Use blueprint test instead of ruby tests (#4)

* Use blueprint test instead of ruby tests * Add validation for variable type of serverless_neg_backends
terraform-google-modules · Aug 12, 2024 · c476374 · c476374
1 parent 753300b
commit c476374
Show file tree

Hide file tree

Showing 20 changed files with 138 additions and 189 deletions.
diff --git a/autogen/main.tf.tmpl b/autogen/main.tf.tmpl
@@ -358,6 +358,8 @@ resource "google_compute_region_network_endpoint_group" "serverless_negs" {
     }
   ]...)
 
+  provider              = google-beta
+  project               = var.project
   name                  = "${each.key}"
   network_endpoint_type = "SERVERLESS"
   region                = each.value.region

diff --git a/autogen/variables.tf.tmpl b/autogen/variables.tf.tmpl
@@ -83,6 +83,18 @@ variable "target_service_accounts" {
 
 variable "backends" {
   description = "Map backend indices to list of backend maps."
+  {% if serverless %}
+  validation {
+    condition = alltrue([
+      for backend_key, backend_value in var.backends : 
+        alltrue([
+        for neg_backend in backend_value.serverless_neg_backends : 
+          contains(["cloud-run", "cloud-function", "app-engine"], neg_backend.type)
+      ])
+    ])
+    error_message = "serverless_neg_backend type should be either 'cloud-run' or 'cloud-function' or 'app-engine'."
+  }
+  {% endif %}
   type = map(object({
     {% if not serverless %}{# not necessary for serverless as default port_name=http, protocol=HTTP #}
     port                    = optional(number)
@@ -152,11 +164,11 @@ variable "backends" {
 
     // serverless_neg_backends is mutually exclusive to groups.There can only be one serverless neg per region
     // with one of cloud-run, cloud-functions and app-engine as service.
-    serverless_neg_backends = list(object({
+    serverless_neg_backends = optional(list(object({
       region  = string,
       type    = string, // cloud-run, cloud-function and app-engine
       service = object({ name : string, version : optional(string) })
-    }))
+    })), [])
 
     {% endif %}
     iap_config = object({

diff --git a/build/int.cloudbuild.yaml b/build/int.cloudbuild.yaml
@@ -24,6 +24,27 @@ steps:
   - 'TF_VAR_org_id=$_ORG_ID'
   - 'TF_VAR_folder_id=$_FOLDER_ID'
   - 'TF_VAR_billing_account=$_BILLING_ACCOUNT'
+# cloudrun implicit serverless negs
+- id: init-all
+  waitFor:
+    - prepare
+  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+  args: ['/bin/bash', '-c', 'cft test run all --stage init --verbose']
+- id: apply cloudrun-implicit
+  waitFor:
+    - init-all
+  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+  args: ['/bin/bash', '-c', 'cft test run TestCloudrunImplicit --stage apply --verbose']
+- id: verify cloudrun-implicit
+  waitFor:
+    - apply cloudrun-implicit
+  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+  args: ['/bin/bash', '-c', 'sleep 720 && cft test run TestCloudrunImplicit --stage verify --verbose']
+- id: teardown cloudrun-implicit
+  waitFor:
+    - verify cloudrun-implicit
+  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+  args: ['/bin/bash', '-c', 'cft test run TestCloudrunImplicit --stage teardown --verbose']
 - id: create
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
   args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create']

diff --git a/examples/cloudrun-implicit-serverless-neg/README.md b/examples/cloudrun-implicit-serverless-neg/README.md
@@ -96,11 +96,7 @@ redirect HTTP traffic to HTTPS.
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
-| domain | Domain name to run the load balancer on. Used if `ssl` is `true`. | `string` | n/a | yes |
-| lb\_name | Name for load balancer and associated resources | `string` | `"tf-cr-lb-1"` | no |
 | project\_id | n/a | `string` | n/a | yes |
-| region | Location for load balancer and Cloud Run resources | `string` | `"us-central1"` | no |
-| ssl | Run load balancer on HTTPS and provision managed certificate with provided `domain`. | `bool` | `true` | no |
 
 ## Outputs
 

diff --git a/examples/cloudrun-implicit-serverless-neg/main.tf b/examples/cloudrun-implicit-serverless-neg/main.tf
@@ -14,32 +14,22 @@
  * limitations under the License.
  */
 
