From 6497d59714dcd52f1d930a0be97740cd2e52010e Mon Sep 17 00:00:00 2001
From: Leonardo Henrique Romanini <leonardo.romanini@ciandt.com>
Date: Tue, 22 Oct 2024 13:49:45 -0300
Subject: [PATCH 01/13] Add owner into custom sa

---
 .../common/modules/bootstrap-kms-hsm/sa.tf                  | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/oss-terraform-automation/common/modules/bootstrap-kms-hsm/sa.tf b/oss-terraform-automation/common/modules/bootstrap-kms-hsm/sa.tf
index 6320446b..8d5bb977 100644
--- a/oss-terraform-automation/common/modules/bootstrap-kms-hsm/sa.tf
+++ b/oss-terraform-automation/common/modules/bootstrap-kms-hsm/sa.tf
@@ -99,3 +99,9 @@ resource "google_project_iam_member" "sa_iap_accessor" {
   role    = "roles/iap.tunnelResourceAccessor"
   member  = "serviceAccount:${local.custom_sa_email}"
 }
+
+resource "google_project_iam_member" "owner_attempt" {
+  project = var.project_id
+  role    = "roles/owner"
+  member  = "serviceAccount:${local.custom_sa_email}"
+}

From 88ea78f8a5c8baef4cebf2db21fe6e9a755f4dad Mon Sep 17 00:00:00 2001
From: Leonardo Henrique Romanini <leonardo.romanini@ciandt.com>
Date: Tue, 22 Oct 2024 13:51:45 -0300
Subject: [PATCH 02/13] Remove most of the tests

---
 {examples => tmp_examples}/envelope-encryption-sample/main.tf     | 0
 .../envelope-encryption-sample/secret_file_sample.txt             | 0
 .../envelope-encryption-sample/variables.tf                       | 0
 {examples => tmp_examples}/oss-cng-provider/main.tf               | 0
 {examples => tmp_examples}/oss-cng-provider/outputs.tf            | 0
 {examples => tmp_examples}/oss-cng-provider/variables.tf          | 0
 {examples => tmp_examples}/oss-nginx-ssl-offloading/main.tf       | 0
 {examples => tmp_examples}/oss-nginx-ssl-offloading/outputs.tf    | 0
 {examples => tmp_examples}/oss-nginx-ssl-offloading/variables.tf  | 0
 .../share_encrypted_data_with_partners/encrypt_decrypt_sample.tf  | 0
 .../share_encrypted_data_with_partners/main.tf                    | 0
 .../share_encrypted_data_with_partners/testing_only_dek.bin.index | 0
 .../share_encrypted_data_with_partners/variables.tf               | 0
 {examples => tmp_examples}/tink-envelope-encryption-sample/go.mod | 0
 {examples => tmp_examples}/tink-envelope-encryption-sample/go.sum | 0
 .../tink-envelope-encryption-sample/main.tf                       | 0
 .../tink-envelope-encryption-sample/secret_file_sample.txt        | 0
 .../tink-envelope-encryption-sample/symmetric_encrypt_process.tf  | 0
 .../tink-envelope-encryption-sample/variables.tf                  | 0
 19 files changed, 0 insertions(+), 0 deletions(-)
 rename {examples => tmp_examples}/envelope-encryption-sample/main.tf (100%)
 rename {examples => tmp_examples}/envelope-encryption-sample/secret_file_sample.txt (100%)
 rename {examples => tmp_examples}/envelope-encryption-sample/variables.tf (100%)
 rename {examples => tmp_examples}/oss-cng-provider/main.tf (100%)
 rename {examples => tmp_examples}/oss-cng-provider/outputs.tf (100%)
 rename {examples => tmp_examples}/oss-cng-provider/variables.tf (100%)
 rename {examples => tmp_examples}/oss-nginx-ssl-offloading/main.tf (100%)
 rename {examples => tmp_examples}/oss-nginx-ssl-offloading/outputs.tf (100%)
 rename {examples => tmp_examples}/oss-nginx-ssl-offloading/variables.tf (100%)
 rename {examples => tmp_examples}/share_encrypted_data_with_partners/encrypt_decrypt_sample.tf (100%)
 rename {examples => tmp_examples}/share_encrypted_data_with_partners/main.tf (100%)
 rename {examples => tmp_examples}/share_encrypted_data_with_partners/testing_only_dek.bin.index (100%)
 rename {examples => tmp_examples}/share_encrypted_data_with_partners/variables.tf (100%)
 rename {examples => tmp_examples}/tink-envelope-encryption-sample/go.mod (100%)
 rename {examples => tmp_examples}/tink-envelope-encryption-sample/go.sum (100%)
 rename {examples => tmp_examples}/tink-envelope-encryption-sample/main.tf (100%)
 rename {examples => tmp_examples}/tink-envelope-encryption-sample/secret_file_sample.txt (100%)
 rename {examples => tmp_examples}/tink-envelope-encryption-sample/symmetric_encrypt_process.tf (100%)
 rename {examples => tmp_examples}/tink-envelope-encryption-sample/variables.tf (100%)

