diff --git a/blueprints/README.md b/blueprints/README.md
index 49bf16ab7..e0c42a979 100644
--- a/blueprints/README.md
+++ b/blueprints/README.md
@@ -8,7 +8,7 @@ Currently available blueprints:
- **data solutions** - [GCE and GCS CMEK via centralized Cloud KMS](./data-solutions/cmek-via-centralized-kms), [Cloud Composer version 2 private instance, supporting Shared VPC and external CMEK key](./data-solutions/composer-2), [Cloud SQL instance with multi-region read replicas](./data-solutions/cloudsql-multiregion), [Data Platform](./data-solutions/data-platform-foundations), [Spinning up a foundation data pipeline on Google Cloud using Cloud Storage, Dataflow and BigQuery](./data-solutions/gcs-to-bq-with-least-privileges), [#SQL Server Always On Groups blueprint](./data-solutions/sqlserver-alwayson), [Data Playground](./data-solutions/data-playground)
- **factories** - [The why and the how of Resource Factories](./factories), [Google Cloud Identity Group Factory](./factories/cloud-identity-group-factory), [Google Cloud BQ Factory](./factories/bigquery-factory), [Google Cloud VPC Firewall Factory](./factories/net-vpc-firewall-yaml), [Minimal Project Factory](./factories/project-factory)
- **GKE** - [Binary Authorization Pipeline Blueprint](./gke/binauthz), [Storage API](./gke/binauthz/image), [Multi-cluster mesh on GKE (fleet API)](./gke/multi-cluster-mesh-gke-fleet-api), [GKE Multitenant Blueprint](./gke/multitenant-fleet), [Shared VPC with GKE support](./networking/shared-vpc-gke/)
-- **networking** - [Decentralized firewall management](./networking/decentralized-firewall), [Decentralized firewall validator](./networking/decentralized-firewall/validator), [Network filtering with Squid](./networking/filtering-proxy), [Network filtering with Squid with isolated VPCs using Private Service Connect](./networking/filtering-proxy-psc), [HTTP Load Balancer with Cloud Armor](./networking/glb-and-armor), [Hub and Spoke via VPN](./networking/hub-and-spoke-vpn), [Hub and Spoke via VPC Peering](./networking/hub-and-spoke-peering), [Internal Load Balancer as Next Hop](./networking/ilb-next-hop), [On-prem DNS and Google Private Access](./networking/onprem-google-access-dns), [Calling a private Cloud Function from On-premises](./networking/private-cloud-function-from-onprem), [Hybrid connectivity to on-premise services through PSC](./networking/psc-hybrid), [PSC Producer](./networking/psc-hybrid/psc-producer), [PSC Consumer](./networking/psc-hybrid/psc-consumer), [Shared VPC with optional GKE cluster](./networking/shared-vpc-gke)
+- **networking** - [Decentralized firewall management](./networking/decentralized-firewall), [Decentralized firewall validator](./networking/decentralized-firewall/validator), [Network filtering with Squid](./networking/filtering-proxy), [Network filtering with Squid with isolated VPCs using Private Service Connect](./networking/filtering-proxy-psc), [HTTP Load Balancer with Cloud Armor](./networking/glb-and-armor), [Hub and Spoke via VPN](./networking/hub-and-spoke-vpn), [Hub and Spoke via VPC Peering](./networking/hub-and-spoke-peering), [Internal Load Balancer as Next Hop](./networking/ilb-next-hop), On-prem DNS and Google Private Access, [Calling a private Cloud Function from On-premises](./networking/private-cloud-function-from-onprem), [Hybrid connectivity to on-premise services through PSC](./networking/psc-hybrid), [PSC Producer](./networking/psc-hybrid/psc-producer), [PSC Consumer](./networking/psc-hybrid/psc-consumer), [Shared VPC with optional GKE cluster](./networking/shared-vpc-gke)
- **serverless** - [Creating multi-region deployments for API Gateway](./serverless/api-gateway)
- **third party solutions** - [OpenShift on GCP user-provisioned infrastructure](./third-party-solutions/openshift), [Wordpress deployment on Cloud Run](./third-party-solutions/wordpress/cloudrun)
diff --git a/blueprints/cloud-operations/unmanaged-instances-healthcheck/main.tf b/blueprints/cloud-operations/unmanaged-instances-healthcheck/main.tf
index d69dddf2b..19f2d467b 100644
--- a/blueprints/cloud-operations/unmanaged-instances-healthcheck/main.tf
+++ b/blueprints/cloud-operations/unmanaged-instances-healthcheck/main.tf
@@ -146,13 +146,11 @@ module "cf-healthchecker" {
name = "cf-healthchecker"
region = var.region
bucket_name = module.cf-restarter.bucket_name
-
bundle_config = {
source_dir = "${path.module}/function/healthchecker"
output_path = "healthchecker.zip"
}
service_account = module.service-account-healthchecker.email
-
function_config = {
entry_point = "HealthCheck"
ingress_settings = null
@@ -161,7 +159,6 @@ module "cf-healthchecker" {
runtime = "go116"
timeout = 300
}
-
environment_variables = {
FILTER = "name = nginx-*"
GRACE_PERIOD = var.grace_period
@@ -171,7 +168,6 @@ module "cf-healthchecker" {
TCP_PORT = var.tcp_port
TIMEOUT = var.timeout
}
-
vpc_connector = {
create = true
name = "hc-connector"
@@ -230,23 +226,25 @@ resource "google_cloud_scheduler_job" "healthcheck-job" {
module "cos-nginx" {
source = "../../../modules/cloud-config-container/nginx"
- test_instance = {
- project_id = module.project.project_id
- zone = "${var.region}-b"
- name = "nginx-test"
- type = "f1-micro"
+}
+
+module "test-vm" {
+ source = "../../../modules/compute-vm"
+ project_id = module.project.project_id
+ zone = "${var.region}-b"
+ name = "nginx-test"
+ boot_disk = {
+ image = "projects/cos-cloud/global/images/family/cos-stable"
+ type = "pd-ssd"
+ size = 10
+ }
+ metadata = {
+ user-data = module.cos-nginx.cloud_config
+ google-logging-enabled = true
+ }
+ network_interfaces = [{
network = module.vpc.self_link
subnetwork = module.vpc.subnet_self_links["${var.region}/apps"]
- }
- test_instance_defaults = {
- disks = {}
- image = null
- metadata = {}
- nat = false
- service_account_roles = [
- "roles/logging.logWriter",
- "roles/monitoring.metricWriter"
- ]
- tags = ["ssh"]
- }
+ }]
+ tags = ["ssh"]
}
diff --git a/blueprints/networking/README.md b/blueprints/networking/README.md
index ef3932689..ec510d564 100644
--- a/blueprints/networking/README.md
+++ b/blueprints/networking/README.md
@@ -49,19 +49,20 @@ The blueprint shows how to implement spoke transitivity via BGP advertisements,
### DNS and Private Access for On-premises
-
This [blueprint](./onprem-google-access-dns/) uses an emulated on-premises environment running in Docker containers inside a GCE instance, to allow testing specific features like DNS policies, DNS forwarding zones across VPN, and Private Access for On-premises hosts.
+ This [blueprint](./onprem-google-access-dns/) uses an emulated on-premises environment running in Docker containers inside a GCE instance, to allow testing specific features like DNS policies, DNS forwarding zones across VPN, and Private Access for On-premises hosts.
The emulated on-premises environment can be used to test access to different services from outside Google Cloud, by implementing a VPN connection and BGP to Google CLoud via Strongswan and Bird.
+-->
+
### Calling a private Cloud Function from on-premises
This [blueprint](./private-cloud-function-from-onprem/) shows how to invoke a [private Google Cloud Function](https://cloud.google.com/functions/docs/networking/network-settings) from the on-prem environment via a [Private Service Connect endpoint](https://cloud.google.com/vpc/docs/private-service-connect#benefits-apis).
