kovagoadi/hunfabric
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master' into fast-dev

Browse Source
This commit is contained in:
Ludovico Magnocavallo
2025-10-16 05:57:02 +00:00
parent 489b21f8cc ccecb0dd24
commit cc947777ce
88 changed files with 3208 additions and 540 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
tests/fixtures/organization-custom-role.tf vendored Normal file
View File

@@ -0,0 +1,20 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
resource "google_organization_iam_custom_role" "custom_role" {
role_id = "fixtureRole${replace(var.prefix, "/[^a-zA-Z0-9_\\.]/", "")}"
org_id = trimprefix(var.organization_id, "organizations/")
title = "fixtureRole"
permissions = ["compute.instances.list"]
}

2
tests/fixtures/shared-vpc.tf vendored
View File

@@ -56,7 +56,7 @@ module "project-service" {
shared_vpc_service_config = {
host_project = module.project-host.project_id
# reuse the list of services from the module's outputs
service_iam_grants = module.project-service.services
service_iam_grants = [for service in module.project-service.services : "$service_agents:${service}"]
}
}

11
tests/modules/cloud_run_v2/examples/service-vpc-access-connector-create-sharedvpc.yaml
View File

@@ -39,11 +39,20 @@ values:
subnet:
- name: fixture-subnet-28
project_id: test-host
# those IAM grants from shared-vpc.tf fixture are necessary for successful connector deployment
module.project-service.google_project_iam_member.shared_vpc_host_robots["roles/compute.networkUser:cloudservices"]:
condition: []
project: test-host
role: roles/compute.networkUser
module.project-service.google_project_iam_member.shared_vpc_host_robots["roles/compute.networkUser:vpcaccess"]:
condition: []
project: test-host
role: roles/compute.networkUser
counts:
google_cloud_run_v2_service: 1
google_vpc_access_connector: 1
modules: 4
resources: 55
resources: 59
outputs: {}

62
tests/modules/compute_vm/context-template-regional.tfvars Normal file
View File

@@ -0,0 +1,62 @@
attached_disks = [{
name = "data-0"
size = 10
}
]
context = {
addresses = {
ext-test-0 = "35.10.10.10"
int-test-0 = "10.0.0.10"
}
custom_roles = {
myrole_one = "organizations/366118655033/roles/myRoleOne"
}
iam_principals = {
mygroup = "group:test-group@example.com"
}
kms_keys = {
test = "projects/foo-prod-sec-core/locations/global/keyRings/prod-global-default/cryptoKeys/compute"
}
locations = {
ew8a = "europe-west8-a"
}
networks = {
test = "projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0"
}
project_ids = {
test = "foo-test-0"
}
subnets = {
test = "projects/foo-dev-net-spoke-0/regions/europe-west1/subnetworks/gce"
}
tag_values = {
"test/one" = "tagValues/1234567890"
}
}
create_template = {
regional = true
}
encryption = {
encrypt_boot = true
kms_key_self_link = "$kms_keys:test"
}
iam = {
"$custom_roles:myrole_one" = [
"$iam_principals:mygroup"
]
}
name = "test"
network_interfaces = [{
network = "$networks:test"
subnetwork = "$subnets:test"
nat = true
addresses = {
external = "$addresses:ext-test-0"
internal = "$addresses:int-test-0"
}
}]
project_id = "$project_ids:test"
tag_bindings = {
foo = "$tag_values:test/one"
}
zone = "$locations:ew8a"

122
tests/modules/compute_vm/context-template-regional.yaml Normal file
View File

@@ -0,0 +1,122 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
google_compute_instance_iam_binding.default["$custom_roles:myrole_one"]:
condition: []
instance_name: test
members:
- group:test-group@example.com
project: foo-test-0
role: organizations/366118655033/roles/myRoleOne
zone: europe-west8-a
google_compute_region_instance_template.default[0]:
advanced_machine_features: []
can_ip_forward: false
description: Managed by the compute-vm Terraform module.
disk:
- auto_delete: true
boot: true
disk_encryption_key:
- kms_key_self_link: projects/foo-prod-sec-core/locations/global/keyRings/prod-global-default/cryptoKeys/compute
kms_key_service_account: null
disk_name: null
disk_size_gb: 10
disk_type: pd-balanced
guest_os_features: null
labels: null
resource_manager_tags: null
resource_policies: null
source: null
source_image: projects/debian-cloud/global/images/family/debian-11
source_image_encryption_key: []
source_snapshot: null
source_snapshot_encryption_key: []
- auto_delete: true
device_name: data-0
disk_encryption_key:
- kms_key_self_link: projects/foo-prod-sec-core/locations/global/keyRings/prod-global-default/cryptoKeys/compute
kms_key_service_account: null
disk_name: data-0
disk_size_gb: 10
disk_type: pd-balanced
guest_os_features: null
labels: null
mode: READ_WRITE
resource_manager_tags: null
resource_policies: null
source: null
source_image_encryption_key: []
source_snapshot: null
source_snapshot_encryption_key: []
type: PERSISTENT
effective_labels:
goog-terraform-provisioned: 'true'
enable_display: null
guest_accelerator: []
instance_description: null
key_revocation_action_type: null
labels: null
machine_type: f1-micro
metadata: null
metadata_startup_script: null
min_cpu_platform: null
name_prefix: test-
network_interface:
- access_config:
- nat_ip: 35.10.10.10
alias_ip_range: []
network: projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0
network_ip: 10.0.0.10
nic_type: null
queue_count: null
subnetwork: projects/foo-dev-net-spoke-0/regions/europe-west1/subnetworks/gce
network_performance_config: []
partner_metadata: null
project: foo-test-0
region: europe-west8
reservation_affinity: []
resource_manager_tags: null
resource_policies: null
scheduling:
- automatic_restart: true
availability_domain: null
graceful_shutdown: []
host_error_timeout_seconds: null
instance_termination_action: null
local_ssd_recovery_timeout: []
maintenance_interval: null
max_run_duration: []
min_node_cpus: null
node_affinities: []
on_host_maintenance: MIGRATE
on_instance_stop_action: []
preemptible: false
provisioning_model: STANDARD
termination_time: null
service_account:
- scopes:
- https://www.googleapis.com/auth/devstorage.read_only
- https://www.googleapis.com/auth/logging.write
- https://www.googleapis.com/auth/monitoring.write
shielded_instance_config: []
tags: null
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
counts:
google_compute_instance_iam_binding: 1
google_compute_region_instance_template: 1
modules: 0
resources: 2