-provider "google" {
-  project = var.project_id
-}
-
-provider "google-beta" {
-  project = var.project_id
-}
-
-# [START cloudloadbalancing_ext_http_cloudrun]
 module "lb-http" {
   source  = "terraform-google-modules/lb-http/google//modules/serverless_negs"
   version = "~> 10.0"
 
-  name    = var.lb_name
+  name    = "tf-cr-lb-1"
   project = var.project_id
 
-  ssl                             = var.ssl
-  managed_ssl_certificate_domains = [var.domain]
-  https_redirect                  = var.ssl
-  labels                          = { "example-label" = "cloud-run-example" }
+  ssl            = false
+  https_redirect = false
+  labels         = { "example-label" = "cloud-run-example" }
 
   backends = {
     default = {
       description             = null
       groups                  = []
-      serverless_neg_backends = [{ region : var.region, type : "cloud-run", service : { name : google_cloud_run_service.default.name } }]
+      serverless_neg_backends = [{ region : "us-central1", type : "cloud-run", service : { name : google_cloud_run_service.default.name } }]
       enable_cdn              = false
 
       iap_config = {
@@ -54,7 +44,7 @@ module "lb-http" {
 
 resource "google_cloud_run_service" "default" {
   name     = "example-1"
-  location = var.region
+  location = "us-central1"
   project  = var.project_id
 
   template {
@@ -80,4 +70,3 @@ resource "google_cloud_run_service_iam_member" "public-access" {
   role     = "roles/run.invoker"
   member   = "allUsers"
 }
-# [END cloudloadbalancing_ext_http_cloudrun]
diff --git a/examples/cloudrun-implicit-serverless-neg/variables.tf b/examples/cloudrun-implicit-serverless-neg/variables.tf
@@ -18,23 +18,3 @@ variable "project_id" {
   type = string
 }
 
-variable "region" {
-  description = "Location for load balancer and Cloud Run resources"
-  default     = "us-central1"
-}
-
-variable "ssl" {
-  description = "Run load balancer on HTTPS and provision managed certificate with provided `domain`."
-  type        = bool
-  default     = true
-}
-
-variable "domain" {
-  description = "Domain name to run the load balancer on. Used if `ssl` is `true`."
-  type        = string
-}
-
-variable "lb_name" {
-  description = "Name for load balancer and associated resources"
-  default     = "tf-cr-lb-1"
-}
diff --git a/examples/cloudrun/main.tf b/examples/cloudrun/main.tf
@@ -43,8 +43,7 @@ module "lb-http" {
           group = google_compute_region_network_endpoint_group.serverless_neg.id
         }
       ]
-      serverless_neg_backends = []
-      enable_cdn              = false
+      enable_cdn = false
 
       iap_config = {
         enable = false

diff --git a/kitchen.yml b/kitchen.yml
@@ -37,17 +37,6 @@ suites:
           backend: local
           controls:
             - http
-  - name: cloudrun-implicit-serverless-neg
-    driver:
-      root_module_directory: test/fixtures/cloudrun-implicit-serverless-neg
-      verify_version: false
-    verifier:
-      color: false
-      systems:
-        - name: cloudrun-implicit-serverless-neg
-          backend: local
-          controls:
-            - http
   - name: mig_nat
     driver:
       root_module_directory: test/fixtures/mig_nat/

