From b96eda31e483927dc2b849a359f8486098369a5d Mon Sep 17 00:00:00 2001 From: Akshay Bathija <69940325+akshaybathija-github@users.noreply.github.com> Date: Thu, 16 Feb 2023 11:56:48 +0530 Subject: [PATCH] chore: Adding test Upgrade for 4 tests (#1561) Co-authored-by: Akshay Bathija Co-authored-by: Bharath KKB --- build/int.cloudbuild.yaml | 64 ++-- .../integration/shared_vpc/controls/gcloud.rb | 39 --- test/integration/shared_vpc/inspec.yml | 25 -- .../integration/shared_vpc/shared_vpc_test.go | 40 +++ .../controls/gcloud.rb | 68 ---- .../simple_autopilot_private/inspec.yml | 31 -- .../simple_autopilot_private_test.go | 60 ++++ .../testdata/TestSimpleAutopilotPrivate.json | 285 ++++++++++++++++ .../controls/gcloud.rb | 65 ---- .../simple_autopilot_public/inspec.yml | 31 -- .../simple_autopiliot_public_test.go | 61 ++++ .../testdata/TestSimpleAutopilotPublic.json | 273 +++++++++++++++ .../simple_regional/controls/gcloud.rb | 191 ----------- test/integration/simple_regional/inspec.yml | 31 -- .../simple_regional/simple_regional_test.go | 63 ++++ .../testdata/TestSimpleRegional.json | 310 ++++++++++++++++++ 16 files changed, 1134 insertions(+), 503 deletions(-) delete mode 100644 test/integration/shared_vpc/controls/gcloud.rb delete mode 100644 test/integration/shared_vpc/inspec.yml create mode 100644 test/integration/shared_vpc/shared_vpc_test.go delete mode 100644 test/integration/simple_autopilot_private/controls/gcloud.rb delete mode 100644 test/integration/simple_autopilot_private/inspec.yml create mode 100644 test/integration/simple_autopilot_private/simple_autopilot_private_test.go create mode 100644 test/integration/simple_autopilot_private/testdata/TestSimpleAutopilotPrivate.json delete mode 100644 test/integration/simple_autopilot_public/controls/gcloud.rb delete mode 100644 test/integration/simple_autopilot_public/inspec.yml create mode 100644 test/integration/simple_autopilot_public/simple_autopiliot_public_test.go create mode 100644 test/integration/simple_autopilot_public/testdata/TestSimpleAutopilotPublic.json delete mode 100644 test/integration/simple_regional/controls/gcloud.rb delete mode 100644 test/integration/simple_regional/inspec.yml create mode 100644 test/integration/simple_regional/simple_regional_test.go create mode 100644 test/integration/simple_regional/testdata/TestSimpleRegional.json diff --git a/build/int.cloudbuild.yaml b/build/int.cloudbuild.yaml index 3cebf97b1e..4c890255e7 100644 --- a/build/int.cloudbuild.yaml +++ b/build/int.cloudbuild.yaml @@ -46,21 +46,26 @@ steps: - verify disable-client-cert name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' args: ['/bin/bash', '-c', 'cft test run TestDisableClientCert --stage teardown --verbose --test-dir test/integration'] -- id: converge shared-vpc-local +- id: init shared-vpc-local waitFor: - create all name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' - args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge shared-vpc-local'] + args: ['/bin/bash', '-c', 'cft test run TestSharedVPC --stage init --verbose --test-dir test/integration'] +- id: apply shared-vpc-local + waitFor: + - init shared-vpc-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'cft test run TestSharedVPC --stage apply --verbose --test-dir test/integration'] - id: verify shared-vpc-local waitFor: - - converge shared-vpc-local + - apply shared-vpc-local name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' - args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify shared-vpc-local'] + args: ['/bin/bash', '-c', 'cft test run TestSharedVPC --stage verify --verbose --test-dir test/integration'] - id: destroy shared-vpc-local waitFor: - verify shared-vpc-local name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' - args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy shared-vpc-local'] + args: ['/bin/bash', '-c', 'cft test run TestSharedVPC --stage teardown --verbose --test-dir test/integration'] - id: init safer-cluster-local waitFor: - create all @@ -81,21 +86,26 @@ steps: - verify safer-cluster-local name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' args: ['/bin/bash', '-c', 'cft test run TestSaferCluster --stage destroy --verbose'] -- id: converge simple-regional-local +- id: init simple-regional-local waitFor: - create all name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' - args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge simple-regional-local'] + args: ['/bin/bash', '-c', 'cft test run TestSimpleRegional --stage init --verbose'] +- id: apply simple-regional-local + waitFor: + - init simple-regional-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'cft test run TestSimpleRegional --stage apply --verbose'] - id: verify simple-regional-local waitFor: - - converge simple-regional-local + - apply simple-regional-local name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' - args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify simple-regional-local'] + args: ['/bin/bash', '-c', 'cft test run TestSimpleRegional --stage verify --verbose'] - id: destroy simple-regional-local waitFor: - - verify simple-regional-local + - apply simple-regional-local name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' - args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy simple-regional-local'] + args: ['/bin/bash', '-c', 'cft test run TestSimpleRegional --stage teardown --verbose'] - id: converge simple-regional-private-local waitFor: - create all @@ -381,36 +391,46 @@ steps: - verify simple-zonal-with-asm-local name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy simple-zonal-with-asm-local'] -- id: converge simple-autopilot-private-local +- id: init simple-autopilot-private-local waitFor: - create all name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' - args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge simple-autopilot-private-local'] + args: ['/bin/bash', '-c', 'cft test run TestSimpleAutopilotPrivate --stage init --verbose'] +- id: apply simple-autopilot-private-local + waitFor: + - init simple-autopilot-private-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'cft test run TestSimpleAutopilotPrivate --stage apply --verbose'] - id: verify simple-autopilot-private-local waitFor: - - converge simple-autopilot-private-local + - apply simple-autopilot-private-local name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' - args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify simple-autopilot-private-local'] + args: ['/bin/bash', '-c', 'cft test run TestSimpleAutopilotPrivate --stage verify --verbose'] - id: destroy simple-autopilot-private-local waitFor: - - verify simple-autopilot-private-local + - apply simple-autopilot-private-local name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' - args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy simple-autopilot-private-local'] -- id: converge simple-autopilot-public-local + args: ['/bin/bash', '-c', 'cft test run TestSimpleAutopilotPrivate --stage teardown --verbose'] +- id: init