Merge pull request #28 from glarizza/gl/kitchen_terraform_tests

Migrate integration tests to Test Kitchen

Author: morgante

.gitignore

@@ -3,7 +3,9 @@
 
 # OSX trash
 .DS_Store
-*.pyc*
+
+# Python
+*.pyc
 
 # Emacs save files
 *~
@@ -29,8 +31,17 @@ Session.vim
 # Crash log files
 crash.log
 
+# Kitchen files
+**/inspec.lock
+**/.kitchen
+**/.kitchen.local.yml
+**/Gemfile.lock
+
 # Ignore any .tfvars files that are generated automatically for each Terraform run. Most
 # .tfvars files are managed as part of configuration and so should be included in
 # version control.
 #
 # example.tfvars
+test/fixtures/shared/terraform.tfvars
+
+credentials.json

.kitchen.yml

@@ -0,0 +1,82 @@
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+driver:
+  name: "terraform"
+  command_timeout: 1800
+
+provisioner:
+  name: "terraform"
+
+platforms:
+  - name: local
+
+suites:
+  - name: "simple_project"
+    driver:
+      name: "terraform"
+      command_timeout: 1800
+      root_module_directory: test/fixtures/simple_project/
+    verifier:
+      name: terraform
+      color: true
+      systems:
+        - name: inspec-gcp
+          backend: gcp
+          controls:
+            - gcp
+        - name: local
+          backend: local
+          controls:
+            - gcloud
+  - name: "simple_project_with_regional_network"
+    driver:
+      name: "terraform"
+      command_timeout: 1800
+      root_module_directory: test/fixtures/simple_project_with_regional_network/
+    verifier:
+      name: terraform
+      color: true
+      systems:
+        - name: inspec-gcp
+          backend: gcp
+          controls:
+            - gcp
+  - name: "secondary_ranges"
+    driver:
+      name: "terraform"
+      command_timeout: 1800
+      root_module_directory: test/fixtures/secondary_ranges/
+    verifier:
+      name: terraform
+      color: true
+      systems:
+        - name: local
+          backend: local
+          controls:
+            - gcloud
+  - name: "multi_vpc"
+    driver:
+      name: "terraform"
+      command_timeout: 1800
+      root_module_directory: test/fixtures/multi_vpc/
+    verifier:
+      name: terraform
+      color: true
+      systems:
+        - name: local
+          backend: local
+          controls:
+            - gcloud

.ruby-version

@@ -0,0 +1 @@
+2.5.3

Gemfile

@@ -0,0 +1,19 @@
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ruby '2.5.3'
+
+source 'https://rubygems.org/' do
+  gem 'kitchen-terraform', '~> 4.3'
+end

Makefile

@@ -15,6 +15,12 @@
 # Make will use bash instead of sh
 SHELL := /usr/bin/env bash
 
+# Docker build config variables
+CREDENTIALS_PATH 			?= /cft/workdir/credentials.json
+DOCKER_ORG 				:= gcr.io/cloud-foundation-cicd
+DOCKER_TAG_BASE_KITCHEN_TERRAFORM 	?= 0.11.10_216.0.0_1.19.1_0.1.10
+DOCKER_REPO_BASE_KITCHEN_TERRAFORM 	:= ${DOCKER_ORG}/cft/kitchen-terraform:${DOCKER_TAG_BASE_KITCHEN_TERRAFORM}
+
 # All is the first target in the file so it will get picked up when you just run 'make' on its own
 all: check_shell check_python check_golang check_terraform check_docker check_base_files test_check_headers check_headers check_trailing_whitespace generate_docs
 
@@ -45,10 +51,6 @@ check_docker:
 check_base_files:
 	@source test/make.sh && basefiles
 
-.PHONY: check_shebangs
-check_shebangs:
-	@source test/make.sh && check_bash
-
 .PHONY: check_trailing_whitespace
 check_trailing_whitespace:
 	@source test/make.sh && check_trailing_whitespace
@@ -60,9 +62,73 @@ test_check_headers:
 
 .PHONY: check_headers
 check_headers:
-	@echo "Checking file headers"
-	@python test/verify_boilerplate.py
+	@source test/make.sh && check_headers
+
+# Integration tests
+.PHONY: test_integration
+test_integration:
+	./test/ci_integration.sh
 
 .PHONY: generate_docs
 generate_docs:
 	@source test/make.sh && generate_docs
+
+# Versioning
+.PHONY: version
+version:
+	@source helpers/version-repo.sh
+
+# Run docker
+.PHONY: docker_run
+docker_run:
+	docker run --rm -it \
+		-e CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE=${CREDENTIALS_PATH} \
+		-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
+		-e TF_VAR_project_id \
+		-v $(CURDIR):/cft/workdir \
+		${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \
+		/bin/bash
+
+.PHONY: docker_create
+docker_create:
+	docker run --rm -it \
+		-e CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE=${CREDENTIALS_PATH} \
+		-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
+		-e TF_VAR_project_id \
+		-v $(CURDIR):/cft/workdir \
+		${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \
+		/bin/bash -c "kitchen create"
+
+.PHONY: docker_converge
+docker_converge:
+	docker run --rm -it \
+		-e CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE=${CREDENTIALS_PATH} \
+		-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
+		-e TF_VAR_project_id \
+		-v $(CURDIR):/cft/workdir \
+		${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \
+		/bin/bash -c "kitchen converge && kitchen converge"
+
+.PHONY: docker_verify
+docker_verify:
+	docker run --rm -it \
+		-e CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE=${CREDENTIALS_PATH} \
+		-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
+		-e TF_VAR_project_id \
+		-v $(CURDIR):/cft/workdir \
+		${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \
+		/bin/bash -c "kitchen verify"
+
+.PHONY: docker_destroy
+docker_destroy:
+	docker run --rm -it \
+		-e CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE=${CREDENTIALS_PATH} \
+		-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
+		-e TF_VAR_project_id \
+		-v $(CURDIR):/cft/workdir \
+		${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \
+		/bin/bash -c "kitchen destroy"
+
+.PHONY: test_integration_docker
+test_integration_docker: docker_create docker_converge docker_verify docker_destroy
+	@echo "Running test-kitchen tests in docker"

