Bring back shared_vpc example and simple test fixture

.kitchen.yml

@@ -48,6 +48,18 @@ suites:
           backend: local
     provisioner:
       name: terraform
+  - name: "shared_vpc"
+    driver:
+      name: "terraform"
+      command_timeout: 1800
+      root_module_directory: test/fixtures/shared_vpc
+    verifier:
+      name: terraform
+      systems:
+        - name: shared_vpc
+          backend: local
+    provisioner:
+      name: terraform
   - name: "simple_regional"
     driver:
       name: "terraform"

README.md

@@ -212,10 +212,11 @@ make generate_docs
 
 Integration tests are run though [test-kitchen](https://github.com/test-kitchen/test-kitchen), [kitchen-terraform](https://github.com/newcontext-oss/kitchen-terraform), and [InSpec](https://github.com/inspec/inspec).
 
-Five test-kitchen instances are defined:
+Six test-kitchen instances are defined:
 
 - `deploy_service`
 - `node_pool`
+- `shared_vpc`
 - `simple_regional`
 - `simple_zonal`
 - `stub_domains`

examples/shared_vpc/README.md

@@ -0,0 +1,13 @@
+# Shared VPC Cluster
+
+This example illustrates how to create a simple cluster where the host network is not necessarily in the same project as the cluster.
+
+[^]: (autogen_docs_start)
+
+[^]: (autogen_docs_end)
+
+To provision this example, run the following from within this directory:
+- `terraform init` to get the plugins
+- `terraform plan` to see the infrastructure plan
+- `terraform apply` to apply the infrastructure build
+- `terraform destroy` to destroy the built infrastructure

examples/shared_vpc/main.tf

@@ -0,0 +1,41 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+locals {
+  cluster_type = "shared-vpc"
+}
+
+provider "google" {
+  credentials = "${file(var.credentials_path)}"
+  region      = "${var.region}"
+}
+
+module "gke" {
+  source             = "../../"
+  project_id         = "${var.project_id}"
+  name               = "${local.cluster_type}-cluster"
+  region             = "${var.region}"
+  network            = "${var.network}"
+  network_project_id = "${var.network_project_id}"
+  subnetwork         = "${var.subnetwork}"
+  ip_range_pods      = "${var.ip_range_pods}"
+  ip_range_services  = "${var.ip_range_services}"
+  kubernetes_version = "1.11.5-gke.4"
+  node_version       = "1.11.5-gke.4"
+  service_account    = "${var.compute_engine_service_account}"
+}
+
+data "google_client_config" "default" {}

examples/shared_vpc/outputs.tf

@@ -0,0 +1,29 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "kubernetes_endpoint" {
+  sensitive = true
+  value     = "${module.gke.endpoint}"
+}
+
+output "client_token" {
+  sensitive = true
+  value     = "${base64encode(data.google_client_config.default.access_token)}"
+}
+
+output "ca_certificate" {
+  value = "${module.gke.ca_certificate}"
+}

examples/shared_vpc/test_outputs.tf

@@ -0,0 +1 @@
+../../test/fixtures/all_examples/test_outputs.tf

examples/shared_vpc/variables.tf

@@ -0,0 +1,51 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "project_id" {
+  description = "The project ID to host the cluster in"
+}
+
+variable "credentials_path" {
+  description = "The path to the GCP credentials JSON file"
+}
+
+variable "region" {
+  description = "The region to host the cluster in"
+}
+
+variable "network" {
+  description = "The VPC network to host the cluster in"
+}
+
+variable "network_project_id" {
+  description = "The GCP project housing the VPC network to host the cluster in"
+}
+
+variable "subnetwork" {
+  description = "The subnetwork to host the cluster in"
+}
+
+variable "ip_range_pods" {
+  description = "The secondary ip range to use for pods"
+}
+
+variable "ip_range_services" {
+  description = "The secondary ip range to use for pods"
+}
+
+variable "compute_engine_service_account" {
+  description = "Service account to associate to the nodes in the cluster"
+}

test/fixtures/shared_vpc/example.tf

@@ -0,0 +1,29 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+module "example" {
+  source = "../../../examples/shared_vpc"
+
+  project_id                     = "${var.project_id}"
+  credentials_path               = "${local.credentials_path}"
+  region                         = "${var.region}"
+  network                        = "${google_compute_network.main.name}"
+  network_project_id             = "${var.project_id}"
+  subnetwork                     = "${google_compute_subnetwork.main.name}"
+  ip_range_pods                  = "${google_compute_subnetwork.main.secondary_ip_range.0.range_name}"
+  ip_range_services              = "${google_compute_subnetwork.main.secondary_ip_range.1.range_name}"
+  compute_engine_service_account = "${var.compute_engine_service_account}"
+}

test/fixtures/shared_vpc/network.tf

@@ -0,0 +1,52 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+locals {
+  credentials_path = "${path.module}/${var.credentials_path_relative}"
+}
+
+resource "random_string" "suffix" {
+  length  = 4
+  special = false
+  upper   = false
+}
+
+provider "google" {
+  credentials = "${file(local.credentials_path)}"
+  project     = "${var.project_id}"
+}
+
+resource "google_compute_network" "main" {
+  name                    = "cft-gke-test-${random_string.suffix.result}"
+  auto_create_subnetworks = "false"
+}
+
+resource "google_compute_subnetwork" "main" {
+  name          = "cft-gke-test-${random_string.suffix.result}"
+  ip_cidr_range = "10.0.0.0/17"
+  region        = "${var.region}"
+  network       = "${google_compute_network.main.self_link}"
+
+  secondary_ip_range {
+    range_name    = "cft-gke-test-pods-${random_string.suffix.result}"
+    ip_cidr_range = "192.168.0.0/18"
+  }
+
+  secondary_ip_range {
+    range_name    = "cft-gke-test-services-${random_string.suffix.result}"
+    ip_cidr_range = "192.168.64.0/18"
+  }
+}

test/fixtures/shared_vpc/outputs.tf

@@ -0,0 +1 @@
+../shared/outputs.tf

test/fixtures/shared_vpc/terraform.tfvars

@@ -0,0 +1 @@
+../shared/terraform.tfvars

test/fixtures/shared_vpc/variables.tf

@@ -0,0 +1 @@
+../shared/variables.tf

test/integration/shared_vpc/controls/gcloud.rb

@@ -0,0 +1,42 @@
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+project_id = attribute('project_id')
+location = attribute('location')
+cluster_name = attribute('cluster_name')
+
+credentials_path = attribute('credentials_path')
+ENV['CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE'] = credentials_path
+
+control "gcloud" do
+  title "Google Compute Engine GKE configuration"
+  describe command("gcloud --project=#{project_id} container clusters --zone=#{location} describe #{cluster_name} --format=json") do
+    its(:exit_status) { should eq 0 }
+    its(:stderr) { should eq '' }
+
+    let!(:data) do
+      if subject.exit_status == 0
+        JSON.parse(subject.stdout)
+      else
+        {}
+      end
+    end
+
+    describe "cluster" do
+      it "is running" do
+        expect(data['status']).to eq 'RUNNING'
+      end
+    end
+  end
+end

test/integration/shared_vpc/inspec.yml

@@ -0,0 +1,14 @@
+name: shared_vpc
+attributes:
+  - name: project_id
+    required: true
+    type: string
+  - name: credentials_path
+    required: true
+    type: string
+  - name: location
+    required: true
+    type: string
+  - name: cluster_name
+    required: true
+    type: string