diff --git a/internal/context/context.go b/internal/context/context.go index 19bcd00f5..30a99e65e 100644 --- a/internal/context/context.go +++ b/internal/context/context.go @@ -29,6 +29,8 @@ var ( ctxRootModuleMngr = &contextKey{"root module manager"} ctxParserFinder = &contextKey{"parser finder"} ctxTfExecFinder = &contextKey{"terraform exec finder"} + ctxRootModuleCaFi = &contextKey{"root module candidate finder"} + ctxRootDir = &contextKey{"root directory"} ) func missingContextErr(ctxKey *contextKey) *MissingContextErr { @@ -149,3 +151,37 @@ func TerraformExecPath(ctx context.Context) (string, bool) { path, ok := ctx.Value(ctxTfExecPath).(string) return path, ok } + +func WithRootModuleCandidateFinder(rmcf rootmodule.RootModuleCandidateFinder, ctx context.Context) context.Context { + return context.WithValue(ctx, ctxRootModuleCaFi, rmcf) +} + +func RootModuleCandidateFinder(ctx context.Context) (rootmodule.RootModuleCandidateFinder, error) { + cf, ok := ctx.Value(ctxRootModuleCaFi).(rootmodule.RootModuleCandidateFinder) + if !ok { + return nil, missingContextErr(ctxRootModuleCaFi) + } + return cf, nil +} + +func WithRootDirectory(dir *string, ctx context.Context) context.Context { + return context.WithValue(ctx, ctxRootDir, dir) +} + +func SetRootDirectory(ctx context.Context, dir string) error { + rootDir, ok := ctx.Value(ctxRootDir).(*string) + if !ok { + return missingContextErr(ctxRootDir) + } + + *rootDir = dir + return nil +} + +func RootDirectory(ctx context.Context) (string, bool) { + rootDir, ok := ctx.Value(ctxRootDir).(*string) + if !ok { + return "", false + } + return *rootDir, true +} diff --git a/internal/terraform/rootmodule/root_module.go b/internal/terraform/rootmodule/root_module.go index 545e72270..7a8f004de 100644 --- a/internal/terraform/rootmodule/root_module.go +++ b/internal/terraform/rootmodule/root_module.go @@ -18,6 +18,7 @@ import ( type rootModule struct { ctx context.Context + path string logger *log.Logger pluginLockFile File moduleManifestFile File @@ -39,9 +40,10 @@ type rootModule struct { moduleMu *sync.RWMutex } -func newRootModule(ctx context.Context) *rootModule { +func newRootModule(ctx context.Context, dir string) *rootModule { return &rootModule{ ctx: ctx, + path: dir, logger: defaultLogger, pluginMu: &sync.RWMutex{}, moduleMu: &sync.RWMutex{}, @@ -51,7 +53,7 @@ func newRootModule(ctx context.Context) *rootModule { var defaultLogger = log.New(ioutil.Discard, "", 0) func NewRootModule(ctx context.Context, dir string) (RootModule, error) { - rm := newRootModule(ctx) + rm := newRootModule(ctx, dir) d := &discovery.Discovery{} rm.tfDiscoFunc = d.LookPath @@ -63,15 +65,16 @@ func NewRootModule(ctx context.Context, dir string) (RootModule, error) { return ss } - return rm, rm.init(ctx, dir) + return rm, rm.init(ctx) } func (rm *rootModule) SetLogger(logger *log.Logger) { rm.logger = logger } -func (rm *rootModule) init(ctx context.Context, dir string) error { - tf, err := rm.initTfExecutor(dir) +func (rm *rootModule) init(ctx context.Context) error { + rm.logger.Printf("initing new root module: %s", rm.path) + tf, err := rm.initTfExecutor(rm.path) if err != nil { return err } @@ -105,11 +108,11 @@ func (rm *rootModule) init(ctx context.Context, dir string) error { rm.tfExec = tf rm.tfVersion = version - err = rm.initPluginCache(dir) + err = rm.initPluginCache(rm.path) if err != nil { return fmt.Errorf("plugin initialization failed: %w", err) } - err = rm.initModuleCache(dir) + err = rm.initModuleCache(rm.path) if err != nil { return err } @@ -216,6 +219,10 @@ func (rm *rootModule) initModuleCache(dir string) error { return rm.UpdateModuleManifest(lf) } +func (rm *rootModule) Path() string { + return rm.path +} + func (rm *rootModule) UpdateModuleManifest(lockFile File) error { rm.moduleMu.Lock() rm.logger.Printf("updating module manifest based on %s ...", lockFile.Path()) diff --git a/internal/terraform/rootmodule/root_module_manager.go b/internal/terraform/rootmodule/root_module_manager.go index 0fbae54de..73f405f7f 100644 --- a/internal/terraform/rootmodule/root_module_manager.go +++ b/internal/terraform/rootmodule/root_module_manager.go @@ -16,7 +16,7 @@ import ( ) type rootModuleManager struct { - rms map[string]*rootModule + rms []*rootModule tfExecPath string tfExecTimeout time.Duration tfExecLogPath string @@ -31,7 +31,7 @@ func NewRootModuleManager(ctx context.Context) RootModuleManager { func newRootModuleManager(ctx context.Context) *rootModuleManager { rmm := &rootModuleManager{ - rms: make(map[string]*rootModule, 0), + rms: make([]*rootModule, 0), logger: defaultLogger, } rmm.newRootModule = rmm.defaultRootModuleFactory @@ -39,7 +39,7 @@ func newRootModuleManager(ctx context.Context) *rootModuleManager { } func (rmm *rootModuleManager) defaultRootModuleFactory(ctx context.Context, dir string) (*rootModule, error) { - rm := newRootModule(ctx) + rm := newRootModule(ctx, dir) rm.SetLogger(rmm.logger) @@ -52,7 +52,7 @@ func (rmm *rootModuleManager) defaultRootModuleFactory(ctx context.Context, dir rm.tfExecTimeout = rmm.tfExecTimeout rm.tfExecLogPath = rmm.tfExecLogPath - return rm, rm.init(ctx, dir) + return rm, rm.init(ctx) } func (rmm *rootModuleManager) SetTerraformExecPath(path string) { @@ -76,8 +76,7 @@ func (rmm *rootModuleManager) AddRootModule(dir string) error { // TODO: Follow symlinks (requires proper test data) - _, exists := rmm.rms[dir] - if exists { + if rmm.exists(dir) { return fmt.Errorf("root module %s was already added", dir) } @@ -86,33 +85,66 @@ func (rmm *rootModuleManager) AddRootModule(dir string) error { return err } - rmm.rms[dir] = rm + rmm.rms = append(rmm.rms, rm) return nil } -func (rmm *rootModuleManager) RootModuleByPath(path string) (RootModule, error) { +func (rmm *rootModuleManager) exists(dir string) bool { + for _, rm := range rmm.rms { + if rm.Path() == dir { + return true + } + } + return false +} + +func (rmm *rootModuleManager) rootModuleByPath(dir string) *rootModule { + for _, rm := range rmm.rms { + if rm.Path() == dir { + return rm + } + } + return nil +} + +func (rmm *rootModuleManager) RootModuleCandidatesByPath(path string) []string { path = filepath.Clean(path) // TODO: Follow symlinks (requires proper test data) - if rm, ok := rmm.rms[path]; ok { + if rmm.exists(path) { rmm.logger.Printf("direct root module lookup succeeded: %s", path) - return rm, nil + return []string{path} } dir := rootModuleDirFromFilePath(path) - if rm, ok := rmm.rms[dir]; ok { + if rmm.exists(dir) { rmm.logger.Printf("dir-based root module lookup succeeded: %s", dir) - return rm, nil + return []string{dir} } + candidates := make([]string, 0) for _, rm := range rmm.rms { - rmm.logger.Printf("looking up %s in module references", dir) + rmm.logger.Printf("looking up %s in module references of %s", dir, rm.Path()) if rm.ReferencesModulePath(dir) { rmm.logger.Printf("module-ref-based root module lookup succeeded: %s", dir) - return rm, nil + candidates = append(candidates, rm.Path()) + } + } + + return candidates +} + +func (rmm *rootModuleManager) RootModuleByPath(path string) (RootModule, error) { + candidates := rmm.RootModuleCandidatesByPath(path) + if len(candidates) > 0 { + firstMatch := candidates[0] + if !rmm.exists(firstMatch) { + return nil, fmt.Errorf("Discovered root module %s not available,"+ + " this is most likely a bug, please report it", firstMatch) } + return rmm.rootModuleByPath(firstMatch), nil } return nil, &RootModuleNotFoundErr{path} diff --git a/internal/terraform/rootmodule/root_module_manager_mock.go b/internal/terraform/rootmodule/root_module_manager_mock.go index d4587c72c..6424c7da9 100644 --- a/internal/terraform/rootmodule/root_module_manager_mock.go +++ b/internal/terraform/rootmodule/root_module_manager_mock.go @@ -22,29 +22,38 @@ type RootModuleMockFactory struct { } func (rmf *RootModuleMockFactory) New(ctx context.Context, dir string) (*rootModule, error) { - rm, ok := rmf.rmm[dir] + rmm, ok := rmf.rmm[dir] if !ok { return nil, fmt.Errorf("unexpected root module requested: %s (%d available: %#v)", dir, len(rmf.rmm), rmf.rmm) } - w := newRootModule(ctx) - w.SetLogger(rmf.logger) + mock := NewRootModuleMock(ctx, rmm, dir) + mock.SetLogger(rmf.logger) + return mock, mock.init(ctx) +} + +func NewRootModuleMock(ctx context.Context, rmm *RootModuleMock, dir string) *rootModule { + rm := newRootModule(ctx, dir) md := &discovery.MockDiscovery{Path: "tf-mock"} - w.tfDiscoFunc = md.LookPath + rm.tfDiscoFunc = md.LookPath // For now, until we have better testing strategy to mimic real lock files - w.ignorePluginCache = true + rm.ignorePluginCache = true - w.tfNewExecutor = exec.MockExecutor(rm.TerraformExecQueue) + rm.tfNewExecutor = exec.MockExecutor(rmm.TerraformExecQueue) - if rm.ProviderSchemas == nil { - w.newSchemaStorage = schema.MockStorage(rm.ProviderSchemas) + if rmm.ProviderSchemas == nil { + rm.newSchemaStorage = func() *schema.Storage { + ss := schema.NewStorage() + ss.SetSynchronous() + return ss + } } else { - w.newSchemaStorage = schema.NewStorage + rm.newSchemaStorage = schema.MockStorage(rmm.ProviderSchemas) } - return w, w.init(ctx, dir) + return rm } func NewRootModuleManagerMock(m map[string]*RootModuleMock) RootModuleManagerFactory { diff --git a/internal/terraform/rootmodule/root_module_manager_test.go b/internal/terraform/rootmodule/root_module_manager_test.go index b4690ec37..9b00285cc 100644 --- a/internal/terraform/rootmodule/root_module_manager_test.go +++ b/internal/terraform/rootmodule/root_module_manager_test.go @@ -2,115 +2,519 @@ package rootmodule import ( "context" + "fmt" "io/ioutil" "log" "os" "path/filepath" "testing" + + "github.com/google/go-cmp/cmp" + "github.com/hashicorp/terraform-ls/internal/terraform/discovery" + "github.com/hashicorp/terraform-ls/internal/terraform/exec" ) -func TestRootModuleManager_RootModuleByPath(t *testing.T) { - rmm := testRootModuleManager(t) +// func TestRootModuleManager_RootModuleByPath_basic(t *testing.T) { +// rmm := testRootModuleManager(t) - direct, unrelated, dirbased := testRootModule(t), testRootModule(t), testRootModule(t) - rmm.rms = map[string]*rootModule{ - "direct": direct, - "unrelated": unrelated, - "dirbased": dirbased, - } +// tmpDir := tempDir(t) +// direct, unrelated, dirbased := newTestRootModule(t, "direct"), newTestRootModule(t, "unrelated"), newTestRootModule(t, "dirbased") +// rmm.rms = map[string]*rootModule{ +// direct.Dir: direct.RootModule, +// unrelated.Dir: unrelated.RootModule, +// dirbased.Dir: dirbased.RootModule, +// } - w1, err := rmm.RootModuleByPath("direct") - if err != nil { - t.Fatal(err) - } - if direct != w1 { - t.Fatalf("unexpected root module found: %p, expected: %p", w1, direct) - } +// w1, err := rmm.RootModuleByPath(direct.Dir) +// if err != nil { +// t.Fatal(err) +// } +// if direct.RootModule != w1 { +// t.Fatalf("unexpected root module found: %p, expected: %p", w1, direct) +// } - w2, err := rmm.RootModuleByPath(filepath.Join("dirbased", ".terraform", "plugins", "selections.json")) - if err != nil { - t.Fatal(err) - } - if dirbased != w2 { - t.Fatalf("unexpected root module found: %p, expected: %p", w2, dirbased) - } -} +// lockDirPath := filepath.Join(tmpDir, "dirbased", ".terraform", "plugins") +// lockFilePath := filepath.Join(lockDirPath, "selections.json") +// err = os.MkdirAll(lockDirPath, 0775) +// if err != nil { +// t.Fatal(err) +// } +// f, err := os.Create(lockFilePath) +// if err != nil { +// t.Fatal(err) +// } +// f.Close() + +// w2, err := rmm.RootModuleByPath(lockFilePath) +// if err != nil { +// t.Fatal(err) +// } +// if dirbased.RootModule != w2 { +// t.Fatalf("unexpected root module found: %p, expected: %p", w2, dirbased) +// } +// } -func TestRootModuleManager_RootModuleByPath_moduleRefs(t *testing.T) { - rmm := testRootModuleManager(t) - direct, unrelated, modbased := testRootModule(t), testRootModule(t), testRootModule(t) - - mm, err := parseModuleManifest([]byte(`{ - "Modules": [ - { - "Key": "local.deep-inside", - "Source": "../../another-one", - "Dir": "another-one" - }, - { - "Key": "web_server_sg", - "Source": "terraform-aws-modules/security-group/aws//modules/http-80", - "Version": "3.10.0", - "Dir": ".terraform/modules/web_server_sg/terraform-aws-security-group-3.10.0/modules/http-80" - }, - { - "Key": "web_server_sg.sg", - "Source": "../../", - "Dir": ".terraform/modules/web_server_sg/terraform-aws-security-group-3.10.0" - }, - { - "Key": "", - "Source": "", - "Dir": "." - }, - { - "Key": "local", - "Source": "./nested/path", - "Dir": "nested/path" - } - ] -}`)) +func TestRootModuleManager_RootModuleCandidatesByPath(t *testing.T) { + testData, err := filepath.Abs("testdata") if err != nil { t.Fatal(err) } - mm.rootDir = "newroot" - modbased.moduleManifest = mm - rmm.rms = map[string]*rootModule{ - "direct": direct, - "unrelated": unrelated, - "modulebased": modbased, + testCases := []struct { + name string + walkerRoot string + lookupPath string + expectedCandidates []string + }{ + { + // outside of watcher, root modules are always looked up by dir + "tf-file-based lookup", + filepath.Join(testData, "single-root-ext-modules-only"), + filepath.Join(testData, "single-root-ext-modules-only", "main.tf"), + []string{}, + }, + { + "dir-based lookup (exact match)", + filepath.Join(testData, "single-root-ext-modules-only"), + filepath.Join(testData, "single-root-ext-modules-only"), + []string{ + filepath.Join(testData, "single-root-ext-modules-only"), + }, + }, + { + "lock-file-based lookup", + filepath.Join(testData, "single-root-ext-modules-only"), + filepath.Join(testData, "single-root-ext-modules-only", + ".terraform", + "modules", + "modules.json"), + []string{ + filepath.Join(testData, "single-root-ext-modules-only"), + }, + }, + + { + "dir-based lookup (exact match)", + filepath.Join(testData, "single-root-local-and-ext-modules"), + filepath.Join(testData, "single-root-local-and-ext-modules"), + []string{ + filepath.Join(testData, "single-root-local-and-ext-modules"), + }, + }, + { + "lock-file-based lookup", + filepath.Join(testData, "single-root-local-and-ext-modules"), + filepath.Join(testData, "single-root-local-and-ext-modules", + ".terraform", + "modules", + "modules.json"), + []string{ + filepath.Join(testData, "single-root-local-and-ext-modules"), + }, + }, + { + "mod-ref-based lookup", + filepath.Join(testData, "single-root-local-and-ext-modules"), + filepath.Join(testData, "single-root-local-and-ext-modules/alpha"), + []string{ + filepath.Join(testData, "single-root-local-and-ext-modules"), + }, + }, + { + "mod-ref-based lookup", + filepath.Join(testData, "single-root-local-and-ext-modules"), + filepath.Join(testData, "single-root-local-and-ext-modules/beta"), + []string{ + filepath.Join(testData, "single-root-local-and-ext-modules"), + }, + }, + { + "mod-ref-based lookup (not referenced)", + filepath.Join(testData, "single-root-local-and-ext-modules"), + filepath.Join(testData, "single-root-local-and-ext-modules/charlie"), + []string{}, + }, + + { + "dir-based lookup (exact match)", + filepath.Join(testData, "single-root-local-modules-only"), + filepath.Join(testData, "single-root-local-modules-only"), + []string{ + filepath.Join(testData, "single-root-local-modules-only"), + }, + }, + { + "lock-file-based lookup", + filepath.Join(testData, "single-root-local-modules-only"), + filepath.Join(testData, "single-root-local-modules-only", + ".terraform", + "modules", + "modules.json"), + []string{ + filepath.Join(testData, "single-root-local-modules-only"), + }, + }, + { + "mod-ref-based lookup", + filepath.Join(testData, "single-root-local-modules-only"), + filepath.Join(testData, "single-root-local-modules-only/alpha"), + []string{ + filepath.Join(testData, "single-root-local-modules-only"), + }, + }, + { + "mod-ref-based lookup", + filepath.Join(testData, "single-root-local-modules-only"), + filepath.Join(testData, "single-root-local-modules-only/beta"), + []string{ + filepath.Join(testData, "single-root-local-modules-only"), + }, + }, + { + "mod-ref-based lookup (not referenced)", + filepath.Join(testData, "single-root-local-modules-only"), + filepath.Join(testData, "single-root-local-modules-only/charlie"), + []string{}, + }, + + { + "dir-based lookup (exact match)", + filepath.Join(testData, "single-root-no-modules"), + filepath.Join(testData, "single-root-no-modules"), + []string{ + filepath.Join(testData, "single-root-no-modules"), + }, + }, + { + "lock-file-based lookup", + filepath.Join(testData, "single-root-no-modules"), + filepath.Join(testData, "single-root-no-modules", + ".terraform", + "modules", + "modules.json"), + []string{ + filepath.Join(testData, "single-root-no-modules"), + }, + }, + + { + "directory-based lookup", + filepath.Join(testData, "nested-single-root-no-modules"), + filepath.Join(testData, "nested-single-root-no-modules", "tf-root"), + []string{ + filepath.Join(testData, "nested-single-root-no-modules", "tf-root"), + }, + }, + { + "lock-file-based lookup", + filepath.Join(testData, "nested-single-root-no-modules"), + filepath.Join(testData, "nested-single-root-no-modules", "tf-root", + ".terraform", + "modules", + "modules.json"), + []string{ + filepath.Join(testData, "nested-single-root-no-modules", "tf-root"), + }, + }, + + { + "directory-based lookup", + filepath.Join(testData, "nested-single-root-ext-modules-only"), + filepath.Join(testData, "nested-single-root-ext-modules-only", "tf-root"), + []string{ + filepath.Join(testData, "nested-single-root-ext-modules-only", "tf-root"), + }, + }, + { + "lock-file-based lookup", + filepath.Join(testData, "nested-single-root-ext-modules-only"), + filepath.Join(testData, "nested-single-root-ext-modules-only", "tf-root", + ".terraform", + "modules", + "modules.json"), + []string{ + filepath.Join(testData, "nested-single-root-ext-modules-only", "tf-root"), + }, + }, + + { + "directory-based lookup", + filepath.Join(testData, "nested-single-root-local-modules-down"), + filepath.Join(testData, "nested-single-root-local-modules-down", "tf-root"), + []string{ + filepath.Join(testData, "nested-single-root-local-modules-down", "tf-root"), + }, + }, + { + "lock-file-based lookup", + filepath.Join(testData, "nested-single-root-local-modules-down"), + filepath.Join(testData, "nested-single-root-local-modules-down", "tf-root", + ".terraform", + "modules", + "modules.json"), + []string{ + filepath.Join(testData, "nested-single-root-local-modules-down", "tf-root"), + }, + }, + { + "mod-based lookup", + filepath.Join(testData, "nested-single-root-local-modules-down"), + filepath.Join(testData, "nested-single-root-local-modules-down", "tf-root", "alpha"), + []string{ + filepath.Join(testData, "nested-single-root-local-modules-down", "tf-root"), + }, + }, + { + "mod-based lookup", + filepath.Join(testData, "nested-single-root-local-modules-down"), + filepath.Join(testData, "nested-single-root-local-modules-down", "tf-root", "beta"), + []string{}, + }, + { + "mod-based lookup", + filepath.Join(testData, "nested-single-root-local-modules-down"), + filepath.Join(testData, "nested-single-root-local-modules-down", "tf-root", "charlie"), + []string{ + filepath.Join(testData, "nested-single-root-local-modules-down", "tf-root"), + }, + }, + + { + "dir-based lookup", + filepath.Join(testData, "nested-single-root-local-modules-up"), + filepath.Join(testData, "nested-single-root-local-modules-up", "module", "tf-root"), + []string{ + filepath.Join(testData, "nested-single-root-local-modules-up", "module", "tf-root"), + }, + }, + { + "lock-file-based lookup", + filepath.Join(testData, "nested-single-root-local-modules-up"), + filepath.Join(testData, "nested-single-root-local-modules-up", "module", "tf-root", + ".terraform", + "modules", + "modules.json"), + []string{ + filepath.Join(testData, "nested-single-root-local-modules-up", "module", "tf-root"), + }, + }, + { + "mod-based lookup", + filepath.Join(testData, "nested-single-root-local-modules-up"), + filepath.Join(testData, "nested-single-root-local-modules-up", "module"), + []string{ + filepath.Join(testData, "nested-single-root-local-modules-up", "module", "tf-root"), + }, + }, + + // Multi-root + + { + "directory-env-based lookup", + filepath.Join(testData, "main-module-multienv"), + filepath.Join(testData, "main-module-multienv", "env", "dev"), + []string{ + filepath.Join(testData, "main-module-multienv", "env", "dev"), + }, + }, + { + "directory-env-based lookup", + filepath.Join(testData, "main-module-multienv"), + filepath.Join(testData, "main-module-multienv", "env", "prod"), + []string{ + filepath.Join(testData, "main-module-multienv", "env", "prod"), + }, + }, + { + "main module lookup", + filepath.Join(testData, "main-module-multienv"), + filepath.Join(testData, "main-module-multienv", "main"), + []string{ + filepath.Join(testData, "main-module-multienv", "env", "dev"), + filepath.Join(testData, "main-module-multienv", "env", "prod"), + filepath.Join(testData, "main-module-multienv", "env", "staging"), + }, + }, + + { + "dir-based lookup", + filepath.Join(testData, "multi-root-no-modules"), + filepath.Join(testData, "multi-root-no-modules", "first-root"), + []string{ + filepath.Join(testData, "multi-root-no-modules", "first-root"), + }, + }, + { + "dir-based lookup", + filepath.Join(testData, "multi-root-no-modules"), + filepath.Join(testData, "multi-root-no-modules", "second-root"), + []string{ + filepath.Join(testData, "multi-root-no-modules", "second-root"), + }, + }, + { + "lock-file-based lookup", + filepath.Join(testData, "multi-root-no-modules"), + filepath.Join(testData, "multi-root-no-modules", "first-root", + ".terraform", + "modules", + "modules.json"), + []string{ + filepath.Join(testData, "multi-root-no-modules", "first-root"), + }, + }, + { + "lock-file-based lookup", + filepath.Join(testData, "multi-root-no-modules"), + filepath.Join(testData, "multi-root-no-modules", "second-root", + ".terraform", + "modules", + "modules.json"), + []string{ + filepath.Join(testData, "multi-root-no-modules", "second-root"), + }, + }, + + { + "dir-based lookup", + filepath.Join(testData, "multi-root-local-modules-down"), + filepath.Join(testData, "multi-root-local-modules-down", "first-root"), + []string{ + filepath.Join(testData, "multi-root-local-modules-down", "first-root"), + }, + }, + { + "lock-file-based lookup", + filepath.Join(testData, "multi-root-local-modules-down"), + filepath.Join(testData, "multi-root-local-modules-down", "first-root", + ".terraform", + "modules", + "modules.json"), + []string{ + filepath.Join(testData, "multi-root-local-modules-down", "first-root"), + }, + }, + { + "mod-based lookup", + filepath.Join(testData, "multi-root-local-modules-down"), + filepath.Join(testData, "multi-root-local-modules-down", "first-root", "alpha"), + []string{ + filepath.Join(testData, "multi-root-local-modules-down", "first-root"), + }, + }, + { + "mod-based lookup", + filepath.Join(testData, "multi-root-local-modules-down"), + filepath.Join(testData, "multi-root-local-modules-down", "first-root", "beta"), + []string{}, + }, + { + "mod-based lookup", + filepath.Join(testData, "multi-root-local-modules-down"), + filepath.Join(testData, "multi-root-local-modules-down", "first-root", "charlie"), + []string{ + filepath.Join(testData, "multi-root-local-modules-down", "first-root"), + }, + }, + { + "dir-based lookup", + filepath.Join(testData, "multi-root-local-modules-down"), + filepath.Join(testData, "multi-root-local-modules-down", "second-root"), + []string{ + filepath.Join(testData, "multi-root-local-modules-down", "second-root"), + }, + }, + { + "lock-file-based lookup", + filepath.Join(testData, "multi-root-local-modules-down"), + filepath.Join(testData, "multi-root-local-modules-down", "second-root", + ".terraform", + "modules", + "modules.json"), + []string{ + filepath.Join(testData, "multi-root-local-modules-down", "second-root"), + }, + }, + { + "mod-based lookup", + filepath.Join(testData, "multi-root-local-modules-down"), + filepath.Join(testData, "multi-root-local-modules-down", "second-root", "alpha"), + []string{ + filepath.Join(testData, "multi-root-local-modules-down", "second-root"), + }, + }, + { + "mod-based lookup", + filepath.Join(testData, "multi-root-local-modules-down"), + filepath.Join(testData, "multi-root-local-modules-down", "second-root", "beta"), + []string{}, + }, + { + "mod-based lookup", + filepath.Join(testData, "multi-root-local-modules-down"), + filepath.Join(testData, "multi-root-local-modules-down", "second-root", "charlie"), + []string{ + filepath.Join(testData, "multi-root-local-modules-down", "second-root"), + }, + }, + + { + "dir-based lookup", + filepath.Join(testData, "multi-root-local-modules-up"), + filepath.Join(testData, "multi-root-local-modules-up", "main-module"), + []string{ + filepath.Join(testData, "multi-root-local-modules-up", "main-module", "modules", "first"), + filepath.Join(testData, "multi-root-local-modules-up", "main-module", "modules", "second"), + filepath.Join(testData, "multi-root-local-modules-up", "main-module", "modules", "third"), + }, + }, } - t.Run("dir-path", func(t *testing.T) { - w, err := rmm.RootModuleByPath(filepath.Join("newroot", "nested", "path")) - if err != nil { - t.Fatal(err) - } - if modbased != w { - t.Fatalf("unexpected root module found: %p, expected: %p", w, modbased) - } - }) - t.Run("file-path", func(t *testing.T) { - _, err := rmm.RootModuleByPath(filepath.Join("newroot", "nested", "path", "file.tf")) - if err == nil { - t.Fatal("expected file-based lookup to fail") - } - }) + for i, tc := range testCases { + base := filepath.Base(tc.walkerRoot) + t.Run(fmt.Sprintf("%s/%d-%s", base, i, tc.name), func(t *testing.T) { + rmm := testRootModuleManager(t) + w := NewWalker() + err := w.WalkInitializedRootModules(tc.walkerRoot, func(rmPath string) error { + return rmm.AddRootModule(rmPath) + }) + if err != nil { + t.Fatal(err) + } + + candidates := rmm.RootModuleCandidatesByPath(tc.lookupPath) + if diff := cmp.Diff(tc.expectedCandidates, candidates); diff != "" { + t.Fatalf("candidates don't match: %s", diff) + } + }) + } } func testRootModuleManager(t *testing.T) *rootModuleManager { rmm := newRootModuleManager(context.Background()) rmm.logger = testLogger() + rmm.newRootModule = func(ctx context.Context, dir string) (*rootModule, error) { + rm := NewRootModuleMock(ctx, &RootModuleMock{ + TerraformExecQueue: &exec.MockQueue{ + Q: []*exec.MockItem{ + { + Args: []string{"version"}, + Stdout: "Terraform v0.12.0\n", + }, + { + Args: []string{"providers", "schema", "-json"}, + Stdout: "{\"format_version\":\"0.1\"}\n", + }, + }, + }, + }, dir) + md := &discovery.MockDiscovery{Path: "tf-mock"} + rm.tfDiscoFunc = md.LookPath + return rm, rm.init(ctx) + } return rmm } -func testRootModule(t *testing.T) *rootModule { - w := newRootModule(context.Background()) - w.logger = testLogger() - return w -} - func testLogger() *log.Logger { if testing.Verbose() { return log.New(os.Stdout, "", log.LstdFlags|log.Lshortfile) diff --git a/internal/terraform/rootmodule/testdata/.gitignore b/internal/terraform/rootmodule/testdata/.gitignore new file mode 100644 index 000000000..e26ae1c41 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/.gitignore @@ -0,0 +1 @@ +**/.terraform/plugins/*/terraform-provider* diff --git a/internal/terraform/rootmodule/testdata/README.md b/internal/terraform/rootmodule/testdata/README.md new file mode 100644 index 000000000..d77eeeeef --- /dev/null +++ b/internal/terraform/rootmodule/testdata/README.md @@ -0,0 +1,25 @@ +# Tested Terraform Hierarchies + +This directory contains different hierarchies of root modules +which the language server supports and is tested against. + +## Single Root + + - `single-root-ext-modules-only` + - `single-root-local-and-ext-modules` + - `single-root-local-modules-only` + - `single-root-no-modules` + +## Nested Single Root + + - `nested-single-root-no-modules` + - `nested-single-root-ext-modules-only` + - `nested-single-root-local-modules-down` + - `nested-single-root-local-modules-up` + +## Multiple Roots + + - `main-module-multienv` - https://dev.to/piotrgwiazda/main-module-approach-for-handling-multiple-environments-in-terraform-1oln + - `multi-root-no-modules` + - `multi-root-local-modules-down` + - `multi-root-local-modules-up` - e.g. https://github.com/terraform-aws-modules/terraform-aws-security-group diff --git a/internal/terraform/rootmodule/testdata/main-module-multienv/env/dev/.terraform/modules/modules.json b/internal/terraform/rootmodule/testdata/main-module-multienv/env/dev/.terraform/modules/modules.json new file mode 100644 index 000000000..38d34d2cd --- /dev/null +++ b/internal/terraform/rootmodule/testdata/main-module-multienv/env/dev/.terraform/modules/modules.json @@ -0,0 +1 @@ +{"Modules":[{"Key":"main.db","Source":"../modules/database","Dir":"../../modules/database"},{"Key":"main.gorilla-app","Source":"../modules/application","Dir":"../../modules/application"},{"Key":"","Source":"","Dir":"."},{"Key":"main","Source":"../../main","Dir":"../../main"}]} \ No newline at end of file diff --git a/internal/terraform/rootmodule/testdata/main-module-multienv/env/dev/.terraform/plugins/darwin_amd64/lock.json b/internal/terraform/rootmodule/testdata/main-module-multienv/env/dev/.terraform/plugins/darwin_amd64/lock.json new file mode 100755 index 000000000..51a6f9448 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/main-module-multienv/env/dev/.terraform/plugins/darwin_amd64/lock.json @@ -0,0 +1,3 @@ +{ + "random": "7903b3f4d7067b3e8ca2440aa4342b57286310e074a806d0f1a673034969817b" +} \ No newline at end of file diff --git a/internal/terraform/rootmodule/testdata/main-module-multienv/env/dev/dev.tf b/internal/terraform/rootmodule/testdata/main-module-multienv/env/dev/dev.tf new file mode 100644 index 000000000..0ae91f937 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/main-module-multienv/env/dev/dev.tf @@ -0,0 +1,10 @@ +provider "random" { + version = "~>2.0" +} + +module "main" { + source = "../../main" + environment_name = "dev" + app_instances = 1 + db_instances = 1 +} diff --git a/internal/terraform/rootmodule/testdata/main-module-multienv/env/prod/.terraform/modules/modules.json b/internal/terraform/rootmodule/testdata/main-module-multienv/env/prod/.terraform/modules/modules.json new file mode 100644 index 000000000..8bb5e1b59 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/main-module-multienv/env/prod/.terraform/modules/modules.json @@ -0,0 +1 @@ +{"Modules":[{"Key":"main","Source":"../../main","Dir":"../../main"},{"Key":"main.db","Source":"../modules/database","Dir":"../../modules/database"},{"Key":"main.gorilla-app","Source":"../modules/application","Dir":"../../modules/application"},{"Key":"","Source":"","Dir":"."}]} \ No newline at end of file diff --git a/internal/terraform/rootmodule/testdata/main-module-multienv/env/prod/.terraform/plugins/darwin_amd64/lock.json b/internal/terraform/rootmodule/testdata/main-module-multienv/env/prod/.terraform/plugins/darwin_amd64/lock.json new file mode 100755 index 000000000..51a6f9448 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/main-module-multienv/env/prod/.terraform/plugins/darwin_amd64/lock.json @@ -0,0 +1,3 @@ +{ + "random": "7903b3f4d7067b3e8ca2440aa4342b57286310e074a806d0f1a673034969817b" +} \ No newline at end of file diff --git a/internal/terraform/rootmodule/testdata/main-module-multienv/env/prod/prod.tf b/internal/terraform/rootmodule/testdata/main-module-multienv/env/prod/prod.tf new file mode 100644 index 000000000..48a998824 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/main-module-multienv/env/prod/prod.tf @@ -0,0 +1,10 @@ +provider "random" { + version = "~>2.0" +} + +module "main" { + source = "../../main" + environment_name = "prod" + app_instances = 5 + db_instances = 3 +} diff --git a/internal/terraform/rootmodule/testdata/main-module-multienv/env/staging/.terraform/modules/modules.json b/internal/terraform/rootmodule/testdata/main-module-multienv/env/staging/.terraform/modules/modules.json new file mode 100644 index 000000000..430b363fc --- /dev/null +++ b/internal/terraform/rootmodule/testdata/main-module-multienv/env/staging/.terraform/modules/modules.json @@ -0,0 +1 @@ +{"Modules":[{"Key":"","Source":"","Dir":"."},{"Key":"main","Source":"../../main","Dir":"../../main"},{"Key":"main.db","Source":"../modules/database","Dir":"../../modules/database"},{"Key":"main.gorilla-app","Source":"../modules/application","Dir":"../../modules/application"}]} \ No newline at end of file diff --git a/internal/terraform/rootmodule/testdata/main-module-multienv/env/staging/.terraform/plugins/darwin_amd64/lock.json b/internal/terraform/rootmodule/testdata/main-module-multienv/env/staging/.terraform/plugins/darwin_amd64/lock.json new file mode 100755 index 000000000..51a6f9448 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/main-module-multienv/env/staging/.terraform/plugins/darwin_amd64/lock.json @@ -0,0 +1,3 @@ +{ + "random": "7903b3f4d7067b3e8ca2440aa4342b57286310e074a806d0f1a673034969817b" +} \ No newline at end of file diff --git a/internal/terraform/rootmodule/testdata/main-module-multienv/env/staging/staging.tf b/internal/terraform/rootmodule/testdata/main-module-multienv/env/staging/staging.tf new file mode 100644 index 000000000..79169c22f --- /dev/null +++ b/internal/terraform/rootmodule/testdata/main-module-multienv/env/staging/staging.tf @@ -0,0 +1,10 @@ +provider "random" { + version = "~>2.0" +} + +module "main" { + source = "../../main" + environment_name = "staging" + app_instances = 2 + db_instances = 1 +} diff --git a/internal/terraform/rootmodule/testdata/main-module-multienv/main/main.tf b/internal/terraform/rootmodule/testdata/main-module-multienv/main/main.tf new file mode 100644 index 000000000..0df0403a9 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/main-module-multienv/main/main.tf @@ -0,0 +1,25 @@ +variable "environment_name" { + type = string +} + +variable "app_instances" { + type = number +} + +variable "db_instances" { + type = number +} + +module "db" { + source = "../modules/database" + environment_name = var.environment_name + app_prefix = "foxtrot" + instances = var.db_instances +} + +module "gorilla-app" { + source = "../modules/application" + environment_name = var.environment_name + app_prefix = "protect-gorillas" + instances = var.app_instances +} diff --git a/internal/terraform/rootmodule/testdata/main-module-multienv/modules/application/main.tf b/internal/terraform/rootmodule/testdata/main-module-multienv/modules/application/main.tf new file mode 100644 index 000000000..757a72eab --- /dev/null +++ b/internal/terraform/rootmodule/testdata/main-module-multienv/modules/application/main.tf @@ -0,0 +1,18 @@ +variable "environment_name" { + type = string +} + +variable "app_prefix" { + type = string +} + +variable "instances" { + type = number +} + +resource "random_pet" "application" { + count = var.instances + keepers = { + unique = "${var.environment_name}-${var.app_prefix}" + } +} diff --git a/internal/terraform/rootmodule/testdata/main-module-multienv/modules/database/main.tf b/internal/terraform/rootmodule/testdata/main-module-multienv/modules/database/main.tf new file mode 100644 index 000000000..69061acb4 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/main-module-multienv/modules/database/main.tf @@ -0,0 +1,18 @@ +variable "environment_name" { + type = string +} + +variable "db_prefix" { + type = string +} + +variable "instances" { + type = number +} + +resource "random_pet" "database" { + count = var.instances + keepers = { + unique = "${var.environment_name}-${var.db_prefix}" + } +} diff --git a/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/first-root/.terraform/modules/modules.json b/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/first-root/.terraform/modules/modules.json new file mode 100644 index 000000000..ea4811c55 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/first-root/.terraform/modules/modules.json @@ -0,0 +1 @@ +{"Modules":[{"Key":"","Source":"","Dir":"."},{"Key":"one","Source":"./alpha","Dir":"alpha"},{"Key":"three","Source":"./alpha","Dir":"alpha"},{"Key":"two","Source":"./charlie","Dir":"charlie"}]} \ No newline at end of file diff --git a/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/first-root/.terraform/plugins/darwin_amd64/lock.json b/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/first-root/.terraform/plugins/darwin_amd64/lock.json new file mode 100755 index 000000000..ded8dddf6 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/first-root/.terraform/plugins/darwin_amd64/lock.json @@ -0,0 +1,4 @@ +{ + "azurerm": "718d753146a7589a552a7586dde44e24c12a1719b8122ecca1e244d861d7fca6", + "random": "7903b3f4d7067b3e8ca2440aa4342b57286310e074a806d0f1a673034969817b" +} \ No newline at end of file diff --git a/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/first-root/alpha/main.tf b/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/first-root/alpha/main.tf new file mode 100644 index 000000000..9659f2d94 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/first-root/alpha/main.tf @@ -0,0 +1,3 @@ +resource "random_id" "server" { + byte_length = 8 +} diff --git a/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/first-root/beta/main.tf b/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/first-root/beta/main.tf new file mode 100644 index 000000000..9a9bb8fa4 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/first-root/beta/main.tf @@ -0,0 +1,3 @@ +resource "aws_vpc" "example" { + cidr_block = "10.0.0.0/16" +} diff --git a/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/first-root/charlie/main.tf b/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/first-root/charlie/main.tf new file mode 100644 index 000000000..d349b3d32 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/first-root/charlie/main.tf @@ -0,0 +1,4 @@ +resource "azurerm_resource_group" "example" { + name = "example-resources" + location = "West Europe" +} diff --git a/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/first-root/main.tf b/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/first-root/main.tf new file mode 100644 index 000000000..de3dad36a --- /dev/null +++ b/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/first-root/main.tf @@ -0,0 +1,11 @@ +module "one" { + source = "./alpha" +} + +module "two" { + source = "./charlie" +} + +module "three" { + source = "./alpha" +} diff --git a/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/second-root/.terraform/modules/modules.json b/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/second-root/.terraform/modules/modules.json new file mode 100644 index 000000000..ea4811c55 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/second-root/.terraform/modules/modules.json @@ -0,0 +1 @@ +{"Modules":[{"Key":"","Source":"","Dir":"."},{"Key":"one","Source":"./alpha","Dir":"alpha"},{"Key":"three","Source":"./alpha","Dir":"alpha"},{"Key":"two","Source":"./charlie","Dir":"charlie"}]} \ No newline at end of file diff --git a/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/second-root/.terraform/plugins/darwin_amd64/lock.json b/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/second-root/.terraform/plugins/darwin_amd64/lock.json new file mode 100755 index 000000000..ded8dddf6 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/second-root/.terraform/plugins/darwin_amd64/lock.json @@ -0,0 +1,4 @@ +{ + "azurerm": "718d753146a7589a552a7586dde44e24c12a1719b8122ecca1e244d861d7fca6", + "random": "7903b3f4d7067b3e8ca2440aa4342b57286310e074a806d0f1a673034969817b" +} \ No newline at end of file diff --git a/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/second-root/alpha/main.tf b/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/second-root/alpha/main.tf new file mode 100644 index 000000000..9659f2d94 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/second-root/alpha/main.tf @@ -0,0 +1,3 @@ +resource "random_id" "server" { + byte_length = 8 +} diff --git a/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/second-root/beta/main.tf b/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/second-root/beta/main.tf new file mode 100644 index 000000000..9a9bb8fa4 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/second-root/beta/main.tf @@ -0,0 +1,3 @@ +resource "aws_vpc" "example" { + cidr_block = "10.0.0.0/16" +} diff --git a/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/second-root/charlie/main.tf b/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/second-root/charlie/main.tf new file mode 100644 index 000000000..d349b3d32 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/second-root/charlie/main.tf @@ -0,0 +1,4 @@ +resource "azurerm_resource_group" "example" { + name = "example-resources" + location = "West Europe" +} diff --git a/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/second-root/main.tf b/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/second-root/main.tf new file mode 100644 index 000000000..de3dad36a --- /dev/null +++ b/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/second-root/main.tf @@ -0,0 +1,11 @@ +module "one" { + source = "./alpha" +} + +module "two" { + source = "./charlie" +} + +module "three" { + source = "./alpha" +} diff --git a/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/third-root/.terraform/modules/modules.json b/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/third-root/.terraform/modules/modules.json new file mode 100644 index 000000000..ea4811c55 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/third-root/.terraform/modules/modules.json @@ -0,0 +1 @@ +{"Modules":[{"Key":"","Source":"","Dir":"."},{"Key":"one","Source":"./alpha","Dir":"alpha"},{"Key":"three","Source":"./alpha","Dir":"alpha"},{"Key":"two","Source":"./charlie","Dir":"charlie"}]} \ No newline at end of file diff --git a/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/third-root/.terraform/plugins/darwin_amd64/lock.json b/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/third-root/.terraform/plugins/darwin_amd64/lock.json new file mode 100755 index 000000000..ded8dddf6 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/third-root/.terraform/plugins/darwin_amd64/lock.json @@ -0,0 +1,4 @@ +{ + "azurerm": "718d753146a7589a552a7586dde44e24c12a1719b8122ecca1e244d861d7fca6", + "random": "7903b3f4d7067b3e8ca2440aa4342b57286310e074a806d0f1a673034969817b" +} \ No newline at end of file diff --git a/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/third-root/alpha/main.tf b/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/third-root/alpha/main.tf new file mode 100644 index 000000000..9659f2d94 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/third-root/alpha/main.tf @@ -0,0 +1,3 @@ +resource "random_id" "server" { + byte_length = 8 +} diff --git a/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/third-root/beta/main.tf b/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/third-root/beta/main.tf new file mode 100644 index 000000000..9a9bb8fa4 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/third-root/beta/main.tf @@ -0,0 +1,3 @@ +resource "aws_vpc" "example" { + cidr_block = "10.0.0.0/16" +} diff --git a/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/third-root/charlie/main.tf b/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/third-root/charlie/main.tf new file mode 100644 index 000000000..d349b3d32 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/third-root/charlie/main.tf @@ -0,0 +1,4 @@ +resource "azurerm_resource_group" "example" { + name = "example-resources" + location = "West Europe" +} diff --git a/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/third-root/main.tf b/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/third-root/main.tf new file mode 100644 index 000000000..de3dad36a --- /dev/null +++ b/internal/terraform/rootmodule/testdata/multi-root-local-modules-down/third-root/main.tf @@ -0,0 +1,11 @@ +module "one" { + source = "./alpha" +} + +module "two" { + source = "./charlie" +} + +module "three" { + source = "./alpha" +} diff --git a/internal/terraform/rootmodule/testdata/multi-root-local-modules-up/main-module/main.tf b/internal/terraform/rootmodule/testdata/multi-root-local-modules-up/main-module/main.tf new file mode 100644 index 000000000..d349b3d32 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/multi-root-local-modules-up/main-module/main.tf @@ -0,0 +1,4 @@ +resource "azurerm_resource_group" "example" { + name = "example-resources" + location = "West Europe" +} diff --git a/internal/terraform/rootmodule/testdata/multi-root-local-modules-up/main-module/modules/first/.terraform/modules/modules.json b/internal/terraform/rootmodule/testdata/multi-root-local-modules-up/main-module/modules/first/.terraform/modules/modules.json new file mode 100644 index 000000000..358d721b5 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/multi-root-local-modules-up/main-module/modules/first/.terraform/modules/modules.json @@ -0,0 +1 @@ +{"Modules":[{"Key":"","Source":"","Dir":"."},{"Key":"first","Source":"../../","Dir":"../.."}]} \ No newline at end of file diff --git a/internal/terraform/rootmodule/testdata/multi-root-local-modules-up/main-module/modules/first/.terraform/plugins/darwin_amd64/lock.json b/internal/terraform/rootmodule/testdata/multi-root-local-modules-up/main-module/modules/first/.terraform/plugins/darwin_amd64/lock.json new file mode 100755 index 000000000..894be1e76 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/multi-root-local-modules-up/main-module/modules/first/.terraform/plugins/darwin_amd64/lock.json @@ -0,0 +1,3 @@ +{ + "azurerm": "718d753146a7589a552a7586dde44e24c12a1719b8122ecca1e244d861d7fca6" +} \ No newline at end of file diff --git a/internal/terraform/rootmodule/testdata/multi-root-local-modules-up/main-module/modules/first/main.tf b/internal/terraform/rootmodule/testdata/multi-root-local-modules-up/main-module/modules/first/main.tf new file mode 100644 index 000000000..cc63bcf50 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/multi-root-local-modules-up/main-module/modules/first/main.tf @@ -0,0 +1,3 @@ +module "first" { + source = "../../" +} diff --git a/internal/terraform/rootmodule/testdata/multi-root-local-modules-up/main-module/modules/second/.terraform/modules/modules.json b/internal/terraform/rootmodule/testdata/multi-root-local-modules-up/main-module/modules/second/.terraform/modules/modules.json new file mode 100644 index 000000000..c72d65a32 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/multi-root-local-modules-up/main-module/modules/second/.terraform/modules/modules.json @@ -0,0 +1 @@ +{"Modules":[{"Key":"","Source":"","Dir":"."},{"Key":"second","Source":"../../","Dir":"../.."}]} \ No newline at end of file diff --git a/internal/terraform/rootmodule/testdata/multi-root-local-modules-up/main-module/modules/second/.terraform/plugins/darwin_amd64/lock.json b/internal/terraform/rootmodule/testdata/multi-root-local-modules-up/main-module/modules/second/.terraform/plugins/darwin_amd64/lock.json new file mode 100755 index 000000000..894be1e76 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/multi-root-local-modules-up/main-module/modules/second/.terraform/plugins/darwin_amd64/lock.json @@ -0,0 +1,3 @@ +{ + "azurerm": "718d753146a7589a552a7586dde44e24c12a1719b8122ecca1e244d861d7fca6" +} \ No newline at end of file diff --git a/internal/terraform/rootmodule/testdata/multi-root-local-modules-up/main-module/modules/second/main.tf b/internal/terraform/rootmodule/testdata/multi-root-local-modules-up/main-module/modules/second/main.tf new file mode 100644 index 000000000..cf75d0009 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/multi-root-local-modules-up/main-module/modules/second/main.tf @@ -0,0 +1,3 @@ +module "second" { + source = "../../" +} diff --git a/internal/terraform/rootmodule/testdata/multi-root-local-modules-up/main-module/modules/third/.terraform/modules/modules.json b/internal/terraform/rootmodule/testdata/multi-root-local-modules-up/main-module/modules/third/.terraform/modules/modules.json new file mode 100644 index 000000000..c2495c2dc --- /dev/null +++ b/internal/terraform/rootmodule/testdata/multi-root-local-modules-up/main-module/modules/third/.terraform/modules/modules.json @@ -0,0 +1 @@ +{"Modules":[{"Key":"","Source":"","Dir":"."},{"Key":"third","Source":"../../","Dir":"../.."}]} \ No newline at end of file diff --git a/internal/terraform/rootmodule/testdata/multi-root-local-modules-up/main-module/modules/third/.terraform/plugins/darwin_amd64/lock.json b/internal/terraform/rootmodule/testdata/multi-root-local-modules-up/main-module/modules/third/.terraform/plugins/darwin_amd64/lock.json new file mode 100755 index 000000000..894be1e76 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/multi-root-local-modules-up/main-module/modules/third/.terraform/plugins/darwin_amd64/lock.json @@ -0,0 +1,3 @@ +{ + "azurerm": "718d753146a7589a552a7586dde44e24c12a1719b8122ecca1e244d861d7fca6" +} \ No newline at end of file diff --git a/internal/terraform/rootmodule/testdata/multi-root-local-modules-up/main-module/modules/third/main.tf b/internal/terraform/rootmodule/testdata/multi-root-local-modules-up/main-module/modules/third/main.tf new file mode 100644 index 000000000..6bd56b234 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/multi-root-local-modules-up/main-module/modules/third/main.tf @@ -0,0 +1,3 @@ +module "third" { + source = "../../" +} diff --git a/internal/terraform/rootmodule/testdata/multi-root-no-modules/first-root/.terraform/plugins/darwin_amd64/lock.json b/internal/terraform/rootmodule/testdata/multi-root-no-modules/first-root/.terraform/plugins/darwin_amd64/lock.json new file mode 100755 index 000000000..894be1e76 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/multi-root-no-modules/first-root/.terraform/plugins/darwin_amd64/lock.json @@ -0,0 +1,3 @@ +{ + "azurerm": "718d753146a7589a552a7586dde44e24c12a1719b8122ecca1e244d861d7fca6" +} \ No newline at end of file diff --git a/internal/terraform/rootmodule/testdata/multi-root-no-modules/first-root/main.tf b/internal/terraform/rootmodule/testdata/multi-root-no-modules/first-root/main.tf new file mode 100644 index 000000000..d349b3d32 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/multi-root-no-modules/first-root/main.tf @@ -0,0 +1,4 @@ +resource "azurerm_resource_group" "example" { + name = "example-resources" + location = "West Europe" +} diff --git a/internal/terraform/rootmodule/testdata/multi-root-no-modules/second-root/.terraform/plugins/darwin_amd64/lock.json b/internal/terraform/rootmodule/testdata/multi-root-no-modules/second-root/.terraform/plugins/darwin_amd64/lock.json new file mode 100755 index 000000000..33307f702 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/multi-root-no-modules/second-root/.terraform/plugins/darwin_amd64/lock.json @@ -0,0 +1,3 @@ +{ + "aws": "15303dfdb1e55005e47559799f5c38f5d8bbca517db42898172c9d637d5b8113" +} \ No newline at end of file diff --git a/internal/terraform/rootmodule/testdata/multi-root-no-modules/second-root/main.tf b/internal/terraform/rootmodule/testdata/multi-root-no-modules/second-root/main.tf new file mode 100644 index 000000000..9a9bb8fa4 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/multi-root-no-modules/second-root/main.tf @@ -0,0 +1,3 @@ +resource "aws_vpc" "example" { + cidr_block = "10.0.0.0/16" +} diff --git a/internal/terraform/rootmodule/testdata/multi-root-no-modules/third-root/.terraform/plugins/darwin_amd64/lock.json b/internal/terraform/rootmodule/testdata/multi-root-no-modules/third-root/.terraform/plugins/darwin_amd64/lock.json new file mode 100755 index 000000000..3d2cdfc40 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/multi-root-no-modules/third-root/.terraform/plugins/darwin_amd64/lock.json @@ -0,0 +1,3 @@ +{ + "github": "aca175fc74182f1b7c9bfeb40a411755555d9122c13a0f81ddaea97ce0ca4cfc" +} \ No newline at end of file diff --git a/internal/terraform/rootmodule/testdata/multi-root-no-modules/third-root/main.tf b/internal/terraform/rootmodule/testdata/multi-root-no-modules/third-root/main.tf new file mode 100644 index 000000000..661ddce5a --- /dev/null +++ b/internal/terraform/rootmodule/testdata/multi-root-no-modules/third-root/main.tf @@ -0,0 +1,11 @@ +resource "github_repository" "example" { + name = "example" + description = "My awesome codebase" + + private = true + + template { + owner = "github" + repository = "terraform-module-template" + } +} diff --git a/internal/terraform/rootmodule/testdata/nested-single-root-ext-modules-only/tf-root/.terraform/plugins/darwin_amd64/lock.json b/internal/terraform/rootmodule/testdata/nested-single-root-ext-modules-only/tf-root/.terraform/plugins/darwin_amd64/lock.json new file mode 100755 index 000000000..51a6f9448 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/nested-single-root-ext-modules-only/tf-root/.terraform/plugins/darwin_amd64/lock.json @@ -0,0 +1,3 @@ +{ + "random": "7903b3f4d7067b3e8ca2440aa4342b57286310e074a806d0f1a673034969817b" +} \ No newline at end of file diff --git a/internal/terraform/rootmodule/testdata/nested-single-root-ext-modules-only/tf-root/main.tf b/internal/terraform/rootmodule/testdata/nested-single-root-ext-modules-only/tf-root/main.tf new file mode 100644 index 000000000..9659f2d94 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/nested-single-root-ext-modules-only/tf-root/main.tf @@ -0,0 +1,3 @@ +resource "random_id" "server" { + byte_length = 8 +} diff --git a/internal/terraform/rootmodule/testdata/nested-single-root-ext-modules-only/unrelated-folder-1/cheeky.yaml b/internal/terraform/rootmodule/testdata/nested-single-root-ext-modules-only/unrelated-folder-1/cheeky.yaml new file mode 100644 index 000000000..45ba7ac62 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/nested-single-root-ext-modules-only/unrelated-folder-1/cheeky.yaml @@ -0,0 +1,2 @@ +--- +example: value diff --git a/internal/terraform/rootmodule/testdata/nested-single-root-ext-modules-only/unrelated-folder-2/data.json b/internal/terraform/rootmodule/testdata/nested-single-root-ext-modules-only/unrelated-folder-2/data.json new file mode 100644 index 000000000..0967ef424 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/nested-single-root-ext-modules-only/unrelated-folder-2/data.json @@ -0,0 +1 @@ +{} diff --git a/internal/terraform/rootmodule/testdata/nested-single-root-local-modules-down/tf-root/.terraform/modules/modules.json b/internal/terraform/rootmodule/testdata/nested-single-root-local-modules-down/tf-root/.terraform/modules/modules.json new file mode 100644 index 000000000..ea4811c55 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/nested-single-root-local-modules-down/tf-root/.terraform/modules/modules.json @@ -0,0 +1 @@ +{"Modules":[{"Key":"","Source":"","Dir":"."},{"Key":"one","Source":"./alpha","Dir":"alpha"},{"Key":"three","Source":"./alpha","Dir":"alpha"},{"Key":"two","Source":"./charlie","Dir":"charlie"}]} \ No newline at end of file diff --git a/internal/terraform/rootmodule/testdata/nested-single-root-local-modules-down/tf-root/.terraform/plugins/darwin_amd64/lock.json b/internal/terraform/rootmodule/testdata/nested-single-root-local-modules-down/tf-root/.terraform/plugins/darwin_amd64/lock.json new file mode 100755 index 000000000..ded8dddf6 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/nested-single-root-local-modules-down/tf-root/.terraform/plugins/darwin_amd64/lock.json @@ -0,0 +1,4 @@ +{ + "azurerm": "718d753146a7589a552a7586dde44e24c12a1719b8122ecca1e244d861d7fca6", + "random": "7903b3f4d7067b3e8ca2440aa4342b57286310e074a806d0f1a673034969817b" +} \ No newline at end of file diff --git a/internal/terraform/rootmodule/testdata/nested-single-root-local-modules-down/tf-root/alpha/main.tf b/internal/terraform/rootmodule/testdata/nested-single-root-local-modules-down/tf-root/alpha/main.tf new file mode 100644 index 000000000..9659f2d94 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/nested-single-root-local-modules-down/tf-root/alpha/main.tf @@ -0,0 +1,3 @@ +resource "random_id" "server" { + byte_length = 8 +} diff --git a/internal/terraform/rootmodule/testdata/nested-single-root-local-modules-down/tf-root/beta/main.tf b/internal/terraform/rootmodule/testdata/nested-single-root-local-modules-down/tf-root/beta/main.tf new file mode 100644 index 000000000..9a9bb8fa4 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/nested-single-root-local-modules-down/tf-root/beta/main.tf @@ -0,0 +1,3 @@ +resource "aws_vpc" "example" { + cidr_block = "10.0.0.0/16" +} diff --git a/internal/terraform/rootmodule/testdata/nested-single-root-local-modules-down/tf-root/charlie/main.tf b/internal/terraform/rootmodule/testdata/nested-single-root-local-modules-down/tf-root/charlie/main.tf new file mode 100644 index 000000000..d349b3d32 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/nested-single-root-local-modules-down/tf-root/charlie/main.tf @@ -0,0 +1,4 @@ +resource "azurerm_resource_group" "example" { + name = "example-resources" + location = "West Europe" +} diff --git a/internal/terraform/rootmodule/testdata/nested-single-root-local-modules-down/tf-root/main.tf b/internal/terraform/rootmodule/testdata/nested-single-root-local-modules-down/tf-root/main.tf new file mode 100644 index 000000000..de3dad36a --- /dev/null +++ b/internal/terraform/rootmodule/testdata/nested-single-root-local-modules-down/tf-root/main.tf @@ -0,0 +1,11 @@ +module "one" { + source = "./alpha" +} + +module "two" { + source = "./charlie" +} + +module "three" { + source = "./alpha" +} diff --git a/internal/terraform/rootmodule/testdata/nested-single-root-local-modules-up/module/main.tf b/internal/terraform/rootmodule/testdata/nested-single-root-local-modules-up/module/main.tf new file mode 100644 index 000000000..d349b3d32 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/nested-single-root-local-modules-up/module/main.tf @@ -0,0 +1,4 @@ +resource "azurerm_resource_group" "example" { + name = "example-resources" + location = "West Europe" +} diff --git a/internal/terraform/rootmodule/testdata/nested-single-root-local-modules-up/module/tf-root/.terraform/modules/modules.json b/internal/terraform/rootmodule/testdata/nested-single-root-local-modules-up/module/tf-root/.terraform/modules/modules.json new file mode 100644 index 000000000..146c00f1a --- /dev/null +++ b/internal/terraform/rootmodule/testdata/nested-single-root-local-modules-up/module/tf-root/.terraform/modules/modules.json @@ -0,0 +1 @@ +{"Modules":[{"Key":"parent","Source":"../","Dir":".."},{"Key":"","Source":"","Dir":"."}]} \ No newline at end of file diff --git a/internal/terraform/rootmodule/testdata/nested-single-root-local-modules-up/module/tf-root/.terraform/plugins/darwin_amd64/lock.json b/internal/terraform/rootmodule/testdata/nested-single-root-local-modules-up/module/tf-root/.terraform/plugins/darwin_amd64/lock.json new file mode 100755 index 000000000..894be1e76 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/nested-single-root-local-modules-up/module/tf-root/.terraform/plugins/darwin_amd64/lock.json @@ -0,0 +1,3 @@ +{ + "azurerm": "718d753146a7589a552a7586dde44e24c12a1719b8122ecca1e244d861d7fca6" +} \ No newline at end of file diff --git a/internal/terraform/rootmodule/testdata/nested-single-root-local-modules-up/module/tf-root/main.tf b/internal/terraform/rootmodule/testdata/nested-single-root-local-modules-up/module/tf-root/main.tf new file mode 100644 index 000000000..195d74e8c --- /dev/null +++ b/internal/terraform/rootmodule/testdata/nested-single-root-local-modules-up/module/tf-root/main.tf @@ -0,0 +1,3 @@ +module "parent" { + source = "../" +} diff --git a/internal/terraform/rootmodule/testdata/nested-single-root-no-modules/tf-root/.terraform/plugins/darwin_amd64/lock.json b/internal/terraform/rootmodule/testdata/nested-single-root-no-modules/tf-root/.terraform/plugins/darwin_amd64/lock.json new file mode 100755 index 000000000..51a6f9448 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/nested-single-root-no-modules/tf-root/.terraform/plugins/darwin_amd64/lock.json @@ -0,0 +1,3 @@ +{ + "random": "7903b3f4d7067b3e8ca2440aa4342b57286310e074a806d0f1a673034969817b" +} \ No newline at end of file diff --git a/internal/terraform/rootmodule/testdata/nested-single-root-no-modules/tf-root/main.tf b/internal/terraform/rootmodule/testdata/nested-single-root-no-modules/tf-root/main.tf new file mode 100644 index 000000000..9659f2d94 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/nested-single-root-no-modules/tf-root/main.tf @@ -0,0 +1,3 @@ +resource "random_id" "server" { + byte_length = 8 +} diff --git a/internal/terraform/rootmodule/testdata/nested-single-root-no-modules/unrelated-folder-1/cheeky.yaml b/internal/terraform/rootmodule/testdata/nested-single-root-no-modules/unrelated-folder-1/cheeky.yaml new file mode 100644 index 000000000..45ba7ac62 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/nested-single-root-no-modules/unrelated-folder-1/cheeky.yaml @@ -0,0 +1,2 @@ +--- +example: value diff --git a/internal/terraform/rootmodule/testdata/nested-single-root-no-modules/unrelated-folder-2/data.json b/internal/terraform/rootmodule/testdata/nested-single-root-no-modules/unrelated-folder-2/data.json new file mode 100644 index 000000000..0967ef424 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/nested-single-root-no-modules/unrelated-folder-2/data.json @@ -0,0 +1 @@ +{} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/modules.json b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/modules.json new file mode 100644 index 000000000..4a626caee --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/modules.json @@ -0,0 +1 @@ +{"Modules":[{"Key":"vpc1.vpc","Source":"./modules/vpc","Dir":".terraform/modules/vpc1/terraform-google-network-2.3.0/modules/vpc"},{"Key":"vpc2","Source":"terraform-google-modules/network/google","Version":"2.3.0","Dir":".terraform/modules/vpc2/terraform-google-network-2.3.0"},{"Key":"vpc2.routes","Source":"./modules/routes","Dir":".terraform/modules/vpc2/terraform-google-network-2.3.0/modules/routes"},{"Key":"vpc2.vpc","Source":"./modules/vpc","Dir":".terraform/modules/vpc2/terraform-google-network-2.3.0/modules/vpc"},{"Key":"vpc1.routes","Source":"./modules/routes","Dir":".terraform/modules/vpc1/terraform-google-network-2.3.0/modules/routes"},{"Key":"vpc1.subnets","Source":"./modules/subnets","Dir":".terraform/modules/vpc1/terraform-google-network-2.3.0/modules/subnets"},{"Key":"vpc2.subnets","Source":"./modules/subnets","Dir":".terraform/modules/vpc2/terraform-google-network-2.3.0/modules/subnets"},{"Key":"","Source":"","Dir":"."},{"Key":"vpc1","Source":"terraform-google-modules/network/google","Version":"2.3.0","Dir":".terraform/modules/vpc1/terraform-google-network-2.3.0"}]} \ No newline at end of file diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/.github/release-please.yml b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/.github/release-please.yml new file mode 100644 index 000000000..6366b9cb6 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/.github/release-please.yml @@ -0,0 +1,2 @@ +releaseType: terraform-module +handleGHRelease: true diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/.gitignore b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/.gitignore new file mode 100644 index 000000000..477cdaf3d --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/.gitignore @@ -0,0 +1,47 @@ +# OSX leaves these everywhere on SMB shares +._* + +# OSX trash +.DS_Store + +# Python +*.pyc + +# Emacs save files +*~ +\#*\# +.\#* + +# Vim-related files +[._]*.s[a-w][a-z] +[._]s[a-w][a-z] +*.un~ +Session.vim +.netrwhist + +### https://raw.github.com/github/gitignore/90f149de451a5433aebd94d02d11b0e28843a1af/Terraform.gitignore + +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log + +# Kitchen files +**/inspec.lock +**/.kitchen +**/.kitchen.local.yml +**/Gemfile.lock + +# Ignore any .tfvars files that are generated automatically for each Terraform run. Most +# .tfvars files are managed as part of configuration and so should be included in +# version control. +# +# example.tfvars +test/fixtures/shared/terraform.tfvars + +credentials.json diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/.kitchen.yml b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/.kitchen.yml new file mode 100644 index 000000000..3f25d4b9d --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/.kitchen.yml @@ -0,0 +1,162 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +driver: + name: "terraform" + command_timeout: 1800 + +provisioner: + name: "terraform" + +platforms: + - name: local + +suites: + - name: "simple_project" + driver: + name: "terraform" + command_timeout: 1800 + root_module_directory: test/fixtures/simple_project/ + verifier: + name: terraform + color: true + systems: + - name: inspec-gcp + backend: gcp + controls: + - gcp + - name: local + backend: local + controls: + - gcloud + - name: "simple_project_with_regional_network" + driver: + name: "terraform" + command_timeout: 1800 + root_module_directory: test/fixtures/simple_project_with_regional_network/ + verifier: + name: terraform + color: true + systems: + - name: inspec-gcp + backend: gcp + controls: + - gcp + - name: "secondary_ranges" + driver: + name: "terraform" + command_timeout: 1800 + root_module_directory: test/fixtures/secondary_ranges/ + verifier: + name: terraform + color: true + systems: + - name: local + attrs_outputs: + customized_inspec_attribute: output_network_name + customized_inspec_attribute: output_network_self_link + customized_inspec_attribute: output_subnets_ips + customized_inspec_attribute: output_routes + customized_inspec_attribute: output_subnets_flow_logs + customized_inspec_attribute: output_subnets_names + customized_inspec_attribute: output_subnets_private_access + customized_inspec_attribute: output_subnets_regions + customized_inspec_attribute: output_subnets_secondary_ranges + customized_inspec_attribute: output_project_id + backend: local + controls: + - gcloud + - inspec_attributes + - name: "multi_vpc" + driver: + name: "terraform" + command_timeout: 1800 + root_module_directory: test/fixtures/multi_vpc/ + verifier: + name: terraform + color: true + systems: + - name: local + backend: local + controls: + - gcloud + - name: "delete_default_gateway_routes" + driver: + name: "terraform" + command_timeout: 1800 + root_module_directory: test/fixtures/delete_default_gateway_routes/ + verifier: + name: terraform + color: true + systems: + - name: local + backend: local + controls: + - gcloud + - name: "submodule_firewall" + driver: + name: "terraform" + command_timeout: 1800 + root_module_directory: test/fixtures/submodule_firewall/ + verifier: + name: terraform + color: true + systems: + - name: inspec-gcp + backend: gcp + controls: + - gcp + - name: local + attrs_outputs: + customized_inspec_attribute: output_network_name + customized_inspec_attribute: output_network_self_link + customized_inspec_attribute: output_subnets_ips + customized_inspec_attribute: output_routes + customized_inspec_attribute: output_subnets_flow_logs + customized_inspec_attribute: output_subnets_names + customized_inspec_attribute: output_subnets_private_access + customized_inspec_attribute: output_subnets_regions + customized_inspec_attribute: output_subnets_secondary_ranges + customized_inspec_attribute: output_project_id + backend: local + controls: + - gcloud + - inspec_attributes + - name: "submodule_network_peering" + driver: + name: "terraform" + command_timeout: 1800 + root_module_directory: test/fixtures/submodule_network_peering/ + verifier: + name: terraform + color: true + systems: + - name: local + backend: local + controls: + - gcloud + - name: "ilb_routing" + driver: + name: "terraform" + command_timeout: 1800 + root_module_directory: test/fixtures/ilb_routing/ + verifier: + name: terraform + color: true + systems: + - name: local + backend: local + controls: + - gcloud diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/.ruby-version b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/.ruby-version new file mode 100644 index 000000000..aedc15bb0 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/.ruby-version @@ -0,0 +1 @@ +2.5.3 diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/CHANGELOG.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/CHANGELOG.md new file mode 100644 index 000000000..cff2bda83 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/CHANGELOG.md @@ -0,0 +1,272 @@ +# Changelog + +All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. + +## [2.3.0](https://www.github.com/terraform-google-modules/terraform-google-network/compare/v2.2.0...v2.3.0) (2020-04-16) + + +### Features + +* Add beta provider support for routes and subnets ([#124](https://www.github.com/terraform-google-modules/terraform-google-network/issues/124)) ([6c94a6f](https://www.github.com/terraform-google-modules/terraform-google-network/commit/6c94a6fd89989d1dd113e0a156f0c5d7cdd8407e)), closes [#68](https://www.github.com/terraform-google-modules/terraform-google-network/issues/68) + +## [2.2.0](https://www.github.com/terraform-google-modules/terraform-google-network/compare/v2.1.2...v2.2.0) (2020-04-07) + + +### Features + +* add network output ([#169](https://www.github.com/terraform-google-modules/terraform-google-network/issues/169)) ([0dc6965](https://www.github.com/terraform-google-modules/terraform-google-network/commit/0dc6965ab52f946b9e3d16dc8f8e3557d369da01)) + +### [2.1.2](https://www.github.com/terraform-google-modules/terraform-google-network/compare/v2.1.1...v2.1.2) (2020-04-02) + + +### Bug Fixes + +* Add support for enable_logging on firewall rules ([#155](https://www.github.com/terraform-google-modules/terraform-google-network/issues/155)) ([febec4e](https://www.github.com/terraform-google-modules/terraform-google-network/commit/febec4ef4b2d6080b18429106b19a8fbc5452bec)) +* Add variables type as first parameter on all variables ([#167](https://www.github.com/terraform-google-modules/terraform-google-network/issues/167)) ([2fff1e7](https://www.github.com/terraform-google-modules/terraform-google-network/commit/2fff1e7cd5188e24a413bc302c8a061c4f3bb19b)) +* remove invalid/outdated create_network variable ([#159](https://www.github.com/terraform-google-modules/terraform-google-network/issues/159)) ([6fac78e](https://www.github.com/terraform-google-modules/terraform-google-network/commit/6fac78e5b25a2ab72824b0ebefff6704a46fd984)) +* Resolve error with destroy and shared VPC host config ([#168](https://www.github.com/terraform-google-modules/terraform-google-network/issues/168)) ([683ae07](https://www.github.com/terraform-google-modules/terraform-google-network/commit/683ae072382c03f8b032944e539e9fa8601bad1f)), closes [#163](https://www.github.com/terraform-google-modules/terraform-google-network/issues/163) + +### [2.1.1](https://www.github.com/terraform-google-modules/terraform-google-network/compare/v2.1.0...v2.1.1) (2020-02-04) + + +### Bug Fixes + +* Correct the service_project_ids type ([#152](https://www.github.com/terraform-google-modules/terraform-google-network/issues/152)) ([80b6f54](https://www.github.com/terraform-google-modules/terraform-google-network/commit/80b6f54c007bc5b89709a9eebe330af058ca2260)) +* Resolve "Invalid expanding argument value" issue with the newer versions of terraform ([#153](https://www.github.com/terraform-google-modules/terraform-google-network/issues/153)) ([5f61ffb](https://www.github.com/terraform-google-modules/terraform-google-network/commit/5f61ffb3cb03a4d0ddb02dde1a3085aa428aeb38)) + +## [2.1.0](https://www.github.com/terraform-google-modules/terraform-google-network/compare/v2.0.2...v2.1.0) (2020-01-31) + + +### Features + +* add subnets output with full subnet info ([#129](https://www.github.com/terraform-google-modules/terraform-google-network/issues/129)) ([b424186](https://www.github.com/terraform-google-modules/terraform-google-network/commit/b4241861d8e670d555a43b82f4451581a8e27367)) + + +### Bug Fixes + +* Make project_id output dependent on shared_vpc host enablement ([#150](https://www.github.com/terraform-google-modules/terraform-google-network/issues/150)) ([75f9f04](https://www.github.com/terraform-google-modules/terraform-google-network/commit/75f9f0494c2a17b6d53fb265b3a4c77490b2914b)) + +### [2.0.2](https://github.com/terraform-google-modules/terraform-google-network/compare/v2.0.1...v2.0.2) (2020-01-21) + + +### Bug Fixes + +* relax version constraint in README ([1a39c7d](https://github.com/terraform-google-modules/terraform-google-network/commit/1a39c7df1d9d12e250500c3321e82ff78b0cd900)) + +## [2.0.1] - 2019-12-18 + +### Fixed + +- Fixed bug for allowing internal firewall rules. [#123](https://github.com/terraform-google-modules/terraform-google-network/pull/123) +- Provided Terraform provider versions and relaxed version constraints. [#131](https://github.com/terraform-google-modules/terraform-google-network/pull/131) + +## [2.0.0](https://github.com/terraform-google-modules/terraform-google-network/compare/v1.5.0...v2.0.0) (2019-12-09) + +v2.0.0 is a backwards-incompatible release. Please see the [upgrading guide](./docs/upgrading_to_v2.0.md). + +### Added + +- Split main module up into vpc, subnets, and routes submodules. [#103] + +### Fixed + +- Fixes subnet recreation when a subnet is updated. [#73] + + +## [1.5.0](https://github.com/terraform-google-modules/terraform-google-network/compare/v1.3.0...v1.5.0) (2019-11-12) + +### Added + +- Added submodule `network-peering` [#101] + +## [1.4.3] - 2019-10-31 + +### Fixed + +- Fixed issue with depending on outputs introduced in 1.4.1. [#95] + +## [1.4.2] - 2019-10-30 + +### Fixed + +- The outputs `network_name`, `network_self_link`, and + `subnets_secondary_ranges` depend on resource attributes rather than + data source attributes when `create_network` = `true`. [#94] + +## [1.4.1] - 2019-10-29 + +### Added + +- Made network creation optional in root module. [#88] + +### Fixed + +- Fixed issue with depending on outputs introduced in 1.4.0. [#92] + +## [1.4.0] - 2019-10-14 + +### Added + +- Add dynamic firewall rules support to firewall submodule. [#79] + +### Fixed + +- Add `depends_on` to `created_subnets` data fetch (fixes issue [#80]). [#81] + +## [1.3.0](https://github.com/terraform-google-modules/terraform-google-network/compare/v1.2.0...v1.3.0) (2019-10-10) + +### Changed + +- Set default value for `next_hop_internet`. [#64] + +### Added + +- Add host service agent role management to Shared VPC submodule [#72] + +## 1.2.0 (2019-09-18) + +### Added + +- Added `description` variable for subnets. [#66] + +### Fixed + +- Made setting `secondary_ranges` optional. [#16] + +## [1.1.0] - 2019-07-24 + +### Added + +- `auto_create_subnetworks` variable and `description` variable. [#57] + +## [1.0.0] - 2019-07-12 + +### Changed + +- Supported version of Terraform is 0.12. [#47] + +## [0.8.0] - 2019-06-12 + +### Added + +- A submodule to configure Shared VPC network attachments. [#45] + +## [0.7.0] - 2019-05-27 + +### Added + +- New firewall submodule [#40] + +### Fixed + +- Shared VPC service account roles are included in the README. [#32] +- Shared VPC host project explicitly depends on the network to avoid a + race condition. [#36] +- gcloud dependency is included in the README. [#38] + +## [0.6.0] - 2019-02-21 + +### Added + +- Add ability to delete default gateway route [#29] + +## [0.5.0] - 2019-01-31 + +### Changed + +- Make `routing_mode` a configurable variable. Defaults to "GLOBAL" [#26] + +### Added + +- Subnet self links as outputs. [#27] +- Support for route creation [#14] +- Add example for VPC with many secondary ranges [#23] +- Add example for VPC with regional routing mode [#26] + +### Fixed + +- Resolved issue with networks that have no secondary networks [#19] + +## [0.4.0] - 2018-09-25 + +### Changed + +- Make `subnet_private_access` and `subnet_flow_logs` into strings to be consistent with `shared_vpc` flag [#13] + +## [0.3.0] - 2018-09-11 + +### Changed + +- Make `subnet_private_access` default to false [#6] + +### Added + +- Add support for controlling subnet flow logs [#6] + +## [0.2.0] - 2018-08-16 + +### Added + +- Add support for Shared VPC hosting + +## [0.1.0] - 2018-08-08 + +### Added + +- Initial release +- A Google Virtual Private Network (VPC) +- Subnets within the VPC +- Secondary ranges for the subnets (if applicable) + +[Unreleased]: https://github.com/terraform-google-modules/terraform-google-network/compare/v2.0.1...HEAD +[2.0.1]: https://github.com/terraform-google-modules/terraform-google-network/compare/v2.0.0...v2.0.1 +[2.0.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v1.5.0...v2.0.0 +[1.5.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v1.4.3...v1.5.0 +[1.4.3]: https://github.com/terraform-google-modules/terraform-google-network/compare/v1.4.2...v1.4.3 +[1.4.2]: https://github.com/terraform-google-modules/terraform-google-network/compare/v1.4.1...v1.4.2 +[1.4.1]: https://github.com/terraform-google-modules/terraform-google-network/compare/v1.4.0...v1.4.1 +[1.4.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v1.3.0...v1.4.0 +[1.3.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v1.2.0...v1.3.0 +[1.2.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v1.1.0...v1.2.0 +[1.1.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v1.0.0...v1.1.0 +[1.0.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v0.8.0...v1.0.0 +[0.8.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v0.7.0...v0.8.0 +[0.7.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v0.6.0...v0.7.0 +[0.6.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v0.5.0...v0.6.0 +[0.5.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v0.4.0...v0.5.0 +[0.4.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v0.3.0...v0.4.0 +[0.3.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v0.2.0...v0.3.0 +[0.2.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v0.1.0...v0.2.0 +[0.1.0]: https://github.com/terraform-google-modules/terraform-google-network/releases/tag/v0.1.0 + +[#73]: https://github.com/terraform-google-modules/terraform-google-network/pull/73 +[#103]: https://github.com/terraform-google-modules/terraform-google-network/pull/103 +[#101]: https://github.com/terraform-google-modules/terraform-google-network/pull/101 +[#95]: https://github.com/terraform-google-modules/terraform-google-network/issues/95 +[#94]: https://github.com/terraform-google-modules/terraform-google-network/pull/94 +[#92]: https://github.com/terraform-google-modules/terraform-google-network/issues/92 +[#88]: https://github.com/terraform-google-modules/terraform-google-network/issues/88 +[#81]: https://github.com/terraform-google-modules/terraform-google-network/pull/81 +[#80]: https://github.com/terraform-google-modules/terraform-google-network/issues/80 +[#79]: https://github.com/terraform-google-modules/terraform-google-network/pull/79 +[#72]: https://github.com/terraform-google-modules/terraform-google-network/pull/72 +[#64]: https://github.com/terraform-google-modules/terraform-google-network/pull/64 +[#66]: https://github.com/terraform-google-modules/terraform-google-network/pull/66 +[#16]: https://github.com/terraform-google-modules/terraform-google-network/pull/16 +[#57]: https://github.com/terraform-google-modules/terraform-google-network/pull/57 +[#47]: https://github.com/terraform-google-modules/terraform-google-network/pull/47 +[#45]: https://github.com/terraform-google-modules/terraform-google-network/pull/45 +[#40]: https://github.com/terraform-google-modules/terraform-google-network/pull/40 +[#38]: https://github.com/terraform-google-modules/terraform-google-network/pull/38 +[#36]: https://github.com/terraform-google-modules/terraform-google-network/pull/36 +[#32]: https://github.com/terraform-google-modules/terraform-google-network/pull/32 +[#29]: https://github.com/terraform-google-modules/terraform-google-network/pull/29 +[#27]: https://github.com/terraform-google-modules/terraform-google-network/pull/27 +[#26]: https://github.com/terraform-google-modules/terraform-google-network/pull/26 +[#23]: https://github.com/terraform-google-modules/terraform-google-network/pull/23 +[#19]: https://github.com/terraform-google-modules/terraform-google-network/pull/19 +[#14]: https://github.com/terraform-google-modules/terraform-google-network/pull/14 +[#13]: https://github.com/terraform-google-modules/terraform-google-network/pull/13 +[#6]: https://github.com/terraform-google-modules/terraform-google-network/pull/6 +[keepachangelog-site]: https://keepachangelog.com/en/1.0.0/ +[semver-site]: https://semver.org/spec/v2.0.0.html diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/CODEOWNERS b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/CODEOWNERS new file mode 100644 index 000000000..3a0760e1f --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/CODEOWNERS @@ -0,0 +1,9 @@ +* @terraform-google-modules/cft-admins @andreyk-code @jeanno + +# CFT Fabric +/examples/submodule_svpc_access/ @terraform-google-modules/cft-fabric +/modules/fabric-net-svpc-access/ @terraform-google-modules/cft-fabric +/modules/fabric-net-firewall/ @terraform-google-modules/cft-fabric +/examples/submodule_firewall/ @terraform-google-modules/cft-fabric +/modules/network-peering/ @terraform-google-modules/cft-fabric +/examples/submodule_network_peering/ @terraform-google-modules/cft-fabric diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/CONTRIBUTING.