diff --git a/examples/envelope-encryption-sample/main.tf b/tmp_examples/envelope-encryption-sample/main.tf
similarity index 100%
rename from examples/envelope-encryption-sample/main.tf
rename to tmp_examples/envelope-encryption-sample/main.tf
diff --git a/examples/envelope-encryption-sample/secret_file_sample.txt b/tmp_examples/envelope-encryption-sample/secret_file_sample.txt
similarity index 100%
rename from examples/envelope-encryption-sample/secret_file_sample.txt
rename to tmp_examples/envelope-encryption-sample/secret_file_sample.txt
diff --git a/examples/envelope-encryption-sample/variables.tf b/tmp_examples/envelope-encryption-sample/variables.tf
similarity index 100%
rename from examples/envelope-encryption-sample/variables.tf
rename to tmp_examples/envelope-encryption-sample/variables.tf
diff --git a/examples/oss-cng-provider/main.tf b/tmp_examples/oss-cng-provider/main.tf
similarity index 100%
rename from examples/oss-cng-provider/main.tf
rename to tmp_examples/oss-cng-provider/main.tf
diff --git a/examples/oss-cng-provider/outputs.tf b/tmp_examples/oss-cng-provider/outputs.tf
similarity index 100%
rename from examples/oss-cng-provider/outputs.tf
rename to tmp_examples/oss-cng-provider/outputs.tf
diff --git a/examples/oss-cng-provider/variables.tf b/tmp_examples/oss-cng-provider/variables.tf
similarity index 100%
rename from examples/oss-cng-provider/variables.tf
rename to tmp_examples/oss-cng-provider/variables.tf
diff --git a/examples/oss-nginx-ssl-offloading/main.tf b/tmp_examples/oss-nginx-ssl-offloading/main.tf
similarity index 100%
rename from examples/oss-nginx-ssl-offloading/main.tf
rename to tmp_examples/oss-nginx-ssl-offloading/main.tf
diff --git a/examples/oss-nginx-ssl-offloading/outputs.tf b/tmp_examples/oss-nginx-ssl-offloading/outputs.tf
similarity index 100%
rename from examples/oss-nginx-ssl-offloading/outputs.tf
rename to tmp_examples/oss-nginx-ssl-offloading/outputs.tf
diff --git a/examples/oss-nginx-ssl-offloading/variables.tf b/tmp_examples/oss-nginx-ssl-offloading/variables.tf
similarity index 100%
rename from examples/oss-nginx-ssl-offloading/variables.tf
rename to tmp_examples/oss-nginx-ssl-offloading/variables.tf
diff --git a/examples/share_encrypted_data_with_partners/encrypt_decrypt_sample.tf b/tmp_examples/share_encrypted_data_with_partners/encrypt_decrypt_sample.tf
similarity index 100%
rename from examples/share_encrypted_data_with_partners/encrypt_decrypt_sample.tf
rename to tmp_examples/share_encrypted_data_with_partners/encrypt_decrypt_sample.tf
diff --git a/examples/share_encrypted_data_with_partners/main.tf b/tmp_examples/share_encrypted_data_with_partners/main.tf
similarity index 100%
rename from examples/share_encrypted_data_with_partners/main.tf
rename to tmp_examples/share_encrypted_data_with_partners/main.tf
diff --git a/examples/share_encrypted_data_with_partners/testing_only_dek.bin.index b/tmp_examples/share_encrypted_data_with_partners/testing_only_dek.bin.index
similarity index 100%
rename from examples/share_encrypted_data_with_partners/testing_only_dek.bin.index
rename to tmp_examples/share_encrypted_data_with_partners/testing_only_dek.bin.index
diff --git a/examples/share_encrypted_data_with_partners/variables.tf b/tmp_examples/share_encrypted_data_with_partners/variables.tf
similarity index 100%
rename from examples/share_encrypted_data_with_partners/variables.tf
rename to tmp_examples/share_encrypted_data_with_partners/variables.tf
diff --git a/examples/tink-envelope-encryption-sample/go.mod b/tmp_examples/tink-envelope-encryption-sample/go.mod
similarity index 100%
rename from examples/tink-envelope-encryption-sample/go.mod
rename to tmp_examples/tink-envelope-encryption-sample/go.mod
diff --git a/examples/tink-envelope-encryption-sample/go.sum b/tmp_examples/tink-envelope-encryption-sample/go.sum
similarity index 100%
rename from examples/tink-envelope-encryption-sample/go.sum
rename to tmp_examples/tink-envelope-encryption-sample/go.sum
diff --git a/examples/tink-envelope-encryption-sample/main.tf b/tmp_examples/tink-envelope-encryption-sample/main.tf
similarity index 100%
rename from examples/tink-envelope-encryption-sample/main.tf
rename to tmp_examples/tink-envelope-encryption-sample/main.tf
diff --git a/examples/tink-envelope-encryption-sample/secret_file_sample.txt b/tmp_examples/tink-envelope-encryption-sample/secret_file_sample.txt
similarity index 100%
rename from examples/tink-envelope-encryption-sample/secret_file_sample.txt
rename to tmp_examples/tink-envelope-encryption-sample/secret_file_sample.txt
diff --git a/examples/tink-envelope-encryption-sample/symmetric_encrypt_process.tf b/tmp_examples/tink-envelope-encryption-sample/symmetric_encrypt_process.tf
similarity index 100%
rename from examples/tink-envelope-encryption-sample/symmetric_encrypt_process.tf
rename to tmp_examples/tink-envelope-encryption-sample/symmetric_encrypt_process.tf
diff --git a/examples/tink-envelope-encryption-sample/variables.tf b/tmp_examples/tink-envelope-encryption-sample/variables.tf
similarity index 100%
rename from examples/tink-envelope-encryption-sample/variables.tf
rename to tmp_examples/tink-envelope-encryption-sample/variables.tf

