Skip to content

Commit ce4c179

Browse files
apeabodyapeabody
committed
chore(CI): migrate tests to CFT
1 parent a78cc8c commit ce4c179

File tree

18 files changed

+363
-927
lines changed

18 files changed

+363
-927
lines changed

.kitchen.yml

Lines changed: 0 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -78,40 +78,10 @@ suites:
7878
systems:
7979
- name: stub_domains_upstream_nameservers
8080
backend: local
81-
- name: "workload_identity"
82-
transport:
83-
root_module_directory: test/fixtures/workload_identity
84-
verifier:
85-
systems:
86-
- name: gcloud
87-
backend: local
88-
controls:
89-
- gcloud
90-
- name: gcp
91-
backend: gcp
92-
controls:
93-
- gcp
9481
- name: "workload_metadata_config"
9582
transport:
9683
root_module_directory: test/fixtures/workload_metadata_config
9784
verifier:
9885
systems:
9986
- name: workload_metadata_config
10087
backend: local
101-
- name: "node_pool"
102-
transport:
103-
root_module_directory: test/fixtures/node_pool
104-
verifier:
105-
systems:
106-
- name: node_pool
107-
backend: local
108-
controls:
109-
- gcloud
110-
- kubectl
111-
- name: "safer_cluster_iap_bastion"
112-
transport:
113-
root_module_directory: test/fixtures/safer_cluster_iap_bastion
114-
verifier:
115-
systems:
116-
- name: safer_cluster_iap_bastion
117-
backend: local

build/int.cloudbuild.yaml

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -309,17 +309,17 @@ steps:
309309
waitFor:
310310
- create-all
311311
name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
312-
args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge node-pool-local']
312+
args: ['/bin/bash', '-c', 'cft test run TestNodePool --stage apply --verbose']
313313
- id: verify node-pool-local
314314
waitFor:
315315
- converge node-pool-local
316316
name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
317-
args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify node-pool-local']
317+
args: ['/bin/bash', '-c', 'cft test run TestNodePool --stage verify --verbose']
318318
- id: destroy node-pool-local
319319
waitFor:
320320
- verify node-pool-local
321321
name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
322-
args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy node-pool-local']
322+
args: ['/bin/bash', '-c', 'cft test run TestNodePool --stage destroy --verbose']
323323
- id: apply sandbox-enabled-local
324324
waitFor:
325325
- create-all
@@ -339,32 +339,32 @@ steps:
339339
waitFor:
340340
- create-all
341341
name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
342-
args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge workload-identity-local']
342+
args: ['/bin/bash', '-c', 'cft test run TestWorkloadIdentity --stage apply --verbose']
343343
- id: verify workload-identity-local
344344
waitFor:
345345
- converge workload-identity-local
346346
name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
347-
args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify workload-identity-local']
347+
args: ['/bin/bash', '-c', 'cft test run TestWorkloadIdentity --stage verify --verbose']
348348
- id: destroy workload-identity-local
349349
waitFor:
350350
- verify workload-identity-local
351351
name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
352-
args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy workload-identity-local']
352+
args: ['/bin/bash', '-c', 'cft test run TestWorkloadIdentity --stage destroy --verbose']
353353
- id: converge safer-cluster-iap-bastion-local
354354
waitFor:
355355
- create-all
356356
name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
357-
args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge safer-cluster-iap-bastion-local']
357+
args: ['/bin/bash', '-c', 'cft test run TestSaferClusterIapBastion --stage apply --verbose']
358358
- id: verify safer-cluster-iap-bastion-local
359359
waitFor:
360360
- converge safer-cluster-iap-bastion-local
361361
name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
362-
args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify safer-cluster-iap-bastion-local']
362+
args: ['/bin/bash', '-c', 'cft test run TestSaferClusterIapBastion --stage verify --verbose']
363363
- id: destroy safer-cluster-iap-bastion-local
364364
waitFor:
365365
- verify safer-cluster-iap-bastion-local
366366
name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
367-
args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy safer-cluster-iap-bastion-local']
367+
args: ['/bin/bash', '-c', 'cft test run TestSaferClusterIapBastion --stage teardown --verbose']
368368
- id: apply simple-zonal-with-asm-local
369369
waitFor:
370370
- create-all

examples/node_pool/main.tf

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,7 @@ module "gke" {
4343
disable_legacy_metadata_endpoints = false
4444
cluster_autoscaling = var.cluster_autoscaling
4545
deletion_protection = false
46+
service_account = "default"
4647

4748
node_pools = [
4849
{

examples/workload_identity/main.tf

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/**
2-
* Copyright 2018 Google LLC
2+
* Copyright 2018-2024 Google LLC
33
*
44
* Licensed under the Apache License, Version 2.0 (the "License");
55
* you may not use this file except in compliance with the License.
@@ -24,6 +24,10 @@ provider "kubernetes" {
2424
host = "https://${module.gke.endpoint}"
2525
token = data.google_client_config.default.access_token
2626
cluster_ca_certificate = base64decode(module.gke.ca_certificate)
27+
28+
ignore_annotations = [
29+
"^iam.gke.io\\/.*"
30+
]
2731
}
2832

2933
module "gke" {

test/fixtures/safer_cluster_iap_bastion/example.tf

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/**
2-
* Copyright 2020 Google LLC
2+
* Copyright 2020-2024 Google LLC
33
*
44
* Licensed under the Apache License, Version 2.0 (the "License");
55
* you may not use this file except in compliance with the License.
@@ -15,7 +15,7 @@
1515
*/
1616

1717
locals {
18-
test_command = "gcloud beta compute ssh ${module.example.bastion_name} --tunnel-through-iap --verbosity=error --project ${var.project_ids[1]} --zone ${module.example.bastion_zone} --ssh-flag=\"-T\" -q -- curl -sS https://${module.example.endpoint}/version -k"
18+
test_command = "gcloud beta compute ssh ${module.example.bastion_name} --tunnel-through-iap --verbosity=error --project ${var.project_ids[1]} --zone ${module.example.bastion_zone} -q -- curl -sS https://${module.example.endpoint}/version -k"
1919
}
2020

2121
module "example" {

0 commit comments

Comments
 (0)