feat: Added simple example in the test (#87)

* Added simple example in the test * fixed the lint * Added a period * Added a period * making the description always be first * Established a consistent * Fixed the period * Made the region hardcode for the example * Added a comment to explain the time sleep
GoogleCloudPlatform · Aug 19, 2021 · 2175631 · 2175631
1 parent 3e62ee6
commit 2175631
Show file tree

Hide file tree

Showing 27 changed files with 573 additions and 66 deletions.
diff --git a/README.md b/README.md
@@ -56,7 +56,7 @@ module "secured_data_warehouse" {
 | org\_id | GCP Organization ID. | `string` | n/a | yes |
 | perimeter\_additional\_members | The list additional members to be added on perimeter access. Prefix of group: user: or serviceAccount: is required. | `list(string)` | `[]` | no |
 | project\_id | The ID of the project in which the service account will be created. | `string` | n/a | yes |
-| region | The region for the resources | `string` | `"us-central1"` | no |
+| region | The region for the resources. | `string` | `"us-central1"` | no |
 | subnet\_ip | The CDIR IP range of the subnetwork. | `string` | n/a | yes |
 | terraform\_service\_account | The email address of the service account that will run the Terraform code. | `string` | n/a | yes |
 | vpc\_name | The name of the network. | `string` | n/a | yes |

diff --git a/build/int.cloudbuild.yaml b/build/int.cloudbuild.yaml
@@ -115,6 +115,26 @@ steps:
   args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && export TF_VAR_access_context_manager_policy_id=$(gcloud access-context-manager policies list --organization="${TF_VAR_org_id:?}" --format="value(name)") && kitchen_do destroy base-data-ingestion']
   env:
   - 'TF_VAR_org_id=$_ORG_ID'
+- id: create-simple-example
+  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+  args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && export TF_VAR_access_context_manager_policy_id=$(gcloud access-context-manager policies list --organization="${TF_VAR_org_id:?}" --format="value(name)") && kitchen_do create simple-example']
+  env:
+  - 'TF_VAR_org_id=$_ORG_ID'
+- id: converge-simple-example
+  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+  args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && export TF_VAR_access_context_manager_policy_id=$(gcloud access-context-manager policies list --organization="${TF_VAR_org_id:?}" --format="value(name)") && kitchen_do converge simple-example']
+  env:
+  - 'TF_VAR_org_id=$_ORG_ID'
+- id: verify-simple-example
+  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+  args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && export TF_VAR_access_context_manager_policy_id=$(gcloud access-context-manager policies list --organization="${TF_VAR_org_id:?}" --format="value(name)") && kitchen_do verify simple-example']
+  env:
+  - 'TF_VAR_org_id=$_ORG_ID'
+- id: destroy-simple-example
+  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+  args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && export TF_VAR_access_context_manager_policy_id=$(gcloud access-context-manager policies list --organization="${TF_VAR_org_id:?}" --format="value(name)") && kitchen_do destroy simple-example']
+  env:
+  - 'TF_VAR_org_id=$_ORG_ID'
 - id: create-org-policies
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
   args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create org-policies']

diff --git a/examples/batch-data-ingestion/variables.tf b/examples/batch-data-ingestion/variables.tf
@@ -58,8 +58,8 @@ variable "subnetwork_self_link" {
 }
 
 variable "network_self_link" {
-  type        = string
   description = "The network self link to which VMs will be assigned."
+  type        = string
 }
 
 variable "crypto_key" {

diff --git a/examples/dataflow-with-dlp/variables.tf b/examples/dataflow-with-dlp/variables.tf
@@ -25,18 +25,18 @@ variable "terraform_service_account" {
 }
 
 variable "dataflow_service_account" {
-  type        = string
   description = "The Service Account email that will be used to identify the VMs in which the jobs are running"
+  type        = string
 }
 
 variable "subnetwork_self_link" {
-  type        = string
   description = "The subnetwork self link to which VMs will be assigned."
+  type        = string
 }
 
 variable "network_self_link" {
-  type        = string
   description = "The network self link to which VMs will be assigned."
+  type        = string
 }
 
 variable "crypto_key" {

diff --git a/examples/de_identification_template/variables.tf b/examples/de_identification_template/variables.tf
@@ -41,6 +41,6 @@ variable "wrapped_key" {
 }
 
 variable "dataflow_service_account" {
-  type        = string
   description = "The Service Account email that will be used to identify the VMs in which the jobs are running"
+  type        = string
 }
diff --git a/examples/simple_example/variables.tf b/examples/simple_example/variables.tf
@@ -35,6 +35,6 @@ variable "terraform_service_account" {
 }
 
