From 10cc3d80798525d3c613b6be51ed47beea4a9b0e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Wiktor=20Niesiob=C4=99dzki?= <wiktorn@google.com>
Date: Wed, 15 Jan 2025 18:12:10 +0000
Subject: [PATCH 1/2] modules/compute-vm end-to-end tests and fixes

---
 modules/compute-vm/README.md                  | 207 +++++++++++-------
 .../compute_vm/examples/alias-ips.yaml        |   8 +-
 .../compute_vm/examples/confidential.yaml     |   4 +-
 .../modules/compute_vm/examples/defaults.yaml |   2 +-
 .../compute_vm/examples/disk-options.yaml     |  10 +-
 tests/modules/compute_vm/examples/group.yaml  |   4 +-
 tests/modules/compute_vm/examples/gvnic.yaml  |   6 +-
 tests/modules/compute_vm/examples/iam.yaml    |   5 +-
 .../examples/independent-boot-disk.yaml       |   4 +-
 .../examples/instance-schedule-create.yaml    |   6 +-
 .../examples/instance-schedule-id.yaml        |   2 +-
 tests/modules/compute_vm/examples/ips.yaml    |   8 +-
 .../modules/compute_vm/examples/metadata.yaml |   2 +-
 .../compute_vm/examples/sa-custom.yaml        |   8 +-
 .../compute_vm/examples/sa-default.yaml       |   2 +-
 .../compute_vm/examples/sa-managed.yaml       |   2 +-
 .../modules/compute_vm/examples/sa-none.yaml  |   2 +-
 .../examples/snapshot-schedule-create.yaml    |  41 ++++
 .../compute_vm/examples/sole-tenancy.yaml     |   4 +-
 tests/modules/compute_vm/examples/spot.yaml   |   2 +-
 .../compute_vm/examples/tag-bindings.yaml     |   2 +-
 .../modules/compute_vm/examples/template.yaml |   6 +-
 22 files changed, 210 insertions(+), 127 deletions(-)

diff --git a/modules/compute-vm/README.md b/modules/compute-vm/README.md
index 0942db0eec..97e653b6ea 100644
--- a/modules/compute-vm/README.md
+++ b/modules/compute-vm/README.md
@@ -40,6 +40,7 @@ In both modes, an optional service account can be created and assigned to either
   - [Sole Tenancy](#sole-tenancy)
 - [Variables](#variables)
 - [Outputs](#outputs)
+- [Fixtures](#fixtures)
 <!-- END TOC -->
 
 ### Instance using defaults
@@ -50,14 +51,14 @@ The simplest example leverages defaults for the boot disk image and size, and us
 module "simple-vm-example" {
   source     = "./fabric/modules/compute-vm"
   project_id = var.project_id
-  zone       = "europe-west1-b"
+  zone       = "${var.region}-b"
   name       = "test"
   network_interfaces = [{
     network    = var.vpc.self_link
     subnetwork = var.subnet.self_link
   }]
 }
-# tftest modules=1 resources=1 inventory=defaults.yaml
+# tftest modules=1 resources=1 inventory=defaults.yaml e2e
 ```
 
 ### Service account management
@@ -77,14 +78,14 @@ Scopes for custom service accounts are set by default to `cloud-platform` and `u
 module "vm-managed-sa-example" {
   source     = "./fabric/modules/compute-vm"
   project_id = var.project_id
-  zone       = "europe-west1-b"
+  zone       = "${var.region}-b"
   name       = "test1"
   network_interfaces = [{
     network    = var.vpc.self_link
     subnetwork = var.subnet.self_link
   }]
 }
-# tftest modules=1 resources=1 inventory=sa-default.yaml
+# tftest inventory=sa-default.yaml e2e
 ```
 
 #### Custom service account
@@ -93,17 +94,17 @@ module "vm-managed-sa-example" {
 module "vm-managed-sa-example2" {
   source     = "./fabric/modules/compute-vm"
   project_id = var.project_id
-  zone       = "europe-west1-b"
+  zone       = "${var.region}-b"
   name       = "test2"
   network_interfaces = [{
     network    = var.vpc.self_link
     subnetwork = var.subnet.self_link
   }]
   service_account = {
-    email = "sa-0@myproj.iam.gserviceaccount.com"
+    email = module.iam-service-account.email
   }
 }
-# tftest modules=1 resources=1 inventory=sa-custom.yaml
+# tftest inventory=sa-custom.yaml fixtures=fixtures/iam-service-account.tf e2e
 ```
 
 #### Custom service account, auto created
@@ -112,7 +113,7 @@ module "vm-managed-sa-example2" {
 module "vm-managed-sa-example2" {
   source     = "./fabric/modules/compute-vm"
   project_id = var.project_id
-  zone       = "europe-west1-b"
+  zone       = "${var.region}-b"
   name       = "test2"
   network_interfaces = [{
     network    = var.vpc.self_link
@@ -122,7 +123,7 @@ module "vm-managed-sa-example2" {
     auto_create = true
   }
 }
-# tftest modules=1 resources=2 inventory=sa-managed.yaml
+# tftest inventory=sa-managed.yaml e2e
 ```
 
