chore: update tests to use 1.0 image and update compat note (#48)

terraform-google-modules · Oct 28, 2021 · f13dc30 · f13dc30
1 parent a4cea33
commit f13dc30
Show file tree

Hide file tree

Showing 14 changed files with 97 additions and 9 deletions.
diff --git a/.github/release-please.yml b/.github/release-please.yml
@@ -1,2 +1,16 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 releaseType: terraform-module
 handleGHRelease: true
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
@@ -1,3 +1,17 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 name: "Close stale issues"
 on:
   schedule:

diff --git a/.gitignore b/.gitignore
@@ -43,3 +43,6 @@ credentials.json
 
 # Test files
 .kitchen/
+
+# tf lock file
+.terraform.lock.hcl
diff --git a/Makefile b/Makefile
@@ -18,7 +18,7 @@
 # Make will use bash instead of sh
 SHELL := /usr/bin/env bash
 
-DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0.13
+DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.0
 DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools
 REGISTRY_URL := gcr.io/cloud-foundation-cicd
 

diff --git a/README.md b/README.md
@@ -3,7 +3,8 @@
 This Terraform module makes it easier to manage [organization policies](https://cloud.google.com/resource-manager/docs/organization-policy/overview) for your Google Cloud environment, particularly when you want to have exclusion rules. This module will allow you to set a top-level org policy and then disable it on individual projects or folders easily.
 
 ## Compatibility
-This module is meant for use with Terraform 0.13. If you haven't
+This module is meant for use with Terraform 0.13+ and tested using Terraform 1.0+. If you find incompatibilities using Terraform >=0.13, please open an issue.
+ If you haven't
 [upgraded](https://www.terraform.io/upgrade-guides/0-13.html) and need a Terraform
 0.12.x-compatible version of this module, the last released version
 intended for Terraform 0.12.x is [v4.0.0](https://registry.terraform.io/modules/terraform-google-modules/-org-policy/google/v4.0.0).

diff --git a/boolean_constraints.tf b/boolean_constraints.tf
@@ -60,7 +60,7 @@ resource "google_project_organization_policy" "project_policy_boolean" {
   Exclude folders from policy (boolean constraint)
  *****************************************/
 resource "google_folder_organization_policy" "policy_boolean_exclude_folders" {
-  for_each = (local.boolean_policy && ! local.project) ? var.exclude_folders : []
+  for_each = (local.boolean_policy && !local.project) ? var.exclude_folders : []
 
   folder     = each.value
   constraint = var.constraint
@@ -74,7 +74,7 @@ resource "google_folder_organization_policy" "policy_boolean_exclude_folders" {
   Exclude projects from policy (boolean constraint)
  *****************************************/
 resource "google_project_organization_policy" "policy_boolean_exclude_projects" {
-  for_each = (local.boolean_policy && ! local.project) ? var.exclude_projects : []
+  for_each = (local.boolean_policy && !local.project) ? var.exclude_projects : []
 
   project    = each.value
   constraint = var.constraint

diff --git a/build/int.cloudbuild.yaml b/build/int.cloudbuild.yaml
@@ -38,4 +38,4 @@ tags:
 - 'integration'
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
-  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.13'
+  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.0'
diff --git a/build/lint.cloudbuild.yaml b/build/lint.cloudbuild.yaml
@@ -21,4 +21,4 @@ tags:
 - 'lint'
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
-  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.13'
+  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.0'
diff --git a/list_constraints.tf b/list_constraints.tf
@@ -210,7 +210,7 @@ resource "google_project_organization_policy" "project_policy_list_allow_values"
   Exclude folders from policy (list constraint)
  *****************************************/
 resource "google_folder_organization_policy" "folder_policy_list_exclude_folders" {
-  for_each = (local.list_policy && ! local.project) ? var.exclude_folders : []
+  for_each = (local.list_policy && !local.project) ? var.exclude_folders : []
 
   folder     = each.value
   constraint = var.constraint
@@ -224,7 +224,7 @@ resource "google_folder_organization_policy" "folder_policy_list_exclude_folders
   Exclude projects from policy (list constraint)
  *****************************************/
 resource "google_project_organization_policy" "project_policy_list_exclude_projects" {
-  for_each = (local.list_policy && ! local.project) ? var.exclude_projects : []
+  for_each = (local.list_policy && !local.project) ? var.exclude_projects : []
 
   project    = each.value
   constraint = var.constraint

diff --git a/main.tf b/main.tf
@@ -22,7 +22,7 @@ locals {
   folder         = var.policy_for == "folder"
   project        = var.policy_for == "project"
   boolean_policy = var.policy_type == "boolean"
-  list_policy    = var.policy_type == "list" && ! local.invalid_config
+  list_policy    = var.policy_type == "list" && !local.invalid_config
 
   // If allow/deny list empty and enforce is not set, enforce is set to true
   enforce               = var.allow_list_length > 0 || var.deny_list_length > 0 ? null : var.enforce != false

diff --git a/test/integration/boolean_org_exclude/inspec.yml b/test/integration/boolean_org_exclude/inspec.yml
@@ -1,3 +1,17 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 
 name: boolean_org_exclude
 attributes:

diff --git a/test/integration/boolean_project_allow/inspec.yml b/test/integration/boolean_project_allow/inspec.yml
@@ -1,3 +1,17 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 
 name: boolean_project_allow
 attributes:

diff --git a/test/integration/list_folder_deny/inspec.yml b/test/integration/list_folder_deny/inspec.yml
@@ -1,3 +1,17 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 
 name: list_folder_deny
 attributes:

diff --git a/test/integration/list_org_exclude/inspec.yml b/test/integration/list_org_exclude/inspec.yml
@@ -1,3 +1,17 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 
 name: boolean_org_exclude
 attributes: