From e14f19970e21cb2233d8154f55adc381b9967969 Mon Sep 17 00:00:00 2001 From: Ludovico Magnocavallo Date: Tue, 17 Sep 2019 07:49:26 +0200 Subject: [PATCH 01/11] 0.12 upgrade --- examples/forwarding-zone/main.tf | 22 ++--- examples/forwarding-zone/outputs.tf | 3 +- examples/forwarding-zone/providers.tf | 21 ++++- examples/forwarding-zone/variables.tf | 3 +- examples/forwarding-zone/versions.tf | 19 ++++ examples/peering-zone/main.tf | 20 ++-- examples/peering-zone/outputs.tf | 3 +- examples/peering-zone/providers.tf | 21 ++++- examples/peering-zone/variables.tf | 3 +- examples/peering-zone/versions.tf | 19 ++++ examples/private-zone/main.tf | 15 +-- examples/private-zone/outputs.tf | 2 +- examples/private-zone/providers.tf | 20 +++- examples/private-zone/variables.tf | 2 +- examples/public-zone/main.tf | 10 +- examples/public-zone/outputs.tf | 2 +- examples/public-zone/providers.tf | 20 +++- examples/public-zone/variables.tf | 2 +- main.tf | 126 +++++++++++++++----------- outputs.tf | 51 ++++++----- variables.tf | 47 ++++++---- versions.tf | 19 ++++ 22 files changed, 297 insertions(+), 153 deletions(-) create mode 100644 examples/forwarding-zone/versions.tf create mode 100644 examples/peering-zone/versions.tf create mode 100644 versions.tf diff --git a/examples/forwarding-zone/main.tf b/examples/forwarding-zone/main.tf index bc7164f..27ddbcd 100644 --- a/examples/forwarding-zone/main.tf +++ b/examples/forwarding-zone/main.tf @@ -16,20 +16,12 @@ module "dns-forwarding-zone" { source = "../.." - project_id = "${var.project_id}" - zone_type = "forwarding" - name = "${var.zone_name}" - domain = "${var.domain}" + project_id = var.project_id + type = "forwarding" + name = var.name + domain = var.domain - private_visibility_config = [{ - networks = [{ - network_url = "${var.network_self_link}" - }] - }] - - target_name_servers = [{ - ipv4_address = "8.8.8.8" - }, { - ipv4_address = "8.8.4.4" - }] + private_visibility_config_networks = [var.network_self_link] + target_name_server_addresses = ["8.8.8.8", "8.8.4.4"] } + diff --git a/examples/forwarding-zone/outputs.tf b/examples/forwarding-zone/outputs.tf index 14704a9..4a2588a 100644 --- a/examples/forwarding-zone/outputs.tf +++ b/examples/forwarding-zone/outputs.tf @@ -16,5 +16,6 @@ output "name_servers" { description = "Zone name servers." - value = "${module.dns-forwarding-zone.name_servers}" + value = module.dns-forwarding-zone.name_servers } + diff --git a/examples/forwarding-zone/providers.tf b/examples/forwarding-zone/providers.tf index 55f7a3d..1232e49 100644 --- a/examples/forwarding-zone/providers.tf +++ b/examples/forwarding-zone/providers.tf @@ -1,7 +1,24 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + provider "google" { - version = ">= 2.5.1" + version = ">= 2.14" } provider "google-beta" { - version = ">= 2.5.1" + version = ">= 2.14" } + diff --git a/examples/forwarding-zone/variables.tf b/examples/forwarding-zone/variables.tf index 63aa7d0..e2c53a0 100644 --- a/examples/forwarding-zone/variables.tf +++ b/examples/forwarding-zone/variables.tf @@ -24,7 +24,7 @@ variable "network_self_link" { default = "" } -variable "zone_name" { +variable "name" { description = "DNS zone name." default = "foo-local" } @@ -33,3 +33,4 @@ variable "domain" { description = "Zone domain." default = "foo.local." } + diff --git a/examples/forwarding-zone/versions.tf b/examples/forwarding-zone/versions.tf new file mode 100644 index 0000000..2970427 --- /dev/null +++ b/examples/forwarding-zone/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = ">= 0.12" +} diff --git a/examples/peering-zone/main.tf b/examples/peering-zone/main.tf index 4668f0c..b999842 100644 --- a/examples/peering-zone/main.tf +++ b/examples/peering-zone/main.tf @@ -15,17 +15,11 @@ */ module "dns-peering-zone" { - source = "../.." - project_id = "${var.project_id}" - zone_type = "peering" - name = "${var.zone_name}" - domain = "${var.domain}" - - private_visibility_config = [{ - networks = [{ - network_url = "${var.network_self_link}" - }] - }] - - target_network = "${var.target_network_self_link}" + source = "../.." + project_id = var.project_id + type = "peering" + name = var.name + domain = var.domain + private_visibility_config_networks = [var.network_self_link] + target_network = var.target_network_self_link } diff --git a/examples/peering-zone/outputs.tf b/examples/peering-zone/outputs.tf index af9e277..935f4a6 100644 --- a/examples/peering-zone/outputs.tf +++ b/examples/peering-zone/outputs.tf @@ -16,5 +16,6 @@ output "name_servers" { description = "Zone name servers." - value = "${module.dns-peering-zone.name_servers}" + value = module.dns-peering-zone.name_servers } + diff --git a/examples/peering-zone/providers.tf b/examples/peering-zone/providers.tf index 55f7a3d..1232e49 100644 --- a/examples/peering-zone/providers.tf +++ b/examples/peering-zone/providers.tf @@ -1,7 +1,24 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + provider "google" { - version = ">= 2.5.1" + version = ">= 2.14" } provider "google-beta" { - version = ">= 2.5.1" + version = ">= 2.14" } + diff --git a/examples/peering-zone/variables.tf b/examples/peering-zone/variables.tf index c479fa9..323e2e4 100644 --- a/examples/peering-zone/variables.tf +++ b/examples/peering-zone/variables.tf @@ -29,7 +29,7 @@ variable "target_network_self_link" { default = "" } -variable "zone_name" { +variable "name" { description = "DNS zone name." default = "foo-local" } @@ -38,3 +38,4 @@ variable "domain" { description = "Zone domain." default = "foo.local." } + diff --git a/examples/peering-zone/versions.tf b/examples/peering-zone/versions.tf new file mode 100644 index 0000000..832ec1d --- /dev/null +++ b/examples/peering-zone/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = ">= 0.12" +} diff --git a/examples/private-zone/main.tf b/examples/private-zone/main.tf index 3edd121..60093f8 100644 --- a/examples/private-zone/main.tf +++ b/examples/private-zone/main.tf @@ -16,19 +16,14 @@ module "dns-private-zone" { source = "../.." - project_id = "${var.project_id}" - zone_type = "private" - name = "${var.zone_name}" - domain = "${var.domain}" + project_id = var.project_id + type = "private" + name = var.name + domain = var.domain - private_visibility_config = [{ - networks = [{ - network_url = "${var.network_self_link}" - }] - }] + private_visibility_config_networks = [var.network_self_link] record_names = ["localhost"] - record_data = [ { rrdatas = "127.0.0.1" diff --git a/examples/private-zone/outputs.tf b/examples/private-zone/outputs.tf index 9393744..fa44e34 100644 --- a/examples/private-zone/outputs.tf +++ b/examples/private-zone/outputs.tf @@ -16,5 +16,5 @@ output "name_servers" { description = "Zone name servers." - value = "${module.dns-private-zone.name_servers}" + value = module.dns-private-zone.name_servers } diff --git a/examples/private-zone/providers.tf b/examples/private-zone/providers.tf index 55f7a3d..7b4094f 100644 --- a/examples/private-zone/providers.tf +++ b/examples/private-zone/providers.tf @@ -1,7 +1,23 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + provider "google" { - version = ">= 2.5.1" + version = ">= 2.14" } provider "google-beta" { - version = ">= 2.5.1" + version = ">= 2.14" } diff --git a/examples/private-zone/variables.tf b/examples/private-zone/variables.tf index 63aa7d0..d8c01d7 100644 --- a/examples/private-zone/variables.tf +++ b/examples/private-zone/variables.tf @@ -24,7 +24,7 @@ variable "network_self_link" { default = "" } -variable "zone_name" { +variable "name" { description = "DNS zone name." default = "foo-local" } diff --git a/examples/public-zone/main.tf b/examples/public-zone/main.tf index 2682c11..815a7af 100644 --- a/examples/public-zone/main.tf +++ b/examples/public-zone/main.tf @@ -1,5 +1,5 @@ /** - * Copyright 2018 Google LLC + * Copyright 2019 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,10 +16,10 @@ module "dns-public-zone" { source = "../.." - project_id = "${var.project_id}" - zone_type = "public" - name = "${var.zone_name}" - domain = "${var.domain}" + project_id = var.project_id + type = "public" + name = var.name + domain = var.domain record_names = ["localhost"] record_data = [ diff --git a/examples/public-zone/outputs.tf b/examples/public-zone/outputs.tf index 39db64c..db5b2ef 100644 --- a/examples/public-zone/outputs.tf +++ b/examples/public-zone/outputs.tf @@ -16,5 +16,5 @@ output "name_servers" { description = "Zone name servers." - value = "${module.dns-public-zone.name_servers}" + value = module.dns-public-zone.name_servers } diff --git a/examples/public-zone/providers.tf b/examples/public-zone/providers.tf index 55f7a3d..7b4094f 100644 --- a/examples/public-zone/providers.tf +++ b/examples/public-zone/providers.tf @@ -1,7 +1,23 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + provider "google" { - version = ">= 2.5.1" + version = ">= 2.14" } provider "google-beta" { - version = ">= 2.5.1" + version = ">= 2.14" } diff --git a/examples/public-zone/variables.tf b/examples/public-zone/variables.tf index 3828630..7211286 100644 --- a/examples/public-zone/variables.tf +++ b/examples/public-zone/variables.tf @@ -19,7 +19,7 @@ variable "project_id" { default = "" } -variable "zone_name" { +variable "name" { description = "DNS zone name." default = "foo-example-org" } diff --git a/main.tf b/main.tf index e1631c6..e00a074 100644 --- a/main.tf +++ b/main.tf @@ -1,5 +1,5 @@ /** - * Copyright 2018 Google LLC + * Copyright 2019 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -15,86 +15,102 @@ */ locals { - check_zone_type = "${ - (var.zone_type != "public" ? 1 : 0) - + - (var.zone_type != "private" ? 1 : 0) - + - (var.zone_type != "forwarding" ? 1 : 0) - + - (var.zone_type != "peering" ? 1 : 0) - }" - - is_static_zone = "${var.zone_type == "public" || var.zone_type == "private"}" -} - -resource "null_resource" "invalid_zone" { - count = "${local.check_zone_type != 3 ? 1 : 0}" - "ERROR: invalid zone type" = true + is_static_zone = var.type == "public" || var.type == "private" } resource "google_dns_managed_zone" "peering" { - count = "${var.zone_type == "peering" ? 1 : 0}" - provider = "google-beta" - project = "${var.project_id}" - name = "${var.name}" - dns_name = "${var.domain}" - description = "Terraform-managed zone." - visibility = "private" - private_visibility_config = ["${var.private_visibility_config}"] + count = var.type == "peering" ? 1 : 0 + provider = google-beta + project = var.project_id + name = var.name + dns_name = var.domain + description = "Terraform-managed zone." + visibility = "private" + + private_visibility_config { + dynamic "networks" { + for_each = var.private_visibility_config_networks + content { + network_url = networks.value + } + } + } peering_config { target_network { - network_url = "${var.target_network}" + network_url = var.target_network } } } resource "google_dns_managed_zone" "forwarding" { - count = "${var.zone_type == "forwarding" ? 