Generalization of tflint call for FAST stages (GoogleCloudPlatform#2225)

* Generalization of tflint call for FAST

* Fix tfvars path

* Fix tfvars path - depending where the file is

* Fix regex

* Reeanble linting

* Align test directory to stage name

* Align all fast stages to use tftest

.github/workflows/linting.yml

@@ -68,19 +68,14 @@ jobs:
 
       - name: TFLint FAST
         run: |
-          # TODO: try to generalize this
-          tflint --chdir fast/stages/0-bootstrap --var-file ../../../tests/fast/stages/s0_bootstrap/simple.tfvars
-          tflint --chdir fast/stages/1-resman --var-file ../../../tests/fast/stages/s1_resman/simple.tfvars
-          tflint --chdir fast/stages/2-networking-a-peering --var-file ../../../tests/fast/stages/s2_networking_a_peering/common.tfvars
-          tflint --chdir fast/stages/2-networking-b-vpn --var-file ../../../tests/fast/stages/s2_networking_b_vpn/common.tfvars
-          tflint --chdir fast/stages/2-networking-c-nva --var-file ../../../tests/fast/stages/s2_networking_c_nva/common.tfvars
-          tflint --chdir fast/stages/2-networking-d-separate-envs --var-file ../../../tests/fast/stages/s2_networking_d_separate_envs/common.tfvars
-          tflint --chdir fast/stages/2-security --var-file ../../../tests/fast/stages/s2_security/common.tfvars
-          tflint --chdir fast/stages/3-data-platform/dev --var-file ../../../../tests/fast/stages/s3_data_platform/common.tfvars
-          tflint --chdir fast/stages/3-gcve/prod/ --var-file ../../../../tests/fast/stages/s3_gcve_minimal/simple.tfvars
-          tflint --chdir fast/stages/3-data-platform/dev --var-file ../../../../tests/fast/stages/s3_data_platform/common.tfvars
-          tflint --chdir fast/stages/3-gke-multitenant/dev --var-file ../../../../tests/fast/stages/s3_gke_multitenant/common.tfvars
-          tflint --chdir fast/stages/3-project-factory/dev --var-file ../../../../tests/fast/stages/s3_project_factory/common.tfvars
+          for STAGE_DIR in $(find fast/stages -name main.tf -printf '%h\n' ) ; do
+            STAGE_NAME=$(echo ${STAGE_DIR} | sed -e 's#^fast/stages/\([^/]*\)[/]\?.*$#\1#')
+            VAR_PATH_LEVEL="."
+            if [ -z $(echo ${STAGE_DIR} | sed -e 's#^fast/stages/[^/]*/\(.*\)$##') ] ; then
+              VAR_PATH_LEVEL=".."
+            fi
+            tflint --chdir ${STAGE_DIR} --var-file ${VAR_PATH_LEVEL}/../../../tests/fast/stages/s$(echo ${STAGE_NAME} | sed -e 's/-/_/g')/simple.tfvars
+          done
 
       - name: Check documentation
         id: documentation-fabric

CONTRIBUTING.md

@@ -1007,8 +1007,7 @@ tests:
   # run a test named `test-plan`, load the specified tfvars files
   # use the default inventory file of `test-plan.yaml`
   test-plan:
-    tfvars: # if omitted, we load test-plan.tfvars by default
-      - test-plan.tfvars
+    tfvars: # test-plan.tfvars is always loaded
       - test-plan-extra.tfvars
     inventory:
       - test-plan.yaml

tests/fast/stages/s0_bootstrap/tftest.yaml

@@ -20,13 +20,7 @@ tests:
     extra_files:
       - ../../../tests/fast/stages/s0_bootstrap/data/checklist-data.json
       - ../../../tests/fast/stages/s0_bootstrap/data/checklist-org-iam.json
-    tfvars:
-      - checklist.tfvars
-    inventory:
-      - checklist.yaml
   simple:
-    tfvars:
-      - simple.tfvars
     inventory:
       - simple.yaml
       - simple_projects.yaml

tests/fast/stages/s1_resman/tftest.yaml

@@ -18,12 +18,4 @@ tests:
   checklist:
     extra_files:
       - ../../../tests/fast/stages/s0_bootstrap/data/checklist-data.json
-    tfvars:
-      - checklist.tfvars
-    inventory:
-      - checklist.yaml
   simple:
-    tfvars:
-      - simple.tfvars
-    inventory:
-      - simple.yaml

tests/fast/stages/s2_networking_a_peering/test_plan.py

@@ -26,9 +26,9 @@ def test_vpn_peering_parity(plan_summary):
   '''Ensure VPN- and peering-based networking stages are identical except
   for VPN and VPC peering resources'''
   summary_peering = plan_summary("fast/stages/2-networking-a-peering",
-                                 tf_var_files=["common.tfvars"])
+                                 tf_var_files=["simple.tfvars"])
   summary_vpn = plan_summary("fast/stages/2-networking-b-vpn",
-                             tf_var_files=["common.tfvars"])
+                             tf_var_files=["simple.tfvars"])
 
   ddiff = DeepDiff(summary_vpn.values, summary_peering.values,
                    ignore_order=True)

tests/fast/stages/s2_networking_a_peering/tftest.yaml

@@ -13,10 +13,8 @@
 # limitations under the License.
 
 module: fast/stages/2-networking-a-peering
-common_tfvars:
-  - common.tfvars
 
 tests:
-  stage:
+  simple:
     extra_files:
       - ../../plugins/2-networking-serverless-connector/*.tf

tests/fast/stages/s2_networking_b_vpn/tftest.yaml

@@ -13,10 +13,8 @@
 # limitations under the License.
 
