diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml
index 6d773f9bd..a73d8ae20 100644
--- a/.github/workflows/linting.yml
+++ b/.github/workflows/linting.yml
@@ -69,4 +69,7 @@ jobs:
- name: Check python formatting
id: yapf
run: |
- yapf --style="{based_on_style: google, indent_width: 2, SPLIT_BEFORE_NAMED_ASSIGNS: false}" -p -d tools/*.py
+ yapf --style="{based_on_style: google, indent_width: 2, SPLIT_BEFORE_NAMED_ASSIGNS: false}" -p -d \
+ tools/*.py \
+ blueprints/cloud-operations/network-dashboard/src/*py \
+ blueprints/cloud-operations/network-dashboard/src/plugins/*py
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 18a42f59d..d34ad2d99 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -754,7 +754,7 @@ def test_name(plan_summary, tfvars_to_yaml, tmp_path):
assert s.values[address]['project'] == 'my-project'
```
-For more examples on how to write python tests, the tests for [`organization`](./tests/modules/organization/test_plan_org_policies.py) and [`net-vpc`](./tests/modules/net_vpc/test_routes.py) modules.
+For more examples on how to write python tests, check the tests for the [`organization`](./tests/modules/organization/test_plan_org_policies.py) module.
#### Testing documentation examples
diff --git a/blueprints/apigee/hybrid-gke/README.md b/blueprints/apigee/hybrid-gke/README.md
index cee4aec1a..ae5c03648 100644
--- a/blueprints/apigee/hybrid-gke/README.md
+++ b/blueprints/apigee/hybrid-gke/README.md
@@ -25,20 +25,24 @@ The diagram below depicts the architecture.
terraform apply
```
+ Create an A record in your DNS registrar to point the environment group hostname to the public IP address returned after the terraform configuration was applied. You might need to wait some time until the certificate is provisioned.
+
+5. Install Apigee hybrid using de ansible playbook that is in the ansible folder by running this command
+
+ ansible-playbook playbook.yaml -vvvß
+
## Testing the blueprint
2. Deploy an api proxy
```
- ./deploy-apiproxy.sh
+ ./deploy-apiproxy.sh apis-test
```
-3. In the console check the IP address that has been allocated to the Apigee ingress gateway and send some traffic to the deployed API proxy.
+3. Send a request
```
- curl -k -v -H "Host:HOSTNAME" \
- --resolve HOSTNAME:443:IP_ADDRESS \
- https://HOSTNAME/httpbin/headers
+ curl -v https://HOSTNAME/httpbin/headers
```
@@ -56,4 +60,10 @@ The diagram below depicts the architecture.
| [region](variables.tf#L84) | Region. | string | | "europe-west1" |
| [zone](variables.tf#L90) | Zone. | string | | "europe-west1-c" |
+## Outputs
+
+| name | description | sensitive |
+|---|---|:---:|
+| [ip_address](outputs.tf#L17) | GLB IP address. | |
+
diff --git a/blueprints/apigee/hybrid-gke/ansible.tf b/blueprints/apigee/hybrid-gke/ansible.tf
index e5a491a3c..b7694ab1f 100644
--- a/blueprints/apigee/hybrid-gke/ansible.tf
+++ b/blueprints/apigee/hybrid-gke/ansible.tf
@@ -18,12 +18,13 @@
resource "local_file" "vars_file" {
content = yamlencode({
- cluster = module.cluster.name
- region = var.region
- project_id = module.project.project_id
- envgroup = local.envgroup
- env = local.environment
- hostname = var.hostname
+ cluster = module.cluster.name
+ region = var.region
+ project_id = module.project.project_id
+ envgroups = local.envgroups
+ environments = local.environments
+ service_accounts = local.google_sas
+ ingress_ip_name = local.ingress_ip_name
})
filename = "${path.module}/ansible/vars/vars.yaml"
file_permission = "0666"
diff --git a/blueprints/apigee/hybrid-gke/ansible/roles/apigee-hybrid/tasks/k8s_service_accounts.yaml b/blueprints/apigee/hybrid-gke/ansible/roles/apigee-hybrid/tasks/k8s_service_accounts.yaml
new file mode 100644
index 000000000..e74ca1596
--- /dev/null
+++ b/blueprints/apigee/hybrid-gke/ansible/roles/apigee-hybrid/tasks/k8s_service_accounts.yaml
@@ -0,0 +1,28 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+- name: Create and annotate k8s service account
+ kubernetes.core.k8s:
+ state: present
+ definition:
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+ name: "{{ k8s_service_account }}"
+ namespace: apigee
+ annotations:
+ iam.gke.io/gcp-service-account: "{{ google_service_account }}@{{ project_id }}.iam.gserviceaccount.com"
+ with_items: "{{ k8s_service_accounts }}"
+ loop_control:
+ loop_var: k8s_service_account
\ No newline at end of file
diff --git a/blueprints/apigee/hybrid-gke/ansible/roles/apigee-hybrid/tasks/main.yaml b/blueprints/apigee/hybrid-gke/ansible/roles/apigee-hybrid/tasks/main.yaml
index 4b72039b8..0907846fd 100644
--- a/blueprints/apigee/hybrid-gke/ansible/roles/apigee-hybrid/tasks/main.yaml
+++ b/blueprints/apigee/hybrid-gke/ansible/roles/apigee-hybrid/tasks/main.yaml
@@ -1,11 +1,11 @@
# Copyright 2023 Google LLC
-#
+#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
-#
+#
# http://www.apache.org/licenses/LICENSE-2.0
-#
+#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -19,18 +19,27 @@
--project {{ project_id }} \
--internal-ip
-- name: Install cert-manager
- shell: >
- kubectl apply \
- --validate=false \
- -f https://github.com/jetstack/cert-manager/releases/download/v1.7.2/cert-manager.yaml
+- name: Download cert-manager
+ uri:
+ url: https://github.com/jetstack/cert-manager/releases/download/v1.7.2/cert-manager.yaml
+ dest: ~/cert-manager.yaml
-- name: Wait until pods are ready in cert-manager namespace
- shell: >
- kubectl wait --for=condition=ready pods \
- -l app.kubernetes.io/instance=cert-manager \
- -n cert-manager \
- --timeout=90s
+- name: Apply metrics-server manifest to the cluster.
+ kubernetes.core.k8s:
+ state: present
+ src: ~/cert-manager.yaml
+
+- name:
+ kubernetes.core.k8s_info:
+ kind: Pod
+ wait: yes
+ label_selectors:
+ - "app.kubernetes.io/instance=cert-manager"
+ namespace: cert-manager
+ wait_timeout: 90
+ wait_condition:
+ type: Ready
+ status: True
- name: Fetch apigeectl version
uri:
@@ -48,7 +57,7 @@
unarchive:
src: "~/apigeectl.tar.gz"
dest: "~"
- remote_src: yes
+ remote_src: yes
- name: Move apigeectl folder
shell: >
@@ -66,25 +75,69 @@
file:
src: ~/apigeectl/{{ item }}
dest: "~/hybrid-files/{{ item }}"
- state: link
+ state: link
with_items:
- tools
- config
- templates
- - plugins
+ - plugins
-- name: Create service accounts
- shell: >
- ~/hybrid-files/tools/create-service-account -i {{ project_id }} -e non-prod -d ~/hybrid-files/service-accounts
+- name: Create apigee namespace
+ kubernetes.core.k8s:
+ state: present
+ definition:
+ apiVersion: v1
+ kind: Namespace
+ metadata:
+ name: apigee
-- name: Create certificates
+- name: Create k8s service accounts
+ include_tasks: k8s_service_accounts.yaml
+ vars:
+ google_service_account: "{{ item.key }}"
+ k8s_service_accounts: "{{ item.value }}"
+ with_dict: "{{ service_accounts }}"
+
+- name: Set hostnames
+ set_fact:
+ hostnames: "{{ hostnames | default([]) + item.value }}"
+ with_dict: "{{ envgroups }}"
+
+- name: Create certificate and private key
shell: >
openssl req \
-nodes \
-new \
-x509 \
- -keyout ~/hybrid-files/certs/{{ envgroup }}.key \
- -out ~/hybrid-files/certs/{{ envgroup }}.cert -subj '/CN='{{ hostname }}'' -days 3650
+ -keyout ~/hybrid-files/certs/server.key \
+ -out ~/hybrid-files/certs/server.crt \
+ -subj "/CN=apigee.com' \
+ -addext "subjectAltName={{ hostnames | map('regex_replace', '^', 'DNS:') | join(',') }}""
+ -days 3650
+
+- name: Read certificate
+ slurp:
+ src: ~/hybrid-files/certs/server.crt
+ register: certificate_output
+
+- name: Read private ket
+ slurp:
+ src: ~/hybrid-files/certs/server.key
+ register: privatekey_output
+
+- name: Create secret
+ kubernetes.core.k8s:
+ state: present
+ definition:
+ apiVersion: v1
+ kind: Secret
+ metadata:
+ name: tls-hybrid-ingress
+ namespace: apigee
+ type: kubernetes.io/tls
+ data:
+ tls.crt: "{{ certificate_output.content }}"
+ tls.key: "{{ privatekey_output.content }}"
- name: Create overrides.yaml
template:
@@ -96,48 +149,185 @@
curl -X POST -H "Authorization: Bearer $(gcloud auth print-access-token)" \
-H "Content-Type:application/json" \
"https://apigee.googleapis.com/v1/organizations/{{ project_id }}:setSyncAuthorization" \
- -d '{"identities":["'"serviceAccount:apigee-non-prod@{{ project_id }}.iam.gserviceaccount.com"'"]}'
+ -d '{"identities":["'"serviceAccount:apigee-synchronizer@{{ project_id }}.iam.gserviceaccount.com"'"]}'
- name: Dry-run (init)
shell: >
- ~/apigeectl/apigeectl init -f overrides/overrides.yaml --dry-run=client
+ ~/apigeectl/apigeectl init -f overrides/overrides.yaml --dry-run=client
args:
chdir: ~/hybrid-files
- name: Install the Apigee deployment services Apigee Deployment Controller and Apigee Admission Webhook.
shell: >
- ~/apigeectl/apigeectl init -f overrides/overrides.yaml
+ ~/apigeectl/apigeectl init -f overrides/overrides.yaml
args:
- chdir: ~/hybrid-files
+ chdir: ~/hybrid-files
-- name: Wait until pods are ready in apigee-system namespace
- shell: >
- kubectl wait --for=condition=ready pods \
- -l app=apigee-controller \
- -n apigee-system \
- --timeout=300s
+- name: Wait for apigee-controller pod to be ready
+ kubernetes.core.k8s_info:
+ kind: Pod
+ wait: yes
+ label_selectors:
+ - "app=apigee-controller"
+ namespace: apigee-system
+ wait_timeout: 600
+ wait_condition:
+ type: Ready
+ status: True
-- name: Wait until pods are ready in apigee namespace
- shell: >
- kubectl wait --for=condition=ready pods \
- -l app=apigee-ingressgateway-manager \
- -n apigee \
- --timeout=300s
+- name: Wait for apigee-selfsigned-issuer issuer to be ready
+ kubernetes.core.k8s_info:
+ kind: Issuer
+ wait: yes
+ name: apigee-selfsigned-issuer
+ namespace: apigee-system
+ wait_timeout: 600
+ wait_condition:
+ type: Ready
+ status: True
+
+- name: Wait for apigee-serving-cert certificate to be ready
+ kubernetes.core.k8s_info:
+ kind: Certificate
+ wait: yes
+ name: apigee-serving-cert
+ namespace: apigee-system
+ wait_timeout: 600
+ wait_condition:
+ type: Ready
+ status: True
+
+- name: Wait for apigee-resources-install job to be complete
+ kubernetes.core.k8s_info:
+ kind: Job
+ wait: yes
+ name: apigee-resources-install
+ namespace: apigee-system
+ wait_timeout: 360
+ wait_condition:
+ type: Complete
+ status: True
- name: Dry-run (apply)
shell: >
- ~/apigeectl/apigeectl apply -f overrides/overrides.yaml --dry-run=client
+ ~/apigeectl/apigeectl apply -f overrides/overrides.yaml --dry-run=client
args:
chdir: ~/hybrid-files
- name: Install the Apigee runtime components
shell: >
- ~/apigeectl/apigeectl apply -f overrides/overrides.yaml
+ ~/apigeectl/apigeectl apply -f overrides/overrides.yaml
args:
- chdir: ~/hybrid-files
+ chdir: ~/hybrid-files
-- name: Check status of the deployment
- shell: >
- while [ -n "$(kubectl get pods -n apigee | tail -n +2 | grep -v Running | grep -v Completed)" ]; do sleep 1; done
- args:
- chdir: ~/hybrid-files
\ No newline at end of file
+- name: Wait for apigee-runtime pod to be ready
+ kubernetes.core.k8s_info:
+ kind: Pod
+ wait: yes
+ label_selectors:
+ - "app=apigee-runtime"
+ namespace: apigee
+ wait_timeout: 360
+ wait_condition:
+ type: Ready
+ status: True
+
+- name:
+ kubernetes.core.k8s:
+ state: present
+ definition:
+ apiVersion: apigee.cloud.google.com/v1alpha1
+ kind: ApigeeRoute
+ metadata:
+ name: apigee-wildcard
+ namespace: apigee
+ spec:
+ hostnames:
+ - '*'
+ ports:
+ - number: 443
+ protocol: HTTPS
+ tls:
+ credentialName: tls-hybrid-ingress
+ mode: SIMPLE
+ selector:
+ app: apigee-ingressgateway
+ enableNonSniClient: true
+
+- name: Create google-managed certificate
+ kubernetes.core.k8s:
+ state: present
+ definition:
+ apiVersion: networking.gke.io/v1
+ kind: ManagedCertificate
+ metadata:
+ name: "apigee-cert-hybrid"
+ namespace: apigee
+ spec:
+ domains: "{{ hostnames }}"
+
+- name: Create backend config
+ kubernetes.core.k8s:
+ state: present
+ definition:
+ apiVersion: cloud.google.com/v1
+ kind: BackendConfig
+ metadata:
+ name: apigee-ingress-backendconfig
+ namespace: apigee
+ spec:
+ healthCheck:
+ requestPath: /healthz/ready
+ port: 15021
+ type: HTTP
+ logging:
+ enable: true
+ sampleRate: 0.5
+
+- name: Create service
+ kubernetes.core.k8s:
+ state: present
+ definition:
+ apiVersion: v1
+ kind: Service
+ metadata:
+ name: apigee-ingressgateway-hybrid
+ namespace: apigee
+ annotations:
+ cloud.google.com/backend-config: '{"default": "apigee-ingress-backendconfig"}'
+ cloud.google.com/neg: '{"ingress": true}'
+ cloud.google.com/app-protocols: '{"https":"HTTPS", "status-port": "HTTP"}'
+ labels:
+ app: apigee-ingressgateway-hybrid
+ spec:
+ ports:
+ - name: status-port
+ port: 15021
+ targetPort: 15021
+ - name: https
+ port: 443
+ targetPort: 8443
+ selector:
+ app: apigee-ingressgateway
+ ingress_name: ingress
+ type: ClusterIP
+
+- name: Create ingress
+ kubernetes.core.k8s:
+ state: present
+ definition:
+ apiVersion: networking.k8s.io/v1
+ kind: Ingress
+ metadata:
+ annotations:
+ networking.gke.io/managed-certificates: "apigee-cert-hybrid"
+ kubernetes.io/ingress.global-static-ip-name: "{{ ingress_ip_name }}"
+ kubernetes.io/ingress.allow-http: "false"
+ name: xlb-apigee
+ namespace: apigee
+ spec:
+ defaultBackend:
+ service:
+ name: apigee-ingressgateway-hybrid
+ port:
+ number: 443
\ No newline at end of file
diff --git a/blueprints/apigee/hybrid-gke/ansible/roles/apigee-hybrid/templates/overrides.yaml.j2 b/blueprints/apigee/hybrid-gke/ansible/roles/apigee-hybrid/templates/overrides.yaml.j2
index 1c2c09ed8..691cc6d5d 100644
--- a/blueprints/apigee/hybrid-gke/ansible/roles/apigee-hybrid/templates/overrides.yaml.j2
+++ b/blueprints/apigee/hybrid-gke/ansible/roles/apigee-hybrid/templates/overrides.yaml.j2
@@ -1,29 +1,26 @@
gcp:
region: {{ region }}
projectID: {{ project_id }}
+ workloadIdentityEnabled: true
k8sCluster:
name: {{ cluster }}
- region: CLUSTER_LOCATION # Must be the closest Google Cloud region to your cluster.
