From 1f88f47a555199969d897b96a10869df854819c4 Mon Sep 17 00:00:00 2001 From: Jason Berlinsky Date: Mon, 12 Nov 2018 22:20:24 -0500 Subject: [PATCH 01/39] Fix Docker build --- Makefile | 12 ++++ build/docker/terraform/Dockerfile | 100 ++++++++++++++++++++++++++++++ 2 files changed, 112 insertions(+) create mode 100644 build/docker/terraform/Dockerfile diff --git a/Makefile b/Makefile index de5a344569..6f2848bc4a 100644 --- a/Makefile +++ b/Makefile @@ -15,6 +15,18 @@ # Make will use bash instead of sh SHELL := /usr/bin/env bash +# Docker build config variables +BUILD_TERRAFORM_VERSION ?= 0.11.10 +BUILD_CLOUD_SDK_VERSION ?= 216.0.0 +BUILD_PROVIDER_GOOGLE_VERSION ?= 1.17.1 +BUILD_PROVIDER_GSUITE_VERSION ?= 0.1.8 +DOCKER_IMAGE_TERRAFORM := cftk/terraform +DOCKER_TAG_TERRAFORM ?= ${BUILD_TERRAFORM_VERSION}_${BUILD_CLOUD_SDK_VERSION}_${BUILD_PROVIDER_GOOGLE_VERSION}_${BUILD_PROVIDER_GSUITE_VERSION} +BUILD_RUBY_VERSION := 2.4.2 +DOCKER_IMAGE_KITCHEN_TERRAFORM := cftk/kitchen_terraform +DOCKER_TAG_KITCHEN_TERRAFORM ?= ${BUILD_TERRAFORM_VERSION}_${BUILD_CLOUD_SDK_VERSION}_${BUILD_PROVIDER_GOOGLE_VERSION}_${BUILD_PROVIDER_GSUITE_VERSION} +TEST_CONFIG_FILE_LOCATION := "./test/fixtures/config.sh" + # All is the first target in the file so it will get picked up when you just run 'make' on its own all: check_shell check_python check_golang check_terraform check_docker check_base_files test_check_headers check_headers check_trailing_whitespace generate_docs diff --git a/build/docker/terraform/Dockerfile b/build/docker/terraform/Dockerfile new file mode 100644 index 0000000000..53aeb389e2 --- /dev/null +++ b/build/docker/terraform/Dockerfile @@ -0,0 +1,100 @@ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FROM alpine:3.8 as builder + +RUN apk add --no-cache \ + bash=4.4.19-r1 \ + git=2.18.1-r0 \ + go=1.10.1-r0 \ + make=4.2.1-r2 \ + musl-dev=1.1.19-r10 + +ENV APP_BASE_DIR="/cftk" + +RUN mkdir -p $APP_BASE_DIR/home && \ + mkdir -p $APP_BASE_DIR/bin && \ + mkdir -p $APP_BASE_DIR/workdir + +ENV GOPATH="/root/go" + +ARG BUILD_PROVIDER_GOOGLE_VERSION +ENV PROVIDER_GOOGLE_VERSION="${BUILD_PROVIDER_GOOGLE_VERSION}" + +RUN mkdir -p $APP_BASE_DIR/home/.terraform.d/plugins && \ + mkdir -p $GOPATH/src/github.com/terraform-providers && \ + git clone https://github.com/terraform-providers/terraform-provider-google.git $GOPATH/src/github.com/terraform-providers/terraform-provider-google + +WORKDIR $GOPATH/src/github.com/terraform-providers/terraform-provider-google +RUN git fetch --all --tags --prune && \ + git checkout tags/v${PROVIDER_GOOGLE_VERSION} -b v${PROVIDER_GOOGLE_VERSION} && \ + make build && \ + mv $GOPATH/bin/terraform-provider-google $APP_BASE_DIR/home/.terraform.d/plugins + + + +FROM alpine:3.8 + +RUN apk add --no-cache \ + bash=4.4.19-r1 \ + curl=7.61.1-r0 \ + git=2.18.0-r0 \ + jq=1.6_rc1-r1 \ + make=4.2.1-r2 \ + python2=2.7.15-r1 + +ENV APP_BASE_DIR="/cftk" + +COPY --from=builder $APP_BASE_DIR $APP_BASE_DIR + +ENV HOME="$APP_BASE_DIR/home" +ENV PATH $APP_BASE_DIR/bin:$APP_BASE_DIR/google-cloud-sdk/bin:$PATH +ENV GOOGLE_APPLICATION_CREDENTIALS="$CREDENTIALS_PATH" \ + CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE="$CREDENTIALS_PATH" + +# Fix base64 inconsistency +SHELL ["/bin/bash", "-c"] +RUN echo 'base64() { if [[ $@ == "--decode" ]]; then command base64 -d | more; else command base64 "$@"; fi; }' >> $APP_BASE_DIR/home/.bashrc + +ARG BUILD_CLOUD_SDK_VERSION +ENV CLOUD_SDK_VERSION="${BUILD_CLOUD_SDK_VERSION}" + +WORKDIR $APP_BASE_DIR +RUN curl -LO https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-${CLOUD_SDK_VERSION}-linux-x86_64.tar.gz && \ + tar xzf google-cloud-sdk-${CLOUD_SDK_VERSION}-linux-x86_64.tar.gz && \ + rm google-cloud-sdk-${CLOUD_SDK_VERSION}-linux-x86_64.tar.gz && \ + ln -s /lib /lib64 && \ + gcloud config set core/disable_usage_reporting true && \ + gcloud config set component_manager/disable_update_check true && \ + gcloud config set metrics/environment github_docker_image && \ + gcloud --version + +ARG BUILD_TERRAFORM_VERSION +ENV TERRAFORM_VERSION="${BUILD_TERRAFORM_VERSION}" + +RUN curl -LO https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip && \ + unzip terraform_${TERRAFORM_VERSION}_linux_amd64.zip && \ + rm terraform_${TERRAFORM_VERSION}_linux_amd64.zip && \ + mv terraform $APP_BASE_DIR/bin && \ + terraform --version + +ARG BUILD_PROVIDER_GSUITE_VERSION +ENV PROVIDER_GSUITE_VERSION="${BUILD_PROVIDER_GSUITE_VERSION}" + +RUN curl -LO https://github.com/DeviaVir/terraform-provider-gsuite/releases/download/v${PROVIDER_GSUITE_VERSION}/terraform-provider-gsuite_${PROVIDER_GSUITE_VERSION}_linux_amd64.tgz && \ + tar xzf terraform-provider-gsuite_${PROVIDER_GSUITE_VERSION}_linux_amd64.tgz && \ + rm terraform-provider-gsuite_${PROVIDER_GSUITE_VERSION}_linux_amd64.tgz && \ + mv terraform-provider-gsuite_v${PROVIDER_GSUITE_VERSION} $APP_BASE_DIR/home/.terraform.d/plugins/terraform-provider-gsuite + +WORKDIR $APP_BASE_DIR/workdir From 45618e7dd9cbd1b1c19529f30b73eb308d890070 Mon Sep 17 00:00:00 2001 From: Jason Berlinsky Date: Sat, 17 Nov 2018 10:05:28 -0500 Subject: [PATCH 02/39] Specify cluster versions in examples --- examples/deploy_service/main.tf | 1 + examples/node_pool/main.tf | 2 ++ examples/simple_regional/main.tf | 2 ++ examples/simple_zonal/main.tf | 2 ++ examples/stub_domains/main.tf | 2 ++ 5 files changed, 9 insertions(+) diff --git a/examples/deploy_service/main.tf b/examples/deploy_service/main.tf index 8624acdf26..d0e2905a87 100644 --- a/examples/deploy_service/main.tf +++ b/examples/deploy_service/main.tf @@ -40,6 +40,7 @@ module "gke" { subnetwork = "${var.subnetwork}" ip_range_pods = "${var.ip_range_pods}" ip_range_services = "${var.ip_range_services}" + kubernetes_version = "1.9.7-gke.11" } resource "kubernetes_pod" "nginx-example" { diff --git a/examples/node_pool/main.tf b/examples/node_pool/main.tf index cac946b6a9..515ae6c32e 100644 --- a/examples/node_pool/main.tf +++ b/examples/node_pool/main.tf @@ -31,6 +31,8 @@ module "gke" { subnetwork = "${var.subnetwork}" ip_range_pods = "${var.ip_range_pods}" ip_range_services = "${var.ip_range_services}" + kubernetes_version = "1.9.7-gke.11" + node_version = "1.9.7-gke.11" node_pools = [ { diff --git a/examples/simple_regional/main.tf b/examples/simple_regional/main.tf index 72a9581f78..0b5270fd30 100644 --- a/examples/simple_regional/main.tf +++ b/examples/simple_regional/main.tf @@ -32,4 +32,6 @@ module "gke" { subnetwork = "${var.subnetwork}" ip_range_pods = "${var.ip_range_pods}" ip_range_services = "${var.ip_range_services}" + kubernetes_version = "1.9.7-gke.11" + node_version = "1.9.7-gke.11" } diff --git a/examples/simple_zonal/main.tf b/examples/simple_zonal/main.tf index 7ec5f5a0ea..6c6e2307e7 100644 --- a/examples/simple_zonal/main.tf +++ b/examples/simple_zonal/main.tf @@ -34,4 +34,6 @@ module "gke" { subnetwork = "${var.subnetwork}" ip_range_pods = "${var.ip_range_pods}" ip_range_services = "${var.ip_range_services}" + kubernetes_version = "1.9.7-gke.11" + node_version = "1.9.7-gke.11" } diff --git a/examples/stub_domains/main.tf b/examples/stub_domains/main.tf index e89a68396f..d76f1e9a03 100644 --- a/examples/stub_domains/main.tf +++ b/examples/stub_domains/main.tf @@ -31,6 +31,8 @@ module "gke" { subnetwork = "${var.subnetwork}" ip_range_pods = "${var.ip_range_pods}" ip_range_services = "${var.ip_range_services}" + kubernetes_version = "1.9.7-gke.11" + node_version = "1.9.7-gke.11" stub_domains { "example.com" = [ From 47189ea796ae05a4e192c1512540683f6be62778 Mon Sep 17 00:00:00 2001 From: Jason Berlinsky Date: Mon, 19 Nov 2018 16:27:38 -0500 Subject: [PATCH 03/39] Set up examples to run in test fixture networks --- examples/deploy_service/main.tf | 19 ++++----- examples/deploy_service/outputs.tf | 54 ++++++++++++++++++++++---- examples/deploy_service/variables.tf | 10 +++++ examples/node_pool/main.tf | 21 +++++----- examples/node_pool/outputs.tf | 44 ++++++++++++++++----- examples/simple_regional/main.tf | 19 ++++----- examples/simple_regional/outputs.tf | 37 +++++++++++++++++- examples/simple_regional/variables.tf | 10 +++++ examples/simple_zonal/main.tf | 22 +++++------ examples/simple_zonal/outputs.tf | 38 +++++++++++++++--- examples/simple_zonal/variables.tf | 10 +++++ examples/stub_domains/main.tf | 19 ++++----- examples/stub_domains/outputs.tf | 55 +++++++++++++++++++++------ examples/stub_domains/variables.tf | 10 +++++ 14 files changed, 285 insertions(+), 83 deletions(-) diff --git a/examples/deploy_service/main.tf b/examples/deploy_service/main.tf index d0e2905a87..b009898d35 100644 --- a/examples/deploy_service/main.tf +++ b/examples/deploy_service/main.tf @@ -15,11 +15,12 @@ */ locals { - credentials_file_path = "${path.module}/sa-key.json" + cluster_type = "deploy-service" } provider "google" { - credentials = "${file(local.credentials_file_path)}" + credentials = "${file(local.credentials_path)}" + region = "${local.region}" } provider "kubernetes" { @@ -33,13 +34,13 @@ data "google_client_config" "default" {} module "gke" { source = "../../" - project_id = "${var.project_id}" - name = "deploy-service-cluster" - region = "${var.region}" - network = "${var.network}" - subnetwork = "${var.subnetwork}" - ip_range_pods = "${var.ip_range_pods}" - ip_range_services = "${var.ip_range_services}" + project_id = "${local.project_id}" + name = "${local.cluster_type}-cluster" + region = "${local.region}" + network = "${local.network}" + subnetwork = "${local.subnetwork}" + ip_range_pods = "${local.ip_range_pods}" + ip_range_services = "${local.ip_range_services}" kubernetes_version = "1.9.7-gke.11" } diff --git a/examples/deploy_service/outputs.tf b/examples/deploy_service/outputs.tf index 17dff21946..455fb3275c 100644 --- a/examples/deploy_service/outputs.tf +++ b/examples/deploy_service/outputs.tf @@ -14,20 +14,58 @@ * limitations under the License. */ -output "name_example" { +output "project_id" { + value = "${local.project_id}" +} + +output "region" { + value = "${local.region}" +} + +output "cluster_name" { description = "Cluster name" value = "${module.gke.name}" } -output "endpoint_example" { - sensitive = true - description = "Cluster endpoint" - value = "${module.gke.endpoint}" +output "network" { + value = "${local.network}" +} + +output "subnetwork" { + value = "${local.subnetwork}" +} + +output "region_example" { + value = "${module.gke.region}" +} + +output "kubernetes_endpoint" { + sensitive = true + value = "${module.gke.endpoint}" +} + +output "client_token" { + sensitive = true + value = "${base64encode(data.google_client_config.default.access_token)}" +} + +output "ca_certificate" { + sensitive = true + value = "${module.gke.ca_certificate}" +} + +output "location" { + value = "${module.gke.location}" +} + +output "ip_range_pods" { + description = "The secondary IP range used for pods" + value = "${local.ip_range_pods}" } -output "location_example" { - description = "Cluster location" - value = "${module.gke.location}" +output "ip_range_services" { + description = "The secondary IP range used for services" + value = "${local.ip_range_services}" } output "zones_example" { diff --git a/examples/deploy_service/variables.tf b/examples/deploy_service/variables.tf index f49f87a61c..66ef037c8c 100644 --- a/examples/deploy_service/variables.tf +++ b/examples/deploy_service/variables.tf @@ -37,3 +37,13 @@ variable "ip_range_pods" { variable "ip_range_services" { description = "The secondary ip range to use for pods" } + +locals { + project_id = "${var.project_id}" + credentials_path = "${var.credentials_path}" + region = "${var.region}" + network = "${var.network}" + subnetwork = "${var.subnetwork}" + ip_range_pods = "${var.ip_range_pods}" + ip_range_services = "${var.ip_range_services}" +} diff --git a/examples/node_pool/main.tf b/examples/node_pool/main.tf index 515ae6c32e..fb26f57555 100644 --- a/examples/node_pool/main.tf +++ b/examples/node_pool/main.tf @@ -15,22 +15,23 @@ */ locals { - credentials_file_path = "${path.module}/sa-key.json" + cluster_type = "node-pool" } provider "google" { - credentials = "${file(local.credentials_file_path)}" + credentials = "${file(local.credentials_path)}" + region = "${local.region}" } module "gke" { source = "../../" - project_id = "${var.project_id}" - name = "node-pool-cluster" - region = "${var.region}" - network = "${var.network}" - subnetwork = "${var.subnetwork}" - ip_range_pods = "${var.ip_range_pods}" - ip_range_services = "${var.ip_range_services}" + project_id = "${local.project_id}" + name = "${local.cluster_type}-cluster" + region = "${local.region}" + network = "${local.network}" + subnetwork = "${local.subnetwork}" + ip_range_pods = "${local.ip_range_pods}" + ip_range_services = "${local.ip_range_services}" kubernetes_version = "1.9.7-gke.11" node_version = "1.9.7-gke.11" @@ -49,7 +50,7 @@ module "gke" { image_type = "COS" auto_repair = false auto_upgrade = false - service_account = "${var.pool_01_service_account}" + service_account = "${local.pool_01_service_account}" }, ] diff --git a/examples/node_pool/outputs.tf b/examples/node_pool/outputs.tf index 6ab4d1fe82..2057eeb472 100644 --- a/examples/node_pool/outputs.tf +++ b/examples/node_pool/outputs.tf @@ -14,15 +14,39 @@ * limitations under the License. */ -output "name_example" { +output "project_id" { + value = "${local.project_id}" +} + +output "region" { + value = "${local.region}" +} + +output "cluster_name" { description = "Cluster name" value = "${module.gke.name}" } -output "endpoint_example" { - sensitive = true - description = "Cluster endpoint" - value = "${module.gke.endpoint}" +output "network" { + value = "${local.network}" +} + +output "subnetwork" { + value = "${local.subnetwork}" +} + +output "region_example" { + value = "${module.gke.region}" +} + +output "kubernetes_endpoint" { + sensitive = true + value = "${module.gke.endpoint}" +} + +output "client_token" { + sensitive = true + value = "${base64encode(data.google_client_config.default.access_token)}" } output "location_example" { @@ -35,10 +59,12 @@ output "zones_example" { value = "${module.gke.zones}" } -output "node_pools_names_example" { - value = "${module.gke.node_pools_names}" +output "ip_range_pods" { + description = "The secondary IP range used for pods" + value = "${local.ip_range_pods}" } -output "node_pools_versions_example" { - value = "${module.gke.node_pools_versions}" +output "ip_range_services" { + description = "The secondary IP range used for services" + value = "${local.ip_range_services}" } diff --git a/examples/simple_regional/main.tf b/examples/simple_regional/main.tf index 0b5270fd30..1c7479d959 100644 --- a/examples/simple_regional/main.tf +++ b/examples/simple_regional/main.tf @@ -15,23 +15,24 @@ */ locals { - credentials_file_path = "${path.module}/sa-key.json" + cluster_type = "simple-regional" } provider "google" { - credentials = "${file(local.credentials_file_path)}" + credentials = "${file(local.credentials_path)}" + region = "${local.region}" } module "gke" { source = "../../" - project_id = "${var.project_id}" - name = "simple-regional-cluster" + project_id = "${local.project_id}" + name = "${local.cluster_type}-cluster" regional = true - region = "${var.region}" - network = "${var.network}" - subnetwork = "${var.subnetwork}" - ip_range_pods = "${var.ip_range_pods}" - ip_range_services = "${var.ip_range_services}" + region = "${local.region}" + network = "${local.network}" + subnetwork = "${local.subnetwork}" + ip_range_pods = "${local.ip_range_pods}" + ip_range_services = "${local.ip_range_services}" kubernetes_version = "1.9.7-gke.11" node_version = "1.9.7-gke.11" } diff --git a/examples/simple_regional/outputs.tf b/examples/simple_regional/outputs.tf index d7ff58179e..e7be558164 100644 --- a/examples/simple_regional/outputs.tf +++ b/examples/simple_regional/outputs.tf @@ -14,12 +14,30 @@ * limitations under the License. */ -output "name_example" { +output "project_id" { + value = "${local.project_id}" +} + +output "region" { + value = "${local.region}" +} + +output "cluster_name" { description = "Cluster name" value = "${module.gke.name}" } -output "endpoint_example" { +output "network" { + description = "Network the cluster is provisioned in" + value = "${local.network}" +} + +output "subnetwork" { + description = "Subnetwork the cluster is provisioned in" + value = "${local.subnetwork}" +} + +output "kubernetes_endpoint" { sensitive = true description = "Cluster endpoint" value = "${module.gke.endpoint}" @@ -29,3 +47,18 @@ output "location_example" { description = "Cluster location" value = "${module.gke.location}" } + +output "ip_range_pods" { + description = "The secondary IP range used for pods" + value = "${local.ip_range_pods}" +} + +output "ip_range_services" { + description = "The secondary IP range used for services" + value = "${local.ip_range_services}" +} + +output "master_kubernetes_version" { + description = "The master Kubernetes version" + value = "${module.gke.master_version}" +} diff --git a/examples/simple_regional/variables.tf b/examples/simple_regional/variables.tf index f49f87a61c..66ef037c8c 100644 --- a/examples/simple_regional/variables.tf +++ b/examples/simple_regional/variables.tf @@ -37,3 +37,13 @@ variable "ip_range_pods" { variable "ip_range_services" { description = "The secondary ip range to use for pods" } + +locals { + project_id = "${var.project_id}" + credentials_path = "${var.credentials_path}" + region = "${var.region}" + network = "${var.network}" + subnetwork = "${var.subnetwork}" + ip_range_pods = "${var.ip_range_pods}" + ip_range_services = "${var.ip_range_services}" +} diff --git a/examples/simple_zonal/main.tf b/examples/simple_zonal/main.tf index 6c6e2307e7..a0226e8100 100644 --- a/examples/simple_zonal/main.tf +++ b/examples/simple_zonal/main.tf @@ -15,25 +15,25 @@ */ locals { - credentials_file_path = "${path.module}/sa-key.json" + cluster_type = "simple-zonal" } provider "google" { - credentials = "${file(local.credentials_file_path)}" - region = "${var.region}" + credentials = "${file(local.credentials_path)}" + region = "${local.region}" } module "gke" { source = "../../" - project_id = "${var.project_id}" - name = "simple-zonal-cluster" + project_id = "${local.project_id}" + name = "${local.cluster_type}-cluster" regional = false - region = "${var.region}" - zones = "${var.zones}" - network = "${var.network}" - subnetwork = "${var.subnetwork}" - ip_range_pods = "${var.ip_range_pods}" - ip_range_services = "${var.ip_range_services}" + region = "${local.region}" + zones = "${local.zones}" + network = "${local.network}" + subnetwork = "${local.subnetwork}" + ip_range_pods = "${local.ip_range_pods}" + ip_range_services = "${local.ip_range_services}" kubernetes_version = "1.9.7-gke.11" node_version = "1.9.7-gke.11" } diff --git a/examples/simple_zonal/outputs.tf b/examples/simple_zonal/outputs.tf index 17dff21946..e7be558164 100644 --- a/examples/simple_zonal/outputs.tf +++ b/examples/simple_zonal/outputs.tf @@ -14,12 +14,30 @@ * limitations under the License. */ -output "name_example" { +output "project_id" { + value = "${local.project_id}" +} + +output "region" { + value = "${local.region}" +} + +output "cluster_name" { description = "Cluster name" value = "${module.gke.name}" } -output "endpoint_example" { +output "network" { + description = "Network the cluster is provisioned in" + value = "${local.network}" +} + +output "subnetwork" { + description = "Subnetwork the cluster is provisioned in" + value = "${local.subnetwork}" +} + +output "kubernetes_endpoint" { sensitive = true description = "Cluster endpoint" value = "${module.gke.endpoint}" @@ -30,7 +48,17 @@ output "location_example" { value = "${module.gke.location}" } -output "zones_example" { - description = "List of zones in which the cluster resides" - value = "${module.gke.zones}" +output "ip_range_pods" { + description = "The secondary IP range used for pods" + value = "${local.ip_range_pods}" +} + +output "ip_range_services" { + description = "The secondary IP range used for services" + value = "${local.ip_range_services}" +} + +output "master_kubernetes_version" { + description = "The master Kubernetes version" + value = "${module.gke.master_version}" } diff --git a/examples/simple_zonal/variables.tf b/examples/simple_zonal/variables.tf index 3d5877911a..da14c25851 100644 --- a/examples/simple_zonal/variables.tf +++ b/examples/simple_zonal/variables.tf @@ -42,3 +42,13 @@ variable "ip_range_pods" { variable "ip_range_services" { description = "The secondary ip range to use for pods" } + +locals { + project_id = "${var.project_id}" + credentials_path = "${var.credentials_path}" + region = "${var.region}" + network = "${var.network}" + subnetwork = "${var.subnetwork}" + ip_range_pods = "${var.ip_range_pods}" + ip_range_services = "${var.ip_range_services}" +} diff --git a/examples/stub_domains/main.tf b/examples/stub_domains/main.tf index d76f1e9a03..0eb035fc51 100644 --- a/examples/stub_domains/main.tf +++ b/examples/stub_domains/main.tf @@ -15,22 +15,23 @@ */ locals { - credentials_file_path = "${path.module}/sa-key.json" + cluster_type = "stub-domains" } provider "google" { - credentials = "${file(local.credentials_file_path)}" + credentials = "${file(local.credentials_path)}" + region = "${local.region}" } module "gke" { source = "../../" - project_id = "${var.project_id}" - name = "stub-domains-cluster" - region = "${var.region}" - network = "${var.network}" - subnetwork = "${var.subnetwork}" - ip_range_pods = "${var.ip_range_pods}" - ip_range_services = "${var.ip_range_services}" + project_id = "${local.project_id}" + name = "${local.cluster_type}-cluster" + region = "${local.region}" + network = "${local.network}" + subnetwork = "${local.subnetwork}" + ip_range_pods = "${local.ip_range_pods}" + ip_range_services = "${local.ip_range_services}" kubernetes_version = "1.9.7-gke.11" node_version = "1.9.7-gke.11" diff --git a/examples/stub_domains/outputs.tf b/examples/stub_domains/outputs.tf index 17dff21946..0fcdba321d 100644 --- a/examples/stub_domains/outputs.tf +++ b/examples/stub_domains/outputs.tf @@ -14,23 +14,56 @@ * limitations under the License. */ -output "name_example" { +output "project_id" { + value = "${local.project_id}" +} + +output "region" { + value = "${local.region}" +} + +output "cluster_name" { description = "Cluster name" value = "${module.gke.name}" } -output "endpoint_example" { - sensitive = true - description = "Cluster endpoint" - value = "${module.gke.endpoint}" +output "network" { + value = "${local.network}" +} + +output "subnetwork" { + value = "${local.subnetwork}" +} + +output "region_example" { + value = "${module.gke.region}" +} + +output "kubernetes_endpoint" { + sensitive = true + value = "${module.gke.endpoint}" +} + +output "client_token" { + sensitive = true + value = "${base64encode(data.google_client_config.default.access_token)}" +} + +output "ca_certificate" { + sensitive = true + value = "${module.gke.ca_certificate}" +} + +output "location" { + value = "${module.gke.location}" } -output "location_example" { - description = "Cluster location" - value = "${module.gke.location}" +output "ip_range_pods" { + description = "The secondary IP range used for pods" + value = "${local.ip_range_pods}" } -output "zones_example" { - description = "List of zones in which the cluster resides" - value = "${module.gke.zones}" +output "ip_range_services" { + description = "The secondary IP range used for services" + value = "${local.ip_range_services}" } diff --git a/examples/stub_domains/variables.tf b/examples/stub_domains/variables.tf index f49f87a61c..66ef037c8c 100644 --- a/examples/stub_domains/variables.tf +++ b/examples/stub_domains/variables.tf @@ -37,3 +37,13 @@ variable "ip_range_pods" { variable "ip_range_services" { description = "The secondary ip range to use for pods" } + +locals { + project_id = "${var.project_id}" + credentials_path = "${var.credentials_path}" + region = "${var.region}" + network = "${var.network}" + subnetwork = "${var.subnetwork}" + ip_range_pods = "${var.ip_range_pods}" + ip_range_services = "${var.ip_range_services}" +} From 98eb6d1205eb0916666a108b85ad3770deb6d9de Mon Sep 17 00:00:00 2001 From: Jason Berlinsky Date: Mon, 19 Nov 2018 16:29:02 -0500 Subject: [PATCH 04/39] Add network fixtures --- test/fixtures/all_examples/fixture_data.tf | 17 ++++ test/fixtures/networks/main.tf | 96 +++++++++++++++++++ test/fixtures/networks/outputs.tf | 46 +++++++++ .../fixtures/networks/terraform.tfvars.sample | 3 + test/fixtures/networks/variables.tf | 11 +++ 5 files changed, 173 insertions(+) create mode 100644 test/fixtures/all_examples/fixture_data.tf create mode 100644 test/fixtures/networks/main.tf create mode 100644 test/fixtures/networks/outputs.tf create mode 100644 test/fixtures/networks/terraform.tfvars.sample create mode 100644 test/fixtures/networks/variables.tf diff --git a/test/fixtures/all_examples/fixture_data.tf b/test/fixtures/all_examples/fixture_data.tf new file mode 100644 index 0000000000..dbf4751fcd --- /dev/null +++ b/test/fixtures/all_examples/fixture_data.tf @@ -0,0 +1,17 @@ +data "terraform_remote_state" "fixtures" { + backend = "local" + + config { + path = "${path.module}/../../test/fixtures/all_examples/terraform.tfstate" + } +} + +locals { + project_id = "${data.terraform_remote_state.fixtures.project_id}" + credentials_path = "${data.terraform_remote_state.fixtures.credentials_path}" + region = "${data.terraform_remote_state.fixtures.region}" + network = "${data.terraform_remote_state.fixtures.network}" + subnetwork = "${data.terraform_remote_state.fixtures.deploy_service-subnetwork}" + ip_range_pods = "${data.terraform_remote_state.fixtures.deploy_service-ip_range_pods}" + ip_range_services = "${data.terraform_remote_state.fixtures.deploy_service-ip_range_services}" +} diff --git a/test/fixtures/networks/main.tf b/test/fixtures/networks/main.tf new file mode 100644 index 0000000000..7843f11568 --- /dev/null +++ b/test/fixtures/networks/main.tf @@ -0,0 +1,96 @@ +locals { + credentials_path = "${path.module}/${var.credentials_path_relative}" +} + +resource "random_string" "suffix" { + length = 4 + special = false + upper = false +} + +provider "google" { + credentials = "${file(local.credentials_path)}" + project = "${var.project_id}" +} + +resource "google_compute_network" "main" { + name = "cft-gke-test-${random_string.suffix.result}" + auto_create_subnetworks = "false" +} + +// TODO clean up CIDRs + +resource "google_compute_subnetwork" "example-deploy_service" { + name = "cft-gke-test-deploy-service-${random_string.suffix.result}" + ip_cidr_range = "10.0.32.0/20" + region = "${var.region}" + network = "${google_compute_network.main.self_link}" + secondary_ip_range { + range_name = "cft-gke-test-deploy-service-pods-${random_string.suffix.result}" + ip_cidr_range = "192.168.32.0/22" + } + secondary_ip_range { + range_name = "cft-gke-test-deploy-service-services-${random_string.suffix.result}" + ip_cidr_range = "192.168.36.0/22" + } +} + +resource "google_compute_subnetwork" "example-node_pool" { + name = "cft-gke-test-node-pool-${random_string.suffix.result}" + ip_cidr_range = "10.0.128.0/17" + region = "${var.region}" + network = "${google_compute_network.main.self_link}" + secondary_ip_range { + range_name = "cft-gke-test-node-pool-pods-${random_string.suffix.result}" + ip_cidr_range = "192.168.128.0/18" + } + secondary_ip_range { + range_name = "cft-gke-test-node-pool-services-${random_string.suffix.result}" + ip_cidr_range = "192.168.192.0/18" + } +} + +resource "google_compute_subnetwork" "example-simple_regional" { + name = "cft-gke-test-simple-regional-${random_string.suffix.result}" + ip_cidr_range = "10.0.0.0/20" + region = "${var.region}" + network = "${google_compute_network.main.self_link}" + secondary_ip_range { + range_name = "cft-gke-test-simple-regional-pods-${random_string.suffix.result}" + ip_cidr_range = "192.168.8.0/22" + } + secondary_ip_range { + range_name = "cft-gke-test-simple-regional-services-${random_string.suffix.result}" + ip_cidr_range = "192.168.12.0/22" + } +} + +resource "google_compute_subnetwork" "example-simple_zonal" { + name = "cft-gke-test-simple-zonal-${random_string.suffix.result}" + ip_cidr_range = "10.0.48.0/20" + region = "${var.region}" + network = "${google_compute_network.main.self_link}" + secondary_ip_range { + range_name = "cft-gke-test-simple-zonal-pods-${random_string.suffix.result}" + ip_cidr_range = "192.168.48.0/22" + } + secondary_ip_range { + range_name = "cft-gke-test-simple-zonal-services-${random_string.suffix.result}" + ip_cidr_range = "192.168.52.0/22" + } +} + +resource "google_compute_subnetwork" "example-stub_domains" { + name = "cft-gke-test-stub-domains-${random_string.suffix.result}" + ip_cidr_range = "10.0.16.0/20" + region = "${var.region}" + network = "${google_compute_network.main.self_link}" + secondary_ip_range { + range_name = "cft-gke-test-stub-domains-pods-${random_string.suffix.result}" + ip_cidr_range = "192.168.24.0/22" + } + secondary_ip_range { + range_name = "cft-gke-test-stub-domains-services-${random_string.suffix.result}" + ip_cidr_range = "192.168.28.0/22" + } +} diff --git a/test/fixtures/networks/outputs.tf b/test/fixtures/networks/outputs.tf new file mode 100644 index 0000000000..14a9b0afcf --- /dev/null +++ b/test/fixtures/networks/outputs.tf @@ -0,0 +1,46 @@ +output "project_id" { + value = "${var.project_id}" +} + +output "credentials_path" { + value = "${local.credentials_path}" +} + +output "region" { + value = "${var.region}" +} + +output "network" { + value = "${google_compute_network.main.name}" +} + +output "subnetwork" { + value = + { + deploy-service = "${google_compute_subnetwork.example-deploy_service.name}" + node-pool = "${google_compute_subnetwork.example-node_pool.name}" + simple-regional = "${google_compute_subnetwork.example-simple_regional.name}" + simple-zonal = "${google_compute_subnetwork.example-simple_zonal.name}" + stub-domains = "${google_compute_subnetwork.example-stub_domains.name}" + } +} + +output "ip_range_pods" { + value = { + deploy-service = "${google_compute_subnetwork.example-deploy_service.secondary_ip_range.0.range_name}" + node-pool = "${google_compute_subnetwork.example-node_pool.secondary_ip_range.0.range_name}" + simple-regional = "${google_compute_subnetwork.example-simple_regional.secondary_ip_range.0.range_name}" + simple-zonal = "${google_compute_subnetwork.example-simple_zonal.secondary_ip_range.0.range_name}" + stub-domains = "${google_compute_subnetwork.example-stub_domains.secondary_ip_range.0.range_name}" + } +} + +output "ip_range_services" { + value = { + deploy-service = "${google_compute_subnetwork.example-deploy_service.secondary_ip_range.1.range_name}" + node-pool = "${google_compute_subnetwork.example-node_pool.secondary_ip_range.1.range_name}" + simple-regional = "${google_compute_subnetwork.example-simple_regional.secondary_ip_range.1.range_name}" + simple-zonal = "${google_compute_subnetwork.example-simple_zonal.secondary_ip_range.1.range_name}" + stub-domains = "${google_compute_subnetwork.example-stub_domains.secondary_ip_range.1.range_name}" + } +} diff --git a/test/fixtures/networks/terraform.tfvars.sample b/test/fixtures/networks/terraform.tfvars.sample new file mode 100644 index 0000000000..feb56472b1 --- /dev/null +++ b/test/fixtures/networks/terraform.tfvars.sample @@ -0,0 +1,3 @@ +project_id="" +credentials_path_relative="../../../credentials.json" +region="us-east4" diff --git a/test/fixtures/networks/variables.tf b/test/fixtures/networks/variables.tf new file mode 100644 index 0000000000..6f85dd7c9b --- /dev/null +++ b/test/fixtures/networks/variables.tf @@ -0,0 +1,11 @@ +variable "project_id" { + +} + +variable "credentials_path_relative" { + +} + +variable "region" { + +} From 5ec503ac5c9d6923be7a74e6221eeb7c23ae9025 Mon Sep 17 00:00:00 2001 From: Jason Berlinsky Date: Mon, 19 Nov 2018 16:35:01 -0500 Subject: [PATCH 05/39] Create fixtures as part of the integration test process, and share context with downstream examples --- .kitchen.yml | 154 +++++++++++++++++++++ Makefile | 87 ++++++++++-- README.md | 2 +- test/fixtures/all_examples/fixture_data.tf | 15 +- 4 files changed, 239 insertions(+), 19 deletions(-) create mode 100644 .kitchen.yml diff --git a/.kitchen.yml b/.kitchen.yml new file mode 100644 index 0000000000..754f5f20cb --- /dev/null +++ b/.kitchen.yml @@ -0,0 +1,154 @@ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +driver: + name: "terraform" + command_timeout: 1800 + +provisioner: + name: "terraform" + +platforms: + - name: local + +lifecycle: + pre_converge: cd test/fixtures/networks/ && terraform apply -auto-approve && cd - + +suites: + - name: "deploy_service" + lifecycle: + pre_converge: + - mv examples/deploy_service/variables.tf examples/deploy_service/variables.tf.disabled + - cp test/fixtures/all_examples/fixture_data.tf examples/deploy_service/fixture_data.tf + post_converge: + - rm -rf examples/deploy_service/fixture_data.tf + - mv examples/deploy_service/variables.tf.disabled examples/deploy_service/variables.tf + pre_destroy: + - mv examples/deploy_service/variables.tf examples/deploy_service/variables.tf.disabled + - cp test/fixtures/all_examples/fixture_data.tf examples/deploy_service/fixture_data.tf + post_destroy: + - rm -rf examples/deploy_service/fixture_data.tf + - mv examples/deploy_service/variables.tf.disabled examples/deploy_service/variables.tf + driver: + name: "terraform" + command_timeout: 1800 + root_module_directory: examples/deploy_service + verifier: + name: terraform + systems: + - name: deploy_service + backend: local + provisioner: + name: terraform + - name: "node_pool" + lifecycle: + pre_converge: + - mv examples/node_pool/variables.tf examples/node_pool/variables.tf.disabled + - cp test/fixtures/all_examples/fixture_data.tf examples/node_pool/fixture_data.tf + post_converge: + - rm -rf examples/node_pool/fixture_data.tf + - mv examples/node_pool/variables.tf.disabled examples/node_pool/variables.tf + pre_destroy: + - mv examples/node_pool/variables.tf examples/node_pool/variables.tf.disabled + - cp test/fixtures/all_examples/fixture_data.tf examples/node_pool/fixture_data.tf + post_destroy: + - rm -rf examples/node_pool/fixture_data.tf + - mv examples/node_pool/variables.tf.disabled examples/node_pool/variables.tf + driver: + name: "terraform" + command_timeout: 1800 + root_module_directory: examples/node_pool + verifier: + name: terraform + systems: + - name: node_pool + backend: local + provisioner: + name: terraform + - name: "simple_regional" + lifecycle: + pre_converge: + - mv examples/simple_regional/variables.tf examples/simple_regional/variables.tf.disabled + - cp test/fixtures/all_examples/fixture_data.tf examples/simple_regional/fixture_data.tf + post_converge: + - rm -rf examples/simple_regional/fixture_data.tf + - mv examples/simple_regional/variables.tf.disabled examples/simple_regional/variables.tf + pre_destroy: + - mv examples/simple_regional/variables.tf examples/simple_regional/variables.tf.disabled + - cp test/fixtures/all_examples/fixture_data.tf examples/simple_regional/fixture_data.tf + post_destroy: + - rm -rf examples/simple_regional/fixture_data.tf + - mv examples/simple_regional/variables.tf.disabled examples/simple_regional/variables.tf + driver: + name: "terraform" + command_timeout: 1800 + root_module_directory: examples/simple_regional + verifier: + name: terraform + systems: + - name: simple_regional + backend: local + provisioner: + name: terraform + - name: "simple_zonal" + lifecycle: + pre_converge: + - mv examples/simple_zonal/variables.tf examples/simple_zonal/variables.tf.disabled + - cp test/fixtures/all_examples/fixture_data.tf examples/simple_zonal/fixture_data.tf + post_converge: + - rm -rf examples/simple_zonal/fixture_data.tf + - mv examples/simple_zonal/variables.tf.disabled examples/simple_zonal/variables.tf + pre_destroy: + - mv examples/simple_zonal/variables.tf examples/simple_zonal/variables.tf.disabled + - cp test/fixtures/all_examples/fixture_data.tf examples/simple_zonal/fixture_data.tf + post_destroy: + - rm -rf examples/simple_zonal/fixture_data.tf + - mv examples/simple_zonal/variables.tf.disabled examples/simple_zonal/variables.tf + driver: + name: "terraform" + command_timeout: 1800 + root_module_directory: examples/simple_zonal + verifier: + name: terraform + systems: + - name: simple_zonal + backend: local + provisioner: + name: terraform + - name: "stub_domains" + lifecycle: + pre_converge: + - mv examples/stub_domains/variables.tf examples/stub_domains/variables.tf.disabled + - cp test/fixtures/all_examples/fixture_data.tf examples/stub_domains/fixture_data.tf + post_converge: + - rm -rf examples/stub_domains/fixture_data.tf + - mv examples/stub_domains/variables.tf.disabled examples/stub_domains/variables.tf + pre_destroy: + - mv examples/stub_domains/variables.tf examples/stub_domains/variables.tf.disabled + - cp test/fixtures/all_examples/fixture_data.tf examples/stub_domains/fixture_data.tf + post_destroy: + - rm -rf examples/stub_domains/fixture_data.tf + - mv examples/stub_domains/variables.tf.disabled examples/stub_domains/variables.tf + driver: + name: "terraform" + command_timeout: 1800 + root_module_directory: examples/stub_domains + verifier: + name: terraform + systems: + - name: stub_domains + backend: local + provisioner: + name: terraform diff --git a/Makefile b/Makefile index 6f2848bc4a..c532a57399 100644 --- a/Makefile +++ b/Makefile @@ -25,7 +25,6 @@ DOCKER_TAG_TERRAFORM ?= ${BUILD_TERRAFORM_VERSION}_${BUILD_CLOUD_SDK_VERSION}_${ BUILD_RUBY_VERSION := 2.4.2 DOCKER_IMAGE_KITCHEN_TERRAFORM := cftk/kitchen_terraform DOCKER_TAG_KITCHEN_TERRAFORM ?