diff --git a/.dockerignore b/.dockerignore deleted file mode 100644 index ab75c635fe..0000000000 --- a/.dockerignore +++ /dev/null @@ -1,11 +0,0 @@ -.git -.terraform -.terraform.d -.kitchen -terraform.tfstate.d -test/fixtures/*/.terraform -test/fixtures/*/terraform.tfstate.d -examples/.kitchen -examples/*/.terraform -examples/*/terraform.tfstate.d - diff --git a/.kitchen.yml b/.kitchen.yml index b5471f7e49..ff04c88dcf 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -29,15 +29,6 @@ platforms: - name: local suites: -# Disabled due to issue #274 -# (https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/274) -# - name: "deploy_service" -# driver: -# root_module_directory: test/fixtures/deploy_service -# verifier: -# systems: -# - name: deploy_service -# backend: local - name: "disable_client_cert" driver: root_module_directory: test/fixtures/disable_client_cert @@ -45,6 +36,8 @@ suites: systems: - name: disable_client_cert backend: local + controls: + - gcloud - name: "node_pool" driver: root_module_directory: test/fixtures/node_pool @@ -110,6 +103,8 @@ suites: systems: - name: simple_zonal_private backend: local + controls: + - gcloud - name: "stub_domains" driver: root_module_directory: test/fixtures/stub_domains @@ -117,6 +112,9 @@ suites: systems: - name: stub_domains backend: local + controls: + - gcloud + - kubectl # Disabled due to issue #264 # (https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/264) # - name: stub_domains_private @@ -146,6 +144,26 @@ suites: systems: - name: workload_metadata_config backend: local + - name: "deploy_service" + driver: + root_module_directory: test/fixtures/deploy_service + verifier: + systems: + - name: deploy_service + backend: local + controls: + - gcloud + - kubectl + - name: "node_pool" + driver: + root_module_directory: test/fixtures/node_pool + verifier: + systems: + - name: node_pool + backend: local + controls: + - gcloud + - kubectl - name: "sandbox_enabled" driver: root_module_directory: test/fixtures/sandbox_enabled diff --git a/build/int.cloudbuild.yaml b/build/int.cloudbuild.yaml index e58a1a66c0..6a9fcb2d35 100644 --- a/build/int.cloudbuild.yaml +++ b/build/int.cloudbuild.yaml @@ -261,6 +261,46 @@ steps: - verify workload-metadata-config-local name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy workload-metadata-config-local'] +- id: create deploy-service-local + waitFor: + - prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create deploy-service-local'] +- id: converge deploy-service-local + waitFor: + - create deploy-service-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge deploy-service-local'] +- id: verify deploy-service-local + waitFor: + - converge deploy-service-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify deploy-service-local'] +- id: destroy deploy-service-local + waitFor: + - verify deploy-service-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy deploy-service-local'] +- id: create node-pool-local + waitFor: + - prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create node-pool-local'] +- id: converge node-pool-local + waitFor: + - create node-pool-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge node-pool-local'] +- id: verify node-pool-local + waitFor: + - converge node-pool-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify node-pool-local'] +- id: destroy node-pool-local + waitFor: + - verify node-pool-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy node-pool-local'] - id: create sandbox-enabled-local waitFor: - prepare @@ -287,3 +327,5 @@ tags: substitutions: _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools' _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.4.6' +options: + machineType: 'N1_HIGHCPU_8' diff --git a/examples/disable_client_cert/README.md b/examples/disable_client_cert/README.md index 2f531b9906..1b75e2b6e0 100644 --- a/examples/disable_client_cert/README.md +++ b/examples/disable_client_cert/README.md @@ -12,7 +12,6 @@ This example illustrates how to create a simple cluster and disable deprecated s |------|-------------|:----:|:-----:|:-----:| | cluster\_name\_suffix | A suffix to append to the default cluster name | string | `""` | no | | compute\_engine\_service\_account | Service account to associate to the nodes in the cluster | string | n/a | yes | -| credentials\_path | The path to the GCP credentials JSON file | string | n/a | yes | | ip\_range\_pods | The secondary ip range to use for pods | string | n/a | yes | | ip\_range\_services | The secondary ip range to use for pods | string | n/a | yes | | network | The VPC network to host the cluster in | string | n/a | yes | diff --git a/examples/disable_client_cert/variables.tf b/examples/disable_client_cert/variables.tf index f1fdb25856..6c918f2344 100644 --- a/examples/disable_client_cert/variables.tf +++ b/examples/disable_client_cert/variables.tf @@ -18,10 +18,6 @@ variable "project_id" { description = "The project ID to host the cluster in" } -variable "credentials_path" { - description = "The path to the GCP credentials JSON file" -} - variable "cluster_name_suffix" { description = "A suffix to append to the default cluster name" default = "" diff --git a/examples/simple_regional_private_beta/main.tf b/examples/simple_regional_private_beta/main.tf index db6c8a8204..4e1d405940 100644 --- a/examples/simple_regional_private_beta/main.tf +++ b/examples/simple_regional_private_beta/main.tf @@ -19,9 +19,8 @@ locals { } provider "google-beta" { - version = "~> 2.18.0" - credentials = file(var.credentials_path) - region = var.region + version = "~> 2.18.0" + region = var.region } data "google_compute_subnetwork" "subnetwork" { diff --git a/examples/simple_regional_private_beta/test_outputs.tf b/examples/simple_regional_private_beta/test_outputs.tf index 033c4beac1..53eab4ee12 100644 --- a/examples/simple_regional_private_beta/test_outputs.tf +++ b/examples/simple_regional_private_beta/test_outputs.tf @@ -21,10 +21,6 @@ output "project_id" { value = var.project_id } -output "credentials_path" { - value = var.credentials_path -} - output "region" { value = module.gke.region } diff --git a/examples/simple_regional_private_beta/variables.tf b/examples/simple_regional_private_beta/variables.tf index 3fb7d8bab1..0ba1656629 100644 --- a/examples/simple_regional_private_beta/variables.tf +++ b/examples/simple_regional_private_beta/variables.tf @@ -18,10 +18,6 @@ variable "project_id" { description = "The project ID to host the cluster in" } -variable "credentials_path" { - description = "The path to the GCP credentials JSON file" -} - variable "cluster_name_suffix" { description = "A suffix to append to the default cluster name" default = "" diff --git a/examples/simple_zonal_private/main.tf b/examples/simple_zonal_private/main.tf index 7a3db12157..ae1a90a6cc 100644 --- a/examples/simple_zonal_private/main.tf +++ b/examples/simple_zonal_private/main.tf @@ -15,7 +15,7 @@ */ locals { - cluster_type = "simple-regional-private" + cluster_type = "simple-zonal-private" } provider "google" { diff --git a/test/ci/deploy-service.yml b/test/ci/deploy-service.yml deleted file mode 100644 index 60505669b5..0000000000 --- a/test/ci/deploy-service.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -platform: linux - -inputs: -- name: pull-request - path: terraform-google-kubernetes-engine - -run: - path: make - args: ['test_integration'] - dir: terraform-google-kubernetes-engine - -params: - SUITE: "deploy-service-local" - COMPUTE_ENGINE_SERVICE_ACCOUNT: "" - REGION: "us-east4" - ZONES: '["us-east4-a", "us-east4-b", "us-east4-c"]' diff --git a/test/ci/node-pool.yml b/test/ci/node-pool.yml deleted file mode 100644 index 2402c32eba..0000000000 --- a/test/ci/node-pool.