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/CONTRIBUTING.md new file mode 100644 index 000000000..a350db595 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/CONTRIBUTING.md @@ -0,0 +1,99 @@ +# Contributing + +This document provides guidelines for contributing to the module. + +## Dependencies + +The following dependencies must be installed on the development system: + +- [Docker Engine][docker-engine] +- [Google Cloud SDK][google-cloud-sdk] +- [make] + +## Generating Documentation for Inputs and Outputs + +The Inputs and Outputs tables in the READMEs of the root module, +submodules, and example modules are automatically generated based on +the `variables` and `outputs` of the respective modules. These tables +must be refreshed if the module interfaces are changed. + +### Execution + +Run `make generate_docs` to generate new Inputs and Outputs tables. + +## Integration Testing + +Integration tests are used to verify the behaviour of the root module, +submodules, and example modules. Additions, changes, and fixes should +be accompanied with tests. + +The integration tests are run using [Kitchen][kitchen], +[Kitchen-Terraform][kitchen-terraform], and [InSpec][inspec]. These +tools are packaged within a Docker image for convenience. + +The general strategy for these tests is to verify the behaviour of the +[example modules](./examples/), thus ensuring that the root module, +submodules, and example modules are all functionally correct. + +### Test Environment +The easiest way to test the module is in an isolated test project. The setup for such a project is defined in [test/setup](./test/setup/) directory. + +To use this setup, you need a service account with Project Creator access on a folder. Export the Service Account credentials to your environment like so: + +``` +export SERVICE_ACCOUNT_JSON=$(< credentials.json) +``` + +You will also need to set a few environment variables: +``` +export TF_VAR_org_id="your_org_id" +export TF_VAR_folder_id="your_folder_id" +export TF_VAR_billing_account="your_billing_account_id" +``` + +With these settings in place, you can prepare a test project using Docker: +``` +make docker_test_prepare +``` + +### Noninteractive Execution + +Run `make docker_test_integration` to test all of the example modules +noninteractively, using the prepared test project. + +### Interactive Execution + +1. Run `make docker_run` to start the testing Docker container in + interactive mode. + +1. Run `kitchen_do create ` to initialize the working + directory for an example module. + +1. Run `kitchen_do converge ` to apply the example module. + +1. Run `kitchen_do verify ` to test the example module. + +1. Run `kitchen_do destroy ` to destroy the example module + state. + +## Linting and Formatting + +Many of the files in the repository can be linted or formatted to +maintain a standard of quality. + +### Execution + +Run `make docker_test_lint`. + +[docker-engine]: https://www.docker.com/products/docker-engine +[flake8]: http://flake8.pycqa.org/en/latest/ +[gofmt]: https://golang.org/cmd/gofmt/ +[google-cloud-sdk]: https://cloud.google.com/sdk/install +[hadolint]: https://github.com/hadolint/hadolint +[inspec]: https://inspec.io/ +[kitchen-terraform]: https://github.com/newcontext-oss/kitchen-terraform +[kitchen]: https://kitchen.ci/ +[make]: https://en.wikipedia.org/wiki/Make_(software) +[shellcheck]: https://www.shellcheck.net/ +[terraform-docs]: https://github.com/segmentio/terraform-docs +[terraform]: https://terraform.io/ diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/Gemfile b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/Gemfile new file mode 100644 index 000000000..af3b9546f --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/Gemfile @@ -0,0 +1,19 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ruby '2.6.3' + +source 'https://rubygems.org/' do + gem 'kitchen-terraform', '~> 4.3' +end diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/LICENSE b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/LICENSE new file mode 100644 index 000000000..d64569567 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/Makefile b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/Makefile new file mode 100644 index 000000000..fd4c92203 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/Makefile @@ -0,0 +1,82 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Make will use bash instead of sh +SHELL := /usr/bin/env bash + +DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0.6.0 +DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools +REGISTRY_URL := gcr.io/cloud-foundation-cicd + +# Enter docker container for local development +.PHONY: docker_run +docker_run: + docker run --rm -it \ + -e SERVICE_ACCOUNT_JSON \ + -v $(CURDIR):/workspace \ + $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ + /bin/bash + +# Execute prepare tests within the docker container +.PHONY: docker_test_prepare +docker_test_prepare: + docker run --rm -it \ + -e SERVICE_ACCOUNT_JSON \ + -e TF_VAR_org_id \ + -e TF_VAR_folder_id \ + -e TF_VAR_billing_account \ + -v $(CURDIR):/workspace \ + $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ + /usr/local/bin/execute_with_credentials.sh prepare_environment + +# Clean up test environment within the docker container +.PHONY: docker_test_cleanup +docker_test_cleanup: + docker run --rm -it \ + -e SERVICE_ACCOUNT_JSON \ + -e TF_VAR_org_id \ + -e TF_VAR_folder_id \ + -e TF_VAR_billing_account \ + -v $(CURDIR):/workspace \ + $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ + /usr/local/bin/execute_with_credentials.sh cleanup_environment + +# Execute integration tests within the docker container +.PHONY: docker_test_integration +docker_test_integration: + docker run --rm -it \ + -e SERVICE_ACCOUNT_JSON \ + -v $(CURDIR):/workspace \ + $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ + /usr/local/bin/test_integration.sh + +# Execute lint tests within the docker container +.PHONY: docker_test_lint +docker_test_lint: + docker run --rm -it \ + -v $(CURDIR):/workspace \ + $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ + /usr/local/bin/test_lint.sh + +# Generate documentation +.PHONY: docker_generate_docs +docker_generate_docs: + docker run --rm -it \ + -v $(CURDIR):/workspace \ + $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ + /bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs' + +# Alias for backwards compatibility +.PHONY: generate_docs +generate_docs: docker_generate_docs diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/README.md new file mode 100644 index 000000000..969239134 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/README.md @@ -0,0 +1,183 @@ +# Terraform Network Module + +This modules makes it easy to set up a new VPC Network in GCP by defining your network and subnet ranges in a concise syntax. + +It supports creating: + +- A Google Virtual Private Network (VPC) +- Subnets within the VPC +- Secondary ranges for the subnets (if applicable) + +Sub modules are provided for creating individual vpc, subnets, and routes. See the modules directory for the various sub modules usage. + +## Compatibility + +This module is meant for use with Terraform 0.12. If you haven't [upgraded](https://www.terraform.io/upgrade-guides/0-12.html) and need a Terraform 0.11.x-compatible version of this module, the last released version intended for Terraform 0.11.x is [0.8.0](https://registry.terraform.io/modules/terraform-google-modules/network/google/0.8.0). + +## Usage +You can go to the examples folder, however the usage of the module could be like this in your own main.tf file: + +```hcl +module "vpc" { + source = "terraform-google-modules/network/google" + version = "~> 2.3" + + project_id = "" + network_name = "example-vpc" + routing_mode = "GLOBAL" + + subnets = [ + { + subnet_name = "subnet-01" + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + subnet_name = "subnet-02" + subnet_ip = "10.10.20.0/24" + subnet_region = "us-west1" + subnet_private_access = "true" + subnet_flow_logs = "true" + description = "This subnet has a description" + }, + { + subnet_name = "subnet-03" + subnet_ip = "10.10.30.0/24" + subnet_region = "us-west1" + subnet_flow_logs = "true" + subnet_flow_logs_interval = "INTERVAL_10_MIN" + subnet_flow_logs_sampling = 0.7 + subnet_flow_logs_metadata = "INCLUDE_ALL_METADATA" + } + ] + + secondary_ranges = { + subnet-01 = [ + { + range_name = "subnet-01-secondary-01" + ip_cidr_range = "192.168.64.0/24" + }, + ] + + subnet-02 = [] + } + + routes = [ + { + name = "egress-internet" + description = "route through IGW to access internet" + destination_range = "0.0.0.0/0" + tags = "egress-inet" + next_hop_internet = "true" + }, + { + name = "app-proxy" + description = "route through proxy to reach app" + destination_range = "10.50.10.0/24" + tags = "app-proxy" + next_hop_instance = "app-proxy-instance" + next_hop_instance_zone = "us-west1-a" + }, + ] +} +``` + +Then perform the following commands on the root folder: + +- `terraform init` to get the plugins +- `terraform plan` to see the infrastructure plan +- `terraform apply` to apply the infrastructure build +- `terraform destroy` to destroy the built infrastructure + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| auto\_create\_subnetworks | When set to true, the network is created in 'auto subnet mode' and it will create a subnet for each region automatically across the 10.128.0.0/9 address range. When set to false, the network is created in 'custom subnet mode' so the user can explicitly connect subnetwork resources. | bool | `"false"` | no | +| delete\_default\_internet\_gateway\_routes | If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted | string | `"false"` | no | +| description | An optional description of this resource. The resource must be recreated to modify this field. | string | `""` | no | +| network\_name | The name of the network being created | string | n/a | yes | +| project\_id | The ID of the project where this VPC will be created | string | n/a | yes | +| routes | List of routes being created in this VPC | list(map(string)) | `` | no | +| routing\_mode | The network routing mode (default 'GLOBAL') | string | `"GLOBAL"` | no | +| secondary\_ranges | Secondary ranges that will be used in some of the subnets | object | `` | no | +| shared\_vpc\_host | Makes this project a Shared VPC host if 'true' (default 'false') | bool | `"false"` | no | +| subnets | The list of subnets being created | list(map(string)) | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| network | The created network | +| network\_name | The name of the VPC being created | +| network\_self\_link | The URI of the VPC being created | +| project\_id | VPC project id | +| route\_names | The route names associated with this VPC | +| subnets | A map with keys of form subnet_region/subnet_name and values being the outputs of the google_compute_subnetwork resources used to create corresponding subnets. | +| subnets\_flow\_logs | Whether the subnets will have VPC flow logs enabled | +| subnets\_ips | The IPs and CIDRs of the subnets being created | +| subnets\_names | The names of the subnets being created | +| subnets\_private\_access | Whether the subnets will have access to Google API's without a public IP | +| subnets\_regions | The region where the subnets will be created | +| subnets\_secondary\_ranges | The secondary ranges associated with these subnets | +| subnets\_self\_links | The self-links of subnets being created | + + + +### Subnet Inputs + +The subnets list contains maps, where each object represents a subnet. Each map has the following inputs (please see examples folder for additional references): + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| subnet\_name | The name of the subnet being created | string | - | yes | +| subnet\_ip | The IP and CIDR range of the subnet being created | string | - | yes | +| subnet\_region | The region where the subnet will be created | string | - | yes | +| subnet\_private\_access | Whether this subnet will have private Google access enabled | string | `"false"` | no | +| subnet\_flow\_logs | Whether the subnet will record and send flow log data to logging | string | `"false"` | no | + +### Route Inputs + +The routes list contains maps, where each object represents a route. For the next_hop_* inputs, only one is possible to be used in each route. Having two next_hop_* inputs will produce an error. Each map has the following inputs (please see examples folder for additional references): + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| name | The name of the route being created | string | - | no | +| description | The description of the route being created | string | - | no | +| tags | The network tags assigned to this route. This is a list in string format. Eg. "tag-01,tag-02"| string | - | yes | +| destination\_range | The destination range of outgoing packets that this route applies to. Only IPv4 is supported | string | - | yes +| next\_hop\_internet | Whether the next hop to this route will the default internet gateway. Use "true" to enable this as next hop | string | `"false"` | yes | +| next\_hop\_ip | Network IP address of an instance that should handle matching packets | string | - | yes | +| next\_hop\_instance | URL or name of an instance that should handle matching packets. If just name is specified "next\_hop\_instance\_zone" is required | string | - | yes | +| next\_hop\_instance\_zone | The zone of the instance specified in next\_hop\_instance. Only required if next\_hop\_instance is specified as a name | string | - | no | +| next\_hop\_vpn\_tunnel | URL to a VpnTunnel that should handle matching packets | string | - | yes | +| priority | The priority of this route. Priority is used to break ties in cases where there is more than one matching route of equal prefix length. In the case of two routes with equal prefix length, the one with the lowest-numbered priority value wins | string | `"1000"` | yes | + +## Requirements +### Installed Software +- [Terraform](https://www.terraform.io/downloads.html) ~> 0.12.6 +- [Terraform Provider for GCP](https://github.com/terraform-providers/terraform-provider-google) ~> 2.19 +- [Terraform Provider for GCP Beta](https://github.com/terraform-providers/terraform-provider-google-beta) ~> + 2.19 +- [gcloud](https://cloud.google.com/sdk/gcloud/) >243.0.0 + +### Configure a Service Account +In order to execute this module you must have a Service Account with the following roles: + +- roles/compute.networkAdmin on the organization or folder + +If you are going to manage a Shared VPC, you must have either: + +- roles/compute.xpnAdmin on the organization +- roles/compute.xpnAdmin on the folder (beta) + +### Enable API's +In order to operate with the Service Account you must activate the following API on the project where the Service Account was created: + +- Compute Engine API - compute.googleapis.com + +## Contributing + +Refer to the [contribution guidelines](./CONTRIBUTING.md) for +information on contributing to this module. diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/build/int.cloudbuild.yaml b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/build/int.cloudbuild.yaml new file mode 100644 index 000000000..06c7799aa --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/build/int.cloudbuild.yaml @@ -0,0 +1,169 @@ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +timeout: 3600s +steps: +- id: prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && prepare_environment'] + env: + - 'TF_VAR_org_id=$_ORG_ID' + - 'TF_VAR_folder_id=$_FOLDER_ID' + - 'TF_VAR_billing_account=$_BILLING_ACCOUNT' +- id: create simple-project-local + waitFor: + - prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create simple-project-local'] +- id: converge simple-project-local + waitFor: + - create simple-project-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge simple-project-local'] +- id: verify simple-project-local + waitFor: + - converge simple-project-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify simple-project-local'] +- id: destroy simple-project-local + waitFor: + - verify simple-project-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy simple-project-local'] +- id: create simple-project-with-regional-network-local + waitFor: + - prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create simple-project-with-regional-network-local'] +- id: converge simple-project-with-regional-network-local + waitFor: + - create simple-project-with-regional-network-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge simple-project-with-regional-network-local'] +- id: verify simple-project-with-regional-network-local + waitFor: + - converge simple-project-with-regional-network-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify simple-project-with-regional-network-local'] +- id: destroy simple-project-with-regional-network-local + waitFor: + - verify simple-project-with-regional-network-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy simple-project-with-regional-network-local'] +- id: create secondary-ranges-local + waitFor: + - prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create secondary-ranges-local'] +- id: converge secondary-ranges-local + waitFor: + - create secondary-ranges-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge secondary-ranges-local'] +- id: verify secondary-ranges-local + waitFor: + - converge secondary-ranges-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify secondary-ranges-local'] +- id: destroy secondary-ranges-local + waitFor: + - verify secondary-ranges-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy secondary-ranges-local'] +- id: create multi-vpc-local + waitFor: + - prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create multi-vpc-local'] +- id: converge multi-vpc-local + waitFor: + - create multi-vpc-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge multi-vpc-local'] +- id: verify multi-vpc-local + waitFor: + - converge multi-vpc-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify multi-vpc-local'] +- id: destroy multi-vpc-local + waitFor: + - verify multi-vpc-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy multi-vpc-local'] +- id: create delete-default-gateway-routes-local + waitFor: + - prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create delete-default-gateway-routes-local'] +- id: converge delete-default-gateway-routes-local + waitFor: + - create delete-default-gateway-routes-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge delete-default-gateway-routes-local'] +- id: verify delete-default-gateway-routes-local + waitFor: + - converge delete-default-gateway-routes-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify delete-default-gateway-routes-local'] +- id: destroy delete-default-gateway-routes-local + waitFor: + - verify delete-default-gateway-routes-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy delete-default-gateway-routes-local'] +- id: create submodule-firewall-local + waitFor: + - prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create submodule-firewall-local'] +- id: converge submodule-firewall-local + waitFor: + - create submodule-firewall-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge submodule-firewall-local'] +- id: verify submodule-firewall-local + waitFor: + - converge submodule-firewall-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify submodule-firewall-local'] +- id: destroy submodule-firewall-local + waitFor: + - verify submodule-firewall-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy submodule-firewall-local'] +- id: create submodule-network-peering-local + waitFor: + - prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create submodule-network-peering-local'] +- id: converge submodule-network-peering-local + waitFor: + - create submodule-network-peering-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge submodule-network-peering-local'] +- id: verify submodule-network-peering-local + waitFor: + - converge submodule-network-peering-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify submodule-network-peering-local'] +- id: destroy submodule-network-peering-local + waitFor: + - verify submodule-network-peering-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy submodule-network-peering-local'] +tags: +- 'ci' +- 'integration' +substitutions: + _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools' + _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.6.0' diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/build/lint.cloudbuild.yaml b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/build/lint.cloudbuild.yaml new file mode 100644 index 000000000..3f3923fb7 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/build/lint.cloudbuild.yaml @@ -0,0 +1,24 @@ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +steps: +- name: 'gcr.io/cloud-foundation-cicd/cft/developer-tools:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + id: 'lint' + args: ['/usr/local/bin/test_lint.sh'] +tags: +- 'ci' +- 'lint' +substitutions: + _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools' + _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.6.0' diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/codelabs/simple/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/codelabs/simple/README.md new file mode 100644 index 000000000..fdc16c917 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/codelabs/simple/README.md @@ -0,0 +1,3 @@ +# Networking Codelab + +The Terraform configuration in this directory is used for a [simple codelab](https://codelabs.developers.google.com/codelabs/hashicorp-terraform-networking/index.html#0). diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/codelabs/simple/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/codelabs/simple/main.tf new file mode 100644 index 000000000..93e234fc4 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/codelabs/simple/main.tf @@ -0,0 +1,110 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +resource "random_id" "network_id" { + byte_length = 8 +} + +resource "google_project_service" "compute" { + service = "compute.googleapis.com" +} + +# Create the network +module "vpc" { + source = "terraform-google-modules/network/google" + version = "~> 0.4.0" + + # Give the network a name and project + project_id = google_project_service.compute.project + network_name = "my-custom-vpc-${random_id.network_id.hex}" + + subnets = [ + { + # Creates your first subnet in us-west1 and defines a range for it + subnet_name = "my-first-subnet" + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + # Creates a dedicated subnet for GKE + subnet_name = "my-gke-subnet" + subnet_ip = "10.10.20.0/24" + subnet_region = "us-west1" + }, + ] + + # Define secondary ranges for each of your subnets + secondary_ranges = { + my-first-subnet = [] + + my-gke-subnet = [ + { + # Define a secondary range for Kubernetes pods to use + range_name = "my-gke-pods-range" + ip_cidr_range = "192.168.64.0/24" + }, + ] + } +} + +resource "random_id" "instance_id" { + byte_length = 8 +} + +# Launch a VM on it +resource "google_compute_instance" "default" { + name = "vm-${random_id.instance_id.hex}" + project = google_project_service.compute.project + machine_type = "f1-micro" + zone = "us-west1-a" + + boot_disk { + initialize_params { + image = "debian-cloud/debian-9" + } + } + + network_interface { + subnetwork = module.vpc.subnets_names[0] + subnetwork_project = google_project_service.compute.project + + access_config { + # Include this section to give the VM an external ip address + } + } + + # Apply the firewall rule to allow external IPs to ping this instance + tags = ["allow-ping"] +} + +# Allow traffic to the VM +resource "google_compute_firewall" "allow-ping" { + name = "default-ping" + network = module.vpc.network_name + project = google_project_service.compute.project + + allow { + protocol = "icmp" + } + + # Allow traffic from everywhere to instances with an http-server tag + source_ranges = ["0.0.0.0/0"] + target_tags = ["allow-ping"] +} + +output "ip" { + value = google_compute_instance.default.network_interface.0.access_config.0.nat_ip +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/docs/upgrading_to_v2.0.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/docs/upgrading_to_v2.0.md new file mode 100644 index 000000000..542680135 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/docs/upgrading_to_v2.0.md @@ -0,0 +1,140 @@ +# Upgrading to v2.x + +The v2.x release of _google-network_ is a backwards incompatible +release. + +Because v2.x changed how the subnet resource is iterated on, resources in Terraform state need to be migrated in order to avoid the resources from getting destroyed and recreated. + +## Output Changes +In version 2.x, a few output names were [changed](https://github.com/terraform-google-modules/terraform-google-network/compare/v1.5.0...v2.0.0#diff-c09d00f135e3672d079ff6e0556d957d): + +- `svpc_host_project_id` was renamed to `project_id`. +- `routes` was renamed to `route_names` + +## Migration Instructions + +First, upgrade to the new version of this module. + +```diff + module "kubernetes_engine_private_cluster" { + source = "terraform-google-modules/network/google" +- version = "~> 1.5" ++ version = "~> 2.0" + + # ... + } +``` + +If you run `terraform plan` at this point, Terraform will inform you that it will attempt to delete and recreate your existing subnets. This is almost certainly not the behavior you want. + +You will need to migrate your state, either [manually](#manual-migration-steps) or [automatically](#migration-script). + +### Migration Script + +1. Download the script: + + ```sh + curl -O https://raw.githubusercontent.com/terraform-google-modules/terraform-google-network/master/helpers/migrate.py + chmod +x migrate.py + ``` + +2. Back up your Terraform state: + + ```sh + terraform state pull >> state.bak + ``` + +2. Run the script to output the migration commands: + + ```sh + $ ./migrate.py --dryrun + terraform state mv 'module.example.module.test-vpc-module-02.google_compute_network.network[0]' 'module.example.module.test-vpc-module-02.module.vpc.google_compute_network.network' + terraform state mv 'module.example.module.test-vpc-module-02.google_compute_subnetwork.subnetwork' 'module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork' + terraform state mv 'module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork[0]' 'module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork["us-west1/multi-vpc-a1-02-subnet-01"]' + terraform state mv 'module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork[1]' 'module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork["us-west1/multi-vpc-a1-02-subnet-02"]' + terraform state mv 'module.example.module.test-vpc-module-02.google_compute_route.route' 'module.example.module.test-vpc-module-02.module.routes.google_compute_route.route' + terraform state mv 'module.example.module.test-vpc-module-02.module.routes.google_compute_route.route[0]' 'module.example.module.test-vpc-module-02.module.routes.google_compute_route.route["multi-vpc-a1-02-egress-inet"]' + terraform state mv 'module.example.module.test-vpc-module-02.module.routes.google_compute_route.route[1]' 'module.example.module.test-vpc-module-02.module.routes.google_compute_route.route["multi-vpc-a1-02-testapp-proxy"]' + + ``` + +3. Execute the migration script: + + ```sh + $ ./migrate.py + ---- Migrating the following modules: + -- module.example.module.test-vpc-module-02 + ---- Commands to run: + Move "module.example.module.test-vpc-module-02.google_compute_network.network[0]" to "module.example.module.test-vpc-module-02.module.vpc.google_compute_network.network" + Successfully moved 1 object(s). + Move "module.example.module.test-vpc-module-02.google_compute_subnetwork.subnetwork" to "module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork" + Successfully moved 1 object(s). + Move "module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork[0]" to "module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork[\"us-west1/multi-vpc-a1-02-subnet-01\"]" + Successfully moved 1 object(s). + Move "module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork[1]" to "module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork[\"us-west1/multi-vpc-a1-02-subnet-02\"]" + Successfully moved 1 object(s). + Move "module.example.module.test-vpc-module-02.google_compute_route.route" to "module.example.module.test-vpc-module-02.module.routes.google_compute_route.route" + Successfully moved 1 object(s). + Move "module.example.module.test-vpc-module-02.module.routes.google_compute_route.route[0]" to "module.example.module.test-vpc-module-02.module.routes.google_compute_route.route[\"multi-vpc-a1-02-egress-inet\"]" + Successfully moved 1 object(s). + Move "module.example.module.test-vpc-module-02.module.routes.google_compute_route.route[1]" to "module.example.module.test-vpc-module-02.module.routes.google_compute_route.route[\"multi-vpc-a1-02-testapp-proxy\"]" + Successfully moved 1 object(s). + + ``` + +4. Run `terraform plan` to confirm no changes are expected. + +### Manual Migration Steps + +In this example here are the commands used migrate the vpc and subnets created by the `simple_project` in the examples directory. _please note the need to escape the quotes on the new resource_. You may also use the migration script. + +- `terraform state mv module.example.module.test-vpc-module.google_compute_network.network module.example.module.test-vpc-module.module.vpc.google_compute_subnetwork.network` + +- `terraform state mv module.example.module.test-vpc-module.google_compute_subnetwork.subnetwork module.example.module.test-vpc-module.module.subnets.google_compute_subnetwork.subnetwork` + +- `terraform state mv module.example.module.test-vpc-module.module.subnets.google_compute_subnetwork.subnetwork[0] module.example.module.test-vpc-module.module.subnets.google_compute_subnetwork.subnetwork[\"us-west1/simple-project-timh-subnet-01\"]` + +- `terraform state mv module.example.module.test-vpc-module.module.subnets.google_compute_subnetwork.subnetwork[1] module.example.module.test-vpc-module.module.subnets.google_compute_subnetwork.subnetwork[\"us-west1/simple-project-timh-subnet-02\"]` + +*You'll notice that because of a terraform [issue](https://github.com/hashicorp/terraform/issues/22301), we need to move the whole resource collection first before renaming to the `for_each` keys* + +`terraform plan` should now return a no-op and show no new changes. + +```Shell +$ terraform plan +Refreshing Terraform state in-memory prior to plan... +The refreshed state will be used to calculate this plan, but will not be +persisted to local or remote state storage. + +module.example.module.test-vpc-module.google_compute_network.network: Refreshing state... [id=simple-project-timh] +module.example.module.test-vpc-module.google_compute_subnetwork.subnetwork["us-west1/simple-project-timh-subnet-02"]: Refreshing state... [id=us-west1/simple-project-timh-subnet-02] +module.example.module.test-vpc-module.google_compute_subnetwork.subnetwork["us-west1/simple-project-timh-subnet-01"]: Refreshing state... [id=us-west1/simple-project-timh-subnet-01] + +------------------------------------------------------------------------ + +No changes. Infrastructure is up-to-date. + +This means that Terraform did not detect any differences between your +configuration and real physical resources that exist. As a result, no +actions need to be performed. +``` + +### Known Issues + +If your previous state only contains a **single** subnet or route then `terraform mv` will throw an error similar to the following during migration: + +``` +Error: Invalid target address + +Cannot move to +module.example.module.test-vpc-module-01.module.routes.google_compute_route.route["multi-vpc-a1-01-egress-inet"]: +module.example.module.test-vpc-module-01.module.routes.google_compute_route.route +does not exist in the current state. +``` + +This is due to a terraform mv [issue](https://github.com/hashicorp/terraform/issues/22301) + +The workaround is to either + +1. Create a temporary subnet or route prior to migration +2. Manually updating the state file. Update the `index_key` of the appropriate user and push the to the remote state if necessary. diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/.gitignore b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/.gitignore new file mode 100644 index 000000000..1e49b3a62 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/.gitignore @@ -0,0 +1 @@ +.tfvars diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/README.md new file mode 100644 index 000000000..2735dfb5a --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/README.md @@ -0,0 +1,29 @@ +# Delete Default Gateway Routes + +This example configures a single simple VPC inside of a project. + +This VPC has a single subnet with no secondary ranges, and ensures the default internet gateway route is deleted. + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| network\_name | The name of the VPC network being created | string | n/a | yes | +| project\_id | The project ID to host the network in | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| network\_name | The name of the VPC being created | +| network\_self\_link | The URI of the VPC being created | +| route\_names | The routes associated with this VPC | +| subnets\_flow\_logs | Whether the subnets will have VPC flow logs enabled | +| subnets\_ips | The IP and cidrs of the subnets being created | +| subnets\_names | The names of the subnets being created | +| subnets\_private\_access | Whether the subnets will have access to Google API's without a public IP | +| subnets\_regions | The region where subnets will be created | +| subnets\_secondary\_ranges | The secondary ranges associated with these subnets | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/main.tf new file mode 100644 index 000000000..c24c08c78 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/main.tf @@ -0,0 +1,42 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 3.3.0" +} + +provider "null" { + version = "~> 2.1" +} + +locals { + subnet_01 = "${var.network_name}-subnet-01" +} + +module "test-vpc-module" { + source = "../../" + project_id = var.project_id + network_name = var.network_name + delete_default_internet_gateway_routes = "true" + + subnets = [ + { + subnet_name = local.subnet_01 + subnet_ip = "10.20.30.0/24" + subnet_region = "us-west1" + }, + ] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/outputs.tf new file mode 100644 index 000000000..d7a27ff41 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/outputs.tf @@ -0,0 +1,60 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "network_name" { + value = module.test-vpc-module.network_name + description = "The name of the VPC being created" +} + +output "network_self_link" { + value = module.test-vpc-module.network_self_link + description = "The URI of the VPC being created" +} + +output "subnets_names" { + value = module.test-vpc-module.subnets_names + description = "The names of the subnets being created" +} + +output "subnets_ips" { + value = module.test-vpc-module.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "subnets_regions" { + value = module.test-vpc-module.subnets_regions + description = "The region where subnets will be created" +} + +output "subnets_private_access" { + value = module.test-vpc-module.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "subnets_flow_logs" { + value = module.test-vpc-module.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "subnets_secondary_ranges" { + value = module.test-vpc-module.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets" +} + +output "route_names" { + value = module.test-vpc-module.route_names + description = "The routes associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/variables.tf new file mode 100644 index 000000000..add931101 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/variables.tf @@ -0,0 +1,23 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to host the network in" +} + +variable "network_name" { + description = "The name of the VPC network being created" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/versions.tf new file mode 100644 index 000000000..27ba8fc12 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/ilb_routing/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/ilb_routing/README.md new file mode 100644 index 000000000..d289ebf89 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/ilb_routing/README.md @@ -0,0 +1,33 @@ +# ILB routing example + +This example configures a single VPC inside of a project. + +This VPC has three subnets and a forwarding rule. Please note, that this is simply example resource usage, this module +wouldn't work as is. + +More information: +- https://cloud.google.com/load-balancing/docs/internal/setting-up-ilb-next-hop +- https://cloud.google.com/load-balancing/docs/l7-internal/proxy-only-subnets + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| network\_name | The name of the VPC network being created | string | n/a | yes | +| project\_id | The project ID to host the network in | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| forwarding\_rule | Forwarding rule link | +| network\_name | The name of the VPC being created | +| network\_self\_link | The URI of the VPC being created | +| project\_id | VPC project id | +| route\_names | The routes associated with this VPC | +| subnets\_ips | The IP and cidrs of the subnets being created | +| subnets\_names | The names of the subnets being created | +| subnets\_regions | The region where subnets will be created | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/ilb_routing/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/ilb_routing/main.tf new file mode 100644 index 000000000..0c33e1def --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/ilb_routing/main.tf @@ -0,0 +1,127 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 2.19.0" +} + +provider "google-beta" { + version = "~> 2.19.0" +} + +provider "null" { + version = "~> 2.1" +} + +module "vpc" { + source = "../../modules/vpc" + network_name = var.network_name + project_id = var.project_id +} + +module "subnets" { + source = "../../modules/subnets-beta" + project_id = var.project_id + network_name = module.vpc.network_name + + subnets = [ + { + subnet_name = "${var.network_name}-subnet" + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + subnet_name = "${var.network_name}-subnet-01" + subnet_ip = "10.20.10.0/24" + subnet_region = "us-west1" + purpose = "INTERNAL_HTTPS_LOAD_BALANCER" + role = "ACTIVE" + } + ] +} + +module "subnets-backup" { + source = "../../modules/subnets-beta" + project_id = var.project_id + network_name = module.vpc.network_name + + subnets = [ + { + subnet_name = "${var.network_name}-subnet-02" + subnet_ip = "10.20.20.0/24" + subnet_region = "us-west1" + purpose = "INTERNAL_HTTPS_LOAD_BALANCER" + role = "BACKUP" + } + ] + + module_depends_on = [module.subnets.subnets] +} + +resource "google_compute_health_check" "this" { + project = var.project_id + name = "${var.network_name}-test" + check_interval_sec = 1 + timeout_sec = 1 + + tcp_health_check { + port = "80" + } +} + +resource "google_compute_region_backend_service" "this" { + project = var.project_id + name = "${var.network_name}-test" + region = "us-west1" + health_checks = [google_compute_health_check.this.self_link] +} + +resource "google_compute_forwarding_rule" "this" { + project = var.project_id + name = "${var.network_name}-fw-role" + + network = module.vpc.network_name + subnetwork = module.subnets.subnets["us-west1/${var.network_name}-subnet"].name + backend_service = google_compute_region_backend_service.this.self_link + region = "us-west1" + load_balancing_scheme = "INTERNAL" + all_ports = true +} + +module "routes" { + source = "../../modules/routes-beta" + project_id = var.project_id + network_name = module.vpc.network_name + routes_count = 2 + + routes = [ + { + name = "${var.network_name}-egress-inet" + description = "route through IGW to access internet" + destination_range = "0.0.0.0/0" + tags = "egress-inet" + next_hop_internet = "true" + }, + { + name = "${var.network_name}-ilb" + description = "route through ilb" + destination_range = "10.10.20.0/24" + next_hop_ilb = google_compute_forwarding_rule.this.self_link + }, + ] + + module_depends_on = [module.subnets.subnets, module.subnets-backup.subnets] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/ilb_routing/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/ilb_routing/outputs.tf new file mode 100644 index 000000000..676e23f32 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/ilb_routing/outputs.tf @@ -0,0 +1,55 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "network_name" { + value = module.vpc.network_name + description = "The name of the VPC being created" +} + +output "network_self_link" { + value = module.vpc.network_self_link + description = "The URI of the VPC being created" +} + +output "project_id" { + value = module.vpc.project_id + description = "VPC project id" +} + +output "subnets_names" { + value = [for network in concat(module.subnets.subnets, module.subnets-backup.subnets) : network.name] + description = "The names of the subnets being created" +} + +output "subnets_ips" { + value = [for network in concat(module.subnets.subnets, module.subnets-backup.subnets) : network.ip_cidr_range] + description = "The IP and cidrs of the subnets being created" +} + +output "subnets_regions" { + value = [for network in concat(module.subnets.subnets, module.subnets-backup.subnets) : network.region] + description = "The region where subnets will be created" +} + +output "route_names" { + value = [for route in module.routes.routes : route.name] + description = "The routes associated with this VPC" +} + +output "forwarding_rule" { + value = google_compute_forwarding_rule.this.self_link + description = "Forwarding rule link" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/ilb_routing/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/ilb_routing/variables.tf new file mode 100644 index 000000000..add931101 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/ilb_routing/variables.tf @@ -0,0 +1,23 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to host the network in" +} + +variable "network_name" { + description = "The name of the VPC network being created" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/ilb_routing/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/ilb_routing/versions.tf new file mode 100644 index 000000000..27ba8fc12 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/ilb_routing/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/multi_vpc/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/multi_vpc/README.md new file mode 100644 index 000000000..339b2c4ff --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/multi_vpc/README.md @@ -0,0 +1,37 @@ +# Multiple Networks + +This example configures a host network project with two separate networks. + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| network\_01\_name | The name of the first VPC network being created | string | n/a | yes | +| network\_02\_name | The name of the second VPC network being created | string | n/a | yes | +| project\_id | The project ID to host the network in | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| network\_01\_name | The name of the VPC network-01 | +| network\_01\_routes | The routes associated with network-01 | +| network\_01\_self\_link | The URI of the VPC network-01 | +| network\_01\_subnets | The names of the subnets being created on network-01 | +| network\_01\_subnets\_flow\_logs | Whether the subnets will have VPC flow logs enabled | +| network\_01\_subnets\_ips | The IP and cidrs of the subnets being created on network-01 | +| network\_01\_subnets\_private\_access | Whether the subnets will have access to Google API's without a public IP on network-01 | +| network\_01\_subnets\_regions | The region where the subnets will be created on network-01 | +| network\_01\_subnets\_secondary\_ranges | The secondary ranges associated with these subnets on network-01 | +| network\_02\_name | The name of the VPC network-02 | +| network\_02\_routes | The routes associated with network-02 | +| network\_02\_self\_link | The URI of the VPC network-02 | +| network\_02\_subnets | The names of the subnets being created on network-02 | +| network\_02\_subnets\_flow\_logs | Whether the subnets will have VPC flow logs enabled | +| network\_02\_subnets\_ips | The IP and cidrs of the subnets being created on network-02 | +| network\_02\_subnets\_private\_access | Whether the subnets will have access to Google API's without a public IP on network-02 | +| network\_02\_subnets\_regions | The region where the subnets will be created on network-02 | +| network\_02\_subnets\_secondary\_ranges | The secondary ranges associated with these subnets on network-02 | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/multi_vpc/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/multi_vpc/main.tf new file mode 100644 index 000000000..085f571e2 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/multi_vpc/main.tf @@ -0,0 +1,144 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 3.3.0" +} + +provider "null" { + version = "~> 2.1" +} + +locals { + network_01_subnet_01 = "${var.network_01_name}-subnet-01" + network_01_subnet_02 = "${var.network_01_name}-subnet-02" + network_01_subnet_03 = "${var.network_01_name}-subnet-03" + network_02_subnet_01 = "${var.network_02_name}-subnet-01" + network_02_subnet_02 = "${var.network_02_name}-subnet-02" + + network_01_routes = [ + { + name = "${var.network_01_name}-egress-inet" + description = "route through IGW to access internet" + destination_range = "0.0.0.0/0" + tags = "egress-inet" + next_hop_internet = "true" + }, + ] + + network_02_routes = [ + { + name = "${var.network_02_name}-egress-inet" + description = "route through IGW to access internet" + destination_range = "0.0.0.0/0" + tags = "egress-inet" + next_hop_internet = "true" + }, + { + name = "${var.network_02_name}-testapp-proxy" + description = "route through proxy to reach app" + destination_range = "10.50.10.0/24" + tags = "app-proxy" + next_hop_ip = "10.10.40.10" + }, + ] +} + +module "test-vpc-module-01" { + source = "../../" + project_id = var.project_id + network_name = var.network_01_name + + subnets = [ + { + subnet_name = local.network_01_subnet_01 + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + subnet_private_access = "false" + subnet_flow_logs = "true" + }, + { + subnet_name = local.network_01_subnet_02 + subnet_ip = "10.10.20.0/24" + subnet_region = "us-west1" + subnet_private_access = "false" + subnet_flow_logs = "true" + }, + { + subnet_name = local.network_01_subnet_03 + subnet_ip = "10.10.30.0/24" + subnet_region = "us-west1" + subnet_private_access = "false" + subnet_flow_logs = "true" + }, + ] + + secondary_ranges = { + "${local.network_01_subnet_01}" = [ + { + range_name = "${local.network_01_subnet_01}-01" + ip_cidr_range = "192.168.64.0/24" + }, + { + range_name = "${local.network_01_subnet_01}-02" + ip_cidr_range = "192.168.65.0/24" + }, + ] + + "${local.network_01_subnet_02}" = [ + { + range_name = "${local.network_02_subnet_01}-01" + ip_cidr_range = "192.168.74.0/24" + }, + ] + } + + routes = "${local.network_01_routes}" +} + +module "test-vpc-module-02" { + source = "../../" + project_id = var.project_id + network_name = var.network_02_name + + subnets = [ + { + subnet_name = "${local.network_02_subnet_01}" + subnet_ip = "10.10.40.0/24" + subnet_region = "us-west1" + subnet_private_access = "false" + subnet_flow_logs = "true" + }, + { + subnet_name = "${local.network_02_subnet_02}" + subnet_ip = "10.10.50.0/24" + subnet_region = "us-west1" + subnet_private_access = "false" + subnet_flow_logs = "true" + }, + ] + + secondary_ranges = { + "${local.network_02_subnet_01}" = [ + { + range_name = "${local.network_02_subnet_02}-01" + ip_cidr_range = "192.168.75.0/24" + }, + ] + } + + routes = local.network_02_routes +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/multi_vpc/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/multi_vpc/outputs.tf new file mode 100644 index 000000000..c2d6a8285 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/multi_vpc/outputs.tf @@ -0,0 +1,107 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# vpc 1 +output "network_01_name" { + value = module.test-vpc-module-01.network_name + description = "The name of the VPC network-01" +} + +output "network_01_self_link" { + value = module.test-vpc-module-01.network_self_link + description = "The URI of the VPC network-01" +} + +output "network_01_subnets" { + value = module.test-vpc-module-01.subnets_names + description = "The names of the subnets being created on network-01" +} + +output "network_01_subnets_ips" { + value = module.test-vpc-module-01.subnets_ips + description = "The IP and cidrs of the subnets being created on network-01" +} + +output "network_01_subnets_regions" { + value = module.test-vpc-module-01.subnets_regions + description = "The region where the subnets will be created on network-01" +} + +output "network_01_subnets_private_access" { + value = module.test-vpc-module-01.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP on network-01" +} + +output "network_01_subnets_flow_logs" { + value = module.test-vpc-module-01.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "network_01_subnets_secondary_ranges" { + value = module.test-vpc-module-01.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets on network-01" +} + +output "network_01_routes" { + value = module.test-vpc-module-01.route_names + description = "The routes associated with network-01" +} + +# vpc 2 +output "network_02_name" { + value = module.test-vpc-module-02.network_name + description = "The name of the VPC network-02" +} + +output "network_02_self_link" { + value = module.test-vpc-module-02.network_self_link + description = "The URI of the VPC network-02" +} + +output "network_02_subnets" { + value = module.test-vpc-module-02.subnets_names + description = "The names of the subnets being created on network-02" +} + +output "network_02_subnets_ips" { + value = module.test-vpc-module-02.subnets_ips + description = "The IP and cidrs of the subnets being created on network-02" +} + +output "network_02_subnets_regions" { + value = module.test-vpc-module-02.subnets_regions + description = "The region where the subnets will be created on network-02" +} + +output "network_02_subnets_private_access" { + value = module.test-vpc-module-02.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP on network-02" +} + +output "network_02_subnets_flow_logs" { + value = module.test-vpc-module-02.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "network_02_subnets_secondary_ranges" { + value = module.test-vpc-module-02.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets on network-02" +} + +output "network_02_routes" { + value = module.test-vpc-module-02.route_names + description = "The routes associated with network-02" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/multi_vpc/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/multi_vpc/variables.tf new file mode 100644 index 000000000..f378f835b --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/multi_vpc/variables.tf @@ -0,0 +1,27 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to host the network in" +} + +variable "network_01_name" { + description = "The name of the first VPC network being created" +} + +variable "network_02_name" { + description = "The name of the second VPC network being created" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/multi_vpc/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/multi_vpc/versions.tf new file mode 100644 index 000000000..27ba8fc12 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/multi_vpc/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/secondary_ranges/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/secondary_ranges/README.md new file mode 100644 index 000000000..acca7c730 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/secondary_ranges/README.md @@ -0,0 +1,31 @@ +# Secondary Ranges + +This example configures a single simple VPC inside of a project. + +This VPC has three subnets, with the first subnet being given two secondary +ranges and the third being given a single secondary range. + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| network\_name | The name of the VPC network being created | string | n/a | yes | +| project\_id | The project ID to host the network in | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| network\_name | The name of the VPC being created | +| network\_self\_link | The URI of the VPC being created | +| project\_id | VPC project id | +| route\_names | The routes associated with this VPC | +| subnets\_flow\_logs | Whether the subnets will have VPC flow logs enabled | +| subnets\_ips | The IP and cidrs of the subnets being created | +| subnets\_names | The names of the subnets being created | +| subnets\_private\_access | Whether the subnets will have access to Google API's without a public IP | +| subnets\_regions | The region where subnets will be created | +| subnets\_secondary\_ranges | The secondary ranges associated with these subnets | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/secondary_ranges/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/secondary_ranges/main.tf new file mode 100644 index 000000000..2c3389eb3 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/secondary_ranges/main.tf @@ -0,0 +1,87 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 3.3.0" +} + +provider "null" { + version = "~> 2.1" +} + +locals { + subnet_01 = "${var.network_name}-subnet-01" + subnet_02 = "${var.network_name}-subnet-02" + subnet_03 = "${var.network_name}-subnet-03" + subnet_04 = "${var.network_name}-subnet-04" +} + +module "vpc-secondary-ranges" { + source = "../../" + project_id = var.project_id + network_name = var.network_name + + subnets = [ + { + subnet_name = "${local.subnet_01}" + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + subnet_name = "${local.subnet_02}" + subnet_ip = "10.10.20.0/24" + subnet_region = "us-west1" + subnet_private_access = "true" + subnet_flow_logs = "true" + }, + { + subnet_name = "${local.subnet_03}" + subnet_ip = "10.10.30.0/24" + subnet_region = "us-west1" + subnet_flow_logs = "true" + subnet_flow_logs_interval = "INTERVAL_15_MIN" + subnet_flow_logs_sampling = 0.9 + subnet_flow_logs_metadata = "INCLUDE_ALL_METADATA" + }, + { + subnet_name = "${local.subnet_04}" + subnet_ip = "10.10.40.0/24" + subnet_region = "us-west1" + }, + ] + + secondary_ranges = { + "${local.subnet_01}" = [ + { + range_name = "${local.subnet_01}-01" + ip_cidr_range = "192.168.64.0/24" + }, + { + range_name = "${local.subnet_01}-02" + ip_cidr_range = "192.168.65.0/24" + }, + ] + + "${local.subnet_02}" = [] + + "${local.subnet_03}" = [ + { + range_name = "${local.subnet_03}-01" + ip_cidr_range = "192.168.66.0/24" + }, + ] + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/secondary_ranges/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/secondary_ranges/outputs.tf new file mode 100644 index 000000000..6c3f49cb4 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/secondary_ranges/outputs.tf @@ -0,0 +1,65 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "network_name" { + value = module.vpc-secondary-ranges.network_name + description = "The name of the VPC being created" +} + +output "network_self_link" { + value = module.vpc-secondary-ranges.network_self_link + description = "The URI of the VPC being created" +} + +output "project_id" { + value = module.vpc-secondary-ranges.project_id + description = "VPC project id" +} + +output "subnets_names" { + value = module.vpc-secondary-ranges.subnets_names + description = "The names of the subnets being created" +} + +output "subnets_ips" { + value = module.vpc-secondary-ranges.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "subnets_regions" { + value = module.vpc-secondary-ranges.subnets_regions + description = "The region where subnets will be created" +} + +output "subnets_private_access" { + value = module.vpc-secondary-ranges.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "subnets_flow_logs" { + value = module.vpc-secondary-ranges.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "subnets_secondary_ranges" { + value = flatten(module.vpc-secondary-ranges.subnets_secondary_ranges) + description = "The secondary ranges associated with these subnets" +} + +output "route_names" { + value = module.vpc-secondary-ranges.route_names + description = "The routes associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/secondary_ranges/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/secondary_ranges/variables.tf new file mode 100644 index 000000000..add931101 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/secondary_ranges/variables.tf @@ -0,0 +1,23 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to host the network in" +} + +variable "network_name" { + description = "The name of the VPC network being created" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/secondary_ranges/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/secondary_ranges/versions.tf new file mode 100644 index 000000000..27ba8fc12 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/secondary_ranges/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/simple_project/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/simple_project/README.md new file mode 100644 index 000000000..a4325668c --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/simple_project/README.md @@ -0,0 +1,30 @@ +# Simple Project + +This example configures a single simple VPC inside of a project. + +This VPC has two subnets, with no secondary ranges. + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| network\_name | The name of the VPC network being created | string | n/a | yes | +| project\_id | The project ID to host the network in | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| network\_name | The name of the VPC being created | +| network\_self\_link | The URI of the VPC being created | +| project\_id | VPC project id | +| route\_names | The routes associated with this VPC | +| subnets\_flow\_logs | Whether the subnets will have VPC flow logs enabled | +| subnets\_ips | The IP and cidrs of the subnets being created | +| subnets\_names | The names of the subnets being created | +| subnets\_private\_access | Whether the subnets will have access to Google API's without a public IP | +| subnets\_regions | The region where subnets will be created | +| subnets\_secondary\_ranges | The secondary ranges associated with these subnets | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/simple_project/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/simple_project/main.tf new file mode 100644 index 000000000..5d18bb239 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/simple_project/main.tf @@ -0,0 +1,59 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 3.3.0" +} + +provider "null" { + version = "~> 2.1" +} + +locals { + subnet_01 = "${var.network_name}-subnet-01" + subnet_02 = "${var.network_name}-subnet-02" + subnet_03 = "${var.network_name}-subnet-03" +} + +module "test-vpc-module" { + source = "../../" + project_id = var.project_id + network_name = var.network_name + + subnets = [ + { + subnet_name = "${local.subnet_01}" + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + subnet_name = "${local.subnet_02}" + subnet_ip = "10.10.20.0/24" + subnet_region = "us-west1" + subnet_private_access = "true" + subnet_flow_logs = "true" + }, + { + subnet_name = "${local.subnet_03}" + subnet_ip = "10.10.30.0/24" + subnet_region = "us-west1" + subnet_flow_logs = "true" + subnet_flow_logs_interval = "INTERVAL_10_MIN" + subnet_flow_logs_sampling = 0.7 + subnet_flow_logs_metadata = "INCLUDE_ALL_METADATA" + } + ] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/simple_project/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/simple_project/outputs.tf new file mode 100644 index 000000000..f69ae0437 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/simple_project/outputs.tf @@ -0,0 +1,65 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "network_name" { + value = module.test-vpc-module.network_name + description = "The name of the VPC being created" +} + +output "network_self_link" { + value = module.test-vpc-module.network_self_link + description = "The URI of the VPC being created" +} + +output "project_id" { + value = module.test-vpc-module.project_id + description = "VPC project id" +} + +output "subnets_names" { + value = module.test-vpc-module.subnets_names + description = "The names of the subnets being created" +} + +output "subnets_ips" { + value = module.test-vpc-module.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "subnets_regions" { + value = module.test-vpc-module.subnets_regions + description = "The region where subnets will be created" +} + +output "subnets_private_access" { + value = module.test-vpc-module.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "subnets_flow_logs" { + value = module.test-vpc-module.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "subnets_secondary_ranges" { + value = module.test-vpc-module.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets" +} + +output "route_names" { + value = module.test-vpc-module.route_names + description = "The routes associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/simple_project/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/simple_project/variables.tf new file mode 100644 index 000000000..add931101 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/simple_project/variables.tf @@ -0,0 +1,23 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to host the network in" +} + +variable "network_name" { + description = "The name of the VPC network being created" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/simple_project/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/simple_project/versions.tf new file mode 100644 index 000000000..27ba8fc12 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/simple_project/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/README.md new file mode 100644 index 000000000..354711e2a --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/README.md @@ -0,0 +1,30 @@ +# Simple Project + +This example configures a single simple regional VPC inside of a project. + +This VPC has two subnets, with no secondary ranges. + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| network\_name | The name of the VPC network being created | string | n/a | yes | +| project\_id | The project ID to host the network in | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| network\_name | The name of the VPC being created | +| network\_self\_link | The URI of the VPC being created | +| project\_id | VPC project id | +| route\_names | The routes associated with this VPC | +| subnets\_flow\_logs | Whether the subnets will have VPC flow logs enabled | +| subnets\_ips | The IP and cidrs of the subnets being created | +| subnets\_names | The names of the subnets being created | +| subnets\_private\_access | Whether the subnets will have access to Google API's without a public IP | +| subnets\_regions | The region where subnets will be created | +| subnets\_secondary\_ranges | The secondary ranges associated with these subnets | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/main.tf new file mode 100644 index 000000000..354b1af41 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/main.tf @@ -0,0 +1,50 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 3.3.0" +} + +provider "null" { + version = "~> 2.1" +} + +locals { + subnet_01 = "${var.network_name}-subnet-01" + subnet_02 = "${var.network_name}-subnet-02" +} + +module "test-vpc-module" { + source = "../../" + project_id = var.project_id + network_name = var.network_name + routing_mode = "REGIONAL" + + subnets = [ + { + subnet_name = "${local.subnet_01}" + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + subnet_name = "${local.subnet_02}" + subnet_ip = "10.10.20.0/24" + subnet_region = "us-west1" + subnet_private_access = "true" + subnet_flow_logs = "true" + }, + ] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/outputs.tf new file mode 100644 index 000000000..f69ae0437 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/outputs.tf @@ -0,0 +1,65 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "network_name" { + value = module.test-vpc-module.network_name + description = "The name of the VPC being created" +} + +output "network_self_link" { + value = module.test-vpc-module.network_self_link + description = "The URI of the VPC being created" +} + +output "project_id" { + value = module.test-vpc-module.project_id + description = "VPC project id" +} + +output "subnets_names" { + value = module.test-vpc-module.subnets_names + description = "The names of the subnets being created" +} + +output "subnets_ips" { + value = module.test-vpc-module.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "subnets_regions" { + value = module.test-vpc-module.subnets_regions + description = "The region where subnets will be created" +} + +output "subnets_private_access" { + value = module.test-vpc-module.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "subnets_flow_logs" { + value = module.test-vpc-module.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "subnets_secondary_ranges" { + value = module.test-vpc-module.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets" +} + +output "route_names" { + value = module.test-vpc-module.route_names + description = "The routes associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/variables.tf new file mode 100644 index 000000000..add931101 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/variables.tf @@ -0,0 +1,23 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to host the network in" +} + +variable "network_name" { + description = "The name of the VPC network being created" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/versions.tf new file mode 100644 index 000000000..27ba8fc12 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_firewall/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_firewall/README.md new file mode 100644 index 000000000..48f2bd1c2 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_firewall/README.md @@ -0,0 +1,32 @@ +# Simple Project With Firewall + +This example configures a single simple VPC inside of a project, and adds a basic firewall. + +This VPC has two subnets, with no secondary ranges. + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| network\_name | The name of the VPC network being created | string | n/a | yes | +| project\_id | The project ID to host the network in | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| admin\_ranges | Firewall attributes for admin ranges. | +| internal\_ranges | Firewall attributes for internal ranges. | +| network\_name | The name of the VPC being created | +| network\_self\_link | The URI of the VPC being created | +| project\_id | VPC project id | +| route\_names | The routes associated with this VPC | +| subnets\_flow\_logs | Whether the subnets will have VPC flow logs enabled | +| subnets\_ips | The IP and cidrs of the subnets being created | +| subnets\_names | The names of the subnets being created | +| subnets\_private\_access | Whether the subnets will have access to Google API's without a public IP | +| subnets\_regions | The region where subnets will be created | +| subnets\_secondary\_ranges | The secondary ranges associated with these subnets | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_firewall/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_firewall/main.tf new file mode 100644 index 000000000..85ed04135 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_firewall/main.tf @@ -0,0 +1,143 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 3.3.0" +} + +provider "null" { + version = "~> 2.1" +} + +locals { + subnet_01 = "${var.network_name}-subnet-01" + subnet_02 = "${var.network_name}-subnet-02" +} + +module "test-vpc-module" { + source = "../../" + project_id = var.project_id + network_name = var.network_name + + subnets = [ + { + subnet_name = local.subnet_01 + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + subnet_name = local.subnet_02 + subnet_ip = "10.10.20.0/24" + subnet_region = "us-west1" + subnet_private_access = "true" + subnet_flow_logs = "true" + }, + ] +} + +// Custom firewall rules +locals { + custom_rules = { + // Example of custom tcp/udp rule + deny-ingress-6534-6566 = { + description = "Deny all INGRESS to port 6534-6566" + direction = "INGRESS" + action = "deny" + ranges = ["0.0.0.0/0"] # source or destination ranges (depends on `direction`) + use_service_accounts = false # if `true` targets/sources expect list of instances SA, if false - list of tags + targets = null # target_service_accounts or target_tags depends on `use_service_accounts` value + sources = null # source_service_accounts or source_tags depends on `use_service_accounts` value + rules = [{ + protocol = "tcp" + ports = ["6534-6566"] + }, + { + protocol = "udp" + ports = ["6534-6566"] + }] + + extra_attributes = { + disabled = true + priority = 95 + } + } + + // Example how to allow connection from instances with `backend` tag, to instances with `databases` tag + allow-backend-to-databases = { + description = "Allow backend nodes connection to databases instances" + direction = "INGRESS" + action = "allow" + ranges = null + use_service_accounts = false + targets = ["databases"] # target_tags + sources = ["backed"] # source_tags + rules = [{ + protocol = "tcp" + ports = ["3306", "5432", "1521", "1433"] + }] + + extra_attributes = {} + } + + // Example how to allow connection from an instance with a given service account + allow-all-admin-sa = { + description = "Allow all traffic from admin sa instances" + direction = "INGRESS" + action = "allow" + ranges = null + use_service_accounts = true + targets = null + sources = ["admin@my-shiny-org.iam.gserviceaccount.com"] + rules = [{ + protocol = "tcp" + ports = null # all ports + }, + { + protocol = "udp" + ports = null # all ports + } + ] + extra_attributes = { + priority = 30 + } + } + } +} + + + +module "test-firewall-submodule" { + source = "../../modules/fabric-net-firewall" + project_id = var.project_id + network = module.test-vpc-module.network_name + internal_ranges_enabled = true + internal_ranges = module.test-vpc-module.subnets_ips + + internal_allow = [ + { + protocol = "icmp" + }, + { + protocol = "tcp", + ports = ["8080", "1000-2000"] + }, + { + protocol = "udp" + # all ports will be opened if `ports` key isn't specified + }, + ] + custom_rules = local.custom_rules +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_firewall/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_firewall/outputs.tf new file mode 100644 index 000000000..182dc845b --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_firewall/outputs.tf @@ -0,0 +1,75 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "network_name" { + value = module.test-vpc-module.network_name + description = "The name of the VPC being created" +} + +output "internal_ranges" { + description = "Firewall attributes for internal ranges." + value = module.test-firewall-submodule.internal_ranges +} + +output "admin_ranges" { + description = "Firewall attributes for admin ranges." + value = module.test-firewall-submodule.admin_ranges +} + +output "network_self_link" { + value = module.test-vpc-module.network_self_link + description = "The URI of the VPC being created" +} + +output "project_id" { + value = module.test-vpc-module.project_id + description = "VPC project id" +} + +output "subnets_names" { + value = module.test-vpc-module.subnets_names + description = "The names of the subnets being created" +} + +output "subnets_ips" { + value = module.test-vpc-module.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "subnets_regions" { + value = module.test-vpc-module.subnets_regions + description = "The region where subnets will be created" +} + +output "subnets_private_access" { + value = module.test-vpc-module.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "subnets_flow_logs" { + value = module.test-vpc-module.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "subnets_secondary_ranges" { + value = module.test-vpc-module.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets" +} + +output "route_names" { + value = module.test-vpc-module.route_names + description = "The routes associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_firewall/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_firewall/variables.tf new file mode 100644 index 000000000..add931101 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_firewall/variables.tf @@ -0,0 +1,23 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to host the network in" +} + +variable "network_name" { + description = "The name of the VPC network being created" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_firewall/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_firewall/versions.tf new file mode 100644 index 000000000..27ba8fc12 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_firewall/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_network_peering/.gitignore b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_network_peering/.gitignore new file mode 100644 index 000000000..1e49b3a62 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_network_peering/.gitignore @@ -0,0 +1 @@ +.tfvars diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_network_peering/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_network_peering/README.md new file mode 100644 index 000000000..4cc9dfdaa --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_network_peering/README.md @@ -0,0 +1,19 @@ +# Simple VPC Network Peering + +This example creates a VPC Network peering between two VPCs. + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| project\_id | The project ID to put the resources in | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| peering1 | Peering1 module output. | +| peering2 | Peering2 module output. | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_network_peering/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_network_peering/main.tf new file mode 100644 index 000000000..7f9e207e7 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_network_peering/main.tf @@ -0,0 +1,66 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 3.3.0" +} + +provider "google-beta" { + version = "~> 3.3.0" +} + +provider "null" { + version = "~> 2.1" +} + +module "local-network" { + source = "../../" + project_id = var.project_id + network_name = "local-network" + subnets = [] +} + +module "peer-network-1" { + source = "../../" + project_id = var.project_id + network_name = "peer-network-1" + subnets = [] +} + +module "peer-network-2" { + source = "../../" + project_id = var.project_id + network_name = "peer-network-2" + subnets = [] +} + +module "peering-1" { + source = "../../modules/network-peering" + + local_network = module.local-network.network_self_link + peer_network = module.peer-network-1.network_self_link + export_local_custom_routes = true +} + +module "peering-2" { + source = "../../modules/network-peering" + + local_network = module.local-network.network_self_link + peer_network = module.peer-network-2.network_self_link + export_local_custom_routes = true + + module_depends_on = [module.peering-1.complete] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_network_peering/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_network_peering/outputs.tf new file mode 100644 index 000000000..0beb8220e --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_network_peering/outputs.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "peering1" { + description = "Peering1 module output." + value = module.peering-1 +} + +output "peering2" { + description = "Peering2 module output." + value = module.peering-2 +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_network_peering/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_network_peering/variables.tf new file mode 100644 index 000000000..87cb7f64a --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_network_peering/variables.tf @@ -0,0 +1,20 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to put the resources in" + type = string +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_network_peering/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_network_peering/versions.tf new file mode 100644 index 000000000..27ba8fc12 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_network_peering/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_svpc_access/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_svpc_access/README.md new file mode 100644 index 000000000..c8e66b959 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_svpc_access/README.md @@ -0,0 +1,24 @@ +# Shared VPC with service projects + +This simple example configures a shared VPC, and grants access to it to service projects. + +The VPC has two subnets with no secondary ranges, service projects are configured as follows: + +- the first service project is granted VPC-level access +- the second service project is granted subnet-level access to the second subnet +- the third service project is granted subnet-level access to the first and second subnet + +Subnet-level access in this example is only granted to the default GCE service accounts for illustrative purposes. More realistic examples should grant access to other service accounts (possibly including the GKE robot service accounts as per [documentation](https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-shared-vpc)), and project users/groups that need to use the Shared VPC from other projects (eg to create VMs). + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| host\_project\_id | Id of the host project where the shared VPC will be created. | string | n/a | yes | +| network\_name | Name of the shared VPC. | string | `"test-svpc"` | no | +| service\_project\_id | Service project id. | string | n/a | yes | +| service\_project\_number | Service project number. | string | n/a | yes | +| service\_project\_owners | Service project owners, in IAM format. | list | `` | no | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_svpc_access/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_svpc_access/main.tf new file mode 100644 index 000000000..21091d1c7 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_svpc_access/main.tf @@ -0,0 +1,62 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 3.3.0" +} + +provider "null" { + version = "~> 2.1" +} + +locals { + net_data_users = compact(concat( + var.service_project_owners, + ["serviceAccount:${var.service_project_number}@cloudservices.gserviceaccount.com"] + )) +} + +module "net-vpc-shared" { + source = "../.." + project_id = var.host_project_id + network_name = var.network_name + shared_vpc_host = true + + subnets = [ + { + subnet_name = "networking" + subnet_ip = "10.10.10.0/24" + subnet_region = "europe-west1" + }, + { + subnet_name = "data" + subnet_ip = "10.10.20.0/24" + subnet_region = "europe-west1" + }, + ] +} + +module "net-svpc-access" { + source = "../../modules/fabric-net-svpc-access" + host_project_id = module.net-vpc-shared.project_id + service_project_num = 1 + service_project_ids = [var.service_project_id] + host_subnets = ["data"] + host_subnet_regions = ["europe-west1"] + host_subnet_users = { + data = join(",", local.net_data_users) + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_svpc_access/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_svpc_access/outputs.tf new file mode 100644 index 000000000..437465a52 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_svpc_access/outputs.tf @@ -0,0 +1,16 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_svpc_access/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_svpc_access/variables.tf new file mode 100644 index 000000000..346eab79d --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_svpc_access/variables.tf @@ -0,0 +1,37 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "host_project_id" { + description = "Id of the host project where the shared VPC will be created." +} + +variable "service_project_id" { + description = "Service project id." +} + +variable "service_project_number" { + description = "Service project number." +} + +variable "service_project_owners" { + description = "Service project owners, in IAM format." + default = [] +} + +variable "network_name" { + description = "Name of the shared VPC." + default = "test-svpc" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_svpc_access/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_svpc_access/versions.tf new file mode 100644 index 000000000..27ba8fc12 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/examples/submodule_svpc_access/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/helpers/migrate.py b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/helpers/migrate.py new file mode 100755 index 000000000..37a0fd105 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/helpers/migrate.py @@ -0,0 +1,423 @@ +#!