From 0af5e31ca301c7ee494c90c4a0ca17a250922f02 Mon Sep 17 00:00:00 2001 From: Thangaraju Rajasekaran Date: Wed, 29 Nov 2023 14:36:03 +0000 Subject: [PATCH 1/4] E2E tests for net-vpc module --- modules/net-vpc/README.md | 70 +++++++++---------- modules/net-vpc/routes.tf | 4 +- tests/examples/variables.tf | 16 +++++ .../setup_module/e2e_tests.tfvars.tftpl | 7 ++ tests/examples_e2e/setup_module/main.tf | 44 ++++++++++++ tests/examples_e2e/setup_module/variables.tf | 3 + .../net_vpc/examples/dns-policies.yaml | 6 +- tests/modules/net_vpc/examples/factory.yaml | 22 +++--- .../firewall_policy_enforcement_order.yaml | 8 +-- .../modules/net_vpc/examples/googleapis.yaml | 13 ++-- tests/modules/net_vpc/examples/ipv6.yaml | 14 ++-- .../net_vpc/examples/proxy-only-subnets.yaml | 10 +-- .../modules/net_vpc/examples/psa-routes.yaml | 12 ++-- tests/modules/net_vpc/examples/psa.yaml | 10 +-- tests/modules/net_vpc/examples/routes.yaml | 32 ++++----- .../modules/net_vpc/examples/shared-vpc.yaml | 28 ++++---- tests/modules/net_vpc/examples/simple.yaml | 12 ++-- .../modules/net_vpc/examples/subnet-iam.yaml | 28 ++++---- .../net_vpc/examples/subnet-options.yaml | 12 ++-- 19 files changed, 212 insertions(+), 139 deletions(-) diff --git a/modules/net-vpc/README.md b/modules/net-vpc/README.md index e171125bc7..8994ab70a4 100644 --- a/modules/net-vpc/README.md +++ b/modules/net-vpc/README.md @@ -29,7 +29,7 @@ This module allows creation and management of VPC networks including subnetworks ```hcl module "vpc" { source = "./fabric/modules/net-vpc" - project_id = "my-project" + project_id = var.project_id name = "my-network" subnets = [ { @@ -48,7 +48,7 @@ module "vpc" { } ] } -# tftest modules=1 resources=5 inventory=simple.yaml +# tftest modules=1 resources=5 inventory=simple.yaml e2e ``` ### Subnet Options @@ -56,7 +56,7 @@ module "vpc" { ```hcl module "vpc" { source = "./fabric/modules/net-vpc" - project_id = "my-project" + project_id = var.project_id name = "my-network" subnets = [ # simple subnet @@ -95,7 +95,7 @@ module "vpc" { } ] } -# tftest modules=1 resources=7 inventory=subnet-options.yaml +# tftest modules=1 resources=7 inventory=subnet-options.yaml e2e ``` ### Subnet IAM @@ -105,7 +105,7 @@ Subnet IAM variables follow our general interface, with extra keys/members for t ```hcl module "vpc" { source = "./fabric/modules/net-vpc" - project_id = "my-project" + project_id = var.project_id name = "my-network" subnets = [ { @@ -114,12 +114,12 @@ module "vpc" { ip_cidr_range = "10.0.1.0/24" iam = { "roles/compute.networkUser" = [ - "user:user1@example.com", "group:group1@example.com" + "user:${var.user_email}", "group:${var.group_email}" ] } iam_bindings = { subnet-1-iam = { - members = ["group:group2@example.com"] + members = ["group:${var.group_email}"] role = "roles/compute.networkUser" condition = { expression = "resource.matchTag('123456789012/env', 'prod')" @@ -131,10 +131,10 @@ module "vpc" { { name = "subnet-2" region = "europe-west1" - ip_cidr_range = "10.0.1.0/24" + ip_cidr_range = "10.0.2.0/24" iam_bindings_additive = { subnet-2-iam = { - member = "user:am1@example.com" + member = "user:${var.user_email}" role = "roles/compute.networkUser" subnet = "europe-west1/subnet-2" } @@ -142,7 +142,7 @@ module "vpc" { } ] } -# tftest modules=1 resources=8 inventory=subnet-iam.yaml +# tftest modules=1 resources=8 inventory=subnet-iam.yaml e2e ``` ### Peering @@ -154,7 +154,7 @@ If you only want to create the "local" side of the peering, use `peering_create_ ```hcl module "vpc-hub" { source = "./fabric/modules/net-vpc" - project_id = "hub" + project_id = var.project_id name = "vpc-hub" subnets = [{ ip_cidr_range = "10.0.0.0/24" @@ -165,7 +165,7 @@ module "vpc-hub" { module "vpc-spoke-1" { source = "./fabric/modules/net-vpc" - project_id = "spoke1" + project_id = var.project_id name = "vpc-spoke1" subnets = [{ ip_cidr_range = "10.0.1.0/24" @@ -187,18 +187,18 @@ module "vpc-spoke-1" { ```hcl locals { service_project_1 = { - project_id = "project1" - gke_service_account = "serviceAccount:gke" - cloud_services_service_account = "serviceAccount:cloudsvc" + project_id = var.service_project_1.project_id + gke_service_account = "serviceAccount:${var.service_account.email}" + cloud_services_service_account = "serviceAccount:${var.service_account.email}" } service_project_2 = { - project_id = "project2" + project_id = var.service_project_2.project_id } } module "vpc-host" { source = "./fabric/modules/net-vpc" - project_id = "my-project" + project_id = var.project_id name = "my-host-network" subnets = [ { @@ -226,7 +226,7 @@ module "vpc-host" { local.service_project_2.project_id ] } -# tftest modules=1 resources=9 inventory=shared-vpc.yaml +# tftest modules=1 resources=9 inventory=shared-vpc.yaml e2e ``` ### Private Service Networking @@ -234,7 +234,7 @@ module "vpc-host" { ```hcl module "vpc" { source = "./fabric/modules/net-vpc" - project_id = "my-project" + project_id = var.project_id name = "my-network" subnets = [ { @@ -247,7 +247,7 @@ module "vpc" { ranges = { myrange = "10.0.1.0/24" } } } -# tftest modules=1 resources=7 inventory=psa.yaml +# tftest modules=1 resources=7 inventory=psa.yaml e2e ``` ### Private Service Networking with peering routes and peered Cloud DNS domains @@ -257,7 +257,7 @@ Custom routes can be optionally exported/imported through the peering formed wit ```hcl module "vpc" { source = "./fabric/modules/net-vpc" - project_id = "my-project" + project_id = var.project_id name = "my-network" subnets = [ { @@ -273,7 +273,7 @@ module "vpc" { peered_domains = ["gcp.example.com."] } } -# tftest modules=1 resources=8 inventory=psa-routes.yaml +# tftest modules=1 resources=8 inventory=psa-routes.yaml e2e ``` ### Subnets for Private Service Connect, Proxy-only subnets @@ -286,7 +286,7 @@ Along with common private subnets module supports creation more service specific ```hcl module "vpc" { source = "./fabric/modules/net-vpc" - project_id = "my-project" + project_id = var.project_id name = "my-network" subnets_proxy_only = [ @@ -312,7 +312,7 @@ module "vpc" { } ] } -# tftest modules=1 resources=6 inventory=proxy-only-subnets.yaml +# tftest modules=1 resources=6 inventory=proxy-only-subnets.yaml e2e ``` ### DNS Policies @@ -320,7 +320,7 @@ module "vpc" { ```hcl module "vpc" { source = "./fabric/modules/net-vpc" - project_id = "my-project" + project_id = var.project_id name = "my-network" dns_policy = { inbound = true @@ -337,7 +337,7 @@ module "vpc" { } ] } -# tftest modules=1 resources=5 inventory=dns-policies.yaml +# tftest modules=1 resources=5 inventory=dns-policies.yaml e2e ``` ### Subnet Factory @@ -347,7 +347,7 @@ The `net-vpc` module includes a subnet factory (see [Resource Factories](../../b ```hcl module "vpc" { source = "./fabric/modules/net-vpc" - project_id = "my-project" + project_id = var.project_id name = "my-network" factories_config = { subnets_folder = "config/subnets" @@ -430,7 +430,7 @@ locals { module "vpc" { source = "./fabric/modules/net-vpc" for_each = local.route_types - project_id = "my-project" + project_id = var.project_id name = "my-network-with-route-${replace(each.key, "_", "-")}" routes = { next-hop = { @@ -460,7 +460,7 @@ By default the VPC module creates IPv4 routes for the [Private Google Access ran ```hcl module "vpc" { source = "./fabric/modules/net-vpc" - project_id = "my-project" + project_id = var.project_id name = "my-vpc" create_googleapis_routes = { restricted = false @@ -469,7 +469,7 @@ module "vpc" { private-6 = true } } -# tftest modules=1 resources=3 inventory=googleapis.yaml +# tftest modules=1 resources=3 inventory=googleapis.yaml e2e ``` ### Allow Firewall Policy to be evaluated before Firewall Rules @@ -477,7 +477,7 @@ module "vpc" { ```hcl module "vpc" { source = "./fabric/modules/net-vpc" - project_id = "my-project" + project_id = var.project_id name = "my-network" firewall_policy_enforcement_order = "BEFORE_CLASSIC_FIREWALL" subnets = [ @@ -497,7 +497,7 @@ module "vpc" { } ] } -# tftest modules=1 resources=5 inventory=firewall_policy_enforcement_order.yaml +# tftest modules=1 resources=5 inventory=firewall_policy_enforcement_order.yaml e2e ``` ### IPv6 @@ -507,12 +507,12 @@ A non-overlapping private IPv6 address space can be configured for the VPC via t ```hcl module "vpc" { source = "./fabric/modules/net-vpc" - project_id = "my-project" + project_id = var.project_id name = "my-network" ipv6_config = { # internal_range is optional enable_ula_internal = true - internal_range = "fd20:6b2:27e5:0:0:0:0:0/48" + # internal_range = "fd20:6b2:27e5::/48" } subnets = [ { @@ -531,7 +531,7 @@ module "vpc" { } ] } -# tftest modules=1 resources=5 inventory=ipv6.yaml +# tftest modules=1 resources=5 inventory=ipv6.yaml e2e ``` ## Variables diff --git a/modules/net-vpc/routes.tf b/modules/net-vpc/routes.tf index e6904e8486..065ea5fda0 100644 --- a/modules/net-vpc/routes.tf +++ b/modules/net-vpc/routes.tf @@ -19,9 +19,9 @@ locals { _googleapis_ranges = { private = "199.36.153.8/30" - private-6 = "2600:2d00:0002:2000::/64" + private-6 = "2600:2d00:2:2000::/64" restricted = "199.36.153.4/30" - restricted-6 = "2600:2d00:0002:1000::/64" + restricted-6 = "2600:2d00:2:1000::/64" } _googleapis_routes = { for k, v in local._googleapis_ranges : "${k}-googleapis" => { diff --git a/tests/examples/variables.tf b/tests/examples/variables.tf index ebdbb155cb..4901c66537 100644 --- a/tests/examples/variables.tf +++ b/tests/examples/variables.tf @@ -22,6 +22,10 @@ variable "billing_account_id" { default = "123456-123456-123456" } +variable "user_email" { + default = "user1@example.org" +} + variable "group_email" { default = "organization-admins@example.org" } @@ -94,3 +98,15 @@ variable "vpc2" { variable "zone" { default = "zone" } + +variable "service_project_1" { + default = { + project_id = "service-project-1-project-id" + } +} + +variable "service_project_2" { + default = { + project_id = "service-project-2-project-id" + } +} \ No newline at end of file diff --git a/tests/examples_e2e/setup_module/e2e_tests.tfvars.tftpl b/tests/examples_e2e/setup_module/e2e_tests.tfvars.tftpl index d23c39a47b..ced89dd320 100644 --- a/tests/examples_e2e/setup_module/e2e_tests.tfvars.tftpl +++ b/tests/examples_e2e/setup_module/e2e_tests.tfvars.tftpl @@ -17,10 +17,17 @@ billing_account_id = "${billing_account_id}" kms_key = { id = "${kms_key_id}" } +user_email = "${user_email}" group_email = "${group_email}" organization_id = "organizations/${organization_id}" folder_id = "folders/${folder_id}" project_id = "${project_id}" +service_project_1 = { + project_id = "${service_project_1.project_id}" +} +service_project_2 = { + project_id = "${service_project_2.project_id}" +} region = "${region}" service_account = { id = "${service_account.id}" diff --git a/tests/examples_e2e/setup_module/main.tf b/tests/examples_e2e/setup_module/main.tf index cd2fc8152b..16e73e6c54 100644 --- a/tests/examples_e2e/setup_module/main.tf +++ b/tests/examples_e2e/setup_module/main.tf @@ -35,6 +35,15 @@ locals { "storage-component.googleapis.com", "storage.googleapis.com", "vpcaccess.googleapis.com", + "servicenetworking.googleapis.com", + "dns.googleapis.com", + ] + services-svc = [ + # trimmed down list of services, to be extended as needed + "cloudresourcemanager.googleapis.com", + "compute.googleapis.com", + "iam.googleapis.com", + "serviceusage.googleapis.com", ] } @@ -57,6 +66,34 @@ resource "google_project_service" "project_service" { disable_dependent_services = true } +resource "google_project" "service_project_1" { + name = "${local.prefix}-prj-1" + billing_account = var.billing_account + folder_id = google_folder.folder.id + project_id = "${local.prefix}-prj-1" +} + +resource "google_project_service" "service_project_1_service" { + for_each = toset(local.services-svc) + service = each.value + project = google_project.service_project_1.project_id + disable_dependent_services = true +} + +resource "google_project" "service_project_2" { + name = "${local.prefix}-prj-2" + billing_account = var.billing_account + folder_id = google_folder.folder.id + project_id = "${local.prefix}-prj-2" +} + +resource "google_project_service" "service_project_2_service" { + for_each = toset(local.services-svc) + service = each.value + project = google_project.service_project_2.project_id + disable_dependent_services = true +} + resource "google_storage_bucket" "bucket" { location = var.region name = "${local.prefix}-bucket" @@ -115,9 +152,16 @@ resource "local_file" "terraform_tfvars" { billing_account_id = var.billing_account folder_id = google_folder.folder.folder_id group_email = var.group_email + user_email = var.user_email kms_key_id = google_kms_crypto_key.key.id organization_id = var.organization_id project_id = google_project.project.project_id + service_project_1 = { + project_id = google_project.service_project_1.project_id + } + service_project_2 = { + project_id = google_project.service_project_2.project_id + } region = var.region service_account = { id = google_service_account.service_account.id diff --git a/tests/examples_e2e/setup_module/variables.tf b/tests/examples_e2e/setup_module/variables.tf index 16f110df0a..65fabafedd 100644 --- a/tests/examples_e2e/setup_module/variables.tf +++ b/tests/examples_e2e/setup_module/variables.tf @@ -18,6 +18,9 @@ variable "billing_account" { variable "group_email" { type = string } +variable "user_email" { + type = string +} variable "organization_id" { type = string } diff --git a/tests/modules/net_vpc/examples/dns-policies.yaml b/tests/modules/net_vpc/examples/dns-policies.yaml index 3999e91fff..540c3e30d4 100644 --- a/tests/modules/net_vpc/examples/dns-policies.yaml +++ b/tests/modules/net_vpc/examples/dns-policies.yaml @@ -15,7 +15,7 @@ values: module.vpc.google_compute_network.network[0]: name: my-network - project: my-project + project: project-id module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]: {} module.vpc.google_dns_policy.default[0]: alternative_name_server_config: @@ -30,9 +30,9 @@ values: name: my-network networks: - {} - project: my-project + project: project-id counts: google_compute_network: 1 google_compute_subnetwork: 1 - google_dns_policy: 1 + google_dns_policy: 1 \ No newline at end of file diff --git a/tests/modules/net_vpc/examples/factory.yaml b/tests/modules/net_vpc/examples/factory.yaml index 50aa01e147..35227c7734 100644 --- a/tests/modules/net_vpc/examples/factory.yaml +++ b/tests/modules/net_vpc/examples/factory.yaml @@ -20,7 +20,7 @@ values: enable_ula_internal_ipv6: null name: my-network network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL - project: my-project + project: project-id routing_mode: GLOBAL timeouts: null module.vpc.google_compute_route.gateway["private-googleapis"]: @@ -32,7 +32,7 @@ values: next_hop_instance: null next_hop_vpn_tunnel: null priority: 1000 - project: my-project + project: project-id tags: null timeouts: null module.vpc.google_compute_route.gateway["restricted-googleapis"]: @@ -44,7 +44,7 @@ values: next_hop_instance: null next_hop_vpn_tunnel: null priority: 1000 - project: my-project + project: project-id tags: null timeouts: null module.vpc.google_compute_subnetwork.proxy_only["europe-west4/subnet-proxy"]: @@ -53,7 +53,7 @@ values: ipv6_access_type: null log_config: [] name: subnet-proxy - project: my-project + project: project-id purpose: REGIONAL_MANAGED_PROXY region: europe-west4 role: ACTIVE @@ -64,7 +64,7 @@ values: ipv6_access_type: null log_config: [] name: subnet-proxy-global - project: my-project + project: project-id purpose: GLOBAL_MANAGED_PROXY region: australia-southeast2 role: ACTIVE @@ -75,7 +75,7 @@ values: ipv6_access_type: null log_config: [] name: subnet-psc - project: my-project + project: project-id purpose: PRIVATE_SERVICE_CONNECT region: europe-west4 role: null @@ -92,7 +92,7 @@ values: metadata_fields: null name: subnet-detailed private_ip_google_access: false - project: my-project + project: project-id region: europe-west1 role: null secondary_ip_range: @@ -106,7 +106,7 @@ values: log_config: [] name: simple private_ip_google_access: true - project: my-project + project: project-id region: europe-west4 role: null secondary_ip_range: [] @@ -118,7 +118,7 @@ values: log_config: [] name: simple private_ip_google_access: true - project: my-project + project: project-id region: europe-west8 role: null secondary_ip_range: [] @@ -129,7 +129,7 @@ values: - group:lorem@example.com - serviceAccount:fbz@prj.iam.gserviceaccount.com - user:foobar@example.com - project: my-project + project: project-id region: europe-west1 role: roles/compute.networkUser subnetwork: subnet-detailed @@ -142,4 +142,4 @@ counts: modules: 1 resources: 10 -outputs: {} +outputs: {} \ No newline at end of file diff --git a/tests/modules/net_vpc/examples/firewall_policy_enforcement_order.yaml b/tests/modules/net_vpc/examples/firewall_policy_enforcement_order.yaml index 7fd0f97bc7..6a9523396f 100644 --- a/tests/modules/net_vpc/examples/firewall_policy_enforcement_order.yaml +++ b/tests/modules/net_vpc/examples/firewall_policy_enforcement_order.yaml @@ -18,7 +18,7 @@ values: delete_default_routes_on_create: false description: Terraform-managed. name: my-network - project: my-project + project: project-id routing_mode: GLOBAL network_firewall_policy_enforcement_order: BEFORE_CLASSIC_FIREWALL module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]: @@ -27,7 +27,7 @@ values: log_config: [] name: production private_ip_google_access: true - project: my-project + project: project-id region: europe-west1 role: null secondary_ip_range: @@ -41,11 +41,11 @@ values: log_config: [] name: production private_ip_google_access: true - project: my-project + project: project-id region: europe-west2 role: null secondary_ip_range: [] counts: google_compute_network: 1 - google_compute_subnetwork: 2 + google_compute_subnetwork: 2 \ No newline at end of file diff --git a/tests/modules/net_vpc/examples/googleapis.yaml b/tests/modules/net_vpc/examples/googleapis.yaml index 6248db51e5..ba40ad8a5e 100644 --- a/tests/modules/net_vpc/examples/googleapis.yaml +++ b/tests/modules/net_vpc/examples/googleapis.yaml @@ -13,27 +13,30 @@ # limitations under the License. values: + module.vpc.google_compute_network.network[0]: + name: my-vpc + project: project-id module.vpc.google_compute_route.gateway["private-6-googleapis"]: - dest_range: 2600:2d00:0002:2000::/64 + dest_range: 2600:2d00:2:2000::/64 name: my-vpc-private-6-googleapis next_hop_gateway: default-internet-gateway next_hop_ilb: null next_hop_instance: null next_hop_vpn_tunnel: null priority: 1000 - project: my-project + project: project-id tags: null module.vpc.google_compute_route.gateway["restricted-6-googleapis"]: - dest_range: 2600:2d00:0002:1000::/64 + dest_range: 2600:2d00:2:1000::/64 name: my-vpc-restricted-6-googleapis next_hop_gateway: default-internet-gateway next_hop_ilb: null next_hop_instance: null next_hop_vpn_tunnel: null priority: 1000 - project: my-project + project: project-id tags: null counts: google_compute_network: 1 - google_compute_route: 2 + google_compute_route: 2 \ No newline at end of file diff --git a/tests/modules/net_vpc/examples/ipv6.yaml b/tests/modules/net_vpc/examples/ipv6.yaml index 3d98c45d55..267a24b759 100644 --- a/tests/modules/net_vpc/examples/ipv6.yaml +++ b/tests/modules/net_vpc/examples/ipv6.yaml @@ -18,10 +18,10 @@ values: delete_default_routes_on_create: false description: Terraform-managed. enable_ula_internal_ipv6: true - internal_ipv6_range: fd20:6b2:27e5:0:0:0:0:0/48 + # internal_ipv6_range: fd20:6b2:27e5:0:0:0:0:0/48 name: my-network network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL - project: my-project + project: project-id routing_mode: GLOBAL timeouts: null module.vpc.google_compute_route.gateway["private-googleapis"]: @@ -33,7 +33,7 @@ values: next_hop_instance: null next_hop_vpn_tunnel: null priority: 1000 - project: my-project + project: project-id tags: null timeouts: null module.vpc.google_compute_route.gateway["restricted-googleapis"]: @@ -45,7 +45,7 @@ values: next_hop_instance: null next_hop_vpn_tunnel: null priority: 1000 - project: my-project + project: project-id tags: null timeouts: null module.vpc.google_compute_subnetwork.subnetwork["europe-west1/test"]: @@ -55,7 +55,7 @@ values: log_config: [] name: test private_ip_google_access: true - project: my-project + project: project-id region: europe-west1 role: null secondary_ip_range: [] @@ -68,7 +68,7 @@ values: log_config: [] name: test private_ip_google_access: true - project: my-project + project: project-id region: europe-west3 role: null secondary_ip_range: [] @@ -82,4 +82,4 @@ counts: modules: 1 resources: 5 -outputs: {} +outputs: {} \ No newline at end of file diff --git a/tests/modules/net_vpc/examples/proxy-only-subnets.yaml b/tests/modules/net_vpc/examples/proxy-only-subnets.yaml index cf32912df2..83f94d4dd1 100644 --- a/tests/modules/net_vpc/examples/proxy-only-subnets.yaml +++ b/tests/modules/net_vpc/examples/proxy-only-subnets.yaml @@ -15,13 +15,13 @@ values: module.vpc.google_compute_network.network[0]: name: my-network - project: my-project + project: project-id module.vpc.google_compute_subnetwork.proxy_only["europe-west1/regional-proxy"]: description: Terraform-managed proxy-only subnet for Regional HTTPS, Internal HTTPS or Cross-Regional HTTPS Internal LB. ip_cidr_range: 10.0.1.0/24 log_config: [] name: regional-proxy - project: my-project + project: project-id purpose: REGIONAL_MANAGED_PROXY region: europe-west1 role: ACTIVE @@ -30,7 +30,7 @@ values: ip_cidr_range: 10.0.4.0/24 log_config: [] name: global-proxy - project: my-project + project: project-id purpose: GLOBAL_MANAGED_PROXY region: australia-southeast2 role: ACTIVE @@ -39,11 +39,11 @@ values: ip_cidr_range: 10.0.3.0/24 log_config: [] name: psc - project: my-project + project: project-id purpose: PRIVATE_SERVICE_CONNECT region: europe-west1 role: null counts: google_compute_network: 1 - google_compute_subnetwork: 3 + google_compute_subnetwork: 3 \ No newline at end of file diff --git a/tests/modules/net_vpc/examples/psa-routes.yaml b/tests/modules/net_vpc/examples/psa-routes.yaml index fe2697813f..efbcb2da7c 100644 --- a/tests/modules/net_vpc/examples/psa-routes.yaml +++ b/tests/modules/net_vpc/examples/psa-routes.yaml @@ -18,21 +18,21 @@ values: address_type: INTERNAL name: myrange prefix_length: 24 - project: my-project + project: project-id purpose: VPC_PEERING module.vpc.google_compute_network.network[0]: name: my-network - project: my-project + project: project-id routing_mode: GLOBAL module.vpc.google_compute_network_peering_routes_config.psa_routes[0]: export_custom_routes: true import_custom_routes: true - project: my-project + project: project-id module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]: ip_cidr_range: 10.0.0.0/24 name: production private_ip_google_access: true - project: my-project + project: project-id region: europe-west1 secondary_ip_range: [] module.vpc.google_service_networking_connection.psa_connection[0]: @@ -42,7 +42,7 @@ values: module.vpc.google_service_networking_peered_dns_domain.name["gcp.example.com."]: dns_suffix: gcp.example.com. name: gcp-example-com - project: my-project + project: project-id service: servicenetworking.googleapis.com counts: @@ -51,4 +51,4 @@ counts: google_compute_network_peering_routes_config: 1 google_compute_subnetwork: 1 google_service_networking_connection: 1 - google_service_networking_peered_dns_domain: 1 + google_service_networking_peered_dns_domain: 1 \ No newline at end of file diff --git a/tests/modules/net_vpc/examples/psa.yaml b/tests/modules/net_vpc/examples/psa.yaml index 695678c47a..6af1a1d52a 100644 --- a/tests/modules/net_vpc/examples/psa.yaml +++ b/tests/modules/net_vpc/examples/psa.yaml @@ -18,19 +18,19 @@ values: address_type: INTERNAL name: myrange prefix_length: 24 - project: my-project + project: project-id purpose: VPC_PEERING module.vpc.google_compute_network.network[0]: name: my-network - project: my-project + project: project-id module.vpc.google_compute_network_peering_routes_config.psa_routes[0]: export_custom_routes: false import_custom_routes: false - project: my-project + project: project-id module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]: ip_cidr_range: 10.0.0.0/24 name: production - project: my-project + project: project-id module.vpc.google_service_networking_connection.psa_connection[0]: reserved_peering_ranges: - myrange @@ -43,4 +43,4 @@ counts: google_compute_subnetwork: 1 google_service_networking_connection: 1 -outputs: {} +outputs: {} \ No newline at end of file diff --git a/tests/modules/net_vpc/examples/routes.yaml b/tests/modules/net_vpc/examples/routes.yaml index 24f356f4dc..e52b909a49 100644 --- a/tests/modules/net_vpc/examples/routes.yaml +++ b/tests/modules/net_vpc/examples/routes.yaml @@ -15,7 +15,7 @@ values: module.vpc["gateway"].google_compute_network.network[0]: name: my-network-with-route-gateway - project: my-project + project: project-id