60
tests/modules/compute_vm/context-template.tfvars Normal file
View File

@@ -0,0 +1,60 @@
attached_disks = [{
name = "data-0"
size = 10
}
]
context = {
addresses = {
ext-test-0 = "35.10.10.10"
int-test-0 = "10.0.0.10"
}
custom_roles = {
myrole_one = "organizations/366118655033/roles/myRoleOne"
}
iam_principals = {
mygroup = "group:test-group@example.com"
}
kms_keys = {
test = "projects/foo-prod-sec-core/locations/global/keyRings/prod-global-default/cryptoKeys/compute"
}
locations = {
ew8a = "europe-west8-a"
}
networks = {
test = "projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0"
}
project_ids = {
test = "foo-test-0"
}
subnets = {
test = "projects/foo-dev-net-spoke-0/regions/europe-west1/subnetworks/gce"
}
tag_values = {
"test/one" = "tagValues/1234567890"
}
}
create_template = {}
encryption = {
encrypt_boot = true
kms_key_self_link = "$kms_keys:test"
}
iam = {
"$custom_roles:myrole_one" = [
"$iam_principals:mygroup"
]
}
name = "test"
network_interfaces = [{
network = "$networks:test"
subnetwork = "$subnets:test"
nat = true
addresses = {
external = "$addresses:ext-test-0"
internal = "$addresses:int-test-0"
}
}]
project_id = "$project_ids:test"
tag_bindings = {
foo = "$tag_values:test/one"
}
zone = "$locations:ew8a"

123
tests/modules/compute_vm/context-template.yaml Normal file
View File

@@ -0,0 +1,123 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
google_compute_instance_iam_binding.default["$custom_roles:myrole_one"]:
condition: []
instance_name: test
members:
- group:test-group@example.com
project: foo-test-0
role: organizations/366118655033/roles/myRoleOne
zone: europe-west8-a
google_compute_instance_template.default[0]:
advanced_machine_features: []
can_ip_forward: false
description: Managed by the compute-vm Terraform module.
disk:
- auto_delete: true
boot: true
disk_encryption_key:
- kms_key_self_link: projects/foo-prod-sec-core/locations/global/keyRings/prod-global-default/cryptoKeys/compute
kms_key_service_account: null
disk_name: null
disk_size_gb: 10
disk_type: pd-balanced
guest_os_features: null
labels: null
resource_manager_tags: null
resource_policies: null
source: null
source_image: projects/debian-cloud/global/images/family/debian-11
source_image_encryption_key: []
source_snapshot: null
source_snapshot_encryption_key: []
- auto_delete: true
device_name: data-0
disk_encryption_key:
- kms_key_self_link: projects/foo-prod-sec-core/locations/global/keyRings/prod-global-default/cryptoKeys/compute
kms_key_service_account: null
disk_name: data-0
disk_size_gb: 10
disk_type: pd-balanced
guest_os_features: null
labels: null
mode: READ_WRITE
resource_manager_tags: null
resource_policies: null
source: null
source_image_encryption_key: []
source_snapshot: null
source_snapshot_encryption_key: []
type: PERSISTENT
effective_labels:
goog-terraform-provisioned: 'true'
enable_display: null
guest_accelerator: []
instance_description: null
key_revocation_action_type: null
labels: null
machine_type: f1-micro
metadata: null
metadata_startup_script: null
min_cpu_platform: null
name_prefix: test-
network_interface:
- access_config:
- nat_ip: 35.10.10.10
alias_ip_range: []
ipv6_access_config: []
network: projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0
network_ip: 10.0.0.10
nic_type: null
queue_count: null
subnetwork: projects/foo-dev-net-spoke-0/regions/europe-west1/subnetworks/gce
network_performance_config: []
partner_metadata: null
project: foo-test-0
region: europe-west8
reservation_affinity: []
resource_manager_tags: null
resource_policies: null
scheduling:
- automatic_restart: true
availability_domain: null
graceful_shutdown: []
host_error_timeout_seconds: null
instance_termination_action: null
local_ssd_recovery_timeout: []
maintenance_interval: null
max_run_duration: []
min_node_cpus: null
node_affinities: []
on_host_maintenance: MIGRATE
on_instance_stop_action: []
preemptible: false
provisioning_model: STANDARD
termination_time: null
service_account:
- scopes:
- https://www.googleapis.com/auth/devstorage.read_only
- https://www.googleapis.com/auth/logging.write
- https://www.googleapis.com/auth/monitoring.write
shielded_instance_config: []
tags: null
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
counts:
google_compute_instance_iam_binding: 1
google_compute_instance_template: 1
modules: 0
resources: 2

59
tests/modules/compute_vm/context-vm.tfvars Normal file
View File

@@ -0,0 +1,59 @@
attached_disks = [{
name = "data-0"
size = 10
}
]
context = {
addresses = {
ext-test-0 = "35.10.10.10"
int-test-0 = "10.0.0.10"
}
custom_roles = {
myrole_one = "organizations/366118655033/roles/myRoleOne"
}
iam_principals = {
mygroup = "group:test-group@example.com"
}
kms_keys = {
test = "projects/foo-prod-sec-core/locations/global/keyRings/prod-global-default/cryptoKeys/compute"
}
locations = {
ew8a = "europe-west8-a"
}
networks = {
test = "projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0"
}
project_ids = {
test = "foo-test-0"
}
subnets = {
test = "projects/foo-dev-net-spoke-0/regions/europe-west1/subnetworks/gce"
}
tag_values = {
"test/one" = "tagValues/1234567890"
}
}
encryption = {
encrypt_boot = true
kms_key_self_link = "$kms_keys:test"
}
iam = {
"$custom_roles:myrole_one" = [
"$iam_principals:mygroup"
]
}
name = "test"
network_interfaces = [{
network = "$networks:test"
subnetwork = "$subnets:test"
nat = true
addresses = {
external = "$addresses:ext-test-0"
internal = "$addresses:int-test-0"
}
}]
project_id = "$project_ids:test"
tag_bindings = {
foo = "$tag_values:test/one"
}
zone = "$locations:ew8a"