 #### No service account
@@ -131,7 +132,7 @@ module "vm-managed-sa-example2" {
 module "vm-managed-sa-example2" {
   source     = "./fabric/modules/compute-vm"
   project_id = var.project_id
-  zone       = "europe-west1-b"
+  zone       = "${var.region}-b"
   name       = "test2"
   network_interfaces = [{
     network    = var.vpc.self_link
@@ -139,7 +140,7 @@ module "vm-managed-sa-example2" {
   }]
   service_account = null
 }
-# tftest modules=1 resources=1 inventory=sa-none.yaml
+# tftest inventory=sa-none.yaml e2e
 ```
 
 ### Disk management
@@ -218,7 +219,7 @@ The `attached_disks` variable exposes an `option` attribute that can be used to
 module "vm-disk-options-example" {
   source     = "./fabric/modules/compute-vm"
   project_id = var.project_id
-  zone       = "europe-west1-b"
+  zone       = "${var.region}-b"
   name       = "test"
   network_interfaces = [{
     network    = var.vpc.self_link
@@ -232,7 +233,7 @@ module "vm-disk-options-example" {
       source      = "image-1"
       options = {
         auto_delete  = false
-        replica_zone = "europe-west1-c"
+        replica_zone = "${var.region}-c"
       }
     },
     {
@@ -250,20 +251,20 @@ module "vm-disk-options-example" {
     auto_create = true
   }
 }
-# tftest modules=1 resources=4 inventory=disk-options.yaml
+# tftest inventory=disk-options.yaml
 ```
 
 #### Boot disk as an independent resource
 
 To create the boot disk as an independent resources instead of as part of the instance creation flow, set `boot_disk.use_independent_disk` to `true` and optionally configure `boot_disk.initialize_params`.
 
-This will create the boot disk as its own resource and attach it to the instance, allowing to recreate the instance from Terraform while preserving the boot.
+This will create the boot disk as its own resource and attach it to the instance, allowing to recreate the instance from Terraform while preserving the boot disk.
 
 ```hcl
 module "simple-vm-example" {
   source     = "./fabric/modules/compute-vm"
   project_id = var.project_id
-  zone       = "europe-west1-b"
+  zone       = "${var.region}-b"
   name       = "test"
   boot_disk = {
     initialize_params    = {}
@@ -277,7 +278,7 @@ module "simple-vm-example" {
     auto_create = true
   }
 }
-# tftest modules=1 resources=3 inventory=independent-boot-disk.yaml
+# tftest inventory=independent-boot-disk.yaml e2e
 ```
 
 ### Network interfaces
@@ -289,8 +290,8 @@ By default VNs are create with an automatically assigned IP addresses, but you c
 ```hcl
 module "vm-internal-ip" {
   source     = "./fabric/modules/compute-vm"
-  project_id = "my-project"
-  zone       = "europe-west1-b"
+  project_id = var.project_id
+  zone       = "${var.region}-b"
   name       = "vm-internal-ip"
   network_interfaces = [{
     network    = var.vpc.self_link
@@ -301,8 +302,8 @@ module "vm-internal-ip" {
 
 module "vm-external-ip" {
   source     = "./fabric/modules/compute-vm"
-  project_id = "my-project"
-  zone       = "europe-west1-b"
+  project_id = var.project_id
+  zone       = "${var.region}-b"
   name       = "vm-external-ip"
   network_interfaces = [{
     network    = var.vpc.self_link
@@ -311,38 +312,39 @@ module "vm-external-ip" {
     addresses  = { external = "8.8.8.8" }
   }]
 }
-# tftest modules=2 resources=2 inventory=ips.yaml
+# tftest inventory=ips.yaml
 ```
 
 #### Using Alias IPs
 
-This example shows how to add additional [Alias IPs](https://cloud.google.com/vpc/docs/alias-ip) to your VM.
+This example shows how to add additional [Alias IPs](https://cloud.google.com/vpc/docs/alias-ip) to your VM. `alias_ips` is a map of subnetwork additional range name into IP address.
 
 ```hcl
 module "vm-with-alias-ips" {
   source     = "./fabric/modules/compute-vm"
-  project_id = "my-project"
-  zone       = "europe-west1-b"
+  project_id = var.project_id
+  zone       = "${var.region}-b"
   name       = "test"
   network_interfaces = [{
     network    = var.vpc.self_link
     subnetwork = var.subnet.self_link
     alias_ips = {
-      alias1 = "10.16.0.10/32"
+      services = "100.71.1.123/32"
     }
   }]
 }
-# tftest modules=1 resources=1 inventory=alias-ips.yaml
+# tftest inventory=alias-ips.yaml e2e
 ```
 
 #### Using gVNIC
 
 This example shows how to enable [gVNIC](https://cloud.google.com/compute/docs/networking/using-gvnic) on your VM by customizing a `cos` image. Given that gVNIC needs to be enabled as an instance configuration and as a guest os configuration, you'll need to supply a bootable disk with `guest_os_features=GVNIC`. `SEV_CAPABLE`, `UEFI_COMPATIBLE` and `VIRTIO_SCSI_MULTIQUEUE` are enabled implicitly in the `cos`, `rhel`, `centos` and other images.
 
-```hcl
+Note: most recent Google-provided images do enable `GVNIC` and no custom image is necessary.
 
