Refactor cloud run module to use optionals and support all features (#1293)

* refactor cloud run resource and variables

* vpc connector variables and resource

* refactor env variable, combine and fix env examples

* fix volume example

* fix traffic split example

* fix eventarc/pubsub example

* fix eventarc/audit log example

* fix SA examples, fix examples formatting

* refactor eventarc variable

* tfdoc

* add IAM to example

* add examples for revision annotations and serverless connector

* fix new examples

* remove legacy module tests

* blueprint tests

* Add tests to cloud-run module

---------

Co-authored-by: Julio Castillo <jccb@google.com>

tests/modules/cloud_run/examples/audit-logs.yaml

@@ -0,0 +1,42 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.cloud_run.google_cloud_run_service.service: {}
+  module.cloud_run.google_eventarc_trigger.audit_log_triggers["setiampolicy"]:
+    destination:
+    - cloud_function: null
+      cloud_run_service:
+      - path: null
+        region: europe-west1
+        service: hello
+      gke: []
+      workflow: null
+    location: europe-west1
+    matching_criteria:
+    - attribute: methodName
+      operator: ''
+      value: SetIamPolicy
+    - attribute: serviceName
+      operator: ''
+      value: cloudresourcemanager.googleapis.com
+    - attribute: type
+      operator: ''
+      value: google.cloud.audit.log.v1.written
+    name: audit-log-setiampolicy
+    project: my-project
+
+counts:
+  google_cloud_run_service: 1
+  google_eventarc_trigger: 1

tests/modules/cloud_run/examples/connector.yaml

@@ -0,0 +1,48 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.cloud_run.google_cloud_run_service.service:
+    autogenerate_revision_name: false
+    location: europe-west1
+    name: hello
+    project: project-id
+    template:
+    - metadata:
+      - labels: null
+      spec:
+      - containers:
+        - args: null
+          command: null
+          env: []
+          env_from: []
+          image: us-docker.pkg.dev/cloudrun/container/hello
+          liveness_probe: []
+          volume_mounts: []
+          working_dir: null
+        volumes: []
+  module.cloud_run.google_vpc_access_connector.connector[0]:
+    ip_cidr_range: 10.10.10.0/24
+    machine_type: e2-micro
+    max_throughput: 300
+    min_throughput: 200
+    name: hello
+    network: projects/example/host/global/networks/host
+    project: project-id
+    region: europe-west1
+    subnet: []
+
+counts:
+  google_cloud_run_service: 1
+  google_vpc_access_connector: 1

tests/modules/cloud_run/examples/eventarc.yaml

@@ -0,0 +1,58 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.cloud_run.google_cloud_run_service.service: {}
+  module.cloud_run.google_eventarc_trigger.pubsub_triggers["topic-1"]:
+    destination:
+    - cloud_function: null
+      cloud_run_service:
+      - path: null
+        region: europe-west1
+        service: hello
+      gke: []
+      workflow: null
+    location: europe-west1
+    matching_criteria:
+    - attribute: type
+      operator: ''
+      value: google.cloud.pubsub.topic.v1.messagePublished
+    name: pubsub-topic-1
+    project: my-project
+    transport:
+    - pubsub:
+      - topic: topic1
+  module.cloud_run.google_eventarc_trigger.pubsub_triggers["topic-2"]:
+    destination:
+    - cloud_function: null
+      cloud_run_service:
+      - path: null
+        region: europe-west1
+        service: hello
+      gke: []
+      workflow: null
+    location: europe-west1
+    matching_criteria:
+    - attribute: type
+      operator: ''
+      value: google.cloud.pubsub.topic.v1.messagePublished
+    name: pubsub-topic-2
+    project: my-project
+    transport:
+    - pubsub:
+      - topic: topic2
+
+counts:
+  google_cloud_run_service: 1
+  google_eventarc_trigger: 2

tests/modules/cloud_run/examples/revision-annotations.yaml

@@ -0,0 +1,42 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.cloud_run.google_cloud_run_service.service:
+    template:
+    - metadata:
+      - annotations:
+          autoscaling.knative.dev/maxScale: '10'
+          autoscaling.knative.dev/minScale: '1'
+          run.googleapis.com/vpc-access-connector: foo
+          run.googleapis.com/vpc-access-egress: all-traffic
+        labels: null
+      spec:
+      - containers:
+        - args: null
+          command: null
+          env: []
+          env_from: []
+          image: us-docker.pkg.dev/cloudrun/container/hello
+          liveness_probe: []
+          volume_mounts: []
+          working_dir: null
+        volumes: []
+
+counts:
+  google_cloud_run_service: 1
+  modules: 1
+  resources: 1
+
+outputs: {}