/usr/bin/env python3 + +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import argparse +import copy +import subprocess +import sys +import re +import json + +MIGRATIONS = [ + { + "resource_type": "google_compute_network", + "name": "network", + "module": ".module.vpc", + "new_plural": False + }, + { + "resource_type": "google_compute_shared_vpc_host_project", + "name": "shared_vpc_host", + "module": ".module.vpc", + "new_plural": False + }, + { + "resource_type": "google_compute_subnetwork", + "name": "subnetwork", + "module": ".module.subnets", + "for_each_migration": True, + "for_each_migration_key": "id" + }, + { + "resource_type": "google_compute_route", + "name": "route", + "module": ".module.routes", + "for_each_migration": True, + "for_each_migration_key": "id" + }, + { + "resource_type": "null_resource", + "name": "delete_default_internet_gateway_routes", + "module": ".module.routes" + } +] + + +class ModuleMigration: + """ + Migrate the resources from a flat project factory to match the new + module structure created by the G Suite refactor. + """ + + def __init__(self, source_module, state): + self.source_module = source_module + self.state = state + + def moves(self): + """ + Generate the set of old/new resource pairs that will be migrated + to the `destination` module. + """ + resources = self.targets() + for_each_migrations = [] + + moves = [] + for (old, migration) in resources: + new = copy.deepcopy(old) + new.module += migration["module"] + + # Update the copied resource with the "rename" value if it is set + if "rename" in migration: + new.name = migration["rename"] + + old.plural = migration.get("old_plural", True) + new.plural = migration.get("new_plural", True) + + if (migration.get("for_each_migration", False) and + migration.get("old_plural", True)): + for_each_migrations.append((old, new, migration)) + else: + pair = (old.path(), new.path()) + moves.append(pair) + + for_each_moves = self.for_each_moves(for_each_migrations) + return moves + for_each_moves + + def for_each_moves(self, for_each_migrations): + """ + When migrating from count to for_each we need to move the + whole collection first + https://github.com/hashicorp/terraform/issues/22301 + """ + for_each_initial_migration = {} + moves = [] + + for (old, new, migration) in for_each_migrations: + # Do the initial migration of the whole collection + # only once if it hasn't been done yet + key = old.resource_type + "." + old.name + if key not in for_each_initial_migration: + for_each_initial_migration[key] = True + old.plural = False + new.plural = False + + pair = (old.path(), new.path()) + moves.append(pair) + + # Whole collection is moved to new location. Now needs right index + new.plural = True + new_indexed = copy.deepcopy(new) + new_indexed.key = self.state.resource_value( + old, migration["for_each_migration_key"]) + pair = (new.path(), new_indexed.path()) + moves.append(pair) + + return moves + + def targets(self): + """ + A list of resources that will be moved to the new module """ + to_move = [] + + for migration in MIGRATIONS: + resource_type = migration["resource_type"] + resource_name = migration["name"] + matching_resources = self.source_module.get_resources( + resource_type, + resource_name) + to_move += [(r, migration) for r in matching_resources] + + return to_move + + +class TerraformModule: + """ + A Terraform module with associated resources. + """ + + def __init__(self, name, resources): + """ + Create a new module and associate it with a list of resources. + """ + self.name = name + self.resources = resources + + def get_resources(self, resource_type=None, resource_name=None): + """ + Return a list of resources matching the given resource type and name. + """ + + ret = [] + for resource in self.resources: + matches_type = (resource_type is None or + resource_type == resource.resource_type) + + name_pattern = re.compile(r'%s(\[\d+\])?' % resource_name) + matches_name = (resource_name is None or + name_pattern.match(resource.name)) + + if matches_type and matches_name: + ret.append(resource) + + return ret + + def has_resource(self, resource_type=None, resource_name=None): + """ + Does this module contain a resource with the matching type and name? + """ + for resource in self.resources: + matches_type = (resource_type is None or + resource_type == resource.resource_type) + + matches_name = (resource_name is None or + resource_name in resource.name) + + if matches_type and matches_name: + return True + + return False + + def __repr__(self): + return "{}({!r}, {!r})".format( + self.__class__.__name__, + self.name, + [repr(resource) for resource in self.resources]) + + +class TerraformResource: + """ + A Terraform resource, defined by the the identifier of that resource. + """ + + @classmethod + def from_path(cls, path): + """ + Generate a new Terraform resource, based on the fully qualified + Terraform resource path. + """ + if re.match(r'\A[\w.\["/\]-]+\Z', path) is None: + raise ValueError( + "Invalid Terraform resource path {!r}".format(path)) + + parts = path.split(".") + name = parts.pop() + resource_type = parts.pop() + module = ".".join(parts) + return cls(module, resource_type, name) + + def __init__(self, module, resource_type, name): + """ + Create a new TerraformResource from a pre-parsed path. + """ + self.module = module + self.resource_type = resource_type + self.key = None + self.plural = True + + find_suffix = re.match(r'(^.+)\[(\d+)\]', name) + if find_suffix: + self.name = find_suffix.group(1) + self.index = find_suffix.group(2) + else: + self.name = name + self.index = -1 + + def path(self): + """ + Return the fully qualified resource path. + """ + parts = [self.module, self.resource_type, self.name] + if parts[0] == '': + del parts[0] + path = ".".join(parts) + if self.key is not None: + path = "{0}[\"{1}\"]".format(path, self.key) + elif self.index != -1 and self.plural: + path = "{0}[{1}]".format(path, self.index) + return path + + def __repr__(self): + return "{}({!r}, {!r}, {!r})".format( + self.__class__.__name__, + self.module, + self.resource_type, + self.name) + + +class TerraformState: + """ + A Terraform state representation, pulled from terraform state pull + Used for getting values out of individual resources + """ + + def __init__(self): + self.read_state() + + def read_state(self): + """ + Read the terraform state + """ + argv = ["terraform", "state", "pull"] + result = subprocess.run(argv, + capture_output=True, + check=True, + encoding='utf-8') + + self.state = json.loads(result.stdout) + + def resource_value(self, resource, key): + # Find the resource in the state + state_resource_list = [r for r in self.state["resources"] if + r.get("module", "none") == resource.module and + r["type"] == resource.resource_type and + r["name"] == resource.name] + + if (len(state_resource_list) != 1): + raise ValueError( + "Could not find resource list in state for {}" + .format(resource)) + + index = int(resource.index) + # If this a collection use the index to find the right resource, + # otherwise use the first + if (index >= 0): + state_resource = [r for r in state_resource_list[0]["instances"] if + r["index_key"] == index] + + if (len(state_resource) != 1): + raise ValueError( + "Could not find resource in state for {} key {}" + .format(resource, resource.index)) + else: + state_resource = state_resource_list[0]["instances"] + + return state_resource[0]["attributes_flat"][key] + + +def group_by_module(resources): + """ + Group a set of resources according to their containing module. + """ + + groups = {} + for resource in resources: + if resource.module in groups: + groups[resource.module].append(resource) + else: + groups[resource.module] = [resource] + + return [ + TerraformModule(name, contained) + for name, contained in groups.items() + ] + + +def read_resources(): + """ + Read the terraform state at the given path. + """ + argv = ["terraform", "state", "list"] + result = subprocess.run(argv, + capture_output=True, + check=True, + encoding='utf-8') + elements = result.stdout.split("\n") + elements.pop() + return elements + + +def state_changes_for_module(module, state): + """ + Compute the Terraform state changes (deletions and moves) for a single + module. + """ + commands = [] + + migration = ModuleMigration(module, state) + + for (old, new) in migration.moves(): + wrapper = "'{0}'" + argv = ["terraform", + "state", + "mv", + wrapper.format(old), + wrapper.format(new)] + commands.append(argv) + + return commands + + +def migrate(state=None, dryrun=False): + """ + Generate and run terraform state mv commands to migrate resources from one + state structure to another + """ + + # Generate a list of Terraform resource states from the output of + # `terraform state list` + resources = [ + TerraformResource.from_path(path) + for path in read_resources() + ] + + # Group resources based on the module where they're defined. + modules = group_by_module(resources) + + # Filter our list of Terraform modules down to anything that looks like a + # google network original module. We key this off the presence off of + # `terraform-google-network` resource type and names + modules_to_migrate = [ + module for module in modules + if module.has_resource("google_compute_network", "network") + ] + + print("---- Migrating the following modules:") + for module in modules_to_migrate: + print("-- " + module.name) + + # Collect a list of resources for each module + commands = [] + for module in modules_to_migrate: + commands += state_changes_for_module(module, state) + + print("---- Commands to run:") + for argv in commands: + if dryrun: + print(" ".join(argv)) + else: + argv = [arg.strip("'") for arg in argv] + subprocess.run(argv, check=True, encoding='utf-8') + + +def main(argv): + parser = argparser() + args = parser.parse_args(argv[1:]) + + state = TerraformState() + + migrate(state=state, dryrun=args.dryrun) + + +def argparser(): + parser = argparse.ArgumentParser(description='Migrate Terraform state') + parser.add_argument('--dryrun', action='store_true', + help='Print the `terraform state mv` commands instead ' + 'of running the commands.') + return parser + + +if __name__ == "__main__": + main(sys.argv) diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/main.tf new file mode 100644 index 000000000..93794145a --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/main.tf @@ -0,0 +1,51 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/****************************************** + VPC configuration + *****************************************/ +module "vpc" { + source = "./modules/vpc" + network_name = var.network_name + auto_create_subnetworks = var.auto_create_subnetworks + routing_mode = var.routing_mode + project_id = var.project_id + description = var.description + shared_vpc_host = var.shared_vpc_host +} + +/****************************************** + Subnet configuration + *****************************************/ +module "subnets" { + source = "./modules/subnets" + project_id = var.project_id + network_name = module.vpc.network_name + subnets = var.subnets + secondary_ranges = var.secondary_ranges +} + +/****************************************** + Routes + *****************************************/ +module "routes" { + source = "./modules/routes" + project_id = var.project_id + network_name = module.vpc.network_name + routes = var.routes + delete_default_internet_gateway_routes = var.delete_default_internet_gateway_routes + module_depends_on = [module.subnets.subnets] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/fabric-net-firewall/.gitignore b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/fabric-net-firewall/.gitignore new file mode 100644 index 000000000..3f5ca68ad --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/fabric-net-firewall/.gitignore @@ -0,0 +1 @@ +terraform.tfvars diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/fabric-net-firewall/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/fabric-net-firewall/README.md new file mode 100644 index 000000000..7a8fb0a7f --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/fabric-net-firewall/README.md @@ -0,0 +1,98 @@ +# Google Cloud VPC Firewall + +This module allows creation of a minimal VPC firewall, supporting basic configurable rules for IP range-based intra-VPC and administrator ingress, tag-based SSH/HTTP/HTTPS ingress, and custom rule definitions. + +The HTTP and HTTPS rules use the same network tags that are assigned to instances when the "Allow HTTP[S] traffic" checkbox is flagged in the Cloud Console. The SSH rule uses a generic `ssh` tag. + +All IP source ranges are configurable through variables, and are set by default to `0.0.0.0/0` for tag-based rules. Allowed protocols and/or ports for the intra-VPC rule are also configurable through a variable. + +Custom rules are set through a map where keys are rule names, and values use this custom type: + +```hcl +map(object({ + description = string + direction = string # (INGRESS|EGRESS) + action = string # (allow|deny) + ranges = list(string) # list of IP CIDR ranges + sources = list(string) # tags or SAs (ignored for EGRESS) + targets = list(string) # tags or SAs + use_service_accounts = bool # use tags or SAs in sources/targets + rules = list(object({ + protocol = string + ports = list(string) + })) + extra_attributes = map(string) # map, optional keys disabled or priority +})) +``` + +The resources created/managed by this module are: + +- one optional ingress rule from internal CIDR ranges, only allowing ICMP by default +- one optional ingress rule from admin CIDR ranges, allowing all protocols on all ports +- one optional ingress rule for SSH on network tag `ssh` +- one optional ingress rule for HTTP on network tag `http-server` +- one optional ingress rule for HTTPS on network tag `https-server` +- one or more optional custom rules + + +## Usage + +Basic usage of this module is as follows: + +```hcl +module "net-firewall" { + source = "terraform-google-modules/network/google//modules/fabric-net-firewall" + project_id = "my-project" + network = "my-vpc" + internal_ranges_enabled = true + internal_ranges = ["10.0.0.0/0"] + custom_rules = { + ingress-sample = { + description = "Dummy sample ingress rule, tag-based." + direction = "INGRESS" + action = "allow" + ranges = ["192.168.0.0"] + sources = ["spam-tag"] + targets = ["foo-tag", "egg-tag"] + use_service_accounts = false + rules = [ + { + protocol = "tcp" + ports = [] + } + ] + extra_attributes = {} + } + } +} +``` + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| admin\_ranges | IP CIDR ranges that have complete access to all subnets. | list | `` | no | +| admin\_ranges\_enabled | Enable admin ranges-based rules. | string | `"false"` | no | +| custom\_rules | List of custom rule definitions (refer to variables file for syntax). | object | `` | no | +| http\_source\_ranges | List of IP CIDR ranges for tag-based HTTP rule, defaults to 0.0.0.0/0. | list | `` | no | +| https\_source\_ranges | List of IP CIDR ranges for tag-based HTTPS rule, defaults to 0.0.0.0/0. | list | `` | no | +| internal\_allow | Allow rules for internal ranges. | list | `` | no | +| internal\_ranges | IP CIDR ranges for intra-VPC rules. | list | `` | no | +| internal\_ranges\_enabled | Create rules for intra-VPC ranges. | string | `"false"` | no | +| network | Name of the network this set of firewall rules applies to. | string | n/a | yes | +| project\_id | Project id of the project that holds the network. | string | n/a | yes | +| ssh\_source\_ranges | List of IP CIDR ranges for tag-based SSH rule, defaults to 0.0.0.0/0. | list | `` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| admin\_ranges | Admin ranges data. | +| custom\_egress\_allow\_rules | Custom egress rules with allow blocks. | +| custom\_egress\_deny\_rules | Custom egress rules with allow blocks. | +| custom\_ingress\_allow\_rules | Custom ingress rules with allow blocks. | +| custom\_ingress\_deny\_rules | Custom ingress rules with deny blocks. | +| internal\_ranges | Internal ranges. | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/fabric-net-firewall/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/fabric-net-firewall/main.tf new file mode 100644 index 000000000..89b969152 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/fabric-net-firewall/main.tf @@ -0,0 +1,157 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +############################################################################### +# rules based on IP ranges +############################################################################### + +resource "google_compute_firewall" "allow-internal" { + count = var.internal_ranges_enabled == true && length(var.internal_allow) > 0 ? 1 : 0 + name = "${var.network}-ingress-internal" + description = "Allow ingress traffic from internal IP ranges" + network = var.network + project = var.project_id + source_ranges = var.internal_ranges + + dynamic "allow" { + for_each = [for rule in var.internal_allow : + { + protocol = lookup(rule, "protocol", null) + ports = lookup(rule, "ports", null) + } + ] + content { + protocol = allow.value.protocol + ports = allow.value.ports + } + } + +} + + + + + +resource "google_compute_firewall" "allow-admins" { + count = var.admin_ranges_enabled == true ? 1 : 0 + name = "${var.network}-ingress-admins" + description = "Access from the admin subnet to all subnets" + network = var.network + project = var.project_id + source_ranges = var.admin_ranges + + allow { + protocol = "icmp" + } + + allow { + protocol = "tcp" + } + + allow { + protocol = "udp" + } +} + +############################################################################### +# rules based on tags +############################################################################### + +resource "google_compute_firewall" "allow-tag-ssh" { + count = length(var.ssh_source_ranges) > 0 ? 1 : 0 + name = "${var.network}-ingress-tag-ssh" + description = "Allow SSH to machines with the 'ssh' tag" + network = var.network + project = var.project_id + source_ranges = var.ssh_source_ranges + target_tags = ["ssh"] + + allow { + protocol = "tcp" + ports = ["22"] + } +} + +resource "google_compute_firewall" "allow-tag-http" { + count = length(var.http_source_ranges) > 0 ? 1 : 0 + name = "${var.network}-ingress-tag-http" + description = "Allow HTTP to machines with the 'http-server' tag" + network = var.network + project = var.project_id + source_ranges = var.http_source_ranges + target_tags = ["http-server"] + + allow { + protocol = "tcp" + ports = ["80"] + } +} + +resource "google_compute_firewall" "allow-tag-https" { + count = length(var.https_source_ranges) > 0 ? 1 : 0 + name = "${var.network}-ingress-tag-https" + description = "Allow HTTPS to machines with the 'https' tag" + network = var.network + project = var.project_id + source_ranges = var.https_source_ranges + target_tags = ["https-server"] + + allow { + protocol = "tcp" + ports = ["443"] + } +} + +################################################################################ +# dynamic rules # +################################################################################ + +resource "google_compute_firewall" "custom" { + # provider = "google-beta" + for_each = var.custom_rules + name = each.key + description = each.value.description + direction = each.value.direction + network = var.network + project = var.project_id + source_ranges = each.value.direction == "INGRESS" ? each.value.ranges : null + destination_ranges = each.value.direction == "EGRESS" ? each.value.ranges : null + source_tags = each.value.use_service_accounts || each.value.direction == "EGRESS" ? null : each.value.sources + source_service_accounts = each.value.use_service_accounts && each.value.direction == "INGRESS" ? each.value.sources : null + target_tags = each.value.use_service_accounts ? null : each.value.targets + target_service_accounts = each.value.use_service_accounts ? each.value.targets : null + disabled = lookup(each.value.extra_attributes, "disabled", false) + priority = lookup(each.value.extra_attributes, "priority", 1000) + enable_logging = lookup(each.value.extra_attributes, "enable_logging", null) + + dynamic "allow" { + for_each = [for rule in each.value.rules : rule if each.value.action == "allow"] + iterator = rule + content { + protocol = rule.value.protocol + ports = rule.value.ports + } + } + + dynamic "deny" { + for_each = [for rule in each.value.rules : rule if each.value.action == "deny"] + iterator = rule + content { + protocol = rule.value.protocol + ports = rule.value.ports + } + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/fabric-net-firewall/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/fabric-net-firewall/outputs.tf new file mode 100644 index 000000000..6a36296f7 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/fabric-net-firewall/outputs.tf @@ -0,0 +1,65 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "internal_ranges" { + description = "Internal ranges." + + value = { + enabled = var.internal_ranges_enabled + ranges = var.internal_ranges_enabled ? join(",", var.internal_ranges) : "" + } +} + +output "admin_ranges" { + description = "Admin ranges data." + + value = { + enabled = var.admin_ranges_enabled + ranges = var.admin_ranges_enabled ? join(",", var.admin_ranges) : "" + } +} + +output "custom_ingress_allow_rules" { + description = "Custom ingress rules with allow blocks." + value = [ + for rule in google_compute_firewall.custom : + rule.name if rule.direction == "INGRESS" && length(rule.allow) > 0 + ] +} + +output "custom_ingress_deny_rules" { + description = "Custom ingress rules with deny blocks." + value = [ + for rule in google_compute_firewall.custom : + rule.name if rule.direction == "INGRESS" && length(rule.deny) > 0 + ] +} + +output "custom_egress_allow_rules" { + description = "Custom egress rules with allow blocks." + value = [ + for rule in google_compute_firewall.custom : + rule.name if rule.direction == "EGRESS" && length(rule.allow) > 0 + ] +} + +output "custom_egress_deny_rules" { + description = "Custom egress rules with allow blocks." + value = [ + for rule in google_compute_firewall.custom : + rule.name if rule.direction == "EGRESS" && length(rule.deny) > 0 + ] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/fabric-net-firewall/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/fabric-net-firewall/variables.tf new file mode 100644 index 000000000..80249cb94 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/fabric-net-firewall/variables.tf @@ -0,0 +1,86 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "network" { + description = "Name of the network this set of firewall rules applies to." +} + +variable "project_id" { + description = "Project id of the project that holds the network." +} + +variable "internal_ranges_enabled" { + description = "Create rules for intra-VPC ranges." + default = false +} + +variable "internal_ranges" { + description = "IP CIDR ranges for intra-VPC rules." + default = [] +} + +variable "internal_allow" { + description = "Allow rules for internal ranges." + default = [ + { + protocol = "icmp" + }, + ] +} + +variable "admin_ranges_enabled" { + description = "Enable admin ranges-based rules." + default = false +} + +variable "admin_ranges" { + description = "IP CIDR ranges that have complete access to all subnets." + default = [] +} + +variable "ssh_source_ranges" { + description = "List of IP CIDR ranges for tag-based SSH rule, defaults to 0.0.0.0/0." + default = ["0.0.0.0/0"] +} + +variable "http_source_ranges" { + description = "List of IP CIDR ranges for tag-based HTTP rule, defaults to 0.0.0.0/0." + default = ["0.0.0.0/0"] +} + +variable "https_source_ranges" { + description = "List of IP CIDR ranges for tag-based HTTPS rule, defaults to 0.0.0.0/0." + default = ["0.0.0.0/0"] +} + +variable "custom_rules" { + description = "List of custom rule definitions (refer to variables file for syntax)." + default = {} + type = map(object({ + description = string + direction = string + action = string # (allow|deny) + ranges = list(string) + sources = list(string) + targets = list(string) + use_service_accounts = bool + rules = list(object({ + protocol = string + ports = list(string) + })) + extra_attributes = map(string) + })) +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/fabric-net-firewall/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/fabric-net-firewall/versions.tf new file mode 100644 index 000000000..c1eedd7e1 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/fabric-net-firewall/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" + required_providers { + google = "<4.0,>= 2.12" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/README.md new file mode 100644 index 000000000..3ef174361 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/README.md @@ -0,0 +1,58 @@ +# Google Cloud Shared VPC Access Configuration + +This module allows configuring service project access to a Shared VPC, created with the top-level network module. The module allows: + +- attaching service projects to the Shared VPC host project +- assigning IAM roles for each Shared VPC subnet + +Full details on service project configuration can be found in the Google Cloud documentation on *[Provisioning Shared VPC](https://cloud.google.com/vpc/docs/provisioning-shared-vpc)*, and to *[Setting up clusters with Shared VPC](https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-shared-vpc)*. Details and use cases of using service accounts as role recipients for Shared VPC are in the *[Service accounts as project admins](https://cloud.google.com/vpc/docs/provisioning-shared-vpc#sa-as-spa)* section of the first document above. + +The resources created/managed by this module are: + +- one `google_compute_shared_vpc_service_project` resource for each project where full VPC access is needed +- one `google_compute_subnetwork_iam_binding` for each subnetwork where individual subnetwork access is needed + +## Usage + +Basic usage of this module is as follows: + +```hcl +module "net-shared-vpc-access" { + source = "terraform-google-modules/network/google//modules/fabric-net-svpc-access" + version = "~> 1.4.0" + host_project_id = "my-host-project-id" + service_project_num = 1 + service_project_ids = ["my-service-project-id"] + host_subnets = ["my-subnet"] + host_subnet_regions = ["europe-west1"] + host_subnet_users = { + my-subnet = "group:my-service-owners@example.org,serviceAccount:1234567890@cloudservices.gserviceaccount.com" + } + host_service_agent_role = true + host_service_agent_users = [ + "serviceAccount:service-123456789@container-engine-robot.iam.gserviceaccount.com" + ] +} +``` + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| host\_project\_id | Project id of the shared VPC host project. | string | n/a | yes | +| host\_service\_agent\_role | Assign host service agent role to users in host_service_agent_users variable. | bool | `"false"` | no | +| host\_service\_agent\_users | List of IAM-style users that will be granted the host service agent role on the host project. | list(string) | `` | no | +| host\_subnet\_regions | List of subnet regions, one per subnet. | list(string) | `` | no | +| host\_subnet\_users | Map of comma-delimited IAM-style members to which network user roles for subnets will be assigned. | map(any) | `` | no | +| host\_subnets | List of subnet names on which to grant network user role. | list(string) | `` | no | +| service\_project\_ids | Ids of the service projects that will be attached to the Shared VPC. | list(string) | n/a | yes | +| service\_project\_num | Number of service projects that will be attached to the Shared VPC. | number | `"0"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| service\_projects | Project ids of the services with access to all subnets. | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/main.tf new file mode 100644 index 000000000..a51c74b7b --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/main.tf @@ -0,0 +1,40 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +resource "google_compute_shared_vpc_service_project" "projects" { + count = var.service_project_num + host_project = var.host_project_id + service_project = element(var.service_project_ids, count.index) +} + +resource "google_compute_subnetwork_iam_binding" "network_users" { + count = length(var.host_subnets) + project = var.host_project_id + region = element(var.host_subnet_regions, count.index) + subnetwork = element(var.host_subnets, count.index) + role = "roles/compute.networkUser" + + members = compact(split(",", lookup(var.host_subnet_users, + element(var.host_subnets, count.index)) + )) +} + +resource "google_project_iam_binding" "service_agents" { + count = var.host_service_agent_role ? 1 : 0 + project = var.host_project_id + role = "roles/container.hostServiceAgentUser" + members = var.host_service_agent_users +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/outputs.tf new file mode 100644 index 000000000..dc7925943 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/outputs.tf @@ -0,0 +1,20 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "service_projects" { + description = "Project ids of the services with access to all subnets." + value = google_compute_shared_vpc_service_project.projects.*.service_project +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/variables.tf new file mode 100644 index 000000000..579d2f84b --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/variables.tf @@ -0,0 +1,63 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "host_project_id" { + type = string + description = "Project id of the shared VPC host project." +} + +# passed-in values can be dynamic, so variables used in count need to be separate + +variable "service_project_num" { + type = number + description = "Number of service projects that will be attached to the Shared VPC." + default = 0 +} + +variable "service_project_ids" { + type = list(string) + description = "Ids of the service projects that will be attached to the Shared VPC." +} + +variable "host_subnets" { + type = list(string) + description = "List of subnet names on which to grant network user role." + default = [] +} + +variable "host_subnet_regions" { + type = list(string) + description = "List of subnet regions, one per subnet." + default = [] +} + +variable "host_subnet_users" { + type = map(any) + description = "Map of comma-delimited IAM-style members to which network user roles for subnets will be assigned." + default = {} +} + +variable "host_service_agent_role" { + type = bool + description = "Assign host service agent role to users in host_service_agent_users variable." + default = false +} + +variable "host_service_agent_users" { + type = list(string) + description = "List of IAM-style users that will be granted the host service agent role on the host project." + default = [] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/versions.tf new file mode 100644 index 000000000..c1eedd7e1 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" + required_providers { + google = "<4.0,>= 2.12" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/network-peering/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/network-peering/README.md new file mode 100644 index 000000000..41f0fdf4f --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/network-peering/README.md @@ -0,0 +1,66 @@ +# Google Network Peering + +This module allows creation of a [VPC Network Peering](https://cloud.google.com/vpc/docs/vpc-peering) between two networks. + +The resources created/managed by this module are: + +- one network peering from `local network` to `peer network` +- one network peering from `peer network` to `local network` + +## Usage + +Basic usage of this module is as follows: + +```hcl +module "peering" { + source = "terraform-google-modules/network/google//modules/network-peering" + + prefix = "name-prefix" + local_network = "" + peer_network = "" +} +``` + +If you need to create more than one peering for the same VPC Network `(A -> B, A -> C)` you have to use output from the first module as a dependency for the second one to keep order of peering creation (It is not currently possible to create more than one peering connection for a VPC Network at the same time). + +```hcl +module "peering-a-b" { + source = "terraform-google-modules/network/google//modules/network-peering" + + prefix = "name-prefix" + local_network = "" + peer_network = "" +} + +module "peering-a-c" { + source = "terraform-google-modules/network/google//modules/network-peering" + + prefix = "name-prefix" + local_network = "" + peer_network = "" + + module_depends_on = [module.peering-a-b.complete] +} +``` + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| export\_local\_custom\_routes | Export custom routes to peer network from local network. | bool | `"false"` | no | +| export\_peer\_custom\_routes | Export custom routes to local network from peer network. | bool | `"false"` | no | +| local\_network | Resource link of the network to add a peering to. | string | n/a | yes | +| module\_depends\_on | List of modules or resources this module depends on. | list | `` | no | +| peer\_network | Resource link of the peer network. | string | n/a | yes | +| prefix | Name prefix for the network peerings | string | `"network-peering"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| complete | Output to be used as a module dependency. | +| local\_network\_peering | Network peering resource. | +| peer\_network\_peering | Peer network peering resource. | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/network-peering/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/network-peering/main.tf new file mode 100644 index 000000000..722734b81 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/network-peering/main.tf @@ -0,0 +1,52 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + local_network_name = element(reverse(split("/", var.local_network)), 0) + peer_network_name = element(reverse(split("/", var.peer_network)), 0) +} + +resource "google_compute_network_peering" "local_network_peering" { + provider = "google-beta" + name = "${var.prefix}-${local.local_network_name}-${local.peer_network_name}" + network = var.local_network + peer_network = var.peer_network + export_custom_routes = var.export_local_custom_routes + import_custom_routes = var.export_peer_custom_routes + + depends_on = ["null_resource.module_depends_on"] +} + +resource "google_compute_network_peering" "peer_network_peering" { + provider = "google-beta" + name = "${var.prefix}-${local.peer_network_name}-${local.local_network_name}" + network = var.peer_network + peer_network = var.local_network + export_custom_routes = var.export_peer_custom_routes + import_custom_routes = var.export_local_custom_routes + + depends_on = ["null_resource.module_depends_on", "google_compute_network_peering.local_network_peering"] +} + +resource "null_resource" "module_depends_on" { + triggers = { + value = length(var.module_depends_on) + } +} + +resource "null_resource" "complete" { + depends_on = ["google_compute_network_peering.local_network_peering", "google_compute_network_peering.peer_network_peering"] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/network-peering/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/network-peering/outputs.tf new file mode 100644 index 000000000..2f7606226 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/network-peering/outputs.tf @@ -0,0 +1,30 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "local_network_peering" { + description = "Network peering resource." + value = google_compute_network_peering.local_network_peering +} + +output "peer_network_peering" { + description = "Peer network peering resource." + value = google_compute_network_peering.peer_network_peering +} + +output "complete" { + description = "Output to be used as a module dependency." + value = null_resource.complete.id +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/network-peering/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/network-peering/variables.tf new file mode 100644 index 000000000..b528440ff --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/network-peering/variables.tf @@ -0,0 +1,49 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "prefix" { + description = "Name prefix for the network peerings" + type = string + default = "network-peering" +} + +variable "local_network" { + description = "Resource link of the network to add a peering to." + type = string +} + +variable "peer_network" { + description = "Resource link of the peer network." + type = string +} + +variable "export_peer_custom_routes" { + description = "Export custom routes to local network from peer network." + type = bool + default = false +} + +variable "export_local_custom_routes" { + description = "Export custom routes to peer network from local network." + type = bool + default = false +} + +variable "module_depends_on" { + description = "List of modules or resources this module depends on." + type = list + default = [] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/network-peering/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/network-peering/versions.tf new file mode 100644 index 000000000..c1eedd7e1 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/network-peering/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" + required_providers { + google = "<4.0,>= 2.12" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/routes-beta/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/routes-beta/README.md new file mode 100644 index 000000000..058e3e468 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/routes-beta/README.md @@ -0,0 +1,91 @@ +# Terraform Network Beta Module + +This submodule is part of the the `terraform-google-network` module. It creates the individual vpc routes and optionally deletes the default internet gateway routes. + +It supports creating: + +- Routes within vpc network. +- Optionally deletes the default internet gateway routes. + +It also uses google beta provider to support the following resource fields: + +- google_compute_route.next_hop_ilb + +## Usage + +Basic usage of this submodule is as follows: + +```hcl +module "vpc" { + source = "terraform-google-modules/network/google//modules/routes-beta" + version = "~> 2.0.0" + + project_id = "" + network_name = "example-vpc" + + delete_default_internet_gateway_routes = false + + routes = [ + { + name = "egress-internet" + description = "route through IGW to access internet" + destination_range = "0.0.0.0/0" + tags = "egress-inet" + next_hop_internet = "true" + }, + { + name = "app-proxy" + description = "route through proxy to reach app" + destination_range = "10.50.10.0/24" + tags = "app-proxy" + next_hop_instance = "app-proxy-instance" + next_hop_instance_zone = "us-west1-a" + }, + { + name = "test-proxy" + description = "route through idp to reach app" + destination_range = "10.50.10.0/24" + tags = "app-proxy" + next_hop_ilb = var.ilb_link + }, + ] +} +``` + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| delete\_default\_internet\_gateway\_routes | If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted | string | `"false"` | no | +| module\_depends\_on | List of modules or resources this module depends on. | list | `` | no | +| network\_name | The name of the network where routes will be created | string | n/a | yes | +| project\_id | The ID of the project where the routes will be created | string | n/a | yes | +| routes | List of routes being created in this VPC | list(map(string)) | `` | no | +| routes\_count | Amount of routes being created in this VPC | number | `"0"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| routes | The created routes resources | + + + + +### Routes Input + +The routes list contains maps, where each object represents a route. For the next_hop_* inputs, only one is possible to be used in each route. Having two next_hop_* inputs will produce an error. Each map has the following inputs (please see examples folder for additional references): + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| name | The name of the route being created | string | - | no | +| description | The description of the route being created | string | - | no | +| tags | The network tags assigned to this route. This is a list in string format. Eg. "tag-01,tag-02"| string | - | yes | +| destination\_range | The destination range of outgoing packets that this route applies to. Only IPv4 is supported | string | - | yes +| next\_hop\_internet | Whether the next hop to this route will the default internet gateway. Use "true" to enable this as next hop | string | `"false"` | yes | +| next\_hop\_ip | Network IP address of an instance that should handle matching packets | string | - | yes | +| next\_hop\_instance | URL or name of an instance that should handle matching packets. If just name is specified "next\_hop\_instance\_zone" is required | string | - | yes | +| next\_hop\_instance\_zone | The zone of the instance specified in next\_hop\_instance. Only required if next\_hop\_instance is specified as a name | string | - | no | +| next\_hop\_vpn\_tunnel | URL to a VpnTunnel that should handle matching packets | string | - | yes | +| priority | The priority of this route. Priority is used to break ties in cases where there is more than one matching route of equal prefix length. In the case of two routes with equal prefix length, the one with the lowest-numbered priority value wins | string | `"1000"` | yes | diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/routes-beta/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/routes-beta/main.tf new file mode 100644 index 000000000..686bdf37a --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/routes-beta/main.tf @@ -0,0 +1,56 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/****************************************** + Routes + *****************************************/ +resource "google_compute_route" "route" { + provider = google-beta + count = var.routes_count + + project = var.project_id + network = var.network_name + + name = lookup(var.routes[count.index], "name", format("%s-%s-%d", lower(var.network_name), "route", count.index)) + description = lookup(var.routes[count.index], "description", null) + tags = compact(split(",", lookup(var.routes[count.index], "tags", ""))) + dest_range = lookup(var.routes[count.index], "destination_range", null) + next_hop_gateway = lookup(var.routes[count.index], "next_hop_internet", "false") == "true" ? "default-internet-gateway" : "" + next_hop_ip = lookup(var.routes[count.index], "next_hop_ip", null) + next_hop_instance = lookup(var.routes[count.index], "next_hop_instance", null) + next_hop_instance_zone = lookup(var.routes[count.index], "next_hop_instance_zone", null) + next_hop_vpn_tunnel = lookup(var.routes[count.index], "next_hop_vpn_tunnel", null) + next_hop_ilb = lookup(var.routes[count.index], "next_hop_ilb", null) + priority = lookup(var.routes[count.index], "priority", null) + + depends_on = [var.module_depends_on] +} + +resource "null_resource" "delete_default_internet_gateway_routes" { + count = var.delete_default_internet_gateway_routes ? 1 : 0 + + provisioner "local-exec" { + command = "${path.module}/scripts/delete-default-gateway-routes.sh ${var.project_id} ${var.network_name}" + } + + triggers = { + number_of_routes = length(var.routes) + } + + depends_on = [ + google_compute_route.route, + ] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/routes-beta/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/routes-beta/outputs.tf new file mode 100644 index 000000000..0f672ec67 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/routes-beta/outputs.tf @@ -0,0 +1,20 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "routes" { + value = google_compute_route.route + description = "The created routes resources" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/routes-beta/scripts/delete-default-gateway-routes.sh b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/routes-beta/scripts/delete-default-gateway-routes.sh new file mode 100644 index 000000000..8366d5064 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/routes-beta/scripts/delete-default-gateway-routes.sh @@ -0,0 +1,48 @@ +#!/bin/bash +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +set -e + +if [ -n "${GOOGLE_APPLICATION_CREDENTIALS}" ]; then + export CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE=${GOOGLE_APPLICATION_CREDENTIALS} +fi + +PROJECT_ID=$1 +NETWORK_ID=$2 +FILTERED_ROUTES=$(gcloud compute routes list \ + --project="${PROJECT_ID}" \ + --format="value(name)" \ + --filter=" \ + nextHopGateway:(https://www.googleapis.com/compute/v1/projects/${PROJECT_ID}/global/gateways/default-internet-gateway) \ + AND network:(https://www.googleapis.com/compute/v1/projects/${PROJECT_ID}/global/networks/${NETWORK_ID}) \ + AND name~^default-route \ + " +) + +function delete_internet_gateway_routes { + local routes="${1}" + echo "${routes}" | while read -r line; do + echo "Deleting route ${line}..." + gcloud compute routes delete "${line}" --quiet --project="${PROJECT_ID}" + done +} + +if [ -n "${FILTERED_ROUTES}" ]; then + delete_internet_gateway_routes "${FILTERED_ROUTES}" +else + echo "Default internet gateway route(s) not found; exiting..." +fi + diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/routes-beta/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/routes-beta/variables.tf new file mode 100644 index 000000000..989db81a8 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/routes-beta/variables.tf @@ -0,0 +1,46 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The ID of the project where the routes will be created" +} + +variable "network_name" { + description = "The name of the network where routes will be created" +} + +variable "routes" { + type = list(map(string)) + description = "List of routes being created in this VPC" + default = [] +} + +variable "routes_count" { + type = number + description = "Amount of routes being created in this VPC" + default = 0 +} + +variable "delete_default_internet_gateway_routes" { + description = "If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted" + default = "false" +} + +variable "module_depends_on" { + description = "List of modules or resources this module depends on." + type = list + default = [] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/routes-beta/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/routes-beta/versions.tf new file mode 100644 index 000000000..fe58b3536 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/routes-beta/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" + required_providers { + google-beta = "~> 2.19.0" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/routes/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/routes/README.md new file mode 100644 index 000000000..8051ac5de --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/routes/README.md @@ -0,0 +1,79 @@ +# Terraform Network Module + +This submodule is part of the the `terraform-google-network` module. It creates the individual vpc routes and optionally deletes the default internet gateway routes. + +It supports creating: + +- Routes within vpc network. +- Optionally deletes the default internet gateway routes. + +## Usage + +Basic usage of this submodule is as follows: + +```hcl +module "vpc" { + source = "terraform-google-modules/network/google//modules/routes" + version = "~> 2.0.0" + + project_id = "" + network_name = "example-vpc" + + delete_default_internet_gateway_routes = false + + routes = [ + { + name = "egress-internet" + description = "route through IGW to access internet" + destination_range = "0.0.0.0/0" + tags = "egress-inet" + next_hop_internet = "true" + }, + { + name = "app-proxy" + description = "route through proxy to reach app" + destination_range = "10.50.10.0/24" + tags = "app-proxy" + next_hop_instance = "app-proxy-instance" + next_hop_instance_zone = "us-west1-a" + }, + ] +} +``` + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| delete\_default\_internet\_gateway\_routes | If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted | string | `"false"` | no | +| module\_depends\_on | List of modules or resources this module depends on. | list | `` | no | +| network\_name | The name of the network where routes will be created | string | n/a | yes | +| project\_id | The ID of the project where the routes will be created | string | n/a | yes | +| routes | List of routes being created in this VPC | list(map(string)) | `` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| routes | The created routes resources | + + + + +### Routes Input + +The routes list contains maps, where each object represents a route. For the next_hop_* inputs, only one is possible to be used in each route. Having two next_hop_* inputs will produce an error. Each map has the following inputs (please see examples folder for additional references): + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| name | The name of the route being created | string | - | no | +| description | The description of the route being created | string | - | no | +| tags | The network tags assigned to this route. This is a list in string format. Eg. "tag-01,tag-02"| string | - | yes | +| destination\_range | The destination range of outgoing packets that this route applies to. Only IPv4 is supported | string | - | yes +| next\_hop\_internet | Whether the next hop to this route will the default internet gateway. Use "true" to enable this as next hop | string | `"false"` | yes | +| next\_hop\_ip | Network IP address of an instance that should handle matching packets | string | - | yes | +| next\_hop\_instance | URL or name of an instance that should handle matching packets. If just name is specified "next\_hop\_instance\_zone" is required | string | - | yes | +| next\_hop\_instance\_zone | The zone of the instance specified in next\_hop\_instance. Only required if next\_hop\_instance is specified as a name | string | - | no | +| next\_hop\_vpn\_tunnel | URL to a VpnTunnel that should handle matching packets | string | - | yes | +| priority | The priority of this route. Priority is used to break ties in cases where there is more than one matching route of equal prefix length. In the case of two routes with equal prefix length, the one with the lowest-numbered priority value wins | string | `"1000"` | yes | diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/routes/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/routes/main.tf new file mode 100644 index 000000000..839e307a6 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/routes/main.tf @@ -0,0 +1,61 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + routes = { + for i, route in var.routes : + lookup(route, "name", format("%s-%s-%d", lower(var.network_name), "route", i)) => route + } +} + +/****************************************** + Routes + *****************************************/ +resource "google_compute_route" "route" { + for_each = local.routes + + project = var.project_id + network = var.network_name + + name = each.key + description = lookup(each.value, "description", null) + tags = compact(split(",", lookup(each.value, "tags", ""))) + dest_range = lookup(each.value, "destination_range", null) + next_hop_gateway = lookup(each.value, "next_hop_internet", "false") == "true" ? "default-internet-gateway" : null + next_hop_ip = lookup(each.value, "next_hop_ip", null) + next_hop_instance = lookup(each.value, "next_hop_instance", null) + next_hop_instance_zone = lookup(each.value, "next_hop_instance_zone", null) + next_hop_vpn_tunnel = lookup(each.value, "next_hop_vpn_tunnel", null) + priority = lookup(each.value, "priority", null) + + depends_on = [var.module_depends_on] +} + +resource "null_resource" "delete_default_internet_gateway_routes" { + count = var.delete_default_internet_gateway_routes ? 1 : 0 + + provisioner "local-exec" { + command = "${path.module}/scripts/delete-default-gateway-routes.sh ${var.project_id} ${var.network_name}" + } + + triggers = { + number_of_routes = length(var.routes) + } + + depends_on = [ + google_compute_route.route, + ] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/routes/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/routes/outputs.tf new file mode 100644 index 000000000..0f672ec67 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/routes/outputs.tf @@ -0,0 +1,20 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "routes" { + value = google_compute_route.route + description = "The created routes resources" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/routes/scripts/delete-default-gateway-routes.sh b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/routes/scripts/delete-default-gateway-routes.sh new file mode 100755 index 000000000..8366d5064 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/routes/scripts/delete-default-gateway-routes.sh @@ -0,0 +1,48 @@ +#!/bin/bash +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +set -e + +if [ -n "${GOOGLE_APPLICATION_CREDENTIALS}" ]; then + export CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE=${GOOGLE_APPLICATION_CREDENTIALS} +fi + +PROJECT_ID=$1 +NETWORK_ID=$2 +FILTERED_ROUTES=$(gcloud compute routes list \ + --project="${PROJECT_ID}" \ + --format="value(name)" \ + --filter=" \ + nextHopGateway:(https://www.googleapis.com/compute/v1/projects/${PROJECT_ID}/global/gateways/default-internet-gateway) \ + AND network:(https://www.googleapis.com/compute/v1/projects/${PROJECT_ID}/global/networks/${NETWORK_ID}) \ + AND name~^default-route \ + " +) + +function delete_internet_gateway_routes { + local routes="${1}" + echo "${routes}" | while read -r line; do + echo "Deleting route ${line}..." + gcloud compute routes delete "${line}" --quiet --project="${PROJECT_ID}" + done +} + +if [ -n "${FILTERED_ROUTES}" ]; then + delete_internet_gateway_routes "${FILTERED_ROUTES}" +else + echo "Default internet gateway route(s) not found; exiting..." +fi + diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/routes/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/routes/variables.tf new file mode 100644 index 000000000..8eed495ff --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/routes/variables.tf @@ -0,0 +1,40 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The ID of the project where the routes will be created" +} + +variable "network_name" { + description = "The name of the network where routes will be created" +} + +variable "routes" { + type = list(map(string)) + description = "List of routes being created in this VPC" + default = [] +} + +variable "delete_default_internet_gateway_routes" { + description = "If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted" + default = "false" +} + +variable "module_depends_on" { + description = "List of modules or resources this module depends on." + type = list + default = [] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/routes/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/routes/versions.tf new file mode 100644 index 000000000..c1eedd7e1 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/routes/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" + required_providers { + google = "<4.0,>= 2.12" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/subnets-beta/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/subnets-beta/README.md new file mode 100644 index 000000000..e1fc71574 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/subnets-beta/README.md @@ -0,0 +1,95 @@ +# Terraform Network Beta Module + +This submodule is part of the the `terraform-google-network` module. It creates the individual vpc subnets. + +It supports creating: + +- Subnets within vpc network. + +It also uses google beta provider to support the following resource fields: + +- google_compute_subnetwork.purpose +- google_compute_subnetwork.role + +## Usage + +Basic usage of this submodule is as follows: + +```hcl +module "vpc" { + source = "terraform-google-modules/network/google//modules/subnets-beta" + version = "~> 2.0.0" + + project_id = "" + network_name = "example-vpc" + + subnets = [ + { + subnet_name = "subnet-01" + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + subnet_name = "subnet-02" + subnet_ip = "10.10.20.0/24" + subnet_region = "us-west1" + subnet_private_access = "true" + subnet_flow_logs = "true" + description = "This subnet has a description" + purpose = "INTERNAL_HTTPS_LOAD_BALANCER" + role = "ACTIVE" + }, + { + subnet_name = "subnet-03" + subnet_ip = "10.10.30.0/24" + subnet_region = "us-west1" + subnet_flow_logs = "true" + subnet_flow_logs_interval = "INTERVAL_10_MIN" + subnet_flow_logs_sampling = 0.7 + subnet_flow_logs_metadata = "INCLUDE_ALL_METADATA" + } + ] + + secondary_ranges = { + subnet-01 = [ + { + range_name = "subnet-01-secondary-01" + ip_cidr_range = "192.168.64.0/24" + }, + ] + + subnet-02 = [] + } +} +``` + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| module\_depends\_on | List of modules or resources this module depends on. | list | `` | no | +| network\_name | The name of the network where subnets will be created | string | n/a | yes | +| project\_id | The ID of the project where subnets will be created | string | n/a | yes | +| secondary\_ranges | Secondary ranges that will be used in some of the subnets | object | `` | no | +| subnets | The list of subnets being created | list(map(string)) | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| subnets | The created subnet resources | + + + +### Subnet Inputs + +The subnets list contains maps, where each object represents a subnet. Each map has the following inputs (please see examples folder for additional references): + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| subnet\_name | The name of the subnet being created | string | - | yes | +| subnet\_ip | The IP and CIDR range of the subnet being created | string | - | yes | +| subnet\_region | The region where the subnet will be created | string | - | yes | +| subnet\_private\_access | Whether this subnet will have private Google access enabled | string | `"false"` | no | +| subnet\_flow\_logs | Whether the subnet will record and send flow log data to logging | string | `"false"` | no | diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/subnets-beta/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/subnets-beta/main.tf new file mode 100644 index 000000000..4bd88613c --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/subnets-beta/main.tf @@ -0,0 +1,65 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + subnets = { + for x in var.subnets : + "${x.subnet_region}/${x.subnet_name}" => x + } +} + + +/****************************************** + Subnet configuration + *****************************************/ +resource "google_compute_subnetwork" "subnetwork" { + provider = google-beta + for_each = local.subnets + name = each.value.subnet_name + ip_cidr_range = each.value.subnet_ip + region = each.value.subnet_region + private_ip_google_access = lookup(each.value, "subnet_private_access", "false") + dynamic "log_config" { + for_each = lookup(each.value, "subnet_flow_logs", false) ? [{ + aggregation_interval = lookup(each.value, "subnet_flow_logs_interval", null) + flow_sampling = lookup(each.value, "subnet_flow_logs_sampling", null) + metadata = lookup(each.value, "subnet_flow_logs_metadata", null) + }] : [] + content { + aggregation_interval = log_config.value.aggregation_interval + flow_sampling = log_config.value.flow_sampling + metadata = log_config.value.metadata + } + } + network = var.network_name + project = var.project_id + description = lookup(each.value, "description", null) + secondary_ip_range = [ + for i in range( + length( + contains( + keys(var.secondary_ranges), each.value.subnet_name) == true + ? var.secondary_ranges[each.value.subnet_name] + : [] + )) : + var.secondary_ranges[each.value.subnet_name][i] + ] + + purpose = lookup(each.value, "purpose", null) + role = lookup(each.value, "role", null) + + depends_on = [var.module_depends_on] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/subnets-beta/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/subnets-beta/outputs.tf new file mode 100644 index 000000000..6ba07eb1e --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/subnets-beta/outputs.tf @@ -0,0 +1,20 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "subnets" { + value = google_compute_subnetwork.subnetwork + description = "The created subnet resources" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/subnets-beta/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/subnets-beta/variables.tf new file mode 100644 index 000000000..a356b4afd --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/subnets-beta/variables.tf @@ -0,0 +1,40 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The ID of the project where subnets will be created" +} + +variable "network_name" { + description = "The name of the network where subnets will be created" +} + +variable "subnets" { + type = list(map(string)) + description = "The list of subnets being created" +} + +variable "secondary_ranges" { + type = map(list(object({ range_name = string, ip_cidr_range = string }))) + description = "Secondary ranges that will be used in some of the subnets" + default = {} +} + +variable "module_depends_on" { + description = "List of modules or resources this module depends on." + type = list + default = [] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/subnets-beta/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/subnets-beta/versions.tf new file mode 100644 index 000000000..fe58b3536 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/subnets-beta/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" + required_providers { + google-beta = "~> 2.19.0" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/subnets/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/subnets/README.md new file mode 100644 index 000000000..ab2830ee1 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/subnets/README.md @@ -0,0 +1,90 @@ +# Terraform Network Module + +This submodule is part of the the `terraform-google-network` module. It creates the individual vpc subnets. + +It supports creating: + +- Subnets within vpc network. + +## Usage + +Basic usage of this submodule is as follows: + +```hcl +module "vpc" { + source = "terraform-google-modules/network/google//modules/subnets" + version = "~> 2.0.0" + + project_id = "" + network_name = "example-vpc" + + subnets = [ + { + subnet_name = "subnet-01" + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + subnet_name = "subnet-02" + subnet_ip = "10.10.20.0/24" + subnet_region = "us-west1" + subnet_private_access = "true" + subnet_flow_logs = "true" + description = "This subnet has a description" + }, + { + subnet_name = "subnet-03" + subnet_ip = "10.10.30.0/24" + subnet_region = "us-west1" + subnet_flow_logs = "true" + subnet_flow_logs_interval = "INTERVAL_10_MIN" + subnet_flow_logs_sampling = 0.7 + subnet_flow_logs_metadata = "INCLUDE_ALL_METADATA" + } + ] + + secondary_ranges = { + subnet-01 = [ + { + range_name = "subnet-01-secondary-01" + ip_cidr_range = "192.168.64.0/24" + }, + ] + + subnet-02 = [] + } +} +``` + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| network\_name | The name of the network where subnets will be created | string | n/a | yes | +| project\_id | The ID of the project where subnets will be created | string | n/a | yes | +| secondary\_ranges | Secondary ranges that will be used in some of the subnets | object | `` | no | +| subnets | The list of subnets being created | list(map(string)) | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| subnets | The created subnet resources | + + + +### Subnet Inputs + +The subnets list contains maps, where each object represents a subnet. Each map has the following inputs (please see examples folder for additional references): + +| Name | Description | Type | Default | Required | +| ---------------------------- | --------------------------------------------------------------------------------------------------------------- | :----: | :----------------------: | :------: | +| subnet\_name | The name of the subnet being created | string | - | yes | +| subnet\_ip | The IP and CIDR range of the subnet being created | string | - | yes | +| subnet\_region | The region where the subnet will be created | string | - | yes | +| subnet\_private\_access | Whether this subnet will have private Google access enabled | string | `"false"` | no | +| subnet\_flow\_logs | Whether the subnet will record and send flow log data to logging | string | `"false"` | no | +| subnet\_flow\_logs\_interval | If subnet\_flow\_logs is true, sets the aggregation interval for collecting flow logs | string | `"INTERVAL_5_SEC"` | no | +| subnet\_flow\_logs\_sampling | If subnet\_flow\_logs is true, set the sampling rate of VPC flow logs within the subnetwork | string | `"0.5"` | no | +| subnet\_flow\_logs\_metadata | If subnet\_flow\_logs is true, configures whether metadata fields should be added to the reported VPC flow logs | string | `"INCLUDE_ALL_METADATA"` | no | diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/subnets/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/subnets/main.tf new file mode 100644 index 000000000..b9df248b6 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/subnets/main.tf @@ -0,0 +1,59 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + subnets = { + for x in var.subnets : + "${x.subnet_region}/${x.subnet_name}" => x + } +} + + +/****************************************** + Subnet configuration + *****************************************/ +resource "google_compute_subnetwork" "subnetwork" { + for_each = local.subnets + name = each.value.subnet_name + ip_cidr_range = each.value.subnet_ip + region = each.value.subnet_region + private_ip_google_access = lookup(each.value, "subnet_private_access", "false") + dynamic "log_config" { + for_each = lookup(each.value, "subnet_flow_logs", false) ? [{ + aggregation_interval = lookup(each.value, "subnet_flow_logs_interval", "INTERVAL_5_SEC") + flow_sampling = lookup(each.value, "subnet_flow_logs_sampling", "0.5") + metadata = lookup(each.value, "subnet_flow_logs_metadata", "INCLUDE_ALL_METADATA") + }] : [] + content { + aggregation_interval = log_config.value.aggregation_interval + flow_sampling = log_config.value.flow_sampling + metadata = log_config.value.metadata + } + } + network = var.network_name + project = var.project_id + description = lookup(each.value, "description", null) + secondary_ip_range = [ + for i in range( + length( + contains( + keys(var.secondary_ranges), each.value.subnet_name) == true + ? var.secondary_ranges[each.value.subnet_name] + : [] + )) : + var.secondary_ranges[each.value.subnet_name][i] + ] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/subnets/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/subnets/outputs.tf new file mode 100644 index 000000000..6ba07eb1e --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/subnets/outputs.tf @@ -0,0 +1,20 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "subnets" { + value = google_compute_subnetwork.subnetwork + description = "The created subnet resources" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/subnets/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/subnets/variables.tf new file mode 100644 index 000000000..84d7b0992 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/subnets/variables.tf @@ -0,0 +1,34 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The ID of the project where subnets will be created" +} + +variable "network_name" { + description = "The name of the network where subnets will be created" +} + +variable "subnets" { + type = list(map(string)) + description = "The list of subnets being created" +} + +variable "secondary_ranges" { + type = map(list(object({ range_name = string, ip_cidr_range = string }))) + description = "Secondary ranges that will be used in some of the subnets" + default = {} +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/subnets/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/subnets/versions.tf new file mode 100644 index 000000000..c1eedd7e1 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/subnets/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" + required_providers { + google = "<4.0,>= 2.12" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/vpc/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/vpc/README.md new file mode 100644 index 000000000..cae59d021 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/vpc/README.md @@ -0,0 +1,46 @@ +# Terraform Network Module + +This submodule is part of the the `terraform-google-network` module. It creates a vpc network and optionally enables it as a Shared VPC host project. + +It supports creating: + +- A VPC Network +- Optionally enabling the network as a Shared VPC host + +## Usage + +Basic usage of this submodule is as follows: + +```hcl +module "vpc" { + source = "terraform-google-modules/network/google//modules/vpc" + version = "~> 2.0.0" + + project_id = "" + network_name = "example-vpc" + + shared_vpc_host = false +``` + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| auto\_create\_subnetworks | When set to true, the network is created in 'auto subnet mode' and it will create a subnet for each region automatically across the 10.128.0.0/9 address range. When set to false, the network is created in 'custom subnet mode' so the user can explicitly connect subnetwork resources. | bool | `"false"` | no | +| description | An optional description of this resource. The resource must be recreated to modify this field. | string | `""` | no | +| network\_name | The name of the network being created | string | n/a | yes | +| project\_id | The ID of the project where this VPC will be created | string | n/a | yes | +| routing\_mode | The network routing mode (default 'GLOBAL') | string | `"GLOBAL"` | no | +| shared\_vpc\_host | Makes this project a Shared VPC host if 'true' (default 'false') | bool | `"false"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| network | The VPC resource being created | +| network\_name | The name of the VPC being created | +| network\_self\_link | The URI of the VPC being created | +| project\_id | VPC project id | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/vpc/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/vpc/main.tf new file mode 100644 index 000000000..557037938 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/vpc/main.tf @@ -0,0 +1,35 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/****************************************** + VPC configuration + *****************************************/ +resource "google_compute_network" "network" { + name = var.network_name + auto_create_subnetworks = var.auto_create_subnetworks + routing_mode = var.routing_mode + project = var.project_id + description = var.description +} + +/****************************************** + Shared VPC + *****************************************/ +resource "google_compute_shared_vpc_host_project" "shared_vpc_host" { + count = var.shared_vpc_host ? 1 : 0 + project = var.project_id + depends_on = [google_compute_network.network] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/vpc/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/vpc/outputs.tf new file mode 100644 index 000000000..19c9e83e5 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/vpc/outputs.tf @@ -0,0 +1,35 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "network" { + value = google_compute_network.network + description = "The VPC resource being created" +} + +output "network_name" { + value = google_compute_network.network.name + description = "The name of the VPC being created" +} + +output "network_self_link" { + value = google_compute_network.network.self_link + description = "The URI of the VPC being created" +} + +output "project_id" { + value = var.shared_vpc_host ? google_compute_shared_vpc_host_project.shared_vpc_host.*.project[0] : google_compute_network.network.project + description = "VPC project id" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/vpc/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/vpc/variables.tf new file mode 100644 index 000000000..a96751c41 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/vpc/variables.tf @@ -0,0 +1,47 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The ID of the project where this VPC will be created" +} + +variable "network_name" { + description = "The name of the network being created" +} + +variable "routing_mode" { + type = string + default = "GLOBAL" + description = "The network routing mode (default 'GLOBAL')" +} + +variable "shared_vpc_host" { + type = bool + description = "Makes this project a Shared VPC host if 'true' (default 'false')" + default = false +} + +variable "description" { + type = string + description = "An optional description of this resource. The resource must be recreated to modify this field." + default = "" +} + +variable "auto_create_subnetworks" { + type = bool + description = "When set to true, the network is created in 'auto subnet mode' and it will create a subnet for each region automatically across the 10.128.0.0/9 address range. When set to false, the network is created in 'custom subnet mode' so the user can explicitly connect subnetwork resources." + default = false +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/vpc/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/vpc/versions.tf new file mode 100644 index 000000000..c1eedd7e1 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/modules/vpc/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" + required_providers { + google = "<4.0,>= 2.12" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/outputs.tf new file mode 100644 index 000000000..422bd4c06 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/outputs.tf @@ -0,0 +1,80 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "network" { + value = module.vpc + description = "The created network" +} + +output "subnets" { + value = module.subnets.subnets + description = "A map with keys of form subnet_region/subnet_name and values being the outputs of the google_compute_subnetwork resources used to create corresponding subnets." +} + +output "network_name" { + value = module.vpc.network_name + description = "The name of the VPC being created" +} + +output "network_self_link" { + value = module.vpc.network_self_link + description = "The URI of the VPC being created" +} + +output "project_id" { + value = module.vpc.project_id + description = "VPC project id" +} + +output "subnets_names" { + value = [for network in module.subnets.subnets : network.name] + description = "The names of the subnets being created" +} + +output "subnets_ips" { + value = [for network in module.subnets.subnets : network.ip_cidr_range] + description = "The IPs and CIDRs of the subnets being created" +} + +output "subnets_self_links" { + value = [for network in module.subnets.subnets : network.self_link] + description = "The self-links of subnets being created" +} + +output "subnets_regions" { + value = [for network in module.subnets.subnets : network.region] + description = "The region where the subnets will be created" +} + +output "subnets_private_access" { + value = [for network in module.subnets.subnets : network.private_ip_google_access] + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "subnets_flow_logs" { + value = [for network in module.subnets.subnets : length(network.log_config) != 0 ? true : false] + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "subnets_secondary_ranges" { + value = [for network in module.subnets.subnets : network.secondary_ip_range] + description = "The secondary ranges associated with these subnets" +} + +output "route_names" { + value = [for route in module.routes.routes : route.name] + description = "The route names associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/.gitignore b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/.gitignore new file mode 100644 index 000000000..d69ba0d42 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/.gitignore @@ -0,0 +1 @@ +source.sh diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/all_examples/test_output.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/all_examples/test_output.tf new file mode 100644 index 000000000..456f4e14b --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/all_examples/test_output.tf @@ -0,0 +1,23 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// These outputs are used to test the module with inspec +// They do not need to be included in real-world uses of this module + +output "project_id" { + value = var.project_id + description = "The ID of the project to which resources are applied." +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/all_examples/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/all_examples/variables.tf new file mode 100644 index 000000000..c8b58be2b --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/all_examples/variables.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to deploy to" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/main.tf new file mode 100644 index 000000000..cf8dc5d18 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/main.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + network_name = "delete-gw-routes-${var.random_string_for_testing}" +} + +module "example" { + source = "../../../examples/delete_default_gateway_routes" + project_id = var.project_id + network_name = local.network_name +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/outputs.tf new file mode 100644 index 000000000..68e9e0763 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/outputs.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = var.project_id + description = "The ID of the project being used" +} + +output "network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/route.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/route.tf new file mode 100644 index 000000000..f4e72517c --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/route.tf @@ -0,0 +1,30 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# This fixture defines a default internet gateway route that DOESN'T start +# with 'default-route' to test the behavior of the script that deletes +# the default internet gateway routes. + +resource "google_compute_route" "alternative_gateway" { + project = var.project_id + network = module.example.network_name + + name = "alternative-gateway-route" + description = "Alternative gateway route" + dest_range = "0.0.0.0/0" + tags = ["egress-inet"] + next_hop_gateway = "default-internet-gateway" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/variables.tf new file mode 100644 index 000000000..4372ddee8 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/variables.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} + +variable "random_string_for_testing" { + description = "A random string of characters to be appended to resource names to ensure uniqueness" + default = "a1" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/ilb_routing/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/ilb_routing/main.tf new file mode 100644 index 000000000..9dfdf06c4 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/ilb_routing/main.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + network_name = "ilb-routing-${var.random_string_for_testing}" +} + +module "example" { + source = "../../../examples/ilb_routing" + project_id = var.project_id + network_name = local.network_name +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/ilb_routing/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/ilb_routing/outputs.tf new file mode 100644 index 000000000..8add5ef0a --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/ilb_routing/outputs.tf @@ -0,0 +1,60 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = var.project_id + description = "The ID of the project being used" +} + +output "network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_self_link" { + value = module.example.network_self_link + description = "The URI of the VPC being created" +} + +output "output_subnets_names" { + value = module.example.subnets_names + description = "The names of the subnets being created" +} + +output "output_subnets_ips" { + value = module.example.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "output_subnets_regions" { + value = module.example.subnets_regions + description = "The region where subnets will be created" +} + +output "output_routes" { + value = module.example.route_names + description = "The route names associated with this VPC" +} + +output "forwarding_rule" { + value = module.example.forwarding_rule + description = "Forwarding rule link" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/ilb_routing/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/ilb_routing/variables.tf new file mode 100644 index 000000000..4372ddee8 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/ilb_routing/variables.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} + +variable "random_string_for_testing" { + description = "A random string of characters to be appended to resource names to ensure uniqueness" + default = "a1" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/multi_vpc/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/multi_vpc/main.tf new file mode 100644 index 000000000..400a00d34 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/multi_vpc/main.tf @@ -0,0 +1,26 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +locals { + network_01_name = "multi-vpc-${var.random_string_for_testing}-01" + network_02_name = "multi-vpc-${var.random_string_for_testing}-02" +} + +module "example" { + source = "../../../examples/multi_vpc" + project_id = var.project_id + network_01_name = local.network_01_name + network_02_name = local.network_02_name +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/multi_vpc/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/multi_vpc/outputs.tf new file mode 100644 index 000000000..582ee04dc --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/multi_vpc/outputs.tf @@ -0,0 +1,30 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = var.project_id + description = "The ID of the project being used" +} + +output "network_01_name" { + value = local.network_01_name + description = "The name of the VPC network-01" +} + +output "network_02_name" { + value = local.network_02_name + description = "The name of the VPC network-01" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/multi_vpc/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/multi_vpc/variables.tf new file mode 100644 index 000000000..4372ddee8 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/multi_vpc/variables.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} + +variable "random_string_for_testing" { + description = "A random string of characters to be appended to resource names to ensure uniqueness" + default = "a1" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/secondary_ranges/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/secondary_ranges/main.tf new file mode 100644 index 000000000..39c3036b4 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/secondary_ranges/main.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + network_name = "secondary-ranges-${var.random_string_for_testing}" +} + +module "example" { + source = "../../../examples/secondary_ranges" + project_id = var.project_id + network_name = local.network_name +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/secondary_ranges/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/secondary_ranges/outputs.tf new file mode 100644 index 000000000..651f0e000 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/secondary_ranges/outputs.tf @@ -0,0 +1,70 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = var.project_id + description = "The ID of the project being used" +} + +output "network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_self_link" { + value = module.example.network_self_link + description = "The URI of the VPC being created" +} + +output "output_subnets_names" { + value = module.example.subnets_names + description = "The names of the subnets being created" +} + +output "output_subnets_ips" { + value = module.example.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "output_subnets_regions" { + value = module.example.subnets_regions + description = "The region where subnets will be created" +} + +output "output_subnets_private_access" { + value = module.example.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "output_subnets_flow_logs" { + value = module.example.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "output_subnets_secondary_ranges" { + value = module.example.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets" +} + +output "output_routes" { + value = module.example.route_names + description = "The route names associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/secondary_ranges/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/secondary_ranges/variables.tf new file mode 100644 index 000000000..4372ddee8 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/secondary_ranges/variables.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} + +variable "random_string_for_testing" { + description = "A random string of characters to be appended to resource names to ensure uniqueness" + default = "a1" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/simple_project/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/simple_project/main.tf new file mode 100644 index 000000000..20facc00a --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/simple_project/main.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + network_name = "simple-project-${var.random_string_for_testing}" +} + +module "example" { + source = "../../../examples/simple_project" + project_id = var.project_id + network_name = local.network_name +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/simple_project/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/simple_project/outputs.tf new file mode 100644 index 000000000..651f0e000 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/simple_project/outputs.tf @@ -0,0 +1,70 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = var.project_id + description = "The ID of the project being used" +} + +output "network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_self_link" { + value = module.example.network_self_link + description = "The URI of the VPC being created" +} + +output "output_subnets_names" { + value = module.example.subnets_names + description = "The names of the subnets being created" +} + +output "output_subnets_ips" { + value = module.example.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "output_subnets_regions" { + value = module.example.subnets_regions + description = "The region where subnets will be created" +} + +output "output_subnets_private_access" { + value = module.example.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "output_subnets_flow_logs" { + value = module.example.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "output_subnets_secondary_ranges" { + value = module.example.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets" +} + +output "output_routes" { + value = module.example.route_names + description = "The route names associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/simple_project/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/simple_project/variables.tf new file mode 100644 index 000000000..4372ddee8 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/simple_project/variables.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} + +variable "random_string_for_testing" { + description = "A random string of characters to be appended to resource names to ensure uniqueness" + default = "a1" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/simple_project_with_regional_network/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/simple_project_with_regional_network/main.tf new file mode 100644 index 000000000..5853c6b91 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/simple_project_with_regional_network/main.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + network_name = "simple-regional-${var.random_string_for_testing}" +} + +module "example" { + source = "../../../examples/simple_project_with_regional_network" + project_id = var.project_id + network_name = local.network_name +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/simple_project_with_regional_network/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/simple_project_with_regional_network/outputs.tf new file mode 100644 index 000000000..651f0e000 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/simple_project_with_regional_network/outputs.tf @@ -0,0 +1,70 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = var.project_id + description = "The ID of the project being used" +} + +output "network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_self_link" { + value = module.example.network_self_link + description = "The URI of the VPC being created" +} + +output "output_subnets_names" { + value = module.example.subnets_names + description = "The names of the subnets being created" +} + +output "output_subnets_ips" { + value = module.example.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "output_subnets_regions" { + value = module.example.subnets_regions + description = "The region where subnets will be created" +} + +output "output_subnets_private_access" { + value = module.example.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "output_subnets_flow_logs" { + value = module.example.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "output_subnets_secondary_ranges" { + value = module.example.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets" +} + +output "output_routes" { + value = module.example.route_names + description = "The route names associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/simple_project_with_regional_network/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/simple_project_with_regional_network/variables.tf new file mode 100644 index 000000000..4372ddee8 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/simple_project_with_regional_network/variables.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} + +variable "random_string_for_testing" { + description = "A random string of characters to be appended to resource names to ensure uniqueness" + default = "a1" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/submodule_firewall/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/submodule_firewall/main.tf new file mode 100644 index 000000000..398efe434 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/submodule_firewall/main.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + network_name = "submodule-firewall-${var.random_string_for_testing}" +} + +module "example" { + source = "../../../examples/submodule_firewall" + project_id = var.project_id + network_name = local.network_name +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/submodule_firewall/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/submodule_firewall/outputs.tf new file mode 100644 index 000000000..651f0e000 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/submodule_firewall/outputs.tf @@ -0,0 +1,70 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = var.project_id + description = "The ID of the project being used" +} + +output "network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_self_link" { + value = module.example.network_self_link + description = "The URI of the VPC being created" +} + +output "output_subnets_names" { + value = module.example.subnets_names + description = "The names of the subnets being created" +} + +output "output_subnets_ips" { + value = module.example.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "output_subnets_regions" { + value = module.example.subnets_regions + description = "The region where subnets will be created" +} + +output "output_subnets_private_access" { + value = module.example.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "output_subnets_flow_logs" { + value = module.example.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "output_subnets_secondary_ranges" { + value = module.example.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets" +} + +output "output_routes" { + value = module.example.route_names + description = "The route names associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/submodule_firewall/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/submodule_firewall/variables.tf new file mode 100644 index 000000000..4372ddee8 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/submodule_firewall/variables.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} + +variable "random_string_for_testing" { + description = "A random string of characters to be appended to resource names to ensure uniqueness" + default = "a1" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/submodule_network_peering/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/submodule_network_peering/main.tf new file mode 100644 index 000000000..b3c459e0e --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/submodule_network_peering/main.tf @@ -0,0 +1,20 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +module "peerings" { + source = "../../../examples/submodule_network_peering" + project_id = var.project_id +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/submodule_network_peering/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/submodule_network_peering/outputs.tf new file mode 100644 index 000000000..13fb41f55 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/submodule_network_peering/outputs.tf @@ -0,0 +1,23 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = var.project_id +} + +output "peerings" { + value = module.peerings +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/submodule_network_peering/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/submodule_network_peering/variables.tf new file mode 100644 index 000000000..89e4e5786 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/fixtures/submodule_network_peering/variables.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/delete_default_gateway_routes/controls/gcloud.rb b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/delete_default_gateway_routes/controls/gcloud.rb new file mode 100644 index 000000000..d59bdad86 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/delete_default_gateway_routes/controls/gcloud.rb @@ -0,0 +1,45 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') + +control "gcloud" do + title "gcloud configuration" + + # Verify that no routes whose names begin with 'default-route' and whose + # nextHopGateway is the default-internet-gateway exist + describe command("gcloud compute routes list --project=#{project_id} --filter=\"nextHopGateway:https://www.googleapis.com/compute/v1/projects/#{project_id}/global/gateways/default-internet-gateway AND network:https://www.googleapis.com/compute/v1/projects/#{project_id}/global/networks/#{network_name}\" --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "routes" do + it "should only be one" do + expect(data.length).to eq 1 + end + + it "should not begin with 'default-route'" do + expect(data.first["name"]).not_to match(/^default-route/) + end + end + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/delete_default_gateway_routes/inspec.yml b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/delete_default_gateway_routes/inspec.yml new file mode 100644 index 000000000..0b5e75e3d --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/delete_default_gateway_routes/inspec.yml @@ -0,0 +1,8 @@ +name: delete_default_gateway_routes +attributes: + - name: project_id + required: true + type: string + - name: network_name + required: true + type: string diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/ilb_routing/controls/gcloud.rb b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/ilb_routing/controls/gcloud.rb new file mode 100644 index 000000000..e4c3de90b --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/ilb_routing/controls/gcloud.rb @@ -0,0 +1,116 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') +forwarding_rule = attribute('forwarding_rule') + +control "gcloud" do + title "gcloud configuration" + + describe command("gcloud compute networks subnets describe #{network_name}-subnet --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "purpose should be correct" do + expect(data).to include( + "purpose" => "PRIVATE", + ) + end + it "role should not exist" do + expect(data).to_not include( + "role" + ) + end + end + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-01 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "purpose and role should be correct" do + expect(data).to include( + "purpose" => "INTERNAL_HTTPS_LOAD_BALANCER", + "role" => "ACTIVE" + ) + end + end + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-02 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "purpose and role should be correct" do + expect(data).to include( + "purpose" => "INTERNAL_HTTPS_LOAD_BALANCER", + "role" => "BACKUP" + ) + end + end + + describe command("gcloud compute routes describe '#{network_name}-ilb' --project=#{project_id} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "destRange" do + it "should equal '10.10.20.0/24'" do + expect(data["destRange"]).to eq '10.10.20.0/24' + end + end + + describe "tags" do + it "should equal 'egress-inet'" do + expect(data["tags"]).to eq nil + end + end + + describe "nextHopIlb" do + it "should equal the forwarding rule" do + expect(data["nextHopIlb"]).to eq forwarding_rule + end + end + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/ilb_routing/inspec.yml b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/ilb_routing/inspec.yml new file mode 100644 index 000000000..5671b8366 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/ilb_routing/inspec.yml @@ -0,0 +1,15 @@ +name: ilb_routing +depends: + - name: inspec-gcp + git: https://github.com/inspec/inspec-gcp.git + tag: v0.11.0 +attributes: + - name: project_id + required: true + type: string + - name: network_name + required: true + type: string + - name: forwarding_rule + required: true + type: string diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/multi_vpc/controls/gcloud.rb b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/multi_vpc/controls/gcloud.rb new file mode 100644 index 000000000..7c0e1c929 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/multi_vpc/controls/gcloud.rb @@ -0,0 +1,116 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_01_name = attribute('network_01_name') +network_02_name = attribute('network_02_name') + +control "gcloud" do + title "gcloud configuration" + + describe command("gcloud compute routes describe '#{network_01_name}-egress-inet' --project=#{project_id} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + let(:default_internet_gateway) { "https://www.googleapis.com/compute/v1/projects/#{project_id}/global/gateways/default-internet-gateway" } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "destRange" do + it "should equal '0.0.0.0/0'" do + expect(data["destRange"]).to eq '0.0.0.0/0' + end + end + + describe "tags" do + it "should equal 'egress-inet'" do + expect(data["tags"]).to eq ['egress-inet'] + end + end + + describe "nextHopGateway" do + it "should equal the default internet gateway" do + expect(data["nextHopGateway"]).to eq default_internet_gateway + end + end + end + + describe command("gcloud compute routes describe '#{network_02_name}-egress-inet' --project=#{project_id} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + let(:default_internet_gateway) { "https://www.googleapis.com/compute/v1/projects/#{project_id}/global/gateways/default-internet-gateway" } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "destRange" do + it "should equal '0.0.0.0/0'" do + expect(data["destRange"]).to eq '0.0.0.0/0' + end + end + + describe "tags" do + it "should equal 'egress-inet'" do + expect(data["tags"]).to eq ['egress-inet'] + end + end + + describe "nextHopGateway" do + it "should equal the default internet gateway" do + expect(data["nextHopGateway"]).to eq default_internet_gateway + end + end + end + + describe command("gcloud compute routes describe '#{network_02_name}-testapp-proxy' --project=#{project_id} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "destRange" do + it "should equal '10.50.10.0/24'" do + expect(data["destRange"]).to eq '10.50.10.0/24' + end + end + + describe "tags" do + it "should equal 'app-proxy'" do + expect(data["tags"]).to eq ['app-proxy'] + end + end + + describe "nextHopIp" do + it "should equal '10.10.40.10'" do + expect(data["nextHopIp"]).to eq '10.10.40.10' + end + end + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/multi_vpc/inspec.yml b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/multi_vpc/inspec.yml new file mode 100644 index 000000000..4e012dffe --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/multi_vpc/inspec.yml @@ -0,0 +1,11 @@ +name: multi_vpc +attributes: + - name: project_id + required: true + type: string + - name: network_01_name + required: true + type: string + - name: network_02_name + required: true + type: string diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/secondary_ranges/controls/gcloud.rb b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/secondary_ranges/controls/gcloud.rb new file mode 100644 index 000000000..19a1b66da --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/secondary_ranges/controls/gcloud.rb @@ -0,0 +1,101 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') + +control "gcloud" do + title "gcloud configuration" + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-01 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "should have the correct secondaryIpRanges configuration for #{network_name}-subnet-01-01" do + expect(data["secondaryIpRanges"][0]).to include( + "rangeName" => "#{network_name}-subnet-01-01", + "ipCidrRange" => "192.168.64.0/24" + ) + end + + it "should have the correct secondaryIpRanges configuration for #{network_name}-subnet-01-02" do + expect(data["secondaryIpRanges"][1]).to include( + "rangeName" => "#{network_name}-subnet-01-02", + "ipCidrRange" => "192.168.65.0/24" + ) + end + end + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-02 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "should have the correct secondaryIpRanges configuration for #{network_name}-subnet-02" do + expect(data).not_to include("secondaryIpRanges") + end + end + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-03 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "should have the correct secondaryIpRanges configuration for #{network_name}-subnet-03-01" do + expect(data["secondaryIpRanges"][0]).to include( + "rangeName" => "#{network_name}-subnet-03-01", + "ipCidrRange" => "192.168.66.0/24" + ) + end + end + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-04 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "should have the correct secondaryIpRanges configuration for #{network_name}-subnet-04" do + expect(data).not_to include("secondaryIpRanges") + end + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/secondary_ranges/controls/inspec_attributes.rb b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/secondary_ranges/controls/inspec_attributes.rb new file mode 100644 index 000000000..2f9ed48c3 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/secondary_ranges/controls/inspec_attributes.rb @@ -0,0 +1,61 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') + +control "inspec_attributes" do + title "Terraform Outputs" + desc "Terraform Outputs" + + describe attribute("output_network_name") do + it { should eq "#{network_name}" } + end + + describe attribute("output_network_self_link") do + it { should eq "https://www.googleapis.com/compute/v1/projects/#{project_id}/global/networks/#{network_name}" } + end + + describe attribute("output_subnets_ips") do + it { should eq ["10.10.10.0/24", "10.10.20.0/24", "10.10.30.0/24", "10.10.40.0/24"] } + end + + describe attribute("output_routes") do + it { should eq [] } + end + + describe attribute("output_subnets_flow_logs") do + it { should eq [false, true, true, false] } + end + + describe attribute("output_subnets_names") do + it { should eq ["#{network_name}-subnet-01", "#{network_name}-subnet-02", "#{network_name}-subnet-03", "#{network_name}-subnet-04"] } + end + + describe attribute("output_subnets_private_access") do + it { should eq [false, true, false, false] } + end + + describe attribute("output_subnets_regions") do + it { should eq ["us-west1", "us-west1", "us-west1", "us-west1"] } + end + + describe attribute("output_subnets_secondary_ranges") do + it { should eq [{"ip_cidr_range"=>"192.168.64.0/24", "range_name"=>"#{network_name}-subnet-01-01"}, {"ip_cidr_range"=>"192.168.65.0/24", "range_name"=>"#{network_name}-subnet-01-02"}, {"ip_cidr_range"=>"192.168.66.0/24", "range_name"=>"#{network_name}-subnet-03-01"}] } + end + + describe attribute("project_id") do + it { should eq project_id } + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/secondary_ranges/inspec.yml b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/secondary_ranges/inspec.yml new file mode 100644 index 000000000..c11e66122 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/secondary_ranges/inspec.yml @@ -0,0 +1,30 @@ +name: secondary_ranges +attributes: + - name: project_id + required: true + type: string + - name: network_name + required: true + type: string + - name: output_network_name + required: true + type: string + - name: output_network_self_link + required: true + type: string + - name: output_subnets_ips + required: true + - name: output_routes + required: true + - name: output_subnets_flow_logs + required: true + - name: output_subnets_names + required: true + - name: output_subnets_private_access + required: true + - name: output_subnets_regions + required: true + - name: output_subnets_secondary_ranges + required: true + - name: output_project_id + required: true diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/simple_project/controls/gcloud.rb b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/simple_project/controls/gcloud.rb new file mode 100644 index 000000000..0ffad824b --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/simple_project/controls/gcloud.rb @@ -0,0 +1,89 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') + +control "gcloud" do + title "gcloud configuration" + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-01 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "logConfig should not be enabled" do + expect(data).to include( + "logConfig" => { + "enable" => false, + } + ) + end + end + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-02 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "Default log config should be correct" do + expect(data).to include( + "logConfig" => { + "aggregationInterval" => "INTERVAL_5_SEC", + "enable" => true, + "flowSampling" => 0.5, + "metadata" => "INCLUDE_ALL_METADATA" + } + ) + end + end + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-03 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "Log config should be correct" do + expect(data).to include( + "logConfig" => { + "aggregationInterval" => "INTERVAL_10_MIN", + "enable" => true, + "flowSampling" => 0.7, + "metadata" => "INCLUDE_ALL_METADATA" + } + ) + end + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/simple_project/controls/gcp.rb b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/simple_project/controls/gcp.rb new file mode 100644 index 000000000..d48c79da6 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/simple_project/controls/gcp.rb @@ -0,0 +1,57 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') + +control "gcp" do + title "Google Cloud configuration" + + describe google_compute_network( + project: project_id, + name: network_name + ) do + it { should exist } + end + + describe google_compute_subnetwork( + project: project_id, + name: "#{network_name}-subnet-01", + region: "us-west1" + ) do + it { should exist } + its('ip_cidr_range') { should eq "10.10.10.0/24" } + its('private_ip_google_access') { should be false } + end + + describe google_compute_subnetwork( + project: project_id, + name: "#{network_name}-subnet-02", + region: "us-west1" + ) do + it { should exist } + its('ip_cidr_range') { should eq "10.10.20.0/24" } + its('private_ip_google_access') { should be true } + end + + describe google_compute_subnetwork( + project: project_id, + name: "#{network_name}-subnet-03", + region: "us-west1" + ) do + it { should exist } + its('ip_cidr_range') { should eq "10.10.30.0/24" } + its('private_ip_google_access') { should be false } + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/simple_project/inspec.yml b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/simple_project/inspec.yml new file mode 100644 index 000000000..7e69b5296 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/simple_project/inspec.yml @@ -0,0 +1,12 @@ +name: simple_project +depends: + - name: inspec-gcp + git: https://github.com/inspec/inspec-gcp.git + tag: v0.11.0 +attributes: + - name: project_id + required: true + type: string + - name: network_name + required: true + type: string diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/simple_project_with_regional_network/controls/gcp.rb b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/simple_project_with_regional_network/controls/gcp.rb new file mode 100644 index 000000000..84fec52cf --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/simple_project_with_regional_network/controls/gcp.rb @@ -0,0 +1,28 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') + +control "gcp" do + title "Google Cloud configuration" + + describe google_compute_network( + project: project_id, + name: network_name + ) do + it { should exist } + its('routing_config.routing_mode') { should eq 'REGIONAL' } + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/simple_project_with_regional_network/inspec.yml b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/simple_project_with_regional_network/inspec.yml new file mode 100644 index 000000000..b6f43e92f --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/simple_project_with_regional_network/inspec.yml @@ -0,0 +1,12 @@ +name: simple_project_with_regional_network +depends: + - name: inspec-gcp + git: https://github.com/inspec/inspec-gcp.git + tag: v0.11.0 +attributes: + - name: project_id + required: true + type: string + - name: network_name + required: true + type: string diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/submodule_firewall/controls/gcloud.rb b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/submodule_firewall/controls/gcloud.rb new file mode 100644 index 000000000..1bce484f8 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/submodule_firewall/controls/gcloud.rb @@ -0,0 +1,185 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') + +control "gcloud" do + title "gcloud configuration" + + describe command("gcloud compute firewall-rules describe #{network_name}-ingress-internal --project=#{project_id} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "internal rule" do + it "should exist" do + expect(data).to include( + "sourceRanges" => ["10.10.20.0/24", "10.10.10.0/24"] + ) + end + end + + describe "allowed internal rules" do + it "should contain ICMP rule" do + expect(data["allowed"]).to include({"IPProtocol" => "icmp"}) + end + + it "should contain UDP rule" do + expect(data["allowed"]).to include({"IPProtocol" => "udp"}) + end + + it "should contain TCP rule" do + expect(data["allowed"]).to include({"IPProtocol"=>"tcp", "ports"=>["8080", "1000-2000"]}) + end + end + end + + # Custom rules + describe command("gcloud compute firewall-rules describe allow-backend-to-databases --project=#{project_id} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "Custom TAG rule" do + it "has backend tag as source" do + expect(data).to include( + "sourceTags" => ["backed"] + ) + end + + it "has databases tag as target" do + expect(data).to include( + "targetTags" => ["databases"] + ) + end + + it "has expected TCP rule" do + expect(data["allowed"]).to include( + { + "IPProtocol" => "tcp", + "ports" => ["3306", "5432", "1521", "1433"] + } + ) + end + end + end + +describe command("gcloud compute firewall-rules describe deny-ingress-6534-6566 --project=#{project_id} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "deny-ingress-6534-6566" do + it "should be disabled" do + expect(data).to include( + "disabled" => true + ) + end + + it "has 0.0.0.0/0 source range" do + expect(data).to include( + "sourceRanges" => ["0.0.0.0/0"] + ) + end + + it "has expected TCP rules" do + expect(data["denied"]).to include( + { + "IPProtocol" => "tcp", + "ports" => ["6534-6566"] + } + ) + end + + it "has expected UDP rules" do + expect(data["denied"]).to include( + { + "IPProtocol" => "udp", + "ports" => ["6534-6566"] + } + ) + end + end + end + + +describe command("gcloud compute firewall-rules describe allow-all-admin-sa --project=#{project_id} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "allow-all-admin-sa" do + it "should be enabled" do + expect(data).to include( + "disabled" => false + ) + end + + it "should has correct source SA" do + expect(data["sourceServiceAccounts"]).to eq(["admin@my-shiny-org.iam.gserviceaccount.com"]) + end + + it "should has priority 30" do + expect(data["priority"]).to eq(30) + end + + it "has expected TCP rules" do + expect(data["allowed"]).to include( + { + "IPProtocol" => "tcp" + } + ) + end + + it "has expected UDP rules" do + expect(data["allowed"]).to include( + { + "IPProtocol" => "udp" + } + ) + end + end + end + +end + diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/submodule_firewall/controls/gcp.rb b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/submodule_firewall/controls/gcp.rb new file mode 100644 index 000000000..3fb736c0d --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/submodule_firewall/controls/gcp.rb @@ -0,0 +1,32 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') + +control "gcp" do + title "Google Cloud configuration" + + describe google_compute_firewalls(project: project_id) do + its('firewall_names') { should include "#{network_name}-ingress-internal" } + its('firewall_names') { should include "#{network_name}-ingress-tag-http" } + its('firewall_names') { should include "#{network_name}-ingress-tag-https" } + its('firewall_names') { should include "#{network_name}-ingress-tag-ssh" } + its('firewall_names') { should_not include "default-ingress-admins" } + its('firewall_names') { should include "deny-ingress-6534-6566" } + its('firewall_names') { should include "allow-backend-to-databases" } + its('firewall_names') { should include "allow-all-admin-sa" } + end + +end diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/submodule_firewall/controls/inspec_attributes.rb b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/submodule_firewall/controls/inspec_attributes.rb new file mode 100644 index 000000000..25320c41e --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/submodule_firewall/controls/inspec_attributes.rb @@ -0,0 +1,61 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') + +control "inspec_attributes" do + title "Terraform Outputs" + desc "Terraform Outputs" + + describe attribute("output_network_name") do + it { should eq "#{network_name}" } + end + + describe attribute("output_network_self_link") do + it { should eq "https://www.googleapis.com/compute/v1/projects/#{project_id}/global/networks/#{network_name}" } + end + + describe attribute("output_subnets_ips") do + it { should eq ["10.10.10.0/24", "10.10.20.0/24"] } + end + + describe attribute("output_routes") do + it { should eq [] } + end + + describe attribute("output_subnets_flow_logs") do + it { should eq [false, true] } + end + + describe attribute("output_subnets_names") do + it { should eq ["#{network_name}-subnet-01", "#{network_name}-subnet-02"] } + end + + describe attribute("output_subnets_private_access") do + it { should eq [false, true] } + end + + describe attribute("output_subnets_regions") do + it { should eq ["us-west1", "us-west1"] } + end + + describe attribute("output_subnets_secondary_ranges") do + it { should eq [[],[]] } + end + + describe attribute("output_project_id") do + it { should eq project_id } + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/submodule_firewall/inspec.yml b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/submodule_firewall/inspec.yml new file mode 100644 index 000000000..8f1d70e75 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/submodule_firewall/inspec.yml @@ -0,0 +1,34 @@ +name: submodule_firewall +depends: + - name: inspec-gcp + git: https://github.com/inspec/inspec-gcp.git + tag: v0.11.0 +attributes: + - name: project_id + required: true + type: string + - name: network_name + required: true + type: string + - name: output_network_name + required: true + type: string + - name: output_network_self_link + required: true + type: string + - name: output_subnets_ips + required: true + - name: output_routes + required: true + - name: output_subnets_flow_logs + required: true + - name: output_subnets_names + required: true + - name: output_subnets_private_access + required: true + - name: output_subnets_regions + required: true + - name: output_subnets_secondary_ranges + required: true + - name: output_project_id + required: true diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/submodule_network_peering/controls/gcloud.rb b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/submodule_network_peering/controls/gcloud.rb new file mode 100644 index 000000000..894e46dc0 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/submodule_network_peering/controls/gcloud.rb @@ -0,0 +1,107 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +peerings = attribute('peerings') + +control "gcloud" do + title "gcloud configuration" + peerings.each do |key, value| + local_network_peering = value['local_network_peering'] + peer_network_peering = value['peer_network_peering'] + local_network_self_link = local_network_peering['network'] + peer_network_self_link = peer_network_peering['network'] + local_network_name = local_network_self_link.split('/')[-1] + peer_network_name = peer_network_self_link.split('/')[-1] + + describe command("gcloud compute networks peerings list --project=#{project_id} --network=#{local_network_name} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "local VPC peering" do + it "should exist" do + expect(data[0]['peerings'].select{|x| x['name'] == local_network_peering['name']}).not_to be_empty + end + it "should be active" do + expect(data[0]['peerings'].select{|x| x['name'] == local_network_peering['name']}[0]['state']).to eq( + "ACTIVE" + ) + end + it "should be connected to #{peer_network_name} network" do + expect(data[0]['peerings'].select{|x| x['name'] == local_network_peering['name']}[0]['network']).to eq( + peer_network_self_link + ) + end + it "should export custom routes" do + expect(data[0]['peerings'].select{|x| x['name'] == local_network_peering['name']}[0]['exportCustomRoutes']).to eq( + true + ) + end + it "should not import custom routes" do + expect(data[0]['peerings'].select{|x| x['name'] == local_network_peering['name']}[0]['importCustomRoutes']).to eq( + false + ) + end + end + + end + + describe command("gcloud compute networks peerings list --project=#{project_id} --network=#{peer_network_name} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "peer VPC peering" do + it "should exist" do + expect(data[0]['peerings'].select{|x| x['name'] == peer_network_peering['name']}).not_to be_empty + end + it "should be active" do + expect(data[0]['peerings'].select{|x| x['name'] == peer_network_peering['name']}[0]['state']).to eq( + "ACTIVE" + ) + end + it "should be connected to #{local_network_name} network" do + expect(data[0]['peerings'].select{|x| x['name'] == peer_network_peering['name']}[0]['network']).to eq( + local_network_self_link + ) + end + it "should not export custom routes" do + expect(data[0]['peerings'].select{|x| x['name'] == peer_network_peering['name']}[0]['exportCustomRoutes']).to eq( + false + ) + end + it "should import custom routes" do + expect(data[0]['peerings'].select{|x| x['name'] == peer_network_peering['name']}[0]['importCustomRoutes']).to eq( + true + ) + end + end + end + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/submodule_network_peering/inspec.yml b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/submodule_network_peering/inspec.yml new file mode 100644 index 000000000..55de6b25f --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/integration/submodule_network_peering/inspec.yml @@ -0,0 +1,8 @@ +name: submodule_network_peering +attributes: + - name: project_id + required: true + type: string + - name: peerings + type: hash + required: true diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/setup/.gitignore b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/setup/.gitignore new file mode 100644 index 000000000..0e515f83d --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/setup/.gitignore @@ -0,0 +1,2 @@ +terraform.tfvars +source.sh diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/setup/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/setup/README.md new file mode 100644 index 000000000..258fb6981 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/setup/README.md @@ -0,0 +1,35 @@ +# Integration Testing + +Use this directory to create resources reflecting the same resource fixtures +created for use by the CI environment CI integration test pipelines. The intent +of these resources is to run the integration tests locally as closely as +possible to how they will run in the CI system. + +Once created, store the service account key content into the +`SERVICE_ACCOUNT_JSON` environment variable. This reflects the same behavior +as used in CI. + +For example: + +```bash +terraform init +terraform apply +mkdir -p ~/.credentials +terraform output sa_key | base64 --decode > ~/.credentials/network-sa.json +``` + +Then, configure the environment (suggest using direnv) like so: + +```bash +export SERVICE_ACCOUNT_JSON=$(cat ${HOME}/.credentials/network-sa.json) +export PROJECT_ID="network-module" +``` + +With these variables set, change to the root of the module and execute the +`make test_integration` task. This make target is the same that is executed +by this module's CI pipeline during integration testing, and will run the +integration tests from your machine. + +Alternatively, to run the integration tests directly from the Docker +container used by the module's CI pipeline, perform the above steps and then +run the `make test_integration_docker` target diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/setup/iam.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/setup/iam.tf new file mode 100644 index 000000000..fa3c79045 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/setup/iam.tf @@ -0,0 +1,41 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + int_required_roles = [ + "roles/compute.networkAdmin", + "roles/compute.securityAdmin", + "roles/iam.serviceAccountUser", + ] +} + +resource "google_service_account" "int_test" { + project = module.project.project_id + account_id = "ci-network" + display_name = "ci-network" +} + +resource "google_project_iam_member" "int_test" { + count = length(local.int_required_roles) + + project = module.project.project_id + role = local.int_required_roles[count.index] + member = "serviceAccount:${google_service_account.int_test.email}" +} + +resource "google_service_account_key" "int_test" { + service_account_id = google_service_account.int_test.id +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/setup/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/setup/main.tf new file mode 100644 index 000000000..f89684ea1 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/setup/main.tf @@ -0,0 +1,32 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +module "project" { + source = "terraform-google-modules/project-factory/google" + version = "~> 4.0" + + name = "ci-network" + random_project_id = "true" + org_id = var.org_id + folder_id = var.folder_id + billing_account = var.billing_account + + activate_apis = [ + "cloudresourcemanager.googleapis.com", + "compute.googleapis.com", + "serviceusage.googleapis.com" + ] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/setup/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/setup/outputs.tf new file mode 100644 index 000000000..08753a4b9 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/setup/outputs.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = module.project.project_id +} + +output "sa_key" { + value = google_service_account_key.int_test.private_key + sensitive = true +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/setup/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/setup/variables.tf new file mode 100644 index 000000000..53dd1ed77 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/setup/variables.tf @@ -0,0 +1,26 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +variable "org_id" { + description = "The numeric organization id" +} + +variable "folder_id" { + description = "The folder to deploy in" +} + +variable "billing_account" { + description = "The billing account id associated with the project, e.g. XXXXXX-YYYYYY-ZZZZZZ" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/setup/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/setup/versions.tf new file mode 100644 index 000000000..38af399dc --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/test/setup/versions.tf @@ -0,0 +1,27 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} + +provider "google" { + version = "~> 2.12.0" +} + +provider "google-beta" { + version = "~> 2.12.0" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/variables.tf new file mode 100644 index 000000000..1770d50fa --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/variables.tf @@ -0,0 +1,70 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The ID of the project where this VPC will be created" +} + +variable "network_name" { + description = "The name of the network being created" +} + +variable "routing_mode" { + type = string + default = "GLOBAL" + description = "The network routing mode (default 'GLOBAL')" +} + +variable "shared_vpc_host" { + type = bool + description = "Makes this project a Shared VPC host if 'true' (default 'false')" + default = false +} + +variable "subnets" { + type = list(map(string)) + description = "The list of subnets being created" +} + +variable "secondary_ranges" { + type = map(list(object({ range_name = string, ip_cidr_range = string }))) + description = "Secondary ranges that will be used in some of the subnets" + default = {} +} + +variable "routes" { + type = list(map(string)) + description = "List of routes being created in this VPC" + default = [] +} + +variable "delete_default_internet_gateway_routes" { + description = "If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted" + default = "false" +} + + +variable "description" { + type = string + description = "An optional description of this resource. The resource must be recreated to modify this field." + default = "" +} + +variable "auto_create_subnetworks" { + type = bool + description = "When set to true, the network is created in 'auto subnet mode' and it will create a subnet for each region automatically across the 10.128.0.0/9 address range. When set to false, the network is created in 'custom subnet mode' so the user can explicitly connect subnetwork resources." + default = false +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/versions.tf new file mode 100644 index 000000000..c1eedd7e1 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc1/terraform-google-network-2.3.0/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" + required_providers { + google = "<4.0,>= 2.12" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/CHANGELOG.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/CHANGELOG.md new file mode 100644 index 000000000..cff2bda83 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/CHANGELOG.md @@ -0,0 +1,272 @@ +# Changelog + +All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. + +## [2.3.0](https://www.github.com/terraform-google-modules/terraform-google-network/compare/v2.2.0...v2.3.0) (2020-04-16) + + +### Features + +* Add beta provider support for routes and subnets ([#124](https://www.github.com/terraform-google-modules/terraform-google-network/issues/124)) ([6c94a6f](https://www.github.com/terraform-google-modules/terraform-google-network/commit/6c94a6fd89989d1dd113e0a156f0c5d7cdd8407e)), closes [#68](https://www.github.com/terraform-google-modules/terraform-google-network/issues/68) + +## [2.2.0](https://www.github.com/terraform-google-modules/terraform-google-network/compare/v2.1.2...v2.2.0) (2020-04-07) + + +### Features + +* add network output ([#169](https://www.github.com/terraform-google-modules/terraform-google-network/issues/169)) ([0dc6965](https://www.github.com/terraform-google-modules/terraform-google-network/commit/0dc6965ab52f946b9e3d16dc8f8e3557d369da01)) + +### [2.1.2](https://www.github.com/terraform-google-modules/terraform-google-network/compare/v2.1.1...v2.1.2) (2020-04-02) + + +### Bug Fixes + +* Add support for enable_logging on firewall rules ([#155](https://www.github.com/terraform-google-modules/terraform-google-network/issues/155)) ([febec4e](https://www.github.com/terraform-google-modules/terraform-google-network/commit/febec4ef4b2d6080b18429106b19a8fbc5452bec)) +* Add variables type as first parameter on all variables ([#167](https://www.github.com/terraform-google-modules/terraform-google-network/issues/167)) ([2fff1e7](https://www.github.com/terraform-google-modules/terraform-google-network/commit/2fff1e7cd5188e24a413bc302c8a061c4f3bb19b)) +* remove invalid/outdated create_network variable ([#159](https://www.github.com/terraform-google-modules/terraform-google-network/issues/159)) ([6fac78e](https://www.github.com/terraform-google-modules/terraform-google-network/commit/6fac78e5b25a2ab72824b0ebefff6704a46fd984)) +* Resolve error with destroy and shared VPC host config ([#168](https://www.github.com/terraform-google-modules/terraform-google-network/issues/168)) ([683ae07](https://www.github.com/terraform-google-modules/terraform-google-network/commit/683ae072382c03f8b032944e539e9fa8601bad1f)), closes [#163](https://www.github.com/terraform-google-modules/terraform-google-network/issues/163) + +### [2.1.1](https://www.github.com/terraform-google-modules/terraform-google-network/compare/v2.1.0...v2.1.1) (2020-02-04) + + +### Bug Fixes + +* Correct the service_project_ids type ([#152](https://www.github.com/terraform-google-modules/terraform-google-network/issues/152)) ([80b6f54](https://www.github.com/terraform-google-modules/terraform-google-network/commit/80b6f54c007bc5b89709a9eebe330af058ca2260)) +* Resolve "Invalid expanding argument value" issue with the newer versions of terraform ([#153](https://www.github.com/terraform-google-modules/terraform-google-network/issues/153)) ([5f61ffb](https://www.github.com/terraform-google-modules/terraform-google-network/commit/5f61ffb3cb03a4d0ddb02dde1a3085aa428aeb38)) + +## [2.1.0](https://www.github.com/terraform-google-modules/terraform-google-network/compare/v2.0.2...v2.1.0) (2020-01-31) + + +### Features + +* add subnets output with full subnet info ([#129](https://www.github.com/terraform-google-modules/terraform-google-network/issues/129)) ([b424186](https://www.github.com/terraform-google-modules/terraform-google-network/commit/b4241861d8e670d555a43b82f4451581a8e27367)) + + +### Bug Fixes + +* Make project_id output dependent on shared_vpc host enablement ([#150](https://www.github.com/terraform-google-modules/terraform-google-network/issues/150)) ([75f9f04](https://www.github.com/terraform-google-modules/terraform-google-network/commit/75f9f0494c2a17b6d53fb265b3a4c77490b2914b)) + +### [2.0.2](https://github.com/terraform-google-modules/terraform-google-network/compare/v2.0.1...v2.0.2) (2020-01-21) + + +### Bug Fixes + +* relax version constraint in README ([1a39c7d](https://github.com/terraform-google-modules/terraform-google-network/commit/1a39c7df1d9d12e250500c3321e82ff78b0cd900)) + +## [2.0.1] - 2019-12-18 + +### Fixed + +- Fixed bug for allowing internal firewall rules. [#123](https://github.com/terraform-google-modules/terraform-google-network/pull/123) +- Provided Terraform provider versions and relaxed version constraints. [#131](https://github.com/terraform-google-modules/terraform-google-network/pull/131) + +## [2.0.0](https://github.com/terraform-google-modules/terraform-google-network/compare/v1.5.0...v2.0.0) (2019-12-09) + +v2.0.0 is a backwards-incompatible release. Please see the [upgrading guide](./docs/upgrading_to_v2.0.md). + +### Added + +- Split main module up into vpc, subnets, and routes submodules. [#103] + +### Fixed + +- Fixes subnet recreation when a subnet is updated. [#73] + + +## [1.5.0](https://github.com/terraform-google-modules/terraform-google-network/compare/v1.3.0...v1.5.0) (2019-11-12) + +### Added + +- Added submodule `network-peering` [#101] + +## [1.4.3] - 2019-10-31 + +### Fixed + +- Fixed issue with depending on outputs introduced in 1.4.1. [#95] + +## [1.4.2] - 2019-10-30 + +### Fixed + +- The outputs `network_name`, `network_self_link`, and + `subnets_secondary_ranges` depend on resource attributes rather than + data source attributes when `create_network` = `true`. [#94] + +## [1.4.1] - 2019-10-29 + +### Added + +- Made network creation optional in root module. [#88] + +### Fixed + +- Fixed issue with depending on outputs introduced in 1.4.0. [#92] + +## [1.4.0] - 2019-10-14 + +### Added + +- Add dynamic firewall rules support to firewall submodule. [#79] + +### Fixed + +- Add `depends_on` to `created_subnets` data fetch (fixes issue [#80]). [#81] + +## [1.3.0](https://github.com/terraform-google-modules/terraform-google-network/compare/v1.2.0...v1.3.0) (2019-10-10) + +### Changed + +- Set default value for `next_hop_internet`. [#64] + +### Added + +- Add host service agent role management to Shared VPC submodule [#72] + +## 1.2.0 (2019-09-18) + +### Added + +- Added `description` variable for subnets. [#66] + +### Fixed + +- Made setting `secondary_ranges` optional. [#16] + +## [1.1.0] - 2019-07-24 + +### Added + +- `auto_create_subnetworks` variable and `description` variable. [#57] + +## [1.0.0] - 2019-07-12 + +### Changed + +- Supported version of Terraform is 0.12. [#47] + +## [0.8.0] - 2019-06-12 + +### Added + +- A submodule to configure Shared VPC network attachments. [#45] + +## [0.7.0] - 2019-05-27 + +### Added + +- New firewall submodule [#40] + +### Fixed + +- Shared VPC service account roles are included in the README. [#32] +- Shared VPC host project explicitly depends on the network to avoid a + race condition. [#36] +- gcloud dependency is included in the README. [#38] + +## [0.6.0] - 2019-02-21 + +### Added + +- Add ability to delete default gateway route [#29] + +## [0.5.0] - 2019-01-31 + +### Changed + +- Make `routing_mode` a configurable variable. Defaults to "GLOBAL" [#26] + +### Added + +- Subnet self links as outputs. [#27] +- Support for route creation [#14] +- Add example for VPC with many secondary ranges [#23] +- Add example for VPC with regional routing mode [#26] + +### Fixed + +- Resolved issue with networks that have no secondary networks [#19] + +## [0.4.0] - 2018-09-25 + +### Changed + +- Make `subnet_private_access` and `subnet_flow_logs` into strings to be consistent with `shared_vpc` flag [#13] + +## [0.3.0] - 2018-09-11 + +### Changed + +- Make `subnet_private_access` default to false [#6] + +### Added + +- Add support for controlling subnet flow logs [#6] + +## [0.2.0] - 2018-08-16 + +### Added + +- Add support for Shared VPC hosting + +## [0.1.0] - 2018-08-08 + +### Added + +- Initial release +- A Google Virtual Private Network (VPC) +- Subnets within the VPC +- Secondary ranges for the subnets (if applicable) + +[Unreleased]: https://github.com/terraform-google-modules/terraform-google-network/compare/v2.0.1...HEAD +[2.0.1]: https://github.com/terraform-google-modules/terraform-google-network/compare/v2.0.0...v2.0.1 +[2.0.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v1.5.0...v2.0.0 +[1.5.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v1.4.3...v1.5.0 +[1.4.3]: https://github.com/terraform-google-modules/terraform-google-network/compare/v1.4.2...v1.4.3 +[1.4.2]: https://github.com/terraform-google-modules/terraform-google-network/compare/v1.4.1...v1.4.2 +[1.4.1]: https://github.com/terraform-google-modules/terraform-google-network/compare/v1.4.0...v1.4.1 +[1.4.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v1.3.0...v1.4.0 +[1.3.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v1.2.0...v1.3.0 +[1.2.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v1.1.0...v1.2.0 +[1.1.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v1.0.0...v1.1.0 +[1.0.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v0.8.0...v1.0.0 +[0.8.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v0.7.0...v0.8.0 +[0.7.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v0.6.0...v0.7.0 +[0.6.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v0.5.0...v0.6.0 +[0.5.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v0.4.0...v0.5.0 +[0.4.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v0.3.0...v0.4.0 +[0.3.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v0.2.0...v0.3.0 +[0.2.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v0.1.0...v0.2.0 +[0.1.0]: https://github.com/terraform-google-modules/terraform-google-network/releases/tag/v0.1.0 + +[#73]: https://github.com/terraform-google-modules/terraform-google-network/pull/73 +[#103]: https://github.com/terraform-google-modules/terraform-google-network/pull/103 +[#101]: https://github.com/terraform-google-modules/terraform-google-network/pull/101 +[#95]: https://github.com/terraform-google-modules/terraform-google-network/issues/95 +[#94]: https://github.com/terraform-google-modules/terraform-google-network/pull/94 +[#92]: https://github.com/terraform-google-modules/terraform-google-network/issues/92 +[#88]: https://github.com/terraform-google-modules/terraform-google-network/issues/88 +[#81]: https://github.com/terraform-google-modules/terraform-google-network/pull/81 +[#80]: https://github.com/terraform-google-modules/terraform-google-network/issues/80 +[#79]: https://github.com/terraform-google-modules/terraform-google-network/pull/79 +[#72]: https://github.com/terraform-google-modules/terraform-google-network/pull/72 +[#64]: https://github.com/terraform-google-modules/terraform-google-network/pull/64 +[#66]: https://github.com/terraform-google-modules/terraform-google-network/pull/66 +[#16]: https://github.com/terraform-google-modules/terraform-google-network/pull/16 +[#57]: https://github.com/terraform-google-modules/terraform-google-network/pull/57 +[#47]: https://github.com/terraform-google-modules/terraform-google-network/pull/47 +[#45]: https://github.com/terraform-google-modules/terraform-google-network/pull/45 +[#40]: https://github.com/terraform-google-modules/terraform-google-network/pull/40 +[#38]: https://github.com/terraform-google-modules/terraform-google-network/pull/38 +[#36]: https://github.com/terraform-google-modules/terraform-google-network/pull/36 +[#32]: https://github.com/terraform-google-modules/terraform-google-network/pull/32 +[#29]: https://github.com/terraform-google-modules/terraform-google-network/pull/29 +[#27]: https://github.com/terraform-google-modules/terraform-google-network/pull/27 +[#26]: https://github.com/terraform-google-modules/terraform-google-network/pull/26 +[#23]: https://github.com/terraform-google-modules/terraform-google-network/pull/23 +[#19]: https://github.com/terraform-google-modules/terraform-google-network/pull/19 +[#14]: https://github.com/terraform-google-modules/terraform-google-network/pull/14 +[#13]: https://github.com/terraform-google-modules/terraform-google-network/pull/13 +[#6]: https://github.com/terraform-google-modules/terraform-google-network/pull/6 +[keepachangelog-site]: https://keepachangelog.com/en/1.0.0/ +[semver-site]: https://semver.org/spec/v2.0.0.html diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/CODEOWNERS b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/CODEOWNERS new file mode 100644 index 000000000..3a0760e1f --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/CODEOWNERS @@ -0,0 +1,9 @@ +* @terraform-google-modules/cft-admins @andreyk-code @jeanno + +# CFT Fabric +/examples/submodule_svpc_access/ @terraform-google-modules/cft-fabric +/modules/fabric-net-svpc-access/ @terraform-google-modules/cft-fabric +/modules/fabric-net-firewall/ @terraform-google-modules/cft-fabric +/examples/submodule_firewall/ @terraform-google-modules/cft-fabric +/modules/network-peering/ @terraform-google-modules/cft-fabric +/examples/submodule_network_peering/ @terraform-google-modules/cft-fabric diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/CONTRIBUTING.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/CONTRIBUTING.md new file mode 100644 index 000000000..a350db595 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/CONTRIBUTING.md @@ -0,0 +1,99 @@ +# Contributing + +This document provides guidelines for contributing to the module. + +## Dependencies + +The following dependencies must be installed on the development system: + +- [Docker Engine][docker-engine] +- [Google Cloud SDK][google-cloud-sdk] +- [make] + +## Generating Documentation for Inputs and Outputs + +The Inputs and Outputs tables in the READMEs of the root module, +submodules, and example modules are automatically generated based on +the `variables` and `outputs` of the respective modules. These tables +must be refreshed if the module interfaces are changed. + +### Execution + +Run `make generate_docs` to generate new Inputs and Outputs tables. + +## Integration Testing + +Integration tests are used to verify the behaviour of the root module, +submodules, and example modules. Additions, changes, and fixes should +be accompanied with tests. + +The integration tests are run using [Kitchen][kitchen], +[Kitchen-Terraform][kitchen-terraform], and [InSpec][inspec]. These +tools are packaged within a Docker image for convenience. + +The general strategy for these tests is to verify the behaviour of the +[example modules](./examples/), thus ensuring that the root module, +submodules, and example modules are all functionally correct. + +### Test Environment +The easiest way to test the module is in an isolated test project. The setup for such a project is defined in [test/setup](./test/setup/) directory. + +To use this setup, you need a service account with Project Creator access on a folder. Export the Service Account credentials to your environment like so: + +``` +export SERVICE_ACCOUNT_JSON=$(< credentials.json) +``` + +You will also need to set a few environment variables: +``` +export TF_VAR_org_id="your_org_id" +export TF_VAR_folder_id="your_folder_id" +export TF_VAR_billing_account="your_billing_account_id" +``` + +With these settings in place, you can prepare a test project using Docker: +``` +make docker_test_prepare +``` + +### Noninteractive Execution + +Run `make docker_test_integration` to test all of the example modules +noninteractively, using the prepared test project. + +### Interactive Execution + +1. Run `make docker_run` to start the testing Docker container in + interactive mode. + +1. Run `kitchen_do create ` to initialize the working + directory for an example module. + +1. Run `kitchen_do converge ` to apply the example module. + +1. Run `kitchen_do verify ` to test the example module. + +1. Run `kitchen_do destroy ` to destroy the example module + state. + +## Linting and Formatting + +Many of the files in the repository can be linted or formatted to +maintain a standard of quality. + +### Execution + +Run `make docker_test_lint`. + +[docker-engine]: https://www.docker.com/products/docker-engine +[flake8]: http://flake8.pycqa.org/en/latest/ +[gofmt]: https://golang.org/cmd/gofmt/ +[google-cloud-sdk]: https://cloud.google.com/sdk/install +[hadolint]: https://github.com/hadolint/hadolint +[inspec]: https://inspec.io/ +[kitchen-terraform]: https://github.com/newcontext-oss/kitchen-terraform +[kitchen]: https://kitchen.ci/ +[make]: https://en.wikipedia.org/wiki/Make_(software) +[shellcheck]: https://www.shellcheck.net/ +[terraform-docs]: https://github.com/segmentio/terraform-docs +[terraform]: https://terraform.io/ diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/Gemfile b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/Gemfile new file mode 100644 index 000000000..af3b9546f --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/Gemfile @@ -0,0 +1,19 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ruby '2.6.3' + +source 'https://rubygems.org/' do + gem 'kitchen-terraform', '~> 4.3' +end diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/LICENSE b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/LICENSE new file mode 100644 index 000000000..d64569567 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/Makefile b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/Makefile new file mode 100644 index 000000000..fd4c92203 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/Makefile @@ -0,0 +1,82 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Make will use bash instead of sh +SHELL := /usr/bin/env bash + +DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0.6.0 +DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools +REGISTRY_URL := gcr.io/cloud-foundation-cicd + +# Enter docker container for local development +.PHONY: docker_run +docker_run: + docker run --rm -it \ + -e SERVICE_ACCOUNT_JSON \ + -v $(CURDIR):/workspace \ + $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ + /bin/bash + +# Execute prepare tests within the docker container +.PHONY: docker_test_prepare +docker_test_prepare: + docker run --rm -it \ + -e SERVICE_ACCOUNT_JSON \ + -e TF_VAR_org_id \ + -e TF_VAR_folder_id \ + -e TF_VAR_billing_account \ + -v $(CURDIR):/workspace \ + $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ + /usr/local/bin/execute_with_credentials.sh prepare_environment + +# Clean up test environment within the docker container +.PHONY: docker_test_cleanup +docker_test_cleanup: + docker run --rm -it \ + -e SERVICE_ACCOUNT_JSON \ + -e TF_VAR_org_id \ + -e TF_VAR_folder_id \ + -e TF_VAR_billing_account \ + -v $(CURDIR):/workspace \ + $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ + /usr/local/bin/execute_with_credentials.sh cleanup_environment + +# Execute integration tests within the docker container +.PHONY: docker_test_integration +docker_test_integration: + docker run --rm -it \ + -e SERVICE_ACCOUNT_JSON \ + -v $(CURDIR):/workspace \ + $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ + /usr/local/bin/test_integration.sh + +# Execute lint tests within the docker container +.PHONY: docker_test_lint +docker_test_lint: + docker run --rm -it \ + -v $(CURDIR):/workspace \ + $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ + /usr/local/bin/test_lint.sh + +# Generate documentation +.PHONY: docker_generate_docs +docker_generate_docs: + docker run --rm -it \ + -v $(CURDIR):/workspace \ + $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ + /bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs' + +# Alias for backwards compatibility +.PHONY: generate_docs +generate_docs: docker_generate_docs diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/README.md new file mode 100644 index 000000000..969239134 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/README.md @@ -0,0 +1,183 @@ +# Terraform Network Module + +This modules makes it easy to set up a new VPC Network in GCP by defining your network and subnet ranges in a concise syntax. + +It supports creating: + +- A Google Virtual Private Network (VPC) +- Subnets within the VPC +- Secondary ranges for the subnets (if applicable) + +Sub modules are provided for creating individual vpc, subnets, and routes. See the modules directory for the various sub modules usage. + +## Compatibility + +This module is meant for use with Terraform 0.12. If you haven't [upgraded](https://www.terraform.io/upgrade-guides/0-12.html) and need a Terraform 0.11.x-compatible version of this module, the last released version intended for Terraform 0.11.x is [0.8.0](https://registry.terraform.io/modules/terraform-google-modules/network/google/0.8.0). + +## Usage +You can go to the examples folder, however the usage of the module could be like this in your own main.tf file: + +```hcl +module "vpc" { + source = "terraform-google-modules/network/google" + version = "~> 2.3" + + project_id = "" + network_name = "example-vpc" + routing_mode = "GLOBAL" + + subnets = [ + { + subnet_name = "subnet-01" + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + subnet_name = "subnet-02" + subnet_ip = "10.10.20.0/24" + subnet_region = "us-west1" + subnet_private_access = "true" + subnet_flow_logs = "true" + description = "This subnet has a description" + }, + { + subnet_name = "subnet-03" + subnet_ip = "10.10.30.0/24" + subnet_region = "us-west1" + subnet_flow_logs = "true" + subnet_flow_logs_interval = "INTERVAL_10_MIN" + subnet_flow_logs_sampling = 0.7 + subnet_flow_logs_metadata = "INCLUDE_ALL_METADATA" + } + ] + + secondary_ranges = { + subnet-01 = [ + { + range_name = "subnet-01-secondary-01" + ip_cidr_range = "192.168.64.0/24" + }, + ] + + subnet-02 = [] + } + + routes = [ + { + name = "egress-internet" + description = "route through IGW to access internet" + destination_range = "0.0.0.0/0" + tags = "egress-inet" + next_hop_internet = "true" + }, + { + name = "app-proxy" + description = "route through proxy to reach app" + destination_range = "10.50.10.0/24" + tags = "app-proxy" + next_hop_instance = "app-proxy-instance" + next_hop_instance_zone = "us-west1-a" + }, + ] +} +``` + +Then perform the following commands on the root folder: + +- `terraform init` to get the plugins +- `terraform plan` to see the infrastructure plan +- `terraform apply` to apply the infrastructure build +- `terraform destroy` to destroy the built infrastructure + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| auto\_create\_subnetworks | When set to true, the network is created in 'auto subnet mode' and it will create a subnet for each region automatically across the 10.128.0.0/9 address range. When set to false, the network is created in 'custom subnet mode' so the user can explicitly connect subnetwork resources. | bool | `"false"` | no | +| delete\_default\_internet\_gateway\_routes | If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted | string | `"false"` | no | +| description | An optional description of this resource. The resource must be recreated to modify this field. | string | `""` | no | +| network\_name | The name of the network being created | string | n/a | yes | +| project\_id | The ID of the project where this VPC will be created | string | n/a | yes | +| routes | List of routes being created in this VPC | list(map(string)) | `` | no | +| routing\_mode | The network routing mode (default 'GLOBAL') | string | `"GLOBAL"` | no | +| secondary\_ranges | Secondary ranges that will be used in some of the subnets | object | `` | no | +| shared\_vpc\_host | Makes this project a Shared VPC host if 'true' (default 'false') | bool | `"false"` | no | +| subnets | The list of subnets being created | list(map(string)) | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| network | The created network | +| network\_name | The name of the VPC being created | +| network\_self\_link | The URI of the VPC being created | +| project\_id | VPC project id | +| route\_names | The route names associated with this VPC | +| subnets | A map with keys of form subnet_region/subnet_name and values being the outputs of the google_compute_subnetwork resources used to create corresponding subnets. | +| subnets\_flow\_logs | Whether the subnets will have VPC flow logs enabled | +| subnets\_ips | The IPs and CIDRs of the subnets being created | +| subnets\_names | The names of the subnets being created | +| subnets\_private\_access | Whether the subnets will have access to Google API's without a public IP | +| subnets\_regions | The region where the subnets will be created | +| subnets\_secondary\_ranges | The secondary ranges associated with these subnets | +| subnets\_self\_links | The self-links of subnets being created | + + + +### Subnet Inputs + +The subnets list contains maps, where each object represents a subnet. Each map has the following inputs (please see examples folder for additional references): + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| subnet\_name | The name of the subnet being created | string | - | yes | +| subnet\_ip | The IP and CIDR range of the subnet being created | string | - | yes | +| subnet\_region | The region where the subnet will be created | string | - | yes | +| subnet\_private\_access | Whether this subnet will have private Google access enabled | string | `"false"` | no | +| subnet\_flow\_logs | Whether the subnet will record and send flow log data to logging | string | `"false"` | no | + +### Route Inputs + +The routes list contains maps, where each object represents a route. For the next_hop_* inputs, only one is possible to be used in each route. Having two next_hop_* inputs will produce an error. Each map has the following inputs (please see examples folder for additional references): + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| name | The name of the route being created | string | - | no | +| description | The description of the route being created | string | - | no | +| tags | The network tags assigned to this route. This is a list in string format. Eg. "tag-01,tag-02"| string | - | yes | +| destination\_range | The destination range of outgoing packets that this route applies to. Only IPv4 is supported | string | - | yes +| next\_hop\_internet | Whether the next hop to this route will the default internet gateway. Use "true" to enable this as next hop | string | `"false"` | yes | +| next\_hop\_ip | Network IP address of an instance that should handle matching packets | string | - | yes | +| next\_hop\_instance | URL or name of an instance that should handle matching packets. If just name is specified "next\_hop\_instance\_zone" is required | string | - | yes | +| next\_hop\_instance\_zone | The zone of the instance specified in next\_hop\_instance. Only required if next\_hop\_instance is specified as a name | string | - | no | +| next\_hop\_vpn\_tunnel | URL to a VpnTunnel that should handle matching packets | string | - | yes | +| priority | The priority of this route. Priority is used to break ties in cases where there is more than one matching route of equal prefix length. In the case of two routes with equal prefix length, the one with the lowest-numbered priority value wins | string | `"1000"` | yes | + +## Requirements +### Installed Software +- [Terraform](https://www.terraform.io/downloads.html) ~> 0.12.6 +- [Terraform Provider for GCP](https://github.com/terraform-providers/terraform-provider-google) ~> 2.19 +- [Terraform Provider for GCP Beta](https://github.com/terraform-providers/terraform-provider-google-beta) ~> + 2.19 +- [gcloud](https://cloud.google.com/sdk/gcloud/) >243.0.0 + +### Configure a Service Account +In order to execute this module you must have a Service Account with the following roles: + +- roles/compute.networkAdmin on the organization or folder + +If you are going to manage a Shared VPC, you must have either: + +- roles/compute.xpnAdmin on the organization +- roles/compute.xpnAdmin on the folder (beta) + +### Enable API's +In order to operate with the Service Account you must activate the following API on the project where the Service Account was created: + +- Compute Engine API - compute.googleapis.com + +## Contributing + +Refer to the [contribution guidelines](./CONTRIBUTING.md) for +information on contributing to this module. diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/build/int.cloudbuild.yaml b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/build/int.cloudbuild.yaml new file mode 100644 index 000000000..06c7799aa --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/build/int.cloudbuild.yaml @@ -0,0 +1,169 @@ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +timeout: 3600s +steps: +- id: prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && prepare_environment'] + env: + - 'TF_VAR_org_id=$_ORG_ID' + - 'TF_VAR_folder_id=$_FOLDER_ID' + - 'TF_VAR_billing_account=$_BILLING_ACCOUNT' +- id: create simple-project-local + waitFor: + - prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create simple-project-local'] +- id: converge simple-project-local + waitFor: + - create simple-project-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge simple-project-local'] +- id: verify simple-project-local + waitFor: + - converge simple-project-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify simple-project-local'] +- id: destroy simple-project-local + waitFor: + - verify simple-project-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy simple-project-local'] +- id: create simple-project-with-regional-network-local + waitFor: + - prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create simple-project-with-regional-network-local'] +- id: converge simple-project-with-regional-network-local + waitFor: + - create simple-project-with-regional-network-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge simple-project-with-regional-network-local'] +- id: verify simple-project-with-regional-network-local + waitFor: + - converge simple-project-with-regional-network-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify simple-project-with-regional-network-local'] +- id: destroy simple-project-with-regional-network-local + waitFor: + - verify simple-project-with-regional-network-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy simple-project-with-regional-network-local'] +- id: create secondary-ranges-local + waitFor: + - prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create secondary-ranges-local'] +- id: converge secondary-ranges-local + waitFor: + - create secondary-ranges-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge secondary-ranges-local'] +- id: verify secondary-ranges-local + waitFor: + - converge secondary-ranges-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify secondary-ranges-local'] +- id: destroy secondary-ranges-local + waitFor: + - verify secondary-ranges-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy secondary-ranges-local'] +- id: create multi-vpc-local + waitFor: + - prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create multi-vpc-local'] +- id: converge multi-vpc-local + waitFor: + - create multi-vpc-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge multi-vpc-local'] +- id: verify multi-vpc-local + waitFor: + - converge multi-vpc-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify multi-vpc-local'] +- id: destroy multi-vpc-local + waitFor: + - verify multi-vpc-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy multi-vpc-local'] +- id: create delete-default-gateway-routes-local + waitFor: + - prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create delete-default-gateway-routes-local'] +- id: converge delete-default-gateway-routes-local + waitFor: + - create delete-default-gateway-routes-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge delete-default-gateway-routes-local'] +- id: verify delete-default-gateway-routes-local + waitFor: + - converge delete-default-gateway-routes-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify delete-default-gateway-routes-local'] +- id: destroy delete-default-gateway-routes-local + waitFor: + - verify delete-default-gateway-routes-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy delete-default-gateway-routes-local'] +- id: create submodule-firewall-local + waitFor: + - prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create submodule-firewall-local'] +- id: converge submodule-firewall-local + waitFor: + - create submodule-firewall-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge submodule-firewall-local'] +- id: verify submodule-firewall-local + waitFor: + - converge submodule-firewall-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify submodule-firewall-local'] +- id: destroy submodule-firewall-local + waitFor: + - verify submodule-firewall-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy submodule-firewall-local'] +- id: create submodule-network-peering-local + waitFor: + - prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create submodule-network-peering-local'] +- id: converge submodule-network-peering-local + waitFor: + - create submodule-network-peering-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge submodule-network-peering-local'] +- id: verify submodule-network-peering-local + waitFor: + - converge submodule-network-peering-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify submodule-network-peering-local'] +- id: destroy submodule-network-peering-local + waitFor: + - verify submodule-network-peering-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy submodule-network-peering-local'] +tags: +- 'ci' +- 'integration' +substitutions: + _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools' + _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.6.0' diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/build/lint.cloudbuild.yaml b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/build/lint.cloudbuild.yaml new file mode 100644 index 000000000..3f3923fb7 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/build/lint.cloudbuild.yaml @@ -0,0 +1,24 @@ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +steps: +- name: 'gcr.io/cloud-foundation-cicd/cft/developer-tools:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + id: 'lint' + args: ['/usr/local/bin/test_lint.sh'] +tags: +- 'ci' +- 'lint' +substitutions: + _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools' + _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.6.0' diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/codelabs/simple/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/codelabs/simple/README.md new file mode 100644 index 000000000..fdc16c917 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/codelabs/simple/README.md @@ -0,0 +1,3 @@ +# Networking Codelab + +The Terraform configuration in this directory is used for a [simple codelab](https://codelabs.developers.google.com/codelabs/hashicorp-terraform-networking/index.html#0). diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/codelabs/simple/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/codelabs/simple/main.tf new file mode 100644 index 000000000..93e234fc4 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/codelabs/simple/main.tf @@ -0,0 +1,110 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +resource "random_id" "network_id" { + byte_length = 8 +} + +resource "google_project_service" "compute" { + service = "compute.googleapis.com" +} + +# Create the network +module "vpc" { + source = "terraform-google-modules/network/google" + version = "~> 0.4.0" + + # Give the network a name and project + project_id = google_project_service.compute.project + network_name = "my-custom-vpc-${random_id.network_id.hex}" + + subnets = [ + { + # Creates your first subnet in us-west1 and defines a range for it + subnet_name = "my-first-subnet" + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + # Creates a dedicated subnet for GKE + subnet_name = "my-gke-subnet" + subnet_ip = "10.10.20.0/24" + subnet_region = "us-west1" + }, + ] + + # Define secondary ranges for each of your subnets + secondary_ranges = { + my-first-subnet = [] + + my-gke-subnet = [ + { + # Define a secondary range for Kubernetes pods to use + range_name = "my-gke-pods-range" + ip_cidr_range = "192.168.64.0/24" + }, + ] + } +} + +resource "random_id" "instance_id" { + byte_length = 8 +} + +# Launch a VM on it +resource "google_compute_instance" "default" { + name = "vm-${random_id.instance_id.hex}" + project = google_project_service.compute.project + machine_type = "f1-micro" + zone = "us-west1-a" + + boot_disk { + initialize_params { + image = "debian-cloud/debian-9" + } + } + + network_interface { + subnetwork = module.vpc.subnets_names[0] + subnetwork_project = google_project_service.compute.project + + access_config { + # Include this section to give the VM an external ip address + } + } + + # Apply the firewall rule to allow external IPs to ping this instance + tags = ["allow-ping"] +} + +# Allow traffic to the VM +resource "google_compute_firewall" "allow-ping" { + name = "default-ping" + network = module.vpc.network_name + project = google_project_service.compute.project + + allow { + protocol = "icmp" + } + + # Allow traffic from everywhere to instances with an http-server tag + source_ranges = ["0.0.0.0/0"] + target_tags = ["allow-ping"] +} + +output "ip" { + value = google_compute_instance.default.network_interface.0.access_config.0.nat_ip +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/docs/upgrading_to_v2.0.