Update factories and apigee tests

blueprints/apigee/bigquery-analytics/README.md

@@ -76,3 +76,35 @@ Do the following to verify that everything works as expected.
 | [ip_address](outputs.tf#L17) | IP address. |  |
 
 <!-- END TFDOC -->
+## Test
+
+```hcl
+module "test" {
+  source = "./fabric/blueprints/apigee/bigquery-analytics"
+  project_create = {
+    billing_account_id = "12345-12345-12345"
+    parent             = "folders/123456789"
+  }
+  project_id = "my-project"
+  envgroups = {
+    test = ["test.cool-demos.space"]
+  }
+  environments = {
+    apis-test = {
+      envgroups = ["test"]
+    }
+  }
+  instances = {
+    instance-ew1 = {
+      region                        = "europe-west1"
+      environments                  = ["apis-test"]
+      runtime_ip_cidr_range         = "10.0.4.0/22"
+      troubleshooting_ip_cidr_range = "10.1.0.0/28"
+    }
+  }
+  psc_config = {
+    europe-west1 = "10.0.0.0/28"
+  }
+}
+# tftest modules=10 resources=62
+```

blueprints/apigee/hybrid-gke/README.md

@@ -25,11 +25,11 @@ The diagram below depicts the architecture.
     terraform apply
     ```
 
-    Create an A record in your DNS registrar to point the environment group hostname to the public IP address returned after the terraform configuration was applied. You might need to wait some time until the certificate is provisioned.  
- 
+    Create an A record in your DNS registrar to point the environment group hostname to the public IP address returned after the terraform configuration was applied. You might need to wait some time until the certificate is provisioned.
+
 5. Install Apigee hybrid using de ansible playbook that is in the ansible folder by running this command
 
-    ansible-playbook playbook.yaml -vvvß
+    ansible-playbook playbook.yaml -vvv
 
 ## Testing the blueprint
 
@@ -67,3 +67,18 @@ The diagram below depicts the architecture.
 | [ip_address](outputs.tf#L17) | GLB IP address. |  |
 
 <!-- END TFDOC -->
+
+## Test
+
+```hcl
+module "test" {
+  source = "./fabric/blueprints/apigee/hybrid-gke"
+  project_create = {
+    billing_account_id = "12345-12345-12345"
+    parent             = "folders/123456789"
+  }
+  project_id = "my-project"
+  hostname   = "test.myorg.org"
+}
+# tftest modules=18 resources=59
+```

blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg/README.md

@@ -67,3 +67,17 @@ Do the following to verify that everything works as expected.
 | [ip_address](outputs.tf#L17) | GLB IP address. |  |
 
 <!-- END TFDOC -->
+
+## Test
+
+```hcl
+module "test" {
+  source             = "./fabric/blueprints/apigee/network-patterns/nb-glb-psc-neg-sb-psc-ilbl7-hybrid-neg"
+  billing_account_id = "12345-12345-12345"
+  parent             = "folders/123456789"
+  apigee_project_id  = "my-apigee-project"
+  onprem_project_id  = "my-onprem-project"
+  hostname           = "test.myorg.org"
+}
+# tftest modules=14 resources=73
+```

blueprints/data-solutions/vertex-mlops/README.md

@@ -74,6 +74,7 @@ This blueprint can be used as a building block for setting up an end2end ML Ops
 | [project_id](outputs.tf#L49) | Project ID. |  |
 
 <!-- END TFDOC -->
+
 ## TODO
 - Add support for User Managed Notebooks, SA permission option and non default SA for Single User mode.
 - Improve default naming for local VPC and Cloud NAT

blueprints/factories/bigquery-factory/README.md

@@ -71,6 +71,7 @@ module "bq" {
 | [views_path](variables.tf#L27) | Relative path for the folder storing view data. | <code>string</code> | ✓ |  |
 
 <!-- END TFDOC -->
+
 ## TODO
 
 - [ ] add external table support

blueprints/factories/cloud-identity-group-factory/README.md

@@ -9,13 +9,22 @@ Yaml abstraction for Groups can simplify groups creation and members management.
 ### Terraform code
 
 ```hcl
-module "prod-firewall" {
-  source = "./fabric/blueprints/factories/cloud-identity-group-factory"
-
+module "groups" {
+  source      = "./fabric/blueprints/factories/cloud-identity-group-factory"
   customer_id = "customers/C0xxxxxxx"
   data_dir    = "data"
 }
-# tftest skip
+# tftest modules=2 resources=3 files=group1 inventory=example.yaml
+```
+
+```yaml
+# tftest-file id=group1 path=data/[email protected]
+display_name: Group 1
+description: Group 1
+members:
+  - [email protected]
+managers:
+  - [email protected]
 ```
 