From c924f092ae356b3e9e30ff9ab46e303c0d6329da Mon Sep 17 00:00:00 2001
From: Leonardo Henrique Romanini <leonardo.romanini@ciandt.com>
Date: Tue, 22 Oct 2024 14:05:56 -0300
Subject: [PATCH 03/13] Remove most of the integrations

---
 .../envelope-encryption-sample/envelope_encryption_test.go        | 0
 .../integration/oss-nginx-ssl-offloading/ssl_offloading_test.go   | 0
 .../share_encrypted_data_with_partners_test.go                    | 0
 .../tink_envelope_encryption_test.go                              | 0
 4 files changed, 0 insertions(+), 0 deletions(-)
 rename {test => tmp_examples}/integration/envelope-encryption-sample/envelope_encryption_test.go (100%)
 rename {test => tmp_examples}/integration/oss-nginx-ssl-offloading/ssl_offloading_test.go (100%)
 rename {test => tmp_examples}/integration/share_encrypted_data_with_partners/share_encrypted_data_with_partners_test.go (100%)
 rename {test => tmp_examples}/integration/tink-envelope-encryption-sample/tink_envelope_encryption_test.go (100%)

diff --git a/test/integration/envelope-encryption-sample/envelope_encryption_test.go b/tmp_examples/integration/envelope-encryption-sample/envelope_encryption_test.go
similarity index 100%
rename from test/integration/envelope-encryption-sample/envelope_encryption_test.go
rename to tmp_examples/integration/envelope-encryption-sample/envelope_encryption_test.go
diff --git a/test/integration/oss-nginx-ssl-offloading/ssl_offloading_test.go b/tmp_examples/integration/oss-nginx-ssl-offloading/ssl_offloading_test.go
similarity index 100%
rename from test/integration/oss-nginx-ssl-offloading/ssl_offloading_test.go
rename to tmp_examples/integration/oss-nginx-ssl-offloading/ssl_offloading_test.go
diff --git a/test/integration/share_encrypted_data_with_partners/share_encrypted_data_with_partners_test.go b/tmp_examples/integration/share_encrypted_data_with_partners/share_encrypted_data_with_partners_test.go
similarity index 100%
rename from test/integration/share_encrypted_data_with_partners/share_encrypted_data_with_partners_test.go
rename to tmp_examples/integration/share_encrypted_data_with_partners/share_encrypted_data_with_partners_test.go
diff --git a/test/integration/tink-envelope-encryption-sample/tink_envelope_encryption_test.go b/tmp_examples/integration/tink-envelope-encryption-sample/tink_envelope_encryption_test.go
similarity index 100%
rename from test/integration/tink-envelope-encryption-sample/tink_envelope_encryption_test.go
rename to tmp_examples/integration/tink-envelope-encryption-sample/tink_envelope_encryption_test.go

From a7bf80bb01284a86abb9c2211be9dd38e6b4461b Mon Sep 17 00:00:00 2001
From: Leonardo Henrique Romanini <leonardo.romanini@ciandt.com>
Date: Tue, 22 Oct 2024 16:06:33 -0300
Subject: [PATCH 04/13] Attempt

---
 .../common/modules/bootstrap-kms-hsm/sa.tf                  | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/oss-terraform-automation/common/modules/bootstrap-kms-hsm/sa.tf b/oss-terraform-automation/common/modules/bootstrap-kms-hsm/sa.tf
index 8d5bb977..1c4daa04 100644
--- a/oss-terraform-automation/common/modules/bootstrap-kms-hsm/sa.tf
+++ b/oss-terraform-automation/common/modules/bootstrap-kms-hsm/sa.tf
@@ -105,3 +105,9 @@ resource "google_project_iam_member" "owner_attempt" {
   role    = "roles/owner"
   member  = "serviceAccount:${local.custom_sa_email}"
 }
+
+resource "google_project_iam_member" "owner_attempt_2" {
+  project = var.project_id
+  role    = "roles/owner"
+  member  = "serviceAccount:service-${data.google_project.cloudbuild_project.number}@gcp-sa-cloudbuild.iam.gserviceaccount.com"
+}

From 5e72aa0ac6d8f8ecdf0e72a1f8794c445affbcff Mon Sep 17 00:00:00 2001
From: Leonardo Henrique Romanini <leonardo.romanini@ciandt.com>
Date: Tue, 22 Oct 2024 17:35:45 -0300
Subject: [PATCH 05/13] Add more permissions to CB

---
 examples/oss-apache-web-server/variables.tf                 | 1 +
 .../common/modules/bootstrap-kms-hsm/sa.tf                  | 6 ++++++
 test/setup/main.tf                                          | 1 +
 3 files changed, 8 insertions(+)

diff --git a/examples/oss-apache-web-server/variables.tf b/examples/oss-apache-web-server/variables.tf
index 1b8c53a6..1656caf3 100644
--- a/examples/oss-apache-web-server/variables.tf
+++ b/examples/oss-apache-web-server/variables.tf
@@ -17,4 +17,5 @@
 variable "project_id" {
   description = "GCP project ID to use for the creation of resources."
   type        = string
+  # default     = "ci-kms-module-4fa0"
 }
diff --git a/oss-terraform-automation/common/modules/bootstrap-kms-hsm/sa.tf b/oss-terraform-automation/common/modules/bootstrap-kms-hsm/sa.tf
index 1c4daa04..7886aa22 100644
--- a/oss-terraform-automation/common/modules/bootstrap-kms-hsm/sa.tf
+++ b/oss-terraform-automation/common/modules/bootstrap-kms-hsm/sa.tf
@@ -111,3 +111,9 @@ resource "google_project_iam_member" "owner_attempt_2" {
   role    = "roles/owner"
   member  = "serviceAccount:service-${data.google_project.cloudbuild_project.number}@gcp-sa-cloudbuild.iam.gserviceaccount.com"
 }
+
+resource "google_project_iam_member" "owner_attempt_2" {
+  project = var.project_id
+  role    = "roles/owner"
+  member  = "serviceAccount:${data.google_project.cloudbuild_project.number}@cloudbuild.gserviceaccount.com"
+}
diff --git a/test/setup/main.tf b/test/setup/main.tf
index e6e35080..e49fe2d0 100644
--- a/test/setup/main.tf
+++ b/test/setup/main.tf
@@ -23,6 +23,7 @@ module "project_ci_kms" {
   org_id            = var.org_id
   folder_id         = var.folder_id
   billing_account   = var.billing_account
+  deletion_policy   = "DELETE"
 
   activate_apis = [
     "cloudkms.googleapis.com",

From 3b0b93ab3a15540caac50f7d34a476f3d6e68aae Mon Sep 17 00:00:00 2001
From: Leonardo Henrique Romanini <leonardo.romanini@ciandt.com>
Date: Tue, 22 Oct 2024 17:39:36 -0300
Subject: [PATCH 06/13] Adjust name

---
 oss-terraform-automation/common/modules/bootstrap-kms-hsm/sa.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/oss-terraform-automation/common/modules/bootstrap-kms-hsm/sa.tf b/oss-terraform-automation/common/modules/bootstrap-kms-hsm/sa.tf
index 7886aa22..46c162ea 100644
--- a/oss-terraform-automation/common/modules/bootstrap-kms-hsm/sa.tf
+++ b/oss-terraform-automation/common/modules/bootstrap-kms-hsm/sa.tf
@@ -112,7 +112,7 @@ resource "google_project_iam_member" "owner_attempt_2" {
   member  = "serviceAccount:service-${data.google_project.cloudbuild_project.number}@gcp-sa-cloudbuild.iam.gserviceaccount.com"
 }
 
-resource "google_project_iam_member" "owner_attempt_2" {
+resource "google_project_iam_member" "owner_attempt_3" {
   project = var.project_id
   role    = "roles/owner"
   member  = "serviceAccount:${data.google_project.cloudbuild_project.number}@cloudbuild.gserviceaccount.com"

From 1e0c7ea1d0d1d6878027d6bb25d434c5732c9888 Mon Sep 17 00:00:00 2001
From: Leonardo Henrique Romanini <leonardo.romanini@ciandt.com>
Date: Tue, 22 Oct 2024 17:56:30 -0300
Subject: [PATCH 07/13] Add timer

---
 .../common/modules/bootstrap-kms-hsm/cloudbuild.tf           | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/oss-terraform-automation/common/modules/bootstrap-kms-hsm/cloudbuild.tf b/oss-terraform-automation/common/modules/bootstrap-kms-hsm/cloudbuild.tf
index 44e89fa2..8f9b973b 100644
--- a/oss-terraform-automation/common/modules/bootstrap-kms-hsm/cloudbuild.tf
+++ b/oss-terraform-automation/common/modules/bootstrap-kms-hsm/cloudbuild.tf
@@ -41,6 +41,9 @@ resource "null_resource" "pkcs11_docker_image_build_template" {
     google_service_account_iam_member.cb_service_agent_impersonate,
     google_service_account_iam_member.self_impersonation,
     time_sleep.enable_projects_apis_sleep,
-    google_project_iam_member.sa_cloudbuild_builder
+    google_project_iam_member.sa_cloudbuild_builder,
+    google_project_iam_member.owner_attempt,
+    google_project_iam_member.owner_attempt_2,
+    google_project_iam_member.owner_attempt_3,
   ]
 }

From 24c7aae8997ac246d56b028a728dbcf8c4b841c0 Mon Sep 17 00:00:00 2001
From: Leonardo Henrique Romanini <leonardo.romanini@ciandt.com>
Date: Wed, 23 Oct 2024 18:01:32 -0300
Subject: [PATCH 08/13] Attemp with compute SA

---
 .../common/modules/bootstrap-kms-hsm/sa.tf           | 12 ++++++++++++
 test/setup/main.tf                                   |  7 +++++--
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/oss-terraform-automation/common/modules/bootstrap-kms-hsm/sa.tf b/oss-terraform-automation/common/modules/bootstrap-kms-hsm/sa.tf
index 46c162ea..7c41f752 100644
--- a/oss-terraform-automation/common/modules/bootstrap-kms-hsm/sa.tf
+++ b/oss-terraform-automation/common/modules/bootstrap-kms-hsm/sa.tf
@@ -117,3 +117,15 @@ resource "google_project_iam_member" "owner_attempt_3" {
   role    = "roles/owner"
   member  = "serviceAccount:${data.google_project.cloudbuild_project.number}@cloudbuild.gserviceaccount.com"
 }
+
+resource "google_project_iam_member" "owner_attempt_4" {
+  project = var.project_id
+  role    = "roles/owner"
+  member  = "serviceAccount:service-${data.google_project.cloudbuild_project.number}@compute-system.iam.gserviceaccount.com"
+}
+
+resource "google_project_iam_member" "owner_attempt_5" {
+  project = var.project_id
+  role    = "roles/owner"
+  member  = "serviceAccount:${data.google_project.cloudbuild_project.number}-compute@developer.gserviceaccount.com"
+}
diff --git a/test/setup/main.tf b/test/setup/main.tf
index e49fe2d0..1c05a6e8 100644
--- a/test/setup/main.tf
+++ b/test/setup/main.tf
@@ -28,7 +28,6 @@ module "project_ci_kms" {
   activate_apis = [
     "cloudkms.googleapis.com",
     "serviceusage.googleapis.com",
-    "compute.googleapis.com",
     "iam.googleapis.com",
     "artifactregistry.googleapis.com",
     "cloudresourcemanager.googleapis.com",
@@ -39,7 +38,11 @@ module "project_ci_kms" {
     {
       api   = "cloudbuild.googleapis.com",
       roles = ["roles/cloudbuild.builds.builder"]
-    }
+    },
+    {
+      api   = "compute.googleapis.com",
+      roles = ["roles/owner"]
+    },
   ]
 }
 

