diff --git a/modules/gke-hub/README.md b/modules/gke-hub/README.md index f895f013a..8f801f934 100644 --- a/modules/gke-hub/README.md +++ b/modules/gke-hub/README.md @@ -54,7 +54,7 @@ module "cluster_1" { network = module.vpc.self_link subnetwork = module.vpc.subnet_self_links["europe-west1/cluster-1"] master_authorized_ranges = { - fc1918_10_8 = "10.0.0.0/8" + rfc1918_10_8 = "10.0.0.0/8" } master_ipv4_cidr_block = "192.168.0.0/28" } @@ -119,7 +119,7 @@ module "hub" { } } -# tftest modules=4 resources=16 +# tftest modules=4 resources=16 inventory=full.yaml ``` ## Multi-cluster mesh on GKE diff --git a/tests/modules/gke_hub/__init__.py b/tests/modules/gke_hub/__init__.py deleted file mode 100644 index 6d6d1266c..000000000 --- a/tests/modules/gke_hub/__init__.py +++ /dev/null @@ -1,13 +0,0 @@ -# Copyright 2022 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. diff --git a/tests/modules/gke_hub/examples/full.yaml b/tests/modules/gke_hub/examples/full.yaml new file mode 100644 index 000000000..8d0861e9a --- /dev/null +++ b/tests/modules/gke_hub/examples/full.yaml @@ -0,0 +1,71 @@ +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +values: + module.hub.google_gke_hub_feature.default["configmanagement"]: + location: global + name: configmanagement + project: gkehub-test + module.hub.google_gke_hub_feature_membership.default["cluster-1"]: + configmanagement: + - binauthz: [] + config_sync: + - git: + - gcp_service_account_email: null + https_proxy: null + policy_dir: configsync + secret_type: none + sync_branch: main + sync_repo: https://github.com/danielmarzini/configsync-platform-example + sync_rev: null + sync_wait_secs: null + oci: [] + prevent_drift: false + source_format: hierarchy + hierarchy_controller: + - enable_hierarchical_resource_quota: true + enable_pod_tree_labels: true + enabled: true + policy_controller: + - audit_interval_seconds: '120' + enabled: true + exemptable_namespaces: [] + log_denies_enabled: true + mutation_enabled: null + referential_rules_enabled: true + template_library_installed: true + version: v1 + feature: configmanagement + location: global + membership: cluster-1 + mesh: [] + project: gkehub-test + module.hub.google_gke_hub_membership.default["cluster-1"]: + authority: [] + endpoint: + - gke_cluster: + - {} + membership_id: cluster-1 + project: gkehub-test + +counts: + google_compute_network: 1 + google_compute_subnetwork: 1 + google_container_cluster: 1 + google_gke_hub_feature: 1 + google_gke_hub_feature_membership: 1 + google_gke_hub_membership: 1 + google_project: 1 + google_project_service: 7 + google_project_service_identity: 2 diff --git a/tests/modules/gke_hub/examples/multi-cluster.yaml b/tests/modules/gke_hub/examples/multi-cluster.yaml new file mode 100644 index 000000000..beae2f678 --- /dev/null +++ b/tests/modules/gke_hub/examples/multi-cluster.yaml @@ -0,0 +1,70 @@ +# Copyright 2023 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +values: + module.hub.google_gke_hub_feature.default["servicemesh"]: + location: global + name: servicemesh + project: gkehub-test + module.hub.google_gke_hub_feature_membership.servicemesh["cluster-1"]: + configmanagement: [] + feature: servicemesh + location: global + membership: cluster-1 + mesh: + - control_plane: null + management: MANAGEMENT_AUTOMATIC + project: gkehub-test + module.hub.google_gke_hub_feature_membership.servicemesh["cluster-2"]: + configmanagement: [] + feature: servicemesh + location: global + membership: cluster-2 + mesh: + - control_plane: null + management: MANAGEMENT_AUTOMATIC + project: gkehub-test + module.hub.google_gke_hub_membership.default["cluster-1"]: + authority: + - {} + endpoint: + - gke_cluster: + - {} + membership_id: cluster-1 + project: gkehub-test + module.hub.google_gke_hub_membership.default["cluster-2"]: + authority: + - {} + endpoint: + - gke_cluster: + - {} + membership_id: cluster-2 + project: gkehub-test + +counts: + google_compute_firewall: 6 + google_compute_network: 1 + google_compute_subnetwork: 3 + google_container_cluster: 2 + google_container_node_pool: 2 + google_gke_hub_feature: 1 + google_gke_hub_feature_membership: 2 + google_gke_hub_membership: 2 + google_project: 1 + google_project_iam_member: 1 + google_project_service: 7 + google_project_service_identity: 2 + google_service_account: 2 + modules: 8 + resources: 32 diff --git a/tests/modules/gke_hub/fixture/main.tf