1 : 0}" - provider = "google-beta" - project = "${var.project_id}" - name = "${var.name}" - dns_name = "${var.domain}" - description = "Terraform-managed zone." - visibility = "private" - private_visibility_config = ["${var.private_visibility_config}"] + count = var.type == "forwarding" ? 1 : 0 + provider = google-beta + project = var.project_id + name = var.name + dns_name = var.domain + description = "Terraform-managed zone." + visibility = "private" + + private_visibility_config { + dynamic "networks" { + for_each = var.private_visibility_config_networks + content { + network_url = networks.value + } + } + } forwarding_config { - target_name_servers = ["${var.target_name_servers}"] + dynamic "target_name_servers" { + for_each = var.target_name_server_addresses + content { + ipv4_address = target_name_servers.value + } + } } } resource "google_dns_managed_zone" "private" { - count = "${var.zone_type == "private" ? 1 : 0}" - project = "${var.project_id}" - name = "${var.name}" - dns_name = "${var.domain}" - description = "Terraform-managed zone." - visibility = "private" - private_visibility_config = ["${var.private_visibility_config}"] + count = var.type == "private" ? 1 : 0 + project = var.project_id + name = var.name + dns_name = var.domain + description = "Terraform-managed zone." + visibility = "private" + + private_visibility_config { + dynamic "networks" { + for_each = var.private_visibility_config_networks + content { + network_url = networks.value + } + } + } } resource "google_dns_managed_zone" "public" { - count = "${var.zone_type == "public" ? 1 : 0}" - project = "${var.project_id}" - name = "${var.name}" - dns_name = "${var.domain}" + count = var.type == "public" ? 1 : 0 + project = var.project_id + name = var.name + dns_name = var.domain description = "Terraform-managed zone." visibility = "public" } resource "google_dns_record_set" "cloud-static-records" { - count = "${local.is_static_zone ? length(var.record_names) : 0}" - project = "${var.project_id}" - managed_zone = "${var.name}" + count = local.is_static_zone ? length(var.record_names) : 0 + project = var.project_id + managed_zone = var.name name = "${element(var.record_names, count.index)}.${var.domain}" - type = "${lookup(var.record_data[count.index], "type")}" - ttl = "${lookup(var.record_data[count.index], "ttl", 300)}" + type = var.record_data[count.index]["type"] + ttl = lookup(var.record_data[count.index], "ttl", 300) - rrdatas = [ - "${split(",", lookup(var.record_data[count.index], "rrdatas"))}", - ] + rrdatas = split(",", var.record_data[count.index]["rrdatas"]) - depends_on = ["google_dns_managed_zone.private", "google_dns_managed_zone.public"] + depends_on = [ + google_dns_managed_zone.private, + google_dns_managed_zone.public, + ] } + diff --git a/outputs.tf b/outputs.tf index 4af021e..680a477 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,5 +1,5 @@ /** - * Copyright 2018 Google LLC + * Copyright 2019 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -14,40 +14,49 @@ * limitations under the License. */ -output "zone_type" { +output "type" { description = "The DNS zone type." - value = "${var.zone_type}" + value = var.type } output "name" { description = "The DNS zone name." - value = "${element(concat( - google_dns_managed_zone.peering.*.name, - google_dns_managed_zone.forwarding.*.name, - google_dns_managed_zone.private.*.name, - google_dns_managed_zone.public.*.name, - ), 0)}" + value = element( + concat( + google_dns_managed_zone.peering.*.name, + google_dns_managed_zone.forwarding.*.name, + google_dns_managed_zone.private.*.name, + google_dns_managed_zone.public.*.name, + ), + 0, + ) } output "domain" { description = "The DNS zone domain." - value = "${element(concat( - google_dns_managed_zone.peering.*.dns_name, - google_dns_managed_zone.forwarding.*.dns_name, - google_dns_managed_zone.private.*.dns_name, - google_dns_managed_zone.public.*.dns_name, - ), 0)}" + value = element( + concat( + google_dns_managed_zone.peering.*.dns_name, + google_dns_managed_zone.forwarding.*.dns_name, + google_dns_managed_zone.private.*.dns_name, + google_dns_managed_zone.public.*.dns_name, + ), + 0, + ) } output "name_servers" { description = "The DNS zone name servers." - value = "${flatten(concat( - google_dns_managed_zone.peering.*.name_servers, - google_dns_managed_zone.forwarding.*.name_servers, - google_dns_managed_zone.private.*.name_servers, - google_dns_managed_zone.public.*.name_servers, - ))}" + value = flatten( + concat( + google_dns_managed_zone.peering.*.name_servers, + google_dns_managed_zone.forwarding.*.name_servers, + google_dns_managed_zone.private.*.name_servers, + google_dns_managed_zone.public.*.name_servers, + ), + ) } + diff --git a/variables.tf b/variables.tf index 0a8ea5b..3792b49 100644 --- a/variables.tf +++ b/variables.tf @@ -1,5 +1,5 @@ /** - * Copyright 2018 Google LLC + * Copyright 2019 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -14,24 +14,35 @@ * limitations under the License. */ -variable "project_id" { - description = "Project id for the zone." - type = "string" +############################################################################### +# zone variables # +############################################################################### + +variable "domain" { + description = "Zone domain, must end with a period." + type = string } variable "name" { description = "Zone name, must be unique within the project." - type = "string" + type = string } -variable "domain" { - description = "Zone domain, must end with a period." - type = "string" +variable "private_visibility_config_networks" { + description = "List of VPC self links that can see this zone." + default = [] + type = list(string) +} + +variable "project_id" { + description = "Project id for the zone." + type = string } -variable "private_visibility_config" { - description = "List of private visibility config maps, not used for public zones." +variable "target_name_server_addresses" { + description = "List of target name servers for forwarding zone." default = [] + type = list(string) } variable "target_network" { @@ -39,11 +50,16 @@ variable "target_network" { default = "" } -variable "target_name_servers" { - description = "List of target name servers for forwarding zone." - default = [] +variable "type" { + description = "Type of zone to create, valid values are 'public', 'private', 'forwarding', 'peering'." + default = "private" + type = string } +############################################################################### +# record variables # +############################################################################### + variable "record_names" { description = "List of record names for static zones." default = [] @@ -53,8 +69,3 @@ variable "record_data" { description = "List of maps with type, rrdatas and optional ttl for static zone records." default = [] } - -variable "zone_type" { - description = "Type of zone to create, valid values are 'public', 'private', 'forwarding', 'peering'." - default = "private" -} diff --git a/versions.tf b/versions.tf new file mode 100644 index 0000000..2970427 --- /dev/null +++ b/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = ">= 0.12" +} From ce5ed070168effab8baf1763142e3c3b9b39f69e Mon Sep 17 00:00:00 2001 From: Ludovico Magnocavallo Date: Tue, 17 Sep 2019 07:58:22 +0200 Subject: [PATCH 02/11] update README for 0.12 --- README.md | 49 ++++++++++++++++++++++++++----------------------- 1 file changed, 26 insertions(+), 23 deletions(-) diff --git a/README.md b/README.md index d7ad972..39a3c53 100644 --- a/README.md +++ b/README.md @@ -7,23 +7,26 @@ The resources/services/activations/deletions that this module will create/trigge - One `google_dns_managed_zone` for the zone - Zero or more `google_dns_record_set` for the zone records +## Compatibility + + This module is meant for use with Terraform 0.12. If you haven't [upgraded](https://www.terraform.io/upgrade-guides/0-12.html) + and need a Terraform 0.11.x-compatible version of this module, the last released version intended for + Terraform 0.11.x is [0.1.0](https://registry.terraform.io/modules/terraform-google-modules/folders/google/0.1.0). + ## Usage Basic usage of this module for a private zone is as follows: ```hcl -module "dns-zone-foo" { - source = "terraform-google-modules/cloud-dns/google" - version = "~> 0.1" - project_id = "my-project" - zone_type = "private" - name = "Foo zone." - dns_name = "foo.local." - private_visibility_config = [{ - networks = [{ - network_url = "my-vpc" - }] - }] +module "dns-private-zone" { + source = "../.." + project_id = var.project_id + type = "private" + name = var.name + domain = var.domain + + private_visibility_config_networks = [var.network_self_link] + record_names = ["localhost"] record_data = [ { @@ -32,25 +35,25 @@ module "dns-zone-foo" { }, ] } + ``` Functional examples are included in the [examples](./examples/) directory. -[^]: (autogen_docs_start) - + ## Inputs | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| dns\_name | Zone DNS name. | string | n/a | yes | -| name | Zone name. | string | n/a | yes | -| private\_visibility\_config | List of private visibility config maps, not used for public zones. | list | `` | no | +| domain | Zone domain, must end with a period. | string | n/a | yes | +| name | Zone name, must be unique within the project. | string | n/a | yes | +| private\_visibility\_config\_networks | List of VPC self links that can see this zone. | list(string) | `` | no | | project\_id | Project id for the zone. | string | n/a | yes | | record\_data | List of maps with type, rrdatas and optional ttl for static zone records. | list | `` | no | | record\_names | List of record names for static zones. | list | `` | no | -| target\_name\_servers | List of target name servers for forwarding zone. | list | `` | no | +| target\_name\_server\_addresses | List of target name servers for forwarding zone. | list(string) | `` | no | | target\_network | Peering network. | string | `""` | no | -| zone\_type | Type of zone to create, valid values are 'public', 'private', 'forwarding', 'peering'. | string | `"private"` | no | +| type | Type of zone to create, valid values are 'public', 'private', 'forwarding', 'peering'. | string | `"private"` | no | ## Outputs @@ -59,9 +62,9 @@ Functional examples are included in the [examples](./examples/) directory. | domain | The DNS zone domain. | | name | The DNS zone name. | | name\_servers | The DNS zone name servers. | -| zone\_type | The DNS zone type. | +| type | The DNS zone type. | -[^]: (autogen_docs_end) + ## Requirements @@ -71,8 +74,8 @@ These sections describe requirements for using this module. The following dependencies must be available: -- [Terraform][terraform] v0.11 -- [Terraform Provider for GCP][terraform-provider-gcp] plugin v2.0 +- [Terraform][terraform] v0.12 +- [Terraform Provider for GCP][terraform-provider-gcp] plugin v2.14 ### Service Account From 48dc1b6078920d3ee328aa69f5a969929f04f8a8 Mon Sep 17 00:00:00 2001 From: Ludovico Magnocavallo Date: Tue, 17 Sep 2019 07:58:44 +0200 Subject: [PATCH 03/11] add cloud build linting configuration --- build/lint.cloudbuild.yaml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 build/lint.cloudbuild.yaml diff --git a/build/lint.cloudbuild.yaml b/build/lint.cloudbuild.yaml new file mode 100644 index 0000000..4c6724e --- /dev/null +++ b/build/lint.cloudbuild.yaml @@ -0,0 +1,21 @@ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +steps: + - name: "gcr.io/cloud-foundation-cicd/cft/developer-tools:0.0.1" + id: "lint" + args: ["/usr/local/bin/test_lint.sh"] +tags: + - "ci" + - "lint" From 76d7e38163d3e47b4e3da02ac9f1c7b013df548f Mon Sep 17 00:00:00 2001 From: Ludovico Magnocavallo Date: Wed, 18 Sep 2019 00:05:13 +0200 Subject: [PATCH 04/11] tests wip --- CONTRIBUTING.md | 75 ++--- Makefile | 16 +- build/lint.cloudbuild.yaml | 15 +- examples/private-zone/main.tf | 2 +- examples/private-zone/variables.tf | 4 +- helpers/combine_docfiles.py | 67 ----- kitchen.yml | 48 +++ test/.gitignore | 1 + test/boilerplate/boilerplate.go.txt | 15 - test/boilerplate/boilerplate.sh.txt | 13 - test/boilerplate/boilerplate.xml.txt | 15 - test/boilerplate/boilerplate.yaml.txt | 13 - test/fixtures/private_zone/main.tf | 23 ++ test/fixtures/private_zone/outputs.tf | 35 +++ test/fixtures/private_zone/variables.tf | 30 ++ .../private_zone/versions.tf} | 4 + test/fixtures/public_zone/main.tf | 22 ++ test/fixtures/public_zone/outputs.tf | 30 ++ test/fixtures/public_zone/variables.tf | 25 ++ test/fixtures/public_zone/versions.tf | 19 ++ .../private_zone/controls/gcloud.rb.sample} | 10 + .../private_zone/controls/gcp.rb} | 8 + test/integration/private_zone/inspec.yml | 15 + .../public_zone/controls/gcp.rb} | 15 + test/integration/public_zone/inspec.yml | 15 + test/make.sh | 162 ---------- test/test_verify_boilerplate.py | 140 --------- test/verify_boilerplate.py | 283 ------------------ 28 files changed, 351 insertions(+), 769 deletions(-) delete mode 100755 helpers/combine_docfiles.py create mode 100644 kitchen.yml create mode 100644 test/.gitignore delete mode 100644 test/boilerplate/boilerplate.go.txt delete mode 100644 test/boilerplate/boilerplate.sh.txt delete mode 100644 test/boilerplate/boilerplate.xml.txt delete mode 100644 test/boilerplate/boilerplate.yaml.txt create mode 100644 test/fixtures/private_zone/main.tf create mode 100644 test/fixtures/private_zone/outputs.tf create mode 100644 test/fixtures/private_zone/variables.tf rename test/{boilerplate/boilerplate.tf.txt => fixtures/private_zone/versions.tf} (92%) create mode 100644 test/fixtures/public_zone/main.tf create mode 100644 test/fixtures/public_zone/outputs.tf create mode 100644 test/fixtures/public_zone/variables.tf create mode 100644 test/fixtures/public_zone/versions.tf rename test/{boilerplate/boilerplate.Dockerfile.txt => integration/private_zone/controls/gcloud.rb.sample} (67%) rename test/{boilerplate/boilerplate.py.txt => integration/private_zone/controls/gcp.rb} (76%) create mode 100644 test/integration/private_zone/inspec.yml rename test/{boilerplate/boilerplate.Makefile.txt => integration/public_zone/controls/gcp.rb} (57%) create mode 100644 test/integration/public_zone/inspec.yml delete mode 100755 test/make.sh delete mode 100755 test/test_verify_boilerplate.py delete mode 100644 test/verify_boilerplate.py diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 43e610e..42118e6 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -2,6 +2,14 @@ This document provides guidelines for contributing to the module. +## Dependencies + +The following dependencies must be installed on the development system: + +- [Docker Engine][docker-engine] +- [Google Cloud SDK][google-cloud-sdk] +- [make] + ## Generating Documentation for Inputs and Outputs The Inputs and Outputs tables in the READMEs of the root module, @@ -9,13 +17,6 @@ submodules, and example modules are automatically generated based on the `variables` and `outputs` of the respective modules. These tables must be refreshed if the module interfaces are changed. -### Dependencies - -The following dependencies must be installed on the development system: - -- [make] -- [terraform-docs] v0.6.0 - ### Execution Run `make generate_docs` to generate new Inputs and Outputs tables. @@ -31,70 +32,56 @@ The integration tests are run using [Kitchen][kitchen], tools are packaged within a Docker image for convenience. The general strategy for these tests is to verify the behaviour of the -[example modules](./examples), thus ensuring that the root module, +[example modules](./examples/), thus ensuring that the root module, submodules, and example modules are all functionally correct. -### Dependencies +### Test Environment +The easiest way to test the module is in an isolated test project. The setup for such a project is defined in [test/setup](./test/setup/) directory. -The following dependencies must be installed on the development system: +To use this setup, you need a service account with Project Creator access on a folder. Export the Service Account credentials to your environment like so: -- [Docker Engine][docker-engine] -- [Google Cloud SDK][google-cloud-sdk] -- [make] +``` +export SERVICE_ACCOUNT_JSON=$(< credentials.json) +``` -### Inputs +You will also need to set a few environment variables: +``` +export TF_VAR_project_id="your_project_id" +``` -Test instances are defined in the -[Kitchen configuration file](./kitchen.yml). The inputs of each Kitchen -instance may be configured with the `driver.variables` key in a -local Kitchen configuration file located at `./kitchen.local.yml` or in -a Terraform variables file located at -`./test/fixtures//variables.tfvars`. +With these settings in place, you can prepare a test project using Docker: +``` +make docker_test_prepare +``` -### Credentials +### Noninteractive Execution -Download the key of a Service Account with the -[required roles][required-roles] to `./credentials.json`. +Run `make docker_test_integration` to test all of the example modules +noninteractively, using the prepared test project. ### Interactive Execution 1. Run `make docker_run` to start the testing Docker container in interactive mode. -1. Run `kitchen create ` to initialize the working +1. Run `kitchen_do create ` to initialize the working directory for an example module. -1. Run `kitchen converge ` to apply the example module. +1. Run `kitchen_do converge ` to apply the example module. -1. Run `kitchen verify ` to test the example module. +1. Run `kitchen_do verify ` to test the example module. -1. Run `kitchen destroy ` to destroy the example module +1. Run `kitchen_do destroy ` to destroy the example module state. -### Noninteractive Execution - -Run `make test_integration_docker` to test all of the example modules -noninteractively. - ## Linting and Formatting Many of the files in the repository can be linted or formatted to maintain a standard of quality. -### Dependencies - -The following dependencies must be installed on the development system: - -- [flake8] -- [gofmt] -- [hadolint] -- [make] -- [shellcheck] -- [Terraform][terraform] v0.11 - ### Execution -Run `make check`. +Run `make docker_test_lint`. [docker-engine]: https://www.docker.com/products/docker-engine [flake8]: http://flake8.pycqa.org/en/latest/ diff --git a/Makefile b/Makefile index 730d0ae..1ad0d6a 100644 --- a/Makefile +++ b/Makefile @@ -21,7 +21,7 @@ SHELL := /usr/bin/env bash # Docker build config variables CREDENTIALS_PATH ?= /cft/workdir/credentials.json DOCKER_ORG := gcr.io/cloud-foundation-cicd -DOCKER_TAG_BASE_KITCHEN_TERRAFORM ?= 1.0.1 +DOCKER_TAG_BASE_KITCHEN_TERRAFORM ?= 2.3.0 DOCKER_REPO_BASE_KITCHEN_TERRAFORM := ${DOCKER_ORG}/cft/kitchen-terraform:${DOCKER_TAG_BASE_KITCHEN_TERRAFORM} # All is the first target in the file so it will get picked up when you just run 'make' on its own @@ -30,7 +30,7 @@ all: check generate_docs # Run all available linters .PHONY: check -check: check_shell check_python check_golang check_terraform check_docker check_base_files test_check_headers check_headers check_trailing_whitespace +check: check_shell check_python check_golang check_terraform check_base_files test_check_headers check_headers check_trailing_whitespace # The .PHONY directive tells make that this isn't a real target and so # the presence of a file named 'check_shell' won't cause this target to stop @@ -95,7 +95,7 @@ docker_run: -e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \ -v $(CURDIR):/cft/workdir \ ${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \ - /bin/bash -c "source test/ci_integration.sh && setup_environment && exec /bin/bash" + /bin/bash -c "cd /cft/workdir && source test/ci_integration.sh && setup_environment && exec /bin/bash" .PHONY: docker_create docker_create: @@ -105,7 +105,7 @@ docker_create: -e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \ -v $(CURDIR):/cft/workdir \ ${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \ - /bin/bash -c "source test/ci_integration.sh && setup_environment && kitchen create" + /bin/bash -c "cd /cft/workdir && source test/ci_integration.sh && setup_environment && kitchen create" .PHONY: docker_converge docker_converge: @@ -115,7 +115,7 @@ docker_converge: -e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \ -v $(CURDIR):/cft/workdir \ ${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \ - /bin/bash -c "source test/ci_integration.sh && setup_environment && kitchen converge" + /bin/bash -c "cd /cft/workdir && source test/ci_integration.sh && setup_environment && kitchen converge" .PHONY: docker_verify docker_verify: @@ -125,7 +125,7 @@ docker_verify: -e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \ -v $(CURDIR):/cft/workdir \ ${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \ - /bin/bash -c "source test/ci_integration.sh && setup_environment && kitchen verify" + /bin/bash -c "cd /cft/workdir && source test/ci_integration.sh && setup_environment && kitchen verify" .PHONY: docker_destroy docker_destroy: @@ -135,7 +135,7 @@ docker_destroy: -e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \ -v $(CURDIR):/cft/workdir \ ${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \ - /bin/bash -c "source test/ci_integration.sh && setup_environment && kitchen destroy" + /bin/bash -c "cd /cft/workdir && source test/ci_integration.sh && setup_environment && kitchen destroy" .PHONY: test_integration_docker test_integration_docker: @@ -145,4 +145,4 @@ test_integration_docker: -e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \ -v $(CURDIR):/cft/workdir \ ${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \ - make test_integration + /bin/bash -c "cd /cft/workdir && source test/ci_integration.sh && setup_environment && make test_integration" diff --git a/build/lint.cloudbuild.yaml b/build/lint.cloudbuild.yaml index 4c6724e..1dc48c3 100644 --- a/build/lint.cloudbuild.yaml +++ b/build/lint.cloudbuild.yaml @@ -1,4 +1,4 @@ -# Copyright 2018 Google LLC +# Copyright 2019 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -13,9 +13,12 @@ # limitations under the License. steps: - - name: "gcr.io/cloud-foundation-cicd/cft/developer-tools:0.0.1" - id: "lint" - args: ["/usr/local/bin/test_lint.sh"] +- name: 'gcr.io/cloud-foundation-cicd/cft/developer-tools:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + id: 'lint' + args: ['/usr/local/bin/test_lint.sh'] tags: - - "ci" - - "lint" +- 'ci' +- 'lint' +substitutions: + _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools' + _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.1.0' diff --git a/examples/private-zone/main.tf b/examples/private-zone/main.tf index 60093f8..d2e28a1 100644 --- a/examples/private-zone/main.tf +++ b/examples/private-zone/main.tf @@ -21,7 +21,7 @@ module "dns-private-zone" { name = var.name domain = var.domain - private_visibility_config_networks = [var.network_self_link] + private_visibility_config_networks = var.network_self_links record_names = ["localhost"] record_data = [ diff --git a/examples/private-zone/variables.tf b/examples/private-zone/variables.tf index d8c01d7..940c15b 100644 --- a/examples/private-zone/variables.tf +++ b/examples/private-zone/variables.tf @@ -19,9 +19,9 @@ variable "project_id" { default = "" } -variable "network_self_link" { +variable "network_self_links" { description = "Self link of the network that will be allowed to query the zone." - default = "" + default = [] } variable "name" { diff --git a/helpers/combine_docfiles.py b/helpers/combine_docfiles.py deleted file mode 100755 index 5da02e9..0000000 --- a/helpers/combine_docfiles.py +++ /dev/null @@ -1,67 +0,0 @@ -#!/usr/bin/env python3 - -# Copyright 2018 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Please note that this file was generated from -# [terraform-google-module-template](https://github.com/terraform-google-modules/terraform-google-module-template). -# Please make sure to contribute relevant changes upstream! - -''' Combine file from: - * script argument 1 - with content of file from: - * script argument 2 - using the beginning of line separators - hardcoded using regexes in this file: - - We exclude any text using the separate - regex specified here -''' - -import os -import re -import sys - -insert_separator_regex = r'(.*?\[\^\]\:\ \(autogen_docs_start\))(.*?)(\n\[\^\]\:\ \(autogen_docs_end\).*?$)' # noqa: E501 -exclude_separator_regex = r'(.*?)Copyright 20\d\d Google LLC.*?limitations under the License.(.*?)$' # noqa: E501 - -if len(sys.argv) != 3: - sys.exit(1) - -if not os.path.isfile(sys.argv[1]): - sys.exit(0) - -input = open(sys.argv[1], "r").read() -replace_content = open(sys.argv[2], "r").read() - -# Exclude the specified content from the replacement content -groups = re.match( - exclude_separator_regex, - replace_content, - re.DOTALL -).groups(0) -replace_content = groups[0] + groups[1] - -# Find where to put the replacement content, overwrite the input file -match = re.match(insert_separator_regex, input, re.DOTALL) -if match is None: - print("ERROR: Could not find autogen docs anchors in", sys.argv[1]) - print("To fix this, insert the following anchors in your README where " - "module inputs and outputs should be documented.") - print("[^]: (autogen_docs_start)") - print("[^]: (autogen_docs_end)") - sys.exit(1) -groups = match.groups(0) -output = groups[0] + replace_content + groups[2] + "\n" -open(sys.argv[1], "w").write(output) diff --git a/kitchen.yml b/kitchen.yml new file mode 100644 index 0000000..0fa0705 --- /dev/null +++ b/kitchen.yml @@ -0,0 +1,48 @@ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +driver: + name: terraform + +provisioner: + name: terraform + +verifier: + name: terraform + +platforms: + - name: default + +suites: + - name: public_zone + driver: + root_module_directory: test/fixtures/public_zone/ + verifier: + color: false + systems: + - name: public_zone gcp + backend: gcp + controls: + - gcp + - name: private_zone + driver: + root_module_directory: test/fixtures/private_zone/ + verifier: + color: false + systems: + - name: private_zone gcp + backend: gcp + controls: + - gcp diff --git a/test/.gitignore b/test/.gitignore new file mode 100644 index 0000000..d69ba0d --- /dev/null +++ b/test/.gitignore @@ -0,0 +1 @@ +source.sh diff --git a/test/boilerplate/boilerplate.go.txt b/test/boilerplate/boilerplate.go.txt deleted file mode 100644 index 557e16f..0000000 --- a/test/boilerplate/boilerplate.go.txt +++ /dev/null @@ -1,15 +0,0 @@ -/* -Copyright 2018 Google LLC - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - https://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ diff --git a/test/boilerplate/boilerplate.sh.txt b/test/boilerplate/boilerplate.sh.txt deleted file mode 100644 index 2e94f3e..0000000 --- a/test/boilerplate/boilerplate.sh.txt +++ /dev/null @@ -1,13 +0,0 @@ -# Copyright 2018 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. diff --git a/test/boilerplate/boilerplate.xml.txt b/test/boilerplate/boilerplate.xml.txt deleted file mode 100644 index 3d98cdc..0000000 --- a/test/boilerplate/boilerplate.xml.txt +++ /dev/null @@ -1,15 +0,0 @@ - diff --git a/test/boilerplate/boilerplate.yaml.txt b/test/boilerplate/boilerplate.yaml.txt deleted file mode 100644 index b0c7da3..0000000 --- a/test/boilerplate/boilerplate.yaml.txt +++ /dev/null @@ -1,13 +0,0 @@ -# Copyright 2018 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. diff --git a/test/fixtures/private_zone/main.tf b/test/fixtures/private_zone/main.tf new file mode 100644 index 0000000..12f3d72 --- /dev/null +++ b/test/fixtures/private_zone/main.tf @@ -0,0 +1,23 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +module "example-private-zone" { + source = "../../../examples/private-zone" + project_id = var.project_id + name = var.name + domain = var.domain +} diff --git a/test/fixtures/private_zone/outputs.tf b/test/fixtures/private_zone/outputs.tf new file mode 100644 index 0000000..fa7fcc1 --- /dev/null +++ b/test/fixtures/private_zone/outputs.tf @@ -0,0 +1,35 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "domain" { + description = "Zone domain." + value = var.domain +} + +output "name" { + description = "Zone name." + value = var.name +} + +output "name_servers" { + description = "Zone name servers." + value = module.example-public-zone.name_servers +} + +output "project_id" { + description = "The ID of the project in which resources are provisioned." + value = var.project_id +} diff --git a/test/fixtures/private_zone/variables.tf b/test/fixtures/private_zone/variables.tf new file mode 100644 index 0000000..31a0586 --- /dev/null +++ b/test/fixtures/private_zone/variables.tf @@ -0,0 +1,30 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The ID of the project in which to provision resources." + type = string +} + +variable "name" { + description = "DNS zone name." + default = "foo-private" +} + +variable "domain" { + description = "DNS zone domain." + default = "foo.private" +} diff --git a/test/boilerplate/boilerplate.tf.txt b/test/fixtures/private_zone/versions.tf similarity index 92% rename from test/boilerplate/boilerplate.tf.txt rename to test/fixtures/private_zone/versions.tf index cfccff8..832ec1d 100644 --- a/test/boilerplate/boilerplate.tf.txt +++ b/test/fixtures/private_zone/versions.tf @@ -13,3 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ + +terraform { + required_version = ">= 0.12" +} diff --git a/test/fixtures/public_zone/main.tf b/test/fixtures/public_zone/main.tf new file mode 100644 index 0000000..4f56f4c --- /dev/null +++ b/test/fixtures/public_zone/main.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +module "example-public-zone" { + source = "../../../examples/public-zone" + project_id = var.project_id + name = var.name +} diff --git a/test/fixtures/public_zone/outputs.tf b/test/fixtures/public_zone/outputs.tf new file mode 100644 index 0000000..7e0d1ff --- /dev/null +++ b/test/fixtures/public_zone/outputs.tf @@ -0,0 +1,30 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "name" { + description = "Zone name." + value = var.name +} + +output "name_servers" { + description = "Zone name servers." + value = module.example-public-zone.name_servers +} + +output "project_id" { + description = "The ID of the project in which resources are provisioned." + value = var.project_id +} diff --git a/test/fixtures/public_zone/variables.tf b/test/fixtures/public_zone/variables.tf new file mode 100644 index 0000000..b78e088 --- /dev/null +++ b/test/fixtures/public_zone/variables.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The ID of the project in which to provision resources." + type = string +} + +variable "name" { + description = "DNS zone name." + default = "foo-example-org" +} diff --git a/test/fixtures/public_zone/versions.tf b/test/fixtures/public_zone/versions.tf new file mode 100644 index 0000000..832ec1d --- /dev/null +++ b/test/fixtures/public_zone/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = ">= 0.12" +} diff --git a/test/boilerplate/boilerplate.Dockerfile.txt b/test/integration/private_zone/controls/gcloud.rb.sample similarity index 67% rename from test/boilerplate/boilerplate.Dockerfile.txt rename to test/integration/private_zone/controls/gcloud.rb.sample index b0c7da3..d2a2609 100644 --- a/test/boilerplate/boilerplate.Dockerfile.txt +++ b/test/integration/private_zone/controls/gcloud.rb.sample @@ -11,3 +11,13 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. + +control "gcloud" do + title "gcloud" + + describe command("gcloud --project=#{attribute("project_id")} services list --enabled") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq "" } + its(:stdout) { should match "storage-api.googleapis.com" } + end +end diff --git a/test/boilerplate/boilerplate.py.txt b/test/integration/private_zone/controls/gcp.rb similarity index 76% rename from test/boilerplate/boilerplate.py.txt rename to test/integration/private_zone/controls/gcp.rb index b0c7da3..6f05f3d 100644 --- a/test/boilerplate/boilerplate.py.txt +++ b/test/integration/private_zone/controls/gcp.rb @@ -11,3 +11,11 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. + +control "gcp" do + title "GCP Resources" + + describe google_dns_managed_zone(project: attribute('project_id'), zone: attribute('name')) do + it { should exist } + end +end diff --git a/test/integration/private_zone/inspec.yml b/test/integration/private_zone/inspec.yml new file mode 100644 index 0000000..aad9a13 --- /dev/null +++ b/test/integration/private_zone/inspec.yml @@ -0,0 +1,15 @@ +name: simple_example +depends: + - name: inspec-gcp + git: https://github.com/inspec/inspec-gcp.git + tag: v0.10.0 +attributes: + - name: project_id + required: true + type: string + - name: name + required: true + type: string + - name: name_servers + required: true + type: array diff --git a/test/boilerplate/boilerplate.Makefile.txt b/test/integration/public_zone/controls/gcp.rb similarity index 57% rename from test/boilerplate/boilerplate.Makefile.txt rename to test/integration/public_zone/controls/gcp.rb index b0c7da3..bac4825 100644 --- a/test/boilerplate/boilerplate.Makefile.txt +++ b/test/integration/public_zone/controls/gcp.rb @@ -11,3 +11,18 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. + +control "gcp" do + title "GCP Resources" + + describe google_dns_managed_zone(project: attribute('project_id'), zone: attribute('name')) do + it { should exist } + end + + describe google_dns_resource_record_sets(project: attribute('project_id'), managed_zone: attribute('name')) do + its('count') { should eq 3 } + its('types') { should include 'A' } + its('targets.flatten') { should include '127.0.0.1' } + end + +end diff --git a/test/integration/public_zone/inspec.yml b/test/integration/public_zone/inspec.yml new file mode 100644 index 0000000..aad9a13 --- /dev/null +++ b/test/integration/public_zone/inspec.yml @@ -0,0 +1,15 @@ +name: simple_example +depends: + - name: inspec-gcp + git: https://github.com/inspec/inspec-gcp.git + tag: v0.10.0 +attributes: + - name: project_id + required: true + type: string + - name: name + required: true + type: string + - name: name_servers + required: true + type: array diff --git a/test/make.sh b/test/make.sh deleted file mode 100755 index a5b3aeb..0000000 --- a/test/make.sh +++ /dev/null @@ -1,162 +0,0 @@ -#!