Agent policy module

Makefile

@@ -18,7 +18,7 @@
 # Make will use bash instead of sh
 SHELL := /usr/bin/env bash
 
-DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0
+DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0.13.7
 DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools
 REGISTRY_URL := gcr.io/cloud-foundation-cicd
 
@@ -73,6 +73,23 @@ docker_test_lint:
 		$(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \
 		/usr/local/bin/test_lint.sh
 
+# Execute bats tests within the docker container
+.PHONY: docker_test_bats
+docker_test_bats:
+	docker run --rm -it \
+		-v $(CURDIR):/workspace \
+		$(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \
+		/bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && test_bats'
+
+# Execute update integration tests within the docker container
+.PHONY: docker_test_integration_update
+docker_test_integration_update:
+	docker run --rm -it \
+		-e SERVICE_ACCOUNT_JSON \
+		-v "$(CURDIR)":/workspace \
+		$(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \
+		/bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && test_integration_update'
+
 # Generate documentation
 .PHONY: docker_generate_docs
 docker_generate_docs:

README.md

@@ -1,82 +1,13 @@
 # terraform-google-cloud-operations
 
-This module was generated from [terraform-google-module-template](https://github.com/terraform-google-modules/terraform-google-module-template/), which by default generates a module that simply creates a GCS bucket. As the module develops, this README should be updated.
-
-The resources/services/activations/deletions that this module will create/trigger are:
-
-- Create a GCS bucket with the provided name
+This module is a collection of submodules related to Google Cloud Operations (Logging and Monitoring):
+- [Agent Policy](./modules/agent-policy/README.md)
 
 ## Usage
 
-Basic usage of this module is as follows:
-
-```hcl
-module "cloud_operations" {
-  source  = "terraform-google-modules/cloud-operations/google"
-  version = "~> 0.1"
-
-  project_id  = "<PROJECT ID>"
-  bucket_name = "gcs-test-bucket"
-}
-```
-
-Functional examples are included in the
-[examples](./examples/) directory.
-
-<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-## Inputs
-
-| Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| bucket\_name | The name of the bucket to create | string | n/a | yes |
-| project\_id | The project ID to deploy to | string | n/a | yes |
-
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| bucket\_name |  |
-
-<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
-
-## Requirements
-
-These sections describe requirements for using this module.
-
-### Software
-
-The following dependencies must be available:
-
-- [Terraform][terraform] v0.12
-- [Terraform Provider for GCP][terraform-provider-gcp] plugin v2.0
-
-### Service Account
-
-A service account with the following roles must be used to provision
-the resources of this module:
-
-- Storage Admin: `roles/storage.admin`
-
-The [Project Factory module][project-factory-module] and the
-[IAM module][iam-module] may be used in combination to provision a
-service account with the necessary roles applied.
-
-### APIs
-
-A project with the following APIs enabled must be used to host the
-resources of this module:
-
-- Google Cloud Storage JSON API: `storage-api.googleapis.com`
-
-The [Project Factory module][project-factory-module] can be used to
-provision a project with the necessary APIs enabled.
+Each submodule's usage is documented in the [modules](./modules) folder. Functional examples are included in the [examples](./examples/) directory.
 
 ## Contributing
 
 Refer to the [contribution guidelines](./CONTRIBUTING.md) for
 information on contributing to this module.
-
-[iam-module]: https://registry.terraform.io/modules/terraform-google-modules/iam/google
-[project-factory-module]: https://registry.terraform.io/modules/terraform-google-modules/project-factory/google
-[terraform-provider-gcp]: https://www.terraform.io/docs/providers/google/index.html
-[terraform]: https://www.terraform.io/downloads.html

build/int.cloudbuild.yaml

@@ -38,4 +38,4 @@ tags:
 - 'integration'
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
-  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0'
+  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.13.7'

build/lint.cloudbuild.yaml

@@ -21,4 +21,4 @@ tags:
 - 'lint'
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
-  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0'
+  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.13.7'

examples/simple_example/README.md → examples/agent_policy_detailed_example/README.md

@@ -1,21 +1,14 @@
 # Simple Example
 
-This example illustrates how to use the `cloud-operations` module.
+This example illustrates how to use the `agent-policy` module.
 