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/docs/upgrading_to_v2.0.md new file mode 100644 index 000000000..542680135 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/docs/upgrading_to_v2.0.md @@ -0,0 +1,140 @@ +# Upgrading to v2.x + +The v2.x release of _google-network_ is a backwards incompatible +release. + +Because v2.x changed how the subnet resource is iterated on, resources in Terraform state need to be migrated in order to avoid the resources from getting destroyed and recreated. + +## Output Changes +In version 2.x, a few output names were [changed](https://github.com/terraform-google-modules/terraform-google-network/compare/v1.5.0...v2.0.0#diff-c09d00f135e3672d079ff6e0556d957d): + +- `svpc_host_project_id` was renamed to `project_id`. +- `routes` was renamed to `route_names` + +## Migration Instructions + +First, upgrade to the new version of this module. + +```diff + module "kubernetes_engine_private_cluster" { + source = "terraform-google-modules/network/google" +- version = "~> 1.5" ++ version = "~> 2.0" + + # ... + } +``` + +If you run `terraform plan` at this point, Terraform will inform you that it will attempt to delete and recreate your existing subnets. This is almost certainly not the behavior you want. + +You will need to migrate your state, either [manually](#manual-migration-steps) or [automatically](#migration-script). + +### Migration Script + +1. Download the script: + + ```sh + curl -O https://raw.githubusercontent.com/terraform-google-modules/terraform-google-network/master/helpers/migrate.py + chmod +x migrate.py + ``` + +2. Back up your Terraform state: + + ```sh + terraform state pull >> state.bak + ``` + +2. Run the script to output the migration commands: + + ```sh + $ ./migrate.py --dryrun + terraform state mv 'module.example.module.test-vpc-module-02.google_compute_network.network[0]' 'module.example.module.test-vpc-module-02.module.vpc.google_compute_network.network' + terraform state mv 'module.example.module.test-vpc-module-02.google_compute_subnetwork.subnetwork' 'module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork' + terraform state mv 'module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork[0]' 'module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork["us-west1/multi-vpc-a1-02-subnet-01"]' + terraform state mv 'module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork[1]' 'module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork["us-west1/multi-vpc-a1-02-subnet-02"]' + terraform state mv 'module.example.module.test-vpc-module-02.google_compute_route.route' 'module.example.module.test-vpc-module-02.module.routes.google_compute_route.route' + terraform state mv 'module.example.module.test-vpc-module-02.module.routes.google_compute_route.route[0]' 'module.example.module.test-vpc-module-02.module.routes.google_compute_route.route["multi-vpc-a1-02-egress-inet"]' + terraform state mv 'module.example.module.test-vpc-module-02.module.routes.google_compute_route.route[1]' 'module.example.module.test-vpc-module-02.module.routes.google_compute_route.route["multi-vpc-a1-02-testapp-proxy"]' + + ``` + +3. Execute the migration script: + + ```sh + $ ./migrate.py + ---- Migrating the following modules: + -- module.example.module.test-vpc-module-02 + ---- Commands to run: + Move "module.example.module.test-vpc-module-02.google_compute_network.network[0]" to "module.example.module.test-vpc-module-02.module.vpc.google_compute_network.network" + Successfully moved 1 object(s). + Move "module.example.module.test-vpc-module-02.google_compute_subnetwork.subnetwork" to "module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork" + Successfully moved 1 object(s). + Move "module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork[0]" to "module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork[\"us-west1/multi-vpc-a1-02-subnet-01\"]" + Successfully moved 1 object(s). + Move "module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork[1]" to "module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork[\"us-west1/multi-vpc-a1-02-subnet-02\"]" + Successfully moved 1 object(s). + Move "module.example.module.test-vpc-module-02.google_compute_route.route" to "module.example.module.test-vpc-module-02.module.routes.google_compute_route.route" + Successfully moved 1 object(s). + Move "module.example.module.test-vpc-module-02.module.routes.google_compute_route.route[0]" to "module.example.module.test-vpc-module-02.module.routes.google_compute_route.route[\"multi-vpc-a1-02-egress-inet\"]" + Successfully moved 1 object(s). + Move "module.example.module.test-vpc-module-02.module.routes.google_compute_route.route[1]" to "module.example.module.test-vpc-module-02.module.routes.google_compute_route.route[\"multi-vpc-a1-02-testapp-proxy\"]" + Successfully moved 1 object(s). + + ``` + +4. Run `terraform plan` to confirm no changes are expected. + +### Manual Migration Steps + +In this example here are the commands used migrate the vpc and subnets created by the `simple_project` in the examples directory. _please note the need to escape the quotes on the new resource_. You may also use the migration script. + +- `terraform state mv module.example.module.test-vpc-module.google_compute_network.network module.example.module.test-vpc-module.module.vpc.google_compute_subnetwork.network` + +- `terraform state mv module.example.module.test-vpc-module.google_compute_subnetwork.subnetwork module.example.module.test-vpc-module.module.subnets.google_compute_subnetwork.subnetwork` + +- `terraform state mv module.example.module.test-vpc-module.module.subnets.google_compute_subnetwork.subnetwork[0] module.example.module.test-vpc-module.module.subnets.google_compute_subnetwork.subnetwork[\"us-west1/simple-project-timh-subnet-01\"]` + +- `terraform state mv module.example.module.test-vpc-module.module.subnets.google_compute_subnetwork.subnetwork[1] module.example.module.test-vpc-module.module.subnets.google_compute_subnetwork.subnetwork[\"us-west1/simple-project-timh-subnet-02\"]` + +*You'll notice that because of a terraform [issue](https://github.com/hashicorp/terraform/issues/22301), we need to move the whole resource collection first before renaming to the `for_each` keys* + +`terraform plan` should now return a no-op and show no new changes. + +```Shell +$ terraform plan +Refreshing Terraform state in-memory prior to plan... +The refreshed state will be used to calculate this plan, but will not be +persisted to local or remote state storage. + +module.example.module.test-vpc-module.google_compute_network.network: Refreshing state... [id=simple-project-timh] +module.example.module.test-vpc-module.google_compute_subnetwork.subnetwork["us-west1/simple-project-timh-subnet-02"]: Refreshing state... [id=us-west1/simple-project-timh-subnet-02] +module.example.module.test-vpc-module.google_compute_subnetwork.subnetwork["us-west1/simple-project-timh-subnet-01"]: Refreshing state... [id=us-west1/simple-project-timh-subnet-01] + +------------------------------------------------------------------------ + +No changes. Infrastructure is up-to-date. + +This means that Terraform did not detect any differences between your +configuration and real physical resources that exist. As a result, no +actions need to be performed. +``` + +### Known Issues + +If your previous state only contains a **single** subnet or route then `terraform mv` will throw an error similar to the following during migration: + +``` +Error: Invalid target address + +Cannot move to +module.example.module.test-vpc-module-01.module.routes.google_compute_route.route["multi-vpc-a1-01-egress-inet"]: +module.example.module.test-vpc-module-01.module.routes.google_compute_route.route +does not exist in the current state. +``` + +This is due to a terraform mv [issue](https://github.com/hashicorp/terraform/issues/22301) + +The workaround is to either + +1. Create a temporary subnet or route prior to migration +2. Manually updating the state file. Update the `index_key` of the appropriate user and push the to the remote state if necessary. diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/README.md new file mode 100644 index 000000000..2735dfb5a --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/README.md @@ -0,0 +1,29 @@ +# Delete Default Gateway Routes + +This example configures a single simple VPC inside of a project. + +This VPC has a single subnet with no secondary ranges, and ensures the default internet gateway route is deleted. + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| network\_name | The name of the VPC network being created | string | n/a | yes | +| project\_id | The project ID to host the network in | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| network\_name | The name of the VPC being created | +| network\_self\_link | The URI of the VPC being created | +| route\_names | The routes associated with this VPC | +| subnets\_flow\_logs | Whether the subnets will have VPC flow logs enabled | +| subnets\_ips | The IP and cidrs of the subnets being created | +| subnets\_names | The names of the subnets being created | +| subnets\_private\_access | Whether the subnets will have access to Google API's without a public IP | +| subnets\_regions | The region where subnets will be created | +| subnets\_secondary\_ranges | The secondary ranges associated with these subnets | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/main.tf new file mode 100644 index 000000000..c24c08c78 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/main.tf @@ -0,0 +1,42 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 3.3.0" +} + +provider "null" { + version = "~> 2.1" +} + +locals { + subnet_01 = "${var.network_name}-subnet-01" +} + +module "test-vpc-module" { + source = "../../" + project_id = var.project_id + network_name = var.network_name + delete_default_internet_gateway_routes = "true" + + subnets = [ + { + subnet_name = local.subnet_01 + subnet_ip = "10.20.30.0/24" + subnet_region = "us-west1" + }, + ] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/outputs.tf new file mode 100644 index 000000000..d7a27ff41 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/outputs.tf @@ -0,0 +1,60 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "network_name" { + value = module.test-vpc-module.network_name + description = "The name of the VPC being created" +} + +output "network_self_link" { + value = module.test-vpc-module.network_self_link + description = "The URI of the VPC being created" +} + +output "subnets_names" { + value = module.test-vpc-module.subnets_names + description = "The names of the subnets being created" +} + +output "subnets_ips" { + value = module.test-vpc-module.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "subnets_regions" { + value = module.test-vpc-module.subnets_regions + description = "The region where subnets will be created" +} + +output "subnets_private_access" { + value = module.test-vpc-module.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "subnets_flow_logs" { + value = module.test-vpc-module.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "subnets_secondary_ranges" { + value = module.test-vpc-module.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets" +} + +output "route_names" { + value = module.test-vpc-module.route_names + description = "The routes associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/variables.tf new file mode 100644 index 000000000..add931101 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/variables.tf @@ -0,0 +1,23 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to host the network in" +} + +variable "network_name" { + description = "The name of the VPC network being created" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/versions.tf new file mode 100644 index 000000000..27ba8fc12 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/ilb_routing/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/ilb_routing/README.md new file mode 100644 index 000000000..d289ebf89 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/ilb_routing/README.md @@ -0,0 +1,33 @@ +# ILB routing example + +This example configures a single VPC inside of a project. + +This VPC has three subnets and a forwarding rule. Please note, that this is simply example resource usage, this module +wouldn't work as is. + +More information: +- https://cloud.google.com/load-balancing/docs/internal/setting-up-ilb-next-hop +- https://cloud.google.com/load-balancing/docs/l7-internal/proxy-only-subnets + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| network\_name | The name of the VPC network being created | string | n/a | yes | +| project\_id | The project ID to host the network in | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| forwarding\_rule | Forwarding rule link | +| network\_name | The name of the VPC being created | +| network\_self\_link | The URI of the VPC being created | +| project\_id | VPC project id | +| route\_names | The routes associated with this VPC | +| subnets\_ips | The IP and cidrs of the subnets being created | +| subnets\_names | The names of the subnets being created | +| subnets\_regions | The region where subnets will be created | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/ilb_routing/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/ilb_routing/main.tf new file mode 100644 index 000000000..0c33e1def --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/ilb_routing/main.tf @@ -0,0 +1,127 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 2.19.0" +} + +provider "google-beta" { + version = "~> 2.19.0" +} + +provider "null" { + version = "~> 2.1" +} + +module "vpc" { + source = "../../modules/vpc" + network_name = var.network_name + project_id = var.project_id +} + +module "subnets" { + source = "../../modules/subnets-beta" + project_id = var.project_id + network_name = module.vpc.network_name + + subnets = [ + { + subnet_name = "${var.network_name}-subnet" + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + subnet_name = "${var.network_name}-subnet-01" + subnet_ip = "10.20.10.0/24" + subnet_region = "us-west1" + purpose = "INTERNAL_HTTPS_LOAD_BALANCER" + role = "ACTIVE" + } + ] +} + +module "subnets-backup" { + source = "../../modules/subnets-beta" + project_id = var.project_id + network_name = module.vpc.network_name + + subnets = [ + { + subnet_name = "${var.network_name}-subnet-02" + subnet_ip = "10.20.20.0/24" + subnet_region = "us-west1" + purpose = "INTERNAL_HTTPS_LOAD_BALANCER" + role = "BACKUP" + } + ] + + module_depends_on = [module.subnets.subnets] +} + +resource "google_compute_health_check" "this" { + project = var.project_id + name = "${var.network_name}-test" + check_interval_sec = 1 + timeout_sec = 1 + + tcp_health_check { + port = "80" + } +} + +resource "google_compute_region_backend_service" "this" { + project = var.project_id + name = "${var.network_name}-test" + region = "us-west1" + health_checks = [google_compute_health_check.this.self_link] +} + +resource "google_compute_forwarding_rule" "this" { + project = var.project_id + name = "${var.network_name}-fw-role" + + network = module.vpc.network_name + subnetwork = module.subnets.subnets["us-west1/${var.network_name}-subnet"].name + backend_service = google_compute_region_backend_service.this.self_link + region = "us-west1" + load_balancing_scheme = "INTERNAL" + all_ports = true +} + +module "routes" { + source = "../../modules/routes-beta" + project_id = var.project_id + network_name = module.vpc.network_name + routes_count = 2 + + routes = [ + { + name = "${var.network_name}-egress-inet" + description = "route through IGW to access internet" + destination_range = "0.0.0.0/0" + tags = "egress-inet" + next_hop_internet = "true" + }, + { + name = "${var.network_name}-ilb" + description = "route through ilb" + destination_range = "10.10.20.0/24" + next_hop_ilb = google_compute_forwarding_rule.this.self_link + }, + ] + + module_depends_on = [module.subnets.subnets, module.subnets-backup.subnets] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/ilb_routing/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/ilb_routing/outputs.tf new file mode 100644 index 000000000..676e23f32 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/ilb_routing/outputs.tf @@ -0,0 +1,55 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "network_name" { + value = module.vpc.network_name + description = "The name of the VPC being created" +} + +output "network_self_link" { + value = module.vpc.network_self_link + description = "The URI of the VPC being created" +} + +output "project_id" { + value = module.vpc.project_id + description = "VPC project id" +} + +output "subnets_names" { + value = [for network in concat(module.subnets.subnets, module.subnets-backup.subnets) : network.name] + description = "The names of the subnets being created" +} + +output "subnets_ips" { + value = [for network in concat(module.subnets.subnets, module.subnets-backup.subnets) : network.ip_cidr_range] + description = "The IP and cidrs of the subnets being created" +} + +output "subnets_regions" { + value = [for network in concat(module.subnets.subnets, module.subnets-backup.subnets) : network.region] + description = "The region where subnets will be created" +} + +output "route_names" { + value = [for route in module.routes.routes : route.name] + description = "The routes associated with this VPC" +} + +output "forwarding_rule" { + value = google_compute_forwarding_rule.this.self_link + description = "Forwarding rule link" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/ilb_routing/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/ilb_routing/variables.tf new file mode 100644 index 000000000..add931101 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/ilb_routing/variables.tf @@ -0,0 +1,23 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to host the network in" +} + +variable "network_name" { + description = "The name of the VPC network being created" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/ilb_routing/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/ilb_routing/versions.tf new file mode 100644 index 000000000..27ba8fc12 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/ilb_routing/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/multi_vpc/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/multi_vpc/README.md new file mode 100644 index 000000000..339b2c4ff --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/multi_vpc/README.md @@ -0,0 +1,37 @@ +# Multiple Networks + +This example configures a host network project with two separate networks. + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| network\_01\_name | The name of the first VPC network being created | string | n/a | yes | +| network\_02\_name | The name of the second VPC network being created | string | n/a | yes | +| project\_id | The project ID to host the network in | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| network\_01\_name | The name of the VPC network-01 | +| network\_01\_routes | The routes associated with network-01 | +| network\_01\_self\_link | The URI of the VPC network-01 | +| network\_01\_subnets | The names of the subnets being created on network-01 | +| network\_01\_subnets\_flow\_logs | Whether the subnets will have VPC flow logs enabled | +| network\_01\_subnets\_ips | The IP and cidrs of the subnets being created on network-01 | +| network\_01\_subnets\_private\_access | Whether the subnets will have access to Google API's without a public IP on network-01 | +| network\_01\_subnets\_regions | The region where the subnets will be created on network-01 | +| network\_01\_subnets\_secondary\_ranges | The secondary ranges associated with these subnets on network-01 | +| network\_02\_name | The name of the VPC network-02 | +| network\_02\_routes | The routes associated with network-02 | +| network\_02\_self\_link | The URI of the VPC network-02 | +| network\_02\_subnets | The names of the subnets being created on network-02 | +| network\_02\_subnets\_flow\_logs | Whether the subnets will have VPC flow logs enabled | +| network\_02\_subnets\_ips | The IP and cidrs of the subnets being created on network-02 | +| network\_02\_subnets\_private\_access | Whether the subnets will have access to Google API's without a public IP on network-02 | +| network\_02\_subnets\_regions | The region where the subnets will be created on network-02 | +| network\_02\_subnets\_secondary\_ranges | The secondary ranges associated with these subnets on network-02 | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/multi_vpc/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/multi_vpc/main.tf new file mode 100644 index 000000000..085f571e2 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/multi_vpc/main.tf @@ -0,0 +1,144 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 3.3.0" +} + +provider "null" { + version = "~> 2.1" +} + +locals { + network_01_subnet_01 = "${var.network_01_name}-subnet-01" + network_01_subnet_02 = "${var.network_01_name}-subnet-02" + network_01_subnet_03 = "${var.network_01_name}-subnet-03" + network_02_subnet_01 = "${var.network_02_name}-subnet-01" + network_02_subnet_02 = "${var.network_02_name}-subnet-02" + + network_01_routes = [ + { + name = "${var.network_01_name}-egress-inet" + description = "route through IGW to access internet" + destination_range = "0.0.0.0/0" + tags = "egress-inet" + next_hop_internet = "true" + }, + ] + + network_02_routes = [ + { + name = "${var.network_02_name}-egress-inet" + description = "route through IGW to access internet" + destination_range = "0.0.0.0/0" + tags = "egress-inet" + next_hop_internet = "true" + }, + { + name = "${var.network_02_name}-testapp-proxy" + description = "route through proxy to reach app" + destination_range = "10.50.10.0/24" + tags = "app-proxy" + next_hop_ip = "10.10.40.10" + }, + ] +} + +module "test-vpc-module-01" { + source = "../../" + project_id = var.project_id + network_name = var.network_01_name + + subnets = [ + { + subnet_name = local.network_01_subnet_01 + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + subnet_private_access = "false" + subnet_flow_logs = "true" + }, + { + subnet_name = local.network_01_subnet_02 + subnet_ip = "10.10.20.0/24" + subnet_region = "us-west1" + subnet_private_access = "false" + subnet_flow_logs = "true" + }, + { + subnet_name = local.network_01_subnet_03 + subnet_ip = "10.10.30.0/24" + subnet_region = "us-west1" + subnet_private_access = "false" + subnet_flow_logs = "true" + }, + ] + + secondary_ranges = { + "${local.network_01_subnet_01}" = [ + { + range_name = "${local.network_01_subnet_01}-01" + ip_cidr_range = "192.168.64.0/24" + }, + { + range_name = "${local.network_01_subnet_01}-02" + ip_cidr_range = "192.168.65.0/24" + }, + ] + + "${local.network_01_subnet_02}" = [ + { + range_name = "${local.network_02_subnet_01}-01" + ip_cidr_range = "192.168.74.0/24" + }, + ] + } + + routes = "${local.network_01_routes}" +} + +module "test-vpc-module-02" { + source = "../../" + project_id = var.project_id + network_name = var.network_02_name + + subnets = [ + { + subnet_name = "${local.network_02_subnet_01}" + subnet_ip = "10.10.40.0/24" + subnet_region = "us-west1" + subnet_private_access = "false" + subnet_flow_logs = "true" + }, + { + subnet_name = "${local.network_02_subnet_02}" + subnet_ip = "10.10.50.0/24" + subnet_region = "us-west1" + subnet_private_access = "false" + subnet_flow_logs = "true" + }, + ] + + secondary_ranges = { + "${local.network_02_subnet_01}" = [ + { + range_name = "${local.network_02_subnet_02}-01" + ip_cidr_range = "192.168.75.0/24" + }, + ] + } + + routes = local.network_02_routes +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/multi_vpc/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/multi_vpc/outputs.tf new file mode 100644 index 000000000..c2d6a8285 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/multi_vpc/outputs.tf @@ -0,0 +1,107 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# vpc 1 +output "network_01_name" { + value = module.test-vpc-module-01.network_name + description = "The name of the VPC network-01" +} + +output "network_01_self_link" { + value = module.test-vpc-module-01.network_self_link + description = "The URI of the VPC network-01" +} + +output "network_01_subnets" { + value = module.test-vpc-module-01.subnets_names + description = "The names of the subnets being created on network-01" +} + +output "network_01_subnets_ips" { + value = module.test-vpc-module-01.subnets_ips + description = "The IP and cidrs of the subnets being created on network-01" +} + +output "network_01_subnets_regions" { + value = module.test-vpc-module-01.subnets_regions + description = "The region where the subnets will be created on network-01" +} + +output "network_01_subnets_private_access" { + value = module.test-vpc-module-01.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP on network-01" +} + +output "network_01_subnets_flow_logs" { + value = module.test-vpc-module-01.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "network_01_subnets_secondary_ranges" { + value = module.test-vpc-module-01.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets on network-01" +} + +output "network_01_routes" { + value = module.test-vpc-module-01.route_names + description = "The routes associated with network-01" +} + +# vpc 2 +output "network_02_name" { + value = module.test-vpc-module-02.network_name + description = "The name of the VPC network-02" +} + +output "network_02_self_link" { + value = module.test-vpc-module-02.network_self_link + description = "The URI of the VPC network-02" +} + +output "network_02_subnets" { + value = module.test-vpc-module-02.subnets_names + description = "The names of the subnets being created on network-02" +} + +output "network_02_subnets_ips" { + value = module.test-vpc-module-02.subnets_ips + description = "The IP and cidrs of the subnets being created on network-02" +} + +output "network_02_subnets_regions" { + value = module.test-vpc-module-02.subnets_regions + description = "The region where the subnets will be created on network-02" +} + +output "network_02_subnets_private_access" { + value = module.test-vpc-module-02.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP on network-02" +} + +output "network_02_subnets_flow_logs" { + value = module.test-vpc-module-02.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "network_02_subnets_secondary_ranges" { + value = module.test-vpc-module-02.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets on network-02" +} + +output "network_02_routes" { + value = module.test-vpc-module-02.route_names + description = "The routes associated with network-02" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/multi_vpc/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/multi_vpc/variables.tf new file mode 100644 index 000000000..f378f835b --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/multi_vpc/variables.tf @@ -0,0 +1,27 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to host the network in" +} + +variable "network_01_name" { + description = "The name of the first VPC network being created" +} + +variable "network_02_name" { + description = "The name of the second VPC network being created" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/multi_vpc/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/multi_vpc/versions.tf new file mode 100644 index 000000000..27ba8fc12 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/multi_vpc/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/secondary_ranges/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/secondary_ranges/README.md new file mode 100644 index 000000000..acca7c730 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/secondary_ranges/README.md @@ -0,0 +1,31 @@ +# Secondary Ranges + +This example configures a single simple VPC inside of a project. + +This VPC has three subnets, with the first subnet being given two secondary +ranges and the third being given a single secondary range. + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| network\_name | The name of the VPC network being created | string | n/a | yes | +| project\_id | The project ID to host the network in | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| network\_name | The name of the VPC being created | +| network\_self\_link | The URI of the VPC being created | +| project\_id | VPC project id | +| route\_names | The routes associated with this VPC | +| subnets\_flow\_logs | Whether the subnets will have VPC flow logs enabled | +| subnets\_ips | The IP and cidrs of the subnets being created | +| subnets\_names | The names of the subnets being created | +| subnets\_private\_access | Whether the subnets will have access to Google API's without a public IP | +| subnets\_regions | The region where subnets will be created | +| subnets\_secondary\_ranges | The secondary ranges associated with these subnets | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/secondary_ranges/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/secondary_ranges/main.tf new file mode 100644 index 000000000..2c3389eb3 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/secondary_ranges/main.tf @@ -0,0 +1,87 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 3.3.0" +} + +provider "null" { + version = "~> 2.1" +} + +locals { + subnet_01 = "${var.network_name}-subnet-01" + subnet_02 = "${var.network_name}-subnet-02" + subnet_03 = "${var.network_name}-subnet-03" + subnet_04 = "${var.network_name}-subnet-04" +} + +module "vpc-secondary-ranges" { + source = "../../" + project_id = var.project_id + network_name = var.network_name + + subnets = [ + { + subnet_name = "${local.subnet_01}" + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + subnet_name = "${local.subnet_02}" + subnet_ip = "10.10.20.0/24" + subnet_region = "us-west1" + subnet_private_access = "true" + subnet_flow_logs = "true" + }, + { + subnet_name = "${local.subnet_03}" + subnet_ip = "10.10.30.0/24" + subnet_region = "us-west1" + subnet_flow_logs = "true" + subnet_flow_logs_interval = "INTERVAL_15_MIN" + subnet_flow_logs_sampling = 0.9 + subnet_flow_logs_metadata = "INCLUDE_ALL_METADATA" + }, + { + subnet_name = "${local.subnet_04}" + subnet_ip = "10.10.40.0/24" + subnet_region = "us-west1" + }, + ] + + secondary_ranges = { + "${local.subnet_01}" = [ + { + range_name = "${local.subnet_01}-01" + ip_cidr_range = "192.168.64.0/24" + }, + { + range_name = "${local.subnet_01}-02" + ip_cidr_range = "192.168.65.0/24" + }, + ] + + "${local.subnet_02}" = [] + + "${local.subnet_03}" = [ + { + range_name = "${local.subnet_03}-01" + ip_cidr_range = "192.168.66.0/24" + }, + ] + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/secondary_ranges/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/secondary_ranges/outputs.tf new file mode 100644 index 000000000..6c3f49cb4 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/secondary_ranges/outputs.tf @@ -0,0 +1,65 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "network_name" { + value = module.vpc-secondary-ranges.network_name + description = "The name of the VPC being created" +} + +output "network_self_link" { + value = module.vpc-secondary-ranges.network_self_link + description = "The URI of the VPC being created" +} + +output "project_id" { + value = module.vpc-secondary-ranges.project_id + description = "VPC project id" +} + +output "subnets_names" { + value = module.vpc-secondary-ranges.subnets_names + description = "The names of the subnets being created" +} + +output "subnets_ips" { + value = module.vpc-secondary-ranges.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "subnets_regions" { + value = module.vpc-secondary-ranges.subnets_regions + description = "The region where subnets will be created" +} + +output "subnets_private_access" { + value = module.vpc-secondary-ranges.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "subnets_flow_logs" { + value = module.vpc-secondary-ranges.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "subnets_secondary_ranges" { + value = flatten(module.vpc-secondary-ranges.subnets_secondary_ranges) + description = "The secondary ranges associated with these subnets" +} + +output "route_names" { + value = module.vpc-secondary-ranges.route_names + description = "The routes associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/secondary_ranges/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/secondary_ranges/variables.tf new file mode 100644 index 000000000..add931101 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/secondary_ranges/variables.tf @@ -0,0 +1,23 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to host the network in" +} + +variable "network_name" { + description = "The name of the VPC network being created" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/secondary_ranges/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/secondary_ranges/versions.tf new file mode 100644 index 000000000..27ba8fc12 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/secondary_ranges/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/simple_project/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/simple_project/README.md new file mode 100644 index 000000000..a4325668c --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/simple_project/README.md @@ -0,0 +1,30 @@ +# Simple Project + +This example configures a single simple VPC inside of a project. + +This VPC has two subnets, with no secondary ranges. + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| network\_name | The name of the VPC network being created | string | n/a | yes | +| project\_id | The project ID to host the network in | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| network\_name | The name of the VPC being created | +| network\_self\_link | The URI of the VPC being created | +| project\_id | VPC project id | +| route\_names | The routes associated with this VPC | +| subnets\_flow\_logs | Whether the subnets will have VPC flow logs enabled | +| subnets\_ips | The IP and cidrs of the subnets being created | +| subnets\_names | The names of the subnets being created | +| subnets\_private\_access | Whether the subnets will have access to Google API's without a public IP | +| subnets\_regions | The region where subnets will be created | +| subnets\_secondary\_ranges | The secondary ranges associated with these subnets | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/simple_project/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/simple_project/main.tf new file mode 100644 index 000000000..5d18bb239 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/simple_project/main.tf @@ -0,0 +1,59 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 3.3.0" +} + +provider "null" { + version = "~> 2.1" +} + +locals { + subnet_01 = "${var.network_name}-subnet-01" + subnet_02 = "${var.network_name}-subnet-02" + subnet_03 = "${var.network_name}-subnet-03" +} + +module "test-vpc-module" { + source = "../../" + project_id = var.project_id + network_name = var.network_name + + subnets = [ + { + subnet_name = "${local.subnet_01}" + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + subnet_name = "${local.subnet_02}" + subnet_ip = "10.10.20.0/24" + subnet_region = "us-west1" + subnet_private_access = "true" + subnet_flow_logs = "true" + }, + { + subnet_name = "${local.subnet_03}" + subnet_ip = "10.10.30.0/24" + subnet_region = "us-west1" + subnet_flow_logs = "true" + subnet_flow_logs_interval = "INTERVAL_10_MIN" + subnet_flow_logs_sampling = 0.7 + subnet_flow_logs_metadata = "INCLUDE_ALL_METADATA" + } + ] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/simple_project/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/simple_project/outputs.tf new file mode 100644 index 000000000..f69ae0437 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/simple_project/outputs.tf @@ -0,0 +1,65 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "network_name" { + value = module.test-vpc-module.network_name + description = "The name of the VPC being created" +} + +output "network_self_link" { + value = module.test-vpc-module.network_self_link + description = "The URI of the VPC being created" +} + +output "project_id" { + value = module.test-vpc-module.project_id + description = "VPC project id" +} + +output "subnets_names" { + value = module.test-vpc-module.subnets_names + description = "The names of the subnets being created" +} + +output "subnets_ips" { + value = module.test-vpc-module.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "subnets_regions" { + value = module.test-vpc-module.subnets_regions + description = "The region where subnets will be created" +} + +output "subnets_private_access" { + value = module.test-vpc-module.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "subnets_flow_logs" { + value = module.test-vpc-module.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "subnets_secondary_ranges" { + value = module.test-vpc-module.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets" +} + +output "route_names" { + value = module.test-vpc-module.route_names + description = "The routes associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/simple_project/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/simple_project/variables.tf new file mode 100644 index 000000000..add931101 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/simple_project/variables.tf @@ -0,0 +1,23 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to host the network in" +} + +variable "network_name" { + description = "The name of the VPC network being created" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/simple_project/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/simple_project/versions.tf new file mode 100644 index 000000000..27ba8fc12 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/simple_project/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/README.md new file mode 100644 index 000000000..354711e2a --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/README.md @@ -0,0 +1,30 @@ +# Simple Project + +This example configures a single simple regional VPC inside of a project. + +This VPC has two subnets, with no secondary ranges. + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| network\_name | The name of the VPC network being created | string | n/a | yes | +| project\_id | The project ID to host the network in | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| network\_name | The name of the VPC being created | +| network\_self\_link | The URI of the VPC being created | +| project\_id | VPC project id | +| route\_names | The routes associated with this VPC | +| subnets\_flow\_logs | Whether the subnets will have VPC flow logs enabled | +| subnets\_ips | The IP and cidrs of the subnets being created | +| subnets\_names | The names of the subnets being created | +| subnets\_private\_access | Whether the subnets will have access to Google API's without a public IP | +| subnets\_regions | The region where subnets will be created | +| subnets\_secondary\_ranges | The secondary ranges associated with these subnets | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/main.tf new file mode 100644 index 000000000..354b1af41 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/main.tf @@ -0,0 +1,50 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 3.3.0" +} + +provider "null" { + version = "~> 2.1" +} + +locals { + subnet_01 = "${var.network_name}-subnet-01" + subnet_02 = "${var.network_name}-subnet-02" +} + +module "test-vpc-module" { + source = "../../" + project_id = var.project_id + network_name = var.network_name + routing_mode = "REGIONAL" + + subnets = [ + { + subnet_name = "${local.subnet_01}" + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + subnet_name = "${local.subnet_02}" + subnet_ip = "10.10.20.0/24" + subnet_region = "us-west1" + subnet_private_access = "true" + subnet_flow_logs = "true" + }, + ] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/outputs.tf new file mode 100644 index 000000000..f69ae0437 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/outputs.tf @@ -0,0 +1,65 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "network_name" { + value = module.test-vpc-module.network_name + description = "The name of the VPC being created" +} + +output "network_self_link" { + value = module.test-vpc-module.network_self_link + description = "The URI of the VPC being created" +} + +output "project_id" { + value = module.test-vpc-module.project_id + description = "VPC project id" +} + +output "subnets_names" { + value = module.test-vpc-module.subnets_names + description = "The names of the subnets being created" +} + +output "subnets_ips" { + value = module.test-vpc-module.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "subnets_regions" { + value = module.test-vpc-module.subnets_regions + description = "The region where subnets will be created" +} + +output "subnets_private_access" { + value = module.test-vpc-module.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "subnets_flow_logs" { + value = module.test-vpc-module.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "subnets_secondary_ranges" { + value = module.test-vpc-module.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets" +} + +output "route_names" { + value = module.test-vpc-module.route_names + description = "The routes associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/variables.tf new file mode 100644 index 000000000..add931101 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/variables.tf @@ -0,0 +1,23 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to host the network in" +} + +variable "network_name" { + description = "The name of the VPC network being created" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/versions.tf new file mode 100644 index 000000000..27ba8fc12 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_firewall/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_firewall/README.md new file mode 100644 index 000000000..48f2bd1c2 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_firewall/README.md @@ -0,0 +1,32 @@ +# Simple Project With Firewall + +This example configures a single simple VPC inside of a project, and adds a basic firewall. + +This VPC has two subnets, with no secondary ranges. + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| network\_name | The name of the VPC network being created | string | n/a | yes | +| project\_id | The project ID to host the network in | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| admin\_ranges | Firewall attributes for admin ranges. | +| internal\_ranges | Firewall attributes for internal ranges. | +| network\_name | The name of the VPC being created | +| network\_self\_link | The URI of the VPC being created | +| project\_id | VPC project id | +| route\_names | The routes associated with this VPC | +| subnets\_flow\_logs | Whether the subnets will have VPC flow logs enabled | +| subnets\_ips | The IP and cidrs of the subnets being created | +| subnets\_names | The names of the subnets being created | +| subnets\_private\_access | Whether the subnets will have access to Google API's without a public IP | +| subnets\_regions | The region where subnets will be created | +| subnets\_secondary\_ranges | The secondary ranges associated with these subnets | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_firewall/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_firewall/main.tf new file mode 100644 index 000000000..85ed04135 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_firewall/main.tf @@ -0,0 +1,143 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 3.3.0" +} + +provider "null" { + version = "~> 2.1" +} + +locals { + subnet_01 = "${var.network_name}-subnet-01" + subnet_02 = "${var.network_name}-subnet-02" +} + +module "test-vpc-module" { + source = "../../" + project_id = var.project_id + network_name = var.network_name + + subnets = [ + { + subnet_name = local.subnet_01 + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + subnet_name = local.subnet_02 + subnet_ip = "10.10.20.0/24" + subnet_region = "us-west1" + subnet_private_access = "true" + subnet_flow_logs = "true" + }, + ] +} + +// Custom firewall rules +locals { + custom_rules = { + // Example of custom tcp/udp rule + deny-ingress-6534-6566 = { + description = "Deny all INGRESS to port 6534-6566" + direction = "INGRESS" + action = "deny" + ranges = ["0.0.0.0/0"] # source or destination ranges (depends on `direction`) + use_service_accounts = false # if `true` targets/sources expect list of instances SA, if false - list of tags + targets = null # target_service_accounts or target_tags depends on `use_service_accounts` value + sources = null # source_service_accounts or source_tags depends on `use_service_accounts` value + rules = [{ + protocol = "tcp" + ports = ["6534-6566"] + }, + { + protocol = "udp" + ports = ["6534-6566"] + }] + + extra_attributes = { + disabled = true + priority = 95 + } + } + + // Example how to allow connection from instances with `backend` tag, to instances with `databases` tag + allow-backend-to-databases = { + description = "Allow backend nodes connection to databases instances" + direction = "INGRESS" + action = "allow" + ranges = null + use_service_accounts = false + targets = ["databases"] # target_tags + sources = ["backed"] # source_tags + rules = [{ + protocol = "tcp" + ports = ["3306", "5432", "1521", "1433"] + }] + + extra_attributes = {} + } + + // Example how to allow connection from an instance with a given service account + allow-all-admin-sa = { + description = "Allow all traffic from admin sa instances" + direction = "INGRESS" + action = "allow" + ranges = null + use_service_accounts = true + targets = null + sources = ["admin@my-shiny-org.iam.gserviceaccount.com"] + rules = [{ + protocol = "tcp" + ports = null # all ports + }, + { + protocol = "udp" + ports = null # all ports + } + ] + extra_attributes = { + priority = 30 + } + } + } +} + + + +module "test-firewall-submodule" { + source = "../../modules/fabric-net-firewall" + project_id = var.project_id + network = module.test-vpc-module.network_name + internal_ranges_enabled = true + internal_ranges = module.test-vpc-module.subnets_ips + + internal_allow = [ + { + protocol = "icmp" + }, + { + protocol = "tcp", + ports = ["8080", "1000-2000"] + }, + { + protocol = "udp" + # all ports will be opened if `ports` key isn't specified + }, + ] + custom_rules = local.custom_rules +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_firewall/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_firewall/outputs.tf new file mode 100644 index 000000000..182dc845b --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_firewall/outputs.tf @@ -0,0 +1,75 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "network_name" { + value = module.test-vpc-module.network_name + description = "The name of the VPC being created" +} + +output "internal_ranges" { + description = "Firewall attributes for internal ranges." + value = module.test-firewall-submodule.internal_ranges +} + +output "admin_ranges" { + description = "Firewall attributes for admin ranges." + value = module.test-firewall-submodule.admin_ranges +} + +output "network_self_link" { + value = module.test-vpc-module.network_self_link + description = "The URI of the VPC being created" +} + +output "project_id" { + value = module.test-vpc-module.project_id + description = "VPC project id" +} + +output "subnets_names" { + value = module.test-vpc-module.subnets_names + description = "The names of the subnets being created" +} + +output "subnets_ips" { + value = module.test-vpc-module.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "subnets_regions" { + value = module.test-vpc-module.subnets_regions + description = "The region where subnets will be created" +} + +output "subnets_private_access" { + value = module.test-vpc-module.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "subnets_flow_logs" { + value = module.test-vpc-module.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "subnets_secondary_ranges" { + value = module.test-vpc-module.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets" +} + +output "route_names" { + value = module.test-vpc-module.route_names + description = "The routes associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_firewall/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_firewall/variables.tf new file mode 100644 index 000000000..add931101 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_firewall/variables.tf @@ -0,0 +1,23 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to host the network in" +} + +variable "network_name" { + description = "The name of the VPC network being created" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_firewall/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_firewall/versions.tf new file mode 100644 index 000000000..27ba8fc12 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_firewall/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_network_peering/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_network_peering/README.md new file mode 100644 index 000000000..4cc9dfdaa --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_network_peering/README.md @@ -0,0 +1,19 @@ +# Simple VPC Network Peering + +This example creates a VPC Network peering between two VPCs. + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| project\_id | The project ID to put the resources in | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| peering1 | Peering1 module output. | +| peering2 | Peering2 module output. | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_network_peering/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_network_peering/main.tf new file mode 100644 index 000000000..7f9e207e7 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_network_peering/main.tf @@ -0,0 +1,66 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 3.3.0" +} + +provider "google-beta" { + version = "~> 3.3.0" +} + +provider "null" { + version = "~> 2.1" +} + +module "local-network" { + source = "../../" + project_id = var.project_id + network_name = "local-network" + subnets = [] +} + +module "peer-network-1" { + source = "../../" + project_id = var.project_id + network_name = "peer-network-1" + subnets = [] +} + +module "peer-network-2" { + source = "../../" + project_id = var.project_id + network_name = "peer-network-2" + subnets = [] +} + +module "peering-1" { + source = "../../modules/network-peering" + + local_network = module.local-network.network_self_link + peer_network = module.peer-network-1.network_self_link + export_local_custom_routes = true +} + +module "peering-2" { + source = "../../modules/network-peering" + + local_network = module.local-network.network_self_link + peer_network = module.peer-network-2.network_self_link + export_local_custom_routes = true + + module_depends_on = [module.peering-1.complete] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_network_peering/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_network_peering/outputs.tf new file mode 100644 index 000000000..0beb8220e --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_network_peering/outputs.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "peering1" { + description = "Peering1 module output." + value = module.peering-1 +} + +output "peering2" { + description = "Peering2 module output." + value = module.peering-2 +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_network_peering/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_network_peering/variables.tf new file mode 100644 index 000000000..87cb7f64a --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_network_peering/variables.tf @@ -0,0 +1,20 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to put the resources in" + type = string +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_network_peering/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_network_peering/versions.tf new file mode 100644 index 000000000..27ba8fc12 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_network_peering/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_svpc_access/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_svpc_access/README.md new file mode 100644 index 000000000..c8e66b959 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_svpc_access/README.md @@ -0,0 +1,24 @@ +# Shared VPC with service projects + +This simple example configures a shared VPC, and grants access to it to service projects. + +The VPC has two subnets with no secondary ranges, service projects are configured as follows: + +- the first service project is granted VPC-level access +- the second service project is granted subnet-level access to the second subnet +- the third service project is granted subnet-level access to the first and second subnet + +Subnet-level access in this example is only granted to the default GCE service accounts for illustrative purposes. More realistic examples should grant access to other service accounts (possibly including the GKE robot service accounts as per [documentation](https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-shared-vpc)), and project users/groups that need to use the Shared VPC from other projects (eg to create VMs). + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| host\_project\_id | Id of the host project where the shared VPC will be created. | string | n/a | yes | +| network\_name | Name of the shared VPC. | string | `"test-svpc"` | no | +| service\_project\_id | Service project id. | string | n/a | yes | +| service\_project\_number | Service project number. | string | n/a | yes | +| service\_project\_owners | Service project owners, in IAM format. | list | `` | no | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_svpc_access/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_svpc_access/main.tf new file mode 100644 index 000000000..21091d1c7 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_svpc_access/main.tf @@ -0,0 +1,62 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 3.3.0" +} + +provider "null" { + version = "~> 2.1" +} + +locals { + net_data_users = compact(concat( + var.service_project_owners, + ["serviceAccount:${var.service_project_number}@cloudservices.gserviceaccount.com"] + )) +} + +module "net-vpc-shared" { + source = "../.." + project_id = var.host_project_id + network_name = var.network_name + shared_vpc_host = true + + subnets = [ + { + subnet_name = "networking" + subnet_ip = "10.10.10.0/24" + subnet_region = "europe-west1" + }, + { + subnet_name = "data" + subnet_ip = "10.10.20.0/24" + subnet_region = "europe-west1" + }, + ] +} + +module "net-svpc-access" { + source = "../../modules/fabric-net-svpc-access" + host_project_id = module.net-vpc-shared.project_id + service_project_num = 1 + service_project_ids = [var.service_project_id] + host_subnets = ["data"] + host_subnet_regions = ["europe-west1"] + host_subnet_users = { + data = join(",", local.net_data_users) + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_svpc_access/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_svpc_access/outputs.tf new file mode 100644 index 000000000..437465a52 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_svpc_access/outputs.tf @@ -0,0 +1,16 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_svpc_access/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_svpc_access/variables.tf new file mode 100644 index 000000000..346eab79d --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_svpc_access/variables.tf @@ -0,0 +1,37 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "host_project_id" { + description = "Id of the host project where the shared VPC will be created." +} + +variable "service_project_id" { + description = "Service project id." +} + +variable "service_project_number" { + description = "Service project number." +} + +variable "service_project_owners" { + description = "Service project owners, in IAM format." + default = [] +} + +variable "network_name" { + description = "Name of the shared VPC." + default = "test-svpc" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_svpc_access/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_svpc_access/versions.tf new file mode 100644 index 000000000..27ba8fc12 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/examples/submodule_svpc_access/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/helpers/migrate.py b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/helpers/migrate.py new file mode 100755 index 000000000..37a0fd105 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/helpers/migrate.py @@ -0,0 +1,423 @@ +#!/usr/bin/env python3 + +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import argparse +import copy +import subprocess +import sys +import re +import json + +MIGRATIONS = [ + { + "resource_type": "google_compute_network", + "name": "network", + "module": ".module.vpc", + "new_plural": False + }, + { + "resource_type": "google_compute_shared_vpc_host_project", + "name": "shared_vpc_host", + "module": ".module.vpc", + "new_plural": False + }, + { + "resource_type": "google_compute_subnetwork", + "name": "subnetwork", + "module": ".module.subnets", + "for_each_migration": True, + "for_each_migration_key": "id" + }, + { + "resource_type": "google_compute_route", + "name": "route", + "module": ".module.routes", + "for_each_migration": True, + "for_each_migration_key": "id" + }, + { + "resource_type": "null_resource", + "name": "delete_default_internet_gateway_routes", + "module": ".module.routes" + } +] + + +class ModuleMigration: + """ + Migrate the resources from a flat project factory to match the new + module structure created by the G Suite refactor. + """ + + def __init__(self, source_module, state): + self.source_module = source_module + self.state = state + + def moves(self): + """ + Generate the set of old/new resource pairs that will be migrated + to the `destination` module. + """ + resources = self.targets() + for_each_migrations = [] + + moves = [] + for (old, migration) in resources: + new = copy.deepcopy(old) + new.module += migration["module"] + + # Update the copied resource with the "rename" value if it is set + if "rename" in migration: + new.name = migration["rename"] + + old.plural = migration.get("old_plural", True) + new.plural = migration.get("new_plural", True) + + if (migration.get("for_each_migration", False) and + migration.get("old_plural", True)): + for_each_migrations.append((old, new, migration)) + else: + pair = (old.path(), new.path()) + moves.append(pair) + + for_each_moves = self.for_each_moves(for_each_migrations) + return moves + for_each_moves + + def for_each_moves(self, for_each_migrations): + """ + When migrating from count to for_each we need to move the + whole collection first + https://github.com/hashicorp/terraform/issues/22301 + """ + for_each_initial_migration = {} + moves = [] + + for (old, new, migration) in for_each_migrations: + # Do the initial migration of the whole collection + # only once if it hasn't been done yet + key = old.resource_type + "." + old.name + if key not in for_each_initial_migration: + for_each_initial_migration[key] = True + old.plural = False + new.plural = False + + pair = (old.path(), new.path()) + moves.append(pair) + + # Whole collection is moved to new location. Now needs right index + new.plural = True + new_indexed = copy.deepcopy(new) + new_indexed.key = self.state.resource_value( + old, migration["for_each_migration_key"]) + pair = (new.path(), new_indexed.path()) + moves.append(pair) + + return moves + + def targets(self): + """ + A list of resources that will be moved to the new module """ + to_move = [] + + for migration in MIGRATIONS: + resource_type = migration["resource_type"] + resource_name = migration["name"] + matching_resources = self.source_module.get_resources( + resource_type, + resource_name) + to_move += [(r, migration) for r in matching_resources] + + return to_move + + +class TerraformModule: + """ + A Terraform module with associated resources. + """ + + def __init__(self, name, resources): + """ + Create a new module and associate it with a list of resources. + """ + self.name = name + self.resources = resources + + def get_resources(self, resource_type=None, resource_name=None): + """ + Return a list of resources matching the given resource type and name. + """ + + ret = [] + for resource in self.resources: + matches_type = (resource_type is None or + resource_type == resource.resource_type) + + name_pattern = re.compile(r'%s(\[\d+\])?' % resource_name) + matches_name = (resource_name is None or + name_pattern.match(resource.name)) + + if matches_type and matches_name: + ret.append(resource) + + return ret + + def has_resource(self, resource_type=None, resource_name=None): + """ + Does this module contain a resource with the matching type and name? + """ + for resource in self.resources: + matches_type = (resource_type is None or + resource_type == resource.resource_type) + + matches_name = (resource_name is None or + resource_name in resource.name) + + if matches_type and matches_name: + return True + + return False + + def __repr__(self): + return "{}({!r}, {!r})".format( + self.__class__.__name__, + self.name, + [repr(resource) for resource in self.resources]) + + +class TerraformResource: + """ + A Terraform resource, defined by the the identifier of that resource. + """ + + @classmethod + def from_path(cls, path): + """ + Generate a new Terraform resource, based on the fully qualified + Terraform resource path. + """ + if re.match(r'\A[\w.\["/\]-]+\Z', path) is None: + raise ValueError( + "Invalid Terraform resource path {!r}".format(path)) + + parts = path.split(".") + name = parts.pop() + resource_type = parts.pop() + module = ".".join(parts) + return cls(module, resource_type, name) + + def __init__(self, module, resource_type, name): + """ + Create a new TerraformResource from a pre-parsed path. + """ + self.module = module + self.resource_type = resource_type + self.key = None + self.plural = True + + find_suffix = re.match(r'(^.+)\[(\d+)\]', name) + if find_suffix: + self.name = find_suffix.group(1) + self.index = find_suffix.group(2) + else: + self.name = name + self.index = -1 + + def path(self): + """ + Return the fully qualified resource path. + """ + parts = [self.module, self.resource_type, self.name] + if parts[0] == '': + del parts[0] + path = ".".join(parts) + if self.key is not None: + path = "{0}[\"{1}\"]".format(path, self.key) + elif self.index != -1 and self.plural: + path = "{0}[{1}]".format(path, self.index) + return path + + def __repr__(self): + return "{}({!r}, {!r}, {!r})".format( + self.__class__.__name__, + self.module, + self.resource_type, + self.name) + + +class TerraformState: + """ + A Terraform state representation, pulled from terraform state pull + Used for getting values out of individual resources + """ + + def __init__(self): + self.read_state() + + def read_state(self): + """ + Read the terraform state + """ + argv = ["terraform", "state", "pull"] + result = subprocess.run(argv, + capture_output=True, + check=True, + encoding='utf-8') + + self.state = json.loads(result.stdout) + + def resource_value(self, resource, key): + # Find the resource in the state + state_resource_list = [r for r in self.state["resources"] if + r.get("module", "none") == resource.module and + r["type"] == resource.resource_type and + r["name"] == resource.name] + + if (len(state_resource_list) != 1): + raise ValueError( + "Could not find resource list in state for {}" + .format(resource)) + + index = int(resource.index) + # If this a collection use the index to find the right resource, + # otherwise use the first + if (index >= 0): + state_resource = [r for r in state_resource_list[0]["instances"] if + r["index_key"] == index] + + if (len(state_resource) != 1): + raise ValueError( + "Could not find resource in state for {} key {}" + .format(resource, resource.index)) + else: + state_resource = state_resource_list[0]["instances"] + + return state_resource[0]["attributes_flat"][key] + + +def group_by_module(resources): + """ + Group a set of resources according to their containing module. + """ + + groups = {} + for resource in resources: + if resource.module in groups: + groups[resource.module].append(resource) + else: + groups[resource.module] = [resource] + + return [ + TerraformModule(name, contained) + for name, contained in groups.items() + ] + + +def read_resources(): + """ + Read the terraform state at the given path. + """ + argv = ["terraform", "state", "list"] + result = subprocess.run(argv, + capture_output=True, + check=True, + encoding='utf-8') + elements = result.stdout.split("\n") + elements.pop() + return elements + + +def state_changes_for_module(module, state): + """ + Compute the Terraform state changes (deletions and moves) for a single + module. + """ + commands = [] + + migration = ModuleMigration(module, state) + + for (old, new) in migration.moves(): + wrapper = "'{0}'" + argv = ["terraform", + "state", + "mv", + wrapper.format(old), + wrapper.format(new)] + commands.append(argv) + + return commands + + +def migrate(state=None, dryrun=False): + """ + Generate and run terraform state mv commands to migrate resources from one + state structure to another + """ + + # Generate a list of Terraform resource states from the output of + # `terraform state list` + resources = [ + TerraformResource.from_path(path) + for path in read_resources() + ] + + # Group resources based on the module where they're defined. + modules = group_by_module(resources) + + # Filter our list of Terraform modules down to anything that looks like a + # google network original module. We key this off the presence off of + # `terraform-google-network` resource type and names + modules_to_migrate = [ + module for module in modules + if module.has_resource("google_compute_network", "network") + ] + + print("---- Migrating the following modules:") + for module in modules_to_migrate: + print("-- " + module.name) + + # Collect a list of resources for each module + commands = [] + for module in modules_to_migrate: + commands += state_changes_for_module(module, state) + + print("---- Commands to run:") + for argv in commands: + if dryrun: + print(" ".join(argv)) + else: + argv = [arg.strip("'") for arg in argv] + subprocess.run(argv, check=True, encoding='utf-8') + + +def main(argv): + parser = argparser() + args = parser.parse_args(argv[1:]) + + state = TerraformState() + + migrate(state=state, dryrun=args.dryrun) + + +def argparser(): + parser = argparse.ArgumentParser(description='Migrate Terraform state') + parser.add_argument('--dryrun', action='store_true', + help='Print the `terraform state mv` commands instead ' + 'of running the commands.') + return parser + + +if __name__ == "__main__": + main(sys.argv) diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/main.tf new file mode 100644 index 000000000..93794145a --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/main.tf @@ -0,0 +1,51 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/****************************************** + VPC configuration + *****************************************/ +module "vpc" { + source = "./modules/vpc" + network_name = var.network_name + auto_create_subnetworks = var.auto_create_subnetworks + routing_mode = var.routing_mode + project_id = var.project_id + description = var.description + shared_vpc_host = var.shared_vpc_host +} + +/****************************************** + Subnet configuration + *****************************************/ +module "subnets" { + source = "./modules/subnets" + project_id = var.project_id + network_name = module.vpc.network_name + subnets = var.subnets + secondary_ranges = var.secondary_ranges +} + +/****************************************** + Routes + *****************************************/ +module "routes" { + source = "./modules/routes" + project_id = var.project_id + network_name = module.vpc.network_name + routes = var.routes + delete_default_internet_gateway_routes = var.delete_default_internet_gateway_routes + module_depends_on = [module.subnets.subnets] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/fabric-net-firewall/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/fabric-net-firewall/README.md new file mode 100644 index 000000000..7a8fb0a7f --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/fabric-net-firewall/README.md @@ -0,0 +1,98 @@ +# Google Cloud VPC Firewall + +This module allows creation of a minimal VPC firewall, supporting basic configurable rules for IP range-based intra-VPC and administrator ingress, tag-based SSH/HTTP/HTTPS ingress, and custom rule definitions. + +The HTTP and HTTPS rules use the same network tags that are assigned to instances when the "Allow HTTP[S] traffic" checkbox is flagged in the Cloud Console. The SSH rule uses a generic `ssh` tag. + +All IP source ranges are configurable through variables, and are set by default to `0.0.0.0/0` for tag-based rules. Allowed protocols and/or ports for the intra-VPC rule are also configurable through a variable. + +Custom rules are set through a map where keys are rule names, and values use this custom type: + +```hcl +map(object({ + description = string + direction = string # (INGRESS|EGRESS) + action = string # (allow|deny) + ranges = list(string) # list of IP CIDR ranges + sources = list(string) # tags or SAs (ignored for EGRESS) + targets = list(string) # tags or SAs + use_service_accounts = bool # use tags or SAs in sources/targets + rules = list(object({ + protocol = string + ports = list(string) + })) + extra_attributes = map(string) # map, optional keys disabled or priority +})) +``` + +The resources created/managed by this module are: + +- one optional ingress rule from internal CIDR ranges, only allowing ICMP by default +- one optional ingress rule from admin CIDR ranges, allowing all protocols on all ports +- one optional ingress rule for SSH on network tag `ssh` +- one optional ingress rule for HTTP on network tag `http-server` +- one optional ingress rule for HTTPS on network tag `https-server` +- one or more optional custom rules + + +## Usage + +Basic usage of this module is as follows: + +```hcl +module "net-firewall" { + source = "terraform-google-modules/network/google//modules/fabric-net-firewall" + project_id = "my-project" + network = "my-vpc" + internal_ranges_enabled = true + internal_ranges = ["10.0.0.0/0"] + custom_rules = { + ingress-sample = { + description = "Dummy sample ingress rule, tag-based." + direction = "INGRESS" + action = "allow" + ranges = ["192.168.0.0"] + sources = ["spam-tag"] + targets = ["foo-tag", "egg-tag"] + use_service_accounts = false + rules = [ + { + protocol = "tcp" + ports = [] + } + ] + extra_attributes = {} + } + } +} +``` + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| admin\_ranges | IP CIDR ranges that have complete access to all subnets. | list | `` | no | +| admin\_ranges\_enabled | Enable admin ranges-based rules. | string | `"false"` | no | +| custom\_rules | List of custom rule definitions (refer to variables file for syntax). | object | `` | no | +| http\_source\_ranges | List of IP CIDR ranges for tag-based HTTP rule, defaults to 0.0.0.0/0. | list | `` | no | +| https\_source\_ranges | List of IP CIDR ranges for tag-based HTTPS rule, defaults to 0.0.0.0/0. | list | `` | no | +| internal\_allow | Allow rules for internal ranges. | list | `` | no | +| internal\_ranges | IP CIDR ranges for intra-VPC rules. | list | `` | no | +| internal\_ranges\_enabled | Create rules for intra-VPC ranges. | string | `"false"` | no | +| network | Name of the network this set of firewall rules applies to. | string | n/a | yes | +| project\_id | Project id of the project that holds the network. | string | n/a | yes | +| ssh\_source\_ranges | List of IP CIDR ranges for tag-based SSH rule, defaults to 0.0.0.0/0. | list | `` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| admin\_ranges | Admin ranges data. | +| custom\_egress\_allow\_rules | Custom egress rules with allow blocks. | +| custom\_egress\_deny\_rules | Custom egress rules with allow blocks. | +| custom\_ingress\_allow\_rules | Custom ingress rules with allow blocks. | +| custom\_ingress\_deny\_rules | Custom ingress rules with deny blocks. | +| internal\_ranges | Internal ranges. | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/fabric-net-firewall/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/fabric-net-firewall/main.tf new file mode 100644 index 000000000..89b969152 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/fabric-net-firewall/main.tf @@ -0,0 +1,157 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +############################################################################### +# rules based on IP ranges +############################################################################### + +resource "google_compute_firewall" "allow-internal" { + count = var.internal_ranges_enabled == true && length(var.internal_allow) > 0 ? 1 : 0 + name = "${var.network}-ingress-internal" + description = "Allow ingress traffic from internal IP ranges" + network = var.network + project = var.project_id + source_ranges = var.internal_ranges + + dynamic "allow" { + for_each = [for rule in var.internal_allow : + { + protocol = lookup(rule, "protocol", null) + ports = lookup(rule, "ports", null) + } + ] + content { + protocol = allow.value.protocol + ports = allow.value.ports + } + } + +} + + + + + +resource "google_compute_firewall" "allow-admins" { + count = var.admin_ranges_enabled == true ? 1 : 0 + name = "${var.network}-ingress-admins" + description = "Access from the admin subnet to all subnets" + network = var.network + project = var.project_id + source_ranges = var.admin_ranges + + allow { + protocol = "icmp" + } + + allow { + protocol = "tcp" + } + + allow { + protocol = "udp" + } +} + +############################################################################### +# rules based on tags +############################################################################### + +resource "google_compute_firewall" "allow-tag-ssh" { + count = length(var.ssh_source_ranges) > 0 ? 1 : 0 + name = "${var.network}-ingress-tag-ssh" + description = "Allow SSH to machines with the 'ssh' tag" + network = var.network + project = var.project_id + source_ranges = var.ssh_source_ranges + target_tags = ["ssh"] + + allow { + protocol = "tcp" + ports = ["22"] + } +} + +resource "google_compute_firewall" "allow-tag-http" { + count = length(var.http_source_ranges) > 0 ? 1 : 0 + name = "${var.network}-ingress-tag-http" + description = "Allow HTTP to machines with the 'http-server' tag" + network = var.network + project = var.project_id + source_ranges = var.http_source_ranges + target_tags = ["http-server"] + + allow { + protocol = "tcp" + ports = ["80"] + } +} + +resource "google_compute_firewall" "allow-tag-https" { + count = length(var.https_source_ranges) > 0 ? 1 : 0 + name = "${var.network}-ingress-tag-https" + description = "Allow HTTPS to machines with the 'https' tag" + network = var.network + project = var.project_id + source_ranges = var.https_source_ranges + target_tags = ["https-server"] + + allow { + protocol = "tcp" + ports = ["443"] + } +} + +################################################################################ +# dynamic rules # +################################################################################ + +resource "google_compute_firewall" "custom" { + # provider = "google-beta" + for_each = var.custom_rules + name = each.key + description = each.value.description + direction = each.value.direction + network = var.network + project = var.project_id + source_ranges = each.value.direction == "INGRESS" ? each.value.ranges : null + destination_ranges = each.value.direction == "EGRESS" ? each.value.ranges : null + source_tags = each.value.use_service_accounts || each.value.direction == "EGRESS" ? null : each.value.sources + source_service_accounts = each.value.use_service_accounts && each.value.direction == "INGRESS" ? each.value.sources : null + target_tags = each.value.use_service_accounts ? null : each.value.targets + target_service_accounts = each.value.use_service_accounts ? each.value.targets : null + disabled = lookup(each.value.extra_attributes, "disabled", false) + priority = lookup(each.value.extra_attributes, "priority", 1000) + enable_logging = lookup(each.value.extra_attributes, "enable_logging", null) + + dynamic "allow" { + for_each = [for rule in each.value.rules : rule if each.value.action == "allow"] + iterator = rule + content { + protocol = rule.value.protocol + ports = rule.value.ports + } + } + + dynamic "deny" { + for_each = [for rule in each.value.rules : rule if each.value.action == "deny"] + iterator = rule + content { + protocol = rule.value.protocol + ports = rule.value.ports + } + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/fabric-net-firewall/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/fabric-net-firewall/outputs.tf new file mode 100644 index 000000000..6a36296f7 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/fabric-net-firewall/outputs.tf @@ -0,0 +1,65 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "internal_ranges" { + description = "Internal ranges." + + value = { + enabled = var.internal_ranges_enabled + ranges = var.internal_ranges_enabled ? join(",", var.internal_ranges) : "" + } +} + +output "admin_ranges" { + description = "Admin ranges data." + + value = { + enabled = var.admin_ranges_enabled + ranges = var.admin_ranges_enabled ? join(",", var.admin_ranges) : "" + } +} + +output "custom_ingress_allow_rules" { + description = "Custom ingress rules with allow blocks." + value = [ + for rule in google_compute_firewall.custom : + rule.name if rule.direction == "INGRESS" && length(rule.allow) > 0 + ] +} + +output "custom_ingress_deny_rules" { + description = "Custom ingress rules with deny blocks." + value = [ + for rule in google_compute_firewall.custom : + rule.name if rule.direction == "INGRESS" && length(rule.deny) > 0 + ] +} + +output "custom_egress_allow_rules" { + description = "Custom egress rules with allow blocks." + value = [ + for rule in google_compute_firewall.custom : + rule.name if rule.direction == "EGRESS" && length(rule.allow) > 0 + ] +} + +output "custom_egress_deny_rules" { + description = "Custom egress rules with allow blocks." + value = [ + for rule in google_compute_firewall.custom : + rule.name if rule.direction == "EGRESS" && length(rule.deny) > 0 + ] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/fabric-net-firewall/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/fabric-net-firewall/variables.tf new file mode 100644 index 000000000..80249cb94 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/fabric-net-firewall/variables.tf @@ -0,0 +1,86 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "network" { + description = "Name of the network this set of firewall rules applies to." +} + +variable "project_id" { + description = "Project id of the project that holds the network." +} + +variable "internal_ranges_enabled" { + description = "Create rules for intra-VPC ranges." + default = false +} + +variable "internal_ranges" { + description = "IP CIDR ranges for intra-VPC rules." + default = [] +} + +variable "internal_allow" { + description = "Allow rules for internal ranges." + default = [ + { + protocol = "icmp" + }, + ] +} + +variable "admin_ranges_enabled" { + description = "Enable admin ranges-based rules." + default = false +} + +variable "admin_ranges" { + description = "IP CIDR ranges that have complete access to all subnets." + default = [] +} + +variable "ssh_source_ranges" { + description = "List of IP CIDR ranges for tag-based SSH rule, defaults to 0.0.0.0/0." + default = ["0.0.0.0/0"] +} + +variable "http_source_ranges" { + description = "List of IP CIDR ranges for tag-based HTTP rule, defaults to 0.0.0.0/0." + default = ["0.0.0.0/0"] +} + +variable "https_source_ranges" { + description = "List of IP CIDR ranges for tag-based HTTPS rule, defaults to 0.0.0.0/0." + default = ["0.0.0.0/0"] +} + +variable "custom_rules" { + description = "List of custom rule definitions (refer to variables file for syntax)." + default = {} + type = map(object({ + description = string + direction = string + action = string # (allow|deny) + ranges = list(string) + sources = list(string) + targets = list(string) + use_service_accounts = bool + rules = list(object({ + protocol = string + ports = list(string) + })) + extra_attributes = map(string) + })) +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/fabric-net-firewall/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/fabric-net-firewall/versions.tf new file mode 100644 index 000000000..c1eedd7e1 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/fabric-net-firewall/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" + required_providers { + google = "<4.0,>= 2.12" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/README.md new file mode 100644 index 000000000..3ef174361 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/README.md @@ -0,0 +1,58 @@ +# Google Cloud Shared VPC Access Configuration + +This module allows configuring service project access to a Shared VPC, created with the top-level network module. The module allows: + +- attaching service projects to the Shared VPC host project +- assigning IAM roles for each Shared VPC subnet + +Full details on service project configuration can be found in the Google Cloud documentation on *[Provisioning Shared VPC](https://cloud.google.com/vpc/docs/provisioning-shared-vpc)*, and to *[Setting up clusters with Shared VPC](https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-shared-vpc)*. Details and use cases of using service accounts as role recipients for Shared VPC are in the *[Service accounts as project admins](https://cloud.google.com/vpc/docs/provisioning-shared-vpc#sa-as-spa)* section of the first document above. + +The resources created/managed by this module are: + +- one `google_compute_shared_vpc_service_project` resource for each project where full VPC access is needed +- one `google_compute_subnetwork_iam_binding` for each subnetwork where individual subnetwork access is needed + +## Usage + +Basic usage of this module is as follows: + +```hcl +module "net-shared-vpc-access" { + source = "terraform-google-modules/network/google//modules/fabric-net-svpc-access" + version = "~> 1.4.0" + host_project_id = "my-host-project-id" + service_project_num = 1 + service_project_ids = ["my-service-project-id"] + host_subnets = ["my-subnet"] + host_subnet_regions = ["europe-west1"] + host_subnet_users = { + my-subnet = "group:my-service-owners@example.org,serviceAccount:1234567890@cloudservices.gserviceaccount.com" + } + host_service_agent_role = true + host_service_agent_users = [ + "serviceAccount:service-123456789@container-engine-robot.iam.gserviceaccount.com" + ] +} +``` + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| host\_project\_id | Project id of the shared VPC host project. | string | n/a | yes | +| host\_service\_agent\_role | Assign host service agent role to users in host_service_agent_users variable. | bool | `"false"` | no | +| host\_service\_agent\_users | List of IAM-style users that will be granted the host service agent role on the host project. | list(string) | `` | no | +| host\_subnet\_regions | List of subnet regions, one per subnet. | list(string) | `` | no | +| host\_subnet\_users | Map of comma-delimited IAM-style members to which network user roles for subnets will be assigned. | map(any) | `` | no | +| host\_subnets | List of subnet names on which to grant network user role. | list(string) | `` | no | +| service\_project\_ids | Ids of the service projects that will be attached to the Shared VPC. | list(string) | n/a | yes | +| service\_project\_num | Number of service projects that will be attached to the Shared VPC. | number | `"0"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| service\_projects | Project ids of the services with access to all subnets. | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/main.tf new file mode 100644 index 000000000..a51c74b7b --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/main.tf @@ -0,0 +1,40 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +resource "google_compute_shared_vpc_service_project" "projects" { + count = var.service_project_num + host_project = var.host_project_id + service_project = element(var.service_project_ids, count.index) +} + +resource "google_compute_subnetwork_iam_binding" "network_users" { + count = length(var.host_subnets) + project = var.host_project_id + region = element(var.host_subnet_regions, count.index) + subnetwork = element(var.host_subnets, count.index) + role = "roles/compute.networkUser" + + members = compact(split(",", lookup(var.host_subnet_users, + element(var.host_subnets, count.index)) + )) +} + +resource "google_project_iam_binding" "service_agents" { + count = var.host_service_agent_role ? 