GoogleCloudPlatform · juliocc · Nov 18, 2022 · Nov 16, 2022 · Nov 16, 2022 · Nov 17, 2022
diff --git a/blueprints/cloud-operations/iam-delegated-role-grants/README.md b/blueprints/cloud-operations/iam-delegated-role-grants/README.md
@@ -27,13 +27,12 @@ By changing the `restricted_role_grant`, the blueprint can be used to grant admi
 
 You can easily configure the blueprint for this use case:
 
-```hcl
+```tfvars
 # terraform.tfvars
 
 delegated_role_grants = ["roles/compute.networkUser"]
-direct_role_grants = []
+direct_role_grants    = []
 restricted_role_grant = "roles/compute.networkAdmin"
-# tftest skip
 ```
 
 This diagram shows the resources and expected behaviour:

diff --git a/blueprints/data-solutions/data-platform-foundations/README.md b/blueprints/data-solutions/data-platform-foundations/README.md
@@ -135,7 +135,6 @@ service_encryption_keys = {
     storage  = "KEY_URL_MULTIREGIONAL"
     pubsub   = "KEY_URL_MULTIREGIONAL"
 }
-# tftest skip
 ```
 
 This step is optional and depends on customer policies and security best practices.
@@ -198,8 +197,7 @@ billing_account_id  = "111111-222222-333333"
 older_id            = "folders/123456789012"
 organization_domain = "domain.com"
 prefix              = "myco"
-# tftest skip`
-``
+```
 
 For more fine details check variables on [`variables.tf`](./variables.tf) and update according to the desired configuration. Remember to create team groups described [below](#groups).
 

diff --git a/blueprints/networking/hub-and-spoke-vpn/README.md b/blueprints/networking/hub-and-spoke-vpn/README.md
@@ -35,7 +35,7 @@ You can easily create such a project by commenting turning on project creation i
 
 ```hcl
 module "project" {
-  source           = "../../..//modules/project"
+  source           = "../../../modules/project"
   name             = var.project_id
   # comment or remove this line to enable project creation
   # project_create = false

diff --git a/modules/__experimental/net-dns-policy-address/README.md b/modules/__experimental/net-dns-policy-address/README.md
@@ -12,7 +12,7 @@ module "dns-policy-addresses" {
   project_id = "myproject"
   regions    = ["europe-west1", "europe-west3"]
 }
-# tftest skip
+# tftest skip (uses data sources)
 ```
 
 The output is a map with lists of addresses of type `DNS_RESOLVER` for each region specified in variables.

diff --git a/modules/endpoints/README.md b/modules/endpoints/README.md
@@ -11,14 +11,24 @@ module "endpoint" {
   source         = "./fabric/modules/endpoints"
   project_id     = "my-project"
   service_name   = "YOUR-API.endpoints.YOUR-PROJECT-ID.cloud.goog"
-  openapi_config = { "yaml_path" = "openapi.yaml" }
+  openapi_config = { "yaml_path" = "configs/endpoints/openapi.yaml" }
   iam = {
     "servicemanagement.serviceController" = [
       "serviceAccount:[email protected]"
     ]
   }
 }
-# tftest skip
+# tftest modules=1 resources=2 files=openapi
+```
+
+```yaml
+# tftest file openapi configs/endpoints/openapi.yaml
+swagger: "2.0"
+info:
+  description: "A simple Google Cloud Endpoints API example."
+  title: "Endpoints Example"
+  version: "1.0.0"
+host: "echo-api.endpoints.YOUR-PROJECT-ID.cloud.goog"
 ```
 
 [Here](https://github.com/GoogleCloudPlatform/python-docs-samples/blob/master/endpoints/getting-started/openapi.yaml) you can find an example of an openapi.yaml file. Once created the endpoint, remember to activate the service at project level.

diff --git a/modules/folder/README.md b/modules/folder/README.md
@@ -89,29 +89,27 @@ module "folder" {
   parent = "organizations/1234567890"
   name  = "Folder name"
   firewall_policy_factory = {
-    cidr_file   = "data/cidrs.yaml"
+    cidr_file   = "configs/firewall-policies/cidrs.yaml"
     policy_name = null
-    rules_file  = "data/rules.yaml"
+    rules_file  = "configs/firewall-policies/rules.yaml"
   }
   firewall_policy_association = {
     factory-policy = module.folder.firewall_policy_id["factory"]
   }
 }
-# tftest skip
+# tftest modules=1 resources=5 files=cidrs,rules
 ```
 
 ```yaml
-# cidrs.yaml
-
+# tftest file cidrs configs/firewall-policies/cidrs.yaml
 rfc1918:
   - 10.0.0.0/8
   - 172.16.0.0/12
   - 192.168.0.0/16
 ```
 
 ```yaml
-# rules.yaml
-
+# tftest file rules configs/firewall-policies/rules.yaml
 allow-admins:
   description: Access from the admin subnet to all subnets
   direction: INGRESS

diff --git a/modules/folder/organization-policies.tf b/modules/folder/organization-policies.tf
@@ -17,14 +17,10 @@
 # tfdoc:file:description Folder-level organization policies.
 
 locals {
-  _factory_data_raw = (
-    var.org_policies_data_path == null
-    ? tomap({})
-    : merge([
-      for f in fileset(var.org_policies_data_path, "*.yaml") :
-      yamldecode(file("${var.org_policies_data_path}/${f}"))
-    ]...)
-  )
+  _factory_data_raw = merge([
+    for f in try(fileset(var.org_policies_data_path, "*.yaml"), []) :
+    yamldecode(file("${var.org_policies_data_path}/${f}"))
+  ]...)
 
   # simulate applying defaults to data coming from yaml files
   _factory_data = {

diff --git a/modules/kms/README.md b/modules/kms/README.md
@@ -23,7 +23,7 @@ module "kms" {
   keyring_create = false
   keys           = { key-a = null, key-b = null, key-c = null }
 }
-# tftest skip
+# tftest skip (uses data sources)
 ```
 