+ region: {{ region }} # Must be the closest Google Cloud region to your cluster.
org: {{ project_id }}
-instanceID: "instance-1"
+instanceID: "{{ cluster }}-{{ region }}"
cassandra:
hostNetwork: false
- # Set to false for single region installations and multi-region installations
- # with connectivity between pods in different clusters, for example GKE installations.
- # Set to true for multi-region installations with no communication between
- # pods in different clusters, for example GKE On-prem, GKE on AWS, Anthos on bare metal,
- # AKS, EKS, and OpenShift installations.
- # See Multi-region deployment: Prerequisites
virtualhosts:
- - name: {{ envgroup }}
+{% for k in envgroups %}
+ - name: {{ k }}
+ sslSecret: tls-hybrid-ingress
+ additionalGateways: ["apigee-wildcard"]
selector:
app: apigee-ingressgateway
- sslCertPath: ./certs/{{ envgroup }}.cert
- sslKeyPath: ./certs/{{ envgroup }}.key
+{% endfor %}
ao:
args:
@@ -37,27 +34,9 @@ ingressGateways:
replicaCountMax: 10
envs:
- - name: {{ env }}
- serviceAccountPaths:
- synchronizer: ./service-accounts/{{ project_id }}-apigee-non-prod.json
- udca: ./service-accounts/{{ project_id }}-apigee-non-prod.json
- runtime: ./service-accounts/{{ project_id }}-apigee-non-prod.json
-
-mart:
- serviceAccountPath: ./service-accounts/{{ project_id }}-apigee-non-prod.json
-
-connectAgent:
- serviceAccountPath: ./service-accounts/{{ project_id }}-apigee-non-prod.json
-
-metrics:
- serviceAccountPath: ./service-accounts/{{ project_id }}-apigee-non-prod.json
-
-udca:
- serviceAccountPath: ./service-accounts/{{ project_id }}-apigee-non-prod.json
-
-watcher:
- serviceAccountPath: ./service-accounts/{{ project_id }}-apigee-non-prod.json
+{% for k in environments %}
+ - name: {{ k }}
+{% endfor %}
logger:
- enabled: true
- serviceAccountPath: ./service-accounts/{{ project_id }}-apigee-non-prod.json
+ enabled: false
diff --git a/blueprints/apigee/hybrid-gke/apigee.tf b/blueprints/apigee/hybrid-gke/apigee.tf
index e3dc6b2e6..b92592aab 100644
--- a/blueprints/apigee/hybrid-gke/apigee.tf
+++ b/blueprints/apigee/hybrid-gke/apigee.tf
@@ -15,8 +15,51 @@
*/
locals {
- envgroup = "test"
- environment = "apis-test"
+ envgroups = {
+ test = [var.hostname]
+ }
+ environments = {
+ apis-test = {
+ envgroups = ["test"]
+ }
+ }
+ org_short_name = (length(module.project.project_id) < 16 ?
+ module.project.project_id :
+ substr(module.project.project_id, 0, 15))
+ org_hash = format("%s-%s", local.org_short_name, substr(sha256(module.project.project_id), 0, 7))
+ org_env_hashes = {
+ for k, v in local.environments :
+ k => format("%s-%s-%s", local.org_short_name, length(k) < 16 ? k : substr(k, 0, 15), substr(sha256("${module.project.project_id}:${k}"), 0, 7))
+ }
+ google_sas = {
+ apigee-metrics = [
+ "apigee-metrics-sa"
+ ]
+ apigee-cassandra = [
+ "apigee-cassandra-schema-setup-${local.org_hash}-sa",
+ "apigee-cassandra-user-setup-${local.org_hash}-sa"
+ ]
+ apigee-mart = [
+ "apigee-mart-${local.org_hash}-sa",
+ "apigee-connect-agent-${local.org_hash}-sa"
+ ]
+ apigee-watcher = [
+ "apigee-watcher-${local.org_hash}-sa"
+ ]
+ apigee-udca = concat([
+ "apigee-udca-${local.org_hash}-sa"
+ ],
+ [for k, v in local.org_env_hashes :
+ "apigee-udca-${local.org_env_hashes[k]}-sa"
+ ])
+ apigee-synchronizer = [
+ for k, v in local.org_env_hashes :
+ "apigee-synchronizer-${local.org_env_hashes[k]}-sa"
+ ]
+ apigee-runtime = [for k, v in local.org_env_hashes :
+ "apigee-runtime-${local.org_env_hashes[k]}-sa"
+ ]
+ }
}
module "apigee" {
@@ -26,20 +69,24 @@ module "apigee" {
analytics_region = var.region
runtime_type = "HYBRID"
}
- envgroups = {
- (local.envgroup) = [var.hostname]
- }
- environments = {
- (local.environment) = {
- envgroups = [local.envgroup]
- }
+ envgroups = local.envgroups
+ environments = local.environments
+}
+
+module "sas" {
+ for_each = local.google_sas
+ source = "../../../modules/iam-service-account"
+ project_id = module.project.project_id
+ name = each.key
+ # authoritative roles granted *on* the service accounts to other identities
+ iam = {
+ "roles/iam.workloadIdentityUser" = [for v in each.value : "serviceAccount:${module.project.project_id}.svc.id.goog[apigee/${v}]"]
}
}
resource "local_file" "deploy_apiproxy_file" {
content = templatefile("${path.module}/templates/deploy-apiproxy.sh.tpl", {
org = module.project.project_id
- env = local.environment
})
filename = "${path.module}/deploy-apiproxy.sh"
file_permission = "0777"
diff --git a/blueprints/apigee/hybrid-gke/diagram.png b/blueprints/apigee/hybrid-gke/diagram.png
index 6d5c2d6bc..57e07ca30 100644
Binary files a/blueprints/apigee/hybrid-gke/diagram.png and b/blueprints/apigee/hybrid-gke/diagram.png differ
diff --git a/tests/modules/dns/fixture/main.tf b/blueprints/apigee/hybrid-gke/glb.tf
similarity index 61%
rename from tests/modules/dns/fixture/main.tf
rename to blueprints/apigee/hybrid-gke/glb.tf
index bab319204..80ff2269c 100644
--- a/tests/modules/dns/fixture/main.tf
+++ b/blueprints/apigee/hybrid-gke/glb.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -14,14 +14,12 @@
* limitations under the License.
*/
-module "test" {
- source = "../../../../modules/dns"
- project_id = "my-project"
- name = "test"
- domain = "test.example."
- client_networks = var.client_networks
- type = var.type
- forwarders = var.forwarders
- peer_network = var.peer_network
- recordsets = var.recordsets
+locals {
+ ingress_ip_name = "apigee"
+}
+
+module "addresses" {
+ source = "../../../modules/net-address"
+ project_id = module.project.project_id
+ global_addresses = [local.ingress_ip_name]
}
diff --git a/blueprints/apigee/hybrid-gke/main.tf b/blueprints/apigee/hybrid-gke/main.tf
index 5f1a676b2..5be174ef5 100644
--- a/blueprints/apigee/hybrid-gke/main.tf
+++ b/blueprints/apigee/hybrid-gke/main.tf
@@ -40,5 +40,12 @@ module "project" {
"roles/resourcemanager.projectIamAdmin" = [module.mgmt_server.service_account_iam_email]
"roles/iam.serviceAccountAdmin" = [module.mgmt_server.service_account_iam_email]
"roles/iam.serviceAccountKeyAdmin" = [module.mgmt_server.service_account_iam_email]
+ "roles/monitoring.metricWriter" = [module.sas["apigee-metrics"].iam_email]
+ "roles/storage.objectAdmin" = [module.sas["apigee-cassandra"].iam_email]
+ "roles/apigeeconnect.Agent" = [module.sas["apigee-mart"].iam_email]
+ "roles/apigee.runtimeAgent" = [module.sas["apigee-watcher"].iam_email]
+ "roles/apigee.analyticsAgent" = [module.sas["apigee-udca"].iam_email]
+ "roles/apigee.synchronizerManager" = [module.sas["apigee-synchronizer"].iam_email]
+ "roles/cloudtrace.agent" = [module.sas["apigee-runtime"].iam_email]
}
-}
\ No newline at end of file
+}
diff --git a/blueprints/apigee/hybrid-gke/mgmt.tf b/blueprints/apigee/hybrid-gke/mgmt.tf
index f51975f5f..538940e7b 100644
--- a/blueprints/apigee/hybrid-gke/mgmt.tf
+++ b/blueprints/apigee/hybrid-gke/mgmt.tf
@@ -34,4 +34,12 @@ module "mgmt_server" {
type = var.mgmt_server_config.disk_type
size = var.mgmt_server_config.disk_size
}
-}
\ No newline at end of file
+ metadata = {
+ startup-script = <
diff --git a/modules/dns/README.md b/modules/dns/README.md
index 9e461f0e5..a405ff753 100644
--- a/modules/dns/README.md
+++ b/modules/dns/README.md
@@ -21,7 +21,7 @@ module "private-dns" {
"A myhost" = { ttl = 600, records = ["10.0.0.120"] }
}
}
-# tftest modules=1 resources=3
+# tftest modules=1 resources=3 inventory=private-zone.yaml
```
### Forwarding Zone
@@ -36,7 +36,7 @@ module "private-dns" {
client_networks = [var.vpc.self_link]
forwarders = { "10.0.1.1" = null, "1.2.3.4" = "private" }
}
-# tftest modules=1 resources=1
+# tftest modules=1 resources=1 inventory=forwarding-zone.yaml
```
### Peering Zone
@@ -47,11 +47,12 @@ module "private-dns" {
project_id = "myproject"
type = "peering"
name = "test-example"
- domain = "test.example."
+ domain = "."
+ description = "Forwarding zone for ."
client_networks = [var.vpc.self_link]
peer_network = var.vpc2.self_link
}
-# tftest modules=1 resources=1
+# tftest modules=1 resources=1 inventory=peering-zone.yaml
```
### Routing Policies
@@ -84,7 +85,7 @@ module "private-dns" {
}
}
}
-# tftest modules=1 resources=4
+# tftest modules=1 resources=4 inventory=routing-policies.yaml
```
### Reverse Lookup Zone
@@ -98,7 +99,23 @@ module "private-dns" {
domain = "0.0.10.in-addr.arpa."
client_networks = [var.vpc.self_link]
}
-# tftest modules=1 resources=1
+# tftest modules=1 resources=1 inventory=reverse-zone.yaml
+```
+
+### Public Zone
+
+```hcl
+module "public-dns" {
+ source = "./fabric/modules/dns"
+ project_id = "myproject"
+ type = "public"
+ name = "example"
+ domain = "example.com."
+ recordsets = {
+ "A myhost" = { ttl = 300, records = ["127.0.0.1"] }
+ }
+}
+# tftest modules=1 resources=3 inventory=public-zone.yaml
```
diff --git a/modules/dns/main.tf b/modules/dns/main.tf
index ca30c7d0c..edf342ef6 100644
--- a/modules/dns/main.tf
+++ b/modules/dns/main.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/modules/gcs/README.md b/modules/gcs/README.md
index 439b4522d..07c5a6d7b 100644
--- a/modules/gcs/README.md
+++ b/modules/gcs/README.md
@@ -8,50 +8,46 @@ module "bucket" {
project_id = "myproject"
prefix = "test"
name = "my-bucket"
+ versioning = true
iam = {
"roles/storage.admin" = ["group:storage@example.com"]
}
+ labels = {
+ cost-center = "devops"
+ }
}
-# tftest modules=1 resources=2
+# tftest modules=1 resources=2 inventory=simple.yaml
```
### Example with Cloud KMS
```hcl
module "bucket" {
- source = "./fabric/modules/gcs"
- project_id = "myproject"
- prefix = "test"
- name = "my-bucket"
- iam = {
- "roles/storage.admin" = ["group:storage@example.com"]
- }
+ source = "./fabric/modules/gcs"
+ project_id = "myproject"
+ name = "my-bucket"
encryption_key = "my-encryption-key"
}
-# tftest modules=1 resources=2
+# tftest modules=1 resources=1 inventory=cmek.yaml
```
-### Example with retention policy
+### Example with retention policy and logging
```hcl
module "bucket" {
source = "./fabric/modules/gcs"
project_id = "myproject"
- prefix = "test"
name = "my-bucket"
- iam = {
- "roles/storage.admin" = ["group:storage@example.com"]
- }
retention_policy = {
retention_period = 100
is_locked = true
}
logging_config = {
- log_bucket = var.bucket
+ log_bucket = "log-bucket"
log_object_prefix = null
}
}
-# tftest modules=1 resources=2
+# tftest modules=1 resources=1 inventory=retention-logging.yaml
```
### Example with lifecycle rule
@@ -60,11 +56,7 @@ module "bucket" {
module "bucket" {
source = "./fabric/modules/gcs"
project_id = "myproject"
- prefix = "test"
name = "my-bucket"
- iam = {
- "roles/storage.admin" = ["group:storage@example.com"]
- }
lifecycle_rules = {
lr-0 = {
action = {
@@ -77,7 +69,7 @@ module "bucket" {
}
}
}
-# tftest modules=1 resources=2
+# tftest modules=1 resources=1 inventory=lifecycle.yaml
```
### Minimal example with GCS notifications
@@ -86,7 +78,6 @@ module "bucket" {
module "bucket-gcs-notification" {
source = "./fabric/modules/gcs"
project_id = "myproject"
- prefix = "test"
name = "my-bucket"
notification_config = {
enabled = true
@@ -97,7 +88,7 @@ module "bucket-gcs-notification" {
custom_attributes = {}
}
}
-# tftest modules=1 resources=4
+# tftest modules=1 resources=4 inventory=notification.yaml
```
diff --git a/modules/gke-cluster/README.md b/modules/gke-cluster/README.md
index caf1fec93..0ba75cd61 100644
--- a/modules/gke-cluster/README.md
+++ b/modules/gke-cluster/README.md
@@ -33,7 +33,7 @@ module "cluster-1" {
environment = "dev"
}
}
-# tftest modules=1 resources=1
+# tftest modules=1 resources=1 inventory=basic.yaml
```
### GKE Cluster with Dataplane V2 enabled
@@ -42,7 +42,7 @@ module "cluster-1" {
module "cluster-1" {
source = "./fabric/modules/gke-cluster"
project_id = "myproject"
- name = "cluster-1"
+ name = "cluster-dataplane-v2"
location = "europe-west1-b"
vpc_config = {
network = var.vpc.self_link
@@ -68,8 +68,36 @@ module "cluster-1" {
environment = "dev"
}
}
-# tftest modules=1 resources=1
+# tftest modules=1 resources=1 inventory=dataplane-v2.yaml
```
+### Autopilot Cluster
+
+```hcl
+module "cluster-autopilot" {
+ source = "./fabric/modules/gke-cluster"
+ project_id = "myproject"
+ name = "cluster-autopilot"
+ location = "europe-west1-b"
+ vpc_config = {
+ network = var.vpc.self_link
+ subnetwork = var.subnet.self_link
+ secondary_range_names = {
+ pods = "pods"
+ services = "services"
+ }
+ master_authorized_ranges = {
+ internal-vms = "10.0.0.0/8"
+ }
+ master_ipv4_cidr_block = "192.168.0.0/28"
+ }
+ enable_features = {
+ autopilot = true
+ }
+}
+# tftest modules=1 resources=1 inventory=autopilot.yaml
+```
+
+
## Variables
diff --git a/modules/gke-nodepool/README.md b/modules/gke-nodepool/README.md
index 50e9d08cb..2f632c9c7 100644
--- a/modules/gke-nodepool/README.md
+++ b/modules/gke-nodepool/README.md
@@ -16,7 +16,7 @@ module "cluster-1-nodepool-1" {
location = "europe-west1-b"
name = "nodepool-1"
}
-# tftest modules=1 resources=1
+# tftest modules=1 resources=1 inventory=basic.yaml
```
### Internally managed service account
@@ -27,22 +27,11 @@ If you create a new service account, its resource and email (in both plain and I
#### GCE default service account
-To use the GCE default service account, you can ignore the variable which is equivalent to `{ create = null, email = null }`.
