-project
+    role: roles/vpcaccess.user
+
+counts:
+  google_compute_shared_vpc_host_project: 1
+  google_compute_shared_vpc_service_project: 1
+  google_project: 2
+  google_project_iam_member: 4