diff --git a/.kitchen.yml b/.kitchen.yml index d67ab25f..3f25d4b9 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -147,3 +147,16 @@ suites: backend: local controls: - gcloud + - name: "ilb_routing" + driver: + name: "terraform" + command_timeout: 1800 + root_module_directory: test/fixtures/ilb_routing/ + verifier: + name: terraform + color: true + systems: + - name: local + backend: local + controls: + - gcloud diff --git a/examples/ilb_routing/README.md b/examples/ilb_routing/README.md new file mode 100644 index 00000000..8b85d338 --- /dev/null +++ b/examples/ilb_routing/README.md @@ -0,0 +1,34 @@ +# ILB routing example + +This example configures a single VPC inside of a project. + +This VPC has three subnets and a forwarding rule. Please note, that this is simply example resource usage, this module +wouldn't work as is. + +More information: +- https://cloud.google.com/load-balancing/docs/internal/setting-up-ilb-next-hop +- https://cloud.google.com/load-balancing/docs/l7-internal/proxy-only-subnets + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| network\_name | The name of the VPC network being created | string | n/a | yes | +| project\_id | The project ID to host the network in | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| forwarding\_rule | Forwarding rule link | +| network\_name | The name of the VPC being created | +| network\_self\_link | The URI of the VPC being created | +| project\_id | VPC project id | +| route\_names | The routes associated with this VPC | +| subnets\_ips | The IP and cidrs of the subnets being created | +| subnets\_names | The names of the subnets being created | +| subnets\_regions | The region where subnets will be created | +| subnets\_secondary\_ranges | The secondary ranges associated with these subnets | + + diff --git a/examples/ilb_routing/main.tf b/examples/ilb_routing/main.tf new file mode 100644 index 00000000..d732d617 --- /dev/null +++ b/examples/ilb_routing/main.tf @@ -0,0 +1,122 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 2.19.0" +} + +provider "google-beta" { + version = "~> 2.19.0" +} + +provider "null" { + version = "~> 2.1" +} + +module "vpc" { + source = "../../modules/vpc" + network_name = var.network_name + project_id = var.project_id +} + +module "subnets" { + source = "../../modules/subnets-beta" + project_id = var.project_id + network_name = module.vpc.network_name + subnets = [ + { + subnet_name = "${var.network_name}-subnet" + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + subnet_name = "${var.network_name}-subnet-01" + subnet_ip = "10.20.10.0/24" + subnet_region = "us-west1" + purpose = "INTERNAL_HTTPS_LOAD_BALANCER" + role = "ACTIVE" + } + ] +} + +module "subnets-backup" { + source = "../../modules/subnets-beta" + project_id = var.project_id + network_name = module.vpc.network_name + subnets = [ + { + subnet_name = "${var.network_name}-subnet-02" + subnet_ip = "10.20.20.0/24" + subnet_region = "us-west1" + purpose = "INTERNAL_HTTPS_LOAD_BALANCER" + role = "BACKUP" + } + ] + module_depends_on = [module.subnets.subnets] +} + +resource "google_compute_health_check" "this" { + project = var.project_id + name = "${var.network_name}-test" + check_interval_sec = 1 + timeout_sec = 1 + + tcp_health_check { + port = "80" + } +} + +resource "google_compute_region_backend_service" "this" { + project = var.project_id + name = "${var.network_name}-test" + region = "us-west1" + health_checks = [google_compute_health_check.this.self_link] +} + +resource "google_compute_forwarding_rule" "this" { + project = var.project_id + name = "${var.network_name}-fw-role" + + network = module.vpc.network_name + subnetwork = module.subnets.subnets["us-west1/${var.network_name}-subnet"].name + backend_service = google_compute_region_backend_service.this.self_link + region = "us-west1" + load_balancing_scheme = "INTERNAL" + all_ports = true +} + +module "routes" { + source = "../../modules/routes-beta" + project_id = var.project_id + network_name = module.vpc.network_name + routes_count = 2 + routes = [ + { + name = "${var.network_name}-egress-inet" + description = "route through IGW to access internet" + destination_range = "0.0.0.0/0" + tags = "egress-inet" + next_hop_internet = "true" + }, + { + name = "${var.network_name}-ilb" + description = "route through ilb" + destination_range = "10.10.20.0/24" + next_hop_ilb = google_compute_forwarding_rule.this.self_link + }, + ] + module_depends_on = [module.subnets.subnets, module.subnets-backup.subnets] +} diff --git a/examples/ilb_routing/outputs.tf b/examples/ilb_routing/outputs.tf new file mode 100644 