 ### Configuration Structure

blueprints/factories/net-vpc-firewall-yaml/README.md

@@ -17,8 +17,8 @@ module "prod-firewall" {
   project_id = "my-prod-project"
   network    = "my-prod-network"
   config_directories = [
-    "./prod",
-    "./common"
+    "./firewall/prod",
+    "./firewall/common"
   ]
 
   log_config = {
@@ -32,13 +32,86 @@ module "dev-firewall" {
   project_id = "my-dev-project"
   network    = "my-dev-network"
   config_directories = [
-    "./dev",
-    "./common"
+    "./firewall/dev",
+    "./firewall/common"
   ]
 }
-# tftest skip
+# tftest modules=2 resources=16 files=common,dev,prod inventory=example.yaml
 ```
 
+```yaml
+# tftest-file id=common path=firewall/common/common.yaml
+# allow ingress from GCLB to all instances in the network
+lb-health-checks:
+  allow:
+  - ports: []
+    protocol: tcp
+  direction: INGRESS
+  priority: 1001
+  source_ranges:
+  - 35.191.0.0/16
+  - 130.211.0.0/22
+
+# deny all egress
+deny-all:
+  deny:
+  - ports: []
+    protocol: all
+  direction: EGRESS
+  priority: 65535
+  destination_ranges:
+  - 0.0.0.0/0
+```
+
+```yaml
+# tftest-file id=dev path=firewall/dev/app.yaml
+# Myapp egress
+web-app-dev-egress:
+  allow:
+    - ports: [443]
+      protocol: tcp
+  direction: EGRESS
+  destination_ranges:
+    - 192.168.0.0/24
+  target_service_accounts:
+    - [email protected]
+# Myapp ingress
+web-app-dev-ingress:
+  allow:
+    - ports: [1234]
+      protocol: tcp
+  direction: INGRESS
+  source_service_accounts:
+    - [email protected]
+  target_service_accounts:
+    - [email protected]
+```
+
+```yaml
+# tftest-file id=prod path=firewall/prod/app.yaml
+# Myapp egress
+web-app-prod-egress:
+  allow:
+    - ports: [443]
+      protocol: tcp
+  direction: EGRESS
+  destination_ranges:
+    - 192.168.10.0/24
+  target_service_accounts:
+    - [email protected]
+# Myapp ingress
+web-app-prod-ingress:
+  allow:
+    - ports: [1234]
+      protocol: tcp
+  direction: INGRESS
+  source_service_accounts:
+    - [email protected]
+  target_service_accounts:
+    - [email protected]
+```
+
+
 ### Configuration Structure
 
 ```bash
@@ -86,54 +159,6 @@ rule-name: # descriptive name, naming convention is adjusted by the module
   - [email protected]
 ```
 
-
-Firewall rules example yaml configuration
-
-```bash
-cat ./prod/core-network/common-rules.yaml
-# allow ingress from GCLB to all instances in the network
-lb-health-checks:
-  allow:
-  - ports: []
-    protocol: tcp
-  direction: INGRESS
-  priority: 1001
-  source_ranges:
-  - 35.191.0.0/16
-  - 130.211.0.0/22
-
-# deny all egress
-deny-all:
-  deny:
-  - ports: []
-    protocol: all
-  direction: EGRESS
-  priority: 65535
-  destination_ranges:
-  - 0.0.0.0/0
-
-cat ./dev/team-a/web-app-a.yaml
-# Myapp egress
-web-app-a-egress:
-  allow:
-    - ports: [443]
-      protocol: tcp
-  direction: EGRESS
-  destination_ranges:
-    - 192.168.0.0/24
-  target_service_accounts:
-    - [email protected]
-# Myapp ingress
-web-app-a-ingress:
-  allow:
-    - ports: [1234]
-      protocol: tcp
-  direction: INGRESS
-  source_service_accounts:
-    - [email protected]
-  target_service_accounts:
-    - [email protected]
-```
 <!-- BEGIN TFDOC -->
 
 ## Variables

blueprints/factories/project-factory/README.md

@@ -76,7 +76,7 @@ module "projects" {
   service_identities_iam = try(each.value.service_identities_iam, {})
   vpc                    = try(each.value.vpc, null)
 }
-# tftest modules=7 resources=29
+# tftest modules=7 resources=30 inventory=example.yaml
 ```
 
 ### Projects configuration

blueprints/factories/project-factory/main.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2022 Google LLC
+ * Copyright 2023 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

blueprints/factories/project-factory/sample-data/projects/project.yaml

@@ -44,7 +44,8 @@ kms_service_agents:
 
 # [opt] Labels for the project - merged with the ones defined in defaults
 labels:
-  environment: dev
+  environment: dev2
+  costcenter: apps
 
 # [opt] Org policy overrides defined at project level
 org_policies:
@@ -67,7 +68,7 @@ service_accounts:
   another-service-account:
     - roles/compute.admin
   my-service-account:
-    - roles/compute.admin
+    - roles/compute.adminv1
 
 # [opt] APIs to enable on the project.
 services:
@@ -100,4 +101,4 @@ vpc:
   subnets_iam:
     europe-west1/dev-default-ew1:
       - user:[email protected]
-      - serviceAccount:service-account1
+      - serviceAccount:my-service-account