diff --git a/blueprints/networking/_deprecated/README.md b/blueprints/networking/__need_fixing/README.md
similarity index 100%
rename from blueprints/networking/_deprecated/README.md
rename to blueprints/networking/__need_fixing/README.md
diff --git a/blueprints/networking/_deprecated/nginx-reverse-proxy-cluster/Dockerfile b/blueprints/networking/__need_fixing/nginx-reverse-proxy-cluster/Dockerfile
similarity index 100%
rename from blueprints/networking/_deprecated/nginx-reverse-proxy-cluster/Dockerfile
rename to blueprints/networking/__need_fixing/nginx-reverse-proxy-cluster/Dockerfile
diff --git a/blueprints/networking/_deprecated/nginx-reverse-proxy-cluster/README.md b/blueprints/networking/__need_fixing/nginx-reverse-proxy-cluster/README.md
similarity index 100%
rename from blueprints/networking/_deprecated/nginx-reverse-proxy-cluster/README.md
rename to blueprints/networking/__need_fixing/nginx-reverse-proxy-cluster/README.md
diff --git a/blueprints/networking/_deprecated/nginx-reverse-proxy-cluster/main.tf b/blueprints/networking/__need_fixing/nginx-reverse-proxy-cluster/main.tf
similarity index 100%
rename from blueprints/networking/_deprecated/nginx-reverse-proxy-cluster/main.tf
rename to blueprints/networking/__need_fixing/nginx-reverse-proxy-cluster/main.tf
diff --git a/blueprints/networking/_deprecated/nginx-reverse-proxy-cluster/outputs.tf b/blueprints/networking/__need_fixing/nginx-reverse-proxy-cluster/outputs.tf
similarity index 100%
rename from blueprints/networking/_deprecated/nginx-reverse-proxy-cluster/outputs.tf
rename to blueprints/networking/__need_fixing/nginx-reverse-proxy-cluster/outputs.tf
diff --git a/blueprints/networking/_deprecated/nginx-reverse-proxy-cluster/reverse-proxy.png b/blueprints/networking/__need_fixing/nginx-reverse-proxy-cluster/reverse-proxy.png
similarity index 100%
rename from blueprints/networking/_deprecated/nginx-reverse-proxy-cluster/reverse-proxy.png
rename to blueprints/networking/__need_fixing/nginx-reverse-proxy-cluster/reverse-proxy.png
diff --git a/blueprints/networking/_deprecated/nginx-reverse-proxy-cluster/variables.tf b/blueprints/networking/__need_fixing/nginx-reverse-proxy-cluster/variables.tf
similarity index 100%
rename from blueprints/networking/_deprecated/nginx-reverse-proxy-cluster/variables.tf
rename to blueprints/networking/__need_fixing/nginx-reverse-proxy-cluster/variables.tf
diff --git a/blueprints/networking/_deprecated/nginx-reverse-proxy-cluster/versions.tf b/blueprints/networking/__need_fixing/nginx-reverse-proxy-cluster/versions.tf
similarity index 100%
rename from blueprints/networking/_deprecated/nginx-reverse-proxy-cluster/versions.tf
rename to blueprints/networking/__need_fixing/nginx-reverse-proxy-cluster/versions.tf
diff --git a/blueprints/networking/onprem-google-access-dns/README.md b/blueprints/networking/__need_fixing/onprem-google-access-dns/README.md
similarity index 95%
rename from blueprints/networking/onprem-google-access-dns/README.md
rename to blueprints/networking/__need_fixing/onprem-google-access-dns/README.md
index fae563986..deb3593f7 100644
--- a/blueprints/networking/onprem-google-access-dns/README.md
+++ b/blueprints/networking/__need_fixing/onprem-google-access-dns/README.md
@@ -1,6 +1,6 @@
# On-prem DNS and Google Private Access
-This blueprint leverages the [on prem in a box](../../../modules/cloud-config-container/onprem) module to bootstrap an emulated on-premises environment on GCP, then connects it via VPN and sets up BGP and DNS so that several specific features can be tested:
+This blueprint leverages the on prem in a box module to bootstrap an emulated on-premises environment on GCP, then connects it via VPN and sets up BGP and DNS so that several specific features can be tested:
- [Cloud DNS forwarding zone](https://cloud.google.com/dns/docs/overview#fz-targets) to on-prem
- DNS forwarding from on-prem via a [Cloud DNS inbound policy](https://cloud.google.com/dns/docs/policies#create-in)
@@ -30,7 +30,7 @@ The Cloud DNS inbound policy reserves an IP address in the VPC, which is used by
### Find out the forwarder entry point address
-Run this gcloud command to (find out the address assigned to the inbound forwarder)[https://cloud.google.com/dns/docs/policies#list-in-entrypoints]:
+Run this gcloud command to [find out the address assigned to the inbound forwarder](https://cloud.google.com/dns/docs/policies#list-in-entrypoints):
```bash
gcloud compute addresses list --project [your project id]
@@ -199,7 +199,7 @@ curl www.onprem.example.org -s |grep h1
A single pre-existing project is used in this blueprint to keep variables and complexity to a minimum, in a real world scenarios each spoke would probably use a separate project.
-The VPN-s used to connect to the on-premises environment do not account for HA, upgrading to use HA VPN is reasonably simple by using the relevant [module](../../../modules/net-vpn-ha).
+The VPN-s used to connect to the on-premises environment do not account for HA, upgrading to use HA VPN is reasonably simple by using the relevant [module](../../../../modules/net-vpn-ha).
## Variables
diff --git a/blueprints/networking/onprem-google-access-dns/assets/Corefile b/blueprints/networking/__need_fixing/onprem-google-access-dns/assets/Corefile
similarity index 100%
rename from blueprints/networking/onprem-google-access-dns/assets/Corefile
rename to blueprints/networking/__need_fixing/onprem-google-access-dns/assets/Corefile
diff --git a/blueprints/networking/onprem-google-access-dns/backend.tf.sample b/blueprints/networking/__need_fixing/onprem-google-access-dns/backend.tf.sample
similarity index 100%
rename from blueprints/networking/onprem-google-access-dns/backend.tf.sample
rename to blueprints/networking/__need_fixing/onprem-google-access-dns/backend.tf.sample
diff --git a/blueprints/networking/onprem-google-access-dns/diagram.png b/blueprints/networking/__need_fixing/onprem-google-access-dns/diagram.png
similarity index 100%
rename from blueprints/networking/onprem-google-access-dns/diagram.png
rename to blueprints/networking/__need_fixing/onprem-google-access-dns/diagram.png
diff --git a/blueprints/networking/onprem-google-access-dns/main.tf b/blueprints/networking/__need_fixing/onprem-google-access-dns/main.tf
similarity index 100%
rename from blueprints/networking/onprem-google-access-dns/main.tf
rename to blueprints/networking/__need_fixing/onprem-google-access-dns/main.tf
diff --git a/blueprints/networking/onprem-google-access-dns/outputs.tf b/blueprints/networking/__need_fixing/onprem-google-access-dns/outputs.tf
similarity index 100%
rename from blueprints/networking/onprem-google-access-dns/outputs.tf
rename to blueprints/networking/__need_fixing/onprem-google-access-dns/outputs.tf
diff --git a/blueprints/networking/onprem-google-access-dns/variables.tf b/blueprints/networking/__need_fixing/onprem-google-access-dns/variables.tf
similarity index 100%
rename from blueprints/networking/onprem-google-access-dns/variables.tf
rename to blueprints/networking/__need_fixing/onprem-google-access-dns/variables.tf
diff --git a/blueprints/networking/onprem-google-access-dns/versions.tf b/blueprints/networking/__need_fixing/onprem-google-access-dns/versions.tf
similarity index 100%
rename from blueprints/networking/onprem-google-access-dns/versions.tf
rename to blueprints/networking/__need_fixing/onprem-google-access-dns/versions.tf
diff --git a/modules/cloud-config-container/README.md b/modules/cloud-config-container/README.md
index 7ee53bdc1..713ffa883 100644
--- a/modules/cloud-config-container/README.md
+++ b/modules/cloud-config-container/README.md
@@ -1,6 +1,6 @@
# Instance Configuration via `cloud-config`
-This set of modules creates specialized [cloud-config](https://cloud.google.com/container-optimized-os/docs/how-to/run-container-instance#starting_a_docker_container_via_cloud-config) configurations, which are designed for use with [Container Optimized OS](https://cloud.google.com/container-optimized-os/docs) (the [onprem module](./onprem/) is the only exception) but can also be used as a basis for other image types or cloud providers.
+This set of modules creates specialized [cloud-config](https://cloud.google.com/container-optimized-os/docs/how-to/run-container-instance#starting_a_docker_container_via_cloud-config) configurations, which are designed for use with [Container Optimized OS](https://cloud.google.com/container-optimized-os/docs) (the onprem module is the only exception) but can also be used as a basis for other image types or cloud providers.
These modules are designed for several use cases:
@@ -14,8 +14,8 @@ These modules are designed for several use cases:
- [CoreDNS](./coredns)
- [MySQL](./mysql)
- [Nginx](./nginx)
-- [On-prem in Docker](./onprem)
- [Squid forward proxy](./squid)
+- On-prem in Docker (*needs fixing*)
## Using the modules
@@ -23,8 +23,6 @@ All modules are designed to be as lightweight as possible, so that specialized m
To use the modules with instances or instance templates, simply set use their `cloud_config` output for the `user-data` metadata. When updating the metadata after a variable change remember to manually restart the instances that use a module's output, or the changes won't effect the running system.
-For convenience when developing or prototyping infrastructure, an optional test instance is included in all modules. If it's not needed, the linked `*instance.tf` files can be removed from the modules without harm.
-
## TODO
- [ ] convert all `xxx_config` variables to use file content instead of path
diff --git a/modules/cloud-config-container/onprem/Corefile b/modules/cloud-config-container/__need_fixing/onprem/Corefile
similarity index 100%
rename from modules/cloud-config-container/onprem/Corefile
rename to modules/cloud-config-container/__need_fixing/onprem/Corefile
diff --git a/modules/cloud-config-container/onprem/README.md b/modules/cloud-config-container/__need_fixing/onprem/README.md
similarity index 57%
rename from modules/cloud-config-container/onprem/README.md
rename to modules/cloud-config-container/__need_fixing/onprem/README.md
index 1a668a8d1..bc81f437e 100644
--- a/modules/cloud-config-container/onprem/README.md
+++ b/modules/cloud-config-container/__need_fixing/onprem/README.md
@@ -10,18 +10,14 @@ The emulated on-premises infrastructure is composed of:
- an Nginx container serving a simple static web page
- a [generic Linux container](./docker-images/toolbox) used as a jump host inside the on-premises network
-A [complete scenario using this module](../../../blueprints/networking/onprem-google-access-dns) is available in the networking blueprints.