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -platform: linux - -inputs: -- name: pull-request - path: terraform-google-kubernetes-engine - -run: - path: make - args: ['test_integration'] - dir: terraform-google-kubernetes-engine - -params: - SUITE: "node-pool-local" - COMPUTE_ENGINE_SERVICE_ACCOUNT: "" - REGION: "us-east4" - ZONES: '["us-east4-a", "us-east4-b", "us-east4-c"]' diff --git a/test/ci/shared-vpc.yml b/test/ci/shared-vpc.yml deleted file mode 100644 index e209809246..0000000000 --- a/test/ci/shared-vpc.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -platform: linux - -inputs: -- name: pull-request - path: terraform-google-kubernetes-engine - -run: - path: make - args: ['test_integration'] - dir: terraform-google-kubernetes-engine - -params: - SUITE: "shared-vpc-local" - COMPUTE_ENGINE_SERVICE_ACCOUNT: "" - REGION: "us-east4" - ZONES: '["us-east4-a", "us-east4-b", "us-east4-c"]' diff --git a/test/ci/simple-regional-private.yml b/test/ci/simple-regional-private.yml deleted file mode 100644 index 36e00041d3..0000000000 --- a/test/ci/simple-regional-private.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -platform: linux - -inputs: -- name: pull-request - path: terraform-google-kubernetes-engine - -run: - path: make - args: ['test_integration'] - dir: terraform-google-kubernetes-engine - -params: - SUITE: "simple-regional-private-local" - COMPUTE_ENGINE_SERVICE_ACCOUNT: "" - REGION: "us-east4" - ZONES: '["us-east4-a", "us-east4-b", "us-east4-c"]' diff --git a/test/ci/simple-regional.yml b/test/ci/simple-regional.yml deleted file mode 100644 index a3bec48292..0000000000 --- a/test/ci/simple-regional.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -platform: linux - -inputs: -- name: pull-request - path: terraform-google-kubernetes-engine - -run: - path: make - args: ['test_integration'] - dir: terraform-google-kubernetes-engine - -params: - SUITE: "simple-regional-local" - COMPUTE_ENGINE_SERVICE_ACCOUNT: "" - REGION: "us-east4" - ZONES: '["us-east4-a", "us-east4-b", "us-east4-c"]' diff --git a/test/ci/simple-zonal-private.yml b/test/ci/simple-zonal-private.yml deleted file mode 100644 index 45dde32b64..0000000000 --- a/test/ci/simple-zonal-private.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -platform: linux - -inputs: -- name: pull-request - path: terraform-google-kubernetes-engine - -run: - path: make - args: ['test_integration'] - dir: terraform-google-kubernetes-engine - -params: - SUITE: "simple-zonal-private-local" - COMPUTE_ENGINE_SERVICE_ACCOUNT: "" - REGION: "us-east4" - ZONES: '["us-east4-a", "us-east4-b", "us-east4-c"]' diff --git a/test/ci/simple-zonal.yml b/test/ci/simple-zonal.yml deleted file mode 100644 index 6fcde7a1c7..0000000000 --- a/test/ci/simple-zonal.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -platform: linux - -inputs: -- name: pull-request - path: terraform-google-kubernetes-engine - -run: - path: make - args: ['test_integration'] - dir: terraform-google-kubernetes-engine - -params: - SUITE: "simple-zonal-local" - COMPUTE_ENGINE_SERVICE_ACCOUNT: "" - REGION: "us-east4" - ZONES: '["us-east4-a", "us-east4-b", "us-east4-c"]' diff --git a/test/ci/stub-domains-upstream-nameservers.yml b/test/ci/stub-domains-upstream-nameservers.yml deleted file mode 100644 index 4015338278..0000000000 --- a/test/ci/stub-domains-upstream-nameservers.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -platform: linux - -inputs: -- name: pull-request - path: terraform-google-kubernetes-engine - -run: - path: make - args: ['test_integration'] - dir: terraform-google-kubernetes-engine - -params: - SUITE: "stub-domains-upstream-nameservers-local" - COMPUTE_ENGINE_SERVICE_ACCOUNT: "" - REGION: "us-east4" - ZONES: '["us-east4-a", "us-east4-b", "us-east4-c"]' diff --git a/test/ci/stub-domains.yml b/test/ci/stub-domains.yml deleted file mode 100644 index c7130a3328..0000000000 --- a/test/ci/stub-domains.