= ${BUILD_TERRAFORM_VERSION}_${BUILD_CLOUD_SDK_VERSION}_${BUILD_PROVIDER_GOOGLE_VERSION}_${BUILD_PROVIDER_GSUITE_VERSION} -TEST_CONFIG_FILE_LOCATION := "./test/fixtures/config.sh" # All is the first target in the file so it will get picked up when you just run 'make' on its own all: check_shell check_python check_golang check_terraform check_docker check_base_files test_check_headers check_headers check_trailing_whitespace generate_docs @@ -75,20 +74,80 @@ check_headers: @echo "Checking file headers" @python test/verify_boilerplate.py +# Integration tests +.PHONY: test_integration +test_integration: + bundle install + bundle exec kitchen create + bundle exec kitchen converge + bundle exec kitchen converge + @echo "Waiting ${GCE_INSTANCE_INIT_WAIT_TIME} seconds for load balancer to come online..." + bundle exec kitchen verify + bundle exec kitchen destroy + cd test/fixtures/networks/ && terraform destroy -auto-approve && cd - + .PHONY: generate_docs generate_docs: @source test/make.sh && generate_docs -# Integration tests - -.PHONY: regional_test_integration -regional_test_integration: - ./test/integration/gcloud/run.sh regional - -.PHONY: zonal_test_integration -zonal_test_integration: - ./test/integration/gcloud/run.sh zonal - -.PHONY: test_integration -test_integration: regional_test_integration zonal_test_integration - @echo "Running tests for regional and zonal clusters" +# Versioning +.PHONY: version +version: + @source helpers/version-repo.sh + +# Build Docker +.PHONY: docker_build_terraform +docker_build_terraform: + docker build -f build/docker/terraform/Dockerfile \ + --build-arg BUILD_TERRAFORM_VERSION=${BUILD_TERRAFORM_VERSION} \ + --build-arg BUILD_CLOUD_SDK_VERSION=${BUILD_CLOUD_SDK_VERSION} \ + --build-arg BUILD_PROVIDER_GOOGLE_VERSION=${BUILD_PROVIDER_GOOGLE_VERSION} \ + --build-arg BUILD_PROVIDER_GSUITE_VERSION=${BUILD_PROVIDER_GSUITE_VERSION} \ + -t ${DOCKER_IMAGE_TERRAFORM}:${DOCKER_TAG_TERRAFORM} . + +.PHONY: docker_build_kitchen_terraform +docker_build_kitchen_terraform: + docker build -f build/docker/kitchen_terraform/Dockerfile \ + --build-arg BUILD_TERRAFORM_IMAGE="${DOCKER_IMAGE_TERRAFORM}:${DOCKER_TAG_TERRAFORM}" \ + --build-arg BUILD_RUBY_VERSION="${BUILD_RUBY_VERSION}" \ + -t ${DOCKER_IMAGE_KITCHEN_TERRAFORM}:${DOCKER_TAG_KITCHEN_TERRAFORM} . + +# Run docker +.PHONY: docker_run +docker_run: + docker run --rm -it \ + -v $(CURDIR):/cftk/workdir \ + ${DOCKER_IMAGE_KITCHEN_TERRAFORM}:${DOCKER_TAG_KITCHEN_TERRAFORM} \ + /bin/bash + +.PHONY: docker_create +docker_create: docker_build_terraform docker_build_kitchen_terraform + docker run --rm -it \ + -v $(CURDIR):/cftk/workdir \ + ${DOCKER_IMAGE_KITCHEN_TERRAFORM}:${DOCKER_TAG_KITCHEN_TERRAFORM} \ + /bin/bash -c "kitchen create" + +.PHONY: docker_converge +docker_converge: + docker run --rm -it \ + -v $(CURDIR):/cftk/workdir \ + ${DOCKER_IMAGE_KITCHEN_TERRAFORM}:${DOCKER_TAG_KITCHEN_TERRAFORM} \ + /bin/bash -c "kitchen converge && kitchen converge" + +.PHONY: docker_verify +docker_verify: + docker run --rm -it \ + -v $(CURDIR):/cftk/workdir \ + ${DOCKER_IMAGE_KITCHEN_TERRAFORM}:${DOCKER_TAG_KITCHEN_TERRAFORM} \ + /bin/bash -c "kitchen verify" + +.PHONY: docker_destroy +docker_destroy: + docker run --rm -it \ + -v $(CURDIR):/cftk/workdir \ + ${DOCKER_IMAGE_KITCHEN_TERRAFORM}:${DOCKER_TAG_KITCHEN_TERRAFORM} \ + /bin/bash -c "kitchen destroy" + +.PHONY: test_integration_docker +test_integration_docker: docker_create docker_converge docker_verify docker_destroy + @echo "Running test-kitchen tests in docker" diff --git a/README.md b/README.md index d9792748be..5f87b767fa 100644 --- a/README.md +++ b/README.md @@ -227,7 +227,7 @@ The tests will do the following: - Permos `kitchen destroy` command - Performs a `terraform destroy -force` -You can use the following command to run the integration test in the root folder +To configure the integration tests, `cp test/fixtures/networks/terraform.tfvars.sample test/fixtures/networks/terraform.tfvars` and edit to match your testing environment. You can then use the following command to run the integration test in the root folder `make test_integration` diff --git a/test/fixtures/all_examples/fixture_data.tf b/test/fixtures/all_examples/fixture_data.tf index dbf4751fcd..e6004780e4 100644 --- a/test/fixtures/all_examples/fixture_data.tf +++ b/test/fixtures/all_examples/fixture_data.tf @@ -2,16 +2,23 @@ data "terraform_remote_state" "fixtures" { backend = "local" config { - path = "${path.module}/../../test/fixtures/all_examples/terraform.tfstate" + path = "${path.module}/../../test/fixtures/networks/terraform.tfstate" } } +data "google_compute_zones" "fixtures-available" { + project = "${data.terraform_remote_state.fixtures.project_id}" + region = "${data.terraform_remote_state.fixtures.region}" +} + locals { project_id = "${data.terraform_remote_state.fixtures.project_id}" credentials_path = "${data.terraform_remote_state.fixtures.credentials_path}" region = "${data.terraform_remote_state.fixtures.region}" network = "${data.terraform_remote_state.fixtures.network}" - subnetwork = "${data.terraform_remote_state.fixtures.deploy_service-subnetwork}" - ip_range_pods = "${data.terraform_remote_state.fixtures.deploy_service-ip_range_pods}" - ip_range_services = "${data.terraform_remote_state.fixtures.deploy_service-ip_range_services}" + subnetwork = "${data.terraform_remote_state.fixtures.subnetwork[local.cluster_type]}" + ip_range_pods = "${data.terraform_remote_state.fixtures.ip_range_pods[local.cluster_type]}" + ip_range_services = "${data.terraform_remote_state.fixtures.ip_range_services[local.cluster_type]}" + zones = ["${data.google_compute_zones.fixtures-available.names}"] + pool_01_service_account = "" } From 76b3498e82791a6e69a88c12263eb855968659a1 Mon Sep 17 00:00:00 2001 From: Jason Berlinsky Date: Tue, 20 Nov 2018 12:51:52 -0500 Subject: [PATCH 06/39] Clean up botched merge --- .gitignore | 2 + .kitchen.yml | 2 +- test/integration/gcloud/Gemfile => Gemfile | 7 +- Makefile | 1 - README.md | 10 +- build/docker/kitchen_terraform/Dockerfile | 67 ++++ examples/deploy_service/README.md | 43 ++- examples/deploy_service/outputs.tf | 17 +- examples/node_pool/README.md | 44 ++- examples/node_pool/main.tf | 2 + examples/node_pool/outputs.tf | 19 +- examples/shared_vpc/README.md | 18 - examples/shared_vpc/main.tf | 35 -- examples/shared_vpc/outputs.tf | 36 -- examples/shared_vpc/variables.tf | 43 --- examples/simple_regional/README.md | 40 +- examples/simple_regional/outputs.tf | 6 +- examples/simple_zonal/README.md | 41 +- examples/simple_zonal/outputs.tf | 6 +- examples/stub_domains/README.md | 41 +- examples/stub_domains/main.tf | 3 + examples/stub_domains/outputs.tf | 10 +- helpers/combine_docfiles.py | 16 +- networks.tf | 16 + scripts/kubectl_wrapper.sh | 8 +- test/fixtures/all_examples/fixture_data.tf | 16 + test/fixtures/networks/main.tf | 16 + test/fixtures/networks/outputs.tf | 31 +- test/fixtures/networks/variables.tf | 16 + .../deploy_service/controls/gcloud.rb | 67 ++++ .../deploy_service/controls/kubectl.rb | 67 ++++ test/integration/deploy_service/inspec.yml | 43 +++ test/integration/gcloud/.gitignore | 1 - test/integration/gcloud/.kitchen.yml | 33 -- test/integration/gcloud/run.sh | 352 ------------------ test/integration/gcloud/sample.sh | 44 --- .../test/integration/default/inspec/gcloud.rb | 127 ------- .../integration/default/inspec/kubectl.rb | 38 -- .../integration/default/inspec/terraform.rb | 102 ----- .../gcloud/test/support/google_cloud.rb | 22 -- test/integration/gcloud/zonal_config.sh | 25 -- test/integration/node_pool/controls/gcloud.rb | 168 +++++++++ .../integration/node_pool/controls/kubectl.rb | 87 +++++ test/integration/node_pool/inspec.yml | 43 +++ .../simple_regional/controls/gcloud.rb | 149 ++++++++ test/integration/simple_regional/inspec.yml | 40 ++ .../simple_zonal/controls/gcloud.rb | 150 ++++++++ test/integration/simple_zonal/inspec.yml | 40 ++ .../stub_domains/controls/gcloud.rb | 75 ++++ .../stub_domains/controls/kubectl.rb | 88 +++++ test/integration/stub_domains/inspec.yml | 43 +++ test/make.sh | 3 +- 52 files changed, 1456 insertions(+), 963 deletions(-) rename test/integration/gcloud/Gemfile => Gemfile (77%) create mode 100644 build/docker/kitchen_terraform/Dockerfile delete mode 100644 examples/shared_vpc/README.md delete mode 100644 examples/shared_vpc/main.tf delete mode 100644 examples/shared_vpc/outputs.tf delete mode 100644 examples/shared_vpc/variables.tf create mode 100644 test/integration/deploy_service/controls/gcloud.rb create mode 100644 test/integration/deploy_service/controls/kubectl.rb create mode 100644 test/integration/deploy_service/inspec.yml delete mode 100644 test/integration/gcloud/.gitignore delete mode 100644 test/integration/gcloud/.kitchen.yml delete mode 100755 test/integration/gcloud/run.sh delete mode 100644 test/integration/gcloud/sample.sh delete mode 100644 test/integration/gcloud/test/integration/default/inspec/gcloud.rb delete mode 100644 test/integration/gcloud/test/integration/default/inspec/kubectl.rb delete mode 100644 test/integration/gcloud/test/integration/default/inspec/terraform.rb delete mode 100644 test/integration/gcloud/test/support/google_cloud.rb delete mode 100644 test/integration/gcloud/zonal_config.sh create mode 100644 test/integration/node_pool/controls/gcloud.rb create mode 100644 test/integration/node_pool/controls/kubectl.rb create mode 100644 test/integration/node_pool/inspec.yml create mode 100644 test/integration/simple_regional/controls/gcloud.rb create mode 100644 test/integration/simple_regional/inspec.yml create mode 100644 test/integration/simple_zonal/controls/gcloud.rb create mode 100644 test/integration/simple_zonal/inspec.yml create mode 100644 test/integration/stub_domains/controls/gcloud.rb create mode 100644 test/integration/stub_domains/controls/kubectl.rb create mode 100644 test/integration/stub_domains/inspec.yml diff --git a/.gitignore b/.gitignore index 2ad2fdfd88..3985af4430 100644 --- a/.gitignore +++ b/.gitignore @@ -47,3 +47,5 @@ crash.log test/integration/gcloud/config.sh test/integration/tmp + +credentials.json diff --git a/.kitchen.yml b/.kitchen.yml index 754f5f20cb..4160a71c99 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -24,7 +24,7 @@ platforms: - name: local lifecycle: - pre_converge: cd test/fixtures/networks/ && terraform apply -auto-approve && cd - + pre_converge: cd test/fixtures/networks/ && terraform init && terraform apply -auto-approve && cd - suites: - name: "deploy_service" diff --git a/test/integration/gcloud/Gemfile b/Gemfile similarity index 77% rename from test/integration/gcloud/Gemfile rename to Gemfile index cc5ca265d9..35e4ef7d1f 100644 --- a/test/integration/gcloud/Gemfile +++ b/Gemfile @@ -15,8 +15,7 @@ ruby '2.4.2' source 'https://rubygems.org/' do - gem 'googleauth' - gem 'google-api-client' - gem 'kitchen-terraform', '~> 3.3' - gem 'kitchen-inspec', :git => 'https://github.com/inspec/kitchen-inspec.git', :ref => '0590f1b' + gem 'kitchen-terraform', '~> 4.0.3' + gem 'kubeclient' + gem 'rest-client' end diff --git a/Makefile b/Makefile index c532a57399..d9511218e5 100644 --- a/Makefile +++ b/Makefile @@ -81,7 +81,6 @@ test_integration: bundle exec kitchen create bundle exec kitchen converge bundle exec kitchen converge - @echo "Waiting ${GCE_INSTANCE_INIT_WAIT_TIME} seconds for load balancer to come online..." bundle exec kitchen verify bundle exec kitchen destroy cd test/fixtures/networks/ && terraform destroy -auto-approve && cd - diff --git a/README.md b/README.md index 5f87b767fa..6e6d3f576c 100644 --- a/README.md +++ b/README.md @@ -97,7 +97,7 @@ Then perform the following commands on the root folder: | ip_range_pods | The secondary ip range to use for pods | string | - | yes | | ip_range_services | The secondary ip range to use for pods | string | - | yes | | kubernetes_dashboard | Enable kubernetes dashboard addon | string | `false` | no | -| kubernetes_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | string | `1.10.6-gke.2` | no | +| kubernetes_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | string | `latest` | no | | logging_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | string | `logging.googleapis.com` | no | | maintenance_start_time | Time window specified for daily maintenance operations in RFC3339 format | string | `05:00` | no | | master_authorized_networks_config | The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists)

### example format ### master_authorized_networks_config = [{ cidr_blocks = [{ cidr_block = "10.0.0.0/8" display_name = "example_network" }], }] | list | `` | no | @@ -199,7 +199,6 @@ The project has the following folders and files: ### Requirements - [bundler](https://github.com/bundler/bundler) - [gcloud](https://cloud.google.com/sdk/install) -- [jq](https://stedolan.github.io/jq/) 1.5 - [terraform-docs](https://github.com/segmentio/terraform-docs/releases) 0.3.0 ### Autogeneration of documentation from .tf files @@ -222,9 +221,8 @@ The tests will do the following: - Perform `kitchen validate` command - Performs inspec tests. - Shell out to `gcloud` to validate expected resources in GCP. - - Shell out to `kubectl` to validate expected resource in Kubernetes. - - Shell out to `terraform` to validate outputs. -- Permos `kitchen destroy` command + - Interrogate the cluster to validate expected resource in Kubernetes. +- Perform `kitchen destroy` command - Performs a `terraform destroy -force` To configure the integration tests, `cp test/fixtures/networks/terraform.tfvars.sample test/fixtures/networks/terraform.tfvars` and edit to match your testing environment. You can then use the following command to run the integration test in the root folder @@ -270,4 +268,4 @@ are as follows: is a compiled language so there is no standard linter. * Terraform - terraform has a built-in linter in the 'terraform validate' command. -* Dockerfiles - hadolint. Can be found in homebrew +* Dockerfiles - hadolint. Can be found in homebrew \ No newline at end of file diff --git a/build/docker/kitchen_terraform/Dockerfile b/build/docker/kitchen_terraform/Dockerfile new file mode 100644 index 0000000000..a2e7a898b5 --- /dev/null +++ b/build/docker/kitchen_terraform/Dockerfile @@ -0,0 +1,67 @@ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ARG BUILD_TERRAFORM_IMAGE +ARG BUILD_RUBY_VERSION +# hadolint ignore=DL3006 +FROM $BUILD_TERRAFORM_IMAGE as cfkt_terraform + + + +FROM ruby:$BUILD_RUBY_VERSION-alpine + +RUN apk add --no-cache \ + bash=4.3.42-r5 \ + curl=7.60.0-r1 \ + git=2.8.6-r0 \ + g++=5.3.0-r0 \ + jq=1.5-r2 \ + make=4.1-r1 \ + musl-dev=1.1.14-r16 \ + python=2.7.14-r0 \ + python-dev=2.7.14-r0 \ + py-pip=8.1.2-r0 \ + ca-certificates=20161130-r0 + +ADD https://storage.googleapis.com/kubernetes-release/release/v1.12.2/bin/linux/amd64/kubectl /usr/local/bin/kubectl +RUN chmod +x /usr/local/bin/kubectl + +SHELL ["/bin/bash", "-c"] + +ENV APP_BASE_DIR="/cftk" + +COPY --from=cfkt_terraform $APP_BASE_DIR $APP_BASE_DIR + +ENV HOME="$APP_BASE_DIR/home" +ENV PATH $APP_BASE_DIR/bin:$APP_BASE_DIR/google-cloud-sdk/bin:$PATH +ENV GOOGLE_APPLICATION_CREDENTIALS="$CREDENTIALS_PATH" \ + CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE="$CREDENTIALS_PATH" + +# Fix base64 inconsistency +SHELL ["/bin/bash", "-c"] +RUN echo 'base64() { if [[ $@ == "--decode" ]]; then command base64 -d | more; else command base64 "$@"; fi; }' >> $APP_BASE_DIR/home/.bashrc + +RUN terraform --version && \ + gcloud --version && \ + ruby --version && \ + bundle --version + +COPY ./Gemfile /opt/kitchen/ + +WORKDIR /opt/kitchen +RUN bundle install + +RUN gcloud components install beta --quiet + +WORKDIR $APP_BASE_DIR/workdir diff --git a/examples/deploy_service/README.md b/examples/deploy_service/README.md index fa52c2b491..57d62019fa 100644 --- a/examples/deploy_service/README.md +++ b/examples/deploy_service/README.md @@ -8,16 +8,43 @@ It will: - Create an Nginx Pod - Create an Nginx Service -Expected variables: -- `project_id` -- `region` -- `network` -- `subnetwork` -- `ip_range_pods` -- `ip_range_services` +[^]: (autogen_docs_start) + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| ip_range_pods | The secondary ip range to use for pods | string | - | yes | +| ip_range_services | The secondary ip range to use for pods | string | - | yes | +| network | The VPC network to host the cluster in | string | - | yes | +| project_id | The project ID to host the cluster in | string | - | yes | +| region | The region to host the cluster in | string | - | yes | +| subnetwork | The subnetwork to host the cluster in | string | - | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| ca_certificate | | +| client_token | | +| cluster_name | Cluster name | +| credentials_path | | +| ip_range_pods | The secondary IP range used for pods | +| ip_range_services | The secondary IP range used for services | +| kubernetes_endpoint | | +| location | | +| master_kubernetes_version | The master Kubernetes version | +| network | | +| project_id | | +| region | | +| subnetwork | | +| zones | List of zones in which the cluster resides | + +[^]: (autogen_docs_end) To provision this example, run the following from within this directory: - `terraform init` to get the plugins - `terraform plan` to see the infrastructure plan - `terraform apply` to apply the infrastructure build -- `terraform destroy` to destroy the built infrastructure +- `terraform destroy` to destroy the built infrastructure \ No newline at end of file diff --git a/examples/deploy_service/outputs.tf b/examples/deploy_service/outputs.tf index 455fb3275c..62f27cf9f0 100644 --- a/examples/deploy_service/outputs.tf +++ b/examples/deploy_service/outputs.tf @@ -18,8 +18,12 @@ output "project_id" { value = "${local.project_id}" } +output "credentials_path" { + value = "${local.credentials_path}" +} + output "region" { - value = "${local.region}" + value = "${module.gke.region}" } output "cluster_name" { @@ -35,10 +39,6 @@ output "subnetwork" { value = "${local.subnetwork}" } -output "region_example" { - value = "${module.gke.region}" -} - output "kubernetes_endpoint" { sensitive = true value = "${module.gke.endpoint}" @@ -68,7 +68,12 @@ output "ip_range_services" { value = "${local.ip_range_services}" } -output "zones_example" { +output "zones" { description = "List of zones in which the cluster resides" value = "${module.gke.zones}" } + +output "master_kubernetes_version" { + description = "The master Kubernetes version" + value = "${module.gke.master_version}" +} diff --git a/examples/node_pool/README.md b/examples/node_pool/README.md index cc8972d0b0..51d8307ae7 100644 --- a/examples/node_pool/README.md +++ b/examples/node_pool/README.md @@ -2,17 +2,43 @@ This example illustrates how to create a cluster with multiple custom node-pool configurations with node labels, taints, and network tags. -Expected variables: -- `project_id` -- `region` -- `network` -- `subnetwork` -- `ip_range_pods` -- `ip_range_services` -- `pool_01_service_account` - Only needed if you've deleted the default service account from your project +[^]: (autogen_docs_start) + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| ip_range_pods | The secondary ip range to use for pods | string | - | yes | +| ip_range_services | The secondary ip range to use for pods | string | - | yes | +| network | The VPC network to host the cluster in | string | - | yes | +| pool_01_service_account | Service account to associate to the nodes on pool-01 | string | - | yes | +| project_id | The project ID to host the cluster in | string | - | yes | +| region | The region to host the cluster in | string | - | yes | +| subnetwork | The subnetwork to host the cluster in | string | - | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| ca_certificate | | +| client_token | | +| cluster_name | Cluster name | +| credentials_path | | +| ip_range_pods | The secondary IP range used for pods | +| ip_range_services | The secondary IP range used for services | +| kubernetes_endpoint | | +| location | Cluster location | +| network | | +| project_id | | +| region | | +| subnetwork | | +| zones | List of zones in which the cluster resides | + +[^]: (autogen_docs_end) To provision this example, run the following from within this directory: - `terraform init` to get the plugins - `terraform plan` to see the infrastructure plan - `terraform apply` to apply the infrastructure build -- `terraform destroy` to destroy the built infrastructure +- `terraform destroy` to destroy the built infrastructure \ No newline at end of file diff --git a/examples/node_pool/main.tf b/examples/node_pool/main.tf index fb26f57555..09deb5dbc5 100644 --- a/examples/node_pool/main.tf +++ b/examples/node_pool/main.tf @@ -98,3 +98,5 @@ module "gke" { pool-02 = [] } } + +data "google_client_config" "default" {} diff --git a/examples/node_pool/outputs.tf b/examples/node_pool/outputs.tf index 2057eeb472..55a27ba38b 100644 --- a/examples/node_pool/outputs.tf +++ b/examples/node_pool/outputs.tf @@ -18,8 +18,12 @@ output "project_id" { value = "${local.project_id}" } +output "credentials_path" { + value = "${local.credentials_path}" +} + output "region" { - value = "${local.region}" + value = "${module.gke.region}" } output "cluster_name" { @@ -35,10 +39,6 @@ output "subnetwork" { value = "${local.subnetwork}" } -output "region_example" { - value = "${module.gke.region}" -} - output "kubernetes_endpoint" { sensitive = true value = "${module.gke.endpoint}" @@ -49,12 +49,17 @@ output "client_token" { value = "${base64encode(data.google_client_config.default.access_token)}" } -output "location_example" { +output "ca_certificate" { + sensitive = true + value = "${module.gke.ca_certificate}" +} + +output "location" { description = "Cluster location" value = "${module.gke.location}" } -output "zones_example" { +output "zones" { description = "List of zones in which the cluster resides" value = "${module.gke.zones}" } diff --git a/examples/shared_vpc/README.md b/examples/shared_vpc/README.md deleted file mode 100644 index c882008564..0000000000 --- a/examples/shared_vpc/README.md +++ /dev/null @@ -1,18 +0,0 @@ -# Shared VPC Cluster - -This example illustrates how to create a simple cluster. - -Expected variables: -- `project_id` -- `region` -- `network` -- `network_project_id` -- `subnetwork` -- `ip_range_pods` -- `ip_range_services` - -To provision this example, run the following from within this directory: -- `terraform init` to get the plugins -- `terraform plan` to see the infrastructure plan -- `terraform apply` to apply the infrastructure build -- `terraform destroy` to destroy the built infrastructure diff --git a/examples/shared_vpc/main.tf b/examples/shared_vpc/main.tf deleted file mode 100644 index c68a652100..0000000000 --- a/examples/shared_vpc/main.tf +++ /dev/null @@ -1,35 +0,0 @@ -/** - * Copyright 2018 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -locals { - credentials_file_path = "${path.module}/sa-key.json" -} - -provider "google" { - credentials = "${file(local.credentials_file_path)}" -} - -module "gke" { - source = "../../" - project_id = "${var.project_id}" - name = "shared-vpc-sample-cluster" - region = "${var.region}" - network = "${var.network}" - network_project_id = "${var.network_project_id}" - subnetwork = "${var.subnetwork}" - ip_range_pods = "${var.ip_range_pods}" - ip_range_services = "${var.ip_range_services}" -} diff --git a/examples/shared_vpc/outputs.tf b/examples/shared_vpc/outputs.tf deleted file mode 100644 index 17dff21946..0000000000 --- a/examples/shared_vpc/outputs.tf +++ /dev/null @@ -1,36 +0,0 @@ -/** - * Copyright 2018 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -output "name_example" { - description = "Cluster name" - value = "${module.gke.name}" -} - -output "endpoint_example" { - sensitive = true - description = "Cluster endpoint" - value = "${module.gke.endpoint}" -} - -output "location_example" { - description = "Cluster location" - value = "${module.gke.location}" -} - -output "zones_example" { - description = "List of zones in which the cluster resides" - value = "${module.gke.zones}" -} diff --git a/examples/shared_vpc/variables.tf b/examples/shared_vpc/variables.tf deleted file mode 100644 index 8ac12e4f45..0000000000 --- a/examples/shared_vpc/variables.tf +++ /dev/null @@ -1,43 +0,0 @@ -/** - * Copyright 2018 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -variable "project_id" { - description = "The project ID to host the cluster in" -} - -variable "region" { - description = "The region to host the cluster in" -} - -variable "network" { - description = "The VPC network to host the cluster in" -} - -variable "subnetwork" { - description = "The subnetwork to host the cluster in" -} - -variable "network_project_id" { - description = "The project ID of the shared VPC's host" -} - -variable "ip_range_pods" { - description = "The secondary ip range to use for pods" -} - -variable "ip_range_services" { - description = "The secondary ip range to use for pods" -} diff --git a/examples/simple_regional/README.md b/examples/simple_regional/README.md index dccf8dcc93..42056ffd33 100644 --- a/examples/simple_regional/README.md +++ b/examples/simple_regional/README.md @@ -2,16 +2,40 @@ This example illustrates how to create a simple cluster. -Expected variables: -- `project_id` -- `region` -- `network` -- `subnetwork` -- `ip_range_pods` -- `ip_range_services` +[^]: (autogen_docs_start) + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| ip_range_pods | The secondary ip range to use for pods | string | - | yes | +| ip_range_services | The secondary ip range to use for pods | string | - | yes | +| network | The VPC network to host the cluster in | string | - | yes | +| project_id | The project ID to host the cluster in | string | - | yes | +| region | The region to host the cluster in | string | - | yes | +| subnetwork | The subnetwork to host the cluster in | string | - | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| cluster_name | Cluster name | +| credentials_path | | +| ip_range_pods | The secondary IP range used for pods | +| ip_range_services | The secondary IP range used for services | +| kubernetes_endpoint | Cluster endpoint | +| location | Cluster location | +| master_kubernetes_version | The master Kubernetes version | +| network | Network the cluster is provisioned in | +| project_id | | +| region | | +| subnetwork | Subnetwork the cluster is provisioned in | + +[^]: (autogen_docs_end) To provision this example, run the following from within this directory: - `terraform init` to get the plugins - `terraform plan` to see the infrastructure plan - `terraform apply` to apply the infrastructure build -- `terraform destroy` to destroy the built infrastructure +- `terraform destroy` to destroy the built infrastructure \ No newline at end of file diff --git a/examples/simple_regional/outputs.tf b/examples/simple_regional/outputs.tf index e7be558164..720bac77ee 100644 --- a/examples/simple_regional/outputs.tf +++ b/examples/simple_regional/outputs.tf @@ -18,6 +18,10 @@ output "project_id" { value = "${local.project_id}" } +output "credentials_path" { + value = "${local.credentials_path}" +} + output "region" { value = "${local.region}" } @@ -43,7 +47,7 @@ output "kubernetes_endpoint" { value = "${module.gke.endpoint}" } -output "location_example" { +output "location" { description = "Cluster location" value = "${module.gke.location}" } diff --git a/examples/simple_zonal/README.md b/examples/simple_zonal/README.md index a6de591759..a9a0e48fe6 100644 --- a/examples/simple_zonal/README.md +++ b/examples/simple_zonal/README.md @@ -2,16 +2,41 @@ This example illustrates how to create a simple cluster. -Expected variables: -- `project_id` -- `region` -- `network` -- `subnetwork` -- `ip_range_pods` -- `ip_range_services` +[^]: (autogen_docs_start) + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| ip_range_pods | The secondary ip range to use for pods | string | - | yes | +| ip_range_services | The secondary ip range to use for pods | string | - | yes | +| network | The VPC network to host the cluster in | string | - | yes | +| project_id | The project ID to host the cluster in | string | - | yes | +| region | The region to host the cluster in | string | - | yes | +| subnetwork | The subnetwork to host the cluster in | string | - | yes | +| zones | The zone to host the cluster in (required if is a zonal cluster) | list | - | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| cluster_name | Cluster name | +| credentials_path | | +| ip_range_pods | The secondary IP range used for pods | +| ip_range_services | The secondary IP range used for services | +| kubernetes_endpoint | Cluster endpoint | +| location | Cluster location | +| master_kubernetes_version | The master Kubernetes version | +| network | Network the cluster is provisioned in | +| project_id | | +| region | | +| subnetwork | Subnetwork the cluster is provisioned in | + +[^]: (autogen_docs_end) To provision this example, run the following from within this directory: - `terraform init` to get the plugins - `terraform plan` to see the infrastructure plan - `terraform apply` to apply the infrastructure build -- `terraform destroy` to destroy the built infrastructure +- `terraform destroy` to destroy the built infrastructure \ No newline at end of file diff --git a/examples/simple_zonal/outputs.tf b/examples/simple_zonal/outputs.tf index e7be558164..720bac77ee 100644 --- a/examples/simple_zonal/outputs.tf +++ b/examples/simple_zonal/outputs.tf @@ -18,6 +18,10 @@ output "project_id" { value = "${local.project_id}" } +output "credentials_path" { + value = "${local.credentials_path}" +} + output "region" { value = "${local.region}" } @@ -43,7 +47,7 @@ output "kubernetes_endpoint" { value = "${module.gke.endpoint}" } -output "location_example" { +output "location" { description = "Cluster location" value = "${module.gke.location}" } diff --git a/examples/stub_domains/README.md b/examples/stub_domains/README.md index d47372411b..16507d89de 100644 --- a/examples/stub_domains/README.md +++ b/examples/stub_domains/README.md @@ -7,16 +7,41 @@ It will: - Remove the default kube-dns configmap - Add a new kube-dns configmap with custom stub domains -Expected variables: -- `project_id` -- `region` -- `network` -- `subnetwork` -- `ip_range_pods` -- `ip_range_services` +[^]: (autogen_docs_start) + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| ip_range_pods | The secondary ip range to use for pods | string | - | yes | +| ip_range_services | The secondary ip range to use for pods | string | - | yes | +| network | The VPC network to host the cluster in | string | - | yes | +| project_id | The project ID to host the cluster in | string | - | yes | +| region | The region to host the cluster in | string | - | yes | +| subnetwork | The subnetwork to host the cluster in | string | - | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| ca_certificate | | +| client_token | | +| cluster_name | Cluster name | +| credentials_path | | +| ip_range_pods | The secondary IP range used for pods | +| ip_range_services | The secondary IP range used for services | +| kubernetes_endpoint | | +| location | | +| network | | +| project_id | | +| region | | +| subnetwork | | + +[^]: (autogen_docs_end) To provision this example, run the following from within this directory: - `terraform init` to get the plugins - `terraform plan` to see the infrastructure plan - `terraform apply` to apply the infrastructure build -- `terraform destroy` to destroy the built infrastructure +- `terraform destroy` to destroy the built infrastructure \ No newline at end of file diff --git a/examples/stub_domains/main.tf b/examples/stub_domains/main.tf index 0eb035fc51..a208d5306a 100644 --- a/examples/stub_domains/main.tf +++ b/examples/stub_domains/main.tf @@ -32,6 +32,7 @@ module "gke" { subnetwork = "${local.subnetwork}" ip_range_pods = "${local.ip_range_pods}" ip_range_services = "${local.ip_range_services}" + network_policy = true kubernetes_version = "1.9.7-gke.11" node_version = "1.9.7-gke.11" @@ -47,3 +48,5 @@ module "gke" { ] } } + +data "google_client_config" "default" {} diff --git a/examples/stub_domains/outputs.tf b/examples/stub_domains/outputs.tf index 0fcdba321d..8bf635469d 100644 --- a/examples/stub_domains/outputs.tf +++ b/examples/stub_domains/outputs.tf @@ -18,8 +18,12 @@ output "project_id" { value = "${local.project_id}" } +output "credentials_path" { + value = "${local.credentials_path}" +} + output "region" { - value = "${local.region}" + value = "${module.gke.region}" } output "cluster_name" { @@ -35,10 +39,6 @@ output "subnetwork" { value = "${local.subnetwork}" } -output "region_example" { - value = "${module.gke.region}" -} - output "kubernetes_endpoint" { sensitive = true value = "${module.gke.endpoint}" diff --git a/helpers/combine_docfiles.py b/helpers/combine_docfiles.py index b01af7c571..16516cb009 100644 --- a/helpers/combine_docfiles.py +++ b/helpers/combine_docfiles.py @@ -25,20 +25,28 @@ regex specified here ''' +import os import re import sys -insert_separator_regex = '(.*?\[\^\]\:\ \(autogen_docs_start\))(.*?)(\n\[\^\]\:\ \(autogen_docs_end\).*?$)' -exclude_separator_regex = '(.*?)Copyright 20\d\d Google LLC.*?limitations under the License.(.*?)$' +insert_separator_regex = '(.*?\[\^\]\:\ \(autogen_docs_start\))(.*?)(\n\[\^\]\:\ \(autogen_docs_end\).*?$)' # noqa: E501 +exclude_separator_regex = '(.*?)Copyright 20\d\d Google LLC.*?limitations under the License.(.*?)$' # noqa: E501 if len(sys.argv) != 3: - sys.exit(1) + sys.exit(1) + +if not os.path.isfile(sys.argv[1]): + sys.exit(0) input = open(sys.argv[1], "r").read() replace_content = open(sys.argv[2], "r").read() # Exclude the specified content from the replacement content -groups = re.match(exclude_separator_regex, replace_content, re.DOTALL).groups(0) +groups = re.match( + exclude_separator_regex, + replace_content, + re.DOTALL +).groups(0) replace_content = groups[0] + groups[1] # Find where to put the replacement content, overwrite the input file diff --git a/networks.tf b/networks.tf index eecdac2d94..a5df6d1271 100644 --- a/networks.tf +++ b/networks.tf @@ -1,3 +1,19 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + data "google_compute_network" "gke_network" { name = "${var.network}" project = "${local.network_project_id}" diff --git a/scripts/kubectl_wrapper.sh b/scripts/kubectl_wrapper.sh index a2054a7009..e1444ca2a0 100755 --- a/scripts/kubectl_wrapper.sh +++ b/scripts/kubectl_wrapper.sh @@ -39,7 +39,13 @@ mkdir "${TMPDIR}" export KUBECONFIG="${TMPDIR}/config" -echo "${CA_CERTIFICATE}" | base64 --decode > "${TMPDIR}/ca_certificate" +_b64_location=$(which base64) + +B64_ARG="-D" +if [ "${_b64_location}" = "/bin/base64" ]; then + B64_ARG="-d" +fi +echo "${CA_CERTIFICATE}" | base64 ${B64_ARG} > "${TMPDIR}/ca_certificate" kubectl config set-cluster kubectl-wrapper --server="${HOST}" --certificate-authority="${TMPDIR}/ca_certificate" --embed-certs=true 1>/dev/null rm -f "${TMPDIR}/ca_certificate" diff --git a/test/fixtures/all_examples/fixture_data.tf b/test/fixtures/all_examples/fixture_data.tf index e6004780e4..5075145b27 100644 --- a/test/fixtures/all_examples/fixture_data.tf +++ b/test/fixtures/all_examples/fixture_data.tf @@ -1,3 +1,19 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + data "terraform_remote_state" "fixtures" { backend = "local" diff --git a/test/fixtures/networks/main.tf b/test/fixtures/networks/main.tf index 7843f11568..3c67bfe05a 100644 --- a/test/fixtures/networks/main.tf +++ b/test/fixtures/networks/main.tf @@ -1,3 +1,19 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + locals { credentials_path = "${path.module}/${var.credentials_path_relative}" } diff --git a/test/fixtures/networks/outputs.tf b/test/fixtures/networks/outputs.tf index 14a9b0afcf..54bb58f067 100644 --- a/test/fixtures/networks/outputs.tf +++ b/test/fixtures/networks/outputs.tf @@ -1,3 +1,19 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + output "project_id" { value = "${var.project_id}" } @@ -15,14 +31,13 @@ output "network" { } output "subnetwork" { - value = - { - deploy-service = "${google_compute_subnetwork.example-deploy_service.name}" - node-pool = "${google_compute_subnetwork.example-node_pool.name}" - simple-regional = "${google_compute_subnetwork.example-simple_regional.name}" - simple-zonal = "${google_compute_subnetwork.example-simple_zonal.name}" - stub-domains = "${google_compute_subnetwork.example-stub_domains.name}" - } + value = { + deploy-service = "${google_compute_subnetwork.example-deploy_service.name}" + node-pool = "${google_compute_subnetwork.example-node_pool.name}" + simple-regional = "${google_compute_subnetwork.example-simple_regional.name}" + simple-zonal = "${google_compute_subnetwork.example-simple_zonal.name}" + stub-domains = "${google_compute_subnetwork.example-stub_domains.name}" + } } output "ip_range_pods" { diff --git a/test/fixtures/networks/variables.tf b/test/fixtures/networks/variables.tf index 6f85dd7c9b..34b8683c0f 100644 --- a/test/fixtures/networks/variables.tf +++ b/test/fixtures/networks/variables.tf @@ -1,3 +1,19 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + variable "project_id" { } diff --git a/test/integration/deploy_service/controls/gcloud.rb b/test/integration/deploy_service/controls/gcloud.rb new file mode 100644 index 0000000000..0e9b44041f --- /dev/null +++ b/test/integration/deploy_service/controls/gcloud.rb @@ -0,0 +1,67 @@ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +location = attribute('location') +cluster_name = attribute('cluster_name') +network = attribute('network') +subnetwork = attribute('subnetwork') +ip_range_pods = attribute('ip_range_pods') +ip_range_services = attribute('ip_range_services') +master_kubernetes_version = attribute('master_kubernetes_version') + +credentials_path = attribute('credentials_path') +ENV['CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE'] = credentials_path + +control "gcloud" do + title "Google Compute Engine GKE configuration" + describe command("gcloud --project=#{project_id} container clusters --zone=#{location} describe #{cluster_name} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let!