+A complete scenario using this module is available in the networking blueprints.
The module renders the generated cloud config in the `cloud_config` output, to be used in instances or instance templates via the `user-data` metadata.
-For convenience during development or for simple use cases, the module can optionally manage a single instance via the `test_instance` variable. If the instance is not needed the `instance*tf` files can be safely removed. Refer to the [top-level README](../README.md) for more details on the included instance.
-
## Examples
### Static VPN
-The test instance is optional, as described above.
-
```hcl
module "cloud-vpn" {
source = "./fabric/modules/net-vpn-static"
@@ -32,29 +28,43 @@ module "cloud-vpn" {
remote_ranges = ["192.168.192.0/24"]
tunnels = {
remote-0 = {
- peer_ip = module.on-prem.external_address
+ peer_ip = module.vm.external_ip
traffic_selectors = { local = ["0.0.0.0/0"], remote = null }
}
}
}
module "on-prem" {
- source = "./fabric/modules/cos-container/on-prem"
- name = "onprem"
+ source = "./fabric/modules/cloud-config-container/onprem"
vpn_config = {
type = "static"
peer_ip = module.cloud-vpn.address
shared_secret = module.cloud-vpn.random_secret
}
- test_instance = {
- project_id = "my-project"
- zone = "europe-west1-b"
- name = "cos-coredns"
- type = "f1-micro"
- network = "default"
- subnetwork = "https://www.googleapis.com/compute/v1/projects/my-project/regions/europe-west1/subnetworks/my-subnet"
- }
}
+
+module "vm" {
+ source = "./fabric/modules/compute-vm"
+ project_id = "my-project"
+ zone = "europe-west8-b"
+ name = "cos-nginx-tls"
+ network_interfaces = [{
+ nat = true
+ network = "default"
+ subnetwork = "gce"
+ }]
+ metadata = {
+ user-data = module.on-prem.cloud_config
+ google-logging-enabled = true
+ }
+ boot_disk = {
+ image = "projects/cos-cloud/global/images/family/cos-stable"
+ type = "pd-ssd"
+ size = 10
+ }
+ tags = ["ssh"]
+}
+# tftest skip
```
@@ -62,12 +72,10 @@ module "on-prem" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [vpn_config](variables.tf#L35) | VPN configuration, type must be one of 'dynamic' or 'static'. | object({…}) | ✓ | |
+| [vpn_config](variables.tf#L35) | VPN configuration, type must be one of 'dynamic' or 'static'. | object({…}) | ✓ | |
| [config_variables](variables.tf#L17) | Additional variables used to render the cloud-config and CoreDNS templates. | map(any) | | {} |
| [coredns_config](variables.tf#L23) | CoreDNS configuration path, if null default will be used. | string | | null |
| [local_ip_cidr_range](variables.tf#L29) | IP CIDR range used for the Docker onprem network. | string | | "192.168.192.0/24" |
-| [test_instance](variables-instance.tf#L17) | Test/development instance attributes, leave null to skip creation. | object({…}) | | null |
-| [test_instance_defaults](variables-instance.tf#L30) | Test/development instance defaults used for optional configuration. If image is null, COS stable will be used. | object({…}) | | {…} |
| [vpn_dynamic_config](variables.tf#L46) | BGP configuration for dynamic VPN, ignored if VPN type is 'static'. | object({…}) | | {…} |
| [vpn_static_ranges](variables.tf#L70) | Remote CIDR ranges for static VPN, ignored if VPN type is 'dynamic'. | list(string) | | ["10.0.0.0/8"] |
@@ -76,7 +84,5 @@ module "on-prem" {
| name | description | sensitive |
|---|---|:---:|
| [cloud_config](outputs.tf#L17) | Rendered cloud-config file to be passed as user-data instance metadata. | |
-| [test_instance](outputs-instance.tf#L17) | Optional test instance name and address. | |
-
diff --git a/modules/cloud-config-container/onprem/cloud-config.yaml b/modules/cloud-config-container/__need_fixing/onprem/cloud-config.yaml
similarity index 100%
rename from modules/cloud-config-container/onprem/cloud-config.yaml
rename to modules/cloud-config-container/__need_fixing/onprem/cloud-config.yaml
diff --git a/modules/cloud-config-container/onprem/docker-images/README.md b/modules/cloud-config-container/__need_fixing/onprem/docker-images/README.md
similarity index 100%
rename from modules/cloud-config-container/onprem/docker-images/README.md
rename to modules/cloud-config-container/__need_fixing/onprem/docker-images/README.md
diff --git a/modules/cloud-config-container/onprem/docker-images/strongswan/Dockerfile b/modules/cloud-config-container/__need_fixing/onprem/docker-images/strongswan/Dockerfile
similarity index 100%
rename from modules/cloud-config-container/onprem/docker-images/strongswan/Dockerfile
rename to modules/cloud-config-container/__need_fixing/onprem/docker-images/strongswan/Dockerfile
diff --git a/modules/cloud-config-container/onprem/docker-images/strongswan/README.md b/modules/cloud-config-container/__need_fixing/onprem/docker-images/strongswan/README.md
similarity index 100%
rename from modules/cloud-config-container/onprem/docker-images/strongswan/README.md
rename to modules/cloud-config-container/__need_fixing/onprem/docker-images/strongswan/README.md
diff --git a/modules/cloud-config-container/onprem/docker-images/strongswan/cloudbuild.yaml b/modules/cloud-config-container/__need_fixing/onprem/docker-images/strongswan/cloudbuild.yaml
similarity index 100%
rename from modules/cloud-config-container/onprem/docker-images/strongswan/cloudbuild.yaml
rename to modules/cloud-config-container/__need_fixing/onprem/docker-images/strongswan/cloudbuild.yaml
diff --git a/modules/cloud-config-container/onprem/docker-images/strongswan/entrypoint.sh b/modules/cloud-config-container/__need_fixing/onprem/docker-images/strongswan/entrypoint.sh
similarity index 100%
rename from modules/cloud-config-container/onprem/docker-images/strongswan/entrypoint.sh
rename to modules/cloud-config-container/__need_fixing/onprem/docker-images/strongswan/entrypoint.sh
diff --git a/modules/cloud-config-container/onprem/docker-images/strongswan/ipsec-vti.sh b/modules/cloud-config-container/__need_fixing/onprem/docker-images/strongswan/ipsec-vti.sh
similarity index 100%
rename from modules/cloud-config-container/onprem/docker-images/strongswan/ipsec-vti.sh
rename to modules/cloud-config-container/__need_fixing/onprem/docker-images/strongswan/ipsec-vti.sh
diff --git a/modules/cloud-config-container/onprem/docker-images/toolbox/Dockerfile b/modules/cloud-config-container/__need_fixing/onprem/docker-images/toolbox/Dockerfile
similarity index 100%
rename from modules/cloud-config-container/onprem/docker-images/toolbox/Dockerfile
rename to modules/cloud-config-container/__need_fixing/onprem/docker-images/toolbox/Dockerfile
diff --git a/modules/cloud-config-container/onprem/docker-images/toolbox/README.md b/modules/cloud-config-container/__need_fixing/onprem/docker-images/toolbox/README.md
similarity index 100%
rename from modules/cloud-config-container/onprem/docker-images/toolbox/README.md
rename to modules/cloud-config-container/__need_fixing/onprem/docker-images/toolbox/README.md
diff --git a/modules/cloud-config-container/onprem/docker-images/toolbox/cloudbuild.yaml b/modules/cloud-config-container/__need_fixing/onprem/docker-images/toolbox/cloudbuild.yaml
similarity index 100%
rename from modules/cloud-config-container/onprem/docker-images/toolbox/cloudbuild.yaml
rename to modules/cloud-config-container/__need_fixing/onprem/docker-images/toolbox/cloudbuild.yaml
diff --git a/modules/cloud-config-container/onprem/docker-images/toolbox/entrypoint.sh b/modules/cloud-config-container/__need_fixing/onprem/docker-images/toolbox/entrypoint.sh
similarity index 100%
rename from modules/cloud-config-container/onprem/docker-images/toolbox/entrypoint.sh
rename to modules/cloud-config-container/__need_fixing/onprem/docker-images/toolbox/entrypoint.sh
diff --git a/modules/cloud-config-container/onprem/main.tf b/modules/cloud-config-container/__need_fixing/onprem/main.tf
similarity index 100%
rename from modules/cloud-config-container/onprem/main.tf
rename to modules/cloud-config-container/__need_fixing/onprem/main.tf
diff --git a/modules/cloud-config-container/onprem/outputs.tf b/modules/cloud-config-container/__need_fixing/onprem/outputs.tf
similarity index 100%
rename from modules/cloud-config-container/onprem/outputs.tf
rename to modules/cloud-config-container/__need_fixing/onprem/outputs.tf
diff --git a/modules/cloud-config-container/onprem/static-vpn-gw-cloud-init.yaml b/modules/cloud-config-container/__need_fixing/onprem/static-vpn-gw-cloud-init.yaml
similarity index 100%
rename from modules/cloud-config-container/onprem/static-vpn-gw-cloud-init.yaml
rename to modules/cloud-config-container/__need_fixing/onprem/static-vpn-gw-cloud-init.yaml
diff --git a/modules/cloud-config-container/onprem/variables.tf b/modules/cloud-config-container/__need_fixing/onprem/variables.tf
similarity index 94%
rename from modules/cloud-config-container/onprem/variables.tf
rename to modules/cloud-config-container/__need_fixing/onprem/variables.tf
index 3b09e2366..06eb27603 100644
--- a/modules/cloud-config-container/onprem/variables.tf
+++ b/modules/cloud-config-container/__need_fixing/onprem/variables.tf
@@ -37,9 +37,9 @@ variable "vpn_config" {
type = object({
peer_ip = string
shared_secret = string
- type = string
- peer_ip2 = string
- shared_secret2 = string
+ type = optional(string, "static")
+ peer_ip2 = optional(string)
+ shared_secret2 = optional(string)
})
}
diff --git a/modules/cloud-config-container/onprem/versions.tf b/modules/cloud-config-container/__need_fixing/onprem/versions.tf
similarity index 100%
rename from modules/cloud-config-container/onprem/versions.tf
rename to modules/cloud-config-container/__need_fixing/onprem/versions.tf
diff --git a/modules/cloud-config-container/coredns/README.md b/modules/cloud-config-container/coredns/README.md
index f5a51a389..91e49592c 100644
--- a/modules/cloud-config-container/coredns/README.md
+++ b/modules/cloud-config-container/coredns/README.md
@@ -27,14 +27,27 @@ module "cos-coredns" {
source = "./fabric/modules/cloud-config-container/coredns"
}
-# use it as metadata in a compute instance or template
-module "vm-coredns" {
- source = "./fabric/modules/compute-vm"
+module "vm" {
+ source = "./fabric/modules/compute-vm"
+ project_id = "my-project"
+ zone = "europe-west8-b"
+ name = "cos-coredns"
+ network_interfaces = [{
+ network = "default"
+ subnetwork = "gce"
+ }]
metadata = {
user-data = module.cos-coredns.cloud_config
google-logging-enabled = true
}
+ boot_disk = {
+ image = "projects/cos-cloud/global/images/family/cos-stable"
+ type = "pd-ssd"
+ size = 10
+ }
+ tags = ["dns", "ssh"]
}
+# tftest modules=1 resources=1
```
### Custom CoreDNS configuration
@@ -51,25 +64,9 @@ module "cos-coredns" {
owner = null
permissions = "0644"
}
+ }
}
-```
-
-### CoreDNS instance
-
-This example shows how to create the single instance optionally managed by the module, providing all required attributes in the `test_instance` variable. The instance is purposefully kept simple and should only be used in development, or when designing infrastructures.