diff --git a/modules/serverless_negs/README.md b/modules/serverless_negs/README.md
@@ -72,7 +72,7 @@ module "lb-http" {
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | address | Existing IPv4 address to use (the actual IP address value) | `string` | `null` | no |
-| backends | Map backend indices to list of backend maps. | <pre>map(object({<br>    project                 = optional(string)<br>    protocol                = optional(string)<br>    port_name               = optional(string)<br>    description             = optional(string)<br>    enable_cdn              = optional(bool)<br>    compression_mode        = optional(string)<br>    security_policy         = optional(string, null)<br>    edge_security_policy    = optional(string, null)<br>    custom_request_headers  = optional(list(string))<br>    custom_response_headers = optional(list(string))<br><br>    connection_draining_timeout_sec = optional(number)<br>    session_affinity                = optional(string)<br>    affinity_cookie_ttl_sec         = optional(number)<br>    locality_lb_policy              = optional(string)<br><br><br>    log_config = object({<br>      enable      = optional(bool)<br>      sample_rate = optional(number)<br>    })<br><br>    groups = list(object({<br>      group       = string<br>      description = optional(string)<br><br>    }))<br><br>    // serverless_neg_backends is mutually exclusive to groups.There can only be one serverless neg per region<br>    // with one of cloud-run, cloud-functions and app-engine as service.<br>    serverless_neg_backends = list(object({<br>      region  = string,<br>      type    = string, // cloud-run, cloud-function and app-engine<br>      service = object({ name : string, version : optional(string) })<br>    }))<br><br>    iap_config = object({<br>      enable               = bool<br>      oauth2_client_id     = optional(string)<br>      oauth2_client_secret = optional(string)<br>    })<br>    cdn_policy = optional(object({<br>      cache_mode                   = optional(string)<br>      signed_url_cache_max_age_sec = optional(string)<br>      default_ttl                  = optional(number)<br>      max_ttl                      = optional(number)<br>      client_ttl                   = optional(number)<br>      negative_caching             = optional(bool)<br>      negative_caching_policy = optional(object({<br>        code = optional(number)<br>        ttl  = optional(number)<br>      }))<br>      serve_while_stale = optional(number)<br>      cache_key_policy = optional(object({<br>        include_host           = optional(bool)<br>        include_protocol       = optional(bool)<br>        include_query_string   = optional(bool)<br>        query_string_blacklist = optional(list(string))<br>        query_string_whitelist = optional(list(string))<br>        include_http_headers   = optional(list(string))<br>        include_named_cookies  = optional(list(string))<br>      }))<br>      bypass_cache_on_request_headers = optional(list(string))<br>    }))<br>    outlier_detection = optional(object({<br>      base_ejection_time = optional(object({<br>        seconds = number<br>        nanos   = optional(number)<br>      }))<br>      consecutive_errors                    = optional(number)<br>      consecutive_gateway_failure           = optional(number)<br>      enforcing_consecutive_errors          = optional(number)<br>      enforcing_consecutive_gateway_failure = optional(number)<br>      enforcing_success_rate                = optional(number)<br>      interval = optional(object({<br>        seconds = number<br>        nanos   = optional(number)<br>      }))<br>      max_ejection_percent        = optional(number)<br>      success_rate_minimum_hosts  = optional(number)<br>      success_rate_request_volume = optional(number)<br>      success_rate_stdev_factor   = optional(number)<br>    }))<br>  }))</pre> | n/a | yes |
+| backends | Map backend indices to list of backend maps. | <pre>map(object({<br>    project                 = optional(string)<br>    protocol                = optional(string)<br>    port_name               = optional(string)<br>    description             = optional(string)<br>    enable_cdn              = optional(bool)<br>    compression_mode        = optional(string)<br>    security_policy         = optional(string, null)<br>    edge_security_policy    = optional(string, null)<br>    custom_request_headers  = optional(list(string))<br>    custom_response_headers = optional(list(string))<br><br>    connection_draining_timeout_sec = optional(number)<br>    session_affinity                = optional(string)<br>    affinity_cookie_ttl_sec         = optional(number)<br>    locality_lb_policy              = optional(string)<br><br><br>    log_config = object({<br>      enable      = optional(bool)<br>      sample_rate = optional(number)<br>    })<br><br>    groups = list(object({<br>      group       = string<br>      description = optional(string)<br><br>    }))<br><br>    // serverless_neg_backends is mutually exclusive to groups.There can only be one serverless neg per region<br>    // with one of cloud-run, cloud-functions and app-engine as service.<br>    serverless_neg_backends = optional(list(object({<br>      region  = string,<br>      type    = string, // cloud-run, cloud-function and app-engine<br>      service = object({ name : string, version : optional(string) })<br>    })), [])<br><br>    iap_config = object({<br>      enable               = bool<br>      oauth2_client_id     = optional(string)<br>      oauth2_client_secret = optional(string)<br>    })<br>    cdn_policy = optional(object({<br>      cache_mode                   = optional(string)<br>      signed_url_cache_max_age_sec = optional(string)<br>      default_ttl                  = optional(number)<br>      max_ttl                      = optional(number)<br>      client_ttl                   = optional(number)<br>      negative_caching             = optional(bool)<br>      negative_caching_policy = optional(object({<br>        code = optional(number)<br>        ttl  = optional(number)<br>      }))<br>      serve_while_stale = optional(number)<br>      cache_key_policy = optional(object({<br>        include_host           = optional(bool)<br>        include_protocol       = optional(bool)<br>        include_query_string   = optional(bool)<br>        query_string_blacklist = optional(list(string))<br>        query_string_whitelist = optional(list(string))<br>        include_http_headers   = optional(list(string))<br>        include_named_cookies  = optional(list(string))<br>      }))<br>      bypass_cache_on_request_headers = optional(list(string))<br>    }))<br>    outlier_detection = optional(object({<br>      base_ejection_time = optional(object({<br>        seconds = number<br>        nanos   = optional(number)<br>      }))<br>      consecutive_errors                    = optional(number)<br>      consecutive_gateway_failure           = optional(number)<br>      enforcing_consecutive_errors          = optional(number)<br>      enforcing_consecutive_gateway_failure = optional(number)<br>      enforcing_success_rate                = optional(number)<br>      interval = optional(object({<br>        seconds = number<br>        nanos   = optional(number)<br>      }))<br>      max_ejection_percent        = optional(number)<br>      success_rate_minimum_hosts  = optional(number)<br>      success_rate_request_volume = optional(number)<br>      success_rate_stdev_factor   = optional(number)<br>    }))<br>  }))</pre> | n/a | yes |
 | certificate | Content of the SSL certificate. Requires `ssl` to be set to `true` and `create_ssl_certificate` set to `true` | `string` | `null` | no |
 | certificate\_map | Certificate Map ID in format projects/{project}/locations/global/certificateMaps/{name}. Identifies a certificate map associated with the given target proxy.  Requires `ssl` to be set to `true` | `string` | `null` | no |
 | create\_address | Create a new global IPv4 address | `bool` | `true` | no |

