kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

KMS module refactoring (#85)

Browse Source 
* first rewrite, untested

* validation fixes

* fix errors, rename variables, improve README, tested

* minimal kms module test

* README tweaks
This commit is contained in:
Ludovico Magnocavallo
2020-06-03 08:43:10 +02:00
committed by GitHub
parent af95bb3110
commit 4dd927d8d7
9 changed files with 398 additions and 114 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
tests/modules/kms/__init__.py Normal file
View File

@@ -0,0 +1,13 @@
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

29
tests/modules/kms/fixture/main.tf Normal file
View File

@@ -0,0 +1,29 @@
/**
* Copyright 2020 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
module "test" {
source = "../../../../modules/kms"
iam_members = var.iam_members
iam_roles = var.iam_roles
key_iam_members = var.key_iam_members
key_iam_roles = var.key_iam_roles
key_purpose = var.key_purpose
key_purpose_defaults = var.key_purpose_defaults
keyring = var.keyring
keyring_create = var.keyring_create
keys = var.keys
project_id = var.project_id
}

19
tests/modules/kms/fixture/outputs.tf Normal file
View File

@@ -0,0 +1,19 @@
/**
* Copyright 2020 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
output "module" {
value = module.test
}

113
tests/modules/kms/fixture/variables.tf Normal file
View File

@@ -0,0 +1,113 @@
/**
* Copyright 2020 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
variable "iam_members" {
type = map(list(string))
default = {
"roles/owner" = ["user:ludo@ludomagno.net"]
}
}
variable "iam_roles" {
type = list(string)
default = ["roles/owner"]
}
variable "key_iam_members" {
type = map(map(list(string)))
default = {
key-a = {
"roles/owner" = ["user:ludo@ludomagno.net"]
}
}
}
variable "key_iam_roles" {
type = map(list(string))
default = {
key-a = ["roles/owner"]
}
}
variable "key_purpose" {
type = map(object({
purpose = string
version_template = object({
algorithm = string
protection_level = string
})
}))
default = {
key-b = {
purpose = "ENCRYPT_DECRYPT"
version_template = null
}
key-c = {
purpose = "ASYMMETRIC_SIGN"
version_template = {
algorithm = "EC_SIGN_P384_SHA384"
protection_level = null
}
}
}
}
variable "key_purpose_defaults" {
type = object({
purpose = string
version_template = object({
algorithm = string
protection_level = string
})
})
default = {
purpose = null
version_template = null
}
}
variable "keyring" {
type = object({
location = string
name = string
})
default = {
location = "europe-west1"
name = "test-module"
}
}
variable "keyring_create" {
type = bool
default = true
}
variable "keys" {
type = map(object({
rotation_period = string
labels = map(string)
}))
default = {
key-a = null
key-b = { rotation_period = "604800s", labels = null }
key-c = { rotation_period = null, labels = { env = "test" } }
}
}
variable "project_id" {
type = string
default = "my-project"
}

33
tests/modules/kms/test_plan.py Normal file
View File

@@ -0,0 +1,33 @@
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import os
import pytest
FIXTURES_DIR = os.path.join(os.path.dirname(__file__), 'fixture')
def test_resources(plan_runner):
"Test module resources."
_, resources = plan_runner(FIXTURES_DIR)
assert sorted(r['type'] for r in resources) == [
'google_kms_crypto_key',
'google_kms_crypto_key',
'google_kms_crypto_key',
'google_kms_crypto_key_iam_binding',
'google_kms_key_ring',
'google_kms_key_ring_iam_binding'
]