tests/modules/cloud_run/examples/secrets.yaml

@@ -0,0 +1,43 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.cloud_run.google_cloud_run_service.service:
+    template:
+    - metadata:
+      - labels: null
+      spec:
+      - containers:
+        - args: null
+          command: null
+          env: []
+          env_from: []
+          image: us-docker.pkg.dev/cloudrun/container/hello
+          liveness_probe: []
+          volume_mounts:
+          - mount_path: /credentials
+            name: credentials
+          working_dir: null
+        volumes:
+        - name: credentials
+          secret:
+          - default_mode: null
+            items:
+            - key: v1
+              mode: null
+              path: v1.txt
+            secret_name: credentials
+
+counts:
+  google_cloud_run_service: 1

tests/modules/cloud_run/examples/service-account-external.yaml

@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -11,3 +11,24 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+
+values:
+  module.cloud_run.google_cloud_run_service.service:
+    template:
+    - metadata:
+      - labels: null
+      spec:
+      - containers:
+        - args: null
+          command: null
+          env: []
+          env_from: []
+          image: us-docker.pkg.dev/cloudrun/container/hello
+          liveness_probe: []
+          volume_mounts: []
+          working_dir: null
+        service_account_name: cloud-run@my-project.iam.gserviceaccount.com
+        volumes: []
+
+counts:
+  google_cloud_run_service: 1

tests/modules/cloud_run/examples/service-account.yaml

@@ -0,0 +1,43 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.cloud_run.google_cloud_run_service.service:
+    autogenerate_revision_name: false
+    location: europe-west1
+    metadata:
+    - {}
+    name: hello
+    project: my-project
+    template:
+    - metadata:
+      - labels: null
+      spec:
+      - containers:
+        - args: null
+          command: null
+          env: []
+          env_from: []
+          image: us-docker.pkg.dev/cloudrun/container/hello
+          liveness_probe: []
+          volume_mounts: []
+          working_dir: null
+        volumes: []
+  module.cloud_run.google_service_account.service_account[0]:
+    account_id: tf-cr-hello
+    project: my-project
+
+counts:
+  google_cloud_run_service: 1
+  google_service_account: 1

tests/modules/cloud_run/examples/simple.yaml

@@ -0,0 +1,52 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.cloud_run.google_cloud_run_service.service:
+    autogenerate_revision_name: false
+    location: europe-west1
+    name: hello
+    project: my-project
+    template:
+    - metadata:
+      - labels: null
+      spec:
+      - containers:
+        - args: null
+          command: null
+          env:
+          - name: VAR1
+            value: VALUE1
+            value_from: []
+          - name: VAR2
+            value: VALUE2
+            value_from: []
+          env_from: []
+          image: us-docker.pkg.dev/cloudrun/container/hello
+          liveness_probe: []
+          volume_mounts: []
+          working_dir: null
+        volumes: []
+  module.cloud_run.google_cloud_run_service_iam_binding.binding["roles/run.invoker"]:
+    condition: []
+    location: europe-west1
+    members:
+    - allUsers
+    project: my-project
+    role: roles/run.invoker
+    service: hello
+
+counts:
+  google_cloud_run_service: 1
+  google_cloud_run_service_iam_binding: 1

tests/modules/cloud_run/examples/traffic.yaml

@@ -1,4 +1,4 @@
-# Copyright 2022 Google LLC
+# Copyright 2023 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -11,3 +11,18 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+
+values:
+  module.cloud_run.google_cloud_run_service.service:
+    traffic:
+    - latest_revision: false
+      percent: 25
+      revision_name: hello-blue
+      tag: null
+    - latest_revision: false
+      percent: 75
+      revision_name: hello-green
+      tag: null
+
+counts:
+  google_cloud_run_service: 1