1 : 0 + project = var.host_project_id + role = "roles/container.hostServiceAgentUser" + members = var.host_service_agent_users +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/outputs.tf new file mode 100644 index 000000000..dc7925943 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/outputs.tf @@ -0,0 +1,20 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "service_projects" { + description = "Project ids of the services with access to all subnets." + value = google_compute_shared_vpc_service_project.projects.*.service_project +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/variables.tf new file mode 100644 index 000000000..579d2f84b --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/variables.tf @@ -0,0 +1,63 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "host_project_id" { + type = string + description = "Project id of the shared VPC host project." +} + +# passed-in values can be dynamic, so variables used in count need to be separate + +variable "service_project_num" { + type = number + description = "Number of service projects that will be attached to the Shared VPC." + default = 0 +} + +variable "service_project_ids" { + type = list(string) + description = "Ids of the service projects that will be attached to the Shared VPC." +} + +variable "host_subnets" { + type = list(string) + description = "List of subnet names on which to grant network user role." + default = [] +} + +variable "host_subnet_regions" { + type = list(string) + description = "List of subnet regions, one per subnet." + default = [] +} + +variable "host_subnet_users" { + type = map(any) + description = "Map of comma-delimited IAM-style members to which network user roles for subnets will be assigned." + default = {} +} + +variable "host_service_agent_role" { + type = bool + description = "Assign host service agent role to users in host_service_agent_users variable." + default = false +} + +variable "host_service_agent_users" { + type = list(string) + description = "List of IAM-style users that will be granted the host service agent role on the host project." + default = [] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/versions.tf new file mode 100644 index 000000000..c1eedd7e1 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" + required_providers { + google = "<4.0,>= 2.12" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/network-peering/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/network-peering/README.md new file mode 100644 index 000000000..41f0fdf4f --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/network-peering/README.md @@ -0,0 +1,66 @@ +# Google Network Peering + +This module allows creation of a [VPC Network Peering](https://cloud.google.com/vpc/docs/vpc-peering) between two networks. + +The resources created/managed by this module are: + +- one network peering from `local network` to `peer network` +- one network peering from `peer network` to `local network` + +## Usage + +Basic usage of this module is as follows: + +```hcl +module "peering" { + source = "terraform-google-modules/network/google//modules/network-peering" + + prefix = "name-prefix" + local_network = "" + peer_network = "" +} +``` + +If you need to create more than one peering for the same VPC Network `(A -> B, A -> C)` you have to use output from the first module as a dependency for the second one to keep order of peering creation (It is not currently possible to create more than one peering connection for a VPC Network at the same time). + +```hcl +module "peering-a-b" { + source = "terraform-google-modules/network/google//modules/network-peering" + + prefix = "name-prefix" + local_network = "" + peer_network = "" +} + +module "peering-a-c" { + source = "terraform-google-modules/network/google//modules/network-peering" + + prefix = "name-prefix" + local_network = "" + peer_network = "" + + module_depends_on = [module.peering-a-b.complete] +} +``` + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| export\_local\_custom\_routes | Export custom routes to peer network from local network. | bool | `"false"` | no | +| export\_peer\_custom\_routes | Export custom routes to local network from peer network. | bool | `"false"` | no | +| local\_network | Resource link of the network to add a peering to. | string | n/a | yes | +| module\_depends\_on | List of modules or resources this module depends on. | list | `` | no | +| peer\_network | Resource link of the peer network. | string | n/a | yes | +| prefix | Name prefix for the network peerings | string | `"network-peering"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| complete | Output to be used as a module dependency. | +| local\_network\_peering | Network peering resource. | +| peer\_network\_peering | Peer network peering resource. | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/network-peering/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/network-peering/main.tf new file mode 100644 index 000000000..722734b81 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/network-peering/main.tf @@ -0,0 +1,52 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + local_network_name = element(reverse(split("/", var.local_network)), 0) + peer_network_name = element(reverse(split("/", var.peer_network)), 0) +} + +resource "google_compute_network_peering" "local_network_peering" { + provider = "google-beta" + name = "${var.prefix}-${local.local_network_name}-${local.peer_network_name}" + network = var.local_network + peer_network = var.peer_network + export_custom_routes = var.export_local_custom_routes + import_custom_routes = var.export_peer_custom_routes + + depends_on = ["null_resource.module_depends_on"] +} + +resource "google_compute_network_peering" "peer_network_peering" { + provider = "google-beta" + name = "${var.prefix}-${local.peer_network_name}-${local.local_network_name}" + network = var.peer_network + peer_network = var.local_network + export_custom_routes = var.export_peer_custom_routes + import_custom_routes = var.export_local_custom_routes + + depends_on = ["null_resource.module_depends_on", "google_compute_network_peering.local_network_peering"] +} + +resource "null_resource" "module_depends_on" { + triggers = { + value = length(var.module_depends_on) + } +} + +resource "null_resource" "complete" { + depends_on = ["google_compute_network_peering.local_network_peering", "google_compute_network_peering.peer_network_peering"] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/network-peering/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/network-peering/outputs.tf new file mode 100644 index 000000000..2f7606226 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/network-peering/outputs.tf @@ -0,0 +1,30 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "local_network_peering" { + description = "Network peering resource." + value = google_compute_network_peering.local_network_peering +} + +output "peer_network_peering" { + description = "Peer network peering resource." + value = google_compute_network_peering.peer_network_peering +} + +output "complete" { + description = "Output to be used as a module dependency." + value = null_resource.complete.id +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/network-peering/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/network-peering/variables.tf new file mode 100644 index 000000000..b528440ff --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/network-peering/variables.tf @@ -0,0 +1,49 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "prefix" { + description = "Name prefix for the network peerings" + type = string + default = "network-peering" +} + +variable "local_network" { + description = "Resource link of the network to add a peering to." + type = string +} + +variable "peer_network" { + description = "Resource link of the peer network." + type = string +} + +variable "export_peer_custom_routes" { + description = "Export custom routes to local network from peer network." + type = bool + default = false +} + +variable "export_local_custom_routes" { + description = "Export custom routes to peer network from local network." + type = bool + default = false +} + +variable "module_depends_on" { + description = "List of modules or resources this module depends on." + type = list + default = [] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/network-peering/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/network-peering/versions.tf new file mode 100644 index 000000000..c1eedd7e1 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/network-peering/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" + required_providers { + google = "<4.0,>= 2.12" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/routes-beta/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/routes-beta/README.md new file mode 100644 index 000000000..058e3e468 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/routes-beta/README.md @@ -0,0 +1,91 @@ +# Terraform Network Beta Module + +This submodule is part of the the `terraform-google-network` module. It creates the individual vpc routes and optionally deletes the default internet gateway routes. + +It supports creating: + +- Routes within vpc network. +- Optionally deletes the default internet gateway routes. + +It also uses google beta provider to support the following resource fields: + +- google_compute_route.next_hop_ilb + +## Usage + +Basic usage of this submodule is as follows: + +```hcl +module "vpc" { + source = "terraform-google-modules/network/google//modules/routes-beta" + version = "~> 2.0.0" + + project_id = "" + network_name = "example-vpc" + + delete_default_internet_gateway_routes = false + + routes = [ + { + name = "egress-internet" + description = "route through IGW to access internet" + destination_range = "0.0.0.0/0" + tags = "egress-inet" + next_hop_internet = "true" + }, + { + name = "app-proxy" + description = "route through proxy to reach app" + destination_range = "10.50.10.0/24" + tags = "app-proxy" + next_hop_instance = "app-proxy-instance" + next_hop_instance_zone = "us-west1-a" + }, + { + name = "test-proxy" + description = "route through idp to reach app" + destination_range = "10.50.10.0/24" + tags = "app-proxy" + next_hop_ilb = var.ilb_link + }, + ] +} +``` + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| delete\_default\_internet\_gateway\_routes | If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted | string | `"false"` | no | +| module\_depends\_on | List of modules or resources this module depends on. | list | `` | no | +| network\_name | The name of the network where routes will be created | string | n/a | yes | +| project\_id | The ID of the project where the routes will be created | string | n/a | yes | +| routes | List of routes being created in this VPC | list(map(string)) | `` | no | +| routes\_count | Amount of routes being created in this VPC | number | `"0"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| routes | The created routes resources | + + + + +### Routes Input + +The routes list contains maps, where each object represents a route. For the next_hop_* inputs, only one is possible to be used in each route. Having two next_hop_* inputs will produce an error. Each map has the following inputs (please see examples folder for additional references): + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| name | The name of the route being created | string | - | no | +| description | The description of the route being created | string | - | no | +| tags | The network tags assigned to this route. This is a list in string format. Eg. "tag-01,tag-02"| string | - | yes | +| destination\_range | The destination range of outgoing packets that this route applies to. Only IPv4 is supported | string | - | yes +| next\_hop\_internet | Whether the next hop to this route will the default internet gateway. Use "true" to enable this as next hop | string | `"false"` | yes | +| next\_hop\_ip | Network IP address of an instance that should handle matching packets | string | - | yes | +| next\_hop\_instance | URL or name of an instance that should handle matching packets. If just name is specified "next\_hop\_instance\_zone" is required | string | - | yes | +| next\_hop\_instance\_zone | The zone of the instance specified in next\_hop\_instance. Only required if next\_hop\_instance is specified as a name | string | - | no | +| next\_hop\_vpn\_tunnel | URL to a VpnTunnel that should handle matching packets | string | - | yes | +| priority | The priority of this route. Priority is used to break ties in cases where there is more than one matching route of equal prefix length. In the case of two routes with equal prefix length, the one with the lowest-numbered priority value wins | string | `"1000"` | yes | diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/routes-beta/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/routes-beta/main.tf new file mode 100644 index 000000000..686bdf37a --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/routes-beta/main.tf @@ -0,0 +1,56 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/****************************************** + Routes + *****************************************/ +resource "google_compute_route" "route" { + provider = google-beta + count = var.routes_count + + project = var.project_id + network = var.network_name + + name = lookup(var.routes[count.index], "name", format("%s-%s-%d", lower(var.network_name), "route", count.index)) + description = lookup(var.routes[count.index], "description", null) + tags = compact(split(",", lookup(var.routes[count.index], "tags", ""))) + dest_range = lookup(var.routes[count.index], "destination_range", null) + next_hop_gateway = lookup(var.routes[count.index], "next_hop_internet", "false") == "true" ? "default-internet-gateway" : "" + next_hop_ip = lookup(var.routes[count.index], "next_hop_ip", null) + next_hop_instance = lookup(var.routes[count.index], "next_hop_instance", null) + next_hop_instance_zone = lookup(var.routes[count.index], "next_hop_instance_zone", null) + next_hop_vpn_tunnel = lookup(var.routes[count.index], "next_hop_vpn_tunnel", null) + next_hop_ilb = lookup(var.routes[count.index], "next_hop_ilb", null) + priority = lookup(var.routes[count.index], "priority", null) + + depends_on = [var.module_depends_on] +} + +resource "null_resource" "delete_default_internet_gateway_routes" { + count = var.delete_default_internet_gateway_routes ? 1 : 0 + + provisioner "local-exec" { + command = "${path.module}/scripts/delete-default-gateway-routes.sh ${var.project_id} ${var.network_name}" + } + + triggers = { + number_of_routes = length(var.routes) + } + + depends_on = [ + google_compute_route.route, + ] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/routes-beta/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/routes-beta/outputs.tf new file mode 100644 index 000000000..0f672ec67 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/routes-beta/outputs.tf @@ -0,0 +1,20 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "routes" { + value = google_compute_route.route + description = "The created routes resources" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/routes-beta/scripts/delete-default-gateway-routes.sh b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/routes-beta/scripts/delete-default-gateway-routes.sh new file mode 100644 index 000000000..8366d5064 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/routes-beta/scripts/delete-default-gateway-routes.sh @@ -0,0 +1,48 @@ +#!/bin/bash +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +set -e + +if [ -n "${GOOGLE_APPLICATION_CREDENTIALS}" ]; then + export CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE=${GOOGLE_APPLICATION_CREDENTIALS} +fi + +PROJECT_ID=$1 +NETWORK_ID=$2 +FILTERED_ROUTES=$(gcloud compute routes list \ + --project="${PROJECT_ID}" \ + --format="value(name)" \ + --filter=" \ + nextHopGateway:(https://www.googleapis.com/compute/v1/projects/${PROJECT_ID}/global/gateways/default-internet-gateway) \ + AND network:(https://www.googleapis.com/compute/v1/projects/${PROJECT_ID}/global/networks/${NETWORK_ID}) \ + AND name~^default-route \ + " +) + +function delete_internet_gateway_routes { + local routes="${1}" + echo "${routes}" | while read -r line; do + echo "Deleting route ${line}..." + gcloud compute routes delete "${line}" --quiet --project="${PROJECT_ID}" + done +} + +if [ -n "${FILTERED_ROUTES}" ]; then + delete_internet_gateway_routes "${FILTERED_ROUTES}" +else + echo "Default internet gateway route(s) not found; exiting..." +fi + diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/routes-beta/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/routes-beta/variables.tf new file mode 100644 index 000000000..989db81a8 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/routes-beta/variables.tf @@ -0,0 +1,46 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The ID of the project where the routes will be created" +} + +variable "network_name" { + description = "The name of the network where routes will be created" +} + +variable "routes" { + type = list(map(string)) + description = "List of routes being created in this VPC" + default = [] +} + +variable "routes_count" { + type = number + description = "Amount of routes being created in this VPC" + default = 0 +} + +variable "delete_default_internet_gateway_routes" { + description = "If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted" + default = "false" +} + +variable "module_depends_on" { + description = "List of modules or resources this module depends on." + type = list + default = [] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/routes-beta/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/routes-beta/versions.tf new file mode 100644 index 000000000..fe58b3536 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/routes-beta/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" + required_providers { + google-beta = "~> 2.19.0" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/routes/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/routes/README.md new file mode 100644 index 000000000..8051ac5de --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/routes/README.md @@ -0,0 +1,79 @@ +# Terraform Network Module + +This submodule is part of the the `terraform-google-network` module. It creates the individual vpc routes and optionally deletes the default internet gateway routes. + +It supports creating: + +- Routes within vpc network. +- Optionally deletes the default internet gateway routes. + +## Usage + +Basic usage of this submodule is as follows: + +```hcl +module "vpc" { + source = "terraform-google-modules/network/google//modules/routes" + version = "~> 2.0.0" + + project_id = "" + network_name = "example-vpc" + + delete_default_internet_gateway_routes = false + + routes = [ + { + name = "egress-internet" + description = "route through IGW to access internet" + destination_range = "0.0.0.0/0" + tags = "egress-inet" + next_hop_internet = "true" + }, + { + name = "app-proxy" + description = "route through proxy to reach app" + destination_range = "10.50.10.0/24" + tags = "app-proxy" + next_hop_instance = "app-proxy-instance" + next_hop_instance_zone = "us-west1-a" + }, + ] +} +``` + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| delete\_default\_internet\_gateway\_routes | If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted | string | `"false"` | no | +| module\_depends\_on | List of modules or resources this module depends on. | list | `` | no | +| network\_name | The name of the network where routes will be created | string | n/a | yes | +| project\_id | The ID of the project where the routes will be created | string | n/a | yes | +| routes | List of routes being created in this VPC | list(map(string)) | `` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| routes | The created routes resources | + + + + +### Routes Input + +The routes list contains maps, where each object represents a route. For the next_hop_* inputs, only one is possible to be used in each route. Having two next_hop_* inputs will produce an error. Each map has the following inputs (please see examples folder for additional references): + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| name | The name of the route being created | string | - | no | +| description | The description of the route being created | string | - | no | +| tags | The network tags assigned to this route. This is a list in string format. Eg. "tag-01,tag-02"| string | - | yes | +| destination\_range | The destination range of outgoing packets that this route applies to. Only IPv4 is supported | string | - | yes +| next\_hop\_internet | Whether the next hop to this route will the default internet gateway. Use "true" to enable this as next hop | string | `"false"` | yes | +| next\_hop\_ip | Network IP address of an instance that should handle matching packets | string | - | yes | +| next\_hop\_instance | URL or name of an instance that should handle matching packets. If just name is specified "next\_hop\_instance\_zone" is required | string | - | yes | +| next\_hop\_instance\_zone | The zone of the instance specified in next\_hop\_instance. Only required if next\_hop\_instance is specified as a name | string | - | no | +| next\_hop\_vpn\_tunnel | URL to a VpnTunnel that should handle matching packets | string | - | yes | +| priority | The priority of this route. Priority is used to break ties in cases where there is more than one matching route of equal prefix length. In the case of two routes with equal prefix length, the one with the lowest-numbered priority value wins | string | `"1000"` | yes | diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/routes/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/routes/main.tf new file mode 100644 index 000000000..839e307a6 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/routes/main.tf @@ -0,0 +1,61 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + routes = { + for i, route in var.routes : + lookup(route, "name", format("%s-%s-%d", lower(var.network_name), "route", i)) => route + } +} + +/****************************************** + Routes + *****************************************/ +resource "google_compute_route" "route" { + for_each = local.routes + + project = var.project_id + network = var.network_name + + name = each.key + description = lookup(each.value, "description", null) + tags = compact(split(",", lookup(each.value, "tags", ""))) + dest_range = lookup(each.value, "destination_range", null) + next_hop_gateway = lookup(each.value, "next_hop_internet", "false") == "true" ? "default-internet-gateway" : null + next_hop_ip = lookup(each.value, "next_hop_ip", null) + next_hop_instance = lookup(each.value, "next_hop_instance", null) + next_hop_instance_zone = lookup(each.value, "next_hop_instance_zone", null) + next_hop_vpn_tunnel = lookup(each.value, "next_hop_vpn_tunnel", null) + priority = lookup(each.value, "priority", null) + + depends_on = [var.module_depends_on] +} + +resource "null_resource" "delete_default_internet_gateway_routes" { + count = var.delete_default_internet_gateway_routes ? 1 : 0 + + provisioner "local-exec" { + command = "${path.module}/scripts/delete-default-gateway-routes.sh ${var.project_id} ${var.network_name}" + } + + triggers = { + number_of_routes = length(var.routes) + } + + depends_on = [ + google_compute_route.route, + ] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/routes/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/routes/outputs.tf new file mode 100644 index 000000000..0f672ec67 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/routes/outputs.tf @@ -0,0 +1,20 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "routes" { + value = google_compute_route.route + description = "The created routes resources" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/routes/scripts/delete-default-gateway-routes.sh b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/routes/scripts/delete-default-gateway-routes.sh new file mode 100755 index 000000000..8366d5064 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/routes/scripts/delete-default-gateway-routes.sh @@ -0,0 +1,48 @@ +#!/bin/bash +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +set -e + +if [ -n "${GOOGLE_APPLICATION_CREDENTIALS}" ]; then + export CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE=${GOOGLE_APPLICATION_CREDENTIALS} +fi + +PROJECT_ID=$1 +NETWORK_ID=$2 +FILTERED_ROUTES=$(gcloud compute routes list \ + --project="${PROJECT_ID}" \ + --format="value(name)" \ + --filter=" \ + nextHopGateway:(https://www.googleapis.com/compute/v1/projects/${PROJECT_ID}/global/gateways/default-internet-gateway) \ + AND network:(https://www.googleapis.com/compute/v1/projects/${PROJECT_ID}/global/networks/${NETWORK_ID}) \ + AND name~^default-route \ + " +) + +function delete_internet_gateway_routes { + local routes="${1}" + echo "${routes}" | while read -r line; do + echo "Deleting route ${line}..." + gcloud compute routes delete "${line}" --quiet --project="${PROJECT_ID}" + done +} + +if [ -n "${FILTERED_ROUTES}" ]; then + delete_internet_gateway_routes "${FILTERED_ROUTES}" +else + echo "Default internet gateway route(s) not found; exiting..." +fi + diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/routes/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/routes/variables.tf new file mode 100644 index 000000000..8eed495ff --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/routes/variables.tf @@ -0,0 +1,40 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The ID of the project where the routes will be created" +} + +variable "network_name" { + description = "The name of the network where routes will be created" +} + +variable "routes" { + type = list(map(string)) + description = "List of routes being created in this VPC" + default = [] +} + +variable "delete_default_internet_gateway_routes" { + description = "If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted" + default = "false" +} + +variable "module_depends_on" { + description = "List of modules or resources this module depends on." + type = list + default = [] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/routes/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/routes/versions.tf new file mode 100644 index 000000000..c1eedd7e1 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/routes/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" + required_providers { + google = "<4.0,>= 2.12" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/subnets-beta/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/subnets-beta/README.md new file mode 100644 index 000000000..e1fc71574 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/subnets-beta/README.md @@ -0,0 +1,95 @@ +# Terraform Network Beta Module + +This submodule is part of the the `terraform-google-network` module. It creates the individual vpc subnets. + +It supports creating: + +- Subnets within vpc network. + +It also uses google beta provider to support the following resource fields: + +- google_compute_subnetwork.purpose +- google_compute_subnetwork.role + +## Usage + +Basic usage of this submodule is as follows: + +```hcl +module "vpc" { + source = "terraform-google-modules/network/google//modules/subnets-beta" + version = "~> 2.0.0" + + project_id = "" + network_name = "example-vpc" + + subnets = [ + { + subnet_name = "subnet-01" + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + subnet_name = "subnet-02" + subnet_ip = "10.10.20.0/24" + subnet_region = "us-west1" + subnet_private_access = "true" + subnet_flow_logs = "true" + description = "This subnet has a description" + purpose = "INTERNAL_HTTPS_LOAD_BALANCER" + role = "ACTIVE" + }, + { + subnet_name = "subnet-03" + subnet_ip = "10.10.30.0/24" + subnet_region = "us-west1" + subnet_flow_logs = "true" + subnet_flow_logs_interval = "INTERVAL_10_MIN" + subnet_flow_logs_sampling = 0.7 + subnet_flow_logs_metadata = "INCLUDE_ALL_METADATA" + } + ] + + secondary_ranges = { + subnet-01 = [ + { + range_name = "subnet-01-secondary-01" + ip_cidr_range = "192.168.64.0/24" + }, + ] + + subnet-02 = [] + } +} +``` + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| module\_depends\_on | List of modules or resources this module depends on. | list | `` | no | +| network\_name | The name of the network where subnets will be created | string | n/a | yes | +| project\_id | The ID of the project where subnets will be created | string | n/a | yes | +| secondary\_ranges | Secondary ranges that will be used in some of the subnets | object | `` | no | +| subnets | The list of subnets being created | list(map(string)) | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| subnets | The created subnet resources | + + + +### Subnet Inputs + +The subnets list contains maps, where each object represents a subnet. Each map has the following inputs (please see examples folder for additional references): + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| subnet\_name | The name of the subnet being created | string | - | yes | +| subnet\_ip | The IP and CIDR range of the subnet being created | string | - | yes | +| subnet\_region | The region where the subnet will be created | string | - | yes | +| subnet\_private\_access | Whether this subnet will have private Google access enabled | string | `"false"` | no | +| subnet\_flow\_logs | Whether the subnet will record and send flow log data to logging | string | `"false"` | no | diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/subnets-beta/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/subnets-beta/main.tf new file mode 100644 index 000000000..4bd88613c --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/subnets-beta/main.tf @@ -0,0 +1,65 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + subnets = { + for x in var.subnets : + "${x.subnet_region}/${x.subnet_name}" => x + } +} + + +/****************************************** + Subnet configuration + *****************************************/ +resource "google_compute_subnetwork" "subnetwork" { + provider = google-beta + for_each = local.subnets + name = each.value.subnet_name + ip_cidr_range = each.value.subnet_ip + region = each.value.subnet_region + private_ip_google_access = lookup(each.value, "subnet_private_access", "false") + dynamic "log_config" { + for_each = lookup(each.value, "subnet_flow_logs", false) ? [{ + aggregation_interval = lookup(each.value, "subnet_flow_logs_interval", null) + flow_sampling = lookup(each.value, "subnet_flow_logs_sampling", null) + metadata = lookup(each.value, "subnet_flow_logs_metadata", null) + }] : [] + content { + aggregation_interval = log_config.value.aggregation_interval + flow_sampling = log_config.value.flow_sampling + metadata = log_config.value.metadata + } + } + network = var.network_name + project = var.project_id + description = lookup(each.value, "description", null) + secondary_ip_range = [ + for i in range( + length( + contains( + keys(var.secondary_ranges), each.value.subnet_name) == true + ? var.secondary_ranges[each.value.subnet_name] + : [] + )) : + var.secondary_ranges[each.value.subnet_name][i] + ] + + purpose = lookup(each.value, "purpose", null) + role = lookup(each.value, "role", null) + + depends_on = [var.module_depends_on] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/subnets-beta/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/subnets-beta/outputs.tf new file mode 100644 index 000000000..6ba07eb1e --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/subnets-beta/outputs.tf @@ -0,0 +1,20 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "subnets" { + value = google_compute_subnetwork.subnetwork + description = "The created subnet resources" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/subnets-beta/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/subnets-beta/variables.tf new file mode 100644 index 000000000..a356b4afd --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/subnets-beta/variables.tf @@ -0,0 +1,40 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The ID of the project where subnets will be created" +} + +variable "network_name" { + description = "The name of the network where subnets will be created" +} + +variable "subnets" { + type = list(map(string)) + description = "The list of subnets being created" +} + +variable "secondary_ranges" { + type = map(list(object({ range_name = string, ip_cidr_range = string }))) + description = "Secondary ranges that will be used in some of the subnets" + default = {} +} + +variable "module_depends_on" { + description = "List of modules or resources this module depends on." + type = list + default = [] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/subnets-beta/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/subnets-beta/versions.tf new file mode 100644 index 000000000..fe58b3536 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/subnets-beta/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" + required_providers { + google-beta = "~> 2.19.0" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/subnets/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/subnets/README.md new file mode 100644 index 000000000..ab2830ee1 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/subnets/README.md @@ -0,0 +1,90 @@ +# Terraform Network Module + +This submodule is part of the the `terraform-google-network` module. It creates the individual vpc subnets. + +It supports creating: + +- Subnets within vpc network. + +## Usage + +Basic usage of this submodule is as follows: + +```hcl +module "vpc" { + source = "terraform-google-modules/network/google//modules/subnets" + version = "~> 2.0.0" + + project_id = "" + network_name = "example-vpc" + + subnets = [ + { + subnet_name = "subnet-01" + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + subnet_name = "subnet-02" + subnet_ip = "10.10.20.0/24" + subnet_region = "us-west1" + subnet_private_access = "true" + subnet_flow_logs = "true" + description = "This subnet has a description" + }, + { + subnet_name = "subnet-03" + subnet_ip = "10.10.30.0/24" + subnet_region = "us-west1" + subnet_flow_logs = "true" + subnet_flow_logs_interval = "INTERVAL_10_MIN" + subnet_flow_logs_sampling = 0.7 + subnet_flow_logs_metadata = "INCLUDE_ALL_METADATA" + } + ] + + secondary_ranges = { + subnet-01 = [ + { + range_name = "subnet-01-secondary-01" + ip_cidr_range = "192.168.64.0/24" + }, + ] + + subnet-02 = [] + } +} +``` + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| network\_name | The name of the network where subnets will be created | string | n/a | yes | +| project\_id | The ID of the project where subnets will be created | string | n/a | yes | +| secondary\_ranges | Secondary ranges that will be used in some of the subnets | object | `` | no | +| subnets | The list of subnets being created | list(map(string)) | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| subnets | The created subnet resources | + + + +### Subnet Inputs + +The subnets list contains maps, where each object represents a subnet. Each map has the following inputs (please see examples folder for additional references): + +| Name | Description | Type | Default | Required | +| ---------------------------- | --------------------------------------------------------------------------------------------------------------- | :----: | :----------------------: | :------: | +| subnet\_name | The name of the subnet being created | string | - | yes | +| subnet\_ip | The IP and CIDR range of the subnet being created | string | - | yes | +| subnet\_region | The region where the subnet will be created | string | - | yes | +| subnet\_private\_access | Whether this subnet will have private Google access enabled | string | `"false"` | no | +| subnet\_flow\_logs | Whether the subnet will record and send flow log data to logging | string | `"false"` | no | +| subnet\_flow\_logs\_interval | If subnet\_flow\_logs is true, sets the aggregation interval for collecting flow logs | string | `"INTERVAL_5_SEC"` | no | +| subnet\_flow\_logs\_sampling | If subnet\_flow\_logs is true, set the sampling rate of VPC flow logs within the subnetwork | string | `"0.5"` | no | +| subnet\_flow\_logs\_metadata | If subnet\_flow\_logs is true, configures whether metadata fields should be added to the reported VPC flow logs | string | `"INCLUDE_ALL_METADATA"` | no | diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/subnets/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/subnets/main.tf new file mode 100644 index 000000000..b9df248b6 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/subnets/main.tf @@ -0,0 +1,59 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + subnets = { + for x in var.subnets : + "${x.subnet_region}/${x.subnet_name}" => x + } +} + + +/****************************************** + Subnet configuration + *****************************************/ +resource "google_compute_subnetwork" "subnetwork" { + for_each = local.subnets + name = each.value.subnet_name + ip_cidr_range = each.value.subnet_ip + region = each.value.subnet_region + private_ip_google_access = lookup(each.value, "subnet_private_access", "false") + dynamic "log_config" { + for_each = lookup(each.value, "subnet_flow_logs", false) ? [{ + aggregation_interval = lookup(each.value, "subnet_flow_logs_interval", "INTERVAL_5_SEC") + flow_sampling = lookup(each.value, "subnet_flow_logs_sampling", "0.5") + metadata = lookup(each.value, "subnet_flow_logs_metadata", "INCLUDE_ALL_METADATA") + }] : [] + content { + aggregation_interval = log_config.value.aggregation_interval + flow_sampling = log_config.value.flow_sampling + metadata = log_config.value.metadata + } + } + network = var.network_name + project = var.project_id + description = lookup(each.value, "description", null) + secondary_ip_range = [ + for i in range( + length( + contains( + keys(var.secondary_ranges), each.value.subnet_name) == true + ? var.secondary_ranges[each.value.subnet_name] + : [] + )) : + var.secondary_ranges[each.value.subnet_name][i] + ] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/subnets/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/subnets/outputs.tf new file mode 100644 index 000000000..6ba07eb1e --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/subnets/outputs.tf @@ -0,0 +1,20 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "subnets" { + value = google_compute_subnetwork.subnetwork + description = "The created subnet resources" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/subnets/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/subnets/variables.tf new file mode 100644 index 000000000..84d7b0992 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/subnets/variables.tf @@ -0,0 +1,34 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The ID of the project where subnets will be created" +} + +variable "network_name" { + description = "The name of the network where subnets will be created" +} + +variable "subnets" { + type = list(map(string)) + description = "The list of subnets being created" +} + +variable "secondary_ranges" { + type = map(list(object({ range_name = string, ip_cidr_range = string }))) + description = "Secondary ranges that will be used in some of the subnets" + default = {} +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/subnets/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/subnets/versions.tf new file mode 100644 index 000000000..c1eedd7e1 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/subnets/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" + required_providers { + google = "<4.0,>= 2.12" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/vpc/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/vpc/README.md new file mode 100644 index 000000000..cae59d021 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/vpc/README.md @@ -0,0 +1,46 @@ +# Terraform Network Module + +This submodule is part of the the `terraform-google-network` module. It creates a vpc network and optionally enables it as a Shared VPC host project. + +It supports creating: + +- A VPC Network +- Optionally enabling the network as a Shared VPC host + +## Usage + +Basic usage of this submodule is as follows: + +```hcl +module "vpc" { + source = "terraform-google-modules/network/google//modules/vpc" + version = "~> 2.0.0" + + project_id = "" + network_name = "example-vpc" + + shared_vpc_host = false +``` + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| auto\_create\_subnetworks | When set to true, the network is created in 'auto subnet mode' and it will create a subnet for each region automatically across the 10.128.0.0/9 address range. When set to false, the network is created in 'custom subnet mode' so the user can explicitly connect subnetwork resources. | bool | `"false"` | no | +| description | An optional description of this resource. The resource must be recreated to modify this field. | string | `""` | no | +| network\_name | The name of the network being created | string | n/a | yes | +| project\_id | The ID of the project where this VPC will be created | string | n/a | yes | +| routing\_mode | The network routing mode (default 'GLOBAL') | string | `"GLOBAL"` | no | +| shared\_vpc\_host | Makes this project a Shared VPC host if 'true' (default 'false') | bool | `"false"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| network | The VPC resource being created | +| network\_name | The name of the VPC being created | +| network\_self\_link | The URI of the VPC being created | +| project\_id | VPC project id | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/vpc/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/vpc/main.tf new file mode 100644 index 000000000..557037938 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/vpc/main.tf @@ -0,0 +1,35 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/****************************************** + VPC configuration + *****************************************/ +resource "google_compute_network" "network" { + name = var.network_name + auto_create_subnetworks = var.auto_create_subnetworks + routing_mode = var.routing_mode + project = var.project_id + description = var.description +} + +/****************************************** + Shared VPC + *****************************************/ +resource "google_compute_shared_vpc_host_project" "shared_vpc_host" { + count = var.shared_vpc_host ? 1 : 0 + project = var.project_id + depends_on = [google_compute_network.network] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/vpc/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/vpc/outputs.tf new file mode 100644 index 000000000..19c9e83e5 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/vpc/outputs.tf @@ -0,0 +1,35 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "network" { + value = google_compute_network.network + description = "The VPC resource being created" +} + +output "network_name" { + value = google_compute_network.network.name + description = "The name of the VPC being created" +} + +output "network_self_link" { + value = google_compute_network.network.self_link + description = "The URI of the VPC being created" +} + +output "project_id" { + value = var.shared_vpc_host ? google_compute_shared_vpc_host_project.shared_vpc_host.*.project[0] : google_compute_network.network.project + description = "VPC project id" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/vpc/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/vpc/variables.tf new file mode 100644 index 000000000..a96751c41 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/vpc/variables.tf @@ -0,0 +1,47 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The ID of the project where this VPC will be created" +} + +variable "network_name" { + description = "The name of the network being created" +} + +variable "routing_mode" { + type = string + default = "GLOBAL" + description = "The network routing mode (default 'GLOBAL')" +} + +variable "shared_vpc_host" { + type = bool + description = "Makes this project a Shared VPC host if 'true' (default 'false')" + default = false +} + +variable "description" { + type = string + description = "An optional description of this resource. The resource must be recreated to modify this field." + default = "" +} + +variable "auto_create_subnetworks" { + type = bool + description = "When set to true, the network is created in 'auto subnet mode' and it will create a subnet for each region automatically across the 10.128.0.0/9 address range. When set to false, the network is created in 'custom subnet mode' so the user can explicitly connect subnetwork resources." + default = false +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/vpc/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/vpc/versions.tf new file mode 100644 index 000000000..c1eedd7e1 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/modules/vpc/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" + required_providers { + google = "<4.0,>= 2.12" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/outputs.tf new file mode 100644 index 000000000..422bd4c06 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/outputs.tf @@ -0,0 +1,80 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "network" { + value = module.vpc + description = "The created network" +} + +output "subnets" { + value = module.subnets.subnets + description = "A map with keys of form subnet_region/subnet_name and values being the outputs of the google_compute_subnetwork resources used to create corresponding subnets." +} + +output "network_name" { + value = module.vpc.network_name + description = "The name of the VPC being created" +} + +output "network_self_link" { + value = module.vpc.network_self_link + description = "The URI of the VPC being created" +} + +output "project_id" { + value = module.vpc.project_id + description = "VPC project id" +} + +output "subnets_names" { + value = [for network in module.subnets.subnets : network.name] + description = "The names of the subnets being created" +} + +output "subnets_ips" { + value = [for network in module.subnets.subnets : network.ip_cidr_range] + description = "The IPs and CIDRs of the subnets being created" +} + +output "subnets_self_links" { + value = [for network in module.subnets.subnets : network.self_link] + description = "The self-links of subnets being created" +} + +output "subnets_regions" { + value = [for network in module.subnets.subnets : network.region] + description = "The region where the subnets will be created" +} + +output "subnets_private_access" { + value = [for network in module.subnets.subnets : network.private_ip_google_access] + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "subnets_flow_logs" { + value = [for network in module.subnets.subnets : length(network.log_config) != 0 ? true : false] + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "subnets_secondary_ranges" { + value = [for network in module.subnets.subnets : network.secondary_ip_range] + description = "The secondary ranges associated with these subnets" +} + +output "route_names" { + value = [for route in module.routes.routes : route.name] + description = "The route names associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/all_examples/test_output.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/all_examples/test_output.tf new file mode 100644 index 000000000..456f4e14b --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/all_examples/test_output.tf @@ -0,0 +1,23 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// These outputs are used to test the module with inspec +// They do not need to be included in real-world uses of this module + +output "project_id" { + value = var.project_id + description = "The ID of the project to which resources are applied." +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/all_examples/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/all_examples/variables.tf new file mode 100644 index 000000000..c8b58be2b --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/all_examples/variables.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to deploy to" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/main.tf new file mode 100644 index 000000000..cf8dc5d18 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/main.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + network_name = "delete-gw-routes-${var.random_string_for_testing}" +} + +module "example" { + source = "../../../examples/delete_default_gateway_routes" + project_id = var.project_id + network_name = local.network_name +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/outputs.tf new file mode 100644 index 000000000..68e9e0763 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/outputs.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = var.project_id + description = "The ID of the project being used" +} + +output "network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/route.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/route.tf new file mode 100644 index 000000000..f4e72517c --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/route.tf @@ -0,0 +1,30 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# This fixture defines a default internet gateway route that DOESN'T start +# with 'default-route' to test the behavior of the script that deletes +# the default internet gateway routes. + +resource "google_compute_route" "alternative_gateway" { + project = var.project_id + network = module.example.network_name + + name = "alternative-gateway-route" + description = "Alternative gateway route" + dest_range = "0.0.0.0/0" + tags = ["egress-inet"] + next_hop_gateway = "default-internet-gateway" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/variables.tf new file mode 100644 index 000000000..4372ddee8 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/variables.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} + +variable "random_string_for_testing" { + description = "A random string of characters to be appended to resource names to ensure uniqueness" + default = "a1" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/ilb_routing/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/ilb_routing/main.tf new file mode 100644 index 000000000..9dfdf06c4 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/ilb_routing/main.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + network_name = "ilb-routing-${var.random_string_for_testing}" +} + +module "example" { + source = "../../../examples/ilb_routing" + project_id = var.project_id + network_name = local.network_name +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/ilb_routing/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/ilb_routing/outputs.tf new file mode 100644 index 000000000..8add5ef0a --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/ilb_routing/outputs.tf @@ -0,0 +1,60 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = var.project_id + description = "The ID of the project being used" +} + +output "network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_self_link" { + value = module.example.network_self_link + description = "The URI of the VPC being created" +} + +output "output_subnets_names" { + value = module.example.subnets_names + description = "The names of the subnets being created" +} + +output "output_subnets_ips" { + value = module.example.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "output_subnets_regions" { + value = module.example.subnets_regions + description = "The region where subnets will be created" +} + +output "output_routes" { + value = module.example.route_names + description = "The route names associated with this VPC" +} + +output "forwarding_rule" { + value = module.example.forwarding_rule + description = "Forwarding rule link" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/ilb_routing/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/ilb_routing/variables.tf new file mode 100644 index 000000000..4372ddee8 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/ilb_routing/variables.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} + +variable "random_string_for_testing" { + description = "A random string of characters to be appended to resource names to ensure uniqueness" + default = "a1" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/multi_vpc/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/multi_vpc/main.tf new file mode 100644 index 000000000..400a00d34 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/multi_vpc/main.tf @@ -0,0 +1,26 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +locals { + network_01_name = "multi-vpc-${var.random_string_for_testing}-01" + network_02_name = "multi-vpc-${var.random_string_for_testing}-02" +} + +module "example" { + source = "../../../examples/multi_vpc" + project_id = var.project_id + network_01_name = local.network_01_name + network_02_name = local.network_02_name +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/multi_vpc/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/multi_vpc/outputs.tf new file mode 100644 index 000000000..582ee04dc --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/multi_vpc/outputs.tf @@ -0,0 +1,30 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = var.project_id + description = "The ID of the project being used" +} + +output "network_01_name" { + value = local.network_01_name + description = "The name of the VPC network-01" +} + +output "network_02_name" { + value = local.network_02_name + description = "The name of the VPC network-01" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/multi_vpc/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/multi_vpc/variables.tf new file mode 100644 index 000000000..4372ddee8 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/multi_vpc/variables.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} + +variable "random_string_for_testing" { + description = "A random string of characters to be appended to resource names to ensure uniqueness" + default = "a1" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/secondary_ranges/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/secondary_ranges/main.tf new file mode 100644 index 000000000..39c3036b4 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/secondary_ranges/main.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + network_name = "secondary-ranges-${var.random_string_for_testing}" +} + +module "example" { + source = "../../../examples/secondary_ranges" + project_id = var.project_id + network_name = local.network_name +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/secondary_ranges/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/secondary_ranges/outputs.tf new file mode 100644 index 000000000..651f0e000 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/secondary_ranges/outputs.tf @@ -0,0 +1,70 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = var.project_id + description = "The ID of the project being used" +} + +output "network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_self_link" { + value = module.example.network_self_link + description = "The URI of the VPC being created" +} + +output "output_subnets_names" { + value = module.example.subnets_names + description = "The names of the subnets being created" +} + +output "output_subnets_ips" { + value = module.example.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "output_subnets_regions" { + value = module.example.subnets_regions + description = "The region where subnets will be created" +} + +output "output_subnets_private_access" { + value = module.example.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "output_subnets_flow_logs" { + value = module.example.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "output_subnets_secondary_ranges" { + value = module.example.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets" +} + +output "output_routes" { + value = module.example.route_names + description = "The route names associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/secondary_ranges/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/secondary_ranges/variables.tf new file mode 100644 index 000000000..4372ddee8 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/secondary_ranges/variables.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} + +variable "random_string_for_testing" { + description = "A random string of characters to be appended to resource names to ensure uniqueness" + default = "a1" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/simple_project/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/simple_project/main.tf new file mode 100644 index 000000000..20facc00a --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/simple_project/main.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + network_name = "simple-project-${var.random_string_for_testing}" +} + +module "example" { + source = "../../../examples/simple_project" + project_id = var.project_id + network_name = local.network_name +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/simple_project/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/simple_project/outputs.tf new file mode 100644 index 000000000..651f0e000 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/simple_project/outputs.tf @@ -0,0 +1,70 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = var.project_id + description = "The ID of the project being used" +} + +output "network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_self_link" { + value = module.example.network_self_link + description = "The URI of the VPC being created" +} + +output "output_subnets_names" { + value = module.example.subnets_names + description = "The names of the subnets being created" +} + +output "output_subnets_ips" { + value = module.example.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "output_subnets_regions" { + value = module.example.subnets_regions + description = "The region where subnets will be created" +} + +output "output_subnets_private_access" { + value = module.example.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "output_subnets_flow_logs" { + value = module.example.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "output_subnets_secondary_ranges" { + value = module.example.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets" +} + +output "output_routes" { + value = module.example.route_names + description = "The route names associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/simple_project/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/simple_project/variables.tf new file mode 100644 index 000000000..4372ddee8 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/simple_project/variables.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} + +variable "random_string_for_testing" { + description = "A random string of characters to be appended to resource names to ensure uniqueness" + default = "a1" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/simple_project_with_regional_network/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/simple_project_with_regional_network/main.tf new file mode 100644 index 000000000..5853c6b91 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/simple_project_with_regional_network/main.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + network_name = "simple-regional-${var.random_string_for_testing}" +} + +module "example" { + source = "../../../examples/simple_project_with_regional_network" + project_id = var.project_id + network_name = local.network_name +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/simple_project_with_regional_network/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/simple_project_with_regional_network/outputs.tf new file mode 100644 index 000000000..651f0e000 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/simple_project_with_regional_network/outputs.tf @@ -0,0 +1,70 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = var.project_id + description = "The ID of the project being used" +} + +output "network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_self_link" { + value = module.example.network_self_link + description = "The URI of the VPC being created" +} + +output "output_subnets_names" { + value = module.example.subnets_names + description = "The names of the subnets being created" +} + +output "output_subnets_ips" { + value = module.example.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "output_subnets_regions" { + value = module.example.subnets_regions + description = "The region where subnets will be created" +} + +output "output_subnets_private_access" { + value = module.example.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "output_subnets_flow_logs" { + value = module.example.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "output_subnets_secondary_ranges" { + value = module.example.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets" +} + +output "output_routes" { + value = module.example.route_names + description = "The route names associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/simple_project_with_regional_network/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/simple_project_with_regional_network/variables.tf new file mode 100644 index 000000000..4372ddee8 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/simple_project_with_regional_network/variables.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} + +variable "random_string_for_testing" { + description = "A random string of characters to be appended to resource names to ensure uniqueness" + default = "a1" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/submodule_firewall/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/submodule_firewall/main.tf new file mode 100644 index 000000000..398efe434 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/submodule_firewall/main.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + network_name = "submodule-firewall-${var.random_string_for_testing}" +} + +module "example" { + source = "../../../examples/submodule_firewall" + project_id = var.project_id + network_name = local.network_name +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/submodule_firewall/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/submodule_firewall/outputs.tf new file mode 100644 index 000000000..651f0e000 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/submodule_firewall/outputs.tf @@ -0,0 +1,70 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = var.project_id + description = "The ID of the project being used" +} + +output "network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_self_link" { + value = module.example.network_self_link + description = "The URI of the VPC being created" +} + +output "output_subnets_names" { + value = module.example.subnets_names + description = "The names of the subnets being created" +} + +output "output_subnets_ips" { + value = module.example.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "output_subnets_regions" { + value = module.example.subnets_regions + description = "The region where subnets will be created" +} + +output "output_subnets_private_access" { + value = module.example.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "output_subnets_flow_logs" { + value = module.example.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "output_subnets_secondary_ranges" { + value = module.example.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets" +} + +output "output_routes" { + value = module.example.route_names + description = "The route names associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/submodule_firewall/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/submodule_firewall/variables.tf new file mode 100644 index 000000000..4372ddee8 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/submodule_firewall/variables.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} + +variable "random_string_for_testing" { + description = "A random string of characters to be appended to resource names to ensure uniqueness" + default = "a1" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/submodule_network_peering/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/submodule_network_peering/main.tf new file mode 100644 index 000000000..b3c459e0e --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/submodule_network_peering/main.tf @@ -0,0 +1,20 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +module "peerings" { + source = "../../../examples/submodule_network_peering" + project_id = var.project_id +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/submodule_network_peering/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/submodule_network_peering/outputs.tf new file mode 100644 index 000000000..13fb41f55 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/submodule_network_peering/outputs.tf @@ -0,0 +1,23 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = var.project_id +} + +output "peerings" { + value = module.peerings +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/submodule_network_peering/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/submodule_network_peering/variables.tf new file mode 100644 index 000000000..89e4e5786 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/fixtures/submodule_network_peering/variables.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/delete_default_gateway_routes/controls/gcloud.rb b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/delete_default_gateway_routes/controls/gcloud.rb new file mode 100644 index 000000000..d59bdad86 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/delete_default_gateway_routes/controls/gcloud.rb @@ -0,0 +1,45 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') + +control "gcloud" do + title "gcloud configuration" + + # Verify that no routes whose names begin with 'default-route' and whose + # nextHopGateway is the default-internet-gateway exist + describe command("gcloud compute routes list --project=#{project_id} --filter=\"nextHopGateway:https://www.googleapis.com/compute/v1/projects/#{project_id}/global/gateways/default-internet-gateway AND network:https://www.googleapis.com/compute/v1/projects/#{project_id}/global/networks/#{network_name}\" --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "routes" do + it "should only be one" do + expect(data.length).to eq 1 + end + + it "should not begin with 'default-route'" do + expect(data.first["name"]).not_to match(/^default-route/) + end + end + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/delete_default_gateway_routes/inspec.yml b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/delete_default_gateway_routes/inspec.yml new file mode 100644 index 000000000..0b5e75e3d --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/delete_default_gateway_routes/inspec.yml @@ -0,0 +1,8 @@ +name: delete_default_gateway_routes +attributes: + - name: project_id + required: true + type: string + - name: network_name + required: true + type: string diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/ilb_routing/controls/gcloud.rb b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/ilb_routing/controls/gcloud.rb new file mode 100644 index 000000000..e4c3de90b --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/ilb_routing/controls/gcloud.rb @@ -0,0 +1,116 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') +forwarding_rule = attribute('forwarding_rule') + +control "gcloud" do + title "gcloud configuration" + + describe command("gcloud compute networks subnets describe #{network_name}-subnet --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "purpose should be correct" do + expect(data).to include( + "purpose" => "PRIVATE", + ) + end + it "role should not exist" do + expect(data).to_not include( + "role" + ) + end + end + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-01 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "purpose and role should be correct" do + expect(data).to include( + "purpose" => "INTERNAL_HTTPS_LOAD_BALANCER", + "role" => "ACTIVE" + ) + end + end + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-02 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "purpose and role should be correct" do + expect(data).to include( + "purpose" => "INTERNAL_HTTPS_LOAD_BALANCER", + "role" => "BACKUP" + ) + end + end + + describe command("gcloud compute routes describe '#{network_name}-ilb' --project=#{project_id} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "destRange" do + it "should equal '10.10.20.0/24'" do + expect(data["destRange"]).to eq '10.10.20.0/24' + end + end + + describe "tags" do + it "should equal 'egress-inet'" do + expect(data["tags"]).to eq nil + end + end + + describe "nextHopIlb" do + it "should equal the forwarding rule" do + expect(data["nextHopIlb"]).to eq forwarding_rule + end + end + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/ilb_routing/inspec.yml b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/ilb_routing/inspec.yml new file mode 100644 index 000000000..5671b8366 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/ilb_routing/inspec.yml @@ -0,0 +1,15 @@ +name: ilb_routing +depends: + - name: inspec-gcp + git: https://github.com/inspec/inspec-gcp.git + tag: v0.11.0 +attributes: + - name: project_id + required: true + type: string + - name: network_name + required: true + type: string + - name: forwarding_rule + required: true + type: string diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/multi_vpc/controls/gcloud.rb b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/multi_vpc/controls/gcloud.rb new file mode 100644 index 000000000..7c0e1c929 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/multi_vpc/controls/gcloud.rb @@ -0,0 +1,116 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_01_name = attribute('network_01_name') +network_02_name = attribute('network_02_name') + +control "gcloud" do + title "gcloud configuration" + + describe command("gcloud compute routes describe '#{network_01_name}-egress-inet' --project=#{project_id} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + let(:default_internet_gateway) { "https://www.googleapis.com/compute/v1/projects/#{project_id}/global/gateways/default-internet-gateway" } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "destRange" do + it "should equal '0.0.0.0/0'" do + expect(data["destRange"]).to eq '0.0.0.0/0' + end + end + + describe "tags" do + it "should equal 'egress-inet'" do + expect(data["tags"]).to eq ['egress-inet'] + end + end + + describe "nextHopGateway" do + it "should equal the default internet gateway" do + expect(data["nextHopGateway"]).to eq default_internet_gateway + end + end + end + + describe command("gcloud compute routes describe '#{network_02_name}-egress-inet' --project=#{project_id} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + let(:default_internet_gateway) { "https://www.googleapis.com/compute/v1/projects/#{project_id}/global/gateways/default-internet-gateway" } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "destRange" do + it "should equal '0.0.0.0/0'" do + expect(data["destRange"]).to eq '0.0.0.0/0' + end + end + + describe "tags" do + it "should equal 'egress-inet'" do + expect(data["tags"]).to eq ['egress-inet'] + end + end + + describe "nextHopGateway" do + it "should equal the default internet gateway" do + expect(data["nextHopGateway"]).to eq default_internet_gateway + end + end + end + + describe command("gcloud compute routes describe '#{network_02_name}-testapp-proxy' --project=#{project_id} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "destRange" do + it "should equal '10.50.10.0/24'" do + expect(data["destRange"]).to eq '10.50.10.0/24' + end + end + + describe "tags" do + it "should equal 'app-proxy'" do + expect(data["tags"]).to eq ['app-proxy'] + end + end + + describe "nextHopIp" do + it "should equal '10.10.40.10'" do + expect(data["nextHopIp"]).to eq '10.10.40.10' + end + end + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/multi_vpc/inspec.yml b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/multi_vpc/inspec.yml new file mode 100644 index 000000000..4e012dffe --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/multi_vpc/inspec.yml @@ -0,0 +1,11 @@ +name: multi_vpc +attributes: + - name: project_id + required: true + type: string + - name: network_01_name + required: true + type: string + - name: network_02_name + required: true + type: string diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/secondary_ranges/controls/gcloud.rb b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/secondary_ranges/controls/gcloud.rb new file mode 100644 index 000000000..19a1b66da --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/secondary_ranges/controls/gcloud.rb @@ -0,0 +1,101 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') + +control "gcloud" do + title "gcloud configuration" + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-01 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "should have the correct secondaryIpRanges configuration for #{network_name}-subnet-01-01" do + expect(data["secondaryIpRanges"][0]).to include( + "rangeName" => "#{network_name}-subnet-01-01", + "ipCidrRange" => "192.168.64.0/24" + ) + end + + it "should have the correct secondaryIpRanges configuration for #{network_name}-subnet-01-02" do + expect(data["secondaryIpRanges"][1]).to include( + "rangeName" => "#{network_name}-subnet-01-02", + "ipCidrRange" => "192.168.65.0/24" + ) + end + end + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-02 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "should have the correct secondaryIpRanges configuration for #{network_name}-subnet-02" do + expect(data).not_to include("secondaryIpRanges") + end + end + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-03 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "should have the correct secondaryIpRanges configuration for #{network_name}-subnet-03-01" do + expect(data["secondaryIpRanges"][0]).to include( + "rangeName" => "#{network_name}-subnet-03-01", + "ipCidrRange" => "192.168.66.0/24" + ) + end + end + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-04 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "should have the correct secondaryIpRanges configuration for #{network_name}-subnet-04" do + expect(data).not_to include("secondaryIpRanges") + end + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/secondary_ranges/controls/inspec_attributes.rb b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/secondary_ranges/controls/inspec_attributes.rb new file mode 100644 index 000000000..2f9ed48c3 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/secondary_ranges/controls/inspec_attributes.rb @@ -0,0 +1,61 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') + +control "inspec_attributes" do + title "Terraform Outputs" + desc "Terraform Outputs" + + describe attribute("output_network_name") do + it { should eq "#{network_name}" } + end + + describe attribute("output_network_self_link") do + it { should eq "https://www.googleapis.com/compute/v1/projects/#{project_id}/global/networks/#{network_name}" } + end + + describe attribute("output_subnets_ips") do + it { should eq ["10.10.10.0/24", "10.10.20.0/24", "10.10.30.0/24", "10.10.40.0/24"] } + end + + describe attribute("output_routes") do + it { should eq [] } + end + + describe attribute("output_subnets_flow_logs") do + it { should eq [false, true, true, false] } + end + + describe attribute("output_subnets_names") do + it { should eq ["#{network_name}-subnet-01", "#{network_name}-subnet-02", "#{network_name}-subnet-03", "#{network_name}-subnet-04"] } + end + + describe attribute("output_subnets_private_access") do + it { should eq [false, true, false, false] } + end + + describe attribute("output_subnets_regions") do + it { should eq ["us-west1", "us-west1", "us-west1", "us-west1"] } + end + + describe attribute("output_subnets_secondary_ranges") do + it { should eq [{"ip_cidr_range"=>"192.168.64.0/24", "range_name"=>"#{network_name}-subnet-01-01"}, {"ip_cidr_range"=>"192.168.65.0/24", "range_name"=>"#{network_name}-subnet-01-02"}, {"ip_cidr_range"=>"192.168.66.0/24", "range_name"=>"#{network_name}-subnet-03-01"}] } + end + + describe attribute("project_id") do + it { should eq project_id } + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/secondary_ranges/inspec.yml b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/secondary_ranges/inspec.yml new file mode 100644 index 000000000..c11e66122 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/secondary_ranges/inspec.yml @@ -0,0 +1,30 @@ +name: secondary_ranges +attributes: + - name: project_id + required: true + type: string + - name: network_name + required: true + type: string + - name: output_network_name + required: true + type: string + - name: output_network_self_link + required: true + type: string + - name: output_subnets_ips + required: true + - name: output_routes + required: true + - name: output_subnets_flow_logs + required: true + - name: output_subnets_names + required: true + - name: output_subnets_private_access + required: true + - name: output_subnets_regions + required: true + - name: output_subnets_secondary_ranges + required: true + - name: output_project_id + required: true diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/simple_project/controls/gcloud.rb b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/simple_project/controls/gcloud.rb new file mode 100644 index 000000000..0ffad824b --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/simple_project/controls/gcloud.rb @@ -0,0 +1,89 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') + +control "gcloud" do + title "gcloud configuration" + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-01 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "logConfig should not be enabled" do + expect(data).to include( + "logConfig" => { + "enable" => false, + } + ) + end + end + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-02 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "Default log config should be correct" do + expect(data).to include( + "logConfig" => { + "aggregationInterval" => "INTERVAL_5_SEC", + "enable" => true, + "flowSampling" => 0.5, + "metadata" => "INCLUDE_ALL_METADATA" + } + ) + end + end + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-03 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "Log config should be correct" do + expect(data).to include( + "logConfig" => { + "aggregationInterval" => "INTERVAL_10_MIN", + "enable" => true, + "flowSampling" => 0.7, + "metadata" => "INCLUDE_ALL_METADATA" + } + ) + end + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/simple_project/controls/gcp.rb b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/simple_project/controls/gcp.rb new file mode 100644 index 000000000..d48c79da6 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/simple_project/controls/gcp.rb @@ -0,0 +1,57 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') + +control "gcp" do + title "Google Cloud configuration" + + describe google_compute_network( + project: project_id, + name: network_name + ) do + it { should exist } + end + + describe google_compute_subnetwork( + project: project_id, + name: "#{network_name}-subnet-01", + region: "us-west1" + ) do + it { should exist } + its('ip_cidr_range') { should eq "10.10.10.0/24" } + its('private_ip_google_access') { should be false } + end + + describe google_compute_subnetwork( + project: project_id, + name: "#{network_name}-subnet-02", + region: "us-west1" + ) do + it { should exist } + its('ip_cidr_range') { should eq "10.10.20.0/24" } + its('private_ip_google_access') { should be true } + end + + describe google_compute_subnetwork( + project: project_id, + name: "#{network_name}-subnet-03", + region: "us-west1" + ) do + it { should exist } + its('ip_cidr_range') { should eq "10.10.30.0/24" } + its('private_ip_google_access') { should be false } + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/simple_project/inspec.yml b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/simple_project/inspec.yml new file mode 100644 index 000000000..7e69b5296 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/simple_project/inspec.yml @@ -0,0 +1,12 @@ +name: simple_project +depends: + - name: inspec-gcp + git: https://github.com/inspec/inspec-gcp.git + tag: v0.11.0 +attributes: + - name: project_id + required: true + type: string + - name: network_name + required: true + type: string diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/simple_project_with_regional_network/controls/gcp.rb b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/simple_project_with_regional_network/controls/gcp.rb new file mode 100644 index 000000000..84fec52cf --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/simple_project_with_regional_network/controls/gcp.rb @@ -0,0 +1,28 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') + +control "gcp" do + title "Google Cloud configuration" + + describe google_compute_network( + project: project_id, + name: network_name + ) do + it { should exist } + its('routing_config.routing_mode') { should eq 'REGIONAL' } + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/simple_project_with_regional_network/inspec.yml b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/simple_project_with_regional_network/inspec.yml new file mode 100644 index 000000000..b6f43e92f --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/simple_project_with_regional_network/inspec.yml @@ -0,0 +1,12 @@ +name: simple_project_with_regional_network +depends: + - name: inspec-gcp + git: https://github.com/inspec/inspec-gcp.git + tag: v0.11.0 +attributes: + - name: project_id + required: true + type: string + - name: network_name + required: true + type: string diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/submodule_firewall/controls/gcloud.rb b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/submodule_firewall/controls/gcloud.rb new file mode 100644 index 000000000..1bce484f8 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/submodule_firewall/controls/gcloud.rb @@ -0,0 +1,185 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') + +control "gcloud" do + title "gcloud configuration" + + describe command("gcloud compute firewall-rules describe #{network_name}-ingress-internal --project=#{project_id} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "internal rule" do + it "should exist" do + expect(data).to include( + "sourceRanges" => ["10.10.20.0/24", "10.10.10.0/24"] + ) + end + end + + describe "allowed internal rules" do + it "should contain ICMP rule" do + expect(data["allowed"]).to include({"IPProtocol" => "icmp"}) + end + + it "should contain UDP rule" do + expect(data["allowed"]).to include({"IPProtocol" => "udp"}) + end + + it "should contain TCP rule" do + expect(data["allowed"]).to include({"IPProtocol"=>"tcp", "ports"=>["8080", "1000-2000"]}) + end + end + end + + # Custom rules + describe command("gcloud compute firewall-rules describe allow-backend-to-databases --project=#{project_id} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "Custom TAG rule" do + it "has backend tag as source" do + expect(data).to include( + "sourceTags" => ["backed"] + ) + end + + it "has databases tag as target" do + expect(data).to include( + "targetTags" => ["databases"] + ) + end + + it "has expected TCP rule" do + expect(data["allowed"]).to include( + { + "IPProtocol" => "tcp", + "ports" => ["3306", "5432", "1521", "1433"] + } + ) + end + end + end + +describe command("gcloud compute firewall-rules describe deny-ingress-6534-6566 --project=#{project_id} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "deny-ingress-6534-6566" do + it "should be disabled" do + expect(data).to include( + "disabled" => true + ) + end + + it "has 0.0.0.0/0 source range" do + expect(data).to include( + "sourceRanges" => ["0.0.0.0/0"] + ) + end + + it "has expected TCP rules" do + expect(data["denied"]).to include( + { + "IPProtocol" => "tcp", + "ports" => ["6534-6566"] + } + ) + end + + it "has expected UDP rules" do + expect(data["denied"]).to include( + { + "IPProtocol" => "udp", + "ports" => ["6534-6566"] + } + ) + end + end + end + + +describe command("gcloud compute firewall-rules describe allow-all-admin-sa --project=#{project_id} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "allow-all-admin-sa" do + it "should be enabled" do + expect(data).to include( + "disabled" => false + ) + end + + it "should has correct source SA" do + expect(data["sourceServiceAccounts"]).to eq(["admin@my-shiny-org.iam.gserviceaccount.com"]) + end + + it "should has priority 30" do + expect(data["priority"]).to eq(30) + end + + it "has expected TCP rules" do + expect(data["allowed"]).to include( + { + "IPProtocol" => "tcp" + } + ) + end + + it "has expected UDP rules" do + expect(data["allowed"]).to include( + { + "IPProtocol" => "udp" + } + ) + end + end + end + +end + diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/submodule_firewall/controls/gcp.rb b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/submodule_firewall/controls/gcp.rb new file mode 100644 index 000000000..3fb736c0d --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/submodule_firewall/controls/gcp.rb @@ -0,0 +1,32 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') + +control "gcp" do + title "Google Cloud configuration" + + describe google_compute_firewalls(project: project_id) do + its('firewall_names') { should include "#{network_name}-ingress-internal" } + its('firewall_names') { should include "#{network_name}-ingress-tag-http" } + its('firewall_names') { should include "#{network_name}-ingress-tag-https" } + its('firewall_names') { should include "#{network_name}-ingress-tag-ssh" } + its('firewall_names') { should_not include "default-ingress-admins" } + its('firewall_names') { should include "deny-ingress-6534-6566" } + its('firewall_names') { should include "allow-backend-to-databases" } + its('firewall_names') { should include "allow-all-admin-sa" } + end + +end diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/submodule_firewall/controls/inspec_attributes.rb b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/submodule_firewall/controls/inspec_attributes.rb new file mode 100644 index 000000000..25320c41e --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/submodule_firewall/controls/inspec_attributes.rb @@ -0,0 +1,61 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') + +control "inspec_attributes" do + title "Terraform Outputs" + desc "Terraform Outputs" + + describe attribute("output_network_name") do + it { should eq "#{network_name}" } + end + + describe attribute("output_network_self_link") do + it { should eq "https://www.googleapis.com/compute/v1/projects/#{project_id}/global/networks/#{network_name}" } + end + + describe attribute("output_subnets_ips") do + it { should eq ["10.10.10.0/24", "10.10.20.0/24"] } + end + + describe attribute("output_routes") do + it { should eq [] } + end + + describe attribute("output_subnets_flow_logs") do + it { should eq [false, true] } + end + + describe attribute("output_subnets_names") do + it { should eq ["#{network_name}-subnet-01", "#{network_name}-subnet-02"] } + end + + describe attribute("output_subnets_private_access") do + it { should eq [false, true] } + end + + describe attribute("output_subnets_regions") do + it { should eq ["us-west1", "us-west1"] } + end + + describe attribute("output_subnets_secondary_ranges") do + it { should eq [[],[]] } + end + + describe attribute("output_project_id") do + it { should eq project_id } + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/submodule_firewall/inspec.yml b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/submodule_firewall/inspec.yml new file mode 100644 index 000000000..8f1d70e75 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/submodule_firewall/inspec.yml @@ -0,0 +1,34 @@ +name: submodule_firewall +depends: + - name: inspec-gcp + git: https://github.com/inspec/inspec-gcp.git + tag: v0.11.0 +attributes: + - name: project_id + required: true + type: string + - name: network_name + required: true + type: string + - name: output_network_name + required: true + type: string + - name: output_network_self_link + required: true + type: string + - name: output_subnets_ips + required: true + - name: output_routes + required: true + - name: output_subnets_flow_logs + required: true + - name: output_subnets_names + required: true + - name: output_subnets_private_access + required: true + - name: output_subnets_regions + required: true + - name: output_subnets_secondary_ranges + required: true + - name: output_project_id + required: true diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/submodule_network_peering/controls/gcloud.rb b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/submodule_network_peering/controls/gcloud.rb new file mode 100644 index 000000000..894e46dc0 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/submodule_network_peering/controls/gcloud.rb @@ -0,0 +1,107 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +peerings = attribute('peerings') + +control "gcloud" do + title "gcloud configuration" + peerings.each do |key, value| + local_network_peering = value['local_network_peering'] + peer_network_peering = value['peer_network_peering'] + local_network_self_link = local_network_peering['network'] + peer_network_self_link = peer_network_peering['network'] + local_network_name = local_network_self_link.split('/')[-1] + peer_network_name = peer_network_self_link.split('/')[-1] + + describe command("gcloud compute networks peerings list --project=#{project_id} --network=#{local_network_name} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "local VPC peering" do + it "should exist" do + expect(data[0]['peerings'].select{|x| x['name'] == local_network_peering['name']}).not_to be_empty + end + it "should be active" do + expect(data[0]['peerings'].select{|x| x['name'] == local_network_peering['name']}[0]['state']).to eq( + "ACTIVE" + ) + end + it "should be connected to #{peer_network_name} network" do + expect(data[0]['peerings'].select{|x| x['name'] == local_network_peering['name']}[0]['network']).to eq( + peer_network_self_link + ) + end + it "should export custom routes" do + expect(data[0]['peerings'].select{|x| x['name'] == local_network_peering['name']}[0]['exportCustomRoutes']).to eq( + true + ) + end + it "should not import custom routes" do + expect(data[0]['peerings'].select{|x| x['name'] == local_network_peering['name']}[0]['importCustomRoutes']).to eq( + false + ) + end + end + + end + + describe command("gcloud compute networks peerings list --project=#{project_id} --network=#{peer_network_name} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "peer VPC peering" do + it "should exist" do + expect(data[0]['peerings'].select{|x| x['name'] == peer_network_peering['name']}).not_to be_empty + end + it "should be active" do + expect(data[0]['peerings'].select{|x| x['name'] == peer_network_peering['name']}[0]['state']).to eq( + "ACTIVE" + ) + end + it "should be connected to #{local_network_name} network" do + expect(data[0]['peerings'].select{|x| x['name'] == peer_network_peering['name']}[0]['network']).to eq( + local_network_self_link + ) + end + it "should not export custom routes" do + expect(data[0]['peerings'].select{|x| x['name'] == peer_network_peering['name']}[0]['exportCustomRoutes']).to eq( + false + ) + end + it "should import custom routes" do + expect(data[0]['peerings'].select{|x| x['name'] == peer_network_peering['name']}[0]['importCustomRoutes']).to eq( + true + ) + end + end + end + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/submodule_network_peering/inspec.yml b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/submodule_network_peering/inspec.yml new file mode 100644 index 000000000..55de6b25f --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/integration/submodule_network_peering/inspec.yml @@ -0,0 +1,8 @@ +name: submodule_network_peering +attributes: + - name: project_id + required: true + type: string + - name: peerings + type: hash + required: true diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/setup/README.md b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/setup/README.md new file mode 100644 index 000000000..258fb6981 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/setup/README.md @@ -0,0 +1,35 @@ +# Integration Testing + +Use this directory to create resources reflecting the same resource fixtures +created for use by the CI environment CI integration test pipelines. The intent +of these resources is to run the integration tests locally as closely as +possible to how they will run in the CI system. + +Once created, store the service account key content into the +`SERVICE_ACCOUNT_JSON` environment variable. This reflects the same behavior +as used in CI. + +For example: + +```bash +terraform init +terraform apply +mkdir -p ~/.credentials +terraform output sa_key | base64 --decode > ~/.credentials/network-sa.json +``` + +Then, configure the environment (suggest using direnv) like so: + +```bash +export SERVICE_ACCOUNT_JSON=$(cat ${HOME}/.credentials/network-sa.json) +export PROJECT_ID="network-module" +``` + +With these variables set, change to the root of the module and execute the +`make test_integration` task. This make target is the same that is executed +by this module's CI pipeline during integration testing, and will run the +integration tests from your machine. + +Alternatively, to run the integration tests directly from the Docker +container used by the module's CI pipeline, perform the above steps and then +run the `make test_integration_docker` target diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/setup/iam.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/setup/iam.tf new file mode 100644 index 000000000..fa3c79045 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/setup/iam.tf @@ -0,0 +1,41 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + int_required_roles = [ + "roles/compute.networkAdmin", + "roles/compute.securityAdmin", + "roles/iam.serviceAccountUser", + ] +} + +resource "google_service_account" "int_test" { + project = module.project.project_id + account_id = "ci-network" + display_name = "ci-network" +} + +resource "google_project_iam_member" "int_test" { + count = length(local.int_required_roles) + + project = module.project.project_id + role = local.int_required_roles[count.index] + member = "serviceAccount:${google_service_account.int_test.email}" +} + +resource "google_service_account_key" "int_test" { + service_account_id = google_service_account.int_test.id +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/setup/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/setup/main.tf new file mode 100644 index 000000000..f89684ea1 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/setup/main.tf @@ -0,0 +1,32 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +module "project" { + source = "terraform-google-modules/project-factory/google" + version = "~> 4.0" + + name = "ci-network" + random_project_id = "true" + org_id = var.org_id + folder_id = var.folder_id + billing_account = var.billing_account + + activate_apis = [ + "cloudresourcemanager.googleapis.com", + "compute.googleapis.com", + "serviceusage.googleapis.com" + ] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/setup/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/setup/outputs.tf new file mode 100644 index 000000000..08753a4b9 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/setup/outputs.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = module.project.project_id +} + +output "sa_key" { + value = google_service_account_key.int_test.private_key + sensitive = true +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/setup/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/setup/variables.tf new file mode 100644 index 000000000..53dd1ed77 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/setup/variables.tf @@ -0,0 +1,26 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +variable "org_id" { + description = "The numeric organization id" +} + +variable "folder_id" { + description = "The folder to deploy in" +} + +variable "billing_account" { + description = "The billing account id associated with the project, e.g. XXXXXX-YYYYYY-ZZZZZZ" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/setup/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/setup/versions.tf new file mode 100644 index 000000000..38af399dc --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/test/setup/versions.tf @@ -0,0 +1,27 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} + +provider "google" { + version = "~> 2.12.0" +} + +provider "google-beta" { + version = "~> 2.12.0" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/variables.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/variables.tf new file mode 100644 index 000000000..1770d50fa --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/variables.tf @@ -0,0 +1,70 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The ID of the project where this VPC will be created" +} + +variable "network_name" { + description = "The name of the network being created" +} + +variable "routing_mode" { + type = string + default = "GLOBAL" + description = "The network routing mode (default 'GLOBAL')" +} + +variable "shared_vpc_host" { + type = bool + description = "Makes this project a Shared VPC host if 'true' (default 'false')" + default = false +} + +variable "subnets" { + type = list(map(string)) + description = "The list of subnets being created" +} + +variable "secondary_ranges" { + type = map(list(object({ range_name = string, ip_cidr_range = string }))) + description = "Secondary ranges that will be used in some of the subnets" + default = {} +} + +variable "routes" { + type = list(map(string)) + description = "List of routes being created in this VPC" + default = [] +} + +variable "delete_default_internet_gateway_routes" { + description = "If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted" + default = "false" +} + + +variable "description" { + type = string + description = "An optional description of this resource. The resource must be recreated to modify this field." + default = "" +} + +variable "auto_create_subnetworks" { + type = bool + description = "When set to true, the network is created in 'auto subnet mode' and it will create a subnet for each region automatically across the 10.128.0.0/9 address range. When set to false, the network is created in 'custom subnet mode' so the user can explicitly connect subnetwork resources." + default = false +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/versions.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/versions.tf new file mode 100644 index 000000000..c1eedd7e1 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/modules/vpc2/terraform-google-network-2.3.0/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" + required_providers { + google = "<4.0,>= 2.12" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/plugins/darwin_amd64/lock.json b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/plugins/darwin_amd64/lock.json new file mode 100755 index 000000000..43887ca59 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/.terraform/plugins/darwin_amd64/lock.json @@ -0,0 +1,4 @@ +{ + "google": "8a868aee3493785d724d5521a252b28b0763376c50205283cb4e773a612f396b", + "null": "b1d97b7013b6aaa4205bad9db8ce7ff4d6fc27d7c6ed8b2227213f3441f6208e" +} \ No newline at end of file diff --git a/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/main.tf b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/main.tf new file mode 100644 index 000000000..f45de0220 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-ext-modules-only/main.tf @@ -0,0 +1,33 @@ +module "first" { + source = "terraform-google-modules/network/google" + version = "~> 2.3" + + project_id = "1234567891234567" + network_name = "example-first" + routing_mode = "GLOBAL" + + subnets = [ + { + subnet_name = "subnet-a-01" + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + } + ] +} + +module "second" { + source = "terraform-google-modules/network/google" + version = "~> 2.3" + + project_id = "1234567891234567" + network_name = "example-second" + routing_mode = "GLOBAL" + + subnets = [ + { + subnet_name = "subnet-b-01" + subnet_ip = "10.20.10.0/24" + subnet_region = "us-west1" + } + ] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/.github/release-please.yml b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/.github/release-please.yml new file mode 100644 index 000000000..6366b9cb6 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/.github/release-please.yml @@ -0,0 +1,2 @@ +releaseType: terraform-module +handleGHRelease: true diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/.gitignore b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/.gitignore new file mode 100644 index 000000000..477cdaf3d --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/.gitignore @@ -0,0 +1,47 @@ +# OSX leaves these everywhere on SMB shares +._* + +# OSX trash +.DS_Store + +# Python +*.pyc + +# Emacs save files +*~ +\#*\# +.\#* + +# Vim-related files +[._]*.s[a-w][a-z] +[._]s[a-w][a-z] +*.un~ +Session.vim +.netrwhist + +### https://raw.github.com/github/gitignore/90f149de451a5433aebd94d02d11b0e28843a1af/Terraform.gitignore + +# Local .terraform directories +**/.terraform/* + +# .tfstate files +*.tfstate +*.tfstate.* + +# Crash log files +crash.log + +# Kitchen files +**/inspec.lock +**/.kitchen +**/.kitchen.local.yml +**/Gemfile.lock + +# Ignore any .tfvars files that are generated automatically for each Terraform run. Most +# .tfvars files are managed as part of configuration and so should be included in +# version control. +# +# example.tfvars +test/fixtures/shared/terraform.tfvars + +credentials.json diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/.kitchen.yml b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/.kitchen.yml new file mode 100644 index 000000000..3f25d4b9d --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/.kitchen.yml @@ -0,0 +1,162 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +driver: + name: "terraform" + command_timeout: 1800 + +provisioner: + name: "terraform" + +platforms: + - name: local + +suites: + - name: "simple_project" + driver: + name: "terraform" + command_timeout: 1800 + root_module_directory: test/fixtures/simple_project/ + verifier: + name: terraform + color: true + systems: + - name: inspec-gcp + backend: gcp + controls: + - gcp + - name: local + backend: local + controls: + - gcloud + - name: "simple_project_with_regional_network" + driver: + name: "terraform" + command_timeout: 1800 + root_module_directory: test/fixtures/simple_project_with_regional_network/ + verifier: + name: terraform + color: true + systems: + - name: inspec-gcp + backend: gcp + controls: + - gcp + - name: "secondary_ranges" + driver: + name: "terraform" + command_timeout: 1800 + root_module_directory: test/fixtures/secondary_ranges/ + verifier: + name: terraform + color: true + systems: + - name: local + attrs_outputs: + customized_inspec_attribute: output_network_name + customized_inspec_attribute: output_network_self_link + customized_inspec_attribute: output_subnets_ips + customized_inspec_attribute: output_routes + customized_inspec_attribute: output_subnets_flow_logs + customized_inspec_attribute: output_subnets_names + customized_inspec_attribute: output_subnets_private_access + customized_inspec_attribute: output_subnets_regions + customized_inspec_attribute: output_subnets_secondary_ranges + customized_inspec_attribute: output_project_id + backend: local + controls: + - gcloud + - inspec_attributes + - name: "multi_vpc" + driver: + name: "terraform" + command_timeout: 1800 + root_module_directory: test/fixtures/multi_vpc/ + verifier: + name: terraform + color: true + systems: + - name: local + backend: local + controls: + - gcloud + - name: "delete_default_gateway_routes" + driver: + name: "terraform" + command_timeout: 1800 + root_module_directory: test/fixtures/delete_default_gateway_routes/ + verifier: + name: terraform + color: true + systems: + - name: local + backend: local + controls: + - gcloud + - name: "submodule_firewall" + driver: + name: "terraform" + command_timeout: 1800 + root_module_directory: test/fixtures/submodule_firewall/ + verifier: + name: terraform + color: true + systems: + - name: inspec-gcp + backend: gcp + controls: + - gcp + - name: local + attrs_outputs: + customized_inspec_attribute: output_network_name + customized_inspec_attribute: output_network_self_link + customized_inspec_attribute: output_subnets_ips + customized_inspec_attribute: output_routes + customized_inspec_attribute: output_subnets_flow_logs + customized_inspec_attribute: output_subnets_names + customized_inspec_attribute: output_subnets_private_access + customized_inspec_attribute: output_subnets_regions + customized_inspec_attribute: output_subnets_secondary_ranges + customized_inspec_attribute: output_project_id + backend: local + controls: + - gcloud + - inspec_attributes + - name: "submodule_network_peering" + driver: + name: "terraform" + command_timeout: 1800 + root_module_directory: test/fixtures/submodule_network_peering/ + verifier: + name: terraform + color: true + systems: + - name: local + backend: local + controls: + - gcloud + - name: "ilb_routing" + driver: + name: "terraform" + command_timeout: 1800 + root_module_directory: test/fixtures/ilb_routing/ + verifier: + name: terraform + color: true + systems: + - name: local + backend: local + controls: + - gcloud diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/.ruby-version b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/.ruby-version new file mode 100644 index 000000000..aedc15bb0 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/.ruby-version @@ -0,0 +1 @@ +2.5.3 diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/CHANGELOG.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/CHANGELOG.md new file mode 100644 index 000000000..cff2bda83 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/CHANGELOG.md @@ -0,0 +1,272 @@ +# Changelog + +All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. + +## [2.3.0](https://www.github.com/terraform-google-modules/terraform-google-network/compare/v2.2.0...v2.3.0) (2020-04-16) + + +### Features + +* Add beta provider support for routes and subnets ([#124](https://www.github.com/terraform-google-modules/terraform-google-network/issues/124)) ([6c94a6f](https://www.github.com/terraform-google-modules/terraform-google-network/commit/6c94a6fd89989d1dd113e0a156f0c5d7cdd8407e)), closes [#68](https://www.github.com/terraform-google-modules/terraform-google-network/issues/68) + +## [2.2.0](https://www.github.com/terraform-google-modules/terraform-google-network/compare/v2.1.2...v2.2.0) (2020-04-07) + + +### Features + +* add network output ([#169](https://www.github.com/terraform-google-modules/terraform-google-network/issues/169)) ([0dc6965](https://www.github.com/terraform-google-modules/terraform-google-network/commit/0dc6965ab52f946b9e3d16dc8f8e3557d369da01)) + +### [2.1.2](https://www.github.com/terraform-google-modules/terraform-google-network/compare/v2.1.1...v2.1.2) (2020-04-02) + + +### Bug Fixes + +* Add support for enable_logging on firewall rules ([#155](https://www.github.com/terraform-google-modules/terraform-google-network/issues/155)) ([febec4e](https://www.github.com/terraform-google-modules/terraform-google-network/commit/febec4ef4b2d6080b18429106b19a8fbc5452bec)) +* Add variables type as first parameter on all variables ([#167](https://www.github.com/terraform-google-modules/terraform-google-network/issues/167)) ([2fff1e7](https://www.github.com/terraform-google-modules/terraform-google-network/commit/2fff1e7cd5188e24a413bc302c8a061c4f3bb19b)) +* remove invalid/outdated create_network variable ([#159](https://www.github.com/terraform-google-modules/terraform-google-network/issues/159)) ([6fac78e](https://www.github.com/terraform-google-modules/terraform-google-network/commit/6fac78e5b25a2ab72824b0ebefff6704a46fd984)) +* Resolve error with destroy and shared VPC host config ([#168](https://www.github.com/terraform-google-modules/terraform-google-network/issues/168)) ([683ae07](https://www.github.com/terraform-google-modules/terraform-google-network/commit/683ae072382c03f8b032944e539e9fa8601bad1f)), closes [#163](https://www.github.com/terraform-google-modules/terraform-google-network/issues/163) + +### [2.1.1](https://www.github.com/terraform-google-modules/terraform-google-network/compare/v2.1.0...v2.1.1) (2020-02-04) + + +### Bug Fixes + +* Correct the service_project_ids type ([#152](https://www.github.com/terraform-google-modules/terraform-google-network/issues/152)) ([80b6f54](https://www.github.com/terraform-google-modules/terraform-google-network/commit/80b6f54c007bc5b89709a9eebe330af058ca2260)) +* Resolve "Invalid expanding argument value" issue with the newer versions of terraform ([#153](https://www.github.com/terraform-google-modules/terraform-google-network/issues/153)) ([5f61ffb](https://www.github.com/terraform-google-modules/terraform-google-network/commit/5f61ffb3cb03a4d0ddb02dde1a3085aa428aeb38)) + +## [2.1.0](https://www.github.com/terraform-google-modules/terraform-google-network/compare/v2.0.2...v2.1.0) (2020-01-31) + + +### Features + +* add subnets output with full subnet info ([#129](https://www.github.com/terraform-google-modules/terraform-google-network/issues/129)) ([b424186](https://www.github.com/terraform-google-modules/terraform-google-network/commit/b4241861d8e670d555a43b82f4451581a8e27367)) + + +### Bug Fixes + +* Make project_id output dependent on shared_vpc host enablement ([#150](https://www.github.com/terraform-google-modules/terraform-google-network/issues/150)) ([75f9f04](https://www.github.com/terraform-google-modules/terraform-google-network/commit/75f9f0494c2a17b6d53fb265b3a4c77490b2914b)) + +### [2.0.2](https://github.com/terraform-google-modules/terraform-google-network/compare/v2.0.1...v2.0.2) (2020-01-21) + + +### Bug Fixes + +* relax version constraint in README ([1a39c7d](https://github.com/terraform-google-modules/terraform-google-network/commit/1a39c7df1d9d12e250500c3321e82ff78b0cd900)) + +## [2.0.1] - 2019-12-18 + +### Fixed + +- Fixed bug for allowing internal firewall rules. [#123](https://github.com/terraform-google-modules/terraform-google-network/pull/123) +- Provided Terraform provider versions and relaxed version constraints. [#131](https://github.com/terraform-google-modules/terraform-google-network/pull/131) + +## [2.0.0](https://github.com/terraform-google-modules/terraform-google-network/compare/v1.5.0...v2.0.0) (2019-12-09) + +v2.0.0 is a backwards-incompatible release. Please see the [upgrading guide](./docs/upgrading_to_v2.0.md). + +### Added + +- Split main module up into vpc, subnets, and routes submodules. [#103] + +### Fixed + +- Fixes subnet recreation when a subnet is updated. [#73] + + +## [1.5.0](https://github.com/terraform-google-modules/terraform-google-network/compare/v1.3.0...v1.5.0) (2019-11-12) + +### Added + +- Added submodule `network-peering` [#101] + +## [1.4.3] - 2019-10-31 + +### Fixed + +- Fixed issue with depending on outputs introduced in 1.4.1. [#95] + +## [1.4.2] - 2019-10-30 + +### Fixed + +- The outputs `network_name`, `network_self_link`, and + `subnets_secondary_ranges` depend on resource attributes rather than + data source attributes when `create_network` = `true`. [#94] + +## [1.4.1] - 2019-10-29 + +### Added + +- Made network creation optional in root module. [#88] + +### Fixed + +- Fixed issue with depending on outputs introduced in 1.4.0. [#92] + +## [1.4.0] - 2019-10-14 + +### Added + +- Add dynamic firewall rules support to firewall submodule. [#79] + +### Fixed + +- Add `depends_on` to `created_subnets` data fetch (fixes issue [#80]). [#81] + +## [1.3.0](https://github.com/terraform-google-modules/terraform-google-network/compare/v1.2.0...v1.3.0) (2019-10-10) + +### Changed + +- Set default value for `next_hop_internet`. [#64] + +### Added + +- Add host service agent role management to Shared VPC submodule [#72] + +## 1.2.0 (2019-09-18) + +### Added + +- Added `description` variable for subnets. [#66] + +### Fixed + +- Made setting `secondary_ranges` optional. [#16] + +## [1.1.0] - 2019-07-24 + +### Added + +- `auto_create_subnetworks` variable and `description` variable. [#57] + +## [1.0.0] - 2019-07-12 + +### Changed + +- Supported version of Terraform is 0.12. [#47] + +## [0.8.0] - 2019-06-12 + +### Added + +- A submodule to configure Shared VPC network attachments. [#45] + +## [0.7.0] - 2019-05-27 + +### Added + +- New firewall submodule [#40] + +### Fixed + +- Shared VPC service account roles are included in the README. [#32] +- Shared VPC host project explicitly depends on the network to avoid a + race condition. [#36] +- gcloud dependency is included in the README. [#38] + +## [0.6.0] - 2019-02-21 + +### Added + +- Add ability to delete default gateway route [#29] + +## [0.5.0] - 2019-01-31 + +### Changed + +- Make `routing_mode` a configurable variable. Defaults to "GLOBAL" [#26] + +### Added + +- Subnet self links as outputs. [#27] +- Support for route creation [#14] +- Add example for VPC with many secondary ranges [#23] +- Add example for VPC with regional routing mode [#26] + +### Fixed + +- Resolved issue with networks that have no secondary networks [#19] + +## [0.4.0] - 2018-09-25 + +### Changed + +- Make `subnet_private_access` and `subnet_flow_logs` into strings to be consistent with `shared_vpc` flag [#13] + +## [0.3.0] - 2018-09-11 + +### Changed + +- Make `subnet_private_access` default to false [#6] + +### Added + +- Add support for controlling subnet flow logs [#6] + +## [0.2.0] - 2018-08-16 + +### Added + +- Add support for Shared VPC hosting + +## [0.1.0] - 2018-08-08 + +### Added + +- Initial release +- A Google Virtual Private Network (VPC) +- Subnets within the VPC +- Secondary ranges for the subnets (if applicable) + +[Unreleased]: https://github.com/terraform-google-modules/terraform-google-network/compare/v2.0.1...HEAD +[2.0.1]: https://github.com/terraform-google-modules/terraform-google-network/compare/v2.0.0...v2.0.1 +[2.0.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v1.5.0...v2.0.0 +[1.5.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v1.4.3...v1.5.0 +[1.4.3]: https://github.com/terraform-google-modules/terraform-google-network/compare/v1.4.2...v1.4.3 +[1.4.2]: https://github.com/terraform-google-modules/terraform-google-network/compare/v1.4.1...v1.4.2 +[1.4.1]: https://github.com/terraform-google-modules/terraform-google-network/compare/v1.4.0...v1.4.1 +[1.4.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v1.3.0...v1.4.0 +[1.3.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v1.2.0...v1.3.0 +[1.2.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v1.1.0...v1.2.0 +[1.1.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v1.0.0...v1.1.0 +[1.0.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v0.8.0...v1.0.0 +[0.8.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v0.7.0...v0.8.0 +[0.7.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v0.6.0...v0.7.0 +[0.6.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v0.5.0...v0.6.0 +[0.5.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v0.4.0...v0.5.0 +[0.4.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v0.3.0...v0.4.0 +[0.3.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v0.2.0...v0.3.0 +[0.2.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v0.1.0...v0.2.0 +[0.1.0]: https://github.com/terraform-google-modules/terraform-google-network/releases/tag/v0.1.0 + +[#73]: https://github.com/terraform-google-modules/terraform-google-network/pull/73 +[#103]: https://github.com/terraform-google-modules/terraform-google-network/pull/103 +[#101]: https://github.com/terraform-google-modules/terraform-google-network/pull/101 +[#95]: https://github.com/terraform-google-modules/terraform-google-network/issues/95 +[#94]: https://github.com/terraform-google-modules/terraform-google-network/pull/94 +[#92]: https://github.com/terraform-google-modules/terraform-google-network/issues/92 +[#88]: https://github.com/terraform-google-modules/terraform-google-network/issues/88 +[#81]: https://github.com/terraform-google-modules/terraform-google-network/pull/81 +[#80]: https://github.com/terraform-google-modules/terraform-google-network/issues/80 +[#79]: https://github.com/terraform-google-modules/terraform-google-network/pull/79 +[#72]: https://github.com/terraform-google-modules/terraform-google-network/pull/72 +[#64]: https://github.com/terraform-google-modules/terraform-google-network/pull/64 +[#66]: https://github.com/terraform-google-modules/terraform-google-network/pull/66 +[#16]: https://github.com/terraform-google-modules/terraform-google-network/pull/16 +[#57]: https://github.com/terraform-google-modules/terraform-google-network/pull/57 +[#47]: https://github.com/terraform-google-modules/terraform-google-network/pull/47 +[#45]: https://github.com/terraform-google-modules/terraform-google-network/pull/45 +[#40]: https://github.com/terraform-google-modules/terraform-google-network/pull/40 +[#38]: https://github.com/terraform-google-modules/terraform-google-network/pull/38 +[#36]: https://github.com/terraform-google-modules/terraform-google-network/pull/36 +[#32]: https://github.com/terraform-google-modules/terraform-google-network/pull/32 +[#29]: https://github.com/terraform-google-modules/terraform-google-network/pull/29 +[#27]: https://github.com/terraform-google-modules/terraform-google-network/pull/27 +[#26]: https://github.com/terraform-google-modules/terraform-google-network/pull/26 +[#23]: https://github.com/terraform-google-modules/terraform-google-network/pull/23 +[#19]: https://github.com/terraform-google-modules/terraform-google-network/pull/19 +[#14]: https://github.com/terraform-google-modules/terraform-google-network/pull/14 +[#13]: https://github.com/terraform-google-modules/terraform-google-network/pull/13 +[#6]: https://github.com/terraform-google-modules/terraform-google-network/pull/6 +[keepachangelog-site]: https://keepachangelog.com/en/1.0.0/ +[semver-site]: https://semver.org/spec/v2.0.0.html diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/CODEOWNERS b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/CODEOWNERS new file mode 100644 index 000000000..3a0760e1f --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/CODEOWNERS @@ -0,0 +1,9 @@ +* @terraform-google-modules/cft-admins @andreyk-code @jeanno + +# CFT Fabric +/examples/submodule_svpc_access/ @terraform-google-modules/cft-fabric +/modules/fabric-net-svpc-access/ @terraform-google-modules/cft-fabric +/modules/fabric-net-firewall/ @terraform-google-modules/cft-fabric +/examples/submodule_firewall/ @terraform-google-modules/cft-fabric +/modules/network-peering/ @terraform-google-modules/cft-fabric +/examples/submodule_network_peering/ @terraform-google-modules/cft-fabric diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/CONTRIBUTING.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/CONTRIBUTING.md new file mode 100644 index 000000000..a350db595 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/CONTRIBUTING.md @@ -0,0 +1,99 @@ +# Contributing + +This document provides guidelines for contributing to the module. + +## Dependencies + +The following dependencies must be installed on the development system: + +- [Docker Engine][docker-engine] +- [Google Cloud SDK][google-cloud-sdk] +- [make] + +## Generating Documentation for Inputs and Outputs + +The Inputs and Outputs tables in the READMEs of the root module, +submodules, and example modules are automatically generated based on +the `variables` and `outputs` of the respective modules. These tables +must be refreshed if the module interfaces are changed. + +### Execution + +Run `make generate_docs` to generate new Inputs and Outputs tables. + +## Integration Testing + +Integration tests are used to verify the behaviour of the root module, +submodules, and example modules. Additions, changes, and fixes should +be accompanied with tests. + +The integration tests are run using [Kitchen][kitchen], +[Kitchen-Terraform][kitchen-terraform], and [InSpec][inspec]. These +tools are packaged within a Docker image for convenience. + +The general strategy for these tests is to verify the behaviour of the +[example modules](./examples/), thus ensuring that the root module, +submodules, and example modules are all functionally correct. + +### Test Environment +The easiest way to test the module is in an isolated test project. The setup for such a project is defined in [test/setup](./test/setup/) directory. + +To use this setup, you need a service account with Project Creator access on a folder. Export the Service Account credentials to your environment like so: + +``` +export SERVICE_ACCOUNT_JSON=$(< credentials.json) +``` + +You will also need to set a few environment variables: +``` +export TF_VAR_org_id="your_org_id" +export TF_VAR_folder_id="your_folder_id" +export TF_VAR_billing_account="your_billing_account_id" +``` + +With these settings in place, you can prepare a test project using Docker: +``` +make docker_test_prepare +``` + +### Noninteractive Execution + +Run `make docker_test_integration` to test all of the example modules +noninteractively, using the prepared test project. + +### Interactive Execution + +1. Run `make docker_run` to start the testing Docker container in + interactive mode. + +1. Run `kitchen_do create ` to initialize the working + directory for an example module. + +1. Run `kitchen_do converge ` to apply the example module. + +1. Run `kitchen_do verify ` to test the example module. + +1. Run `kitchen_do destroy ` to destroy the example module + state. + +## Linting and Formatting + +Many of the files in the repository can be linted or formatted to +maintain a standard of quality. + +### Execution + +Run `make docker_test_lint`. + +[docker-engine]: https://www.docker.com/products/docker-engine +[flake8]: http://flake8.pycqa.org/en/latest/ +[gofmt]: https://golang.org/cmd/gofmt/ +[google-cloud-sdk]: https://cloud.google.com/sdk/install +[hadolint]: https://github.com/hadolint/hadolint +[inspec]: https://inspec.io/ +[kitchen-terraform]: https://github.com/newcontext-oss/kitchen-terraform +[kitchen]: https://kitchen.ci/ +[make]: https://en.wikipedia.org/wiki/Make_(software) +[shellcheck]: https://www.shellcheck.net/ +[terraform-docs]: https://github.com/segmentio/terraform-docs +[terraform]: https://terraform.io/ diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/Gemfile b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/Gemfile new file mode 100644 index 000000000..af3b9546f --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/Gemfile @@ -0,0 +1,19 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ruby '2.6.3' + +source 'https://rubygems.org/' do + gem 'kitchen-terraform', '~> 4.3' +end diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/LICENSE b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/LICENSE new file mode 100644 index 000000000..d64569567 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/Makefile b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/Makefile new file mode 100644 index 000000000..fd4c92203 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/Makefile @@ -0,0 +1,82 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Make will use bash instead of sh +SHELL := /usr/bin/env bash + +DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0.6.0 +DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools +REGISTRY_URL := gcr.io/cloud-foundation-cicd + +# Enter docker container for local development +.PHONY: docker_run +docker_run: + docker run --rm -it \ + -e SERVICE_ACCOUNT_JSON \ + -v $(CURDIR):/workspace \ + $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ + /bin/bash + +# Execute prepare tests within the docker container +.PHONY: docker_test_prepare +docker_test_prepare: + docker run --rm -it \ + -e SERVICE_ACCOUNT_JSON \ + -e TF_VAR_org_id \ + -e TF_VAR_folder_id \ + -e TF_VAR_billing_account \ + -v $(CURDIR):/workspace \ + $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ + /usr/local/bin/execute_with_credentials.sh prepare_environment + +# Clean up test environment within the docker container +.PHONY: docker_test_cleanup +docker_test_cleanup: + docker run --rm -it \ + -e SERVICE_ACCOUNT_JSON \ + -e TF_VAR_org_id \ + -e TF_VAR_folder_id \ + -e TF_VAR_billing_account \ + -v $(CURDIR):/workspace \ + $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ + /usr/local/bin/execute_with_credentials.sh cleanup_environment + +# Execute integration tests within the docker container +.PHONY: docker_test_integration +docker_test_integration: + docker run --rm -it \ + -e SERVICE_ACCOUNT_JSON \ + -v $(CURDIR):/workspace \ + $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ + /usr/local/bin/test_integration.sh + +# Execute lint tests within the docker container +.PHONY: docker_test_lint +docker_test_lint: + docker run --rm -it \ + -v $(CURDIR):/workspace \ + $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ + /usr/local/bin/test_lint.sh + +# Generate documentation +.PHONY: docker_generate_docs +docker_generate_docs: + docker run --rm -it \ + -v $(CURDIR):/workspace \ + $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ + /bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs' + +# Alias for backwards compatibility +.PHONY: generate_docs +generate_docs: docker_generate_docs diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/README.md new file mode 100644 index 000000000..969239134 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/README.md @@ -0,0 +1,183 @@ +# Terraform Network Module + +This modules makes it easy to set up a new VPC Network in GCP by defining your network and subnet ranges in a concise syntax. + +It supports creating: + +- A Google Virtual Private Network (VPC) +- Subnets within the VPC +- Secondary ranges for the subnets (if applicable) + +Sub modules are provided for creating individual vpc, subnets, and routes. See the modules directory for the various sub modules usage. + +## Compatibility + +This module is meant for use with Terraform 0.12. If you haven't [upgraded](https://www.terraform.io/upgrade-guides/0-12.html) and need a Terraform 0.11.x-compatible version of this module, the last released version intended for Terraform 0.11.x is [0.8.0](https://registry.terraform.io/modules/terraform-google-modules/network/google/0.8.0). + +## Usage +You can go to the examples folder, however the usage of the module could be like this in your own main.tf file: + +```hcl +module "vpc" { + source = "terraform-google-modules/network/google" + version = "~> 2.3" + + project_id = "" + network_name = "example-vpc" + routing_mode = "GLOBAL" + + subnets = [ + { + subnet_name = "subnet-01" + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + subnet_name = "subnet-02" + subnet_ip = "10.10.20.0/24" + subnet_region = "us-west1" + subnet_private_access = "true" + subnet_flow_logs = "true" + description = "This subnet has a description" + }, + { + subnet_name = "subnet-03" + subnet_ip = "10.10.30.0/24" + subnet_region = "us-west1" + subnet_flow_logs = "true" + subnet_flow_logs_interval = "INTERVAL_10_MIN" + subnet_flow_logs_sampling = 0.7 + subnet_flow_logs_metadata = "INCLUDE_ALL_METADATA" + } + ] + + secondary_ranges = { + subnet-01 = [ + { + range_name = "subnet-01-secondary-01" + ip_cidr_range = "192.168.64.0/24" + }, + ] + + subnet-02 = [] + } + + routes = [ + { + name = "egress-internet" + description = "route through IGW to access internet" + destination_range = "0.0.0.0/0" + tags = "egress-inet" + next_hop_internet = "true" + }, + { + name = "app-proxy" + description = "route through proxy to reach app" + destination_range = "10.50.10.0/24" + tags = "app-proxy" + next_hop_instance = "app-proxy-instance" + next_hop_instance_zone = "us-west1-a" + }, + ] +} +``` + +Then perform the following commands on the root folder: + +- `terraform init` to get the plugins +- `terraform plan` to see the infrastructure plan +- `terraform apply` to apply the infrastructure build +- `terraform destroy` to destroy the built infrastructure + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| auto\_create\_subnetworks | When set to true, the network is created in 'auto subnet mode' and it will create a subnet for each region automatically across the 10.128.0.0/9 address range. When set to false, the network is created in 'custom subnet mode' so the user can explicitly connect subnetwork resources. | bool | `"false"` | no | +| delete\_default\_internet\_gateway\_routes | If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted | string | `"false"` | no | +| description | An optional description of this resource. The resource must be recreated to modify this field. | string | `""` | no | +| network\_name | The name of the network being created | string | n/a | yes | +| project\_id | The ID of the project where this VPC will be created | string | n/a | yes | +| routes | List of routes being created in this VPC | list(map(string)) | `` | no | +| routing\_mode | The network routing mode (default 'GLOBAL') | string | `"GLOBAL"` | no | +| secondary\_ranges | Secondary ranges that will be used in some of the subnets | object | `` | no | +| shared\_vpc\_host | Makes this project a Shared VPC host if 'true' (default 'false') | bool | `"false"` | no | +| subnets | The list of subnets being created | list(map(string)) | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| network | The created network | +| network\_name | The name of the VPC being created | +| network\_self\_link | The URI of the VPC being created | +| project\_id | VPC project id | +| route\_names | The route names associated with this VPC | +| subnets | A map with keys of form subnet_region/subnet_name and values being the outputs of the google_compute_subnetwork resources used to create corresponding subnets. | +| subnets\_flow\_logs | Whether the subnets will have VPC flow logs enabled | +| subnets\_ips | The IPs and CIDRs of the subnets being created | +| subnets\_names | The names of the subnets being created | +| subnets\_private\_access | Whether the subnets will have access to Google API's without a public IP | +| subnets\_regions | The region where the subnets will be created | +| subnets\_secondary\_ranges | The secondary ranges associated with these subnets | +| subnets\_self\_links | The self-links of subnets being created | + + + +### Subnet Inputs + +The subnets list contains maps, where each object represents a subnet. Each map has the following inputs (please see examples folder for additional references): + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| subnet\_name | The name of the subnet being created | string | - | yes | +| subnet\_ip | The IP and CIDR range of the subnet being created | string | - | yes | +| subnet\_region | The region where the subnet will be created | string | - | yes | +| subnet\_private\_access | Whether this subnet will have private Google access enabled | string | `"false"` | no | +| subnet\_flow\_logs | Whether the subnet will record and send flow log data to logging | string | `"false"` | no | + +### Route Inputs + +The routes list contains maps, where each object represents a route. For the next_hop_* inputs, only one is possible to be used in each route. Having two next_hop_* inputs will produce an error. Each map has the following inputs (please see examples folder for additional references): + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| name | The name of the route being created | string | - | no | +| description | The description of the route being created | string | - | no | +| tags | The network tags assigned to this route. This is a list in string format. Eg. "tag-01,tag-02"| string | - | yes | +| destination\_range | The destination range of outgoing packets that this route applies to. Only IPv4 is supported | string | - | yes +| next\_hop\_internet | Whether the next hop to this route will the default internet gateway. Use "true" to enable this as next hop | string | `"false"` | yes | +| next\_hop\_ip | Network IP address of an instance that should handle matching packets | string | - | yes | +| next\_hop\_instance | URL or name of an instance that should handle matching packets. If just name is specified "next\_hop\_instance\_zone" is required | string | - | yes | +| next\_hop\_instance\_zone | The zone of the instance specified in next\_hop\_instance. Only required if next\_hop\_instance is specified as a name | string | - | no | +| next\_hop\_vpn\_tunnel | URL to a VpnTunnel that should handle matching packets | string | - | yes | +| priority | The priority of this route. Priority is used to break ties in cases where there is more than one matching route of equal prefix length. In the case of two routes with equal prefix length, the one with the lowest-numbered priority value wins | string | `"1000"` | yes | + +## Requirements +### Installed Software +- [Terraform](https://www.terraform.io/downloads.html) ~> 0.12.6 +- [Terraform Provider for GCP](https://github.com/terraform-providers/terraform-provider-google) ~> 2.19 +- [Terraform Provider for GCP Beta](https://github.com/terraform-providers/terraform-provider-google-beta) ~> + 2.19 +- [gcloud](https://cloud.google.com/sdk/gcloud/) >243.0.0 + +### Configure a Service Account +In order to execute this module you must have a Service Account with the following roles: + +- roles/compute.networkAdmin on the organization or folder + +If you are going to manage a Shared VPC, you must have either: + +- roles/compute.xpnAdmin on the organization +- roles/compute.xpnAdmin on the folder (beta) + +### Enable API's +In order to operate with the Service Account you must activate the following API on the project where the Service Account was created: + +- Compute Engine API - compute.googleapis.com + +## Contributing + +Refer to the [contribution guidelines](./CONTRIBUTING.md) for +information on contributing to this module. diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/build/int.cloudbuild.yaml b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/build/int.cloudbuild.yaml new file mode 100644 index 000000000..06c7799aa --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/build/int.cloudbuild.yaml @@ -0,0 +1,169 @@ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +timeout: 3600s +steps: +- id: prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && prepare_environment'] + env: + - 'TF_VAR_org_id=$_ORG_ID' + - 'TF_VAR_folder_id=$_FOLDER_ID' + - 'TF_VAR_billing_account=$_BILLING_ACCOUNT' +- id: create simple-project-local + waitFor: + - prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create simple-project-local'] +- id: converge simple-project-local + waitFor: + - create simple-project-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge simple-project-local'] +- id: verify simple-project-local + waitFor: + - converge simple-project-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify simple-project-local'] +- id: destroy simple-project-local + waitFor: + - verify simple-project-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy simple-project-local'] +- id: create simple-project-with-regional-network-local + waitFor: + - prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create simple-project-with-regional-network-local'] +- id: converge simple-project-with-regional-network-local + waitFor: + - create simple-project-with-regional-network-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge simple-project-with-regional-network-local'] +- id: verify simple-project-with-regional-network-local + waitFor: + - converge simple-project-with-regional-network-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify simple-project-with-regional-network-local'] +- id: destroy simple-project-with-regional-network-local + waitFor: + - verify simple-project-with-regional-network-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy simple-project-with-regional-network-local'] +- id: create secondary-ranges-local + waitFor: + - prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create secondary-ranges-local'] +- id: converge secondary-ranges-local + waitFor: + - create secondary-ranges-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge secondary-ranges-local'] +- id: verify secondary-ranges-local + waitFor: + - converge secondary-ranges-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify secondary-ranges-local'] +- id: destroy secondary-ranges-local + waitFor: + - verify secondary-ranges-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy secondary-ranges-local'] +- id: create multi-vpc-local + waitFor: + - prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create multi-vpc-local'] +- id: converge multi-vpc-local + waitFor: + - create multi-vpc-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge multi-vpc-local'] +- id: verify multi-vpc-local + waitFor: + - converge multi-vpc-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify multi-vpc-local'] +- id: destroy multi-vpc-local + waitFor: + - verify multi-vpc-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy multi-vpc-local'] +- id: create delete-default-gateway-routes-local + waitFor: + - prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create delete-default-gateway-routes-local'] +- id: converge delete-default-gateway-routes-local + waitFor: + - create delete-default-gateway-routes-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge delete-default-gateway-routes-local'] +- id: verify delete-default-gateway-routes-local + waitFor: + - converge delete-default-gateway-routes-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify delete-default-gateway-routes-local'] +- id: destroy delete-default-gateway-routes-local + waitFor: + - verify delete-default-gateway-routes-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy delete-default-gateway-routes-local'] +- id: create submodule-firewall-local + waitFor: + - prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create submodule-firewall-local'] +- id: converge submodule-firewall-local + waitFor: + - create submodule-firewall-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge submodule-firewall-local'] +- id: verify submodule-firewall-local + waitFor: + - converge submodule-firewall-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify submodule-firewall-local'] +- id: destroy submodule-firewall-local + waitFor: + - verify submodule-firewall-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy submodule-firewall-local'] +- id: create submodule-network-peering-local + waitFor: + - prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create submodule-network-peering-local'] +- id: converge submodule-network-peering-local + waitFor: + - create submodule-network-peering-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge submodule-network-peering-local'] +- id: verify submodule-network-peering-local + waitFor: + - converge submodule-network-peering-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify submodule-network-peering-local'] +- id: destroy submodule-network-peering-local + waitFor: + - verify submodule-network-peering-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy submodule-network-peering-local'] +tags: +- 'ci' +- 'integration' +substitutions: + _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools' + _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.6.0' diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/build/lint.cloudbuild.yaml b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/build/lint.cloudbuild.yaml new file mode 100644 index 000000000..3f3923fb7 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/build/lint.cloudbuild.yaml @@ -0,0 +1,24 @@ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +steps: +- name: 'gcr.io/cloud-foundation-cicd/cft/developer-tools:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + id: 'lint' + args: ['/usr/local/bin/test_lint.sh'] +tags: +- 'ci' +- 'lint' +substitutions: + _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools' + _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.6.0' diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/codelabs/simple/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/codelabs/simple/README.md new file mode 100644 index 000000000..fdc16c917 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/codelabs/simple/README.md @@ -0,0 +1,3 @@ +# Networking Codelab + +The Terraform configuration in this directory is used for a [simple codelab](https://codelabs.developers.google.com/codelabs/hashicorp-terraform-networking/index.html#0). diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/codelabs/simple/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/codelabs/simple/main.tf new file mode 100644 index 000000000..93e234fc4 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/codelabs/simple/main.tf @@ -0,0 +1,110 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +resource "random_id" "network_id" { + byte_length = 8 +} + +resource "google_project_service" "compute" { + service = "compute.googleapis.com" +} + +# Create the network +module "vpc" { + source = "terraform-google-modules/network/google" + version = "~> 0.4.0" + + # Give the network a name and project + project_id = google_project_service.compute.project + network_name = "my-custom-vpc-${random_id.network_id.hex}" + + subnets = [ + { + # Creates your first subnet in us-west1 and defines a range for it + subnet_name = "my-first-subnet" + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + # Creates a dedicated subnet for GKE + subnet_name = "my-gke-subnet" + subnet_ip = "10.10.20.0/24" + subnet_region = "us-west1" + }, + ] + + # Define secondary ranges for each of your subnets + secondary_ranges = { + my-first-subnet = [] + + my-gke-subnet = [ + { + # Define a secondary range for Kubernetes pods to use + range_name = "my-gke-pods-range" + ip_cidr_range = "192.168.64.0/24" + }, + ] + } +} + +resource "random_id" "instance_id" { + byte_length = 8 +} + +# Launch a VM on it +resource "google_compute_instance" "default" { + name = "vm-${random_id.instance_id.hex}" + project = google_project_service.compute.project + machine_type = "f1-micro" + zone = "us-west1-a" + + boot_disk { + initialize_params { + image = "debian-cloud/debian-9" + } + } + + network_interface { + subnetwork = module.vpc.subnets_names[0] + subnetwork_project = google_project_service.compute.project + + access_config { + # Include this section to give the VM an external ip address + } + } + + # Apply the firewall rule to allow external IPs to ping this instance + tags = ["allow-ping"] +} + +# Allow traffic to the VM +resource "google_compute_firewall" "allow-ping" { + name = "default-ping" + network = module.vpc.network_name + project = google_project_service.compute.project + + allow { + protocol = "icmp" + } + + # Allow traffic from everywhere to instances with an http-server tag + source_ranges = ["0.0.0.0/0"] + target_tags = ["allow-ping"] +} + +output "ip" { + value = google_compute_instance.default.network_interface.0.access_config.0.nat_ip +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/docs/upgrading_to_v2.0.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/docs/upgrading_to_v2.0.md new file mode 100644 index 000000000..542680135 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/docs/upgrading_to_v2.0.md @@ -0,0 +1,140 @@ +# Upgrading to v2.x + +The v2.x release of _google-network_ is a backwards incompatible +release. + +Because v2.x changed how the subnet resource is iterated on, resources in Terraform state need to be migrated in order to avoid the resources from getting destroyed and recreated. + +## Output Changes +In version 2.x, a few output names were [changed](https://github.com/terraform-google-modules/terraform-google-network/compare/v1.5.0...v2.0.0#diff-c09d00f135e3672d079ff6e0556d957d): + +- `svpc_host_project_id` was renamed to `project_id`. +- `routes` was renamed to `route_names` + +## Migration Instructions + +First, upgrade to the new version of this module. + +```diff + module "kubernetes_engine_private_cluster" { + source = "terraform-google-modules/network/google" +- version = "~> 1.5" ++ version = "~> 2.0" + + # ... + } +``` + +If you run `terraform plan` at this point, Terraform will inform you that it will attempt to delete and recreate your existing subnets. This is almost certainly not the behavior you want. + +You will need to migrate your state, either [manually](#manual-migration-steps) or [automatically](#migration-script). + +### Migration Script + +1. Download the script: + + ```sh + curl -O https://raw.githubusercontent.com/terraform-google-modules/terraform-google-network/master/helpers/migrate.py + chmod +x migrate.py + ``` + +2. Back up your Terraform state: + + ```sh + terraform state pull >> state.bak + ``` + +2. Run the script to output the migration commands: + + ```sh + $ ./migrate.py --dryrun + terraform state mv 'module.example.module.test-vpc-module-02.google_compute_network.network[0]' 'module.example.module.test-vpc-module-02.module.vpc.google_compute_network.network' + terraform state mv 'module.example.module.test-vpc-module-02.google_compute_subnetwork.subnetwork' 'module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork' + terraform state mv 'module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork[0]' 'module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork["us-west1/multi-vpc-a1-02-subnet-01"]' + terraform state mv 'module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork[1]' 'module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork["us-west1/multi-vpc-a1-02-subnet-02"]' + terraform state mv 'module.example.module.test-vpc-module-02.google_compute_route.route' 'module.example.module.test-vpc-module-02.module.routes.google_compute_route.route' + terraform state mv 'module.example.module.test-vpc-module-02.module.routes.google_compute_route.route[0]' 'module.example.module.test-vpc-module-02.module.routes.google_compute_route.route["multi-vpc-a1-02-egress-inet"]' + terraform state mv 'module.example.module.test-vpc-module-02.module.routes.google_compute_route.route[1]' 'module.example.module.test-vpc-module-02.module.routes.google_compute_route.route["multi-vpc-a1-02-testapp-proxy"]' + + ``` + +3. Execute the migration script: + + ```sh + $ ./migrate.py + ---- Migrating the following modules: + -- module.example.module.test-vpc-module-02 + ---- Commands to run: + Move "module.example.module.test-vpc-module-02.google_compute_network.network[0]" to "module.example.module.test-vpc-module-02.module.vpc.google_compute_network.network" + Successfully moved 1 object(s). + Move "module.example.module.test-vpc-module-02.google_compute_subnetwork.subnetwork" to "module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork" + Successfully moved 1 object(s). + Move "module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork[0]" to "module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork[\"us-west1/multi-vpc-a1-02-subnet-01\"]" + Successfully moved 1 object(s). + Move "module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork[1]" to "module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork[\"us-west1/multi-vpc-a1-02-subnet-02\"]" + Successfully moved 1 object(s). + Move "module.example.module.test-vpc-module-02.google_compute_route.route" to "module.example.module.test-vpc-module-02.module.routes.google_compute_route.route" + Successfully moved 1 object(s). + Move "module.example.module.test-vpc-module-02.module.routes.google_compute_route.route[0]" to "module.example.module.test-vpc-module-02.module.routes.google_compute_route.route[\"multi-vpc-a1-02-egress-inet\"]" + Successfully moved 1 object(s). + Move "module.example.module.test-vpc-module-02.module.routes.google_compute_route.route[1]" to "module.example.module.test-vpc-module-02.module.routes.google_compute_route.route[\"multi-vpc-a1-02-testapp-proxy\"]" + Successfully moved 1 object(s). + + ``` + +4. Run `terraform plan` to confirm no changes are expected. + +### Manual Migration Steps + +In this example here are the commands used migrate the vpc and subnets created by the `simple_project` in the examples directory. _please note the need to escape the quotes on the new resource_. You may also use the migration script. + +- `terraform state mv module.example.module.test-vpc-module.google_compute_network.network module.example.module.test-vpc-module.module.vpc.google_compute_subnetwork.network` + +- `terraform state mv module.example.module.test-vpc-module.google_compute_subnetwork.subnetwork module.example.module.test-vpc-module.module.subnets.google_compute_subnetwork.subnetwork` + +- `terraform state mv module.example.module.test-vpc-module.module.subnets.google_compute_subnetwork.subnetwork[0] module.example.module.test-vpc-module.module.subnets.google_compute_subnetwork.subnetwork[\"us-west1/simple-project-timh-subnet-01\"]` + +- `terraform state mv module.example.module.test-vpc-module.module.subnets.google_compute_subnetwork.subnetwork[1] module.example.module.test-vpc-module.module.subnets.google_compute_subnetwork.subnetwork[\"us-west1/simple-project-timh-subnet-02\"]` + +*You'll notice that because of a terraform [issue](https://github.com/hashicorp/terraform/issues/22301), we need to move the whole resource collection first before renaming to the `for_each` keys* + +`terraform plan` should now return a no-op and show no new changes. + +```Shell +$ terraform plan +Refreshing Terraform state in-memory prior to plan... +The refreshed state will be used to calculate this plan, but will not be +persisted to local or remote state storage. + +module.example.module.test-vpc-module.google_compute_network.network: Refreshing state... [id=simple-project-timh] +module.example.module.test-vpc-module.google_compute_subnetwork.subnetwork["us-west1/simple-project-timh-subnet-02"]: Refreshing state... [id=us-west1/simple-project-timh-subnet-02] +module.example.module.test-vpc-module.google_compute_subnetwork.subnetwork["us-west1/simple-project-timh-subnet-01"]: Refreshing state... [id=us-west1/simple-project-timh-subnet-01] + +------------------------------------------------------------------------ + +No changes. Infrastructure is up-to-date. + +This means that Terraform did not detect any differences between your +configuration and real physical resources that exist. As a result, no +actions need to be performed. +``` + +### Known Issues + +If your previous state only contains a **single** subnet or route then `terraform mv` will throw an error similar to the following during migration: + +``` +Error: Invalid target address + +Cannot move to +module.example.module.test-vpc-module-01.module.routes.google_compute_route.route["multi-vpc-a1-01-egress-inet"]: +module.example.module.test-vpc-module-01.module.routes.google_compute_route.route +does not exist in the current state. +``` + +This is due to a terraform mv [issue](https://github.com/hashicorp/terraform/issues/22301) + +The workaround is to either + +1. Create a temporary subnet or route prior to migration +2. Manually updating the state file. Update the `index_key` of the appropriate user and push the to the remote state if necessary. diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/.gitignore b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/.gitignore new file mode 100644 index 000000000..1e49b3a62 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/.gitignore @@ -0,0 +1 @@ +.tfvars diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/README.md new file mode 100644 index 000000000..2735dfb5a --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/README.md @@ -0,0 +1,29 @@ +# Delete Default Gateway Routes + +This example configures a single simple VPC inside of a project. + +This VPC has a single subnet with no secondary ranges, and ensures the default internet gateway route is deleted. + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| network\_name | The name of the VPC network being created | string | n/a | yes | +| project\_id | The project ID to host the network in | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| network\_name | The name of the VPC being created | +| network\_self\_link | The URI of the VPC being created | +| route\_names | The routes associated with this VPC | +| subnets\_flow\_logs | Whether the subnets will have VPC flow logs enabled | +| subnets\_ips | The IP and cidrs of the subnets being created | +| subnets\_names | The names of the subnets being created | +| subnets\_private\_access | Whether the subnets will have access to Google API's without a public IP | +| subnets\_regions | The region where subnets will be created | +| subnets\_secondary\_ranges | The secondary ranges associated with these subnets | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/main.tf new file mode 100644 index 000000000..c24c08c78 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/main.tf @@ -0,0 +1,42 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 3.3.0" +} + +provider "null" { + version = "~> 2.1" +} + +locals { + subnet_01 = "${var.network_name}-subnet-01" +} + +module "test-vpc-module" { + source = "../../" + project_id = var.project_id + network_name = var.network_name + delete_default_internet_gateway_routes = "true" + + subnets = [ + { + subnet_name = local.subnet_01 + subnet_ip = "10.20.30.0/24" + subnet_region = "us-west1" + }, + ] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/outputs.tf new file mode 100644 index 000000000..d7a27ff41 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/outputs.tf @@ -0,0 +1,60 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "network_name" { + value = module.test-vpc-module.network_name + description = "The name of the VPC being created" +} + +output "network_self_link" { + value = module.test-vpc-module.network_self_link + description = "The URI of the VPC being created" +} + +output "subnets_names" { + value = module.test-vpc-module.subnets_names + description = "The names of the subnets being created" +} + +output "subnets_ips" { + value = module.test-vpc-module.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "subnets_regions" { + value = module.test-vpc-module.subnets_regions + description = "The region where subnets will be created" +} + +output "subnets_private_access" { + value = module.test-vpc-module.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "subnets_flow_logs" { + value = module.test-vpc-module.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "subnets_secondary_ranges" { + value = module.test-vpc-module.