-
-```hcl
-module "cos-coredns" {
- source = "./fabric/modules/cloud-config-container/coredns"
- test_instance = {
- project_id = "my-project"
- zone = "europe-west1-b"
- name = "cos-coredns"
- type = "f1-micro"
- network = "default"
- subnetwork = "https://www.googleapis.com/compute/v1/projects/my-project/regions/europe-west1/subnetworks/my-subnet"
- }
-}
+# tftest modules=0 resources=0
```
@@ -82,14 +79,11 @@ module "cos-coredns" {
| [coredns_config](variables.tf#L29) | CoreDNS configuration path, if null default will be used. | string | | null |
| [file_defaults](variables.tf#L35) | Default owner and permissions for files. | object({…}) | | {…} |
| [files](variables.tf#L47) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} |
-| [test_instance](variables-instance.tf#L17) | Test/development instance attributes, leave null to skip creation. | object({…}) | | null |
-| [test_instance_defaults](variables-instance.tf#L30) | Test/development instance defaults used for optional configuration. If image is null, COS stable will be used. | object({…}) | | {…} |
## Outputs
| name | description | sensitive |
|---|---|:---:|
| [cloud_config](outputs.tf#L17) | Rendered cloud-config file to be passed as user-data instance metadata. | |
-| [test_instance](outputs-instance.tf#L17) | Optional test instance name and address. | |
diff --git a/modules/cloud-config-container/coredns/instance.tf b/modules/cloud-config-container/coredns/instance.tf
deleted file mode 120000
index bdef596b6..000000000
--- a/modules/cloud-config-container/coredns/instance.tf
+++ /dev/null
@@ -1 +0,0 @@
-../instance.tf
\ No newline at end of file
diff --git a/modules/cloud-config-container/coredns/outputs-instance.tf b/modules/cloud-config-container/coredns/outputs-instance.tf
deleted file mode 120000
index ea9e24045..000000000
--- a/modules/cloud-config-container/coredns/outputs-instance.tf
+++ /dev/null
@@ -1 +0,0 @@
-../outputs-instance.tf
\ No newline at end of file
diff --git a/modules/cloud-config-container/coredns/variables-instance.tf b/modules/cloud-config-container/coredns/variables-instance.tf
deleted file mode 120000
index 94af61e4d..000000000
--- a/modules/cloud-config-container/coredns/variables-instance.tf
+++ /dev/null
@@ -1 +0,0 @@
-../variables-instance.tf
\ No newline at end of file
diff --git a/modules/cloud-config-container/cos-generic-metadata/README.md b/modules/cloud-config-container/cos-generic-metadata/README.md
index 16d1935ed..3b9898541 100644
--- a/modules/cloud-config-container/cos-generic-metadata/README.md
+++ b/modules/cloud-config-container/cos-generic-metadata/README.md
@@ -12,31 +12,27 @@ This example will create a `cloud-config` that starts [Envoy Proxy](https://www.
```hcl
module "cos-envoy" {
- source = "./fabric/modules/cos-generic-metadata"
-
+ source = "./fabric/modules/cloud-config-container/cos-generic-metadata"
container_image = "envoyproxy/envoy:v1.14.1"
container_name = "envoy"
container_args = "-c /etc/envoy/envoy.yaml --log-level info --allow-unknown-static-fields"
-
container_volumes = [
{ host = "/etc/envoy/envoy.yaml", container = "/etc/envoy/envoy.yaml" }
]
-
docker_args = "--network host --pid host"
-
+ # file paths are mocked to run this example in tests
files = {
"/var/run/envoy/customize.sh" = {
- content = file("customize.sh")
+ content = file("/dev/null") # file("customize.sh")
owner = "root"
permissions = "0744"
}
"/etc/envoy/envoy.yaml" = {
- content = file("envoy.yaml")
+ content = file("/dev/null") # file("envoy.yaml")
owner = "root"
permissions = "0644"
}
}
-
run_commands = [
"iptables -t nat -N ENVOY_IN_REDIRECT",
"iptables -t nat -A ENVOY_IN_REDIRECT -p tcp -j REDIRECT --to-port 15001",
@@ -46,14 +42,13 @@ module "cos-envoy" {
"systemctl daemon-reload",
"systemctl start envoy",
]
-
- users = [
- {
- username = "envoy",
- uid = 1337
- }
- ]
+ users = [{
+ username = "envoy",
+ uid = 1337
+ }]
}
+
+# tftest modules=0 resources=0
```
diff --git a/modules/cloud-config-container/envoy-traffic-director/README.md b/modules/cloud-config-container/envoy-traffic-director/README.md
index 593cfa83c..caa0ec5ec 100644
--- a/modules/cloud-config-container/envoy-traffic-director/README.md
+++ b/modules/cloud-config-container/envoy-traffic-director/README.md
@@ -11,38 +11,31 @@ This module depends on the [`cos-generic-metadata` module](../cos-generic-metada
### Default configuration
```hcl
-# Envoy TD config
module "cos-envoy-td" {
source = "./fabric/modules/cloud-config-container/envoy-traffic-director"
}
-# COS VM
-module "vm-cos" {
+module "vm" {
source = "./fabric/modules/compute-vm"
- project_id = local.project_id
- zone = local.zone
+ project_id = "my-project"
+ zone = "europe-west8-b"
name = "cos-envoy-td"
network_interfaces = [{
- network = local.vpc.self_link,
- subnetwork = local.vpc.subnet_self_link,
- nat = false,
- addresses = null
+ network = "default"
+ subnetwork = "gce"
}]
- tags = ["ssh", "http"]
-
metadata = {
user-data = module.cos-envoy-td.cloud_config
google-logging-enabled = true
}
-
boot_disk = {
image = "projects/cos-cloud/global/images/family/cos-stable"
type = "pd-ssd"
size = 10
}
-
- service_account_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
+ tags = ["http-server", "ssh"]
}
+# tftest modules=1 resources=1
```
diff --git a/modules/cloud-config-container/instance.tf b/modules/cloud-config-container/instance.tf
deleted file mode 100644
index 7f76f2183..000000000
--- a/modules/cloud-config-container/instance.tf
+++ /dev/null
@@ -1,101 +0,0 @@
-/**
- * Copyright 2022 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-resource "google_service_account" "default" {
- count = var.test_instance == null ? 0 : 1
- project = var.test_instance.project_id
- account_id = "fabric-container-${var.test_instance.name}"
- display_name = "Managed by the cos Terraform module."
