renaming dir and updating test

examples/bucket-setup-using-autokey/main.tf → examples/bucket_setup_using_autokey/main.tf

@@ -26,9 +26,9 @@ resource "google_kms_key_handle" "bucket_keyhandle" {
   provider = google-beta
 
   project                = var.resource_project_id
-  name                   = "${var.bucket_name_prefix}-${random_string.suffix.result}"
+  name                   = "${var.resource_project_id}-bucket-${random_string.suffix.result}"
   location               = var.bucket_location
-  resource_type_selector = var.bucket_resource_type_selector
+  resource_type_selector = "storage.googleapis.com/Bucket" 
 
   lifecycle {
     ignore_changes = [name]

examples/bucket-setup-using-autokey/variables.tf → examples/bucket_setup_using_autokey/variables.tf

@@ -19,16 +19,6 @@ variable "resource_project_id" {
   type        = string
 }
 
-variable "bucket_name_prefix" {
-  type        = string
-  description = "The storage bucket created will have name {bucket_name_prefix}-{random-suffix}"
-}
-
-variable "bucket_resource_type_selector" {
-  type        = string
-  description = "The resource type selector for bucket"
-}
-
 variable "bucket_location" {
   type        = string
   description = "The gcp location where storage bucket will be created"

test/integration/autokey_setup/autokey_setup_test.go

@@ -0,0 +1,72 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package autokey_example
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"regexp"
+	"testing"
+
+	"github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/tft"
+	"github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/utils"
+	"github.com/stretchr/testify/assert"
+	"golang.org/x/oauth2/google"
+)
+
+func validateKeyHandleVersion(input string, projectId string, autokeyResource string) bool {
+	pattern := fmt.Sprintf(`^projects/%s/locations/us-central1/keyRings/autokey/cryptoKeys/%s-(bigquery-dataset|compute-disk|storage-bucket)-.*?/cryptoKeyVersions/1$`, projectId, autokeyResource)
+	regex := regexp.MustCompile(pattern)
+	return regex.MatchString(input)
+}
+
+func TestAutokeyExample(t *testing.T) {
+	bpt := tft.NewTFBlueprintTest(t)
+	bpt.DefineVerify(func(assert *assert.Assertions) {
+		bpt.DefaultVerify(assert)
+
+		kmsProjectId := bpt.GetStringOutput("kms_project_id")
+		autokeyConfig := bpt.GetStringOutput("autokey_config_id")
+
+		// Autokey config doesn't have a gcloud command yet. That's why we need to hit the API.
+		autokeyConfigUrl := fmt.Sprintf("https://cloudkms.googleapis.com/v1/%s", autokeyConfig)
+
+		httpClient, err := google.DefaultClient(context.Background(), "https://www.googleapis.com/auth/cloud-platform")
+
+		if err != nil {
+			t.Fatal(err.Error())
+		}
+
+		resp, err := httpClient.Get(autokeyConfigUrl)
+		if err != nil {
+			t.Fatal(err.Error())
+		}
+
+		defer resp.Body.Close()
+		body, err := io.ReadAll(resp.Body)
+		if err != nil {
+			t.Fatal(err.Error())
+		}
+
+		result := utils.ParseJSONResult(t, string(body))
+
+		// Asserting if Autokey configuration was enabled with correct kms project id
+		autokeyConfigProject := result.Get("keyProject").String()
+		assert.Equal(autokeyConfigProject, fmt.Sprintf("projects/%s", kmsProjectId), "autokey expected for project %s", kmsProjectId)
+	})
+
+	bpt.Test()
+}

test/integration/autokey_example/autokey_example_test.go → test/integration/bucket_setup_using_autokey/bucket_setup_using_autokey_test.go

@@ -41,7 +41,7 @@ func TestAutokeyExample(t *testing.T) {
 
 		projectId := bpt.GetStringOutput("autokey_project_id")
 		autokeyConfig := bpt.GetStringOutput("autokey_config_id")
-		autokeyResourceProjectNumber := bpt.GetTFSetupJsonOutput("autokey_resource_project_number")
+		autokeyResourceProjectNumber := bpt.GetTFSetupJsonOutput("resource_project_number")
 
 		// Autokey config doesn't have a gcloud command yet. That's why we need to hit the API.
 		autokeyConfigUrl := fmt.Sprintf("https://cloudkms.googleapis.com/v1/%s", autokeyConfig)
@@ -65,7 +65,7 @@ func TestAutokeyExample(t *testing.T) {
 
 		result := utils.ParseJSONResult(t, string(body))
 
-		// Asserting if Autokey configuration was created
+		// Asserting if Autokey configuration was enabled with correct kms project id
 		autokeyConfigProject := result.Get("keyProject").String()
 		assert.Equal(autokeyConfigProject, fmt.Sprintf("projects/%s", projectId), "autokey expected for project %s", projectId)
 

test/setup/outputs.tf

@@ -26,18 +26,6 @@ output "resource_project_number" {
   value = module.autokey_resource_project.project_number
 }
 
-output "bucket_name_prefix" {
-  value = "ci-kms-bucket"
-}
-
-output "bucket_resource_type_selector" {
-  value = "storage.googleapis.com/Bucket"
-}
-
-output "bucket_location" {
-  value = "us-central1"
-}
-
 output "sa_key" {
   value     = google_service_account_key.int_test.private_key
   sensitive = true