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -platform: linux - -inputs: -- name: pull-request - path: terraform-google-kubernetes-engine - -run: - path: make - args: ['test_integration'] - dir: terraform-google-kubernetes-engine - -params: - SUITE: "stub-domains-local" - COMPUTE_ENGINE_SERVICE_ACCOUNT: "" - REGION: "us-east4" - ZONES: '["us-east4-a", "us-east4-b", "us-east4-c"]' diff --git a/test/ci/upstream-nameservers.yml b/test/ci/upstream-nameservers.yml deleted file mode 100644 index 987884010a..0000000000 --- a/test/ci/upstream-nameservers.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -platform: linux - -inputs: -- name: pull-request - path: terraform-google-kubernetes-engine - -run: - path: make - args: ['test_integration'] - dir: terraform-google-kubernetes-engine - -params: - SUITE: "upstream-nameservers-local" - COMPUTE_ENGINE_SERVICE_ACCOUNT: "" - REGION: "us-east4" - ZONES: '["us-east4-a", "us-east4-b", "us-east4-c"]' diff --git a/test/ci/workload-metadata-config.yml b/test/ci/workload-metadata-config.yml deleted file mode 100644 index 231c8dfc3a..0000000000 --- a/test/ci/workload-metadata-config.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- - -platform: linux - -inputs: -- name: pull-request - path: terraform-google-kubernetes-engine - -run: - path: make - args: ['test_integration'] - dir: terraform-google-kubernetes-engine - -params: - SUITE: "workload-metadata-config-local" - COMPUTE_ENGINE_SERVICE_ACCOUNT: "" - REGION: "us-east4" - ZONES: '["us-east4-a", "us-east4-b", "us-east4-c"]' - diff --git a/test/fixtures/disable_client_cert/example.tf b/test/fixtures/disable_client_cert/example.tf index c1baed7c36..23ea6da936 100644 --- a/test/fixtures/disable_client_cert/example.tf +++ b/test/fixtures/disable_client_cert/example.tf @@ -18,7 +18,6 @@ module "example" { source = "../../../examples/disable_client_cert" project_id = var.project_id - credentials_path = "" cluster_name_suffix = "-${random_string.suffix.result}" region = var.region network = google_compute_network.main.name diff --git a/test/integration/disable_client_cert/inspec.yml b/test/integration/disable_client_cert/inspec.yml index 7959c6bb01..5803767d32 100644 --- a/test/integration/disable_client_cert/inspec.yml +++ b/test/integration/disable_client_cert/inspec.yml @@ -3,9 +3,6 @@ attributes: - name: project_id required: true type: string - - name: credentials_path - required: true - type: string - name: location required: true type: string diff --git a/test/integration/simple_zonal/controls/gcp.rb b/test/integration/simple_zonal/controls/gcp.rb index 6e9ade64ff..ad6ec1a7b2 100644 --- a/test/integration/simple_zonal/controls/gcp.rb +++ b/test/integration/simple_zonal/controls/gcp.rb @@ -24,7 +24,7 @@ service_account_name = "projects/#{project_id}/serviceAccounts/#{service_account}" end - describe google_service_account name: service_account_name do + describe google_service_account(name: service_account_name) do its("display_name") { should eq "Terraform-managed service account for cluster #{attribute("cluster_name")}" } its("project_id") { should eq project_id } end diff --git a/test/integration/simple_zonal/inspec.yml b/test/integration/simple_zonal/inspec.yml index 5cb8ff9e01..3a3bc74145 100644 --- a/test/integration/simple_zonal/inspec.yml +++ b/test/integration/simple_zonal/inspec.yml @@ -2,7 +2,7 @@ name: simple_zonal depends: - name: inspec-gcp git: https://github.com/inspec/inspec-gcp.git - tag: v0.10.0 + tag: v0.16.0 attributes: - name: project_id required: true @@ -25,7 +25,4 @@ attributes: - name: service_account required: true type: string - - name: service_account - required: true - type: string diff --git a/test/integration/simple_zonal_private/inspec.yml b/test/integration/simple_zonal_private/inspec.yml index ebe54e2374..4af03f2087 100644 --- a/test/integration/simple_zonal_private/inspec.yml +++ b/test/integration/simple_zonal_private/inspec.yml @@ -1,4 +1,4 @@ -name: simple_regional_private +name: simple_zonal_private attributes: - name: project_id required: true