-}
-
-resource "google_project_iam_member" "default" {
- for_each = (
- var.test_instance == null
- ? toset([])
- : toset(var.test_instance_defaults.service_account_roles)
- )
- project = var.test_instance.project_id
- role = each.value
- member = "serviceAccount:${google_service_account.default[0].email}"
-}
-
-resource "google_compute_disk" "disks" {
- for_each = (
- var.test_instance == null
- ? {}
- : var.test_instance_defaults.disks
- )
- project = var.test_instance.project_id
- zone = var.test_instance.zone
- name = each.key
- type = "pd-ssd"
- size = each.value.size
-}
-
-resource "google_compute_instance" "default" {
- count = var.test_instance == null ? 0 : 1
- project = var.test_instance.project_id
- zone = var.test_instance.zone
- name = var.test_instance.name
- description = "Managed by the cos Terraform module."
- tags = var.test_instance_defaults.tags
- machine_type = (
- var.test_instance.type == null ? "f1-micro" : var.test_instance.type
- )
- metadata = merge(var.test_instance_defaults.metadata, {
- user-data = local.cloud_config
- })
-
- dynamic "attached_disk" {
- for_each = var.test_instance_defaults.disks
- iterator = disk
- content {
- device_name = disk.key
- mode = disk.value.read_only ? "READ_ONLY" : "READ_WRITE"
- source = google_compute_disk.disks[disk.key].name
- }
- }
-
- boot_disk {
- initialize_params {
- type = "pd-ssd"
- image = (
- var.test_instance_defaults.image == null
- ? "projects/cos-cloud/global/images/family/cos-stable"
- : var.test_instance_defaults.image
- )
- size = 10
- }
- }
-
- network_interface {
- network = var.test_instance.network
- subnetwork = var.test_instance.subnetwork
- dynamic "access_config" {
- for_each = var.test_instance_defaults.nat ? [""] : []
- iterator = config
- content {
- nat_ip = null
- }
- }
- }
-
- service_account {
- email = google_service_account.default[0].email
- scopes = ["https://www.googleapis.com/auth/cloud-platform"]
- }
-
-}
diff --git a/modules/cloud-config-container/mysql/README.md b/modules/cloud-config-container/mysql/README.md
index 535a77afe..e0c0f44a9 100644
--- a/modules/cloud-config-container/mysql/README.md
+++ b/modules/cloud-config-container/mysql/README.md
@@ -26,18 +26,31 @@ This example will create a `cloud-config` that uses the container's default conf
```hcl
module "cos-mysql" {
- source = "./fabric/modules/cos-container/mysql"
+ source = "./fabric/modules/cloud-config-container/mysql"
mysql_password = "foo"
}
-# use it as metadata in a compute instance or template
-module "vm-mysql" {
- source = "./fabric/modules/compute-vm"
+module "vm" {
+ source = "./fabric/modules/compute-vm"
+ project_id = "my-project"
+ zone = "europe-west8-b"
+ name = "cos-mysql"
+ network_interfaces = [{
+ network = "default"
+ subnetwork = "gce"
+ }]
metadata = {
user-data = module.cos-mysql.cloud_config
google-logging-enabled = true
}
+ boot_disk = {
+ image = "projects/cos-cloud/global/images/family/cos-stable"
+ type = "pd-ssd"
+ size = 10
+ }
+ tags = ["mysql", "ssh"]
}
+# tftest modules=1 resources=1
```
### Custom MySQL configuration and KMS encrypted password
@@ -46,7 +59,7 @@ This example will create a `cloud-config` that uses a custom MySQL configuration
```hcl
module "cos-mysql" {
- source = "./fabric/modules/cos-container/mysql"
+ source = "./fabric/modules/cloud-config-container/mysql"
mysql_config = "./my.cnf"
mysql_password = "CiQAsd7WY=="
kms_config = {
@@ -56,25 +69,7 @@ module "cos-mysql" {
key = "mysql"
}
}
-```
-
-### MySQL instance
-
-This example shows how to create the single instance optionally managed by the module, providing all required attributes in the `test_instance` variable. The instance is purposefully kept simple and should only be used in development, or when designing infrastructures.
-
-```hcl
-module "cos-mysql" {
- source = "./fabric/modules/cos-container/mysql"
- mysql_password = "foo"
- test_instance = {
- project_id = "my-project"
- zone = "europe-west1-b"
- name = "cos-mysql"
- type = "n1-standard-1"
- network = "default"
- subnetwork = "https://www.googleapis.com/compute/v1/projects/my-project/regions/europe-west1/subnetworks/my-subnet"
- }
-}
+# tftest modules=0 resources=0
```
@@ -89,14 +84,11 @@ module "cos-mysql" {
| [kms_config](variables.tf#L35) | Optional KMS configuration to decrypt passed-in password. Leave null if a plaintext password is used. | object({…}) | | null |
| [mysql_config](variables.tf#L46) | MySQL configuration file content, if null container default will be used. | string | | null |
| [mysql_data_disk](variables.tf#L52) | MySQL data disk name in /dev/disk/by-id/ including the google- prefix. If null the boot disk will be used for data. | string | | null |
-| [test_instance](variables-instance.tf#L17) | Test/development instance attributes, leave null to skip creation. | object({…}) | | null |
-| [test_instance_defaults](variables-instance.tf#L30) | Test/development instance defaults used for optional configuration. If image is null, COS stable will be used. | object({…}) | | {…} |
## Outputs
| name | description | sensitive |
|---|---|:---:|
| [cloud_config](outputs.tf#L17) | Rendered cloud-config file to be passed as user-data instance metadata. | |
-| [test_instance](outputs-instance.tf#L17) | Optional test instance name and address. | |
diff --git a/modules/cloud-config-container/mysql/instance.tf b/modules/cloud-config-container/mysql/instance.tf
deleted file mode 120000
index bdef596b6..000000000
--- a/modules/cloud-config-container/mysql/instance.tf
+++ /dev/null
@@ -1 +0,0 @@
-../instance.tf
\ No newline at end of file
diff --git a/modules/cloud-config-container/mysql/outputs-instance.tf b/modules/cloud-config-container/mysql/outputs-instance.tf
deleted file mode 120000
index ea9e24045..000000000
--- a/modules/cloud-config-container/mysql/outputs-instance.tf
+++ /dev/null
@@ -1 +0,0 @@
-../outputs-instance.tf
\ No newline at end of file
diff --git a/modules/cloud-config-container/mysql/variables-instance.tf b/modules/cloud-config-container/mysql/variables-instance.tf
deleted file mode 120000
index 94af61e4d..000000000
--- a/modules/cloud-config-container/mysql/variables-instance.tf
+++ /dev/null
@@ -1 +0,0 @@
-../variables-instance.tf
\ No newline at end of file
diff --git a/modules/cloud-config-container/nginx-tls/README.md b/modules/cloud-config-container/nginx-tls/README.md
index d5790cf23..9dfe9b061 100644
--- a/modules/cloud-config-container/nginx-tls/README.md
+++ b/modules/cloud-config-container/nginx-tls/README.md
@@ -1,48 +1,37 @@
# Containerized Nginx with self-signed TLS on Container Optimized OS
-This module manages a `cloud-config` configuration that starts a containerized Nginx with a self-signed TLS cert on Container Optimized OS.
-This can be useful if you need quickly a VM or instance group answering HTTPS for prototyping.
+This module manages a `cloud-config` configuration that starts a containerized Nginx with a self-signed TLS cert on Container Optimized OS. This can be useful if you need quickly a VM or instance group answering HTTPS for prototyping.
The generated cloud config is rendered in the `cloud_config` output, and is meant to be used in instances or instance templates via the `user-data` metadata.
-This module depends on the [`cos-generic-metadata` module](../cos-generic-metadata) being in the parent folder. If you change its location be sure to adjust the `source` attribute in `main.tf`.
-
-## Examples
-
-### Default configuration
+## Example
```hcl
-# Nginx with self-signed TLS config
module "cos-nginx-tls" {
source = "./fabric/modules/cloud-config-container/nginx-tls"
}
-# COS VM
module "vm-nginx-tls" {
source = "./fabric/modules/compute-vm"
- project_id = local.project_id
- zone = local.zone
+ project_id = "my-project"
+ zone = "europe-west8-b"
name = "cos-nginx-tls"
network_interfaces = [{
- network = local.vpc.self_link,
- subnetwork = local.vpc.subnet_self_link,
- nat = false,
- addresses = null
+ network = "default"
+ subnetwork = "gce"
}]
-
metadata = {
user-data = module.cos-nginx-tls.cloud_config
google-logging-enabled = true
}
-
boot_disk = {
image = "projects/cos-cloud/global/images/family/cos-stable"
type = "pd-ssd"
size = 10
}
-
- service_account_scopes = ["https://www.googleapis.com/auth/cloud-platform"]
+ tags = ["http-server", "https-server", "ssh"]
}
+# tftest modules=1 resources=1
```
@@ -50,11 +39,9 @@ module "vm-nginx-tls" {
| name | description | type | required | default |
|---|---|:---:|:---:|:---:|
-| [files](variables.tf#L17) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | null |
-| [nginx_image](variables.tf#L27) | Nginx container image to use. | string | | "nginx:1.23.1" |
-| [runcmd_post](variables.tf#L33) | Extra commands to run after starting nginx. | list(string) | | [] |
-| [runcmd_pre](variables.tf#L39) | Extra commands to run before starting nginx. | list(string) | | [] |
-| [users](variables.tf#L45) | Additional list of usernames to be created. | list(object({…})) | | […] |
+| [files](variables.tf#L17) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} |
+| [hello](variables.tf#L28) | Behave like the nginx hello image by returning plain text informative responses. | bool | | true |
+| [image](variables.tf#L35) | Nginx container image to use. | string | | "nginx:1.23.1" |
## Outputs
diff --git a/modules/cloud-config-container/nginx-tls/assets/cloud-config.yaml b/modules/cloud-config-container/nginx-tls/assets/cloud-config.yaml
new file mode 100644
index 000000000..2b7ebe847
--- /dev/null
+++ b/modules/cloud-config-container/nginx-tls/assets/cloud-config.yaml
@@ -0,0 +1,63 @@
+#cloud-config
+
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+users:
+ - name: nginx
+ uid: 2000
+
+write_files:
+ - path: /var/lib/docker/daemon.json
+ permissions: "0644"
+ owner: root
+ content: |
+ {
+ "live-restore": true,
+ "storage-driver": "overlay2",
+ "log-opts": {
+ "max-size": "1024m"
+ }
+ }
+ # nginx container service
+ - path: /etc/systemd/system/nginx.service
+ permissions: "0644"
+ owner: root
+ content: |
+ [Unit]
+ Description=Start nginx container
+ After=gcr-online.target docker.socket
+ Wants=gcr-online.target docker.socket docker-events-collector.service
+ [Service]
+ Environment="HOME=/home/nginx"
+ ExecStart=/usr/bin/docker run --rm --name=nginx \
+ --network host --pid host \
+ -v /etc/nginx/conf.d:/etc/nginx/conf.d \
+ -v /etc/ssl:/etc/ssl \
+ ${image}
+ ExecStop=/usr/bin/docker stop nginx
+%{ for k, v in files ~}
+ - path: ${k}
+ owner: ${v.owner}
+ permissions: "${v.permissions}"
+ content: |
+ ${indent(6, v.content)}
+%{ endfor ~}
+
+runcmd:
+ - iptables -I INPUT 1 -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
+ - iptables -I INPUT 1 -p tcp -m tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
+ - /var/run/nginx/customize.sh
+ - systemctl daemon-reload
+ - systemctl start nginx
diff --git a/modules/cloud-config-container/nginx-tls/files/customize.sh b/modules/cloud-config-container/nginx-tls/assets/customize.sh
similarity index 72%
rename from modules/cloud-config-container/nginx-tls/files/customize.sh
rename to modules/cloud-config-container/nginx-tls/assets/customize.sh
index afbf56db9..22b40064b 100644
--- a/modules/cloud-config-container/nginx-tls/files/customize.sh
+++ b/modules/cloud-config-container/nginx-tls/assets/customize.sh
@@ -13,8 +13,12 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-FQDN=$(curl -s -H "Metadata-Flavor: Google" http://metadata/computeMetadata/v1/instance/hostname)
+FQDN=$(\
+ curl -s -H "Metadata-Flavor: Google" \
+ http://metadata/computeMetadata/v1/instance/hostname)
HOSTNAME=$(echo $FQDN | cut -d"." -f1)
-openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj /CN=$HOSTNAME/ -addext "subjectAltName = DNS:$FQDN" -keyout /etc/ssl/self-signed.key -out /etc/ssl/self-signed.crt
+openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \
+ -subj /CN=$HOSTNAME/ -addext "subjectAltName = DNS:$FQDN" \
+ -keyout /etc/ssl/self-signed.key -out /etc/ssl/self-signed.crt
chgrp nginx /etc/ssl/self-signed.key -out /etc/ssl/self-signed.crt
sed -i "s/HOSTNAME/${HOSTNAME}/" /etc/nginx/conf.d/default.conf
\ No newline at end of file
diff --git a/modules/cloud-config-container/nginx-tls/assets/default.conf b/modules/cloud-config-container/nginx-tls/assets/default.conf
new file mode 100644
index 000000000..2be98ff27
--- /dev/null
+++ b/modules/cloud-config-container/nginx-tls/assets/default.conf
@@ -0,0 +1,24 @@
+server {
+ listen 80;
+ listen 443 ssl;
+ server_name HOSTNAME;
+ ssl_certificate /etc/ssl/self-signed.crt;
+ ssl_certificate_key /etc/ssl/self-signed.key;
+
+ location / {
+ {% if hello %}
+ default_type text/plain;
+ expires -1;
+ return 200 'Server address: $server_addr:$server_port\nServer name: $hostname\nDate: $time_local\nURI: $request_uri\nRequest ID: $request_id\n';
+ {% else %}
+ root /usr/share/nginx/html;
+ index index.html index.htm;
+ {% endif %}
+ }
+
+ error_page 500 502 503 504 /50x.html;
+
+ location = /50x.html {
+ root /usr/share/nginx/html;
+ }
+}
\ No newline at end of file
diff --git a/modules/cloud-config-container/nginx-tls/files/default.conf b/modules/cloud-config-container/nginx-tls/files/default.conf
deleted file mode 100644
index b928902a0..000000000
--- a/modules/cloud-config-container/nginx-tls/files/default.conf
+++ /dev/null
@@ -1,20 +0,0 @@
-server {
- listen 80;
- listen 443 ssl;
- server_name HOSTNAME;
- ssl_certificate /etc/ssl/self-signed.crt;
- ssl_certificate_key /etc/ssl/self-signed.key;
-
-
- location / {
- root /usr/share/nginx/html;
- index index.html index.htm;
- }
-
- error_page 500 502 503 504 /50x.html;
-
- location = /50x.html {
- root /usr/share/nginx/html;
- }
-
-}
\ No newline at end of file
diff --git a/modules/cloud-config-container/nginx-tls/main.tf b/modules/cloud-config-container/nginx-tls/main.tf
deleted file mode 100644
index 809e9a8aa..000000000
--- a/modules/cloud-config-container/nginx-tls/main.tf
+++ /dev/null
@@ -1,70 +0,0 @@
-/**
- * Copyright 2022 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-locals {
- default_files = {
- "/var/run/nginx/customize.sh" = {
- content = file("${path.module}/files/customize.sh")
- owner = "root"
- permissions = "0744"
- }
- "/etc/nginx/conf.d/default.conf" = {
- content = file("${path.module}/files/default.conf")
- owner = "root"
- permissions = "0644"
- }
- }
- files = var.files != null ? merge(local.default_files, var.files) : local.default_files
-}
-
-module "cos-envoy-td" {
- source = "../cos-generic-metadata"
-
- authenticate_gcr = true
- users = concat([
- {
- username = "nginx"
- uid = 2000
- }
- ], var.users)
- run_as_first_user = false
-
- boot_commands = [
- "systemctl start node-problem-detector",
- ]
-
- container_image = var.nginx_image
- container_name = "nginx"
- container_args = ""
-
- container_volumes = [
- { host = "/etc/nginx/conf.d", container = "/etc/nginx/conf.d" },
- { host = "/etc/ssl", container = "/etc/ssl" },
- ]
-
- docker_args = "--network host --pid host"
-
- files = local.files
-
- run_commands = concat(var.runcmd_pre, [
- "iptables -I INPUT 1 -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT",
- "iptables -I INPUT 1 -p tcp -m tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT",
- "/var/run/nginx/customize.sh",
- "systemctl daemon-reload",
- "systemctl start nginx",
- ], var.runcmd_post)
-
-}
diff --git a/modules/cloud-config-container/nginx-tls/outputs.tf b/modules/cloud-config-container/nginx-tls/outputs.tf
index 4ce8d2473..2acd83f64 100644
--- a/modules/cloud-config-container/nginx-tls/outputs.tf
+++ b/modules/cloud-config-container/nginx-tls/outputs.tf
@@ -16,5 +16,23 @@
output "cloud_config" {
description = "Rendered cloud-config file to be passed as user-data instance metadata."
- value = module.cos-envoy-td.cloud_config
+ value = templatefile("${path.module}/assets/cloud-config.yaml", {
+ files = merge(
+ {
+ "/var/run/nginx/customize.sh" = {
+ content = file("${path.module}/assets/customize.sh")
+ owner = "root"
+ permissions = "0744"
+ }
+ "/etc/nginx/conf.d/default.conf" = {
+ content = templatefile(
+ "${path.module}/assets/default.conf", { hello = var.hello }
+ )
+ owner = "root"
+ permissions = "0644"
+ }
+ }, var.files
+ )
+ image = var.image
+ })
}
diff --git a/modules/cloud-config-container/nginx-tls/variables.tf b/modules/cloud-config-container/nginx-tls/variables.tf
index 9ca826266..f3cab5826 100644
--- a/modules/cloud-config-container/nginx-tls/variables.tf
+++ b/modules/cloud-config-container/nginx-tls/variables.tf
@@ -18,38 +18,22 @@ variable "files" {
description = "Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null."
type = map(object({
content = string
- owner = string
- permissions = string
+ owner = optional(string, "root")
+ permissions = optional(string, "0644")
}))
- default = null
+ default = {}
+ nullable = false
}
-variable "nginx_image" {
+variable "hello" {
+ description = "Behave like the nginx hello image by returning plain text informative responses."
+ type = bool
+ default = true
+ nullable = false
+}
+
+variable "image" {
description = "Nginx container image to use."
type = string
default = "nginx:1.23.1"
}
-
-variable "runcmd_post" {
- description = "Extra commands to run after starting nginx."
- type = list(string)
- default = []
-}
-
-variable "runcmd_pre" {
- description = "Extra commands to run before starting nginx."
- type = list(string)
- default = []
-}
-
-variable "users" {
- description = "Additional list of usernames to be created."
- type = list(object({
- username = string,
- uid = number,
- }))
- default = [
- ]
-}
-
-
diff --git a/modules/cloud-config-container/nginx/README.md b/modules/cloud-config-container/nginx/README.md
index 12ca3d5d0..225bc7a13 100644
--- a/modules/cloud-config-container/nginx/README.md
+++ b/modules/cloud-config-container/nginx/README.md
@@ -27,32 +27,27 @@ module "cos-nginx" {
source = "./fabric/modules/cloud-config-container/nginx"
}
-# use it as metadata in a compute instance or template
-module "vm-nginx" {
- source = "./fabric/modules/compute-vm"
+module "vm-nginx-tls" {
+ source = "./fabric/modules/compute-vm"
+ project_id = "my-project"
+ zone = "europe-west8-b"
+ name = "cos-nginx"
+ network_interfaces = [{
+ network = "default"
+ subnetwork = "gce"
+ }]
metadata = {
user-data = module.cos-nginx.cloud_config
google-logging-enabled = true
}
-}
-```
-
-### Nginx instance
-
-This example shows how to create the single instance optionally managed by the module, providing all required attributes in the `test_instance` variable. The instance is purposefully kept simple and should only be used in development, or when designing infrastructures.
-
-```hcl
-module "cos-nginx" {
- source = "./fabric/modules/cloud-config-container/nginx"
- test_instance = {
- project_id = "my-project"
- zone = "europe-west1-b"
- name = "cos-nginx"
- type = "f1-micro"
- network = "default"
- subnetwork = "https://www.googleapis.com/compute/v1/projects/my-project/regions/europe-west1/subnetworks/my-subnet"
+ boot_disk = {
+ image = "projects/cos-cloud/global/images/family/cos-stable"
+ type = "pd-ssd"
+ size = 10
}
+ tags = ["http-server", "ssh"]
}
+# tftest modules=1 resources=1
```
@@ -68,8 +63,6 @@ module "cos-nginx" {
| [nginx_config](variables.tf#L57) | Nginx configuration path, if null container default will be used. | string | | null |
| [runcmd_post](variables.tf#L63) | Extra commands to run after starting nginx. | list(string) | | [] |
| [runcmd_pre](variables.tf#L69) | Extra commands to run before starting nginx. | list(string) | | [] |
-| [test_instance](variables-instance.tf#L17) | Test/development instance attributes, leave null to skip creation. | object({…}) | | null |
-| [test_instance_defaults](variables-instance.tf#L30) | Test/development instance defaults used for optional configuration. If image is null, COS stable will be used. | object({…}) | | {…} |
| [users](variables.tf#L75) | List of additional usernames to be created. | list(object({…})) | | […] |
## Outputs
@@ -77,6 +70,5 @@ module "cos-nginx" {
| name | description | sensitive |
|---|---|:---:|
| [cloud_config](outputs.tf#L17) | Rendered cloud-config file to be passed as user-data instance metadata. | |
-| [test_instance](outputs-instance.tf#L17) | Optional test instance name and address. | |
diff --git a/modules/cloud-config-container/nginx/instance.tf b/modules/cloud-config-container/nginx/instance.tf
deleted file mode 120000
index bdef596b6..000000000
--- a/modules/cloud-config-container/nginx/instance.tf
+++ /dev/null
@@ -1 +0,0 @@
-../instance.tf
\ No newline at end of file
diff --git a/modules/cloud-config-container/nginx/outputs-instance.tf b/modules/cloud-config-container/nginx/outputs-instance.tf
deleted file mode 120000
index ea9e24045..000000000
--- a/modules/cloud-config-container/nginx/outputs-instance.tf
+++ /dev/null
@@ -1 +0,0 @@
-../outputs-instance.tf
\ No newline at end of file
diff --git a/modules/cloud-config-container/nginx/variables-instance.tf b/modules/cloud-config-container/nginx/variables-instance.tf
deleted file mode 120000
index 94af61e4d..000000000
--- a/modules/cloud-config-container/nginx/variables-instance.tf
+++ /dev/null
@@ -1 +0,0 @@
-../variables-instance.tf
\ No newline at end of file
diff --git a/modules/cloud-config-container/onprem/instance.tf b/modules/cloud-config-container/onprem/instance.tf
deleted file mode 120000
index bdef596b6..000000000
--- a/modules/cloud-config-container/onprem/instance.tf
+++ /dev/null
@@ -1 +0,0 @@
-../instance.tf
\ No newline at end of file
diff --git a/modules/cloud-config-container/onprem/outputs-instance.tf b/modules/cloud-config-container/onprem/outputs-instance.tf
deleted file mode 120000
index ea9e24045..000000000
--- a/modules/cloud-config-container/onprem/outputs-instance.tf
+++ /dev/null
@@ -1 +0,0 @@
-../outputs-instance.tf
\ No newline at end of file
diff --git a/modules/cloud-config-container/onprem/variables-instance.tf b/modules/cloud-config-container/onprem/variables-instance.tf
deleted file mode 120000
index 94af61e4d..000000000
--- a/modules/cloud-config-container/onprem/variables-instance.tf
+++ /dev/null
@@ -1 +0,0 @@
-../variables-instance.tf
\ No newline at end of file
diff --git a/modules/cloud-config-container/outputs-instance.tf b/modules/cloud-config-container/outputs-instance.tf
deleted file mode 100644
index 8c657eb05..000000000
--- a/modules/cloud-config-container/outputs-instance.tf
+++ /dev/null
@@ -1,28 +0,0 @@
-/**
- * Copyright 2022 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-output "test_instance" {
- description = "Optional test instance name and address."
- value = (var.test_instance == null ? {} : {
- address = google_compute_instance.default[0].network_interface.0.network_ip
- name = google_compute_instance.default[0].name
- nat_address = try(
- google_compute_instance.default[0].network_interface.0.access_config.0.nat_ip,
- null
- )
- service_account = google_service_account.default[0].email
- })
-}
diff --git a/modules/cloud-config-container/simple-nva/README.md b/modules/cloud-config-container/simple-nva/README.md
index 0e495df5b..f70842e8c 100644
--- a/modules/cloud-config-container/simple-nva/README.md
+++ b/modules/cloud-config-container/simple-nva/README.md
@@ -9,7 +9,6 @@ This NVA can be used to interconnect up to 8 VPCs.
### Simple example
```hcl
-# Interfaces configuration
locals {
network_interfaces = [
{
@@ -28,41 +27,40 @@ locals {
routes = ["10.0.0.0/9"]
subnetwork = "prod_vpc_nva_subnet_self_link"
}
+ ]
}
-# NVA config
-module "nva-cloud-config" {
- source = "../../../cloud-foundation-fabric/modules/cloud-config-container/simple-nva"
+module "cos-nva" {
+ source = "./fabric/modules/cloud-config-container/simple-nva"
enable_health_checks = true
network_interfaces = local.network_interfaces
- files = {
- "/var/lib/cloud/scripts/per-boot/firewall-rules.sh" = {
- content = file("./your_path/to/firewall-rules.sh")
- owner = "root"
- permissions = 0700
- }
- }
+ # files = {
+ # "/var/lib/cloud/scripts/per-boot/firewall-rules.sh" = {
+ # content = file("./your_path/to/firewall-rules.sh")
+ # owner = "root"
+ # permissions = 0700
+ # }
+ # }
}
-# COS VM
-module "nva" {
- source = "../../modules/compute-vm"
- project_id = "myproject"
- instance_type = "e2-standard-2"
- name = "nva"
- can_ip_forward = true
- zone = "europe-west8-a"
- tags = ["nva"]
+module "vm" {
+ source = "./fabric/modules/compute-vm"
+ project_id = "my-project"
+ zone = "europe-west8-b"
+ name = "cos-nva"
network_interfaces = local.network_interfaces
+ metadata = {
+ user-data = module.cos-nva.cloud_config
+ google-logging-enabled = true
+ }
boot_disk = {
image = "projects/cos-cloud/global/images/family/cos-stable"
+ type = "pd-ssd"
size = 10
- type = "pd-balanced"
- }
- metadata = {
- user-data = module.nva-cloud-config.cloud_config
}
+ tags = ["nva", "ssh"]
}
+# tftest modules=1 resources=1
```
@@ -74,14 +72,11 @@ module "nva" {
| [cloud_config](variables.tf#L17) | Cloud config template path. If null default will be used. | string | | null |
| [enable_health_checks](variables.tf#L23) | Configures routing to enable responses to health check probes. | bool | | false |
| [files](variables.tf#L29) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} |
-| [test_instance](variables-instance.tf#L17) | Test/development instance attributes, leave null to skip creation. | object({…}) | | null |
-| [test_instance_defaults](variables-instance.tf#L30) | Test/development instance defaults used for optional configuration. If image is null, COS stable will be used. | object({…}) | | {…} |
## Outputs
| name | description | sensitive |
|---|---|:---:|
| [cloud_config](outputs.tf#L17) | Rendered cloud-config file to be passed as user-data instance metadata. | |
-| [test_instance](outputs-instance.tf#L17) | Optional test instance name and address. | |
diff --git a/modules/cloud-config-container/simple-nva/instance.tf b/modules/cloud-config-container/simple-nva/instance.tf
deleted file mode 120000
index bdef596b6..000000000
--- a/modules/cloud-config-container/simple-nva/instance.tf
+++ /dev/null
@@ -1 +0,0 @@
-../instance.tf
\ No newline at end of file
diff --git a/modules/cloud-config-container/simple-nva/outputs-instance.tf b/modules/cloud-config-container/simple-nva/outputs-instance.tf
deleted file mode 120000
index ea9e24045..000000000
--- a/modules/cloud-config-container/simple-nva/outputs-instance.tf
+++ /dev/null
@@ -1 +0,0 @@
-../outputs-instance.tf
\ No newline at end of file
diff --git a/modules/cloud-config-container/simple-nva/variables-instance.tf b/modules/cloud-config-container/simple-nva/variables-instance.tf
deleted file mode 120000
index 94af61e4d..000000000
--- a/modules/cloud-config-container/simple-nva/variables-instance.tf
+++ /dev/null
@@ -1 +0,0 @@
-../variables-instance.tf
\ No newline at end of file
diff --git a/modules/cloud-config-container/squid/README.md b/modules/cloud-config-container/squid/README.md
index 1c866b25a..5bde38123 100644
--- a/modules/cloud-config-container/squid/README.md
+++ b/modules/cloud-config-container/squid/README.md
@@ -25,38 +25,31 @@ This example will create a `cloud-config` that allows any client in the 10.0.0.0
```hcl
module "cos-squid" {
source = "./fabric/modules/cloud-config-container/squid"
- whitelist = [".github.com"]
+ allow = [".github.com"]
clients = ["10.0.0.0/8"]
}
-# use it as metadata in a compute instance or template
-module "vm-squid" {
- source = "./fabric/modules/compute-vm"
+module "vm" {
+ source = "./fabric/modules/compute-vm"
+ project_id = "my-project"
+ zone = "europe-west8-b"
+ name = "cos-squid"
+ network_interfaces = [{
+ network = "default"
+ subnetwork = "gce"
+ }]
metadata = {
user-data = module.cos-squid.cloud_config
google-logging-enabled = true
}
-}
-```
-
-### Test Squid instance
-
-This example shows how to create the single instance optionally managed by the module, providing all required attributes in the `test_instance` variable. The instance is purposefully kept simple and should only be used in development, or when designing infrastructures.
