From 7509752cafa4eea5c30f99ab84d3cfabd9ba4748 Mon Sep 17 00:00:00 2001 From: lcaggio Date: Wed, 31 Aug 2022 16:25:29 +0200 Subject: [PATCH 1/4] First commit. --- .../cloud-identity-group-factory/README.md | 51 +++++++++++++++++++ .../cloud-identity-group-factory/main.tf | 33 ++++++++++++ .../cloud-identity-group-factory/output.tf | 15 ++++++ .../cloud-identity-group-factory/variables.tf | 27 ++++++++++ .../cloud_identity_group_factory/__init__.py | 13 +++++ .../fixture/data/group1@example.com.yaml | 6 +++ .../fixture/main.tf | 21 ++++++++ .../cloud_identity_group_factory/test_plan.py | 19 +++++++ 8 files changed, 185 insertions(+) create mode 100644 examples/factories/cloud-identity-group-factory/README.md create mode 100644 examples/factories/cloud-identity-group-factory/main.tf create mode 100644 examples/factories/cloud-identity-group-factory/output.tf create mode 100644 examples/factories/cloud-identity-group-factory/variables.tf create mode 100644 tests/examples/factories/cloud_identity_group_factory/__init__.py create mode 100644 tests/examples/factories/cloud_identity_group_factory/fixture/data/group1@example.com.yaml create mode 100644 tests/examples/factories/cloud_identity_group_factory/fixture/main.tf create mode 100644 tests/examples/factories/cloud_identity_group_factory/test_plan.py diff --git a/examples/factories/cloud-identity-group-factory/README.md b/examples/factories/cloud-identity-group-factory/README.md new file mode 100644 index 0000000000..8178100660 --- /dev/null +++ b/examples/factories/cloud-identity-group-factory/README.md @@ -0,0 +1,51 @@ +# Google Cloud Identity Group Factory + +This module allows creation and management of Cloud Identity Groups by defining them in well formatted `yaml` files. + +Yaml abstraction for Groups can simplify groups creation and members management. Yaml can be simpler and clearer comparing to HCL. + +## Example + +### Terraform code + +```hcl +module "prod-firewall" { + source = "./examples/factories/cloud-identity-group-factory" + + customer_id = "customers/C0xxxxxxx" + data_dir = "data" +} +# tftest skip +``` + +### Configuration Structure +Groups configuration should be placed in a set of yaml files. The name of the file identify the name of the group. + +```bash +├── data + ├── group1@domain.com.yaml +    ├── group2@domain.com.yaml + +``` + +### Group definition format and structure + +Within each file, the group entry structure is following: + +```yaml +display_name: # Group display name. +description: # Group description. +members: # List of group members. +managers: # List of group managers. +``` + + + +## Variables + +| name | description | type | required | default | +|---|---|:---:|:---:|:---:| +| [customer_id](variables.tf#L17) | Directory customer ID in the form customers/C0xxxxxxx. | string | ✓ | | +| [data_dir](variables.tf#L22) | Relative path for the folder storing configuration data. | string | | "data" | + + diff --git a/examples/factories/cloud-identity-group-factory/main.tf b/examples/factories/cloud-identity-group-factory/main.tf new file mode 100644 index 0000000000..b20d4a1a68 --- /dev/null +++ b/examples/factories/cloud-identity-group-factory/main.tf @@ -0,0 +1,33 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + groups = { + for f in fileset("${var.data_dir}", "**/*.yaml") : + trimsuffix(f, ".yaml") => yamldecode(file("${var.data_dir}/${f}")) + } +} + +module "group" { + source = "../../../modules/cloud-identity-group" + for_each = local.groups + customer_id = var.customer_id + name = each.key + display_name = try(each.value.display_name, null) + description = try(each.value.description, null) + members = try(each.value.members, []) + managers = try(each.value.managers, []) +} diff --git a/examples/factories/cloud-identity-group-factory/output.tf b/examples/factories/cloud-identity-group-factory/output.tf new file mode 100644 index 0000000000..11a2ddf118 --- /dev/null +++ b/examples/factories/cloud-identity-group-factory/output.tf @@ -0,0 +1,15 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ diff --git a/examples/factories/cloud-identity-group-factory/variables.tf b/examples/factories/cloud-identity-group-factory/variables.tf new file mode 100644 index 0000000000..bc05d7dccd --- /dev/null +++ b/examples/factories/cloud-identity-group-factory/variables.tf @@ -0,0 +1,27 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "customer_id" { + description = "Directory customer ID in the form customers/C0xxxxxxx." + type = string +} + +variable "data_dir" { + description = "Relative path for the folder storing configuration data." + type = string + default = "data" +} + diff --git a/tests/examples/factories/cloud_identity_group_factory/__init__.py b/tests/examples/factories/cloud_identity_group_factory/__init__.py new file mode 100644 index 0000000000..6d6d1266c3 --- /dev/null +++ b/tests/examples/factories/cloud_identity_group_factory/__init__.py @@ -0,0 +1,13 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. diff --git a/tests/examples/factories/cloud_identity_group_factory/fixture/data/group1@example.com.yaml b/tests/examples/factories/cloud_identity_group_factory/fixture/data/group1@example.com.yaml new file mode 100644 index 0000000000..1686af2722 --- /dev/null +++ b/tests/examples/factories/cloud_identity_group_factory/fixture/data/group1@example.com.yaml @@ -0,0 +1,6 @@ +display_name: Group 1 +description: Group 1 +members: + - user1@example.com +managers: + - user2@example.com \ No newline at end of file diff --git a/tests/examples/factories/cloud_identity_group_factory/fixture/main.tf b/tests/examples/factories/cloud_identity_group_factory/fixture/main.tf new file mode 100644 index 0000000000..3bdd11938b --- /dev/null +++ b/tests/examples/factories/cloud_identity_group_factory/fixture/main.tf @@ -0,0 +1,21 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +module "test" { + source = "../../../../../examples/factories/cloud-identity-group-factory/" + customer_id = "customers/C01234567" + data_dir = "data" +} diff --git a/tests/examples/factories/cloud_identity_group_factory/test_plan.py b/tests/examples/factories/cloud_identity_group_factory/test_plan.py new file mode 100644 index 0000000000..7de10b1a5f --- /dev/null +++ b/tests/examples/factories/cloud_identity_group_factory/test_plan.py @@ -0,0 +1,19 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +def test_resources(e2e_plan_runner): + "Test that plan works and the numbers of resources is as expected." + modules, resources = e2e_plan_runner() + assert len(modules) == 1 + assert len(resources) == 3 From 3a089ab6c950393a1ca0ed5297be3f128e6f1f69 Mon Sep 17 00:00:00 2001 From: lcaggio Date: Wed, 31 Aug 2022 16:28:35 +0200 Subject: [PATCH 2/4] Update README --- examples/factories/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/examples/factories/README.md b/examples/factories/README.md index 9b73d7c014..d2eeb0b2b4 100644 --- a/examples/factories/README.md +++ b/examples/factories/README.md @@ -38,6 +38,7 @@ If needed, converting factories to consume JSON is a matter of switching from `y ### Dedicated Factories +- [cloud-identity-group-factory](cloud-identity-group-factory/README.md) for Cloud Identity group - [net-vpc-firewall-yaml](net-vpc-firewall-yaml/README.md) for VPC firewall rules across different projects/VPCs - [project-factory](project-factory/README.md) for projects From 49baa5da3038f8a8d18bba1076874d9712a5a2de Mon Sep 17 00:00:00 2001 From: lcaggio Date: Wed, 31 Aug 2022 16:54:30 +0200 Subject: [PATCH 3/4] Fix YAML --- .../fixture/data/group1@example.com.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/examples/factories/cloud_identity_group_factory/fixture/data/group1@example.com.yaml b/tests/examples/factories/cloud_identity_group_factory/fixture/data/group1@example.com.yaml index 1686af2722..98bdcb8e1e 100644 --- a/tests/examples/factories/cloud_identity_group_factory/fixture/data/group1@example.com.yaml +++ b/tests/examples/factories/cloud_identity_group_factory/fixture/data/group1@example.com.yaml @@ -1,3 +1,5 @@ +# skip boilerplate check + display_name: Group 1 description: Group 1 members: From 9c03c8f205ef9f658ac7020178959c5ab4b5c651 Mon Sep 17 00:00:00 2001 From: lcaggio Date: Thu, 1 Sep 2022 15:18:50 +0200 Subject: [PATCH 4/4] Implement comments --- .../cloud-identity-group-factory/README.md | 16 ++++++++++++---- .../{output.tf => outputs.tf} | 8 ++++++++ .../cloud-identity-group-factory/variables.tf | 1 - 3 files changed, 20 insertions(+), 5 deletions(-) rename examples/factories/cloud-identity-group-factory/{output.tf => outputs.tf} (81%) diff --git a/examples/factories/cloud-identity-group-factory/README.md b/examples/factories/cloud-identity-group-factory/README.md index 8178100660..7636bde89b 100644 --- a/examples/factories/cloud-identity-group-factory/README.md +++ b/examples/factories/cloud-identity-group-factory/README.md @@ -33,12 +33,14 @@ Groups configuration should be placed in a set of yaml files. The name of the fi Within each file, the group entry structure is following: ```yaml -display_name: # Group display name. -description: # Group description. +display_name: Group 1 # Group display name. +description: Group 1 description # Group description. members: # List of group members. + - user_1@example.com + - user_2@example.com managers: # List of group managers. + - manager_1@example.com ``` - ## Variables @@ -46,6 +48,12 @@ managers: # List of group managers. | name | description | type | required | default | |---|---|:---:|:---:|:---:| | [customer_id](variables.tf#L17) | Directory customer ID in the form customers/C0xxxxxxx. | string | ✓ | | -| [data_dir](variables.tf#L22) | Relative path for the folder storing configuration data. | string | | "data" | +| [data_dir](variables.tf#L22) | Relative path for the folder storing configuration data. | string | ✓ | | + +## Outputs + +| name | description | sensitive | +|---|---|:---:| +| [group_id](outputs.tf#L17) | Group name => Group ID mapping. | | diff --git a/examples/factories/cloud-identity-group-factory/output.tf b/examples/factories/cloud-identity-group-factory/outputs.tf similarity index 81% rename from examples/factories/cloud-identity-group-factory/output.tf rename to examples/factories/cloud-identity-group-factory/outputs.tf index 11a2ddf118..63535ca7fe 100644 --- a/examples/factories/cloud-identity-group-factory/output.tf +++ b/examples/factories/cloud-identity-group-factory/outputs.tf @@ -13,3 +13,11 @@ * See the License for the specific language governing permissions and * limitations under the License. */ + +output "group_id" { + description = "Group name => Group ID mapping." + value = { + for k in module.group : + k.name => k.id + } +} diff --git a/examples/factories/cloud-identity-group-factory/variables.tf b/examples/factories/cloud-identity-group-factory/variables.tf index bc05d7dccd..012af8663b 100644 --- a/examples/factories/cloud-identity-group-factory/variables.tf +++ b/examples/factories/cloud-identity-group-factory/variables.tf @@ -22,6 +22,5 @@ variable "customer_id" { variable "data_dir" { description = "Relative path for the folder storing configuration data." type = string - default = "data" }