/usr/bin/env bash - -# Copyright 2018 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Please note that this file was generated from [terraform-google-module-template](https://github.com/terraform-google-modules/terraform-google-module-template). -# Please make sure to contribute relevant changes upstream! - -# Create a temporary directory that's auto-cleaned, even if the process aborts. -DELETE_AT_EXIT="$(mktemp -d)" -finish() { - [[ -d "${DELETE_AT_EXIT}" ]] && rm -rf "${DELETE_AT_EXIT}" -} -trap finish EXIT -# Create a temporary file in the auto-cleaned up directory while avoiding -# overwriting TMPDIR for other processes. -# shellcheck disable=SC2120 # (Arguments may be passed, e.g. maketemp -d) -maketemp() { - TMPDIR="${DELETE_AT_EXIT}" mktemp "$@" -} - -# find_files is a helper to exclude .git directories and match only regular -# files to avoid double-processing symlinks. -find_files() { - local pth="$1" - shift - find "${pth}" '(' -path '*/.git' -o -path '*/.terraform' ')' \ - -prune -o -type f "$@" -} - -# Compatibility with both GNU and BSD style xargs. -compat_xargs() { - local compat=() - # Test if xargs is GNU or BSD style. GNU xargs will succeed with status 0 - # when given --no-run-if-empty and no input on STDIN. BSD xargs will fail and - # exit status non-zero If xargs fails, assume it is BSD style and proceed. - # stderr is silently redirected to avoid console log spam. - if xargs --no-run-if-empty /dev/null; then - compat=("--no-run-if-empty") - fi - xargs "${compat[@]}" "$@" -} - -# This function makes sure that the required files for -# releasing to OSS are present -function basefiles() { - local fn required_files="LICENSE README.md" - echo "Checking for required files ${required_files}" - for fn in ${required_files}; do - test -f "${fn}" || echo "Missing required file ${fn}" - done -} - -# This function runs the hadolint linter on -# every file named 'Dockerfile' -function docker() { - echo "Running hadolint on Dockerfiles" - find_files . -name "Dockerfile" -print0 \ - | compat_xargs -0 hadolint -} - -# This function runs 'terraform validate' and 'terraform fmt' -# against all directory paths which contain *.tf files. -function check_terraform() { - set -e - echo "Running terraform validate" - find_files . -name "*.tf" -print0 \ - | compat_xargs -0 -n1 dirname \ - | sort -u \ - | compat_xargs -t -n1 terraform validate --check-variables=false - echo "Running terraform fmt" - find_files . -name "*.tf" -print0 \ - | compat_xargs -0 -n1 dirname \ - | sort -u \ - | compat_xargs -t -n1 terraform fmt -check=true -write=false -} - -# This function runs 'go fmt' and 'go vet' on every file -# that ends in '.go' -function golang() { - echo "Running go fmt and go vet" - find_files . -name "*.go" -print0 | compat_xargs -0 -n1 go fmt - find_files . -name "*.go" -print0 | compat_xargs -0 -n1 go vet -} - -# This function runs the flake8 linter on every file -# ending in '.py' -function check_python() { - echo "Running flake8" - find_files . -name "*.py" -print0 | compat_xargs -0 flake8 - return 0 -} - -# This function runs the shellcheck linter on every -# file ending in '.sh' -function check_shell() { - echo "Running shellcheck" - find_files . -name "*.sh" -print0 | compat_xargs -0 shellcheck -x -} - -# This function makes sure that there is no trailing whitespace -# in any files in the project. -# There are some exclusions -function check_trailing_whitespace() { - local rc - echo "Checking for trailing whitespace" - find_files . -print \ - | grep -v -E '\.(pyc|png)$' \ - | compat_xargs grep -H -n '[[:blank:]]$' - rc=$? - if [[ ${rc} -eq 0 ]]; then - return 1 - fi -} - -function generate_docs() { - echo "Generating markdown docs with terraform-docs" - local path tmpfile - while read -r path; do - if [[ -e "${path}/README.md" ]]; then - # shellcheck disable=SC2119 - tmpfile="$(maketemp)" - echo "terraform-docs markdown ${path}" - terraform-docs markdown "${path}" > "${tmpfile}" - helpers/combine_docfiles.py "${path}"/README.md "${tmpfile}" - else - echo "Skipping ${path} because README.md does not exist." - fi - done < <(find_files . -name '*.tf' -print0 \ - | compat_xargs -0 -n1 dirname \ - | sort -u) -} - -function prepare_test_variables() { - echo "Preparing terraform.tfvars files for integration tests" - #shellcheck disable=2044 - for i in $(find ./test/fixtures -type f -name terraform.tfvars.sample); do - destination=${i/%.sample/} - if [ ! -f "${destination}" ]; then - cp "${i}" "${destination}" - echo "${destination} has been created. Please edit it to reflect your GCP configuration." - fi - done -} - -function check_headers() { - echo "Checking file headers" - # Use the exclusion behavior of find_files - find_files . -type f -print0 \ - | compat_xargs -0 python test/verify_boilerplate.py -} diff --git a/test/test_verify_boilerplate.py b/test/test_verify_boilerplate.py deleted file mode 100755 index dd870ba..0000000 --- a/test/test_verify_boilerplate.py +++ /dev/null @@ -1,140 +0,0 @@ -#!/usr/bin/env python3 - -# Copyright 2018 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Please note that this file was generated from -# [terraform-google-module-template](https://github.com/terraform-google-modules/terraform-google-module-template). -# Please make sure to contribute relevant changes upstream! - -''' A simple test for the verify_boilerplate python script. -This will create a set of test files, both valid and invalid, -and confirm that the has_valid_header call returns the correct -value. - -It also checks the number of files that are found by the -get_files call. -''' -from copy import deepcopy -from tempfile import mkdtemp -from shutil import rmtree -import unittest -from verify_boilerplate import has_valid_header, get_refs, get_regexs, \ - get_args, get_files - - -class AllTestCase(unittest.TestCase): - """ - All of the setup, teardown, and tests are contained in this - class. - """ - - def write_file(self, filename, content, expected): - """ - A utility method that creates test files, and adds them to - the cases that will be tested. - - Args: - filename: (string) the file name (path) to be created. - content: (list of strings) the contents of the file. - expected: (boolean) True if the header is expected to be valid, - false if not. - """ - - file = open(filename, 'w+') - for line in content: - file.write(line + "\n") - file.close() - self.cases[filename] = expected - - def create_test_files(self, tmp_path, extension, header): - """ - Creates 2 test files for .tf, .xml, .go, etc and one for - Dockerfile, and Makefile. - - The reason for the difference is that Makefile and Dockerfile - don't have an extension. These would be substantially more - difficult to create negative test cases, unless the files - were written, deleted, and re-written. - - Args: - tmp_path: (string) the path in which to create the files - extension: (string) the file extension - header: (list of strings) the header/boilerplate content - """ - - content = "\n...blah \ncould be code or could be garbage\n" - special_cases = ["Dockerfile", "Makefile"] - header_template = deepcopy(header) - valid_filename = tmp_path + extension - valid_content = header_template.append(content) - if extension not in special_cases: - # Invalid test cases for non-*file files (.tf|.py|.sh|.yaml|.xml..) - invalid_header = [] - for line in header_template: - if "2018" in line: - invalid_header.append(line.replace('2018', 'YEAR')) - else: - invalid_header.append(line) - invalid_header.append(content) - invalid_content = invalid_header - invalid_filename = tmp_path + "invalid." + extension - self.write_file(invalid_filename, invalid_content, False) - valid_filename = tmp_path + "testfile." + extension - - valid_content = header_template - self.write_file(valid_filename, valid_content, True) - - def setUp(self): - """ - Set initial counts and values, and initializes the setup of the - test files. - """ - self.cases = {} - self.tmp_path = mkdtemp() + "/" - self.my_args = get_args() - self.my_refs = get_refs(self.my_args) - self.my_regex = get_regexs() - self.prexisting_file_count = len( - get_files(self.my_refs.keys(), self.my_args)) - for key in self.my_refs: - self.create_test_files(self.tmp_path, key, - self.my_refs.get(key)) - - def tearDown(self): - """ Delete the test directory. """ - rmtree(self.tmp_path) - - def test_files_headers(self): - """ - Confirms that the expected output of has_valid_header is correct. - """ - for case in self.cases: - if self.cases[case]: - self.assertTrue(has_valid_header(case, self.my_refs, - self.my_regex)) - else: - self.assertFalse(has_valid_header(case, self.my_refs, - self.my_regex)) - - def test_invalid_count(self): - """ - Test that the initial files found isn't zero, indicating - a problem with the code. - """ - self.assertFalse(self.prexisting_file_count == 0) - - -if __name__ == "__main__": - unittest.main() diff --git a/test/verify_boilerplate.py b/test/verify_boilerplate.py deleted file mode 100644 index 21bc83f..0000000 --- a/test/verify_boilerplate.py +++ /dev/null @@ -1,283 +0,0 @@ -#!