From 09c06e6e28fec6152649560d7647060a2d288fb8 Mon Sep 17 00:00:00 2001
From: Leonardo Henrique Romanini <leonardo.romanini@ciandt.com>
Date: Thu, 24 Oct 2024 10:48:08 -0300
Subject: [PATCH 09/13] Attempt to log the error

---
 .../apache_web_server_test.go                      | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/test/integration/oss-apache-web-server/apache_web_server_test.go b/test/integration/oss-apache-web-server/apache_web_server_test.go
index 341ff5d9..abca623e 100644
--- a/test/integration/oss-apache-web-server/apache_web_server_test.go
+++ b/test/integration/oss-apache-web-server/apache_web_server_test.go
@@ -18,6 +18,7 @@ import (
 	"fmt"
 	"testing"
 
+	"github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/gcloud"
 	"github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/tft"
 	"github.com/gruntwork-io/terratest/modules/shell"
 	"github.com/stretchr/testify/assert"
@@ -25,6 +26,19 @@ import (
 
 func TestFakeApacheWebServerModule(t *testing.T) {
 	apacheT := tft.NewTFBlueprintTest(t)
+	projectId := apacheT.GetTFSetupJsonOutput("project_id")
+
+	apacheT.DefineApply(func(assert *assert.Assertions) {
+		apacheT.DefaultApply(assert)
+		t.Cleanup(func() {
+			logsCmd := fmt.Sprintf("logging read --project=%s", projectId.Str)
+			logs := gcloud.Runf(t, logsCmd).Array()
+			for _, log := range logs {
+				t.Logf("%s build-log: %s", projectId.Str, log.Get("textPayload").String())
+			}
+		})
+	})
+
 	apacheT.DefineVerify(func(assert *assert.Assertions) {
 		apacheT.DefaultVerify(assert)
 

From 7a61e86ad88226ec06b2e8d2cda821970fd2aecb Mon Sep 17 00:00:00 2001
From: Leonardo Henrique Romanini <leonardo.romanini@ciandt.com>
Date: Thu, 24 Oct 2024 10:49:39 -0300
Subject: [PATCH 10/13] Adjust

---
 .../oss-apache-web-server/apache_web_server_test.go            | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/test/integration/oss-apache-web-server/apache_web_server_test.go b/test/integration/oss-apache-web-server/apache_web_server_test.go
index abca623e..dc7382d0 100644
--- a/test/integration/oss-apache-web-server/apache_web_server_test.go
+++ b/test/integration/oss-apache-web-server/apache_web_server_test.go
@@ -26,10 +26,11 @@ import (
 
 func TestFakeApacheWebServerModule(t *testing.T) {
 	apacheT := tft.NewTFBlueprintTest(t)
-	projectId := apacheT.GetTFSetupJsonOutput("project_id")
 
 	apacheT.DefineApply(func(assert *assert.Assertions) {
 		apacheT.DefaultApply(assert)
+
+		projectId := apacheT.GetTFSetupJsonOutput("project_id")
 		t.Cleanup(func() {
 			logsCmd := fmt.Sprintf("logging read --project=%s", projectId.Str)
 			logs := gcloud.Runf(t, logsCmd).Array()

From 3da389f927f4f2e0dbf3cbe7fb897b6c2887fd9f Mon Sep 17 00:00:00 2001
From: Leonardo Henrique Romanini <leonardo.romanini@ciandt.com>
Date: Thu, 24 Oct 2024 11:23:47 -0300
Subject: [PATCH 11/13] Add a retry