 variable "access_context_manager_policy_id" {
-  type        = number
   description = "The id of the default Access Context Manager policy. Can be obtained by running `gcloud access-context-manager policies list --organization YOUR-ORGANIZATION_ID --format=\"value(name)\"`."
+  type        = number
 }
diff --git a/kitchen.yml b/kitchen.yml
@@ -98,3 +98,13 @@ suites:
           backend: local
           controls:
             - gcloud
+  - name: simple_example
+    driver:
+      root_module_directory: test/fixtures/simple_example/
+    verifier:
+      color: false
+      systems:
+        - name: simple_example gcp
+          backend: gcp
+          controls:
+            - gcp
diff --git a/modules/base-data-ingestion/outputs.tf b/modules/base-data-ingestion/outputs.tf
@@ -45,68 +45,68 @@ output "data_ingest_bigquery_dataset" {
 }
 
 output "network_name" {
-  value       = module.dwh_networking.network_name
   description = "The name of the VPC being created"
+  value       = module.dwh_networking.network_name
 }
 
 output "network_self_link" {
-  value       = module.dwh_networking.network_self_link
   description = "The URI of the VPC being created"
+  value       = module.dwh_networking.network_self_link
 }
 
 output "subnets_names" {
-  value       = module.dwh_networking.subnets_names
   description = "The names of the subnets being created"
+  value       = module.dwh_networking.subnets_names
 }
 
 output "subnets_ips" {
-  value       = module.dwh_networking.subnets_ips
   description = "The IPs and CIDRs of the subnets being created"
+  value       = module.dwh_networking.subnets_ips
 }
 
 output "subnets_self_links" {
-  value       = module.dwh_networking.subnets_self_links
   description = "The self-links of subnets being created"
+  value       = module.dwh_networking.subnets_self_links
 }
 
 output "subnets_regions" {
-  value       = module.dwh_networking.subnets_regions
   description = "The region where the subnets will be created"
+  value       = module.dwh_networking.subnets_regions
 }
 
 output "access_level_name" {
-  value       = module.dwh_networking.access_level_name
   description = "Access context manager access level name "
+  value       = module.dwh_networking.access_level_name
 }
 
 output "service_perimeter_name" {
-  value       = module.dwh_networking.service_perimeter_name
   description = "Access context manager service perimeter name "
+  value       = module.dwh_networking.service_perimeter_name
 }
 
 output "project_number" {
-  value       = module.dwh_networking.project_number
   description = "Project number included on perimeter"
+  value       = module.dwh_networking.project_number
 }
 
 output "cmek_keyring_full_name" {
-  value       = module.cmek.keyring
   description = "The Keyring full name for the KMS Customer Managed Encryption Keys."
+  value       = module.cmek.keyring
 }
 
 output "cmek_keyring_name" {
-  value       = module.cmek.keyring_name
   description = "The Keyring name for the KMS Customer Managed Encryption Keys."
+  value       = module.cmek.keyring_name
 }
 
 output "cmek_ingestion_crypto_key" {
-  value       = module.cmek.keys[local.ingestion_key_name]
   description = "The Customer Managed Crypto Key for the Ingestion crypto boundary."
+  value       = module.cmek.keys[local.ingestion_key_name]
 }
 
 output "cmek_bigquery_crypto_key" {
-  value       = module.cmek.keys[local.bigquery_key_name]
   description = "The Customer Managed Crypto Key for the BigQuery service."
+  value       = module.cmek.keys[local.bigquery_key_name]
 }
 
 output "default_storage_sa" {

diff --git a/modules/base-data-ingestion/variables.tf b/modules/base-data-ingestion/variables.tf
@@ -20,8 +20,8 @@ variable "org_id" {
 }
 
 variable "region" {
-  type        = string
   description = "The region in which subnetwork will be created and Pub/Sub message will be stored."
+  type        = string
   default     = "us-central1"
 }
 
@@ -41,18 +41,18 @@ variable "data_governance_project_id" {
 }
 
 variable "vpc_name" {
-  type        = string
   description = "the name of the network."
+  type        = string
 }
 
 variable "subnet_ip" {
-  type        = string
   description = "The CDIR IP range of the subnetwork."
+  type        = string
 }
 
 variable "access_context_manager_policy_id" {
-  type        = number
   description = "The id of the default Access Context Manager policy. Can be obtained by running `gcloud access-context-manager policies list --organization YOUR-ORGANIZATION_ID --format=\"value(name)\"`."
+  type        = number
 }
 
 variable "perimeter_additional_members" {
@@ -79,11 +79,11 @@ variable "bucket_class" {
 }
 
 variable "bucket_lifecycle_rules" {
+  description = "List of lifecycle rules to configure. Format is the same as described in provider documentation https://www.terraform.io/docs/providers/google/r/storage_bucket.html#lifecycle_rule except condition.matches_storage_class should be a comma delimited string."
   type = set(object({
     action    = map(string)
     condition = map(string)
   }))
-  description = "List of lifecycle rules to configure. Format is the same as described in provider documentation https://www.terraform.io/docs/providers/google/r/storage_bucket.html#lifecycle_rule except condition.matches_storage_class should be a comma delimited string."
   default = [{
     action = {
       type = "Delete"