164
tests/modules/compute_vm/context-vm.yaml Normal file
View File

@@ -0,0 +1,164 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
google_compute_disk.disks["data-0"]:
architecture: null
async_primary_disk: []
create_snapshot_before_destroy: false
create_snapshot_before_destroy_prefix: null
description: null
disk_encryption_key:
- kms_key_self_link: projects/foo-prod-sec-core/locations/global/keyRings/prod-global-default/cryptoKeys/compute
kms_key_service_account: null
raw_key: null
rsa_encrypted_key: null
effective_labels:
disk_name: data-0
disk_type: pd-balanced
goog-terraform-provisioned: 'true'
image: null
labels:
disk_name: data-0
disk_type: pd-balanced
name: test-data-0
params: []
project: foo-test-0
size: 10
snapshot: null
source_disk: null
source_image_encryption_key: []
source_instant_snapshot: null
source_snapshot_encryption_key: []
source_storage_object: null
storage_pool: null
terraform_labels:
disk_name: data-0
disk_type: pd-balanced
goog-terraform-provisioned: 'true'
timeouts: null
type: pd-balanced
zone: europe-west8-a
google_compute_instance.default[0]:
advanced_machine_features: []
allow_stopping_for_update: true
attached_disk:
- device_name: data-0
disk_encryption_key_raw: null
disk_encryption_key_rsa: null
disk_encryption_service_account: null
force_attach: null
mode: READ_WRITE
source: test-data-0
boot_disk:
- auto_delete: true
disk_encryption_key_raw: null
disk_encryption_key_rsa: null
disk_encryption_service_account: null
force_attach: null
initialize_params:
- enable_confidential_compute: null
image: projects/debian-cloud/global/images/family/debian-11
resource_manager_tags: null
size: 10
source_image_encryption_key: []
source_snapshot_encryption_key: []
storage_pool: null
type: pd-balanced
interface: null
kms_key_self_link: projects/foo-prod-sec-core/locations/global/keyRings/prod-global-default/cryptoKeys/compute
mode: READ_WRITE
can_ip_forward: false
deletion_protection: false
description: Managed by the compute-vm Terraform module.
desired_status: null
effective_labels:
goog-terraform-provisioned: 'true'
enable_display: false
hostname: null
instance_encryption_key: []
key_revocation_action_type: null
labels: null
machine_type: f1-micro
metadata: null
metadata_startup_script: null
name: test
network_interface:
- access_config:
- nat_ip: 35.10.10.10
public_ptr_domain_name: null
alias_ip_range: []
ipv6_access_config: []
network: projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0
network_ip: 10.0.0.10
nic_type: null
queue_count: null
security_policy: null
subnetwork: projects/foo-dev-net-spoke-0/regions/europe-west1/subnetworks/gce
network_performance_config: []
params: []
partner_metadata: null
project: foo-test-0
resource_policies: null
scheduling:
- automatic_restart: true
availability_domain: null
graceful_shutdown: []
host_error_timeout_seconds: null
instance_termination_action: null
local_ssd_recovery_timeout: []
maintenance_interval: null
max_run_duration: []
min_node_cpus: null
node_affinities: []
on_host_maintenance: MIGRATE
on_instance_stop_action: []
preemptible: false
provisioning_model: STANDARD
termination_time: null
scratch_disk: []
service_account:
- scopes:
- https://www.googleapis.com/auth/devstorage.read_only
- https://www.googleapis.com/auth/logging.write
- https://www.googleapis.com/auth/monitoring.write
shielded_instance_config: []
tags: null
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
zone: europe-west8-a
google_compute_instance_iam_binding.default["$custom_roles:myrole_one"]:
condition: []
instance_name: test
members:
- group:test-group@example.com
project: foo-test-0
role: organizations/366118655033/roles/myRoleOne
zone: europe-west8-a
google_tags_location_tag_binding.disks["data-0/foo"]:
location: europe-west8-a
tag_value: tagValues/1234567890
timeouts: null
google_tags_location_tag_binding.instance["foo"]:
location: europe-west8-a
tag_value: tagValues/1234567890
timeouts: null
counts:
google_compute_disk: 1
google_compute_instance: 1
google_compute_instance_iam_binding: 1
google_tags_location_tag_binding: 2
modules: 0
resources: 5

19
tests/modules/compute_vm/tftest.yaml Normal file
View File

@@ -0,0 +1,19 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
module: modules/compute-vm
tests:
context-template:
context-template-regional:
context-vm:

30
tests/modules/dns/context.tfvars Normal file
View File

@@ -0,0 +1,30 @@
context = {
custom_roles = {
myrole = "organizations/366118655033/roles/myRoleOne"
}
iam_principals = {
mygroup = "group:test-group@example.com"
}
networks = {
test = "projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0"
}
project_ids = {
test = "foo-test-0"
}
}
project_id = "$project_ids:test"
name = "test-example"
zone_config = {
domain = "test.example."
private = {
client_networks = ["$networks:test"]
}
}
recordsets = {
"A localhost" = { records = ["127.0.0.1"] }
"A myhost" = { ttl = 600, records = ["10.0.0.120"] }
}
iam = {
"$custom_roles:myrole" = ["$iam_principals:mygroup"]
}

69
tests/modules/dns/context.yaml Normal file
View File

@@ -0,0 +1,69 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
google_dns_managed_zone.dns_managed_zone[0]:
cloud_logging_config:
- enable_logging: false
description: Terraform managed.
dns_name: test.example.
effective_labels:
goog-terraform-provisioned: 'true'
force_destroy: false
forwarding_config: []
labels: null
name: test-example
peering_config: []
private_visibility_config:
- gke_clusters: []
networks:
- network_url: projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0
project: foo-test-0
reverse_lookup: false
service_directory_config: []
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
visibility: private
google_dns_managed_zone_iam_binding.iam_bindings["$custom_roles:myrole"]:
condition: []
members:
- group:test-group@example.com
project: foo-test-0
role: organizations/366118655033/roles/myRoleOne
google_dns_record_set.dns_record_set["A localhost"]:
managed_zone: test-example
name: localhost.test.example.
project: foo-test-0
routing_policy: []
rrdatas:
- 127.0.0.1
ttl: 300
type: A
google_dns_record_set.dns_record_set["A myhost"]:
managed_zone: test-example
name: myhost.test.example.
project: foo-test-0
routing_policy: []
rrdatas:
- 10.0.0.120
ttl: 600
type: A
counts:
google_dns_managed_zone: 1
google_dns_managed_zone_iam_binding: 1
google_dns_record_set: 2
modules: 0
resources: 4

17
tests/modules/dns/tftest.yaml Normal file
View File

@@ -0,0 +1,17 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
module: modules/dns
tests:
context:

23
tests/modules/dns_response_policy/context.tfvars Normal file
View File

@@ -0,0 +1,23 @@
context = {
networks = {
test = "projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0"
}
project_ids = {
test = "foo-test-0"
}
}
project_id = "$project_ids:test"
name = "googleapis"
networks = {
landing = "$networks:test"
}
rules = {
pubsub = {
dns_name = "pubsub.googleapis.com."
local_data = {
A = {
rrdatas = ["199.36.153.4", "199.36.153.5"]
}
}
}
}

44
tests/modules/dns_response_policy/context.yaml Normal file
View File

@@ -0,0 +1,44 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
google_dns_response_policy.default[0]:
description: Terraform managed.
gke_clusters: []
networks:
- network_url: projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0
project: foo-test-0
response_policy_name: googleapis
timeouts: null
google_dns_response_policy_rule.default["pubsub"]:
behavior: null
dns_name: pubsub.googleapis.com.
local_data:
- local_datas:
- name: pubsub.googleapis.com.
rrdatas:
- 199.36.153.4
- 199.36.153.5
ttl: null
type: A
project: foo-test-0
response_policy: googleapis
rule_name: pubsub
timeouts: null
counts:
google_dns_response_policy: 1
google_dns_response_policy_rule: 1
modules: 0
resources: 2

17
tests/modules/dns_response_policy/tftest.yaml Normal file
View File

@@ -0,0 +1,17 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
module: modules/dns-response-policy
tests:
context:

28
tests/modules/net_cloudnat/context.tfvars Normal file
View File

@@ -0,0 +1,28 @@
context = {
addresses = {
test = "35.10.10.10"
}
locations = {
ew8 = "europe-west8"
}
networks = {
test = "projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0"
}
project_ids = {
test = "foo-test-0"
}
subnets = {
test = "projects/foo-dev-net-spoke-0/regions/europe-west1/subnetworks/gce"
}
}
addresses = ["$addresses:test"]
config_source_subnetworks = {
all = false
subnetworks = [{
self_link = "$subnets:test"
}]
}
name = "test"
project_id = "$project_ids:test"
region = "$locations:ew8"
router_network = "$networks:test"

61
tests/modules/net_cloudnat/context.yaml Normal file
View File

@@ -0,0 +1,61 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
google_compute_router.router[0]:
bgp: []
description: null
encrypted_interconnect_router: null
md5_authentication_keys: []
name: test-nat
network: projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0
project: foo-test-0
region: europe-west8
timeouts: null
google_compute_router_nat.nat:
enable_dynamic_port_allocation: false
enable_endpoint_independent_mapping: true
icmp_idle_timeout_sec: 30
initial_nat_ips: null
log_config:
- enable: false
filter: ALL
max_ports_per_vm: 65536
name: test
nat64_subnetwork: []
nat_ip_allocate_option: MANUAL_ONLY
nat_ips:
- 35.10.10.10
project: foo-test-0
region: europe-west8
router: test-nat
rules: []
source_subnetwork_ip_ranges_to_nat: LIST_OF_SUBNETWORKS
source_subnetwork_ip_ranges_to_nat64: null
subnetwork:
- name: projects/foo-dev-net-spoke-0/regions/europe-west1/subnetworks/gce
secondary_ip_range_names: []
source_ip_ranges_to_nat:
- ALL_IP_RANGES
tcp_established_idle_timeout_sec: 1200
tcp_time_wait_timeout_sec: 120
tcp_transitory_idle_timeout_sec: 30
timeouts: null
type: PUBLIC
udp_idle_timeout_sec: 30
counts:
google_compute_router: 1
google_compute_router_nat: 1
modules: 0
resources: 2

17
tests/modules/net_cloudnat/tftest.yaml Normal file
View File

@@ -0,0 +1,17 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
module: modules/net-cloudnat
tests:
context:

52
tests/modules/net_firewall_policy/context-g.tfvars Normal file
View File

@@ -0,0 +1,52 @@
context = {
cidr_ranges = {
rfc1918-10 = "10.0.0.0/8"
}
folder_ids = {
test = "folders/1234567890"
}
iam_principals = {
test = "serviceAccount:test@test-project.iam.gserviceaccount.com"
}
locations = {
ew8 = "europe-west8"
}
networks = {
test = "projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0"
}
project_ids = {
test = "foo-test-0"
}
tag_values = {
"test" = "tagValues/1234567890"
}
}
name = "test-1"
parent_id = "$project_ids:test"
region = "global"
attachments = {
test = "$networks:test"
}
egress_rules = {
smtp = {
priority = 900
target_service_accounts = ["$iam_principals:test"]
match = {
destination_ranges = ["$cidr_ranges:rfc1918-10"]
layer4_configs = [{ protocol = "tcp", ports = ["25"] }]
source_tags = ["$tag_values:test"]
}
}
}
ingress_rules = {
icmp = {
priority = 1000
enable_logging = true
target_resources = ["$networks:test"]
target_tags = ["$tag_values:test"]
match = {
source_ranges = ["$cidr_ranges:rfc1918-10"]
layer4_configs = [{ protocol = "icmp" }]
}
}
}

99
tests/modules/net_firewall_policy/context-g.yaml Normal file
View File

@@ -0,0 +1,99 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
google_compute_network_firewall_policy.net-global[0]:
description: null
name: test-1
project: foo-test-0
timeouts: null
google_compute_network_firewall_policy_association.net-global["test"]:
attachment_target: projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0
firewall_policy: test-1
name: test-1-test
project: foo-test-0
timeouts: null
google_compute_network_firewall_policy_rule.net-global["egress/smtp"]:
action: deny
description: null
direction: EGRESS
disabled: false
enable_logging: null
firewall_policy: test-1
match:
- dest_address_groups: null
dest_fqdns: null
dest_ip_ranges:
- 10.0.0.0/8
dest_region_codes: null
dest_threat_intelligences: null
layer4_configs:
- ip_protocol: tcp
ports:
- '25'
src_address_groups: null
src_fqdns: null
src_ip_ranges: null
src_region_codes: null
src_secure_tags:
- name: tagValues/1234567890
src_threat_intelligences: null
priority: 900
project: foo-test-0
rule_name: smtp
security_profile_group: null
target_secure_tags: []
target_service_accounts:
- serviceAccount:test@test-project.iam.gserviceaccount.com
timeouts: null
tls_inspect: null
google_compute_network_firewall_policy_rule.net-global["ingress/icmp"]:
action: allow
description: null
direction: INGRESS
disabled: false
enable_logging: true
firewall_policy: test-1
match:
- dest_address_groups: null
dest_fqdns: null
dest_ip_ranges: null
dest_region_codes: null
dest_threat_intelligences: null
layer4_configs:
- ip_protocol: icmp
ports: null
src_address_groups: null
src_fqdns: null
src_ip_ranges:
- 10.0.0.0/8
src_region_codes: null
src_secure_tags: []
src_threat_intelligences: null
priority: 1000
project: foo-test-0
rule_name: icmp
security_profile_group: null
target_secure_tags:
- name: tagValues/1234567890
target_service_accounts: null
timeouts: null
tls_inspect: null
counts:
google_compute_network_firewall_policy: 1
google_compute_network_firewall_policy_association: 1
google_compute_network_firewall_policy_rule: 2
modules: 0
resources: 4

49
tests/modules/net_firewall_policy/context-h.tfvars Normal file
View File

@@ -0,0 +1,49 @@
context = {
cidr_ranges = {
rfc1918-10 = "10.0.0.0/8"
}
folder_ids = {
test = "folders/1234567890"
}
iam_principals = {
test = "serviceAccount:test@test-project.iam.gserviceaccount.com"
}
locations = {
ew8 = "europe-west8"
}
networks = {
test = "projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0"
}
project_ids = {
test = "foo-test-0"
}
tag_values = {
"test/one" = "tagValues/1234567890"
}
}
name = "test-1"
parent_id = "$folder_ids:test"
attachments = {
test = "$folder_ids:test"
}
egress_rules = {
smtp = {
priority = 900
match = {
destination_ranges = ["$cidr_ranges:rfc1918-10"]
layer4_configs = [{ protocol = "tcp", ports = ["25"] }]
}
}
}
ingress_rules = {
icmp = {
priority = 1000
enable_logging = true
target_resources = ["$networks:test"]
target_service_accounts = ["$iam_principals:test"]
match = {
source_ranges = ["$cidr_ranges:rfc1918-10"]
layer4_configs = [{ protocol = "icmp" }]
}
}
}