-
-```hcl
-module "cluster-1-nodepool-1" {
- source = "./fabric/modules/gke-nodepool"
- project_id = "myproject"
- cluster_name = "cluster-1"
- location = "europe-west1-b"
- name = "nodepool-1"
-}
-# tftest modules=1 resources=1
-```
+To use the GCE default service account, you can ignore the variable which is equivalent to `{ create = null, email = null }`. This is what the first example of this document does.
#### Externally defined service account
-To use an existing service account, pass in just the `email` attribute.
+To use an existing service account, pass in just the `email` attribute. If you do this, will most likely want to use the `cloud-platform` scope.
```hcl
module "cluster-1-nodepool-1" {
@@ -52,10 +41,11 @@ module "cluster-1-nodepool-1" {
location = "europe-west1-b"
name = "nodepool-1"
service_account = {
- email = "foo-bar@myproject.iam.gserviceaccount.com"
+ email = "foo-bar@myproject.iam.gserviceaccount.com"
+ oauth_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
}
}
-# tftest modules=1 resources=1
+# tftest modules=1 resources=1 inventory=external-sa.yaml
```
#### Auto-created service account
@@ -70,12 +60,48 @@ module "cluster-1-nodepool-1" {
location = "europe-west1-b"
name = "nodepool-1"
service_account = {
- create = true
- # optional
- email = "spam-eggs"
+ create = true
+ email = "spam-eggs" # optional
+ oauth_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
}
}
-# tftest modules=1 resources=2
+# tftest modules=1 resources=2 inventory=create-sa.yaml
+```
+### Node & node pool configuration
+
+```hcl
+module "cluster-1-nodepool-1" {
+ source = "./fabric/modules/gke-nodepool"
+ project_id = "myproject"
+ cluster_name = "cluster-1"
+ location = "europe-west1-b"
+ name = "nodepool-1"
+ labels = { environment = "dev" }
+ service_account = {
+ create = true
+ email = "nodepool-1" # optional
+ oauth_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
+ }
+ node_config = {
+ machine_type = "n2-standard-2"
+ disk_size_gb = 50
+ disk_type = "pd-ssd"
+ ephemeral_ssd_count = 1
+ gvnic = true
+ spot = true
+ }
+ nodepool_config = {
+ autoscaling = {
+ max_node_count = 10
+ min_node_count = 1
+ }
+ management = {
+ auto_repair = true
+ auto_upgrade = false
+ }
+ }
+}
+# tftest modules=1 resources=2 inventory=config.yaml
```
@@ -97,7 +123,7 @@ module "cluster-1-nodepool-1" {
| [nodepool_config](variables.tf#L115) | Nodepool-level configuration. | object({…}) | | null |
| [pod_range](variables.tf#L137) | Pod secondary range configuration. | object({…}) | | null |
| [reservation_affinity](variables.tf#L154) | Configuration of the desired reservation which instances could take capacity from. | object({…}) | | null |
-| [service_account](variables.tf#L164) | Nodepool service account. If this variable is set to null, the default GCE service account will be used. If set and email is null, a service account will be created. If scopes are null a default will be used. | object({…}) | | {} |
+| [service_account](variables.tf#L164) | Nodepool service account. If this variable is set to null, the default GCE service account will be used. If set and email is null, a service account will be created. If scopes are null a default will be used. | object({…}) | | {} |
| [sole_tenant_nodegroup](variables.tf#L175) | Sole tenant node group. | string | | null |
| [tags](variables.tf#L181) | Network tags applied to nodes. | list(string) | | null |
| [taints](variables.tf#L187) | Kubernetes taints applied to all nodes. | list(object({…})) | | null |
diff --git a/modules/gke-nodepool/variables.tf b/modules/gke-nodepool/variables.tf
index e0d3e967a..1166c34f4 100644
--- a/modules/gke-nodepool/variables.tf
+++ b/modules/gke-nodepool/variables.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -165,8 +165,8 @@ variable "service_account" {
description = "Nodepool service account. If this variable is set to null, the default GCE service account will be used. If set and email is null, a service account will be created. If scopes are null a default will be used."
type = object({
create = optional(bool, false)
- email = optional(string, null)
- oauth_scopes = optional(list(string), null)
+ email = optional(string)
+ oauth_scopes = optional(list(string))
})
default = {}
nullable = false
diff --git a/modules/net-vpc/README.md b/modules/net-vpc/README.md
index 53361009e..dbd855022 100644
--- a/modules/net-vpc/README.md
+++ b/modules/net-vpc/README.md
@@ -30,7 +30,88 @@ module "vpc" {
}
]
}
-# tftest modules=1 resources=3
+# tftest modules=1 resources=3 inventory=simple.yaml
+```
+
+### Subnet Options
+```hcl
+module "vpc" {
+ source = "./fabric/modules/net-vpc"
+ project_id = "my-project"
+ name = "my-network"
+ subnets = [
+ # simple subnet
+ {
+ name = "simple"
+ region = "europe-west1"
+ ip_cidr_range = "10.0.0.0/24"
+ },
+ # custom description and PGA disabled
+ {
+ name = "no-pga"
+ region = "europe-west1"
+ ip_cidr_range = "10.0.1.0/24",
+ description = "Subnet b"
+ enable_private_access = false
+ },
+ # secondary ranges
+ {
+ name = "with-secondary-ranges"
+ region = "europe-west1"
+ ip_cidr_range = "10.0.2.0/24"
+ secondary_ip_ranges = {
+ a = "192.168.0.0/24"
+ b = "192.168.1.0/24"
+ }
+ },
+ # enable flow logs
+ {
+ name = "with-flow-logs"
+ region = "europe-west1"
+ ip_cidr_range = "10.0.3.0/24"
+ flow_logs_config = {
+ flow_sampling = 0.5
+ aggregation_interval = "INTERVAL_10_MIN"
+ }
+ }
+ ]
+}
+# tftest modules=1 resources=5 inventory=subnet-options.yaml
+```
+
+### Subnet IAM
+
+```hcl
+module "vpc" {
+ source = "./fabric/modules/net-vpc"
+ project_id = "my-project"
+ name = "my-network"
+ subnets = [
+ {
+ name = "subnet-1"
+ region = "europe-west1"
+ ip_cidr_range = "10.0.1.0/24"
+ },
+ {
+ name = "subnet-2"
+ region = "europe-west1"
+ ip_cidr_range = "10.0.1.0/24"
+ }
+ ]
+ subnet_iam = {
+ "europe-west1/subnet-1" = {
+ "roles/compute.networkUser" = [
+ "user:user1@example.com", "group:group1@example.com"
+ ]
+ }
+ "europe-west1/subnet-2" = {
+ "roles/compute.networkUser" = [
+ "user:user2@example.com", "group:group2@example.com"
+ ]
+ }
+ }
+}
+# tftest modules=1 resources=5 inventory=subnet-iam.yaml
```
### Peering
@@ -65,7 +146,7 @@ module "vpc-spoke-1" {
import_routes = true
}
}
-# tftest modules=2 resources=6
+# tftest modules=2 resources=6 inventory=peering.yaml
```
### Shared VPC
@@ -116,7 +197,7 @@ module "vpc-host" {
}
}
}
-# tftest modules=1 resources=7
+# tftest modules=1 resources=7 inventory=shared-vpc.yaml
```
### Private Service Networking
@@ -137,7 +218,7 @@ module "vpc" {
ranges = { myrange = "10.0.1.0/24" }
}
}
-# tftest modules=1 resources=5
+# tftest modules=1 resources=5 inventory=psc.yaml
```
### Private Service Networking with peering routes
@@ -162,7 +243,7 @@ module "vpc" {
import_routes = true
}
}
-# tftest modules=1 resources=5
+# tftest modules=1 resources=5 inventory=psc-routes.yaml
```
### Subnets for Private Service Connect, Proxy-only subnets
@@ -194,7 +275,7 @@ module "vpc" {
}
]
}
-# tftest modules=1 resources=3
+# tftest modules=1 resources=3 inventory=proxy-only-subnets.yaml
```
### DNS Policies
@@ -219,7 +300,7 @@ module "vpc" {
}
]
}
-# tftest modules=1 resources=3
+# tftest modules=1 resources=3 inventory=dns-policies.yaml
```
### Subnet Factory
@@ -233,11 +314,17 @@ module "vpc" {
name = "my-network"
data_folder = "config/subnets"
}
-# tftest modules=1 resources=2 files=subnets
+# tftest modules=1 resources=3 files=subnet-simple,subnet-detailed inventory=factory.yaml
```
```yaml
-# tftest-file id=subnets path=config/subnets/subnet-name.yaml
+# tftest-file id=subnet-simple path=config/subnets/subnet-simple.yaml
+region: europe-west4
+ip_cidr_range: 10.0.1.0/24
+```
+
+```yaml
+# tftest-file id=subnet-detailed path=config/subnets/subnet-detailed.yaml
region: europe-west1
description: Sample description
ip_cidr_range: 10.0.0.0/24
@@ -254,7 +341,45 @@ flow_logs: # enable, set to empty map to use defaults
metadata: "INCLUDE_ALL_METADATA"
filter_expression: null
```
-
+
+### Custom Routes
+
+VPC routes can be configured through the `routes` variable.
+
+```hcl
+locals {
+ route_types = {
+ gateway = "global/gateways/default-internet-gateway"
+ instance = "zones/europe-west1-b/test"
+ ip = "192.168.0.128"
+ ilb = "regions/europe-west1/forwardingRules/test"
+ vpn_tunnel = "regions/europe-west1/vpnTunnels/foo"
+ }
+}
+module "vpc" {
+ source = "./fabric/modules/net-vpc"
+ for_each = local.route_types
+ project_id = "my-project"
+ name = "my-network-with-route-${replace(each.key, "_", "-")}"
+ routes = {
+ next-hop = {
+ dest_range = "192.168.128.0/24"
+ tags = null
+ next_hop_type = each.key
+ next_hop = each.value
+ }
+ gateway = {
+ dest_range = "0.0.0.0/0",
+ priority = 100
+ tags = ["tag-a"]
+ next_hop_type = "gateway",
+ next_hop = "global/gateways/default-internet-gateway"
+ }
+ }
+}
+# tftest modules=5 resources=15 inventory=routes.yaml
+```
+
## Variables
diff --git a/modules/net-vpc/main.tf b/modules/net-vpc/main.tf
index 7eedc95ac..d15058017 100644
--- a/modules/net-vpc/main.tf
+++ b/modules/net-vpc/main.tf
@@ -1,5 +1,5 @@
/**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -109,7 +109,7 @@ resource "google_dns_policy" "default" {
)
iterator = ns
content {
- ipv4_address = ns.key
+ ipv4_address = ns.value
forwarding_path = "private"
}
}
@@ -121,7 +121,7 @@ resource "google_dns_policy" "default" {
)
iterator = ns
content {
- ipv4_address = ns.key
+ ipv4_address = ns.value
}
}
}
diff --git a/tests/blueprints/apigee/hybrid-gke/basic.yaml b/tests/blueprints/apigee/hybrid-gke/basic.yaml
index 2db435daa..0bab56418 100644
--- a/tests/blueprints/apigee/hybrid-gke/basic.yaml
+++ b/tests/blueprints/apigee/hybrid-gke/basic.yaml
@@ -13,5 +13,5 @@
# limitations under the License.
counts:
- modules: 9
- resources: 37
+ modules: 17
+ resources: 59
diff --git a/tests/examples/conftest.py b/tests/examples/conftest.py
index 16863e26d..4d3d85ee6 100644
--- a/tests/examples/conftest.py
+++ b/tests/examples/conftest.py
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -21,7 +21,7 @@ import marko
FABRIC_ROOT = Path(__file__).parents[2]
-FILE_TEST_RE = re.compile(r'# tftest-file +id=(\w+) +path=([\S]+)')
+FILE_TEST_RE = re.compile(r'# tftest-file +id=([\w_.-]+) +path=([\S]+)')
Example = collections.namedtuple('Example', 'name code module files')
File = collections.namedtuple('File', 'path content')
diff --git a/tests/examples/test_plan.py b/tests/examples/test_plan.py
index 5f902cbe7..261276f73 100644
--- a/tests/examples/test_plan.py
+++ b/tests/examples/test_plan.py
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -18,7 +18,7 @@ from pathlib import Path
BASE_PATH = Path(__file__).parent
COUNT_TEST_RE = re.compile(r'# tftest +modules=(\d+) +resources=(\d+)' +
- r'(?: +files=([\w,-.]+))?' +
+ r'(?: +files=([\w,_-]+))?' +
r'(?: +inventory=([\w\-.]+))?')