routing_mode: GLOBAL module.vpc["gateway"].google_compute_route.gateway["gateway"]: description: Terraform-managed. @@ -26,7 +26,7 @@ values: next_hop_instance: null next_hop_vpn_tunnel: null priority: 100 - project: my-project + project: project-id tags: - tag-a module.vpc["gateway"].google_compute_route.gateway["next-hop"]: @@ -38,11 +38,11 @@ values: next_hop_instance: null next_hop_vpn_tunnel: null priority: 1000 - project: my-project + project: project-id tags: null module.vpc["ilb"].google_compute_network.network[0]: name: my-network-with-route-ilb - project: my-project + project: project-id routing_mode: GLOBAL module.vpc["ilb"].google_compute_route.gateway["gateway"]: description: Terraform-managed. @@ -53,7 +53,7 @@ values: next_hop_instance: null next_hop_vpn_tunnel: null priority: 100 - project: my-project + project: project-id tags: - tag-a module.vpc["ilb"].google_compute_route.ilb["next-hop"]: @@ -65,11 +65,11 @@ values: next_hop_instance: null next_hop_vpn_tunnel: null priority: 1000 - project: my-project + project: project-id tags: null module.vpc["instance"].google_compute_network.network[0]: name: my-network-with-route-instance - project: my-project + project: project-id routing_mode: GLOBAL module.vpc["instance"].google_compute_route.gateway["gateway"]: description: Terraform-managed. @@ -80,7 +80,7 @@ values: next_hop_instance: null next_hop_vpn_tunnel: null priority: 100 - project: my-project + project: project-id tags: - tag-a module.vpc["instance"].google_compute_route.instance["next-hop"]: @@ -93,11 +93,11 @@ values: next_hop_instance_zone: europe-west1-b next_hop_vpn_tunnel: null priority: 1000 - project: my-project + project: project-id tags: null module.vpc["ip"].google_compute_network.network[0]: name: my-network-with-route-ip - project: my-project + project: project-id routing_mode: GLOBAL module.vpc["ip"].google_compute_route.gateway["gateway"]: description: Terraform-managed. @@ -108,7 +108,7 @@ values: next_hop_instance: null next_hop_vpn_tunnel: null priority: 100 - project: my-project + project: project-id tags: - tag-a module.vpc["ip"].google_compute_route.ip["next-hop"]: @@ -121,11 +121,11 @@ values: next_hop_ip: 192.168.0.128 next_hop_vpn_tunnel: null priority: 1000 - project: my-project + project: project-id tags: null module.vpc["vpn_tunnel"].google_compute_network.network[0]: name: my-network-with-route-vpn-tunnel - project: my-project + project: project-id routing_mode: GLOBAL module.vpc["vpn_tunnel"].google_compute_route.gateway["gateway"]: description: Terraform-managed. @@ -136,7 +136,7 @@ values: next_hop_instance: null next_hop_vpn_tunnel: null priority: 100 - project: my-project + project: project-id tags: - tag-a module.vpc["vpn_tunnel"].google_compute_route.vpn_tunnel["next-hop"]: @@ -148,9 +148,9 @@ values: next_hop_instance: null next_hop_vpn_tunnel: regions/europe-west1/vpnTunnels/foo priority: 1000 - project: my-project + project: project-id tags: null counts: google_compute_network: 5 - google_compute_route: 10 + google_compute_route: 10 \ No newline at end of file diff --git a/tests/modules/net_vpc/examples/shared-vpc.yaml b/tests/modules/net_vpc/examples/shared-vpc.yaml index 5f1b9d5ae6..b6ea0f0491 100644 --- a/tests/modules/net_vpc/examples/shared-vpc.yaml +++ b/tests/modules/net_vpc/examples/shared-vpc.yaml @@ -15,15 +15,15 @@ values: module.vpc-host.google_compute_network.network[0]: name: my-host-network - project: my-project + project: project-id module.vpc-host.google_compute_shared_vpc_host_project.shared_vpc_host[0]: - project: my-project - module.vpc-host.google_compute_shared_vpc_service_project.service_projects["project1"]: - host_project: my-project - service_project: project1 - module.vpc-host.google_compute_shared_vpc_service_project.service_projects["project2"]: - host_project: my-project - service_project: project2 + project: project-id + module.vpc-host.google_compute_shared_vpc_service_project.service_projects["service-project-1-project-id"]: + host_project: project-id + service_project: service-project-1-project-id + module.vpc-host.google_compute_shared_vpc_service_project.service_projects["service-project-2-project-id"]: + host_project: project-id + service_project: service-project-2-project-id module.vpc-host.google_compute_subnetwork.subnetwork["europe-west1/subnet-1"]: secondary_ip_range: - ip_cidr_range: 172.16.0.0/20 @@ -33,17 +33,17 @@ values: module.vpc-host.google_compute_subnetwork_iam_binding.authoritative["europe-west1/subnet-1.roles/compute.networkUser"]: condition: [] members: - - serviceAccount:cloudsvc - - serviceAccount:gke - project: my-project + - serviceAccount:service_account_email + # - serviceAccount:gke + project: project-id region: europe-west1 role: roles/compute.networkUser subnetwork: subnet-1 module.vpc-host.google_compute_subnetwork_iam_binding.authoritative["europe-west1/subnet-1.roles/compute.securityAdmin"]: condition: [] members: - - serviceAccount:gke - project: my-project + - serviceAccount:service_account_email + project: project-id region: europe-west1 role: roles/compute.securityAdmin subnetwork: subnet-1 @@ -53,4 +53,4 @@ counts: google_compute_shared_vpc_host_project: 1 google_compute_shared_vpc_service_project: 2 google_compute_subnetwork: 1 - google_compute_subnetwork_iam_binding: 2 + google_compute_subnetwork_iam_binding: 2 \ No newline at end of file diff --git a/tests/modules/net_vpc/examples/simple.yaml b/tests/modules/net_vpc/examples/simple.yaml index 2a5b1ee299..95e29f2e7e 100644 --- a/tests/modules/net_vpc/examples/simple.yaml +++ b/tests/modules/net_vpc/examples/simple.yaml @@ -18,7 +18,7 @@ values: delete_default_routes_on_create: false description: Terraform-managed. name: my-network - project: my-project + project: project-id routing_mode: GLOBAL module.vpc.google_compute_subnetwork.subnetwork["europe-west1/production"]: description: Terraform-managed. @@ -26,7 +26,7 @@ values: log_config: [] name: production private_ip_google_access: true - project: my-project + project: project-id region: europe-west1 role: null secondary_ip_range: @@ -40,7 +40,7 @@ values: log_config: [] name: production private_ip_google_access: true - project: my-project + project: project-id region: europe-west2 