+```hcl
 resource "google_compute_image" "cos-gvnic" {
-  project      = "my-project"
+  project      = var.project_id
   name         = "my-image"
   source_image = "https://www.googleapis.com/compute/v1/projects/cos-cloud/global/images/cos-89-16108-534-18"
 
@@ -362,8 +364,8 @@ resource "google_compute_image" "cos-gvnic" {
 
 module "vm-with-gvnic" {
   source     = "./fabric/modules/compute-vm"
-  project_id = "my-project"
-  zone       = "europe-west1-b"
+  project_id = var.project_id
+  zone       = "${var.region}-b"
   name       = "test"
   boot_disk = {
     initialize_params = {
@@ -380,7 +382,7 @@ module "vm-with-gvnic" {
     auto_create = true
   }
 }
-# tftest modules=1 resources=3 inventory=gvnic.yaml
+# tftest inventory=gvnic.yaml
 ```
 
 #### PSC interfaces
@@ -392,29 +394,29 @@ module "vm-with-gvnic" {
 # create the network attachment from a service project
 module "net-attachment" {
   source     = "./fabric/modules/net-address"
-  project_id = "prj-svc"
+  project_id = var.project_id
   network_attachments = {
     svc-0 = {
-      subnet_self_link      = "projects/prj-host/regions/europe-west8/subnetworks/gce"
-      producer_accept_lists = ["my-vm-project"]
+      subnet_self_link      = module.vpc.subnet_self_links["${var.region}/ipv6-internal"]
+      producer_accept_lists = [var.project_id]
     }
   }
 }
 
 module "vm-psc-interface" {
   source     = "./fabric/modules/compute-vm"
-  project_id = "my-vm-project"
-  zone       = "europe-west8-b"
+  project_id = var.project_id
+  zone       = "${var.region}-b"
   name       = "vm-internal-ip"
   network_interfaces = [{
-    network    = "internal"
-    subnetwork = "internal"
+    network    = var.vpc.self_link
+    subnetwork = var.subnet.self_link
   }]
   network_attached_interfaces = [
     module.net-attachment.network_attachment_ids["svc-0"]
   ]
 }
-# tftest modules=2 resources=2
+# tftest fixtures=fixtures/net-vpc-ipv6.tf e2e
 ```
 
 ### Metadata
@@ -425,7 +427,7 @@ You can define labels and custom metadata values. Metadata can be leveraged, for
 module "vm-metadata-example" {
   source     = "./fabric/modules/compute-vm"
   project_id = var.project_id
-  zone       = "europe-west1-b"
+  zone       = "${var.region}-b"
   name       = "nginx-server"
   network_interfaces = [{
     network    = var.vpc.self_link
@@ -446,7 +448,7 @@ module "vm-metadata-example" {
     auto_create = true
   }
 }
-# tftest modules=1 resources=2 inventory=metadata.yaml
+# tftest inventory=metadata.yaml e2e
 ```
 
 ### IAM
@@ -457,7 +459,7 @@ Like most modules, you can assign IAM roles to the instance using the `iam` vari
 module "vm-iam-example" {
   source     = "./fabric/modules/compute-vm"
   project_id = var.project_id
-  zone       = "europe-west1-b"
+  zone       = "${var.region}-b"
   name       = "webserver"
   network_interfaces = [{
     network    = var.vpc.self_link
@@ -465,12 +467,11 @@ module "vm-iam-example" {
   }]
   iam = {
     "roles/compute.instanceAdmin" = [
-      "group:webserver@example.com",
-      "group:admin@example.com"
+      "group:${var.group_email}",
     ]
   }
 }
-# tftest modules=1 resources=2 inventory=iam.yaml
+# tftest inventory=iam.yaml e2e
 
 ```
 
@@ -482,7 +483,7 @@ module "vm-iam-example" {
 module "spot-vm-example" {
   source     = "./fabric/modules/compute-vm"
   project_id = var.project_id
-  zone       = "europe-west1-b"
+  zone       = "${var.region}-b"
   name       = "test"
   options = {
     spot               = true
@@ -493,7 +494,7 @@ module "spot-vm-example" {
     subnetwork = var.subnet.self_link
   }]
 }
-# tftest modules=1 resources=1 inventory=spot.yaml
+# tftest inventory=spot.yaml e2e
 ```
 
 ### Confidential compute
@@ -504,30 +505,41 @@ You can enable confidential compute with the `confidential_compute` variable, wh
 module "vm-confidential-example" {
   source               = "./fabric/modules/compute-vm"
   project_id           = var.project_id
-  zone                 = "europe-west1-b"
+  zone                 = "${var.region}-b"
   name                 = "confidential-vm"
   confidential_compute = true
+  instance_type        = "n2d-standard-2"
+  boot_disk = {
+    initialize_params = {
+      image = "projects/debian-cloud/global/images/family/debian-12"
+    }
+  }
   network_interfaces = [{
     network    = var.vpc.self_link
     subnetwork = var.subnet.self_link
   }]
-
 }
 
 module "template-confidential-example" {
   source               = "./fabric/modules/compute-vm"
   project_id           = var.project_id
-  zone                 = "europe-west1-b"
+  zone                 = "${var.region}-b"
   name                 = "confidential-template"
   confidential_compute = true
   create_template      = true
+  instance_type        = "n2d-standard-2"
+  boot_disk = {
+    initialize_params = {
+      image = "projects/debian-cloud/global/images/family/debian-12"
+    }
+  }
   network_interfaces = [{
     network    = var.vpc.self_link
     subnetwork = var.subnet.self_link
   }]
 }
 
-# tftest modules=2 resources=2 inventory=confidential.yaml
+# tftest inventory=confidential.yaml e2e
 ```
 