diff --git a/tests/modules/api_gateway/examples/basic.yaml b/tests/modules/api_gateway/examples/basic.yaml
new file mode 100644
index 000000000..a17fc3ca4
--- /dev/null
+++ b/tests/modules/api_gateway/examples/basic.yaml
@@ -0,0 +1,42 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.gateway.google_api_gateway_api.api:
+ api_id: api
+ display_name: api
+ project: my-project
+ module.gateway.google_api_gateway_api_config.api_config:
+ api: api
+ gateway_config: []
+ grpc_services: []
+ labels: null
+ managed_service_configs: []
+ project: my-project
+ module.gateway.google_api_gateway_gateway.gateway:
+ display_name: gw-api
+ gateway_id: gw-api
+ labels: null
+ project: my-project
+ region: europe-west1
+ module.gateway.google_project_service.service:
+ disable_dependent_services: true
+ disable_on_destroy: true
+ project: my-project
+
+counts:
+ google_api_gateway_api: 1
+ google_api_gateway_api_config: 1
+ google_api_gateway_gateway: 1
+ google_project_service: 1
diff --git a/tests/modules/api_gateway/examples/create-sa.yaml b/tests/modules/api_gateway/examples/create-sa.yaml
new file mode 100644
index 000000000..2c8d7c763
--- /dev/null
+++ b/tests/modules/api_gateway/examples/create-sa.yaml
@@ -0,0 +1,90 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.gateway.google_api_gateway_api.api:
+ api_id: api
+ display_name: api
+ labels: null
+ project: my-project
+ module.gateway.google_api_gateway_api_config.api_config:
+ api: api
+ grpc_services: []
+ labels: null
+ managed_service_configs: []
+ project: my-project
+ module.gateway.google_api_gateway_api_config_iam_binding.api_config_iam_bindings["roles/apigateway.admin"]:
+ api: api
+ condition: []
+ members:
+ - user:mirene@google.com
+ project: my-project
+ role: roles/apigateway.admin
+ module.gateway.google_api_gateway_api_config_iam_binding.api_config_iam_bindings["roles/apigateway.viewer"]:
+ api: api
+ condition: []
+ members:
+ - user:mirene@google.com
+ project: my-project
+ role: roles/apigateway.viewer
+ module.gateway.google_api_gateway_api_iam_binding.api_iam_bindings["roles/apigateway.admin"]:
+ api: api
+ condition: []
+ members:
+ - user:mirene@google.com
+ project: my-project
+ role: roles/apigateway.admin
+ module.gateway.google_api_gateway_api_iam_binding.api_iam_bindings["roles/apigateway.viewer"]:
+ api: api
+ condition: []
+ members:
+ - user:mirene@google.com
+ project: my-project
+ role: roles/apigateway.viewer
+ module.gateway.google_api_gateway_gateway.gateway:
+ display_name: gw-api
+ gateway_id: gw-api
+ labels: null
+ project: my-project
+ region: europe-west1
+ module.gateway.google_api_gateway_gateway_iam_binding.gateway_iam_bindings["roles/apigateway.admin"]:
+ condition: []
+ gateway: gw-api
+ members:
+ - user:mirene@google.com
+ project: my-project
+ region: europe-west1
+ role: roles/apigateway.admin
+ module.gateway.google_api_gateway_gateway_iam_binding.gateway_iam_bindings["roles/apigateway.viewer"]:
+ condition: []
+ gateway: gw-api
+ members:
+ - user:mirene@google.com
+ project: my-project
+ region: europe-west1
+ role: roles/apigateway.viewer
+ module.gateway.google_project_service.service: {}
+ module.gateway.google_service_account.service_account[0]:
+ account_id: sa-api-cfg-api
+ project: my-project
+
+counts:
+ google_api_gateway_api: 1
+ google_api_gateway_api_config: 1
+ google_api_gateway_api_config_iam_binding: 2
+ google_api_gateway_api_iam_binding: 2
+ google_api_gateway_gateway: 1
+ google_api_gateway_gateway_iam_binding: 2
+ google_project_service: 1
+ google_service_account: 1
diff --git a/tests/modules/api_gateway/examples/existing-sa.yaml b/tests/modules/api_gateway/examples/existing-sa.yaml
new file mode 100644
index 000000000..f0befa79a
--- /dev/null
+++ b/tests/modules/api_gateway/examples/existing-sa.yaml
@@ -0,0 +1,71 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.gateway.google_api_gateway_api.api:
+ api_id: api
+ display_name: api
+ labels: null
+ project: my-project
+ module.gateway.google_api_gateway_api_config.api_config:
+ api: api
+ gateway_config:
+ - backend_config:
+ - google_service_account: sa@my-project.iam.gserviceaccount.com
+ grpc_services: []
+ labels: null
+ managed_service_configs: []
+ project: my-project
+ module.gateway.google_api_gateway_api_config_iam_binding.api_config_iam_bindings["roles/apigateway.admin"]:
+ api: api
+ api_config: api-cfg-api-8656c6040d6d9ba18a8b9b5f3955c223
+ condition: []
+ members:
+ - user:user@example.com
+ project: my-project
+ role: roles/apigateway.admin
+ module.gateway.google_api_gateway_api_iam_binding.api_iam_bindings["roles/apigateway.admin"]:
+ api: api
+ condition: []
+ members:
+ - user:user@example.com
+ project: my-project
+ role: roles/apigateway.admin
+ module.gateway.google_api_gateway_gateway.gateway:
+ display_name: gw-api
+ gateway_id: gw-api
+ labels: null
+ project: my-project
+ region: europe-west1
+ module.gateway.google_api_gateway_gateway_iam_binding.gateway_iam_bindings["roles/apigateway.admin"]:
+ condition: []
+ gateway: gw-api
+ members:
+ - user:user@example.com
+ project: my-project
+ region: europe-west1
+ role: roles/apigateway.admin
+ module.gateway.google_project_service.service:
+ disable_dependent_services: true
+ disable_on_destroy: true
+ project: my-project
+
+counts:
+ google_api_gateway_api: 1
+ google_api_gateway_api_config: 1
+ google_api_gateway_api_config_iam_binding: 1
+ google_api_gateway_api_iam_binding: 1
+ google_api_gateway_gateway: 1
+ google_api_gateway_gateway_iam_binding: 1
+ google_project_service: 1
diff --git a/tests/modules/api_gateway/fixture/main.tf b/tests/modules/api_gateway/fixture/main.tf
deleted file mode 100644
index d4cd134f2..000000000
--- a/tests/modules/api_gateway/fixture/main.tf
+++ /dev/null
@@ -1,26 +0,0 @@
-/**
- * Copyright 2022 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-module "gateway" {
- source = "../../../../modules/api-gateway"
- api_id = var.api_id
- project_id = var.project_id
- labels = var.labels
- iam = var.iam
- region = var.region
- spec = var.spec
- service_account_create = true
-}
diff --git a/tests/modules/api_gateway/fixture/variables.tf b/tests/modules/api_gateway/fixture/variables.tf
deleted file mode 100644
index 977af921d..000000000
--- a/tests/modules/api_gateway/fixture/variables.tf
+++ /dev/null
@@ -1,55 +0,0 @@
-/**
- * Copyright 2022 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-variable "api_id" {
- type = string
- default = "my-api"
-}
-
-variable "iam" {
- type = map(list(string))
- default = null
-}
-
-variable "labels" {
- type = map(string)
- default = null
-}
-
-variable "project_id" {
- type = string
- default = "my-project"
-}
-
-variable "region" {
- type = string
- default = "europe-west1"
-}
-
-variable "service_account_create" {
- type = bool
- default = true
-}
-
-variable "service_account_email" {
- type = string
- default = null
-}
-
-variable "spec" {
- type = string
- default = "Spec contents"
-}
diff --git a/tests/modules/dns/examples/forwarding-zone.yaml b/tests/modules/dns/examples/forwarding-zone.yaml
new file mode 100644
index 000000000..4a09114ee
--- /dev/null
+++ b/tests/modules/dns/examples/forwarding-zone.yaml
@@ -0,0 +1,34 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.private-dns.google_dns_managed_zone.non-public[0]:
+ dns_name: test.example.
+ forwarding_config:
+ - target_name_servers:
+ - forwarding_path: ''
+ ipv4_address: 10.0.1.1
+ - forwarding_path: private
+ ipv4_address: 1.2.3.4
+ name: test-example
+ private_visibility_config:
+ - gke_clusters: []
+ networks:
+ - network_url: projects/xxx/global/networks/aaa
+ project: myproject
+ visibility: private
+
+counts:
+ google_dns_managed_zone: 1
+
diff --git a/tests/modules/net_vpc/simple.yaml b/tests/modules/dns/examples/peering-zone.yaml
similarity index 53%
rename from tests/modules/net_vpc/simple.yaml
rename to tests/modules/dns/examples/peering-zone.yaml
index 004be7ecf..9f16adab6 100644
--- a/tests/modules/net_vpc/simple.yaml
+++ b/tests/modules/dns/examples/peering-zone.yaml
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -13,24 +13,22 @@
# limitations under the License.
values:
- google_compute_network.network[0]:
- auto_create_subnetworks: false
- delete_default_routes_on_create: false
- description: Terraform-managed.
- name: test
- project: test-project
- routing_mode: GLOBAL
+ module.private-dns.google_dns_managed_zone.non-public[0]:
+ description: Forwarding zone for .
+ dns_name: .
+ forwarding_config: []
+ name: test-example
+ peering_config:
+ - target_network:
+ - network_url: projects/xxx/global/networks/ccc
+ private_visibility_config:
+ - gke_clusters: []
+ networks:
+ - network_url: projects/xxx/global/networks/aaa
+ project: myproject
+ visibility: private
counts:
- google_compute_network: 1
+ google_dns_managed_zone: 1
-outputs:
- bindings: {}
- project_id: test-project
- subnet_ips: {}
- subnet_regions: {}
- subnet_secondary_ranges: {}
- subnet_self_links: {}
- subnets: {}
- subnets_proxy_only: {}
- subnets_psc: {}
+outputs: {}
diff --git a/tests/modules/dns/examples/private-zone.yaml b/tests/modules/dns/examples/private-zone.yaml
new file mode 100644
index 000000000..f64266450
--- /dev/null
+++ b/tests/modules/dns/examples/private-zone.yaml
@@ -0,0 +1,50 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.private-dns.google_dns_managed_zone.non-public[0]:
+ description: Terraform managed.
+ dns_name: test.example.
+ force_destroy: false
+ forwarding_config: []
+ name: test-example
+ peering_config: []
+ private_visibility_config:
+ - gke_clusters: []
+ networks:
+ - network_url: projects/xxx/global/networks/aaa
+ project: myproject
+ visibility: private
+ module.private-dns.google_dns_record_set.cloud-static-records["A localhost"]:
+ managed_zone: test-example
+ name: localhost.test.example.
+ project: myproject
+ routing_policy: []
+ rrdatas:
+ - 127.0.0.1
+ ttl: 300
+ type: A
+ module.private-dns.google_dns_record_set.cloud-static-records["A myhost"]:
+ managed_zone: test-example
+ name: myhost.test.example.
+ project: myproject
+ routing_policy: []
+ rrdatas:
+ - 10.0.0.120
+ ttl: 600
+ type: A
+
+counts:
+ google_dns_managed_zone: 1
+ google_dns_record_set: 2
diff --git a/tests/modules/dns/examples/public-zone.yaml b/tests/modules/dns/examples/public-zone.yaml
new file mode 100644
index 000000000..0f8067a76
--- /dev/null
+++ b/tests/modules/dns/examples/public-zone.yaml
@@ -0,0 +1,38 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.public-dns.google_dns_managed_zone.public[0]:
+ dns_name: example.com.
+ name: example
+ project: myproject
+ visibility: public
+ module.public-dns.google_dns_record_set.cloud-static-records["A myhost"]:
+ managed_zone: example
+ name: myhost.example.com.
+ project: myproject
+ routing_policy: []
+ rrdatas:
+ - 127.0.0.1
+ ttl: 300
+ type: A
+
+counts:
+ google_dns_keys: 1
+ google_dns_managed_zone: 1
+ google_dns_record_set: 1
+ modules: 1
+ resources: 3
+
+outputs: {}
diff --git a/tests/modules/net_vpc/data/factory-subnet.yaml b/tests/modules/dns/examples/reverse-zone.yaml
similarity index 62%
rename from tests/modules/net_vpc/data/factory-subnet.yaml
rename to tests/modules/dns/examples/reverse-zone.yaml
index d0f4bd8f1..17e76a12c 100644
--- a/tests/modules/net_vpc/data/factory-subnet.yaml
+++ b/tests/modules/dns/examples/reverse-zone.yaml
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,12 +12,16 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-region: europe-west1
-description: Sample description
-ip_cidr_range: 10.128.0.0/24
-enable_private_access: false
-iam_users: ["foobar@example.com"]
-iam_groups: ["lorem@example.com"]
-iam_service_accounts: ["foobar@project-id.iam.gserviceaccount.com"]
-secondary_ip_ranges:
- secondary-range-a: 192.168.128.0/24
+values:
+ module.private-dns.google_dns_managed_zone.non-public[0]:
+ description: Terraform managed.
+ dns_name: 0.0.10.in-addr.arpa.
+ name: test-example
+ project: myproject
+ reverse_lookup: true
+ visibility: private
+
+counts:
+ google_dns_managed_zone: 1
+
+outputs: {}
diff --git a/tests/modules/dns/examples/routing-policies.yaml b/tests/modules/dns/examples/routing-policies.yaml
new file mode 100644
index 000000000..45b19276c
--- /dev/null
+++ b/tests/modules/dns/examples/routing-policies.yaml
@@ -0,0 +1,80 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.private-dns.google_dns_managed_zone.non-public[0]:
+ dns_name: test.example.
+ name: test-example
+ project: myproject
+ module.private-dns.google_dns_record_set.cloud-geo-records["A geo"]:
+ managed_zone: test-example
+ name: geo.test.example.
+ project: myproject
+ routing_policy:
+ - enable_geo_fencing: null
+ geo:
+ - health_checked_targets: []
+ location: europe-west1
+ rrdatas:
+ - 10.0.0.1
+ - health_checked_targets: []
+ location: europe-west2
+ rrdatas:
+ - 10.0.0.2
+ - health_checked_targets: []
+ location: europe-west3
+ rrdatas:
+ - 10.0.0.3
+ primary_backup: []
+ wrr: []
+ rrdatas: null
+ ttl: 300
+ type: A
+ module.private-dns.google_dns_record_set.cloud-static-records["A regular"]:
+ managed_zone: test-example
+ name: regular.test.example.
+ project: myproject
+ routing_policy: []
+ rrdatas:
+ - 10.20.0.1
+ ttl: 300
+ type: A
+ module.private-dns.google_dns_record_set.cloud-wrr-records["A wrr"]:
+ managed_zone: test-example
+ name: wrr.test.example.
+ project: myproject
+ routing_policy:
+ - enable_geo_fencing: null
+ geo: []
+ primary_backup: []
+ wrr:
+ - health_checked_targets: []
+ rrdatas:
+ - 10.10.0.1
+ weight: 0.6
+ - health_checked_targets: []
+ rrdatas:
+ - 10.10.0.2
+ weight: 0.2
+ - health_checked_targets: []
+ rrdatas:
+ - 10.10.0.3
+ weight: 0.2
+ rrdatas: null
+ ttl: 600
+ type: A
+
+counts:
+ google_dns_managed_zone: 1
+ google_dns_record_set: 3
diff --git a/tests/modules/dns/fixture/variables.tf b/tests/modules/dns/fixture/variables.tf
deleted file mode 100644
index 8e55a287a..000000000
--- a/tests/modules/dns/fixture/variables.tf
+++ /dev/null
@@ -1,62 +0,0 @@
-/**
- * Copyright 2022 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-variable "client_networks" {
- type = list(string)
- default = [
- "https://www.googleapis.com/compute/v1/projects/my-project/global/networks/default"
- ]
-}
-
-variable "forwarders" {
- type = map(string)
- default = {}
-}
-
-variable "peer_network" {
- type = string
- default = null
-}
-
-variable "recordsets" {
- type = any
- default = {
- "A localhost" = { ttl = 300, records = ["127.0.0.1"] }
- "A local-host.test.example." = { ttl = 300, records = ["127.0.0.2"] }
- "CNAME *" = { ttl = 300, records = ["localhost.example.org."] }
- "A " = { ttl = 300, records = ["127.0.0.3"] }
- "A geo" = {
- geo_routing = [
- { location = "europe-west1", records = ["127.0.0.4"] },
- { location = "europe-west2", records = ["127.0.0.5"] },
- { location = "europe-west3", records = ["127.0.0.6"] }
- ]
- }
- "A wrr" = {
- ttl = 600
- wrr_routing = [
- { weight = 0.6, records = ["127.0.0.7"] },
- { weight = 0.2, records = ["127.0.0.8"] },
- { weight = 0.2, records = ["127.0.0.9"] }
- ]
- }
- }
-}
-
-variable "type" {
- type = string
- default = "private"
-}
diff --git a/tests/modules/dns/no_clients.tfvars b/tests/modules/dns/no_clients.tfvars
new file mode 100644
index 000000000..97b722734
--- /dev/null
+++ b/tests/modules/dns/no_clients.tfvars
@@ -0,0 +1,5 @@
+type = "private"
+domain = "test.example."
+name = "test"
+project_id = "my-project"
+client_networks = []
diff --git a/tests/modules/gcs/iam.yaml b/tests/modules/dns/no_clients.yaml
similarity index 65%
rename from tests/modules/gcs/iam.yaml
rename to tests/modules/dns/no_clients.yaml
index 8a85a4bd6..42f628c9c 100644
--- a/tests/modules/gcs/iam.yaml
+++ b/tests/modules/dns/no_clients.yaml
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -13,18 +13,13 @@
# limitations under the License.
values:
- google_storage_bucket.bucket:
+ google_dns_managed_zone.non-public[0]:
+ dns_name: test.example.
name: test
-
- google_storage_bucket_iam_binding.bindings["roles/storage.admin"]:
- bucket: test
- condition: []
- members:
- - user:a@example.org
- role: roles/storage.admin
+ private_visibility_config: []
+ visibility: private
counts:
- google_storage_bucket: 1
- google_storage_bucket_iam_binding: 1
+ google_dns_managed_zone: 1
modules: 0
- resources: 2
+ resources: 1
diff --git a/tests/modules/dns/null_forwarders.tfvars b/tests/modules/dns/null_forwarders.tfvars
new file mode 100644
index 000000000..4514d6395
--- /dev/null
+++ b/tests/modules/dns/null_forwarders.tfvars
@@ -0,0 +1,4 @@
+type = "forwarding"
+domain = "test.example."
+name = "test"
+project_id = "my-project"
diff --git a/tests/modules/net_vpc/data/factory-subnet2.yaml b/tests/modules/dns/null_forwarders.yaml
similarity index 79%
rename from tests/modules/net_vpc/data/factory-subnet2.yaml
rename to tests/modules/dns/null_forwarders.yaml
index e110c1625..bbe637fc2 100644
--- a/tests/modules/net_vpc/data/factory-subnet2.yaml
+++ b/tests/modules/dns/null_forwarders.yaml
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,6 +12,9 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-region: europe-west4
-description: Sample description
-ip_cidr_range: 10.129.0.0/24
+values:
+ google_dns_managed_zone.non-public[0]:
+ forwarding_config: []
+
+counts:
+ google_dns_managed_zone: 1
diff --git a/tests/modules/dns/test_plan.py b/tests/modules/dns/test_plan.py
deleted file mode 100644
index 5cc1ba709..000000000
--- a/tests/modules/dns/test_plan.py
+++ /dev/null
@@ -1,138 +0,0 @@
-# Copyright 2022 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-def test_private(plan_runner):
- "Test private zone with three recordsets."
- _, resources = plan_runner()
- assert len(resources) == 7
- assert set(r['type'] for r in resources) == {
- 'google_dns_record_set', 'google_dns_managed_zone'
- }
- for r in resources:
- if r['type'] != 'google_dns_managed_zone':
- continue
- assert r['values']['visibility'] == 'private'
- assert len(r['values']['private_visibility_config']) == 1
-
-
-def test_private_recordsets(plan_runner):
- "Test recordsets in private zone."
- _, resources = plan_runner()
- recordsets = [
- r['values'] for r in resources if r['type'] == 'google_dns_record_set'
- ]
-
- assert set(r['name'] for r in recordsets) == {
- 'localhost.test.example.', 'local-host.test.example.', '*.test.example.',
- "test.example.", "geo.test.example.", "wrr.test.example."
- }
-
- for r in recordsets:
- if r['name'] not in ['wrr.test.example.', 'geo.test.example.']:
- assert r['routing_policy'] == []
- assert r['rrdatas'] != []
-
-
-def test_routing_policies(plan_runner):
- "Test recordsets with routing policies."
- _, resources = plan_runner()
- recordsets = [
- r['values'] for r in resources if r['type'] == 'google_dns_record_set'
- ]
- geo_zone = [
- r['values'] for r in resources if r['address'] ==
- 'module.test.google_dns_record_set.cloud-geo-records["A geo"]'
- ][0]
- assert geo_zone['name'] == 'geo.test.example.'
- assert geo_zone['routing_policy'][0]['wrr'] == []
- geo_policy = geo_zone['routing_policy'][0]['geo']
- assert geo_policy[0]['location'] == 'europe-west1'
- assert geo_policy[0]['rrdatas'] == ['127.0.0.4']
- assert geo_policy[1]['location'] == 'europe-west2'
- assert geo_policy[1]['rrdatas'] == ['127.0.0.5']
- assert geo_policy[2]['location'] == 'europe-west3'
- assert geo_policy[2]['rrdatas'] == ['127.0.0.6']
-
- wrr_zone = [
- r['values'] for r in resources if r['address'] ==
- 'module.test.google_dns_record_set.cloud-wrr-records["A wrr"]'
- ][0]
- assert wrr_zone['name'] == 'wrr.test.example.'
- wrr_policy = wrr_zone['routing_policy'][0]['wrr']
- assert wrr_policy[0]['weight'] == 0.6
- assert wrr_policy[0]['rrdatas'] == ['127.0.0.7']
- assert wrr_policy[1]['weight'] == 0.2
- assert wrr_policy[1]['rrdatas'] == ['127.0.0.8']
- assert wrr_policy[2]['weight'] == 0.2
- assert wrr_policy[2]['rrdatas'] == ['127.0.0.9']
- assert wrr_zone['routing_policy'][0]['geo'] == []
-
-
-def test_private_no_networks(plan_runner):
- "Test private zone not exposed to any network."
- _, resources = plan_runner(client_networks='[]')
- for r in resources:
- if r['type'] != 'google_dns_managed_zone':
- continue
- assert r['values']['visibility'] == 'private'
- assert len(r['values']['private_visibility_config']) == 0
-
-
-def test_forwarding_recordsets_null_forwarders(plan_runner):
- "Test forwarding zone with wrong set of attributes does not break."
- _, resources = plan_runner(type='forwarding')
- assert len(resources) == 1
- resource = resources[0]
- assert resource['type'] == 'google_dns_managed_zone'
- assert resource['values']['forwarding_config'] == []
-
-
-def test_forwarding(plan_runner):
- "Test forwarding zone with single forwarder."
- _, resources = plan_runner(type='forwarding', recordsets='null',
- forwarders='{ "1.2.3.4" = null }')
- assert len(resources) == 1
- resource = resources[0]
- assert resource['type'] == 'google_dns_managed_zone'
- assert resource['values']['forwarding_config'] == [{
- 'target_name_servers': [{
- 'forwarding_path': '',
- 'ipv4_address': '1.2.3.4'
- }]
- }]
-
-
-def test_peering(plan_runner):
- "Test peering zone."
- _, resources = plan_runner(type='peering', recordsets='null',
- peer_network='dummy-vpc-self-link')
- assert len(resources) == 1
- resource = resources[0]
- assert resource['type'] == 'google_dns_managed_zone'
- assert resource['values']['peering_config'] == [{
- 'target_network': [{
- 'network_url': 'dummy-vpc-self-link'
- }]
- }]
-
-
-def test_public(plan_runner):
- "Test public zone with two recordsets."
- _, resources = plan_runner(type='public')
- for r in resources:
- if r['type'] != 'google_dns_managed_zone':
- continue
- assert r['values']['visibility'] == 'public'
- assert r['values']['private_visibility_config'] == []
diff --git a/tests/modules/gcs/tftest.yaml b/tests/modules/dns/tftest.yaml
similarity index 84%
rename from tests/modules/gcs/tftest.yaml
rename to tests/modules/dns/tftest.yaml
index 22337d18d..5172a013b 100644
--- a/tests/modules/gcs/tftest.yaml
+++ b/tests/modules/dns/tftest.yaml
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,9 +12,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-module: modules/gcs
-common_tfvars:
- - common.tfvars
+module: modules/dns
+
tests:
- prefix:
- iam:
+ no_clients:
+ null_forwarders:
diff --git a/tests/modules/gcs/common.tfvars b/tests/modules/gcs/common.tfvars
deleted file mode 100644
index 5bab53b25..000000000
--- a/tests/modules/gcs/common.tfvars
+++ /dev/null
@@ -1,13 +0,0 @@
-force_destroy = true
-labels = { environment = "test" }
-logging_config = {
- log_bucket = "foo"
-}
-name = "test"
-project_id = "test-project"
-retention_policy = {
- retention_period = 5
- is_locked = false
-}
-storage_class = "MULTI_REGIONAL"
-versioning = true
diff --git a/tests/modules/api_gateway/test_plan.py b/tests/modules/gcs/examples/cmek.yaml
similarity index 71%
rename from tests/modules/api_gateway/test_plan.py
rename to tests/modules/gcs/examples/cmek.yaml
index 18ecdd329..ee92a5d22 100644
--- a/tests/modules/api_gateway/test_plan.py
+++ b/tests/modules/gcs/examples/cmek.yaml
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -12,8 +12,12 @@
# See the License for the specific language governing permissions and
# limitations under the License.
+values:
+ module.bucket.google_storage_bucket.bucket:
+ encryption:
+ - default_kms_key_name: my-encryption-key
+ name: my-bucket
+ project: myproject
-def test_resource_count(plan_runner):
- "Test number of resources created."
- _, resources = plan_runner()
- assert len(resources) == 5
+counts:
+ google_storage_bucket: 1
diff --git a/tests/modules/gcs/prefix.yaml b/tests/modules/gcs/examples/lifecycle.yaml
similarity index 51%
rename from tests/modules/gcs/prefix.yaml
rename to tests/modules/gcs/examples/lifecycle.yaml
index 6baee4a15..69eeea41f 100644
--- a/tests/modules/gcs/prefix.yaml
+++ b/tests/modules/gcs/examples/lifecycle.yaml
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -13,32 +13,26 @@
# limitations under the License.
values:
- google_storage_bucket.bucket:
- force_destroy: true
- labels:
- environment: test
- location: EU
- logging:
- - log_bucket: foo
- name: foo-test
- project: test-project
- retention_policy:
- - is_locked: false
- retention_period: 5
- storage_class: MULTI_REGIONAL
- uniform_bucket_level_access: true
- versioning:
- - enabled: true
+ module.bucket.google_storage_bucket.bucket:
+ lifecycle_rule:
+ - action:
+ - storage_class: STANDARD
+ type: SetStorageClass
+ condition:
+ - age: 30
+ created_before: ''
+ custom_time_before: ''
+ days_since_custom_time: null
+ days_since_noncurrent_time: null
+ matches_prefix: []
+ matches_storage_class: []
+ matches_suffix: []
+ noncurrent_time_before: ''
+ num_newer_versions: null
+ name: my-bucket
+ project: myproject
counts:
google_storage_bucket: 1
- modules: 0
- resources: 1
-outputs:
- bucket: __missing__
- id: foo-test
- name: foo-test
- notification: null
- topic: null
- url: __missing__
+outputs: {}
diff --git a/tests/modules/gcs/examples/notification.yaml b/tests/modules/gcs/examples/notification.yaml
new file mode 100644
index 000000000..9536e89b4
--- /dev/null
+++ b/tests/modules/gcs/examples/notification.yaml
@@ -0,0 +1,31 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.bucket-gcs-notification.google_pubsub_topic.topic[0]: {}
+ module.bucket-gcs-notification.google_pubsub_topic_iam_binding.binding[0]: {}
+ module.bucket-gcs-notification.google_storage_bucket.bucket:
+ name: my-bucket
+ project: myproject
+ module.bucket-gcs-notification.google_storage_notification.notification[0]:
+ bucket: my-bucket
+ event_types:
+ - OBJECT_FINALIZE
+ payload_format: JSON_API_V1
+
+counts:
+ google_pubsub_topic: 1
+ google_pubsub_topic_iam_binding: 1
+ google_storage_bucket: 1
+ google_storage_notification: 1
diff --git a/tests/modules/gcs/examples/retention-logging.yaml b/tests/modules/gcs/examples/retention-logging.yaml
new file mode 100644
index 000000000..962414207
--- /dev/null
+++ b/tests/modules/gcs/examples/retention-logging.yaml
@@ -0,0 +1,26 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.bucket.google_storage_bucket.bucket:
+ logging:
+ - log_bucket: log-bucket
+ name: my-bucket
+ project: myproject
+ retention_policy:
+ - is_locked: true
+ retention_period: 100
+
+counts:
+ google_storage_bucket: 1
diff --git a/tests/modules/gcs/examples/simple.yaml b/tests/modules/gcs/examples/simple.yaml
new file mode 100644
index 000000000..bc2630b87
--- /dev/null
+++ b/tests/modules/gcs/examples/simple.yaml
@@ -0,0 +1,46 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.bucket.google_storage_bucket.bucket:
+ autoclass: []
+ cors: []
+ custom_placement_config: []
+ default_event_based_hold: null
+ encryption: []
+ force_destroy: false
+ labels:
+ cost-center: devops
+ lifecycle_rule: []
+ location: EU
+ logging: []
+ name: test-my-bucket
+ project: myproject
+ requester_pays: null
+ retention_policy: []
+ storage_class: MULTI_REGIONAL
+ timeouts: null
+ uniform_bucket_level_access: true
+ versioning:
+ - enabled: true
+ module.bucket.google_storage_bucket_iam_binding.bindings["roles/storage.admin"]:
+ bucket: test-my-bucket
+ condition: []
+ members:
+ - group:storage@example.com
+ role: roles/storage.admin
+
+counts:
+ google_storage_bucket: 1
+ google_storage_bucket_iam_binding: 1
diff --git a/tests/modules/gcs/iam.tfvars b/tests/modules/gcs/iam.tfvars
deleted file mode 100644
index cfb3a0148..000000000
--- a/tests/modules/gcs/iam.tfvars
+++ /dev/null
@@ -1,3 +0,0 @@
-iam = {
- "roles/storage.admin" = ["user:a@example.org"]
-}
diff --git a/tests/modules/gcs/prefix.tfvars b/tests/modules/gcs/prefix.tfvars
deleted file mode 100644
index 0031d561d..000000000
--- a/tests/modules/gcs/prefix.tfvars
+++ /dev/null
@@ -1 +0,0 @@
-prefix = "foo"
diff --git a/tests/modules/gke_cluster/examples/autopilot.yaml b/tests/modules/gke_cluster/examples/autopilot.yaml
new file mode 100644
index 000000000..0a5380dbb
--- /dev/null
+++ b/tests/modules/gke_cluster/examples/autopilot.yaml
@@ -0,0 +1,32 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.cluster-autopilot.google_container_cluster.cluster:
+ enable_autopilot: true
+ ip_allocation_policy:
+ - cluster_secondary_range_name: pods
+ services_secondary_range_name: services
+ location: europe-west1-b
+ master_authorized_networks_config:
+ - cidr_blocks:
+ - cidr_block: 10.0.0.0/8
+ display_name: internal-vms
+ name: cluster-autopilot
+ network: projects/xxx/global/networks/aaa
+ project: myproject
+ subnetwork: subnet_self_link
+
+counts:
+ google_container_cluster: 1
diff --git a/tests/modules/gke_cluster/examples/basic.yaml b/tests/modules/gke_cluster/examples/basic.yaml
new file mode 100644
index 000000000..fe6648c8d
--- /dev/null
+++ b/tests/modules/gke_cluster/examples/basic.yaml
@@ -0,0 +1,42 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.cluster-1.google_container_cluster.cluster:
+ default_max_pods_per_node: 32
+ ip_allocation_policy:
+ - cluster_secondary_range_name: pods
+ services_secondary_range_name: services
+ location: europe-west1-b
+ master_authorized_networks_config:
+ - cidr_blocks:
+ - cidr_block: 10.0.0.0/8
+ display_name: internal-vms
+ name: cluster-1
+ network: projects/xxx/global/networks/aaa
+ private_cluster_config:
+ - enable_private_endpoint: true
+ enable_private_nodes: true
+ master_global_access_config:
+ - enabled: false
+ master_ipv4_cidr_block: 192.168.0.0/28
+ private_endpoint_subnetwork: null
+ project: myproject
+ remove_default_node_pool: true
+ resource_labels:
+ environment: dev
+ subnetwork: subnet_self_link
+
+counts:
+ google_container_cluster: 1
diff --git a/tests/modules/gke_cluster/examples/dataplane-v2.yaml b/tests/modules/gke_cluster/examples/dataplane-v2.yaml
new file mode 100644
index 000000000..ef7ca642f
--- /dev/null
+++ b/tests/modules/gke_cluster/examples/dataplane-v2.yaml
@@ -0,0 +1,45 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.cluster-1.google_container_cluster.cluster:
+ datapath_provider: ADVANCED_DATAPATH
+ ip_allocation_policy:
+ - cluster_secondary_range_name: pods
+ services_secondary_range_name: services
+ location: europe-west1-b
+ master_authorized_networks_config:
+ - cidr_blocks:
+ - cidr_block: 10.0.0.0/8
+ display_name: internal-vms
+ min_master_version: null
+ name: cluster-dataplane-v2
+ network: projects/xxx/global/networks/aaa
+ private_cluster_config:
+ - enable_private_endpoint: true
+ enable_private_nodes: true
+ master_global_access_config:
+ - enabled: false
+ master_ipv4_cidr_block: 192.168.0.0/28
+ private_endpoint_subnetwork: null
+ project: myproject
+ remove_default_node_pool: true
+ resource_labels:
+ environment: dev
+ subnetwork: subnet_self_link
+ workload_identity_config:
+ - workload_pool: myproject.svc.id.goog
+
+counts:
+ google_container_cluster: 1
diff --git a/tests/modules/gke_cluster/fixture/variables.tf b/tests/modules/gke_cluster/fixture/variables.tf
deleted file mode 100644
index 2104e452b..000000000
--- a/tests/modules/gke_cluster/fixture/variables.tf
+++ /dev/null
@@ -1,43 +0,0 @@
-/**
- * Copyright 2022 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-variable "enable_addons" {
- type = any
- default = {
- horizontal_pod_autoscaling = true
- http_load_balancing = true
- }
-}
-
-variable "enable_features" {
- type = any
- default = {
- workload_identity = true
- }
-}
-
-variable "monitoring_config" {
- type = any
- default = {
- managed_prometheus = true
- }
-}
-
-variable "tags" {
- description = "Network tags applied to nodes."
- type = list(string)
- default = null
-}
diff --git a/tests/modules/gke_cluster/test_plan.py b/tests/modules/gke_cluster/test_plan.py
deleted file mode 100644
index acd97bede..000000000
--- a/tests/modules/gke_cluster/test_plan.py
+++ /dev/null
@@ -1,38 +0,0 @@
-# Copyright 2022 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-def test_standard(plan_runner):
- "Test resources created with variable defaults."
- _, resources = plan_runner()
- assert len(resources) == 1
-
- cluster_config = resources[0]['values']
- assert cluster_config['name'] == "cluster-1"
- assert cluster_config['network'] == "mynetwork"
- assert cluster_config['subnetwork'] == "mysubnet"
- assert cluster_config['enable_autopilot'] is None
- # assert 'service_account' not in node_config
-
-
-def test_autopilot(plan_runner):
- "Test resources created with variable defaults."
