From fcaf8d0d1235d1dc1c39763cfd359ca5dcf34dc2 Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Fri, 7 Jun 2019 02:04:42 +0900 Subject: [PATCH 01/47] don't create topic if the topic name is empty This change is to allow submodule to use pubsub module as optional. --- main.tf | 5 +++-- outputs.tf | 8 ++++---- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/main.tf b/main.tf index 9611466..59f8279 100644 --- a/main.tf +++ b/main.tf @@ -19,6 +19,7 @@ locals { } resource "google_pubsub_topic" "topic" { + count = "${var.topic == "" ? 0 : 1}" project = var.project_id name = var.topic labels = var.topic_labels @@ -27,7 +28,7 @@ resource "google_pubsub_topic" "topic" { resource "google_pubsub_subscription" "push_subscriptions" { count = length(var.push_subscriptions) name = var.push_subscriptions[count.index].name - topic = google_pubsub_topic.topic.name + topic = google_pubsub_topic.topic.0.name project = var.project_id ack_deadline_seconds = lookup( var.push_subscriptions[count.index], @@ -51,7 +52,7 @@ resource "google_pubsub_subscription" "push_subscriptions" { resource "google_pubsub_subscription" "pull_subscriptions" { count = length(var.pull_subscriptions) name = var.pull_subscriptions[count.index].name - topic = google_pubsub_topic.topic.name + topic = google_pubsub_topic.topic.0.name project = var.project_id ack_deadline_seconds = lookup( var.pull_subscriptions[count.index], diff --git a/outputs.tf b/outputs.tf index 75054c5..5dfd865 100644 --- a/outputs.tf +++ b/outputs.tf @@ -15,22 +15,22 @@ */ output "topic" { - value = google_pubsub_topic.topic.name + value = google_pubsub_topic.topic.0.name description = "The name of the Pub/Sub topic" } output "topic_labels" { - value = google_pubsub_topic.topic.labels + value = google_pubsub_topic.topic.0.labels description = "Labels assigned to the Pub/Sub topic" } output "id" { - value = google_pubsub_topic.topic.id + value = google_pubsub_topic.topic.0.id description = "The ID of the Pub/Sub topic" } output "uri" { - value = "pubsub.googleapis.com/${google_pubsub_topic.topic.id}" + value = "pubsub.googleapis.com/${google_pubsub_topic.topic.0.id}" description = "The URI of the Pub/Sub topic" } From 71e5f77af51f791b9c40355713d872fc70b5aa2f Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Fri, 7 Jun 2019 15:01:55 +0900 Subject: [PATCH 02/47] bundle update kitchen-terraform --- Gemfile.lock | 315 ++++++++++++++++++++++++++++ test/integration/default/inspec.yml | 2 + 2 files changed, 317 insertions(+) create mode 100644 Gemfile.lock diff --git a/Gemfile.lock b/Gemfile.lock new file mode 100644 index 0000000..e7130bd --- /dev/null +++ b/Gemfile.lock @@ -0,0 +1,315 @@ +GEM + remote: https://rubygems.org/ + specs: + addressable (2.6.0) + public_suffix (>= 2.0.2, < 4.0) + aws-eventstream (1.0.3) + aws-sdk (2.11.289) + aws-sdk-resources (= 2.11.289) + aws-sdk-core (2.11.289) + aws-sigv4 (~> 1.0) + jmespath (~> 1.0) + aws-sdk-resources (2.11.289) + aws-sdk-core (= 2.11.289) + aws-sigv4 (1.1.0) + aws-eventstream (~> 1.0, >= 1.0.2) + azure_graph_rbac (0.17.1) + ms_rest_azure (~> 0.11.0) + azure_mgmt_key_vault (0.17.4) + ms_rest_azure (~> 0.11.0) + azure_mgmt_resources (0.17.5) + ms_rest_azure (~> 0.11.1) + builder (3.2.3) + coderay (1.1.2) + concurrent-ruby (1.1.5) + declarative (0.0.10) + declarative-option (0.1.0) + diff-lcs (1.3) + docker-api (1.34.2) + excon (>= 0.47.0) + multi_json + domain_name (0.5.20180417) + unf (>= 0.0.5, < 1.0.0) + dry-configurable (0.8.3) + concurrent-ruby (~> 1.0) + dry-core (~> 0.4, >= 0.4.7) + dry-container (0.7.0) + concurrent-ruby (~> 1.0) + dry-configurable (~> 0.1, >= 0.1.3) + dry-core (0.4.7) + concurrent-ruby (~> 1.0) + dry-equalizer (0.2.2) + dry-inflector (0.1.2) + dry-logic (0.6.1) + concurrent-ruby (~> 1.0) + dry-core (~> 0.2) + dry-equalizer (~> 0.2) + dry-types (0.14.1) + concurrent-ruby (~> 1.0) + dry-container (~> 0.3) + dry-core (~> 0.4, >= 0.4.4) + dry-equalizer (~> 0.2) + dry-inflector (~> 0.1, >= 0.1.2) + dry-logic (~> 0.5, >= 0.5) + dry-validation (0.13.0) + concurrent-ruby (~> 1.0) + dry-configurable (~> 0.1, >= 0.1.3) + dry-core (~> 0.2, >= 0.2.1) + dry-equalizer (~> 0.2) + dry-logic (~> 0.5, >= 0.5.0) + dry-types (~> 0.14, >= 0.14) + equatable (0.5.0) + erubis (2.7.0) + excon (0.64.0) + faraday (0.15.4) + multipart-post (>= 1.2, < 3) + faraday-cookie_jar (0.0.6) + faraday (>= 0.7.4) + http-cookie (~> 1.0.0) + faraday_middleware (0.12.2) + faraday (>= 0.7.4, < 1.0) + ffi (1.11.1) + google-api-client (0.23.9) + addressable (~> 2.5, >= 2.5.1) + googleauth (>= 0.5, < 0.7.0) + httpclient (>= 2.8.1, < 3.0) + mime-types (~> 3.0) + representable (~> 3.0) + retriable (>= 2.0, < 4.0) + signet (~> 0.9) + googleauth (0.6.7) + faraday (~> 0.12) + jwt (>= 1.4, < 3.0) + memoist (~> 0.16) + multi_json (~> 1.11) + os (>= 0.9, < 2.0) + signet (~> 0.7) + gssapi (1.3.0) + ffi (>= 1.0.1) + gyoku (1.3.1) + builder (>= 2.1.2) + hashie (3.6.0) + htmlentities (4.3.4) + http-cookie (1.0.3) + domain_name (~> 0.5) + httpclient (2.8.3) + inifile (3.0.0) + inspec (3.9.3) + addressable (~> 2.4) + faraday (>= 0.9.0) + faraday_middleware (~> 0.12.2) + hashie (~> 3.4) + htmlentities + json (>= 1.8, < 3.0) + method_source (~> 0.8) + mixlib-log + multipart-post + parallel (~> 1.9) + parslet (~> 1.5) + pry (~> 0) + rspec (~> 3) + rspec-its (~> 1.2) + rubyzip (~> 1.2, >= 1.2.2) + semverse + sslshake (~> 1.2) + term-ansicolor + thor (~> 0.20) + tomlrb (~> 1.2) + train (~> 1.5, >= 1.7.2) + train-habitat (~> 0.1) + tty-prompt (~> 0.17) + tty-table (~> 0.10) + jmespath (1.4.0) + json (2.1.0) + jwt (2.2.1) + kitchen-inspec (0.25.0) + hashie (~> 3.4) + inspec (>= 0.34.0, < 4.0.0) + test-kitchen (~> 1.6) + kitchen-terraform (4.9.0) + dry-types (~> 0.14.0) + dry-validation (= 0.13.0) + inspec (~> 3.0) + json (~> 2.1.0) + mixlib-shellout (~> 2.2) + test-kitchen (~> 1.23) + tty-which (~> 0.4.0) + license-acceptance (1.0.12) + pastel (~> 0.7) + tomlrb (~> 1.2) + tty-box (~> 0.3) + tty-prompt (~> 0.18) + little-plugger (1.1.4) + logging (2.2.2) + little-plugger (~> 1.1) + multi_json (~> 1.10) + memoist (0.16.0) + method_source (0.9.2) + mime-types (3.2.2) + mime-types-data (~> 3.2015) + mime-types-data (3.2019.0331) + mixlib-install (3.11.18) + mixlib-shellout + mixlib-versioning + thor + mixlib-log (3.0.1) + mixlib-shellout (2.4.4) + mixlib-versioning (1.2.7) + ms_rest (0.7.4) + concurrent-ruby (~> 1.0) + faraday (~> 0.9) + timeliness (~> 0.3.10) + ms_rest_azure (0.11.1) + concurrent-ruby (~> 1.0) + faraday (~> 0.9) + faraday-cookie_jar (~> 0.0.6) + ms_rest (~> 0.7.4) + unf_ext (= 0.0.7.2) + multi_json (1.13.1) + multipart-post (2.1.1) + necromancer (0.4.0) + net-scp (1.2.1) + net-ssh (>= 2.6.5) + net-ssh (4.2.0) + net-ssh-gateway (2.0.0) + net-ssh (>= 4.0.0) + nori (2.6.0) + os (1.0.1) + parallel (1.17.0) + parslet (1.8.2) + pastel (0.7.2) + equatable (~> 0.5.0) + tty-color (~> 0.4.0) + pry (0.12.2) + coderay (~> 1.1.0) + method_source (~> 0.9.0) + public_suffix (3.1.0) + representable (3.0.4) + declarative (< 0.1.0) + declarative-option (< 0.2.0) + uber (< 0.2.0) + retriable (3.1.2) + rspec (3.8.0) + rspec-core (~> 3.8.0) + rspec-expectations (~> 3.8.0) + rspec-mocks (~> 3.8.0) + rspec-core (3.8.0) + rspec-support (~> 3.8.0) + rspec-expectations (3.8.3) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.8.0) + rspec-its (1.3.0) + rspec-core (>= 3.0.0) + rspec-expectations (>= 3.0.0) + rspec-mocks (3.8.0) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.8.0) + rspec-support (3.8.0) + rubyntlm (0.6.2) + rubyzip (1.2.3) + semverse (3.0.0) + signet (0.11.0) + addressable (~> 2.3) + faraday (~> 0.9) + jwt (>= 1.5, < 3.0) + multi_json (~> 1.10) + sslshake (1.3.0) + strings (0.1.5) + strings-ansi (~> 0.1) + unicode-display_width (~> 1.5) + unicode_utils (~> 1.4) + strings-ansi (0.1.0) + term-ansicolor (1.7.1) + tins (~> 1.0) + test-kitchen (1.25.0) + license-acceptance (~> 1.0, >= 1.0.11) + mixlib-install (~> 3.6) + mixlib-shellout (>= 1.2, < 3.0) + net-scp (>= 1.1, < 3.0) + net-ssh (>= 2.9, < 5.0) + net-ssh-gateway (>= 1.2, < 3.0) + thor (~> 0.19) + winrm (~> 2.0) + winrm-elevated (~> 1.0) + winrm-fs (~> 1.1) + thor (0.20.3) + timeliness (0.3.10) + timers (4.3.0) + tins (1.20.3) + tomlrb (1.2.8) + train (1.7.6) + aws-sdk (~> 2) + azure_graph_rbac (~> 0.16) + azure_mgmt_key_vault (~> 0.17) + azure_mgmt_resources (~> 0.15) + docker-api (~> 1.26) + google-api-client (~> 0.23.9) + googleauth (~> 0.6.6) + inifile + json (>= 1.8, < 3.0) + mixlib-shellout (>= 2.0) + net-scp (~> 1.2) + net-ssh (>= 2.9, < 6.0) + winrm (~> 2.0) + winrm-fs (~> 1.0) + train-habitat (0.1.1) + train (>= 1.7.5, < 3.0) + tty-box (0.3.0) + pastel (~> 0.7.2) + strings (~> 0.1.4) + tty-cursor (~> 0.6.0) + tty-color (0.4.3) + tty-cursor (0.6.1) + tty-prompt (0.18.1) + necromancer (~> 0.4.0) + pastel (~> 0.7.0) + timers (~> 4.0) + tty-cursor (~> 0.6.0) + tty-reader (~> 0.5.0) + tty-reader (0.5.0) + tty-cursor (~> 0.6.0) + tty-screen (~> 0.6.4) + wisper (~> 2.0.0) + tty-screen (0.6.5) + tty-table (0.10.0) + equatable (~> 0.5.0) + necromancer (~> 0.4.0) + pastel (~> 0.7.2) + strings (~> 0.1.0) + tty-screen (~> 0.6.4) + tty-which (0.4.1) + uber (0.1.0) + unf (0.1.4) + unf_ext + unf_ext (0.0.7.2) + unicode-display_width (1.6.0) + unicode_utils (1.4.0) + winrm (2.3.2) + builder (>= 2.1.2) + erubis (~> 2.7) + gssapi (~> 1.2) + gyoku (~> 1.0) + httpclient (~> 2.2, >= 2.2.0.2) + logging (>= 1.6.1, < 3.0) + nori (~> 2.0) + rubyntlm (~> 0.6.0, >= 0.6.1) + winrm-elevated (1.1.1) + winrm (~> 2.0) + winrm-fs (~> 1.0) + winrm-fs (1.3.2) + erubis (~> 2.7) + logging (>= 1.6.1, < 3.0) + rubyzip (~> 1.1) + winrm (~> 2.0) + wisper (2.0.0) + +PLATFORMS + ruby + +DEPENDENCIES + kitchen-inspec + kitchen-terraform (~> 4.9.0) + test-kitchen + +BUNDLED WITH + 1.17.1 diff --git a/test/integration/default/inspec.yml b/test/integration/default/inspec.yml index 6e861c7..2052e44 100644 --- a/test/integration/default/inspec.yml +++ b/test/integration/default/inspec.yml @@ -14,6 +14,8 @@ name: cloud-pubsub title: Google Cloud Pub/Sub +version: 0.1.0 +inspec_version: '~> 3.9.3' attributes: - name: project_id type: string From 4fdc91f4fc0cf0b303c10da7fae64dd8623f29c6 Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Fri, 7 Jun 2019 15:14:24 +0900 Subject: [PATCH 03/47] move pubsub fixture from test/fixtures/* to test/fixtures/pubsub --- kitchen.yml | 4 ++-- test/fixtures/{ => pubsub}/main.tf | 20 +++++++++++++++++++ test/fixtures/{ => pubsub}/outputs.tf | 0 .../{ => pubsub}/terraform.tfvars.sample | 0 test/fixtures/{ => pubsub}/variables.tf | 0 .../{default => pubsub}/controls/pubsub.rb | 0 .../{default => pubsub}/inspec.yml | 0 7 files changed, 22 insertions(+), 2 deletions(-) rename test/fixtures/{ => pubsub}/main.tf (66%) rename test/fixtures/{ => pubsub}/outputs.tf (100%) rename test/fixtures/{ => pubsub}/terraform.tfvars.sample (100%) rename test/fixtures/{ => pubsub}/variables.tf (100%) rename test/integration/{default => pubsub}/controls/pubsub.rb (100%) rename test/integration/{default => pubsub}/inspec.yml (100%) diff --git a/kitchen.yml b/kitchen.yml index 17d9bd2..16d1af2 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -31,7 +31,7 @@ platforms: - name: local suites: - - name: default + - name: pubsub driver: name: terraform - root_module_directory: test/fixtures + root_module_directory: test/fixtures/pubsub diff --git a/test/fixtures/main.tf b/test/fixtures/pubsub/main.tf similarity index 66% rename from test/fixtures/main.tf rename to test/fixtures/pubsub/main.tf index bad42d0..92667f7 100644 --- a/test/fixtures/main.tf +++ b/test/fixtures/pubsub/main.tf @@ -24,3 +24,23 @@ module "example" { } } +module "pubsub" { + source = "../../../" + project_id = "${var.project}" + topic = "${var.topic_name}" + + push_subscriptions = [ + { + name = "push" + push_endpoint = "https://${var.project}.appspot.com/" + x-goog-version = "v1beta1" + ack_deadline_seconds = 20 + }, + ] + + pull_subscriptions = [ + { + name = "pull" + }, + ] +} diff --git a/test/fixtures/outputs.tf b/test/fixtures/pubsub/outputs.tf similarity index 100% rename from test/fixtures/outputs.tf rename to test/fixtures/pubsub/outputs.tf diff --git a/test/fixtures/terraform.tfvars.sample b/test/fixtures/pubsub/terraform.tfvars.sample similarity index 100% rename from test/fixtures/terraform.tfvars.sample rename to test/fixtures/pubsub/terraform.tfvars.sample diff --git a/test/fixtures/variables.tf b/test/fixtures/pubsub/variables.tf similarity index 100% rename from test/fixtures/variables.tf rename to test/fixtures/pubsub/variables.tf diff --git a/test/integration/default/controls/pubsub.rb b/test/integration/pubsub/controls/pubsub.rb similarity index 100% rename from test/integration/default/controls/pubsub.rb rename to test/integration/pubsub/controls/pubsub.rb diff --git a/test/integration/default/inspec.yml b/test/integration/pubsub/inspec.yml similarity index 100% rename from test/integration/default/inspec.yml rename to test/integration/pubsub/inspec.yml From 06334184b0b29464663671c7eb4647d9435e5d03 Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Sat, 8 Jun 2019 03:51:23 +0900 Subject: [PATCH 04/47] add tests for the cloudiot module --- test/fixtures/cloudiot/main.tf | 57 +++++++++++++++++++ test/fixtures/cloudiot/outputs.tf | 27 +++++++++ test/fixtures/cloudiot/rsa_cert1.pem | 19 +++++++ test/fixtures/cloudiot/rsa_cert2.pem | 19 +++++++ .../fixtures/cloudiot/terraform.tfvars.sample | 23 ++++++++ test/fixtures/cloudiot/variables.tf | 32 +++++++++++ test/integration/cloudiot/controls/iot.rb | 53 +++++++++++++++++ test/integration/cloudiot/inspec.yml | 28 +++++++++ 8 files changed, 258 insertions(+) create mode 100644 test/fixtures/cloudiot/main.tf create mode 100644 test/fixtures/cloudiot/outputs.tf create mode 100644 test/fixtures/cloudiot/rsa_cert1.pem create mode 100644 test/fixtures/cloudiot/rsa_cert2.pem create mode 100644 test/fixtures/cloudiot/terraform.tfvars.sample create mode 100644 test/fixtures/cloudiot/variables.tf create mode 100644 test/integration/cloudiot/controls/iot.rb create mode 100644 test/integration/cloudiot/inspec.yml diff --git a/test/fixtures/cloudiot/main.tf b/test/fixtures/cloudiot/main.tf new file mode 100644 index 0000000..cec6046 --- /dev/null +++ b/test/fixtures/cloudiot/main.tf @@ -0,0 +1,57 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + credentials = "${file(var.credentials_file_path)}" +} + +module "iot" { + source = "../../../modules/cloudiot" + project_id = "${var.project}" + name = var.registry_name + region = "${var.region}" + mqtt_enabled_state = "MQTT_ENABLED" + public_key_certificates = [ + { + format = "X509_CERTIFICATE_PEM" + certificate = file("./rsa_cert1.pem") + }, + { + format = "X509_CERTIFICATE_PEM" + certificate = file("./rsa_cert2.pem") + }, + ] + event_notification_config = { + topic_name = "${var.registry_name}-event-topic" + pull_subscriptions = [ + { + name = "${var.registry_name}-event-pull" + ack_deadline_seconds = 20 + } + ] + } + state_notification_config = { + topic_name = "${var.registry_name}-state-topic" + push_subscriptions = [ + { + name = "${var.registry_name}-state-push" + push_endpoint = "https://${var.project}.appspot.com/" + x-goog-version = "v1beta1" + ack_deadline_seconds = 20 + }, + ] + } +} diff --git a/test/fixtures/cloudiot/outputs.tf b/test/fixtures/cloudiot/outputs.tf new file mode 100644 index 0000000..aa75847 --- /dev/null +++ b/test/fixtures/cloudiot/outputs.tf @@ -0,0 +1,27 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = "${var.project}" +} + +output "registry_name" { + value = "${var.registry_name}" +} + +output "region" { + value = "${var.region}" +} diff --git a/test/fixtures/cloudiot/rsa_cert1.pem b/test/fixtures/cloudiot/rsa_cert1.pem new file mode 100644 index 0000000..b05c805 --- /dev/null +++ b/test/fixtures/cloudiot/rsa_cert1.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDAzCCAeugAwIBAgIUO5NbsFWYCi4t2ks8q4e6AHJZT9UwDQYJKoZIhvcNAQEL +BQAwETEPMA0GA1UEAwwGdW51c2VkMB4XDTE5MDYwNzEwMjMzMloXDTE5MDcwNzEw +MjMzMlowETEPMA0GA1UEAwwGdW51c2VkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAseCa2UIIOQPUWhvtJ4FoG1wlfEoeWQ7oraFw4BydwWapWGLxlCOJ +I2UyKzlRnPQyenVzoYEcIP7ZAw4PI3K78+TEBAe3qKaX166XB8/37QPa//lWWaLq +ndZSW6HiAD+MbvTChvUbvOf5wMnl/6NaPTM7+KtuaAdDcXycF1LHEHr0IKpZDCtU +wcBa6d4jcKmF8Ca7fE6o2O+bQmY9jbUho63AHkB5ElM++nU14csSCpxeDL7b1L7e +rkQDTEMzxFVQ3gFjY4yM4zVBMy80DEJ+L+5kt4nVHrUVShfj5gLlMVerbfc9itOM +Imr6ObqmZqfs6YF05czDkaD/TQun979rOwIDAQABo1MwUTAdBgNVHQ4EFgQUFlHP +lppxAWGRNP74Q1yofC7+DeswHwYDVR0jBBgwFoAUFlHPlppxAWGRNP74Q1yofC7+ +DeswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAW0IMM+DMJAoR +vepmsv1MYivGOlkuzPMbhG4COSPKS6a4p8+ymhShK536sXXCrRjaeYq9ntUDySnh +zHwmBMVe3v9OwL5qtAKzilGv6LXnx8ExfYXbwp22cHmwJsBAGGcyx5f8MY088xkh +dZZu75uQO8/6IT5IwL+UecMY+YZPjubKx4MK4pu1G/q2xFWoMqPK7X4uouUuJsJr +L6C9nmfIaPL6IDLN+MwiWhgfDLTG31t5slB1p2q8t2t/KqKhf0da9N+KJPGbm8JV +/HIt1jG/laYIEVcge9HK9YaaK/S8A8TWVYRbFgSKk6nIqbe4YEAdWVHHTxue+Zp2 +l+gRHrDteQ== +-----END CERTIFICATE----- diff --git a/test/fixtures/cloudiot/rsa_cert2.pem b/test/fixtures/cloudiot/rsa_cert2.pem new file mode 100644 index 0000000..4c4b1af --- /dev/null +++ b/test/fixtures/cloudiot/rsa_cert2.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDAzCCAeugAwIBAgIUVCBLKLQT75CCR+sY8Yj3qrXelNAwDQYJKoZIhvcNAQEL +BQAwETEPMA0GA1UEAwwGdW51c2VkMB4XDTE5MDYwNzEwNTk0NVoXDTE5MDcwNzEw +NTk0NVowETEPMA0GA1UEAwwGdW51c2VkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAtAcKdd+JVtDKDNquis5ZLeReyDr+xx3H5DHJKEOTWGANTZ/cTvaN +laBewcBo7mxP8aMeFMYOfS9M3R9p1nGO7+tGB3zbWnx3ak2ipzcwdUHumGBmdVMF +69aFupD7IG4r+zM6LP/F8i/W62O9JYGo+DxRMWBrru3D6nTgZmqWaz2vdI8zbEgq +sjHOH8LLMrQNzcTRZ9TpewO/5NcPL0LrKtLvuf99xtGz/5hgPeoMnUnan3BFb2Ob +fuSQ/1QUi9DdhsaBliiOOkUBAD4Coh9p3jdbzl9c6v3siOtuue/z0FdrjAHG+kRN +ynBWx7Uw2k7D9wjgLeZWISh8QECZ3ovBJwIDAQABo1MwUTAdBgNVHQ4EFgQU46Jy +a9kkHYiWJhXkDcEvVilkkJcwHwYDVR0jBBgwFoAU46Jya9kkHYiWJhXkDcEvVilk +kJcwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAM3Sl9XvwfvsV +g4HbkWW8ullESEtciw3LAt8F0bqTb7DcFhMlXT/Zgp876lKX0kubR2sj2wJ7TEPT +XnH06KgZPwYq21RMu56gLHm6qpwQw96i5wvgFVTuxWy8Vtcvcv1PePf8osk5x0gm +SOwVygxBzMpOmWjx4CrIEUj4ydp9RFdFAU9ReKjXE9Dk3QL09SEJKSfDo18eYcY/ +COu1N5aA4NwnPk0sDkHbtc9ZrkSSN/aa7u9ogbj9VD+lYsv2DMrvRm8J7v1FIxAj +8hXWLFmh/NOWkqry8V73UYJi1Cgbv8TCxs2a/1JrLW3Vcf8Xl0D2/sQLjca0y0/+ +qgHlPe/cLw== +-----END CERTIFICATE----- diff --git a/test/fixtures/cloudiot/terraform.tfvars.sample b/test/fixtures/cloudiot/terraform.tfvars.sample new file mode 100644 index 0000000..540c233 --- /dev/null +++ b/test/fixtures/cloudiot/terraform.tfvars.sample @@ -0,0 +1,23 @@ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# PLEASE FILL THE VARIABLES WITH VALID VALUES FOR TESTING # +# DO NOT REMOVE ANY OF THE VARIABLES # +################################################################# + +## These values you *MUST* modify to match your environment +credentials_file_path="../integration/default/sa-key.json" +project="tf-proj" +topic_name="tf-proj-topic" diff --git a/test/fixtures/cloudiot/variables.tf b/test/fixtures/cloudiot/variables.tf new file mode 100644 index 0000000..f85bd76 --- /dev/null +++ b/test/fixtures/cloudiot/variables.tf @@ -0,0 +1,32 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "credentials_file_path" { + description = "Service account json auth path" +} + +variable "project" { + description = "The project to run tests against" +} + +variable "region" { + description = "The region for hosting the registry" + default = "us-central1" +} + +variable "registry_name" { + description = "The project to run tests against" +} diff --git a/test/integration/cloudiot/controls/iot.rb b/test/integration/cloudiot/controls/iot.rb new file mode 100644 index 0000000..0497197 --- /dev/null +++ b/test/integration/cloudiot/controls/iot.rb @@ -0,0 +1,53 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +registry = attribute('registry_name') +region = attribute('region') +event_topic = "#{registry}-event-topic" +state_topic = "#{registry}-state-topic" + +describe command("gcloud --project='#{project_id}' iot registries describe #{registry} --region=#{region} --format=json") do + let(:stdout) { JSON.parse(subject.stdout, symbolize_names: true) } + its(:exit_status) { should be_zero } + it { expect(stdout).to include(name: "projects/#{project_id}/locations/#{region}/registries/#{registry}") } +end + +describe command("gcloud --project='#{project_id}' pubsub topics describe #{event_topic} --format=json") do + let(:stdout) { JSON.parse(subject.stdout, symbolize_names: true) } + its(:exit_status) { should be_zero } + it { expect(stdout).to include(name: "projects/#{project_id}/topics/#{event_topic}") } +end + +describe command("gcloud --project='#{project_id}' pubsub topics describe #{state_topic} --format=json") do + let(:stdout) { JSON.parse(subject.stdout, symbolize_names: true) } + its(:exit_status) { should be_zero } + it { expect(stdout).to include(name: "projects/#{project_id}/topics/#{state_topic}") } +end + +describe command("gcloud --project='#{project_id}' pubsub subscriptions describe #{registry}-event-pull --format=json") do + let(:stdout) { JSON.parse(subject.stdout, symbolize_names: true) } + its(:exit_status) { should be_zero } + it { expect(stdout).to include(name: "projects/#{project_id}/subscriptions/#{registry}-event-pull") } + it { expect(stdout).to include(topic: "projects/#{project_id}/topics/#{event_topic}") } + it { expect(stdout).to include(ackDeadlineSeconds: 20) } +end + +describe command("gcloud --project='#{project_id}' pubsub subscriptions describe #{registry}-state-push --format=json") do + let(:stdout) { JSON.parse(subject.stdout, symbolize_names: true) } + its(:exit_status) { should be_zero } + it { expect(stdout).to include(name: "projects/#{project_id}/subscriptions/#{registry}-state-push") } + it { expect(stdout).to include(topic: "projects/#{project_id}/topics/#{state_topic}") } + it { expect(stdout).to include(ackDeadlineSeconds: 20) } +end diff --git a/test/integration/cloudiot/inspec.yml b/test/integration/cloudiot/inspec.yml new file mode 100644 index 0000000..814358c --- /dev/null +++ b/test/integration/cloudiot/inspec.yml @@ -0,0 +1,28 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: cloud-iot +title: Google Cloud IoT +version: 0.1.0 +inspec_version: '~> 3.9.3' +attributes: + - name: project_id + type: string + required: true + - name: registry_name + type: string + required: true + - name: region + type: string + required: true From 4d3778327dfc7b7a6b99d0a5492cc59f5dd6d312 Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Thu, 13 Jun 2019 12:33:04 +0900 Subject: [PATCH 05/47] the -check-variables option has been removed from 0.12 Now the validator behaves as if this were `false`. See: https://github.com/hashicorp/terraform/issues/21408#issuecomment-495259124 However, as a result of my investigation, the validator uses the source module to check whether the syntax is valid and types/values are being used correctly. To react with the changes, this commit adds PWD=directory as an temporary environment variable on the command execution, because validate command seems to refer to the current directory. --- test/make.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/test/make.sh b/test/make.sh index 833905d..d2ab912 100755 --- a/test/make.sh +++ b/test/make.sh @@ -94,6 +94,9 @@ function check_terraform() { local rval=125 # fmt is before validate for faster feedback, validate requires terraform # init which takes time. + echo "Running terraform validate" + #shellcheck disable=SC2156 + find . -name "*.tf" -exec bash -c 'PWD=$(dirname "{}") terraform validate' \; echo "Running terraform fmt" find_files . -name "*.tf" -print0 \ | compat_xargs -0 -n1 dirname \ From 2e3fcb758a44fc62d27ac3058ecb8c651e9ee608 Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Fri, 7 Jun 2019 02:06:38 +0900 Subject: [PATCH 06/47] impl cloudiot module --- examples/cloudiot/main.tf | 46 ++++++++++++++++++++++ kitchen.yml | 4 ++ modules/cloudiot/main.tf | 70 ++++++++++++++++++++++++++++++++++ modules/cloudiot/outputs.tf | 65 +++++++++++++++++++++++++++++++ modules/cloudiot/variables.tf | 58 ++++++++++++++++++++++++++++ test/fixtures/cloudiot/main.tf | 4 +- 6 files changed, 245 insertions(+), 2 deletions(-) create mode 100644 examples/cloudiot/main.tf create mode 100644 modules/cloudiot/main.tf create mode 100644 modules/cloudiot/outputs.tf create mode 100644 modules/cloudiot/variables.tf diff --git a/examples/cloudiot/main.tf b/examples/cloudiot/main.tf new file mode 100644 index 0000000..33ddbbd --- /dev/null +++ b/examples/cloudiot/main.tf @@ -0,0 +1,46 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 2.7.0" +} + +module "iot" { + source = "../../modules/cloudiot" + name = "sample-iot" + region = "us-central1" + project_id = "kunpei-sandbox" + mqtt_enabled_state = "MQTT_ENABLED" + http_enabled_state = "HTTP_DISABLED" + event_notification_config = { + topic = "iot-event-topic" + pull_subscriptions = [ + { + name = "iot-event-pull" + ack_deadline_seconds = 20 + }, + ] + } + state_notification_config = { + topic = "iot-state-topic" + pull_subscriptions = [ + { + name = "iot-state-pull" + ack_deadline_seconds = 20 + }, + ] + } +} diff --git a/kitchen.yml b/kitchen.yml index 16d1af2..b68fc52 100644 --- a/kitchen.yml +++ b/kitchen.yml @@ -35,3 +35,7 @@ suites: driver: name: terraform root_module_directory: test/fixtures/pubsub + - name: cloudiot + driver: + name: terraform + root_module_directory: test/fixtures/cloudiot diff --git a/modules/cloudiot/main.tf b/modules/cloudiot/main.tf new file mode 100644 index 0000000..5e6edc0 --- /dev/null +++ b/modules/cloudiot/main.tf @@ -0,0 +1,70 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +resource "google_cloudiot_registry" "default" { + name = var.name + project = var.project_id + region = var.region + + http_config = { + http_enabled_state = var.http_enabled_state + } + mqtt_config = { + mqtt_enabled_state = var.mqtt_enabled_state + } + event_notification_config = { + pubsub_topic_name = "projects/${var.project_id}/topics/${module.event_notification_topic.topic}" + } + state_notification_config = { + pubsub_topic_name = "projects/${var.project_id}/topics/${module.state_notification_topic.topic}" + } + + dynamic "credentials" { + for_each = [for c in var.public_key_certificates : { + public_key_certificate = { + format = c.format + certificate = c.certificate + } + }] + content { + public_key_certificate = credentials.value.public_key_certificate + } + } + depends_on = [ + module.event_notification_topic, + module.state_notification_topic, + ] +} + +module "event_notification_topic" { + source = "../../" + project_id = var.project_id + + // NOTE: if the topic is empty, then this resource should be skipped. + topic = lookup(var.event_notification_config, "topic", "") + push_subscriptions = lookup(var.event_notification_config, "push_subscriptions", []) + pull_subscriptions = lookup(var.event_notification_config, "pull_subscriptions", []) +} + +module "state_notification_topic" { + source = "../../" + project_id = var.project_id + + // NOTE: if the topic is empty, then this resource should be skipped. + topic = lookup(var.state_notification_config, "topic", "") + push_subscriptions = lookup(var.state_notification_config, "push_subscriptions", []) + pull_subscriptions = lookup(var.state_notification_config, "pull_subscriptions", []) +} diff --git a/modules/cloudiot/outputs.tf b/modules/cloudiot/outputs.tf new file mode 100644 index 0000000..8bb9b7a --- /dev/null +++ b/modules/cloudiot/outputs.tf @@ -0,0 +1,65 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "name" { + value = google_cloudiot_registry.default.name + description = "The name of the Cloud IoT registry" +} + +output "credentials" { + value = ["${google_cloudiot_registry.default.credentials.*}"] + description = "The credentials for Cloud IoT registry" +} + +output "event_notification_topic" { + value = module.event_notification_topic.topic + description = "The name of the Pub/Sub topic associated with the registry" +} + +output "event_notification_topic_id" { + value = module.event_notification_topic.id + description = "The id of the Pub/Sub topic associated with the registry" +} + +output "event_notification_subscription_names" { + value = ["${module.event_notification_topic.subscription_names}"] + description = "The name list of Pub/Sub subscriptions associated with the registry" +} + +output "event_notification_subscription_paths" { + value = ["${module.event_notification_topic.subscription_paths}"] + description = "The path list of Pub/Sub subscriptions associated with the registry" +} + +output "state_notification_topic" { + value = module.state_notification_topic.topic + description = "The name of the Pub/Sub topic associated with the registry" +} + +output "state_notification_topic_id" { + value = module.state_notification_topic.id + description = "The id of the Pub/Sub topic associated with the registry" +} + +output "state_notification_subscription_names" { + value = ["${module.state_notification_topic.subscription_names}"] + description = "The name list of Pub/Sub subscriptions associated with the registry" +} + +output "state_notification_subscription_paths" { + value = ["${module.state_notification_topic.subscription_paths}"] + description = "The path list of Pub/Sub subscriptions associated with the registry" +} diff --git a/modules/cloudiot/variables.tf b/modules/cloudiot/variables.tf new file mode 100644 index 0000000..e5e49c1 --- /dev/null +++ b/modules/cloudiot/variables.tf @@ -0,0 +1,58 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to manage the Cloud IoT resources" +} + +variable "region" { + description = "The region to host the registry" +} + +variable "name" { + description = "The Cloud IoT registry name" +} + +variable "mqtt_enabled_state" { + description = "The field allows MQTT_ENABLED or MQTT_DISABLED" + default = "MQTT_ENABLED" +} + +variable "http_enabled_state" { + description = "The field allows HTTP_ENABLED or HTTP_DISABLED" + default = "HTTP_DISABLED" +} + +variable "public_key_certificates" { + description = "The list for public key certificates" + default = [] +} + +variable "event_notification_config" { + description = < Date: Sat, 15 Jun 2019 17:02:30 +0900 Subject: [PATCH 07/47] add cloudiot's README.md This commit also contains a workaround for an issue that terraform-docs unsupport 0.12.0. The workaround avoids the failure of terraform-docs by passing variables.tf and outputs.tf instead of the directory name. ref: https://github.com/segmentio/terraform-docs/issues/62 --- modules/cloudiot/README.md | 86 +++++++++++++++++++++++++++++++++++ modules/cloudiot/main.tf | 8 ++-- modules/cloudiot/outputs.tf | 10 ++-- modules/cloudiot/variables.tf | 4 +- 4 files changed, 97 insertions(+), 11 deletions(-) create mode 100644 modules/cloudiot/README.md diff --git a/modules/cloudiot/README.md b/modules/cloudiot/README.md new file mode 100644 index 0000000..54737c9 --- /dev/null +++ b/modules/cloudiot/README.md @@ -0,0 +1,86 @@ +# terraform-google-pubsub for Cloud IoT + +## Overview + +In the early stage, this module will simply be implemented by using [existing pubsub module](https://github.com/terraform-google-modules/terraform-google-pubsub) and [one resource](https://www.terraform.io/docs/providers/google/r/cloudiot_registry.html). + +This module may not improve drastically efficiency. However, after implementing new resources like [terraform-provider-google#1495](https://github.com/terraform-providers/terraform-provider-google/issues/1495), this module will get more efficient by adopting the new resources. + +## Usage + +Let's seeing a simple usage of the module. See also a simple setup provided in the example directory. + +```hcl +module "iot" { + source = "terraform-google-modules/pubsub/iot" + name = "sample-iot" + region = "us-central1" + project_id = "tf-project" + + mqtt_enabled_state = "MQTT_ENABLED" + http_enabled_state = "HTTP_DISABLED" + event_notification_config = { + topic = "iot-event-topic" + pull_subscriptions = [ + { + name = "iot-event-pull" + ack_deadline_seconds = 20 + }, + ] + } + state_notification_config = { + topic = "iot-state-topic" + pull_subscriptions = [ + { + name = "iot-state-pull" + ack_deadline_seconds = 20 + }, + ] + } +} +``` + +[^]: (autogen_docs_start)## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| event_notification_config | The event notification configuration for the Cloud IoT registry. This contains `topic`, `pull_subscriptions` and `push_subscriptions`. | map | `` | no | +| http_enabled_state | The field allows HTTP_ENABLED or HTTP_DISABLED | string | `HTTP_DISABLED` | no | +| mqtt_enabled_state | The field allows MQTT_ENABLED or MQTT_DISABLED | string | `MQTT_ENABLED` | no | +| name | The Cloud IoT registry name | string | - | yes | +| project_id | The project ID to manage the Cloud IoT resources | string | - | yes | +| public_key_certificates | The list for public key certificates | list | `` | no | +| region | The region to host the registry | string | - | yes | +| state_notification_config | The event notification configuration for the Cloud IoT registry. This contains `topic`, `pull_subscriptions` and `push_subscriptions`. | map | `` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| credentials | The credentials for Cloud IoT registry | +| event_notification_subscription_names | The name list of Pub/Sub subscriptions associated with the registry | +| event_notification_subscription_paths | The path list of Pub/Sub subscriptions associated with the registry | +| event_notification_topic | The name of the Pub/Sub topic associated with the registry | +| event_notification_topic_id | The id of the Pub/Sub topic associated with the registry | +| name | The name of the Cloud IoT registry | +| state_notification_subscription_names | The name list of Pub/Sub subscriptions associated with the registry | +| state_notification_subscription_paths | The path list of Pub/Sub subscriptions associated with the registry | +| state_notification_topic | The name of the Pub/Sub topic associated with the registry | +| state_notification_topic_id | The id of the Pub/Sub topic associated with the registry | + + +[^]: (autogen_docs_end) + +## Requirements + +## Enable API + +In order to operate with the service account you must activate the following API on the project where the service account was created. + +- Cloud IoT API + +## Configure a Service Account + +In addition to the pubsub module's requirements, the following role should be attached to the service account. + +- Cloud IoT Editor \ No newline at end of file diff --git a/modules/cloudiot/main.tf b/modules/cloudiot/main.tf index 5e6edc0..3071670 100644 --- a/modules/cloudiot/main.tf +++ b/modules/cloudiot/main.tf @@ -50,8 +50,8 @@ resource "google_cloudiot_registry" "default" { } module "event_notification_topic" { - source = "../../" - project_id = var.project_id + source = "../../" + project_id = var.project_id // NOTE: if the topic is empty, then this resource should be skipped. topic = lookup(var.event_notification_config, "topic", "") @@ -60,8 +60,8 @@ module "event_notification_topic" { } module "state_notification_topic" { - source = "../../" - project_id = var.project_id + source = "../../" + project_id = var.project_id // NOTE: if the topic is empty, then this resource should be skipped. topic = lookup(var.state_notification_config, "topic", "") diff --git a/modules/cloudiot/outputs.tf b/modules/cloudiot/outputs.tf index 8bb9b7a..7f39bfe 100644 --- a/modules/cloudiot/outputs.tf +++ b/modules/cloudiot/outputs.tf @@ -15,7 +15,7 @@ */ output "name" { - value = google_cloudiot_registry.default.name + value = "${google_cloudiot_registry.default.name}" description = "The name of the Cloud IoT registry" } @@ -25,12 +25,12 @@ output "credentials" { } output "event_notification_topic" { - value = module.event_notification_topic.topic + value = "${module.event_notification_topic.topic}" description = "The name of the Pub/Sub topic associated with the registry" } output "event_notification_topic_id" { - value = module.event_notification_topic.id + value = "${module.event_notification_topic.id}" description = "The id of the Pub/Sub topic associated with the registry" } @@ -45,12 +45,12 @@ output "event_notification_subscription_paths" { } output "state_notification_topic" { - value = module.state_notification_topic.topic + value = "${module.state_notification_topic.topic}" description = "The name of the Pub/Sub topic associated with the registry" } output "state_notification_topic_id" { - value = module.state_notification_topic.id + value = "${module.state_notification_topic.id}" description = "The id of the Pub/Sub topic associated with the registry" } diff --git a/modules/cloudiot/variables.tf b/modules/cloudiot/variables.tf index e5e49c1..6408012 100644 --- a/modules/cloudiot/variables.tf +++ b/modules/cloudiot/variables.tf @@ -44,7 +44,7 @@ variable "public_key_certificates" { variable "event_notification_config" { description = < Date: Sat, 15 Jun 2019 17:21:39 +0900 Subject: [PATCH 08/47] change example project_id from my personal to tf-proj --- examples/cloudiot/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/cloudiot/main.tf b/examples/cloudiot/main.tf index 33ddbbd..aaacc8b 100644 --- a/examples/cloudiot/main.tf +++ b/examples/cloudiot/main.tf @@ -22,7 +22,7 @@ module "iot" { source = "../../modules/cloudiot" name = "sample-iot" region = "us-central1" - project_id = "kunpei-sandbox" + project_id = "tf-proj" mqtt_enabled_state = "MQTT_ENABLED" http_enabled_state = "HTTP_DISABLED" event_notification_config = { From cb86bb8e46a762a4ae2ea72f27ec8e1a216d276f Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Sun, 16 Jun 2019 01:17:34 +0900 Subject: [PATCH 09/47] fix broken markdown rendering --- modules/cloudiot/README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/cloudiot/README.md b/modules/cloudiot/README.md index 54737c9..38fed41 100644 --- a/modules/cloudiot/README.md +++ b/modules/cloudiot/README.md @@ -40,7 +40,9 @@ module "iot" { } ``` -[^]: (autogen_docs_start)## Inputs + +[^]: (autogen_docs_start) +## Inputs | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| @@ -69,6 +71,7 @@ module "iot" { | state_notification_topic_id | The id of the Pub/Sub topic associated with the registry | + [^]: (autogen_docs_end) ## Requirements From dde8aac4261b672e5ee4da328e0df962877431df Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Wed, 9 Oct 2019 22:22:15 +0900 Subject: [PATCH 10/47] remove Gemfile.lock --- Gemfile.lock | 315 --------------------------------------------------- 1 file changed, 315 deletions(-) delete mode 100644 Gemfile.lock diff --git a/Gemfile.lock b/Gemfile.lock deleted file mode 100644 index e7130bd..0000000 --- a/Gemfile.lock +++ /dev/null @@ -1,315 +0,0 @@ -GEM - remote: https://rubygems.org/ - specs: - addressable (2.6.0) - public_suffix (>= 2.0.2, < 4.0) - aws-eventstream (1.0.3) - aws-sdk (2.11.289) - aws-sdk-resources (= 2.11.289) - aws-sdk-core (2.11.289) - aws-sigv4 (~> 1.0) - jmespath (~> 1.0) - aws-sdk-resources (2.11.289) - aws-sdk-core (= 2.11.289) - aws-sigv4 (1.1.0) - aws-eventstream (~> 1.0, >= 1.0.2) - azure_graph_rbac (0.17.1) - ms_rest_azure (~> 0.11.0) - azure_mgmt_key_vault (0.17.4) - ms_rest_azure (~> 0.11.0) - azure_mgmt_resources (0.17.5) - ms_rest_azure (~> 0.11.1) - builder (3.2.3) - coderay (1.1.2) - concurrent-ruby (1.1.5) - declarative (0.0.10) - declarative-option (0.1.0) - diff-lcs (1.3) - docker-api (1.34.2) - excon (>= 0.47.0) - multi_json - domain_name (0.5.20180417) - unf (>= 0.0.5, < 1.0.0) - dry-configurable (0.8.3) - concurrent-ruby (~> 1.0) - dry-core (~> 0.4, >= 0.4.7) - dry-container (0.7.0) - concurrent-ruby (~> 1.0) - dry-configurable (~> 0.1, >= 0.1.3) - dry-core (0.4.7) - concurrent-ruby (~> 1.0) - dry-equalizer (0.2.2) - dry-inflector (0.1.2) - dry-logic (0.6.1) - concurrent-ruby (~> 1.0) - dry-core (~> 0.2) - dry-equalizer (~> 0.2) - dry-types (0.14.1) - concurrent-ruby (~> 1.0) - dry-container (~> 0.3) - dry-core (~> 0.4, >= 0.4.4) - dry-equalizer (~> 0.2) - dry-inflector (~> 0.1, >= 0.1.2) - dry-logic (~> 0.5, >= 0.5) - dry-validation (0.13.0) - concurrent-ruby (~> 1.0) - dry-configurable (~> 0.1, >= 0.1.3) - dry-core (~> 0.2, >= 0.2.1) - dry-equalizer (~> 0.2) - dry-logic (~> 0.5, >= 0.5.0) - dry-types (~> 0.14, >= 0.14) - equatable (0.5.0) - erubis (2.7.0) - excon (0.64.0) - faraday (0.15.4) - multipart-post (>= 1.2, < 3) - faraday-cookie_jar (0.0.6) - faraday (>= 0.7.4) - http-cookie (~> 1.0.0) - faraday_middleware (0.12.2) - faraday (>= 0.7.4, < 1.0) - ffi (1.11.1) - google-api-client (0.23.9) - addressable (~> 2.5, >= 2.5.1) - googleauth (>= 0.5, < 0.7.0) - httpclient (>= 2.8.1, < 3.0) - mime-types (~> 3.0) - representable (~> 3.0) - retriable (>= 2.0, < 4.0) - signet (~> 0.9) - googleauth (0.6.7) - faraday (~> 0.12) - jwt (>= 1.4, < 3.0) - memoist (~> 0.16) - multi_json (~> 1.11) - os (>= 0.9, < 2.0) - signet (~> 0.7) - gssapi (1.3.0) - ffi (>= 1.0.1) - gyoku (1.3.1) - builder (>= 2.1.2) - hashie (3.6.0) - htmlentities (4.3.4) - http-cookie (1.0.3) - domain_name (~> 0.5) - httpclient (2.8.3) - inifile (3.0.0) - inspec (3.9.3) - addressable (~> 2.4) - faraday (>= 0.9.0) - faraday_middleware (~> 0.12.2) - hashie (~> 3.4) - htmlentities - json (>= 1.8, < 3.0) - method_source (~> 0.8) - mixlib-log - multipart-post - parallel (~> 1.9) - parslet (~> 1.5) - pry (~> 0) - rspec (~> 3) - rspec-its (~> 1.2) - rubyzip (~> 1.2, >= 1.2.2) - semverse - sslshake (~> 1.2) - term-ansicolor - thor (~> 0.20) - tomlrb (~> 1.2) - train (~> 1.5, >= 1.7.2) - train-habitat (~> 0.1) - tty-prompt (~> 0.17) - tty-table (~> 0.10) - jmespath (1.4.0) - json (2.1.0) - jwt (2.2.1) - kitchen-inspec (0.25.0) - hashie (~> 3.4) - inspec (>= 0.34.0, < 4.0.0) - test-kitchen (~> 1.6) - kitchen-terraform (4.9.0) - dry-types (~> 0.14.0) - dry-validation (= 0.13.0) - inspec (~> 3.0) - json (~> 2.1.0) - mixlib-shellout (~> 2.2) - test-kitchen (~> 1.23) - tty-which (~> 0.4.0) - license-acceptance (1.0.12) - pastel (~> 0.7) - tomlrb (~> 1.2) - tty-box (~> 0.3) - tty-prompt (~> 0.18) - little-plugger (1.1.4) - logging (2.2.2) - little-plugger (~> 1.1) - multi_json (~> 1.10) - memoist (0.16.0) - method_source (0.9.2) - mime-types (3.2.2) - mime-types-data (~> 3.2015) - mime-types-data (3.2019.0331) - mixlib-install (3.11.18) - mixlib-shellout - mixlib-versioning - thor - mixlib-log (3.0.1) - mixlib-shellout (2.4.4) - mixlib-versioning (1.2.7) - ms_rest (0.7.4) - concurrent-ruby (~> 1.0) - faraday (~> 0.9) - timeliness (~> 0.3.10) - ms_rest_azure (0.11.1) - concurrent-ruby (~> 1.0) - faraday (~> 0.9) - faraday-cookie_jar (~> 0.0.6) - ms_rest (~> 0.7.4) - unf_ext (= 0.0.7.2) - multi_json (1.13.1) - multipart-post (2.1.1) - necromancer (0.4.0) - net-scp (1.2.1) - net-ssh (>= 2.6.5) - net-ssh (4.2.0) - net-ssh-gateway (2.0.0) - net-ssh (>= 4.0.0) - nori (2.6.0) - os (1.0.1) - parallel (1.17.0) - parslet (1.8.2) - pastel (0.7.2) - equatable (~> 0.5.0) - tty-color (~> 0.4.0) - pry (0.12.2) - coderay (~> 1.1.0) - method_source (~> 0.9.0) - public_suffix (3.1.0) - representable (3.0.4) - declarative (< 0.1.0) - declarative-option (< 0.2.0) - uber (< 0.2.0) - retriable (3.1.2) - rspec (3.8.0) - rspec-core (~> 3.8.0) - rspec-expectations (~> 3.8.0) - rspec-mocks (~> 3.8.0) - rspec-core (3.8.0) - rspec-support (~> 3.8.0) - rspec-expectations (3.8.3) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.8.0) - rspec-its (1.3.0) - rspec-core (>= 3.0.0) - rspec-expectations (>= 3.0.0) - rspec-mocks (3.8.0) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.8.0) - rspec-support (3.8.0) - rubyntlm (0.6.2) - rubyzip (1.2.3) - semverse (3.0.0) - signet (0.11.0) - addressable (~> 2.3) - faraday (~> 0.9) - jwt (>= 1.5, < 3.0) - multi_json (~> 1.10) - sslshake (1.3.0) - strings (0.1.5) - strings-ansi (~> 0.1) - unicode-display_width (~> 1.5) - unicode_utils (~> 1.4) - strings-ansi (0.1.0) - term-ansicolor (1.7.1) - tins (~> 1.0) - test-kitchen (1.25.0) - license-acceptance (~> 1.0, >= 1.0.11) - mixlib-install (~> 3.6) - mixlib-shellout (>= 1.2, < 3.0) - net-scp (>= 1.1, < 3.0) - net-ssh (>= 2.9, < 5.0) - net-ssh-gateway (>= 1.2, < 3.0) - thor (~> 0.19) - winrm (~> 2.0) - winrm-elevated (~> 1.0) - winrm-fs (~> 1.1) - thor (0.20.3) - timeliness (0.3.10) - timers (4.3.0) - tins (1.20.3) - tomlrb (1.2.8) - train (1.7.6) - aws-sdk (~> 2) - azure_graph_rbac (~> 0.16) - azure_mgmt_key_vault (~> 0.17) - azure_mgmt_resources (~> 0.15) - docker-api (~> 1.26) - google-api-client (~> 0.23.9) - googleauth (~> 0.6.6) - inifile - json (>= 1.8, < 3.0) - mixlib-shellout (>= 2.0) - net-scp (~> 1.2) - net-ssh (>= 2.9, < 6.0) - winrm (~> 2.0) - winrm-fs (~> 1.0) - train-habitat (0.1.1) - train (>= 1.7.5, < 3.0) - tty-box (0.3.0) - pastel (~> 0.7.2) - strings (~> 0.1.4) - tty-cursor (~> 0.6.0) - tty-color (0.4.3) - tty-cursor (0.6.1) - tty-prompt (0.18.1) - necromancer (~> 0.4.0) - pastel (~> 0.7.0) - timers (~> 4.0) - tty-cursor (~> 0.6.0) - tty-reader (~> 0.5.0) - tty-reader (0.5.0) - tty-cursor (~> 0.6.0) - tty-screen (~> 0.6.4) - wisper (~> 2.0.0) - tty-screen (0.6.5) - tty-table (0.10.0) - equatable (~> 0.5.0) - necromancer (~> 0.4.0) - pastel (~> 0.7.2) - strings (~> 0.1.0) - tty-screen (~> 0.6.4) - tty-which (0.4.1) - uber (0.1.0) - unf (0.1.4) - unf_ext - unf_ext (0.0.7.2) - unicode-display_width (1.6.0) - unicode_utils (1.4.0) - winrm (2.3.2) - builder (>= 2.1.2) - erubis (~> 2.7) - gssapi (~> 1.2) - gyoku (~> 1.0) - httpclient (~> 2.2, >= 2.2.0.2) - logging (>= 1.6.1, < 3.0) - nori (~> 2.0) - rubyntlm (~> 0.6.0, >= 0.6.1) - winrm-elevated (1.1.1) - winrm (~> 2.0) - winrm-fs (~> 1.0) - winrm-fs (1.3.2) - erubis (~> 2.7) - logging (>= 1.6.1, < 3.0) - rubyzip (~> 1.1) - winrm (~> 2.0) - wisper (2.0.0) - -PLATFORMS - ruby - -DEPENDENCIES - kitchen-inspec - kitchen-terraform (~> 4.9.0) - test-kitchen - -BUNDLED WITH - 1.17.1 From 8d2ffb3da94d5e4abe2b3f67ae044bfcb43caf7b Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Wed, 9 Oct 2019 22:28:09 +0900 Subject: [PATCH 11/47] replace with new signatures --- modules/cloudiot/README.md | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/modules/cloudiot/README.md b/modules/cloudiot/README.md index 38fed41..1d71a1e 100644 --- a/modules/cloudiot/README.md +++ b/modules/cloudiot/README.md @@ -41,7 +41,7 @@ module "iot" { ``` -[^]: (autogen_docs_start) + ## Inputs | Name | Description | Type | Default | Required | @@ -70,9 +70,7 @@ module "iot" { | state_notification_topic | The name of the Pub/Sub topic associated with the registry | | state_notification_topic_id | The id of the Pub/Sub topic associated with the registry | - - -[^]: (autogen_docs_end) + ## Requirements @@ -86,4 +84,4 @@ In order to operate with the service account you must activate the following API In addition to the pubsub module's requirements, the following role should be attached to the service account. -- Cloud IoT Editor \ No newline at end of file +- Cloud IoT Editor From b4ea42d46e3e85a4509d7310b5b4ea853d8e64c7 Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Wed, 9 Oct 2019 22:29:55 +0900 Subject: [PATCH 12/47] remove unnecessary logic --- test/make.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/test/make.sh b/test/make.sh index d2ab912..833905d 100755 --- a/test/make.sh +++ b/test/make.sh @@ -94,9 +94,6 @@ function check_terraform() { local rval=125 # fmt is before validate for faster feedback, validate requires terraform # init which takes time. - echo "Running terraform validate" - #shellcheck disable=SC2156 - find . -name "*.tf" -exec bash -c 'PWD=$(dirname "{}") terraform validate' \; echo "Running terraform fmt" find_files . -name "*.tf" -print0 \ | compat_xargs -0 -n1 dirname \ From fca788483cb389def39ed78bb0ce3771fe29620b Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Wed, 9 Oct 2019 23:11:18 +0900 Subject: [PATCH 13/47] fix variables --- modules/cloudiot/README.md | 33 ++++++++++++++++----------------- modules/cloudiot/variables.tf | 10 ++-------- 2 files changed, 18 insertions(+), 25 deletions(-) diff --git a/modules/cloudiot/README.md b/modules/cloudiot/README.md index 1d71a1e..1c47c65 100644 --- a/modules/cloudiot/README.md +++ b/modules/cloudiot/README.md @@ -40,35 +40,34 @@ module "iot" { } ``` - ## Inputs | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| event_notification_config | The event notification configuration for the Cloud IoT registry. This contains `topic`, `pull_subscriptions` and `push_subscriptions`. | map | `` | no | -| http_enabled_state | The field allows HTTP_ENABLED or HTTP_DISABLED | string | `HTTP_DISABLED` | no | -| mqtt_enabled_state | The field allows MQTT_ENABLED or MQTT_DISABLED | string | `MQTT_ENABLED` | no | -| name | The Cloud IoT registry name | string | - | yes | -| project_id | The project ID to manage the Cloud IoT resources | string | - | yes | -| public_key_certificates | The list for public key certificates | list | `` | no | -| region | The region to host the registry | string | - | yes | -| state_notification_config | The event notification configuration for the Cloud IoT registry. This contains `topic`, `pull_subscriptions` and `push_subscriptions`. | map | `` | no | +| event\_notification\_config | The event notification configuration for the Cloud IoT registry. This contains `topic`, `pull\_subscriptions` and `push\_subscriptions`. | map | `` | no | +| http\_enabled\_state | The field allows HTTP\_ENABLED or HTTP\_DISABLED | string | `"HTTP_DISABLED"` | no | +| mqtt\_enabled\_state | The field allows MQTT\_ENABLED or MQTT\_DISABLED | string | `"MQTT_ENABLED"` | no | +| name | The Cloud IoT registry name | string | n/a | yes | +| project\_id | The project ID to manage the Cloud IoT resources | string | n/a | yes | +| public\_key\_certificates | The list for public key certificates | list | `` | no | +| region | The region to host the registry | string | n/a | yes | +| state\_notification\_config | The event notification configuration for the Cloud IoT registry. This contains `topic`, `pull\_subscriptions` and `push\_subscriptions`. | map | `` | no | ## Outputs | Name | Description | |------|-------------| | credentials | The credentials for Cloud IoT registry | -| event_notification_subscription_names | The name list of Pub/Sub subscriptions associated with the registry | -| event_notification_subscription_paths | The path list of Pub/Sub subscriptions associated with the registry | -| event_notification_topic | The name of the Pub/Sub topic associated with the registry | -| event_notification_topic_id | The id of the Pub/Sub topic associated with the registry | +| event\_notification\_subscription\_names | The name list of Pub/Sub subscriptions associated with the registry | +| event\_notification\_subscription\_paths | The path list of Pub/Sub subscriptions associated with the registry | +| event\_notification\_topic | The name of the Pub/Sub topic associated with the registry | +| event\_notification\_topic\_id | The id of the Pub/Sub topic associated with the registry | | name | The name of the Cloud IoT registry | -| state_notification_subscription_names | The name list of Pub/Sub subscriptions associated with the registry | -| state_notification_subscription_paths | The path list of Pub/Sub subscriptions associated with the registry | -| state_notification_topic | The name of the Pub/Sub topic associated with the registry | -| state_notification_topic_id | The id of the Pub/Sub topic associated with the registry | +| state\_notification\_subscription\_names | The name list of Pub/Sub subscriptions associated with the registry | +| state\_notification\_subscription\_paths | The path list of Pub/Sub subscriptions associated with the registry | +| state\_notification\_topic | The name of the Pub/Sub topic associated with the registry | +| state\_notification\_topic\_id | The id of the Pub/Sub topic associated with the registry | diff --git a/modules/cloudiot/variables.tf b/modules/cloudiot/variables.tf index 6408012..52e33b7 100644 --- a/modules/cloudiot/variables.tf +++ b/modules/cloudiot/variables.tf @@ -42,17 +42,11 @@ variable "public_key_certificates" { } variable "event_notification_config" { - description = < Date: Thu, 10 Oct 2019 00:38:14 +0900 Subject: [PATCH 14/47] fix broken test and update readme --- README.md | 12 +++++++++ test/fixtures/cloudiot/main.tf | 8 ++---- test/fixtures/cloudiot/rsa_cert1.pem | 19 -------------- test/fixtures/cloudiot/rsa_cert2.pem | 19 -------------- .../fixtures/cloudiot/terraform.tfvars.sample | 1 - test/fixtures/cloudiot/variables.tf | 12 ++++++--- test/fixtures/pubsub/main.tf | 25 ++----------------- test/fixtures/pubsub/outputs.tf | 2 +- test/fixtures/pubsub/variables.tf | 2 +- 9 files changed, 26 insertions(+), 74 deletions(-) delete mode 100644 test/fixtures/cloudiot/rsa_cert1.pem delete mode 100644 test/fixtures/cloudiot/rsa_cert2.pem diff --git a/README.md b/README.md index 7a8d7f7..5acc441 100644 --- a/README.md +++ b/README.md @@ -115,6 +115,18 @@ You must set up by manually before running the integration test: - Copy from `test/fixtures/terraform.tfvars.sample` to `test/fixtures/terraform.tfvars`. - Modify values to match your environment. +And if you'd like to run cloudiot test, you need to generate two certificates by the following actions: + +```sh +for i in {1..2}; do + openssl genpkey -algorithm RSA -out rsa_private$i.pem -pkeyopt rsa_keygen_bits:2048 + openssl rsa -in rsa_private$i.pem -pubout -out rsa_public$i.pem + openssl req -x509 -nodes -newkey rsa:2048 -keyout rsa_private$i.pem \ + -out rsa_cert.pem -subj "/CN=unused" +done +``` +And then, you need to set `rsa_cert1_path` and `rsa_cert2_path` in `test/fixtures/cloudiot/terraform.tfvars` + The tests will do the following: - Perform `bundle install` command diff --git a/test/fixtures/cloudiot/main.tf b/test/fixtures/cloudiot/main.tf index 171bf7f..d4751f0 100644 --- a/test/fixtures/cloudiot/main.tf +++ b/test/fixtures/cloudiot/main.tf @@ -14,10 +14,6 @@ * limitations under the License. */ -provider "google" { - credentials = "${file(var.credentials_file_path)}" -} - module "iot" { source = "../../../modules/cloudiot" project_id = "${var.project}" @@ -27,11 +23,11 @@ module "iot" { public_key_certificates = [ { format = "X509_CERTIFICATE_PEM" - certificate = file("./rsa_cert1.pem") + certificate = file(var.rsa_cert1_path) }, { format = "X509_CERTIFICATE_PEM" - certificate = file("./rsa_cert2.pem") + certificate = file(var.rsa_cert1_path) }, ] event_notification_config = { diff --git a/test/fixtures/cloudiot/rsa_cert1.pem b/test/fixtures/cloudiot/rsa_cert1.pem deleted file mode 100644 index b05c805..0000000 --- a/test/fixtures/cloudiot/rsa_cert1.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDAzCCAeugAwIBAgIUO5NbsFWYCi4t2ks8q4e6AHJZT9UwDQYJKoZIhvcNAQEL -BQAwETEPMA0GA1UEAwwGdW51c2VkMB4XDTE5MDYwNzEwMjMzMloXDTE5MDcwNzEw -MjMzMlowETEPMA0GA1UEAwwGdW51c2VkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAseCa2UIIOQPUWhvtJ4FoG1wlfEoeWQ7oraFw4BydwWapWGLxlCOJ -I2UyKzlRnPQyenVzoYEcIP7ZAw4PI3K78+TEBAe3qKaX166XB8/37QPa//lWWaLq -ndZSW6HiAD+MbvTChvUbvOf5wMnl/6NaPTM7+KtuaAdDcXycF1LHEHr0IKpZDCtU -wcBa6d4jcKmF8Ca7fE6o2O+bQmY9jbUho63AHkB5ElM++nU14csSCpxeDL7b1L7e -rkQDTEMzxFVQ3gFjY4yM4zVBMy80DEJ+L+5kt4nVHrUVShfj5gLlMVerbfc9itOM -Imr6ObqmZqfs6YF05czDkaD/TQun979rOwIDAQABo1MwUTAdBgNVHQ4EFgQUFlHP -lppxAWGRNP74Q1yofC7+DeswHwYDVR0jBBgwFoAUFlHPlppxAWGRNP74Q1yofC7+ -DeswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAW0IMM+DMJAoR -vepmsv1MYivGOlkuzPMbhG4COSPKS6a4p8+ymhShK536sXXCrRjaeYq9ntUDySnh -zHwmBMVe3v9OwL5qtAKzilGv6LXnx8ExfYXbwp22cHmwJsBAGGcyx5f8MY088xkh -dZZu75uQO8/6IT5IwL+UecMY+YZPjubKx4MK4pu1G/q2xFWoMqPK7X4uouUuJsJr -L6C9nmfIaPL6IDLN+MwiWhgfDLTG31t5slB1p2q8t2t/KqKhf0da9N+KJPGbm8JV -/HIt1jG/laYIEVcge9HK9YaaK/S8A8TWVYRbFgSKk6nIqbe4YEAdWVHHTxue+Zp2 -l+gRHrDteQ== ------END CERTIFICATE----- diff --git a/test/fixtures/cloudiot/rsa_cert2.pem b/test/fixtures/cloudiot/rsa_cert2.pem deleted file mode 100644 index 4c4b1af..0000000 --- a/test/fixtures/cloudiot/rsa_cert2.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDAzCCAeugAwIBAgIUVCBLKLQT75CCR+sY8Yj3qrXelNAwDQYJKoZIhvcNAQEL -BQAwETEPMA0GA1UEAwwGdW51c2VkMB4XDTE5MDYwNzEwNTk0NVoXDTE5MDcwNzEw -NTk0NVowETEPMA0GA1UEAwwGdW51c2VkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEAtAcKdd+JVtDKDNquis5ZLeReyDr+xx3H5DHJKEOTWGANTZ/cTvaN -laBewcBo7mxP8aMeFMYOfS9M3R9p1nGO7+tGB3zbWnx3ak2ipzcwdUHumGBmdVMF -69aFupD7IG4r+zM6LP/F8i/W62O9JYGo+DxRMWBrru3D6nTgZmqWaz2vdI8zbEgq -sjHOH8LLMrQNzcTRZ9TpewO/5NcPL0LrKtLvuf99xtGz/5hgPeoMnUnan3BFb2Ob -fuSQ/1QUi9DdhsaBliiOOkUBAD4Coh9p3jdbzl9c6v3siOtuue/z0FdrjAHG+kRN -ynBWx7Uw2k7D9wjgLeZWISh8QECZ3ovBJwIDAQABo1MwUTAdBgNVHQ4EFgQU46Jy -a9kkHYiWJhXkDcEvVilkkJcwHwYDVR0jBBgwFoAU46Jya9kkHYiWJhXkDcEvVilk -kJcwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAM3Sl9XvwfvsV -g4HbkWW8ullESEtciw3LAt8F0bqTb7DcFhMlXT/Zgp876lKX0kubR2sj2wJ7TEPT -XnH06KgZPwYq21RMu56gLHm6qpwQw96i5wvgFVTuxWy8Vtcvcv1PePf8osk5x0gm -SOwVygxBzMpOmWjx4CrIEUj4ydp9RFdFAU9ReKjXE9Dk3QL09SEJKSfDo18eYcY/ -COu1N5aA4NwnPk0sDkHbtc9ZrkSSN/aa7u9ogbj9VD+lYsv2DMrvRm8J7v1FIxAj -8hXWLFmh/NOWkqry8V73UYJi1Cgbv8TCxs2a/1JrLW3Vcf8Xl0D2/sQLjca0y0/+ -qgHlPe/cLw== ------END CERTIFICATE----- diff --git a/test/fixtures/cloudiot/terraform.tfvars.sample b/test/fixtures/cloudiot/terraform.tfvars.sample index 540c233..75801bb 100644 --- a/test/fixtures/cloudiot/terraform.tfvars.sample +++ b/test/fixtures/cloudiot/terraform.tfvars.sample @@ -18,6 +18,5 @@ ################################################################# ## These values you *MUST* modify to match your environment -credentials_file_path="../integration/default/sa-key.json" project="tf-proj" topic_name="tf-proj-topic" diff --git a/test/fixtures/cloudiot/variables.tf b/test/fixtures/cloudiot/variables.tf index f85bd76..f50c87e 100644 --- a/test/fixtures/cloudiot/variables.tf +++ b/test/fixtures/cloudiot/variables.tf @@ -14,10 +14,6 @@ * limitations under the License. */ -variable "credentials_file_path" { - description = "Service account json auth path" -} - variable "project" { description = "The project to run tests against" } @@ -30,3 +26,11 @@ variable "region" { variable "registry_name" { description = "The project to run tests against" } + +variable "rsa_cert1_path" { + description = "The path of first rsa certificate" +} + +variable "rsa_cert2_path" { + description = "The path of second rsa certificate" +} diff --git a/test/fixtures/pubsub/main.tf b/test/fixtures/pubsub/main.tf index 92667f7..3ed914e 100644 --- a/test/fixtures/pubsub/main.tf +++ b/test/fixtures/pubsub/main.tf @@ -15,32 +15,11 @@ */ module "example" { - source = "../../examples/simple" - project_id = var.project_id + source = "../../../examples/simple" + project_id = var.project topic_name = var.topic_name topic_labels = { foo_label = "foo_value" bar_label = "bar_value" } } - -module "pubsub" { - source = "../../../" - project_id = "${var.project}" - topic = "${var.topic_name}" - - push_subscriptions = [ - { - name = "push" - push_endpoint = "https://${var.project}.appspot.com/" - x-goog-version = "v1beta1" - ack_deadline_seconds = 20 - }, - ] - - pull_subscriptions = [ - { - name = "pull" - }, - ] -} diff --git a/test/fixtures/pubsub/outputs.tf b/test/fixtures/pubsub/outputs.tf index 132e9e0..1885236 100644 --- a/test/fixtures/pubsub/outputs.tf +++ b/test/fixtures/pubsub/outputs.tf @@ -15,7 +15,7 @@ */ output "project_id" { - value = var.project_id + value = var.project description = "The project ID" } diff --git a/test/fixtures/pubsub/variables.tf b/test/fixtures/pubsub/variables.tf index 5a35427..b243f6c 100644 --- a/test/fixtures/pubsub/variables.tf +++ b/test/fixtures/pubsub/variables.tf @@ -14,7 +14,7 @@ * limitations under the License. */ -variable "project_id" { +variable "project" { type = string description = "The project to run tests against" } From cc5e15a303bcfe3159cc360f428aaf128263edea Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Thu, 10 Oct 2019 01:07:37 +0900 Subject: [PATCH 15/47] use 0.12 syntax --- modules/cloudiot/outputs.tf | 20 ++++++++++---------- modules/cloudiot/variables.tf | 6 ++++++ test/fixtures/cloudiot/variables.tf | 5 +++++ 3 files changed, 21 insertions(+), 10 deletions(-) diff --git a/modules/cloudiot/outputs.tf b/modules/cloudiot/outputs.tf index 7f39bfe..6a489fc 100644 --- a/modules/cloudiot/outputs.tf +++ b/modules/cloudiot/outputs.tf @@ -15,51 +15,51 @@ */ output "name" { - value = "${google_cloudiot_registry.default.name}" + value = google_cloudiot_registry.default.name description = "The name of the Cloud IoT registry" } output "credentials" { - value = ["${google_cloudiot_registry.default.credentials.*}"] + value = google_cloudiot_registry.default.credentials.* description = "The credentials for Cloud IoT registry" } output "event_notification_topic" { - value = "${module.event_notification_topic.topic}" + value = module.event_notification_topic.topic description = "The name of the Pub/Sub topic associated with the registry" } output "event_notification_topic_id" { - value = "${module.event_notification_topic.id}" + value = module.event_notification_topic.id description = "The id of the Pub/Sub topic associated with the registry" } output "event_notification_subscription_names" { - value = ["${module.event_notification_topic.subscription_names}"] + value = module.event_notification_topic.subscription_names description = "The name list of Pub/Sub subscriptions associated with the registry" } output "event_notification_subscription_paths" { - value = ["${module.event_notification_topic.subscription_paths}"] + value = module.event_notification_topic.subscription_paths description = "The path list of Pub/Sub subscriptions associated with the registry" } output "state_notification_topic" { - value = "${module.state_notification_topic.topic}" + value = module.state_notification_topic.topic description = "The name of the Pub/Sub topic associated with the registry" } output "state_notification_topic_id" { - value = "${module.state_notification_topic.id}" + value = module.state_notification_topic.id description = "The id of the Pub/Sub topic associated with the registry" } output "state_notification_subscription_names" { - value = ["${module.state_notification_topic.subscription_names}"] + value = module.state_notification_topic.subscription_names description = "The name list of Pub/Sub subscriptions associated with the registry" } output "state_notification_subscription_paths" { - value = ["${module.state_notification_topic.subscription_paths}"] + value = module.state_notification_topic.subscription_paths description = "The path list of Pub/Sub subscriptions associated with the registry" } diff --git a/modules/cloudiot/variables.tf b/modules/cloudiot/variables.tf index 52e33b7..0000144 100644 --- a/modules/cloudiot/variables.tf +++ b/modules/cloudiot/variables.tf @@ -15,28 +15,34 @@ */ variable "project_id" { + type = string description = "The project ID to manage the Cloud IoT resources" } variable "region" { + type = string description = "The region to host the registry" } variable "name" { + type = string description = "The Cloud IoT registry name" } variable "mqtt_enabled_state" { + type = string description = "The field allows MQTT_ENABLED or MQTT_DISABLED" default = "MQTT_ENABLED" } variable "http_enabled_state" { + type = string description = "The field allows HTTP_ENABLED or HTTP_DISABLED" default = "HTTP_DISABLED" } variable "public_key_certificates" { + type = list(object({format = string, certificate = string})) description = "The list for public key certificates" default = [] } diff --git a/test/fixtures/cloudiot/variables.tf b/test/fixtures/cloudiot/variables.tf index f50c87e..b7b3105 100644 --- a/test/fixtures/cloudiot/variables.tf +++ b/test/fixtures/cloudiot/variables.tf @@ -15,22 +15,27 @@ */ variable "project" { + type = string description = "The project to run tests against" } variable "region" { + type = string description = "The region for hosting the registry" default = "us-central1" } variable "registry_name" { + type = string description = "The project to run tests against" } variable "rsa_cert1_path" { + type = string description = "The path of first rsa certificate" } variable "rsa_cert2_path" { + type = string description = "The path of second rsa certificate" } From d53856050d4f3efa6cc2df968924fbdf286fa7ff Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Thu, 10 Oct 2019 01:07:59 +0900 Subject: [PATCH 16/47] improve testing docs --- README.md | 2 +- test/fixtures/cloudiot/terraform.tfvars.sample | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 5acc441..ff497c8 100644 --- a/README.md +++ b/README.md @@ -122,7 +122,7 @@ for i in {1..2}; do openssl genpkey -algorithm RSA -out rsa_private$i.pem -pkeyopt rsa_keygen_bits:2048 openssl rsa -in rsa_private$i.pem -pubout -out rsa_public$i.pem openssl req -x509 -nodes -newkey rsa:2048 -keyout rsa_private$i.pem \ - -out rsa_cert.pem -subj "/CN=unused" + -out rsa_cert$i.pem -subj "/CN=unused" done ``` And then, you need to set `rsa_cert1_path` and `rsa_cert2_path` in `test/fixtures/cloudiot/terraform.tfvars` diff --git a/test/fixtures/cloudiot/terraform.tfvars.sample b/test/fixtures/cloudiot/terraform.tfvars.sample index 75801bb..d20154b 100644 --- a/test/fixtures/cloudiot/terraform.tfvars.sample +++ b/test/fixtures/cloudiot/terraform.tfvars.sample @@ -20,3 +20,5 @@ ## These values you *MUST* modify to match your environment project="tf-proj" topic_name="tf-proj-topic" +rsa_cert1_path="../../../rsa_cert1.pem" +rsa_cert2_path="../../../rsa_cert2.pem" From f73e75ff3fbf8386c7b5318efb9e628f6e67cd23 Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Fri, 6 Dec 2019 15:25:36 +0900 Subject: [PATCH 17/47] update README --- CONTRIBUTING.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index a350db5..30edbd2 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -56,6 +56,18 @@ With these settings in place, you can prepare a test project using Docker: make docker_test_prepare ``` +If you'd like to run cloudiot test, you need to generate two certificates by the following actions: + +```sh +for i in {1..2}; do + openssl genpkey -algorithm RSA -out rsa_private$i.pem -pkeyopt rsa_keygen_bits:2048 + openssl rsa -in rsa_private$i.pem -pubout -out rsa_public$i.pem + openssl req -x509 -nodes -newkey rsa:2048 -keyout rsa_private$i.pem \ + -out rsa_cert$i.pem -subj "/CN=unused" +done +``` +And then, you need to set `rsa_cert1_path` and `rsa_cert2_path` in `test/fixtures/cloudiot/terraform.tfvars` + ### Noninteractive Execution Run `make docker_test_integration` to test all of the example modules From aa367dc8b59fac494ac734c899b779992c935a27 Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Fri, 6 Dec 2019 15:25:51 +0900 Subject: [PATCH 18/47] fix argument name --- modules/cloudiot/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/cloudiot/main.tf b/modules/cloudiot/main.tf index 3071670..813dda1 100644 --- a/modules/cloudiot/main.tf +++ b/modules/cloudiot/main.tf @@ -25,7 +25,7 @@ resource "google_cloudiot_registry" "default" { mqtt_config = { mqtt_enabled_state = var.mqtt_enabled_state } - event_notification_config = { + event_notification_configs { pubsub_topic_name = "projects/${var.project_id}/topics/${module.event_notification_topic.topic}" } state_notification_config = { From 6eeb7ae841f9ad5ff784ccbf47eb7b54aa74032c Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Fri, 6 Dec 2019 15:56:07 +0900 Subject: [PATCH 19/47] revert missing signatures --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 04e129f..be33e2b 100644 --- a/README.md +++ b/README.md @@ -91,3 +91,5 @@ You can pass the service account credentials into this module by setting the fol See more [details](https://www.terraform.io/docs/providers/google/provider_reference.html#configuration-reference). +[v0.2.0]: https://registry.terraform.io/modules/terraform-google-modules/pubsub/google/0.2.0 +[terraform-0.12-upgrade]: https://www.terraform.io/upgrade-guides/0-12.html From b3a002b9830ec6a1da35dac67942ff6ef27470f2 Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Fri, 6 Dec 2019 21:14:35 +0900 Subject: [PATCH 20/47] fix broken test --- main.tf | 2 +- test/fixtures/cloudiot/main.tf | 6 +++--- test/fixtures/cloudiot/variables.tf | 2 +- test/fixtures/pubsub/main.tf | 8 ++------ test/fixtures/pubsub/variables.tf | 7 ++++++- 5 files changed, 13 insertions(+), 12 deletions(-) diff --git a/main.tf b/main.tf index 45baf8b..98696bc 100644 --- a/main.tf +++ b/main.tf @@ -19,7 +19,7 @@ locals { } resource "google_pubsub_topic" "topic" { - count = "${var.topic == "" ? 0 : 1}" + count = var.topic == "" ? 0 : 1 project = var.project_id name = var.topic labels = var.topic_labels diff --git a/test/fixtures/cloudiot/main.tf b/test/fixtures/cloudiot/main.tf index d4751f0..3981e49 100644 --- a/test/fixtures/cloudiot/main.tf +++ b/test/fixtures/cloudiot/main.tf @@ -16,9 +16,9 @@ module "iot" { source = "../../../modules/cloudiot" - project_id = "${var.project}" + project_id = var.project_id name = var.registry_name - region = "${var.region}" + region = var.region mqtt_enabled_state = "MQTT_ENABLED" public_key_certificates = [ { @@ -44,7 +44,7 @@ module "iot" { push_subscriptions = [ { name = "${var.registry_name}-state-push" - push_endpoint = "https://${var.project}.appspot.com/" + push_endpoint = "https://${var.project_id}.appspot.com/" x-goog-version = "v1beta1" ack_deadline_seconds = 20 }, diff --git a/test/fixtures/cloudiot/variables.tf b/test/fixtures/cloudiot/variables.tf index b7b3105..4ce3786 100644 --- a/test/fixtures/cloudiot/variables.tf +++ b/test/fixtures/cloudiot/variables.tf @@ -14,7 +14,7 @@ * limitations under the License. */ -variable "project" { +variable "project_id" { type = string description = "The project to run tests against" } diff --git a/test/fixtures/pubsub/main.tf b/test/fixtures/pubsub/main.tf index 6afd34e..b4be941 100644 --- a/test/fixtures/pubsub/main.tf +++ b/test/fixtures/pubsub/main.tf @@ -14,14 +14,10 @@ * limitations under the License. */ -resource "random_id" "random_suffix" { - byte_length = 2 -} - module "example" { - source = "../../examples/simple" + source = "../../../examples/simple" project_id = var.project_id - topic_name = "ci-int-topic-${random_id.random_suffix.hex}" + topic_name = var.topic_name topic_labels = { foo_label = "foo_value" bar_label = "bar_value" diff --git a/test/fixtures/pubsub/variables.tf b/test/fixtures/pubsub/variables.tf index 906dc84..d092eca 100644 --- a/test/fixtures/pubsub/variables.tf +++ b/test/fixtures/pubsub/variables.tf @@ -14,7 +14,12 @@ * limitations under the License. */ -variable "project" { +variable "project_id" { type = string description = "The project to run tests against" } + +variable "topic_name" { + type = string + description = "The topic of the PubSub resource" +} From 64da41eea89d8016c7dcda28795c39c337777c0f Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Fri, 6 Dec 2019 21:18:41 +0900 Subject: [PATCH 21/47] terraform fmt --- examples/cloudiot/main.tf | 12 ++++++------ modules/cloudiot/variables.tf | 6 +++--- test/fixtures/cloudiot/main.tf | 14 +++++++------- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/examples/cloudiot/main.tf b/examples/cloudiot/main.tf index aaacc8b..1b872c4 100644 --- a/examples/cloudiot/main.tf +++ b/examples/cloudiot/main.tf @@ -19,17 +19,17 @@ provider "google" { } module "iot" { - source = "../../modules/cloudiot" - name = "sample-iot" - region = "us-central1" - project_id = "tf-proj" + source = "../../modules/cloudiot" + name = "sample-iot" + region = "us-central1" + project_id = "tf-proj" mqtt_enabled_state = "MQTT_ENABLED" http_enabled_state = "HTTP_DISABLED" event_notification_config = { topic = "iot-event-topic" pull_subscriptions = [ { - name = "iot-event-pull" + name = "iot-event-pull" ack_deadline_seconds = 20 }, ] @@ -38,7 +38,7 @@ module "iot" { topic = "iot-state-topic" pull_subscriptions = [ { - name = "iot-state-pull" + name = "iot-state-pull" ack_deadline_seconds = 20 }, ] diff --git a/modules/cloudiot/variables.tf b/modules/cloudiot/variables.tf index 0000144..0108ea4 100644 --- a/modules/cloudiot/variables.tf +++ b/modules/cloudiot/variables.tf @@ -42,17 +42,17 @@ variable "http_enabled_state" { } variable "public_key_certificates" { - type = list(object({format = string, certificate = string})) + type = list(object({ format = string, certificate = string })) description = "The list for public key certificates" default = [] } variable "event_notification_config" { description = "The event notification configuration for the Cloud IoT registry. This contains `topic`, `pull_subscriptions` and `push_subscriptions`." - default = {} + default = {} } variable "state_notification_config" { description = "The event notification configuration for the Cloud IoT registry. This contains `topic`, `pull_subscriptions` and `push_subscriptions`." - default = {} + default = {} } diff --git a/test/fixtures/cloudiot/main.tf b/test/fixtures/cloudiot/main.tf index 3981e49..9bdf03b 100644 --- a/test/fixtures/cloudiot/main.tf +++ b/test/fixtures/cloudiot/main.tf @@ -15,18 +15,18 @@ */ module "iot" { - source = "../../../modules/cloudiot" - project_id = var.project_id - name = var.registry_name - region = var.region + source = "../../../modules/cloudiot" + project_id = var.project_id + name = var.registry_name + region = var.region mqtt_enabled_state = "MQTT_ENABLED" public_key_certificates = [ { - format = "X509_CERTIFICATE_PEM" + format = "X509_CERTIFICATE_PEM" certificate = file(var.rsa_cert1_path) }, { - format = "X509_CERTIFICATE_PEM" + format = "X509_CERTIFICATE_PEM" certificate = file(var.rsa_cert1_path) }, ] @@ -34,7 +34,7 @@ module "iot" { topic = "${var.registry_name}-event-topic" pull_subscriptions = [ { - name = "${var.registry_name}-event-pull" + name = "${var.registry_name}-event-pull" ack_deadline_seconds = 20 } ] From 50f2f7671e5f69dfd764e0fdec518c479049d816 Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Fri, 6 Dec 2019 21:31:03 +0900 Subject: [PATCH 22/47] fix outputs --- test/fixtures/cloudiot/outputs.tf | 6 +++--- test/fixtures/pubsub/outputs.tf | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/test/fixtures/cloudiot/outputs.tf b/test/fixtures/cloudiot/outputs.tf index aa75847..4e1ebc0 100644 --- a/test/fixtures/cloudiot/outputs.tf +++ b/test/fixtures/cloudiot/outputs.tf @@ -15,13 +15,13 @@ */ output "project_id" { - value = "${var.project}" + value = var.project_id } output "registry_name" { - value = "${var.registry_name}" + value = var.registry_name } output "region" { - value = "${var.region}" + value = var.region } diff --git a/test/fixtures/pubsub/outputs.tf b/test/fixtures/pubsub/outputs.tf index 1885236..132e9e0 100644 --- a/test/fixtures/pubsub/outputs.tf +++ b/test/fixtures/pubsub/outputs.tf @@ -15,7 +15,7 @@ */ output "project_id" { - value = var.project + value = var.project_id description = "The project ID" } From 73cbc47731a5b7c74215f28b0962d10168b45021 Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Fri, 6 Dec 2019 22:19:46 +0900 Subject: [PATCH 23/47] specify vars --- test/setup/make_source.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/test/setup/make_source.sh b/test/setup/make_source.sh index ffdc48e..0fb73fb 100755 --- a/test/setup/make_source.sh +++ b/test/setup/make_source.sh @@ -22,3 +22,8 @@ echo "export TF_VAR_project_id='$project_id'" >> ../source.sh sa_json=$(terraform output sa_key) # shellcheck disable=SC2086 echo "export SERVICE_ACCOUNT_JSON='$(echo $sa_json | base64 --decode)'" >> ../source.sh + +echo "export TF_VAR_topic_name='tf-proj-topic'" >> ../source.sh +echo "export TF_VAR_registry_name='tf-proj-iot-registry'" >> ../source.sh +echo "export TF_VAR_rsa_cert1_path='../../../rsa_cert1.pem'" >> ../source.sh +echo "export TF_VAR_rsa_cert2_path='../../../rsa_cert2.pem'" >> ../source.sh From 02ba69dccafcdc8cf664a9da490e1f3bb383d64b Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Sat, 7 Dec 2019 00:33:08 +0900 Subject: [PATCH 24/47] add certificates --- test/fixtures/cloudiot/rsa_cert1.pem | 19 +++++++++++++++++++ test/fixtures/cloudiot/rsa_cert2.pem | 19 +++++++++++++++++++ test/setup/make_source.sh | 4 ++-- 3 files changed, 40 insertions(+), 2 deletions(-) create mode 100644 test/fixtures/cloudiot/rsa_cert1.pem create mode 100644 test/fixtures/cloudiot/rsa_cert2.pem diff --git a/test/fixtures/cloudiot/rsa_cert1.pem b/test/fixtures/cloudiot/rsa_cert1.pem new file mode 100644 index 0000000..09332c3 --- /dev/null +++ b/test/fixtures/cloudiot/rsa_cert1.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDAzCCAeugAwIBAgIUdDzjIf2H3JPm4m8SSm64Wkk+QfgwDQYJKoZIhvcNAQEL +BQAwETEPMA0GA1UEAwwGdW51c2VkMB4XDTE5MTIwNjA2MTgzNloXDTIwMDEwNTA2 +MTgzNlowETEPMA0GA1UEAwwGdW51c2VkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEA1wmb6gdBF4RFI92ftZySctyntKYUov9Yhmy/Bi60L7C+mFLdp1px +NjzZCcNcycxf4zvmhdPunw9eFaA+kG5pVTE8EEqIWMNg6jDpMY0Ox7rw4R6T7gV5 +emmZXqHu8dBj7mw9l8771S1WnYp/hW+kd6tEykT7K1CgLC62st+dhOtPVGkD5+vR +LkWxIvjDsMOuKPrSciGUXMp+5WtOWBmxkTBavtRcwsmS4QPvTXqdrWozbMkNtUk4 +JyX9rascGNnCXP4vlatfGQlW08xkLZI6Wt/bD17nnc7e8ZuSwEOmyZlL9KGHzixe +pUKNSc1QrDu1lMTkxo/CgyF9tLiElCZXwQIDAQABo1MwUTAdBgNVHQ4EFgQUc7TT +5EMZeXgpiFF+cFsNuLmftOIwHwYDVR0jBBgwFoAUc7TT5EMZeXgpiFF+cFsNuLmf +tOIwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEASQj8azJC9JQB +l09nrg39q78wYDmsYcITEPsI5bNptGy20sIndOjerCTCMdWB+Iq/+uSR6E67fvcw +GAcLL7cIgv2e3i37VFSsW2V3iqfDQSFFPq/tYjbR3ujMBRIc1V1I7W5PDbXdIr17 +Yp6uppfL8dk8LdQmXDw8h5GgUn0CeG2u8erHA6ZMwTY3uiKUURFhS+hRVQPeC94v +PU7HczyskhYgalZ+luDtMGQne9Y5oAYok1cJX91Wp+J91Rb7XjAf5A8RG8/G+4Vu +I6MPZ88zanX+Nlfx5Gk4kWdzFUdKkMnqSCXdHkKS1THb7jTtmNKoRKfYPg+rBKG7 +5HPFwDuKaw== +-----END CERTIFICATE----- diff --git a/test/fixtures/cloudiot/rsa_cert2.pem b/test/fixtures/cloudiot/rsa_cert2.pem new file mode 100644 index 0000000..eb59a46 --- /dev/null +++ b/test/fixtures/cloudiot/rsa_cert2.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDAzCCAeugAwIBAgIUSd+h3RbI1oFIO5gsatz23A12rjMwDQYJKoZIhvcNAQEL +BQAwETEPMA0GA1UEAwwGdW51c2VkMB4XDTE5MTIwNjA2MTgzN1oXDTIwMDEwNTA2 +MTgzN1owETEPMA0GA1UEAwwGdW51c2VkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEA5HOsUvmFl6O1VfTxPg95x2M5svW61cQNYOkH8aXPjKT3qbFqrj+Z +UyQCgX1t8OQLWWOvjRhMLBiseH9QEjYMBrK5JIPa1eDixF0M1EZ0m5VB6mlF4Xz/ +AnbUg0J8IVLtGQuDgmM+KEZUAZRgNabg8HHN+I0X36b3J1Cu/acwu5MxlJmNTR8c +C8BSubutARKT7D2o+0/bYO0QPN1m8DcWbXaOZXTy9MX7j+nKyJarZN0JduNJbg0I +5TyvlQtdixMgFDd9gyl2VC0lR/3esTBY0YYz3qDYvTQ/qpSSGcwp5MfVUyJ7uoco +jCXIBAXVf35awd8gSbT01M2iKbVadsjf4wIDAQABo1MwUTAdBgNVHQ4EFgQU2BeW +ZVAN3k6consr/oK5cYapB3swHwYDVR0jBBgwFoAU2BeWZVAN3k6consr/oK5cYap +B3swDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEA2thafcxMdndn +UfBcX3SxU/earOl8uvh25UgK2JM1Dgm+jsgWrl2iby269jcec3/fI8ghnjEx5Fl+ +FAEQ7YV6ybpaOjpDKokLTnXrMYV8PblqKJzVdZCHpfNr83JL3Zm8nXWvKbKosRPE +tYlsd3yfJGofXfqzgRCmmh7kn9/NWcPARJcHuYbuB2N7g16fyp8SyWy7lgSrflK3 +p0d+iwvgS0pNTVWIwk/7GQnF/qSL1kpkaRzhPYR5aoP6ropYGGxwnc7SmOlZ/Sw2 +ohJtscY1dXPCBqqhOll8wT4p1PTZ7VhZfkj59vzjKQC0y3XKHeNc9pY6KMuVijAZ +N452VbX9Lg== +-----END CERTIFICATE----- diff --git a/test/setup/make_source.sh b/test/setup/make_source.sh index 0fb73fb..28fc30d 100755 --- a/test/setup/make_source.sh +++ b/test/setup/make_source.sh @@ -25,5 +25,5 @@ echo "export SERVICE_ACCOUNT_JSON='$(echo $sa_json | base64 --decode)'" >> ../so echo "export TF_VAR_topic_name='tf-proj-topic'" >> ../source.sh echo "export TF_VAR_registry_name='tf-proj-iot-registry'" >> ../source.sh -echo "export TF_VAR_rsa_cert1_path='../../../rsa_cert1.pem'" >> ../source.sh -echo "export TF_VAR_rsa_cert2_path='../../../rsa_cert2.pem'" >> ../source.sh +echo "export TF_VAR_rsa_cert1_path='rsa_cert1.pem'" >> ../source.sh +echo "export TF_VAR_rsa_cert2_path='rsa_cert2.pem'" >> ../source.sh From 91764925766da315b261b79e45b47c9c80234a3f Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Sat, 7 Dec 2019 00:44:11 +0900 Subject: [PATCH 25/47] activate cloudiot api --- test/setup/main.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/test/setup/main.tf b/test/setup/main.tf index 9fa5b0f..356d0af 100644 --- a/test/setup/main.tf +++ b/test/setup/main.tf @@ -25,6 +25,7 @@ module "project-ci-int-pubsub" { billing_account = var.billing_account activate_apis = [ + "cloudiot.googleapis.com", "cloudresourcemanager.googleapis.com", "pubsub.googleapis.com", "serviceusage.googleapis.com" From 5218845b7319859d16ba2f2f97810878e2a3bedb Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Sat, 7 Dec 2019 01:14:20 +0900 Subject: [PATCH 26/47] add missing role --- test/setup/iam.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/test/setup/iam.tf b/test/setup/iam.tf index 60eb753..250fc2c 100644 --- a/test/setup/iam.tf +++ b/test/setup/iam.tf @@ -16,6 +16,7 @@ locals { int_required_roles = [ + "roles/cloudiot.editor", "roles/pubsub.editor", ] } From 9a3d7d08a379cfd50279e0163e52fd37b4232b17 Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Sat, 7 Dec 2019 02:00:08 +0900 Subject: [PATCH 27/47] update tests --- examples/cloudiot/README.md | 37 ++++++++++++++++++++++++++++++ examples/cloudiot/main.tf | 33 ++++++++++++++++++--------- examples/cloudiot/outputs.tf | 30 +++++++++++++++++++++++++ examples/cloudiot/variables.tf | 40 +++++++++++++++++++++++++++++++++ modules/cloudiot/README.md | 10 ++++----- test/fixtures/cloudiot/main.tf | 41 +++++----------------------------- test/setup/iam.tf | 2 +- 7 files changed, 142 insertions(+), 51 deletions(-) create mode 100644 examples/cloudiot/README.md create mode 100644 examples/cloudiot/outputs.tf create mode 100644 examples/cloudiot/variables.tf diff --git a/examples/cloudiot/README.md b/examples/cloudiot/README.md new file mode 100644 index 0000000..ad28e7f --- /dev/null +++ b/examples/cloudiot/README.md @@ -0,0 +1,37 @@ +# Cloud IoT Example + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| name | The name for the Cloud IoT registry | string | n/a | yes | +| project\_id | The project ID to manage the Pub/Sub resources | string | n/a | yes | +| region | The region for the IoT resources | string | n/a | yes | +| rsa\_cert1\_path | The path of first certificate for Cloud IoT registry | string | n/a | yes | +| rsa\_cert2\_path | The path of second certificate for Cloud IoT registry | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| project\_id | The project ID | +| region | The region for the IoT resources | +| registry\_name | The name of the Pub/Sub topic created | + + + +## Requirements + +The following sections describe the requirements which must be met in +order to invoke this example. The requirements of the +[cloudiot module](../../modules/cloudiot) must be met. + +## Usage + +To provision this example, populate `terraform.tfvars` with the [required variables](#inputs) and run the following commands within +this directory: +- `terraform init` to get the plugins +- `terraform plan` to see the infrastructure plan +- `terraform apply` to apply the infrastructure build +- `terraform destroy` to destroy the built infrastructure diff --git a/examples/cloudiot/main.tf b/examples/cloudiot/main.tf index 1b872c4..f416471 100644 --- a/examples/cloudiot/main.tf +++ b/examples/cloudiot/main.tf @@ -15,30 +15,43 @@ */ provider "google" { - version = "~> 2.7.0" + version = "~> 2.13" + region = "us-central1" } module "iot" { source = "../../modules/cloudiot" - name = "sample-iot" - region = "us-central1" - project_id = "tf-proj" + name = var.name + region = var.region + project_id = var.project_id mqtt_enabled_state = "MQTT_ENABLED" http_enabled_state = "HTTP_DISABLED" + public_key_certificates = [ + { + format = "X509_CERTIFICATE_PEM" + certificate = file(var.rsa_cert1_path) + }, + { + format = "X509_CERTIFICATE_PEM" + certificate = file(var.rsa_cert2_path) + }, + ] event_notification_config = { - topic = "iot-event-topic" + topic = "${var.name}-event-topic" pull_subscriptions = [ { - name = "iot-event-pull" + name = "${var.name}-event-pull" ack_deadline_seconds = 20 - }, + } ] } state_notification_config = { - topic = "iot-state-topic" - pull_subscriptions = [ + topic = "${var.name}-state-topic" + push_subscriptions = [ { - name = "iot-state-pull" + name = "${var.name}-state-push" + push_endpoint = "https://${var.project_id}.appspot.com/" + x-goog-version = "v1beta1" ack_deadline_seconds = 20 }, ] diff --git a/examples/cloudiot/outputs.tf b/examples/cloudiot/outputs.tf new file mode 100644 index 0000000..45bbcbe --- /dev/null +++ b/examples/cloudiot/outputs.tf @@ -0,0 +1,30 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = var.project_id + description = "The project ID" +} + +output "region" { + value = var.region + description = "The region for the IoT resources" +} + +output "registry_name" { + value = module.iot.name + description = "The name of the Pub/Sub topic created" +} diff --git a/examples/cloudiot/variables.tf b/examples/cloudiot/variables.tf new file mode 100644 index 0000000..cc3819f --- /dev/null +++ b/examples/cloudiot/variables.tf @@ -0,0 +1,40 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + type = string + description = "The project ID to manage the Pub/Sub resources" +} + +variable "region" { + type = string + description = "The region for the IoT resources" +} + +variable "name" { + type = string + description = "The name for the Cloud IoT registry" +} + +variable "rsa_cert1_path" { + type = string + description = "The path of first certificate for Cloud IoT registry" +} + +variable "rsa_cert2_path" { + type = string + description = "The path of second certificate for Cloud IoT registry" +} diff --git a/modules/cloudiot/README.md b/modules/cloudiot/README.md index 1c47c65..14e3303 100644 --- a/modules/cloudiot/README.md +++ b/modules/cloudiot/README.md @@ -45,14 +45,14 @@ module "iot" { | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| event\_notification\_config | The event notification configuration for the Cloud IoT registry. This contains `topic`, `pull\_subscriptions` and `push\_subscriptions`. | map | `` | no | -| http\_enabled\_state | The field allows HTTP\_ENABLED or HTTP\_DISABLED | string | `"HTTP_DISABLED"` | no | -| mqtt\_enabled\_state | The field allows MQTT\_ENABLED or MQTT\_DISABLED | string | `"MQTT_ENABLED"` | no | +| event\_notification\_config | The event notification configuration for the Cloud IoT registry. This contains `topic`, `pull_subscriptions` and `push_subscriptions`. | map | `` | no | +| http\_enabled\_state | The field allows HTTP_ENABLED or HTTP_DISABLED | string | `"HTTP_DISABLED"` | no | +| mqtt\_enabled\_state | The field allows MQTT_ENABLED or MQTT_DISABLED | string | `"MQTT_ENABLED"` | no | | name | The Cloud IoT registry name | string | n/a | yes | | project\_id | The project ID to manage the Cloud IoT resources | string | n/a | yes | -| public\_key\_certificates | The list for public key certificates | list | `` | no | +| public\_key\_certificates | The list for public key certificates | object | `` | no | | region | The region to host the registry | string | n/a | yes | -| state\_notification\_config | The event notification configuration for the Cloud IoT registry. This contains `topic`, `pull\_subscriptions` and `push\_subscriptions`. | map | `` | no | +| state\_notification\_config | The event notification configuration for the Cloud IoT registry. This contains `topic`, `pull_subscriptions` and `push_subscriptions`. | map | `` | no | ## Outputs diff --git a/test/fixtures/cloudiot/main.tf b/test/fixtures/cloudiot/main.tf index 9bdf03b..39ce7a4 100644 --- a/test/fixtures/cloudiot/main.tf +++ b/test/fixtures/cloudiot/main.tf @@ -15,39 +15,10 @@ */ module "iot" { - source = "../../../modules/cloudiot" - project_id = var.project_id - name = var.registry_name - region = var.region - mqtt_enabled_state = "MQTT_ENABLED" - public_key_certificates = [ - { - format = "X509_CERTIFICATE_PEM" - certificate = file(var.rsa_cert1_path) - }, - { - format = "X509_CERTIFICATE_PEM" - certificate = file(var.rsa_cert1_path) - }, - ] - event_notification_config = { - topic = "${var.registry_name}-event-topic" - pull_subscriptions = [ - { - name = "${var.registry_name}-event-pull" - ack_deadline_seconds = 20 - } - ] - } - state_notification_config = { - topic = "${var.registry_name}-state-topic" - push_subscriptions = [ - { - name = "${var.registry_name}-state-push" - push_endpoint = "https://${var.project_id}.appspot.com/" - x-goog-version = "v1beta1" - ack_deadline_seconds = 20 - }, - ] - } + source = "../../../examples/cloudiot" + project_id = var.project_id + name = var.registry_name + region = var.region + rsa_cert1_path = var.rsa_cert1_path + rsa_cert2_path = var.rsa_cert2_path } diff --git a/test/setup/iam.tf b/test/setup/iam.tf index 250fc2c..81a8201 100644 --- a/test/setup/iam.tf +++ b/test/setup/iam.tf @@ -16,7 +16,7 @@ locals { int_required_roles = [ - "roles/cloudiot.editor", + "roles/cloudiot.admin", "roles/pubsub.editor", ] } From 6d77d2ce39641e69367c26d53cdd7a804c6a30f9 Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Sat, 7 Dec 2019 02:04:22 +0900 Subject: [PATCH 28/47] disable SC2129 --- test/setup/make_source.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/setup/make_source.sh b/test/setup/make_source.sh index 28fc30d..9c975e1 100755 --- a/test/setup/make_source.sh +++ b/test/setup/make_source.sh @@ -20,7 +20,7 @@ project_id=$(terraform output project_id) echo "export TF_VAR_project_id='$project_id'" >> ../source.sh sa_json=$(terraform output sa_key) -# shellcheck disable=SC2086 +# shellcheck disable=SC2086,SC2129 echo "export SERVICE_ACCOUNT_JSON='$(echo $sa_json | base64 --decode)'" >> ../source.sh echo "export TF_VAR_topic_name='tf-proj-topic'" >> ../source.sh From db5c734388a7ffd69aaa22587473e7ee47f6ec93 Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Sat, 7 Dec 2019 02:27:57 +0900 Subject: [PATCH 29/47] indent --- test/integration/cloudiot/controls/iot.rb | 2 +- test/setup/iam.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test/integration/cloudiot/controls/iot.rb b/test/integration/cloudiot/controls/iot.rb index 0497197..fe37c83 100644 --- a/test/integration/cloudiot/controls/iot.rb +++ b/test/integration/cloudiot/controls/iot.rb @@ -4,7 +4,7 @@ # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, diff --git a/test/setup/iam.tf b/test/setup/iam.tf index 81a8201..fc93c98 100644 --- a/test/setup/iam.tf +++ b/test/setup/iam.tf @@ -17,7 +17,7 @@ locals { int_required_roles = [ "roles/cloudiot.admin", - "roles/pubsub.editor", + "roles/pubsub.editor" ] } From 3bd0444bd1573a1f788d22d96faf745fa867a318 Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Sat, 7 Dec 2019 03:11:44 +0900 Subject: [PATCH 30/47] specify region --- examples/cloudiot/main.tf | 2 +- test/setup/make_source.sh | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/examples/cloudiot/main.tf b/examples/cloudiot/main.tf index f416471..70716be 100644 --- a/examples/cloudiot/main.tf +++ b/examples/cloudiot/main.tf @@ -16,7 +16,7 @@ provider "google" { version = "~> 2.13" - region = "us-central1" + region = var.region } module "iot" { diff --git a/test/setup/make_source.sh b/test/setup/make_source.sh index 9c975e1..0d25dda 100755 --- a/test/setup/make_source.sh +++ b/test/setup/make_source.sh @@ -23,6 +23,7 @@ sa_json=$(terraform output sa_key) # shellcheck disable=SC2086,SC2129 echo "export SERVICE_ACCOUNT_JSON='$(echo $sa_json | base64 --decode)'" >> ../source.sh +echo "export TF_VAR_region='us-central1'" >> ../source.sh echo "export TF_VAR_topic_name='tf-proj-topic'" >> ../source.sh echo "export TF_VAR_registry_name='tf-proj-iot-registry'" >> ../source.sh echo "export TF_VAR_rsa_cert1_path='rsa_cert1.pem'" >> ../source.sh From 61c18790863a5e922ba53ed5543ee7f59ea98c6e Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Sat, 7 Dec 2019 04:54:19 +0900 Subject: [PATCH 31/47] avoid 403 error --- test/setup/iam.tf | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/test/setup/iam.tf b/test/setup/iam.tf index fc93c98..823c3db 100644 --- a/test/setup/iam.tf +++ b/test/setup/iam.tf @@ -42,3 +42,10 @@ resource "google_project_iam_member" "int_test" { resource "google_service_account_key" "int_test" { service_account_id = google_service_account.int_test.id } + +resource "null_resource" "delay" { + provisioner "local-exec" { + command = "sleep 30" + } + depends_on = [google_project_iam_member.int_test] +} From 7436936a5cf84bf30c4f52e6a61ab7579539ee56 Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Mon, 9 Dec 2019 12:45:35 +0900 Subject: [PATCH 32/47] use tls provider instead of certificate fixtures --- CONTRIBUTING.md | 12 -------- examples/cloudiot/README.md | 4 +-- examples/cloudiot/main.tf | 4 +-- examples/cloudiot/variables.tf | 8 ++--- test/fixtures/cloudiot/main.tf | 29 +++++++++++++++---- test/fixtures/cloudiot/rsa_cert1.pem | 19 ------------ test/fixtures/cloudiot/rsa_cert2.pem | 19 ------------ .../fixtures/cloudiot/terraform.tfvars.sample | 24 --------------- test/fixtures/cloudiot/variables.tf | 10 ------- test/setup/make_source.sh | 2 -- 10 files changed, 31 insertions(+), 100 deletions(-) delete mode 100644 test/fixtures/cloudiot/rsa_cert1.pem delete mode 100644 test/fixtures/cloudiot/rsa_cert2.pem delete mode 100644 test/fixtures/cloudiot/terraform.tfvars.sample diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 30edbd2..a350db5 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -56,18 +56,6 @@ With these settings in place, you can prepare a test project using Docker: make docker_test_prepare ``` -If you'd like to run cloudiot test, you need to generate two certificates by the following actions: - -```sh -for i in {1..2}; do - openssl genpkey -algorithm RSA -out rsa_private$i.pem -pkeyopt rsa_keygen_bits:2048 - openssl rsa -in rsa_private$i.pem -pubout -out rsa_public$i.pem - openssl req -x509 -nodes -newkey rsa:2048 -keyout rsa_private$i.pem \ - -out rsa_cert$i.pem -subj "/CN=unused" -done -``` -And then, you need to set `rsa_cert1_path` and `rsa_cert2_path` in `test/fixtures/cloudiot/terraform.tfvars` - ### Noninteractive Execution Run `make docker_test_integration` to test all of the example modules diff --git a/examples/cloudiot/README.md b/examples/cloudiot/README.md index ad28e7f..77a77e0 100644 --- a/examples/cloudiot/README.md +++ b/examples/cloudiot/README.md @@ -8,8 +8,8 @@ | name | The name for the Cloud IoT registry | string | n/a | yes | | project\_id | The project ID to manage the Pub/Sub resources | string | n/a | yes | | region | The region for the IoT resources | string | n/a | yes | -| rsa\_cert1\_path | The path of first certificate for Cloud IoT registry | string | n/a | yes | -| rsa\_cert2\_path | The path of second certificate for Cloud IoT registry | string | n/a | yes | +| rsa\_cert1\_pem | The first certificate for Cloud IoT registry | string | n/a | yes | +| rsa\_cert2\_pem | The second certificate for Cloud IoT registry | string | n/a | yes | ## Outputs diff --git a/examples/cloudiot/main.tf b/examples/cloudiot/main.tf index 70716be..2a7c4ca 100644 --- a/examples/cloudiot/main.tf +++ b/examples/cloudiot/main.tf @@ -29,11 +29,11 @@ module "iot" { public_key_certificates = [ { format = "X509_CERTIFICATE_PEM" - certificate = file(var.rsa_cert1_path) + certificate = var.rsa_cert1_pem }, { format = "X509_CERTIFICATE_PEM" - certificate = file(var.rsa_cert2_path) + certificate = var.rsa_cert2_pem }, ] event_notification_config = { diff --git a/examples/cloudiot/variables.tf b/examples/cloudiot/variables.tf index cc3819f..630742e 100644 --- a/examples/cloudiot/variables.tf +++ b/examples/cloudiot/variables.tf @@ -29,12 +29,12 @@ variable "name" { description = "The name for the Cloud IoT registry" } -variable "rsa_cert1_path" { +variable "rsa_cert1_pem" { type = string - description = "The path of first certificate for Cloud IoT registry" + description = "The first certificate for Cloud IoT registry" } -variable "rsa_cert2_path" { +variable "rsa_cert2_pem" { type = string - description = "The path of second certificate for Cloud IoT registry" + description = "The second certificate for Cloud IoT registry" } diff --git a/test/fixtures/cloudiot/main.tf b/test/fixtures/cloudiot/main.tf index 39ce7a4..4c8bbee 100644 --- a/test/fixtures/cloudiot/main.tf +++ b/test/fixtures/cloudiot/main.tf @@ -14,11 +14,28 @@ * limitations under the License. */ +resource "tls_private_key" "private_keys" { + count = 2 + algorithm = "RSA" +} + +resource "tls_self_signed_cert" "certs" { + count = 2 + key_algorithm = "RSA" + private_key_pem = tls_private_key.private_keys[count.index].private_key_pem + subject { + common_name = "example.com" + organization = "ACME Examples, Inc" + } + validity_period_hours = 12 + allowed_uses = [] +} + module "iot" { - source = "../../../examples/cloudiot" - project_id = var.project_id - name = var.registry_name - region = var.region - rsa_cert1_path = var.rsa_cert1_path - rsa_cert2_path = var.rsa_cert2_path + source = "../../../examples/cloudiot" + project_id = var.project_id + name = var.registry_name + region = var.region + rsa_cert1_pem = tls_self_signed_cert.certs[0].cert_pem + rsa_cert2_pem = tls_self_signed_cert.certs[1].cert_pem } diff --git a/test/fixtures/cloudiot/rsa_cert1.pem b/test/fixtures/cloudiot/rsa_cert1.pem deleted file mode 100644 index 09332c3..0000000 --- a/test/fixtures/cloudiot/rsa_cert1.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDAzCCAeugAwIBAgIUdDzjIf2H3JPm4m8SSm64Wkk+QfgwDQYJKoZIhvcNAQEL -BQAwETEPMA0GA1UEAwwGdW51c2VkMB4XDTE5MTIwNjA2MTgzNloXDTIwMDEwNTA2 -MTgzNlowETEPMA0GA1UEAwwGdW51c2VkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEA1wmb6gdBF4RFI92ftZySctyntKYUov9Yhmy/Bi60L7C+mFLdp1px -NjzZCcNcycxf4zvmhdPunw9eFaA+kG5pVTE8EEqIWMNg6jDpMY0Ox7rw4R6T7gV5 -emmZXqHu8dBj7mw9l8771S1WnYp/hW+kd6tEykT7K1CgLC62st+dhOtPVGkD5+vR -LkWxIvjDsMOuKPrSciGUXMp+5WtOWBmxkTBavtRcwsmS4QPvTXqdrWozbMkNtUk4 -JyX9rascGNnCXP4vlatfGQlW08xkLZI6Wt/bD17nnc7e8ZuSwEOmyZlL9KGHzixe -pUKNSc1QrDu1lMTkxo/CgyF9tLiElCZXwQIDAQABo1MwUTAdBgNVHQ4EFgQUc7TT -5EMZeXgpiFF+cFsNuLmftOIwHwYDVR0jBBgwFoAUc7TT5EMZeXgpiFF+cFsNuLmf -tOIwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEASQj8azJC9JQB -l09nrg39q78wYDmsYcITEPsI5bNptGy20sIndOjerCTCMdWB+Iq/+uSR6E67fvcw -GAcLL7cIgv2e3i37VFSsW2V3iqfDQSFFPq/tYjbR3ujMBRIc1V1I7W5PDbXdIr17 -Yp6uppfL8dk8LdQmXDw8h5GgUn0CeG2u8erHA6ZMwTY3uiKUURFhS+hRVQPeC94v -PU7HczyskhYgalZ+luDtMGQne9Y5oAYok1cJX91Wp+J91Rb7XjAf5A8RG8/G+4Vu -I6MPZ88zanX+Nlfx5Gk4kWdzFUdKkMnqSCXdHkKS1THb7jTtmNKoRKfYPg+rBKG7 -5HPFwDuKaw== ------END CERTIFICATE----- diff --git a/test/fixtures/cloudiot/rsa_cert2.pem b/test/fixtures/cloudiot/rsa_cert2.pem deleted file mode 100644 index eb59a46..0000000 --- a/test/fixtures/cloudiot/rsa_cert2.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDAzCCAeugAwIBAgIUSd+h3RbI1oFIO5gsatz23A12rjMwDQYJKoZIhvcNAQEL -BQAwETEPMA0GA1UEAwwGdW51c2VkMB4XDTE5MTIwNjA2MTgzN1oXDTIwMDEwNTA2 -MTgzN1owETEPMA0GA1UEAwwGdW51c2VkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A -MIIBCgKCAQEA5HOsUvmFl6O1VfTxPg95x2M5svW61cQNYOkH8aXPjKT3qbFqrj+Z -UyQCgX1t8OQLWWOvjRhMLBiseH9QEjYMBrK5JIPa1eDixF0M1EZ0m5VB6mlF4Xz/ -AnbUg0J8IVLtGQuDgmM+KEZUAZRgNabg8HHN+I0X36b3J1Cu/acwu5MxlJmNTR8c -C8BSubutARKT7D2o+0/bYO0QPN1m8DcWbXaOZXTy9MX7j+nKyJarZN0JduNJbg0I -5TyvlQtdixMgFDd9gyl2VC0lR/3esTBY0YYz3qDYvTQ/qpSSGcwp5MfVUyJ7uoco -jCXIBAXVf35awd8gSbT01M2iKbVadsjf4wIDAQABo1MwUTAdBgNVHQ4EFgQU2BeW -ZVAN3k6consr/oK5cYapB3swHwYDVR0jBBgwFoAU2BeWZVAN3k6consr/oK5cYap -B3swDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEA2thafcxMdndn -UfBcX3SxU/earOl8uvh25UgK2JM1Dgm+jsgWrl2iby269jcec3/fI8ghnjEx5Fl+ -FAEQ7YV6ybpaOjpDKokLTnXrMYV8PblqKJzVdZCHpfNr83JL3Zm8nXWvKbKosRPE -tYlsd3yfJGofXfqzgRCmmh7kn9/NWcPARJcHuYbuB2N7g16fyp8SyWy7lgSrflK3 -p0d+iwvgS0pNTVWIwk/7GQnF/qSL1kpkaRzhPYR5aoP6ropYGGxwnc7SmOlZ/Sw2 -ohJtscY1dXPCBqqhOll8wT4p1PTZ7VhZfkj59vzjKQC0y3XKHeNc9pY6KMuVijAZ -N452VbX9Lg== ------END CERTIFICATE----- diff --git a/test/fixtures/cloudiot/terraform.tfvars.sample b/test/fixtures/cloudiot/terraform.tfvars.sample deleted file mode 100644 index d20154b..0000000 --- a/test/fixtures/cloudiot/terraform.tfvars.sample +++ /dev/null @@ -1,24 +0,0 @@ -# Copyright 2018 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -################################################################# -# PLEASE FILL THE VARIABLES WITH VALID VALUES FOR TESTING # -# DO NOT REMOVE ANY OF THE VARIABLES # -################################################################# - -## These values you *MUST* modify to match your environment -project="tf-proj" -topic_name="tf-proj-topic" -rsa_cert1_path="../../../rsa_cert1.pem" -rsa_cert2_path="../../../rsa_cert2.pem" diff --git a/test/fixtures/cloudiot/variables.tf b/test/fixtures/cloudiot/variables.tf index 4ce3786..34a4150 100644 --- a/test/fixtures/cloudiot/variables.tf +++ b/test/fixtures/cloudiot/variables.tf @@ -29,13 +29,3 @@ variable "registry_name" { type = string description = "The project to run tests against" } - -variable "rsa_cert1_path" { - type = string - description = "The path of first rsa certificate" -} - -variable "rsa_cert2_path" { - type = string - description = "The path of second rsa certificate" -} diff --git a/test/setup/make_source.sh b/test/setup/make_source.sh index 0d25dda..5c65c41 100755 --- a/test/setup/make_source.sh +++ b/test/setup/make_source.sh @@ -26,5 +26,3 @@ echo "export SERVICE_ACCOUNT_JSON='$(echo $sa_json | base64 --decode)'" >> ../so echo "export TF_VAR_region='us-central1'" >> ../source.sh echo "export TF_VAR_topic_name='tf-proj-topic'" >> ../source.sh echo "export TF_VAR_registry_name='tf-proj-iot-registry'" >> ../source.sh -echo "export TF_VAR_rsa_cert1_path='rsa_cert1.pem'" >> ../source.sh -echo "export TF_VAR_rsa_cert2_path='rsa_cert2.pem'" >> ../source.sh From b6b938d224f0e5ed704cbfb6ee8b06c78eae9704 Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Mon, 9 Dec 2019 13:26:41 +0900 Subject: [PATCH 33/47] export registry output property --- test/fixtures/cloudiot/outputs.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/test/fixtures/cloudiot/outputs.tf b/test/fixtures/cloudiot/outputs.tf index 4e1ebc0..9482b16 100644 --- a/test/fixtures/cloudiot/outputs.tf +++ b/test/fixtures/cloudiot/outputs.tf @@ -25,3 +25,7 @@ output "registry_name" { output "region" { value = var.region } + +output "registry" { + value = module.iot.registry +} From 236d9046748c9847a770e4fb0e2840af30404dcb Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Mon, 9 Dec 2019 17:03:54 +0900 Subject: [PATCH 34/47] use dynamic block for event_nofitication_configs --- examples/cloudiot/main.tf | 8 ++++-- modules/cloudiot/README.md | 4 +-- modules/cloudiot/main.tf | 50 +++++++++++++++++++++++++--------- modules/cloudiot/variables.tf | 26 ++++++++++++++++-- test/fixtures/cloudiot/main.tf | 12 ++++---- 5 files changed, 75 insertions(+), 25 deletions(-) diff --git a/examples/cloudiot/main.tf b/examples/cloudiot/main.tf index 2a7c4ca..111dc44 100644 --- a/examples/cloudiot/main.tf +++ b/examples/cloudiot/main.tf @@ -37,7 +37,9 @@ module "iot" { }, ] event_notification_config = { - topic = "${var.name}-event-topic" + topic = "${var.name}-event-topic" + topic_labels = {} + push_subscriptions = [] pull_subscriptions = [ { name = "${var.name}-event-pull" @@ -46,7 +48,8 @@ module "iot" { ] } state_notification_config = { - topic = "${var.name}-state-topic" + topic = "${var.name}-state-topic" + topic_labels = {} push_subscriptions = [ { name = "${var.name}-state-push" @@ -55,5 +58,6 @@ module "iot" { ack_deadline_seconds = 20 }, ] + pull_subscriptions = [] } } diff --git a/modules/cloudiot/README.md b/modules/cloudiot/README.md index 14e3303..8c2d0e7 100644 --- a/modules/cloudiot/README.md +++ b/modules/cloudiot/README.md @@ -45,14 +45,14 @@ module "iot" { | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| event\_notification\_config | The event notification configuration for the Cloud IoT registry. This contains `topic`, `pull_subscriptions` and `push_subscriptions`. | map | `` | no | +| event\_notification\_config | The event notification configuration for the Cloud IoT registry. This contains `topic`, `pull_subscriptions` and `push_subscriptions`. | object | `` | no | | http\_enabled\_state | The field allows HTTP_ENABLED or HTTP_DISABLED | string | `"HTTP_DISABLED"` | no | | mqtt\_enabled\_state | The field allows MQTT_ENABLED or MQTT_DISABLED | string | `"MQTT_ENABLED"` | no | | name | The Cloud IoT registry name | string | n/a | yes | | project\_id | The project ID to manage the Cloud IoT resources | string | n/a | yes | | public\_key\_certificates | The list for public key certificates | object | `` | no | | region | The region to host the registry | string | n/a | yes | -| state\_notification\_config | The event notification configuration for the Cloud IoT registry. This contains `topic`, `pull_subscriptions` and `push_subscriptions`. | map | `` | no | +| state\_notification\_config | The event notification configuration for the Cloud IoT registry. This contains `topic`, `pull_subscriptions` and `push_subscriptions`. | object | `` | no | ## Outputs diff --git a/modules/cloudiot/main.tf b/modules/cloudiot/main.tf index 813dda1..5077ae5 100644 --- a/modules/cloudiot/main.tf +++ b/modules/cloudiot/main.tf @@ -14,6 +14,26 @@ * limitations under the License. */ +locals { + state_notification_enabled = var.state_notification_config.topic != "" ? "enabled" : "disabled" + state_notification_configs = { + disabled = null + enabled = { + pubsub_topic_name = "projects/${var.project_id}/topics/${var.state_notification_config.topic}" + } + } + state_notification_config = local.state_notification_configs[local.state_notification_enabled] + + event_notification_enabled = var.event_notification_config.topic != "" ? "enabled" : "disabled" + event_notification_configs = { + disabled = [] + enabled = [{ + pubsub_topic_name = "projects/${var.project_id}/topics/${var.event_notification_config.topic}" + }] + } + event_notification_config = local.event_notification_configs[local.event_notification_enabled] +} + resource "google_cloudiot_registry" "default" { name = var.name project = var.project_id @@ -25,13 +45,17 @@ resource "google_cloudiot_registry" "default" { mqtt_config = { mqtt_enabled_state = var.mqtt_enabled_state } - event_notification_configs { - pubsub_topic_name = "projects/${var.project_id}/topics/${module.event_notification_topic.topic}" - } - state_notification_config = { - pubsub_topic_name = "projects/${var.project_id}/topics/${module.state_notification_topic.topic}" + + dynamic "event_notification_configs" { + for_each = local.event_notification_config + iterator = c + content { + pubsub_topic_name = c.value.pubsub_topic_name + } } + state_notification_config = local.state_notification_config + dynamic "credentials" { for_each = [for c in var.public_key_certificates : { public_key_certificate = { @@ -53,18 +77,18 @@ module "event_notification_topic" { source = "../../" project_id = var.project_id - // NOTE: if the topic is empty, then this resource should be skipped. - topic = lookup(var.event_notification_config, "topic", "") - push_subscriptions = lookup(var.event_notification_config, "push_subscriptions", []) - pull_subscriptions = lookup(var.event_notification_config, "pull_subscriptions", []) + topic = var.event_notification_config.topic + topic_labels = var.event_notification_config.topic_labels + push_subscriptions = var.event_notification_config.push_subscriptions + pull_subscriptions = var.event_notification_config.pull_subscriptions } module "state_notification_topic" { source = "../../" project_id = var.project_id - // NOTE: if the topic is empty, then this resource should be skipped. - topic = lookup(var.state_notification_config, "topic", "") - push_subscriptions = lookup(var.state_notification_config, "push_subscriptions", []) - pull_subscriptions = lookup(var.state_notification_config, "pull_subscriptions", []) + topic = var.state_notification_config.topic + topic_labels = var.state_notification_config.topic_labels + push_subscriptions = var.state_notification_config.push_subscriptions + pull_subscriptions = var.state_notification_config.pull_subscriptions } diff --git a/modules/cloudiot/variables.tf b/modules/cloudiot/variables.tf index 0108ea4..09f2195 100644 --- a/modules/cloudiot/variables.tf +++ b/modules/cloudiot/variables.tf @@ -48,11 +48,33 @@ variable "public_key_certificates" { } variable "event_notification_config" { + type = object({ + topic = string + topic_labels = map(string) + push_subscriptions = list(map(string)) + pull_subscriptions = list(map(string)) + }) description = "The event notification configuration for the Cloud IoT registry. This contains `topic`, `pull_subscriptions` and `push_subscriptions`." - default = {} + default = { + topic = "" + topic_labels = {} + push_subscriptions = [] + pull_subscriptions = [] + } } variable "state_notification_config" { + type = object({ + topic = string + topic_labels = map(string) + push_subscriptions = list(map(string)) + pull_subscriptions = list(map(string)) + }) description = "The event notification configuration for the Cloud IoT registry. This contains `topic`, `pull_subscriptions` and `push_subscriptions`." - default = {} + default = { + topic = "" + topic_labels = {} + push_subscriptions = [] + pull_subscriptions = [] + } } diff --git a/test/fixtures/cloudiot/main.tf b/test/fixtures/cloudiot/main.tf index 4c8bbee..eecf12e 100644 --- a/test/fixtures/cloudiot/main.tf +++ b/test/fixtures/cloudiot/main.tf @@ -32,10 +32,10 @@ resource "tls_self_signed_cert" "certs" { } module "iot" { - source = "../../../examples/cloudiot" - project_id = var.project_id - name = var.registry_name - region = var.region - rsa_cert1_pem = tls_self_signed_cert.certs[0].cert_pem - rsa_cert2_pem = tls_self_signed_cert.certs[1].cert_pem + source = "../../../examples/cloudiot" + project_id = var.project_id + name = var.registry_name + region = var.region + rsa_cert1_pem = tls_self_signed_cert.certs[0].cert_pem + rsa_cert2_pem = tls_self_signed_cert.certs[1].cert_pem } From bce9051479f9cfc71e0ea3476f1635682f1f4b1e Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Mon, 9 Dec 2019 17:48:49 +0900 Subject: [PATCH 35/47] add create_topic --- README.md | 1 + examples/cloudiot/main.tf | 2 ++ main.tf | 6 +++--- modules/cloudiot/main.tf | 2 ++ modules/cloudiot/variables.tf | 4 ++++ variables.tf | 6 ++++++ 6 files changed, 18 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index be33e2b..adb73e5 100644 --- a/README.md +++ b/README.md @@ -40,6 +40,7 @@ module "pubsub" { | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| +| create\_topic | Specify true if you want to create a topic | bool | `"true"` | no | | message\_storage\_policy | A map of storage policies. Default - inherit from organization's Resource Location Restriction policy. | map | `` | no | | project\_id | The project ID to manage the Pub/Sub resources | string | n/a | yes | | pull\_subscriptions | The list of the pull subscriptions | list(map(string)) | `` | no | diff --git a/examples/cloudiot/main.tf b/examples/cloudiot/main.tf index 111dc44..f991233 100644 --- a/examples/cloudiot/main.tf +++ b/examples/cloudiot/main.tf @@ -39,6 +39,7 @@ module "iot" { event_notification_config = { topic = "${var.name}-event-topic" topic_labels = {} + create_topic = true push_subscriptions = [] pull_subscriptions = [ { @@ -50,6 +51,7 @@ module "iot" { state_notification_config = { topic = "${var.name}-state-topic" topic_labels = {} + create_topic = true push_subscriptions = [ { name = "${var.name}-state-push" diff --git a/main.tf b/main.tf index 98696bc..536c983 100644 --- a/main.tf +++ b/main.tf @@ -19,7 +19,7 @@ locals { } resource "google_pubsub_topic" "topic" { - count = var.topic == "" ? 0 : 1 + count = var.create_topic ? 1 : 0 project = var.project_id name = var.topic labels = var.topic_labels @@ -33,7 +33,7 @@ resource "google_pubsub_topic" "topic" { } resource "google_pubsub_subscription" "push_subscriptions" { - count = length(var.push_subscriptions) + count = var.create_topic ? length(var.push_subscriptions) : 0 name = var.push_subscriptions[count.index].name topic = google_pubsub_topic.topic.0.name project = var.project_id @@ -57,7 +57,7 @@ resource "google_pubsub_subscription" "push_subscriptions" { } resource "google_pubsub_subscription" "pull_subscriptions" { - count = length(var.pull_subscriptions) + count = var.create_topic ? length(var.pull_subscriptions) : 0 name = var.pull_subscriptions[count.index].name topic = google_pubsub_topic.topic.0.name project = var.project_id diff --git a/modules/cloudiot/main.tf b/modules/cloudiot/main.tf index 5077ae5..f642c82 100644 --- a/modules/cloudiot/main.tf +++ b/modules/cloudiot/main.tf @@ -81,6 +81,7 @@ module "event_notification_topic" { topic_labels = var.event_notification_config.topic_labels push_subscriptions = var.event_notification_config.push_subscriptions pull_subscriptions = var.event_notification_config.pull_subscriptions + create_topic = var.event_notification_config.create_topic } module "state_notification_topic" { @@ -91,4 +92,5 @@ module "state_notification_topic" { topic_labels = var.state_notification_config.topic_labels push_subscriptions = var.state_notification_config.push_subscriptions pull_subscriptions = var.state_notification_config.pull_subscriptions + create_topic = var.state_notification_config.create_topic } diff --git a/modules/cloudiot/variables.tf b/modules/cloudiot/variables.tf index 09f2195..12b6c4e 100644 --- a/modules/cloudiot/variables.tf +++ b/modules/cloudiot/variables.tf @@ -53,6 +53,7 @@ variable "event_notification_config" { topic_labels = map(string) push_subscriptions = list(map(string)) pull_subscriptions = list(map(string)) + create_topic = bool }) description = "The event notification configuration for the Cloud IoT registry. This contains `topic`, `pull_subscriptions` and `push_subscriptions`." default = { @@ -60,6 +61,7 @@ variable "event_notification_config" { topic_labels = {} push_subscriptions = [] pull_subscriptions = [] + create_topic = false } } @@ -69,6 +71,7 @@ variable "state_notification_config" { topic_labels = map(string) push_subscriptions = list(map(string)) pull_subscriptions = list(map(string)) + create_topic = bool }) description = "The event notification configuration for the Cloud IoT registry. This contains `topic`, `pull_subscriptions` and `push_subscriptions`." default = { @@ -76,5 +79,6 @@ variable "state_notification_config" { topic_labels = {} push_subscriptions = [] pull_subscriptions = [] + create_topic = false } } diff --git a/variables.tf b/variables.tf index 313a9ed..97e29ff 100644 --- a/variables.tf +++ b/variables.tf @@ -24,6 +24,12 @@ variable "topic" { description = "The Pub/Sub topic name" } +variable "create_topic" { + type = bool + description = "Specify true if you want to create a topic" + default = true +} + variable "topic_labels" { type = map(string) description = "A map of labels to assign to the Pub/Sub topic" From c7a20a1213cdae3bf4c5e51ce3135a16fbf9b713 Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Mon, 9 Dec 2019 17:52:33 +0900 Subject: [PATCH 36/47] use default registry name --- test/fixtures/cloudiot/variables.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/test/fixtures/cloudiot/variables.tf b/test/fixtures/cloudiot/variables.tf index 34a4150..a05375f 100644 --- a/test/fixtures/cloudiot/variables.tf +++ b/test/fixtures/cloudiot/variables.tf @@ -28,4 +28,5 @@ variable "region" { variable "registry_name" { type = string description = "The project to run tests against" + default = "cft-ci-iot-registry" } From d2160e31bc30cae822b2f33fb037b3ec09ecd784 Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Mon, 9 Dec 2019 17:54:54 +0900 Subject: [PATCH 37/47] add comments --- test/setup/iam.tf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/test/setup/iam.tf b/test/setup/iam.tf index 823c3db..4cf2c6e 100644 --- a/test/setup/iam.tf +++ b/test/setup/iam.tf @@ -43,6 +43,9 @@ resource "google_service_account_key" "int_test" { service_account_id = google_service_account.int_test.id } +// Even if granting roles/cloudiot.admin to the service account in advance, +// the roles cannot be applied immediately. As a result, our test will fail. +// To avoid that, we use null_resource for `sleep`ing 30 seconds. resource "null_resource" "delay" { provisioner "local-exec" { command = "sleep 30" From fb27c84e6fd02cc528114036e80e5f67345b39f6 Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Mon, 9 Dec 2019 17:59:08 +0900 Subject: [PATCH 38/47] remove debug code --- test/fixtures/cloudiot/outputs.tf | 4 ---- 1 file changed, 4 deletions(-) diff --git a/test/fixtures/cloudiot/outputs.tf b/test/fixtures/cloudiot/outputs.tf index 9482b16..4e1ebc0 100644 --- a/test/fixtures/cloudiot/outputs.tf +++ b/test/fixtures/cloudiot/outputs.tf @@ -25,7 +25,3 @@ output "registry_name" { output "region" { value = var.region } - -output "registry" { - value = module.iot.registry -} From fc952fe039a0b686048778f30c94422895089b56 Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Mon, 9 Dec 2019 22:55:37 +0900 Subject: [PATCH 39/47] update README and descriptions --- modules/cloudiot/README.md | 24 +++++++++++++++++++----- modules/cloudiot/variables.tf | 4 ++-- 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/modules/cloudiot/README.md b/modules/cloudiot/README.md index 8c2d0e7..d1b44f2 100644 --- a/modules/cloudiot/README.md +++ b/modules/cloudiot/README.md @@ -19,17 +19,31 @@ module "iot" { mqtt_enabled_state = "MQTT_ENABLED" http_enabled_state = "HTTP_DISABLED" + + public_key_certificates = [ + { + format = "X509_CERTIFICATE_PEM" + certificate = file(var.cert_path) + }, + ] + event_notification_config = { - topic = "iot-event-topic" + topic = "iot-event-topic" + topic_labels = {} + create_topic = true + push_subscriptions = [] pull_subscriptions = [ { - name = "iot-event-pull" + name = "iot-event-pull" ack_deadline_seconds = 20 }, ] } state_notification_config = { - topic = "iot-state-topic" + topic = "iot-state-topic" + topic_labels = {} + create_topic = true + push_subscriptions = [] pull_subscriptions = [ { name = "iot-state-pull" @@ -45,14 +59,14 @@ module "iot" { | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| -| event\_notification\_config | The event notification configuration for the Cloud IoT registry. This contains `topic`, `pull_subscriptions` and `push_subscriptions`. | object | `` | no | +| event\_notification\_config | The event notification configuration for the Cloud IoT registry. This contains `topic`, `topic_labels`, `pull_subscriptions` and `push_subscriptions` and `create_topic`. | object | `` | no | | http\_enabled\_state | The field allows HTTP_ENABLED or HTTP_DISABLED | string | `"HTTP_DISABLED"` | no | | mqtt\_enabled\_state | The field allows MQTT_ENABLED or MQTT_DISABLED | string | `"MQTT_ENABLED"` | no | | name | The Cloud IoT registry name | string | n/a | yes | | project\_id | The project ID to manage the Cloud IoT resources | string | n/a | yes | | public\_key\_certificates | The list for public key certificates | object | `` | no | | region | The region to host the registry | string | n/a | yes | -| state\_notification\_config | The event notification configuration for the Cloud IoT registry. This contains `topic`, `pull_subscriptions` and `push_subscriptions`. | object | `` | no | +| state\_notification\_config | The state notification configuration for the Cloud IoT registry. This contains `topic`, `topic_labels`, `pull_subscriptions` and `push_subscriptions` and `create_topic`. | object | `` | no | ## Outputs diff --git a/modules/cloudiot/variables.tf b/modules/cloudiot/variables.tf index 12b6c4e..938c364 100644 --- a/modules/cloudiot/variables.tf +++ b/modules/cloudiot/variables.tf @@ -55,7 +55,7 @@ variable "event_notification_config" { pull_subscriptions = list(map(string)) create_topic = bool }) - description = "The event notification configuration for the Cloud IoT registry. This contains `topic`, `pull_subscriptions` and `push_subscriptions`." + description = "The event notification configuration for the Cloud IoT registry. This contains `topic`, `topic_labels`, `pull_subscriptions` and `push_subscriptions` and `create_topic`." default = { topic = "" topic_labels = {} @@ -73,7 +73,7 @@ variable "state_notification_config" { pull_subscriptions = list(map(string)) create_topic = bool }) - description = "The event notification configuration for the Cloud IoT registry. This contains `topic`, `pull_subscriptions` and `push_subscriptions`." + description = "The state notification configuration for the Cloud IoT registry. This contains `topic`, `topic_labels`, `pull_subscriptions` and `push_subscriptions` and `create_topic`." default = { topic = "" topic_labels = {} From 9cf987387182736dbc6551712bd843e61b5ceab2 Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Mon, 9 Dec 2019 22:58:41 +0900 Subject: [PATCH 40/47] add registry as an output property --- modules/cloudiot/outputs.tf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/cloudiot/outputs.tf b/modules/cloudiot/outputs.tf index 6a489fc..e13d077 100644 --- a/modules/cloudiot/outputs.tf +++ b/modules/cloudiot/outputs.tf @@ -19,6 +19,11 @@ output "name" { description = "The name of the Cloud IoT registry" } +output "registry" { + value = google_cloudiot_registry.default + description = "The registry being created by this module" +} + output "credentials" { value = google_cloudiot_registry.default.credentials.* description = "The credentials for Cloud IoT registry" From c28ded1c3d2f7b08d02b418323bce19321fc6ff9 Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Mon, 9 Dec 2019 23:00:23 +0900 Subject: [PATCH 41/47] cleanup --- test/setup/make_source.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/test/setup/make_source.sh b/test/setup/make_source.sh index 5c65c41..ae7798a 100755 --- a/test/setup/make_source.sh +++ b/test/setup/make_source.sh @@ -22,7 +22,3 @@ echo "export TF_VAR_project_id='$project_id'" >> ../source.sh sa_json=$(terraform output sa_key) # shellcheck disable=SC2086,SC2129 echo "export SERVICE_ACCOUNT_JSON='$(echo $sa_json | base64 --decode)'" >> ../source.sh - -echo "export TF_VAR_region='us-central1'" >> ../source.sh -echo "export TF_VAR_topic_name='tf-proj-topic'" >> ../source.sh -echo "export TF_VAR_registry_name='tf-proj-iot-registry'" >> ../source.sh From cb830ad8ce318d1d4bd11fab5a0e01c708404bea Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Mon, 9 Dec 2019 23:04:37 +0900 Subject: [PATCH 42/47] make generate_docs --- modules/cloudiot/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/cloudiot/README.md b/modules/cloudiot/README.md index d1b44f2..6ac9c8b 100644 --- a/modules/cloudiot/README.md +++ b/modules/cloudiot/README.md @@ -78,6 +78,7 @@ module "iot" { | event\_notification\_topic | The name of the Pub/Sub topic associated with the registry | | event\_notification\_topic\_id | The id of the Pub/Sub topic associated with the registry | | name | The name of the Cloud IoT registry | +| registry | The registry being created by this module | | state\_notification\_subscription\_names | The name list of Pub/Sub subscriptions associated with the registry | | state\_notification\_subscription\_paths | The path list of Pub/Sub subscriptions associated with the registry | | state\_notification\_topic | The name of the Pub/Sub topic associated with the registry | From c765ca19d759a4d8eb5386221e599337467e2f14 Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Tue, 10 Dec 2019 00:02:28 +0900 Subject: [PATCH 43/47] increase sleep time --- test/setup/iam.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/setup/iam.tf b/test/setup/iam.tf index 4cf2c6e..adf9d1b 100644 --- a/test/setup/iam.tf +++ b/test/setup/iam.tf @@ -45,10 +45,10 @@ resource "google_service_account_key" "int_test" { // Even if granting roles/cloudiot.admin to the service account in advance, // the roles cannot be applied immediately. As a result, our test will fail. -// To avoid that, we use null_resource for `sleep`ing 30 seconds. +// To avoid that, we use null_resource for `sleep`ing 60 seconds. resource "null_resource" "delay" { provisioner "local-exec" { - command = "sleep 30" + command = "sleep 60" } depends_on = [google_project_iam_member.int_test] } From 50da122f6d8434a77eb07297ba5bee3eb0a17f99 Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Tue, 10 Dec 2019 00:11:57 +0900 Subject: [PATCH 44/47] more increasing --- test/setup/iam.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/setup/iam.tf b/test/setup/iam.tf index adf9d1b..c846b18 100644 --- a/test/setup/iam.tf +++ b/test/setup/iam.tf @@ -45,10 +45,10 @@ resource "google_service_account_key" "int_test" { // Even if granting roles/cloudiot.admin to the service account in advance, // the roles cannot be applied immediately. As a result, our test will fail. -// To avoid that, we use null_resource for `sleep`ing 60 seconds. +// To avoid that, we use null_resource for `sleep`ing 90 seconds. resource "null_resource" "delay" { provisioner "local-exec" { - command = "sleep 60" + command = "sleep 90" } depends_on = [google_project_iam_member.int_test] } From 54d308265fded1be21582aae90475752caaebde1 Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Tue, 10 Dec 2019 01:28:27 +0900 Subject: [PATCH 45/47] Revert "more increasing" This reverts commit 50da122f6d8434a77eb07297ba5bee3eb0a17f99. --- test/setup/iam.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/setup/iam.tf b/test/setup/iam.tf index c846b18..adf9d1b 100644 --- a/test/setup/iam.tf +++ b/test/setup/iam.tf @@ -45,10 +45,10 @@ resource "google_service_account_key" "int_test" { // Even if granting roles/cloudiot.admin to the service account in advance, // the roles cannot be applied immediately. As a result, our test will fail. -// To avoid that, we use null_resource for `sleep`ing 90 seconds. +// To avoid that, we use null_resource for `sleep`ing 60 seconds. resource "null_resource" "delay" { provisioner "local-exec" { - command = "sleep 90" + command = "sleep 60" } depends_on = [google_project_iam_member.int_test] } From cae7f442ad75fad994bc599ffbb91b0be66bdf89 Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Tue, 10 Dec 2019 01:35:35 +0900 Subject: [PATCH 46/47] fix broken tests --- examples/cloudiot/outputs.tf | 2 +- modules/cloudiot/README.md | 1 + modules/cloudiot/outputs.tf | 5 +++++ test/fixtures/cloudiot/main.tf | 4 ++-- test/fixtures/cloudiot/outputs.tf | 9 ++++++--- test/fixtures/cloudiot/variables.tf | 12 ------------ test/fixtures/pubsub/main.tf | 2 +- test/fixtures/pubsub/variables.tf | 5 ----- 8 files changed, 16 insertions(+), 24 deletions(-) diff --git a/examples/cloudiot/outputs.tf b/examples/cloudiot/outputs.tf index 45bbcbe..6ee47e2 100644 --- a/examples/cloudiot/outputs.tf +++ b/examples/cloudiot/outputs.tf @@ -20,7 +20,7 @@ output "project_id" { } output "region" { - value = var.region + value = module.iot.region description = "The region for the IoT resources" } diff --git a/modules/cloudiot/README.md b/modules/cloudiot/README.md index 6ac9c8b..f64b8a0 100644 --- a/modules/cloudiot/README.md +++ b/modules/cloudiot/README.md @@ -78,6 +78,7 @@ module "iot" { | event\_notification\_topic | The name of the Pub/Sub topic associated with the registry | | event\_notification\_topic\_id | The id of the Pub/Sub topic associated with the registry | | name | The name of the Cloud IoT registry | +| region | The region of the Cloud IoT registry | | registry | The registry being created by this module | | state\_notification\_subscription\_names | The name list of Pub/Sub subscriptions associated with the registry | | state\_notification\_subscription\_paths | The path list of Pub/Sub subscriptions associated with the registry | diff --git a/modules/cloudiot/outputs.tf b/modules/cloudiot/outputs.tf index e13d077..680880b 100644 --- a/modules/cloudiot/outputs.tf +++ b/modules/cloudiot/outputs.tf @@ -24,6 +24,11 @@ output "registry" { description = "The registry being created by this module" } +output "region" { + value = google_cloudiot_registry.default.region + description = "The region of the Cloud IoT registry" +} + output "credentials" { value = google_cloudiot_registry.default.credentials.* description = "The credentials for Cloud IoT registry" diff --git a/test/fixtures/cloudiot/main.tf b/test/fixtures/cloudiot/main.tf index eecf12e..5ff79b0 100644 --- a/test/fixtures/cloudiot/main.tf +++ b/test/fixtures/cloudiot/main.tf @@ -34,8 +34,8 @@ resource "tls_self_signed_cert" "certs" { module "iot" { source = "../../../examples/cloudiot" project_id = var.project_id - name = var.registry_name - region = var.region + name = "cft-ci-iot-registry" + region = "us-central1" rsa_cert1_pem = tls_self_signed_cert.certs[0].cert_pem rsa_cert2_pem = tls_self_signed_cert.certs[1].cert_pem } diff --git a/test/fixtures/cloudiot/outputs.tf b/test/fixtures/cloudiot/outputs.tf index 4e1ebc0..e2eb08a 100644 --- a/test/fixtures/cloudiot/outputs.tf +++ b/test/fixtures/cloudiot/outputs.tf @@ -15,13 +15,16 @@ */ output "project_id" { - value = var.project_id + value = var.project_id + description = "The project ID" } output "registry_name" { - value = var.registry_name + value = module.iot.registry_name + description = "The name of the IoT registry" } output "region" { - value = var.region + value = module.iot.region + description = "The region of the IoT registry" } diff --git a/test/fixtures/cloudiot/variables.tf b/test/fixtures/cloudiot/variables.tf index a05375f..349ac12 100644 --- a/test/fixtures/cloudiot/variables.tf +++ b/test/fixtures/cloudiot/variables.tf @@ -18,15 +18,3 @@ variable "project_id" { type = string description = "The project to run tests against" } - -variable "region" { - type = string - description = "The region for hosting the registry" - default = "us-central1" -} - -variable "registry_name" { - type = string - description = "The project to run tests against" - default = "cft-ci-iot-registry" -} diff --git a/test/fixtures/pubsub/main.tf b/test/fixtures/pubsub/main.tf index b4be941..fce6fda 100644 --- a/test/fixtures/pubsub/main.tf +++ b/test/fixtures/pubsub/main.tf @@ -17,7 +17,7 @@ module "example" { source = "../../../examples/simple" project_id = var.project_id - topic_name = var.topic_name + topic_name = "cft-tf-pubsub-topic" topic_labels = { foo_label = "foo_value" bar_label = "bar_value" diff --git a/test/fixtures/pubsub/variables.tf b/test/fixtures/pubsub/variables.tf index d092eca..0bf6538 100644 --- a/test/fixtures/pubsub/variables.tf +++ b/test/fixtures/pubsub/variables.tf @@ -18,8 +18,3 @@ variable "project_id" { type = string description = "The project to run tests against" } - -variable "topic_name" { - type = string - description = "The topic of the PubSub resource" -} From 42bea3f23951325fc3b38e8b4db6aab2801b91b5 Mon Sep 17 00:00:00 2001 From: Kunpei Sakai Date: Tue, 10 Dec 2019 08:51:47 +0900 Subject: [PATCH 47/47] move tls resources to the example --- examples/cloudiot/README.md | 2 -- examples/cloudiot/main.tf | 21 +++++++++++++++++++-- examples/cloudiot/variables.tf | 10 ---------- test/fixtures/cloudiot/main.tf | 27 ++++----------------------- 4 files changed, 23 insertions(+), 37 deletions(-) diff --git a/examples/cloudiot/README.md b/examples/cloudiot/README.md index 77a77e0..c5b573d 100644 --- a/examples/cloudiot/README.md +++ b/examples/cloudiot/README.md @@ -8,8 +8,6 @@ | name | The name for the Cloud IoT registry | string | n/a | yes | | project\_id | The project ID to manage the Pub/Sub resources | string | n/a | yes | | region | The region for the IoT resources | string | n/a | yes | -| rsa\_cert1\_pem | The first certificate for Cloud IoT registry | string | n/a | yes | -| rsa\_cert2\_pem | The second certificate for Cloud IoT registry | string | n/a | yes | ## Outputs diff --git a/examples/cloudiot/main.tf b/examples/cloudiot/main.tf index f991233..aa6998f 100644 --- a/examples/cloudiot/main.tf +++ b/examples/cloudiot/main.tf @@ -19,6 +19,23 @@ provider "google" { region = var.region } +resource "tls_private_key" "private_keys" { + count = 2 + algorithm = "RSA" +} + +resource "tls_self_signed_cert" "certs" { + count = 2 + key_algorithm = "RSA" + private_key_pem = tls_private_key.private_keys[count.index].private_key_pem + subject { + common_name = "example.com" + organization = "ACME Examples, Inc" + } + validity_period_hours = 12 + allowed_uses = [] +} + module "iot" { source = "../../modules/cloudiot" name = var.name @@ -29,11 +46,11 @@ module "iot" { public_key_certificates = [ { format = "X509_CERTIFICATE_PEM" - certificate = var.rsa_cert1_pem + certificate = tls_self_signed_cert.certs[0].cert_pem }, { format = "X509_CERTIFICATE_PEM" - certificate = var.rsa_cert2_pem + certificate = tls_self_signed_cert.certs[1].cert_pem }, ] event_notification_config = { diff --git a/examples/cloudiot/variables.tf b/examples/cloudiot/variables.tf index 630742e..afc417e 100644 --- a/examples/cloudiot/variables.tf +++ b/examples/cloudiot/variables.tf @@ -28,13 +28,3 @@ variable "name" { type = string description = "The name for the Cloud IoT registry" } - -variable "rsa_cert1_pem" { - type = string - description = "The first certificate for Cloud IoT registry" -} - -variable "rsa_cert2_pem" { - type = string - description = "The second certificate for Cloud IoT registry" -} diff --git a/test/fixtures/cloudiot/main.tf b/test/fixtures/cloudiot/main.tf index 5ff79b0..875b505 100644 --- a/test/fixtures/cloudiot/main.tf +++ b/test/fixtures/cloudiot/main.tf @@ -14,28 +14,9 @@ * limitations under the License. */ -resource "tls_private_key" "private_keys" { - count = 2 - algorithm = "RSA" -} - -resource "tls_self_signed_cert" "certs" { - count = 2 - key_algorithm = "RSA" - private_key_pem = tls_private_key.private_keys[count.index].private_key_pem - subject { - common_name = "example.com" - organization = "ACME Examples, Inc" - } - validity_period_hours = 12 - allowed_uses = [] -} - module "iot" { - source = "../../../examples/cloudiot" - project_id = var.project_id - name = "cft-ci-iot-registry" - region = "us-central1" - rsa_cert1_pem = tls_self_signed_cert.certs[0].cert_pem - rsa_cert2_pem = tls_self_signed_cert.certs[1].cert_pem + source = "../../../examples/cloudiot" + project_id = var.project_id + name = "cft-ci-iot-registry" + region = "us-central1" }