 ### Disk encryption with Cloud KMS
@@ -609,8 +621,8 @@ This example shows how to use the module to manage an instance template that def
 ```hcl
 module "cos-test" {
   source     = "./fabric/modules/compute-vm"
-  project_id = "my-project"
-  zone       = "europe-west1-b"
+  project_id = var.project_id
+  zone       = "${var.region}-b"
   name       = "test"
   network_interfaces = [{
     network    = var.vpc.self_link
@@ -628,11 +640,11 @@ module "cos-test" {
     }
   ]
   service_account = {
-    email = "vm-default@my-project.iam.gserviceaccount.com"
+    email = module.iam-service-account.email
   }
   create_template = true
 }
-# tftest modules=1 resources=1 inventory=template.yaml
+# tftest inventory=template.yaml  fixtures=fixtures/iam-service-account.tf e2e
 ```
 
 ### Instance group
@@ -646,15 +658,17 @@ locals {
 
 module "instance-group" {
   source     = "./fabric/modules/compute-vm"
-  project_id = "my-project"
-  zone       = "europe-west1-b"
+  project_id = var.project_id
+  zone       = "${var.region}-b"
   name       = "ilb-test"
   network_interfaces = [{
     network    = var.vpc.self_link
     subnetwork = var.subnet.self_link
   }]
   boot_disk = {
-    image = "projects/cos-cloud/global/images/family/cos-stable"
+    initialize_params = {
+      image = "projects/cos-cloud/global/images/family/cos-stable"
+    }
   }
   service_account = {
     email  = var.service_account.email
@@ -665,49 +679,66 @@ module "instance-group" {
   }
   group = { named_ports = {} }
 }
-# tftest modules=1 resources=2 inventory=group.yaml
+# tftest inventory=group.yaml e2e
 ```
 
 ### Instance Schedule
 
-Instance start and stop schedules can be defined via an existing or auto-created resource policy.
+Instance start and stop schedules can be defined via an existing or auto-created resource policy. This functionality requires [additional permissions on Compute Engine Service Agent](https://cloud.google.com/compute/docs/instances/schedule-instance-start-stop#service_agent_required_roles)
 
 To use an existing policy pass its id to the `instance_schedule` variable:
 
 ```hcl
 module "instance" {
   source     = "./fabric/modules/compute-vm"
-  project_id = "my-project"
-  zone       = "europe-west1-b"
+  project_id = var.project_id
+  zone       = "${var.region}-b"
   name       = "schedule-test"
   network_interfaces = [{
     network    = var.vpc.self_link
     subnetwork = var.subnet.self_link
   }]
   boot_disk = {
-    image = "projects/cos-cloud/global/images/family/cos-stable"
+    initialize_params = {
+      image = "projects/cos-cloud/global/images/family/cos-stable"
+    }
   }
   instance_schedule = {
-    resource_policy_id = "projects/my-project/regions/europe-west1/resourcePolicies/test"
+    resource_policy_id = "projects/${var.project_id}/regions/${var.region}/resourcePolicies/test"
   }
 }
-# tftest modules=1 resources=1 inventory=instance-schedule-id.yaml
+# tftest inventory=instance-schedule-id.yaml
 ```
 
 To create a new policy set its configuration in the `instance_schedule` variable. When removing the policy follow a two-step process by first setting `active = false` in the schedule configuration, which will unattach the policy, then removing the variable so the policy is destroyed.
 
 ```hcl
+module "project" {
+  source         = "./fabric/modules/project"
+  name           = var.project_id
+  project_create = false
+  services = ["compute.googleapis.com"]
+  iam_bindings_additive = {
+    compute-admin-service-agent = {
+      member = module.project.service_agents["compute"].iam_email
+      role   = "roles/compute.instanceAdmin.v1"
+    }
+  }
+}
+
 module "instance" {
   source     = "./fabric/modules/compute-vm"
-  project_id = "my-project"
-  zone       = "europe-west1-b"
+  project_id = module.project.project_id
+  zone       = "${var.region}-b"
   name       = "schedule-test"
   network_interfaces = [{
     network    = var.vpc.self_link
     subnetwork = var.subnet.self_link
   }]
   boot_disk = {
-    image = "projects/cos-cloud/global/images/family/cos-stable"
+    initialize_params = {
+      image = "projects/cos-cloud/global/images/family/cos-stable"
+    }
   }
   instance_schedule = {
     create_config = {
@@ -716,7 +747,7 @@ module "instance" {
     }
   }
 }
-# tftest modules=1 resources=2 inventory=instance-schedule-create.yaml
+# tftest inventory=instance-schedule-create.yaml e2e skip
 ```
 
 ### Snapshot Schedules
@@ -726,22 +757,24 @@ Snapshot policies can be attached to disks with optional creation managed by the
 ```hcl
 module "instance" {
   source     = "./fabric/modules/compute-vm"
-  project_id = "my-project"
-  zone       = "europe-west1-b"
+  project_id = var.project_id
+  zone       = "${var.region}-b"
   name       = "schedule-test"
   network_interfaces = [{
     network    = var.vpc.self_link
     subnetwork = var.subnet.self_link
   }]
   boot_disk = {
-    image             = "projects/cos-cloud/global/images/family/cos-stable"
+    initialize_params = {
+      image = "projects/cos-cloud/global/images/family/cos-stable"
+    }
     snapshot_schedule = ["boot"]
   }
   attached_disks = [
     {
       name              = "disk-1"
       size              = 10
-      snapshot_schedule = ["generic-vm"]
+      snapshot_schedule = ["boot"]
     }
   ]
   snapshot_schedules = {
@@ -755,7 +788,7 @@ module "instance" {
     }
   }
 }
-# tftest modules=1 resources=5 inventory=snapshot-schedule-create.yaml
+# tftest inventory=snapshot-schedule-create.yaml e2e
 ```
 
 ### Resource Manager Tags (non-firewall)
@@ -777,7 +810,7 @@ This is an example of setting tag bindings:
 module "simple-vm-example" {
   source     = "./fabric/modules/compute-vm"
   project_id = var.project_id
-  zone       = "europe-west1-b"
+  zone       = "${var.region}-b"
   name       = "test"
   network_interfaces = [{
     network    = var.vpc.self_link
@@ -787,7 +820,7 @@ module "simple-vm-example" {
     "tagKeys/1234567890" = "tagValues/7890123456"
   }
 }
-# tftest modules=1 resources=1 inventory=tag-bindings.yaml
+# tftest inventory=tag-bindings.yaml
 ```
 