- _, resources = plan_runner(enable_features='{ autopilot=true }')
- assert len(resources) == 1
- cluster_config = resources[0]['values']
- assert cluster_config['name'] == "cluster-1"
- assert cluster_config['network'] == "mynetwork"
- assert cluster_config['subnetwork'] == "mysubnet"
- assert cluster_config['enable_autopilot'] == True
- # assert 'service_account' not in node_config
diff --git a/tests/modules/gke_nodepool/examples/basic.yaml b/tests/modules/gke_nodepool/examples/basic.yaml
new file mode 100644
index 000000000..010b98cda
--- /dev/null
+++ b/tests/modules/gke_nodepool/examples/basic.yaml
@@ -0,0 +1,23 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.cluster-1-nodepool-1.google_container_node_pool.nodepool:
+ cluster: cluster-1
+ location: europe-west1-b
+ name: nodepool-1
+ project: myproject
+
+counts:
+ google_container_node_pool: 1
diff --git a/tests/modules/gke_nodepool/examples/config.yaml b/tests/modules/gke_nodepool/examples/config.yaml
new file mode 100644
index 000000000..fc1682a82
--- /dev/null
+++ b/tests/modules/gke_nodepool/examples/config.yaml
@@ -0,0 +1,60 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.cluster-1-nodepool-1.google_container_node_pool.nodepool:
+ autoscaling:
+ - location_policy: null
+ max_node_count: 10
+ min_node_count: 1
+ total_max_node_count: null
+ total_min_node_count: null
+ cluster: cluster-1
+ initial_node_count: 1
+ location: europe-west1-b
+ management:
+ - auto_repair: true
+ auto_upgrade: false
+ name: nodepool-1
+ node_config:
+ - boot_disk_kms_key: null
+ disk_size_gb: 50
+ disk_type: pd-ssd
+ ephemeral_storage_config:
+ - local_ssd_count: 1
+ gcfs_config: []
+ gvnic: []
+ kubelet_config: []
+ labels:
+ environment: dev
+ linux_node_config: []
+ logging_variant: DEFAULT
+ machine_type: n2-standard-2
+ node_group: null
+ oauth_scopes:
+ - https://www.googleapis.com/auth/cloud-platform
+ preemptible: false
+ reservation_affinity: []
+ resource_labels: null
+ sandbox_config: []
+ spot: true
+ tags: null
+ taint: []
+ placement_policy: []
+ project: myproject
+ module.cluster-1-nodepool-1.google_service_account.service_account[0]: {}
+
+counts:
+ google_container_node_pool: 1
+ google_service_account: 1
diff --git a/tests/modules/gke_nodepool/examples/create-sa.yaml b/tests/modules/gke_nodepool/examples/create-sa.yaml
new file mode 100644
index 000000000..df1f2f708
--- /dev/null
+++ b/tests/modules/gke_nodepool/examples/create-sa.yaml
@@ -0,0 +1,52 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.cluster-1-nodepool-1.google_container_node_pool.nodepool:
+ cluster: cluster-1
+ location: europe-west1-b
+ name: nodepool-1
+ node_config:
+ - boot_disk_kms_key: null
+ disk_type: pd-balanced
+ ephemeral_storage_config: []
+ gcfs_config: []
+ gvnic: []
+ kubelet_config: []
+ linux_node_config: []
+ logging_variant: DEFAULT
+ node_group: null
+ oauth_scopes:
+ - https://www.googleapis.com/auth/cloud-platform
+ preemptible: false
+ reservation_affinity: []
+ resource_labels: null
+ sandbox_config: []
+ spot: false
+ tags: null
+ taint: []
+ placement_policy: []
+ project: myproject
+ timeouts: null
+ module.cluster-1-nodepool-1.google_service_account.service_account[0]:
+ account_id: spam-eggs
+ description: null
+ disabled: false
+ display_name: Terraform GKE cluster-1 nodepool-1.
+ project: myproject
+ timeouts: null
+
+counts:
+ google_container_node_pool: 1
+ google_service_account: 1
diff --git a/tests/modules/gke_nodepool/examples/external-sa.yaml b/tests/modules/gke_nodepool/examples/external-sa.yaml
new file mode 100644
index 000000000..059593215
--- /dev/null
+++ b/tests/modules/gke_nodepool/examples/external-sa.yaml
@@ -0,0 +1,43 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.cluster-1-nodepool-1.google_container_node_pool.nodepool:
+ cluster: cluster-1
+ location: europe-west1-b
+ name: nodepool-1
+ node_config:
+ - boot_disk_kms_key: null
+ disk_type: pd-balanced
+ ephemeral_storage_config: []
+ gcfs_config: []
+ gvnic: []
+ kubelet_config: []
+ linux_node_config: []
+ logging_variant: DEFAULT
+ node_group: null
+ oauth_scopes:
+ - https://www.googleapis.com/auth/cloud-platform
+ preemptible: false
+ reservation_affinity: []
+ resource_labels: null
+ sandbox_config: []
+ service_account: foo-bar@myproject.iam.gserviceaccount.com
+ spot: false
+ tags: null
+ taint: []
+ project: myproject
+
+counts:
+ google_container_node_pool: 1
diff --git a/tests/modules/gke_nodepool/fixture/main.tf b/tests/modules/gke_nodepool/fixture/main.tf
deleted file mode 100644
index 4ee274828..000000000
--- a/tests/modules/gke_nodepool/fixture/main.tf
+++ /dev/null
@@ -1,45 +0,0 @@
-/**
- * Copyright 2022 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-resource "google_service_account" "test" {
- project = "my-project"
- account_id = "gke-nodepool-test"
- display_name = "Test Service Account"
-}
-
-module "test" {
- source = "../../../../modules/gke-nodepool"
- project_id = "my-project"
- cluster_name = "cluster-1"
- location = "europe-west1-b"
- name = "nodepool-1"
- gke_version = var.gke_version
- labels = var.labels
- max_pods_per_node = var.max_pods_per_node
- node_config = var.node_config
- node_count = var.node_count
- node_locations = var.node_locations
- nodepool_config = var.nodepool_config
- pod_range = var.pod_range
- reservation_affinity = var.reservation_affinity
- service_account = {
- create = var.service_account_create
- email = google_service_account.test.email
- }
- sole_tenant_nodegroup = var.sole_tenant_nodegroup
- tags = var.tags
- taints = var.taints
-}
diff --git a/tests/modules/gke_nodepool/fixture/variables.tf b/tests/modules/gke_nodepool/fixture/variables.tf
deleted file mode 100644
index 18376ec53..000000000
--- a/tests/modules/gke_nodepool/fixture/variables.tf
+++ /dev/null
@@ -1,86 +0,0 @@
-/**
- * Copyright 2022 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-variable "gke_version" {
- type = string
- default = null
-}
-
-variable "labels" {
- type = map(string)
- default = {}
- nullable = false
-}
-
-variable "max_pods_per_node" {
- type = number
- default = null
-}
-
-variable "node_config" {
- type = any
- default = {
- disk_type = "pd-balanced"
- }
-}
-
-variable "node_count" {
- type = any
- default = {
- initial = 1
- }
- nullable = false
-}
-
-variable "node_locations" {
- type = list(string)
- default = null
-}
-
-variable "nodepool_config" {
- type = any
- default = null
-}
-
-variable "pod_range" {
- type = any
- default = null
-}
-
-variable "reservation_affinity" {
- type = any
- default = null
-}
-
-variable "service_account_create" {
- type = bool
- default = false
-}
-
-variable "sole_tenant_nodegroup" {
- type = string
- default = null
-}
-
-variable "tags" {
- type = list(string)
- default = null
-}
-
-variable "taints" {
- type = any
- default = null
-}
diff --git a/tests/modules/gke_nodepool/test_plan.py b/tests/modules/gke_nodepool/test_plan.py
deleted file mode 100644
index 75d1cc14b..000000000
--- a/tests/modules/gke_nodepool/test_plan.py
+++ /dev/null
@@ -1,67 +0,0 @@
-# Copyright 2022 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-def test_defaults(plan_runner):
- "Test resources created with variable defaults."
- _, resources = plan_runner()
- assert len(resources) == 1
- assert resources[0]['values']['autoscaling'] == []
-
-
-def test_service_account(plan_runner):
- _, resources = plan_runner()
- assert len(resources) == 1
- _, resources = plan_runner(service_account_create='true')
- assert len(resources) == 2
- assert 'google_service_account' in [r['type'] for r in resources]
-
-
-def test_nodepool_config(plan_runner):
- nodepool_config = '''{
- autoscaling = { use_total_nodes = true, max_node_count = 3}
- management = {}
- upgrade_settings = { max_surge = 3, max_unavailable = 3 }
- }'''
- _, resources = plan_runner(nodepool_config=nodepool_config)
- assert resources[0]['values']['autoscaling'] == [{
- 'location_policy': None,
- 'max_node_count': None,
- 'min_node_count': None,
- 'total_max_node_count': 3,
- 'total_min_node_count': None
- }]
- nodepool_config = '{ autoscaling = { max_node_count = 3} }'
- _, resources = plan_runner(nodepool_config=nodepool_config)
- assert resources[0]['values']['autoscaling'] == [{
- 'location_policy': None,
- 'max_node_count': 3,
- 'min_node_count': None,
- 'total_max_node_count': None,
- 'total_min_node_count': None
- }]
-
-
-def test_node_config(plan_runner):
- node_config = '''{
- gcfs = true
- metadata = { foo = "bar" }
- }'''
- _, resources = plan_runner(node_config=node_config)
- values = resources[0]['values']['node_config'][0]
- assert values['gcfs_config'] == [{'enabled': True}]
- assert values['metadata'] == {
- 'disable-legacy-endpoints': 'true',
- 'foo': 'bar'
- }
diff --git a/tests/modules/net_vpc/examples/dns-policies.yaml b/tests/modules/net_vpc/examples/dns-policies.yaml
new file mode 100644
index 000000000..a30d6408a
--- /dev/null
+++ b/tests/modules/net_vpc/examples/dns-policies.yaml
@@ -0,0 +1,42 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.vpc.google_compute_network.network[0]:
+ name: my-network
+ project: my-project
+ module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]: {}
+ module.vpc.google_dns_policy.default[0]:
+ alternative_name_server_config:
+ - target_name_servers:
+ - forwarding_path: ''
+ ipv4_address: '8.8.8.8'
+ - forwarding_path: private
+ ipv4_address: '10.0.0.1'
+ description: Managed by Terraform
+ enable_inbound_forwarding: true
+ enable_logging: null
+ name: my-network
+ networks:
+ - {}
+ project: my-project
+
+counts:
+ google_compute_network: 1
+ google_compute_subnetwork: 1
+ google_dns_policy: 1
+ modules: 1
+ resources: 3
+
+outputs: {}
diff --git a/tests/modules/net_vpc/examples/factory.yaml b/tests/modules/net_vpc/examples/factory.yaml
new file mode 100644
index 000000000..48671c292
--- /dev/null
+++ b/tests/modules/net_vpc/examples/factory.yaml
@@ -0,0 +1,50 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.vpc.google_compute_network.network[0]:
+ name: my-network
+ project: my-project
+ routing_mode: GLOBAL
+ module.vpc.google_compute_subnetwork.subnetwork["europe-west1/subnet-detailed"]:
+ description: Sample description
+ ip_cidr_range: 10.0.0.0/24
+ log_config:
+ - aggregation_interval: INTERVAL_5_SEC
+ filter_expr: 'true'
+ flow_sampling: 0.5
+ metadata: INCLUDE_ALL_METADATA
+ metadata_fields: null
+ name: subnet-detailed
+ private_ip_google_access: false
+ project: my-project
+ region: europe-west1
+ role: null
+ secondary_ip_range:
+ - ip_cidr_range: 192.168.0.0/24
+ range_name: secondary-range-a
+ module.vpc.google_compute_subnetwork.subnetwork["europe-west4/subnet-simple"]:
+ description: Terraform-managed.
+ ip_cidr_range: 10.0.1.0/24
+ log_config: []
+ name: subnet-simple
+ private_ip_google_access: true
+ project: my-project
+ region: europe-west4
+ role: null
+ secondary_ip_range: []
+
+counts:
+ google_compute_network: 1
+ google_compute_subnetwork: 2
diff --git a/tests/modules/net_vpc/peering.yaml b/tests/modules/net_vpc/examples/peering.yaml
similarity index 50%
rename from tests/modules/net_vpc/peering.yaml
rename to tests/modules/net_vpc/examples/peering.yaml
index 8d0bbed71..937ce1445 100644
--- a/tests/modules/net_vpc/peering.yaml
+++ b/tests/modules/net_vpc/examples/peering.yaml
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -13,35 +13,22 @@
# limitations under the License.
values:
- google_compute_network.network[0]:
- auto_create_subnetworks: false
- delete_default_routes_on_create: false
- description: Terraform-managed.
- name: test
- project: test-project
- routing_mode: GLOBAL
- google_compute_network_peering.local[0]:
- export_custom_routes: true
- import_custom_routes: false
- name: test-peer
- peer_network: projects/my-project/global/networks/peer
- google_compute_network_peering.remote[0]:
+ module.vpc-hub.google_compute_network.network[0]: {}
+ module.vpc-spoke-1.google_compute_network.network[0]: {}
+ module.vpc-hub.google_compute_subnetwork.subnetwork["europe-west1/subnet-1"]: {}
+ module.vpc-spoke-1.google_compute_subnetwork.subnetwork["europe-west1/subnet-2"]: {}
+ module.vpc-spoke-1.google_compute_network_peering.local[0]:
export_custom_routes: false
+ export_subnet_routes_with_public_ip: true
import_custom_routes: true
- name: peer-test
- network: projects/my-project/global/networks/peer
+ import_subnet_routes_with_public_ip: null
+ module.vpc-spoke-1.google_compute_network_peering.remote[0]:
+ export_custom_routes: true
+ export_subnet_routes_with_public_ip: true
+ import_custom_routes: false
+ import_subnet_routes_with_public_ip: null
counts:
- google_compute_network: 1
+ google_compute_network: 2
google_compute_network_peering: 2
-
-outputs:
- bindings: {}
- project_id: test-project
- subnet_ips: {}
- subnet_regions: {}
- subnet_secondary_ranges: {}
- subnet_self_links: {}
- subnets: {}
- subnets_proxy_only: {}
- subnets_psc: {}
+ google_compute_subnetwork: 2
diff --git a/tests/modules/net_vpc/examples/proxy-only-subnets.yaml b/tests/modules/net_vpc/examples/proxy-only-subnets.yaml
new file mode 100644
index 000000000..6e2069aaa
--- /dev/null
+++ b/tests/modules/net_vpc/examples/proxy-only-subnets.yaml
@@ -0,0 +1,40 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.vpc.google_compute_network.network[0]:
+ name: my-network
+ project: my-project
+ module.vpc.google_compute_subnetwork.proxy_only["europe-west1/regional-proxy"]:
+ description: Terraform-managed proxy-only subnet for Regional HTTPS or Internal HTTPS LB.
+ ip_cidr_range: 10.0.1.0/24
+ log_config: []
+ name: regional-proxy
+ project: my-project
+ purpose: REGIONAL_MANAGED_PROXY
+ region: europe-west1
+ role: ACTIVE
+ module.vpc.google_compute_subnetwork.psc["europe-west1/psc"]:
+ description: Terraform-managed subnet for Private Service Connect (PSC NAT).