role: null secondary_ip_range: [] @@ -52,7 +52,7 @@ values: next_hop_instance: null next_hop_vpn_tunnel: null priority: 1000 - project: my-project + project: project-id tags: null timeouts: null module.vpc.google_compute_route.gateway["restricted-googleapis"]: @@ -64,11 +64,11 @@ values: next_hop_instance: null next_hop_vpn_tunnel: null priority: 1000 - project: my-project + project: project-id tags: null timeouts: null counts: google_compute_network: 1 google_compute_subnetwork: 2 - google_compute_route: 2 + google_compute_route: 2 \ No newline at end of file diff --git a/tests/modules/net_vpc/examples/subnet-iam.yaml b/tests/modules/net_vpc/examples/subnet-iam.yaml index 1b925f48e2..dae2fdd733 100644 --- a/tests/modules/net_vpc/examples/subnet-iam.yaml +++ b/tests/modules/net_vpc/examples/subnet-iam.yaml @@ -20,7 +20,7 @@ values: enable_ula_internal_ipv6: null name: my-network network_firewall_policy_enforcement_order: AFTER_CLASSIC_FIREWALL - project: my-project + project: project-id routing_mode: GLOBAL timeouts: null module.vpc.google_compute_route.gateway["private-googleapis"]: @@ -32,7 +32,7 @@ values: next_hop_instance: null next_hop_vpn_tunnel: null priority: 1000 - project: my-project + project: project-id tags: null timeouts: null module.vpc.google_compute_route.gateway["restricted-googleapis"]: @@ -44,7 +44,7 @@ values: next_hop_instance: null next_hop_vpn_tunnel: null priority: 1000 - project: my-project + project: project-id tags: null timeouts: null module.vpc.google_compute_subnetwork.subnetwork["europe-west1/subnet-1"]: @@ -54,19 +54,19 @@ values: log_config: [] name: subnet-1 private_ip_google_access: true - project: my-project + project: project-id region: europe-west1 role: null secondary_ip_range: [] timeouts: null module.vpc.google_compute_subnetwork.subnetwork["europe-west1/subnet-2"]: description: Terraform-managed. - ip_cidr_range: 10.0.1.0/24 + ip_cidr_range: 10.0.2.0/24 ipv6_access_type: null log_config: [] name: subnet-2 private_ip_google_access: true - project: my-project + project: project-id region: europe-west1 role: null secondary_ip_range: [] @@ -74,9 +74,9 @@ values: module.vpc.google_compute_subnetwork_iam_binding.authoritative["europe-west1/subnet-1.roles/compute.networkUser"]: condition: [] members: - - group:group1@example.com - - user:user1@example.com - project: my-project + - group:organization-admins@example.org + - user:user1@example.org + project: project-id region: europe-west1 role: roles/compute.networkUser subnetwork: subnet-1 @@ -86,15 +86,15 @@ values: expression: resource.matchTag('123456789012/env', 'prod') title: test_condition members: - - group:group2@example.com - project: my-project + - group:organization-admins@example.org + project: project-id region: europe-west1 role: roles/compute.networkUser subnetwork: subnet-1 module.vpc.google_compute_subnetwork_iam_member.bindings["subnet-2-iam"]: condition: [] - member: user:am1@example.com - project: my-project + member: user:user1@example.org + project: project-id region: europe-west1 role: roles/compute.networkUser subnetwork: subnet-2 @@ -108,4 +108,4 @@ counts: modules: 1 resources: 8 -outputs: {} +outputs: {} \ No newline at end of file diff --git a/tests/modules/net_vpc/examples/subnet-options.yaml b/tests/modules/net_vpc/examples/subnet-options.yaml index e3cea5ca64..9fd35fa5a1 100644 --- a/tests/modules/net_vpc/examples/subnet-options.yaml +++ b/tests/modules/net_vpc/examples/subnet-options.yaml @@ -15,14 +15,14 @@ values: module.vpc.google_compute_network.network[0]: name: my-network - project: my-project + project: project-id module.vpc.google_compute_subnetwork.subnetwork["europe-west1/no-pga"]: description: Subnet b ip_cidr_range: 10.0.1.0/24 log_config: [] name: no-pga private_ip_google_access: false - project: my-project + project: project-id region: europe-west1 secondary_ip_range: [] module.vpc.google_compute_subnetwork.subnetwork["europe-west1/simple"]: @@ -31,7 +31,7 @@ values: log_config: [] name: simple private_ip_google_access: true - project: my-project + project: project-id region: europe-west1 secondary_ip_range: [] module.vpc.google_compute_subnetwork.subnetwork["europe-west1/with-flow-logs"]: @@ -46,7 +46,7 @@ values: metadata_fields: null name: with-flow-logs private_ip_google_access: true - project: my-project + project: project-id region: europe-west1 role: null secondary_ip_range: [] @@ -56,7 +56,7 @@ values: log_config: [] name: with-secondary-ranges private_ip_google_access: true - project: my-project + project: project-id region: europe-west1 role: null secondary_ip_range: @@ -67,4 +67,4 @@ values: counts: google_compute_network: 1 - google_compute_subnetwork: 4 + google_compute_subnetwork: 4 \ No newline at end of file From a259d2cbdbfe8c1abc714eef788ff1c2af84ca5e Mon Sep 17 00:00:00 2001 From: Thangaraju Rajasekaran Date: Wed, 29 Nov 2023 15:07:21 +0000 Subject: [PATCH 2/4] formatted the file --- tests/examples_e2e/setup_module/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/examples_e2e/setup_module/main.tf b/tests/examples_e2e/setup_module/main.tf index 16e73e6c54..8004d545fe 100644 --- a/tests/examples_e2e/setup_module/main.tf +++ b/tests/examples_e2e/setup_module/main.tf @@ -162,7 +162,7 @@ resource "local_file" "terraform_tfvars" { service_project_2 = { project_id = google_project.service_project_2.project_id } - region = var.region + region = var.region service_account = { id = google_service_account.service_account.id email = google_service_account.service_account.email From d9cd46d8a7715a38dbc287a7ac90fbdde2b37e94 Mon Sep 17 00:00:00 2001 From: Thangaraju Rajasekaran Date: Wed, 29 Nov 2023 23:19:25 +0000 Subject: [PATCH 3/4] fixed e2e test for shared-vpc and subnet-iam --- modules/net-vpc/README.md | 37 ++++++++------ tests/examples/variables.tf | 16 ------ .../setup_module/e2e_tests.tfvars.tftpl | 8 +-- tests/examples_e2e/setup_module/main.tf | 49 ++----------------- tests/examples_e2e/setup_module/variables.tf | 3 -- .../modules/net_vpc/examples/shared-vpc.yaml | 13 +++-- .../modules/net_vpc/examples/subnet-iam.yaml | 3 +- 7 files changed, 33 insertions(+), 96 deletions(-) diff --git a/modules/net-vpc/README.md b/modules/net-vpc/README.md index 8994ab70a4..7bc1d40269 