 <!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
-| bucket\_name | The name of the bucket to create. | string | n/a | yes |
 | project\_id | The ID of the project in which to provision resources. | string | n/a | yes |
 
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| bucket\_name | The name of the bucket. |
-
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 
 To provision this example, run the following from within this directory:

examples/agent_policy_detailed_example/main.tf

@@ -0,0 +1,74 @@
+/**
+ * Copyright 2020 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+provider "google" {
+  version = "~> 2.0"
+}
+
+module "agent_policy_detailed" {
+  source      = "./../../modules/agent-policy"
+  project_id  = var.project_id
+  policy_id   = "ops-agents-test-policy-detailed"
+  description = "an example policy description"
+  agent_rules = [
+    {
+      type               = "logging"
+      version            = "current-major"
+      package_state      = "installed"
+      enable_autoupgrade = true
+    },
+    {
+      type               = "metrics"
+      version            = "latest"
+      package_state      = "removed"
+      enable_autoupgrade = false
+    },
+  ]
+  group_labels = [
+    [
+      {
+        name  = "env"
+        value = "prod"
+      },
+      {
+        name  = "product"
+        value = "myapp"
+      },
+    ],
+    [
+      {
+        name  = "env"
+        value = "staging"
+      },
+      {
+        name  = "product"
+        value = "myapp"
+      },
+    ],
+  ]
+  os_types = [
+    {
+      short_name = "debian"
+      version    = "10"
+    },
+  ]
+  zones = [
+    "us-central1-c",
+    "asia-northeast2-b",
+    "europe-north1-b",
+  ]
+  instances = ["zones/us-central1-a/instances/test-instance"]
+}

examples/agent_policy_simple_example/README.md

@@ -0,0 +1,18 @@
+# Simple Example
+
+This example illustrates how to use the `agent-policy` module.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| project\_id | The ID of the project in which to provision resources. | string | n/a | yes |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+To provision this example, run the following from within this directory:
+- `terraform init` to get the plugins
+- `terraform plan` to see the infrastructure plan
+- `terraform apply` to apply the infrastructure build
+- `terraform destroy` to destroy the built infrastructure

examples/simple_example/main.tf → examples/agent_policy_simple_example/main.tf

@@ -18,9 +18,19 @@ provider "google" {
   version = "~> 2.0"
 }
 
-module "cloud_operations" {
-  source = "../.."
-
-  project_id  = var.project_id
-  bucket_name = var.bucket_name
+module "agent_policy_simple" {
+  source     = "./../../modules/agent-policy"
+  project_id = var.project_id
+  policy_id  = "ops-agents-test-policy-simple"
+  agent_rules = [
+    {
+      type = "logging"
+    },
+  ]
+  os_types = [
+    {
+      short_name = "centos"
+      version    = "8"
+    },
+  ]
 }

examples/simple_example/variables.tf → examples/agent_policy_simple_example/variables.tf

@@ -18,8 +18,3 @@ variable "project_id" {
   description = "The ID of the project in which to provision resources."
   type        = string
 }
-
-variable "bucket_name" {
-  description = "The name of the bucket to create."
-  type        = string
-}

examples/agent_policy_update_example/README.md

@@ -0,0 +1,24 @@
+# Update Example
+
+This example is specifically for testing update functionality.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| agent\_rules | A list of agent rules to be enforced by the policy. | list(any) | n/a | yes |
+| description | The description of the policy. | string | `"null"` | no |
+| group\_labels | A list of label maps to filter instances to apply policies on. | object | `"null"` | no |
+| instances | A list of zones to filter instances to apply the policy. | list(string) | `"null"` | no |
+| os\_types | A list of label maps to filter instances to apply policies on. | list(any) | n/a | yes |
+| project\_id | The ID of the project in which to provision resources. | string | n/a | yes |
+| zones | A list of zones to filter instances to apply the policy. | list(string) | `"null"` | no |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+To provision this example, run the following from within this directory:
+- `terraform init` to get the plugins
+- `terraform plan` to see the infrastructure plan
+- `terraform apply` to apply the infrastructure build
+- `terraform destroy` to destroy the built infrastructure

examples/agent_policy_update_example/main.tf

@@ -0,0 +1,31 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+provider "google" {
+  version = "~> 2.0"
+}
+
+module "agent_policy_update" {
+  source       = "./../../modules/agent-policy"
+  project_id   = var.project_id
+  policy_id    = "ops-agents-test-policy-update"
+  description  = var.description
+  agent_rules  = var.agent_rules
+  group_labels = var.group_labels
+  os_types     = var.os_types
+  zones        = var.zones
+  instances    = var.instances
+}

examples/agent_policy_update_example/variables.tf

@@ -0,0 +1,57 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "project_id" {
+  description = "The ID of the project in which to provision resources."
+  type        = string
+}
+
+variable "description" {
+  description = "The description of the policy."
+  type        = string
+  default     = null
+}
+
+variable "agent_rules" {
+  description = "A list of agent rules to be enforced by the policy."
+  type        = list(any)
+}
+
+variable "group_labels" {
+  description = "A list of label maps to filter instances to apply policies on."
+  type = list(list(object({
+    name  = string
+    value = string
+  })))
+  default = null
+}
+
+variable "os_types" {
+  description = "A list of label maps to filter instances to apply policies on."
+  type        = list(any)
+}
+
+variable "zones" {
+  description = "A list of zones to filter instances to apply the policy."
+  type        = list(string)
+  default     = null
+}
+
+variable "instances" {
+  description = "A list of zones to filter instances to apply the policy."
+  type        = list(string)
+  default     = null
+}