Skip to content

Commit

Permalink
Add integration testing with CB configuration #7
Browse files Browse the repository at this point in the history
  • Loading branch information
averbuks committed Dec 5, 2019
1 parent 3b83f7d commit 43d1e84
Show file tree
Hide file tree
Showing 27 changed files with 286 additions and 999 deletions.
1 change: 0 additions & 1 deletion .ruby-version

This file was deleted.

88 changes: 44 additions & 44 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,20 +2,21 @@

This document provides guidelines for contributing to the module.

## Dependencies

The following dependencies must be installed on the development system:

- [Docker Engine][docker-engine]
- [Google Cloud SDK][google-cloud-sdk]
- [make]

## Generating Documentation for Inputs and Outputs

The Inputs and Outputs tables in the READMEs of the root module,
submodules, and example modules are automatically generated based on
the `variables` and `outputs` of the respective modules. These tables
must be refreshed if the module interfaces are changed.

### Dependencies

The following dependencies must be installed on the development system:

- [make]
- [terraform-docs] v0.6.0

### Execution

Run `make generate_docs` to generate new Inputs and Outputs tables.
Expand All @@ -31,70 +32,69 @@ The integration tests are run using [Kitchen][kitchen],
tools are packaged within a Docker image for convenience.

The general strategy for these tests is to verify the behaviour of the
[example modules](./examples), thus ensuring that the root module,
[example modules](./examples/), thus ensuring that the root module,
submodules, and example modules are all functionally correct.

### Dependencies
### Test Environment
The easiest way to test the module is in an isolated test project. The setup for such a project is defined in [test/setup](./test/setup/) directory.

The following dependencies must be installed on the development system:
To use this setup, you need a service account with these permissions (on a Folder or Organization):
- Project Creator
- Project Billing Manager

- [Docker Engine][docker-engine]
- [Google Cloud SDK][google-cloud-sdk]
- [make]
The project that the service account belongs to must have the following APIs enabled (the setup won't
create any resources on the service account's project):
- Cloud Resource Manager
- Cloud Billing
- Service Usage
- Identity and Access Management (IAM)

### Inputs
Export the Service Account credentials to your environment like so:

Test instances are defined in the
[Kitchen configuration file](./kitchen.yml). The inputs of each Kitchen
instance may be configured with the `driver.variables` key in a
local Kitchen configuration file located at `./kitchen.local.yml` or in
a Terraform variables file located at
`./test/fixtures/<instance>/variables.tfvars`.
```
export SERVICE_ACCOUNT_JSON=$(< credentials.json)
```

### Credentials
You will also need to set a few environment variables:
```
export TF_VAR_org_id="your_org_id"
export TF_VAR_folder_id="your_folder_id"
export TF_VAR_billing_account="your_billing_account_id"
```

Download the key of a Service Account with the
[required roles][required-roles] to `./credentials.json`.
With these settings in place, you can prepare a test project using Docker:
```
make docker_test_prepare
```

### Noninteractive Execution

Run `make docker_test_integration` to test all of the example modules
noninteractively, using the prepared test project.

### Interactive Execution

1. Run `make docker_run` to start the testing Docker container in
interactive mode.

1. Run `kitchen create <EXAMPLE_NAME>` to initialize the working
1. Run `kitchen_do create <EXAMPLE_NAME>` to initialize the working
directory for an example module.

1. Run `kitchen converge <EXAMPLE_NAME>` to apply the example module.
1. Run `kitchen_do converge <EXAMPLE_NAME>` to apply the example module.

1. Run `kitchen verify <EXAMPLE_NAME>` to test the example module.
1. Run `kitchen_do verify <EXAMPLE_NAME>` to test the example module.

1. Run `kitchen destroy <EXAMPLE_NAME>` to destroy the example module
1. Run `kitchen_do destroy <EXAMPLE_NAME>` to destroy the example module
state.

### Noninteractive Execution

Run `make test_integration_docker` to test all of the example modules
noninteractively.

## Linting and Formatting

Many of the files in the repository can be linted or formatted to
maintain a standard of quality.

### Dependencies

The following dependencies must be installed on the development system:

- [flake8]
- [gofmt]
- [hadolint]
- [make]
- [shellcheck]
- [Terraform][terraform] v0.11

### Execution

Run `make check`.
Run `make docker_test_lint`.

[docker-engine]: https://www.docker.com/products/docker-engine
[flake8]: http://flake8.pycqa.org/en/latest/
Expand Down
19 changes: 0 additions & 19 deletions Gemfile

This file was deleted.

163 changes: 50 additions & 113 deletions Makefile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# Copyright 2018 Google LLC
# Copyright 2019 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
Expand All @@ -18,131 +18,68 @@
# Make will use bash instead of sh
SHELL := /usr/bin/env bash

# Docker build config variables
CREDENTIALS_PATH ?= /cft/workdir/credentials.json
DOCKER_ORG := gcr.io/cloud-foundation-cicd
DOCKER_TAG_BASE_KITCHEN_TERRAFORM ?= 2.3.0
DOCKER_REPO_BASE_KITCHEN_TERRAFORM := ${DOCKER_ORG}/cft/kitchen-terraform:${DOCKER_TAG_BASE_KITCHEN_TERRAFORM}
DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0
DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools
REGISTRY_URL := gcr.io/cloud-foundation-cicd

# All is the first target in the file so it will get picked up when you just run 'make' on its own
.PHONY: all
all: check generate_docs

# Run all available linters
.PHONY: check
check: check_shell check_python check_golang check_terraform check_base_files test_check_headers check_headers check_trailing_whitespace