index 00000000..676e23f3 --- /dev/null +++ b/examples/ilb_routing/outputs.tf @@ -0,0 +1,55 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "network_name" { + value = module.vpc.network_name + description = "The name of the VPC being created" +} + +output "network_self_link" { + value = module.vpc.network_self_link + description = "The URI of the VPC being created" +} + +output "project_id" { + value = module.vpc.project_id + description = "VPC project id" +} + +output "subnets_names" { + value = [for network in concat(module.subnets.subnets, module.subnets-backup.subnets) : network.name] + description = "The names of the subnets being created" +} + +output "subnets_ips" { + value = [for network in concat(module.subnets.subnets, module.subnets-backup.subnets) : network.ip_cidr_range] + description = "The IP and cidrs of the subnets being created" +} + +output "subnets_regions" { + value = [for network in concat(module.subnets.subnets, module.subnets-backup.subnets) : network.region] + description = "The region where subnets will be created" +} + +output "route_names" { + value = [for route in module.routes.routes : route.name] + description = "The routes associated with this VPC" +} + +output "forwarding_rule" { + value = google_compute_forwarding_rule.this.self_link + description = "Forwarding rule link" +} diff --git a/examples/ilb_routing/variables.tf b/examples/ilb_routing/variables.tf new file mode 100644 index 00000000..add93110 --- /dev/null +++ b/examples/ilb_routing/variables.tf @@ -0,0 +1,23 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to host the network in" +} + +variable "network_name" { + description = "The name of the VPC network being created" +} diff --git a/examples/ilb_routing/versions.tf b/examples/ilb_routing/versions.tf new file mode 100644 index 00000000..1fe4caaa --- /dev/null +++ b/examples/ilb_routing/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.0" +} diff --git a/modules/routes-beta/README.md b/modules/routes-beta/README.md new file mode 100644 index 00000000..13e6b225 --- /dev/null +++ b/modules/routes-beta/README.md @@ -0,0 +1,84 @@ +# Terraform Network Beta Module + +This submodule is part of the the `terraform-google-network` module. It creates the individual vpc routes and optionally deletes the default internet gateway routes. + +It supports creating: + +- Routes within vpc network. +- Optionally deletes the default internet gateway routes. + +It also uses google beta provider to support the following resource fields: + +- google_compute_route.next_hop_ilb + +## Usage + +Basic usage of this submodule is as follows: + +```hcl +module "vpc" { + source = "terraform-google-modules/network/google//modules/routes" + version = "~> 2.0.0" + + project_id = "" + network_name = "example-vpc" + + delete_default_internet_gateway_routes = false + + routes = [ + { + name = "egress-internet" + description = "route through IGW to access internet" + destination_range = "0.0.0.0/0" + tags = "egress-inet" + next_hop_internet = "true" + }, + { + name = "app-proxy" + description = "route through proxy to reach app" + destination_range = "10.50.10.0/24" + tags = "app-proxy" + next_hop_instance = "app-proxy-instance" + next_hop_instance_zone = "us-west1-a" + }, + ] +} +``` + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| delete\_default\_internet\_gateway\_routes | If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted | string | `"false"` | no | +| module\_depends\_on | List of modules or resources this module depends on. | list | `` | no | +| network\_name | The name of the network where routes will be created | string | n/a | yes | +| project\_id | The ID of the project where the routes will be created | string | n/a | yes | +| routes | List of routes being created in this VPC | list(map(string)) | `` | no | +| routes_count | Amount of routes being created in this VPC | number | `0` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| routes | The created routes resources | + + + + +### Routes Input + +The routes list contains maps, where each object represents a route. For the next_hop_* inputs, only one is possible to be used in each route. Having two next_hop_* inputs will produce an error. Each map has the following inputs (please see examples folder for additional references): + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| name | The name of the route being created | string | - | no | +| description | The description of the route being created | string | - | no | +| tags | The network tags assigned to this route. This is a list in string format. Eg. "tag-01,tag-02"| string | - | yes | +| destination\_range | The destination range of outgoing packets that this route applies to. Only IPv4 is supported | string | - | yes +| next\_hop\_internet | Whether the next hop to this route will the default internet gateway. Use "true" to enable this as next hop | string | `"false"` | yes | +| next\_hop\_ip | Network IP address of an instance that should handle matching packets | string | - | yes | +| next\_hop\_instance | URL or name of an instance that should handle matching packets. If just name is specified "next\_hop\_instance\_zone" is required | string | - | yes | +| next\_hop\_instance\_zone | The zone of the instance specified in next\_hop\_instance. Only required if next\_hop\_instance is specified as a name | string | - | no | +| next\_hop\_vpn\_tunnel | URL to a VpnTunnel that should handle matching packets | string | - | yes | +| priority | The priority of this route. Priority is used to break ties in cases where there is more than one matching route of equal prefix length. In the case of two routes with equal prefix length, the one with the lowest-numbered priority value wins | string | `"1000"` | yes | diff --git a/modules/routes-beta/main.tf b/modules/routes-beta/main.tf new file mode 100644 index 00000000..686bdf37 --- /dev/null +++ b/modules/routes-beta/main.tf @@ -0,0 +1,56 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/****************************************** + Routes + *****************************************/ +resource "google_compute_route" "route" { + provider = google-beta + count = var.routes_count + + project = var.project_id + network = var.network_name + + name = lookup(var.routes[count.index], "name", format("%s-%s-%d", lower(var.network_name), "route", count.index)) + description = lookup(var.routes[count.index], "description", null) + tags = compact(split(",", lookup(var.routes[count.index], "tags", ""))) + dest_range = lookup(var.routes[count.index], "destination_range", null) + next_hop_gateway = lookup(var.routes[count.index], "next_hop_internet", "false") == "true" ? "default-internet-gateway" : "" + next_hop_ip = lookup(var.routes[count.index], "next_hop_ip", null) + next_hop_instance = lookup(var.routes[count.index], "next_hop_instance", null) + next_hop_instance_zone = lookup(var.routes[count.index], "next_hop_instance_zone", null) + next_hop_vpn_tunnel = lookup(var.routes[count.index], "next_hop_vpn_tunnel", null) + next_hop_ilb = lookup(var.routes[count.index], "next_hop_ilb", null) + priority = lookup(var.routes[count.index], "priority", null) + + depends_on = [var.module_depends_on] +} + +resource "null_resource" "delete_default_internet_gateway_routes" { + count = var.delete_default_internet_gateway_routes ? 1 : 0 + + provisioner "local-exec" { + command = "${path.module}/scripts/delete-default-gateway-routes.sh ${var.project_id} ${var.network_name}" + } + + triggers = { + number_of_routes = length(var.routes) + } + + depends_on = [ + google_compute_route.route, + ] +} diff --git a/modules/routes-beta/outputs.tf b/modules/routes-beta/outputs.tf new file mode 100644 index 00000000..0f672ec6 --- /dev/null +++ b/modules/routes-beta/outputs.tf @@ -0,0 +1,20 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "routes" { + value = google_compute_route.route + description = "The created routes resources" +} diff --git a/modules/routes-beta/scripts/delete-default-gateway-routes.sh b/modules/routes-beta/scripts/delete-default-gateway-routes.sh new file mode 100644 index 00000000..8366d506 --- /dev/null +++ b/modules/routes-beta/scripts/delete-default-gateway-routes.sh @@ -0,0 +1,48 @@ +#!/bin/bash +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +set -e + +if [ -n "${GOOGLE_APPLICATION_CREDENTIALS}" ]; then + export CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE=${GOOGLE_APPLICATION_CREDENTIALS} +fi + +PROJECT_ID=$1 +NETWORK_ID=$2 +FILTERED_ROUTES=$(gcloud compute routes list \ + --project="${PROJECT_ID}" \ + --format="value(name)" \ + --filter=" \ + nextHopGateway:(https://www.googleapis.com/compute/v1/projects/${PROJECT_ID}/global/gateways/default-internet-gateway) \ + AND network:(https://www.googleapis.com/compute/v1/projects/${PROJECT_ID}/global/networks/${NETWORK_ID}) \ + AND name~^default-route \ + " +) + +function delete_internet_gateway_routes { + local routes="${1}" + echo "${routes}" | while read -r line; do + echo "Deleting route ${line}..." + gcloud compute routes delete "${line}" --quiet --project="${PROJECT_ID}" + done +} + +if [ -n "${FILTERED_ROUTES}" ]; then + delete_internet_gateway_routes "${FILTERED_ROUTES}" +else + echo "Default internet gateway route(s) not found; exiting..." +fi + diff --git a/modules/routes-beta/variables.tf b/modules/routes-beta/variables.tf new file mode 100644 index 00000000..989db81a --- /dev/null +++ b/modules/routes-beta/variables.tf @@ -0,0 +1,46 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The ID of the project where the routes will be created" +} + +variable "network_name" { + description = "The name of the network where routes will be created" +} + +variable "routes" { + type = list(map(string)) + description = "List of routes being created in this VPC" + default = [] +} + +variable "routes_count" { + type = number + description = "Amount of routes being created in this VPC" + default = 0 +} + +variable "delete_default_internet_gateway_routes" { + description = "If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted" + default = "false" +} + +variable "module_depends_on" { + description = "List of modules or resources this module depends on." + type = list + default = [] +} diff --git a/modules/routes-beta/versions.tf b/modules/routes-beta/versions.tf new file mode 100644 index 00000000..8ed33eea --- /dev/null +++ b/modules/routes-beta/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.0" + required_providers { + google-beta = "~> 2.19.0" + } +} diff --git a/modules/subnets-beta/README.md b/modules/subnets-beta/README.md new file mode 100644 index 00000000..fd84346c --- /dev/null +++ b/modules/subnets-beta/README.md @@ -0,0 +1,93 @@ +# Terraform Network Beta Module + +This submodule is part of the the `terraform-google-network` module. It creates the individual vpc subnets. + +It supports creating: + +- Subnets within vpc network. + +It also uses google beta provider to support the following resource fields: + +- google_compute_subnetwork.purpose +- google_compute_subnetwork.role + +## Usage + +Basic usage of this submodule is as follows: + +```hcl +module "vpc" { + source = "terraform-google-modules/network/google//modules/subnets" + version = "~> 2.0.0" + + project_id = "" + network_name = "example-vpc" + + subnets = [ + { + subnet_name = "subnet-01" + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + subnet_name = "subnet-02" + subnet_ip = "10.10.20.0/24" + subnet_region = "us-west1" + subnet_private_access = "true" + subnet_flow_logs = "true" + description = "This subnet has a description" + }, + { + subnet_name = "subnet-03" + subnet_ip = "10.10.30.0/24" + subnet_region = "us-west1" + subnet_flow_logs = "true" + subnet_flow_logs_interval = "INTERVAL_10_MIN" + subnet_flow_logs_sampling = 0.7 + subnet_flow_logs_metadata = "INCLUDE_ALL_METADATA" + } + ] + + secondary_ranges = { + subnet-01 = [ + { + range_name = "subnet-01-secondary-01" + ip_cidr_range = "192.168.64.0/24" + }, + ] + + subnet-02 = [] + } +} +``` + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| module\_depends\_on | List of modules or resources this module depends on. | list | `` | no | +| network\_name | The name of the network where subnets will be created | string | n/a | yes | +| project\_id | The ID of the project where subnets will be created | string | n/a | yes | +| secondary\_ranges | Secondary ranges that will be used in some of the subnets | object | `` | no | +| subnets | The list of subnets being created | list(map(string)) | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| subnets | The created subnet resources | + + + +### Subnet Inputs + +The subnets list contains maps, where each object represents a subnet. Each map has the following inputs (please see examples folder for additional references): + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| subnet\_name | The name of the subnet being created | string | - | yes | +| subnet\_ip | The IP and CIDR range of the subnet being created | string | - | yes | +| subnet\_region | The region where the subnet will be created | string | - | yes | +| subnet\_private\_access | Whether this subnet will have private Google access enabled | string | `"false"` | no | +| subnet\_flow\_logs | Whether the subnet will record and send flow log data to logging | string | `"false"` | no | diff --git a/modules/subnets-beta/main.tf b/modules/subnets-beta/main.tf new file mode 100644 index 00000000..4bd88613 --- /dev/null +++ b/modules/subnets-beta/main.tf @@ -0,0 +1,65 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + subnets = { + for x in var.subnets : + "${x.subnet_region}/${x.subnet_name}" => x + } +} + + +/****************************************** + Subnet configuration + *****************************************/ +resource "google_compute_subnetwork" "subnetwork" { + provider = google-beta + for_each = local.subnets + name = each.value.subnet_name + ip_cidr_range = each.value.subnet_ip + region = each.value.subnet_region + private_ip_google_access = lookup(each.value, "subnet_private_access", "false") + dynamic "log_config" { + for_each = lookup(each.value, "subnet_flow_logs", false) ? [{ + aggregation_interval = lookup(each.value, "subnet_flow_logs_interval", null) + flow_sampling = lookup(each.value, "subnet_flow_logs_sampling", null) + metadata = lookup(each.value, "subnet_flow_logs_metadata", null) + }] : [] + content { + aggregation_interval = log_config.value.aggregation_interval + flow_sampling = log_config.value.flow_sampling + metadata = log_config.value.metadata + } + } + network = var.network_name + project = var.project_id + description = lookup(each.value, "description", null) + secondary_ip_range = [ + for i in range( + length( + contains( + keys(var.secondary_ranges), each.value.subnet_name) == true + ? var.secondary_ranges[each.value.subnet_name] + : [] + )) : + var.secondary_ranges[each.value.subnet_name][i] + ] + + purpose = lookup(each.value, "purpose", null) + role = lookup(each.value, "role", null) + + depends_on = [var.module_depends_on] +} diff --git a/modules/subnets-beta/outputs.tf b/modules/subnets-beta/outputs.tf new file mode 100644 index 00000000..6ba07eb1 --- /dev/null +++ b/modules/subnets-beta/outputs.tf @@ -0,0 +1,20 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "subnets" { + value = google_compute_subnetwork.subnetwork + description = "The created subnet resources" +} diff --git a/modules/subnets-beta/variables.tf b/modules/subnets-beta/variables.tf new file mode 100644 index 00000000..a356b4af --- /dev/null +++ b/modules/subnets-beta/variables.tf @@ -0,0 +1,40 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The ID of the project where subnets will be created" +} + +variable "network_name" { + description = "The name of the network where subnets will be created" +} + +variable "subnets" { + type = list(map(string)) + description = "The list of subnets being created" +} + +variable "secondary_ranges" { + type = map(list(object({ range_name = string, ip_cidr_range = string }))) + description = "Secondary ranges that will be used in some of the subnets" + default = {} +} + +variable "module_depends_on" { + description = "List of modules or resources this module depends on." + type = list + default = [] +} diff --git a/modules/subnets-beta/versions.tf b/modules/subnets-beta/versions.tf new file mode 100644 index 00000000..8ed33eea --- /dev/null +++ b/modules/subnets-beta/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.0" + required_providers { + google-beta = "~> 2.19.0" + } +} diff --git a/test/fixtures/delete_default_gateway_routes/variables.tf b/test/fixtures/delete_default_gateway_routes/variables.tf deleted file mode 120000 index c113c00a..00000000 --- a/test/fixtures/delete_default_gateway_routes/variables.tf +++ /dev/null @@ -1 +0,0 @@ -../shared/variables.tf \ No newline at end of file diff --git a/test/fixtures/delete_default_gateway_routes/variables.tf b/test/fixtures/delete_default_gateway_routes/variables.tf new file mode 100644 index 00000000..4372ddee --- /dev/null +++ b/test/fixtures/delete_default_gateway_routes/variables.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} + +variable "random_string_for_testing" { + description = "A random string of characters to be appended to resource names to ensure uniqueness" + default = "a1" +} diff --git a/test/fixtures/ilb_routing/main.tf b/test/fixtures/ilb_routing/main.tf new file mode 100644 index 00000000..9dfdf06c --- /dev/null +++ b/test/fixtures/ilb_routing/main.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + network_name = "ilb-routing-${var.random_string_for_testing}" +} + +module "example" { + source = "../../../examples/ilb_routing" + project_id = var.project_id + network_name = local.network_name +} diff --git a/test/fixtures/shared/outputs.tf b/test/fixtures/ilb_routing/outputs.tf similarity index 76% rename from test/fixtures/shared/outputs.tf rename to test/fixtures/ilb_routing/outputs.tf index 651f0e00..8add5ef0 100644 --- a/test/fixtures/shared/outputs.tf +++ b/test/fixtures/ilb_routing/outputs.tf @@ -49,22 +49,12 @@ output "output_subnets_regions" { description = "The region where subnets will be created" } -output "output_subnets_private_access" { - value = module.example.subnets_private_access - description = "Whether the subnets will have access to Google API's without a public IP" -} - -output "output_subnets_flow_logs" { - value = module.example.subnets_flow_logs - description = "Whether the subnets will have VPC flow logs enabled" -} - -output "output_subnets_secondary_ranges" { - value = module.example.subnets_secondary_ranges - description = "The secondary ranges associated with these subnets" -} - output "output_routes" { value = module.example.route_names description = "The route names associated with this VPC" } + +output "forwarding_rule" { + value = module.example.forwarding_rule + description = "Forwarding rule link" +} diff --git a/test/fixtures/shared/variables.tf b/test/fixtures/ilb_routing/variables.tf similarity index 100% rename from test/fixtures/shared/variables.tf rename to test/fixtures/ilb_routing/variables.tf diff --git a/test/fixtures/multi_vpc/variables.tf b/test/fixtures/multi_vpc/variables.tf deleted file mode 120000 index c113c00a..00000000 --- a/test/fixtures/multi_vpc/variables.tf +++ /dev/null @@ -1 +0,0 @@ -../shared/variables.tf \ No newline at end of file diff --git a/test/fixtures/multi_vpc/variables.tf b/test/fixtures/multi_vpc/variables.tf new file mode 100644 index 00000000..4372ddee --- /dev/null +++ b/test/fixtures/multi_vpc/variables.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} + +variable "random_string_for_testing" { + description = "A random string of characters to be appended to resource names to ensure uniqueness" + default = "a1" +} diff --git a/test/fixtures/secondary_ranges/outputs.tf b/test/fixtures/secondary_ranges/outputs.tf deleted file mode 120000 index 726bdc72..00000000 --- a/test/fixtures/secondary_ranges/outputs.tf +++ /dev/null @@ -1 +0,0 @@ -../shared/outputs.tf \ No newline at end of file diff --git a/test/fixtures/secondary_ranges/outputs.tf b/test/fixtures/secondary_ranges/outputs.tf new file mode 100644 index 00000000..651f0e00 --- /dev/null +++ b/test/fixtures/secondary_ranges/outputs.tf @@ -0,0 +1,70 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = var.project_id + description = "The ID of the project being used" +} + +output "network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_self_link" { + value = module.example.network_self_link + description = "The URI of the VPC being created" +} + +output "output_subnets_names" { + value = module.example.subnets_names + description = "The names of the subnets being created" +} + +output "output_subnets_ips" { + value = module.example.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "output_subnets_regions" { + value = module.example.subnets_regions + description = "The region where subnets will be created" +} + +output "output_subnets_private_access" { + value = module.example.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "output_subnets_flow_logs" { + value = module.example.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "output_subnets_secondary_ranges" { + value = module.example.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets" +} + +output "output_routes" { + value = module.example.route_names + description = "The route names associated with this VPC" +} diff --git a/test/fixtures/secondary_ranges/variables.tf b/test/fixtures/secondary_ranges/variables.tf deleted file mode 120000 index c113c00a..00000000 --- a/test/fixtures/secondary_ranges/variables.tf +++ /dev/null @@ -1 +0,0 @@ -../shared/variables.tf \ No newline at end of file diff --git a/test/fixtures/secondary_ranges/variables.tf b/test/fixtures/secondary_ranges/variables.tf new file mode 100644 index 00000000..4372ddee --- /dev/null +++ b/test/fixtures/secondary_ranges/variables.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} + +variable "random_string_for_testing" { + description = "A random string of characters to be appended to resource names to ensure uniqueness" + default = "a1" +} diff --git a/test/fixtures/shared/terraform.tfvars.sample b/test/fixtures/shared/terraform.tfvars.sample deleted file mode 100644 index d2bd73f0..00000000 --- a/test/fixtures/shared/terraform.tfvars.sample +++ /dev/null @@ -1,5 +0,0 @@ -# Project ID of the project where testing will be performed -project_id = "" - -# Random 4-character string appended to each test resource for uniqueness -random_string_for_testing = "" diff --git a/test/fixtures/simple_project/outputs.tf b/test/fixtures/simple_project/outputs.tf deleted file mode 120000 index 726bdc72..00000000 --- a/test/fixtures/simple_project/outputs.tf +++ /dev/null @@ -1 +0,0 @@ -../shared/outputs.tf \ No newline at end of file diff --git a/test/fixtures/simple_project/outputs.tf b/test/fixtures/simple_project/outputs.tf new file mode 100644 index 00000000..651f0e00 --- /dev/null +++ b/test/fixtures/simple_project/outputs.tf @@ -0,0 +1,70 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = var.project_id + description = "The ID of the project being used" +} + +output "network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_self_link" { + value = module.example.network_self_link + description = "The URI of the VPC being created" +} + +output "output_subnets_names" { + value = module.example.subnets_names + description = "The names of the subnets being created" +} + +output "output_subnets_ips" { + value = module.example.