 module: fast/stages/2-networking-b-vpn
-common_tfvars:
-  - common.tfvars
 
 tests:
-  stage:
+  simple:
     extra_files:
       - ../../plugins/2-networking-serverless-connector/*.tf

tests/fast/stages/s2_networking_c_nva/tftest.yaml

@@ -13,10 +13,8 @@
 # limitations under the License.
 
 module: fast/stages/2-networking-c-nva
-common_tfvars:
-  - common.tfvars
 
 tests:
-  stage:
+  simple:
     extra_files:
       - ../../plugins/2-networking-serverless-connector/*.tf

tests/fast/stages/s2_networking_d_separate_envs/tftest.yaml

@@ -13,10 +13,8 @@
 # limitations under the License.
 
 module: fast/stages/2-networking-d-separate-envs
-common_tfvars:
-  - common.tfvars
 
 tests:
-  stage:
+  simple:
     extra_files:
       - ../../plugins/2-networking-serverless-connector/*.tf

tests/fast/stages/s2_networking_e_nva_bgp/tftest.yaml

@@ -13,8 +13,6 @@
 # limitations under the License.
 
 module: fast/stages/2-networking-e-nva-bgp
-common_tfvars:
-  - common.tfvars
 
 tests:
-  stage:
+  simple:

tests/fast/stages/s3_data_platform/test_plan.py → tests/fast/stages/s2_security/simple.yaml

@@ -1,4 +1,4 @@
-# Copyright 2023 Google LLC
+# Copyright 2024 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,10 +12,19 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-
-def test_counts(plan_summary):
-  "Test stage."
-  summary = plan_summary("fast/stages/3-data-platform/dev/",
-                         tf_var_files=["common.tfvars"])
-  assert summary.counts["modules"] > 0
-  assert summary.counts["resources"] > 0
+counts:
+  google_access_context_manager_access_policy: 1
+  google_access_context_manager_service_perimeter: 1
+  google_essential_contacts_contact: 1
+  google_folder: 1
+  google_kms_crypto_key: 8
+  google_kms_crypto_key_iam_binding: 8
+  google_kms_key_ring: 8
+  google_project: 2
+  google_project_iam_binding: 2
+  google_project_iam_member: 2
+  google_project_service: 6
+  google_project_service_identity: 2
+  google_storage_bucket_object: 1
+  modules: 12
+  resources: 43

tests/fast/stages/s3_gke_multitenant/__init__.py → tests/fast/stages/s2_security/tftest.yaml

@@ -11,3 +11,8 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+
+module: fast/stages/2-security
+
+tests:
+  simple:

tests/fast/stages/s3_data_platform/simple.yaml

@@ -0,0 +1,35 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+counts:
+  google_artifact_registry_repository: 1
+  google_bigquery_dataset: 4
+  google_bigquery_default_service_account: 7
+  google_composer_environment: 1
+  google_compute_shared_vpc_service_project: 3
+  google_data_catalog_policy_tag: 3
+  google_data_catalog_taxonomy: 1
+  google_project: 9
+  google_project_iam_binding: 61
+  google_project_iam_member: 16
+  google_project_service: 114
+  google_project_service_identity: 18
+  google_pubsub_topic: 1
+  google_service_account: 8
+  google_service_account_iam_binding: 13
+  google_storage_bucket: 9
+  google_storage_bucket_object: 1
+  google_storage_project_service_account: 7
+  modules: 34
+  resources: 277

tests/fast/stages/s3_data_platform/__init__.py → tests/fast/stages/s3_data_platform/tftest.yaml

@@ -11,3 +11,8 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+
+module: fast/stages/3-data-platform/dev/
+
+tests:
+  simple:

tests/fast/stages/s3_gcve_minimal/tftest.yaml → tests/fast/stages/s3_gcve/tftest.yaml

@@ -16,7 +16,3 @@ module: fast/stages/3-gcve/prod
 
 tests:
   simple:
-    tfvars:
-      - simple.tfvars
-    inventory:
-      - simple.yaml

tests/fast/stages/s2_security/test_plan.py → tests/fast/stages/s3_gke_multitenant/simple.yaml

@@ -1,4 +1,4 @@
-# Copyright 2023 Google LLC
+# Copyright 2024 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -12,10 +12,17 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-
-def test_counts(plan_summary):
-  "Test stage."
-  summary = plan_summary("fast/stages/2-security",
-                         tf_var_files=["common.tfvars"])
-  assert summary.counts["modules"] > 0
-  assert summary.counts["resources"] > 0
+counts:
+  google_bigquery_dataset: 1
+  google_compute_shared_vpc_service_project: 1
+  google_container_cluster: 1
+  google_container_node_pool: 1
+  google_project: 1
+  google_project_iam_binding: 1
+  google_project_iam_member: 8
+  google_project_service: 12
+  google_project_service_identity: 2
+  google_service_account: 1
+  google_storage_bucket_object: 1
+  modules: 6
+  resources: 30

tests/fast/stages/s3_gcve_minimal/__init__.py → tests/fast/stages/s3_gke_multitenant/tftest.yaml

@@ -11,3 +11,8 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+
+module: fast/stages/3-gke-multitenant/dev/
+
+tests:
+  simple:

tests/fast/stages/s3_project_factory/simple.yaml

@@ -0,0 +1,20 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+counts:
+  google_project: 1
+  google_project_service: 3
+  google_storage_project_service_account: 1
+  modules: 2
+  resources: 5

tests/fast/stages/s3_project_factory/__init__.py → tests/fast/stages/s3_project_factory/tftest.yaml

@@ -11,3 +11,8 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+
+module: fast/stages/3-project-factory/dev
+
+tests:
+  simple: