Skip to content

Commit 7c19dee

Browse files
mariammartinsmariammartins
committed
updt integration tests
1 parent 21540a6 commit 7c19dee

File tree

5 files changed

+269
-213
lines changed

5 files changed

+269
-213
lines changed

test/integration/envs/envs_test.go

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,12 +16,14 @@ package envs
1616

1717
import (
1818
"fmt"
19+
"strings"
1920
"testing"
2021
"time"
2122

2223
"github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/gcloud"
2324
"github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/tft"
2425
"github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/utils"
26+
"github.com/gruntwork-io/terratest/modules/terraform"
2527
"github.com/stretchr/testify/assert"
2628

2729
"github.com/terraform-google-modules/terraform-example-foundation/test/integration/testutils"
@@ -65,6 +67,17 @@ func TestEnvs(t *testing.T) {
6567
tft.WithVars(vars),
6668
tft.WithBackendConfig(backendConfig),
6769
)
70+
71+
orgState := tft.NewTFBlueprintTest(t,
72+
tft.WithTFDir("../../../1-org/envs/shared"),
73+
tft.WithVars(vars),
74+
tft.WithBackendConfig(backendConfig),
75+
)
76+
77+
perimeterName := terraform.Output(t, orgState.GetTFOptions(), "service_perimeter_name")
78+
orgID := bootstrap.GetTFSetupStringOutput("org_id")
79+
policyID := testutils.GetOrgACMPolicyID(t, orgID)
80+
6881
envs.DefineVerify(
6982
func(assert *assert.Assertions) {
7083
// perform default verification ensuring Terraform reports no additional changes on an applied blueprint
@@ -109,10 +122,15 @@ func TestEnvs(t *testing.T) {
109122
},
110123
} {
111124
projectID := envs.GetStringOutput(projectEnvOutput.projectOutput)
125+
projectNumber := envs.GetStringOutput(strings.ReplaceAll(projectEnvOutput.projectOutput, "_id", "_number"))
112126
prj := gcloud.Runf(t, "projects describe %s", projectID)
113127
assert.Equal(projectID, prj.Get("projectId").String(), fmt.Sprintf("project %s should exist", projectID))
114128
assert.Equal("ACTIVE", prj.Get("lifecycleState").String(), fmt.Sprintf("project %s should be ACTIVE", projectID))
115129

130+
perimeter, err := gcloud.RunCmdE(t, fmt.Sprintf("access-context-manager perimeters dry-run describe %s --policy %s", perimeterName, policyID))
131+
assert.NoError(err)
132+
assert.True(strings.Contains(perimeter, projectNumber), fmt.Sprintf("dry-run service perimeter %s should contain project %s (number)", perimeterName, projectNumber))
133+
116134
enabledAPIS := gcloud.Runf(t, "services list --project %s", projectID).Array()
117135
listApis := testutils.GetResultFieldStrSlice(enabledAPIS, "config.name")
118136
assert.Subset(listApis, projectEnvOutput.apis, "APIs should have been enabled")

test/integration/networks/networks_test.go

Lines changed: 1 addition & 190 deletions
Original file line numberDiff line numberDiff line change
@@ -24,9 +24,7 @@ import (
2424
"github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/gcloud"
2525
"github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/tft"
2626
"github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/utils"
27-
"github.com/gruntwork-io/terratest/modules/terraform"
2827
"github.com/stretchr/testify/assert"
29-
"github.com/stretchr/testify/require"
3028

3129
"github.com/terraform-google-modules/terraform-example-foundation/test/integration/testutils"
3230
)
@@ -75,11 +73,8 @@ func TestNetworks(t *testing.T) {
7573
tft.WithTFDir("../../../0-bootstrap"),
7674
)
7775

78-
orgID := terraform.OutputMap(t, bootstrap.GetTFOptions(), "common_config")["org_id"]
7976
networkMode := getNetworkMode(t)
8077
firewallMode := getFirewallMode(t)
81-
policyID := testutils.GetOrgACMPolicyID(t, orgID)
82-
require.NotEmpty(t, policyID, "Access Context Manager Policy ID must be configured in the organization for the test to proceed.")
8378

8479
// Configure impersonation for test execution
8580
terraformSA := bootstrap.GetStringOutput("networks_step_terraform_service_account_email")
@@ -90,131 +85,6 @@ func TestNetworks(t *testing.T) {
9085
"bucket": backend_bucket,
9186
}
9287

93-
restrictedServices := []string{
94-
"accessapproval.googleapis.com",
95-
"adsdatahub.googleapis.com",
96-
"aiplatform.googleapis.com",
97-
"alloydb.googleapis.com",
98-
"alpha-documentai.googleapis.com",
99-
"analyticshub.googleapis.com",
100-
"apigee.googleapis.com",
101-
"apigeeconnect.googleapis.com",
102-
"artifactregistry.googleapis.com",
103-
"assuredworkloads.googleapis.com",
104-
"automl.googleapis.com",
105-
"baremetalsolution.googleapis.com",
106-
"batch.googleapis.com",
107-
"bigquery.googleapis.com",
108-
"bigquerydatapolicy.googleapis.com",
109-
"bigquerydatatransfer.googleapis.com",
110-
"bigquerymigration.googleapis.com",
111-
"bigqueryreservation.googleapis.com",
112-
"bigtable.googleapis.com",
113-
"binaryauthorization.googleapis.com",
114-
"cloud.googleapis.com",
115-
"cloudasset.googleapis.com",
116-
"cloudbuild.googleapis.com",
117-
"clouddebugger.googleapis.com",
118-
"clouddeploy.googleapis.com",
119-
"clouderrorreporting.googleapis.com",
120-
"cloudfunctions.googleapis.com",
121-
"cloudkms.googleapis.com",
122-
"cloudprofiler.googleapis.com",
123-
"cloudresourcemanager.googleapis.com",
124-
"cloudscheduler.googleapis.com",
125-
"cloudsearch.googleapis.com",
126-
"cloudtrace.googleapis.com",
127-
"composer.googleapis.com",
128-
"compute.googleapis.com",
129-
"connectgateway.googleapis.com",
130-
"contactcenterinsights.googleapis.com",
131-
"container.googleapis.com",
132-
"containeranalysis.googleapis.com",
133-
"containerfilesystem.googleapis.com",
134-
"containerregistry.googleapis.com",
135-
"containerthreatdetection.googleapis.com",
136-
"datacatalog.googleapis.com",
137-
"dataflow.googleapis.com",
138-
"datafusion.googleapis.com",
139-
"datamigration.googleapis.com",
140-
"dataplex.googleapis.com",
141-
"dataproc.googleapis.com",
142-
"datastream.googleapis.com",
143-
"dialogflow.googleapis.com",
144-
"dlp.googleapis.com",
145-
"dns.googleapis.com",
146-
"documentai.googleapis.com",
147-
"domains.googleapis.com",
148-
"eventarc.googleapis.com",
149-
"file.googleapis.com",
150-
"firebaseappcheck.googleapis.com",
151-
"firebaserules.googleapis.com",
152-
"firestore.googleapis.com",
153-
"gameservices.googleapis.com",
154-
"gkebackup.googleapis.com",
155-
"gkeconnect.googleapis.com",
156-
"gkehub.googleapis.com",
157-
"healthcare.googleapis.com",
158-
"iam.googleapis.com",
159-
"iamcredentials.googleapis.com",
160-
"iaptunnel.googleapis.com",
161-
"ids.googleapis.com",
162-
"integrations.googleapis.com",
163-
"kmsinventory.googleapis.com",
164-
"krmapihosting.googleapis.com",
165-
"language.googleapis.com",
166-
"lifesciences.googleapis.com",
167-
"logging.googleapis.com",
168-
"managedidentities.googleapis.com",
169-
"memcache.googleapis.com",
170-
"meshca.googleapis.com",
171-
"meshconfig.googleapis.com",
172-
"metastore.googleapis.com",
173-
"ml.googleapis.com",
174-
"monitoring.googleapis.com",
175-
"networkconnectivity.googleapis.com",
176-
"networkmanagement.googleapis.com",
177-
"networksecurity.googleapis.com",
178-
"networkservices.googleapis.com",
179-
"notebooks.googleapis.com",
180-
"opsconfigmonitoring.googleapis.com",
181-
"orgpolicy.googleapis.com",
182-
"osconfig.googleapis.com",
183-
"oslogin.googleapis.com",
184-
"privateca.googleapis.com",
185-
"pubsub.googleapis.com",
186-
"pubsublite.googleapis.com",
187-
"recaptchaenterprise.googleapis.com",
188-
"recommender.googleapis.com",
189-
"redis.googleapis.com",
190-
"retail.googleapis.com",
191-
"run.googleapis.com",
192-
"secretmanager.googleapis.com",
193-
"servicecontrol.googleapis.com",
194-
"servicedirectory.googleapis.com",
195-
"spanner.googleapis.com",
196-
"speakerid.googleapis.com",
197-
"speech.googleapis.com",
198-
"sqladmin.googleapis.com",
199-
"storage.googleapis.com",
200-
"storagetransfer.googleapis.com",
201-
"sts.googleapis.com",
202-
"texttospeech.googleapis.com",
203-
"timeseriesinsights.googleapis.com",
204-
"tpu.googleapis.com",
205-
"trafficdirector.googleapis.com",
206-
"transcoder.googleapis.com",
207-
"translate.googleapis.com",
208-
"videointelligence.googleapis.com",
209-
"vision.googleapis.com",
210-
"visionai.googleapis.com",
211-
"vmmigration.googleapis.com",
212-
"vpcaccess.googleapis.com",
213-
"webrisk.googleapis.com",
214-
"workflows.googleapis.com",
215-
"workstations.googleapis.com",
216-
}
217-
21888
cidrRanges := map[string][]string{
21989
"development": []string{"10.8.64.0/18", "10.9.64.0/18"},
22090
"nonproduction": []string{"10.8.128.0/18", "10.9.128.0/18"},
@@ -227,50 +97,6 @@ func TestNetworks(t *testing.T) {
22797
"production": "10.17.0.8",
22898
}
22999