 ### Resource Manager Tags (firewall)
@@ -800,7 +833,7 @@ This is an example of setting both types of tag bindings:
 module "simple-vm-example" {
   source     = "./fabric/modules/compute-vm"
   project_id = var.project_id
-  zone       = "europe-west1-b"
+  zone       = "${var.region}-b"
   name       = "test"
   network_interfaces = [{
     network    = var.vpc.self_link
@@ -814,7 +847,7 @@ module "simple-vm-example" {
     "tagKeys/5678901234" = "tagValues/3456789012"
   }
 }
-# tftest modules=1 resources=1 inventory=tag-bindings.yaml
+# tftest inventory=tag-bindings.yaml
 ```
 
 ### Sole Tenancy
@@ -823,10 +856,11 @@ You can add node affinities (and anti-affinity) configurations to allocate the V
 
 ```hcl
 module "sole-tenancy" {
-  source     = "./fabric/modules/compute-vm"
-  project_id = var.project_id
-  zone       = "europe-west1-b"
-  name       = "test"
+  source        = "./fabric/modules/compute-vm"
+  project_id    = var.project_id
+  zone          = "${var.region}-b"
+  instance_type = "n1-standard-1"
+  name          = "test"
   network_interfaces = [{
     network    = var.vpc.self_link
     subnetwork = var.subnet.self_link
@@ -843,7 +877,7 @@ module "sole-tenancy" {
     }
   }
 }
-# tftest modules=1 resources=1 inventory=sole-tenancy.yaml
+# tftest inventory=sole-tenancy.yaml
 ```
 <!-- BEGIN TFDOC -->
 ## Variables
@@ -898,4 +932,9 @@ module "sole-tenancy" {
 | [service_account_iam_email](outputs.tf#L73) | Service account email. |  |
 | [template](outputs.tf#L82) | Template resource. |  |
 | [template_name](outputs.tf#L87) | Template name. |  |
+
+## Fixtures
+
+- [iam-service-account.tf](../../tests/fixtures/iam-service-account.tf)
+- [net-vpc-ipv6.tf](../../tests/fixtures/net-vpc-ipv6.tf)
 <!-- END TFDOC -->
diff --git a/tests/modules/compute_vm/examples/alias-ips.yaml b/tests/modules/compute_vm/examples/alias-ips.yaml
index 016f966097..bbc78fed61 100644
--- a/tests/modules/compute_vm/examples/alias-ips.yaml
+++ b/tests/modules/compute_vm/examples/alias-ips.yaml
@@ -18,15 +18,15 @@ values:
     network_interface:
     - access_config: []
       alias_ip_range:
-      - ip_cidr_range: 10.16.0.10/32
-        subnetwork_range_name: alias1
+      - ip_cidr_range: 100.71.1.123/32
+        subnetwork_range_name: services
       ipv6_access_config: []
       network: projects/xxx/global/networks/aaa
       nic_type: null
       queue_count: null
       subnetwork: subnet_self_link
-    project: my-project
-    zone: europe-west1-b
+    project: project-id
+    zone: europe-west8-b
 
 counts:
   google_compute_instance: 1
diff --git a/tests/modules/compute_vm/examples/confidential.yaml b/tests/modules/compute_vm/examples/confidential.yaml
index e842d4cb4b..3587565d85 100644
--- a/tests/modules/compute_vm/examples/confidential.yaml
+++ b/tests/modules/compute_vm/examples/confidential.yaml
@@ -18,13 +18,13 @@ values:
     - enable_confidential_compute: true
     name_prefix: confidential-template-
     project: project-id
-    region: europe-west1
+    region: europe-west8
   module.vm-confidential-example.google_compute_instance.default[0]:
     confidential_instance_config:
     - enable_confidential_compute: true
     name: confidential-vm
     project: project-id
-    zone: europe-west1-b
+    zone: europe-west8-b
 
 counts:
   google_compute_instance: 1
diff --git a/tests/modules/compute_vm/examples/defaults.yaml b/tests/modules/compute_vm/examples/defaults.yaml
index a5a9bfade6..7fcf610c25 100644
--- a/tests/modules/compute_vm/examples/defaults.yaml
+++ b/tests/modules/compute_vm/examples/defaults.yaml
@@ -69,7 +69,7 @@ values:
     shielded_instance_config: []
     tags: null
     timeouts: null
-    zone: europe-west1-b
+    zone: europe-west8-b
 
 counts:
   google_compute_instance: 1
diff --git a/tests/modules/compute_vm/examples/disk-options.yaml b/tests/modules/compute_vm/examples/disk-options.yaml
index f2f1a053f1..95e301f5c0 100644
--- a/tests/modules/compute_vm/examples/disk-options.yaml
+++ b/tests/modules/compute_vm/examples/disk-options.yaml
@@ -19,7 +19,7 @@ values:
     size: 20
     snapshot: snapshot-2
     type: pd-ssd
-    zone: europe-west1-b
+    zone: europe-west8-b
   module.vm-disk-options-example.google_compute_instance.default[0]:
     attached_disk:
     - device_name: data2
@@ -41,14 +41,14 @@ values:
     description: Managed by the compute-vm Terraform module.
     name: test
     project: project-id
-    zone: europe-west1-b
+    zone: europe-west8-b
