Merge pull request #1322 from GoogleCloudPlatform/jccb/fw-tests

Add inventories to net-vpc-firewall tests
GoogleCloudPlatform · Apr 12, 2023 · 23302b1 · 23302b1
2 parents a504738 + eca0a95
commit 23302b1
Show file tree

Hide file tree

Showing 17 changed files with 410 additions and 320 deletions.
diff --git a/modules/net-vpc-firewall/README.md b/modules/net-vpc-firewall/README.md
@@ -22,7 +22,7 @@ module "firewall" {
     admin_ranges = ["10.0.0.0/8"]
   }
 }
-# tftest modules=1 resources=4
+# tftest modules=1 resources=4 inventory=basic.yaml
 ```
 
 ### Custom rules
@@ -77,7 +77,7 @@ module "firewall" {
     }
   }
 }
-# tftest modules=1 resources=9
+# tftest modules=1 resources=9 inventory=custom-rules.yaml
 ```
 
 ### Controlling or turning off default rules
@@ -103,7 +103,7 @@ module "firewall" {
     ssh_tags   = ["ssh-default"]
   }
 }
-# tftest modules=1 resources=3
+# tftest modules=1 resources=3 inventory=custom-ssh-default-rule.yaml
 ```
 
 #### Disabling predefined rules
@@ -119,7 +119,7 @@ module "firewall" {
     ssh_ranges = []
   }
 }
-# tftest modules=1 resources=2
+# tftest modules=1 resources=2 inventory=no-ssh-default-rules.yaml
 ```
 
 Or the entire set of rules can be disabled via the `disabled` attribute:
@@ -133,7 +133,7 @@ module "firewall" {
     disabled = true
   }
 }
-# tftest modules=0 resources=0
+# tftest modules=0 resources=0 inventory=no-default-rules.yaml
 ```
 
 ### Including source & destination ranges
@@ -163,7 +163,7 @@ module "firewall" {
     }
   }
 }
-# tftest modules=1 resources=2
+# tftest modules=1 resources=2 inventory=local-ranges.yaml
 ```
 
 ### Rules Factory
@@ -181,7 +181,7 @@ module "firewall" {
   }
   default_rules_config = { disabled = true }
 }
-# tftest modules=1 resources=3 files=lbs,cidrs
+# tftest modules=1 resources=3 files=lbs,cidrs inventory=factory.yaml
 ```
 
 ```yaml

diff --git a/tests/modules/net_vpc_firewall/auto-rules.tfvars b/tests/modules/net_vpc_firewall/auto-rules.tfvars
diff --git a/tests/modules/net_vpc_firewall/auto-rules.yaml b/tests/modules/net_vpc_firewall/auto-rules.yaml
diff --git a/tests/modules/net_vpc_firewall/common.tfvars b/tests/modules/net_vpc_firewall/common.tfvars
diff --git a/tests/modules/net_vpc_firewall/custom-rules.tfvars b/tests/modules/net_vpc_firewall/custom-rules.tfvars
diff --git a/tests/modules/net_vpc_firewall/custom-rules.yaml b/tests/modules/net_vpc_firewall/custom-rules.yaml
diff --git a/tests/modules/net_vpc_firewall/data/firewall/load_balancers.yaml b/tests/modules/net_vpc_firewall/data/firewall/load_balancers.yaml
diff --git a/tests/modules/net_vpc_firewall/examples/basic.yaml b/tests/modules/net_vpc_firewall/examples/basic.yaml
@@ -0,0 +1,98 @@
+# Copyright 2023 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.firewall.google_compute_firewall.allow-admins[0]:
+    allow:
+    - ports: []
+      protocol: all
+    deny: []
+    disabled: null
+    log_config: []
+    name: my-network-ingress-admins
+    network: my-network
+    priority: 1000
+    project: my-project
+    source_ranges:
+    - 10.0.0.0/8
+    source_service_accounts: null
+    source_tags: null
+    target_service_accounts: null
+    target_tags: null
+  module.firewall.google_compute_firewall.allow-tag-http[0]:
+    allow:
+    - ports:
+      - '80'
+      protocol: tcp
+    deny: []
+    disabled: null
+    log_config: []
+    name: my-network-ingress-tag-http
+    network: my-network
+    priority: 1000
+    project: my-project
+    source_ranges:
+    - 130.211.0.0/22
+    - 209.85.152.0/22
+    - 209.85.204.0/22
+    - 35.191.0.0/16
+    source_service_accounts: null
+    source_tags: null
+    target_service_accounts: null
+    target_tags:
+    - http-server
+  module.firewall.google_compute_firewall.allow-tag-https[0]:
+    allow:
+    - ports:
+      - '443'
+      protocol: tcp
+    deny: []
+    disabled: null
+    log_config: []
+    name: my-network-ingress-tag-https
+    network: my-network
+    priority: 1000
+    project: my-project
+    source_ranges:
+    - 130.211.0.0/22
+    - 209.85.152.0/22
+    - 209.85.204.0/22
+    - 35.191.0.0/16
+    source_service_accounts: null
+    source_tags: null
+    target_service_accounts: null
+    target_tags:
+    - https-server
+  module.firewall.google_compute_firewall.allow-tag-ssh[0]:
+    allow:
+    - ports:
+      - '22'
+      protocol: tcp
+    deny: []
+    disabled: null
+    log_config: []
+    name: my-network-ingress-tag-ssh
+    network: my-network
+    priority: 1000
+    project: my-project
+    source_ranges:
+    - 35.235.240.0/20
+    source_service_accounts: null
+    source_tags: null
+    target_service_accounts: null
+    target_tags:
+    - ssh
+
+counts:
+  google_compute_firewall: 4