92
tests/modules/net_firewall_policy/context-h.yaml Normal file
View File

@@ -0,0 +1,92 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
google_compute_firewall_policy.hierarchical[0]:
description: null
parent: folders/1234567890
short_name: test-1
timeouts: null
google_compute_firewall_policy_association.hierarchical["test"]:
attachment_target: folders/1234567890
name: test-1-test
timeouts: null
google_compute_firewall_policy_rule.hierarchical["egress/smtp"]:
action: deny
description: null
direction: EGRESS
disabled: false
enable_logging: null
match:
- dest_address_groups: null
dest_fqdns: null
dest_ip_ranges:
- 10.0.0.0/8
dest_region_codes: null
dest_threat_intelligences: null
layer4_configs:
- ip_protocol: tcp
ports:
- '25'
src_address_groups: null
src_fqdns: null
src_ip_ranges: null
src_region_codes: null
src_secure_tags: []
src_threat_intelligences: null
priority: 900
security_profile_group: null
target_resources: null
target_secure_tags: []
target_service_accounts: null
timeouts: null
tls_inspect: null
google_compute_firewall_policy_rule.hierarchical["ingress/icmp"]:
action: allow
description: null
direction: INGRESS
disabled: false
enable_logging: true
match:
- dest_address_groups: null
dest_fqdns: null
dest_ip_ranges: null
dest_region_codes: null
dest_threat_intelligences: null
layer4_configs:
- ip_protocol: icmp
ports: null
src_address_groups: null
src_fqdns: null
src_ip_ranges:
- 10.0.0.0/8
src_region_codes: null
src_secure_tags: []
src_threat_intelligences: null
priority: 1000
security_profile_group: null
target_resources:
- projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0
target_secure_tags: []
target_service_accounts:
- serviceAccount:test@test-project.iam.gserviceaccount.com
timeouts: null
tls_inspect: null
counts:
google_compute_firewall_policy: 1
google_compute_firewall_policy_association: 1
google_compute_firewall_policy_rule: 2
modules: 0
resources: 4

52
tests/modules/net_firewall_policy/context-r.tfvars Normal file
View File

@@ -0,0 +1,52 @@
context = {
cidr_ranges = {
rfc1918-10 = "10.0.0.0/8"
}
folder_ids = {
test = "folders/1234567890"
}
iam_principals = {
test = "serviceAccount:test@test-project.iam.gserviceaccount.com"
}
locations = {
ew8 = "europe-west8"
}
networks = {
test = "projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0"
}
project_ids = {
test = "foo-test-0"
}
tag_values = {
"test" = "tagValues/1234567890"
}
}
name = "test-1"
parent_id = "$project_ids:test"
region = "$locations:ew8"
attachments = {
test = "$networks:test"
}
egress_rules = {
smtp = {
priority = 900
target_service_accounts = ["$iam_principals:test"]
match = {
destination_ranges = ["$cidr_ranges:rfc1918-10"]
layer4_configs = [{ protocol = "tcp", ports = ["25"] }]
source_tags = ["$tag_values:test"]
}
}
}
ingress_rules = {
icmp = {
priority = 1000
enable_logging = true
target_resources = ["$networks:test"]
target_tags = ["$tag_values:test"]
match = {
source_ranges = ["$cidr_ranges:rfc1918-10"]
layer4_configs = [{ protocol = "icmp" }]
}
}
}

103
tests/modules/net_firewall_policy/context-r.yaml Normal file
View File

@@ -0,0 +1,103 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
google_compute_region_network_firewall_policy.net-regional[0]:
description: null
name: test-1
project: foo-test-0
region: europe-west8
timeouts: null
google_compute_region_network_firewall_policy_association.net-regional["test"]:
attachment_target: projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0
firewall_policy: test-1
name: test-1-test
project: foo-test-0
region: europe-west8
timeouts: null
google_compute_region_network_firewall_policy_rule.net-regional["egress/smtp"]:
action: deny
description: null
direction: EGRESS
disabled: false
enable_logging: null
firewall_policy: test-1
match:
- dest_address_groups: null
dest_fqdns: null
dest_ip_ranges:
- 10.0.0.0/8
dest_region_codes: null
dest_threat_intelligences: null
layer4_configs:
- ip_protocol: tcp
ports:
- '25'
src_address_groups: null
src_fqdns: null
src_ip_ranges: null
src_region_codes: null
src_secure_tags:
- name: tagValues/1234567890
src_threat_intelligences: null
priority: 900
project: foo-test-0
region: europe-west8
rule_name: smtp
security_profile_group: null
target_secure_tags: []
target_service_accounts:
- serviceAccount:test@test-project.iam.gserviceaccount.com
timeouts: null
tls_inspect: null
google_compute_region_network_firewall_policy_rule.net-regional["ingress/icmp"]:
action: allow
description: null
direction: INGRESS
disabled: false
enable_logging: true
firewall_policy: test-1
match:
- dest_address_groups: null
dest_fqdns: null
dest_ip_ranges: null
dest_region_codes: null
dest_threat_intelligences: null
layer4_configs:
- ip_protocol: icmp
ports: null
src_address_groups: null
src_fqdns: null
src_ip_ranges:
- 10.0.0.0/8
src_region_codes: null
src_secure_tags: []
src_threat_intelligences: null
priority: 1000
project: foo-test-0
region: europe-west8
rule_name: icmp
security_profile_group: null
target_secure_tags:
- name: tagValues/1234567890
target_service_accounts: null
timeouts: null
tls_inspect: null
counts:
google_compute_region_network_firewall_policy: 1
google_compute_region_network_firewall_policy_association: 1
google_compute_region_network_firewall_policy_rule: 2
modules: 0
resources: 4

19
tests/modules/net_firewall_policy/tftest.yaml Normal file
View File

@@ -0,0 +1,19 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
module: modules/net-firewall-policy
tests:
context-g:
context-h:
context-r:

42
tests/modules/net_lb_int/context.tfvars Normal file
View File

@@ -0,0 +1,42 @@
context = {
addresses = {
test = "10.0.0.10"
}
locations = {
ew8 = "europe-west8"
}
networks = {
test = "projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0"
}
project_ids = {
test = "foo-test-0"
}
subnets = {
test = "projects/foo-dev-net-spoke-0/regions/europe-west8/subnetworks/gce"
test-nat = "projects/foo-dev-net-spoke-0/regions/europe-west8/subnetworks/test-nat"
}
project_ids = {
test = "foo-test-0"
}
}
project_id = "$project_ids:test"
region = "$locations:ew8"
name = "test"
vpc_config = {
network = "$networks:test"
subnetwork = "$subnets:test"
}
backends = [{
group = "foo"
failover = false
}]
forwarding_rules_config = {
"" = {
address = "$addresses:test"
}
}
service_attachments = {
"" = {
nat_subnets = ["$subnets:test-nat"]
}
}

