Merge pull request #790 from GoogleCloudPlatform/lcaggio/group-factory

Cloud Identity Group factory

examples/factories/README.md

@@ -38,6 +38,7 @@ If needed, converting factories to consume JSON is a matter of switching from `y
 
 ### Dedicated Factories
 
+- [cloud-identity-group-factory](cloud-identity-group-factory/README.md) for Cloud Identity group
 - [net-vpc-firewall-yaml](net-vpc-firewall-yaml/README.md) for VPC firewall rules across different projects/VPCs
 - [project-factory](project-factory/README.md) for projects
 

examples/factories/cloud-identity-group-factory/README.md

@@ -0,0 +1,59 @@
+# Google Cloud Identity Group Factory
+
+This module allows creation and management of Cloud Identity Groups by defining them in well formatted `yaml` files. 
+
+Yaml abstraction for Groups can simplify groups creation and members management. Yaml can be simpler and clearer comparing to HCL.
+
+## Example
+
+### Terraform code
+
+```hcl
+module "prod-firewall" {
+  source = "./examples/factories/cloud-identity-group-factory"
+  
+  customer_id         = "customers/C0xxxxxxx"
+  data_dir            = "data"
+}
+# tftest skip
+```
+
+### Configuration Structure
+Groups configuration should be placed in a set of yaml files. The name of the file identify the name of the group.
+
+```bash
+├── data
+    ├── [email protected]
+    ├── [email protected]
+
+```
+
+### Group definition format and structure
+
+Within each file, the group entry structure is following:
+
+```yaml
+display_name: Group 1 # Group display name.
+description: Group 1 description # Group description.
+members:  # List of group members.
+  - [email protected]
+  - [email protected]  
+managers: # List of group managers.
+  - [email protected]
+```
+<!-- BEGIN TFDOC -->
+
+## Variables
+
+| name | description | type | required | default |
+|---|---|:---:|:---:|:---:|
+| [customer_id](variables.tf#L17) | Directory customer ID in the form customers/C0xxxxxxx. | <code>string</code> | ✓ |  |
+| [data_dir](variables.tf#L22) | Relative path for the folder storing configuration data. | <code>string</code> | ✓ |  |
+
+## Outputs
+
+| name | description | sensitive |
+|---|---|:---:|
+| [group_id](outputs.tf#L17) | Group name => Group ID mapping. |  |
+
+<!-- END TFDOC -->

examples/factories/cloud-identity-group-factory/main.tf

@@ -0,0 +1,33 @@
+/**
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+locals {
+  groups = {
+    for f in fileset("${var.data_dir}", "**/*.yaml") :
+    trimsuffix(f, ".yaml") => yamldecode(file("${var.data_dir}/${f}"))
+  }
+}
+
+module "group" {
+  source       = "../../../modules/cloud-identity-group"
+  for_each     = local.groups
+  customer_id  = var.customer_id
+  name         = each.key
+  display_name = try(each.value.display_name, null)
+  description  = try(each.value.description, null)
+  members      = try(each.value.members, [])
+  managers     = try(each.value.managers, [])
+}

examples/factories/cloud-identity-group-factory/outputs.tf

@@ -0,0 +1,23 @@
+/**
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "group_id" {
+  description = "Group name => Group ID mapping."
+  value = {
+    for k in module.group :
+    k.name => k.id
+  }
+}

examples/factories/cloud-identity-group-factory/variables.tf

@@ -0,0 +1,26 @@
+/**
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "customer_id" {
+  description = "Directory customer ID in the form customers/C0xxxxxxx."
+  type        = string
+}
+
+variable "data_dir" {
+  description = "Relative path for the folder storing configuration data."
+  type        = string
+}
+

tests/examples/factories/cloud_identity_group_factory/__init__.py

@@ -0,0 +1,13 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.

tests/examples/factories/cloud_identity_group_factory/fixture/data/group1@example.com.yaml

@@ -0,0 +1,8 @@
+# skip boilerplate check
+
+display_name: Group 1
+description: Group 1
+members:
+  - [email protected]
+managers:
+  - [email protected]

tests/examples/factories/cloud_identity_group_factory/fixture/main.tf

@@ -0,0 +1,21 @@
+/**
+ * Copyright 2022 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+module "test" {
+  source      = "../../../../../examples/factories/cloud-identity-group-factory/"
+  customer_id = "customers/C01234567"
+  data_dir    = "data"
+}

tests/examples/factories/cloud_identity_group_factory/test_plan.py

@@ -0,0 +1,19 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+def test_resources(e2e_plan_runner):
+  "Test that plan works and the numbers of resources is as expected."
+  modules, resources = e2e_plan_runner()
+  assert len(modules) == 1
+  assert len(resources) == 3