README.md

@@ -81,12 +81,29 @@ Then perform the following commands on the root folder:
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
 | network_name | The name of the network being created | string | - | yes |
-| routing_mode | The network routing mode. Can be either 'REGIONAL' or 'GLOBAL' | string | GLOBAL | no |
 | project_id | The ID of the project where this VPC will be created | string | - | yes |
+| routes | List of routes being created in this VPC | list | `<list>` | no |
+| routing_mode | The network routing mode (default 'GLOBAL') | string | `GLOBAL` | no |
+| secondary_ranges | Secondary ranges that will be used in some of the subnets | map | - | yes |
 | shared_vpc_host | Makes this project a Shared VPC host if 'true' (default 'false') | string | `false` | no |
 | subnets | The list of subnets being created | list | - | yes |
-| secondary_ranges | Secondary ranges that will be used in some of the subnets | map | - | yes |
-| routes | The list of routes being created | list | - | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| network_name | The name of the VPC being created |
+| network_self_link | The URI of the VPC being created |
+| routes | The routes associated with this VPC |
+| subnets_flow_logs | Whether the subnets will have VPC flow logs enabled |
+| subnets_ips | The IPs and CIDRs of the subnets being created |
+| subnets_names | The names of the subnets being created |
+| subnets_private_access | Whether the subnets will have access to Google API's without a public IP |
+| subnets_regions | The region where the subnets will be created |
+| subnets_secondary_ranges | The secondary ranges associated with these subnets |
+| subnets_self_links | The self-links of subnets being created |
+
+[^]: (autogen_docs_end)
 
 ### Subnet Inputs
 The subnets list contains maps, where each object represents a subnet. Each map has the following inputs (please see examples folder for additional references):
@@ -115,23 +132,6 @@ The routes list contains maps, where each object represents a route. For the nex
 | next_hop_vpn_tunnel | URL to a VpnTunnel that should handle matching packets | string | - | yes |
 | priority | The priority of this route. Priority is used to break ties in cases where there is more than one matching route of equal prefix length. In the case of two routes with equal prefix length, the one with the lowest-numbered priority value wins | string | 1000 | yes |
 
-## Outputs
-
-| Name | Description |
-|------|-------------|
-| network_name | The name of the VPC being created |
-| network_self_link | The URI of the VPC being created |
-| subnets_ips | The IPs and CIDRs of the subnets being created |
-| subnets_self_links | The `self_link`s of the subnets being created |
-| subnets_names | The names of the subnets being created |
-| subnets_private_access | Whether the subnets will have access to Google API's without a public IP |
-| subnets_flow_logs | Whether the subnets will have VPC flow logs enabled |
-| subnets_regions | The region where the subnets will be created |
-| subnets_secondary_ranges | The secondary ranges associated with these subnets |
-| routes | The routes associated with this VPC |
-
-[^]: (autogen_docs_end)
-
 ## Requirements
 ### Terraform plugins
 - [Terraform](https://www.terraform.io/downloads.html) 0.10.x

codelabs/simple/main.tf

@@ -1,3 +1,19 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
 resource "random_id" "network_id" {
   byte_length = 8
 }

examples/multi_vpc/README.md

@@ -15,23 +15,25 @@ This example configures a host network project with two separate networks.
 
 | Name | Description |
 |------|-------------|
-| network_01_name | vpc 1 |
+| network_01_name | The name of the VPC network-01 |
+| network_01_route_data | The route data for network 01 that was passed into the network module |
+| network_01_routes | The routes associated with network-01 |
 | network_01_self_link | The URI of the VPC network-01 |
 | network_01_subnets | The names of the subnets being created on network-01 |
 | network_01_subnets_flow_logs | Whether the subnets will have VPC flow logs enabled |
 | network_01_subnets_ips | The IP and cidrs of the subnets being created on network-01 |
 | network_01_subnets_private_access | Whether the subnets will have access to Google API's without a public IP on network-01 |
 | network_01_subnets_regions | The region where the subnets will be created on network-01 |
 | network_01_subnets_secondary_ranges | The secondary ranges associated with these subnets on network-01 |
-| network_01_routes | The routes associated with network-01 |
-| network_02_name | vpc 2 |
+| network_02_name | The name of the VPC network-02 |
+| network_02_route_data | The route data for network 02 that was passed into the network module |
+| network_02_routes | The routes associated with network-02 |
 | network_02_self_link | The URI of the VPC network-02 |
 | network_02_subnets | The names of the subnets being created on network-02 |
 | network_02_subnets_flow_logs | Whether the subnets will have VPC flow logs enabled |
 | network_02_subnets_ips | The IP and cidrs of the subnets being created on network-02 |
 | network_02_subnets_private_access | Whether the subnets will have access to Google API's without a public IP on network-02 |
 | network_02_subnets_regions | The region where the subnets will be created on network-02 |
 | network_02_subnets_secondary_ranges | The secondary ranges associated with these subnets on network-02 |
-| network_02_routes | The routes associated with network-02 |
 
-[^]: (autogen_docs_end)
+[^]: (autogen_docs_end)