126
tests/modules/net_lb_int/context.yaml Normal file
View File

@@ -0,0 +1,126 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
google_compute_forwarding_rule.default[""]:
all_ports: true
allow_global_access: true
allow_psc_global_access: null
description: null
ip_address: 10.0.0.10
ip_collection: null
ip_protocol: TCP
is_mirroring_collector: null
labels: null
load_balancing_scheme: INTERNAL
name: test
network: projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0
no_automate_dns_zone: null
ports: null
project: foo-test-0
recreate_closed_psc: false
region: europe-west8
service_label: null
source_ip_ranges: null
subnetwork: projects/foo-dev-net-spoke-0/regions/europe-west8/subnetworks/gce
target: null
timeouts: null
google_compute_health_check.default[0]:
check_interval_sec: 5
description: Terraform managed.
grpc_health_check: []
grpc_tls_health_check: []
healthy_threshold: 2
http2_health_check: []
http_health_check: []
https_health_check: []
name: test
project: foo-test-0
source_regions: null
ssl_health_check: []
tcp_health_check:
- port: null
port_name: null
port_specification: USE_SERVING_PORT
proxy_header: NONE
request: null
response: null
timeout_sec: 5
timeouts: null
unhealthy_threshold: 2
google_compute_region_backend_service.default:
affinity_cookie_ttl_sec: null
backend:
- balancing_mode: CONNECTION
capacity_scaler: null
custom_metrics: []
description: Terraform managed.
failover: false
group: foo
max_connections: null
max_connections_per_endpoint: null
max_connections_per_instance: null
max_rate: null
max_rate_per_endpoint: null
max_rate_per_instance: null
max_utilization: null
circuit_breakers: []
connection_draining_timeout_sec: 300
connection_tracking_policy: []
consistent_hash: []
custom_metrics: []
description: Terraform managed.
dynamic_forwarding: []
enable_cdn: null
failover_policy: []
ha_policy: []
iap:
- enabled: false
oauth2_client_id: null
oauth2_client_secret: null
ip_address_selection_policy: null
load_balancing_scheme: INTERNAL
locality_lb_policy: null
name: test
network: projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0
outlier_detection: []
project: foo-test-0
protocol: UNSPECIFIED
region: europe-west8
security_policy: null
strong_session_affinity_cookie: []
subsetting: []
timeouts: null
google_compute_service_attachment.default[""]:
connection_preference: ACCEPT_MANUAL
consumer_accept_lists: []
consumer_reject_lists: null
description: Terraform managed.
domain_names: null
enable_proxy_protocol: false
name: test
nat_subnets:
- projects/foo-dev-net-spoke-0/regions/europe-west8/subnetworks/test-nat
project: foo-test-0
region: europe-west8
send_propagated_connection_limit_if_zero: false
timeouts: null
counts:
google_compute_forwarding_rule: 1
google_compute_health_check: 1
google_compute_region_backend_service: 1
google_compute_service_attachment: 1
modules: 0
resources: 4

1
tests/modules/net_lb_int/tftest.yaml
View File

@@ -15,5 +15,6 @@
module: modules/net-lb-int
tests:
context:
defaults:
forwarding-rule:

96
tests/modules/net_vpc/context.tfvars Normal file
View File

@@ -0,0 +1,96 @@
context = {
addresses = {
dns-external = "8.8.8.8"
dns-internal = "10.10.10.10"
test = "10.20.20.20"
}
cidr_ranges = {
rfc1918-10 = "10.0.0.0/8"
rfc1918-172 = "172.16.10.0/12"
rfc1918-192 = "192.168.0.0/16"
test = "8.8.8.8/32"
}
condition_vars = {
organization = {
id = 1234567890
}
}
custom_roles = {
myrole = "organizations/366118655033/roles/myRoleOne"
}
iam_principals = {
test = "serviceAccount:test@test-project.iam.gserviceaccount.com"
}
locations = {
ew8 = "europe-west8"
}
networks = {
test = "projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0"
}
project_ids = {
test = "foo-test-0"
}
}
dns_policy = {
inbound = true
outbound = {
private_ns = ["$addresses:dns-internal"]
public_ns = ["$addresses:dns-external"]
}
}
internal_ranges = [
{
name = "pods-range"
usage = "FOR_VPC"
peering = "FOR_SELF"
ip_cidr_range = "$cidr_ranges:rfc1918-172"
}
]
project_id = "$project_ids:test"
routes = {
next-hop = {
description = "Route to internal range."
dest_range = "$cidr_ranges:test"
next_hop_type = "ip"
next_hop = "$addresses:test"
}
}
subnets = [
{
name = "production"
region = "$locations:ew8"
reserved_internal_range = "pods-range"
iam = {
"$custom_roles:myrole" = [
"iam_principals:test"
]
}
iam_bindings = {
myrole_two = {
role = "$custom_roles:myrole"
members = [
"$iam_principals:test"
]
condition = {
title = "Test"
expression = "resource.matchTag('$${organization.id}/environment', 'development')"
}
}
}
iam_bindings_additive = {
myrole_two = {
role = "$custom_roles:myrole"
member = "$iam_principals:test"
}
}
secondary_ip_ranges = {
pods = {
reserved_internal_range = "pods-range"
}
# Mixed configuration: some ranges use internal ranges, others use CIDR
traditional = {
ip_cidr_range = "$cidr_ranges:rfc1918-192"
}
}
}
]

175
tests/modules/net_vpc/context.yaml Normal file
View File

@@ -0,0 +1,175 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
google_compute_network.network[0]:
auto_create_subnetworks: false
delete_default_routes_on_create: false
description: Terraform-managed.
enable_ula_internal_ipv6: null
name: test
network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL
network_profile: null
params: []
project: foo-test-0
routing_mode: GLOBAL
timeouts: null
google_compute_route.gateway["directpath-googleapis"]:
description: Terraform-managed.
dest_range: 34.126.0.0/18
name: test-directpath-googleapis
network: test
next_hop_gateway: default-internet-gateway
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
params: []
priority: 1000
project: foo-test-0
tags: null
timeouts: null
google_compute_route.gateway["private-googleapis"]:
description: Terraform-managed.
dest_range: 199.36.153.8/30
name: test-private-googleapis
network: test
next_hop_gateway: default-internet-gateway
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
params: []
priority: 1000
project: foo-test-0
tags: null
timeouts: null
google_compute_route.gateway["restricted-googleapis"]:
description: Terraform-managed.
dest_range: 199.36.153.4/30
name: test-restricted-googleapis
network: test
next_hop_gateway: default-internet-gateway
next_hop_ilb: null
next_hop_instance: null
next_hop_vpn_tunnel: null
params: []
priority: 1000
project: foo-test-0
tags: null
timeouts: null
google_compute_route.ip["next-hop"]:
description: Route to internal range.
dest_range: 8.8.8.8/32
name: test-next-hop
network: test
next_hop_gateway: null
next_hop_ilb: null
next_hop_instance: null
next_hop_ip: 10.20.20.20
next_hop_vpn_tunnel: null
params: []
priority: 1000
project: foo-test-0
tags: null
timeouts: null
google_compute_subnetwork.subnetwork["europe-west8/production"]:
description: Terraform-managed.
ip_collection: null
ipv6_access_type: null
log_config: []
name: production
network: test
params: []
private_ip_google_access: true
project: foo-test-0
region: europe-west8
role: null
secondary_ip_range:
- range_name: pods
- ip_cidr_range: 192.168.0.0/16
range_name: traditional
reserved_internal_range: null
send_secondary_ip_range_if_empty: true
timeouts: null
google_compute_subnetwork_iam_binding.authoritative["europe-west8/production.organizations/366118655033/roles/myRoleOne"]:
condition: []
members:
- iam_principals:test
project: foo-test-0
region: europe-west8
role: organizations/366118655033/roles/myRoleOne
subnetwork: production
google_compute_subnetwork_iam_binding.bindings["myrole_two"]:
condition:
- description: null
expression: resource.matchTag('1234567890/environment', 'development')
title: Test
members:
- serviceAccount:test@test-project.iam.gserviceaccount.com
project: foo-test-0
region: europe-west8
role: organizations/366118655033/roles/myRoleOne
subnetwork: production
google_compute_subnetwork_iam_member.bindings["myrole_two"]:
condition: []
member: serviceAccount:test@test-project.iam.gserviceaccount.com
project: foo-test-0
region: europe-west8
role: organizations/366118655033/roles/myRoleOne
subnetwork: production
google_dns_policy.default[0]:
alternative_name_server_config:
- target_name_servers:
- forwarding_path: ''
ipv4_address: 8.8.8.8
- forwarding_path: private
ipv4_address: 10.10.10.10
description: Managed by Terraform
enable_inbound_forwarding: true
enable_logging: null
name: test
networks:
- {}
project: foo-test-0
timeouts: null
google_network_connectivity_internal_range.internal_range["pods-range"]:
allocation_options: []
description: null
effective_labels:
goog-terraform-provisioned: 'true'
exclude_cidr_ranges: null
immutable: null
ip_cidr_range: 172.16.10.0/12
labels: null
migration: []
name: pods-range
overlaps: null
peering: FOR_SELF
prefix_length: null
project: foo-test-0
target_cidr_range: null
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
usage: FOR_VPC
counts:
google_compute_network: 1
google_compute_route: 4
google_compute_subnetwork: 1
google_compute_subnetwork_iam_binding: 2
google_compute_subnetwork_iam_member: 1
google_dns_policy: 1
google_network_connectivity_internal_range: 1
modules: 0
resources: 11

1
tests/modules/net_vpc/tftest.yaml
View File

@@ -17,6 +17,7 @@ common_tfvars:
- common.tfvars
tests:
context:
shared_vpc:
psa_routes_export:
psa_routes_import:

47
tests/modules/net_vpc_firewall/context.tfvars Normal file
View File

@@ -0,0 +1,47 @@
context = {
cidr_ranges = {
rfc1918-10 = "10.0.0.0/8"
}
iam_principals = {
test = "serviceAccount:test@test-project.iam.gserviceaccount.com"
}
networks = {
test = "projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0"
}
project_ids = {
test = "foo-test-0"
}
}
project_id = "$project_ids:test"
network = "$networks:test"
attachments = {
test = "$networks:test"
}
default_rules_config = {
admin_ranges = ["$cidr_ranges:rfc1918-10"]
http_ranges = ["$cidr_ranges:rfc1918-10"]
https_ranges = ["$cidr_ranges:rfc1918-10"]
ssh_ranges = ["$cidr_ranges:rfc1918-10"]
}
egress_rules = {
allow-egress-rfc1918 = {
deny = false
description = "Allow egress."
destination_ranges = [
"$cidr_ranges:rfc1918-10", "172.16.0.0/12", "192.168.0.0/16"
]
source_ranges = ["$cidr_ranges:rfc1918-10"]
targets = ["$iam_principals:test"]
use_service_accounts = true
}
}
ingress_rules = {
allow-ingress-tag = {
description = "Allow ingress."
destination_ranges = ["$cidr_ranges:rfc1918-10"]
source_ranges = ["$cidr_ranges:rfc1918-10"]
sources = ["$iam_principals:test"]
targets = ["$iam_principals:test"]
use_service_accounts = true
}
}

157
tests/modules/net_vpc_firewall/context.yaml Normal file
View File

@@ -0,0 +1,157 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
google_compute_firewall.allow-admins[0]:
allow:
- ports: []
protocol: all
deny: []
description: Access from the admin subnet to all subnets.
disabled: null
log_config: []
name: dev-spoke-0-ingress-admins
network: projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0
params: []
priority: 1000
project: foo-test-0
source_ranges:
- 10.0.0.0/8
source_service_accounts: null
source_tags: null
target_service_accounts: null
target_tags: null
timeouts: null
google_compute_firewall.allow-tag-http[0]:
allow:
- ports:
- '80'
protocol: tcp
deny: []
description: Allow http to machines with matching tags.
disabled: null
log_config: []
name: dev-spoke-0-ingress-tag-http
network: projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0
params: []
priority: 1000
project: foo-test-0
source_ranges:
- 10.0.0.0/8
source_service_accounts: null
source_tags: null
target_service_accounts: null
target_tags:
- http-server
timeouts: null
google_compute_firewall.allow-tag-https[0]:
allow:
- ports:
- '443'
protocol: tcp
deny: []
description: Allow http to machines with matching tags.
disabled: null
log_config: []
name: dev-spoke-0-ingress-tag-https
network: projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0
params: []
priority: 1000
project: foo-test-0
source_ranges:
- 10.0.0.0/8
source_service_accounts: null
source_tags: null
target_service_accounts: null
target_tags:
- https-server
timeouts: null
google_compute_firewall.allow-tag-ssh[0]:
allow:
- ports:
- '22'
protocol: tcp
deny: []
description: Allow SSH to machines with matching tags.
disabled: null
log_config: []
name: dev-spoke-0-ingress-tag-ssh
network: projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0
params: []
priority: 1000
project: foo-test-0
source_ranges:
- 10.0.0.0/8
source_service_accounts: null
source_tags: null
target_service_accounts: null
target_tags:
- ssh
timeouts: null
google_compute_firewall.custom-rules["allow-egress-rfc1918"]:
allow:
- ports: []
protocol: all
deny: []
description: Allow egress.
destination_ranges:
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
direction: EGRESS
disabled: false
log_config: []
name: allow-egress-rfc1918
network: projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0
params: []
priority: 1000
project: foo-test-0
source_ranges:
- 10.0.0.0/8
source_service_accounts: null
source_tags: null
target_service_accounts:
- serviceAccount:test@test-project.iam.gserviceaccount.com
target_tags: null
timeouts: null
google_compute_firewall.custom-rules["allow-ingress-tag"]:
allow:
- ports: []
protocol: all
deny: []
description: Allow ingress.
destination_ranges:
- 10.0.0.0/8
direction: INGRESS
disabled: false
log_config: []
name: allow-ingress-tag
network: projects/foo-dev-net-spoke-0/global/networks/dev-spoke-0
params: []
priority: 1000
project: foo-test-0
source_ranges:
- 10.0.0.0/8
source_service_accounts:
- serviceAccount:test@test-project.iam.gserviceaccount.com
source_tags: null
target_service_accounts:
- serviceAccount:test@test-project.iam.gserviceaccount.com
target_tags: null
timeouts: null
counts:
google_compute_firewall: 6
modules: 0
resources: 6