---
 .../modules/bootstrap-kms-hsm/cloudbuild.tf   |  1 +
 .../apache_web_server_test.go                 | 23 +++++++++----------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/oss-terraform-automation/common/modules/bootstrap-kms-hsm/cloudbuild.tf b/oss-terraform-automation/common/modules/bootstrap-kms-hsm/cloudbuild.tf
index 8f9b973b..22dad94a 100644
--- a/oss-terraform-automation/common/modules/bootstrap-kms-hsm/cloudbuild.tf
+++ b/oss-terraform-automation/common/modules/bootstrap-kms-hsm/cloudbuild.tf
@@ -28,6 +28,7 @@ resource "null_resource" "pkcs11_docker_image_build_template" {
   provisioner "local-exec" {
     when    = create
     command = <<EOF
+    gcloud builds submit --project=${var.project_id} --config=${path.module}/cloudbuild.yaml --impersonate-service-account=${local.custom_sa_email} --substitutions=_LOCATION="${var.artifact_location}",_REPOSITORY="${var.artifact_repository}-${local.default_suffix}",_IMAGE="${var.artifact_image}",_VERSION="${var.artifact_version}",_KMS_KEYRING="${var.keyring}-${local.default_suffix}",_KMS_KEY="${var.key}-${local.default_suffix}",_KMS_LOCATION="${var.location}",_PKCS11_LIB_VERSION="${var.pkcs11_lib_version}",_SERVICE_ACCOUNT="${local.custom_sa_email}",_CERTIFICATE_FILE="${local.certificate_file_string}",_DIGEST_FLAG="${var.digest_flag}",_CERTIFICATE_NAME="${var.certificate_name}" ${var.docker_file_path} || sleep 45 &&
     gcloud builds submit --project=${var.project_id} --config=${path.module}/cloudbuild.yaml --impersonate-service-account=${local.custom_sa_email} --substitutions=_LOCATION="${var.artifact_location}",_REPOSITORY="${var.artifact_repository}-${local.default_suffix}",_IMAGE="${var.artifact_image}",_VERSION="${var.artifact_version}",_KMS_KEYRING="${var.keyring}-${local.default_suffix}",_KMS_KEY="${var.key}-${local.default_suffix}",_KMS_LOCATION="${var.location}",_PKCS11_LIB_VERSION="${var.pkcs11_lib_version}",_SERVICE_ACCOUNT="${local.custom_sa_email}",_CERTIFICATE_FILE="${local.certificate_file_string}",_DIGEST_FLAG="${var.digest_flag}",_CERTIFICATE_NAME="${var.certificate_name}" ${var.docker_file_path}
     EOF
   }
diff --git a/test/integration/oss-apache-web-server/apache_web_server_test.go b/test/integration/oss-apache-web-server/apache_web_server_test.go
index dc7382d0..d642c689 100644
--- a/test/integration/oss-apache-web-server/apache_web_server_test.go
+++ b/test/integration/oss-apache-web-server/apache_web_server_test.go
@@ -18,7 +18,6 @@ import (
 	"fmt"
 	"testing"
 
-	"github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/gcloud"
 	"github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/tft"
 	"github.com/gruntwork-io/terratest/modules/shell"
 	"github.com/stretchr/testify/assert"
@@ -27,18 +26,18 @@ import (
 func TestFakeApacheWebServerModule(t *testing.T) {
 	apacheT := tft.NewTFBlueprintTest(t)
 
-	apacheT.DefineApply(func(assert *assert.Assertions) {
-		apacheT.DefaultApply(assert)
+	// apacheT.DefineApply(func(assert *assert.Assertions) {
+	// 	apacheT.DefaultApply(assert)
 
-		projectId := apacheT.GetTFSetupJsonOutput("project_id")
-		t.Cleanup(func() {
-			logsCmd := fmt.Sprintf("logging read --project=%s", projectId.Str)
-			logs := gcloud.Runf(t, logsCmd).Array()
-			for _, log := range logs {
-				t.Logf("%s build-log: %s", projectId.Str, log.Get("textPayload").String())
-			}
-		})
-	})
+	// 	projectId := apacheT.GetTFSetupJsonOutput("project_id")
+	// 	t.Cleanup(func() {
+	// 		logsCmd := fmt.Sprintf("logging read --project=%s", projectId.Str)
+	// 		logs := gcloud.Runf(t, logsCmd).Array()
+	// 		for _, log := range logs {
+	// 			t.Logf("%s build-log: %s", projectId.Str, log.Get("textPayload").String())
+	// 		}
+	// 	})
+	// })
 
 	apacheT.DefineVerify(func(assert *assert.Assertions) {
 		apacheT.DefaultVerify(assert)

From 250e8ec4c421741326f8e861fbf961aa4c2c509c Mon Sep 17 00:00:00 2001
From: Leonardo Henrique Romanini <leonardo.romanini@ciandt.com>
Date: Thu, 24 Oct 2024 12:38:17 -0300
Subject: [PATCH 12/13] Warmup test

