Merge remote-tracking branch 'origin/master' into fast-dev

2025-02-10 10:14:00 +01:00
parent e4f55fb7ff cfe8c130f0
commit d15f1d9f43
236 changed files with 638 additions and 1085 deletions
--- a/tests/examples_e2e/setup_module/versions.tf
+++ b/tests/examples_e2e/setup_module/versions.tf
@@ -19,11 +19,11 @@ terraform {
  required_providers {
    google = {
      source  = "hashicorp/google"
-      version = ">= 6.13.0, < 7.0.0" # tftest
+      version = ">= 6.19.0, < 7.0.0" # tftest
    }
    google-beta = {
      source  = "hashicorp/google-beta"
-      version = ">= 6.13.0, < 7.0.0" # tftest
+      version = ">= 6.19.0, < 7.0.0" # tftest
    }
  }
  provider_meta "google" {
--- a/tests/examples_e2e/setup_module/versions.tofu
+++ b/tests/examples_e2e/setup_module/versions.tofu
@@ -19,11 +19,11 @@ terraform {
  required_providers {
    google = {
      source  = "hashicorp/google"
-      version = ">= 6.13.0, < 7.0.0" # tftest
+      version = ">= 6.19.0, < 7.0.0" # tftest
    }
    google-beta = {
      source  = "hashicorp/google-beta"
-      version = ">= 6.13.0, < 7.0.0" # tftest
+      version = ">= 6.19.0, < 7.0.0" # tftest
    }
  }
  provider_meta "google" {
--- a/tests/modules/folder/examples/org-policies.yaml
+++ b/tests/modules/folder/examples/org-policies.yaml
@@ -1,4 +1,4 @@
-# Copyright 2023 Google LLC
+# Copyright 2025 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -14,9 +14,13 @@

 values:
  module.folder.google_folder.folder[0]:
+    deletion_protection: false
    display_name: Folder name
    parent: folders/1122334455
+    tags: null
+    timeouts: null
  module.folder.google_org_policy_policy.default["compute.disableGuestAttributesAccess"]:
+    dry_run_spec: []
    spec:
    - inherit_from_parent: null
      reset: null
@@ -25,8 +29,11 @@ values:
        condition: []
        deny_all: null
        enforce: 'TRUE'
+        parameters: null
        values: []
+    timeouts: null
  module.folder.google_org_policy_policy.default["compute.skipDefaultNetworkCreation"]:
+    dry_run_spec: []
    spec:
    - inherit_from_parent: null
      reset: null
@@ -35,8 +42,11 @@ values:
        condition: []
        deny_all: null
        enforce: 'TRUE'
+        parameters: null
        values: []
+    timeouts: null
  module.folder.google_org_policy_policy.default["compute.trustedImageProjects"]:
+    dry_run_spec: []
    spec:
    - inherit_from_parent: null
      reset: null
@@ -45,11 +55,14 @@ values:
        condition: []
        deny_all: null
        enforce: null
+        parameters: null
        values:
        - allowed_values:
          - projects/my-project
          denied_values: null
+    timeouts: null
  module.folder.google_org_policy_policy.default["compute.vmExternalIpAccess"]:
+    dry_run_spec: []
    spec:
    - inherit_from_parent: null
      reset: null
@@ -58,22 +71,11 @@ values:
        condition: []
        deny_all: 'TRUE'
        enforce: null
+        parameters: null
        values: []
-  module.folder.google_org_policy_policy.default["iam.allowedPolicyMemberDomains"]:
-    spec:
-    - inherit_from_parent: null
-      reset: null
-      rules:
-      - allow_all: null
-        condition: []
-        deny_all: null
-        enforce: null
-        values:
-        - allowed_values:
-          - C0xxxxxxx
-          - C0yyyyyyy
-          denied_values: null
-  module.folder.google_org_policy_policy.default["iam.disableServiceAccountKeyCreation"]:
+    timeouts: null
+  module.folder.google_org_policy_policy.default["essentialcontacts.managed.allowedContactDomains"]:
+    dry_run_spec: []
    spec:
    - inherit_from_parent: null
      reset: null
@@ -82,8 +84,41 @@ values:
        condition: []
        deny_all: null
        enforce: 'TRUE'
+        parameters: '{"allowedDomains":["@example.com"]}'
        values: []
+    timeouts: null
+  module.folder.google_org_policy_policy.default["iam.allowedPolicyMemberDomains"]:
+    dry_run_spec: []
+    spec:
+    - inherit_from_parent: null
+      reset: null
+      rules:
+      - allow_all: null
+        condition: []
+        deny_all: null
+        enforce: null
+        parameters: null
+        values:
+        - allowed_values:
+          - C0xxxxxxx
+          - C0yyyyyyy
+          denied_values: null
+    timeouts: null
+  module.folder.google_org_policy_policy.default["iam.disableServiceAccountKeyCreation"]:
+    dry_run_spec: []
+    spec:
+    - inherit_from_parent: null
+      reset: null
+      rules:
+      - allow_all: null
+        condition: []
+        deny_all: null
+        enforce: 'TRUE'
+        parameters: null
+        values: []
+    timeouts: null
  module.folder.google_org_policy_policy.default["iam.disableServiceAccountKeyUpload"]:
+    dry_run_spec: []
    spec:
    - inherit_from_parent: null
      reset: null
@@ -96,13 +131,16 @@ values:
          title: condition
        deny_all: null
        enforce: 'TRUE'
+        parameters: null
        values: []
      - allow_all: null
        condition: []
        deny_all: null
        enforce: 'FALSE'
+        parameters: null
        values: []
+    timeouts: null