simple-autopilot-public-local waitFor: - create all name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' - args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge simple-autopilot-public-local'] + args: ['/bin/bash', '-c', 'cft test run TestSimpleAutopilotPublic --stage init --verbose'] +- id: apply simple-autopilot-public-local + waitFor: + - init simple-autopilot-public-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'cft test run TestSimpleAutopilotPublic --stage apply --verbose'] - id: verify simple-autopilot-public-local waitFor: - - converge simple-autopilot-public-local + - apply simple-autopilot-public-local name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' - args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify simple-autopilot-public-local'] + args: ['/bin/bash', '-c', 'cft test run TestSimpleAutopilotPublic --stage verify --verbose'] - id: destroy simple-autopilot-public-local waitFor: - verify simple-autopilot-public-local name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' - args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy simple-autopilot-public-local'] + args: ['/bin/bash', '-c', 'cft test run TestSimpleAutopilotPublic --stage teardown --verbose'] - id: init private-zonal-with-networking waitFor: - prepare diff --git a/test/integration/shared_vpc/controls/gcloud.rb b/test/integration/shared_vpc/controls/gcloud.rb deleted file mode 100644 index fd72b9180b..0000000000 --- a/test/integration/shared_vpc/controls/gcloud.rb +++ /dev/null @@ -1,39 +0,0 @@ -# Copyright 2019 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -project_id = attribute('project_id') -location = attribute('location') -cluster_name = attribute('cluster_name') - -control "gcloud" do - title "Google Compute Engine GKE configuration" - describe command("gcloud --project=#{project_id} container clusters --zone=#{location} describe #{cluster_name} --format=json") do - its(:exit_status) { should eq 0 } - its(:stderr) { should eq '' } - - let!(:data) do - if subject.exit_status == 0 - JSON.parse(subject.stdout) - else - {} - end - end - - describe "cluster" do - it "is running" do - expect(data['status']).to eq 'RUNNING' - end - end - end -end diff --git a/test/integration/shared_vpc/inspec.yml b/test/integration/shared_vpc/inspec.yml deleted file mode 100644 index 35f991730d..0000000000 --- a/test/integration/shared_vpc/inspec.yml +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -name: shared_vpc -attributes: - - name: project_id - required: true - type: string - - name: location - required: true - type: string - - name: cluster_name - required: true - type: string diff --git a/test/integration/shared_vpc/shared_vpc_test.go b/test/integration/shared_vpc/shared_vpc_test.go new file mode 100644 index 0000000000..d614767651 --- /dev/null +++ b/test/integration/shared_vpc/shared_vpc_test.go @@ -0,0 +1,40 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +package shared_vpc + +import ( + "testing" + + "github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/gcloud" + "github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/tft" + "github.com/stretchr/testify/assert" +) + +func TestSharedVPC(t *testing.T) { + bpt := tft.NewTFBlueprintTest(t) + + bpt.DefineVerify(func(assert *assert.Assertions) { + //Skipping Default Verify as the Verify Stage fails due to change in Client Cert Token + // bpt.DefaultVerify(assert) + + projectId := bpt.GetStringOutput("project_id") + location := bpt.GetStringOutput("location") + clusterName := bpt.GetStringOutput("cluster_name") + + op := gcloud.Runf(t, "container clusters describe %s --zone %s --project %s", clusterName, location, projectId) + assert.Contains(op.Get("status").String(), "RUNNING", "Cluster is Running") + }) + + bpt.Test() +} diff --git a/test/integration/simple_autopilot_private/controls/gcloud.rb b/test/integration/simple_autopilot_private/controls/gcloud.rb deleted file mode 100644 index 124f39bb90..0000000000 --- a/test/integration/simple_autopilot_private/controls/gcloud.rb +++ /dev/null @@ -1,68 +0,0 @@ -# Copyright 2019 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -project_id = attribute('project_id') -location = attribute('location') -cluster_name = attribute('cluster_name') - -control "gcloud" do - title "Google Compute Engine GKE configuration" - describe command("gcloud --project=#{project_id} container clusters --zone=#{location} describe #{cluster_name} --format=json") do - its(:exit_status) { should eq 0 } - its(:stderr) { should eq '' } - - let!(:data) do - if subject.exit_status == 0 - JSON.parse(subject.stdout) - else - {} - end - end - - describe "cluster" do - it "is running" do - expect(data['status']).to eq('RUNNING').or eq('RECONCILING') - end - - it "is autopilot" do - expect(data['autopilot']['enabled']).to eq true - end - - it "is regional" do - expect(data['location']).to match(/^.*[1-9]$/) - end - - it "uses the private endpoint" do - expect(data['privateClusterConfig']['enablePrivateEndpoint']).to eq true - end - - it "uses private nodes" do - expect(data['privateClusterConfig']['enablePrivateNodes']).to eq true - end - - it "has the expected addon settings" do - expect(data['addonsConfig']).to include( - "horizontalPodAutoscaling" => {}, - "httpLoadBalancing" => {}, - "kubernetesDashboard" => { - "disabled" => true, - }, - "networkPolicyConfig" => { - "disabled" => true, - }, - ) - end - end - end -end diff --git a/test/integration/simple_autopilot_private/inspec.yml b/test/integration/simple_autopilot_private/inspec.yml deleted file mode 100644 index b477741e83..0000000000 --- a/test/integration/simple_autopilot_private/inspec.yml +++ /dev/null @@ -1,31 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -name: simple_regional -attributes: - - name: project_id - required: true - type: string - - name: location - required: true - type: string - - name: cluster_name - required: true - type: string - - name: kubernetes_endpoint - required: true - type: string - - name: client_token - required: true - type: string diff --git a/test/integration/simple_autopilot_private/simple_autopilot_private_test.go b/test/integration/simple_autopilot_private/simple_autopilot_private_test.go new file mode 100644 index 0000000000..ac731f35d1 --- /dev/null +++ b/test/integration/simple_autopilot_private/simple_autopilot_private_test.go @@ -0,0 +1,60 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +package simple_autopilot_private + +import ( + "testing" + + "github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/gcloud" + "github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/golden" + "github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/tft" + "github.com/stretchr/testify/assert" +) + +func TestSimpleAutopilotPrivate(t *testing.T) { + bpt := tft.NewTFBlueprintTest(t) + + bpt.DefineVerify(func(assert *assert.Assertions) { + //Skipping Default Verify as the Verify Stage fails due to change in Client Cert Token + // bpt.DefaultVerify(assert) + + projectId := bpt.GetStringOutput("project_id") + location := bpt.GetStringOutput("location") + clusterName := bpt.GetStringOutput("cluster_name") + serviceAccount := bpt.GetStringOutput("service_account") + + op := gcloud.Runf(t, "container clusters describe %s --zone %s --project %s", clusterName, location, projectId) + g := golden.NewOrUpdate(t, op.String(), + golden.WithSanitizer(golden.StringSanitizer(serviceAccount, "SERVICE_ACCOUNT")), + golden.WithSanitizer(golden.StringSanitizer(projectId, "PROJECT_ID")), + golden.WithSanitizer(golden.StringSanitizer(clusterName, "CLUSTER_NAME")), + ) + validateJSONPaths := []string{ + "autopilot.enabled", + "location", + "privateClusterConfig.enablePrivateEndpoint", + "privateClusterConfig.enablePrivateNodes", + "addonsConfig.horizontalPodAutoscaling", + "addonsConfig.httpLoadBalancing", + "addonsConfig.kubernetesDashboard.disabled", + "addonsConfig.networkPolicyConfig.disabled", + } + for _, pth := range validateJSONPaths { + g.JSONEq(assert, op, pth) + } + assert.Contains([]string{"RUNNING", "RECONCILING"}, op.Get("status").String()) + }) + + bpt.Test() +} diff --git a/test/integration/simple_autopilot_private/testdata/TestSimpleAutopilotPrivate.json b/test/integration/simple_autopilot_private/testdata/TestSimpleAutopilotPrivate.json new file mode 100644 index 0000000000..8163554902 --- /dev/null +++ b/test/integration/simple_autopilot_private/testdata/TestSimpleAutopilotPrivate.json @@ -0,0 +1,285 @@ +{ + "addonsConfig": { + "dnsCacheConfig": { + "enabled": true + }, + "gcePersistentDiskCsiDriverConfig": { + "enabled": true + }, + "gcpFilestoreCsiDriverConfig": { + "enabled": true + }, + "horizontalPodAutoscaling": {}, + "httpLoadBalancing": {}, + "kubernetesDashboard": { + "disabled": true + }, + "networkPolicyConfig": { + "disabled": true + } + }, + "autopilot": { + "enabled": true + }, + "autoscaling": { + "autoprovisioningNodePoolDefaults": { + "imageType": "COS_CONTAINERD", + "management": { + "autoRepair": true, + "autoUpgrade": true + }, + "oauthScopes": [ + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/logging.write", + "https://www.googleapis.com/auth/monitoring", + "https://www.googleapis.com/auth/service.management.readonly", + "https://www.googleapis.com/auth/servicecontrol", + "https://www.googleapis.com/auth/trace.append" + ], + "serviceAccount": "default", + "upgradeSettings": { + "maxSurge": 1, + "strategy": "SURGE" + } + }, + "autoscalingProfile": "OPTIMIZE_UTILIZATION", + "enableNodeAutoprovisioning": true, + "resourceLimits": [ + { + "maximum": "1000000000", + "resourceType": "cpu" + }, + { + "maximum": "1000000000", + "resourceType": "memory" + }, + { + "maximum": "1000000000", + "resourceType": "nvidia-tesla-t4" + }, + { + "maximum": "1000000000", + "resourceType": "nvidia-tesla-a100" + } + ] + }, + "binaryAuthorization": {}, + "clusterIpv4Cidr": "192.168.0.0/18", + "createTime": "2023-01-12T04:06:50+00:00", + "currentMasterVersion": "1.24.7-gke.900", + "currentNodeCount": 2, + "currentNodeVersion": "1.24.7-gke.900", + "databaseEncryption": { + "state": "DECRYPTED" + }, + "defaultMaxPodsConstraint": { + "maxPodsPerNode": "110" + }, + "endpoint": "172.16.0.2", + "etag": "51587bf5-1ab3-4a72-91cb-8c547ccaead3", + "id": "4e8a9f0e768b4d1ea86da9291e0b02bfd85174222ffe40c7a35b83a9dc8dda85", + "initialClusterVersion": "1.24.7-gke.900", + "instanceGroupUrls": [ + "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-c/instanceGroupManagers/gk3-simple-autopilot-pri-default-pool-d966300e-grp", + "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-f/instanceGroupManagers/gk3-simple-autopilot-pri-default-pool-0a36c6f5-grp" + ], + "ipAllocationPolicy": { + "clusterIpv4Cidr": "192.168.0.0/18", + "clusterIpv4CidrBlock": "192.168.0.0/18", + "clusterSecondaryRangeName": "ip-range-pods-simple-autopilot-private", + "servicesIpv4Cidr": "192.168.64.0/18", + "servicesIpv4CidrBlock": "192.168.64.0/18", + "servicesSecondaryRangeName": "ip-range-svc-simple-autopilot-private", + "stackType": "IPV4", + "useIpAliases": true + }, + "labelFingerprint": "a9dc16a7", + "legacyAbac": {}, + "location": "us-central1", + "locations": [ + "us-central1-a", + "us-central1-c", + "us-central1-f" + ], + "loggingConfig": { + "componentConfig": { + "enableComponents": [ + "SYSTEM_COMPONENTS", + "WORKLOADS" + ] + } + }, + "loggingService": "logging.googleapis.com/kubernetes", + "maintenancePolicy": { + "resourceVersion": "ce912209", + "window": { + "dailyMaintenanceWindow": { + "duration": "PT4H0M0S", + "startTime": "05:00" + } + } + }, + "masterAuth": { + "clusterCaCertificate": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVMVENDQXBXZ0F3SUJBZ0lSQUl6eEJuNWlDNm9hV2h5N0YwMnpoand3RFFZSktvWklodmNOQVFFTEJRQXcKTHpFdE1Dc0dBMVVFQXhNa05UZ3hOak5qWVRVdFpHSmhOQzAwWXpKaExUZ3lNemN0TmpreE9Ua3paREJpWXpJMQpNQ0FYRFRJek1ERXhNakF6TURZMU1Gb1lEekl3TlRNd01UQTBNRFF3TmpVd1dqQXZNUzB3S3dZRFZRUURFeVExCk9ERTJNMk5oTlMxa1ltRTBMVFJqTW1FdE9ESXpOeTAyT1RFNU9UTmtNR0pqTWpVd2dnR2lNQTBHQ1NxR1NJYjMKRFFFQkFRVUFBNElCandBd2dnR0tBb0lCZ1FEUnltd1RVaEFkN1cwcWNZYWhRY0hkeTkxNWdRYzJrUTJQM2ZNcwozdGlISmRaUDFLb3o5djVuWUlZL3Q4aWxSb0NCSHEvNzhQVnBJZjNSWDVvSDdiTjN4UTFKWWF0ZEEvZ1lhVTRzCkdSZG05OW9zUmFsc01JdzR3SkNDWm50b2dtV3FmcmFzZldyOHo4b1NUSFVCL2N3UFhiaHBxMjlTanFUckM3elQKQnpoT0M5aGg5WUcwYnc0cHBReC9PL1Y2eGdhQ1Y0ZllQU1BML3lGSGs5cUpqUnB3bEh1YzduVlVLNHZFL2Y0LwpHRm44dXp1SnpRQ1FrSzBTUmx4WHJzRlM1WlB3YVB5OHJUZVJsVmhzRW1HWjYySkd5RFJuTDhJNTBvQlZtWXlSClF0ay93eGpFUVZiYUFNYlZsLytjSnhBWGJSTmhCZU85OWRjaFlhZ1o2UitBR2pHTHNaWUlka3JoNlZJNVh3OTcKY2xnTUJ0bXAxdHV2dVlIM3pGQitwckRMMmF5eXRTYXZ6VnlVV21OSDV6aDZSWnphMk9sRmFyeWo0RHYyemlNRgozckFnUE9KejhSdC9ZMUQzM1Y4ODZQVlNnUjNpZFZ0NDJ2dDcvaU9ZNUkxbmMyM1orRWdvaWZDTmtKVEM1MUtHClVZdTJjTjdzVjh1NnNuK1ltT1dPY0tXYzd2MENBd0VBQWFOQ01FQXdEZ1lEVlIwUEFRSC9CQVFEQWdJRU1BOEcKQTFVZEV3RUIvd1FGTUFNQkFmOHdIUVlEVlIwT0JCWUVGRHpPUGYyZU84enVMa2prZWI4TEZ5eVpRMk1YTUEwRwpDU3FHU0liM0RRRUJDd1VBQTRJQmdRQlZDR2RGRWtmTE43bVg2SXZlb2tvMmVjZjhrUGlreTQyeFBvTEJtTnI2Cm94UXZWbnJtZlAxRTdxM2oyUnRNc2N5VzFUQU8wMTAwdzQyUWVUWWVPYm94em5xSms4TmNjQmQxdlNTa3NaOHUKdDlsS29GVmdRdkhLUzNldy81eG1Cb2o3em0rU0llQkRnSFJTNmMrNFQ0L25zMnl2UEhsbno2ZE5sLzJQMWtINwpBdmh2MkF3andZVC9EZU1tc3BEZERnMlVvVlhpYjliRTRES2Q2MUVCanhOc05EUjJDZ0VEYkZ1M0QwK01zRmcrCm9kcEUvc1BtZytsQWE0U24xNEZWZUNRdGxwWTBjY1RYY0tmKzN4c3FLMGZoSGk4Tk53ckg2bGpkUGN6VVJmS3cKK0hDVXVjeWtFOC96ay91aHR1dzhmOXlXbjcrS3RJbmxSNEtkOHk5WGFCaytsMkt6TVlxSkUyTzFNTmNkYlhONApvQmVrNE5QcGhGM1FrQmo3RUpnL0lkTGx1WEVCd1J3ZHg4SFlRRVoyRENvemlMNENtWThuS1dXR3lLeVJWSTIxCnlSaVY4SEJvWXZ5ZHNxYy9NSFFQUERrZDRSRk52YWtVUW55M0tUaDJoSlJyejB4Y2xXNENydDhsN3dGQkNEdzcKTEJvcWs5dWxjY01iWlJ6bTV4YkxCcUE9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" + }, + "masterAuthorizedNetworksConfig": { + "cidrBlocks": [ + { + "cidrBlock": "10.60.0.0/17", + "displayName": "VPC" + } + ], + "enabled": true + }, + "monitoringConfig": { + "componentConfig": { + "enableComponents": [ + "SYSTEM_COMPONENTS" + ] + } + }, + "monitoringService": "monitoring.googleapis.com/kubernetes", + "name": "CLUSTER_NAME", + "network": "simple-autopilot-private-network", + "networkConfig": { + "datapathProvider": "ADVANCED_DATAPATH", + "defaultSnatStatus": {}, + "enableIntraNodeVisibility": true, + "network": "projects/PROJECT_ID/global/networks/simple-autopilot-private-network", + "serviceExternalIpsConfig": {}, + "subnetwork": "projects/PROJECT_ID/regions/us-central1/subnetworks/simple-autopilot-private-subnet" + }, + "nodeConfig": { + "diskSizeGb": 100, + "diskType": "pd-standard", + "imageType": "COS_CONTAINERD", + "machineType": "e2-medium", + "metadata": { + "disable-legacy-endpoints": "true" + }, + "oauthScopes": [ + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/logging.write", + "https://www.googleapis.com/auth/monitoring", + "https://www.googleapis.com/auth/service.management.readonly", + "https://www.googleapis.com/auth/servicecontrol", + "https://www.googleapis.com/auth/trace.append" + ], + "serviceAccount": "default", + "shieldedInstanceConfig": { + "enableIntegrityMonitoring": true, + "enableSecureBoot": true + }, + "windowsNodeConfig": {}, + "workloadMetadataConfig": { + "mode": "GKE_METADATA" + } + }, + "nodePoolAutoConfig": {}, + "nodePoolDefaults": { + "nodeConfigDefaults": { + "loggingConfig": { + "variantConfig": { + "variant": "DEFAULT" + } + } + } + }, + "nodePools": [ + { + "autoscaling": { + "autoprovisioned": true, + "enabled": true, + "locationPolicy": "BALANCED", + "maxNodeCount": 1000 + }, + "config": { + "diskSizeGb": 100, + "diskType": "pd-standard", + "imageType": "COS_CONTAINERD", + "machineType": "e2-medium", + "metadata": { + "disable-legacy-endpoints": "true" + }, + "oauthScopes": [ + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/logging.write", + "https://www.googleapis.com/auth/monitoring", + "https://www.googleapis.com/auth/service.management.readonly", + "https://www.googleapis.com/auth/servicecontrol", + "https://www.googleapis.com/auth/trace.append" + ], + "serviceAccount": "default", + "shieldedInstanceConfig": { + "enableIntegrityMonitoring": true, + "enableSecureBoot": true + }, + "windowsNodeConfig": {}, + "workloadMetadataConfig": { + "mode": "GKE_METADATA" + } + }, + "etag": "cf6f49f9-c041-4343-92d0-df40c4a59cc1", + "initialNodeCount": 1, + "instanceGroupUrls": [ + "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-c/instanceGroupManagers/gk3-simple-autopilot-pri-default-pool-d966300e-grp", + "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-f/instanceGroupManagers/gk3-simple-autopilot-pri-default-pool-0a36c6f5-grp" + ], + "locations": [ + "us-central1-c", + "us-central1-f" + ], + "management": { + "autoRepair": true, + "autoUpgrade": true + }, + "maxPodsConstraint": { + "maxPodsPerNode": "32" + }, + "name": "default-pool", + "networkConfig": { + "podIpv4CidrBlock": "192.168.0.0/18", + "podRange": "ip-range-pods-simple-autopilot-private" + }, + "podIpv4CidrSize": 26, + "selfLink": "https://container.googleapis.com/v1/projects/PROJECT_ID/locations/us-central1/clusters/CLUSTER_NAME/nodePools/default-pool", + "status": "RUNNING", + "upgradeSettings": { + "maxSurge": 1, + "strategy": "SURGE" + }, + "version": "1.24.7-gke.900" + } + ], + "notificationConfig": { + "pubsub": {} + }, + "privateClusterConfig": { + "enablePrivateEndpoint": true, + "enablePrivateNodes": true, + "masterGlobalAccessConfig": { + "enabled": true + }, + "masterIpv4CidrBlock": "172.16.0.0/28", + "peeringName": "gke-nd8d73f3b9df8a1b2523-2c2b-3c3a-peer", + "privateEndpoint": "172.16.0.2", + "publicEndpoint": "104.197.123.204" + }, + "releaseChannel": { + "channel": "REGULAR" + }, + "selfLink": "https://container.googleapis.com/v1/projects/PROJECT_ID/locations/us-central1/clusters/CLUSTER_NAME", + "servicesIpv4Cidr": "192.168.64.0/18", + "shieldedNodes": { + "enabled": true + }, + "status": "RUNNING", + "subnetwork": "simple-autopilot-private-subnet", + "verticalPodAutoscaling": { + "enabled": true + }, + "workloadIdentityConfig": { + "workloadPool": "PROJECT_ID.svc.id.goog" + }, + "zone": "us-central1" + } diff --git a/test/integration/simple_autopilot_public/controls/gcloud.rb b/test/integration/simple_autopilot_public/controls/gcloud.rb deleted file mode 100644 index 745721924e..0000000000 --- a/test/integration/simple_autopilot_public/controls/gcloud.rb +++ /dev/null @@ -1,65 +0,0 @@ -# Copyright 2019 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -project_id = attribute('project_id') -location = attribute('location') -cluster_name = attribute('cluster_name') - -control "gcloud" do - title "Google Compute Engine GKE configuration" - describe command("gcloud --project=#{project_id} container clusters --zone=#{location} describe #{cluster_name} --format=json") do - its(:exit_status) { should eq 0 } - its(:stderr) { should eq '' } - - let!(:data) do - if subject.exit_status == 0 - JSON.parse(subject.stdout) - else - {} - end - end - - describe "cluster" do - it "is running" do - expect(data['status']).to eq('RUNNING').or eq('RECONCILING') - end - - it "is autopilot" do - expect(data['autopilot']['enabled']).to eq true - end - - it "is regional" do - expect(data['location']).to match(/^.*[1-9]$/) - end - - it "uses public nodes and master endpoint" do - expect(data['privateClusterConfig']['enablePrivateEndpoint']).to eq nil - expect(data['privateClusterConfig']['enablePrivateNodes']).to eq nil - end - - it "has the expected addon settings" do - expect(data['addonsConfig']).to include( - "horizontalPodAutoscaling" => {}, - "httpLoadBalancing" => {}, - "kubernetesDashboard" => { - "disabled" => true, - }, - "networkPolicyConfig" => { - "disabled" => true, - }, - ) - end - end - end -end diff --git a/test/integration/simple_autopilot_public/inspec.yml b/test/integration/simple_autopilot_public/inspec.yml deleted file mode 100644 index b477741e83..0000000000 --- a/test/integration/simple_autopilot_public/inspec.yml +++ /dev/null @@ -1,31 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -name: simple_regional -attributes: - - name: project_id - required: true - type: string - - name: location - required: true - type: string - - name: cluster_name - required: true - type: string - - name: kubernetes_endpoint - required: true - type: string - - name: client_token - required: true - type: string diff --git a/test/integration/simple_autopilot_public/simple_autopiliot_public_test.go b/test/integration/simple_autopilot_public/simple_autopiliot_public_test.go new file mode 100644 index 0000000000..005002ad1e --- /dev/null +++ b/test/integration/simple_autopilot_public/simple_autopiliot_public_test.go @@ -0,0 +1,61 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +package simple_autopilot_public + +import ( + "testing" + + "github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/gcloud" + "github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/golden" + "github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/tft" + "github.com/stretchr/testify/assert" +) + +func TestSimpleAutopilotPublic(t *testing.T) { + bpt := tft.NewTFBlueprintTest(t) + + bpt.DefineVerify(func(assert *assert.Assertions) { + //Skipping Default Verify as the Verify Stage fails due to change in Client Cert Token + // bpt.DefaultVerify(assert) + + projectId := bpt.GetStringOutput("project_id") + location := bpt.GetStringOutput("location") + clusterName := bpt.GetStringOutput("cluster_name") + serviceAccount := bpt.GetStringOutput("service_account") + + op := gcloud.Runf(t, "container clusters describe %s --zone %s --project %s", clusterName, location, projectId) + g := golden.NewOrUpdate(t, op.String(), + golden.WithSanitizer(golden.StringSanitizer(serviceAccount, "SERVICE_ACCOUNT")), + golden.WithSanitizer(golden.StringSanitizer(projectId, "PROJECT_ID")), + golden.WithSanitizer(golden.StringSanitizer(clusterName, "CLUSTER_NAME")), + ) + validateJSONPaths := []string{ + "autopilot.enabled", + "location", + "privateClusterConfig.enablePrivateEndpoint", + "privateClusterConfig.enablePrivateNodes", + "addonsConfig.horizontalPodAutoscaling", + "addonsConfig.httpLoadBalancing", + "addonsConfig.kubernetesDashboard.disabled", + "addonsConfig.networkPolicyConfig.disabled", + } + for _, pth := range validateJSONPaths { + g.JSONEq(assert, op, pth) + } + assert.Contains([]string{"RUNNING", "RECONCILING"}, op.Get("status").String()) + + }) + + bpt.Test() +} diff --git a/test/integration/simple_autopilot_public/testdata/TestSimpleAutopilotPublic.json b/test/integration/simple_autopilot_public/testdata/TestSimpleAutopilotPublic.json new file mode 100644 index 0000000000..2c14c1fc39 --- /dev/null +++ b/test/integration/simple_autopilot_public/testdata/TestSimpleAutopilotPublic.json @@ -0,0 +1,273 @@ +{ + "addonsConfig": { + "dnsCacheConfig": { + "enabled": true + }, + "gcePersistentDiskCsiDriverConfig": { + "enabled": true + }, + "gcpFilestoreCsiDriverConfig": { + "enabled": true + }, + "horizontalPodAutoscaling": {}, + "httpLoadBalancing": {}, + "kubernetesDashboard": { + "disabled": true + }, + "networkPolicyConfig": { + "disabled": true + } + }, + "autopilot": { + "enabled": true + }, + "autoscaling": { + "autoprovisioningNodePoolDefaults": { + "imageType": "COS_CONTAINERD", + "management": { + "autoRepair": true, + "autoUpgrade": true + }, + "oauthScopes": [ + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/logging.write", + "https://www.googleapis.com/auth/monitoring", + "https://www.googleapis.com/auth/service.management.readonly", + "https://www.googleapis.com/auth/servicecontrol", + "https://www.googleapis.com/auth/trace.append" + ], + "serviceAccount": "default", + "upgradeSettings": { + "maxSurge": 1, + "strategy": "SURGE" + } + }, + "autoscalingProfile": "OPTIMIZE_UTILIZATION", + "enableNodeAutoprovisioning": true, + "resourceLimits": [ + { + "maximum": "1000000000", + "resourceType": "cpu" + }, + { + "maximum": "1000000000", + "resourceType": "memory" + }, + { + "maximum": "1000000000", + "resourceType": "nvidia-tesla-t4" + }, + { + "maximum": "1000000000", + "resourceType": "nvidia-tesla-a100" + } + ] + }, + "binaryAuthorization": {}, + "clusterIpv4Cidr": "192.168.0.0/18", + "createTime": "2023-01-12T04:19:54+00:00", + "currentMasterVersion": "1.24.7-gke.900", + "currentNodeCount": 2, + "currentNodeVersion": "1.24.7-gke.900", + "databaseEncryption": { + "state": "DECRYPTED" + }, + "defaultMaxPodsConstraint": { + "maxPodsPerNode": "110" + }, + "endpoint": "34.133.184.111", + "etag": "e17b366d-d5c4-4b3e-85df-ee61ba55cd81", + "id": "3f8b72934f5849ecaf040a08e33fca501adcef57122f413994dd3df9bec60e04", + "initialClusterVersion": "1.24.7-gke.900", + "instanceGroupUrls": [ + "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-f/instanceGroupManagers/gk3-simple-autopilot-pub-default-pool-c79c6082-grp", + "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-c/instanceGroupManagers/gk3-simple-autopilot-pub-default-pool-64e4d7fc-grp" + ], + "ipAllocationPolicy": { + "clusterIpv4Cidr": "192.168.0.0/18", + "clusterIpv4CidrBlock": "192.168.0.0/18", + "clusterSecondaryRangeName": "ip-range-pods-simple-autopilot-public", + "servicesIpv4Cidr": "192.168.64.0/18", + "servicesIpv4CidrBlock": "192.168.64.0/18", + "servicesSecondaryRangeName": "ip-range-svc-simple-autopilot-public", + "stackType": "IPV4", + "useIpAliases": true + }, + "labelFingerprint": "a9dc16a7", + "legacyAbac": {}, + "location": "us-central1", + "locations": [ + "us-central1-b", + "us-central1-c", + "us-central1-f" + ], + "loggingConfig": { + "componentConfig": { + "enableComponents": [ + "SYSTEM_COMPONENTS", + "WORKLOADS" + ] + } + }, + "loggingService": "logging.googleapis.com/kubernetes", + "maintenancePolicy": { + "resourceVersion": "ce912209", + "window": { + "dailyMaintenanceWindow": { + "duration": "PT4H0M0S", + "startTime": "05:00" + } + } + }, + "masterAuth": { + "clusterCaCertificate": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVMRENDQXBTZ0F3SUJBZ0lRSzRQTGxNMFJtZGxDR29MR01MZXl0ekFOQmdrcWhraUc5dzBCQVFzRkFEQXYKTVMwd0t3WURWUVFERXlReU56RTBPV1F3WVMwMlkySmlMVFF6T0RNdE9HRmhNeTAxWkRka1l6TTRPREU1WkRrdwpJQmNOTWpNd01URXlNRE14T1RVMFdoZ1BNakExTXpBeE1EUXdOREU1TlRSYU1DOHhMVEFyQmdOVkJBTVRKREkzCk1UUTVaREJoTFRaalltSXRORE00TXkwNFlXRXpMVFZrTjJSak16ZzRNVGxrT1RDQ0FhSXdEUVlKS29aSWh2Y04KQVFFQkJRQURnZ0dQQURDQ0FZb0NnZ0dCQUx0dHBtUHlxUXhJYnptM2JHakxMWmhaOVJ5b3J1Si9odWFGdlYzUQpTYWxSSU5iQndDUHYxT0pONHZFUUdmTnFwTUZoQVdJUjNHbjZhL2FyS3BPd2tTQWsvVmNYcUpNSE5RL0R6ZGtEClQ5SFNMS0FWa0tGMUVqU0UybXJONVFpY09uczliWnRQTFlUWkUwQUt5Vk9Bemw5TXhoUXFoMXFKb1M1cXdFQWcKb1dvaGZCTXZZU0JoZkN6SHM4U3VnZVh6bGVsWnBpVUlqMXJEMXdTSWFUcjZESVdKOWxqenowTkFKK2hqSTZUUwpaMWRwVERZVXZ0a2xJQ2Vkb3JqV1Jiam9GZ2oycHQzQ0VTOHd5d0tBMzFSK255ZDEzby8vdUVQd3BBVjZHY1lJCjM5a05nblorb3l6bGRZdUtvblkyYkRPTWhveEhjdHBHNHdHZHpGbzB5d0NoMXFhOVVwcTBGT002SWg1T0N4STAKNm5MTjZTTmNMc1NwREpQdU1hNXhjQTJabFpuYXZza1V4andKbk5FNkJWMitQb1EySjZLMXNyUk5QaGM4WE5wbgo2REkyQkFSb1JCWXFHRzUzeVdTMzJCd1c0Si9GdFcyNlZ5TS85NlJuQldHQXlnYmFPM01qcEo2R1RrcE9EaExnCmR5NmhwcElsWEN1VUd2UXFYUHlaUzhYWE93SURBUUFCbzBJd1FEQU9CZ05WSFE4QkFmOEVCQU1DQWdRd0R3WUQKVlIwVEFRSC9CQVV3QXdFQi96QWRCZ05WSFE0RUZnUVVYKzFvNWdrbVBndGdlZTIyY3FlM2tWeGw1c1V3RFFZSgpLb1pJaHZjTkFRRUxCUUFEZ2dHQkFITithTWpSdkNMNlJ6LzBHcFFhaVRhdjFDTVA1QzhvdFVLUEN3cGRNSHVjCitkbkNSRkdTTnpMbDFFOE9JN1RaNzROQ2tBR3JSakxCeEhLYURNcHc3Z2gzWUp3bzJFNHpRYjFSQnA0S2JBbVoKTXNzYmNiRUhzMlNlV0dCN2sxMDNGUzVzRXloTDNHMmxZNmdFQ3BaYXpsejh2NTJNeFVqY3ZpOUxzS0Y4RnRrWgp3SlBLd3ZWSVBwK2tWQzltbnVoVVl1WHoyZUpsOWJQZ0RVRWlGdUFNdlFoT3lGZVY3emJNV3FPdEhwM0V3Q3p0Cm9sYU5aSVFZUEFaZXJsb0JQSXJoOExka2xIeENiWll4eDhZKytDKzRpRWRLS2xHK2hBMkl5N0RUMEMrZFd2TGYKV2RQcWo3VjFlWHJPNFB0L3l3bWpzMjR2bmhZcWZaejFrY3BDV3pHN3FPUzcvbU9UVkhwZlJnMHFTRUlJbjNIYQpLTlVKTUUwYVhTcjNYZENHME0xQ2ZCWVk2N1AybjY5RnlHV1ZYdVRlbzYxUW1ZbGRTR2h3NG4xU2kzVFdkV2hBCnUzSFVKRXVsYmRHWnhRYUExdStOZHgxZ1JUUHgyTFMvWEd0M0hqUUVITUJ3LzlhL0RBK29JQTVmejZPeFFUZnUKdmhKZmtpTTFQcVQyV2tFNURVSDFPUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" + }, + "masterAuthorizedNetworksConfig": { + "gcpPublicCidrsAccessEnabled": true + }, + "monitoringConfig": { + "componentConfig": { + "enableComponents": [ + "SYSTEM_COMPONENTS" + ] + } + }, + "monitoringService": "monitoring.googleapis.com/kubernetes", + "name": "CLUSTER_NAME", + "network": "simple-autopilot-public-network", + "networkConfig": { + "datapathProvider": "ADVANCED_DATAPATH", + "defaultSnatStatus": {}, + "enableIntraNodeVisibility": true, + "network": "projects/PROJECT_ID/global/networks/simple-autopilot-public-network", + "serviceExternalIpsConfig": {}, + "subnetwork": "projects/PROJECT_ID/regions/us-central1/subnetworks/simple-autopilot-public-subnet" + }, + "nodeConfig": { + "diskSizeGb": 100, + "diskType": "pd-standard", + "imageType": "COS_CONTAINERD", + "machineType": "e2-medium", + "metadata": { + "disable-legacy-endpoints": "true" + }, + "oauthScopes": [ + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/logging.write", + "https://www.googleapis.com/auth/monitoring", + "https://www.googleapis.com/auth/service.management.readonly", + "https://www.googleapis.com/auth/servicecontrol", + "https://www.googleapis.com/auth/trace.append" + ], + "serviceAccount": "default", + "shieldedInstanceConfig": { + "enableIntegrityMonitoring": true, + "enableSecureBoot": true + }, + "windowsNodeConfig": {}, + "workloadMetadataConfig": { + "mode": "GKE_METADATA" + } + }, + "nodePoolAutoConfig": {}, + "nodePoolDefaults": { + "nodeConfigDefaults": { + "loggingConfig": { + "variantConfig": { + "variant": "DEFAULT" + } + } + } + }, + "nodePools": [ + { + "autoscaling": { + "autoprovisioned": true, + "enabled": true, + "locationPolicy": "BALANCED", + "maxNodeCount": 1000 + }, + "config": { + "diskSizeGb": 100, + "diskType": "pd-standard", + "imageType": "COS_CONTAINERD", + "machineType": "e2-medium", + "metadata": { + "disable-legacy-endpoints": "true" + }, + "oauthScopes": [ + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/logging.write", + "https://www.googleapis.com/auth/monitoring", + "https://www.googleapis.com/auth/service.management.readonly", + "https://www.googleapis.com/auth/servicecontrol", + "https://www.googleapis.com/auth/trace.append" + ], + "serviceAccount": "default", + "shieldedInstanceConfig": { + "enableIntegrityMonitoring": true, + "enableSecureBoot": true + }, + "windowsNodeConfig": {}, + "workloadMetadataConfig": { + "mode": "GKE_METADATA" + } + }, + "etag": "5d3e587b-4bd2-4239-bd93-276af9602557", + "initialNodeCount": 1, + "instanceGroupUrls": [ + "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-f/instanceGroupManagers/gk3-simple-autopilot-pub-default-pool-c79c6082-grp", + "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-c/instanceGroupManagers/gk3-simple-autopilot-pub-default-pool-64e4d7fc-grp" + ], + "locations": [ + "us-central1-f", + "us-central1-c" + ], + "management": { + "autoRepair": true, + "autoUpgrade": true + }, + "maxPodsConstraint": { + "maxPodsPerNode": "32" + }, + "name": "default-pool", + "networkConfig": { + "enablePrivateNodes": false, + "podIpv4CidrBlock": "192.168.0.0/18", + "podRange": "ip-range-pods-simple-autopilot-public" + }, + "podIpv4CidrSize": 26, + "selfLink": "https://container.googleapis.com/v1/projects/PROJECT_ID/locations/us-central1/clusters/CLUSTER_NAME/nodePools/default-pool", + "status": "RUNNING", + "upgradeSettings": { + "maxSurge": 1, + "strategy": "SURGE" + }, + "version": "1.24.7-gke.900" + } + ], + "notificationConfig": { + "pubsub": {} + }, + "privateClusterConfig": { + "privateEndpoint": "10.0.0.2", + "publicEndpoint": "34.133.184.111" + }, + "releaseChannel": { + "channel": "REGULAR" + }, + "selfLink": "https://container.googleapis.com/v1/projects/PROJECT_ID/locations/us-central1/clusters/CLUSTER_NAME", + "servicesIpv4Cidr": "192.168.64.0/18", + "shieldedNodes": { + "enabled": true + }, + "status": "RUNNING", + "subnetwork": "simple-autopilot-public-subnet", + "verticalPodAutoscaling": { + "enabled": true + }, + "workloadIdentityConfig": { + "workloadPool": "PROJECT_ID.svc.id.goog" + }, + "zone": "us-central1" + } diff --git a/test/integration/simple_regional/controls/gcloud.rb b/test/integration/simple_regional/controls/gcloud.rb deleted file mode 100644 index d714d42c69..0000000000 --- a/test/integration/simple_regional/controls/gcloud.rb +++ /dev/null @@ -1,191 +0,0 @@ -# Copyright 2019 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -project_id = attribute('project_id') -location = attribute('location') -cluster_name = attribute('cluster_name') - -control "gcloud" do - title "Google Compute Engine GKE configuration" - describe command("gcloud --project=#{project_id} container clusters --zone=#{location} describe #{cluster_name} --format=json") do - its(:exit_status) { should eq 0 } - its(:stderr) { should eq '' } - - let!(:data) do - if subject.exit_status == 0 - JSON.parse(subject.stdout) - else - {} - end - end - - describe "cluster" do - it "is running" do - expect(data['status']).to eq 'RUNNING' - end - - it "is regional" do - expect(data['location']).to match(/^.*[1-9]$/) - end - - it "uses public nodes and master endpoint" do - expect(data['privateClusterConfig']['enablePrivateEndpoint']).to eq nil - expect(data['privateClusterConfig']['enablePrivateNodes']).to eq nil - end - - it "has the expected addon settings" do - expect(data['addonsConfig']).to include( - "horizontalPodAutoscaling" => {}, - "httpLoadBalancing" => {}, - "kubernetesDashboard" => { - "disabled" => true, - }, - "networkPolicyConfig" => { - "disabled" => true, - }, - ) - end - - it "has the expected databaseEncryption config" do - expect(data['databaseEncryption']).to eq({ - "state" => 'DECRYPTED', - }) - end - - it "has the expected shieldedNodes config" do - expect(data['shieldedNodes']).to eq({ - "enabled" => true, - }) - end - - it "has the expected binaryAuthorization config" do - expect(data['binaryAuthorization']).to eq({ - "evaluationMode" => "PROJECT_SINGLETON_POLICY_ENFORCE", - }) - end - end - - describe "default node pool" do - let(:default_node_pool) { data['nodePools'].select { |p| p['name'] == "default-pool" }.first } - - it "exists" do - expect(data['nodePools']).to include( - including( - "name" => "default-pool", - ) - ) - end - end - - describe "node pool" do - let(:node_pools) { data['nodePools'].reject { |p| p['name'] == "default-pool" } } - - it "has autoscaling enabled" do - expect(node_pools).to include( - including( - "autoscaling" => including( - "enabled" => true, - ), - ) - ) - end - - it "has the expected minimum node count" do - expect(node_pools).to include( - including( - "autoscaling" => including( - "minNodeCount" => 1, - ), - ) - ) - end - - it "has the expected maximum node count" do - expect(node_pools).to include( - including( - "autoscaling" => including( - "maxNodeCount" => 100, - ), - ) - ) - end - - it "is the expected machine type" do - expect(node_pools).to include( - including( - "config" => including( - "machineType" => "e2-medium", - ), - ) - ) - end - - it "has the expected disk size" do - expect(node_pools).to include( - including( - "config" => including( - "diskSizeGb" => 100, - ), - ) - ) - end - - it "has the expected labels" do - expect(node_pools).to include( - including( - "config" => including( - "labels" => including( - "cluster_name" => cluster_name, - "node_pool" => "default-node-pool", - ), - ), - ) - ) - end - - it "has the expected network tags" do - expect(node_pools).to include( - including( - "config" => including( - "tags" => match_array([ - "gke-#{cluster_name}", - "gke-#{cluster_name}-default-node-pool", - ]), - ), - ) - ) - end - - it "has autorepair enabled" do - expect(node_pools).to include( - including( - "management" => including( - "autoRepair" => true, - ), - ) - ) - end - - it "has autoupgrade enabled" do - expect(node_pools).to include( - including( - "management" => including( - "autoUpgrade" => true, - ), - ) - ) - end - end - end -end diff --git a/test/integration/simple_regional/inspec.yml b/test/integration/simple_regional/inspec.yml deleted file mode 100644 index b477741e83..0000000000 --- a/test/integration/simple_regional/inspec.yml +++ /dev/null @@ -1,31 +0,0 @@ -# Copyright 2021 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -name: simple_regional -attributes: - - name: project_id - required: true - type: string - - name: location - required: true - type: string - - name: cluster_name - required: true - type: string - - name: kubernetes_endpoint - required: true - type: string - - name: client_token - required: true - type: string diff --git a/test/integration/simple_regional/simple_regional_test.go b/test/integration/simple_regional/simple_regional_test.go new file mode 100644 index 0000000000..b03deab8f1 --- /dev/null +++ b/test/integration/simple_regional/simple_regional_test.go @@ -0,0 +1,63 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +package simple_regional + +import ( + "testing" + + "github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/gcloud" + "github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/golden" + "github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/tft" + "github.com/stretchr/testify/assert" +) + +func TestSimpleRegional(t *testing.T) { + bpt := tft.NewTFBlueprintTest(t) + + bpt.DefineVerify(func(assert *assert.Assertions) { + //Skipping Default Verify as the Verify Stage fails due to change in Client Cert Token + // bpt.DefaultVerify(assert) + + projectId := bpt.GetStringOutput("project_id") + location := bpt.GetStringOutput("location") + clusterName := bpt.GetStringOutput("cluster_name") + serviceAccount := bpt.GetStringOutput("service_account") + + op := gcloud.Runf(t, "container clusters describe %s --zone %s --project %s", clusterName, location, projectId) + g := golden.NewOrUpdate(t, op.String(), + golden.WithSanitizer(golden.StringSanitizer(serviceAccount, "SERVICE_ACCOUNT")), + golden.WithSanitizer(golden.StringSanitizer(projectId, "PROJECT_ID")), + golden.WithSanitizer(golden.StringSanitizer(clusterName, "CLUSTER_NAME")), + ) + validateJSONPaths := []string{ + "status", + "location", + "privateClusterConfig.enablePrivateEndpoint", + "privateClusterConfig.enablePrivateNodes", + "addonsConfig", + "databaseEncryption", + "shieldedNodes", + "binaryAuthorization", + "nodePools.autoscaling", + "nodePools.config", + "nodePools.management", + } + for _, pth := range validateJSONPaths { + g.JSONEq(assert, op, pth) + } + + }) + + bpt.Test() +} diff --git a/test/integration/simple_regional/testdata/TestSimpleRegional.json b/test/integration/simple_regional/testdata/TestSimpleRegional.json new file mode 100644 index 0000000000..e251db79e9 --- /dev/null +++ b/test/integration/simple_regional/testdata/TestSimpleRegional.json @@ -0,0 +1,310 @@ +{ + "addonsConfig": { + "dnsCacheConfig": {}, + "gcePersistentDiskCsiDriverConfig": { + "enabled": true + }, + "gcpFilestoreCsiDriverConfig": {}, + "gkeBackupAgentConfig": {}, + "horizontalPodAutoscaling": {}, + "httpLoadBalancing": {}, + "kubernetesDashboard": { + "disabled": true + }, + "networkPolicyConfig": { + "disabled": true + } + }, + "autopilot": {}, + "autoscaling": { + "autoscalingProfile": "BALANCED" + }, + "binaryAuthorization": { + "evaluationMode": "PROJECT_SINGLETON_POLICY_ENFORCE" + }, + "clusterIpv4Cidr": "192.168.0.0/18", + "costManagementConfig": { + "enabled": true + }, + "createTime": "2023-01-12T04:59:06+00:00", + "currentMasterVersion": "1.25.4-gke.2100", + "currentNodeCount": 3, + "currentNodeVersion": "1.25.4-gke.2100", + "databaseEncryption": { + "state": "DECRYPTED" + }, + "defaultMaxPodsConstraint": { + "maxPodsPerNode": "110" + }, + "endpoint": "35.226.100.112", + "etag": "ae242170-5148-4c6f-a649-592e540337d4", + "id": "c916e72d2f4c47b88a07514cba092a5414edcdcbafc648ad9921d0513c7a7c84", + "initialClusterVersion": "1.25.4-gke.2100", + "instanceGroupUrls": [ + "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-a/instanceGroupManagers/gke-simple-regional-clus-default-pool-9c052bb2-grp", + "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-c/instanceGroupManagers/gke-simple-regional-clus-default-pool-daba78bc-grp", + "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-f/instanceGroupManagers/gke-simple-regional-clus-default-pool-16a6ddb1-grp", + "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-a/instanceGroupManagers/gke-simple-regional--default-node-poo-5496474f-grp", + "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-c/instanceGroupManagers/gke-simple-regional--default-node-poo-acd77da1-grp", + "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-f/instanceGroupManagers/gke-simple-regional--default-node-poo-eabd6db0-grp" + ], + "ipAllocationPolicy": { + "clusterIpv4Cidr": "192.168.0.0/18", + "clusterIpv4CidrBlock": "192.168.0.0/18", + "clusterSecondaryRangeName": "cft-gke-test-pods-he07", + "servicesIpv4Cidr": "192.168.64.0/18", + "servicesIpv4CidrBlock": "192.168.64.0/18", + "servicesSecondaryRangeName": "cft-gke-test-services-he07", + "stackType": "IPV4", + "useIpAliases": true + }, + "labelFingerprint": "a9dc16a7", + "legacyAbac": {}, + "location": "us-central1", + "locations": [ + "us-central1-a", + "us-central1-c", + "us-central1-f" + ], + "loggingConfig": { + "componentConfig": { + "enableComponents": [ + "SYSTEM_COMPONENTS", + "WORKLOADS" + ] + } + }, + "loggingService": "logging.googleapis.com/kubernetes", + "maintenancePolicy": { + "resourceVersion": "ce912209", + "window": { + "dailyMaintenanceWindow": { + "duration": "PT4H0M0S", + "startTime": "05:00" + } + } + }, + "masterAuth": { + "clusterCaCertificate": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVMVENDQXBXZ0F3SUJBZ0lSQU9hSWNZb2ptSXR0R2N3VlJac1NRZ2d3RFFZSktvWklodmNOQVFFTEJRQXcKTHpFdE1Dc0dBMVVFQXhNa00yVXhaR0l6T1RBdE1XSTVOaTAwTkRKbExUZ3haVEl0TUdFeFkySmtaR1ExT1RCagpNQ0FYRFRJek1ERXhNakF6TlRrd05sb1lEekl3TlRNd01UQTBNRFExT1RBMldqQXZNUzB3S3dZRFZRUURFeVF6ClpURmtZak01TUMweFlqazJMVFEwTW1VdE9ERmxNaTB3WVRGalltUmtaRFU1TUdNd2dnR2lNQTBHQ1NxR1NJYjMKRFFFQkFRVUFBNElCandBd2dnR0tBb0lCZ1FEWW1rd3RyNHNTL2tpdEVITERaQkdEakdEU1JTQmQ3L0dCMndhUQpxVkd2ckNPSXBURjdhZmYyYW9yL2t2WStHRnhCV1BtL0JBZlo2RUtocG5iaDlpelZhc2xxRURyc1Y0YW9VMW1mClAxbHl5Ty84cGR5ZHJuY2tGeVJmMERsNWR4RFEvY0hlRFJqdjUrNXl0d3g3V0pVU21ERXNyVytRQXNCQllGSEwKNDlCUkVIT3c2cEF2VERJcTRlcVFyaWdKRWVtMlp0SzRsYWZqNXRSZG5TU2dUT1lQa25VUVgwZkcxS0xCcVJ2bQpuR0RqRWQxbGpQdlNZRStDTUZnNHpGdmVoVC80R1ZIdUxYdmtiMnZYVkFzckpPOWl0eFJRNURSb0tmS05DS1