   module.vm-disk-options-example.google_compute_region_disk.disks["data1"]:
     name: test-data1
     project: project-id
-    region: europe-west1
+    region: europe-west8
     replica_zones:
-    - europe-west1-b
-    - europe-west1-c
+    - europe-west8-b
+    - europe-west8-c
     size: 10
     type: pd-balanced
 
diff --git a/tests/modules/compute_vm/examples/group.yaml b/tests/modules/compute_vm/examples/group.yaml
index c28c47648e..5d30f20e0a 100644
--- a/tests/modules/compute_vm/examples/group.yaml
+++ b/tests/modules/compute_vm/examples/group.yaml
@@ -18,9 +18,9 @@ values:
     name: ilb-test
     named_port: []
     network: projects/xxx/global/networks/aaa
-    project: my-project
+    project: project-id
     timeouts: null
-    zone: europe-west1-b
+    zone: europe-west8-b
 
 counts:
   google_compute_instance: 1
diff --git a/tests/modules/compute_vm/examples/gvnic.yaml b/tests/modules/compute_vm/examples/gvnic.yaml
index da95de9e47..a8cb2cc2d9 100644
--- a/tests/modules/compute_vm/examples/gvnic.yaml
+++ b/tests/modules/compute_vm/examples/gvnic.yaml
@@ -20,7 +20,7 @@ values:
     - type: UEFI_COMPATIBLE
     - type: VIRTIO_SCSI_MULTIQUEUE
     name: my-image
-    project: my-project
+    project: project-id
     source_image: https://www.googleapis.com/compute/v1/projects/cos-cloud/global/images/cos-89-16108-534-18
   module.vm-with-gvnic.google_compute_instance.default[0]:
     name: test
@@ -32,8 +32,8 @@ values:
       nic_type: GVNIC
       queue_count: null
       subnetwork: subnet_self_link
-    project: my-project
-    zone: europe-west1-b
+    project: project-id
+    zone: europe-west8-b
 
 counts:
   google_compute_image: 1
diff --git a/tests/modules/compute_vm/examples/iam.yaml b/tests/modules/compute_vm/examples/iam.yaml
index 254d266d78..2d3e871c45 100644
--- a/tests/modules/compute_vm/examples/iam.yaml
+++ b/tests/modules/compute_vm/examples/iam.yaml
@@ -19,11 +19,10 @@ values:
     condition: []
     instance_name: webserver
     members:
-    - group:admin@example.com
-    - group:webserver@example.com
+    - group:organization-admins@example.org
     project: project-id
     role: roles/compute.instanceAdmin
-    zone: europe-west1-b
+    zone: europe-west8-b
 
 counts:
   google_compute_instance: 1
diff --git a/tests/modules/compute_vm/examples/independent-boot-disk.yaml b/tests/modules/compute_vm/examples/independent-boot-disk.yaml
index d95510c117..9055616382 100644
--- a/tests/modules/compute_vm/examples/independent-boot-disk.yaml
+++ b/tests/modules/compute_vm/examples/independent-boot-disk.yaml
@@ -29,7 +29,7 @@ values:
     source_snapshot_encryption_key: []
     timeouts: null
     type: pd-balanced
-    zone: europe-west1-b
+    zone: europe-west8-b
   module.simple-vm-example.google_compute_instance.default[0]:
     advanced_machine_features: []
     allow_stopping_for_update: true
@@ -75,7 +75,7 @@ values:
       - https://www.googleapis.com/auth/userinfo.email
     shielded_instance_config: []
     tags: null
-    zone: europe-west1-b
+    zone: europe-west8-b
   module.simple-vm-example.google_service_account.service_account[0]:
     account_id: tf-vm-test
     display_name: Terraform VM test.
diff --git a/tests/modules/compute_vm/examples/instance-schedule-create.yaml b/tests/modules/compute_vm/examples/instance-schedule-create.yaml
index 26917c45ee..1b5733f6d7 100644
--- a/tests/modules/compute_vm/examples/instance-schedule-create.yaml
+++ b/tests/modules/compute_vm/examples/instance-schedule-create.yaml
@@ -13,6 +13,10 @@
 # limitations under the License.
 
 values:
+  module.sole-tenancy.google_compute_instance.default[0]:
+    boot_disk:
+    - initialize_params:
+      - image: projects/cos-cloud/global/images/family/cos-stable
   module.instance.google_compute_resource_policy.schedule[0]:
     description: Schedule policy for schedule-test.
     instance_schedule_policy:
@@ -24,7 +28,7 @@ values:
       vm_stop_schedule:
       - schedule: 0 17 * * *
     name: schedule-test
-    region: europe-west1
+    region: europe-west8
 
 counts:
   google_compute_instance: 1
diff --git a/tests/modules/compute_vm/examples/instance-schedule-id.yaml b/tests/modules/compute_vm/examples/instance-schedule-id.yaml
index 409e9ddb02..b4112ca5a8 100644
--- a/tests/modules/compute_vm/examples/instance-schedule-id.yaml
+++ b/tests/modules/compute_vm/examples/instance-schedule-id.yaml
@@ -15,7 +15,7 @@
 values:
   module.instance.google_compute_instance.default[0]:
     resource_policies:
-    - projects/my-project/regions/europe-west1/resourcePolicies/test
+    - projects/project-id/regions/europe-west8/resourcePolicies/test
 
 counts:
   google_compute_instance: 1
diff --git a/tests/modules/compute_vm/examples/ips.yaml b/tests/modules/compute_vm/examples/ips.yaml
index 65931abb5e..aa1b4071fe 100644
--- a/tests/modules/compute_vm/examples/ips.yaml
+++ b/tests/modules/compute_vm/examples/ips.yaml
@@ -25,8 +25,8 @@ values:
       nic_type: null
       queue_count: null
       subnetwork: subnet_self_link
-    project: my-project
-    zone: europe-west1-b
+    project: project-id
+    zone: europe-west8-b
   module.vm-internal-ip.google_compute_instance.default[0]:
     name: vm-internal-ip
     network_interface:
@@ -38,8 +38,8 @@ values:
       nic_type: null
       queue_count: null
       subnetwork: subnet_self_link
-    project: my-project
-    zone: europe-west1-b
+    project: project-id
+    zone: europe-west8-b
 
 counts:
   google_compute_instance: 2
diff --git a/tests/modules/compute_vm/examples/metadata.yaml b/tests/modules/compute_vm/examples/metadata.yaml
index fbe0d06ff7..1390fc4cbb 100644
--- a/tests/modules/compute_vm/examples/metadata.yaml
+++ b/tests/modules/compute_vm/examples/metadata.yaml
@@ -21,7 +21,7 @@ values:
         apt-get install -y nginx
     name: nginx-server
     project: project-id
-    zone: europe-west1-b
+    zone: europe-west8-b
     labels:
       env: dev
       system: crm
diff --git a/tests/modules/compute_vm/examples/sa-custom.yaml b/tests/modules/compute_vm/examples/sa-custom.yaml
index 070457fd12..d78a66e966 100644
--- a/tests/modules/compute_vm/examples/sa-custom.yaml
+++ b/tests/modules/compute_vm/examples/sa-custom.yaml
@@ -62,18 +62,18 @@ values:
       provisioning_model: STANDARD
     scratch_disk: []
     service_account:
-    - email: sa-0@myproj.iam.gserviceaccount.com
+    - email: fixture-service-account@project-id.iam.gserviceaccount.com
       scopes:
       - https://www.googleapis.com/auth/cloud-platform
       - https://www.googleapis.com/auth/userinfo.email
     shielded_instance_config: []
     tags: null
     timeouts: null
-    zone: europe-west1-b
+    zone: europe-west8-b
 
 counts:
   google_compute_instance: 1
-  modules: 1
-  resources: 1
+  modules: 2
+  resources: 2
 
 outputs: {}
diff --git a/tests/modules/compute_vm/examples/sa-default.yaml b/tests/modules/compute_vm/examples/sa-default.yaml
index 0879b1dce6..611e75508e 100644
--- a/tests/modules/compute_vm/examples/sa-default.yaml
+++ b/tests/modules/compute_vm/examples/sa-default.yaml
@@ -69,7 +69,7 @@ values:
     shielded_instance_config: []
     tags: null
     timeouts: null
-    zone: europe-west1-b
+    zone: europe-west8-b
 
 counts:
   google_compute_instance: 1
diff --git a/tests/modules/compute_vm/examples/sa-managed.yaml b/tests/modules/compute_vm/examples/sa-managed.yaml
index a87182d33a..c783f18718 100644
--- a/tests/modules/compute_vm/examples/sa-managed.yaml
+++ b/tests/modules/compute_vm/examples/sa-managed.yaml
@@ -68,7 +68,7 @@ values:
     shielded_instance_config: []
     tags: null
     timeouts: null
-    zone: europe-west1-b
+    zone: europe-west8-b
   module.vm-managed-sa-example2.google_service_account.service_account[0]:
     account_id: tf-vm-test2
     description: null
diff --git a/tests/modules/compute_vm/examples/sa-none.yaml b/tests/modules/compute_vm/examples/sa-none.yaml
index f9365e43ad..c4aa8fcffc 100644
--- a/tests/modules/compute_vm/examples/sa-none.yaml
+++ b/tests/modules/compute_vm/examples/sa-none.yaml
@@ -65,7 +65,7 @@ values:
     shielded_instance_config: []
     tags: null
     timeouts: null
-    zone: europe-west1-b
+    zone: europe-west8-b
 
 counts:
   google_compute_instance: 1
diff --git a/tests/modules/compute_vm/examples/snapshot-schedule-create.yaml b/tests/modules/compute_vm/examples/snapshot-schedule-create.yaml
index daf659c6c4..0380786288 100644
--- a/tests/modules/compute_vm/examples/snapshot-schedule-create.yaml
+++ b/tests/modules/compute_vm/examples/snapshot-schedule-create.yaml
@@ -12,6 +12,47 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+values:
+  module.instance.google_compute_disk.disks["disk-1"]:
+    name: schedule-test-disk-1
+    project: project-id
+    size: 10
+    type: pd-balanced
+    zone: europe-west8-b
+  module.instance.google_compute_disk_resource_policy_attachment.attached["disk-1-boot"]:
+    disk: schedule-test-disk-1
+    name: schedule-test-boot
+    project: project-id
+    timeouts: null
+    zone: europe-west8-b
+  module.instance.google_compute_disk_resource_policy_attachment.boot["boot"]:
+    disk: schedule-test
+    name: schedule-test-boot
+    project: project-id
+    zone: europe-west8-b
+  module.instance.google_compute_instance.default[0]:
+    attached_disk:
+    - device_name: disk-1
+      disk_encryption_key_raw: null
+      mode: READ_WRITE
+      source: schedule-test-disk-1
+    boot_disk:
+    - initialize_params:
+      - image: projects/cos-cloud/global/images/family/cos-stable
+  module.instance.google_compute_resource_policy.snapshot["boot"]:
+    description: Schedule policy boot for schedule-test.
+    name: schedule-test-boot
+    project: project-id
+    region: europe-west8
+    snapshot_schedule_policy:
+    - schedule:
+      - daily_schedule:
+        - days_in_cycle: 1
+          start_time: 03:00
+        hourly_schedule: []
+        weekly_schedule: []
+      snapshot_properties: []
+
 counts:
   google_compute_disk: 1
   google_compute_disk_resource_policy_attachment: 2
diff --git a/tests/modules/compute_vm/examples/sole-tenancy.yaml b/tests/modules/compute_vm/examples/sole-tenancy.yaml
index bd242f55bd..b30d3ed0c6 100644
--- a/tests/modules/compute_vm/examples/sole-tenancy.yaml
+++ b/tests/modules/compute_vm/examples/sole-tenancy.yaml
@@ -34,7 +34,7 @@ values:
     enable_display: false
     hostname: null
     labels: null
-    machine_type: f1-micro
+    machine_type: n1-standard-1
     metadata: null
     metadata_startup_script: null
     name: test
@@ -79,7 +79,7 @@ values:
     shielded_instance_config: []
     tags: null
     timeouts: null
-    zone: europe-west1-b
+    zone: europe-west8-b
 
 counts:
   google_compute_instance: 1
diff --git a/tests/modules/compute_vm/examples/spot.yaml b/tests/modules/compute_vm/examples/spot.yaml
index 1d48485c96..2ea8201fdc 100644
--- a/tests/modules/compute_vm/examples/spot.yaml
+++ b/tests/modules/compute_vm/examples/spot.yaml
@@ -27,7 +27,7 @@ values:
       on_host_maintenance: TERMINATE
       preemptible: true
       provisioning_model: SPOT
-    zone: europe-west1-b
+    zone: europe-west8-b
 
 counts:
   google_compute_instance: 1
diff --git a/tests/modules/compute_vm/examples/tag-bindings.yaml b/tests/modules/compute_vm/examples/tag-bindings.yaml
index 2f97882487..6011c5c29e 100644
--- a/tests/modules/compute_vm/examples/tag-bindings.yaml
+++ b/tests/modules/compute_vm/examples/tag-bindings.yaml
@@ -73,7 +73,7 @@ values:
     shielded_instance_config: []
     tags: null
     timeouts: null
-    zone: europe-west1-b
+    zone: europe-west8-b
 
 counts:
   google_compute_instance: 1
diff --git a/tests/modules/compute_vm/examples/template.yaml b/tests/modules/compute_vm/examples/template.yaml
index 38e21cf038..be45c9299b 100644
--- a/tests/modules/compute_vm/examples/template.yaml
+++ b/tests/modules/compute_vm/examples/template.yaml
@@ -52,10 +52,10 @@ values:
       nic_type: null
       queue_count: null
       subnetwork: subnet_self_link
-    project: my-project
-    region: europe-west1
+    project: project-id
+    region: europe-west8
     service_account:
-    - email: vm-default@my-project.iam.gserviceaccount.com
+    - email: fixture-service-account@project-id.iam.gserviceaccount.com
       scopes:
       - https://www.googleapis.com/auth/cloud-platform
       - https://www.googleapis.com/auth/userinfo.email

From 662405c1333294287623c9366c05ab7a078c7c7b Mon Sep 17 00:00:00 2001
From: Ludo <ludomagno@google.com>
Date: Sat, 18 Jan 2025 08:13:28 +0100
Subject: [PATCH 2/2] update changelog

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 42839047e4..0db45a5736 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,6 +16,7 @@ All notable changes to this project will be documented in this file.
 
 ### MODULES
 
+- [[#2819](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2819)] modules/compute-vm end-to-end tests and fixes ([wiktorn](https://github.com/wiktorn)) <!-- 2025-01-16 09:54:52+00:00 -->
 - [[#2816](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2816)] Update `logging_data_access` type ([juliocc](https://github.com/juliocc)) <!-- 2025-01-14 16:00:35+00:00 -->
 - [[#2814](https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/pull/2814)] Add `iam_by_principals_additive` to project, organization and folder modules ([juliocc](https://github.com/juliocc)) <!-- 2025-01-14 12:32:20+00:00 -->