(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "cluster" do + it "is running" do + expect(data['status']).to eq 'RUNNING' + end + + it "has the expected initial cluster version" do + expect(data['initialClusterVersion']).to eq master_kubernetes_version + end + + it "is in the expected network" do + expect(data['network']).to eq network + end + + it "is in the expected subnetwork" do + expect(data['subnetwork']).to eq subnetwork + end + + it "has the expected secondary ip range for pods" do + expect(data['ipAllocationPolicy']['clusterSecondaryRangeName']).to eq ip_range_pods + end + + it "has the expected secondary ip range for services" do + expect(data['ipAllocationPolicy']['servicesSecondaryRangeName']).to eq ip_range_services + end + end + end +end diff --git a/test/integration/deploy_service/controls/kubectl.rb b/test/integration/deploy_service/controls/kubectl.rb new file mode 100644 index 0000000000..1443f94057 --- /dev/null +++ b/test/integration/deploy_service/controls/kubectl.rb @@ -0,0 +1,67 @@ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +require 'kubeclient' +require 'rest-client' + +require 'base64' + +kubernetes_endpoint = attribute('kubernetes_endpoint') +client_token = attribute('client_token') +ca_certificate = attribute('ca_certificate') + +control "kubectl" do + title "Kubernetes configuration" + + describe "kubernetes" do + let(:kubernetes_http_endpoint) { "https://#{kubernetes_endpoint}/api" } + let(:client) do + cert_store = OpenSSL::X509::Store.new + cert_store.add_cert(OpenSSL::X509::Certificate.new(Base64.decode64(ca_certificate))) + Kubeclient::Client.new( + kubernetes_http_endpoint, + "v1", + ssl_options: { + cert_store: cert_store, + verify_ssl: OpenSSL::SSL::VERIFY_PEER, + }, + auth_options: { + bearer_token: Base64.decode64(client_token), + }, + ) + end + + describe "services" do + describe "nginx" do + let(:service) { client.get_service("terraform-example", "default") } + let(:service_load_balancer_ip) { service.status.loadBalancer.ingress.first.ip } + let(:service_load_balancer_address) { "http://#{service_load_balancer_ip}:8080" } + + it "exists" do + expect(service).not_to be_nil + end + + it "has an IP address" do + expect(service_load_balancer_ip).not_to be_nil + end + + it "is reachable" do + expect { + RestClient.get(service_load_balancer_address) + }.to_not raise_exception + end + end + end + end +end diff --git a/test/integration/deploy_service/inspec.yml b/test/integration/deploy_service/inspec.yml new file mode 100644 index 0000000000..753ad19e68 --- /dev/null +++ b/test/integration/deploy_service/inspec.yml @@ -0,0 +1,43 @@ +name: deploy_service +attributes: + - name: project_id + required: true + type: string + - name: credentials_path + required: true + type: string + - name: region + required: true + type: string + - name: location + required: true + type: string + - name: cluster_name + required: true + type: string + - name: network + required: false + type: string + default: "default" + - name: subnetwork + required: false + type: string + default: "default" + - name: ip_range_pods + required: true + type: string + - name: ip_range_services + required: true + type: string + - name: master_kubernetes_version + required: true + type: string + - name: kubernetes_endpoint + required: true + type: string + - name: client_token + required: true + type: string + - name: ca_certificate + required: true + type: string diff --git a/test/integration/gcloud/.gitignore b/test/integration/gcloud/.gitignore deleted file mode 100644 index cdd7c19c8d..0000000000 --- a/test/integration/gcloud/.gitignore +++ /dev/null @@ -1 +0,0 @@ -config.sh diff --git a/test/integration/gcloud/.kitchen.yml b/test/integration/gcloud/.kitchen.yml deleted file mode 100644 index 65885a1b7b..0000000000 --- a/test/integration/gcloud/.kitchen.yml +++ /dev/null @@ -1,33 +0,0 @@ -# Copyright 2018 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - ---- -driver: - name: "terraform" - command_timeout: 1800 - -provisioner: - name: "terraform" - -transport: - name: exec - -platforms: - - name: local - -verifier: - name: inspec - -suites: - - name: "default" diff --git a/test/integration/gcloud/run.sh b/test/integration/gcloud/run.sh deleted file mode 100755 index ba0df4aea1..0000000000 --- a/test/integration/gcloud/run.sh +++ /dev/null @@ -1,352 +0,0 @@ -#!/bin/bash -# Copyright 2018 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -if [ "$#" -lt 1 ]; then - >&2 echo "Must specify cluster type (regional/zonal)" - exit 1 -fi - -export CLUSTER_TYPE="$1" - -TEMPDIR=$(pwd)/test/integration/tmp -TESTDIR=${BASH_SOURCE%/*} - -function export_vars() { - export TEST_ID="modules_gke_integration_gcloud_${RANDOM}" - export KUBECONFIG="${TEMPDIR}/${CLUSTER_TYPE}/${TEST_ID}.kubeconfig" - if [[ $CLUSTER_TYPE = "regional" ]]; then - if [ -f "./regional_config.sh" ]; then - source ./regional_config.sh - fi - export CLUSTER_REGIONAL="true" - export CLUSTER_LOCATION="$REGIONAL_LOCATION" - export CLUSTER_NAME="$REGIONAL_CLUSTER_NAME" - export IP_RANGE_PODS="$REGIONAL_IP_RANGE_PODS" - export IP_RANGE_SERVICES="$REGIONAL_IP_RANGE_SERVICES" - else - if [ -f "./zonal_config.sh" ]; then - source ./zonal_config.sh - fi - if [ -z "${ZONE}" ]; then - echo "Can not create a zonal cluster without specifying \$ZONE. Aborting..." - exit 1 - fi - export CLUSTER_REGIONAL="false" - export CLUSTER_LOCATION="$ZONAL_LOCATION" - export CLUSTER_NAME="$ZONAL_CLUSTER_NAME" - export IP_RANGE_PODS="$ZONAL_IP_RANGE_PODS" - export IP_RANGE_SERVICES="$ZONAL_IP_RANGE_SERVICES" - fi - - if [ "${ZONE}" = "" ] && [ "${ADDITIONAL_ZONES}" = "" ]; then - export ZONES="" - else - export ZONES="\"$ZONE\",$ADDITIONAL_ZONES" - fi -} - -# Activate test working directory -function make_testdir() { - mkdir -p "${TEMPDIR}/${CLUSTER_TYPE}" - cp -r "${TESTDIR}"/* "${TEMPDIR}/${CLUSTER_TYPE}/" - cp -r "$TESTDIR"/.kitchen.yml "${TEMPDIR}/${CLUSTER_TYPE}/" -} - -# Activate test config -function activate_config() { - # shellcheck disable=SC1091 - source config.sh - echo "$PROJECT_NAME" -} - -# Cleans the workdir -function clean_workdir() { - #rm -rf "$TEMPDIR" - - export CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE="" - unset CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE - -} - -# Creates the main.tf file for Terraform -function create_main_tf_file() { - echo "Creating main.tf file" - cat < main.tf -locals { - credentials_file_path = "$CREDENTIALS_PATH" -} - -provider "google" { - credentials = "\${file(local.credentials_file_path)}" - region = "${REGION}" -} - -provider "kubernetes" { - load_config_file = false - host = "https://\${module.gke.endpoint}" - token = "\${data.google_client_config.default.access_token}" - cluster_ca_certificate = "\${base64decode(module.gke.ca_certificate)}" -} - -data "google_client_config" "default" {} - -module "gke" { - source = "../../../../" - project_id = "$PROJECT_ID" - name = "$CLUSTER_NAME" - description = "Test GKE cluster" - regional = $CLUSTER_REGIONAL - region = "$REGION" - zones = [$ZONES] - kubernetes_version = "$KUBERNETES_VERSION" - network = "$NETWORK" - subnetwork = "$SUBNETWORK" - ip_range_pods = "$IP_RANGE_PODS" - ip_range_services = "$IP_RANGE_SERVICES" - - http_load_balancing = false - horizontal_pod_autoscaling = true - kubernetes_dashboard = true - network_policy = true - - stub_domains { - "example.com" = [ - "10.254.154.11", - "10.254.154.12", - ] - - "testola.com" = [ - "10.254.154.11", - "10.254.154.12", - ] - } - - non_masquerade_cidrs = [ - "10.0.0.0/8", - "192.168.20.0/24", - "192.168.21.0/24", - ] - - node_pools = [ - { - name = "pool-01" - machine_type = "n1-standard-1" - image_type = "COS" - initial_node_count = 2 - min_count = 1 - max_count = 2 - auto_upgrade = false - disk_size_gb = 30 - disk_type = "pd-standard" - service_account = "$NODE_POOL_SERVICE_ACCOUNT" - }, - ] - node_pools_labels = { - all = { - all_pools_label = "something" - } - - pool-01 = { - pool_01_label = "yes" - pool_01_another_label = "no" - } - } - node_pools_taints = { - all = [ - { - key = "all_pools_taint" - value = "true" - effect = "PREFER_NO_SCHEDULE" - }, - ] - - pool-01 = [ - { - key = "pool_01_taint" - value = "true" - effect = "PREFER_NO_SCHEDULE" - }, - { - key = "pool_01_another_taint" - value = "true" - effect = "PREFER_NO_SCHEDULE" - }, - ] - } - node_pools_tags = { - all = [ - "all-node-network-tag", - ] - - pool-01 = [ - "pool-01-network-tag", - ] - } -} - -resource "kubernetes_pod" "nginx-example" { - metadata { - name = "nginx-example" - - labels { - maintained_by = "terraform" - app = "nginx-example" - } - } - - spec { - container { - image = "nginx:1.7.9" - name = "nginx-example" - } - } - - depends_on = ["module.gke"] -} - -resource "kubernetes_service" "nginx-example" { - metadata { - name = "terraform-example" - } - - spec { - selector { - app = "\${kubernetes_pod.nginx-example.metadata.0.labels.app}" - } - - session_affinity = "ClientIP" - - port { - port = 8080 - target_port = 80 - } - - type = "LoadBalancer" - } - - depends_on = ["module.gke"] -} - -EOF -} - -# Creates the outputs.tf file -function create_outputs_file() { - echo "Creating outputs.tf file" - cat <<'EOF' > outputs.tf -output "name_example" { - value = "${module.gke.name}" -} - -output "type_example" { - value = "${module.gke.type}" -} - -output "location_example" { - value = "${module.gke.location}" -} - -output "region_example" { - value = "${module.gke.region}" -} - -output "zones_example" { - value = "${module.gke.zones}" -} - -output "endpoint_example" { - sensitive = true - value = "${module.gke.endpoint}" -} - -output "ca_certificate_example" { - sensitive = true - value = "${module.gke.ca_certificate}" -} - -output "min_master_version_example" { - value = "${module.gke.min_master_version}" -} - -output "master_version_example" { - value = "${module.gke.master_version}" -} - -output "network_policy_example" { - value = "${module.gke.network_policy_enabled}" -} - -output "http_load_balancing_example" { - value = "${module.gke.http_load_balancing_enabled}" -} - -output "horizontal_pod_autoscaling_example" { - value = "${module.gke.horizontal_pod_autoscaling_enabled}" -} - -output "kubernetes_dashboard_example" { - value = "${module.gke.kubernetes_dashboard_enabled}" -} - -output "node_pools_names_example" { - value = "${module.gke.node_pools_names}" -} - -output "node_pools_versions_example" { - value = "${module.gke.node_pools_versions}" -} - -# For use in integration tests -output "module_path" { - value = "${path.module}/../../../../" -} - -output "client_token" { - sensitive = true - value = "${base64encode(data.google_client_config.default.access_token)}" -} - -EOF -} - -# Install gems -function bundle_install() { - bundle install -} - -# Execute kitchen tests -function run_kitchen() { - bundle exec kitchen create - bundle exec kitchen converge - bundle exec kitchen converge # second time to enable network policy - bundle exec kitchen verify - bundle exec kitchen destroy -} - -# Preparing environment -make_testdir - -cd "${TEMPDIR}/${CLUSTER_TYPE}/" || exit -activate_config -export_vars zonal -create_main_tf_file -create_outputs_file -bundle_install -run_kitchen - -# # # Clean the environment -cd - || exit -clean_workdir -echo "Integration test finished" diff --git a/test/integration/gcloud/sample.sh b/test/integration/gcloud/sample.sh deleted file mode 100644 index 5c6cc1f6a8..0000000000 --- a/test/integration/gcloud/sample.sh +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/bash -# Copyright 2018 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -################################################################# -# PLEASE FILL THE VARIABLES WITH VALID VALUES FOR TESTING # -# DO NOT REMOVE ANY OF THE VARIABLES # -################################################################# - -## These values you *MUST* modify to match your environment -export PROJECT_ID="gke-test-integration" -export CREDENTIALS_PATH="$HOME/sa-key.json" -export NETWORK="vpc-01" -export SUBNETWORK="us-east4-01" -export REGIONAL_IP_RANGE_PODS="us-east4-01-gke-01-pod" -export REGIONAL_IP_RANGE_SERVICES="us-east4-01-gke-01-service" -export ZONAL_IP_RANGE_PODS="us-east4-01-gke-02-pod" -export ZONAL_IP_RANGE_SERVICES="us-east4-01-gke-02-service" - -## These values you can potentially leave at the defaults -export CLUSTER_NAME="int-test-cluster-01" -export REGION="us-east4" -export ZONE="us-east4-a" -export ADDITIONAL_ZONES='"us-east4-b","us-east4-c"' -export KUBERNETES_VERSION="1.10.6-gke.2" -export NODE_POOL_SERVICE_ACCOUNT="" -export REGIONAL_CLUSTER_NAME="int-test-regional-01" -export REGIONAL_LOCATION="$REGION" -export ZONAL_CLUSTER_NAME="int-test-zonal-01" -export ZONAL_LOCATION="$ZONE" -export CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE=$CREDENTIALS_PATH -export GOOGLE_APPLICATION_CREDENTIALS=$CREDENTIALS_PATH diff --git a/test/integration/gcloud/test/integration/default/inspec/gcloud.rb b/test/integration/gcloud/test/integration/default/inspec/gcloud.rb deleted file mode 100644 index b88743cb7c..0000000000 --- a/test/integration/gcloud/test/integration/default/inspec/gcloud.rb +++ /dev/null @@ -1,127 +0,0 @@ -# Copyright 2018 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Test the cluster is in running status -describe command('gcloud --project=${PROJECT_ID} container clusters --zone=${CLUSTER_LOCATION} describe ${CLUSTER_NAME} --format=json| jq -cre \'.status\'') do - its('exit_status') { should eq 0 } - its('stdout.strip') { should eq 'RUNNING' } -end - -# Test the cluster has the expected initial cluster version -describe command('gcloud --project=${PROJECT_ID} container clusters --zone=${CLUSTER_LOCATION} describe ${CLUSTER_NAME} --format=json | jq -cre \'.initialClusterVersion\'') do - its('exit_status') { should eq 0 } - its('stdout.strip') { should eq ENV['KUBERNETES_VERSION'] } -end - -# Test the cluster is in the expected network -describe command('gcloud --project=${PROJECT_ID} container clusters --zone=${CLUSTER_LOCATION} describe ${CLUSTER_NAME} --format=json | jq -cre \'.network\'') do - its('exit_status') { should eq 0 } - its('stdout.strip') { should eq ENV['NETWORK'] } -end - -# Test the cluster is in the expected subnetwork -describe command('gcloud --project=${PROJECT_ID} container clusters --zone=${CLUSTER_LOCATION} describe ${CLUSTER_NAME} --format=json | jq -cre \'.subnetwork\'') do - its('exit_status') { should eq 0 } - its('stdout.strip') { should eq ENV['SUBNETWORK'] } -end - -# Test the cluster has the expected secondary ip range for pods -describe command('gcloud --project=${PROJECT_ID} container clusters --zone=${CLUSTER_LOCATION} describe ${CLUSTER_NAME} --format=json | jq -cre \'.ipAllocationPolicy.clusterSecondaryRangeName\'') do - its('exit_status') { should eq 0 } - its('stdout.strip') { should eq ENV['IP_RANGE_PODS'] } -end - -# Test the cluster has the expected secondary ip range for services -describe command('gcloud --project=${PROJECT_ID} container clusters --zone=${CLUSTER_LOCATION} describe ${CLUSTER_NAME} --format=json | jq -cre \'.ipAllocationPolicy.servicesSecondaryRangeName\'') do - its('exit_status') { should eq 0 } - its('stdout.strip') { should eq ENV['IP_RANGE_SERVICES'] } -end - -# Test the cluster has the expected addon settings -describe command('gcloud --project=${PROJECT_ID} container clusters --zone=${CLUSTER_LOCATION} describe ${CLUSTER_NAME} --format=json | jq -cre \'.addonsConfig\'') do - its('exit_status') { should eq 0 } - its('stdout.strip') { should eq '{"horizontalPodAutoscaling":{},"httpLoadBalancing":{"disabled":true},"kubernetesDashboard":{},"networkPolicyConfig":{}}' } -end - -# Test default pool has no initial node count -describe command('gcloud --project=${PROJECT_ID} container clusters --zone=${CLUSTER_LOCATION} describe ${CLUSTER_NAME} --format=json | jq -cre \'.nodePools[] | select(.name == "default-pool") | .initialNodeCount\'') do - its('exit_status') { should eq 1 } - its('stdout.strip') { should eq 'null' } -end - -# Test default pool has not auto scaling enabled -describe command('gcloud --project=${PROJECT_ID} container clusters --zone=${CLUSTER_LOCATION} describe ${CLUSTER_NAME} --format=json | jq -cre \'.nodePools[] | select(.name == "default-pool") | .autoscaling.enabled\'') do - its('exit_status') { should eq 1 } - its('stdout.strip') { should eq 'null' } -end - -# Test pool-01 is expected version -describe command('gcloud --project=${PROJECT_ID} container clusters --zone=${CLUSTER_LOCATION} describe ${CLUSTER_NAME} --format=json | jq -cre \'.nodePools[] | select(.name == "pool-01") | .version\'') do - its('exit_status') { should eq 0 } - its('stdout.strip') { should eq ENV['KUBERNETES_VERSION'] } -end - -# Test pool-01 has auto scaling enabled -describe command('gcloud --project=${PROJECT_ID} container clusters --zone=${CLUSTER_LOCATION} describe ${CLUSTER_NAME} --format=json | jq -cre \'.nodePools[] | select(.name == "pool-01") | .autoscaling.enabled\'') do - its('exit_status') { should eq 0 } - its('stdout.strip') { should eq 'true' } -end - -# Test pool-01 has expected min node count -describe command('gcloud --project=${PROJECT_ID} container clusters --zone=${CLUSTER_LOCATION} describe ${CLUSTER_NAME} --format=json | jq -cre \'.nodePools[] | select(.name == "pool-01") | .autoscaling.minNodeCount\'') do - its('exit_status') { should eq 0 } - its('stdout.strip') { should eq '1' } -end - -# Test pool-01 has expected max node count -describe command('gcloud --project=${PROJECT_ID} container clusters --zone=${CLUSTER_LOCATION} describe ${CLUSTER_NAME} --format=json | jq -cre \'.nodePools[] | select(.name == "pool-01") | .autoscaling.maxNodeCount\'') do - its('exit_status') { should eq 0 } - its('stdout.strip') { should eq '2' } -end - -# Test pool-01 is expected machine type -describe command('gcloud --project=${PROJECT_ID} container clusters --zone=${CLUSTER_LOCATION} describe ${CLUSTER_NAME} --format=json | jq -cre \'.nodePools[] | select(.name == "pool-01") | .config.machineType\'') do - its('exit_status') { should eq 0 } - its('stdout.strip') { should eq 'n1-standard-1' } -end - -# Test pool-01 has expected disk size -describe command('gcloud --project=${PROJECT_ID} container clusters --zone=${CLUSTER_LOCATION} describe ${CLUSTER_NAME} --format=json | jq -cre \'.nodePools[] | select(.name == "pool-01") | .config.diskSizeGb\'') do - its('exit_status') { should eq 0 } - its('stdout.strip') { should eq '30' } -end - -# Test pool-01 has expected labels -describe command('gcloud --project=${PROJECT_ID} container clusters --zone=${CLUSTER_LOCATION} describe ${CLUSTER_NAME} --format=json | jq -cre \'.nodePools[] | select(.name == "pool-01") | .config.labels\'') do - its('exit_status') { should eq 0 } - its('stdout.strip') { should eq '{"all_pools_label":"something","cluster_name":"' + ENV['CLUSTER_NAME'] + '","node_pool":"pool-01","pool_01_another_label":"no","pool_01_label":"yes"}' } -end - -# Test pool-01 has expected network tags -describe command('gcloud --project=${PROJECT_ID} container clusters --zone=${CLUSTER_LOCATION} describe ${CLUSTER_NAME} --format=json | jq -cre \'.nodePools[] | select(.name == "pool-01") | .config.tags\'') do - its('exit_status') { should eq 0 } - its('stdout.strip') { should eq '["gke-' + ENV['CLUSTER_NAME'] + '","gke-' + ENV['CLUSTER_NAME'] + '-pool-01","all-node-network-tag","pool-01-network-tag"]' } -end - -# Test pool-01 has auto repair enabled -describe command('gcloud --project=${PROJECT_ID} container clusters --zone=${CLUSTER_LOCATION} describe ${CLUSTER_NAME} --format=json | jq -cre \'.nodePools[] | select(.name == "pool-01") | .management.autoRepair\'') do - its('exit_status') { should eq 0 } - its('stdout.strip') { should eq 'true' } -end - -# Test pool-01 has auto upgrade disabled -describe command('gcloud --project=${PROJECT_ID} container clusters --zone=${CLUSTER_LOCATION} describe ${CLUSTER_NAME} --format=json | jq -cre \'.nodePools[] | select(.name == "pool-01") | .management.autoUpgrade\'') do - its('exit_status') { should eq 1 } - its('stdout.strip') { should eq 'null' } -end diff --git a/test/integration/gcloud/test/integration/default/inspec/kubectl.rb b/test/integration/gcloud/test/integration/default/inspec/kubectl.rb deleted file mode 100644 index ed4e077b70..0000000000 --- a/test/integration/gcloud/test/integration/default/inspec/kubectl.rb +++ /dev/null @@ -1,38 +0,0 @@ -# Copyright 2018 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Test pool-01 has expected taints -describe command('$(terraform output module_path)/scripts/kubectl_wrapper.sh https://$(terraform output endpoint_example) $(terraform output client_token | base64 --decode) $(terraform output ca_certificate_example) kubectl get nodes -o json -l node_pool=pool-01 | jq -cre \'.items[0].spec.taints\'') do - its('exit_status') { should eq 0 } - its('stdout.strip') { should eq '[{"effect":"PreferNoSchedule","key":"all_pools_taint","value":"true"},{"effect":"PreferNoSchedule","key":"pool_01_taint","value":"true"},{"effect":"PreferNoSchedule","key":"pool_01_another_taint","value":"true"}]' } -end - -# Test kube dns configmap created" { -describe command('$(terraform output module_path)/scripts/kubectl_wrapper.sh https://$(terraform output endpoint_example) $(terraform output client_token | base64 --decode) $(terraform output ca_certificate_example) kubectl -n kube-system get configmap -o json kube-dns | jq -cre \'.metadata.labels.maintained_by\'') do - its('exit_status') { should eq 0 } - its('stdout.strip') { should eq 'terraform' } -end - -# Test ip masq agent configmap created" { -describe command('$(terraform output module_path)/scripts/kubectl_wrapper.sh https://$(terraform output endpoint_example) $(terraform output client_token | base64 --decode) $(terraform output ca_certificate_example) kubectl -n kube-system get configmap -o json ip-masq-agent | jq -cre \'.metadata.labels.maintained_by\'') do - its('exit_status') { should eq 0 } - its('stdout.strip') { should eq 'terraform' } -end - -# Test that the nginx example service is reachable" { -describe command('curl -Ifs -m 10 $($(terraform output module_path)/scripts/kubectl_wrapper.sh https://$(terraform output endpoint_example) $(terraform output client_token | base64 --decode) $(terraform output ca_certificate_example) kubectl get service terraform-example -o json | jq -cre \'.status.loadBalancer.ingress[0].ip\'):8080') do - its('exit_status') { should eq 0 } - its('stdout.strip') { should include 'HTTP/1.1 200 OK' } - its('stdout.strip') { should include 'Server: nginx' } -end diff --git a/test/integration/gcloud/test/integration/default/inspec/terraform.rb b/test/integration/gcloud/test/integration/default/inspec/terraform.rb deleted file mode 100644 index 71a4bcc313..0000000000 --- a/test/integration/gcloud/test/integration/default/inspec/terraform.rb +++ /dev/null @@ -1,102 +0,0 @@ -# Copyright 2018 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -require_relative '../../../../test/support/google_cloud.rb' - -# Test the name output -describe command('terraform output name_example') do - its('stdout.strip') { should eq ENV['CLUSTER_NAME'] } -end - -# Test the location output -describe command('terraform output type_example') do - its('stdout.strip') { should eq ENV['CLUSTER_TYPE'] } -end - -# Test the location output -describe command('terraform output location_example') do - its('stdout.strip') { should eq ENV['CLUSTER_LOCATION'] } -end - -# Test the region output -describe command('terraform output region_example') do - its('stdout.strip') { should eq ENV['REGION'] } -end - -# Test the zones output -describe command('terraform output -json zones_example | jq -cre \'.value\'') do - if ENV['ZONES'] != '' - its('stdout.strip') { should eq '[' + ENV['ZONES'] + ']' } - else - it "should be 3 zones in the region" do - zones = JSON.parse(subject.stdout.strip) - zones.count.should be 3 - - available_zones = google_compute_service.get_region(ENV['PROJECT_ID'], ENV['REGION']).zones.map { |z| z.split("/").last } - zones.each do |z| - available_zones.should include z - end - end - end -end - -# Test the endpoint output -describe command('terraform output endpoint_example') do - its('stdout.strip') { should_not eq '' } -end - -# Test the ca_certificate output -describe command('terraform output ca_certificate_example') do - its('stdout.strip') { should_not eq '' } -end - -# Test the min_master_version output -describe command('terraform output min_master_version_example') do - its('stdout.strip') { should eq ENV['KUBERNETES_VERSION'] } -end - -# Test the master_version output -describe command('terraform output master_version_example') do - its('stdout.strip') { should eq ENV['KUBERNETES_VERSION'] } -end - -# Test the network_policy output -describe command('terraform output network_policy_example') do - its('stdout.strip') { should eq 'true' } -end - -# Test the http_load_balancing_enabled output -describe command('terraform output http_load_balancing_example') do - its('stdout.strip') { should eq 'false' } -end - -# Test the horizontal_pod_autoscaling_enabled output -describe command('terraform output horizontal_pod_autoscaling_example') do - its('stdout.strip') { should eq 'true' } -end - -# Test the kubernetes_dashboard_enabled output -describe command('terraform output kubernetes_dashboard_example') do - its('stdout.strip') { should eq 'true' } -end - -# Test the node_pools_names output -describe command('terraform output node_pools_names_example') do - its('stdout.strip') { should eq 'pool-01,' } -end - -# Test the node_pools_versions output -describe command('terraform output node_pools_versions_example') do - its('stdout.strip') { should eq ENV['KUBERNETES_VERSION'] + ',' } -end diff --git a/test/integration/gcloud/test/support/google_cloud.rb b/test/integration/gcloud/test/support/google_cloud.rb deleted file mode 100644 index 1f88781a4b..0000000000 --- a/test/integration/gcloud/test/support/google_cloud.rb +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright 2018 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -require 'googleauth' -require 'google/apis/compute_v1' - -def google_compute_service - Google::Apis::ComputeV1::ComputeService.new.tap do |service| - service.authorization = Google::Auth.get_application_default(['https://www.googleapis.com/auth/cloud-platform']) - end -end diff --git a/test/integration/gcloud/zonal_config.sh b/test/integration/gcloud/zonal_config.sh deleted file mode 100644 index 88c4ea53ba..0000000000 --- a/test/integration/gcloud/zonal_config.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash -# Copyright 2018 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - - -################################################################# -# PLEASE FILL THE VARIABLES WITH VALID VALUES FOR TESTING # -# DO NOT REMOVE ANY OF THE VARIABLES # -################################################################# - -export ZONE="us-east4-a" -export ADDITIONAL_ZONES='"us-east4-b","us-east4-c"' -export ZONAL_LOCATION="$ZONE" - diff --git a/test/integration/node_pool/controls/gcloud.rb b/test/integration/node_pool/controls/gcloud.rb new file mode 100644 index 0000000000..3897fd257a --- /dev/null +++ b/test/integration/node_pool/controls/gcloud.rb @@ -0,0 +1,168 @@ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +location = attribute('location') +cluster_name = attribute('cluster_name') + +credentials_path = attribute('credentials_path') +ENV['CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE'] = credentials_path + +control "gcloud" do + title "Google Compute Engine GKE configuration" + describe command("gcloud --project=#{project_id} container clusters --zone=#{location} describe #{cluster_name} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let!(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "default node pool" do + let(:default_node_pool) { data['nodePools'].select { |p| p['name'] == "default-pool" }.first } + + it "has no initial node count" do + expect(default_node_pool['initialNodeCount']).to eq nil + end + + it "does not have autoscaling enabled" do + expect(default_node_pool['autoscaling']).to eq nil + end + end + + describe "node pools" do + let(:node_pools) { data['nodePools'].reject { |p| p['name'] == "default-pool" } } + + it "has 2" do + expect(node_pools.count).to eq 2 + end + + describe "pool-01" do + let(:node_pool) { node_pools.select { |p| p['name'] == "pool-01" }.first } + + it "exists" do + expect(node_pool).not_to be_nil + expect(node_pool['name']).to eq "pool-01" + end + + it "is the expected machine type" do + expect(node_pool['config']['machineType']).to eq 'n1-standard-2' + end + + it "has autoscaling enabled" do + expect(node_pool['autoscaling']['enabled']).to eq true + end + + it "has the expected minimum node count" do + expect(node_pool['autoscaling']['minNodeCount']).to eq 4 + end + + it "has autorepair enabled" do + expect(node_pool['management']['autoRepair']).to eq true + end + + it "has automatic upgrades enabled" do + expect(node_pool['management']['autoUpgrade']).to eq true + end + + it "has the expected labels" do + expect(node_pool['config']['labels']).to eq({ + "all-pools-example" => "true", + "pool-01-example" => "true", + "cluster_name" => cluster_name, + "node_pool" => "pool-01", + }) + end + + it "has the expected network tags" do + expect(node_pool['config']['tags']).to match_array([ + "all-node-example", + "pool-01-example", + "gke-node-pool-cluster", + "gke-node-pool-cluster-pool-01", + ]) + end + end + + describe "pool-02" do + let(:node_pool) { node_pools.select { |p| p['name'] == "pool-02" }.first } + + it "exists" do + expect(node_pool).not_to be_nil + expect(node_pool['name']).to eq "pool-02" + end + + it "is the expected machine type" do + expect(node_pool['config']['machineType']).to eq 'n1-standard-2' + end + + it "has autoscaling enabled" do + expect(node_pool['autoscaling']['enabled']).to eq true + end + + it "has the expected minimum node count" do + expect(node_pool['autoscaling']['minNodeCount']).to eq 2 + end + + it "has the expected maximum node count" do + expect(node_pool['autoscaling']['maxNodeCount']).to eq 3 + end + + it "has the expected disk size" do + expect(node_pool['config']['diskSizeGb']).to eq 30 + end + + it "has the expected disk type" do + expect(node_pool['config']['diskType']).to eq "pd-standard" + end + + it "has the expected image type" do + expect(node_pool['config']['imageType']).to eq "COS" + end + + it "has autorepair disabled" do + expect(node_pool['management']['autoRepair']).to eq nil + end + + it "has automatic upgrades disabled" do + expect(node_pool['management']['autoUpgrade']).to eq nil + end + + it "has the right service account" do + expect(node_pool['config']['serviceAccount']).to eq "default" + end + + it "has the expected labels" do + expect(node_pool['config']['labels']).to eq({ + "all-pools-example" => "true", + "cluster_name" => cluster_name, + "node_pool" => "pool-02", + }) + end + + it "has the expected network tags" do + expect(node_pool['config']['tags']).to match_array([ + "all-node-example", + "gke-node-pool-cluster", + "gke-node-pool-cluster-pool-02", + ]) + end + end + end + end +end diff --git a/test/integration/node_pool/controls/kubectl.rb b/test/integration/node_pool/controls/kubectl.rb new file mode 100644 index 0000000000..762046b6d1 --- /dev/null +++ b/test/integration/node_pool/controls/kubectl.rb @@ -0,0 +1,87 @@ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +require 'kubeclient' +require 'rest-client' + +require 'base64' + +kubernetes_endpoint = attribute('kubernetes_endpoint') +client_token = attribute('client_token') +ca_certificate = attribute('ca_certificate') + +control "kubectl" do + title "Kubernetes configuration" + + describe "kubernetes" do + let(:kubernetes_http_endpoint) { "https://#{kubernetes_endpoint}/api" } + let(:client) do + cert_store = OpenSSL::X509::Store.new + cert_store.add_cert(OpenSSL::X509::Certificate.new(Base64.decode64(ca_certificate))) + Kubeclient::Client.new( + kubernetes_http_endpoint, + "v1", + ssl_options: { + cert_store: cert_store, + verify_ssl: OpenSSL::SSL::VERIFY_PEER, + }, + auth_options: { + bearer_token: Base64.decode64(client_token), + }, + ) + end + + describe "nodes" do + let(:all_nodes) { client.get_nodes } + let(:taints) { nodes.first.spec.taints.map { |t| t.to_h.select { |k, v| [:effect, :key, :value].include?(k.to_sym) } } } + + describe "pool-01" do + let(:nodes) do + all_nodes.select { |n| n.metadata.labels.node_pool == "pool-01" } + end + + it "has the expected taints" do + expect(taints).to eq([ + { + effect: "PreferNoSchedule", + key: "all-pools-example", + value: "true", + }, + { + effect: "PreferNoSchedule", + key: "pool-01-example", + value: "true", + }, + ]) + end + end + + describe "pool-02" do + let(:nodes) do + all_nodes.select { |n| n.metadata.labels.node_pool == "pool-02" } + end + + it "has the expected taints" do + expect(taints).to eq([ + { + effect: "PreferNoSchedule", + key: "all-pools-example", + value: "true", + }, + ]) + end + end + end + end +end diff --git a/test/integration/node_pool/inspec.yml b/test/integration/node_pool/inspec.yml new file mode 100644 index 0000000000..c0e3eb2c78 --- /dev/null +++ b/test/integration/node_pool/inspec.yml @@ -0,0 +1,43 @@ +name: node_pool +attributes: + - name: project_id + required: true + type: string + - name: credentials_path + required: true + type: string + - name: region + required: true + type: string + - name: location + required: true + type: string + - name: cluster_name + required: true + type: string + - name: network + required: false + type: string + default: "default" + - name: subnetwork + required: false + type: string + default: "default" + - name: ip_range_pods + required: true + type: string + - name: ip_range_services + required: true + type: string + - name: master_kubernetes_version + required: true + type: string + - name: kubernetes_endpoint + required: true + type: string + - name: client_token + required: true + type: string + - name: ca_certificate + required: true + type: string diff --git a/test/integration/simple_regional/controls/gcloud.rb b/test/integration/simple_regional/controls/gcloud.rb new file mode 100644 index 0000000000..367919fef2 --- /dev/null +++ b/test/integration/simple_regional/controls/gcloud.rb @@ -0,0 +1,149 @@ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +region = attribute('region') +location = attribute('location') +cluster_name = attribute('cluster_name') +network = attribute('network') +subnetwork = attribute('subnetwork') +ip_range_pods = attribute('ip_range_pods') +ip_range_services = attribute('ip_range_services') +master_kubernetes_version = attribute('master_kubernetes_version') + +credentials_path = attribute('credentials_path') +ENV['CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE'] = credentials_path + +control "gcloud" do + title "Google Compute Engine GKE configuration" + describe command("gcloud --project=#{project_id} container clusters --zone=#{location} describe #{cluster_name} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let!(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "cluster" do + it "is running" do + expect(data['status']).to eq 'RUNNING' + end + + it "is regional" do + expect(data['zone']).to eq region + end + + it "has the expected initial cluster version" do + expect(data['initialClusterVersion']).to eq master_kubernetes_version + end + + it "is in the expected network" do + expect(data['network']).to eq network + end + + it "is in the expected subnetwork" do + expect(data['subnetwork']).to eq subnetwork + end + + it "has the expected secondary ip range for pods" do + expect(data['ipAllocationPolicy']['clusterSecondaryRangeName']).to eq ip_range_pods + end + + it "has the expected secondary ip range for services" do + expect(data['ipAllocationPolicy']['servicesSecondaryRangeName']).to eq ip_range_services + end + + it "has the expected addon settings" do + expect(data['addonsConfig']).to eq({ + "horizontalPodAutoscaling" => { + "disabled" => true, + }, + "httpLoadBalancing" => {}, + "kubernetesDashboard" => { + "disabled" => true, + }, + "networkPolicyConfig" => { + "disabled" => true, + }, + }) + end + end + + describe "default node pool" do + let(:default_node_pool) { data['nodePools'].select { |p| p['name'] == "default-pool" }.first } + + it "has no initial node count" do + expect(default_node_pool['initialNodeCount']).to eq nil + end + + it "does not have autoscaling enabled" do + expect(default_node_pool['autoscaling']).to eq nil + end + end + + describe "node pool" do + let(:node_pool) { data['nodePools'].reject { |p| p['name'] == "default-pool" }.first } + + it "is running the expected version of Kubernetes" do + expect(node_pool['version']).to eq master_kubernetes_version + end + + it "has autoscaling enabled" do + expect(node_pool['autoscaling']['enabled']).to eq true + end + + it "has the expected minimum node count" do + expect(node_pool['autoscaling']['minNodeCount']).to eq 1 + end + + it "has the expected maximum node count" do + expect(node_pool['autoscaling']['maxNodeCount']).to eq 100 + end + + it "is the expected machine type" do + expect(node_pool['config']['machineType']).to eq 'n1-standard-2' + end + + it "has the expected disk size" do + expect(node_pool['config']['diskSizeGb']).to eq 100 + end + + it "has the expected labels" do + expect(node_pool['config']['labels']).to eq({ + "cluster_name" => cluster_name, + "node_pool" => "default-node-pool", + }) + end + + it "has the expected network tags" do + expect(node_pool['config']['tags']).to eq([ + "gke-#{cluster_name}", + "gke-#{cluster_name}-default-node-pool", + ]) + end + + it "has autorepair enabled" do + expect(node_pool['management']['autoRepair']).to eq true + end + + it "has autoupgrade enabled" do + expect(node_pool['management']['autoUpgrade']).to eq true + end + end + end +end diff --git a/test/integration/simple_regional/inspec.yml b/test/integration/simple_regional/inspec.yml new file mode 100644 index 0000000000..a4fc2ce027 --- /dev/null +++ b/test/integration/simple_regional/inspec.yml @@ -0,0 +1,40 @@ +name: simple_regional +attributes: + - name: project_id + required: true + type: string + - name: credentials_path + required: true + type: string + - name: region + required: true + type: string + - name: location + required: true + type: string + - name: cluster_name + required: true + type: string + - name: network + required: false + type: string + default: "default" + - name: subnetwork + required: false + type: string + default: "default" + - name: ip_range_pods + required: true + type: string + - name: ip_range_services + required: true + type: string + - name: master_kubernetes_version + required: true + type: string + - name: kubernetes_endpoint + required: true + type: string + - name: client_token + required: true + type: string diff --git a/test/integration/simple_zonal/controls/gcloud.rb b/test/integration/simple_zonal/controls/gcloud.rb new file mode 100644 index 0000000000..6549a927d9 --- /dev/null +++ b/test/integration/simple_zonal/controls/gcloud.rb @@ -0,0 +1,150 @@ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +region = attribute('region') +location = attribute('location') +cluster_name = attribute('cluster_name') +network = attribute('network') +subnetwork = attribute('subnetwork') +ip_range_pods = attribute('ip_range_pods') +ip_range_services = attribute('ip_range_services') +master_kubernetes_version = attribute('master_kubernetes_version') + +credentials_path = attribute('credentials_path') +ENV['CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE'] = credentials_path + +control "gcloud" do + title "Google Compute Engine GKE configuration" + describe command("gcloud --project=#{project_id} container clusters --zone=#{location} describe #{cluster_name} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let!