cxCnYxYWpKQ1pJOUVKKy9Mc3JvbGZoMTB1Zm5iN2tkN2djOHoxQU5TQnBBYzZ5WEJQeEJiK0g5VDhGZHo5enp2WEoKYURBdnh1dTZTYkJVaVVTTFJINUVIdjIwTVhIUWU5VVI0RXVkSmNTVHhheTRwMm5CZzFGcDJrNEY3bkVYWkZWdwpTSUpRcDhkUXpFc281eS81ZDI2dG1OL1dqNG5oRGJDRUdzM0dIVmY0SU9RSEpkNW9NNVBsWEtYZUhZcW5QWlJMCm5NS25Cem9neDdzbUd5ZUFqeW1VMWdhQldsa0NBd0VBQWFOQ01FQXdEZ1lEVlIwUEFRSC9CQVFEQWdJRU1BOEcKQTFVZEV3RUIvd1FGTUFNQkFmOHdIUVlEVlIwT0JCWUVGUEgxYzVsUCtkR1lQK0FPTEFjUlhTbHpBQ2k2TUEwRwpDU3FHU0liM0RRRUJDd1VBQTRJQmdRQ2JYVTRKTENRdDllYlVqbEVCZE1QOTFyQmxsQktjSExSU0VPdWVrNTQ1ClhIeWs2RUdidGtDTWd2cEV6Z1lRS2taZ05ZbHlwbU9RdFdqTkJpWHpHb0tiUlFZNjNhR0RBZzlQbE85S3VDa2wKajZHR1hkM09GMFluRUZhYVVNcHNyYzdhS3NYSVpKYnoyT000bjUyaVJEYnZtOHN1aytNcmFxdDhYWnBFRGZhNwpndGlIRVNrbi94WHFhenRrdzc4enFydFdjRjNzTjljQXV5MEs5QzA4TGxnMCs4TzIyVEl4WmJEOE45czAvRjgzCm9KejVnUEZ1Nlc5eENibS93MGJWK0dDMFBGMkZhaTB6dDg0bXZISFNiNlhRS0RxaTllZGcwdFNWMGVLMG8ySi8KK0VuMmx2MXhjM3NFQnMvM3NJZHJVU3ppdEkwRk52aE00aS8xZzRmV2YrUEVqeGRsOENtNjF4MlpzV2hBZExwaQpvK0dhdDE0T0hqMXFrWUlHWG8yQnZLWWQvcXE5VUFZTXF6amdIcTNxanhpMWVtTjBTa1ZsN2xkeXFoU3JhS2IzCkZPc2lNU3poODB6WFFpRzM2SXp5K0hGdjV4TWNyQWpuM2RpZmtHejVmQzNuUXd4QnZkdEF0YU9pTHFjTU1QY1QKaEI3T0I0cExpcGZNa0JvQVY1YlZ5cUE9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" + }, + "masterAuthorizedNetworksConfig": { + "gcpPublicCidrsAccessEnabled": true + }, + "monitoringConfig": { + "componentConfig": { + "enableComponents": [ + "SYSTEM_COMPONENTS" + ] + } + }, + "monitoringService": "monitoring.googleapis.com/kubernetes", + "name": "CLUSTER_NAME", + "network": "cft-gke-test-he07", + "networkConfig": { + "defaultSnatStatus": {}, + "network": "projects/PROJECT_ID/global/networks/cft-gke-test-he07", + "serviceExternalIpsConfig": {}, + "subnetwork": "projects/PROJECT_ID/regions/us-central1/subnetworks/cft-gke-test-he07" + }, + "nodeConfig": { + "diskSizeGb": 100, + "diskType": "pd-balanced", + "imageType": "COS_CONTAINERD", + "loggingConfig": { + "variantConfig": { + "variant": "DEFAULT" + } + }, + "machineType": "e2-medium", + "metadata": { + "disable-legacy-endpoints": "true" + }, + "oauthScopes": [ + "https://www.googleapis.com/auth/userinfo.email", + "https://www.googleapis.com/auth/cloud-platform" + ], + "serviceAccount": "SERVICE_ACCOUNT", + "shieldedInstanceConfig": { + "enableIntegrityMonitoring": true + }, + "tags": [ + "gke-CLUSTER_NAME", + "gke-CLUSTER_NAME-default-pool" + ], + "windowsNodeConfig": {}, + "workloadMetadataConfig": { + "mode": "GKE_METADATA" + } + }, + "nodePoolAutoConfig": {}, + "nodePoolDefaults": { + "nodeConfigDefaults": { + "loggingConfig": { + "variantConfig": { + "variant": "DEFAULT" + } + } + } + }, + "nodePools": [ + { + "config": { + "diskSizeGb": 100, + "diskType": "pd-balanced", + "imageType": "COS_CONTAINERD", + "loggingConfig": { + "variantConfig": { + "variant": "DEFAULT" + } + }, + "machineType": "e2-medium", + "metadata": { + "disable-legacy-endpoints": "true" + }, + "oauthScopes": [ + "https://www.googleapis.com/auth/userinfo.email", + "https://www.googleapis.com/auth/cloud-platform" + ], + "serviceAccount": "SERVICE_ACCOUNT", + "shieldedInstanceConfig": { + "enableIntegrityMonitoring": true + }, + "tags": [ + "gke-CLUSTER_NAME", + "gke-CLUSTER_NAME-default-pool" + ], + "windowsNodeConfig": {}, + "workloadMetadataConfig": { + "mode": "GKE_METADATA" + } + }, + "etag": "1f6c7e1b-edb7-4bab-b19b-fc7156d1f83e", + "instanceGroupUrls": [ + "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-a/instanceGroupManagers/gke-simple-regional-clus-default-pool-9c052bb2-grp", + "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-c/instanceGroupManagers/gke-simple-regional-clus-default-pool-daba78bc-grp", + "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-f/instanceGroupManagers/gke-simple-regional-clus-default-pool-16a6ddb1-grp" + ], + "locations": [ + "us-central1-a", + "us-central1-c", + "us-central1-f" + ], + "management": { + "autoRepair": true, + "autoUpgrade": true + }, + "maxPodsConstraint": { + "maxPodsPerNode": "110" + }, + "name": "default-pool", + "networkConfig": { + "enablePrivateNodes": false, + "podIpv4CidrBlock": "192.168.0.0/18", + "podRange": "cft-gke-test-pods-he07" + }, + "podIpv4CidrSize": 24, + "selfLink": "https://container.googleapis.com/v1/projects/PROJECT_ID/locations/us-central1/clusters/CLUSTER_NAME/nodePools/default-pool", + "status": "RUNNING", + "upgradeSettings": { + "maxSurge": 1, + "strategy": "SURGE" + }, + "version": "1.25.4-gke.2100" + }, + { + "autoscaling": { + "enabled": true, + "locationPolicy": "BALANCED", + "maxNodeCount": 100, + "minNodeCount": 1 + }, + "config": { + "diskSizeGb": 100, + "diskType": "pd-standard", + "imageType": "COS_CONTAINERD", + "labels": { + "cluster_name": "CLUSTER_NAME", + "node_pool": "default-node-pool" + }, + "loggingConfig": { + "variantConfig": { + "variant": "DEFAULT" + } + }, + "machineType": "e2-medium", + "metadata": { + "cluster_name": "CLUSTER_NAME", + "disable-legacy-endpoints": "true", + "node_pool": "default-node-pool" + }, + "oauthScopes": [ + "https://www.googleapis.com/auth/cloud-platform" + ], + "serviceAccount": "SERVICE_ACCOUNT", + "shieldedInstanceConfig": { + "enableIntegrityMonitoring": true + }, + "tags": [ + "gke-CLUSTER_NAME", + "gke-CLUSTER_NAME-default-node-pool" + ], + "windowsNodeConfig": {}, + "workloadMetadataConfig": { + "mode": "GKE_METADATA" + } + }, + "etag": "ce97aa50-d1d2-44a7-a150-fd00360a3275", + "initialNodeCount": 1, + "instanceGroupUrls": [ + "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-a/instanceGroupManagers/gke-simple-regional--default-node-poo-5496474f-grp", + "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-c/instanceGroupManagers/gke-simple-regional--default-node-poo-acd77da1-grp", + "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-f/instanceGroupManagers/gke-simple-regional--default-node-poo-eabd6db0-grp" + ], + "locations": [ + "us-central1-a", + "us-central1-c", + "us-central1-f" + ], + "management": { + "autoRepair": true, + "autoUpgrade": true + }, + "maxPodsConstraint": { + "maxPodsPerNode": "110" + }, + "name": "default-node-pool", + "networkConfig": { + "enablePrivateNodes": false, + "podIpv4CidrBlock": "192.168.0.0/18", + "podRange": "cft-gke-test-pods-he07" + }, + "podIpv4CidrSize": 24, + "selfLink": "https://container.googleapis.com/v1/projects/PROJECT_ID/locations/us-central1/clusters/CLUSTER_NAME/nodePools/default-node-pool", + "status": "RUNNING", + "upgradeSettings": { + "maxSurge": 1, + "strategy": "SURGE" + }, + "version": "1.25.4-gke.2100" + } + ], + "notificationConfig": { + "pubsub": {} + }, + "privateClusterConfig": { + "privateEndpoint": "10.0.0.2", + "publicEndpoint": "35.226.100.112" + }, + "selfLink": "https://container.googleapis.com/v1/projects/PROJECT_ID/locations/us-central1/clusters/CLUSTER_NAME", + "servicesIpv4Cidr": "192.168.64.0/18", + "shieldedNodes": { + "enabled": true + }, + "status": "RUNNING", + "subnetwork": "cft-gke-test-he07", + "verticalPodAutoscaling": {}, + "workloadIdentityConfig": { + "workloadPool": "PROJECT_ID.svc.id.goog" + }, + "zone": "us-central1" +}