 counts:
  google_folder: 1
-  google_org_policy_policy: 7
+  google_org_policy_policy: 8
--- a/tests/modules/kms/examples/basic.yaml
+++ b/tests/modules/kms/examples/basic.yaml
@@ -43,7 +43,7 @@ values:
    role: roles/cloudkms.cryptoKeyEncrypterDecrypter
  module.kms.google_kms_key_ring.default[0]:
    location: europe-west8
-    name: test-1
+    name: test-test
    project: project-id

 counts:
--- a/tests/modules/kms/examples/import-job.yaml
+++ b/tests/modules/kms/examples/import-job.yaml
@@ -19,11 +19,11 @@ values:
    protection_level: SOFTWARE
  module.kms.google_kms_key_ring.default[0]:
    location: europe-west8
-    name: test-3
+    name: test-test
    project: project-id

 counts:
  google_kms_key_ring_import_job: 1
  google_kms_key_ring: 1
  modules: 1
-  resources: 2
+  resources: 2
--- a/tests/modules/kms/examples/purpose.yaml
+++ b/tests/modules/kms/examples/purpose.yaml
@@ -21,7 +21,7 @@ values:
      protection_level: HSM
  module.kms.google_kms_key_ring.default[0]:
    location: europe-west8
-    name: test-2
+    name: test-test
    project: project-id

 counts:
--- a/tests/modules/organization/test_plan_org_policies_modules.py
+++ b/tests/modules/organization/test_plan_org_policies_modules.py
@@ -1,4 +1,4 @@
-# Copyright 2024 Google LLC
+# Copyright 2025 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -34,7 +34,7 @@ def test_policy_implementation():
      '@@ -17 +17 @@\n',
      '-# tfdoc:file:description Project-level organization policies.\n',
      '+# tfdoc:file:description Folder-level organization policies.\n',
-      '@@ -80,2 +80,2 @@\n',
+      '@@ -81,2 +81,2 @@\n',
      '-  name   = "projects/${local.project.project_id}/policies/${each.value}"\n',
      '-  parent = "projects/${local.project.project_id}"\n',
      '+  name   = "${local.folder_id}/policies/${each.value}"\n',
@@ -49,12 +49,12 @@ def test_policy_implementation():
      '@@ -17 +17 @@\n',
      '-# tfdoc:file:description Folder-level organization policies.\n',
      '+# tfdoc:file:description Organization-level organization policies.\n',
-      '@@ -80,2 +80,2 @@\n',
+      '@@ -81,2 +81,2 @@\n',
      '-  name   = "${local.folder_id}/policies/${each.value}"\n',
      '-  parent = local.folder_id\n',
      '+  name   = "${var.organization_id}/policies/${each.value}"\n',
      '+  parent = var.organization_id\n',
-      '@@ -156,0 +157,9 @@\n',
+      '@@ -159,0 +160,9 @@\n',
      '+  depends_on = [\n',
      '+    google_organization_iam_binding.authoritative,\n',
      '+    google_organization_iam_binding.bindings,\n',
--- a/tests/modules/project/examples/data.yaml
+++ b/tests/modules/project/examples/data.yaml
@@ -88,7 +88,7 @@ values:
    timeouts: null
  module.kms.google_kms_key_ring.default[0]:
    location: global
-    name: keyring
+    name: test-keyring
    project: project-id
    timeouts: null
  module.kms.google_kms_key_ring_iam_binding.authoritative["roles/cloudkms.cryptoKeyEncrypterDecrypter"]:
--- a/tests/modules/project/examples/org-policies.yaml
+++ b/tests/modules/project/examples/org-policies.yaml
@@ -1,4 +1,4 @@
-# Copyright 2023 Google LLC
+# Copyright 2025 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -14,6 +14,7 @@