/usr/bin/env python - -# Copyright 2018 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# Verifies that all source files contain the necessary copyright boilerplate -# snippet. -# This is based on existing work -# https://github.com/kubernetes/test-infra/blob/master/hack -# /verify_boilerplate.py - -# Please note that this file was generated from -# [terraform-google-module-template](https://github.com/terraform-google-modules/terraform-google-module-template). -# Please make sure to contribute relevant changes upstream! -from __future__ import print_function -import argparse -import glob -import os -import re -import sys - - -def get_args(): - """Parses command line arguments. - - Configures and runs argparse.ArgumentParser to extract command line - arguments. - - Returns: - An argparse.Namespace containing the arguments parsed from the - command line - """ - parser = argparse.ArgumentParser() - parser.add_argument("filenames", - help="list of files to check, " - "all files if unspecified", - nargs='*') - rootdir = os.path.dirname(__file__) + "/../" - rootdir = os.path.abspath(rootdir) - parser.add_argument( - "--rootdir", - default=rootdir, - help="root directory to examine") - - default_boilerplate_dir = os.path.join(rootdir, "test/boilerplate") - parser.add_argument("--boilerplate-dir", default=default_boilerplate_dir) - return parser.parse_args() - - -def get_refs(ARGS): - """Converts the directory of boilerplate files into a map keyed by file - extension. - - Reads each boilerplate file's contents into an array, then adds that array - to a map keyed by the file extension. - - Returns: - A map of boilerplate lines, keyed by file extension. For example, - boilerplate.py.txt would result in the k,v pair {".py": py_lines} where - py_lines is an array containing each line of the file. - """ - refs = {} - - # Find and iterate over the absolute path for each boilerplate template - for path in glob.glob(os.path.join( - ARGS.boilerplate_dir, - "boilerplate.*.txt")): - extension = os.path.basename(path).split(".")[1] - ref_file = open(path, 'r') - ref = ref_file.read().splitlines() - ref_file.close() - refs[extension] = ref - return refs - - -# pylint: disable=too-many-locals -def has_valid_header(filename, refs, regexs): - """Test whether a file has the correct boilerplate header. - - Tests each file against the boilerplate stored in refs for that file type - (based on extension), or by the entire filename (eg Dockerfile, Makefile). - Some heuristics are applied to remove build tags and shebangs, but little - variance in header formatting is tolerated. - - Args: - filename: A string containing the name of the file to test - refs: A map of boilerplate headers, keyed by file extension - regexs: a map of compiled regex objects used in verifying boilerplate - - Returns: - True if the file has the correct boilerplate header, otherwise returns - False. - """ - try: - with open(filename, 'r') as fp: # pylint: disable=invalid-name - data = fp.read() - except IOError: - return False - basename = os.path.basename(filename) - extension = get_file_extension(filename) - if extension: - ref = refs[extension] - else: - ref = refs[basename] - # remove build tags from the top of Go files - if extension == "go": - con = regexs["go_build_constraints"] - (data, found) = con.subn("", data, 1) - # remove shebang - elif extension == "sh" or extension == "py": - she = regexs["shebang"] - (data, found) = she.subn("", data, 1) - data = data.splitlines() - # if our test file is smaller than the reference it surely fails! - if len(ref) > len(data): - return False - # trim our file to the same number of lines as the reference file - data = data[:len(ref)] - year = regexs["year"] - for datum in data: - if year.search(datum): - return False - - # if we don't match the reference at this point, fail - if ref != data: - return False - return True - - -def get_file_extension(filename): - """Extracts the extension part of a filename. - - Identifies the extension as everything after the last period in filename. - - Args: - filename: string containing the filename - - Returns: - A string containing the extension in lowercase - """ - return os.path.splitext(filename)[1].split(".")[-1].lower() - - -# These directories will be omitted from header checks -SKIPPED_DIRS = [ - 'Godeps', 'third_party', '_gopath', '_output', - '.git', 'vendor', '__init__.py', 'node_modules' -] - - -def normalize_files(files): - """Extracts the files that require boilerplate checking from the files - argument. - - A new list will be built. Each path from the original files argument will - be added unless it is within one of SKIPPED_DIRS. All relative paths will - be converted to absolute paths by prepending the root_dir path parsed from - the command line, or its default value. - - Args: - files: a list of file path strings - - Returns: - A modified copy of the files list where any any path in a skipped - directory is removed, and all paths have been made absolute. - """ - newfiles = [] - for pathname in files: - if any(x in pathname for x in SKIPPED_DIRS): - continue - newfiles.append(pathname) - for idx, pathname in enumerate(newfiles): - if not os.path.isabs(pathname): - newfiles[idx] = os.path.join(ARGS.rootdir, pathname) - return newfiles - - -def get_files(extensions, ARGS): - """Generates a list of paths whose boilerplate should be verified. - - If a list of file names has been provided on the command line, it will be - treated as the initial set to search. Otherwise, all paths within rootdir - will be discovered and used as the initial set. - - Once the initial set of files is identified, it is normalized via - normalize_files() and further stripped of any file name whose extension is - not in extensions. - - Args: - extensions: a list of file extensions indicating which file types - should have their boilerplate verified - - Returns: - A list of absolute file paths - """ - files = [] - if ARGS.filenames: - files = ARGS.filenames - else: - for root, dirs, walkfiles in os.walk(ARGS.rootdir): - # don't visit certain dirs. This is just a performance improvement - # as we would prune these later in normalize_files(). But doing it - # cuts down the amount of filesystem walking we do and cuts down - # the size of the file list - for dpath in SKIPPED_DIRS: - if dpath in dirs: - dirs.remove(dpath) - for name in walkfiles: - pathname = os.path.join(root, name) - files.append(pathname) - files = normalize_files(files) - outfiles = [] - for pathname in files: - basename = os.path.basename(pathname) - extension = get_file_extension(pathname) - if extension in extensions or basename in extensions: - outfiles.append(pathname) - return outfiles - - -def get_regexs(): - """Builds a map of regular expressions used in boilerplate validation. - - There are two scenarios where these regexes are used. The first is in - validating the date referenced is the boilerplate, by ensuring it is an - acceptable year. The second is in identifying non-boilerplate elements, - like shebangs and compiler hints that should be ignored when validating - headers. - - Returns: - A map of compiled regular expression objects, keyed by mnemonic. - """ - regexs = {} - # Search for "YEAR" which exists in the boilerplate, but shouldn't in the - # real thing - regexs["year"] = re.compile('YEAR') - # dates can be 2014, 2015, 2016 or 2017, company holder names can be - # anything - regexs["date"] = re.compile('(2014|2015|2016|2017|2018)') - # strip // +build \n\n build constraints - regexs["go_build_constraints"] = re.compile(r"^(// \+build.*\n)+\n", - re.MULTILINE) - # strip #!.* from shell/python scripts - regexs["shebang"] = re.compile(r"^(#!.*\n)\n*", re.MULTILINE) - return regexs - - -def main(args): - """Identifies and verifies files that should have the desired boilerplate. - - Retrieves the lists of files to be validated and tests each one in turn. - If all files contain correct boilerplate, this function terminates - normally. Otherwise it prints the name of each non-conforming file and - exists with a non-zero status code. - """ - regexs = get_regexs() - refs = get_refs(args) - filenames = get_files(refs.keys(), args) - nonconforming_files = [] - for filename in filenames: - if not has_valid_header(filename, refs, regexs): - nonconforming_files.append(filename) - if nonconforming_files: - print('%d files have incorrect boilerplate headers:' % len( - nonconforming_files)) - for filename in sorted(nonconforming_files): - print(os.path.relpath(filename, args.rootdir)) - sys.exit(1) - - -if __name__ == "__main__": - ARGS = get_args() - main(ARGS) From 0775798e793320284ffeda016117d4530906cc48 Mon Sep 17 00:00:00 2001 From: Ludovico Magnocavallo Date: Wed, 18 Sep 2019 00:18:07 +0200 Subject: [PATCH 05/11] tests for public and private zones --- test/fixtures/private_zone/outputs.tf | 2 +- test/fixtures/private_zone/variables.tf | 2 +- test/integration/private_zone/controls/gcp.rb | 10 +++++++++- test/integration/private_zone/inspec.yml | 3 +++ 4 files changed, 14 insertions(+), 3 deletions(-) diff --git a/test/fixtures/private_zone/outputs.tf b/test/fixtures/private_zone/outputs.tf index fa7fcc1..a5a6acf 100644 --- a/test/fixtures/private_zone/outputs.tf +++ b/test/fixtures/private_zone/outputs.tf @@ -26,7 +26,7 @@ output "name" { output "name_servers" { description = "Zone name servers." - value = module.example-public-zone.name_servers + value = module.example-private-zone.name_servers } output "project_id" { diff --git a/test/fixtures/private_zone/variables.tf b/test/fixtures/private_zone/variables.tf index 31a0586..9ca4653 100644 --- a/test/fixtures/private_zone/variables.tf +++ b/test/fixtures/private_zone/variables.tf @@ -26,5 +26,5 @@ variable "name" { variable "domain" { description = "DNS zone domain." - default = "foo.private" + default = "foo.private." } diff --git a/test/integration/private_zone/controls/gcp.rb b/test/integration/private_zone/controls/gcp.rb index 6f05f3d..7f1444b 100644 --- a/test/integration/private_zone/controls/gcp.rb +++ b/test/integration/private_zone/controls/gcp.rb @@ -16,6 +16,14 @@ title "GCP Resources" describe google_dns_managed_zone(project: attribute('project_id'), zone: attribute('name')) do - it { should exist } + its('dns_name') { should eq attribute('domain') } + its('name_servers') { should eq attribute('name_servers') } end + + describe google_dns_resource_record_sets(project: attribute('project_id'), managed_zone: attribute('name')) do + its('count') { should eq 3 } + its('types') { should include 'A' } + its('targets.flatten') { should include '127.0.0.1' } + end + end diff --git a/test/integration/private_zone/inspec.yml b/test/integration/private_zone/inspec.yml index aad9a13..9a8c34f 100644 --- a/test/integration/private_zone/inspec.yml +++ b/test/integration/private_zone/inspec.yml @@ -10,6 +10,9 @@ attributes: - name: name required: true type: string + - name: domain + required: true + type: string - name: name_servers required: true type: array From ae0ec5d8d1cc7a92de6c9bfd608c47985fd65be9 Mon Sep 17 00:00:00 2001 From: Ludovico Magnocavallo Date: Wed, 18 Sep 2019 00:27:57 +0200 Subject: [PATCH 06/11] update CHANGELOG --- CHANGELOG.