+ ip_cidr_range: 10.0.3.0/24
+ log_config: []
+ name: psc
+ project: my-project
+ purpose: PRIVATE_SERVICE_CONNECT
+ region: europe-west1
+ role: null
+
+counts:
+ google_compute_network: 1
+ google_compute_subnetwork: 2
diff --git a/tests/modules/net_vpc/examples/psc-routes.yaml b/tests/modules/net_vpc/examples/psc-routes.yaml
new file mode 100644
index 000000000..6f459f4b7
--- /dev/null
+++ b/tests/modules/net_vpc/examples/psc-routes.yaml
@@ -0,0 +1,47 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.vpc.google_compute_global_address.psa_ranges["myrange"]:
+ address: 10.0.1.0
+ address_type: INTERNAL
+ description: null
+ ip_version: null
+ name: myrange
+ prefix_length: 24
+ project: my-project
+ purpose: VPC_PEERING
+ module.vpc.google_compute_network.network[0]:
+ name: my-network
+ project: my-project
+ routing_mode: GLOBAL
+ module.vpc.google_compute_network_peering_routes_config.psa_routes["1"]:
+ export_custom_routes: true
+ import_custom_routes: true
+ project: my-project
+ module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]:
+ ip_cidr_range: 10.0.0.0/24
+ name: production
+ project: my-project
+ module.vpc.google_service_networking_connection.psa_connection["1"]:
+ reserved_peering_ranges:
+ - myrange
+ service: servicenetworking.googleapis.com
+
+counts:
+ google_compute_global_address: 1
+ google_compute_network: 1
+ google_compute_network_peering_routes_config: 1
+ google_compute_subnetwork: 1
+ google_service_networking_connection: 1
diff --git a/tests/modules/net_vpc/examples/psc.yaml b/tests/modules/net_vpc/examples/psc.yaml
new file mode 100644
index 000000000..c08fcb453
--- /dev/null
+++ b/tests/modules/net_vpc/examples/psc.yaml
@@ -0,0 +1,46 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.vpc.google_compute_global_address.psa_ranges["myrange"]:
+ address: 10.0.1.0
+ address_type: INTERNAL
+ name: myrange
+ prefix_length: 24
+ project: my-project
+ purpose: VPC_PEERING
+ module.vpc.google_compute_network.network[0]:
+ name: my-network
+ project: my-project
+ module.vpc.google_compute_network_peering_routes_config.psa_routes["1"]:
+ export_custom_routes: false
+ import_custom_routes: false
+ project: my-project
+ module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]:
+ ip_cidr_range: 10.0.0.0/24
+ name: production
+ project: my-project
+ module.vpc.google_service_networking_connection.psa_connection["1"]:
+ reserved_peering_ranges:
+ - myrange
+ service: servicenetworking.googleapis.com
+
+counts:
+ google_compute_global_address: 1
+ google_compute_network: 1
+ google_compute_network_peering_routes_config: 1
+ google_compute_subnetwork: 1
+ google_service_networking_connection: 1
+
+outputs: {}
diff --git a/tests/modules/net_vpc/examples/routes.yaml b/tests/modules/net_vpc/examples/routes.yaml
new file mode 100644
index 000000000..205197c82
--- /dev/null
+++ b/tests/modules/net_vpc/examples/routes.yaml
@@ -0,0 +1,146 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.vpc["gateway"].google_compute_network.network[0]:
+ name: my-network-with-route-gateway
+ project: my-project
+ routing_mode: GLOBAL
+ module.vpc["gateway"].google_compute_route.gateway["gateway"]:
+ dest_range: 0.0.0.0/0
+ name: my-network-with-route-gateway-gateway
+ next_hop_gateway: global/gateways/default-internet-gateway
+ next_hop_ilb: null
+ next_hop_instance: null
+ next_hop_vpn_tunnel: null
+ priority: 100
+ project: my-project
+ tags:
+ - tag-a
+ module.vpc["gateway"].google_compute_route.gateway["next-hop"]:
+ dest_range: 192.168.128.0/24
+ name: my-network-with-route-gateway-next-hop
+ next_hop_gateway: global/gateways/default-internet-gateway
+ next_hop_ilb: null
+ next_hop_instance: null
+ next_hop_vpn_tunnel: null
+ priority: 1000
+ project: my-project
+ tags: null
+ module.vpc["ilb"].google_compute_network.network[0]:
+ name: my-network-with-route-ilb
+ project: my-project
+ routing_mode: GLOBAL
+ module.vpc["ilb"].google_compute_route.gateway["gateway"]:
+ dest_range: 0.0.0.0/0
+ name: my-network-with-route-ilb-gateway
+ next_hop_gateway: global/gateways/default-internet-gateway
+ next_hop_ilb: null
+ next_hop_instance: null
+ next_hop_vpn_tunnel: null
+ priority: 100
+ project: my-project
+ tags:
+ - tag-a
+ module.vpc["ilb"].google_compute_route.ilb["next-hop"]:
+ dest_range: 192.168.128.0/24
+ name: my-network-with-route-ilb-next-hop
+ next_hop_gateway: null
+ next_hop_ilb: regions/europe-west1/forwardingRules/test
+ next_hop_instance: null
+ next_hop_vpn_tunnel: null
+ priority: 1000
+ project: my-project
+ tags: null
+ module.vpc["instance"].google_compute_network.network[0]:
+ name: my-network-with-route-instance
+ project: my-project
+ routing_mode: GLOBAL
+ module.vpc["instance"].google_compute_route.gateway["gateway"]:
+ dest_range: 0.0.0.0/0
+ name: my-network-with-route-instance-gateway
+ next_hop_gateway: global/gateways/default-internet-gateway
+ next_hop_ilb: null
+ next_hop_instance: null
+ next_hop_vpn_tunnel: null
+ priority: 100
+ project: my-project
+ tags:
+ - tag-a
+ module.vpc["instance"].google_compute_route.instance["next-hop"]:
+ dest_range: 192.168.128.0/24
+ name: my-network-with-route-instance-next-hop
+ next_hop_gateway: null
+ next_hop_ilb: null
+ next_hop_instance: zones/europe-west1-b/test
+ next_hop_instance_zone: europe-west1-b
+ next_hop_vpn_tunnel: null
+ priority: 1000
+ project: my-project
+ tags: null
+ module.vpc["ip"].google_compute_network.network[0]:
+ name: my-network-with-route-ip
+ project: my-project
+ routing_mode: GLOBAL
+ module.vpc["ip"].google_compute_route.gateway["gateway"]:
+ dest_range: 0.0.0.0/0
+ name: my-network-with-route-ip-gateway
+ next_hop_gateway: global/gateways/default-internet-gateway
+ next_hop_ilb: null
+ next_hop_instance: null
+ next_hop_vpn_tunnel: null
+ priority: 100
+ project: my-project
+ tags:
+ - tag-a
+ module.vpc["ip"].google_compute_route.ip["next-hop"]:
+ dest_range: 192.168.128.0/24
+ name: my-network-with-route-ip-next-hop
+ next_hop_gateway: null
+ next_hop_ilb: null
+ next_hop_instance: null
+ next_hop_ip: 192.168.0.128
+ next_hop_vpn_tunnel: null
+ priority: 1000
+ project: my-project
+ tags: null
+ module.vpc["vpn_tunnel"].google_compute_network.network[0]:
+ name: my-network-with-route-vpn-tunnel
+ project: my-project
+ routing_mode: GLOBAL
+ module.vpc["vpn_tunnel"].google_compute_route.gateway["gateway"]:
+ dest_range: 0.0.0.0/0
+ name: my-network-with-route-vpn-tunnel-gateway
+ next_hop_gateway: global/gateways/default-internet-gateway
+ next_hop_ilb: null
+ next_hop_instance: null
+ next_hop_vpn_tunnel: null
+ priority: 100
+ project: my-project
+ tags:
+ - tag-a
+ module.vpc["vpn_tunnel"].google_compute_route.vpn_tunnel["next-hop"]:
+ dest_range: 192.168.128.0/24
+ name: my-network-with-route-vpn-tunnel-next-hop
+ next_hop_gateway: null
+ next_hop_ilb: null
+ next_hop_instance: null
+ next_hop_vpn_tunnel: regions/europe-west1/vpnTunnels/foo
+ priority: 1000
+ project: my-project
+ tags: null
+
+counts:
+ google_compute_network: 5
+ google_compute_route: 10
diff --git a/tests/modules/net_vpc/examples/shared-vpc.yaml b/tests/modules/net_vpc/examples/shared-vpc.yaml
new file mode 100644
index 000000000..b004e3151
--- /dev/null
+++ b/tests/modules/net_vpc/examples/shared-vpc.yaml
@@ -0,0 +1,51 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.vpc-host.google_compute_network.network[0]:
+ name: my-host-network
+ project: my-project
+ module.vpc-host.google_compute_shared_vpc_host_project.shared_vpc_host[0]:
+ project: my-project
+ module.vpc-host.google_compute_shared_vpc_service_project.service_projects["project1"]:
+ host_project: my-project
+ service_project: project1
+ module.vpc-host.google_compute_shared_vpc_service_project.service_projects["project2"]:
+ host_project: my-project
+ service_project: project2
+ module.vpc-host.google_compute_subnetwork.subnetwork["europe-west1/subnet-1"]: {}
+ module.vpc-host.google_compute_subnetwork_iam_binding.binding["europe-west1/subnet-1.roles/compute.networkUser"]:
+ condition: []
+ members:
+ - serviceAccount:cloudsvc
+ - serviceAccount:gke
+ project: my-project
+ region: europe-west1
+ role: roles/compute.networkUser
+ subnetwork: subnet-1
+ module.vpc-host.google_compute_subnetwork_iam_binding.binding["europe-west1/subnet-1.roles/compute.securityAdmin"]:
+ condition: []
+ members:
+ - serviceAccount:gke
+ project: my-project
+ region: europe-west1
+ role: roles/compute.securityAdmin
+ subnetwork: subnet-1
+
+counts:
+ google_compute_network: 1
+ google_compute_shared_vpc_host_project: 1
+ google_compute_shared_vpc_service_project: 2
+ google_compute_subnetwork: 1
+ google_compute_subnetwork_iam_binding: 2
diff --git a/tests/modules/net_vpc/examples/simple.yaml b/tests/modules/net_vpc/examples/simple.yaml
new file mode 100644
index 000000000..799852c02
--- /dev/null
+++ b/tests/modules/net_vpc/examples/simple.yaml
@@ -0,0 +1,50 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.vpc.google_compute_network.network[0]:
+ auto_create_subnetworks: false
+ delete_default_routes_on_create: false
+ description: Terraform-managed.
+ name: my-network
+ project: my-project
+ routing_mode: GLOBAL
+ module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]:
+ description: Terraform-managed.
+ ip_cidr_range: 10.0.0.0/24
+ log_config: []
+ name: production
+ private_ip_google_access: true
+ project: my-project
+ region: europe-west1
+ role: null
+ secondary_ip_range:
+ - ip_cidr_range: 172.16.0.0/20
+ range_name: pods
+ - ip_cidr_range: 192.168.0.0/24
+ range_name: services
+ module.vpc.google_compute_subnetwork.subnetwork["europe-west2/production"]:
+ description: Terraform-managed.
+ ip_cidr_range: 10.0.16.0/24
+ log_config: []
+ name: production
+ private_ip_google_access: true
+ project: my-project
+ region: europe-west2
+ role: null
+ secondary_ip_range: []
+
+counts:
+ google_compute_network: 1
+ google_compute_subnetwork: 2
diff --git a/tests/modules/net_vpc/examples/subnet-iam.yaml b/tests/modules/net_vpc/examples/subnet-iam.yaml
new file mode 100644
index 000000000..cb53ecd80
--- /dev/null
+++ b/tests/modules/net_vpc/examples/subnet-iam.yaml
@@ -0,0 +1,54 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.vpc.google_compute_network.network[0]:
+ name: my-network
+ project: my-project
+ module.vpc.google_compute_subnetwork.subnetwork["europe-west1/subnet-1"]:
+ name: subnet-1
+ project: my-project
+ region: europe-west1
+ module.vpc.google_compute_subnetwork.subnetwork["europe-west1/subnet-2"]:
+ name: subnet-2
+ private_ip_google_access: true
+ project: my-project
+ region: europe-west1
+ module.vpc.google_compute_subnetwork_iam_binding.binding["europe-west1/subnet-1.roles/compute.networkUser"]:
+ condition: []
+ members:
+ - group:group1@example.com
+ - user:user1@example.com
+ project: my-project
+ region: europe-west1
+ role: roles/compute.networkUser
+ subnetwork: subnet-1
+ module.vpc.google_compute_subnetwork_iam_binding.binding["europe-west1/subnet-2.roles/compute.networkUser"]:
+ condition: []
+ members:
+ - group:group2@example.com
+ - user:user2@example.com
+ project: my-project
+ region: europe-west1
+ role: roles/compute.networkUser
+ subnetwork: subnet-2
+
+counts:
+ google_compute_network: 1
+ google_compute_subnetwork: 2
+ google_compute_subnetwork_iam_binding: 2
+ modules: 1
+ resources: 5
+
+outputs: {}
diff --git a/tests/modules/net_vpc/examples/subnet-options.yaml b/tests/modules/net_vpc/examples/subnet-options.yaml
new file mode 100644
index 000000000..e3cea5ca6
--- /dev/null
+++ b/tests/modules/net_vpc/examples/subnet-options.yaml
@@ -0,0 +1,70 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+ module.vpc.google_compute_network.network[0]:
+ name: my-network
+ project: my-project
+ module.vpc.google_compute_subnetwork.subnetwork["europe-west1/no-pga"]:
+ description: Subnet b
+ ip_cidr_range: 10.0.1.0/24
+ log_config: []
+ name: no-pga
+ private_ip_google_access: false
+ project: my-project
+ region: europe-west1
+ secondary_ip_range: []
+ module.vpc.google_compute_subnetwork.subnetwork["europe-west1/simple"]:
+ description: Terraform-managed.
+ ip_cidr_range: 10.0.0.0/24
+ log_config: []
+ name: simple
+ private_ip_google_access: true
+ project: my-project
+ region: europe-west1
+ secondary_ip_range: []
+ module.vpc.google_compute_subnetwork.subnetwork["europe-west1/with-flow-logs"]:
+ description: Terraform-managed.
+ ip_cidr_range: 10.0.3.0/24
+ ipv6_access_type: null
+ log_config:
+ - aggregation_interval: INTERVAL_10_MIN
+ filter_expr: 'true'
+ flow_sampling: 0.5
+ metadata: INCLUDE_ALL_METADATA
+ metadata_fields: null
+ name: with-flow-logs
+ private_ip_google_access: true
+ project: my-project
+ region: europe-west1
+ role: null
+ secondary_ip_range: []
+ module.vpc.google_compute_subnetwork.subnetwork["europe-west1/with-secondary-ranges"]:
+ description: Terraform-managed.
+ ip_cidr_range: 10.0.2.0/24
+ log_config: []
+ name: with-secondary-ranges
+ private_ip_google_access: true
+ project: my-project
+ region: europe-west1
+ role: null
+ secondary_ip_range:
+ - ip_cidr_range: 192.168.0.0/24
+ range_name: a
+ - ip_cidr_range: 192.168.1.0/24
+ range_name: b
+
+counts:
+ google_compute_network: 1
+ google_compute_subnetwork: 4
diff --git a/tests/modules/net_vpc/factory.tfvars b/tests/modules/net_vpc/factory.tfvars
deleted file mode 100644
index 8c4d4a28c..000000000
--- a/tests/modules/net_vpc/factory.tfvars
+++ /dev/null
@@ -1 +0,0 @@
-data_folder = "../../tests/modules/net_vpc/data"
diff --git a/tests/modules/net_vpc/factory.yaml b/tests/modules/net_vpc/factory.yaml
deleted file mode 100644
index 9cf628d09..000000000
--- a/tests/modules/net_vpc/factory.yaml
+++ /dev/null
@@ -1,44 +0,0 @@
-# Copyright 2022 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-values:
- google_compute_subnetwork.subnetwork["europe-west1/factory-subnet"]:
- description: 'Sample description'
- ip_cidr_range: '10.128.0.0/24'
- ipv6_access_type: null
- log_config: []
- name: 'factory-subnet'
- private_ip_google_access: false
- project: 'test-project'
- region: 'europe-west1'
- role: null
- secondary_ip_range:
- - ip_cidr_range: '192.168.128.0/24'
- range_name: 'secondary-range-a'
- google_compute_subnetwork.subnetwork["europe-west4/factory-subnet2"]:
- description: 'Sample description'
- ip_cidr_range: '10.129.0.0/24'
- log_config: []
- name: 'factory-subnet2'
- private_ip_google_access: true
- project: 'test-project'
- region: 'europe-west4'
- role: null
- secondary_ip_range: []
-
- # FIXME: should we have some bindings here?