 values:
  module.project.google_org_policy_policy.default["compute.disableGuestAttributesAccess"]:
+    dry_run_spec: []
    name: projects/test-project/policies/compute.disableGuestAttributesAccess
    parent: projects/test-project
    spec:
@@ -24,8 +25,11 @@ values:
        condition: []
        deny_all: null
        enforce: 'TRUE'
+        parameters: null
        values: []
+    timeouts: null
  module.project.google_org_policy_policy.default["compute.skipDefaultNetworkCreation"]:
+    dry_run_spec: []
    name: projects/test-project/policies/compute.skipDefaultNetworkCreation
    parent: projects/test-project
    spec:
@@ -36,8 +40,11 @@ values:
        condition: []
        deny_all: null
        enforce: 'TRUE'
+        parameters: null
        values: []
+    timeouts: null
  module.project.google_org_policy_policy.default["compute.trustedImageProjects"]:
+    dry_run_spec: []
    name: projects/test-project/policies/compute.trustedImageProjects
    parent: projects/test-project
    spec:
@@ -48,11 +55,14 @@ values:
        condition: []
        deny_all: null
        enforce: null
+        parameters: null
        values:
        - allowed_values:
          - projects/my-project
          denied_values: null
+    timeouts: null
  module.project.google_org_policy_policy.default["compute.vmExternalIpAccess"]:
+    dry_run_spec: []
    name: projects/test-project/policies/compute.vmExternalIpAccess
    parent: projects/test-project
    spec:
@@ -63,8 +73,26 @@ values:
        condition: []
        deny_all: 'TRUE'
        enforce: null
+        parameters: null
        values: []
+    timeouts: null
+  module.project.google_org_policy_policy.default["essentialcontacts.managed.allowedContactDomains"]:
+    dry_run_spec: []
+    name: projects/test-project/policies/essentialcontacts.managed.allowedContactDomains
+    parent: projects/test-project
+    spec:
+    - inherit_from_parent: null
+      reset: null
+      rules:
+      - allow_all: null
+        condition: []
+        deny_all: null
+        enforce: 'TRUE'
+        parameters: '{"allowedDomains":["@example.com"]}'
+        values: []
+    timeouts: null
  module.project.google_org_policy_policy.default["iam.allowedPolicyMemberDomains"]:
+    dry_run_spec: []
    name: projects/test-project/policies/iam.allowedPolicyMemberDomains
    parent: projects/test-project
    spec:
@@ -75,12 +103,15 @@ values:
        condition: []
        deny_all: null
        enforce: null
+        parameters: null
        values:
        - allowed_values:
          - C0xxxxxxx
          - C0yyyyyyy
          denied_values: null
+    timeouts: null
  module.project.google_org_policy_policy.default["iam.disableServiceAccountKeyCreation"]:
+    dry_run_spec: []
    name: projects/test-project/policies/iam.disableServiceAccountKeyCreation
    parent: projects/test-project
    spec:
@@ -91,8 +122,11 @@ values:
        condition: []
        deny_all: null
        enforce: 'TRUE'
+        parameters: null
        values: []
+    timeouts: null
  module.project.google_org_policy_policy.default["iam.disableServiceAccountKeyUpload"]:
+    dry_run_spec: []
    name: projects/test-project/policies/iam.disableServiceAccountKeyUpload
    parent: projects/test-project
    spec:
@@ -107,19 +141,31 @@ values:
          title: condition
        deny_all: null
        enforce: 'TRUE'
+        parameters: null
        values: []
      - allow_all: null
        condition: []
        deny_all: null
        enforce: 'FALSE'
+        parameters: null
        values: []
+    timeouts: null
  module.project.google_project.project[0]:
+    auto_create_network: false
    billing_account: 123456-123456-123456
+    deletion_policy: DELETE
+    effective_labels:
+      goog-terraform-provisioned: 'true'
    folder_id: '1122334455'
+    labels: null
    name: test-project
    org_id: null
    project_id: test-project
+    tags: null
+    terraform_labels:
+      goog-terraform-provisioned: 'true'
+    timeouts: null

 counts:
-  google_org_policy_policy: 7
+  google_org_policy_policy: 8
  google_project: 1