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0ed08a9..3c94146 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,17 @@ The format is based on and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [2.0.0] - 2019-08-18 + +### Changed + +- Updated for Terraform 0.12. [#2] +- **BREAKING** the `zone_type` variable has been renamed to `type` for uniformity with the `name` and `domain` variables +- **BREAKING** list/map variables now leverage 0.12 constructs internally, and have been simplified and renamed accordingly: + - `private_visibility_config` has been renamed to `private_visibility_config_networks` and is now a simple list of VPC self links + - `target_name_servers` has been renamed to `target_name_server_addresses` and is now a simple list of addresses + + ## [1.0.0] - 2019-06-17 ### Added From f21fa3e27c3bd0c72674f3efae96b3531917e6b5 Mon Sep 17 00:00:00 2001 From: Ludovico Magnocavallo Date: Wed, 18 Sep 2019 09:49:45 +0200 Subject: [PATCH 07/11] Fix link to previous module version in README --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 39a3c53..eb3c307 100644 --- a/README.md +++ b/README.md @@ -10,8 +10,8 @@ The resources/services/activations/deletions that this module will create/trigge ## Compatibility This module is meant for use with Terraform 0.12. If you haven't [upgraded](https://www.terraform.io/upgrade-guides/0-12.html) - and need a Terraform 0.11.x-compatible version of this module, the last released version intended for - Terraform 0.11.x is [0.1.0](https://registry.terraform.io/modules/terraform-google-modules/folders/google/0.1.0). + and need a Terraform 0.12.x-compatible version of this module, the last released version intended for + Terraform 0.12.x is [1.0.0](https://registry.terraform.io/modules/terraform-google-modules/cloud-dns/google/1.0.0). ## Usage From 63432074f5db859ee82f511cb3e667f0ea0e911c Mon Sep 17 00:00:00 2001 From: Ludovico Magnocavallo Date: Wed, 18 Sep 2019 09:52:29 +0200 Subject: [PATCH 08/11] Edit typo in README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index eb3c307..161ee35 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ The resources/services/activations/deletions that this module will create/trigge This module is meant for use with Terraform 0.12. If you haven't [upgraded](https://www.terraform.io/upgrade-guides/0-12.html) and need a Terraform 0.12.x-compatible version of this module, the last released version intended for - Terraform 0.12.x is [1.0.0](https://registry.terraform.io/modules/terraform-google-modules/cloud-dns/google/1.0.0). + Terraform 0.11.x is [1.0.0](https://registry.terraform.io/modules/terraform-google-modules/cloud-dns/google/1.0.0). ## Usage From 71b7db30f4136203ce2d7d937d9884ce0d99570c Mon Sep 17 00:00:00 2001 From: Ludovico Magnocavallo Date: Wed, 18 Sep 2019 09:54:52 +0200 Subject: [PATCH 09/11] Delete leftover integration file --- .../private_zone/controls/gcloud.rb.sample | 23 ------------------- 1 file changed, 23 deletions(-) delete mode 100644 test/integration/private_zone/controls/gcloud.rb.sample diff --git a/test/integration/private_zone/controls/gcloud.rb.sample b/test/integration/private_zone/controls/gcloud.rb.sample deleted file mode 100644 index d2a2609..0000000 --- a/test/integration/private_zone/controls/gcloud.rb.sample +++ /dev/null @@ -1,23 +0,0 @@ -# Copyright 2018 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# https://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -control "gcloud" do - title "gcloud" - - describe command("gcloud --project=#{attribute("project_id")} services list --enabled") do - its(:exit_status) { should eq 0 } - its(:stderr) { should eq "" } - its(:stdout) { should match "storage-api.googleapis.com" } - end -end From be1021fb49e1ea81d0200f650d16e3351fa5e44f Mon Sep 17 00:00:00 2001 From: Aleksandr Averbukh Date: Wed, 18 Sep 2019 12:20:50 +0200 Subject: [PATCH 10/11] Update testing to use CloudBuild --- CONTRIBUTING.md | 4 +- Makefile | 163 ++++++------------- build/int.cloudbuild.yaml | 42 +++++ build/lint.cloudbuild.yaml | 2 +- examples/forwarding-zone/main.tf | 1 - examples/forwarding-zone/outputs.tf | 1 - examples/forwarding-zone/providers.tf | 1 - examples/forwarding-zone/variables.tf | 1 - examples/peering-zone/outputs.tf | 1 - examples/peering-zone/providers.tf | 1 - examples/peering-zone/variables.tf | 1 - kitchen.yml | 2 +- main.tf | 3 +- outputs.tf | 1 - test/ci_integration.sh | 64 -------- test/fixtures/private_zone/main.tf | 1 - test/fixtures/public_zone/main.tf | 3 +- test/integration/public_zone/controls/gcp.rb | 2 +- test/setup/.gitignore | 2 + test/setup/iam.tf | 40 +++++ test/setup/main.tf | 30 ++++ test/setup/make_source.sh | 24 +++ test/setup/outputs.tf | 24 +++ test/setup/variables.tf | 27 +++ test/setup/versions.tf | 27 +++ 25 files changed, 274 insertions(+), 194 deletions(-) create mode 100644 build/int.cloudbuild.yaml delete mode 100755 test/ci_integration.sh create mode 100644 test/setup/.gitignore create mode 100644 test/setup/iam.tf create mode 100644 test/setup/main.tf create mode 100755 test/setup/make_source.sh create mode 100644 test/setup/outputs.tf create mode 100644 test/setup/variables.tf create mode 100644 test/setup/versions.tf diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 42118e6..a350db5 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -46,7 +46,9 @@ export SERVICE_ACCOUNT_JSON=$(< credentials.json) You will also need to set a few environment variables: ``` -export TF_VAR_project_id="your_project_id" +export TF_VAR_org_id="your_org_id" +export TF_VAR_folder_id="your_folder_id" +export TF_VAR_billing_account="your_billing_account_id" ``` With these settings in place, you can prepare a test project using Docker: diff --git a/Makefile b/Makefile index 1ad0d6a..6a10795 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -# Copyright 2018 Google LLC +# Copyright 2019 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,131 +18,68 @@ # Make will use bash instead of sh SHELL := /usr/bin/env bash -# Docker build config variables -CREDENTIALS_PATH ?= /cft/workdir/credentials.json -DOCKER_ORG := gcr.io/cloud-foundation-cicd -DOCKER_TAG_BASE_KITCHEN_TERRAFORM ?= 2.3.0 -DOCKER_REPO_BASE_KITCHEN_TERRAFORM := ${DOCKER_ORG}/cft/kitchen-terraform:${DOCKER_TAG_BASE_KITCHEN_TERRAFORM} +DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0.1.0 +DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools +REGISTRY_URL := gcr.io/cloud-foundation-cicd -# All is the first target in the file so it will get picked up when you just run 'make' on its own -.PHONY: all -all: check generate_docs - -# Run all available linters -.PHONY: check -check: check_shell check_python check_golang check_terraform check_base_files test_check_headers check_headers check_trailing_whitespace - -# The .PHONY directive tells make that this isn't a real target and so -# the presence of a file named 'check_shell' won't cause this target to stop -# working -.PHONY: check_shell -check_shell: - @source test/make.sh && check_shell - -.PHONY: check_python -check_python: - @source test/make.sh && check_python - -.PHONY: check_golang -check_golang: - @source test/make.sh && golang - -.PHONY: check_terraform -check_terraform: - @source test/make.sh && check_terraform - -.PHONY: check_docker -check_docker: - @source test/make.sh && docker - -.PHONY: check_base_files -check_base_files: - @source test/make.sh && basefiles - -.PHONY: check_trailing_whitespace -check_trailing_whitespace: - @source test/make.sh && check_trailing_whitespace - -.PHONY: test_check_headers -test_check_headers: - @echo "Testing the validity of the header check" - @python test/test_verify_boilerplate.py - -.PHONY: check_headers -check_headers: - @source test/make.sh && check_headers - -# Integration tests -.PHONY: test_integration -test_integration: - test/ci_integration.sh - -.PHONY: generate_docs -generate_docs: - @source test/make.sh && generate_docs - -# Versioning -.PHONY: version -version: - @source helpers/version-repo.sh - -# Run docker +# Enter docker container for local development .PHONY: docker_run docker_run: docker run --rm -it \ - -e PROJECT_ID \ -e SERVICE_ACCOUNT_JSON \ - -e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \ - -v $(CURDIR):/cft/workdir \ - ${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \ - /bin/bash -c "cd /cft/workdir && source test/ci_integration.sh && setup_environment && exec /bin/bash" + -v $(CURDIR):/workspace \ + $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ + /bin/bash -.PHONY: docker_create -docker_create: +# Execute prepare tests within the docker container +.PHONY: docker_test_prepare +docker_test_prepare: docker run --rm -it \ - -e PROJECT_ID \ -e SERVICE_ACCOUNT_JSON \ - -e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \ - -v $(CURDIR):/cft/workdir \ - ${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \ - /bin/bash -c "cd /cft/workdir && source test/ci_integration.sh && setup_environment && kitchen create" - -.PHONY: docker_converge -docker_converge: + -e TF_VAR_org_id \ + -e TF_VAR_folder_id \ + -e TF_VAR_billing_account \ + -v $(CURDIR):/workspace \ + $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ + /usr/local/bin/execute_with_credentials.sh prepare_environment + +# Clean up test environment within the docker container +.PHONY: docker_test_cleanup +docker_test_cleanup: docker run --rm -it \ - -e PROJECT_ID \ -e SERVICE_ACCOUNT_JSON \ - -e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \ - -v $(CURDIR):/cft/workdir \ - ${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \ - /bin/bash -c "cd /cft/workdir && source test/ci_integration.sh && setup_environment && kitchen converge" - -.PHONY: docker_verify -docker_verify: + -e TF_VAR_org_id \ + -e TF_VAR_folder_id \ + -e TF_VAR_billing_account \ + -v $(CURDIR):/workspace \ + $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ + /usr/local/bin/execute_with_credentials.sh cleanup_environment + +# Execute integration tests within the docker container +.PHONY: docker_test_integration +docker_test_integration: docker run --rm -it \ - -e PROJECT_ID \ -e SERVICE_ACCOUNT_JSON \ - -e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \ - -v $(CURDIR):/cft/workdir \ - ${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \ - /bin/bash -c "cd /cft/workdir && source test/ci_integration.sh && setup_environment && kitchen verify" + -v $(CURDIR):/workspace \ + $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ + /usr/local/bin/test_integration.sh -.PHONY: docker_destroy -docker_destroy: +# Execute lint tests within the docker container +.PHONY: docker_test_lint +docker_test_lint: docker run --rm -it \ - -e PROJECT_ID \ - -e SERVICE_ACCOUNT_JSON \ - -e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \ - -v $(CURDIR):/cft/workdir \ - ${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \ - /bin/bash -c "cd /cft/workdir && source test/ci_integration.sh && setup_environment && kitchen destroy" + -v $(CURDIR):/workspace \ + $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ + /usr/local/bin/test_lint.sh -.PHONY: test_integration_docker -test_integration_docker: +# Generate documentation +.PHONY: docker_generate_docs +docker_generate_docs: docker run --rm -it \ - -e PROJECT_ID \ - -e SERVICE_ACCOUNT_JSON \ - -e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \ - -v $(CURDIR):/cft/workdir \ - ${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \ - /bin/bash -c "cd /cft/workdir && source test/ci_integration.sh && setup_environment && make test_integration" + -v $(CURDIR):/workspace \ + $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ + /bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs' + +# Alias for backwards compatibility +.PHONY: generate_docs +generate_docs: docker_generate_docs diff --git a/build/int.cloudbuild.yaml b/build/int.cloudbuild.yaml new file mode 100644 index 