-
-counts:
- google_compute_network: 1
- google_compute_subnetwork: 2
diff --git a/tests/modules/net_vpc/fixture/main.tf b/tests/modules/net_vpc/fixture/main.tf
deleted file mode 100644
index f0e4696e0..000000000
--- a/tests/modules/net_vpc/fixture/main.tf
+++ /dev/null
@@ -1,30 +0,0 @@
-/**
- * Copyright 2022 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-module "test" {
- source = "../../../../modules/net-vpc"
- project_id = "test-project"
- name = "test"
- peering_config = var.peering_config
- routes = var.routes
- shared_vpc_host = var.shared_vpc_host
- shared_vpc_service_projects = var.shared_vpc_service_projects
- subnet_iam = var.subnet_iam
- subnets = var.subnets
- auto_create_subnetworks = var.auto_create_subnetworks
- psa_config = var.psa_config
- data_folder = var.data_folder
-}
diff --git a/tests/modules/net_vpc/fixture/test.subnets.tfvars b/tests/modules/net_vpc/fixture/test.subnets.tfvars
deleted file mode 100644
index 499e498f4..000000000
--- a/tests/modules/net_vpc/fixture/test.subnets.tfvars
+++ /dev/null
@@ -1,44 +0,0 @@
-subnet_iam = {
- "europe-west1/a" = {
- "roles/compute.networkUser" = [
- "user:a@example.com", "group:g-a@example.com"
- ]
- }
- "europe-west1/c" = {
- "roles/compute.networkUser" = [
- "user:c@example.com", "group:g-c@example.com"
- ]
- }
-}
-subnets = [
- {
- name = "a"
- region = "europe-west1"
- ip_cidr_range = "10.0.0.0/24"
- },
- {
- name = "b"
- region = "europe-west1"
- ip_cidr_range = "10.0.1.0/24",
- description = "Subnet b"
- enable_private_access = false
- },
- {
- name = "c"
- region = "europe-west1"
- ip_cidr_range = "10.0.2.0/24"
- secondary_ip_ranges = {
- a = "192.168.0.0/24"
- b = "192.168.1.0/24"
- }
- },
- {
- name = "d"
- region = "europe-west1"
- ip_cidr_range = "10.0.3.0/24"
- flow_logs_config = {
- flow_sampling = 0.5
- aggregation_interval = "INTERVAL_10_MIN"
- }
- }
-]
diff --git a/tests/modules/net_vpc/fixture/variables.tf b/tests/modules/net_vpc/fixture/variables.tf
deleted file mode 100644
index 868966c8b..000000000
--- a/tests/modules/net_vpc/fixture/variables.tf
+++ /dev/null
@@ -1,101 +0,0 @@
-/**
- * Copyright 2022 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-variable "auto_create_subnetworks" {
- type = bool
- default = false
-}
-
-variable "data_folder" {
- type = string
- default = null
-}
-
-variable "delete_default_routes_on_create" {
- type = bool
- default = false
-}
-
-variable "description" {
- type = string
- default = "Terraform-managed."
-}
-
-variable "dns_policy" {
- type = any
- default = null
-}
-
-variable "mtu" {
- type = number
- default = null
-}
-
-variable "peering_config" {
- type = any
- default = null
-}
-
-variable "psa_config" {
- type = any
- default = null
-}
-
-variable "routes" {
- type = any
- default = {}
- nullable = false
-}
-
-variable "routing_mode" {
- type = string
- default = "GLOBAL"
-}
-
-variable "shared_vpc_host" {
- type = bool
- default = false
-}
-
-variable "shared_vpc_service_projects" {
- type = list(string)
- default = []
-}
-
-variable "subnets" {
- type = any
- default = []
-}
-
-variable "subnet_iam" {
- type = map(map(list(string)))
- default = {}
-}
-
-variable "subnets_proxy_only" {
- type = any
- default = []
-}
-
-variable "subnets_psc" {
- type = any
- default = []
-}
-
-variable "vpc_create" {
- type = bool
- default = true
-}
diff --git a/tests/modules/net_vpc/peering.tfvars b/tests/modules/net_vpc/peering.tfvars
deleted file mode 100644
index eccd7ae71..000000000
--- a/tests/modules/net_vpc/peering.tfvars
+++ /dev/null
@@ -1,5 +0,0 @@
-peering_config = {
- peer_vpc_self_link = "projects/my-project/global/networks/peer"
- export_routes = true
- import_routes = null
-}
diff --git a/tests/modules/net_vpc/psa_simple.tfvars b/tests/modules/net_vpc/psa_simple.tfvars
deleted file mode 100644
index 51289fe04..000000000
--- a/tests/modules/net_vpc/psa_simple.tfvars
+++ /dev/null
@@ -1,7 +0,0 @@
-psa_config = {
- ranges = {
- bar = "172.16.100.0/24"
- foo = "172.16.101.0/24"
- }
- routes = null
-}
diff --git a/tests/modules/net_vpc/psa_simple.yaml b/tests/modules/net_vpc/psa_simple.yaml
deleted file mode 100644
index 019b443fa..000000000
--- a/tests/modules/net_vpc/psa_simple.yaml
+++ /dev/null
@@ -1,70 +0,0 @@
-# Copyright 2022 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-values:
- google_compute_global_address.psa_ranges["bar"]:
- address: 172.16.100.0
- address_type: INTERNAL
- description: null
- ip_version: null
- name: bar
- prefix_length: 24
- project: test-project
- purpose: VPC_PEERING
- google_compute_global_address.psa_ranges["foo"]:
- address: 172.16.101.0
- address_type: INTERNAL
- description: null
- ip_version: null
- name: foo
- prefix_length: 24
- project: test-project
- purpose: VPC_PEERING
- google_compute_network.network[0]:
- auto_create_subnetworks: false
- delete_default_routes_on_create: false
- description: Terraform-managed.
- enable_ula_internal_ipv6: null
- name: test
- project: test-project
- routing_mode: GLOBAL
- google_compute_network_peering_routes_config.psa_routes["1"]:
- export_custom_routes: false
- import_custom_routes: false
- project: test-project
- google_service_networking_connection.psa_connection["1"]:
- reserved_peering_ranges:
- - bar
- - foo
- service: servicenetworking.googleapis.com
-
-counts:
- google_compute_global_address: 2
- google_compute_network: 1
- google_compute_network_peering_routes_config: 1
- google_service_networking_connection: 1
-
-outputs:
- bindings: {}
- name: __missing__
- network: __missing__
- project_id: test-project
- self_link: __missing__
- subnet_ips: {}
- subnet_regions: {}
- subnet_secondary_ranges: {}
- subnet_self_links: {}
- subnets: {}
- subnets_proxy_only: {}
- subnets_psc: {}
diff --git a/tests/modules/net_vpc/simple.tfvars b/tests/modules/net_vpc/simple.tfvars
deleted file mode 100644
index 6f848aa99..000000000
--- a/tests/modules/net_vpc/simple.tfvars
+++ /dev/null
@@ -1 +0,0 @@
-# skip boilerplate check
diff --git a/tests/modules/net_vpc/subnets.tfvars b/tests/modules/net_vpc/subnets.tfvars
deleted file mode 100644
index 499e498f4..000000000
--- a/tests/modules/net_vpc/subnets.tfvars
+++ /dev/null
@@ -1,44 +0,0 @@
-subnet_iam = {
- "europe-west1/a" = {
- "roles/compute.networkUser" = [
- "user:a@example.com", "group:g-a@example.com"
- ]
- }
- "europe-west1/c" = {
- "roles/compute.networkUser" = [
- "user:c@example.com", "group:g-c@example.com"
- ]
- }
-}
-subnets = [
- {
- name = "a"
- region = "europe-west1"
- ip_cidr_range = "10.0.0.0/24"
- },
- {
- name = "b"
- region = "europe-west1"
- ip_cidr_range = "10.0.1.0/24",
- description = "Subnet b"
- enable_private_access = false
- },
- {
- name = "c"
- region = "europe-west1"
- ip_cidr_range = "10.0.2.0/24"
- secondary_ip_ranges = {
- a = "192.168.0.0/24"
- b = "192.168.1.0/24"
- }
- },
- {
- name = "d"
- region = "europe-west1"
- ip_cidr_range = "10.0.3.0/24"
- flow_logs_config = {
- flow_sampling = 0.5
- aggregation_interval = "INTERVAL_10_MIN"
- }
- }
-]
diff --git a/tests/modules/net_vpc/subnets.yaml b/tests/modules/net_vpc/subnets.yaml
deleted file mode 100644
index 9ccf31e60..000000000
--- a/tests/modules/net_vpc/subnets.yaml
+++ /dev/null
@@ -1,120 +0,0 @@
-# Copyright 2022 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-values:
- google_compute_network.network[0]:
- auto_create_subnetworks: false
- delete_default_routes_on_create: false
- description: Terraform-managed.
- name: test
- project: test-project
- routing_mode: GLOBAL
- google_compute_subnetwork.subnetwork["europe-west1/a"]:
- description: Terraform-managed.
- ip_cidr_range: 10.0.0.0/24
- log_config: []
- name: a
- private_ip_google_access: true
- project: test-project
- region: europe-west1
- role: null
- secondary_ip_range: []
- google_compute_subnetwork.subnetwork["europe-west1/b"]:
- description: Subnet b
- ip_cidr_range: 10.0.1.0/24
- log_config: []
- name: b
- private_ip_google_access: false
- project: test-project
- region: europe-west1
- role: null
- secondary_ip_range: []
- google_compute_subnetwork.subnetwork["europe-west1/c"]:
- description: Terraform-managed.
- ip_cidr_range: 10.0.2.0/24
- ipv6_access_type: null
- log_config: []
- name: c
- private_ip_google_access: true
- project: test-project
- region: europe-west1
- role: null
- secondary_ip_range:
- - ip_cidr_range: 192.168.0.0/24
- range_name: a
- - ip_cidr_range: 192.168.1.0/24
- range_name: b
- google_compute_subnetwork.subnetwork["europe-west1/d"]:
- description: Terraform-managed.
- ip_cidr_range: 10.0.3.0/24
- log_config:
- - aggregation_interval: INTERVAL_10_MIN
- filter_expr: 'true'
- flow_sampling: 0.5
- metadata: INCLUDE_ALL_METADATA
- metadata_fields: null
- name: d
- private_ip_google_access: true
- project: test-project
- region: europe-west1
- role: null
- secondary_ip_range: []
- google_compute_subnetwork_iam_binding.binding["europe-west1/a.roles/compute.networkUser"]:
- condition: []
- members:
- - group:g-a@example.com
- - user:a@example.com
- project: test-project
- region: europe-west1
- role: roles/compute.networkUser
- subnetwork: a
- google_compute_subnetwork_iam_binding.binding["europe-west1/c.roles/compute.networkUser"]:
- condition: []
- members:
- - group:g-c@example.com
- - user:c@example.com
- project: test-project
- region: europe-west1
- role: roles/compute.networkUser
- subnetwork: c
-
-counts:
- google_compute_network: 1
- google_compute_subnetwork: 4
- google_compute_subnetwork_iam_binding: 2
-
-outputs:
- bindings: __missing__
- project_id: test-project
- subnet_ips:
- europe-west1/a: 10.0.0.0/24
- europe-west1/b: 10.0.1.0/24
- europe-west1/c: 10.0.2.0/24
- europe-west1/d: 10.0.3.0/24
- subnet_regions:
- europe-west1/a: europe-west1
- europe-west1/b: europe-west1
- europe-west1/c: europe-west1
- europe-west1/d: europe-west1
- subnet_secondary_ranges:
- europe-west1/a: {}
- europe-west1/b: {}
- europe-west1/c:
- a: 192.168.0.0/24
- b: 192.168.1.0/24
- europe-west1/d: {}
- subnet_self_links: __missing__
- subnets: __missing__
- subnets_proxy_only: {}
- subnets_psc: {}
diff --git a/tests/modules/net_vpc/test_routes.py b/tests/modules/net_vpc/test_routes.py
deleted file mode 100644
index 01d9673dd..000000000
--- a/tests/modules/net_vpc/test_routes.py
+++ /dev/null
@@ -1,47 +0,0 @@
-# Copyright 2022 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-import pytest
-
-_route_parameters = [('gateway', 'global/gateways/default-internet-gateway'),
- ('instance', 'zones/europe-west1-b/test'),
- ('ip', '192.168.0.128'),
- ('ilb', 'regions/europe-west1/forwardingRules/test'),
- ('vpn_tunnel', 'regions/europe-west1/vpnTunnels/foo')]
-
-
-@pytest.mark.parametrize('next_hop_type,next_hop', _route_parameters)
-def test_vpc_routes(plan_summary, next_hop_type, next_hop):
- 'Test vpc routes.'
-
- var_routes = '''{
- next-hop = {
- dest_range = "192.168.128.0/24"
- tags = null
- next_hop_type = "%s"
- next_hop = "%s"
- }
- gateway = {
- dest_range = "0.0.0.0/0",
- priority = 100
- tags = ["tag-a"]
- next_hop_type = "gateway",
- next_hop = "global/gateways/default-internet-gateway"
- }
- }''' % (next_hop_type, next_hop)
- summary = plan_summary('modules/net-vpc', tf_var_files=['common.tfvars'],
- routes=var_routes)
- assert len(summary.values) == 3
- route = summary.values[f'google_compute_route.{next_hop_type}["next-hop"]']
- assert route[f'next_hop_{next_hop_type}'] == next_hop
diff --git a/tests/modules/net_vpc/tftest.yaml b/tests/modules/net_vpc/tftest.yaml
index b2b09798b..5e9668ea4 100644
--- a/tests/modules/net_vpc/tftest.yaml
+++ b/tests/modules/net_vpc/tftest.yaml
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -17,12 +17,7 @@ common_tfvars:
- common.tfvars
tests:
- simple:
- subnets:
- peering:
shared_vpc:
- factory:
- psa_simple:
psa_routes_export:
psa_routes_import:
psa_routes_import_export:
diff --git a/tests/modules/organization/examples/basic.yaml b/tests/modules/organization/examples/basic.yaml
index 2ba70f40a..f7b63a1d4 100644
--- a/tests/modules/organization/examples/basic.yaml
+++ b/tests/modules/organization/examples/basic.yaml
@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/tests/requirements.txt b/tests/requirements.txt
index a6f82d750..1e0921c19 100644
--- a/tests/requirements.txt
+++ b/tests/requirements.txt
@@ -1,6 +1,6 @@
-pytest>=6.2.5
+pytest>=7.2.1
PyYAML>=6.0
tftest>=1.8.1
-marko>=1.2.0
-deepdiff>=5.7.0
-python-hcl2>=3.0.5
+marko>=1.2.2
+deepdiff>=6.2.3
+python-hcl2>=4.3.0
diff --git a/tools/plan_summary.py b/tools/plan_summary.py
index def79adb4..78c5f939f 100755
--- a/tools/plan_summary.py
+++ b/tools/plan_summary.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@
import click
import sys
+import tempfile
import yaml
from pathlib import Path
@@ -27,17 +28,32 @@ import fixtures
@click.command()
+@click.option('--example', default=False, is_flag=True)
@click.argument('module', type=click.Path(), nargs=1)
@click.argument('tfvars', type=click.Path(exists=True), nargs=-1)
-def main(module, tfvars):
- module = BASEDIR / module
- summary = fixtures.plan_summary(module, Path(), tfvars)
- print(yaml.dump({'values': summary.values}))
- print(yaml.dump({'counts': summary.counts}))
- outputs = {
- k: v.get('value', '__missing__') for k, v in summary.outputs.items()
- }
- print(yaml.dump({'outputs': outputs}))
+def main(example, module, tfvars):
+ try:
+ if example:
+ tmp_dir = tempfile.TemporaryDirectory()
+ tmp_path = Path(tmp_dir.name)
+ common_vars = BASEDIR / 'tests' / 'examples' / 'variables.tf'
+ (tmp_path / 'main.tf').symlink_to(module)
+ (tmp_path / 'variables.tf').symlink_to(common_vars)
+ (tmp_path / 'fabric').symlink_to(BASEDIR)
+ module = tmp_path
+ else:
+ module = BASEDIR / module
+
+ summary = fixtures.plan_summary(module, Path(), tfvars)
+ print(yaml.dump({'values': summary.values}))
+ print(yaml.dump({'counts': summary.counts}))
+ outputs = {
+ k: v.get('value', '__missing__') for k, v in summary.outputs.items()
+ }
+ print(yaml.dump({'outputs': outputs}))
+ finally:
+ if example:
+ tmp_dir.cleanup()
if __name__ == '__main__':