b/tests/modules/gke_hub/fixture/main.tf deleted file mode 100644 index 7ebd010eb..000000000 --- a/tests/modules/gke_hub/fixture/main.tf +++ /dev/null @@ -1,25 +0,0 @@ -/** - * Copyright 2022 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -module "hub" { - source = "../../../../modules/gke-hub" - project_id = var.project_id - clusters = var.clusters - features = var.features - configmanagement_templates = var.configmanagement_templates - configmanagement_clusters = var.configmanagement_clusters - workload_identity_clusters = var.workload_identity_clusters -} diff --git a/tests/modules/gke_hub/fixture/variables.tf b/tests/modules/gke_hub/fixture/variables.tf deleted file mode 100644 index 1d76d4f97..000000000 --- a/tests/modules/gke_hub/fixture/variables.tf +++ /dev/null @@ -1,72 +0,0 @@ -/** - * Copyright 2022 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -variable "project_id" { - default = "my-project" -} - -variable "clusters" { - default = { - cluster-1 = "projects/myproject/locations/europe-west1-b/clusters/cluster-1" - cluster-2 = "projects/myproject/locations/europe-west1-b/clusters/cluster-2" - } -} - -variable "features" { - default = { - appdevexperience = false - configmanagement = true - identityservice = false - multiclusteringress = null - servicemesh = true - multiclusterservicediscovery = false - } -} - -variable "configmanagement_templates" { - default = { - default = { - binauthz = false - config_sync = { - git = { - gcp_service_account_email = null - https_proxy = null - policy_dir = "configsync" - secret_type = "ssh" - sync_branch = "main" - sync_repo = "https://github.com/danielmarzini/configsync-platform-example" - sync_rev = null - sync_wait_secs = null - } - prevent_drift = false - source_format = "hierarchy" - } - hierarchy_controller = null - policy_controller = null - version = "1.10.2" - } - } -} - -variable "configmanagement_clusters" { - default = { - default = ["cluster-1", "cluster-2"] - } -} - -variable "workload_identity_clusters" { - default = ["mycluster1", "mycluster2"] -} diff --git a/tests/modules/gke_hub/test_plan.py b/tests/modules/gke_hub/test_plan.py deleted file mode 100644 index 3b847e397..000000000 --- a/tests/modules/gke_hub/test_plan.py +++ /dev/null @@ -1,82 +0,0 @@ -# Copyright 2022 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -import pytest - - -@pytest.fixture -def resources(plan_runner): - _, resources = plan_runner() - return resources - - -def test_resource_count(resources): - "Test number of resources created." - assert len(resources) == 8 - assert sorted(r['address'] for r in resources) == [ - 'module.hub.google_gke_hub_feature.default["configmanagement"]', - 'module.hub.google_gke_hub_feature.default["servicemesh"]', - 'module.hub.google_gke_hub_feature_membership.default["cluster-1"]', - 'module.hub.google_gke_hub_feature_membership.default["cluster-2"]', - 'module.hub.google_gke_hub_feature_membership.servicemesh["cluster-1"]', - 'module.hub.google_gke_hub_feature_membership.servicemesh["cluster-2"]', - 'module.hub.google_gke_hub_membership.default["cluster-1"]', - 'module.hub.google_gke_hub_membership.default["cluster-2"]' - ] - - -def test_configmanagement_setup(resources): - "Test configuration of configmanagement." - resources = {r['address']: r['values'] for r in resources} - - expected_configmanagement = [{ - 'binauthz': [], - 'config_sync': [{ - 'git': [{ - 'gcp_service_account_email': - None, - 'https_proxy': - None, - 'policy_dir': - 'configsync', - 'secret_type': - 'ssh', - 'sync_branch': - 'main', - 'sync_repo': - 'https://github.com/danielmarzini/configsync-platform-example', - 'sync_rev': - None, - 'sync_wait_secs': - None - }], - 'oci': [], - 'prevent_drift': False, - 'source_format': 'hierarchy' - }], - 'hierarchy_controller': [], - 'policy_controller': [], - 'version': '1.10.2' - }] - - for cluster in ['cluster-1', 'cluster-2']: - membership_key = f'module.hub.google_gke_hub_membership.default["{cluster}"]' - membership = resources[membership_key] - link = membership['endpoint'][0]['gke_cluster'][0]['resource_link'] - assert link == f'//container.googleapis.com/projects/myproject/locations/europe-west1-b/clusters/{cluster}' - - fm_key = f'module.hub.google_gke_hub_feature_membership.default["{cluster}"]' - fm = resources[fm_key] - print(fm['configmanagement']) - assert fm['configmanagement'] == expected_configmanagement