(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "cluster" do + it "is running" do + expect(data['status']).to eq 'RUNNING' + end + + it "is zonal" do + expect(data['zone']).to eq location + expect(data['zone']).not_to eq region + end + + it "has the expected initial cluster version" do + expect(data['initialClusterVersion']).to eq master_kubernetes_version + end + + it "is in the expected network" do + expect(data['network']).to eq network + end + + it "is in the expected subnetwork" do + expect(data['subnetwork']).to eq subnetwork + end + + it "has the expected secondary ip range for pods" do + expect(data['ipAllocationPolicy']['clusterSecondaryRangeName']).to eq ip_range_pods + end + + it "has the expected secondary ip range for services" do + expect(data['ipAllocationPolicy']['servicesSecondaryRangeName']).to eq ip_range_services + end + + it "has the expected addon settings" do + expect(data['addonsConfig']).to eq({ + "horizontalPodAutoscaling" => { + "disabled" => true, + }, + "httpLoadBalancing" => {}, + "kubernetesDashboard" => { + "disabled" => true, + }, + "networkPolicyConfig" => { + "disabled" => true, + }, + }) + end + end + + describe "default node pool" do + let(:default_node_pool) { data['nodePools'].select { |p| p['name'] == "default-pool" }.first } + + it "has no initial node count" do + expect(default_node_pool['initialNodeCount']).to eq nil + end + + it "does not have autoscaling enabled" do + expect(default_node_pool['autoscaling']).to eq nil + end + end + + describe "node pool" do + let(:node_pool) { data['nodePools'].reject { |p| p['name'] == "default-pool" }.first } + + it "is running the expected version of Kubernetes" do + expect(node_pool['version']).to eq master_kubernetes_version + end + + it "has autoscaling enabled" do + expect(node_pool['autoscaling']['enabled']).to eq true + end + + it "has the expected minimum node count" do + expect(node_pool['autoscaling']['minNodeCount']).to eq 1 + end + + it "has the expected maximum node count" do + expect(node_pool['autoscaling']['maxNodeCount']).to eq 100 + end + + it "is the expected machine type" do + expect(node_pool['config']['machineType']).to eq 'n1-standard-2' + end + + it "has the expected disk size" do + expect(node_pool['config']['diskSizeGb']).to eq 100 + end + + it "has the expected labels" do + expect(node_pool['config']['labels']).to eq({ + "cluster_name" => cluster_name, + "node_pool" => "default-node-pool", + }) + end + + it "has the expected network tags" do + expect(node_pool['config']['tags']).to eq([ + "gke-#{cluster_name}", + "gke-#{cluster_name}-default-node-pool", + ]) + end + + it "has autorepair enabled" do + expect(node_pool['management']['autoRepair']).to eq true + end + + it "has autoupgrade disabled" do + expect(node_pool['management']['autoUpgrade']).to eq nil + end + end + end +end diff --git a/test/integration/simple_zonal/inspec.yml b/test/integration/simple_zonal/inspec.yml new file mode 100644 index 0000000000..c282095c93 --- /dev/null +++ b/test/integration/simple_zonal/inspec.yml @@ -0,0 +1,40 @@ +name: simple_zonal +attributes: + - name: project_id + required: true + type: string + - name: credentials_path + required: true + type: string + - name: region + required: true + type: string + - name: location + required: true + type: string + - name: cluster_name + required: true + type: string + - name: network + required: false + type: string + default: "default" + - name: subnetwork + required: false + type: string + default: "default" + - name: ip_range_pods + required: true + type: string + - name: ip_range_services + required: true + type: string + - name: master_kubernetes_version + required: true + type: string + - name: kubernetes_endpoint + required: true + type: string + - name: client_token + required: true + type: string diff --git a/test/integration/stub_domains/controls/gcloud.rb b/test/integration/stub_domains/controls/gcloud.rb new file mode 100644 index 0000000000..565a1db5e7 --- /dev/null +++ b/test/integration/stub_domains/controls/gcloud.rb @@ -0,0 +1,75 @@ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +location = attribute('location') +cluster_name = attribute('cluster_name') +network = attribute('network') +subnetwork = attribute('subnetwork') +ip_range_pods = attribute('ip_range_pods') +ip_range_services = attribute('ip_range_services') + +credentials_path = attribute('credentials_path') +ENV['CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE'] = credentials_path + +control "gcloud" do + title "Google Compute Engine GKE configuration" + describe command("gcloud --project=#{project_id} container clusters --zone=#{location} describe #{cluster_name} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let!(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "cluster" do + it "is running" do + expect(data['status']).to eq 'RUNNING' + end + + it "is in the expected network" do + expect(data['network']).to eq network + end + + it "is in the expected subnetwork" do + expect(data['subnetwork']).to eq subnetwork + end + + it "has the expected secondary ip range for pods" do + expect(data['ipAllocationPolicy']['clusterSecondaryRangeName']).to eq ip_range_pods + end + + it "has the expected secondary ip range for services" do + expect(data['ipAllocationPolicy']['servicesSecondaryRangeName']).to eq ip_range_services + end + + it "has the expected addon settings" do + expect(data['addonsConfig']).to eq({ + "horizontalPodAutoscaling" => { + "disabled" => true, + }, + "httpLoadBalancing" => {}, + "kubernetesDashboard" => { + "disabled" => true, + }, + "networkPolicyConfig" => {}, + }) + end + end + end +end diff --git a/test/integration/stub_domains/controls/kubectl.rb b/test/integration/stub_domains/controls/kubectl.rb new file mode 100644 index 0000000000..1fa048e98d --- /dev/null +++ b/test/integration/stub_domains/controls/kubectl.rb @@ -0,0 +1,88 @@ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +require 'kubeclient' +require 'rest-client' + +require 'base64' + +kubernetes_endpoint = attribute('kubernetes_endpoint') +client_token = attribute('client_token') +ca_certificate = attribute('ca_certificate') + +control "kubectl" do + title "Kubernetes configuration" + + describe "kubernetes" do + let(:kubernetes_http_endpoint) { "https://#{kubernetes_endpoint}/api" } + let(:client) do + cert_store = OpenSSL::X509::Store.new + cert_store.add_cert(OpenSSL::X509::Certificate.new(Base64.decode64(ca_certificate))) + Kubeclient::Client.new( + kubernetes_http_endpoint, + "v1", + ssl_options: { + cert_store: cert_store, + verify_ssl: OpenSSL::SSL::VERIFY_PEER, + }, + auth_options: { + bearer_token: Base64.decode64(client_token), + }, + ) + end + + describe "configmap" do + describe "kube-dns" do + let(:kubedns_configmap) { client.get_config_map("kube-dns", "kube-system") } + + it "is created by Terraform" do + expect(kubedns_configmap.metadata.labels.maintained_by).to eq "terraform" + end + + it "reflects the stub_domains configuration" do + expect(JSON.parse(kubedns_configmap.data.stubDomains)).to eq({ + "example.com" => [ + "10.254.154.11", + "10.254.154.12", + ], + "example.net" => [ + "10.254.154.11", + "10.254.154.12", + ], + }) + end + end + + describe "ipmasq" do + let(:ipmasq_configmap) { client.get_config_map("ip-masq-agent", "kube-system") } + + it "is created by Terraform" do + expect(ipmasq_configmap.metadata.labels.maintained_by).to eq "terraform" + end + + it "is configured properly" do + expect(YAML.load(ipmasq_configmap.data.config)).to eq({ + "nonMasqueradeCIDRs" => [ + "10.0.0.0/8", + "172.16.0.0/12", + "192.168.0.0/16", + ], + "resyncInterval" => "60s", + "masqLinkLocal" => false, + }) + end + end + end + end +end diff --git a/test/integration/stub_domains/inspec.yml b/test/integration/stub_domains/inspec.yml new file mode 100644 index 0000000000..7e41bde718 --- /dev/null +++ b/test/integration/stub_domains/inspec.yml @@ -0,0 +1,43 @@ +name: stub_domain +attributes: + - name: project_id + required: true + type: string + - name: credentials_path + required: true + type: string + - name: region + required: true + type: string + - name: location + required: true + type: string + - name: cluster_name + required: true + type: string + - name: network + required: false + type: string + default: "default" + - name: subnetwork + required: false + type: string + default: "default" + - name: ip_range_pods + required: true + type: string + - name: ip_range_services + required: true + type: string + - name: master_kubernetes_version + required: true + type: string + - name: kubernetes_endpoint + required: true + type: string + - name: client_token + required: true + type: string + - name: ca_certificate + required: true + type: string diff --git a/test/make.sh b/test/make.sh index a48cd91bbf..b8a50837b5 100755 --- a/test/make.sh +++ b/test/make.sh @@ -78,7 +78,7 @@ function check_shell() { # There are some exclusions function check_trailing_whitespace() { echo "The following lines have trailing whitespace" - grep -r '[[:blank:]]$' --exclude-dir=".terraform" --exclude="*.png" --exclude="*.pyc" --exclude-dir=".git" . + grep -r '[[:blank:]]$' --exclude-dir=".terraform" --exclude-dir=".kitchen" --exclude="*.png" --exclude="*.pyc" --exclude-dir=".git" . rc=$? if [ $rc = 0 ]; then exit 1 @@ -88,6 +88,7 @@ function check_trailing_whitespace() { function generate_docs() { echo "Generating markdown docs with terraform-docs" TMPFILE=$(mktemp) + #shellcheck disable=2006,2086 for j in `for i in $(find . -type f | grep \.tf$) ; do dirname $i ; done | sort -u` ; do terraform-docs markdown "$j" > "$TMPFILE" python helpers/combine_docfiles.py "$j"/README.md "$TMPFILE" From a0b4fd3ec355686fc5bfac7dc330fe7c0420bad2 Mon Sep 17 00:00:00 2001 From: Jason Berlinsky Date: Tue, 20 Nov 2018 13:40:16 -0500 Subject: [PATCH 07/39] Extract common outputs to fixture file, and consolidate fixture installation/uninstallation logic --- .kitchen.yml | 60 ++++++----------- examples/deploy_service/README.md | 11 ---- examples/deploy_service/outputs.tf | 50 --------------- examples/node_pool/README.md | 10 --- examples/node_pool/outputs.tf | 46 ------------- examples/simple_regional/README.md | 14 +--- examples/simple_regional/main.tf | 2 + examples/simple_regional/outputs.tf | 53 ++------------- examples/simple_zonal/README.md | 14 +--- examples/simple_zonal/main.tf | 2 + examples/simple_zonal/outputs.tf | 53 ++------------- examples/stub_domains/README.md | 9 --- examples/stub_domains/outputs.tf | 40 ------------ ...ixture_data.tf => fixture_data.tf.fixture} | 0 .../all_examples/fixture_outputs.tf.fixture | 64 +++++++++++++++++++ test/fixtures/all_examples/install.sh | 35 ++++++++++ test/fixtures/all_examples/uninstall.sh | 35 ++++++++++ 17 files changed, 178 insertions(+), 320 deletions(-) rename test/fixtures/all_examples/{fixture_data.tf => fixture_data.tf.fixture} (100%) create mode 100644 test/fixtures/all_examples/fixture_outputs.tf.fixture create mode 100755 test/fixtures/all_examples/install.sh create mode 100755 test/fixtures/all_examples/uninstall.sh diff --git a/.kitchen.yml b/.kitchen.yml index 4160a71c99..10984ca02e 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -30,17 +30,13 @@ suites: - name: "deploy_service" lifecycle: pre_converge: - - mv examples/deploy_service/variables.tf examples/deploy_service/variables.tf.disabled - - cp test/fixtures/all_examples/fixture_data.tf examples/deploy_service/fixture_data.tf + - ./test/fixtures/all_examples/install.sh deploy_service post_converge: - - rm -rf examples/deploy_service/fixture_data.tf - - mv examples/deploy_service/variables.tf.disabled examples/deploy_service/variables.tf + - ./test/fixtures/all_examples/uninstall.sh deploy_service pre_destroy: - - mv examples/deploy_service/variables.tf examples/deploy_service/variables.tf.disabled - - cp test/fixtures/all_examples/fixture_data.tf examples/deploy_service/fixture_data.tf + - ./test/fixtures/all_examples/install.sh deploy_service post_destroy: - - rm -rf examples/deploy_service/fixture_data.tf - - mv examples/deploy_service/variables.tf.disabled examples/deploy_service/variables.tf + - ./test/fixtures/all_examples/uninstall.sh deploy_service driver: name: "terraform" command_timeout: 1800 @@ -55,17 +51,13 @@ suites: - name: "node_pool" lifecycle: pre_converge: - - mv examples/node_pool/variables.tf examples/node_pool/variables.tf.disabled - - cp test/fixtures/all_examples/fixture_data.tf examples/node_pool/fixture_data.tf + - ./test/fixtures/all_examples/install.sh node_pool post_converge: - - rm -rf examples/node_pool/fixture_data.tf - - mv examples/node_pool/variables.tf.disabled examples/node_pool/variables.tf + - ./test/fixtures/all_examples/uninstall.sh node_pool pre_destroy: - - mv examples/node_pool/variables.tf examples/node_pool/variables.tf.disabled - - cp test/fixtures/all_examples/fixture_data.tf examples/node_pool/fixture_data.tf + - ./test/fixtures/all_examples/install.sh node_pool post_destroy: - - rm -rf examples/node_pool/fixture_data.tf - - mv examples/node_pool/variables.tf.disabled examples/node_pool/variables.tf + - ./test/fixtures/all_examples/uninstall.sh node_pool driver: name: "terraform" command_timeout: 1800 @@ -80,17 +72,13 @@ suites: - name: "simple_regional" lifecycle: pre_converge: - - mv examples/simple_regional/variables.tf examples/simple_regional/variables.tf.disabled - - cp test/fixtures/all_examples/fixture_data.tf examples/simple_regional/fixture_data.tf + - ./test/fixtures/all_examples/install.sh simple_regional post_converge: - - rm -rf examples/simple_regional/fixture_data.tf - - mv examples/simple_regional/variables.tf.disabled examples/simple_regional/variables.tf + - ./test/fixtures/all_examples/uninstall.sh simple_regional pre_destroy: - - mv examples/simple_regional/variables.tf examples/simple_regional/variables.tf.disabled - - cp test/fixtures/all_examples/fixture_data.tf examples/simple_regional/fixture_data.tf + - ./test/fixtures/all_examples/install.sh simple_regional post_destroy: - - rm -rf examples/simple_regional/fixture_data.tf - - mv examples/simple_regional/variables.tf.disabled examples/simple_regional/variables.tf + - ./test/fixtures/all_examples/uninstall.sh simple_regional driver: name: "terraform" command_timeout: 1800 @@ -105,17 +93,13 @@ suites: - name: "simple_zonal" lifecycle: pre_converge: - - mv examples/simple_zonal/variables.tf examples/simple_zonal/variables.tf.disabled - - cp test/fixtures/all_examples/fixture_data.tf examples/simple_zonal/fixture_data.tf + - ./test/fixtures/all_examples/install.sh simple_zonal post_converge: - - rm -rf examples/simple_zonal/fixture_data.tf - - mv examples/simple_zonal/variables.tf.disabled examples/simple_zonal/variables.tf + - ./test/fixtures/all_examples/uninstall.sh simple_zonal pre_destroy: - - mv examples/simple_zonal/variables.tf examples/simple_zonal/variables.tf.disabled - - cp test/fixtures/all_examples/fixture_data.tf examples/simple_zonal/fixture_data.tf + - ./test/fixtures/all_examples/install.sh simple_zonal post_destroy: - - rm -rf examples/simple_zonal/fixture_data.tf - - mv examples/simple_zonal/variables.tf.disabled examples/simple_zonal/variables.tf + - ./test/fixtures/all_examples/uninstall.sh simple_zonal driver: name: "terraform" command_timeout: 1800 @@ -130,17 +114,13 @@ suites: - name: "stub_domains" lifecycle: pre_converge: - - mv examples/stub_domains/variables.tf examples/stub_domains/variables.tf.disabled - - cp test/fixtures/all_examples/fixture_data.tf examples/stub_domains/fixture_data.tf + - ./test/fixtures/all_examples/install.sh stub_domains post_converge: - - rm -rf examples/stub_domains/fixture_data.tf - - mv examples/stub_domains/variables.tf.disabled examples/stub_domains/variables.tf + - ./test/fixtures/all_examples/uninstall.sh stub_domains pre_destroy: - - mv examples/stub_domains/variables.tf examples/stub_domains/variables.tf.disabled - - cp test/fixtures/all_examples/fixture_data.tf examples/stub_domains/fixture_data.tf + - ./test/fixtures/all_examples/install.sh stub_domains post_destroy: - - rm -rf examples/stub_domains/fixture_data.tf - - mv examples/stub_domains/variables.tf.disabled examples/stub_domains/variables.tf + - ./test/fixtures/all_examples/uninstall.sh stub_domains driver: name: "terraform" command_timeout: 1800 diff --git a/examples/deploy_service/README.md b/examples/deploy_service/README.md index 57d62019fa..71081906f2 100644 --- a/examples/deploy_service/README.md +++ b/examples/deploy_service/README.md @@ -28,18 +28,7 @@ It will: |------|-------------| | ca_certificate | | | client_token | | -| cluster_name | Cluster name | -| credentials_path | | -| ip_range_pods | The secondary IP range used for pods | -| ip_range_services | The secondary IP range used for services | | kubernetes_endpoint | | -| location | | -| master_kubernetes_version | The master Kubernetes version | -| network | | -| project_id | | -| region | | -| subnetwork | | -| zones | List of zones in which the cluster resides | [^]: (autogen_docs_end) diff --git a/examples/deploy_service/outputs.tf b/examples/deploy_service/outputs.tf index 62f27cf9f0..f08062730c 100644 --- a/examples/deploy_service/outputs.tf +++ b/examples/deploy_service/outputs.tf @@ -14,31 +14,6 @@ * limitations under the License. */ -output "project_id" { - value = "${local.project_id}" -} - -output "credentials_path" { - value = "${local.credentials_path}" -} - -output "region" { - value = "${module.gke.region}" -} - -output "cluster_name" { - description = "Cluster name" - value = "${module.gke.name}" -} - -output "network" { - value = "${local.network}" -} - -output "subnetwork" { - value = "${local.subnetwork}" -} - output "kubernetes_endpoint" { sensitive = true value = "${module.gke.endpoint}" @@ -50,30 +25,5 @@ output "client_token" { } output "ca_certificate" { - sensitive = true value = "${module.gke.ca_certificate}" } - -output "location" { - value = "${module.gke.location}" -} - -output "ip_range_pods" { - description = "The secondary IP range used for pods" - value = "${local.ip_range_pods}" -} - -output "ip_range_services" { - description = "The secondary IP range used for services" - value = "${local.ip_range_services}" -} - -output "zones" { - description = "List of zones in which the cluster resides" - value = "${module.gke.zones}" -} - -output "master_kubernetes_version" { - description = "The master Kubernetes version" - value = "${module.gke.master_version}" -} diff --git a/examples/node_pool/README.md b/examples/node_pool/README.md index 51d8307ae7..41e2132f5c 100644 --- a/examples/node_pool/README.md +++ b/examples/node_pool/README.md @@ -23,17 +23,7 @@ This example illustrates how to create a cluster with multiple custom node-pool |------|-------------| | ca_certificate | | | client_token | | -| cluster_name | Cluster name | -| credentials_path | | -| ip_range_pods | The secondary IP range used for pods | -| ip_range_services | The secondary IP range used for services | | kubernetes_endpoint | | -| location | Cluster location | -| network | | -| project_id | | -| region | | -| subnetwork | | -| zones | List of zones in which the cluster resides | [^]: (autogen_docs_end) diff --git a/examples/node_pool/outputs.tf b/examples/node_pool/outputs.tf index 55a27ba38b..f08062730c 100644 --- a/examples/node_pool/outputs.tf +++ b/examples/node_pool/outputs.tf @@ -14,31 +14,6 @@ * limitations under the License. */ -output "project_id" { - value = "${local.project_id}" -} - -output "credentials_path" { - value = "${local.credentials_path}" -} - -output "region" { - value = "${module.gke.region}" -} - -output "cluster_name" { - description = "Cluster name" - value = "${module.gke.name}" -} - -output "network" { - value = "${local.network}" -} - -output "subnetwork" { - value = "${local.subnetwork}" -} - output "kubernetes_endpoint" { sensitive = true value = "${module.gke.endpoint}" @@ -50,26 +25,5 @@ output "client_token" { } output "ca_certificate" { - sensitive = true value = "${module.gke.ca_certificate}" } - -output "location" { - description = "Cluster location" - value = "${module.gke.location}" -} - -output "zones" { - description = "List of zones in which the cluster resides" - value = "${module.gke.zones}" -} - -output "ip_range_pods" { - description = "The secondary IP range used for pods" - value = "${local.ip_range_pods}" -} - -output "ip_range_services" { - description = "The secondary IP range used for services" - value = "${local.ip_range_services}" -} diff --git a/examples/simple_regional/README.md b/examples/simple_regional/README.md index 42056ffd33..a7b80a52c8 100644 --- a/examples/simple_regional/README.md +++ b/examples/simple_regional/README.md @@ -20,17 +20,9 @@ This example illustrates how to create a simple cluster. | Name | Description | |------|-------------| -| cluster_name | Cluster name | -| credentials_path | | -| ip_range_pods | The secondary IP range used for pods | -| ip_range_services | The secondary IP range used for services | -| kubernetes_endpoint | Cluster endpoint | -| location | Cluster location | -| master_kubernetes_version | The master Kubernetes version | -| network | Network the cluster is provisioned in | -| project_id | | -| region | | -| subnetwork | Subnetwork the cluster is provisioned in | +| ca_certificate | | +| client_token | | +| kubernetes_endpoint | | [^]: (autogen_docs_end) diff --git a/examples/simple_regional/main.tf b/examples/simple_regional/main.tf index 1c7479d959..053deeb32e 100644 --- a/examples/simple_regional/main.tf +++ b/examples/simple_regional/main.tf @@ -36,3 +36,5 @@ module "gke" { kubernetes_version = "1.9.7-gke.11" node_version = "1.9.7-gke.11" } + +data "google_client_config" "default" {} diff --git a/examples/simple_regional/outputs.tf b/examples/simple_regional/outputs.tf index 720bac77ee..f08062730c 100644 --- a/examples/simple_regional/outputs.tf +++ b/examples/simple_regional/outputs.tf @@ -14,55 +14,16 @@ * limitations under the License. */ -output "project_id" { - value = "${local.project_id}" -} - -output "credentials_path" { - value = "${local.credentials_path}" -} - -output "region" { - value = "${local.region}" -} - -output "cluster_name" { - description = "Cluster name" - value = "${module.gke.name}" -} - -output "network" { - description = "Network the cluster is provisioned in" - value = "${local.network}" -} - -output "subnetwork" { - description = "Subnetwork the cluster is provisioned in" - value = "${local.subnetwork}" -} - output "kubernetes_endpoint" { - sensitive = true - description = "Cluster endpoint" - value = "${module.gke.endpoint}" -} - -output "location" { - description = "Cluster location" - value = "${module.gke.location}" -} - -output "ip_range_pods" { - description = "The secondary IP range used for pods" - value = "${local.ip_range_pods}" + sensitive = true + value = "${module.gke.endpoint}" } -output "ip_range_services" { - description = "The secondary IP range used for services" - value = "${local.ip_range_services}" +output "client_token" { + sensitive = true + value = "${base64encode(data.google_client_config.default.access_token)}" } -output "master_kubernetes_version" { - description = "The master Kubernetes version" - value = "${module.gke.master_version}" +output "ca_certificate" { + value = "${module.gke.ca_certificate}" } diff --git a/examples/simple_zonal/README.md b/examples/simple_zonal/README.md index a9a0e48fe6..a549770e3a 100644 --- a/examples/simple_zonal/README.md +++ b/examples/simple_zonal/README.md @@ -21,17 +21,9 @@ This example illustrates how to create a simple cluster. | Name | Description | |------|-------------| -| cluster_name | Cluster name | -| credentials_path | | -| ip_range_pods | The secondary IP range used for pods | -| ip_range_services | The secondary IP range used for services | -| kubernetes_endpoint | Cluster endpoint | -| location | Cluster location | -| master_kubernetes_version | The master Kubernetes version | -| network | Network the cluster is provisioned in | -| project_id | | -| region | | -| subnetwork | Subnetwork the cluster is provisioned in | +| ca_certificate | | +| client_token | | +| kubernetes_endpoint | | [^]: (autogen_docs_end) diff --git a/examples/simple_zonal/main.tf b/examples/simple_zonal/main.tf index a0226e8100..cc2a280d16 100644 --- a/examples/simple_zonal/main.tf +++ b/examples/simple_zonal/main.tf @@ -37,3 +37,5 @@ module "gke" { kubernetes_version = "1.9.7-gke.11" node_version = "1.9.7-gke.11" } + +data "google_client_config" "default" {} diff --git a/examples/simple_zonal/outputs.tf b/examples/simple_zonal/outputs.tf index 720bac77ee..f08062730c 100644 --- a/examples/simple_zonal/outputs.tf +++ b/examples/simple_zonal/outputs.tf @@ -14,55 +14,16 @@ * limitations under the License. */ -output "project_id" { - value = "${local.project_id}" -} - -output "credentials_path" { - value = "${local.credentials_path}" -} - -output "region" { - value = "${local.region}" -} - -output "cluster_name" { - description = "Cluster name" - value = "${module.gke.name}" -} - -output "network" { - description = "Network the cluster is provisioned in" - value = "${local.network}" -} - -output "subnetwork" { - description = "Subnetwork the cluster is provisioned in" - value = "${local.subnetwork}" -} - output "kubernetes_endpoint" { - sensitive = true - description = "Cluster endpoint" - value = "${module.gke.endpoint}" -} - -output "location" { - description = "Cluster location" - value = "${module.gke.location}" -} - -output "ip_range_pods" { - description = "The secondary IP range used for pods" - value = "${local.ip_range_pods}" + sensitive = true + value = "${module.gke.endpoint}" } -output "ip_range_services" { - description = "The secondary IP range used for services" - value = "${local.ip_range_services}" +output "client_token" { + sensitive = true + value = "${base64encode(data.google_client_config.default.access_token)}" } -output "master_kubernetes_version" { - description = "The master Kubernetes version" - value = "${module.gke.master_version}" +output "ca_certificate" { + value = "${module.gke.ca_certificate}" } diff --git a/examples/stub_domains/README.md b/examples/stub_domains/README.md index 16507d89de..357b0f3745 100644 --- a/examples/stub_domains/README.md +++ b/examples/stub_domains/README.md @@ -27,16 +27,7 @@ It will: |------|-------------| | ca_certificate | | | client_token | | -| cluster_name | Cluster name | -| credentials_path | | -| ip_range_pods | The secondary IP range used for pods | -| ip_range_services | The secondary IP range used for services | | kubernetes_endpoint | | -| location | | -| network | | -| project_id | | -| region | | -| subnetwork | | [^]: (autogen_docs_end) diff --git a/examples/stub_domains/outputs.tf b/examples/stub_domains/outputs.tf index 8bf635469d..f08062730c 100644 --- a/examples/stub_domains/outputs.tf +++ b/examples/stub_domains/outputs.tf @@ -14,31 +14,6 @@ * limitations under the License. */ -output "project_id" { - value = "${local.project_id}" -} - -output "credentials_path" { - value = "${local.credentials_path}" -} - -output "region" { - value = "${module.gke.region}" -} - -output "cluster_name" { - description = "Cluster name" - value = "${module.gke.name}" -} - -output "network" { - value = "${local.network}" -} - -output "subnetwork" { - value = "${local.subnetwork}" -} - output "kubernetes_endpoint" { sensitive = true value = "${module.gke.endpoint}" @@ -50,20 +25,5 @@ output "client_token" { } output "ca_certificate" { - sensitive = true value = "${module.gke.ca_certificate}" } - -output "location" { - value = "${module.gke.location}" -} - -output "ip_range_pods" { - description = "The secondary IP range used for pods" - value = "${local.ip_range_pods}" -} - -output "ip_range_services" { - description = "The secondary IP range used for services" - value = "${local.ip_range_services}" -} diff --git a/test/fixtures/all_examples/fixture_data.tf b/test/fixtures/all_examples/fixture_data.tf.fixture similarity index 100% rename from test/fixtures/all_examples/fixture_data.tf rename to test/fixtures/all_examples/fixture_data.tf.fixture diff --git a/test/fixtures/all_examples/fixture_outputs.tf.fixture b/test/fixtures/all_examples/fixture_outputs.tf.fixture new file mode 100644 index 0000000000..a95bf39c5e --- /dev/null +++ b/test/fixtures/all_examples/fixture_outputs.tf.fixture @@ -0,0 +1,64 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = "${local.project_id}" +} + +output "credentials_path" { + value = "${local.credentials_path}" +} + +output "region" { + value = "${module.gke.region}" +} + +output "cluster_name" { + description = "Cluster name" + value = "${module.gke.name}" +} + +output "network" { + value = "${local.network}" +} + +output "subnetwork" { + value = "${local.subnetwork}" +} + +output "location" { + value = "${module.gke.location}" +} + +output "ip_range_pods" { + description = "The secondary IP range used for pods" + value = "${local.ip_range_pods}" +} + +output "ip_range_services" { + description = "The secondary IP range used for services" + value = "${local.ip_range_services}" +} + +output "zones" { + description = "List of zones in which the cluster resides" + value = "${module.gke.zones}" +} + +output "master_kubernetes_version" { + description = "The master Kubernetes version" + value = "${module.gke.master_version}" +} diff --git a/test/fixtures/all_examples/install.sh b/test/fixtures/all_examples/install.sh new file mode 100755 index 0000000000..671a6200f8 --- /dev/null +++ b/test/fixtures/all_examples/install.sh @@ -0,0 +1,35 @@ +#!/bin/bash +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +############################################# +# Install fixture data into an example case # +############################################# +BASEDIR=$(dirname "$0") +EXAMPLE=${1} + +if [ -z "${EXAMPLE}" ]; then + echo "Must specify an example to install fixtures into. Aborting." + exit 1 +fi + +if [ ! -d "${BASEDIR}/../../../examples/${EXAMPLE}" ]; then + echo "Example ${EXAMPLE} does not exist. Aborting." + exit 1 +fi + +_example_path="${BASEDIR}/../../../examples/${EXAMPLE}" +mv "${_example_path}/variables.tf" "${_example_path}/variables.tf.disabled" +cp "${BASEDIR}/fixture_data.tf.fixture" "${_example_path}/fixture_data.tf" +cp "${BASEDIR}/fixture_outputs.tf.fixture" "${_example_path}/fixture_outputs.tf" diff --git a/test/fixtures/all_examples/uninstall.sh b/test/fixtures/all_examples/uninstall.sh new file mode 100755 index 0000000000..b9d0b7a7d9 --- /dev/null +++ b/test/fixtures/all_examples/uninstall.sh @@ -0,0 +1,35 @@ +#!/bin/bash +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +############################################# +# Install fixture data into an example case # +############################################# +BASEDIR=$(dirname "$0") +EXAMPLE=${1} + +if [ -z "${EXAMPLE}" ]; then + echo "Must specify an example to install fixtures into. Aborting." + exit 1 +fi + +if [ ! -d "${BASEDIR}/../../../examples/${EXAMPLE}" ]; then + echo "Example ${EXAMPLE} does not exist. Aborting." + exit 1 +fi + +_example_path="${BASEDIR}/../../../examples/${EXAMPLE}" +rm -rf "${_example_path}/fixture_data.tf" +rm -rf "${_example_path}/fixture_outputs.tf" +mv "${_example_path}/variables.tf.disabled" "${_example_path}/variables.tf" From 2c399b0f89e6e2ec4312b3a0bde1426c8c177212 Mon Sep 17 00:00:00 2001 From: Aaron Lane Date: Tue, 27 Nov 2018 11:35:27 -0500 Subject: [PATCH 08/39] Remove reference to kitchen-inspec This gem is no longer used in testing. --- README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 6e6d3f576c..505e657a8e 100644 --- a/README.md +++ b/README.md @@ -209,11 +209,12 @@ make generate_docs ### Integration test #### Terraform integration tests -The integration tests for this module leverage [kitchen-terraform](https://github.com/newcontext-oss/kitchen-terraform) and [kitchen-inspec](https://github.com/inspec/kitchen-inspec). +The integration tests for this module leverage +[kitchen-terraform](https://github.com/newcontext-oss/kitchen-terraform). The tests will do the following: - Perform `bundle install` command - - Installs `kitchen-terraform` and `kitchen-inspec` gems + - Installs `kitchen-terraform` gem - Perform `kitchen create` command - Performs a `terraform init` - Perform `kitchen converge` command From a7c2e5d942d2fcd74b0c50022c1612bf0211c59c Mon Sep 17 00:00:00 2001 From: Aaron Lane Date: Tue, 27 Nov 2018 14:30:06 -0500 Subject: [PATCH 09/39] Pin Ruby to 2.5 --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 35e4ef7d1f..c0b3fa63d8 100644 --- a/Gemfile +++ b/Gemfile @@ -12,7 +12,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -ruby '2.4.2' +ruby "~> 2.5" source 'https://rubygems.org/' do gem 'kitchen-terraform', '~> 4.0.3' From d3846551a4b2a1c4d0b1215e8efea652f4429d28 Mon Sep 17 00:00:00 2001 From: Aaron Lane Date: Tue, 27 Nov 2018 14:31:26 -0500 Subject: [PATCH 10/39] Pin rest-client to v2 --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index c0b3fa63d8..a8efcf2070 100644 --- a/Gemfile +++ b/Gemfile @@ -17,5 +17,5 @@ ruby "~> 2.5" source 'https://rubygems.org/' do gem 'kitchen-terraform', '~> 4.0.3' gem 'kubeclient' - gem 'rest-client' + gem "rest-client", "~> 2.0" end From a8c5aceddab7234dcdc08025fc9163db592095ff Mon Sep 17 00:00:00 2001 From: Aaron Lane Date: Tue, 27 Nov 2018 14:32:08 -0500 Subject: [PATCH 11/39] Pin kubeclient to v4 --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index a8efcf2070..8161da2202 100644 --- a/Gemfile +++ b/Gemfile @@ -16,6 +16,6 @@ ruby "~> 2.5" source 'https://rubygems.org/' do gem 'kitchen-terraform', '~> 4.0.3' - gem 'kubeclient' + gem "kubeclient", "~> 4.0" gem "rest-client", "~> 2.0" end From 42da44eeb0238a4628114100a284c07fb8b747d0 Mon Sep 17 00:00:00 2001 From: Aaron Lane Date: Tue, 27 Nov 2018 14:32:32 -0500 Subject: [PATCH 12/39] Pin kitchen-terraform to v4 --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 8161da2202..2fffe26f1f 100644 --- a/Gemfile +++ b/Gemfile @@ -15,7 +15,7 @@ ruby "~> 2.5" source 'https://rubygems.org/' do - gem 'kitchen-terraform', '~> 4.0.3' + gem "kitchen-terraform", "~> 4.0" gem "kubeclient", "~> 4.0" gem "rest-client", "~> 2.0" end From 98145c1c5503ab9fec4c4419dcf92563d1a2a737 Mon Sep 17 00:00:00 2001 From: Aaron Lane Date: Tue, 27 Nov 2018 15:08:46 -0500 Subject: [PATCH 13/39] Add missing SA roles to Read Me container.developer and iam.serviceAccountUser are required to successfully converge. --- README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 505e657a8e..62c357caa3 100644 --- a/README.md +++ b/README.md @@ -163,12 +163,12 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog - [terraform-provider-google](https://github.com/terraform-providers/terraform-provider-google) plugin v1.8.0 ### Configure a Service Account -In order to execute this module you must have a Service Account with the following: - -#### IAM Roles -The service account with the following roles: -- roles/compute.viewer on the project -- roles/container.clusterAdmin on the project +In order to execute this module you must have a Service Account with the +following project roles: +- roles/compute.viewer +- roles/container.clusterAdmin +- roles/container.developer +- roles/iam.serviceAccountUser ### Enable APIs In order to operate with the Service Account you must activate the following APIs on the project where the Service Account was created: @@ -269,4 +269,4 @@ are as follows: is a compiled language so there is no standard linter. * Terraform - terraform has a built-in linter in the 'terraform validate' command. -* Dockerfiles - hadolint. Can be found in homebrew \ No newline at end of file +* Dockerfiles - hadolint. Can be found in homebrew From 4cd24bd936ca8b0bfda46d8614d140cb8e211d9a Mon Sep 17 00:00:00 2001 From: Aaron Lane Date: Tue, 27 Nov 2018 15:13:30 -0500 Subject: [PATCH 14/39] Increase platform support for base64 command Most versions of base64 respond to `--decode`. Versions that do not, like the one shipped with BusyBox, should respond to `-d`. --- scripts/kubectl_wrapper.sh | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/scripts/kubectl_wrapper.sh b/scripts/kubectl_wrapper.sh index e1444ca2a0..5b7d881aaf 100755 --- a/scripts/kubectl_wrapper.sh +++ b/scripts/kubectl_wrapper.sh @@ -39,12 +39,7 @@ mkdir "${TMPDIR}" export KUBECONFIG="${TMPDIR}/config" -_b64_location=$(which base64) - -B64_ARG="-D" -if [ "${_b64_location}" = "/bin/base64" ]; then - B64_ARG="-d" -fi +base64 --help | grep "\--decode" && B64_ARG="--decode" || B64_ARG="-d" echo "${CA_CERTIFICATE}" | base64 ${B64_ARG} > "${TMPDIR}/ca_certificate" kubectl config set-cluster kubectl-wrapper --server="${HOST}" --certificate-authority="${TMPDIR}/ca_certificate" --embed-certs=true 1>/dev/null From f3fda1986eceab53718cfcf77642b3b1eea5e407 Mon Sep 17 00:00:00 2001 From: Aaron Lane Date: Tue, 27 Nov 2018 15:28:09 -0500 Subject: [PATCH 15/39] Only move variables.tf during install if it exists This avoids a missing file warning during subsequent executions of the script. --- test/fixtures/all_examples/install.