17
tests/modules/net_vpc_firewall/tftest.yaml Normal file
View File

@@ -0,0 +1,17 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
module: modules/net-vpc-firewall
tests:
context:

12
tests/modules/organization/examples/roles.yaml
View File

@@ -12,21 +12,21 @@
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.org.google_organization_iam_binding.authoritative["organizations/1122334455/roles/myRole"]:
values:
module.org.google_organization_iam_binding.authoritative["organizations/1122334455/roles/myRoletest"]:
condition: []
members:
- group:organization-admins@example.org
org_id: '1122334455'
role: organizations/1122334455/roles/myRole
module.org.google_organization_iam_custom_role.roles["myRole"]:
role: organizations/1122334455/roles/myRoletest
module.org.google_organization_iam_custom_role.roles["myRoletest"]:
description: Terraform-managed.
org_id: '1122334455'
permissions:
- compute.instances.list
role_id: myRole
role_id: myRoletest
stage: GA
title: Custom role myRole
title: Custom role myRoletest
counts:
google_organization_iam_binding: 1

64
tests/modules/project/examples/custom-role-iam.yaml Normal file
View File

@@ -0,0 +1,64 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.project.google_project.project[0]:
auto_create_network: false
billing_account: null
deletion_policy: DELETE
effective_labels:
goog-terraform-provisioned: 'true'
folder_id: null
labels: null
name: project
org_id: null
project_id: project
tags: null
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
module.project.google_project_iam_binding.authoritative["projects/project/roles/myRole"]:
condition: []
members:
- group:organization-admins@example.org
project: project
role: projects/project/roles/myRole
module.project.google_project_iam_binding.bindings["iam_admin_conditional"]:
condition:
- description: null
expression: "api.getAttribute(\n 'iam.googleapis.com/modifiedGrantsByRole',\
\ []\n).hasOnly([\n 'organizations/1234567890/roles/myRole'\n])\n"
title: delegated_custom_role
members:
- $iam_principals:org_admins
- group:organization-admins@example.org
project: project
role: roles/resourcemanager.projectIamAdmin
module.project.google_project_iam_custom_role.roles["myRole"]:
description: Terraform-managed.
permissions:
- compute.instances.list
project: project
role_id: myRole
stage: GA
title: Custom role myRole
counts:
google_project: 1
google_project_iam_binding: 2
google_project_iam_custom_role: 1
modules: 1
resources: 4
outputs: {}

11
tests/modules/project/examples/iam-authoritative.yaml
View File

@@ -31,19 +31,12 @@ values:
module.project.google_project_iam_binding.authoritative["$custom_roles:my_role"]:
condition: []
members:
- group:gcp-organization-admins@example.com
- group:organization-admins@example.org
project: test-project
role: organizations/1234567890/roles/myRole
module.project.google_project_iam_binding.authoritative["roles/container.hostServiceAgentUser"]:
condition: []
members:
- serviceAccount:my_gke_service_account
project: test-project
role: roles/container.hostServiceAgentUser
counts:
google_project: 1
google_project_iam_binding: 2
google_project_iam_binding: 1
google_project_iam_member: 2
google_project_service: 2
google_project_service_identity: 1

2
tests/modules/project/examples/iam-bindings-additive.yaml
View File

@@ -35,7 +35,7 @@ values:
role: roles/owner
module.project.google_project_iam_member.bindings["org-admins-viewer"]:
condition: []
member: group:gcp-organization-admins@example.com
member: group:organization-admins@example.org
project: test-project
role: roles/viewer

7
tests/modules/project/examples/iam-bindings.yaml
View File

@@ -31,11 +31,8 @@ values:
module.project.google_project_iam_binding.bindings["iam_admin_conditional"]:
condition:
- description: null
expression: "api.getAttribute(\n 'iam.googleapis.com/modifiedGrantsByRole',\
\ []\n).hasOnly([\n 'roles/compute.networkAdmin'\n])\n"
title: delegated_network_user_one
title: delegated_custom_role
members:
- group:gcp-organization-admins@example.com
- group:organization-admins@example.org
project: test-project
role: roles/resourcemanager.projectIamAdmin
@@ -45,6 +42,6 @@ counts:
google_project_iam_binding: 1
google_project_service: 1
modules: 1
resources: 3
resources: 4
outputs: {}

5
tests/modules/project/examples/iam-group.yaml
View File

@@ -18,7 +18,6 @@ values:
members:
- group:organization-admins@example.org
project: test-project
role: organizations/1234567890/roles/myRole
module.project.google_project_iam_binding.authoritative["roles/cloudasset.owner"]:
condition: []
members:
@@ -46,7 +45,7 @@ values:
module.project.google_project_iam_binding.authoritative["roles/owner"]:
condition: []
members:
- group:gcp-organization-admins@example.com
- group:organization-admins@example.org
project: test-project
role: roles/owner
@@ -54,4 +53,4 @@ counts:
google_project: 1
google_project_iam_binding: 6
modules: 1
resources: 7
resources: 8

52
tests/modules/secure_source_manager_instance/examples/initial-config.yaml Normal file
View File

@@ -0,0 +1,52 @@
# Copyright 2025 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
values:
module.ssm_instance.google_secure_source_manager_instance.instance[0]:
deletion_policy: PREVENT
effective_labels:
goog-terraform-provisioned: 'true'
instance_id: my-instance
kms_key: null
labels: null
location: europe-west8
private_config:
- ca_pool: null
is_private: true
project: project-id
terraform_labels:
goog-terraform-provisioned: 'true'
timeouts: null
workforce_identity_federation_config: []
module.ssm_instance.google_secure_source_manager_repository.repositories["my-repository"]:
deletion_policy: PREVENT
description: null
initial_config:
- default_branch: main
gitignores:
- terraform.tfstate
license: null
readme: null
location: europe-west8
project: project-id
repository_id: my-repository
timeouts: null
counts:
google_secure_source_manager_instance: 1
google_secure_source_manager_repository: 1
modules: 1
resources: 2
outputs: {}