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "output_subnets_regions" { + value = module.example.subnets_regions + description = "The region where subnets will be created" +} + +output "output_subnets_private_access" { + value = module.example.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "output_subnets_flow_logs" { + value = module.example.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "output_subnets_secondary_ranges" { + value = module.example.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets" +} + +output "output_routes" { + value = module.example.route_names + description = "The route names associated with this VPC" +} diff --git a/test/fixtures/simple_project/variables.tf b/test/fixtures/simple_project/variables.tf deleted file mode 120000 index c113c00a..00000000 --- a/test/fixtures/simple_project/variables.tf +++ /dev/null @@ -1 +0,0 @@ -../shared/variables.tf \ No newline at end of file diff --git a/test/fixtures/simple_project/variables.tf b/test/fixtures/simple_project/variables.tf new file mode 100644 index 00000000..4372ddee --- /dev/null +++ b/test/fixtures/simple_project/variables.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} + +variable "random_string_for_testing" { + description = "A random string of characters to be appended to resource names to ensure uniqueness" + default = "a1" +} diff --git a/test/fixtures/simple_project_with_regional_network/outputs.tf b/test/fixtures/simple_project_with_regional_network/outputs.tf deleted file mode 120000 index 726bdc72..00000000 --- a/test/fixtures/simple_project_with_regional_network/outputs.tf +++ /dev/null @@ -1 +0,0 @@ -../shared/outputs.tf \ No newline at end of file diff --git a/test/fixtures/simple_project_with_regional_network/outputs.tf b/test/fixtures/simple_project_with_regional_network/outputs.tf new file mode 100644 index 00000000..651f0e00 --- /dev/null +++ b/test/fixtures/simple_project_with_regional_network/outputs.tf @@ -0,0 +1,70 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = var.project_id + description = "The ID of the project being used" +} + +output "network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_self_link" { + value = module.example.network_self_link + description = "The URI of the VPC being created" +} + +output "output_subnets_names" { + value = module.example.subnets_names + description = "The names of the subnets being created" +} + +output "output_subnets_ips" { + value = module.example.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "output_subnets_regions" { + value = module.example.subnets_regions + description = "The region where subnets will be created" +} + +output "output_subnets_private_access" { + value = module.example.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "output_subnets_flow_logs" { + value = module.example.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "output_subnets_secondary_ranges" { + value = module.example.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets" +} + +output "output_routes" { + value = module.example.route_names + description = "The route names associated with this VPC" +} diff --git a/test/fixtures/simple_project_with_regional_network/variables.tf b/test/fixtures/simple_project_with_regional_network/variables.tf deleted file mode 120000 index c113c00a..00000000 --- a/test/fixtures/simple_project_with_regional_network/variables.tf +++ /dev/null @@ -1 +0,0 @@ -../shared/variables.tf \ No newline at end of file diff --git a/test/fixtures/simple_project_with_regional_network/variables.tf b/test/fixtures/simple_project_with_regional_network/variables.tf new file mode 100644 index 00000000..4372ddee --- /dev/null +++ b/test/fixtures/simple_project_with_regional_network/variables.