0000000..68b77ae --- /dev/null +++ b/build/int.cloudbuild.yaml @@ -0,0 +1,42 @@ + +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +timeout: 3600s +steps: +- id: prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && prepare_environment'] + env: + - 'TF_VAR_org_id=$_ORG_ID' + - 'TF_VAR_folder_id=$_FOLDER_ID' + - 'TF_VAR_billing_account=$_BILLING_ACCOUNT' +- id: create + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create'] +- id: converge + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge'] +- id: verify + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify'] +- id: destroy + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy'] +tags: +- 'ci' +- 'integration' +substitutions: + _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools' + _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.1.0' diff --git a/build/lint.cloudbuild.yaml b/build/lint.cloudbuild.yaml index 1dc48c3..779febf 100644 --- a/build/lint.cloudbuild.yaml +++ b/build/lint.cloudbuild.yaml @@ -13,7 +13,7 @@ # limitations under the License. steps: -- name: 'gcr.io/cloud-foundation-cicd/cft/developer-tools:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' +- name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' id: 'lint' args: ['/usr/local/bin/test_lint.sh'] tags: diff --git a/examples/forwarding-zone/main.tf b/examples/forwarding-zone/main.tf index 27ddbcd..c9ba297 100644 --- a/examples/forwarding-zone/main.tf +++ b/examples/forwarding-zone/main.tf @@ -24,4 +24,3 @@ module "dns-forwarding-zone" { private_visibility_config_networks = [var.network_self_link] target_name_server_addresses = ["8.8.8.8", "8.8.4.4"] } - diff --git a/examples/forwarding-zone/outputs.tf b/examples/forwarding-zone/outputs.tf index 4a2588a..982e257 100644 --- a/examples/forwarding-zone/outputs.tf +++ b/examples/forwarding-zone/outputs.tf @@ -18,4 +18,3 @@ output "name_servers" { description = "Zone name servers." value = module.dns-forwarding-zone.name_servers } - diff --git a/examples/forwarding-zone/providers.tf b/examples/forwarding-zone/providers.tf index 1232e49..7b4094f 100644 --- a/examples/forwarding-zone/providers.tf +++ b/examples/forwarding-zone/providers.tf @@ -21,4 +21,3 @@ provider "google" { provider "google-beta" { version = ">= 2.14" } - diff --git a/examples/forwarding-zone/variables.tf b/examples/forwarding-zone/variables.tf index e2c53a0..d8c01d7 100644 --- a/examples/forwarding-zone/variables.tf +++ b/examples/forwarding-zone/variables.tf @@ -33,4 +33,3 @@ variable "domain" { description = "Zone domain." default = "foo.local." } - diff --git a/examples/peering-zone/outputs.tf b/examples/peering-zone/outputs.tf index 935f4a6..5a8bbbd 100644 --- a/examples/peering-zone/outputs.tf +++ b/examples/peering-zone/outputs.tf @@ -18,4 +18,3 @@ output "name_servers" { description = "Zone name servers." value = module.dns-peering-zone.name_servers } - diff --git a/examples/peering-zone/providers.tf b/examples/peering-zone/providers.tf index 1232e49..7b4094f 100644 --- a/examples/peering-zone/providers.tf +++ b/examples/peering-zone/providers.tf @@ -21,4 +21,3 @@ provider "google" { provider "google-beta" { version = ">= 2.14" } - diff --git a/examples/peering-zone/variables.tf b/examples/peering-zone/variables.tf index 323e2e4..cdf9579 100644 --- a/examples/peering-zone/variables.tf +++ b/examples/peering-zone/variables.tf @@ -38,4 +38,3 @@ variable "domain" { description = "Zone domain." default = "foo.local." } - diff --git a/kitchen.yml b/kitchen.yml index 0fa0705..d7dc878 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -1,4 +1,4 @@ -# Copyright 2018 Google LLC +# Copyright 2019 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/main.tf b/main.tf index e00a074..92459d1 100644 --- a/main.tf +++ b/main.tf @@ -1,5 +1,5 @@ /** - * Copyright 2019 Google LLC + * Copyright 2018 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -113,4 +113,3 @@ resource "google_dns_record_set" "cloud-static-records" { google_dns_managed_zone.public, ] } - diff --git a/outputs.tf b/outputs.tf index 680a477..de200d9 100644 --- a/outputs.tf +++ b/outputs.tf @@ -59,4 +59,3 @@ output "name_servers" { ), ) } - diff --git a/test/ci_integration.sh b/test/ci_integration.sh deleted file mode 100755 index 6faf2f5..0000000 --- a/test/ci_integration.sh +++ /dev/null @@ -1,64 +0,0 @@ -#!/usr/bin/env bash - -# Copyright 2018 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Always clean up. -DELETE_AT_EXIT="$(mktemp -d)" -finish() { - echo 'BEGIN: finish() trap handler' >&2 - kitchen destroy "$SUITE" - [[ -d "${DELETE_AT_EXIT}" ]] && rm -rf "${DELETE_AT_EXIT}" - echo 'END: finish() trap handler' >&2 -} - -# Map the input parameters provided by Concourse CI, or whatever mechanism is -# running the tests to Terraform input variables. Also setup credentials for -# use with kitchen-terraform, inspec, and gcloud. -setup_environment() { - local tmpfile - tmpfile="$(mktemp)" - echo "${SERVICE_ACCOUNT_JSON}" > "${tmpfile}" - - # gcloud variables - export CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE="${tmpfile}" - # Application default credentials (Terraform google provider and inspec-gcp) - export GOOGLE_APPLICATION_CREDENTIALS="${tmpfile}" - - # Terraform variables - export TF_VAR_project_id="$PROJECT_ID" -} - -main() { - export SUITE="${SUITE:-}" - - set -eu - # Setup trap handler to auto-cleanup - export TMPDIR="${DELETE_AT_EXIT}" - trap finish EXIT - - # Setup environment variables - setup_environment - set -x - - # Execute the test lifecycle - kitchen create "$SUITE" - kitchen converge "$SUITE" - kitchen verify "$SUITE" -} - -# if script is being executed and not sourced. -if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then - main "$@" -fi diff --git a/test/fixtures/private_zone/main.tf b/test/fixtures/private_zone/main.tf index 12f3d72..b807e1d 100644 --- a/test/fixtures/private_zone/main.tf +++ b/test/fixtures/private_zone/main.tf @@ -14,7 +14,6 @@ * limitations under the License. */ - module "example-private-zone" { source = "../../../examples/private-zone" project_id = var.project_id diff --git a/test/fixtures/public_zone/main.tf b/test/fixtures/public_zone/main.tf index 4f56f4c..f9bf723 100644 --- a/test/fixtures/public_zone/main.tf +++ b/test/fixtures/public_zone/main.tf @@ -1,5 +1,5 @@ /** - * Copyright 2018 Google LLC + * Copyright 2019 Google LLC * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -14,7 +14,6 @@ * limitations under the License. */ - module "example-public-zone" { source = "../../../examples/public-zone" project_id = var.project_id diff --git a/test/integration/public_zone/controls/gcp.rb b/test/integration/public_zone/controls/gcp.rb index bac4825..c494221 100644 --- a/test/integration/public_zone/controls/gcp.rb +++ b/test/integration/public_zone/controls/gcp.rb @@ -1,4 +1,4 @@ -# Copyright 2018 Google LLC +# Copyright 2019 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/test/setup/.gitignore b/test/setup/.gitignore new file mode 100644 index 0000000..0e515f8 --- /dev/null +++ b/test/setup/.gitignore @@ -0,0 +1,2 @@ +terraform.tfvars +source.sh diff --git a/test/setup/iam.tf b/test/setup/iam.tf new file mode 100644 index 0000000..1fcc598 --- /dev/null +++ b/test/setup/iam.tf @@ -0,0 +1,40 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + int_required_roles = [ + "roles/owner", + "roles/dns.admin" + ] +} + +resource "google_service_account" "int_test" { + project = module.project.project_id + account_id = "ci-account" + display_name = "ci-account" +} + +resource "google_project_iam_member" "int_test" { + count = length(local.int_required_roles) + + project = module.project.project_id + role = local.int_required_roles[count.index] + member = "serviceAccount:${google_service_account.int_test.email}" +} + +resource "google_service_account_key" "int_test" { + service_account_id = google_service_account.int_test.id +} diff --git a/test/setup/main.tf b/test/setup/main.tf new file mode 100644 index 0000000..e859583 --- /dev/null +++ b/test/setup/main.tf @@ -0,0 +1,30 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +module "project" { + source = "terraform-google-modules/project-factory/google" + version = "~> 3.0" + + name = "ci-cloud-dns" + random_project_id = "true" + org_id = var.org_id + folder_id = var.folder_id + billing_account = var.billing_account + + activate_apis = [ + "dns.googleapis.com" + ] +} diff --git a/test/setup/make_source.sh b/test/setup/make_source.sh new file mode 100755 index 0000000..f2b63a6 --- /dev/null +++ b/test/setup/make_source.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash + +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +echo "#!/usr/bin/env bash" > ../source.sh + +project_id=$(terraform output project_id) +echo "export TF_VAR_project_id='$project_id'" >> ../source.sh + +sa_json=$(terraform output sa_key) +# shellcheck disable=SC2086 +echo "export SERVICE_ACCOUNT_JSON='$(echo $sa_json | base64 --decode)'" >> ../source.sh diff --git a/test/setup/outputs.tf b/test/setup/outputs.tf new file mode 100644 index 0000000..357bb1e --- /dev/null +++ b/test/setup/outputs.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = module.project.project_id +} + +output "sa_key" { + value = google_service_account_key.int_test.private_key + sensitive = true +} diff --git a/test/setup/variables.tf b/test/setup/variables.tf new file mode 100644 index 0000000..84134fe --- /dev/null +++ b/test/setup/variables.tf @@ -0,0 +1,27 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "org_id" { + description = "The numeric organization id" +} + +variable "folder_id" { + description = "The folder to deploy in" +} + +variable "billing_account" { + description = "The billing account id associated with the project, e.g. XXXXXX-YYYYYY-ZZZZZZ" +} diff --git a/test/setup/versions.tf b/test/setup/versions.tf new file mode 100644 index 0000000..efbd8ea --- /dev/null +++ b/test/setup/versions.tf @@ -0,0 +1,27 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = ">= 0.12" +} + +provider "google" { + version = "~> 2.13.0" +} + +provider "google-beta" { + version = "~> 2.13.0" +} From 146156e390497427f9b309e6d7b464f7c9950de1 Mon Sep 17 00:00:00 2001 From: Ludovico Magnocavallo Date: Wed, 18 Sep 2019 17:11:42 +0200 Subject: [PATCH 11/11] remove variables and use registry source in README example --- README.md | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 161ee35..c8dd406 100644 --- a/README.md +++ b/README.md @@ -19,13 +19,16 @@ Basic usage of this module for a private zone is as follows: ```hcl module "dns-private-zone" { - source = "../.." - project_id = var.project_id + source = "terraform-google-modules/cloud-dns/google" + version = "2.0.0" + project_id = "my-project" type = "private" - name = var.name - domain = var.domain + name = "example-com" + domain = "example.com." - private_visibility_config_networks = [var.network_self_link] + private_visibility_config_networks = [ + "https://www.googleapis.com/compute/v1/projects/my-project/global/networks/my-vpc" + ] record_names = ["localhost"] record_data = [