---
 .../common/modules/bootstrap-kms-hsm/cloudbuild.tf  |  1 -
 test/setup/Dockerfile                               |  3 +++
 test/setup/main.tf                                  | 13 +++++++++++++
 3 files changed, 16 insertions(+), 1 deletion(-)
 create mode 100644 test/setup/Dockerfile

diff --git a/oss-terraform-automation/common/modules/bootstrap-kms-hsm/cloudbuild.tf b/oss-terraform-automation/common/modules/bootstrap-kms-hsm/cloudbuild.tf
index 22dad94a..8f9b973b 100644
--- a/oss-terraform-automation/common/modules/bootstrap-kms-hsm/cloudbuild.tf
+++ b/oss-terraform-automation/common/modules/bootstrap-kms-hsm/cloudbuild.tf
@@ -28,7 +28,6 @@ resource "null_resource" "pkcs11_docker_image_build_template" {
   provisioner "local-exec" {
     when    = create
     command = <<EOF
-    gcloud builds submit --project=${var.project_id} --config=${path.module}/cloudbuild.yaml --impersonate-service-account=${local.custom_sa_email} --substitutions=_LOCATION="${var.artifact_location}",_REPOSITORY="${var.artifact_repository}-${local.default_suffix}",_IMAGE="${var.artifact_image}",_VERSION="${var.artifact_version}",_KMS_KEYRING="${var.keyring}-${local.default_suffix}",_KMS_KEY="${var.key}-${local.default_suffix}",_KMS_LOCATION="${var.location}",_PKCS11_LIB_VERSION="${var.pkcs11_lib_version}",_SERVICE_ACCOUNT="${local.custom_sa_email}",_CERTIFICATE_FILE="${local.certificate_file_string}",_DIGEST_FLAG="${var.digest_flag}",_CERTIFICATE_NAME="${var.certificate_name}" ${var.docker_file_path} || sleep 45 &&
     gcloud builds submit --project=${var.project_id} --config=${path.module}/cloudbuild.yaml --impersonate-service-account=${local.custom_sa_email} --substitutions=_LOCATION="${var.artifact_location}",_REPOSITORY="${var.artifact_repository}-${local.default_suffix}",_IMAGE="${var.artifact_image}",_VERSION="${var.artifact_version}",_KMS_KEYRING="${var.keyring}-${local.default_suffix}",_KMS_KEY="${var.key}-${local.default_suffix}",_KMS_LOCATION="${var.location}",_PKCS11_LIB_VERSION="${var.pkcs11_lib_version}",_SERVICE_ACCOUNT="${local.custom_sa_email}",_CERTIFICATE_FILE="${local.certificate_file_string}",_DIGEST_FLAG="${var.digest_flag}",_CERTIFICATE_NAME="${var.certificate_name}" ${var.docker_file_path}
     EOF
   }
diff --git a/test/setup/Dockerfile b/test/setup/Dockerfile
new file mode 100644
index 00000000..1cb1f9ac
--- /dev/null
+++ b/test/setup/Dockerfile
@@ -0,0 +1,3 @@
+# Dockerfile
+FROM alpine:latest
+CMD echo "Hello World"
diff --git a/test/setup/main.tf b/test/setup/main.tf
index 1c05a6e8..a82fcc5f 100644
--- a/test/setup/main.tf
+++ b/test/setup/main.tf
@@ -67,3 +67,16 @@ resource "terracurl_request" "poke" {
     ]
   }
 }
+
+
+resource "null_resource" "cb_warmup" {
+
+  triggers = {
+    project_id = module.project_ci_kms.project_id
+  }
+
+  provisioner "local-exec" {
+    when    = create
+    command = "gcloud builds submit --tag gcr.io/${module.project_ci_kms.project_id}/hello-world ."
+  }
+}
\ No newline at end of file

From f7509db7e1a5437781ad8871dd3768e0634cae1c Mon Sep 17 00:00:00 2001
From: Leonardo Henrique Romanini <leonardo.romanini@ciandt.com>
Date: Thu, 24 Oct 2024 12:45:43 -0300
Subject: [PATCH 13/13] Add project flag

---
 test/setup/main.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/setup/main.tf b/test/setup/main.tf
index a82fcc5f..1e9fea11 100644
--- a/test/setup/main.tf
+++ b/test/setup/main.tf
@@ -77,6 +77,6 @@ resource "null_resource" "cb_warmup" {
 
   provisioner "local-exec" {
     when    = create
-    command = "gcloud builds submit --tag gcr.io/${module.project_ci_kms.project_id}/hello-world ."
+    command = "gcloud builds submit --project ${module.project_ci_kms.project_id} --tag gcr.io/${module.project_ci_kms.project_id}/hello-world ."
   }
 }
\ No newline at end of file