diff --git a/modules/data_warehouse_taxonomy/variables.tf b/modules/data_warehouse_taxonomy/variables.tf
@@ -39,8 +39,8 @@ variable "private_access_members" {
 }
 
 variable "project_roles" {
-  type        = list(string)
   description = "Common roles to apply to all service accounts in the project."
+  type        = list(string)
   default     = []
 }
 

diff --git a/modules/de_identification_template/variables.tf b/modules/de_identification_template/variables.tf
@@ -64,6 +64,6 @@ variable "template_description" {
 }
 
 variable "dataflow_service_account" {
-  type        = string
   description = "The Service Account email that will be used to identify the VMs in which the jobs are running"
+  type        = string
 }
diff --git a/modules/dwh-networking/outputs.tf b/modules/dwh-networking/outputs.tf
@@ -16,46 +16,46 @@
 
 
 output "network_name" {
-  value       = module.network.network_name
   description = "The name of the VPC being created."
+  value       = module.network.network_name
 }
 
 output "project_number" {
-  value       = data.google_project.target_project.number
   description = "The project number that is included on the perimeter."
+  value       = data.google_project.target_project.number
 }
 
 output "network_self_link" {
-  value       = module.network.network_self_link
   description = "The URI of the VPC being created."
+  value       = module.network.network_self_link
 }
 
 output "subnets_names" {
-  value       = module.network.subnets_names
   description = "The names of the subnets being created."
+  value       = module.network.subnets_names
 }
 
 output "subnets_ips" {
-  value       = module.network.subnets_ips
   description = "The IPs and CIDRs of the subnets being created."
+  value       = module.network.subnets_ips
 }
 
 output "subnets_self_links" {
-  value       = module.network.subnets_self_links
   description = "The self-links of subnets being created."
+  value       = module.network.subnets_self_links
 }
 
 output "subnets_regions" {
-  value       = module.network.subnets_regions
   description = "The region where the subnets will be created."
+  value       = module.network.subnets_regions
 }
 
 output "access_level_name" {
-  value       = module.access_level_policy.name
   description = "The access level name for the Access Context Manager."
+  value       = module.access_level_policy.name
 }
 
 output "service_perimeter_name" {
-  value       = local.regular_service_perimeter_name
   description = "The service perimeter name for the Access Context Manager."
+  value       = local.regular_service_perimeter_name
 }
diff --git a/modules/dwh-networking/variables.tf b/modules/dwh-networking/variables.tf
@@ -30,24 +30,24 @@ variable "terraform_service_account" {
 }
 
 variable "commom_suffix" {
-  type        = string
   description = "A commom suffix to be used in the module."
+  type        = string
   default     = ""
 }
 
 variable "region" {
-  type        = string
   description = "The region in which the subnetwork will be created."
+  type        = string
 }
 
 variable "vpc_name" {
-  type        = string
   description = "The name of the network."
+  type        = string
 }
 
 variable "subnet_ip" {
-  type        = string
   description = "The CDIR IP range of the subnetwork."
+  type        = string
 }
 
 variable "perimeter_additional_members" {
@@ -57,13 +57,13 @@ variable "perimeter_additional_members" {
 }
 
 variable "restricted_services" {
-  type        = list(string)
   description = "The list of services to be restricted by VPC Service Controls."
+  type        = list(string)
 }
 
 variable "access_context_manager_policy_id" {
-  type        = number
   description = "The id of the default Access Context Manager policy (see https://cloud.google.com/access-context-manager/docs/overview). Can be obtained by running `gcloud access-context-manager policies list --organization YOUR-ORGANIZATION_ID --format=\"value(name)\"`."
+  type        = number
 }
 
 variable "access_level_ip_subnetworks" {

diff --git a/modules/org_policies/variables.tf b/modules/org_policies/variables.tf
@@ -20,8 +20,8 @@ variable "project_id" {
 }
 
 variable "region" {
-  type        = string
   description = "The region in which the subnetwork resides."
+  type        = string
 }
 
 variable "trusted_subnetwork" {
@@ -31,6 +31,6 @@ variable "trusted_subnetwork" {
 
 variable "trusted_locations" {
   description = "This is a list of trusted regions where location-based GCP resources can be created. ie us-locations eu-locations"
-  default     = ["us-locations", "eu-locations"]
   type        = list(string)
+  default     = ["us-locations", "eu-locations"]
 }
diff --git a/test/fixtures/base-data-ingestion/main.tf b/test/fixtures/base-data-ingestion/main.tf
@@ -32,6 +32,7 @@ module "data_ingestion" {
   cmek_keyring_name                = "${var.cmek_keyring_name}"
 }
 
+//workaround due to propagation issues
 resource "time_sleep" "wait_90_seconds_for_vpc_sc_propagation" {
   depends_on = [module.data_ingestion]