230-
ingressPolicies := []map[string]interface{}{
231-
{
232-
"from": map[string]interface{}{
233-
"sources": map[string][]string{
234-
"access_levels": {"*"},
235-
},
236-
"identity_type": "ANY_IDENTITY",
237-
},
238-
"to": map[string]interface{}{
239-
"resources": []string{"*"},
240-
"operations": map[string]map[string][]string{
241-
"storage.googleapis.com": {
242-
"methods": {
243-
"google.storage.objects.get",
244-
"google.storage.objects.list",
245-
},
246-
},
247-
},
248-
},
249-
},
250-
}
251-
252-
egressPolicies := []map[string]interface{}{
253-
{
254-
"from": map[string]interface{}{
255-
"sources": map[string][]string{
256-
"access_levels": {"*"},
257-
},
258-
"identity_type": "ANY_IDENTITY",
259-
},
260-
"to": map[string]interface{}{
261-
"resources": []string{"*"},
262-
"operations": map[string]map[string][]string{
263-
"storage.googleapis.com": {
264-
"methods": {
265-
"google.storage.objects.get",
266-
"google.storage.objects.list",
267-
},
268-
},
269-
},
270-
},
271-
},
272-
}
273-
274100
envStage := os.Getenv(utils.RUN_STAGE_ENV_VAR)
275101
var envNames []string
276102

@@ -293,11 +119,7 @@ func TestNetworks(t *testing.T) {
293119
t.Run(envName, func(t *testing.T) {
294120

295121
vars := map[string]interface{}{
296-
"access_context_manager_policy_id": policyID,
297-
"remote_state_bucket": backend_bucket,
298-
"ingress_policies": ingressPolicies,
299-
"egress_policies": egressPolicies,
300-
"perimeter_additional_members": []string{},
122+
"remote_state_bucket": backend_bucket,
301123
}
302124

303125
var tfdDir string
@@ -327,19 +149,8 @@ func TestNetworks(t *testing.T) {
327149
// Resource issue: https://github.com/hashicorp/terraform-provider-google/issues/16804
328150
// networks.DefaultVerify(assert)
329151

330-
servicePerimeterLink := fmt.Sprintf("accessPolicies/%s/servicePerimeters/%s", policyID, networks.GetStringOutput("service_perimeter_name"))
331-
accessLevel := fmt.Sprintf("accessPolicies/%s/accessLevels/%s", policyID, networks.GetStringOutput("access_level_name_dry_run"))
332152
networkNames := getNetworkResourceNames(envCode, networkMode, firewallMode)
333153

334-
servicePerimeter, err := gcloud.RunCmdE(t, fmt.Sprintf("access-context-manager perimeters dry-run describe %s --policy %s", servicePerimeterLink, policyID))
335-
assert.NoError(err)
336-
perimeterName := networks.GetStringOutput("service_perimeter_name")
337-
assert.True(strings.Contains(servicePerimeter, perimeterName), fmt.Sprintf("service perimeter %s should exist", perimeterName))
338-
assert.True(strings.Contains(servicePerimeter, accessLevel), fmt.Sprintf("service perimeter %s should have access level %s", servicePerimeterLink, accessLevel))
339-
for _, service := range restrictedServices {
340-
assert.True(strings.Contains(servicePerimeter, service), fmt.Sprintf("service perimeter %s should restrict all supported services", servicePerimeterLink))
341-
}
342-
343154
projectID := networks.GetStringOutput("shared_vpc_host_project_id")
344155

345156
if strings.Contains(projectID, "-p-") && networkMode != "-spoke" {

0 commit comments

Comments
 (0)