From 23d82cfb7a6923b435e35b28e6f9efbb48c48139 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wiktor=20Niesiob=C4=99dzki?= Date: Thu, 11 Jul 2024 15:55:18 +0000 Subject: [PATCH] E2E tests for ncc-spoke-ra --- modules/ncc-spoke-ra/README.md | 92 +++++++++++-------- tests/examples/variables.tf | 17 ++++ .../setup_module/e2e_tests.tfvars.tftpl | 17 +++- tests/examples_e2e/setup_module/main.tf | 85 ++++++++++++++--- tests/fixtures/compute-vm-nva.tf | 63 +++++++++++++ 5 files changed, 221 insertions(+), 53 deletions(-) create mode 100644 tests/fixtures/compute-vm-nva.tf diff --git a/modules/ncc-spoke-ra/README.md b/modules/ncc-spoke-ra/README.md index 0b1934070d..f205852424 100644 --- a/modules/ncc-spoke-ra/README.md +++ b/modules/ncc-spoke-ra/README.md @@ -13,98 +13,110 @@ module "spoke-ra" { source = "./fabric/modules/ncc-spoke-ra" hub = { create = true, name = "ncc-hub" } name = "spoke-ra" - project_id = "my-project" - region = "europe-west1" + project_id = var.project_id + region = var.region router_appliances = [ { - internal_ip = "10.0.0.3" - vm_self_link = "projects/my-project/zones/europe-west1-b/instances/router-app" + internal_ip = module.compute-vm-primary-b.internal_ip + vm_self_link = module.compute-vm-primary-b.self_link } ] router_config = { asn = 65000 - ip_interface0 = "10.0.0.14" - ip_interface1 = "10.0.0.15" + ip_interface0 = "10.0.16.14" + ip_interface1 = "10.0.16.15" peer_asn = 65001 } vpc_config = { - network_name = "my-vpc" + network_name = var.vpc.self_link subnet_self_link = var.subnet.self_link } } -# tftest modules=1 resources=7 +# tftest modules=5 resources=11 fixtures=fixtures/compute-vm-nva.tf e2e ``` ### Two spokes ```hcl +resource "google_network_connectivity_hub" "default" { + name = "Hub" + description = "Hub" + project = var.project_id +} + module "spoke-ra-a" { source = "./fabric/modules/ncc-spoke-ra" - hub = { id = "projects/my-project/locations/global/hubs/ncc-hub" } + hub = { id = google_network_connectivity_hub.default.id } name = "spoke-ra-a" - project_id = "my-project" - region = "europe-west1" + project_id = var.project_id + region = var.regions.primary router_appliances = [ { - internal_ip = "10.0.0.3" - vm_self_link = "projects/my-project/zones/europe-west1-b/instances/router-app-a" + internal_ip = module.compute-vm-primary-b.internal_ip + vm_self_link = module.compute-vm-primary-b.self_link } ] router_config = { asn = 65000 - ip_interface0 = "10.0.0.14" - ip_interface1 = "10.0.0.15" + ip_interface0 = "10.0.16.14" + ip_interface1 = "10.0.16.15" peer_asn = 65001 } vpc_config = { - network_name = "my-vpc1" - subnet_self_link = "projects/my-project/regions/europe-west1/subnetworks/subnet" + network_name = var.vpc.self_link + subnet_self_link = var.subnets.primary.self_link } } module "spoke-ra-b" { source = "./fabric/modules/ncc-spoke-ra" - hub = { id = "projects/my-project/locations/global/hubs/ncc-hub" } + hub = { id = google_network_connectivity_hub.default.id } name = "spoke-ra-b" - project_id = "my-project" - region = "europe-west3" + project_id = var.project_id + region = var.regions.secondary router_appliances = [ { - internal_ip = "10.1.0.5" - vm_self_link = "projects/my-project/zones/europe-west3-b/instances/router-app-b" + internal_ip = module.compute-vm-secondary-b.internal_ip + vm_self_link = module.compute-vm-secondary-b.self_link } ] router_config = { asn = 65000 - ip_interface0 = "10.0.0.14" - ip_interface1 = "10.0.0.15" + ip_interface0 = "10.1.16.14" + ip_interface1 = "10.1.16.15" peer_asn = 65002 } vpc_config = { - network_name = "my-vpc2" - subnet_self_link = "projects/my-project/regions/europe-west3/subnetworks/subnet" + network_name = var.vpc.self_link + subnet_self_link = var.subnets.secondary.self_link } } -# tftest modules=2 resources=12 +# tftest modules=6 resources=17 fixtures=fixtures/compute-vm-nva.tf e2e ``` ### Spoke with load-balanced router appliances ```hcl +resource "google_network_connectivity_hub" "default" { + name = "Hub" + description = "Hub" + project = var.project_id +} + module "spoke-ra" { source = "./fabric/modules/ncc-spoke-ra" - hub = { id = "projects/my-project/locations/global/hubs/ncc-hub" } + hub = { id = google_network_connectivity_hub.default.id } name = "spoke-ra" - project_id = "my-project" - region = "europe-west1" + project_id = var.project_id + region = var.region router_appliances = [ { - internal_ip = "10.0.0.3" - vm_self_link = "projects/my-project/zones/europe-west1-b/instances/router-app-a" + internal_ip = module.compute-vm-primary-b.internal_ip + vm_self_link = module.compute-vm-primary-b.self_link }, { - internal_ip = "10.0.0.4" - vm_self_link = "projects/my-project/zones/europe-west1-c/instances/router-app-b" + internal_ip = module.compute-vm-primary-c.internal_ip + vm_self_link = module.compute-vm-primary-c.self_link } ] router_config = { @@ -115,19 +127,18 @@ module "spoke-ra" { "10.10.0.0/24" = "peered-vpc" } } - ip_interface0 = "10.0.0.14" - ip_interface1 = "10.0.0.15" + ip_interface0 = "10.0.16.14" + ip_interface1 = "10.0.16.15" peer_asn = 65001 } vpc_config = { - network_name = "my-vpc" + network_name = var.vpc.self_link subnet_self_link = var.subnet.self_link } } -# tftest modules=1 resources=8 +# tftest modules=5 resources=13 fixtures=fixtures/compute-vm-nva.tf e2e ``` - ## Variables | name | description | type | required | default | @@ -150,4 +161,7 @@ module "spoke-ra" { | [router](outputs.tf#L27) | Cloud Router resource. | | | [spoke-ra](outputs.tf#L32) | NCC spoke resource. | | +## Fixtures + +- [compute-vm-nva.tf](../../tests/fixtures/compute-vm-nva.tf) diff --git a/tests/examples/variables.tf b/tests/examples/variables.tf index 6c984f249b..c6925bd07e 100644 --- a/tests/examples/variables.tf +++ b/tests/examples/variables.tf @@ -86,6 +86,23 @@ variable "subnet" { } } +variable "subnets" { + default = { + primary = { + name = "primary" + region = "europe-west8" + cidr = "10.0.16.0/24" + self_link = "https://www.googleapis.com/compute/v1/projects/my-project/regions/europe-west8/subnetworks/primary" + } + secondary = { + name = "secondary" + region = "europe-west89" + cidr = "10.0.16.0/24" + self_link = "https://www.googleapis.com/compute/v1/projects/my-project/regions/europe-west9/subnetworks/secondary" + } + } +} + variable "subnet_psc_1" { default = { name = "subnet_name" diff --git a/tests/examples_e2e/setup_module/e2e_tests.tfvars.tftpl b/tests/examples_e2e/setup_module/e2e_tests.tfvars.tftpl index b6cadfeacb..14e05ddf4b 100644 --- a/tests/examples_e2e/setup_module/e2e_tests.tfvars.tftpl +++ b/tests/examples_e2e/setup_module/e2e_tests.tfvars.tftpl @@ -41,7 +41,22 @@ subnet = { region = "${subnet.region}" cidr = "${subnet.ip_cidr_range}" self_link = "${subnet.self_link}" - } +} +subnets = { + primary = { + name = "${subnet.name}" + region = "${subnet.region}" + cidr = "${subnet.ip_cidr_range}" + self_link = "${subnet.self_link}" + } + secondary = { + name = "${subnet_secondary.name}" + region = "${subnet_secondary.region}" + cidr = "${subnet_secondary.ip_cidr_range}" + self_link = "${subnet_secondary.self_link}" + } + +} subnet_psc_1 = { name = "${subnet_psc_1.name}" region = "${subnet_psc_1.region}" diff --git a/tests/examples_e2e/setup_module/main.tf b/tests/examples_e2e/setup_module/main.tf index b1e6005ee2..2e000f561d 100644 --- a/tests/examples_e2e/setup_module/main.tf +++ b/tests/examples_e2e/setup_module/main.tf @@ -90,9 +90,11 @@ resource "google_compute_network" "network" { depends_on = [google_project_service.project_service] } -resource "google_compute_subnetwork" "subnetwork" { +# Primary region networking + +resource "google_compute_subnetwork" "primary" { ip_cidr_range = "10.0.16.0/24" - name = "e2e-test-1" + name = "e2e-test-primary" network = google_compute_network.network.name project = google_project.project.project_id private_ip_google_access = true @@ -107,7 +109,7 @@ resource "google_compute_subnetwork" "subnetwork" { } } -resource "google_compute_subnetwork" "proxy_only_global" { +resource "google_compute_subnetwork" "primary_proxy_only_global" { project = google_project.project.project_id network = google_compute_network.network.name name = "proxy-global" @@ -117,7 +119,7 @@ resource "google_compute_subnetwork" "proxy_only_global" { role = "ACTIVE" } -resource "google_compute_subnetwork" "proxy_only_regional" { +resource "google_compute_subnetwork" "primary_proxy_only_regional" { project = google_project.project.project_id network = google_compute_network.network.name name = "proxy-regional" @@ -127,7 +129,7 @@ resource "google_compute_subnetwork" "proxy_only_regional" { role = "ACTIVE" } -resource "google_compute_subnetwork" "psc" { +resource "google_compute_subnetwork" "primary_psc" { project = google_project.project.project_id network = google_compute_network.network.name name = "psc-regional" @@ -136,6 +138,57 @@ resource "google_compute_subnetwork" "psc" { purpose = "PRIVATE_SERVICE_CONNECT" } + + +# Secondary region networking + +resource "google_compute_subnetwork" "secondary" { + ip_cidr_range = "10.1.16.0/24" + name = "e2e-test-secondary" + network = google_compute_network.network.name + project = google_project.project.project_id + private_ip_google_access = true + region = var.region_secondary + secondary_ip_range { + range_name = "pods" + ip_cidr_range = "100.69.0.0/16" + } + secondary_ip_range { + range_name = "services" + ip_cidr_range = "100.72.1.0/24" + } +} + +resource "google_compute_subnetwork" "secondary_proxy_only_global" { + project = google_project.project.project_id + network = google_compute_network.network.name + name = "proxy-global" + region = var.region_secondary + ip_cidr_range = "10.1.17.0/24" + purpose = "GLOBAL_MANAGED_PROXY" + role = "ACTIVE" +} + +resource "google_compute_subnetwork" "secondary_proxy_only_regional" { + project = google_project.project.project_id + network = google_compute_network.network.name + name = "proxy-regional" + region = var.region_secondary + ip_cidr_range = "10.1.18.0/24" + purpose = "REGIONAL_MANAGED_PROXY" + role = "ACTIVE" +} + +resource "google_compute_subnetwork" "secondary_psc" { + project = google_project.project.project_id + network = google_compute_network.network.name + name = "psc-regional" + region = var.region_secondary + ip_cidr_range = "10.1.19.0/24" + purpose = "PRIVATE_SERVICE_CONNECT" +} + + ### PSA ### resource "google_compute_global_address" "psa_ranges" { @@ -216,16 +269,22 @@ resource "local_file" "terraform_tfvars" { iam_email = "serviceAccount:${google_service_account.service_account.email}" } subnet = { - name = google_compute_subnetwork.subnetwork.name - region = google_compute_subnetwork.subnetwork.region - ip_cidr_range = google_compute_subnetwork.subnetwork.ip_cidr_range - self_link = google_compute_subnetwork.subnetwork.self_link + name = google_compute_subnetwork.primary.name + region = google_compute_subnetwork.primary.region + ip_cidr_range = google_compute_subnetwork.primary.ip_cidr_range + self_link = google_compute_subnetwork.primary.self_link + } + subnet_secondary = { + name = google_compute_subnetwork.secondary.name + region = google_compute_subnetwork.secondary.region + ip_cidr_range = google_compute_subnetwork.secondary.ip_cidr_range + self_link = google_compute_subnetwork.secondary.self_link } subnet_psc_1 = { - name = google_compute_subnetwork.psc.name - region = google_compute_subnetwork.psc.region - ip_cidr_range = google_compute_subnetwork.psc.ip_cidr_range - self_link = google_compute_subnetwork.psc.self_link + name = google_compute_subnetwork.primary_psc.name + region = google_compute_subnetwork.primary_psc.region + ip_cidr_range = google_compute_subnetwork.primary_psc.ip_cidr_range + self_link = google_compute_subnetwork.primary_psc.self_link } vpc = { name = google_compute_network.network.name diff --git a/tests/fixtures/compute-vm-nva.tf b/tests/fixtures/compute-vm-nva.tf new file mode 100644 index 0000000000..6e6bd427e7 --- /dev/null +++ b/tests/fixtures/compute-vm-nva.tf @@ -0,0 +1,63 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +module "compute-vm-primary-b" { + source = "./fabric/modules/compute-vm" + project_id = var.project_id + zone = "${var.regions.primary}-b" + name = "test-primary-b" + can_ip_forward = true + network_interfaces = [{ + network = var.vpc.self_link + subnetwork = var.subnets.primary.self_link + }] +} + +module "compute-vm-primary-c" { + source = "./fabric/modules/compute-vm" + project_id = var.project_id + zone = "${var.regions.primary}-c" + name = "test-primary-c" + can_ip_forward = true + network_interfaces = [{ + network = var.vpc.self_link + subnetwork = var.subnets.primary.self_link + }] +} + + +module "compute-vm-secondary-b" { + source = "./fabric/modules/compute-vm" + project_id = var.project_id + zone = "${var.regions.secondary}-b" + name = "test-secondary-b" + can_ip_forward = true + network_interfaces = [{ + network = var.vpc.self_link + subnetwork = var.subnets.secondary.self_link + }] +} + +module "compute-vm-secondary-c" { + source = "./fabric/modules/compute-vm" + project_id = var.project_id + zone = "${var.regions.secondary}-c" + name = "test-secondary-c" + can_ip_forward = true + network_interfaces = [{ + network = var.vpc.self_link + subnetwork = var.subnets.secondary.self_link + }] +}