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/test/fixtures/all_examples/install.sh b/test/fixtures/all_examples/install.sh index 671a6200f8..884049db5b 100755 --- a/test/fixtures/all_examples/install.sh +++ b/test/fixtures/all_examples/install.sh @@ -30,6 +30,9 @@ if [ ! -d "${BASEDIR}/../../../examples/${EXAMPLE}" ]; then fi _example_path="${BASEDIR}/../../../examples/${EXAMPLE}" -mv "${_example_path}/variables.tf" "${_example_path}/variables.tf.disabled" +_variables_file="${_example_path}/variables.tf" +if [ -f "${_variables_file}" ]; then + mv "${_variables_file}" "${_variables_file}.disabled" +fi cp "${BASEDIR}/fixture_data.tf.fixture" "${_example_path}/fixture_data.tf" cp "${BASEDIR}/fixture_outputs.tf.fixture" "${_example_path}/fixture_outputs.tf" From bb0e0dd79a41480bcd19fcd42fd6a877fc6ee3ce Mon Sep 17 00:00:00 2001 From: Aaron Lane Date: Tue, 27 Nov 2018 16:20:00 -0500 Subject: [PATCH 16/39] Pin Ruby to v2.5 in Makefile --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index d9511218e5..99872b55a9 100644 --- a/Makefile +++ b/Makefile @@ -22,7 +22,7 @@ BUILD_PROVIDER_GOOGLE_VERSION ?= 1.17.1 BUILD_PROVIDER_GSUITE_VERSION ?= 0.1.8 DOCKER_IMAGE_TERRAFORM := cftk/terraform DOCKER_TAG_TERRAFORM ?= ${BUILD_TERRAFORM_VERSION}_${BUILD_CLOUD_SDK_VERSION}_${BUILD_PROVIDER_GOOGLE_VERSION}_${BUILD_PROVIDER_GSUITE_VERSION} -BUILD_RUBY_VERSION := 2.4.2 +BUILD_RUBY_VERSION := 2.5.3 DOCKER_IMAGE_KITCHEN_TERRAFORM := cftk/kitchen_terraform DOCKER_TAG_KITCHEN_TERRAFORM ?= ${BUILD_TERRAFORM_VERSION}_${BUILD_CLOUD_SDK_VERSION}_${BUILD_PROVIDER_GOOGLE_VERSION}_${BUILD_PROVIDER_GSUITE_VERSION} From a6045dce021db6a9710a4fb75a27b52aaa4e6bf3 Mon Sep 17 00:00:00 2001 From: Aaron Lane Date: Tue, 27 Nov 2018 16:33:18 -0500 Subject: [PATCH 17/39] Update go to v1.10.5-r0 in Dockerfile This fixes the following build issue: ``` ERROR: unsatisfiable constraints: go-1.10.5-r0: breaks: world[go=1.10.1-r0] ``` --- build/docker/terraform/Dockerfile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/build/docker/terraform/Dockerfile b/build/docker/terraform/Dockerfile index 53aeb389e2..3a68e1ecf4 100644 --- a/build/docker/terraform/Dockerfile +++ b/build/docker/terraform/Dockerfile @@ -15,11 +15,11 @@ FROM alpine:3.8 as builder RUN apk add --no-cache \ - bash=4.4.19-r1 \ - git=2.18.1-r0 \ - go=1.10.1-r0 \ - make=4.2.1-r2 \ - musl-dev=1.1.19-r10 + bash=4.4.19-r1 \ + git=2.18.1-r0 \ + go=1.10.5-r0 \ + make=4.2.1-r2 \ + musl-dev=1.1.19-r10 ENV APP_BASE_DIR="/cftk" From a75e252b9eb72829f9c7723b9131d62a85343257 Mon Sep 17 00:00:00 2001 From: Aaron Lane Date: Tue, 27 Nov 2018 16:38:34 -0500 Subject: [PATCH 18/39] Update curl, git in Dockerfile This fixes the following build issue: ``` ERROR: unsatisfiable constraints: curl-7.61.1-r1: breaks: world[curl=7.61.1-r0] git-2.18.1-r0: breaks: world[git=2.18.0-r0] ``` --- build/docker/terraform/Dockerfile | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/build/docker/terraform/Dockerfile b/build/docker/terraform/Dockerfile index 3a68e1ecf4..8c4ae71a68 100644 --- a/build/docker/terraform/Dockerfile +++ b/build/docker/terraform/Dockerfile @@ -47,12 +47,12 @@ RUN git fetch --all --tags --prune && \ FROM alpine:3.8 RUN apk add --no-cache \ - bash=4.4.19-r1 \ - curl=7.61.1-r0 \ - git=2.18.0-r0 \ - jq=1.6_rc1-r1 \ - make=4.2.1-r2 \ - python2=2.7.15-r1 + bash=4.4.19-r1 \ + curl=7.61.1-r1 \ + git=2.18.1-r0 \ + jq=1.6_rc1-r1 \ + make=4.2.1-r2 \ + python2=2.7.15-r1 ENV APP_BASE_DIR="/cftk" From 8208f867ab32503c9edb035b27a9c5f5bb927aff Mon Sep 17 00:00:00 2001 From: Aaron Lane Date: Tue, 27 Nov 2018 16:53:24 -0500 Subject: [PATCH 19/39] Update packages in kitchen_terraform/Dockerfile This fixes the following build issue: ``` ERROR: unsatisfiable constraints: ca-certificates-20171114-r3: breaks: world[ca-certificates=20161130-r0] satisfies: curl-7.61.1-r1[ca-certificates] libcurl-7.61.1-r1[ca-certificates] .ruby-rundeps-0[ca-certificates] bash-4.4.19-r1: breaks: world[bash=4.3.42-r5] curl-7.61.1-r1: breaks: world[curl=7.60.0-r1] musl-dev-1.1.19-r10: breaks: world[musl-dev=1.1.14-r16] satisfies: libc-dev-0.7.1-r0[musl-dev] g++-6.4.0-r9: breaks: world[g++=5.3.0-r0] git-2.18.1-r0: breaks: world[git=2.8.6-r0] jq-1.6_rc1-r1: breaks: world[jq=1.5-r2] make-4.2.1-r2: breaks: world[make=4.1-r1] python2-2.7.15-r1: breaks: world[python=2.7.14-r0] satisfies: python2-dev-2.7.15-r1[python2=2.7.15-r1] py-setuptools-39.1.0-r0[python2] py2-pip-10.0.1-r0[python2] py2-pip-10.0.1-r0: breaks: world[py-pip=8.1.2-r0] python2-dev-2.7.15-r1: breaks: world[python-dev=2.7.14-r0] ``` --- build/docker/kitchen_terraform/Dockerfile | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/build/docker/kitchen_terraform/Dockerfile b/build/docker/kitchen_terraform/Dockerfile index a2e7a898b5..52c7896bed 100644 --- a/build/docker/kitchen_terraform/Dockerfile +++ b/build/docker/kitchen_terraform/Dockerfile @@ -22,17 +22,17 @@ FROM $BUILD_TERRAFORM_IMAGE as cfkt_terraform FROM ruby:$BUILD_RUBY_VERSION-alpine RUN apk add --no-cache \ - bash=4.3.42-r5 \ - curl=7.60.0-r1 \ - git=2.8.6-r0 \ - g++=5.3.0-r0 \ - jq=1.5-r2 \ - make=4.1-r1 \ - musl-dev=1.1.14-r16 \ - python=2.7.14-r0 \ - python-dev=2.7.14-r0 \ - py-pip=8.1.2-r0 \ - ca-certificates=20161130-r0 + bash=4.4.19-r1 \ + curl=7.61.1-r1 \ + git=2.18.1-r0 \ + g++=6.4.0-r9 \ + jq=1.6_rc1-r1 \ + make=4.2.1-r2 \ + musl-dev=1.1.19-r10 \ + python2=2.7.15-r1 \ + python2-dev=2.7.15-r1 \ + py2-pip=10.0.1-r0 \ + ca-certificates=20171114-r3 ADD https://storage.googleapis.com/kubernetes-release/release/v1.12.2/bin/linux/amd64/kubectl /usr/local/bin/kubectl RUN chmod +x /usr/local/bin/kubectl From 486c90dff9f406e106a71eba672deb61c6514a03 Mon Sep 17 00:00:00 2001 From: Jason Berlinsky Date: Wed, 28 Nov 2018 19:33:07 -0500 Subject: [PATCH 20/39] Refactor example cases with mutliple assertions --- test/integration/node_pool/controls/gcloud.rb | 6 ++++++ test/integration/simple_zonal/controls/gcloud.rb | 3 +++ 2 files changed, 9 insertions(+) diff --git a/test/integration/node_pool/controls/gcloud.rb b/test/integration/node_pool/controls/gcloud.rb index 3897fd257a..9f9dbd2ca9 100644 --- a/test/integration/node_pool/controls/gcloud.rb +++ b/test/integration/node_pool/controls/gcloud.rb @@ -57,6 +57,9 @@ it "exists" do expect(node_pool).not_to be_nil + end + + it "is named correctly" do expect(node_pool['name']).to eq "pool-01" end @@ -104,6 +107,9 @@ it "exists" do expect(node_pool).not_to be_nil + end + + it "is named correctly" do expect(node_pool['name']).to eq "pool-02" end diff --git a/test/integration/simple_zonal/controls/gcloud.rb b/test/integration/simple_zonal/controls/gcloud.rb index 6549a927d9..071c8c80ce 100644 --- a/test/integration/simple_zonal/controls/gcloud.rb +++ b/test/integration/simple_zonal/controls/gcloud.rb @@ -46,6 +46,9 @@ it "is zonal" do expect(data['zone']).to eq location + end + + it "is not regional" do expect(data['zone']).not_to eq region end From 72899faf43db08b89a4e6c68f540055624236198 Mon Sep 17 00:00:00 2001 From: Jason Berlinsky Date: Thu, 29 Nov 2018 08:54:03 -0500 Subject: [PATCH 21/39] Reduce attributes passed into test-kitchen examples to simplify system under test --- .../deploy_service/controls/gcloud.rb | 23 +------------ test/integration/deploy_service/inspec.yml | 20 ------------ test/integration/node_pool/inspec.yml | 20 ------------ .../simple_regional/controls/gcloud.rb | 28 ++-------------- test/integration/simple_regional/inspec.yml | 20 ------------ .../simple_zonal/controls/gcloud.rb | 32 ++----------------- test/integration/simple_zonal/inspec.yml | 17 ---------- .../stub_domains/controls/gcloud.rb | 20 ------------ test/integration/stub_domains/inspec.yml | 20 ------------ 9 files changed, 7 insertions(+), 193 deletions(-) diff --git a/test/integration/deploy_service/controls/gcloud.rb b/test/integration/deploy_service/controls/gcloud.rb index 0e9b44041f..a1bbf938a0 100644 --- a/test/integration/deploy_service/controls/gcloud.rb +++ b/test/integration/deploy_service/controls/gcloud.rb @@ -15,11 +15,6 @@ project_id = attribute('project_id') location = attribute('location') cluster_name = attribute('cluster_name') -network = attribute('network') -subnetwork = attribute('subnetwork') -ip_range_pods = attribute('ip_range_pods') -ip_range_services = attribute('ip_range_services') -master_kubernetes_version = attribute('master_kubernetes_version') credentials_path = attribute('credentials_path') ENV['CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE'] = credentials_path @@ -44,23 +39,7 @@ end it "has the expected initial cluster version" do - expect(data['initialClusterVersion']).to eq master_kubernetes_version - end - - it "is in the expected network" do - expect(data['network']).to eq network - end - - it "is in the expected subnetwork" do - expect(data['subnetwork']).to eq subnetwork - end - - it "has the expected secondary ip range for pods" do - expect(data['ipAllocationPolicy']['clusterSecondaryRangeName']).to eq ip_range_pods - end - - it "has the expected secondary ip range for services" do - expect(data['ipAllocationPolicy']['servicesSecondaryRangeName']).to eq ip_range_services + expect(data['initialClusterVersion']).to eq "1.9.7-gke.11" end end end diff --git a/test/integration/deploy_service/inspec.yml b/test/integration/deploy_service/inspec.yml index 753ad19e68..947d2a13e8 100644 --- a/test/integration/deploy_service/inspec.yml +++ b/test/integration/deploy_service/inspec.yml @@ -6,32 +6,12 @@ attributes: - name: credentials_path required: true type: string - - name: region - required: true - type: string - name: location required: true type: string - name: cluster_name required: true type: string - - name: network - required: false - type: string - default: "default" - - name: subnetwork - required: false - type: string - default: "default" - - name: ip_range_pods - required: true - type: string - - name: ip_range_services - required: true - type: string - - name: master_kubernetes_version - required: true - type: string - name: kubernetes_endpoint required: true type: string diff --git a/test/integration/node_pool/inspec.yml b/test/integration/node_pool/inspec.yml index c0e3eb2c78..a38e10b807 100644 --- a/test/integration/node_pool/inspec.yml +++ b/test/integration/node_pool/inspec.yml @@ -6,32 +6,12 @@ attributes: - name: credentials_path required: true type: string - - name: region - required: true - type: string - name: location required: true type: string - name: cluster_name required: true type: string - - name: network - required: false - type: string - default: "default" - - name: subnetwork - required: false - type: string - default: "default" - - name: ip_range_pods - required: true - type: string - - name: ip_range_services - required: true - type: string - - name: master_kubernetes_version - required: true - type: string - name: kubernetes_endpoint required: true type: string diff --git a/test/integration/simple_regional/controls/gcloud.rb b/test/integration/simple_regional/controls/gcloud.rb index 367919fef2..b3d1dbdee2 100644 --- a/test/integration/simple_regional/controls/gcloud.rb +++ b/test/integration/simple_regional/controls/gcloud.rb @@ -13,14 +13,8 @@ # limitations under the License. project_id = attribute('project_id') -region = attribute('region') location = attribute('location') cluster_name = attribute('cluster_name') -network = attribute('network') -subnetwork = attribute('subnetwork') -ip_range_pods = attribute('ip_range_pods') -ip_range_services = attribute('ip_range_services') -master_kubernetes_version = attribute('master_kubernetes_version') credentials_path = attribute('credentials_path') ENV['CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE'] = credentials_path @@ -45,27 +39,11 @@ end it "is regional" do - expect(data['zone']).to eq region + expect(data['location']).to match(/^.*[1-9]$/) end it "has the expected initial cluster version" do - expect(data['initialClusterVersion']).to eq master_kubernetes_version - end - - it "is in the expected network" do - expect(data['network']).to eq network - end - - it "is in the expected subnetwork" do - expect(data['subnetwork']).to eq subnetwork - end - - it "has the expected secondary ip range for pods" do - expect(data['ipAllocationPolicy']['clusterSecondaryRangeName']).to eq ip_range_pods - end - - it "has the expected secondary ip range for services" do - expect(data['ipAllocationPolicy']['servicesSecondaryRangeName']).to eq ip_range_services + expect(data['initialClusterVersion']).to eq "1.9.7-gke.11" end it "has the expected addon settings" do @@ -100,7 +78,7 @@ let(:node_pool) { data['nodePools'].reject { |p| p['name'] == "default-pool" }.first } it "is running the expected version of Kubernetes" do - expect(node_pool['version']).to eq master_kubernetes_version + expect(node_pool['version']).to eq "1.9.7-gke.11" end it "has autoscaling enabled" do diff --git a/test/integration/simple_regional/inspec.yml b/test/integration/simple_regional/inspec.yml index a4fc2ce027..802697b75a 100644 --- a/test/integration/simple_regional/inspec.yml +++ b/test/integration/simple_regional/inspec.yml @@ -6,32 +6,12 @@ attributes: - name: credentials_path required: true type: string - - name: region - required: true - type: string - name: location required: true type: string - name: cluster_name required: true type: string - - name: network - required: false - type: string - default: "default" - - name: subnetwork - required: false - type: string - default: "default" - - name: ip_range_pods - required: true - type: string - - name: ip_range_services - required: true - type: string - - name: master_kubernetes_version - required: true - type: string - name: kubernetes_endpoint required: true type: string diff --git a/test/integration/simple_zonal/controls/gcloud.rb b/test/integration/simple_zonal/controls/gcloud.rb index 071c8c80ce..8398de6b08 100644 --- a/test/integration/simple_zonal/controls/gcloud.rb +++ b/test/integration/simple_zonal/controls/gcloud.rb @@ -13,14 +13,8 @@ # limitations under the License. project_id = attribute('project_id') -region = attribute('region') location = attribute('location') cluster_name = attribute('cluster_name') -network = attribute('network') -subnetwork = attribute('subnetwork') -ip_range_pods = attribute('ip_range_pods') -ip_range_services = attribute('ip_range_services') -master_kubernetes_version = attribute('master_kubernetes_version') credentials_path = attribute('credentials_path') ENV['CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE'] = credentials_path @@ -45,31 +39,11 @@ end it "is zonal" do - expect(data['zone']).to eq location - end - - it "is not regional" do - expect(data['zone']).not_to eq region + expect(data['location']).to match(/^(.*)[1-9]-[a-z]$/) end it "has the expected initial cluster version" do - expect(data['initialClusterVersion']).to eq master_kubernetes_version - end - - it "is in the expected network" do - expect(data['network']).to eq network - end - - it "is in the expected subnetwork" do - expect(data['subnetwork']).to eq subnetwork - end - - it "has the expected secondary ip range for pods" do - expect(data['ipAllocationPolicy']['clusterSecondaryRangeName']).to eq ip_range_pods - end - - it "has the expected secondary ip range for services" do - expect(data['ipAllocationPolicy']['servicesSecondaryRangeName']).to eq ip_range_services + expect(data['initialClusterVersion']).to eq "1.9.7-gke.11" end it "has the expected addon settings" do @@ -104,7 +78,7 @@ let(:node_pool) { data['nodePools'].reject { |p| p['name'] == "default-pool" }.first } it "is running the expected version of Kubernetes" do - expect(node_pool['version']).to eq master_kubernetes_version + expect(node_pool['version']).to eq "1.9.7-gke.11" end it "has autoscaling enabled" do diff --git a/test/integration/simple_zonal/inspec.yml b/test/integration/simple_zonal/inspec.yml index c282095c93..d17e1cceef 100644 --- a/test/integration/simple_zonal/inspec.yml +++ b/test/integration/simple_zonal/inspec.yml @@ -6,29 +6,12 @@ attributes: - name: credentials_path required: true type: string - - name: region - required: true - type: string - name: location required: true type: string - name: cluster_name required: true type: string - - name: network - required: false - type: string - default: "default" - - name: subnetwork - required: false - type: string - default: "default" - - name: ip_range_pods - required: true - type: string - - name: ip_range_services - required: true - type: string - name: master_kubernetes_version required: true type: string diff --git a/test/integration/stub_domains/controls/gcloud.rb b/test/integration/stub_domains/controls/gcloud.rb index 565a1db5e7..08670e55ca 100644 --- a/test/integration/stub_domains/controls/gcloud.rb +++ b/test/integration/stub_domains/controls/gcloud.rb @@ -15,10 +15,6 @@ project_id = attribute('project_id') location = attribute('location') cluster_name = attribute('cluster_name') -network = attribute('network') -subnetwork = attribute('subnetwork') -ip_range_pods = attribute('ip_range_pods') -ip_range_services = attribute('ip_range_services') credentials_path = attribute('credentials_path') ENV['CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE'] = credentials_path @@ -42,22 +38,6 @@ expect(data['status']).to eq 'RUNNING' end - it "is in the expected network" do - expect(data['network']).to eq network - end - - it "is in the expected subnetwork" do - expect(data['subnetwork']).to eq subnetwork - end - - it "has the expected secondary ip range for pods" do - expect(data['ipAllocationPolicy']['clusterSecondaryRangeName']).to eq ip_range_pods - end - - it "has the expected secondary ip range for services" do - expect(data['ipAllocationPolicy']['servicesSecondaryRangeName']).to eq ip_range_services - end - it "has the expected addon settings" do expect(data['addonsConfig']).to eq({ "horizontalPodAutoscaling" => { diff --git a/test/integration/stub_domains/inspec.yml b/test/integration/stub_domains/inspec.yml index 7e41bde718..0dfb503568 100644 --- a/test/integration/stub_domains/inspec.yml +++ b/test/integration/stub_domains/inspec.yml @@ -6,32 +6,12 @@ attributes: - name: credentials_path required: true type: string - - name: region - required: true - type: string - name: location required: true type: string - name: cluster_name required: true type: string - - name: network - required: false - type: string - default: "default" - - name: subnetwork - required: false - type: string - default: "default" - - name: ip_range_pods - required: true - type: string - - name: ip_range_services - required: true - type: string - - name: master_kubernetes_version - required: true - type: string - name: kubernetes_endpoint required: true type: string From ae7b5da67783c12c7287003a6d78a9d62706e91c Mon Sep 17 00:00:00 2001 From: Jason Berlinsky Date: Fri, 30 Nov 2018 17:59:49 -0500 Subject: [PATCH 22/39] Switch to using `includes` matchers instead of filtering for specific array elements --- test/integration/node_pool/controls/gcloud.rb | 233 ++++++++++++------ .../simple_regional/controls/gcloud.rb | 104 ++++++-- .../simple_zonal/controls/gcloud.rb | 88 +++++-- 3 files changed, 313 insertions(+), 112 deletions(-) diff --git a/test/integration/node_pool/controls/gcloud.rb b/test/integration/node_pool/controls/gcloud.rb index 9f9dbd2ca9..4a3743d59c 100644 --- a/test/integration/node_pool/controls/gcloud.rb +++ b/test/integration/node_pool/controls/gcloud.rb @@ -33,18 +33,6 @@ end end - describe "default node pool" do - let(:default_node_pool) { data['nodePools'].select { |p| p['name'] == "default-pool" }.first } - - it "has no initial node count" do - expect(default_node_pool['initialNodeCount']).to eq nil - end - - it "does not have autoscaling enabled" do - expect(default_node_pool['autoscaling']).to eq nil - end - end - describe "node pools" do let(:node_pools) { data['nodePools'].reject { |p| p['name'] == "default-pool" } } @@ -53,120 +41,227 @@ end describe "pool-01" do - let(:node_pool) { node_pools.select { |p| p['name'] == "pool-01" }.first } - it "exists" do - expect(node_pool).not_to be_nil - end - - it "is named correctly" do - expect(node_pool['name']).to eq "pool-01" + expect(data['nodePools']).to include( + including( + "name" => "pool-01", + ) + ) end it "is the expected machine type" do - expect(node_pool['config']['machineType']).to eq 'n1-standard-2' + expect(data['nodePools']).to include( + including( + "name" => "pool-01", + "config" => including( + "machineType" => "n1-standard-2", + ), + ) + ) end it "has autoscaling enabled" do - expect(node_pool['autoscaling']['enabled']).to eq true + expect(data['nodePools']).to include( + including( + "name" => "pool-01", + "autoscaling" => including( + "enabled" => true, + ), + ) + ) end it "has the expected minimum node count" do - expect(node_pool['autoscaling']['minNodeCount']).to eq 4 + expect(data['nodePools']).to include( + including( + "name" => "pool-01", + "autoscaling" => including( + "minNodeCount" => 4, + ), + ) + ) end it "has autorepair enabled" do - expect(node_pool['management']['autoRepair']).to eq true + expect(data['nodePools']).to include( + including( + "name" => "pool-01", + "management" => including( + "autoRepair" => true, + ), + ) + ) end it "has automatic upgrades enabled" do - expect(node_pool['management']['autoUpgrade']).to eq true + expect(data['nodePools']).to include( + including( + "name" => "pool-01", + "management" => including( + "autoUpgrade" => true, + ), + ) + ) end it "has the expected labels" do - expect(node_pool['config']['labels']).to eq({ - "all-pools-example" => "true", - "pool-01-example" => "true", - "cluster_name" => cluster_name, - "node_pool" => "pool-01", - }) + expect(data['nodePools']).to include( + including( + "name" => "pool-01", + "config" => including( + "labels" => { + "all-pools-example" => "true", + "pool-01-example" => "true", + "cluster_name" => cluster_name, + "node_pool" => "pool-01", + }, + ), + ) + ) end it "has the expected network tags" do - expect(node_pool['config']['tags']).to match_array([ - "all-node-example", - "pool-01-example", - "gke-node-pool-cluster", - "gke-node-pool-cluster-pool-01", - ]) + expect(data['nodePools']).to include( + including( + "name" => "pool-01", + "config" => including( + "tags" => match_array([ + "all-node-example", + "pool-01-example", + "gke-node-pool-cluster", + "gke-node-pool-cluster-pool-01", + ]), + ), + ) + ) end end describe "pool-02" do - let(:node_pool) { node_pools.select { |p| p['name'] == "pool-02" }.first } - it "exists" do - expect(node_pool).not_to be_nil - end - - it "is named correctly" do - expect(node_pool['name']).to eq "pool-02" + expect(data['nodePools']).to include( + including( + "name" => "pool-02", + ) + ) end it "is the expected machine type" do - expect(node_pool['config']['machineType']).to eq 'n1-standard-2' + expect(data['nodePools']).to include( + including( + "name" => "pool-02", + "config" => including( + "machineType" => "n1-standard-2", + ), + ) + ) end it "has autoscaling enabled" do - expect(node_pool['autoscaling']['enabled']).to eq true + expect(data['nodePools']).to include( + including( + "name" => "pool-02", + "autoscaling" => including( + "enabled" => true, + ), + ) + ) end it "has the expected minimum node count" do - expect(node_pool['autoscaling']['minNodeCount']).to eq 2 + expect(data['nodePools']).to include( + including( + "name" => "pool-02", + "autoscaling" => including( + "minNodeCount" => 2, + ), + ) + ) end it "has the expected maximum node count" do - expect(node_pool['autoscaling']['maxNodeCount']).to eq 3 + expect(data['nodePools']).to include( + including( + "name" => "pool-02", + "autoscaling" => including( + "maxNodeCount" => 3, + ), + ) + ) end it "has the expected disk size" do - expect(node_pool['config']['diskSizeGb']).to eq 30 + expect(data['nodePools']).to include( + including( + "name" => "pool-02", + "config" => including( + "diskSizeGb" => 30, + ), + ) + ) end it "has the expected disk type" do - expect(node_pool['config']['diskType']).to eq "pd-standard" + expect(data['nodePools']).to include( + including( + "name" => "pool-02", + "config" => including( + "diskType" => "pd-standard", + ), + ) + ) end it "has the expected image type" do - expect(node_pool['config']['imageType']).to eq "COS" - end - - it "has autorepair disabled" do - expect(node_pool['management']['autoRepair']).to eq nil - end - - it "has automatic upgrades disabled" do - expect(node_pool['management']['autoUpgrade']).to eq nil + expect(data['nodePools']).to include( + including( + "name" => "pool-02", + "config" => including( + "imageType" => "COS", + ), + ) + ) end it "has the right service account" do - expect(node_pool['config']['serviceAccount']).to eq "default" + expect(data['nodePools']).to include( + including( + "name" => "pool-02", + "config" => including( + "serviceAccount" => "default", + ), + ) + ) end it "has the expected labels" do - expect(node_pool['config']['labels']).to eq({ - "all-pools-example" => "true", - "cluster_name" => cluster_name, - "node_pool" => "pool-02", - }) + expect(data['nodePools']).to include( + including( + "name" => "pool-02", + "config" => including( + "labels" => including( + "all-pools-example" => "true", + "cluster_name" => cluster_name, + "node_pool" => "pool-02", + ) + ), + ) + ) end it "has the expected network tags" do - expect(node_pool['config']['tags']).to match_array([ - "all-node-example", - "gke-node-pool-cluster", - "gke-node-pool-cluster-pool-02", - ]) + expect(data['nodePools']).to include( + including( + "name" => "pool-02", + "config" => including( + "tags" => match_array([ + "all-node-example", + "gke-node-pool-cluster", + "gke-node-pool-cluster-pool-02", + ]) + ), + ) + ) end end end diff --git a/test/integration/simple_regional/controls/gcloud.rb b/test/integration/simple_regional/controls/gcloud.rb index b3d1dbdee2..827b3cd5b2 100644 --- a/test/integration/simple_regional/controls/gcloud.rb +++ b/test/integration/simple_regional/controls/gcloud.rb @@ -65,62 +65,120 @@ describe "default node pool" do let(:default_node_pool) { data['nodePools'].select { |p| p['name'] == "default-pool" }.first } - it "has no initial node count" do - expect(default_node_pool['initialNodeCount']).to eq nil - end - - it "does not have autoscaling enabled" do - expect(default_node_pool['autoscaling']).to eq nil + it "exists" do + expect(data['nodePools']).to include( + including( + "name" => "default-pool", + ) + ) end end describe "node pool" do - let(:node_pool) { data['nodePools'].reject { |p| p['name'] == "default-pool" }.first } + let(:node_pools) { data['nodePools'].reject { |p| p['name'] == "default-pool" } } it "is running the expected version of Kubernetes" do - expect(node_pool['version']).to eq "1.9.7-gke.11" + expect(node_pools).to include( + including( + "version" => "1.9.7-gke.11", + ) + ) end it "has autoscaling enabled" do - expect(node_pool['autoscaling']['enabled']).to eq true + expect(node_pools).to include( + including( + "autoscaling" => including( + "enabled" => true, + ), + ) + ) end it "has the expected minimum node count" do - expect(node_pool['autoscaling']['minNodeCount']).to eq 1 + expect(node_pools).to include( + including( + "autoscaling" => including( + "minNodeCount" => 1, + ), + ) + ) end it "has the expected maximum node count" do - expect(node_pool['autoscaling']['maxNodeCount']).to eq 100 + expect(node_pools).to include( + including( + "autoscaling" => including( + "maxNodeCount" => 100, + ), + ) + ) end it "is the expected machine type" do - expect(node_pool['config']['machineType']).to eq 'n1-standard-2' + expect(node_pools).to include( + including( + "config" => including( + "machineType" => "n1-standard-2", + ), + ) + ) end it "has the expected disk size" do - expect(node_pool['config']['diskSizeGb']).to eq 100 + expect(node_pools).to include( + including( + "config" => including( + "diskSizeGb" => 100, + ), + ) + ) end it "has the expected labels" do - expect(node_pool['config']['labels']).to eq({ - "cluster_name" => cluster_name, - "node_pool" => "default-node-pool", - }) + expect(node_pools).to include( + including( + "config" => including( + "labels" => including( + "cluster_name" => cluster_name, + "node_pool" => "default-node-pool", + ), + ), + ) + ) end it "has the expected network tags" do - expect(node_pool['config']['tags']).to eq([ - "gke-#{cluster_name}", - "gke-#{cluster_name}-default-node-pool", - ]) + expect(node_pools).to include( + including( + "config" => including( + "tags" => match_array([ + "gke-#{cluster_name}", + "gke-#{cluster_name}-default-node-pool", + ]), + ), + ) + ) end it "has autorepair enabled" do - expect(node_pool['management']['autoRepair']).to eq true + expect(node_pools).to include( + including( + "management" => including( + "autoRepair" => true, + ), + ) + ) end it "has autoupgrade enabled" do - expect(node_pool['management']['autoUpgrade']).to eq true + expect(node_pools).to include( + including( + "management" => including( + "autoUpgrade" => true, + ), + ) + ) end end end diff --git a/test/integration/simple_zonal/controls/gcloud.rb b/test/integration/simple_zonal/controls/gcloud.rb index 8398de6b08..58d99eff59 100644 --- a/test/integration/simple_zonal/controls/gcloud.rb +++ b/test/integration/simple_zonal/controls/gcloud.rb @@ -75,52 +75,100 @@ end describe "node pool" do - let(:node_pool) { data['nodePools'].reject { |p| p['name'] == "default-pool" }.first } + let(:node_pools) { data['nodePools'].reject { |p| p['name'] == "default-pool" } } it "is running the expected version of Kubernetes" do - expect(node_pool['version']).to eq "1.9.7-gke.11" + expect(node_pools).to include( + including( + "version" => "1.9.7-gke.11", + ) + ) end it "has autoscaling enabled" do - expect(node_pool['autoscaling']['enabled']).to eq true + expect(node_pools).to include( + including( + "autoscaling" => including( + "enabled" => true, + ), + ) + ) end it "has the expected minimum node count" do - expect(node_pool['autoscaling']['minNodeCount']).to eq 1 + expect(node_pools).to include( + including( + "autoscaling" => including( + "minNodeCount" => 1, + ), + ) + ) end it "has the expected maximum node count" do - expect(node_pool['autoscaling']['maxNodeCount']).to eq 100 + expect(node_pools).to include( + including( + "autoscaling" => including( + "maxNodeCount" => 100, + ), + ) + ) end it "is the expected machine type" do - expect(node_pool['config']['machineType']).to eq 'n1-standard-2' + expect(node_pools).to include( + including( + "config" => including( + "machineType" => "n1-standard-2", + ), + ) + ) end it "has the expected disk size" do - expect(node_pool['config']['diskSizeGb']).to eq 100 + expect(node_pools).to include( + including( + "config" => including( + "diskSizeGb" => 100, + ), + ) + ) end it "has the expected labels" do - expect(node_pool['config']['labels']).to eq({ - "cluster_name" => cluster_name, - "node_pool" => "default-node-pool", - }) + expect(node_pools).to include( + including( + "config" => including( + "labels" => including( + "cluster_name" => cluster_name, + "node_pool" => "default-node-pool", + ), + ), + ) + ) end it "has the expected network tags" do - expect(node_pool['config']['tags']).to eq([ - "gke-#{cluster_name}", - "gke-#{cluster_name}-default-node-pool", - ]) + expect(node_pools).to include( + including( + "config" => including( + "tags" => match_array([ + "gke-#{cluster_name}", + "gke-#{cluster_name}-default-node-pool", + ]), + ), + ) + ) end it "has autorepair enabled" do - expect(node_pool['management']['autoRepair']).to eq true - end - - it "has autoupgrade disabled" do - expect(node_pool['management']['autoUpgrade']).to eq nil + expect(node_pools).to include( + including( + "management" => including( + "autoRepair" => true, + ), + ) + ) end end end From 9f8f58e1d903f74f04a8ff37a6f7ff48a5d7112e Mon Sep 17 00:00:00 2001 From: Jason Berlinsky Date: Wed, 12 Dec 2018 21:16:07 -0500 Subject: [PATCH 23/39] Enable project-factory support by allowing arbitrary service accounts to be passed to cluster node pool creation --- README.md | 1 + cluster_regional.tf | 4 ++-- cluster_zonal.tf | 4 ++-- examples/deploy_service/README.md | 1 + examples/deploy_service/main.tf | 1 + examples/deploy_service/variables.tf | 2 ++ examples/node_pool/README.md | 2 +- examples/node_pool/main.tf | 3 ++- examples/node_pool/variables.tf | 4 ++-- examples/simple_regional/README.md | 1 + examples/simple_regional/main.tf | 1 + examples/simple_regional/variables.tf | 2 ++ examples/simple_zonal/README.md | 1 + examples/simple_zonal/main.tf | 1 + examples/simple_zonal/variables.tf | 2 ++ examples/stub_domains/README.md | 1 + examples/stub_domains/main.tf | 1 + examples/stub_domains/variables.tf | 2 ++ test/integration/node_pool/controls/gcloud.rb | 11 ----------- variables.tf | 5 +++++ 20 files changed, 31 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index 62c357caa3..1a58f25736 100644 --- a/README.md +++ b/README.md @@ -115,6 +115,7 @@ Then perform the following commands on the root folder: | project_id | The project ID to host the cluster in (required) | string | - | yes | | region | The region to host the cluster in (required) | string | - | yes | | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | string | `true` | no | +| service_account | The service account to default running nodes as if not overridden in `node_pools`. Defaults to the compute engine default service account | string | `` | no | | stub_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | map | `` | no | | subnetwork | The subnetwork to host the cluster in (required) | string | - | yes | | zones | The zones to host the cluster in (optional if regional cluster / required if zonal) | list | `` | no | diff --git a/cluster_regional.tf b/cluster_regional.tf index 7fe325fae1..13715f155c 100644 --- a/cluster_regional.tf +++ b/cluster_regional.tf @@ -78,7 +78,7 @@ resource "google_container_cluster" "primary" { name = "default-pool" node_config { - service_account = "${lookup(var.node_pools[0], "service_account", "")}" + service_account = "${lookup(var.node_pools[0], "service_account", var.service_account)}" } } } @@ -114,7 +114,7 @@ resource "google_container_node_pool" "pools" { disk_size_gb = "${lookup(var.node_pools[count.index], "disk_size_gb", 100)}" disk_type = "${lookup(var.node_pools[count.index], "disk_type", "pd-standard")}" - service_account = "${lookup(var.node_pools[count.index], "service_account", "")}" + service_account = "${lookup(var.node_pools[count.index], "service_account", var.service_account)}" preemptible = "${lookup(var.node_pools[count.index], "preemptible", false)}" oauth_scopes = [ diff --git a/cluster_zonal.tf b/cluster_zonal.tf index dd6e0a096b..b7a97c91bb 100644 --- a/cluster_zonal.tf +++ b/cluster_zonal.tf @@ -78,7 +78,7 @@ resource "google_container_cluster" "zonal_primary" { name = "default-pool" node_config { - service_account = "${lookup(var.node_pools[0], "service_account", "")}" + service_account = "${lookup(var.node_pools[0], "service_account", var.service_account)}" } } } @@ -114,7 +114,7 @@ resource "google_container_node_pool" "zonal_pools" { disk_size_gb = "${lookup(var.node_pools[count.index], "disk_size_gb", 100)}" disk_type = "${lookup(var.node_pools[count.index], "disk_type", "pd-standard")}" - service_account = "${lookup(var.node_pools[count.index], "service_account", "")}" + service_account = "${lookup(var.node_pools[count.index], "service_account", var.service_account)}" preemptible = "${lookup(var.node_pools[count.index], "preemptible", false)}" oauth_scopes = [ diff --git a/examples/deploy_service/README.md b/examples/deploy_service/README.md index 71081906f2..a69241b7b6 100644 --- a/examples/deploy_service/README.md +++ b/examples/deploy_service/README.md @@ -15,6 +15,7 @@ It will: | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| +| compute_engine_service_account | Service account to associate to the nodes in the cluster | string | - | yes | | ip_range_pods | The secondary ip range to use for pods | string | - | yes | | ip_range_services | The secondary ip range to use for pods | string | - | yes | | network | The VPC network to host the cluster in | string | - | yes | diff --git a/examples/deploy_service/main.tf b/examples/deploy_service/main.tf index b009898d35..ee03840ab5 100644 --- a/examples/deploy_service/main.tf +++ b/examples/deploy_service/main.tf @@ -42,6 +42,7 @@ module "gke" { ip_range_pods = "${local.ip_range_pods}" ip_range_services = "${local.ip_range_services}" kubernetes_version = "1.9.7-gke.11" + service_account = "${var.compute_engine_service_account}" } resource "kubernetes_pod" "nginx-example" { diff --git a/examples/deploy_service/variables.tf b/examples/deploy_service/variables.tf index 66ef037c8c..c53b2811ba 100644 --- a/examples/deploy_service/variables.tf +++ b/examples/deploy_service/variables.tf @@ -46,4 +46,6 @@ locals { subnetwork = "${var.subnetwork}" ip_range_pods = "${var.ip_range_pods}" ip_range_services = "${var.ip_range_services}" +variable "compute_engine_service_account" { + description = "Service account to associate to the nodes in the cluster" } diff --git a/examples/node_pool/README.md b/examples/node_pool/README.md index 41e2132f5c..3dfc35a175 100644 --- a/examples/node_pool/README.md +++ b/examples/node_pool/README.md @@ -9,10 +9,10 @@ This example illustrates how to create a cluster with multiple custom node-pool | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| +| compute_engine_service_account | Service account to associate to the nodes in the cluster | string | - | yes | | ip_range_pods | The secondary ip range to use for pods | string | - | yes | | ip_range_services | The secondary ip range to use for pods | string | - | yes | | network | The VPC network to host the cluster in | string | - | yes | -| pool_01_service_account | Service account to associate to the nodes on pool-01 | string | - | yes | | project_id | The project ID to host the cluster in | string | - | yes | | region | The region to host the cluster in | string | - | yes | | subnetwork | The subnetwork to host the cluster in | string | - | yes | diff --git a/examples/node_pool/main.tf b/examples/node_pool/main.tf index 09deb5dbc5..5c8dc20020 100644 --- a/examples/node_pool/main.tf +++ b/examples/node_pool/main.tf @@ -39,6 +39,7 @@ module "gke" { { name = "pool-01" min_count = 4 + service_account = "${var.compute_engine_service_account}" }, { name = "pool-02" @@ -50,7 +51,7 @@ module "gke" { image_type = "COS" auto_repair = false auto_upgrade = false - service_account = "${local.pool_01_service_account}" + service_account = "${var.compute_engine_service_account}" }, ] diff --git a/examples/node_pool/variables.tf b/examples/node_pool/variables.tf index 0ef3e3be2a..a0814f8ce7 100644 --- a/examples/node_pool/variables.tf +++ b/examples/node_pool/variables.tf @@ -38,6 +38,6 @@ variable "ip_range_services" { description = "The secondary ip range to use for pods" } -variable "pool_01_service_account" { - description = "Service account to associate to the nodes on pool-01" +variable "compute_engine_service_account" { + description = "Service account to associate to the nodes in the cluster" } diff --git a/examples/simple_regional/README.md b/examples/simple_regional/README.md index a7b80a52c8..5c90f1a7ee 100644 --- a/examples/simple_regional/README.md +++ b/examples/simple_regional/README.md @@ -9,6 +9,7 @@ This example illustrates how to create a simple cluster. | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| +| compute_engine_service_account | Service account to associate to the nodes in the cluster | string | - | yes | | ip_range_pods | The secondary ip range to use for pods | string | - | yes | | ip_range_services | The secondary ip range to use for pods | string | - | yes | | network | The VPC network to host the cluster in | string | - | yes | diff --git a/examples/simple_regional/main.tf b/examples/simple_regional/main.tf index 053deeb32e..fdfea3f0a8 100644 --- a/examples/simple_regional/main.tf +++ b/examples/simple_regional/main.tf @@ -35,6 +35,7 @@ module "gke" { ip_range_services = "${local.ip_range_services}" kubernetes_version = "1.9.7-gke.11" node_version = "1.9.7-gke.11" + service_account = "${var.compute_engine_service_account}" } data "google_client_config" "default" {} diff --git a/examples/simple_regional/variables.tf b/examples/simple_regional/variables.tf index 66ef037c8c..c53b2811ba 100644 --- a/examples/simple_regional/variables.tf +++ b/examples/simple_regional/variables.tf @@ -46,4 +46,6 @@ locals { subnetwork = "${var.subnetwork}" ip_range_pods = "${var.ip_range_pods}" ip_range_services = "${var.ip_range_services}" +variable "compute_engine_service_account" { + description = "Service account to associate to the nodes in the cluster" } diff --git a/examples/simple_zonal/README.md b/examples/simple_zonal/README.md index a549770e3a..99c44b1b71 100644 --- a/examples/simple_zonal/README.md +++ b/examples/simple_zonal/README.md @@ -9,6 +9,7 @@ This example illustrates how to create a simple cluster. | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| +| compute_engine_service_account | Service account to associate to the nodes in the cluster | string | - | yes | | ip_range_pods | The secondary ip range to use for pods | string | - | yes | | ip_range_services | The secondary ip range to use for pods | string | - | yes | | network | The VPC network to host the cluster in | string | - | yes | diff --git a/examples/simple_zonal/main.tf b/examples/simple_zonal/main.tf index cc2a280d16..74ad4769b1 100644 --- a/examples/simple_zonal/main.tf +++ b/examples/simple_zonal/main.tf @@ -36,6 +36,7 @@ module "gke" { ip_range_services = "${local.ip_range_services}" kubernetes_version = "1.9.7-gke.11" node_version = "1.9.7-gke.11" + service_account = "${var.compute_engine_service_account}" } data "google_client_config" "default" {} diff --git a/examples/simple_zonal/variables.tf b/examples/simple_zonal/variables.tf index da14c25851..2e2871a999 100644 --- a/examples/simple_zonal/variables.tf +++ b/examples/simple_zonal/variables.tf @@ -51,4 +51,6 @@ locals { subnetwork = "${var.subnetwork}" ip_range_pods = "${var.ip_range_pods}" ip_range_services = "${var.ip_range_services}" +variable "compute_engine_service_account" { + description = "Service account to associate to the nodes in the cluster" } diff --git a/examples/stub_domains/README.md b/examples/stub_domains/README.md index 357b0f3745..681e98f248 100644 --- a/examples/stub_domains/README.md +++ b/examples/stub_domains/README.md @@ -14,6 +14,7 @@ It will: | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| +| compute_engine_service_account | Service account to associate to the nodes in the cluster | string | - | yes | | ip_range_pods | The secondary ip range to use for pods | string | - | yes | | ip_range_services | The secondary ip range to use for pods | string | - | yes | | network | The VPC network to host the cluster in | string | - | yes | diff --git a/examples/stub_domains/main.tf b/examples/stub_domains/main.tf index a208d5306a..bf242c8a7b 100644 --- a/examples/stub_domains/main.tf +++ b/examples/stub_domains/main.tf @@ -35,6 +35,7 @@ module "gke" { network_policy = true kubernetes_version = "1.9.7-gke.11" node_version = "1.9.7-gke.11" + service_account = "${var.compute_engine_service_account}" stub_domains { "example.com" = [ diff --git a/examples/stub_domains/variables.tf b/examples/stub_domains/variables.tf index 66ef037c8c..c53b2811ba 100644 --- a/examples/stub_domains/variables.tf +++ b/examples/stub_domains/variables.tf @@ -46,4 +46,6 @@ locals { subnetwork = "${var.subnetwork}" ip_range_pods = "${var.ip_range_pods}" ip_range_services = "${var.ip_range_services}" +variable "compute_engine_service_account" { + description = "Service account to associate to the nodes in the cluster" } diff --git a/test/integration/node_pool/controls/gcloud.rb b/test/integration/node_pool/controls/gcloud.rb index 4a3743d59c..acbac784c4 100644 --- a/test/integration/node_pool/controls/gcloud.rb +++ b/test/integration/node_pool/controls/gcloud.rb @@ -223,17 +223,6 @@ ) end - it "has the right service account" do - expect(data['nodePools']).to include( - including( - "name" => "pool-02", - "config" => including( - "serviceAccount" => "default", - ), - ) - ) - end - it "has the expected labels" do expect(data['nodePools']).to include( including( diff --git a/variables.tf b/variables.tf index a089a424d4..6a9931e29b 100644 --- a/variables.tf +++ b/variables.tf @@ -189,3 +189,8 @@ variable "monitoring_service" { description = "The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none" default = "monitoring.googleapis.com" } + +variable "service_account" { + description = "The service account to default running nodes as if not overridden in `node_pools`. Defaults to the compute engine default service account" + default = "" +} From d3d4436db18854d4a653ceca9e10a629e4fca8ab Mon Sep 17 00:00:00 2001 From: Jason Berlinsky Date: Wed, 12 Dec 2018 21:17:28 -0500 Subject: [PATCH 24/39] Call examples as modules from test fixtures --- .kitchen.yml | 58 +-------- Makefile | 1 - examples/deploy_service/README.md | 12 ++ examples/deploy_service/main.tf | 18 +-- examples/deploy_service/test_outputs.tf | 1 + examples/deploy_service/variables.tf | 12 +- examples/node_pool/README.md | 12 ++ examples/node_pool/main.tf | 20 ++-- examples/node_pool/test_outputs.tf | 1 + examples/node_pool/variables.tf | 4 + examples/simple_regional/README.md | 12 ++ examples/simple_regional/main.tf | 20 ++-- examples/simple_regional/test_outputs.tf | 1 + examples/simple_regional/variables.tf | 12 +- examples/simple_zonal/README.md | 12 ++ examples/simple_zonal/main.tf | 22 ++-- examples/simple_zonal/test_outputs.tf | 1 + examples/simple_zonal/variables.tf | 12 +- examples/stub_domains/README.md | 12 ++ examples/stub_domains/main.tf | 20 ++-- examples/stub_domains/test_outputs.tf | 1 + examples/stub_domains/variables.tf | 12 +- .../all_examples/fixture_data.tf.fixture | 40 ------- test/fixtures/all_examples/install.sh | 38 ------ ...ure_outputs.tf.fixture => test_outputs.tf} | 15 ++- test/fixtures/all_examples/uninstall.sh | 35 ------ test/fixtures/deploy_service/example.tf | 28 +++++ test/fixtures/deploy_service/network.tf | 50 ++++++++ test/fixtures/deploy_service/outputs.tf | 1 + test/fixtures/deploy_service/variables.tf | 1 + test/fixtures/networks/main.tf | 112 ------------------ test/fixtures/networks/outputs.tf | 61 ---------- test/fixtures/node_pool/example.tf | 28 +++++ test/fixtures/node_pool/network.tf | 50 ++++++++ test/fixtures/node_pool/outputs.tf | 1 + test/fixtures/node_pool/variables.tf | 1 + test/fixtures/shared/outputs.tf | 79 ++++++++++++ .../terraform.tfvars.sample | 2 + .../{networks => shared}/variables.tf | 9 ++ test/fixtures/simple_regional/example.tf | 28 +++++ test/fixtures/simple_regional/network.tf | 50 ++++++++ test/fixtures/simple_regional/outputs.tf | 1 + test/fixtures/simple_regional/variables.tf | 1 + test/fixtures/simple_zonal/example.tf | 29 +++++ test/fixtures/simple_zonal/network.tf | 50 ++++++++ test/fixtures/simple_zonal/outputs.tf | 1 + test/fixtures/simple_zonal/variables.tf | 1 + test/fixtures/stub_domains/example.tf | 28 +++++ test/fixtures/stub_domains/network.tf | 50 ++++++++ test/fixtures/stub_domains/outputs.tf | 1 + test/fixtures/stub_domains/variables.tf | 1 + test/make.sh | 2 +- 52 files changed, 641 insertions(+), 429 deletions(-) create mode 120000 examples/deploy_service/test_outputs.tf create mode 120000 examples/node_pool/test_outputs.tf create mode 120000 examples/simple_regional/test_outputs.tf create mode 120000 examples/simple_zonal/test_outputs.tf create mode 120000 examples/stub_domains/test_outputs.tf delete mode 100644 test/fixtures/all_examples/fixture_data.tf.fixture delete mode 100755 test/fixtures/all_examples/install.sh rename test/fixtures/all_examples/{fixture_outputs.tf.fixture => test_outputs.tf} (79%) delete mode 100755 test/fixtures/all_examples/uninstall.sh create mode 100644 test/fixtures/deploy_service/example.tf create mode 100644 test/fixtures/deploy_service/network.tf create mode 120000 test/fixtures/deploy_service/outputs.tf create mode 120000 test/fixtures/deploy_service/variables.tf delete mode 100644 test/fixtures/networks/main.tf delete mode 100644 test/fixtures/networks/outputs.tf create mode 100644 test/fixtures/node_pool/example.tf create mode 100644 test/fixtures/node_pool/network.tf create mode 120000 test/fixtures/node_pool/outputs.tf create mode 120000 test/fixtures/node_pool/variables.tf create mode 100644 test/fixtures/shared/outputs.tf rename test/fixtures/{networks => shared}/terraform.tfvars.sample (51%) rename test/fixtures/{networks => shared}/variables.tf (87%) create mode 100644 test/fixtures/simple_regional/example.tf create mode 100644 test/fixtures/simple_regional/network.tf create mode 120000 test/fixtures/simple_regional/outputs.tf create mode 120000 test/fixtures/simple_regional/variables.tf create mode 100644 test/fixtures/simple_zonal/example.tf create mode 100644 test/fixtures/simple_zonal/network.tf create mode 120000 test/fixtures/simple_zonal/outputs.tf create mode 120000 test/fixtures/simple_zonal/variables.tf create mode 100644 test/fixtures/stub_domains/example.tf create mode 100644 test/fixtures/stub_domains/network.tf create mode 120000 test/fixtures/stub_domains/outputs.tf create mode 120000 test/fixtures/stub_domains/variables.tf diff --git a/.kitchen.yml b/.kitchen.yml index 10984ca02e..1f9e304b79 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -23,24 +23,12 @@ provisioner: platforms: - name: local -lifecycle: - pre_converge: cd test/fixtures/networks/ && terraform init && terraform apply -auto-approve && cd - - suites: - name: "deploy_service" - lifecycle: - pre_converge: - - ./test/fixtures/all_examples/install.sh deploy_service - post_converge: - - ./test/fixtures/all_examples/uninstall.sh deploy_service - pre_destroy: - - ./test/fixtures/all_examples/install.sh deploy_service - post_destroy: - - ./test/fixtures/all_examples/uninstall.sh deploy_service driver: name: "terraform" command_timeout: 1800 - root_module_directory: examples/deploy_service + root_module_directory: test/fixtures/deploy_service verifier: name: terraform systems: @@ -49,19 +37,10 @@ suites: provisioner: name: terraform - name: "node_pool" - lifecycle: - pre_converge: - - ./test/fixtures/all_examples/install.sh node_pool - post_converge: - - ./test/fixtures/all_examples/uninstall.sh node_pool - pre_destroy: - - ./test/fixtures/all_examples/install.sh node_pool - post_destroy: - - ./test/fixtures/all_examples/uninstall.sh node_pool driver: name: "terraform" command_timeout: 1800 - root_module_directory: examples/node_pool + root_module_directory: test/fixtures/node_pool verifier: name: terraform systems: @@ -70,19 +49,10 @@ suites: provisioner: name: terraform - name: "simple_regional" - lifecycle: - pre_converge: - - ./test/fixtures/all_examples/install.sh simple_regional - post_converge: - - ./test/fixtures/all_examples/uninstall.sh simple_regional - pre_destroy: - - ./test/fixtures/all_examples/install.sh simple_regional - post_destroy: - - ./test/fixtures/all_examples/uninstall.sh simple_regional driver: name: "terraform" command_timeout: 1800 - root_module_directory: examples/simple_regional + root_module_directory: test/fixtures/simple_regional verifier: name: terraform systems: @@ -91,19 +61,10 @@ suites: provisioner: name: terraform - name: "simple_zonal" - lifecycle: - pre_converge: - - ./test/fixtures/all_examples/install.sh simple_zonal - post_converge: - - ./test/fixtures/all_examples/uninstall.sh simple_zonal - pre_destroy: - - ./test/fixtures/all_examples/install.sh simple_zonal - post_destroy: - - ./test/fixtures/all_examples/uninstall.sh simple_zonal driver: name: "terraform" command_timeout: 1800 - root_module_directory: examples/simple_zonal + root_module_directory: test/fixtures/simple_zonal verifier: name: terraform systems: @@ -112,19 +73,10 @@ suites: provisioner: name: terraform - name: "stub_domains" - lifecycle: - pre_converge: - - ./test/fixtures/all_examples/install.sh stub_domains - post_converge: - - ./test/fixtures/all_examples/uninstall.sh stub_domains - pre_destroy: - - ./test/fixtures/all_examples/install.sh stub_domains - post_destroy: - - ./test/fixtures/all_examples/uninstall.sh stub_domains driver: name: "terraform" command_timeout: 1800 - root_module_directory: examples/stub_domains + root_module_directory: test/fixtures/stub_domains verifier: name: terraform systems: diff --git a/Makefile b/Makefile index 99872b55a9..52431e7e8e 100644 --- a/Makefile +++ b/Makefile @@ -83,7 +83,6 @@ test_integration: bundle exec kitchen converge bundle exec kitchen verify bundle exec kitchen destroy - cd test/fixtures/networks/ && terraform destroy -auto-approve && cd - .PHONY: generate_docs generate_docs: diff --git a/examples/deploy_service/README.md b/examples/deploy_service/README.md index a69241b7b6..b0c8748a44 100644 --- a/examples/deploy_service/README.md +++ b/examples/deploy_service/README.md @@ -16,6 +16,7 @@ It will: | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| | compute_engine_service_account | Service account to associate to the nodes in the cluster | string | - | yes | +| credentials_path | The path to the GCP credentials JSON file | string | - | yes | | ip_range_pods | The secondary ip range to use for pods | string | - | yes | | ip_range_services | The secondary ip range to use for pods | string | - | yes | | network | The VPC network to host the cluster in | string | - | yes | @@ -29,7 +30,18 @@ It will: |------|-------------| | ca_certificate | | | client_token | | +| cluster_name | Cluster name | +| credentials_path | | +| ip_range_pods | The secondary IP range used for pods | +| ip_range_services | The secondary IP range used for services | | kubernetes_endpoint | | +| location | | +| master_kubernetes_version | The master Kubernetes version | +| network | | +| project_id | | +| region | | +| subnetwork | | +| zones | List of zones in which the cluster resides | [^]: (autogen_docs_end) diff --git a/examples/deploy_service/main.tf b/examples/deploy_service/main.tf index ee03840ab5..cd1ddcacae 100644 --- a/examples/deploy_service/main.tf +++ b/examples/deploy_service/main.tf @@ -19,8 +19,8 @@ locals { } provider "google" { - credentials = "${file(local.credentials_path)}" - region = "${local.region}" + credentials = "${file(var.credentials_path)}" + region = "${var.region}" } provider "kubernetes" { @@ -34,14 +34,14 @@ data "google_client_config" "default" {} module "gke" { source = "../../" - project_id = "${local.project_id}" + project_id = "${var.project_id}" name = "${local.cluster_type}-cluster" - region = "${local.region}" - network = "${local.network}" - subnetwork = "${local.subnetwork}" - ip_range_pods = "${local.ip_range_pods}" - ip_range_services = "${local.ip_range_services}" - kubernetes_version = "1.9.7-gke.11" + region = "${var.region}" + network = "${var.network}" + subnetwork = "${var.subnetwork}" + ip_range_pods = "${var.ip_range_pods}" + ip_range_services = "${var.ip_range_services}" + kubernetes_version = "1.11.5-gke.4" service_account = "${var.compute_engine_service_account}" } diff --git a/examples/deploy_service/test_outputs.tf b/examples/deploy_service/test_outputs.tf new file mode 120000 index 0000000000..17b34213ba --- /dev/null +++ b/examples/deploy_service/test_outputs.tf @@ -0,0 +1 @@ +../../test/fixtures/all_examples/test_outputs.tf \ No newline at end of file diff --git a/examples/deploy_service/variables.tf b/examples/deploy_service/variables.tf index c53b2811ba..a0c006e4f0 100644 --- a/examples/deploy_service/variables.tf +++ b/examples/deploy_service/variables.tf @@ -18,6 +18,10 @@ variable "project_id" { description = "The project ID to host the cluster in" } +variable "credentials_path" { + description = "The path to the GCP credentials JSON file" +} + variable "region" { description = "The region to host the cluster in" } @@ -38,14 +42,6 @@ variable "ip_range_services" { description = "The secondary ip range to use for pods" } -locals { - project_id = "${var.project_id}" - credentials_path = "${var.credentials_path}" - region = "${var.region}" - network = "${var.network}" - subnetwork = "${var.subnetwork}" - ip_range_pods = "${var.ip_range_pods}" - ip_range_services = "${var.ip_range_services}" variable "compute_engine_service_account" { description = "Service account to associate to the nodes in the cluster" } diff --git a/examples/node_pool/README.md b/examples/node_pool/README.md index 3dfc35a175..69bb56430b 100644 --- a/examples/node_pool/README.md +++ b/examples/node_pool/README.md @@ -10,6 +10,7 @@ This example illustrates how to create a cluster with multiple custom node-pool | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| | compute_engine_service_account | Service account to associate to the nodes in the cluster | string | - | yes | +| credentials_path | The path to the GCP credentials JSON file | string | - | yes | | ip_range_pods | The secondary ip range to use for pods | string | - | yes | | ip_range_services | The secondary ip range to use for pods | string | - | yes | | network | The VPC network to host the cluster in | string | - | yes | @@ -23,7 +24,18 @@ This example illustrates how to create a cluster with multiple custom node-pool |------|-------------| | ca_certificate | | | client_token | | +| cluster_name | Cluster name | +| credentials_path | | +| ip_range_pods | The secondary IP range used for pods | +| ip_range_services | The secondary IP range used for services | | kubernetes_endpoint | | +| location | | +| master_kubernetes_version | The master Kubernetes version | +| network | | +| project_id | | +| region | | +| subnetwork | | +| zones | List of zones in which the cluster resides | [^]: (autogen_docs_end) diff --git a/examples/node_pool/main.tf b/examples/node_pool/main.tf index 5c8dc20020..da7ad50a3d 100644 --- a/examples/node_pool/main.tf +++ b/examples/node_pool/main.tf @@ -19,21 +19,21 @@ locals { } provider "google" { - credentials = "${file(local.credentials_path)}" - region = "${local.region}" + credentials = "${file(var.credentials_path)}" + region = "${var.region}" } module "gke" { source = "../../" - project_id = "${local.project_id}" + project_id = "${var.project_id}" name = "${local.cluster_type}-cluster" - region = "${local.region}" - network = "${local.network}" - subnetwork = "${local.subnetwork}" - ip_range_pods = "${local.ip_range_pods}" - ip_range_services = "${local.ip_range_services}" - kubernetes_version = "1.9.7-gke.11" - node_version = "1.9.7-gke.11" + region = "${var.region}" + network = "${var.network}" + subnetwork = "${var.subnetwork}" + ip_range_pods = "${var.ip_range_pods}" + ip_range_services = "${var.ip_range_services}" + kubernetes_version = "1.11.5-gke.4" + node_version = "1.11.5-gke.4" node_pools = [ { diff --git a/examples/node_pool/test_outputs.tf b/examples/node_pool/test_outputs.tf new file mode 120000 index 0000000000..17b34213ba --- /dev/null +++ b/examples/node_pool/test_outputs.tf @@ -0,0 +1 @@ +../../test/fixtures/all_examples/test_outputs.tf \ No newline at end of file diff --git a/examples/node_pool/variables.tf b/examples/node_pool/variables.tf index a0814f8ce7..a0c006e4f0 100644 --- a/examples/node_pool/variables.tf +++ b/examples/node_pool/variables.tf @@ -18,6 +18,10 @@ variable "project_id" { description = "The project ID to host the cluster in" } +variable "credentials_path" { + description = "The path to the GCP credentials JSON file" +} + variable "region" { description = "The region to host the cluster in" } diff --git a/examples/simple_regional/README.md b/examples/simple_regional/README.md index 5c90f1a7ee..7995bde32f 100644 --- a/examples/simple_regional/README.md +++ b/examples/simple_regional/README.md @@ -10,6 +10,7 @@ This example illustrates how to create a simple cluster. | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| | compute_engine_service_account | Service account to associate to the nodes in the cluster | string | - | yes | +| credentials_path | The path to the GCP credentials JSON file | string | - | yes | | ip_range_pods | The secondary ip range to use for pods | string | - | yes | | ip_range_services | The secondary ip range to use for pods | string | - | yes | | network | The VPC network to host the cluster in | string | - | yes | @@ -23,7 +24,18 @@ This example illustrates how to create a simple cluster. |------|-------------| | ca_certificate | | | client_token | | +| cluster_name | Cluster name | +| credentials_path | | +| ip_range_pods | The secondary IP range used for pods | +| ip_range_services | The secondary IP range used for services | | kubernetes_endpoint | | +| location | | +| master_kubernetes_version | The master Kubernetes version | +| network | | +| project_id | | +| region | | +| subnetwork | | +| zones | List of zones in which the cluster resides | [^]: (autogen_docs_end) diff --git a/examples/simple_regional/main.tf b/examples/simple_regional/main.tf index fdfea3f0a8..d468360ed3 100644 --- a/examples/simple_regional/main.tf +++ b/examples/simple_regional/main.tf @@ -19,22 +19,22 @@ locals { } provider "google" { - credentials = "${file(local.credentials_path)}" - region = "${local.region}" + credentials = "${file(var.credentials_path)}" + region = "${var.region}" } module "gke" { source = "../../" - project_id = "${local.project_id}" + project_id = "${var.project_id}" name = "${local.cluster_type}-cluster" regional = true - region = "${local.region}" - network = "${local.network}" - subnetwork = "${local.subnetwork}" - ip_range_pods = "${local.ip_range_pods}" - ip_range_services = "${local.ip_range_services}" - kubernetes_version = "1.9.7-gke.11" - node_version = "1.9.7-gke.11" + region = "${var.region}" + network = "${var.network}" + subnetwork = "${var.subnetwork}" + ip_range_pods = "${var.ip_range_pods}" + ip_range_services = "${var.ip_range_services}" + kubernetes_version = "1.11.5-gke.4" + node_version = "1.11.5-gke.4" service_account = "${var.compute_engine_service_account}" } diff --git a/examples/simple_regional/test_outputs.tf b/examples/simple_regional/test_outputs.tf new file mode 120000 index 0000000000..17b34213ba --- /dev/null +++ b/examples/simple_regional/test_outputs.tf @@ -0,0 +1 @@ +../../test/fixtures/all_examples/test_outputs.tf \ No newline at end of file diff --git a/examples/simple_regional/variables.tf b/examples/simple_regional/variables.tf index c53b2811ba..a0c006e4f0 100644 --- a/examples/simple_regional/variables.tf +++ b/examples/simple_regional/variables.tf @@ -18,6 +18,10 @@ variable "project_id" { description = "The project ID to host the cluster in" } +variable "credentials_path" { + description = "The path to the GCP credentials JSON file" +} + variable "region" { description = "The region to host the cluster in" } @@ -38,14 +42,6 @@ variable "ip_range_services" { description = "The secondary ip range to use for pods" } -locals { - project_id = "${var.project_id}" - credentials_path = "${var.credentials_path}" - region = "${var.region}" - network = "${var.network}" - subnetwork = "${var.subnetwork}" - ip_range_pods = "${var.ip_range_pods}" - ip_range_services = "${var.ip_range_services}" variable "compute_engine_service_account" { description = "Service account to associate to the nodes in the cluster" } diff --git a/examples/simple_zonal/README.md b/examples/simple_zonal/README.md index 99c44b1b71..8653781280 100644 --- a/examples/simple_zonal/README.md +++ b/examples/simple_zonal/README.md @@ -10,6 +10,7 @@ This example illustrates how to create a simple cluster. | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| | compute_engine_service_account | Service account to associate to the nodes in the cluster | string | - | yes | +| credentials_path | The path to the GCP credentials JSON file | string | - | yes | | ip_range_pods | The secondary ip range to use for pods | string | - | yes | | ip_range_services | The secondary ip range to use for pods | string | - | yes | | network | The VPC network to host the cluster in | string | - | yes | @@ -24,7 +25,18 @@ This example illustrates how to create a simple cluster. |------|-------------| | ca_certificate | | | client_token | | +| cluster_name | Cluster name | +| credentials_path | | +| ip_range_pods | The secondary IP range used for pods | +| ip_range_services | The secondary IP range used for services | | kubernetes_endpoint | | +| location | | +| master_kubernetes_version | The master Kubernetes version | +| network | | +| project_id | | +| region | | +| subnetwork | | +| zones | List of zones in which the cluster resides | [^]: (autogen_docs_end) diff --git a/examples/simple_zonal/main.tf b/examples/simple_zonal/main.tf index 74ad4769b1..63cd0d4f4b 100644 --- a/examples/simple_zonal/main.tf +++ b/examples/simple_zonal/main.tf @@ -19,23 +19,23 @@ locals { } provider "google" { - credentials = "${file(local.credentials_path)}" - region = "${local.region}" + credentials = "${file(var.credentials_path)}" + region = "${var.region}" } module "gke" { source = "../../" - project_id = "${local.project_id}" + project_id = "${var.project_id}" name = "${local.cluster_type}-cluster" regional = false - region = "${local.region}" - zones = "${local.zones}" - network = "${local.network}" - subnetwork = "${local.subnetwork}" - ip_range_pods = "${local.ip_range_pods}" - ip_range_services = "${local.ip_range_services}" - kubernetes_version = "1.9.7-gke.11" - node_version = "1.9.7-gke.11" + region = "${var.region}" + zones = "${var.zones}" + network = "${var.network}" + subnetwork = "${var.subnetwork}" + ip_range_pods = "${var.ip_range_pods}" + ip_range_services = "${var.ip_range_services}" + kubernetes_version = "1.11.4-gke.8" + node_version = "1.11.4-gke.8" service_account = "${var.compute_engine_service_account}" } diff --git a/examples/simple_zonal/test_outputs.tf b/examples/simple_zonal/test_outputs.tf new file mode 120000 index 0000000000..17b34213ba --- /dev/null +++ b/examples/simple_zonal/test_outputs.tf @@ -0,0 +1 @@ +../../test/fixtures/all_examples/test_outputs.tf \ No newline at end of file diff --git a/examples/simple_zonal/variables.tf b/examples/simple_zonal/variables.tf index 2e2871a999..62d3ec4cc3 100644 --- a/examples/simple_zonal/variables.tf +++ b/examples/simple_zonal/variables.tf @@ -18,6 +18,10 @@ variable "project_id" { description = "The project ID to host the cluster in" } +variable "credentials_path" { + description = "The path to the GCP credentials JSON file" +} + variable "region" { description = "The region to host the cluster in" } @@ -43,14 +47,6 @@ variable "ip_range_services" { description = "The secondary ip range to use for pods" } -locals { - project_id = "${var.project_id}" - credentials_path = "${var.credentials_path}" - region = "${var.region}" - network = "${var.network}" - subnetwork = "${var.subnetwork}" - ip_range_pods = "${var.ip_range_pods}" - ip_range_services = "${var.ip_range_services}" variable "compute_engine_service_account" { description = "Service account to associate to the nodes in the cluster" } diff --git a/examples/stub_domains/README.md b/examples/stub_domains/README.md index 681e98f248..fa22bf3f69 100644 --- a/examples/stub_domains/README.md +++ b/examples/stub_domains/README.md @@ -15,6 +15,7 @@ It will: | Name | Description | Type | Default | Required | |------|-------------|:----:|:-----:|:-----:| | compute_engine_service_account | Service account to associate to the nodes in the cluster | string | - | yes | +| credentials_path | The path to the GCP credentials JSON file | string | - | yes | | ip_range_pods | The secondary ip range to use for pods | string | - | yes | | ip_range_services | The secondary ip range to use for pods | string | - | yes | | network | The VPC network to host the cluster in | string | - | yes | @@ -28,7 +29,18 @@ It will: |------|-------------| | ca_certificate | | | client_token | | +| cluster_name | Cluster name | +| credentials_path | | +| ip_range_pods | The secondary IP range used for pods | +| ip_range_services | The secondary IP range used for services | | kubernetes_endpoint | | +| location | | +| master_kubernetes_version | The master Kubernetes version | +| network | | +| project_id | | +| region | | +| subnetwork | | +| zones | List of zones in which the cluster resides | [^]: (autogen_docs_end) diff --git a/examples/stub_domains/main.tf b/examples/stub_domains/main.tf index bf242c8a7b..57265702bb 100644 --- a/examples/stub_domains/main.tf +++ b/examples/stub_domains/main.tf @@ -19,22 +19,22 @@ locals { } provider "google" { - credentials = "${file(local.credentials_path)}" - region = "${local.region}" + credentials = "${file(var.credentials_path)}" + region = "${var.region}" } module "gke" { source = "../../" - project_id = "${local.project_id}" + project_id = "${var.project_id}" name = "${local.cluster_type}-cluster" - region = "${local.region}" - network = "${local.network}" - subnetwork = "${local.subnetwork}" - ip_range_pods = "${local.ip_range_pods}" - ip_range_services = "${local.ip_range_services}" + region = "${var.region}" + network = "${var.network}" + subnetwork = "${var.subnetwork}" + ip_range_pods = "${var.ip_range_pods}" + ip_range_services = "${var.ip_range_services}" network_policy = true - kubernetes_version = "1.9.7-gke.11" - node_version = "1.9.7-gke.11" + kubernetes_version = "1.11.5-gke.4" + node_version = "1.11.5-gke.4" service_account = "${var.compute_engine_service_account}" stub_domains { diff --git a/examples/stub_domains/test_outputs.tf b/examples/stub_domains/test_outputs.tf new file mode 120000 index 0000000000..17b34213ba --- /dev/null +++ b/examples/stub_domains/test_outputs.tf @@ -0,0 +1 @@ +../../test/fixtures/all_examples/test_outputs.tf \ No newline at end of file diff --git a/examples/stub_domains/variables.tf b/examples/stub_domains/variables.tf index c53b2811ba..a0c006e4f0 100644 --- a/examples/stub_domains/variables.tf +++ b/examples/stub_domains/variables.tf @@ -18,6 +18,10 @@ variable "project_id" { description = "The project ID to host the cluster in" } +variable "credentials_path" { + description = "The path to the GCP credentials JSON file" +} + variable "region" { description = "The region to host the cluster in" } @@ -38,14 +42,6 @@ variable "ip_range_services" { description = "The secondary ip range to use for pods" } -locals { - project_id = "${var.project_id}" - credentials_path = "${var.credentials_path}" - region = "${var.region}" - network = "${var.network}" - subnetwork = "${var.subnetwork}" - ip_range_pods = "${var.ip_range_pods}" - ip_range_services = "${var.ip_range_services}" variable "compute_engine_service_account" { description = "Service account to associate to the nodes in the cluster" } diff --git a/test/fixtures/all_examples/fixture_data.tf.fixture b/test/fixtures/all_examples/fixture_data.tf.fixture deleted file mode 100644 index 5075145b27..0000000000 --- a/test/fixtures/all_examples/fixture_data.tf.fixture +++ /dev/null @@ -1,40 +0,0 @@ -/** - * Copyright 2018 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -data "terraform_remote_state" "fixtures" { - backend = "local" - - config { - path = "${path.module}/../../test/fixtures/networks/terraform.tfstate" - } -} - -data "google_compute_zones" "fixtures-available" { - project = "${data.terraform_remote_state.fixtures.project_id}" - region = "${data.terraform_remote_state.fixtures.region}" -} - -locals { - project_id = "${data.terraform_remote_state.fixtures.project_id}" - credentials_path = "${data.terraform_remote_state.fixtures.credentials_path}" - region = "${data.terraform_remote_state.fixtures.region}" - network = "${data.terraform_remote_state.fixtures.network}" - subnetwork = "${data.terraform_remote_state.fixtures.subnetwork[local.cluster_type]}" - ip_range_pods = "${data.terraform_remote_state.fixtures.ip_range_pods[local.cluster_type]}" - ip_range_services = "${data.terraform_remote_state.fixtures.ip_range_services[local.cluster_type]}" - zones = ["${data.google_compute_zones.fixtures-available.names}"] - pool_01_service_account = "" -} diff --git a/test/fixtures/all_examples/install.sh b/test/fixtures/all_examples/install.sh deleted file mode 100755 index 884049db5b..0000000000 --- a/test/fixtures/all_examples/install.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash -# Copyright 2018 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -############################################# -# Install fixture data into an example case # -############################################# -BASEDIR=$(dirname "$0") -EXAMPLE=${1} - -if [ -z "${EXAMPLE}" ]; then - echo "Must specify an example to install fixtures into. Aborting." - exit 1 -fi - -if [ ! -d "${BASEDIR}/../../../examples/${EXAMPLE}" ]; then - echo "Example ${EXAMPLE} does not exist. Aborting." - exit 1 -fi - -_example_path="${BASEDIR}/../../../examples/${EXAMPLE}" -_variables_file="${_example_path}/variables.tf" -if [ -f "${_variables_file}" ]; then - mv "${_variables_file}" "${_variables_file}.disabled" -fi -cp "${BASEDIR}/fixture_data.tf.fixture" "${_example_path}/fixture_data.tf" -cp "${BASEDIR}/fixture_outputs.tf.fixture" "${_example_path}/fixture_outputs.tf" diff --git a/test/fixtures/all_examples/fixture_outputs.tf.fixture b/test/fixtures/all_examples/test_outputs.tf similarity index 79% rename from test/fixtures/all_examples/fixture_outputs.tf.fixture rename to test/fixtures/all_examples/test_outputs.tf index a95bf39c5e..4d1361b7eb 100644 --- a/test/fixtures/all_examples/fixture_outputs.tf.fixture +++ b/test/fixtures/all_examples/test_outputs.tf @@ -14,12 +14,15 @@ * limitations under the License. */ +// These outputs are used to test the module with kitchen-terraform +// They do not need to be included in real-world uses of this module + output "project_id" { - value = "${local.project_id}" + value = "${var.project_id}" } output "credentials_path" { - value = "${local.credentials_path}" + value = "${var.credentials_path}" } output "region" { @@ -32,11 +35,11 @@ output "cluster_name" { } output "network" { - value = "${local.network}" + value = "${var.network}" } output "subnetwork" { - value = "${local.subnetwork}" + value = "${var.subnetwork}" } output "location" { @@ -45,12 +48,12 @@ output "location" { output "ip_range_pods" { description = "The secondary IP range used for pods" - value = "${local.ip_range_pods}" + value = "${var.ip_range_pods}" } output "ip_range_services" { description = "The secondary IP range used for services" - value = "${local.ip_range_services}" + value = "${var.ip_range_services}" } output "zones" { diff --git a/test/fixtures/all_examples/uninstall.sh b/test/fixtures/all_examples/uninstall.sh deleted file mode 100755 index b9d0b7a7d9..0000000000 --- a/test/fixtures/all_examples/uninstall.