diff --git a/modules/serverless_negs/main.tf b/modules/serverless_negs/main.tf
@@ -324,6 +324,8 @@ resource "google_compute_region_network_endpoint_group" "serverless_negs" {
     }
   ]...)
 
+  provider              = google-beta
+  project               = var.project
   name                  = each.key
   network_endpoint_type = "SERVERLESS"
   region                = each.value.region

diff --git a/modules/serverless_negs/metadata.yaml b/modules/serverless_negs/metadata.yaml
@@ -103,11 +103,11 @@ spec:
 
               // serverless_neg_backends is mutually exclusive to groups.There can only be one serverless neg per region
               // with one of cloud-run, cloud-functions and app-engine as service.
-              serverless_neg_backends = list(object({
+              serverless_neg_backends = optional(list(object({
                 region  = string,
                 type    = string, // cloud-run, cloud-function and app-engine
                 service = object({ name : string, version : optional(string) })
-              }))
+              })), [])
 
               iap_config = object({
                 enable               = bool

diff --git a/modules/serverless_negs/variables.tf b/modules/serverless_negs/variables.tf
@@ -57,6 +57,16 @@ variable "ipv6_address" {
 
 variable "backends" {
   description = "Map backend indices to list of backend maps."
+  validation {
+    condition = alltrue([
+      for backend_key, backend_value in var.backends :
+      alltrue([
+        for neg_backend in backend_value.serverless_neg_backends :
+        contains(["cloud-run", "cloud-function", "app-engine"], neg_backend.type)
+      ])
+    ])
+    error_message = "serverless_neg_backend type should be either 'cloud-run' or 'cloud-function' or 'app-engine'."
+  }
   type = map(object({
     project                 = optional(string)
     protocol                = optional(string)
@@ -88,11 +98,11 @@ variable "backends" {
 
     // serverless_neg_backends is mutually exclusive to groups.There can only be one serverless neg per region
     // with one of cloud-run, cloud-functions and app-engine as service.
-    serverless_neg_backends = list(object({
+    serverless_neg_backends = optional(list(object({
       region  = string,
       type    = string, // cloud-run, cloud-function and app-engine
       service = object({ name : string, version : optional(string) })
-    }))
+    })), [])
 
     iap_config = object({
       enable               = bool

diff --git a/test/fixtures/cloudrun-implicit-serverless-neg/main.tf b/test/fixtures/cloudrun-implicit-serverless-neg/main.tf
diff --git a/test/fixtures/cloudrun-implicit-serverless-neg/outputs.tf b/test/fixtures/cloudrun-implicit-serverless-neg/outputs.tf
diff --git a/test/fixtures/cloudrun-implicit-serverless-neg/variables.tf b/test/fixtures/cloudrun-implicit-serverless-neg/variables.tf
diff --git a/test/fixtures/cloudrun-implicit-serverless-neg/versions.tf b/test/fixtures/cloudrun-implicit-serverless-neg/versions.tf