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} + +variable "random_string_for_testing" { + description = "A random string of characters to be appended to resource names to ensure uniqueness" + default = "a1" +} diff --git a/test/fixtures/submodule_firewall/outputs.tf b/test/fixtures/submodule_firewall/outputs.tf deleted file mode 120000 index 726bdc72..00000000 --- a/test/fixtures/submodule_firewall/outputs.tf +++ /dev/null @@ -1 +0,0 @@ -../shared/outputs.tf \ No newline at end of file diff --git a/test/fixtures/submodule_firewall/outputs.tf b/test/fixtures/submodule_firewall/outputs.tf new file mode 100644 index 00000000..651f0e00 --- /dev/null +++ b/test/fixtures/submodule_firewall/outputs.tf @@ -0,0 +1,70 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = var.project_id + description = "The ID of the project being used" +} + +output "network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_self_link" { + value = module.example.network_self_link + description = "The URI of the VPC being created" +} + +output "output_subnets_names" { + value = module.example.subnets_names + description = "The names of the subnets being created" +} + +output "output_subnets_ips" { + value = module.example.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "output_subnets_regions" { + value = module.example.subnets_regions + description = "The region where subnets will be created" +} + +output "output_subnets_private_access" { + value = module.example.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "output_subnets_flow_logs" { + value = module.example.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "output_subnets_secondary_ranges" { + value = module.example.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets" +} + +output "output_routes" { + value = module.example.route_names + description = "The route names associated with this VPC" +} diff --git a/test/fixtures/submodule_firewall/variables.tf b/test/fixtures/submodule_firewall/variables.tf deleted file mode 120000 index c113c00a..00000000 --- a/test/fixtures/submodule_firewall/variables.tf +++ /dev/null @@ -1 +0,0 @@ -../shared/variables.tf \ No newline at end of file diff --git a/test/fixtures/submodule_firewall/variables.tf b/test/fixtures/submodule_firewall/variables.tf new file mode 100644 index 00000000..4372ddee --- /dev/null +++ b/test/fixtures/submodule_firewall/variables.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} + +variable "random_string_for_testing" { + description = "A random string of characters to be appended to resource names to ensure uniqueness" + default = "a1" +} diff --git a/test/integration/ilb_routing/controls/gcloud.rb b/test/integration/ilb_routing/controls/gcloud.rb new file mode 100644 index 00000000..e4c3de90 --- /dev/null +++ b/test/integration/ilb_routing/controls/gcloud.rb @@ -0,0 +1,116 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') +forwarding_rule = attribute('forwarding_rule') + +control "gcloud" do + title "gcloud configuration" + + describe command("gcloud compute networks subnets describe #{network_name}-subnet --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "purpose should be correct" do + expect(data).to include( + "purpose" => "PRIVATE", + ) + end + it "role should not exist" do + expect(data).to_not include( + "role" + ) + end + end + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-01 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "purpose and role should be correct" do + expect(data).to include( + "purpose" => "INTERNAL_HTTPS_LOAD_BALANCER", + "role" => "ACTIVE" + ) + end + end + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-02 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "purpose and role should be correct" do + expect(data).to include( + "purpose" => "INTERNAL_HTTPS_LOAD_BALANCER", + "role" => "BACKUP" + ) + end + end + + describe command("gcloud compute routes describe '#{network_name}-ilb' --project=#{project_id} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "destRange" do + it "should equal '10.10.20.0/24'" do + expect(data["destRange"]).to eq '10.10.20.0/24' + end + end + + describe "tags" do + it "should equal 'egress-inet'" do + expect(data["tags"]).to eq nil + end + end + + describe "nextHopIlb" do + it "should equal the forwarding rule" do + expect(data["nextHopIlb"]).to eq forwarding_rule + end + end + end +end diff --git a/test/integration/ilb_routing/inspec.yml b/test/integration/ilb_routing/inspec.yml new file mode 100644 index 00000000..5671b836 --- /dev/null +++ b/test/integration/ilb_routing/inspec.yml @@ -0,0 +1,15 @@ +name: ilb_routing +depends: + - name: inspec-gcp + git: https://github.com/inspec/inspec-gcp.git + tag: v0.11.0 +attributes: + - name: project_id + required: true + type: string + - name: network_name + required: true + type: string + - name: forwarding_rule + required: true + type: string