tests/modules/cloud_run/fixture/main.tf

@@ -1,54 +0,0 @@
-# Copyright 2022 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-variable "revision_annotations" {
-  description = "Configure revision template annotations."
-  type        = any
-  default     = null
-}
-
-variable "vpc_connector_create" {
-  description = "Populate this to create a VPC connector. You can then refer to it in the template annotations."
-  type        = any
-  default     = null
-}
-
-module "cloud_run" {
-  source     = "../../../../modules/cloud-run"
-  project_id = "my-project"
-  name       = "hello"
-  audit_log_triggers = [
-    {
-      "service_name" : "cloudresourcemanager.googleapis.com",
-      "method_name" : "SetIamPolicy"
-    }
-  ]
-  containers = [{
-    image         = "us-docker.pkg.dev/cloudrun/container/hello"
-    options       = null
-    ports         = null
-    resources     = null
-    volume_mounts = null
-  }]
-  iam = {
-    "roles/run.invoker" = ["allUsers"]
-  }
-  pubsub_triggers = [
-    "topic1",
-    "topic2"
-  ]
-  revision_name        = "blue"
-  revision_annotations = var.revision_annotations
-  vpc_connector_create = var.vpc_connector_create
-}

tests/modules/cloud_run/test_plan.py

@@ -1,107 +0,0 @@
-# Copyright 2022 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-import pytest
-
-
-@pytest.fixture
-def resources(plan_runner):
-  _, resources = plan_runner()
-  return resources
-
-
-def test_resource_count(resources):
-  "Test number of resources created."
-  assert len(resources) == 5
-
-
-def test_iam(resources):
-  "Test IAM binding resources."
-  bindings = [
-      r['values']
-      for r in resources
-      if r['type'] == 'google_cloud_run_service_iam_binding'
-  ]
-  assert len(bindings) == 1
-  assert bindings[0]['role'] == 'roles/run.invoker'
-
-
-def test_audit_log_triggers(resources):
-  "Test audit logs Eventarc trigger resources."
-  audit_log_triggers = [
-      r['values']
-      for r in resources
-      if r['type'] == 'google_eventarc_trigger' and
-      r['name'] == 'audit_log_triggers'
-  ]
-  assert len(audit_log_triggers) == 1
-
-
-def test_pubsub_triggers(resources):
-  "Test Pub/Sub Eventarc trigger resources."
-  pubsub_triggers = [
-      r['values'] for r in resources if
-      r['type'] == 'google_eventarc_trigger' and r['name'] == 'pubsub_triggers'
-  ]
-  assert len(pubsub_triggers) == 2
-
-
-def test_revision_annotations(plan_runner):
-  revision_annotations = '''{
-    autoscaling = null
-    cloudsql_instances = ["a", "b"]
-    vpcaccess_connector = "foo"
-    vpcaccess_egress = "all-traffic"
-  }'''
-  _, resources = plan_runner(revision_annotations=revision_annotations)
-  r = [
-      r['values'] for r in resources if r['type'] == 'google_cloud_run_service'
-  ][0]
-  assert r['template'][0]['metadata'][0]['annotations'] == {
-      'run.googleapis.com/cloudsql-instances': 'a,b',
-      'run.googleapis.com/vpc-access-connector': 'foo',
-      'run.googleapis.com/vpc-access-egress': 'all-traffic'
-  }
-
-
-def test_revision_annotations_autoscaling(plan_runner):
-  revision_annotations = '''{
-    autoscaling = {max_scale = 5, min_scale = 1}
-    cloudsql_instances = null
-    vpcaccess_connector = null
-    vpcaccess_egress = null
-  }'''
-  _, resources = plan_runner(revision_annotations=revision_annotations)
-  r = [
-      r['values'] for r in resources if r['type'] == 'google_cloud_run_service'
-  ][0]
-  assert r['template'][0]['metadata'][0]['annotations'] == {
-      'autoscaling.knative.dev/maxScale': '5',
-      'autoscaling.knative.dev/minScale': '1'
-  }
-
-
-def test_revision_annotations_none(resources):
-  r = [
-      r['values'] for r in resources if r['type'] == 'google_cloud_run_service'
-  ][0]
-  assert r['template'][0]['metadata'][0].get('annotations') is None
-
-
-def test_vpc_connector_create(plan_runner):
-  vpc_connector_create = '''{
-    ip_cidr_range = "10.10.10.0/24", name = "foo", vpc_self_link = "foo-vpc"
-  }'''
-  _, resources = plan_runner(vpc_connector_create=vpc_connector_create)
-  assert any(r['type'] == 'google_vpc_access_connector' for r in resources)