100644 --- a/modules/net-vpc/README.md +++ b/modules/net-vpc/README.md @@ -114,7 +114,7 @@ module "vpc" { ip_cidr_range = "10.0.1.0/24" iam = { "roles/compute.networkUser" = [ - "user:${var.user_email}", "group:${var.group_email}" + "group:${var.group_email}" ] } iam_bindings = { @@ -134,7 +134,7 @@ module "vpc" { ip_cidr_range = "10.0.2.0/24" iam_bindings_additive = { subnet-2-iam = { - member = "user:${var.user_email}" + member = "group:${var.group_email}" role = "roles/compute.networkUser" subnet = "europe-west1/subnet-2" } @@ -185,14 +185,21 @@ module "vpc-spoke-1" { [Shared VPC](https://cloud.google.com/vpc/docs/shared-vpc) is a project-level functionality which enables a project to share its VPCs with other projects. The `shared_vpc_host` variable is here to help with rapid prototyping, we recommend leveraging the project module for production usage. ```hcl -locals { - service_project_1 = { - project_id = var.service_project_1.project_id - gke_service_account = "serviceAccount:${var.service_account.email}" - cloud_services_service_account = "serviceAccount:${var.service_account.email}" - } - service_project_2 = { - project_id = var.service_project_2.project_id + +module "service-project" { + source = "./fabric/modules/project" + billing_account = var.billing_account_id + name = "prj1" + prefix = var.prefix + parent = var.folder_id + services = [ + "cloudresourcemanager.googleapis.com", + "compute.googleapis.com", + "iam.googleapis.com", + "serviceusage.googleapis.com" + ] + shared_vpc_service_config = { + host_project = var.project_id } } @@ -211,22 +218,20 @@ module "vpc-host" { } iam = { "roles/compute.networkUser" = [ - local.service_project_1.cloud_services_service_account, - local.service_project_1.gke_service_account + "serviceAccount:${var.service_account.email}" ] "roles/compute.securityAdmin" = [ - local.service_project_1.gke_service_account + "serviceAccount:${var.service_account.email}" ] } } ] shared_vpc_host = true shared_vpc_service_projects = [ - local.service_project_1.project_id, - local.service_project_2.project_id + module.service-project.project_id ] } -# tftest modules=1 resources=9 inventory=shared-vpc.yaml e2e +# tftest modules=2 resources=14 inventory=shared-vpc.yaml e2e ``` ### Private Service Networking diff --git a/tests/examples/variables.tf b/tests/examples/variables.tf index 4901c66537..ebdbb155cb 100644 --- a/tests/examples/variables.tf +++ b/tests/examples/variables.tf @@ -22,10 +22,6 @@ variable "billing_account_id" { default = "123456-123456-123456" } -variable "user_email" { - default = "user1@example.org" -} - variable "group_email" { default = "organization-admins@example.org" } @@ -98,15 +94,3 @@ variable "vpc2" { variable "zone" { default = "zone" } - -variable "service_project_1" { - default = { - project_id = "service-project-1-project-id" - } -} - -variable "service_project_2" { - default = { - project_id = "service-project-2-project-id" - } -} \ No newline at end of file diff --git a/tests/examples_e2e/setup_module/e2e_tests.tfvars.tftpl b/tests/examples_e2e/setup_module/e2e_tests.tfvars.tftpl index ced89dd320..08217a6a1a 100644 --- a/tests/examples_e2e/setup_module/e2e_tests.tfvars.tftpl +++ b/tests/examples_e2e/setup_module/e2e_tests.tfvars.tftpl @@ -17,17 +17,11 @@ billing_account_id = "${billing_account_id}" kms_key = { id = "${kms_key_id}" } -user_email = "${user_email}" group_email = "${group_email}" organization_id = "organizations/${organization_id}" folder_id = "folders/${folder_id}" +prefix = "${prefix}" project_id = "${project_id}" -service_project_1 = { - project_id = "${service_project_1.project_id}" -} -service_project_2 = { - project_id = "${service_project_2.project_id}" -} region = "${region}" service_account = { id = "${service_account.id}" diff --git a/tests/examples_e2e/setup_module/main.tf b/tests/examples_e2e/setup_module/main.tf index 8004d545fe..96e3725197 100644 --- a/tests/examples_e2e/setup_module/main.tf +++ b/tests/examples_e2e/setup_module/main.tf @@ -26,24 +26,17 @@ locals { "cloudkms.googleapis.com", "cloudresourcemanager.googleapis.com", "compute.googleapis.com", + "dns.googleapis.com", "eventarc.googleapis.com", "iam.googleapis.com", "run.googleapis.com", "secretmanager.googleapis.com", + "servicenetworking.googleapis.com", "serviceusage.googleapis.com", "stackdriver.googleapis.com", "storage-component.googleapis.com", "storage.googleapis.com", "vpcaccess.googleapis.com", - "servicenetworking.googleapis.com", - "dns.googleapis.com", - ] - services-svc = [ - # trimmed down list of services, to be extended as needed - "cloudresourcemanager.googleapis.com", - "compute.googleapis.com", - "iam.googleapis.com", - "serviceusage.googleapis.com", ] } @@ -66,34 +59,6 @@ resource "google_project_service" "project_service" { disable_dependent_services = true } -resource "google_project" "service_project_1" { - name = "${local.prefix}-prj-1" - billing_account = var.billing_account - folder_id = google_folder.folder.id - project_id = "${local.prefix}-prj-1" -} - -resource "google_project_service" "service_project_1_service" { - for_each = toset(local.services-svc) - service = each.value - project = google_project.service_project_1.project_id - disable_dependent_services = true -} - -resource "google_project" "service_project_2" { - name = "${local.prefix}-prj-2" - billing_account = var.billing_account - folder_id = google_folder.folder.id - project_id = "${local.prefix}-prj-2" -} - -resource "google_project_service" "service_project_2_service" { - for_each = toset(local.services-svc) - service = each.value - project = google_project.service_project_2.project_id - disable_dependent_services = true -} - resource "google_storage_bucket" "bucket" { location = var.region name = "${local.prefix}-bucket" @@ -152,17 +117,11 @@ resource "local_file" "terraform_tfvars" { billing_account_id = var.billing_account folder_id = google_folder.folder.folder_id group_email = var.group_email - user_email = var.user_email + prefix = var.prefix kms_key_id = google_kms_crypto_key.key.id organization_id = var.organization_id project_id = google_project.project.project_id - service_project_1 = { - project_id = google_project.service_project_1.project_id - } - service_project_2 = { - project_id = google_project.service_project_2.project_id - } - region = var.region + region = var.region service_account = { id = google_service_account.service_account.id email = google_service_account.service_account.email diff --git a/tests/examples_e2e/setup_module/variables.tf b/tests/examples_e2e/setup_module/variables.tf index 65fabafedd..16f110df0a 100644 --- a/tests/examples_e2e/setup_module/variables.tf +++ b/tests/examples_e2e/setup_module/variables.tf @@ -18,9 +18,6 @@ variable "billing_account" { variable "group_email" { type = string } -variable "user_email" { - type = string -} variable "organization_id" { type = string } diff --git a/tests/modules/net_vpc/examples/shared-vpc.yaml b/tests/modules/net_vpc/examples/shared-vpc.yaml index b6ea0f0491..248b1e1959 100644 --- a/tests/modules/net_vpc/examples/shared-vpc.yaml +++ b/tests/modules/net_vpc/examples/shared-vpc.yaml @@ -18,12 +18,9 @@ values: project: project-id module.vpc-host.google_compute_shared_vpc_host_project.shared_vpc_host[0]: project: project-id - module.vpc-host.google_compute_shared_vpc_service_project.service_projects["service-project-1-project-id"]: + module.service-project.google_compute_shared_vpc_service_project.shared_vpc_service[0]: host_project: project-id - service_project: service-project-1-project-id - module.vpc-host.google_compute_shared_vpc_service_project.service_projects["service-project-2-project-id"]: - host_project: project-id - service_project: service-project-2-project-id + service_project: test-prj1 module.vpc-host.google_compute_subnetwork.subnetwork["europe-west1/subnet-1"]: secondary_ip_range: - ip_cidr_range: 172.16.0.0/20 @@ -34,7 +31,6 @@ values: condition: [] members: - serviceAccount:service_account_email - # - serviceAccount:gke project: project-id region: europe-west1 role: roles/compute.networkUser @@ -48,9 +44,12 @@ values: role: roles/compute.securityAdmin subnetwork: subnet-1 + counts: google_compute_network: 1 + google_compute_route: 2 google_compute_shared_vpc_host_project: 1 google_compute_shared_vpc_service_project: 2 google_compute_subnetwork: 1 - google_compute_subnetwork_iam_binding: 2 \ No newline at end of file + google_compute_subnetwork_iam_binding: 2 + modules: 2 \ No newline at end of file diff --git a/tests/modules/net_vpc/examples/subnet-iam.yaml b/tests/modules/net_vpc/examples/subnet-iam.yaml index dae2fdd733..8e15383734 100644 --- a/tests/modules/net_vpc/examples/subnet-iam.yaml +++ b/tests/modules/net_vpc/examples/subnet-iam.yaml @@ -75,7 +75,6 @@ values: condition: [] members: - group:organization-admins@example.org - - user:user1@example.org project: project-id region: europe-west1 role: roles/compute.networkUser @@ -93,7 +92,7 @@ values: subnetwork: subnet-1 module.vpc.google_compute_subnetwork_iam_member.bindings["subnet-2-iam"]: condition: [] - member: user:user1@example.org + member: group:organization-admins@example.org project: project-id region: europe-west1 role: roles/compute.networkUser From 224b98c786d5e5e6439f989e55c77ccb59b749ad Mon Sep 17 00:00:00 2001 From: Thangaraju Rajasekaran Date: Thu, 30 Nov 2023 14:02:44 +0000 Subject: [PATCH 4/4] removed prefix and updated net-vpc shared-vpc for e2e test --- modules/net-vpc/README.md | 5 +---- tests/examples_e2e/setup_module/e2e_tests.tfvars.tftpl | 1 - tests/examples_e2e/setup_module/main.tf | 1 - tests/modules/net_vpc/examples/shared-vpc.yaml | 6 ++++-- 4 files changed, 5 insertions(+), 8 deletions(-) diff --git a/modules/net-vpc/README.md b/modules/net-vpc/README.md index 7bc1d40269..a2fdde4b99 100644 --- a/modules/net-vpc/README.md +++ b/modules/net-vpc/README.md @@ -198,9 +198,6 @@ module "service-project" { "iam.googleapis.com", "serviceusage.googleapis.com" ] - shared_vpc_service_config = { - host_project = var.project_id - } } module "vpc-host" { @@ -231,7 +228,7 @@ module "vpc-host" { module.service-project.project_id ] } -# tftest modules=2 resources=14 inventory=shared-vpc.yaml e2e +# tftest modules=2 resources=13 inventory=shared-vpc.yaml e2e ``` ### Private Service Networking diff --git a/tests/examples_e2e/setup_module/e2e_tests.tfvars.tftpl b/tests/examples_e2e/setup_module/e2e_tests.tfvars.tftpl index 08217a6a1a..d23c39a47b 100644 --- a/tests/examples_e2e/setup_module/e2e_tests.tfvars.tftpl +++ b/tests/examples_e2e/setup_module/e2e_tests.tfvars.tftpl @@ -20,7 +20,6 @@ kms_key = { group_email = "${group_email}" organization_id = "organizations/${organization_id}" folder_id = "folders/${folder_id}" -prefix = "${prefix}" project_id = "${project_id}" region = "${region}" service_account = { diff --git a/tests/examples_e2e/setup_module/main.tf b/tests/examples_e2e/setup_module/main.tf index 96e3725197..4d09f80f82 100644 --- a/tests/examples_e2e/setup_module/main.tf +++ b/tests/examples_e2e/setup_module/main.tf @@ -117,7 +117,6 @@ resource "local_file" "terraform_tfvars" { billing_account_id = var.billing_account folder_id = google_folder.folder.folder_id group_email = var.group_email - prefix = var.prefix kms_key_id = google_kms_crypto_key.key.id organization_id = var.organization_id project_id = google_project.project.project_id diff --git a/tests/modules/net_vpc/examples/shared-vpc.yaml b/tests/modules/net_vpc/examples/shared-vpc.yaml index 248b1e1959..63ba34447d 100644 --- a/tests/modules/net_vpc/examples/shared-vpc.yaml +++ b/tests/modules/net_vpc/examples/shared-vpc.yaml @@ -18,7 +18,9 @@ values: project: project-id module.vpc-host.google_compute_shared_vpc_host_project.shared_vpc_host[0]: project: project-id - module.service-project.google_compute_shared_vpc_service_project.shared_vpc_service[0]: + module.service-project.google_project.project[0]: + project_id: test-prj1 + module.vpc-host.google_compute_shared_vpc_service_project.service_projects["test-prj1"]: host_project: project-id service_project: test-prj1 module.vpc-host.google_compute_subnetwork.subnetwork["europe-west1/subnet-1"]: @@ -49,7 +51,7 @@ counts: google_compute_network: 1 google_compute_route: 2 google_compute_shared_vpc_host_project: 1 - google_compute_shared_vpc_service_project: 2 + google_compute_shared_vpc_service_project: 1 google_compute_subnetwork: 1 google_compute_subnetwork_iam_binding: 2 modules: 2 \ No newline at end of file