-
-```hcl
-module "cos-squid" {
- source = "./fabric/modules/cloud-config-container/squid"
- whitelist = ["github.com"]
- clients = ["10.0.0.0/8"]
- test_instance = {
- project_id = "my-project"
- zone = "europe-west1-b"
- name = "cos-squid"
- type = "f1-micro"
- network = "default"
- subnetwork = "https://www.googleapis.com/compute/v1/projects/my-project/regions/europe-west1/subnetworks/my-subnet"
+ boot_disk = {
+ image = "projects/cos-cloud/global/images/family/cos-stable"
+ type = "pd-ssd"
+ size = 10
}
+ tags = ["http-server", "ssh"]
}
+# tftest modules=1 resources=1
```
@@ -73,14 +66,11 @@ module "cos-squid" {
| [file_defaults](variables.tf#L58) | Default owner and permissions for files. | object({…}) | | {…} |
| [files](variables.tf#L70) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} |
| [squid_config](variables.tf#L80) | Squid configuration path, if null default will be used. | string | | null |
-| [test_instance](variables-instance.tf#L17) | Test/development instance attributes, leave null to skip creation. | object({…}) | | null |
-| [test_instance_defaults](variables-instance.tf#L30) | Test/development instance defaults used for optional configuration. If image is null, COS stable will be used. | object({…}) | | {…} |
## Outputs
| name | description | sensitive |
|---|---|:---:|
| [cloud_config](outputs.tf#L17) | Rendered cloud-config file to be passed as user-data instance metadata. | |
-| [test_instance](outputs-instance.tf#L17) | Optional test instance name and address. | |
diff --git a/modules/cloud-config-container/squid/instance.tf b/modules/cloud-config-container/squid/instance.tf
deleted file mode 120000
index bdef596b6..000000000
--- a/modules/cloud-config-container/squid/instance.tf
+++ /dev/null
@@ -1 +0,0 @@
-../instance.tf
\ No newline at end of file
diff --git a/modules/cloud-config-container/squid/outputs-instance.tf b/modules/cloud-config-container/squid/outputs-instance.tf
deleted file mode 120000
index ea9e24045..000000000
--- a/modules/cloud-config-container/squid/outputs-instance.tf
+++ /dev/null
@@ -1 +0,0 @@
-../outputs-instance.tf
\ No newline at end of file
diff --git a/modules/cloud-config-container/squid/variables-instance.tf b/modules/cloud-config-container/squid/variables-instance.tf
deleted file mode 120000
index 94af61e4d..000000000
--- a/modules/cloud-config-container/squid/variables-instance.tf
+++ /dev/null
@@ -1 +0,0 @@
-../variables-instance.tf
\ No newline at end of file
diff --git a/modules/cloud-config-container/variables-instance.tf b/modules/cloud-config-container/variables-instance.tf
deleted file mode 100644
index 3697133ea..000000000
--- a/modules/cloud-config-container/variables-instance.tf
+++ /dev/null
@@ -1,54 +0,0 @@
-/**
- * Copyright 2022 Google LLC
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-variable "test_instance" {
- description = "Test/development instance attributes, leave null to skip creation."
- type = object({
- project_id = string
- zone = string
- name = string
- type = string
- network = string
- subnetwork = string
- })
- default = null
-}
-
-variable "test_instance_defaults" {
- description = "Test/development instance defaults used for optional configuration. If image is null, COS stable will be used."
- type = object({
- disks = map(object({
- read_only = bool
- size = number
- }))
- image = string
- metadata = map(string)
- nat = bool
- service_account_roles = list(string)
- tags = list(string)
- })
- default = {
- disks = {}
- image = null
- metadata = {}
- nat = false
- service_account_roles = [
- "roles/logging.logWriter",
- "roles/monitoring.metricWriter"
- ]
- tags = ["ssh"]
- }
-}
diff --git a/modules/net-ilb-l7/backend-service.tf b/modules/net-ilb-l7/backend-service.tf
index e2d92299f..a517bd08c 100644
--- a/modules/net-ilb-l7/backend-service.tf
+++ b/modules/net-ilb-l7/backend-service.tf
@@ -23,6 +23,9 @@ locals {
},
{
for k, v in google_compute_network_endpoint_group.default : k => v.id
+ },
+ {
+ for k, v in google_compute_region_network_endpoint_group.default : k => v.id
}
)
hc_ids = {
diff --git a/tests/blueprints/cloud_operations/unmanaged_instances_healthcheck/test_plan.py b/tests/blueprints/cloud_operations/unmanaged_instances_healthcheck/test_plan.py
index 3f6f34994..c79be049e 100644
--- a/tests/blueprints/cloud_operations/unmanaged_instances_healthcheck/test_plan.py
+++ b/tests/blueprints/cloud_operations/unmanaged_instances_healthcheck/test_plan.py
@@ -16,4 +16,4 @@ def test_resources(e2e_plan_runner):
"Test that plan works and the numbers of resources is as expected."
modules, resources = e2e_plan_runner()
assert len(modules) == 10
- assert len(resources) == 34
+ assert len(resources) == 31
diff --git a/tests/blueprints/networking/onprem_google_access_dns/test_plan.py b/tests/blueprints/networking/onprem_google_access_dns/test_plan.py.disabled
similarity index 100%
rename from tests/blueprints/networking/onprem_google_access_dns/test_plan.py
rename to tests/blueprints/networking/onprem_google_access_dns/test_plan.py.disabled
diff --git a/tests/examples/conftest.py b/tests/examples/conftest.py
index b2b915ea1..c41132d4f 100644
--- a/tests/examples/conftest.py
+++ b/tests/examples/conftest.py
@@ -20,8 +20,9 @@ import marko
import pytest
FABRIC_ROOT = Path(__file__).parents[2]
-MODULES_PATH = FABRIC_ROOT / 'modules/'
BLUEPRINTS_PATH = FABRIC_ROOT / 'blueprints/'
+MODULES_PATH = FABRIC_ROOT / 'modules/'
+SUBMODULES_PATH = MODULES_PATH / 'cloud-config-container'
FILE_TEST_RE = re.compile(r'# tftest file (\w+) ([\S]+)')
@@ -32,6 +33,7 @@ File = collections.namedtuple('File', 'path content')
def pytest_generate_tests(metafunc):
if 'example' in metafunc.fixturenames:
modules = [x for x in MODULES_PATH.iterdir() if x.is_dir()]
+ modules.extend(x for x in SUBMODULES_PATH.iterdir() if x.is_dir())
modules.extend(x for x in BLUEPRINTS_PATH.glob("*/*") if x.is_dir())
modules.sort()
examples = []
@@ -46,7 +48,7 @@ def pytest_generate_tests(metafunc):
last_header = None
files = {}
- #first pass: collect all tftest tagged files
+ # first pass: collect all tftest tagged files
for child in doc.children:
if isinstance(child, marko.block.FencedCode):
code = child.children[0].children