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/bash -# Copyright 2018 Google LLC -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -############################################# -# Install fixture data into an example case # -############################################# -BASEDIR=$(dirname "$0") -EXAMPLE=${1} - -if [ -z "${EXAMPLE}" ]; then - echo "Must specify an example to install fixtures into. Aborting." - exit 1 -fi - -if [ ! -d "${BASEDIR}/../../../examples/${EXAMPLE}" ]; then - echo "Example ${EXAMPLE} does not exist. Aborting." - exit 1 -fi - -_example_path="${BASEDIR}/../../../examples/${EXAMPLE}" -rm -rf "${_example_path}/fixture_data.tf" -rm -rf "${_example_path}/fixture_outputs.tf" -mv "${_example_path}/variables.tf.disabled" "${_example_path}/variables.tf" diff --git a/test/fixtures/deploy_service/example.tf b/test/fixtures/deploy_service/example.tf new file mode 100644 index 0000000000..3cc994a768 --- /dev/null +++ b/test/fixtures/deploy_service/example.tf @@ -0,0 +1,28 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +module "example" { + source = "../../../examples/deploy_service" + + project_id = "${var.project_id}" + credentials_path = "${local.credentials_path}" + region = "${var.region}" + network = "${google_compute_network.main.name}" + subnetwork = "${google_compute_subnetwork.main.name}" + ip_range_pods = "${google_compute_subnetwork.main.secondary_ip_range.0.range_name}" + ip_range_services = "${google_compute_subnetwork.main.secondary_ip_range.1.range_name}" + compute_engine_service_account = "${var.compute_engine_service_account}" +} diff --git a/test/fixtures/deploy_service/network.tf b/test/fixtures/deploy_service/network.tf new file mode 100644 index 0000000000..6a6325ab2d --- /dev/null +++ b/test/fixtures/deploy_service/network.tf @@ -0,0 +1,50 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + credentials_path = "${path.module}/${var.credentials_path_relative}" +} + +resource "random_string" "suffix" { + length = 4 + special = false + upper = false +} + +provider "google" { + credentials = "${file(local.credentials_path)}" + project = "${var.project_id}" +} + +resource "google_compute_network" "main" { + name = "cft-gke-test-${random_string.suffix.result}" + auto_create_subnetworks = "false" +} + +resource "google_compute_subnetwork" "main" { + name = "cft-gke-test-${random_string.suffix.result}" + ip_cidr_range = "10.0.0.0/17" + region = "${var.region}" + network = "${google_compute_network.main.self_link}" + secondary_ip_range { + range_name = "cft-gke-test-pods-${random_string.suffix.result}" + ip_cidr_range = "192.168.0.0/18" + } + secondary_ip_range { + range_name = "cft-gke-test-services-${random_string.suffix.result}" + ip_cidr_range = "192.168.64.0/18" + } +} diff --git a/test/fixtures/deploy_service/outputs.tf b/test/fixtures/deploy_service/outputs.tf new file mode 120000 index 0000000000..726bdc722f --- /dev/null +++ b/test/fixtures/deploy_service/outputs.tf @@ -0,0 +1 @@ +../shared/outputs.tf \ No newline at end of file diff --git a/test/fixtures/deploy_service/variables.tf b/test/fixtures/deploy_service/variables.tf new file mode 120000 index 0000000000..c113c00a3d --- /dev/null +++ b/test/fixtures/deploy_service/variables.tf @@ -0,0 +1 @@ +../shared/variables.tf \ No newline at end of file diff --git a/test/fixtures/networks/main.tf b/test/fixtures/networks/main.tf deleted file mode 100644 index 3c67bfe05a..0000000000 --- a/test/fixtures/networks/main.tf +++ /dev/null @@ -1,112 +0,0 @@ -/** - * Copyright 2018 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -locals { - credentials_path = "${path.module}/${var.credentials_path_relative}" -} - -resource "random_string" "suffix" { - length = 4 - special = false - upper = false -} - -provider "google" { - credentials = "${file(local.credentials_path)}" - project = "${var.project_id}" -} - -resource "google_compute_network" "main" { - name = "cft-gke-test-${random_string.suffix.result}" - auto_create_subnetworks = "false" -} - -// TODO clean up CIDRs - -resource "google_compute_subnetwork" "example-deploy_service" { - name = "cft-gke-test-deploy-service-${random_string.suffix.result}" - ip_cidr_range = "10.0.32.0/20" - region = "${var.region}" - network = "${google_compute_network.main.self_link}" - secondary_ip_range { - range_name = "cft-gke-test-deploy-service-pods-${random_string.suffix.result}" - ip_cidr_range = "192.168.32.0/22" - } - secondary_ip_range { - range_name = "cft-gke-test-deploy-service-services-${random_string.suffix.result}" - ip_cidr_range = "192.168.36.0/22" - } -} - -resource "google_compute_subnetwork" "example-node_pool" { - name = "cft-gke-test-node-pool-${random_string.suffix.result}" - ip_cidr_range = "10.0.128.0/17" - region = "${var.region}" - network = "${google_compute_network.main.self_link}" - secondary_ip_range { - range_name = "cft-gke-test-node-pool-pods-${random_string.suffix.result}" - ip_cidr_range = "192.168.128.0/18" - } - secondary_ip_range { - range_name = "cft-gke-test-node-pool-services-${random_string.suffix.result}" - ip_cidr_range = "192.168.192.0/18" - } -} - -resource "google_compute_subnetwork" "example-simple_regional" { - name = "cft-gke-test-simple-regional-${random_string.suffix.result}" - ip_cidr_range = "10.0.0.0/20" - region = "${var.region}" - network = "${google_compute_network.main.self_link}" - secondary_ip_range { - range_name = "cft-gke-test-simple-regional-pods-${random_string.suffix.result}" - ip_cidr_range = "192.168.8.0/22" - } - secondary_ip_range { - range_name = "cft-gke-test-simple-regional-services-${random_string.suffix.result}" - ip_cidr_range = "192.168.12.0/22" - } -} - -resource "google_compute_subnetwork" "example-simple_zonal" { - name = "cft-gke-test-simple-zonal-${random_string.suffix.result}" - ip_cidr_range = "10.0.48.0/20" - region = "${var.region}" - network = "${google_compute_network.main.self_link}" - secondary_ip_range { - range_name = "cft-gke-test-simple-zonal-pods-${random_string.suffix.result}" - ip_cidr_range = "192.168.48.0/22" - } - secondary_ip_range { - range_name = "cft-gke-test-simple-zonal-services-${random_string.suffix.result}" - ip_cidr_range = "192.168.52.0/22" - } -} - -resource "google_compute_subnetwork" "example-stub_domains" { - name = "cft-gke-test-stub-domains-${random_string.suffix.result}" - ip_cidr_range = "10.0.16.0/20" - region = "${var.region}" - network = "${google_compute_network.main.self_link}" - secondary_ip_range { - range_name = "cft-gke-test-stub-domains-pods-${random_string.suffix.result}" - ip_cidr_range = "192.168.24.0/22" - } - secondary_ip_range { - range_name = "cft-gke-test-stub-domains-services-${random_string.suffix.result}" - ip_cidr_range = "192.168.28.0/22" - } -} diff --git a/test/fixtures/networks/outputs.tf b/test/fixtures/networks/outputs.tf deleted file mode 100644 index 54bb58f067..0000000000 --- a/test/fixtures/networks/outputs.tf +++ /dev/null @@ -1,61 +0,0 @@ -/** - * Copyright 2018 Google LLC - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -output "project_id" { - value = "${var.project_id}" -} - -output "credentials_path" { - value = "${local.credentials_path}" -} - -output "region" { - value = "${var.region}" -} - -output "network" { - value = "${google_compute_network.main.name}" -} - -output "subnetwork" { - value = { - deploy-service = "${google_compute_subnetwork.example-deploy_service.name}" - node-pool = "${google_compute_subnetwork.example-node_pool.name}" - simple-regional = "${google_compute_subnetwork.example-simple_regional.name}" - simple-zonal = "${google_compute_subnetwork.example-simple_zonal.name}" - stub-domains = "${google_compute_subnetwork.example-stub_domains.name}" - } -} - -output "ip_range_pods" { - value = { - deploy-service = "${google_compute_subnetwork.example-deploy_service.secondary_ip_range.0.range_name}" - node-pool = "${google_compute_subnetwork.example-node_pool.secondary_ip_range.0.range_name}" - simple-regional = "${google_compute_subnetwork.example-simple_regional.secondary_ip_range.0.range_name}" - simple-zonal = "${google_compute_subnetwork.example-simple_zonal.secondary_ip_range.0.range_name}" - stub-domains = "${google_compute_subnetwork.example-stub_domains.secondary_ip_range.0.range_name}" - } -} - -output "ip_range_services" { - value = { - deploy-service = "${google_compute_subnetwork.example-deploy_service.secondary_ip_range.1.range_name}" - node-pool = "${google_compute_subnetwork.example-node_pool.secondary_ip_range.1.range_name}" - simple-regional = "${google_compute_subnetwork.example-simple_regional.secondary_ip_range.1.range_name}" - simple-zonal = "${google_compute_subnetwork.example-simple_zonal.secondary_ip_range.1.range_name}" - stub-domains = "${google_compute_subnetwork.example-stub_domains.secondary_ip_range.1.range_name}" - } -} diff --git a/test/fixtures/node_pool/example.tf b/test/fixtures/node_pool/example.tf new file mode 100644 index 0000000000..3e7b1ea609 --- /dev/null +++ b/test/fixtures/node_pool/example.tf @@ -0,0 +1,28 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +module "example" { + source = "../../../examples/node_pool" + + project_id = "${var.project_id}" + credentials_path = "${local.credentials_path}" + region = "${var.region}" + network = "${google_compute_network.main.name}" + subnetwork = "${google_compute_subnetwork.main.name}" + ip_range_pods = "${google_compute_subnetwork.main.secondary_ip_range.0.range_name}" + ip_range_services = "${google_compute_subnetwork.main.secondary_ip_range.1.range_name}" + compute_engine_service_account = "${var.compute_engine_service_account}" +} diff --git a/test/fixtures/node_pool/network.tf b/test/fixtures/node_pool/network.tf new file mode 100644 index 0000000000..6a6325ab2d --- /dev/null +++ b/test/fixtures/node_pool/network.tf @@ -0,0 +1,50 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + credentials_path = "${path.module}/${var.credentials_path_relative}" +} + +resource "random_string" "suffix" { + length = 4 + special = false + upper = false +} + +provider "google" { + credentials = "${file(local.credentials_path)}" + project = "${var.project_id}" +} + +resource "google_compute_network" "main" { + name = "cft-gke-test-${random_string.suffix.result}" + auto_create_subnetworks = "false" +} + +resource "google_compute_subnetwork" "main" { + name = "cft-gke-test-${random_string.suffix.result}" + ip_cidr_range = "10.0.0.0/17" + region = "${var.region}" + network = "${google_compute_network.main.self_link}" + secondary_ip_range { + range_name = "cft-gke-test-pods-${random_string.suffix.result}" + ip_cidr_range = "192.168.0.0/18" + } + secondary_ip_range { + range_name = "cft-gke-test-services-${random_string.suffix.result}" + ip_cidr_range = "192.168.64.0/18" + } +} diff --git a/test/fixtures/node_pool/outputs.tf b/test/fixtures/node_pool/outputs.tf new file mode 120000 index 0000000000..726bdc722f --- /dev/null +++ b/test/fixtures/node_pool/outputs.tf @@ -0,0 +1 @@ +../shared/outputs.tf \ No newline at end of file diff --git a/test/fixtures/node_pool/variables.tf b/test/fixtures/node_pool/variables.tf new file mode 120000 index 0000000000..c113c00a3d --- /dev/null +++ b/test/fixtures/node_pool/variables.tf @@ -0,0 +1 @@ +../shared/variables.tf \ No newline at end of file diff --git a/test/fixtures/shared/outputs.tf b/test/fixtures/shared/outputs.tf new file mode 100644 index 0000000000..5cfbc3e106 --- /dev/null +++ b/test/fixtures/shared/outputs.tf @@ -0,0 +1,79 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = "${var.project_id}" +} + +output "credentials_path" { + value = "${local.credentials_path}" +} + +output "region" { + value = "${module.example.region}" +} + +output "cluster_name" { + description = "Cluster name" + value = "${module.example.cluster_name}" +} + +output "network" { + value = "${google_compute_network.main.name}" +} + +output "subnetwork" { + value = "${google_compute_subnetwork.main.name}" +} + +output "location" { + value = "${module.example.location}" +} + +output "ip_range_pods" { + description = "The secondary IP range used for pods" + value = "${google_compute_subnetwork.main.secondary_ip_range.0.range_name}" +} + +output "ip_range_services" { + description = "The secondary IP range used for services" + value = "${google_compute_subnetwork.main.secondary_ip_range.1.range_name}" +} + +output "zones" { + description = "List of zones in which the cluster resides" + value = "${module.example.zones}" +} + +output "master_kubernetes_version" { + description = "The master Kubernetes version" + value = "${module.example.master_kubernetes_version}" +} + +output "kubernetes_endpoint" { + sensitive = true + value = "${module.example.kubernetes_endpoint}" +} + +output "client_token" { + sensitive = true + value = "${module.example.client_token}" +} + +output "ca_certificate" { + description = "The cluster CA certificate" + value = "${module.example.ca_certificate}" +} diff --git a/test/fixtures/networks/terraform.tfvars.sample b/test/fixtures/shared/terraform.tfvars.sample similarity index 51% rename from test/fixtures/networks/terraform.tfvars.sample rename to test/fixtures/shared/terraform.tfvars.sample index feb56472b1..b1f826ed7e 100644 --- a/test/fixtures/networks/terraform.tfvars.sample +++ b/test/fixtures/shared/terraform.tfvars.sample @@ -1,3 +1,5 @@ project_id="" credentials_path_relative="../../../credentials.json" region="us-east4" +zones=["us-east4-a","us-east4-b","us-east4-c"] +compute_engine_service_account="" diff --git a/test/fixtures/networks/variables.tf b/test/fixtures/shared/variables.tf similarity index 87% rename from test/fixtures/networks/variables.tf rename to test/fixtures/shared/variables.tf index 34b8683c0f..8f4e02b783 100644 --- a/test/fixtures/networks/variables.tf +++ b/test/fixtures/shared/variables.tf @@ -25,3 +25,12 @@ variable "credentials_path_relative" { variable "region" { } + +variable "zones" { + type = "list" + default = [] +} + +variable "compute_engine_service_account" { + +} diff --git a/test/fixtures/simple_regional/example.tf b/test/fixtures/simple_regional/example.tf new file mode 100644 index 0000000000..797ba2e303 --- /dev/null +++ b/test/fixtures/simple_regional/example.tf @@ -0,0 +1,28 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +module "example" { + source = "../../../examples/simple_regional" + + project_id = "${var.project_id}" + credentials_path = "${local.credentials_path}" + region = "${var.region}" + network = "${google_compute_network.main.name}" + subnetwork = "${google_compute_subnetwork.main.name}" + ip_range_pods = "${google_compute_subnetwork.main.secondary_ip_range.0.range_name}" + ip_range_services = "${google_compute_subnetwork.main.secondary_ip_range.1.range_name}" + compute_engine_service_account = "${var.compute_engine_service_account}" +} diff --git a/test/fixtures/simple_regional/network.tf b/test/fixtures/simple_regional/network.tf new file mode 100644 index 0000000000..6a6325ab2d --- /dev/null +++ b/test/fixtures/simple_regional/network.tf @@ -0,0 +1,50 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + credentials_path = "${path.module}/${var.credentials_path_relative}" +} + +resource "random_string" "suffix" { + length = 4 + special = false + upper = false +} + +provider "google" { + credentials = "${file(local.credentials_path)}" + project = "${var.project_id}" +} + +resource "google_compute_network" "main" { + name = "cft-gke-test-${random_string.suffix.result}" + auto_create_subnetworks = "false" +} + +resource "google_compute_subnetwork" "main" { + name = "cft-gke-test-${random_string.suffix.result}" + ip_cidr_range = "10.0.0.0/17" + region = "${var.region}" + network = "${google_compute_network.main.self_link}" + secondary_ip_range { + range_name = "cft-gke-test-pods-${random_string.suffix.result}" + ip_cidr_range = "192.168.0.0/18" + } + secondary_ip_range { + range_name = "cft-gke-test-services-${random_string.suffix.result}" + ip_cidr_range = "192.168.64.0/18" + } +} diff --git a/test/fixtures/simple_regional/outputs.tf b/test/fixtures/simple_regional/outputs.tf new file mode 120000 index 0000000000..726bdc722f --- /dev/null +++ b/test/fixtures/simple_regional/outputs.tf @@ -0,0 +1 @@ +../shared/outputs.tf \ No newline at end of file diff --git a/test/fixtures/simple_regional/variables.tf b/test/fixtures/simple_regional/variables.tf new file mode 120000 index 0000000000..c113c00a3d --- /dev/null +++ b/test/fixtures/simple_regional/variables.tf @@ -0,0 +1 @@ +../shared/variables.tf \ No newline at end of file diff --git a/test/fixtures/simple_zonal/example.tf b/test/fixtures/simple_zonal/example.tf new file mode 100644 index 0000000000..3115dbab5d --- /dev/null +++ b/test/fixtures/simple_zonal/example.tf @@ -0,0 +1,29 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +module "example" { + source = "../../../examples/simple_zonal" + + project_id = "${var.project_id}" + credentials_path = "${local.credentials_path}" + region = "${var.region}" + zones = ["${var.zones}"] + network = "${google_compute_network.main.name}" + subnetwork = "${google_compute_subnetwork.main.name}" + ip_range_pods = "${google_compute_subnetwork.main.secondary_ip_range.0.range_name}" + ip_range_services = "${google_compute_subnetwork.main.secondary_ip_range.1.range_name}" + compute_engine_service_account = "${var.compute_engine_service_account}" +} diff --git a/test/fixtures/simple_zonal/network.tf b/test/fixtures/simple_zonal/network.tf new file mode 100644 index 0000000000..6a6325ab2d --- /dev/null +++ b/test/fixtures/simple_zonal/network.tf @@ -0,0 +1,50 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + credentials_path = "${path.module}/${var.credentials_path_relative}" +} + +resource "random_string" "suffix" { + length = 4 + special = false + upper = false +} + +provider "google" { + credentials = "${file(local.credentials_path)}" + project = "${var.project_id}" +} + +resource "google_compute_network" "main" { + name = "cft-gke-test-${random_string.suffix.result}" + auto_create_subnetworks = "false" +} + +resource "google_compute_subnetwork" "main" { + name = "cft-gke-test-${random_string.suffix.result}" + ip_cidr_range = "10.0.0.0/17" + region = "${var.region}" + network = "${google_compute_network.main.self_link}" + secondary_ip_range { + range_name = "cft-gke-test-pods-${random_string.suffix.result}" + ip_cidr_range = "192.168.0.0/18" + } + secondary_ip_range { + range_name = "cft-gke-test-services-${random_string.suffix.result}" + ip_cidr_range = "192.168.64.0/18" + } +} diff --git a/test/fixtures/simple_zonal/outputs.tf b/test/fixtures/simple_zonal/outputs.tf new file mode 120000 index 0000000000..726bdc722f --- /dev/null +++ b/test/fixtures/simple_zonal/outputs.tf @@ -0,0 +1 @@ +../shared/outputs.tf \ No newline at end of file diff --git a/test/fixtures/simple_zonal/variables.tf b/test/fixtures/simple_zonal/variables.tf new file mode 120000 index 0000000000..c113c00a3d --- /dev/null +++ b/test/fixtures/simple_zonal/variables.tf @@ -0,0 +1 @@ +../shared/variables.tf \ No newline at end of file diff --git a/test/fixtures/stub_domains/example.tf b/test/fixtures/stub_domains/example.tf new file mode 100644 index 0000000000..a010556342 --- /dev/null +++ b/test/fixtures/stub_domains/example.tf @@ -0,0 +1,28 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +module "example" { + source = "../../../examples/stub_domains" + + project_id = "${var.project_id}" + credentials_path = "${local.credentials_path}" + region = "${var.region}" + network = "${google_compute_network.main.name}" + subnetwork = "${google_compute_subnetwork.main.name}" + ip_range_pods = "${google_compute_subnetwork.main.secondary_ip_range.0.range_name}" + ip_range_services = "${google_compute_subnetwork.main.secondary_ip_range.1.range_name}" + compute_engine_service_account = "${var.compute_engine_service_account}" +} diff --git a/test/fixtures/stub_domains/network.tf b/test/fixtures/stub_domains/network.tf new file mode 100644 index 0000000000..6a6325ab2d --- /dev/null +++ b/test/fixtures/stub_domains/network.tf @@ -0,0 +1,50 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + credentials_path = "${path.module}/${var.credentials_path_relative}" +} + +resource "random_string" "suffix" { + length = 4 + special = false + upper = false +} + +provider "google" { + credentials = "${file(local.credentials_path)}" + project = "${var.project_id}" +} + +resource "google_compute_network" "main" { + name = "cft-gke-test-${random_string.suffix.result}" + auto_create_subnetworks = "false" +} + +resource "google_compute_subnetwork" "main" { + name = "cft-gke-test-${random_string.suffix.result}" + ip_cidr_range = "10.0.0.0/17" + region = "${var.region}" + network = "${google_compute_network.main.self_link}" + secondary_ip_range { + range_name = "cft-gke-test-pods-${random_string.suffix.result}" + ip_cidr_range = "192.168.0.0/18" + } + secondary_ip_range { + range_name = "cft-gke-test-services-${random_string.suffix.result}" + ip_cidr_range = "192.168.64.0/18" + } +} diff --git a/test/fixtures/stub_domains/outputs.tf b/test/fixtures/stub_domains/outputs.tf new file mode 120000 index 0000000000..726bdc722f --- /dev/null +++ b/test/fixtures/stub_domains/outputs.tf @@ -0,0 +1 @@ +../shared/outputs.tf \ No newline at end of file diff --git a/test/fixtures/stub_domains/variables.tf b/test/fixtures/stub_domains/variables.tf new file mode 120000 index 0000000000..c113c00a3d --- /dev/null +++ b/test/fixtures/stub_domains/variables.tf @@ -0,0 +1 @@ +../shared/variables.tf \ No newline at end of file diff --git a/test/make.sh b/test/make.sh index b8a50837b5..6976b26497 100755 --- a/test/make.sh +++ b/test/make.sh @@ -48,7 +48,7 @@ function docker() { function check_terraform() { echo "Running terraform validate" #shellcheck disable=SC2156 - find . -name "*.tf" -exec bash -c 'terraform validate --check-variables=false $(dirname "{}")' \; + find . -name "*.tf" -not -path "./test/fixtures/shared/*" -not -path "./test/fixtures/all_examples/*" -exec bash -c 'terraform validate --check-variables=false $(dirname "{}")' \; } # This function runs 'go fmt' and 'go vet' on every file From 9bb39632c5f14ccdbc27dd87e1facca58c2e9066 Mon Sep 17 00:00:00 2001 From: Jason Berlinsky Date: Wed, 12 Dec 2018 21:17:51 -0500 Subject: [PATCH 25/39] Bump tested GKE versions --- test/integration/deploy_service/controls/gcloud.rb | 2 +- test/integration/simple_regional/controls/gcloud.rb | 4 ++-- test/integration/simple_zonal/controls/gcloud.rb | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/test/integration/deploy_service/controls/gcloud.rb b/test/integration/deploy_service/controls/gcloud.rb index a1bbf938a0..d31c6f973d 100644 --- a/test/integration/deploy_service/controls/gcloud.rb +++ b/test/integration/deploy_service/controls/gcloud.rb @@ -39,7 +39,7 @@ end it "has the expected initial cluster version" do - expect(data['initialClusterVersion']).to eq "1.9.7-gke.11" + expect(data['initialClusterVersion']).to eq "1.11.5-gke.4" end end end diff --git a/test/integration/simple_regional/controls/gcloud.rb b/test/integration/simple_regional/controls/gcloud.rb index 827b3cd5b2..ca925f5fdf 100644 --- a/test/integration/simple_regional/controls/gcloud.rb +++ b/test/integration/simple_regional/controls/gcloud.rb @@ -43,7 +43,7 @@ end it "has the expected initial cluster version" do - expect(data['initialClusterVersion']).to eq "1.9.7-gke.11" + expect(data['initialClusterVersion']).to eq "1.11.5-gke.4" end it "has the expected addon settings" do @@ -80,7 +80,7 @@ it "is running the expected version of Kubernetes" do expect(node_pools).to include( including( - "version" => "1.9.7-gke.11", + "version" => "1.11.5-gke.4", ) ) end diff --git a/test/integration/simple_zonal/controls/gcloud.rb b/test/integration/simple_zonal/controls/gcloud.rb index 58d99eff59..fb776d070f 100644 --- a/test/integration/simple_zonal/controls/gcloud.rb +++ b/test/integration/simple_zonal/controls/gcloud.rb @@ -43,7 +43,7 @@ end it "has the expected initial cluster version" do - expect(data['initialClusterVersion']).to eq "1.9.7-gke.11" + expect(data['initialClusterVersion']).to eq "1.11.4-gke.8" end it "has the expected addon settings" do @@ -80,7 +80,7 @@ it "is running the expected version of Kubernetes" do expect(node_pools).to include( including( - "version" => "1.9.7-gke.11", + "version" => "1.11.4-gke.8", ) ) end From 176ad6f47d2d92ac9a49ef112830da2f539b737d Mon Sep 17 00:00:00 2001 From: Jason Berlinsky Date: Wed, 12 Dec 2018 21:18:22 -0500 Subject: [PATCH 26/39] Wait for GKE cluster to not be in RECONCILING status before completing Terraform runs or destroying resources --- Makefile | 2 ++ build/docker/kitchen_terraform/Dockerfile | 6 +++-- build/docker/terraform/Dockerfile | 6 +++-- cluster_regional.tf | 15 +++++++++++ cluster_zonal.tf | 15 +++++++++++ scripts/wait-for-cluster.sh | 33 +++++++++++++++++++++++ 6 files changed, 73 insertions(+), 4 deletions(-) create mode 100755 scripts/wait-for-cluster.sh diff --git a/Makefile b/Makefile index 52431e7e8e..7b189a53c0 100644 --- a/Makefile +++ b/Makefile @@ -101,6 +101,7 @@ docker_build_terraform: --build-arg BUILD_CLOUD_SDK_VERSION=${BUILD_CLOUD_SDK_VERSION} \ --build-arg BUILD_PROVIDER_GOOGLE_VERSION=${BUILD_PROVIDER_GOOGLE_VERSION} \ --build-arg BUILD_PROVIDER_GSUITE_VERSION=${BUILD_PROVIDER_GSUITE_VERSION} \ + --build-arg CREDENTIALS_FILE=${CREDENTIALS_FILE} \ -t ${DOCKER_IMAGE_TERRAFORM}:${DOCKER_TAG_TERRAFORM} . .PHONY: docker_build_kitchen_terraform @@ -108,6 +109,7 @@ docker_build_kitchen_terraform: docker build -f build/docker/kitchen_terraform/Dockerfile \ --build-arg BUILD_TERRAFORM_IMAGE="${DOCKER_IMAGE_TERRAFORM}:${DOCKER_TAG_TERRAFORM}" \ --build-arg BUILD_RUBY_VERSION="${BUILD_RUBY_VERSION}" \ + --build-arg CREDENTIALS_FILE="${CREDENTIALS_FILE}" \ -t ${DOCKER_IMAGE_KITCHEN_TERRAFORM}:${DOCKER_TAG_KITCHEN_TERRAFORM} . # Run docker diff --git a/build/docker/kitchen_terraform/Dockerfile b/build/docker/kitchen_terraform/Dockerfile index 52c7896bed..c021b0c441 100644 --- a/build/docker/kitchen_terraform/Dockerfile +++ b/build/docker/kitchen_terraform/Dockerfile @@ -43,10 +43,12 @@ ENV APP_BASE_DIR="/cftk" COPY --from=cfkt_terraform $APP_BASE_DIR $APP_BASE_DIR +ARG CREDENTIALS_FILE + ENV HOME="$APP_BASE_DIR/home" ENV PATH $APP_BASE_DIR/bin:$APP_BASE_DIR/google-cloud-sdk/bin:$PATH -ENV GOOGLE_APPLICATION_CREDENTIALS="$CREDENTIALS_PATH" \ - CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE="$CREDENTIALS_PATH" +ENV GOOGLE_APPLICATION_CREDENTIALS="$APP_BASE_DIR/workdir/$CREDENTIALS_FILE" \ + CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE="$APP_BASE_DIR/workdir/$CREDENTIALS_FILE" # Fix base64 inconsistency SHELL ["/bin/bash", "-c"] diff --git a/build/docker/terraform/Dockerfile b/build/docker/terraform/Dockerfile index 8c4ae71a68..a2c713bb83 100644 --- a/build/docker/terraform/Dockerfile +++ b/build/docker/terraform/Dockerfile @@ -54,14 +54,16 @@ RUN apk add --no-cache \ make=4.2.1-r2 \ python2=2.7.15-r1 +ARG CREDENTIALS_FILE + ENV APP_BASE_DIR="/cftk" COPY --from=builder $APP_BASE_DIR $APP_BASE_DIR ENV HOME="$APP_BASE_DIR/home" ENV PATH $APP_BASE_DIR/bin:$APP_BASE_DIR/google-cloud-sdk/bin:$PATH -ENV GOOGLE_APPLICATION_CREDENTIALS="$CREDENTIALS_PATH" \ - CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE="$CREDENTIALS_PATH" +ENV GOOGLE_APPLICATION_CREDENTIALS="$APP_BASE_DIR/workdir/$CREDENTIALS_FILE" \ + CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE="$APP_BASE_DIR/workdir/$CREDENTIALS_FILE" # Fix base64 inconsistency SHELL ["/bin/bash", "-c"] diff --git a/cluster_regional.tf b/cluster_regional.tf index 13715f155c..006a132159 100644 --- a/cluster_regional.tf +++ b/cluster_regional.tf @@ -134,3 +134,18 @@ resource "google_container_node_pool" "pools" { depends_on = ["google_container_cluster.primary"] } + +resource "null_resource" "wait_for_regional_cluster" { + count = "${var.regional ? 1 : 0}" + + provisioner "local-exec" { + command = "${path.module}/scripts/wait-for-cluster.sh ${var.project_id} ${var.name}" + } + + provisioner "local-exec" { + when = "destroy" + command = "${path.module}/scripts/wait-for-cluster.sh ${var.project_id} ${var.name}" + } + + depends_on = ["google_container_cluster.primary", "google_container_node_pool.pools"] +} diff --git a/cluster_zonal.tf b/cluster_zonal.tf index b7a97c91bb..041664152f 100644 --- a/cluster_zonal.tf +++ b/cluster_zonal.tf @@ -134,3 +134,18 @@ resource "google_container_node_pool" "zonal_pools" { depends_on = ["google_container_cluster.zonal_primary"] } + +resource "null_resource" "wait_for_zonal_cluster" { + count = "${var.regional ? 0 : 1}" + + provisioner "local-exec" { + command = "${path.module}/scripts/wait-for-cluster.sh ${var.project_id} ${var.name}" + } + + provisioner "local-exec" { + when = "destroy" + command = "${path.module}/scripts/wait-for-cluster.sh ${var.project_id} ${var.name}" + } + + depends_on = ["google_container_cluster.zonal_primary", "google_container_node_pool.zonal_pools"] +} diff --git a/scripts/wait-for-cluster.sh b/scripts/wait-for-cluster.sh new file mode 100755 index 0000000000..6ff3253d58 --- /dev/null +++ b/scripts/wait-for-cluster.sh @@ -0,0 +1,33 @@ +#!/bin/bash +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -e + +PROJECT=$1 +CLUSTER_NAME=$2 +gcloud_command="gcloud container clusters list --project=$PROJECT --format=json" +jq_query=".[] | select(.name==\"$CLUSTER_NAME\") | .status" + +echo "Waiting for cluster $2 in project $1 to reconcile..." + +current_status=$($gcloud_command | jq -r "$jq_query") + +while [[ "${current_status}" == "RECONCILING" ]]; do + printf "." + sleep 5 + current_status=$($gcloud_command | jq -r "$jq_query") +done + +echo "Cluster is ready!" From 0f3fcc125d9223b6afbd16c8acd642485f9a984d Mon Sep 17 00:00:00 2001 From: Jason Berlinsky Date: Wed, 12 Dec 2018 21:18:45 -0500 Subject: [PATCH 27/39] Fix linter error --- scripts/kubectl_wrapper.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/kubectl_wrapper.sh b/scripts/kubectl_wrapper.sh index 5b7d881aaf..e92300bcb5 100755 --- a/scripts/kubectl_wrapper.sh +++ b/scripts/kubectl_wrapper.sh @@ -39,6 +39,7 @@ mkdir "${TMPDIR}" export KUBECONFIG="${TMPDIR}/config" +# shellcheck disable=SC1117 base64 --help | grep "\--decode" && B64_ARG="--decode" || B64_ARG="-d" echo "${CA_CERTIFICATE}" | base64 ${B64_ARG} > "${TMPDIR}/ca_certificate" From 1c9754c74e4b01ae866a6ca23f4f439b1039f0ce Mon Sep 17 00:00:00 2001 From: Jason Berlinsky Date: Wed, 12 Dec 2018 21:18:55 -0500 Subject: [PATCH 28/39] Pin Ruby to 2.5.1 --- .ruby-version | 1 + 1 file changed, 1 insertion(+) create mode 100644 .ruby-version diff --git a/.ruby-version b/.ruby-version new file mode 100644 index 0000000000..73462a5a13 --- /dev/null +++ b/.ruby-version @@ -0,0 +1 @@ +2.5.1 From 1a84f325ba615f1c183760c835b343bf50ed1454 Mon Sep 17 00:00:00 2001 From: Jason Berlinsky Date: Wed, 12 Dec 2018 21:19:02 -0500 Subject: [PATCH 29/39] Update testing documentation --- README.md | 71 +++++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 50 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index 1a58f25736..b28dd8d1e6 100644 --- a/README.md +++ b/README.md @@ -209,27 +209,56 @@ make generate_docs ``` ### Integration test -#### Terraform integration tests -The integration tests for this module leverage -[kitchen-terraform](https://github.com/newcontext-oss/kitchen-terraform). - -The tests will do the following: -- Perform `bundle install` command - - Installs `kitchen-terraform` gem -- Perform `kitchen create` command - - Performs a `terraform init` -- Perform `kitchen converge` command - - Performs a `terraform apply -auto-approve` -- Perform `kitchen validate` command - - Performs inspec tests. - - Shell out to `gcloud` to validate expected resources in GCP. - - Interrogate the cluster to validate expected resource in Kubernetes. -- Perform `kitchen destroy` command - - Performs a `terraform destroy -force` - -To configure the integration tests, `cp test/fixtures/networks/terraform.tfvars.sample test/fixtures/networks/terraform.tfvars` and edit to match your testing environment. You can then use the following command to run the integration test in the root folder - - `make test_integration` + +Integration tests are run though [test-kitchen](https://github.com/test-kitchen/test-kitchen), [kitchen-terraform](https://github.com/newcontext-oss/kitchen-terraform), and [InSpec](https://github.com/inspec/inspec). + +Five test-kitchen instances are defined: + +- `deploy_service` +- `node_pool` +- `simple_regional` +- `simple_zonal` +- `stub_domains` + +The test-kitchen instances in `test/fixtures/` wrap identically-named examples in the `examples/` directory. + +#### Setup + +1. Configure the [test fixtures](#test-configuration) +2. Download a Service Account key with the necessary permissions and put it in the module's root directory with the name `credentials.json`. +3. Build the Docker containers for testing: + + ``` + CREDENTIALS_FILE="credentials.json" make docker_build_terraform + CREDENTIALS_FILE="credentials.json" make docker_build_kitchen_terraform + ``` +4. Run the testing container in interactive mode: + + ``` + make docker_run + ``` + + The module root directory will be loaded into the Docker container at `/cftk/workdir/`. +5. Run kitchen-terraform to test the infrastructure: + + 1. `kitchen create` creates Terraform state and downloads modules, if applicable. + 2. `kitchen converge` creates the underlying resources. Run `kitchen converge ` to create resources for a specific test case. + 3. `kitchen verify` tests the created infrastructure. Run `kitchen verify ` to run a specific test case. + 4. `kitchen destroy` tears down the underlying resources created by `kitchen converge`. Run `kitchen destroy ` to tear down resources for a specific test case. + +Alternatively, you can simply run `CREDENTIALS_FILE="credentials.json" make test_integration_docker` to run all the test steps non-interactively. + +#### Test configuration + +Each test-kitchen instance is configured with a `variables.tfvars` file in the test fixture directory, e.g. `test/fixtures/node_pool/terraform.tfvars`. For convenience, since all of the variables are project-specific, these files have been symlinked to `test/fixtures/shared/terraform.tfvars`. Similarly, each test fixture has a `variables.tf` to define these variables, and an `outputs.tf` to facilitate providing necessary information for `inspec` to locate and query against created resources. + +Each test-kitchen instance creates a GCP Network and Subnetwork fixture to house resources, and may create any other necessary fixture data as needed. + +### Autogeneration of documentation from .tf files +Run +``` +make generate_docs +``` ### Linting The makefile in this project will lint or sometimes just format any shell, From 73afe8bff176172f3be482281a91de7161a206af Mon Sep 17 00:00:00 2001 From: Jason Berlinsky Date: Thu, 13 Dec 2018 14:37:16 -0500 Subject: [PATCH 30/39] Add line breaks --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index b28dd8d1e6..b2fcafa1e4 100644 --- a/README.md +++ b/README.md @@ -250,7 +250,9 @@ Alternatively, you can simply run `CREDENTIALS_FILE="credentials.json" make tes #### Test configuration -Each test-kitchen instance is configured with a `variables.tfvars` file in the test fixture directory, e.g. `test/fixtures/node_pool/terraform.tfvars`. For convenience, since all of the variables are project-specific, these files have been symlinked to `test/fixtures/shared/terraform.tfvars`. Similarly, each test fixture has a `variables.tf` to define these variables, and an `outputs.tf` to facilitate providing necessary information for `inspec` to locate and query against created resources. +Each test-kitchen instance is configured with a `variables.tfvars` file in the test fixture directory, e.g. `test/fixtures/node_pool/terraform.tfvars`. +For convenience, since all of the variables are project-specific, these files have been symlinked to `test/fixtures/shared/terraform.tfvars`. +Similarly, each test fixture has a `variables.tf` to define these variables, and an `outputs.tf` to facilitate providing necessary information for `inspec` to locate and query against created resources. Each test-kitchen instance creates a GCP Network and Subnetwork fixture to house resources, and may create any other necessary fixture data as needed. From 614c24edd613cf1c848c4060c8efbc762b6477c5 Mon Sep 17 00:00:00 2001 From: Jason Berlinsky Date: Thu, 13 Dec 2018 17:04:09 -0500 Subject: [PATCH 31/39] Bump ruby version to 2.5.3 --- .ruby-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ruby-version b/.ruby-version index 73462a5a13..aedc15bb0c 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -2.5.1 +2.5.3 From be970a46b04c1ffec5062aff6179750dc351d043 Mon Sep 17 00:00:00 2001 From: Jason Berlinsky Date: Thu, 13 Dec 2018 17:07:15 -0500 Subject: [PATCH 32/39] Run `terraform fmt` as part of linting --- cluster_regional.tf | 2 +- cluster_zonal.tf | 2 +- examples/deploy_service/main.tf | 16 ++++++++-------- examples/deploy_service/outputs.tf | 2 +- examples/node_pool/main.tf | 22 +++++++++++----------- examples/node_pool/outputs.tf | 2 +- examples/simple_regional/main.tf | 20 ++++++++++---------- examples/simple_regional/outputs.tf | 2 +- examples/simple_zonal/main.tf | 22 +++++++++++----------- examples/simple_zonal/outputs.tf | 2 +- examples/stub_domains/main.tf | 20 ++++++++++---------- examples/stub_domains/outputs.tf | 2 +- main.tf | 2 +- test/fixtures/deploy_service/example.tf | 14 +++++++------- test/fixtures/deploy_service/network.tf | 20 +++++++++++--------- test/fixtures/node_pool/example.tf | 14 +++++++------- test/fixtures/node_pool/network.tf | 20 +++++++++++--------- test/fixtures/shared/outputs.tf | 2 +- test/fixtures/shared/variables.tf | 18 +++++------------- test/fixtures/simple_regional/example.tf | 14 +++++++------- test/fixtures/simple_regional/network.tf | 20 +++++++++++--------- test/fixtures/simple_zonal/example.tf | 16 ++++++++-------- test/fixtures/simple_zonal/network.tf | 20 +++++++++++--------- test/fixtures/stub_domains/example.tf | 14 +++++++------- test/fixtures/stub_domains/network.tf | 20 +++++++++++--------- test/make.sh | 2 ++ variables.tf | 2 +- 27 files changed, 158 insertions(+), 154 deletions(-) diff --git a/cluster_regional.tf b/cluster_regional.tf index 006a132159..baca766e7f 100644 --- a/cluster_regional.tf +++ b/cluster_regional.tf @@ -143,7 +143,7 @@ resource "null_resource" "wait_for_regional_cluster" { } provisioner "local-exec" { - when = "destroy" + when = "destroy" command = "${path.module}/scripts/wait-for-cluster.sh ${var.project_id} ${var.name}" } diff --git a/cluster_zonal.tf b/cluster_zonal.tf index 041664152f..7d55e8a9a7 100644 --- a/cluster_zonal.tf +++ b/cluster_zonal.tf @@ -143,7 +143,7 @@ resource "null_resource" "wait_for_zonal_cluster" { } provisioner "local-exec" { - when = "destroy" + when = "destroy" command = "${path.module}/scripts/wait-for-cluster.sh ${var.project_id} ${var.name}" } diff --git a/examples/deploy_service/main.tf b/examples/deploy_service/main.tf index cd1ddcacae..09d9c8bf35 100644 --- a/examples/deploy_service/main.tf +++ b/examples/deploy_service/main.tf @@ -33,14 +33,14 @@ provider "kubernetes" { data "google_client_config" "default" {} module "gke" { - source = "../../" - project_id = "${var.project_id}" - name = "${local.cluster_type}-cluster" - region = "${var.region}" - network = "${var.network}" - subnetwork = "${var.subnetwork}" - ip_range_pods = "${var.ip_range_pods}" - ip_range_services = "${var.ip_range_services}" + source = "../../" + project_id = "${var.project_id}" + name = "${local.cluster_type}-cluster" + region = "${var.region}" + network = "${var.network}" + subnetwork = "${var.subnetwork}" + ip_range_pods = "${var.ip_range_pods}" + ip_range_services = "${var.ip_range_services}" kubernetes_version = "1.11.5-gke.4" service_account = "${var.compute_engine_service_account}" } diff --git a/examples/deploy_service/outputs.tf b/examples/deploy_service/outputs.tf index f08062730c..b48cab862e 100644 --- a/examples/deploy_service/outputs.tf +++ b/examples/deploy_service/outputs.tf @@ -25,5 +25,5 @@ output "client_token" { } output "ca_certificate" { - value = "${module.gke.ca_certificate}" + value = "${module.gke.ca_certificate}" } diff --git a/examples/node_pool/main.tf b/examples/node_pool/main.tf index da7ad50a3d..e02ec9f4b9 100644 --- a/examples/node_pool/main.tf +++ b/examples/node_pool/main.tf @@ -24,21 +24,21 @@ provider "google" { } module "gke" { - source = "../../" - project_id = "${var.project_id}" - name = "${local.cluster_type}-cluster" - region = "${var.region}" - network = "${var.network}" - subnetwork = "${var.subnetwork}" - ip_range_pods = "${var.ip_range_pods}" - ip_range_services = "${var.ip_range_services}" + source = "../../" + project_id = "${var.project_id}" + name = "${local.cluster_type}-cluster" + region = "${var.region}" + network = "${var.network}" + subnetwork = "${var.subnetwork}" + ip_range_pods = "${var.ip_range_pods}" + ip_range_services = "${var.ip_range_services}" kubernetes_version = "1.11.5-gke.4" - node_version = "1.11.5-gke.4" + node_version = "1.11.5-gke.4" node_pools = [ { - name = "pool-01" - min_count = 4 + name = "pool-01" + min_count = 4 service_account = "${var.compute_engine_service_account}" }, { diff --git a/examples/node_pool/outputs.tf b/examples/node_pool/outputs.tf index f08062730c..b48cab862e 100644 --- a/examples/node_pool/outputs.tf +++ b/examples/node_pool/outputs.tf @@ -25,5 +25,5 @@ output "client_token" { } output "ca_certificate" { - value = "${module.gke.ca_certificate}" + value = "${module.gke.ca_certificate}" } diff --git a/examples/simple_regional/main.tf b/examples/simple_regional/main.tf index d468360ed3..23e3678c79 100644 --- a/examples/simple_regional/main.tf +++ b/examples/simple_regional/main.tf @@ -24,17 +24,17 @@ provider "google" { } module "gke" { - source = "../../" - project_id = "${var.project_id}" - name = "${local.cluster_type}-cluster" - regional = true - region = "${var.region}" - network = "${var.network}" - subnetwork = "${var.subnetwork}" - ip_range_pods = "${var.ip_range_pods}" - ip_range_services = "${var.ip_range_services}" + source = "../../" + project_id = "${var.project_id}" + name = "${local.cluster_type}-cluster" + regional = true + region = "${var.region}" + network = "${var.network}" + subnetwork = "${var.subnetwork}" + ip_range_pods = "${var.ip_range_pods}" + ip_range_services = "${var.ip_range_services}" kubernetes_version = "1.11.5-gke.4" - node_version = "1.11.5-gke.4" + node_version = "1.11.5-gke.4" service_account = "${var.compute_engine_service_account}" } diff --git a/examples/simple_regional/outputs.tf b/examples/simple_regional/outputs.tf index f08062730c..b48cab862e 100644 --- a/examples/simple_regional/outputs.tf +++ b/examples/simple_regional/outputs.tf @@ -25,5 +25,5 @@ output "client_token" { } output "ca_certificate" { - value = "${module.gke.ca_certificate}" + value = "${module.gke.ca_certificate}" } diff --git a/examples/simple_zonal/main.tf b/examples/simple_zonal/main.tf index 63cd0d4f4b..d5059dc8e7 100644 --- a/examples/simple_zonal/main.tf +++ b/examples/simple_zonal/main.tf @@ -24,18 +24,18 @@ provider "google" { } module "gke" { - source = "../../" - project_id = "${var.project_id}" - name = "${local.cluster_type}-cluster" - regional = false - region = "${var.region}" - zones = "${var.zones}" - network = "${var.network}" - subnetwork = "${var.subnetwork}" - ip_range_pods = "${var.ip_range_pods}" - ip_range_services = "${var.ip_range_services}" + source = "../../" + project_id = "${var.project_id}" + name = "${local.cluster_type}-cluster" + regional = false + region = "${var.region}" + zones = "${var.zones}" + network = "${var.network}" + subnetwork = "${var.subnetwork}" + ip_range_pods = "${var.ip_range_pods}" + ip_range_services = "${var.ip_range_services}" kubernetes_version = "1.11.4-gke.8" - node_version = "1.11.4-gke.8" + node_version = "1.11.4-gke.8" service_account = "${var.compute_engine_service_account}" } diff --git a/examples/simple_zonal/outputs.tf b/examples/simple_zonal/outputs.tf index f08062730c..b48cab862e 100644 --- a/examples/simple_zonal/outputs.tf +++ b/examples/simple_zonal/outputs.tf @@ -25,5 +25,5 @@ output "client_token" { } output "ca_certificate" { - value = "${module.gke.ca_certificate}" + value = "${module.gke.ca_certificate}" } diff --git a/examples/stub_domains/main.tf b/examples/stub_domains/main.tf index 57265702bb..d5b8fbe1a0 100644 --- a/examples/stub_domains/main.tf +++ b/examples/stub_domains/main.tf @@ -24,17 +24,17 @@ provider "google" { } module "gke" { - source = "../../" - project_id = "${var.project_id}" - name = "${local.cluster_type}-cluster" - region = "${var.region}" - network = "${var.network}" - subnetwork = "${var.subnetwork}" - ip_range_pods = "${var.ip_range_pods}" - ip_range_services = "${var.ip_range_services}" - network_policy = true + source = "../../" + project_id = "${var.project_id}" + name = "${local.cluster_type}-cluster" + region = "${var.region}" + network = "${var.network}" + subnetwork = "${var.subnetwork}" + ip_range_pods = "${var.ip_range_pods}" + ip_range_services = "${var.ip_range_services}" + network_policy = true kubernetes_version = "1.11.5-gke.4" - node_version = "1.11.5-gke.4" + node_version = "1.11.5-gke.4" service_account = "${var.compute_engine_service_account}" stub_domains { diff --git a/examples/stub_domains/outputs.tf b/examples/stub_domains/outputs.tf index f08062730c..b48cab862e 100644 --- a/examples/stub_domains/outputs.tf +++ b/examples/stub_domains/outputs.tf @@ -25,5 +25,5 @@ output "client_token" { } output "ca_certificate" { - value = "${module.gke.ca_certificate}" + value = "${module.gke.ca_certificate}" } diff --git a/main.tf b/main.tf index 74b93940fe..c9107d18ec 100644 --- a/main.tf +++ b/main.tf @@ -23,7 +23,7 @@ data "google_compute_zones" "available" { } resource "random_shuffle" "available_zones" { - input = ["${data.google_compute_zones.available.names}"] + input = ["${data.google_compute_zones.available.names}"] result_count = 3 } diff --git a/test/fixtures/deploy_service/example.tf b/test/fixtures/deploy_service/example.tf index 3cc994a768..5b9fe4a56b 100644 --- a/test/fixtures/deploy_service/example.tf +++ b/test/fixtures/deploy_service/example.tf @@ -17,12 +17,12 @@ module "example" { source = "../../../examples/deploy_service" - project_id = "${var.project_id}" - credentials_path = "${local.credentials_path}" - region = "${var.region}" - network = "${google_compute_network.main.name}" - subnetwork = "${google_compute_subnetwork.main.name}" - ip_range_pods = "${google_compute_subnetwork.main.secondary_ip_range.0.range_name}" - ip_range_services = "${google_compute_subnetwork.main.secondary_ip_range.1.range_name}" + project_id = "${var.project_id}" + credentials_path = "${local.credentials_path}" + region = "${var.region}" + network = "${google_compute_network.main.name}" + subnetwork = "${google_compute_subnetwork.main.name}" + ip_range_pods = "${google_compute_subnetwork.main.secondary_ip_range.0.range_name}" + ip_range_services = "${google_compute_subnetwork.main.secondary_ip_range.1.range_name}" compute_engine_service_account = "${var.compute_engine_service_account}" } diff --git a/test/fixtures/deploy_service/network.tf b/test/fixtures/deploy_service/network.tf index 6a6325ab2d..64dfbf8aeb 100644 --- a/test/fixtures/deploy_service/network.tf +++ b/test/fixtures/deploy_service/network.tf @@ -19,32 +19,34 @@ locals { } resource "random_string" "suffix" { - length = 4 + length = 4 special = false - upper = false + upper = false } provider "google" { credentials = "${file(local.credentials_path)}" - project = "${var.project_id}" + project = "${var.project_id}" } resource "google_compute_network" "main" { - name = "cft-gke-test-${random_string.suffix.result}" + name = "cft-gke-test-${random_string.suffix.result}" auto_create_subnetworks = "false" } resource "google_compute_subnetwork" "main" { - name = "cft-gke-test-${random_string.suffix.result}" + name = "cft-gke-test-${random_string.suffix.result}" ip_cidr_range = "10.0.0.0/17" - region = "${var.region}" - network = "${google_compute_network.main.self_link}" + region = "${var.region}" + network = "${google_compute_network.main.self_link}" + secondary_ip_range { - range_name = "cft-gke-test-pods-${random_string.suffix.result}" + range_name = "cft-gke-test-pods-${random_string.suffix.result}" ip_cidr_range = "192.168.0.0/18" } + secondary_ip_range { - range_name = "cft-gke-test-services-${random_string.suffix.result}" + range_name = "cft-gke-test-services-${random_string.suffix.result}" ip_cidr_range = "192.168.64.0/18" } } diff --git a/test/fixtures/node_pool/example.tf b/test/fixtures/node_pool/example.tf index 3e7b1ea609..84c47fa3af 100644 --- a/test/fixtures/node_pool/example.tf +++ b/test/fixtures/node_pool/example.tf @@ -17,12 +17,12 @@ module "example" { source = "../../../examples/node_pool" - project_id = "${var.project_id}" - credentials_path = "${local.credentials_path}" - region = "${var.region}" - network = "${google_compute_network.main.name}" - subnetwork = "${google_compute_subnetwork.main.name}" - ip_range_pods = "${google_compute_subnetwork.main.secondary_ip_range.0.range_name}" - ip_range_services = "${google_compute_subnetwork.main.secondary_ip_range.1.range_name}" + project_id = "${var.project_id}" + credentials_path = "${local.credentials_path}" + region = "${var.region}" + network = "${google_compute_network.main.name}" + subnetwork = "${google_compute_subnetwork.main.name}" + ip_range_pods = "${google_compute_subnetwork.main.secondary_ip_range.0.range_name}" + ip_range_services = "${google_compute_subnetwork.main.secondary_ip_range.1.range_name}" compute_engine_service_account = "${var.compute_engine_service_account}" } diff --git a/test/fixtures/node_pool/network.tf b/test/fixtures/node_pool/network.tf index 6a6325ab2d..64dfbf8aeb 100644 --- a/test/fixtures/node_pool/network.tf +++ b/test/fixtures/node_pool/network.tf @@ -19,32 +19,34 @@ locals { } resource "random_string" "suffix" { - length = 4 + length = 4 special = false - upper = false + upper = false } provider "google" { credentials = "${file(local.credentials_path)}" - project = "${var.project_id}" + project = "${var.project_id}" } resource "google_compute_network" "main" { - name = "cft-gke-test-${random_string.suffix.result}" + name = "cft-gke-test-${random_string.suffix.result}" auto_create_subnetworks = "false" } resource "google_compute_subnetwork" "main" { - name = "cft-gke-test-${random_string.suffix.result}" + name = "cft-gke-test-${random_string.suffix.result}" ip_cidr_range = "10.0.0.0/17" - region = "${var.region}" - network = "${google_compute_network.main.self_link}" + region = "${var.region}" + network = "${google_compute_network.main.self_link}" + secondary_ip_range { - range_name = "cft-gke-test-pods-${random_string.suffix.result}" + range_name = "cft-gke-test-pods-${random_string.suffix.result}" ip_cidr_range = "192.168.0.0/18" } + secondary_ip_range { - range_name = "cft-gke-test-services-${random_string.suffix.result}" + range_name = "cft-gke-test-services-${random_string.suffix.result}" ip_cidr_range = "192.168.64.0/18" } } diff --git a/test/fixtures/shared/outputs.tf b/test/fixtures/shared/outputs.tf index 5cfbc3e106..3af8e16983 100644 --- a/test/fixtures/shared/outputs.tf +++ b/test/fixtures/shared/outputs.tf @@ -75,5 +75,5 @@ output "client_token" { output "ca_certificate" { description = "The cluster CA certificate" - value = "${module.example.ca_certificate}" + value = "${module.example.ca_certificate}" } diff --git a/test/fixtures/shared/variables.tf b/test/fixtures/shared/variables.tf index 8f4e02b783..1a4da7a2b7 100644 --- a/test/fixtures/shared/variables.tf +++ b/test/fixtures/shared/variables.tf @@ -14,23 +14,15 @@ * limitations under the License. */ -variable "project_id" { +variable "project_id" {} -} - -variable "credentials_path_relative" { - -} +variable "credentials_path_relative" {} -variable "region" { - -} +variable "region" {} variable "zones" { - type = "list" + type = "list" default = [] } -variable "compute_engine_service_account" { - -} +variable "compute_engine_service_account" {} diff --git a/test/fixtures/simple_regional/example.tf b/test/fixtures/simple_regional/example.tf index 797ba2e303..72a197218f 100644 --- a/test/fixtures/simple_regional/example.tf +++ b/test/fixtures/simple_regional/example.tf @@ -17,12 +17,12 @@ module "example" { source = "../../../examples/simple_regional" - project_id = "${var.project_id}" - credentials_path = "${local.credentials_path}" - region = "${var.region}" - network = "${google_compute_network.main.name}" - subnetwork = "${google_compute_subnetwork.main.name}" - ip_range_pods = "${google_compute_subnetwork.main.secondary_ip_range.0.range_name}" - ip_range_services = "${google_compute_subnetwork.main.secondary_ip_range.1.range_name}" + project_id = "${var.project_id}" + credentials_path = "${local.credentials_path}" + region = "${var.region}" + network = "${google_compute_network.main.name}" + subnetwork = "${google_compute_subnetwork.main.name}" + ip_range_pods = "${google_compute_subnetwork.main.secondary_ip_range.0.range_name}" + ip_range_services = "${google_compute_subnetwork.main.secondary_ip_range.1.range_name}" compute_engine_service_account = "${var.compute_engine_service_account}" } diff --git a/test/fixtures/simple_regional/network.tf b/test/fixtures/simple_regional/network.tf index 6a6325ab2d..64dfbf8aeb 100644 --- a/test/fixtures/simple_regional/network.tf +++ b/test/fixtures/simple_regional/network.tf @@ -19,32 +19,34 @@ locals { } resource "random_string" "suffix" { - length = 4 + length = 4 special = false - upper = false + upper = false } provider "google" { credentials = "${file(local.credentials_path)}" - project = "${var.project_id}" + project = "${var.project_id}" } resource "google_compute_network" "main" { - name = "cft-gke-test-${random_string.suffix.result}" + name = "cft-gke-test-${random_string.suffix.result}" auto_create_subnetworks = "false" } resource "google_compute_subnetwork" "main" { - name = "cft-gke-test-${random_string.suffix.result}" + name = "cft-gke-test-${random_string.suffix.result}" ip_cidr_range = "10.0.0.0/17" - region = "${var.region}" - network = "${google_compute_network.main.self_link}" + region = "${var.region}" + network = "${google_compute_network.main.self_link}" + secondary_ip_range { - range_name = "cft-gke-test-pods-${random_string.suffix.result}" + range_name = "cft-gke-test-pods-${random_string.suffix.result}" ip_cidr_range = "192.168.0.0/18" } + secondary_ip_range { - range_name = "cft-gke-test-services-${random_string.suffix.result}" + range_name = "cft-gke-test-services-${random_string.suffix.result}" ip_cidr_range = "192.168.64.0/18" } } diff --git a/test/fixtures/simple_zonal/example.tf b/test/fixtures/simple_zonal/example.tf index 3115dbab5d..c962c555e0 100644 --- a/test/fixtures/simple_zonal/example.tf +++ b/test/fixtures/simple_zonal/example.tf @@ -17,13 +17,13 @@ module "example" { source = "../../../examples/simple_zonal" - project_id = "${var.project_id}" - credentials_path = "${local.credentials_path}" - region = "${var.region}" - zones = ["${var.zones}"] - network = "${google_compute_network.main.name}" - subnetwork = "${google_compute_subnetwork.main.name}" - ip_range_pods = "${google_compute_subnetwork.main.secondary_ip_range.0.range_name}" - ip_range_services = "${google_compute_subnetwork.main.secondary_ip_range.1.range_name}" + project_id = "${var.project_id}" + credentials_path = "${local.credentials_path}" + region = "${var.region}" + zones = ["${var.zones}"] + network = "${google_compute_network.main.name}" + subnetwork = "${google_compute_subnetwork.main.name}" + ip_range_pods = "${google_compute_subnetwork.main.secondary_ip_range.0.range_name}" + ip_range_services = "${google_compute_subnetwork.main.secondary_ip_range.1.range_name}" compute_engine_service_account = "${var.compute_engine_service_account}" } diff --git a/test/fixtures/simple_zonal/network.tf b/test/fixtures/simple_zonal/network.tf index 6a6325ab2d..64dfbf8aeb 100644 --- a/test/fixtures/simple_zonal/network.tf +++ b/test/fixtures/simple_zonal/network.tf @@ -19,32 +19,34 @@ locals { } resource "random_string" "suffix" { - length = 4 + length = 4 special = false - upper = false + upper = false } provider "google" { credentials = "${file(local.credentials_path)}" - project = "${var.project_id}" + project = "${var.project_id}" } resource "google_compute_network" "main" { - name = "cft-gke-test-${random_string.suffix.result}" + name = "cft-gke-test-${random_string.suffix.result}" auto_create_subnetworks = "false" } resource "google_compute_subnetwork" "main" { - name = "cft-gke-test-${random_string.suffix.result}" + name = "cft-gke-test-${random_string.suffix.result}" ip_cidr_range = "10.0.0.0/17" - region = "${var.region}" - network = "${google_compute_network.main.self_link}" + region = "${var.region}" + network = "${google_compute_network.main.self_link}" + secondary_ip_range { - range_name = "cft-gke-test-pods-${random_string.suffix.result}" + range_name = "cft-gke-test-pods-${random_string.suffix.result}" ip_cidr_range = "192.168.0.0/18" } + secondary_ip_range { - range_name = "cft-gke-test-services-${random_string.suffix.result}" + range_name = "cft-gke-test-services-${random_string.suffix.result}" ip_cidr_range = "192.168.64.0/18" } } diff --git a/test/fixtures/stub_domains/example.tf b/test/fixtures/stub_domains/example.tf index a010556342..bcc0a440f8 100644 --- a/test/fixtures/stub_domains/example.tf +++ b/test/fixtures/stub_domains/example.tf @@ -17,12 +17,12 @@ module "example" { source = "../../../examples/stub_domains" - project_id = "${var.project_id}" - credentials_path = "${local.credentials_path}" - region = "${var.region}" - network = "${google_compute_network.main.name}" - subnetwork = "${google_compute_subnetwork.main.name}" - ip_range_pods = "${google_compute_subnetwork.main.secondary_ip_range.0.range_name}" - ip_range_services = "${google_compute_subnetwork.main.secondary_ip_range.1.range_name}" + project_id = "${var.project_id}" + credentials_path = "${local.credentials_path}" + region = "${var.region}" + network = "${google_compute_network.main.name}" + subnetwork = "${google_compute_subnetwork.main.name}" + ip_range_pods = "${google_compute_subnetwork.main.secondary_ip_range.0.range_name}" + ip_range_services = "${google_compute_subnetwork.main.secondary_ip_range.1.range_name}" compute_engine_service_account = "${var.compute_engine_service_account}" } diff --git a/test/fixtures/stub_domains/network.tf b/test/fixtures/stub_domains/network.tf index 6a6325ab2d..64dfbf8aeb 100644 --- a/test/fixtures/stub_domains/network.tf +++ b/test/fixtures/stub_domains/network.tf @@ -19,32 +19,34 @@ locals { } resource "random_string" "suffix" { - length = 4 + length = 4 special = false - upper = false + upper = false } provider "google" { credentials = "${file(local.credentials_path)}" - project = "${var.project_id}" + project = "${var.project_id}" } resource "google_compute_network" "main" { - name = "cft-gke-test-${random_string.suffix.result}" + name = "cft-gke-test-${random_string.suffix.result}" auto_create_subnetworks = "false" } resource "google_compute_subnetwork" "main" { - name = "cft-gke-test-${random_string.suffix.result}" + name = "cft-gke-test-${random_string.suffix.result}" ip_cidr_range = "10.0.0.0/17" - region = "${var.region}" - network = "${google_compute_network.main.self_link}" + region = "${var.region}" + network = "${google_compute_network.main.self_link}" + secondary_ip_range { - range_name = "cft-gke-test-pods-${random_string.suffix.result}" + range_name = "cft-gke-test-pods-${random_string.suffix.result}" ip_cidr_range = "192.168.0.0/18" } + secondary_ip_range { - range_name = "cft-gke-test-services-${random_string.suffix.result}" + range_name = "cft-gke-test-services-${random_string.suffix.result}" ip_cidr_range = "192.168.64.0/18" } } diff --git a/test/make.sh b/test/make.sh index 6976b26497..9f640bcf74 100755 --- a/test/make.sh +++ b/test/make.sh @@ -49,6 +49,8 @@ function check_terraform() { echo "Running terraform validate" #shellcheck disable=SC2156 find . -name "*.tf" -not -path "./test/fixtures/shared/*" -not -path "./test/fixtures/all_examples/*" -exec bash -c 'terraform validate --check-variables=false $(dirname "{}")' \; + echo "Running terraform fmt" + terraform fmt -check=true -write=false } # This function runs 'go fmt' and 'go vet' on every file diff --git a/variables.tf b/variables.tf index 6a9931e29b..c0d6a0a977 100644 --- a/variables.tf +++ b/variables.tf @@ -192,5 +192,5 @@ variable "monitoring_service" { variable "service_account" { description = "The service account to default running nodes as if not overridden in `node_pools`. Defaults to the compute engine default service account" - default = "" + default = "" } From 8d46662e9dff7ea194b5859ddcea82b7c629dcf9 Mon Sep 17 00:00:00 2001 From: Morgante Pell Date: Tue, 18 Dec 2018 20:00:55 -0500 Subject: [PATCH 33/39] Fix Go version in tests. --- build/docker/terraform/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/docker/terraform/Dockerfile b/build/docker/terraform/Dockerfile index a2c713bb83..fed6548606 100644 --- a/build/docker/terraform/Dockerfile +++ b/build/docker/terraform/Dockerfile @@ -17,7 +17,7 @@ FROM alpine:3.8 as builder RUN apk add --no-cache \ bash=4.4.19-r1 \ git=2.18.1-r0 \ - go=1.10.5-r0 \ + go=1.10.7-r0 \ make=4.2.1-r2 \ musl-dev=1.1.19-r10 From b0172498c0598aeeaf420156686b65e68eb0091f Mon Sep 17 00:00:00 2001 From: Morgante Pell Date: Tue, 18 Dec 2018 20:18:07 -0500 Subject: [PATCH 34/39] Actually symlink terraform.tfvars --- test/fixtures/deploy_service/terraform.tfvars | 1 + test/fixtures/node_pool/terraform.tfvars | 1 + test/fixtures/simple_regional/terraform.tfvars | 1 + test/fixtures/stub_domains/terraform.tfvars | 1 + 4 files changed, 4 insertions(+) create mode 120000 test/fixtures/deploy_service/terraform.tfvars create mode 120000 test/fixtures/node_pool/terraform.tfvars create mode 120000 test/fixtures/simple_regional/terraform.tfvars create mode 120000 test/fixtures/stub_domains/terraform.tfvars diff --git a/test/fixtures/deploy_service/terraform.tfvars b/test/fixtures/deploy_service/terraform.tfvars new file mode 120000 index 0000000000..08ac6f4724 --- /dev/null +++ b/test/fixtures/deploy_service/terraform.tfvars @@ -0,0 +1 @@ +../shared/terraform.tfvars \ No newline at end of file diff --git a/test/fixtures/node_pool/terraform.tfvars b/test/fixtures/node_pool/terraform.tfvars new file mode 120000 index 0000000000..08ac6f4724 --- /dev/null +++ b/test/fixtures/node_pool/terraform.tfvars @@ -0,0 +1 @@ +../shared/terraform.tfvars \ No newline at end of file diff --git a/test/fixtures/simple_regional/terraform.tfvars b/test/fixtures/simple_regional/terraform.tfvars new file mode 120000 index 0000000000..08ac6f4724 --- /dev/null +++ b/test/fixtures/simple_regional/terraform.tfvars @@ -0,0 +1 @@ +../shared/terraform.tfvars \ No newline at end of file diff --git a/test/fixtures/stub_domains/terraform.tfvars b/test/fixtures/stub_domains/terraform.tfvars new file mode 120000 index 0000000000..08ac6f4724 --- /dev/null +++ b/test/fixtures/stub_domains/terraform.tfvars @@ -0,0 +1 @@ +../shared/terraform.tfvars \ No newline at end of file From cf5c27aa2890c72eb223f696742a24ac03f703b9 Mon Sep 17 00:00:00 2001 From: Morgante Pell Date: Tue, 18 Dec 2018 20:43:58 -0500 Subject: [PATCH 35/39] Missed one tfvars symlink --- test/fixtures/simple_zonal/terraform.tfvars | 1 + 1 file changed, 1 insertion(+) create mode 120000 test/fixtures/simple_zonal/terraform.tfvars diff --git a/test/fixtures/simple_zonal/terraform.tfvars b/test/fixtures/simple_zonal/terraform.tfvars new file mode 120000 index 0000000000..08ac6f4724 --- /dev/null +++ b/test/fixtures/simple_zonal/terraform.tfvars @@ -0,0 +1 @@ +../shared/terraform.tfvars \ No newline at end of file From 4eeaaa32b28918e34d2a4e4b3694f5430b3c4492 Mon Sep 17 00:00:00 2001 From: Jason Berlinsky Date: Tue, 18 Dec 2018 21:40:40 -0500 Subject: [PATCH 36/39] Add descriptions to test environment variables --- test/fixtures/shared/variables.tf | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/test/fixtures/shared/variables.tf b/test/fixtures/shared/variables.tf index 1a4da7a2b7..0982c40787 100644 --- a/test/fixtures/shared/variables.tf +++ b/test/fixtures/shared/variables.tf @@ -14,15 +14,24 @@ * limitations under the License. */ -variable "project_id" {} +variable "project_id" { + description = "The GCP project to use for integration tests" +} -variable "credentials_path_relative" {} +variable "credentials_path_relative" { + description = "The relative path from the fixture directory to the GCP credentials file that will run Terraform tests" +} -variable "region" {} +variable "region" { + description = "The GCP region to create and test resources in" +} variable "zones" { type = "list" + description = "The GCP zones to create and test resources in, for applicable tests" default = [] } -variable "compute_engine_service_account" {} +variable "compute_engine_service_account" { + description = "The email address of the service account to associate with the GKE cluster" +} From a4a3f7106a04dd2c789aabcd8d7d4faa03f7ed20 Mon Sep 17 00:00:00 2001 From: Jason Berlinsky Date: Tue, 18 Dec 2018 22:02:40 -0500 Subject: [PATCH 37/39] `terraform fmt` --- test/fixtures/shared/variables.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/fixtures/shared/variables.tf b/test/fixtures/shared/variables.tf index 0982c40787..8955c2e0be 100644 --- a/test/fixtures/shared/variables.tf +++ b/test/fixtures/shared/variables.tf @@ -27,9 +27,9 @@ variable "region" { } variable "zones" { - type = "list" + type = "list" description = "The GCP zones to create and test resources in, for applicable tests" - default = [] + default = [] } variable "compute_engine_service_account" { From 90a122e3c6c2b86869bb3d84df880c6ee07c33d4 Mon Sep 17 00:00:00 2001 From: Jason Berlinsky Date: Wed, 19 Dec 2018 09:54:24 -0500 Subject: [PATCH 38/39] Bring back shared_vpc example and simple test fixture --- .kitchen.yml | 12 +++++ README.md | 3 +- examples/shared_vpc/README.md | 13 +++++ examples/shared_vpc/main.tf | 41 +++++++++++++++ examples/shared_vpc/outputs.tf | 29 +++++++++++ examples/shared_vpc/test_outputs.tf | 1 + examples/shared_vpc/variables.tf | 51 ++++++++++++++++++ test/fixtures/shared_vpc/example.tf | 29 +++++++++++ test/fixtures/shared_vpc/network.tf | 52 +++++++++++++++++++ test/fixtures/shared_vpc/outputs.tf | 1 + test/fixtures/shared_vpc/terraform.tfvars | 1 + test/fixtures/shared_vpc/variables.tf | 1 + .../integration/shared_vpc/controls/gcloud.rb | 42 +++++++++++++++ test/integration/shared_vpc/inspec.yml | 14 +++++ 14 files changed, 289 insertions(+), 1 deletion(-) create mode 100644 examples/shared_vpc/README.md create mode 100644 examples/shared_vpc/main.tf create mode 100644 examples/shared_vpc/outputs.tf create mode 120000 examples/shared_vpc/test_outputs.tf create mode 100644 examples/shared_vpc/variables.tf create mode 100644 test/fixtures/shared_vpc/example.tf create mode 100644 test/fixtures/shared_vpc/network.tf create mode 120000 test/fixtures/shared_vpc/outputs.tf create mode 120000 test/fixtures/shared_vpc/terraform.tfvars create mode 120000 test/fixtures/shared_vpc/variables.tf create mode 100644 test/integration/shared_vpc/controls/gcloud.rb create mode 100644 test/integration/shared_vpc/inspec.yml diff --git a/.kitchen.yml b/.kitchen.yml index 1f9e304b79..5cd1359866 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -48,6 +48,18 @@ suites: backend: local provisioner: name: terraform + - name: "shared_vpc" + driver: + name: "terraform" + command_timeout: 1800 + root_module_directory: test/fixtures/shared_vpc + verifier: + name: terraform + systems: + - name: shared_vpc + backend: local + provisioner: + name: terraform - name: "simple_regional" driver: name: "terraform" diff --git a/README.md b/README.md index b2fcafa1e4..13ee276d24 100644 --- a/README.md +++ b/README.md @@ -212,10 +212,11 @@ make generate_docs Integration tests are run though [test-kitchen](https://github.com/test-kitchen/test-kitchen), [kitchen-terraform](https://github.com/newcontext-oss/kitchen-terraform), and [InSpec](https://github.com/inspec/inspec). -Five test-kitchen instances are defined: +Six test-kitchen instances are defined: - `deploy_service` - `node_pool` +- `shared_vpc` - `simple_regional` - `simple_zonal` - `stub_domains` diff --git a/examples/shared_vpc/README.md b/examples/shared_vpc/README.md new file mode 100644 index 0000000000..1ecd805d6e --- /dev/null +++ b/examples/shared_vpc/README.md @@ -0,0 +1,13 @@ +# Shared VPC Cluster + +This example illustrates how to create a simple cluster where the host network is not necessarily in the same project as the cluster. + +[^]: (autogen_docs_start) + +[^]: (autogen_docs_end) + +To provision this example, run the following from within this directory: +- `terraform init` to get the plugins +- `terraform plan` to see the infrastructure plan +- `terraform apply` to apply the infrastructure build +- `terraform destroy` to destroy the built infrastructure diff --git a/examples/shared_vpc/main.tf b/examples/shared_vpc/main.tf new file mode 100644 index 0000000000..17820f9c97 --- /dev/null +++ b/examples/shared_vpc/main.tf @@ -0,0 +1,41 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + cluster_type = "shared-vpc" +} + +provider "google" { + credentials = "${file(var.credentials_path)}" + region = "${var.region}" +} + +module "gke" { + source = "../../" + project_id = "${var.project_id}" + name = "${local.cluster_type}-cluster" + region = "${var.region}" + network = "${var.network}" + network_project_id = "${var.network_project_id}" + subnetwork = "${var.subnetwork}" + ip_range_pods = "${var.ip_range_pods}" + ip_range_services = "${var.ip_range_services}" + kubernetes_version = "1.11.5-gke.4" + node_version = "1.11.5-gke.4" + service_account = "${var.compute_engine_service_account}" +} + +data "google_client_config" "default" {} diff --git a/examples/shared_vpc/outputs.tf b/examples/shared_vpc/outputs.tf new file mode 100644 index 0000000000..b48cab862e --- /dev/null +++ b/examples/shared_vpc/outputs.tf @@ -0,0 +1,29 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "kubernetes_endpoint" { + sensitive = true + value = "${module.gke.endpoint}" +} + +output "client_token" { + sensitive = true + value = "${base64encode(data.google_client_config.default.access_token)}" +} + +output "ca_certificate" { + value = "${module.gke.ca_certificate}" +} diff --git a/examples/shared_vpc/test_outputs.tf b/examples/shared_vpc/test_outputs.tf new file mode 120000 index 0000000000..17b34213ba --- /dev/null +++ b/examples/shared_vpc/test_outputs.tf @@ -0,0 +1 @@ +../../test/fixtures/all_examples/test_outputs.tf \ No newline at end of file diff --git a/examples/shared_vpc/variables.tf b/examples/shared_vpc/variables.tf new file mode 100644 index 0000000000..05d9c2f0ce --- /dev/null +++ b/examples/shared_vpc/variables.tf @@ -0,0 +1,51 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to host the cluster in" +} + +variable "credentials_path" { + description = "The path to the GCP credentials JSON file" +} + +variable "region" { + description = "The region to host the cluster in" +} + +variable "network" { + description = "The VPC network to host the cluster in" +} + +variable "network_project_id" { + description = "The GCP project housing the VPC network to host the cluster in" +} + +variable "subnetwork" { + description = "The subnetwork to host the cluster in" +} + +variable "ip_range_pods" { + description = "The secondary ip range to use for pods" +} + +variable "ip_range_services" { + description = "The secondary ip range to use for pods" +} + +variable "compute_engine_service_account" { + description = "Service account to associate to the nodes in the cluster" +} diff --git a/test/fixtures/shared_vpc/example.tf b/test/fixtures/shared_vpc/example.tf new file mode 100644 index 0000000000..a4cd32150c --- /dev/null +++ b/test/fixtures/shared_vpc/example.tf @@ -0,0 +1,29 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +module "example" { + source = "../../../examples/shared_vpc" + + project_id = "${var.project_id}" + credentials_path = "${local.credentials_path}" + region = "${var.region}" + network = "${google_compute_network.main.name}" + network_project_id = "${var.project_id}" + subnetwork = "${google_compute_subnetwork.main.name}" + ip_range_pods = "${google_compute_subnetwork.main.secondary_ip_range.0.range_name}" + ip_range_services = "${google_compute_subnetwork.main.secondary_ip_range.1.range_name}" + compute_engine_service_account = "${var.compute_engine_service_account}" +} diff --git a/test/fixtures/shared_vpc/network.tf b/test/fixtures/shared_vpc/network.tf new file mode 100644 index 0000000000..64dfbf8aeb --- /dev/null +++ b/test/fixtures/shared_vpc/network.tf @@ -0,0 +1,52 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + credentials_path = "${path.module}/${var.credentials_path_relative}" +} + +resource "random_string" "suffix" { + length = 4 + special = false + upper = false +} + +provider "google" { + credentials = "${file(local.credentials_path)}" + project = "${var.project_id}" +} + +resource "google_compute_network" "main" { + name = "cft-gke-test-${random_string.suffix.result}" + auto_create_subnetworks = "false" +} + +resource "google_compute_subnetwork" "main" { + name = "cft-gke-test-${random_string.suffix.result}" + ip_cidr_range = "10.0.0.0/17" + region = "${var.region}" + network = "${google_compute_network.main.self_link}" + + secondary_ip_range { + range_name = "cft-gke-test-pods-${random_string.suffix.result}" + ip_cidr_range = "192.168.0.0/18" + } + + secondary_ip_range { + range_name = "cft-gke-test-services-${random_string.suffix.result}" + ip_cidr_range = "192.168.64.0/18" + } +} diff --git a/test/fixtures/shared_vpc/outputs.tf b/test/fixtures/shared_vpc/outputs.tf new file mode 120000 index 0000000000..726bdc722f --- /dev/null +++ b/test/fixtures/shared_vpc/outputs.tf @@ -0,0 +1 @@ +../shared/outputs.tf \ No newline at end of file diff --git a/test/fixtures/shared_vpc/terraform.tfvars b/test/fixtures/shared_vpc/terraform.tfvars new file mode 120000 index 0000000000..08ac6f4724 --- /dev/null +++ b/test/fixtures/shared_vpc/terraform.tfvars @@ -0,0 +1 @@ +../shared/terraform.tfvars \ No newline at end of file diff --git a/test/fixtures/shared_vpc/variables.tf b/test/fixtures/shared_vpc/variables.tf new file mode 120000 index 0000000000..c113c00a3d --- /dev/null +++ b/test/fixtures/shared_vpc/variables.tf @@ -0,0 +1 @@ +../shared/variables.tf \ No newline at end of file diff --git a/test/integration/shared_vpc/controls/gcloud.rb b/test/integration/shared_vpc/controls/gcloud.rb new file mode 100644 index 0000000000..ccdcd3e461 --- /dev/null +++ b/test/integration/shared_vpc/controls/gcloud.rb @@ -0,0 +1,42 @@ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +location = attribute('location') +cluster_name = attribute('cluster_name') + +credentials_path = attribute('credentials_path') +ENV['CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE'] = credentials_path + +control "gcloud" do + title "Google Compute Engine GKE configuration" + describe command("gcloud --project=#{project_id} container clusters --zone=#{location} describe #{cluster_name} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let!(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "cluster" do + it "is running" do + expect(data['status']).to eq 'RUNNING' + end + end + end +end diff --git a/test/integration/shared_vpc/inspec.yml b/test/integration/shared_vpc/inspec.yml new file mode 100644 index 0000000000..c4cdfdd1a4 --- /dev/null +++ b/test/integration/shared_vpc/inspec.yml @@ -0,0 +1,14 @@ +name: shared_vpc +attributes: + - name: project_id + required: true + type: string + - name: credentials_path + required: true + type: string + - name: location + required: true + type: string + - name: cluster_name + required: true + type: string From 4a32e01e07937b8d88cbaa0a4f9bee35774fecb6 Mon Sep 17 00:00:00 2001 From: Jason Berlinsky Date: Wed, 19 Dec 2018 09:54:39 -0500 Subject: [PATCH 39/39] Only .gitignore actual terraform variables, not symlinks --- .gitignore | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index 3985af4430..c1eaf75695 100644 --- a/.gitignore +++ b/.gitignore @@ -38,12 +38,7 @@ crash.log **/.kitchen.local.yml **/Gemfile.lock -# Ignore any .tfvars files that are generated automatically for each Terraform run. Most -# .tfvars files are managed as part of configuration and so should be included in -# version control. -# -# example.tfvars -**/terraform.tfvars +test/fixtures/shared/terraform.tfvars test/integration/gcloud/config.sh test/integration/tmp