 ### Keyring creation and crypto key rotation and IAM roles

diff --git a/modules/net-vpc-firewall/README.md b/modules/net-vpc-firewall/README.md
@@ -138,16 +138,16 @@ module "firewall" {
   project_id       = "my-project"
   network          = "my-network"
   factories_config = {
-    rules_folder  = "config/firewall"
-    cidr_tpl_file = "config/cidr_template.yaml"
+    rules_folder  = "configs/firewal/rules"
+    cidr_tpl_file = "configs/firewal/cidr_template.yaml"
   }
 
 }
-# tftest skip
+# tftest modules=1 resources=3
 ```
 
 ```yaml
-# ./config/firewall/load_balancers.yaml
+# tftest file configs/firewall/rules/load_balancers.yaml
 allow-healthchecks:
   description: Allow ingress from healthchecks.
   ranges:
@@ -161,13 +161,12 @@ allow-healthchecks:
 ```
 
 ```yaml
-# ./config/cidr_template.yaml
+# tftest file configs/firewall/cidr_template.yaml
 healthchecks:
   - 35.191.0.0/16
   - 130.211.0.0/22
   - 209.85.152.0/22
   - 209.85.204.0/22
-
 ```
 <!-- BEGIN TFDOC -->
 

diff --git a/modules/net-vpc/README.md b/modules/net-vpc/README.md
@@ -233,11 +233,11 @@ module "vpc" {
   name        = "my-network"
   data_folder = "config/subnets"
 }
-# tftest skip
+# tftest modules=1 resources=1 file=subnets
 ```
 
 ```yaml
-# ./config/subnets/subnet-name.yaml
+# tftest file subnets ./config/subnets/subnet-name.yaml
 region: europe-west1
 description: Sample description
 ip_cidr_range: 10.0.0.0/24

diff --git a/modules/organization/README.md b/modules/organization/README.md
@@ -137,16 +137,15 @@ module "org" {
   source          = "./fabric/modules/organization"
   organization_id = var.organization_id
 
-  org_policy_custom_constraints_data_path = "/my/path"
-
+  org_policy_custom_constraints_data_path = "configs/custom-constraints"
 }
-# tftest skip
+# tftest modules=1 resources=3 files=gke,dataproc
 ```
 
 ```yaml
-# /my/path/gke.yaml
+# tftest file gke configs/custom-constraints/gke.yaml
 custom.gkeEnableLogging:
-  resource_types: 
+  resource_types:
   - container.googleapis.com/Cluster
   method_types:
   - CREATE
@@ -155,7 +154,7 @@ custom.gkeEnableLogging:
   action_type: DENY
   display_name: Do not disable Cloud Logging
 custom.gkeEnableAutoUpgrade:
-  resource_types: 
+  resource_types:
   - container.googleapis.com/NodePool
   method_types:
   - CREATE
@@ -166,10 +165,9 @@ custom.gkeEnableAutoUpgrade:
 ```
 
 ```yaml
-# /my/path/dataproc.yaml
-
-custom.dataprocNoMoreThan10Workers
-  resource_types: 
+# tftest file dataproc configs/custom-constraints/dataproc.yaml
+custom.dataprocNoMoreThan10Workers:
+  resource_types:
   - dataproc.googleapis.com/Cluster
   method_types:
   - CREATE
@@ -228,29 +226,27 @@ module "org" {
   source          = "./fabric/modules/organization"
   organization_id = var.organization_id
   firewall_policy_factory = {
-    cidr_file   = "data/cidrs.yaml"
+    cidr_file   = "configs/firewall-policies/cidrs.yaml"
     policy_name = null
-    rules_file  = "data/rules.yaml"
+    rules_file  = "configs/firewall-policies/rules.yaml"
   }
   firewall_policy_association = {
     factory-policy = module.org.firewall_policy_id["factory"]
   }
 }
-# tftest skip
+# tftest modules=1 resources=4 files=cidrs,rules
 ```
 
 ```yaml
-# cidrs.yaml
-
+# tftest file cidrs configs/firewall-policies/cidrs.yaml
 rfc1918:
   - 10.0.0.0/8
   - 172.16.0.0/12
   - 192.168.0.0/16
 ```
 
 ```yaml
-# rules.yaml
-
+# tftest file rules configs/firewall-policies/rules.yaml
 allow-admins:
   description: Access from the admin subnet to all subnets
   direction: INGRESS

diff --git a/modules/organization/org-policy-custom-constraints.tf b/modules/organization/org-policy-custom-constraints.tf
@@ -15,14 +15,11 @@
  */
 
 locals {
-  _custom_constraints_factory_data_raw = (
-    var.org_policy_custom_constraints_data_path == null
-    ? tomap({})
-    : tomap(merge([
-      for f in fileset(var.org_policy_custom_constraints_data_path, "*.yaml") :
-      yamldecode(file("${var.org_policy_custom_constraints_data_path}/${f}"))
-    ]...))
-  )
+  _custom_constraints_factory_data_raw = merge([
+    for f in try(fileset(var.org_policy_custom_constraints_data_path, "*.yaml"), []) :
+    yamldecode(file("${var.org_policy_custom_constraints_data_path}/${f}"))
+  ]...)
+
 
   _custom_constraints_factory_data = {
     for k, v in local._custom_constraints_factory_data_raw :

diff --git a/modules/organization/organization-policies.tf b/modules/organization/organization-policies.tf
@@ -17,14 +17,10 @@
 # tfdoc:file:description Organization-level organization policies.
 
 locals {
-  _factory_data_raw = (
-    var.org_policies_data_path == null
-    ? tomap({})
-    : merge([
-      for f in fileset(var.org_policies_data_path, "*.yaml") :
-      yamldecode(file("${var.org_policies_data_path}/${f}"))
-    ]...)
-  )
+  _factory_data_raw = merge([
+    for f in try(fileset(var.org_policies_data_path, "*.yaml"), []) :
+    yamldecode(file("${var.org_policies_data_path}/${f}"))
+  ]...)
 
   # simulate applying defaults to data coming from yaml files
   _factory_data = {

diff --git a/modules/project/README.md b/modules/project/README.md
@@ -224,13 +224,13 @@ module "folder" {
   source                 = "./fabric/modules/folder"
   parent                 = "organizations/1234567890"
   name                   = "Folder name"
-  org_policies_data_path = "/my/path"
+  org_policies_data_path = "configs/org-policies/"
 }
-# tftest skip
+# tftest modules=1 resources=6 files=boolean,list
 ```
 
 ```yaml
-# /my/path/boolean.yaml
+# tftest file boolean configs/org-policies/boolean.yaml
 iam.disableServiceAccountKeyCreation:
   enforce: true
 
@@ -246,7 +246,7 @@ iam.disableServiceAccountKeyUpload:
 ```
 
 ```yaml
-# /my/path/list.yaml
+# tftest file list configs/org-policies/list.yaml
 compute.vmExternalIpAccess:
   deny:
     all: true

diff --git a/modules/project/organization-policies.tf b/modules/project/organization-policies.tf
@@ -17,14 +17,10 @@
 # tfdoc:file:description Project-level organization policies.
 
 locals {
-  _factory_data_raw = (
-    var.org_policies_data_path == null
-    ? tomap({})
-    : merge([
-      for f in fileset(var.org_policies_data_path, "*.yaml") :
-      yamldecode(file("${var.org_policies_data_path}/${f}"))
-    ]...)
-  )
+  _factory_data_raw = merge([
+    for f in try(fileset(var.org_policies_data_path, "*.yaml"), []) :
+    yamldecode(file("${var.org_policies_data_path}/${f}"))
+  ]...)
 
   # simulate applying defaults to data coming from yaml files
   _factory_data = {

diff --git a/modules/projects-data-source/README.md b/modules/projects-data-source/README.md
@@ -22,7 +22,7 @@ output "folders" {
   value = module.my-org.folders
 }
 
-# tftest skip
+# tftest skip (uses data sources)
 ```
 
 ### My dev projects based on parent and label
@@ -42,7 +42,7 @@ output "dev-folders" {
   value = module.my-dev.folders
 }
 
-# tftest skip
+# tftest skip (uses data sources)
 ```
 <!-- BEGIN TFDOC -->