# The .PHONY directive tells make that this isn't a real target and so
# the presence of a file named 'check_shell' won't cause this target to stop
# working
.PHONY: check_shell
check_shell:
@source test/make.sh && check_shell

.PHONY: check_python
check_python:
@source test/make.sh && check_python

.PHONY: check_golang
check_golang:
@source test/make.sh && golang

.PHONY: check_terraform
check_terraform:
@source test/make.sh && check_terraform

.PHONY: check_docker
check_docker:
@source test/make.sh && docker

.PHONY: check_base_files
check_base_files:
@source test/make.sh && basefiles

.PHONY: check_trailing_whitespace
check_trailing_whitespace:
@source test/make.sh && check_trailing_whitespace

.PHONY: test_check_headers
test_check_headers:
@echo "Testing the validity of the header check"
@python test/test_verify_boilerplate.py

.PHONY: check_headers
check_headers:
@source test/make.sh && check_headers

# Integration tests
.PHONY: test_integration
test_integration:
test/ci_integration.sh

.PHONY: generate_docs
generate_docs:
@source test/make.sh && generate_docs

# Versioning
.PHONY: version
version:
@source helpers/version-repo.sh

# Run docker
# Enter docker container for local development
.PHONY: docker_run
docker_run:
docker run --rm -it \
-e PROJECT_ID \
-e SERVICE_ACCOUNT_JSON \
-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
-v $(CURDIR):/cft/workdir \
${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \
/bin/bash -c "cd /cft/workdir && source test/ci_integration.sh && setup_environment && exec /bin/bash"
-v "$(CURDIR)":/workspace \
$(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \
/bin/bash

.PHONY: docker_create
docker_create:
# Execute prepare tests within the docker container
.PHONY: docker_test_prepare
docker_test_prepare:
docker run --rm -it \
-e PROJECT_ID \
-e SERVICE_ACCOUNT_JSON \
-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
-v $(CURDIR):/cft/workdir \
${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \
/bin/bash -c "cd /cft/workdir && source test/ci_integration.sh && setup_environment && kitchen create"

.PHONY: docker_converge
docker_converge:
-e TF_VAR_org_id \
-e TF_VAR_folder_id \
-e TF_VAR_billing_account \
-v "$(CURDIR)":/workspace \
$(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \
/usr/local/bin/execute_with_credentials.sh prepare_environment

# Clean up test environment within the docker container
.PHONY: docker_test_cleanup
docker_test_cleanup:
docker run --rm -it \
-e PROJECT_ID \
-e SERVICE_ACCOUNT_JSON \
-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
-v $(CURDIR):/cft/workdir \
${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \
/bin/bash -c "cd /cft/workdir && source test/ci_integration.sh && setup_environment && kitchen converge"

.PHONY: docker_verify
docker_verify:
-e TF_VAR_org_id \
-e TF_VAR_folder_id \
-e TF_VAR_billing_account \
-v "$(CURDIR)":/workspace \
$(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \
/usr/local/bin/execute_with_credentials.sh cleanup_environment

# Execute integration tests within the docker container
.PHONY: docker_test_integration
docker_test_integration:
docker run --rm -it \
-e PROJECT_ID \
-e SERVICE_ACCOUNT_JSON \
-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
-v $(CURDIR):/cft/workdir \
${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \
/bin/bash -c "cd /cft/workdir && source test/ci_integration.sh && setup_environment && kitchen verify"
-v "$(CURDIR)":/workspace \
$(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \
/usr/local/bin/test_integration.sh

.PHONY: docker_destroy
docker_destroy:
# Execute lint tests within the docker container
.PHONY: docker_test_lint
docker_test_lint:
docker run --rm -it \
-e PROJECT_ID \
-e SERVICE_ACCOUNT_JSON \
-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
-v $(CURDIR):/cft/workdir \
${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \
/bin/bash -c "cd /cft/workdir && source test/ci_integration.sh && setup_environment && kitchen destroy"
-v "$(CURDIR)":/workspace \
$(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \
/usr/local/bin/test_lint.sh

.PHONY: test_integration_docker
test_integration_docker:
# Generate documentation
.PHONY: docker_generate_docs
docker_generate_docs:
docker run --rm -it \
-e PROJECT_ID \
-e SERVICE_ACCOUNT_JSON \
-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
-v $(CURDIR):/cft/workdir \
${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \
/bin/bash -c "cd /cft/workdir && source test/ci_integration.sh && setup_environment && make test_integration"
-v "$(CURDIR)":/workspace \
$(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \
/bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs'

# Alias for backwards compatibility
.PHONY: generate_docs
generate_docs: docker_generate_docs
3 changes: 2 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,8 @@ The following dependencies must be available:
Service account or user credentials with the following roles must be used to provision the resources of this module:

- Service Account Admin: `roles/iam.serviceAccountAdmin`
- roles needed to grant optional IAM roles at the project or organizational level
- (optional) Service Account Key Admin: `roles/iam.serviceAccountAdmin` when `generate_keys` is set to `true`
- (optional) roles needed to grant optional IAM roles at the project or organizational level

## Contributing

Expand Down
41 changes: 41 additions & 0 deletions build/int.cloudbuild.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
# Copyright 2019 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

timeout: 3600s
steps:
- id: prepare
name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && prepare_environment']
env:
- 'TF_VAR_org_id=$_ORG_ID'
- 'TF_VAR_folder_id=$_FOLDER_ID'
- 'TF_VAR_billing_account=$_BILLING_ACCOUNT'
- id: create
name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create']
- id: converge
name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge']
- id: verify
name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify']
- id: destroy
name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy']
tags:
- 'ci'
- 'integration'
substitutions:
_DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
_DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0'
Loading

0 comments on commit 43d1e84

Please sign in to comment.