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets" +} + +output "route_names" { + value = module.test-vpc-module.route_names + description = "The routes associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/variables.tf new file mode 100644 index 000000000..add931101 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/variables.tf @@ -0,0 +1,23 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to host the network in" +} + +variable "network_name" { + description = "The name of the VPC network being created" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/versions.tf new file mode 100644 index 000000000..27ba8fc12 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/ilb_routing/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/ilb_routing/README.md new file mode 100644 index 000000000..d289ebf89 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/ilb_routing/README.md @@ -0,0 +1,33 @@ +# ILB routing example + +This example configures a single VPC inside of a project. + +This VPC has three subnets and a forwarding rule. Please note, that this is simply example resource usage, this module +wouldn't work as is. + +More information: +- https://cloud.google.com/load-balancing/docs/internal/setting-up-ilb-next-hop +- https://cloud.google.com/load-balancing/docs/l7-internal/proxy-only-subnets + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| network\_name | The name of the VPC network being created | string | n/a | yes | +| project\_id | The project ID to host the network in | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| forwarding\_rule | Forwarding rule link | +| network\_name | The name of the VPC being created | +| network\_self\_link | The URI of the VPC being created | +| project\_id | VPC project id | +| route\_names | The routes associated with this VPC | +| subnets\_ips | The IP and cidrs of the subnets being created | +| subnets\_names | The names of the subnets being created | +| subnets\_regions | The region where subnets will be created | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/ilb_routing/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/ilb_routing/main.tf new file mode 100644 index 000000000..0c33e1def --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/ilb_routing/main.tf @@ -0,0 +1,127 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 2.19.0" +} + +provider "google-beta" { + version = "~> 2.19.0" +} + +provider "null" { + version = "~> 2.1" +} + +module "vpc" { + source = "../../modules/vpc" + network_name = var.network_name + project_id = var.project_id +} + +module "subnets" { + source = "../../modules/subnets-beta" + project_id = var.project_id + network_name = module.vpc.network_name + + subnets = [ + { + subnet_name = "${var.network_name}-subnet" + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + subnet_name = "${var.network_name}-subnet-01" + subnet_ip = "10.20.10.0/24" + subnet_region = "us-west1" + purpose = "INTERNAL_HTTPS_LOAD_BALANCER" + role = "ACTIVE" + } + ] +} + +module "subnets-backup" { + source = "../../modules/subnets-beta" + project_id = var.project_id + network_name = module.vpc.network_name + + subnets = [ + { + subnet_name = "${var.network_name}-subnet-02" + subnet_ip = "10.20.20.0/24" + subnet_region = "us-west1" + purpose = "INTERNAL_HTTPS_LOAD_BALANCER" + role = "BACKUP" + } + ] + + module_depends_on = [module.subnets.subnets] +} + +resource "google_compute_health_check" "this" { + project = var.project_id + name = "${var.network_name}-test" + check_interval_sec = 1 + timeout_sec = 1 + + tcp_health_check { + port = "80" + } +} + +resource "google_compute_region_backend_service" "this" { + project = var.project_id + name = "${var.network_name}-test" + region = "us-west1" + health_checks = [google_compute_health_check.this.self_link] +} + +resource "google_compute_forwarding_rule" "this" { + project = var.project_id + name = "${var.network_name}-fw-role" + + network = module.vpc.network_name + subnetwork = module.subnets.subnets["us-west1/${var.network_name}-subnet"].name + backend_service = google_compute_region_backend_service.this.self_link + region = "us-west1" + load_balancing_scheme = "INTERNAL" + all_ports = true +} + +module "routes" { + source = "../../modules/routes-beta" + project_id = var.project_id + network_name = module.vpc.network_name + routes_count = 2 + + routes = [ + { + name = "${var.network_name}-egress-inet" + description = "route through IGW to access internet" + destination_range = "0.0.0.0/0" + tags = "egress-inet" + next_hop_internet = "true" + }, + { + name = "${var.network_name}-ilb" + description = "route through ilb" + destination_range = "10.10.20.0/24" + next_hop_ilb = google_compute_forwarding_rule.this.self_link + }, + ] + + module_depends_on = [module.subnets.subnets, module.subnets-backup.subnets] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/ilb_routing/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/ilb_routing/outputs.tf new file mode 100644 index 000000000..676e23f32 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/ilb_routing/outputs.tf @@ -0,0 +1,55 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "network_name" { + value = module.vpc.network_name + description = "The name of the VPC being created" +} + +output "network_self_link" { + value = module.vpc.network_self_link + description = "The URI of the VPC being created" +} + +output "project_id" { + value = module.vpc.project_id + description = "VPC project id" +} + +output "subnets_names" { + value = [for network in concat(module.subnets.subnets, module.subnets-backup.subnets) : network.name] + description = "The names of the subnets being created" +} + +output "subnets_ips" { + value = [for network in concat(module.subnets.subnets, module.subnets-backup.subnets) : network.ip_cidr_range] + description = "The IP and cidrs of the subnets being created" +} + +output "subnets_regions" { + value = [for network in concat(module.subnets.subnets, module.subnets-backup.subnets) : network.region] + description = "The region where subnets will be created" +} + +output "route_names" { + value = [for route in module.routes.routes : route.name] + description = "The routes associated with this VPC" +} + +output "forwarding_rule" { + value = google_compute_forwarding_rule.this.self_link + description = "Forwarding rule link" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/ilb_routing/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/ilb_routing/variables.tf new file mode 100644 index 000000000..add931101 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/ilb_routing/variables.tf @@ -0,0 +1,23 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to host the network in" +} + +variable "network_name" { + description = "The name of the VPC network being created" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/ilb_routing/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/ilb_routing/versions.tf new file mode 100644 index 000000000..27ba8fc12 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/ilb_routing/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/multi_vpc/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/multi_vpc/README.md new file mode 100644 index 000000000..339b2c4ff --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/multi_vpc/README.md @@ -0,0 +1,37 @@ +# Multiple Networks + +This example configures a host network project with two separate networks. + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| network\_01\_name | The name of the first VPC network being created | string | n/a | yes | +| network\_02\_name | The name of the second VPC network being created | string | n/a | yes | +| project\_id | The project ID to host the network in | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| network\_01\_name | The name of the VPC network-01 | +| network\_01\_routes | The routes associated with network-01 | +| network\_01\_self\_link | The URI of the VPC network-01 | +| network\_01\_subnets | The names of the subnets being created on network-01 | +| network\_01\_subnets\_flow\_logs | Whether the subnets will have VPC flow logs enabled | +| network\_01\_subnets\_ips | The IP and cidrs of the subnets being created on network-01 | +| network\_01\_subnets\_private\_access | Whether the subnets will have access to Google API's without a public IP on network-01 | +| network\_01\_subnets\_regions | The region where the subnets will be created on network-01 | +| network\_01\_subnets\_secondary\_ranges | The secondary ranges associated with these subnets on network-01 | +| network\_02\_name | The name of the VPC network-02 | +| network\_02\_routes | The routes associated with network-02 | +| network\_02\_self\_link | The URI of the VPC network-02 | +| network\_02\_subnets | The names of the subnets being created on network-02 | +| network\_02\_subnets\_flow\_logs | Whether the subnets will have VPC flow logs enabled | +| network\_02\_subnets\_ips | The IP and cidrs of the subnets being created on network-02 | +| network\_02\_subnets\_private\_access | Whether the subnets will have access to Google API's without a public IP on network-02 | +| network\_02\_subnets\_regions | The region where the subnets will be created on network-02 | +| network\_02\_subnets\_secondary\_ranges | The secondary ranges associated with these subnets on network-02 | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/multi_vpc/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/multi_vpc/main.tf new file mode 100644 index 000000000..085f571e2 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/multi_vpc/main.tf @@ -0,0 +1,144 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 3.3.0" +} + +provider "null" { + version = "~> 2.1" +} + +locals { + network_01_subnet_01 = "${var.network_01_name}-subnet-01" + network_01_subnet_02 = "${var.network_01_name}-subnet-02" + network_01_subnet_03 = "${var.network_01_name}-subnet-03" + network_02_subnet_01 = "${var.network_02_name}-subnet-01" + network_02_subnet_02 = "${var.network_02_name}-subnet-02" + + network_01_routes = [ + { + name = "${var.network_01_name}-egress-inet" + description = "route through IGW to access internet" + destination_range = "0.0.0.0/0" + tags = "egress-inet" + next_hop_internet = "true" + }, + ] + + network_02_routes = [ + { + name = "${var.network_02_name}-egress-inet" + description = "route through IGW to access internet" + destination_range = "0.0.0.0/0" + tags = "egress-inet" + next_hop_internet = "true" + }, + { + name = "${var.network_02_name}-testapp-proxy" + description = "route through proxy to reach app" + destination_range = "10.50.10.0/24" + tags = "app-proxy" + next_hop_ip = "10.10.40.10" + }, + ] +} + +module "test-vpc-module-01" { + source = "../../" + project_id = var.project_id + network_name = var.network_01_name + + subnets = [ + { + subnet_name = local.network_01_subnet_01 + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + subnet_private_access = "false" + subnet_flow_logs = "true" + }, + { + subnet_name = local.network_01_subnet_02 + subnet_ip = "10.10.20.0/24" + subnet_region = "us-west1" + subnet_private_access = "false" + subnet_flow_logs = "true" + }, + { + subnet_name = local.network_01_subnet_03 + subnet_ip = "10.10.30.0/24" + subnet_region = "us-west1" + subnet_private_access = "false" + subnet_flow_logs = "true" + }, + ] + + secondary_ranges = { + "${local.network_01_subnet_01}" = [ + { + range_name = "${local.network_01_subnet_01}-01" + ip_cidr_range = "192.168.64.0/24" + }, + { + range_name = "${local.network_01_subnet_01}-02" + ip_cidr_range = "192.168.65.0/24" + }, + ] + + "${local.network_01_subnet_02}" = [ + { + range_name = "${local.network_02_subnet_01}-01" + ip_cidr_range = "192.168.74.0/24" + }, + ] + } + + routes = "${local.network_01_routes}" +} + +module "test-vpc-module-02" { + source = "../../" + project_id = var.project_id + network_name = var.network_02_name + + subnets = [ + { + subnet_name = "${local.network_02_subnet_01}" + subnet_ip = "10.10.40.0/24" + subnet_region = "us-west1" + subnet_private_access = "false" + subnet_flow_logs = "true" + }, + { + subnet_name = "${local.network_02_subnet_02}" + subnet_ip = "10.10.50.0/24" + subnet_region = "us-west1" + subnet_private_access = "false" + subnet_flow_logs = "true" + }, + ] + + secondary_ranges = { + "${local.network_02_subnet_01}" = [ + { + range_name = "${local.network_02_subnet_02}-01" + ip_cidr_range = "192.168.75.0/24" + }, + ] + } + + routes = local.network_02_routes +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/multi_vpc/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/multi_vpc/outputs.tf new file mode 100644 index 000000000..c2d6a8285 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/multi_vpc/outputs.tf @@ -0,0 +1,107 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# vpc 1 +output "network_01_name" { + value = module.test-vpc-module-01.network_name + description = "The name of the VPC network-01" +} + +output "network_01_self_link" { + value = module.test-vpc-module-01.network_self_link + description = "The URI of the VPC network-01" +} + +output "network_01_subnets" { + value = module.test-vpc-module-01.subnets_names + description = "The names of the subnets being created on network-01" +} + +output "network_01_subnets_ips" { + value = module.test-vpc-module-01.subnets_ips + description = "The IP and cidrs of the subnets being created on network-01" +} + +output "network_01_subnets_regions" { + value = module.test-vpc-module-01.subnets_regions + description = "The region where the subnets will be created on network-01" +} + +output "network_01_subnets_private_access" { + value = module.test-vpc-module-01.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP on network-01" +} + +output "network_01_subnets_flow_logs" { + value = module.test-vpc-module-01.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "network_01_subnets_secondary_ranges" { + value = module.test-vpc-module-01.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets on network-01" +} + +output "network_01_routes" { + value = module.test-vpc-module-01.route_names + description = "The routes associated with network-01" +} + +# vpc 2 +output "network_02_name" { + value = module.test-vpc-module-02.network_name + description = "The name of the VPC network-02" +} + +output "network_02_self_link" { + value = module.test-vpc-module-02.network_self_link + description = "The URI of the VPC network-02" +} + +output "network_02_subnets" { + value = module.test-vpc-module-02.subnets_names + description = "The names of the subnets being created on network-02" +} + +output "network_02_subnets_ips" { + value = module.test-vpc-module-02.subnets_ips + description = "The IP and cidrs of the subnets being created on network-02" +} + +output "network_02_subnets_regions" { + value = module.test-vpc-module-02.subnets_regions + description = "The region where the subnets will be created on network-02" +} + +output "network_02_subnets_private_access" { + value = module.test-vpc-module-02.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP on network-02" +} + +output "network_02_subnets_flow_logs" { + value = module.test-vpc-module-02.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "network_02_subnets_secondary_ranges" { + value = module.test-vpc-module-02.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets on network-02" +} + +output "network_02_routes" { + value = module.test-vpc-module-02.route_names + description = "The routes associated with network-02" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/multi_vpc/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/multi_vpc/variables.tf new file mode 100644 index 000000000..f378f835b --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/multi_vpc/variables.tf @@ -0,0 +1,27 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to host the network in" +} + +variable "network_01_name" { + description = "The name of the first VPC network being created" +} + +variable "network_02_name" { + description = "The name of the second VPC network being created" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/multi_vpc/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/multi_vpc/versions.tf new file mode 100644 index 000000000..27ba8fc12 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/multi_vpc/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/secondary_ranges/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/secondary_ranges/README.md new file mode 100644 index 000000000..acca7c730 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/secondary_ranges/README.md @@ -0,0 +1,31 @@ +# Secondary Ranges + +This example configures a single simple VPC inside of a project. + +This VPC has three subnets, with the first subnet being given two secondary +ranges and the third being given a single secondary range. + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| network\_name | The name of the VPC network being created | string | n/a | yes | +| project\_id | The project ID to host the network in | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| network\_name | The name of the VPC being created | +| network\_self\_link | The URI of the VPC being created | +| project\_id | VPC project id | +| route\_names | The routes associated with this VPC | +| subnets\_flow\_logs | Whether the subnets will have VPC flow logs enabled | +| subnets\_ips | The IP and cidrs of the subnets being created | +| subnets\_names | The names of the subnets being created | +| subnets\_private\_access | Whether the subnets will have access to Google API's without a public IP | +| subnets\_regions | The region where subnets will be created | +| subnets\_secondary\_ranges | The secondary ranges associated with these subnets | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/secondary_ranges/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/secondary_ranges/main.tf new file mode 100644 index 000000000..2c3389eb3 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/secondary_ranges/main.tf @@ -0,0 +1,87 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 3.3.0" +} + +provider "null" { + version = "~> 2.1" +} + +locals { + subnet_01 = "${var.network_name}-subnet-01" + subnet_02 = "${var.network_name}-subnet-02" + subnet_03 = "${var.network_name}-subnet-03" + subnet_04 = "${var.network_name}-subnet-04" +} + +module "vpc-secondary-ranges" { + source = "../../" + project_id = var.project_id + network_name = var.network_name + + subnets = [ + { + subnet_name = "${local.subnet_01}" + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + subnet_name = "${local.subnet_02}" + subnet_ip = "10.10.20.0/24" + subnet_region = "us-west1" + subnet_private_access = "true" + subnet_flow_logs = "true" + }, + { + subnet_name = "${local.subnet_03}" + subnet_ip = "10.10.30.0/24" + subnet_region = "us-west1" + subnet_flow_logs = "true" + subnet_flow_logs_interval = "INTERVAL_15_MIN" + subnet_flow_logs_sampling = 0.9 + subnet_flow_logs_metadata = "INCLUDE_ALL_METADATA" + }, + { + subnet_name = "${local.subnet_04}" + subnet_ip = "10.10.40.0/24" + subnet_region = "us-west1" + }, + ] + + secondary_ranges = { + "${local.subnet_01}" = [ + { + range_name = "${local.subnet_01}-01" + ip_cidr_range = "192.168.64.0/24" + }, + { + range_name = "${local.subnet_01}-02" + ip_cidr_range = "192.168.65.0/24" + }, + ] + + "${local.subnet_02}" = [] + + "${local.subnet_03}" = [ + { + range_name = "${local.subnet_03}-01" + ip_cidr_range = "192.168.66.0/24" + }, + ] + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/secondary_ranges/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/secondary_ranges/outputs.tf new file mode 100644 index 000000000..6c3f49cb4 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/secondary_ranges/outputs.tf @@ -0,0 +1,65 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "network_name" { + value = module.vpc-secondary-ranges.network_name + description = "The name of the VPC being created" +} + +output "network_self_link" { + value = module.vpc-secondary-ranges.network_self_link + description = "The URI of the VPC being created" +} + +output "project_id" { + value = module.vpc-secondary-ranges.project_id + description = "VPC project id" +} + +output "subnets_names" { + value = module.vpc-secondary-ranges.subnets_names + description = "The names of the subnets being created" +} + +output "subnets_ips" { + value = module.vpc-secondary-ranges.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "subnets_regions" { + value = module.vpc-secondary-ranges.subnets_regions + description = "The region where subnets will be created" +} + +output "subnets_private_access" { + value = module.vpc-secondary-ranges.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "subnets_flow_logs" { + value = module.vpc-secondary-ranges.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "subnets_secondary_ranges" { + value = flatten(module.vpc-secondary-ranges.subnets_secondary_ranges) + description = "The secondary ranges associated with these subnets" +} + +output "route_names" { + value = module.vpc-secondary-ranges.route_names + description = "The routes associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/secondary_ranges/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/secondary_ranges/variables.tf new file mode 100644 index 000000000..add931101 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/secondary_ranges/variables.tf @@ -0,0 +1,23 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to host the network in" +} + +variable "network_name" { + description = "The name of the VPC network being created" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/secondary_ranges/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/secondary_ranges/versions.tf new file mode 100644 index 000000000..27ba8fc12 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/secondary_ranges/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/simple_project/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/simple_project/README.md new file mode 100644 index 000000000..a4325668c --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/simple_project/README.md @@ -0,0 +1,30 @@ +# Simple Project + +This example configures a single simple VPC inside of a project. + +This VPC has two subnets, with no secondary ranges. + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| network\_name | The name of the VPC network being created | string | n/a | yes | +| project\_id | The project ID to host the network in | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| network\_name | The name of the VPC being created | +| network\_self\_link | The URI of the VPC being created | +| project\_id | VPC project id | +| route\_names | The routes associated with this VPC | +| subnets\_flow\_logs | Whether the subnets will have VPC flow logs enabled | +| subnets\_ips | The IP and cidrs of the subnets being created | +| subnets\_names | The names of the subnets being created | +| subnets\_private\_access | Whether the subnets will have access to Google API's without a public IP | +| subnets\_regions | The region where subnets will be created | +| subnets\_secondary\_ranges | The secondary ranges associated with these subnets | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/simple_project/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/simple_project/main.tf new file mode 100644 index 000000000..5d18bb239 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/simple_project/main.tf @@ -0,0 +1,59 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 3.3.0" +} + +provider "null" { + version = "~> 2.1" +} + +locals { + subnet_01 = "${var.network_name}-subnet-01" + subnet_02 = "${var.network_name}-subnet-02" + subnet_03 = "${var.network_name}-subnet-03" +} + +module "test-vpc-module" { + source = "../../" + project_id = var.project_id + network_name = var.network_name + + subnets = [ + { + subnet_name = "${local.subnet_01}" + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + subnet_name = "${local.subnet_02}" + subnet_ip = "10.10.20.0/24" + subnet_region = "us-west1" + subnet_private_access = "true" + subnet_flow_logs = "true" + }, + { + subnet_name = "${local.subnet_03}" + subnet_ip = "10.10.30.0/24" + subnet_region = "us-west1" + subnet_flow_logs = "true" + subnet_flow_logs_interval = "INTERVAL_10_MIN" + subnet_flow_logs_sampling = 0.7 + subnet_flow_logs_metadata = "INCLUDE_ALL_METADATA" + } + ] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/simple_project/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/simple_project/outputs.tf new file mode 100644 index 000000000..f69ae0437 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/simple_project/outputs.tf @@ -0,0 +1,65 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "network_name" { + value = module.test-vpc-module.network_name + description = "The name of the VPC being created" +} + +output "network_self_link" { + value = module.test-vpc-module.network_self_link + description = "The URI of the VPC being created" +} + +output "project_id" { + value = module.test-vpc-module.project_id + description = "VPC project id" +} + +output "subnets_names" { + value = module.test-vpc-module.subnets_names + description = "The names of the subnets being created" +} + +output "subnets_ips" { + value = module.test-vpc-module.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "subnets_regions" { + value = module.test-vpc-module.subnets_regions + description = "The region where subnets will be created" +} + +output "subnets_private_access" { + value = module.test-vpc-module.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "subnets_flow_logs" { + value = module.test-vpc-module.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "subnets_secondary_ranges" { + value = module.test-vpc-module.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets" +} + +output "route_names" { + value = module.test-vpc-module.route_names + description = "The routes associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/simple_project/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/simple_project/variables.tf new file mode 100644 index 000000000..add931101 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/simple_project/variables.tf @@ -0,0 +1,23 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to host the network in" +} + +variable "network_name" { + description = "The name of the VPC network being created" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/simple_project/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/simple_project/versions.tf new file mode 100644 index 000000000..27ba8fc12 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/simple_project/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/README.md new file mode 100644 index 000000000..354711e2a --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/README.md @@ -0,0 +1,30 @@ +# Simple Project + +This example configures a single simple regional VPC inside of a project. + +This VPC has two subnets, with no secondary ranges. + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| network\_name | The name of the VPC network being created | string | n/a | yes | +| project\_id | The project ID to host the network in | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| network\_name | The name of the VPC being created | +| network\_self\_link | The URI of the VPC being created | +| project\_id | VPC project id | +| route\_names | The routes associated with this VPC | +| subnets\_flow\_logs | Whether the subnets will have VPC flow logs enabled | +| subnets\_ips | The IP and cidrs of the subnets being created | +| subnets\_names | The names of the subnets being created | +| subnets\_private\_access | Whether the subnets will have access to Google API's without a public IP | +| subnets\_regions | The region where subnets will be created | +| subnets\_secondary\_ranges | The secondary ranges associated with these subnets | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/main.tf new file mode 100644 index 000000000..354b1af41 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/main.tf @@ -0,0 +1,50 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 3.3.0" +} + +provider "null" { + version = "~> 2.1" +} + +locals { + subnet_01 = "${var.network_name}-subnet-01" + subnet_02 = "${var.network_name}-subnet-02" +} + +module "test-vpc-module" { + source = "../../" + project_id = var.project_id + network_name = var.network_name + routing_mode = "REGIONAL" + + subnets = [ + { + subnet_name = "${local.subnet_01}" + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + subnet_name = "${local.subnet_02}" + subnet_ip = "10.10.20.0/24" + subnet_region = "us-west1" + subnet_private_access = "true" + subnet_flow_logs = "true" + }, + ] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/outputs.tf new file mode 100644 index 000000000..f69ae0437 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/outputs.tf @@ -0,0 +1,65 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "network_name" { + value = module.test-vpc-module.network_name + description = "The name of the VPC being created" +} + +output "network_self_link" { + value = module.test-vpc-module.network_self_link + description = "The URI of the VPC being created" +} + +output "project_id" { + value = module.test-vpc-module.project_id + description = "VPC project id" +} + +output "subnets_names" { + value = module.test-vpc-module.subnets_names + description = "The names of the subnets being created" +} + +output "subnets_ips" { + value = module.test-vpc-module.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "subnets_regions" { + value = module.test-vpc-module.subnets_regions + description = "The region where subnets will be created" +} + +output "subnets_private_access" { + value = module.test-vpc-module.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "subnets_flow_logs" { + value = module.test-vpc-module.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "subnets_secondary_ranges" { + value = module.test-vpc-module.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets" +} + +output "route_names" { + value = module.test-vpc-module.route_names + description = "The routes associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/variables.tf new file mode 100644 index 000000000..add931101 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/variables.tf @@ -0,0 +1,23 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to host the network in" +} + +variable "network_name" { + description = "The name of the VPC network being created" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/versions.tf new file mode 100644 index 000000000..27ba8fc12 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_firewall/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_firewall/README.md new file mode 100644 index 000000000..48f2bd1c2 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_firewall/README.md @@ -0,0 +1,32 @@ +# Simple Project With Firewall + +This example configures a single simple VPC inside of a project, and adds a basic firewall. + +This VPC has two subnets, with no secondary ranges. + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| network\_name | The name of the VPC network being created | string | n/a | yes | +| project\_id | The project ID to host the network in | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| admin\_ranges | Firewall attributes for admin ranges. | +| internal\_ranges | Firewall attributes for internal ranges. | +| network\_name | The name of the VPC being created | +| network\_self\_link | The URI of the VPC being created | +| project\_id | VPC project id | +| route\_names | The routes associated with this VPC | +| subnets\_flow\_logs | Whether the subnets will have VPC flow logs enabled | +| subnets\_ips | The IP and cidrs of the subnets being created | +| subnets\_names | The names of the subnets being created | +| subnets\_private\_access | Whether the subnets will have access to Google API's without a public IP | +| subnets\_regions | The region where subnets will be created | +| subnets\_secondary\_ranges | The secondary ranges associated with these subnets | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_firewall/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_firewall/main.tf new file mode 100644 index 000000000..85ed04135 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_firewall/main.tf @@ -0,0 +1,143 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 3.3.0" +} + +provider "null" { + version = "~> 2.1" +} + +locals { + subnet_01 = "${var.network_name}-subnet-01" + subnet_02 = "${var.network_name}-subnet-02" +} + +module "test-vpc-module" { + source = "../../" + project_id = var.project_id + network_name = var.network_name + + subnets = [ + { + subnet_name = local.subnet_01 + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + subnet_name = local.subnet_02 + subnet_ip = "10.10.20.0/24" + subnet_region = "us-west1" + subnet_private_access = "true" + subnet_flow_logs = "true" + }, + ] +} + +// Custom firewall rules +locals { + custom_rules = { + // Example of custom tcp/udp rule + deny-ingress-6534-6566 = { + description = "Deny all INGRESS to port 6534-6566" + direction = "INGRESS" + action = "deny" + ranges = ["0.0.0.0/0"] # source or destination ranges (depends on `direction`) + use_service_accounts = false # if `true` targets/sources expect list of instances SA, if false - list of tags + targets = null # target_service_accounts or target_tags depends on `use_service_accounts` value + sources = null # source_service_accounts or source_tags depends on `use_service_accounts` value + rules = [{ + protocol = "tcp" + ports = ["6534-6566"] + }, + { + protocol = "udp" + ports = ["6534-6566"] + }] + + extra_attributes = { + disabled = true + priority = 95 + } + } + + // Example how to allow connection from instances with `backend` tag, to instances with `databases` tag + allow-backend-to-databases = { + description = "Allow backend nodes connection to databases instances" + direction = "INGRESS" + action = "allow" + ranges = null + use_service_accounts = false + targets = ["databases"] # target_tags + sources = ["backed"] # source_tags + rules = [{ + protocol = "tcp" + ports = ["3306", "5432", "1521", "1433"] + }] + + extra_attributes = {} + } + + // Example how to allow connection from an instance with a given service account + allow-all-admin-sa = { + description = "Allow all traffic from admin sa instances" + direction = "INGRESS" + action = "allow" + ranges = null + use_service_accounts = true + targets = null + sources = ["admin@my-shiny-org.iam.gserviceaccount.com"] + rules = [{ + protocol = "tcp" + ports = null # all ports + }, + { + protocol = "udp" + ports = null # all ports + } + ] + extra_attributes = { + priority = 30 + } + } + } +} + + + +module "test-firewall-submodule" { + source = "../../modules/fabric-net-firewall" + project_id = var.project_id + network = module.test-vpc-module.network_name + internal_ranges_enabled = true + internal_ranges = module.test-vpc-module.subnets_ips + + internal_allow = [ + { + protocol = "icmp" + }, + { + protocol = "tcp", + ports = ["8080", "1000-2000"] + }, + { + protocol = "udp" + # all ports will be opened if `ports` key isn't specified + }, + ] + custom_rules = local.custom_rules +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_firewall/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_firewall/outputs.tf new file mode 100644 index 000000000..182dc845b --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_firewall/outputs.tf @@ -0,0 +1,75 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "network_name" { + value = module.test-vpc-module.network_name + description = "The name of the VPC being created" +} + +output "internal_ranges" { + description = "Firewall attributes for internal ranges." + value = module.test-firewall-submodule.internal_ranges +} + +output "admin_ranges" { + description = "Firewall attributes for admin ranges." + value = module.test-firewall-submodule.admin_ranges +} + +output "network_self_link" { + value = module.test-vpc-module.network_self_link + description = "The URI of the VPC being created" +} + +output "project_id" { + value = module.test-vpc-module.project_id + description = "VPC project id" +} + +output "subnets_names" { + value = module.test-vpc-module.subnets_names + description = "The names of the subnets being created" +} + +output "subnets_ips" { + value = module.test-vpc-module.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "subnets_regions" { + value = module.test-vpc-module.subnets_regions + description = "The region where subnets will be created" +} + +output "subnets_private_access" { + value = module.test-vpc-module.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "subnets_flow_logs" { + value = module.test-vpc-module.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "subnets_secondary_ranges" { + value = module.test-vpc-module.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets" +} + +output "route_names" { + value = module.test-vpc-module.route_names + description = "The routes associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_firewall/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_firewall/variables.tf new file mode 100644 index 000000000..add931101 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_firewall/variables.tf @@ -0,0 +1,23 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to host the network in" +} + +variable "network_name" { + description = "The name of the VPC network being created" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_firewall/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_firewall/versions.tf new file mode 100644 index 000000000..27ba8fc12 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_firewall/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_network_peering/.gitignore b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_network_peering/.gitignore new file mode 100644 index 000000000..1e49b3a62 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_network_peering/.gitignore @@ -0,0 +1 @@ +.tfvars diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_network_peering/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_network_peering/README.md new file mode 100644 index 000000000..4cc9dfdaa --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_network_peering/README.md @@ -0,0 +1,19 @@ +# Simple VPC Network Peering + +This example creates a VPC Network peering between two VPCs. + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| project\_id | The project ID to put the resources in | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| peering1 | Peering1 module output. | +| peering2 | Peering2 module output. | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_network_peering/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_network_peering/main.tf new file mode 100644 index 000000000..7f9e207e7 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_network_peering/main.tf @@ -0,0 +1,66 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 3.3.0" +} + +provider "google-beta" { + version = "~> 3.3.0" +} + +provider "null" { + version = "~> 2.1" +} + +module "local-network" { + source = "../../" + project_id = var.project_id + network_name = "local-network" + subnets = [] +} + +module "peer-network-1" { + source = "../../" + project_id = var.project_id + network_name = "peer-network-1" + subnets = [] +} + +module "peer-network-2" { + source = "../../" + project_id = var.project_id + network_name = "peer-network-2" + subnets = [] +} + +module "peering-1" { + source = "../../modules/network-peering" + + local_network = module.local-network.network_self_link + peer_network = module.peer-network-1.network_self_link + export_local_custom_routes = true +} + +module "peering-2" { + source = "../../modules/network-peering" + + local_network = module.local-network.network_self_link + peer_network = module.peer-network-2.network_self_link + export_local_custom_routes = true + + module_depends_on = [module.peering-1.complete] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_network_peering/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_network_peering/outputs.tf new file mode 100644 index 000000000..0beb8220e --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_network_peering/outputs.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "peering1" { + description = "Peering1 module output." + value = module.peering-1 +} + +output "peering2" { + description = "Peering2 module output." + value = module.peering-2 +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_network_peering/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_network_peering/variables.tf new file mode 100644 index 000000000..87cb7f64a --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_network_peering/variables.tf @@ -0,0 +1,20 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to put the resources in" + type = string +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_network_peering/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_network_peering/versions.tf new file mode 100644 index 000000000..27ba8fc12 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_network_peering/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_svpc_access/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_svpc_access/README.md new file mode 100644 index 000000000..c8e66b959 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_svpc_access/README.md @@ -0,0 +1,24 @@ +# Shared VPC with service projects + +This simple example configures a shared VPC, and grants access to it to service projects. + +The VPC has two subnets with no secondary ranges, service projects are configured as follows: + +- the first service project is granted VPC-level access +- the second service project is granted subnet-level access to the second subnet +- the third service project is granted subnet-level access to the first and second subnet + +Subnet-level access in this example is only granted to the default GCE service accounts for illustrative purposes. More realistic examples should grant access to other service accounts (possibly including the GKE robot service accounts as per [documentation](https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-shared-vpc)), and project users/groups that need to use the Shared VPC from other projects (eg to create VMs). + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| host\_project\_id | Id of the host project where the shared VPC will be created. | string | n/a | yes | +| network\_name | Name of the shared VPC. | string | `"test-svpc"` | no | +| service\_project\_id | Service project id. | string | n/a | yes | +| service\_project\_number | Service project number. | string | n/a | yes | +| service\_project\_owners | Service project owners, in IAM format. | list | `` | no | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_svpc_access/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_svpc_access/main.tf new file mode 100644 index 000000000..21091d1c7 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_svpc_access/main.tf @@ -0,0 +1,62 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 3.3.0" +} + +provider "null" { + version = "~> 2.1" +} + +locals { + net_data_users = compact(concat( + var.service_project_owners, + ["serviceAccount:${var.service_project_number}@cloudservices.gserviceaccount.com"] + )) +} + +module "net-vpc-shared" { + source = "../.." + project_id = var.host_project_id + network_name = var.network_name + shared_vpc_host = true + + subnets = [ + { + subnet_name = "networking" + subnet_ip = "10.10.10.0/24" + subnet_region = "europe-west1" + }, + { + subnet_name = "data" + subnet_ip = "10.10.20.0/24" + subnet_region = "europe-west1" + }, + ] +} + +module "net-svpc-access" { + source = "../../modules/fabric-net-svpc-access" + host_project_id = module.net-vpc-shared.project_id + service_project_num = 1 + service_project_ids = [var.service_project_id] + host_subnets = ["data"] + host_subnet_regions = ["europe-west1"] + host_subnet_users = { + data = join(",", local.net_data_users) + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_svpc_access/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_svpc_access/outputs.tf new file mode 100644 index 000000000..437465a52 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_svpc_access/outputs.tf @@ -0,0 +1,16 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_svpc_access/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_svpc_access/variables.tf new file mode 100644 index 000000000..346eab79d --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_svpc_access/variables.tf @@ -0,0 +1,37 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "host_project_id" { + description = "Id of the host project where the shared VPC will be created." +} + +variable "service_project_id" { + description = "Service project id." +} + +variable "service_project_number" { + description = "Service project number." +} + +variable "service_project_owners" { + description = "Service project owners, in IAM format." + default = [] +} + +variable "network_name" { + description = "Name of the shared VPC." + default = "test-svpc" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_svpc_access/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_svpc_access/versions.tf new file mode 100644 index 000000000..27ba8fc12 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/examples/submodule_svpc_access/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/helpers/migrate.py b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/helpers/migrate.py new file mode 100755 index 000000000..37a0fd105 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/helpers/migrate.py @@ -0,0 +1,423 @@ +#!/usr/bin/env python3 + +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import argparse +import copy +import subprocess +import sys +import re +import json + +MIGRATIONS = [ + { + "resource_type": "google_compute_network", + "name": "network", + "module": ".module.vpc", + "new_plural": False + }, + { + "resource_type": "google_compute_shared_vpc_host_project", + "name": "shared_vpc_host", + "module": ".module.vpc", + "new_plural": False + }, + { + "resource_type": "google_compute_subnetwork", + "name": "subnetwork", + "module": ".module.subnets", + "for_each_migration": True, + "for_each_migration_key": "id" + }, + { + "resource_type": "google_compute_route", + "name": "route", + "module": ".module.routes", + "for_each_migration": True, + "for_each_migration_key": "id" + }, + { + "resource_type": "null_resource", + "name": "delete_default_internet_gateway_routes", + "module": ".module.routes" + } +] + + +class ModuleMigration: + """ + Migrate the resources from a flat project factory to match the new + module structure created by the G Suite refactor. + """ + + def __init__(self, source_module, state): + self.source_module = source_module + self.state = state + + def moves(self): + """ + Generate the set of old/new resource pairs that will be migrated + to the `destination` module. + """ + resources = self.targets() + for_each_migrations = [] + + moves = [] + for (old, migration) in resources: + new = copy.deepcopy(old) + new.module += migration["module"] + + # Update the copied resource with the "rename" value if it is set + if "rename" in migration: + new.name = migration["rename"] + + old.plural = migration.get("old_plural", True) + new.plural = migration.get("new_plural", True) + + if (migration.get("for_each_migration", False) and + migration.get("old_plural", True)): + for_each_migrations.append((old, new, migration)) + else: + pair = (old.path(), new.path()) + moves.append(pair) + + for_each_moves = self.for_each_moves(for_each_migrations) + return moves + for_each_moves + + def for_each_moves(self, for_each_migrations): + """ + When migrating from count to for_each we need to move the + whole collection first + https://github.com/hashicorp/terraform/issues/22301 + """ + for_each_initial_migration = {} + moves = [] + + for (old, new, migration) in for_each_migrations: + # Do the initial migration of the whole collection + # only once if it hasn't been done yet + key = old.resource_type + "." + old.name + if key not in for_each_initial_migration: + for_each_initial_migration[key] = True + old.plural = False + new.plural = False + + pair = (old.path(), new.path()) + moves.append(pair) + + # Whole collection is moved to new location. Now needs right index + new.plural = True + new_indexed = copy.deepcopy(new) + new_indexed.key = self.state.resource_value( + old, migration["for_each_migration_key"]) + pair = (new.path(), new_indexed.path()) + moves.append(pair) + + return moves + + def targets(self): + """ + A list of resources that will be moved to the new module """ + to_move = [] + + for migration in MIGRATIONS: + resource_type = migration["resource_type"] + resource_name = migration["name"] + matching_resources = self.source_module.get_resources( + resource_type, + resource_name) + to_move += [(r, migration) for r in matching_resources] + + return to_move + + +class TerraformModule: + """ + A Terraform module with associated resources. + """ + + def __init__(self, name, resources): + """ + Create a new module and associate it with a list of resources. + """ + self.name = name + self.resources = resources + + def get_resources(self, resource_type=None, resource_name=None): + """ + Return a list of resources matching the given resource type and name. + """ + + ret = [] + for resource in self.resources: + matches_type = (resource_type is None or + resource_type == resource.resource_type) + + name_pattern = re.compile(r'%s(\[\d+\])?' % resource_name) + matches_name = (resource_name is None or + name_pattern.match(resource.name)) + + if matches_type and matches_name: + ret.append(resource) + + return ret + + def has_resource(self, resource_type=None, resource_name=None): + """ + Does this module contain a resource with the matching type and name? + """ + for resource in self.resources: + matches_type = (resource_type is None or + resource_type == resource.resource_type) + + matches_name = (resource_name is None or + resource_name in resource.name) + + if matches_type and matches_name: + return True + + return False + + def __repr__(self): + return "{}({!r}, {!r})".format( + self.__class__.__name__, + self.name, + [repr(resource) for resource in self.resources]) + + +class TerraformResource: + """ + A Terraform resource, defined by the the identifier of that resource. + """ + + @classmethod + def from_path(cls, path): + """ + Generate a new Terraform resource, based on the fully qualified + Terraform resource path. + """ + if re.match(r'\A[\w.\["/\]-]+\Z', path) is None: + raise ValueError( + "Invalid Terraform resource path {!r}".format(path)) + + parts = path.split(".") + name = parts.pop() + resource_type = parts.pop() + module = ".".join(parts) + return cls(module, resource_type, name) + + def __init__(self, module, resource_type, name): + """ + Create a new TerraformResource from a pre-parsed path. + """ + self.module = module + self.resource_type = resource_type + self.key = None + self.plural = True + + find_suffix = re.match(r'(^.+)\[(\d+)\]', name) + if find_suffix: + self.name = find_suffix.group(1) + self.index = find_suffix.group(2) + else: + self.name = name + self.index = -1 + + def path(self): + """ + Return the fully qualified resource path. + """ + parts = [self.module, self.resource_type, self.name] + if parts[0] == '': + del parts[0] + path = ".".join(parts) + if self.key is not None: + path = "{0}[\"{1}\"]".format(path, self.key) + elif self.index != -1 and self.plural: + path = "{0}[{1}]".format(path, self.index) + return path + + def __repr__(self): + return "{}({!r}, {!r}, {!r})".format( + self.__class__.__name__, + self.module, + self.resource_type, + self.name) + + +class TerraformState: + """ + A Terraform state representation, pulled from terraform state pull + Used for getting values out of individual resources + """ + + def __init__(self): + self.read_state() + + def read_state(self): + """ + Read the terraform state + """ + argv = ["terraform", "state", "pull"] + result = subprocess.run(argv, + capture_output=True, + check=True, + encoding='utf-8') + + self.state = json.loads(result.stdout) + + def resource_value(self, resource, key): + # Find the resource in the state + state_resource_list = [r for r in self.state["resources"] if + r.get("module", "none") == resource.module and + r["type"] == resource.resource_type and + r["name"] == resource.name] + + if (len(state_resource_list) != 1): + raise ValueError( + "Could not find resource list in state for {}" + .format(resource)) + + index = int(resource.index) + # If this a collection use the index to find the right resource, + # otherwise use the first + if (index >= 0): + state_resource = [r for r in state_resource_list[0]["instances"] if + r["index_key"] == index] + + if (len(state_resource) != 1): + raise ValueError( + "Could not find resource in state for {} key {}" + .format(resource, resource.index)) + else: + state_resource = state_resource_list[0]["instances"] + + return state_resource[0]["attributes_flat"][key] + + +def group_by_module(resources): + """ + Group a set of resources according to their containing module. + """ + + groups = {} + for resource in resources: + if resource.module in groups: + groups[resource.module].append(resource) + else: + groups[resource.module] = [resource] + + return [ + TerraformModule(name, contained) + for name, contained in groups.items() + ] + + +def read_resources(): + """ + Read the terraform state at the given path. + """ + argv = ["terraform", "state", "list"] + result = subprocess.run(argv, + capture_output=True, + check=True, + encoding='utf-8') + elements = result.stdout.split("\n") + elements.pop() + return elements + + +def state_changes_for_module(module, state): + """ + Compute the Terraform state changes (deletions and moves) for a single + module. + """ + commands = [] + + migration = ModuleMigration(module, state) + + for (old, new) in migration.moves(): + wrapper = "'{0}'" + argv = ["terraform", + "state", + "mv", + wrapper.format(old), + wrapper.format(new)] + commands.append(argv) + + return commands + + +def migrate(state=None, dryrun=False): + """ + Generate and run terraform state mv commands to migrate resources from one + state structure to another + """ + + # Generate a list of Terraform resource states from the output of + # `terraform state list` + resources = [ + TerraformResource.from_path(path) + for path in read_resources() + ] + + # Group resources based on the module where they're defined. + modules = group_by_module(resources) + + # Filter our list of Terraform modules down to anything that looks like a + # google network original module. We key this off the presence off of + # `terraform-google-network` resource type and names + modules_to_migrate = [ + module for module in modules + if module.has_resource("google_compute_network", "network") + ] + + print("---- Migrating the following modules:") + for module in modules_to_migrate: + print("-- " + module.name) + + # Collect a list of resources for each module + commands = [] + for module in modules_to_migrate: + commands += state_changes_for_module(module, state) + + print("---- Commands to run:") + for argv in commands: + if dryrun: + print(" ".join(argv)) + else: + argv = [arg.strip("'") for arg in argv] + subprocess.run(argv, check=True, encoding='utf-8') + + +def main(argv): + parser = argparser() + args = parser.parse_args(argv[1:]) + + state = TerraformState() + + migrate(state=state, dryrun=args.dryrun) + + +def argparser(): + parser = argparse.ArgumentParser(description='Migrate Terraform state') + parser.add_argument('--dryrun', action='store_true', + help='Print the `terraform state mv` commands instead ' + 'of running the commands.') + return parser + + +if __name__ == "__main__": + main(sys.argv) diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/main.tf new file mode 100644 index 000000000..93794145a --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/main.tf @@ -0,0 +1,51 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/****************************************** + VPC configuration + *****************************************/ +module "vpc" { + source = "./modules/vpc" + network_name = var.network_name + auto_create_subnetworks = var.auto_create_subnetworks + routing_mode = var.routing_mode + project_id = var.project_id + description = var.description + shared_vpc_host = var.shared_vpc_host +} + +/****************************************** + Subnet configuration + *****************************************/ +module "subnets" { + source = "./modules/subnets" + project_id = var.project_id + network_name = module.vpc.network_name + subnets = var.subnets + secondary_ranges = var.secondary_ranges +} + +/****************************************** + Routes + *****************************************/ +module "routes" { + source = "./modules/routes" + project_id = var.project_id + network_name = module.vpc.network_name + routes = var.routes + delete_default_internet_gateway_routes = var.delete_default_internet_gateway_routes + module_depends_on = [module.subnets.subnets] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/fabric-net-firewall/.gitignore b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/fabric-net-firewall/.gitignore new file mode 100644 index 000000000..3f5ca68ad --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/fabric-net-firewall/.gitignore @@ -0,0 +1 @@ +terraform.tfvars diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/fabric-net-firewall/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/fabric-net-firewall/README.md new file mode 100644 index 000000000..7a8fb0a7f --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/fabric-net-firewall/README.md @@ -0,0 +1,98 @@ +# Google Cloud VPC Firewall + +This module allows creation of a minimal VPC firewall, supporting basic configurable rules for IP range-based intra-VPC and administrator ingress, tag-based SSH/HTTP/HTTPS ingress, and custom rule definitions. + +The HTTP and HTTPS rules use the same network tags that are assigned to instances when the "Allow HTTP[S] traffic" checkbox is flagged in the Cloud Console. The SSH rule uses a generic `ssh` tag. + +All IP source ranges are configurable through variables, and are set by default to `0.0.0.0/0` for tag-based rules. Allowed protocols and/or ports for the intra-VPC rule are also configurable through a variable. + +Custom rules are set through a map where keys are rule names, and values use this custom type: + +```hcl +map(object({ + description = string + direction = string # (INGRESS|EGRESS) + action = string # (allow|deny) + ranges = list(string) # list of IP CIDR ranges + sources = list(string) # tags or SAs (ignored for EGRESS) + targets = list(string) # tags or SAs + use_service_accounts = bool # use tags or SAs in sources/targets + rules = list(object({ + protocol = string + ports = list(string) + })) + extra_attributes = map(string) # map, optional keys disabled or priority +})) +``` + +The resources created/managed by this module are: + +- one optional ingress rule from internal CIDR ranges, only allowing ICMP by default +- one optional ingress rule from admin CIDR ranges, allowing all protocols on all ports +- one optional ingress rule for SSH on network tag `ssh` +- one optional ingress rule for HTTP on network tag `http-server` +- one optional ingress rule for HTTPS on network tag `https-server` +- one or more optional custom rules + + +## Usage + +Basic usage of this module is as follows: + +```hcl +module "net-firewall" { + source = "terraform-google-modules/network/google//modules/fabric-net-firewall" + project_id = "my-project" + network = "my-vpc" + internal_ranges_enabled = true + internal_ranges = ["10.0.0.0/0"] + custom_rules = { + ingress-sample = { + description = "Dummy sample ingress rule, tag-based." + direction = "INGRESS" + action = "allow" + ranges = ["192.168.0.0"] + sources = ["spam-tag"] + targets = ["foo-tag", "egg-tag"] + use_service_accounts = false + rules = [ + { + protocol = "tcp" + ports = [] + } + ] + extra_attributes = {} + } + } +} +``` + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| admin\_ranges | IP CIDR ranges that have complete access to all subnets. | list | `` | no | +| admin\_ranges\_enabled | Enable admin ranges-based rules. | string | `"false"` | no | +| custom\_rules | List of custom rule definitions (refer to variables file for syntax). | object | `` | no | +| http\_source\_ranges | List of IP CIDR ranges for tag-based HTTP rule, defaults to 0.0.0.0/0. | list | `` | no | +| https\_source\_ranges | List of IP CIDR ranges for tag-based HTTPS rule, defaults to 0.0.0.0/0. | list | `` | no | +| internal\_allow | Allow rules for internal ranges. | list | `` | no | +| internal\_ranges | IP CIDR ranges for intra-VPC rules. | list | `` | no | +| internal\_ranges\_enabled | Create rules for intra-VPC ranges. | string | `"false"` | no | +| network | Name of the network this set of firewall rules applies to. | string | n/a | yes | +| project\_id | Project id of the project that holds the network. | string | n/a | yes | +| ssh\_source\_ranges | List of IP CIDR ranges for tag-based SSH rule, defaults to 0.0.0.0/0. | list | `` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| admin\_ranges | Admin ranges data. | +| custom\_egress\_allow\_rules | Custom egress rules with allow blocks. | +| custom\_egress\_deny\_rules | Custom egress rules with allow blocks. | +| custom\_ingress\_allow\_rules | Custom ingress rules with allow blocks. | +| custom\_ingress\_deny\_rules | Custom ingress rules with deny blocks. | +| internal\_ranges | Internal ranges. | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/fabric-net-firewall/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/fabric-net-firewall/main.tf new file mode 100644 index 000000000..89b969152 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/fabric-net-firewall/main.tf @@ -0,0 +1,157 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +############################################################################### +# rules based on IP ranges +############################################################################### + +resource "google_compute_firewall" "allow-internal" { + count = var.internal_ranges_enabled == true && length(var.internal_allow) > 0 ? 1 : 0 + name = "${var.network}-ingress-internal" + description = "Allow ingress traffic from internal IP ranges" + network = var.network + project = var.project_id + source_ranges = var.internal_ranges + + dynamic "allow" { + for_each = [for rule in var.internal_allow : + { + protocol = lookup(rule, "protocol", null) + ports = lookup(rule, "ports", null) + } + ] + content { + protocol = allow.value.protocol + ports = allow.value.ports + } + } + +} + + + + + +resource "google_compute_firewall" "allow-admins" { + count = var.admin_ranges_enabled == true ? 1 : 0 + name = "${var.network}-ingress-admins" + description = "Access from the admin subnet to all subnets" + network = var.network + project = var.project_id + source_ranges = var.admin_ranges + + allow { + protocol = "icmp" + } + + allow { + protocol = "tcp" + } + + allow { + protocol = "udp" + } +} + +############################################################################### +# rules based on tags +############################################################################### + +resource "google_compute_firewall" "allow-tag-ssh" { + count = length(var.ssh_source_ranges) > 0 ? 1 : 0 + name = "${var.network}-ingress-tag-ssh" + description = "Allow SSH to machines with the 'ssh' tag" + network = var.network + project = var.project_id + source_ranges = var.ssh_source_ranges + target_tags = ["ssh"] + + allow { + protocol = "tcp" + ports = ["22"] + } +} + +resource "google_compute_firewall" "allow-tag-http" { + count = length(var.http_source_ranges) > 0 ? 1 : 0 + name = "${var.network}-ingress-tag-http" + description = "Allow HTTP to machines with the 'http-server' tag" + network = var.network + project = var.project_id + source_ranges = var.http_source_ranges + target_tags = ["http-server"] + + allow { + protocol = "tcp" + ports = ["80"] + } +} + +resource "google_compute_firewall" "allow-tag-https" { + count = length(var.https_source_ranges) > 0 ? 1 : 0 + name = "${var.network}-ingress-tag-https" + description = "Allow HTTPS to machines with the 'https' tag" + network = var.network + project = var.project_id + source_ranges = var.https_source_ranges + target_tags = ["https-server"] + + allow { + protocol = "tcp" + ports = ["443"] + } +} + +################################################################################ +# dynamic rules # +################################################################################ + +resource "google_compute_firewall" "custom" { + # provider = "google-beta" + for_each = var.custom_rules + name = each.key + description = each.value.description + direction = each.value.direction + network = var.network + project = var.project_id + source_ranges = each.value.direction == "INGRESS" ? each.value.ranges : null + destination_ranges = each.value.direction == "EGRESS" ? each.value.ranges : null + source_tags = each.value.use_service_accounts || each.value.direction == "EGRESS" ? null : each.value.sources + source_service_accounts = each.value.use_service_accounts && each.value.direction == "INGRESS" ? each.value.sources : null + target_tags = each.value.use_service_accounts ? null : each.value.targets + target_service_accounts = each.value.use_service_accounts ? each.value.targets : null + disabled = lookup(each.value.extra_attributes, "disabled", false) + priority = lookup(each.value.extra_attributes, "priority", 1000) + enable_logging = lookup(each.value.extra_attributes, "enable_logging", null) + + dynamic "allow" { + for_each = [for rule in each.value.rules : rule if each.value.action == "allow"] + iterator = rule + content { + protocol = rule.value.protocol + ports = rule.value.ports + } + } + + dynamic "deny" { + for_each = [for rule in each.value.rules : rule if each.value.action == "deny"] + iterator = rule + content { + protocol = rule.value.protocol + ports = rule.value.ports + } + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/fabric-net-firewall/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/fabric-net-firewall/outputs.tf new file mode 100644 index 000000000..6a36296f7 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/fabric-net-firewall/outputs.tf @@ -0,0 +1,65 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "internal_ranges" { + description = "Internal ranges." + + value = { + enabled = var.internal_ranges_enabled + ranges = var.internal_ranges_enabled ? join(",", var.internal_ranges) : "" + } +} + +output "admin_ranges" { + description = "Admin ranges data." + + value = { + enabled = var.admin_ranges_enabled + ranges = var.admin_ranges_enabled ? join(",", var.admin_ranges) : "" + } +} + +output "custom_ingress_allow_rules" { + description = "Custom ingress rules with allow blocks." + value = [ + for rule in google_compute_firewall.custom : + rule.name if rule.direction == "INGRESS" && length(rule.allow) > 0 + ] +} + +output "custom_ingress_deny_rules" { + description = "Custom ingress rules with deny blocks." + value = [ + for rule in google_compute_firewall.custom : + rule.name if rule.direction == "INGRESS" && length(rule.deny) > 0 + ] +} + +output "custom_egress_allow_rules" { + description = "Custom egress rules with allow blocks." + value = [ + for rule in google_compute_firewall.custom : + rule.name if rule.direction == "EGRESS" && length(rule.allow) > 0 + ] +} + +output "custom_egress_deny_rules" { + description = "Custom egress rules with allow blocks." + value = [ + for rule in google_compute_firewall.custom : + rule.name if rule.direction == "EGRESS" && length(rule.deny) > 0 + ] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/fabric-net-firewall/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/fabric-net-firewall/variables.tf new file mode 100644 index 000000000..80249cb94 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/fabric-net-firewall/variables.tf @@ -0,0 +1,86 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "network" { + description = "Name of the network this set of firewall rules applies to." +} + +variable "project_id" { + description = "Project id of the project that holds the network." +} + +variable "internal_ranges_enabled" { + description = "Create rules for intra-VPC ranges." + default = false +} + +variable "internal_ranges" { + description = "IP CIDR ranges for intra-VPC rules." + default = [] +} + +variable "internal_allow" { + description = "Allow rules for internal ranges." + default = [ + { + protocol = "icmp" + }, + ] +} + +variable "admin_ranges_enabled" { + description = "Enable admin ranges-based rules." + default = false +} + +variable "admin_ranges" { + description = "IP CIDR ranges that have complete access to all subnets." + default = [] +} + +variable "ssh_source_ranges" { + description = "List of IP CIDR ranges for tag-based SSH rule, defaults to 0.0.0.0/0." + default = ["0.0.0.0/0"] +} + +variable "http_source_ranges" { + description = "List of IP CIDR ranges for tag-based HTTP rule, defaults to 0.0.0.0/0." + default = ["0.0.0.0/0"] +} + +variable "https_source_ranges" { + description = "List of IP CIDR ranges for tag-based HTTPS rule, defaults to 0.0.0.0/0." + default = ["0.0.0.0/0"] +} + +variable "custom_rules" { + description = "List of custom rule definitions (refer to variables file for syntax)." + default = {} + type = map(object({ + description = string + direction = string + action = string # (allow|deny) + ranges = list(string) + sources = list(string) + targets = list(string) + use_service_accounts = bool + rules = list(object({ + protocol = string + ports = list(string) + })) + extra_attributes = map(string) + })) +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/fabric-net-firewall/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/fabric-net-firewall/versions.tf new file mode 100644 index 000000000..c1eedd7e1 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/fabric-net-firewall/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" + required_providers { + google = "<4.0,>= 2.12" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/README.md new file mode 100644 index 000000000..3ef174361 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/README.md @@ -0,0 +1,58 @@ +# Google Cloud Shared VPC Access Configuration + +This module allows configuring service project access to a Shared VPC, created with the top-level network module. The module allows: + +- attaching service projects to the Shared VPC host project +- assigning IAM roles for each Shared VPC subnet + +Full details on service project configuration can be found in the Google Cloud documentation on *[Provisioning Shared VPC](https://cloud.google.com/vpc/docs/provisioning-shared-vpc)*, and to *[Setting up clusters with Shared VPC](https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-shared-vpc)*. Details and use cases of using service accounts as role recipients for Shared VPC are in the *[Service accounts as project admins](https://cloud.google.com/vpc/docs/provisioning-shared-vpc#sa-as-spa)* section of the first document above. + +The resources created/managed by this module are: + +- one `google_compute_shared_vpc_service_project` resource for each project where full VPC access is needed +- one `google_compute_subnetwork_iam_binding` for each subnetwork where individual subnetwork access is needed + +## Usage + +Basic usage of this module is as follows: + +```hcl +module "net-shared-vpc-access" { + source = "terraform-google-modules/network/google//modules/fabric-net-svpc-access" + version = "~> 1.4.0" + host_project_id = "my-host-project-id" + service_project_num = 1 + service_project_ids = ["my-service-project-id"] + host_subnets = ["my-subnet"] + host_subnet_regions = ["europe-west1"] + host_subnet_users = { + my-subnet = "group:my-service-owners@example.org,serviceAccount:1234567890@cloudservices.gserviceaccount.com" + } + host_service_agent_role = true + host_service_agent_users = [ + "serviceAccount:service-123456789@container-engine-robot.iam.gserviceaccount.com" + ] +} +``` + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| host\_project\_id | Project id of the shared VPC host project. | string | n/a | yes | +| host\_service\_agent\_role | Assign host service agent role to users in host_service_agent_users variable. | bool | `"false"` | no | +| host\_service\_agent\_users | List of IAM-style users that will be granted the host service agent role on the host project. | list(string) | `` | no | +| host\_subnet\_regions | List of subnet regions, one per subnet. | list(string) | `` | no | +| host\_subnet\_users | Map of comma-delimited IAM-style members to which network user roles for subnets will be assigned. | map(any) | `` | no | +| host\_subnets | List of subnet names on which to grant network user role. | list(string) | `` | no | +| service\_project\_ids | Ids of the service projects that will be attached to the Shared VPC. | list(string) | n/a | yes | +| service\_project\_num | Number of service projects that will be attached to the Shared VPC. | number | `"0"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| service\_projects | Project ids of the services with access to all subnets. | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/main.tf new file mode 100644 index 000000000..a51c74b7b --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/main.tf @@ -0,0 +1,40 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +resource "google_compute_shared_vpc_service_project" "projects" { + count = var.service_project_num + host_project = var.host_project_id + service_project = element(var.service_project_ids, count.index) +} + +resource "google_compute_subnetwork_iam_binding" "network_users" { + count = length(var.host_subnets) + project = var.host_project_id + region = element(var.host_subnet_regions, count.index) + subnetwork = element(var.host_subnets, count.index) + role = "roles/compute.networkUser" + + members = compact(split(",", lookup(var.host_subnet_users, + element(var.host_subnets, count.index)) + )) +} + +resource "google_project_iam_binding" "service_agents" { + count = var.host_service_agent_role ? 1 : 0 + project = var.host_project_id + role = "roles/container.hostServiceAgentUser" + members = var.host_service_agent_users +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/outputs.tf new file mode 100644 index 000000000..dc7925943 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/outputs.tf @@ -0,0 +1,20 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "service_projects" { + description = "Project ids of the services with access to all subnets." + value = google_compute_shared_vpc_service_project.projects.*.service_project +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/variables.tf new file mode 100644 index 000000000..579d2f84b --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/variables.tf @@ -0,0 +1,63 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "host_project_id" { + type = string + description = "Project id of the shared VPC host project." +} + +# passed-in values can be dynamic, so variables used in count need to be separate + +variable "service_project_num" { + type = number + description = "Number of service projects that will be attached to the Shared VPC." + default = 0 +} + +variable "service_project_ids" { + type = list(string) + description = "Ids of the service projects that will be attached to the Shared VPC." +} + +variable "host_subnets" { + type = list(string) + description = "List of subnet names on which to grant network user role." + default = [] +} + +variable "host_subnet_regions" { + type = list(string) + description = "List of subnet regions, one per subnet." + default = [] +} + +variable "host_subnet_users" { + type = map(any) + description = "Map of comma-delimited IAM-style members to which network user roles for subnets will be assigned." + default = {} +} + +variable "host_service_agent_role" { + type = bool + description = "Assign host service agent role to users in host_service_agent_users variable." + default = false +} + +variable "host_service_agent_users" { + type = list(string) + description = "List of IAM-style users that will be granted the host service agent role on the host project." + default = [] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/versions.tf new file mode 100644 index 000000000..c1eedd7e1 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" + required_providers { + google = "<4.0,>= 2.12" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/network-peering/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/network-peering/README.md new file mode 100644 index 000000000..41f0fdf4f --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/network-peering/README.md @@ -0,0 +1,66 @@ +# Google Network Peering + +This module allows creation of a [VPC Network Peering](https://cloud.google.com/vpc/docs/vpc-peering) between two networks. + +The resources created/managed by this module are: + +- one network peering from `local network` to `peer network` +- one network peering from `peer network` to `local network` + +## Usage + +Basic usage of this module is as follows: + +```hcl +module "peering" { + source = "terraform-google-modules/network/google//modules/network-peering" + + prefix = "name-prefix" + local_network = "" + peer_network = "" +} +``` + +If you need to create more than one peering for the same VPC Network `(A -> B, A -> C)` you have to use output from the first module as a dependency for the second one to keep order of peering creation (It is not currently possible to create more than one peering connection for a VPC Network at the same time). + +```hcl +module "peering-a-b" { + source = "terraform-google-modules/network/google//modules/network-peering" + + prefix = "name-prefix" + local_network = "" + peer_network = "" +} + +module "peering-a-c" { + source = "terraform-google-modules/network/google//modules/network-peering" + + prefix = "name-prefix" + local_network = "" + peer_network = "" + + module_depends_on = [module.peering-a-b.complete] +} +``` + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| export\_local\_custom\_routes | Export custom routes to peer network from local network. | bool | `"false"` | no | +| export\_peer\_custom\_routes | Export custom routes to local network from peer network. | bool | `"false"` | no | +| local\_network | Resource link of the network to add a peering to. | string | n/a | yes | +| module\_depends\_on | List of modules or resources this module depends on. | list | `` | no | +| peer\_network | Resource link of the peer network. | string | n/a | yes | +| prefix | Name prefix for the network peerings | string | `"network-peering"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| complete | Output to be used as a module dependency. | +| local\_network\_peering | Network peering resource. | +| peer\_network\_peering | Peer network peering resource. | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/network-peering/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/network-peering/main.tf new file mode 100644 index 000000000..722734b81 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/network-peering/main.tf @@ -0,0 +1,52 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + local_network_name = element(reverse(split("/", var.local_network)), 0) + peer_network_name = element(reverse(split("/", var.peer_network)), 0) +} + +resource "google_compute_network_peering" "local_network_peering" { + provider = "google-beta" + name = "${var.prefix}-${local.local_network_name}-${local.peer_network_name}" + network = var.local_network + peer_network = var.peer_network + export_custom_routes = var.export_local_custom_routes + import_custom_routes = var.export_peer_custom_routes + + depends_on = ["null_resource.module_depends_on"] +} + +resource "google_compute_network_peering" "peer_network_peering" { + provider = "google-beta" + name = "${var.prefix}-${local.peer_network_name}-${local.local_network_name}" + network = var.peer_network + peer_network = var.local_network + export_custom_routes = var.export_peer_custom_routes + import_custom_routes = var.export_local_custom_routes + + depends_on = ["null_resource.module_depends_on", "google_compute_network_peering.local_network_peering"] +} + +resource "null_resource" "module_depends_on" { + triggers = { + value = length(var.module_depends_on) + } +} + +resource "null_resource" "complete" { + depends_on = ["google_compute_network_peering.local_network_peering", "google_compute_network_peering.peer_network_peering"] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/network-peering/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/network-peering/outputs.tf new file mode 100644 index 000000000..2f7606226 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/network-peering/outputs.tf @@ -0,0 +1,30 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "local_network_peering" { + description = "Network peering resource." + value = google_compute_network_peering.local_network_peering +} + +output "peer_network_peering" { + description = "Peer network peering resource." + value = google_compute_network_peering.peer_network_peering +} + +output "complete" { + description = "Output to be used as a module dependency." + value = null_resource.complete.id +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/network-peering/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/network-peering/variables.tf new file mode 100644 index 000000000..b528440ff --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/network-peering/variables.tf @@ -0,0 +1,49 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "prefix" { + description = "Name prefix for the network peerings" + type = string + default = "network-peering" +} + +variable "local_network" { + description = "Resource link of the network to add a peering to." + type = string +} + +variable "peer_network" { + description = "Resource link of the peer network." + type = string +} + +variable "export_peer_custom_routes" { + description = "Export custom routes to local network from peer network." + type = bool + default = false +} + +variable "export_local_custom_routes" { + description = "Export custom routes to peer network from local network." + type = bool + default = false +} + +variable "module_depends_on" { + description = "List of modules or resources this module depends on." + type = list + default = [] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/network-peering/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/network-peering/versions.tf new file mode 100644 index 000000000..c1eedd7e1 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/network-peering/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" + required_providers { + google = "<4.0,>= 2.12" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/routes-beta/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/routes-beta/README.md new file mode 100644 index 000000000..058e3e468 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/routes-beta/README.md @@ -0,0 +1,91 @@ +# Terraform Network Beta Module + +This submodule is part of the the `terraform-google-network` module. It creates the individual vpc routes and optionally deletes the default internet gateway routes. + +It supports creating: + +- Routes within vpc network. +- Optionally deletes the default internet gateway routes. + +It also uses google beta provider to support the following resource fields: + +- google_compute_route.next_hop_ilb + +## Usage + +Basic usage of this submodule is as follows: + +```hcl +module "vpc" { + source = "terraform-google-modules/network/google//modules/routes-beta" + version = "~> 2.0.0" + + project_id = "" + network_name = "example-vpc" + + delete_default_internet_gateway_routes = false + + routes = [ + { + name = "egress-internet" + description = "route through IGW to access internet" + destination_range = "0.0.0.0/0" + tags = "egress-inet" + next_hop_internet = "true" + }, + { + name = "app-proxy" + description = "route through proxy to reach app" + destination_range = "10.50.10.0/24" + tags = "app-proxy" + next_hop_instance = "app-proxy-instance" + next_hop_instance_zone = "us-west1-a" + }, + { + name = "test-proxy" + description = "route through idp to reach app" + destination_range = "10.50.10.0/24" + tags = "app-proxy" + next_hop_ilb = var.ilb_link + }, + ] +} +``` + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| delete\_default\_internet\_gateway\_routes | If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted | string | `"false"` | no | +| module\_depends\_on | List of modules or resources this module depends on. | list | `` | no | +| network\_name | The name of the network where routes will be created | string | n/a | yes | +| project\_id | The ID of the project where the routes will be created | string | n/a | yes | +| routes | List of routes being created in this VPC | list(map(string)) | `` | no | +| routes\_count | Amount of routes being created in this VPC | number | `"0"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| routes | The created routes resources | + + + + +### Routes Input + +The routes list contains maps, where each object represents a route. For the next_hop_* inputs, only one is possible to be used in each route. Having two next_hop_* inputs will produce an error. Each map has the following inputs (please see examples folder for additional references): + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| name | The name of the route being created | string | - | no | +| description | The description of the route being created | string | - | no | +| tags | The network tags assigned to this route. This is a list in string format. Eg. "tag-01,tag-02"| string | - | yes | +| destination\_range | The destination range of outgoing packets that this route applies to. Only IPv4 is supported | string | - | yes +| next\_hop\_internet | Whether the next hop to this route will the default internet gateway. Use "true" to enable this as next hop | string | `"false"` | yes | +| next\_hop\_ip | Network IP address of an instance that should handle matching packets | string | - | yes | +| next\_hop\_instance | URL or name of an instance that should handle matching packets. If just name is specified "next\_hop\_instance\_zone" is required | string | - | yes | +| next\_hop\_instance\_zone | The zone of the instance specified in next\_hop\_instance. Only required if next\_hop\_instance is specified as a name | string | - | no | +| next\_hop\_vpn\_tunnel | URL to a VpnTunnel that should handle matching packets | string | - | yes | +| priority | The priority of this route. Priority is used to break ties in cases where there is more than one matching route of equal prefix length. In the case of two routes with equal prefix length, the one with the lowest-numbered priority value wins | string | `"1000"` | yes | diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/routes-beta/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/routes-beta/main.tf new file mode 100644 index 000000000..686bdf37a --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/routes-beta/main.tf @@ -0,0 +1,56 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/****************************************** + Routes + *****************************************/ +resource "google_compute_route" "route" { + provider = google-beta + count = var.routes_count + + project = var.project_id + network = var.network_name + + name = lookup(var.routes[count.index], "name", format("%s-%s-%d", lower(var.network_name), "route", count.index)) + description = lookup(var.routes[count.index], "description", null) + tags = compact(split(",", lookup(var.routes[count.index], "tags", ""))) + dest_range = lookup(var.routes[count.index], "destination_range", null) + next_hop_gateway = lookup(var.routes[count.index], "next_hop_internet", "false") == "true" ? "default-internet-gateway" : "" + next_hop_ip = lookup(var.routes[count.index], "next_hop_ip", null) + next_hop_instance = lookup(var.routes[count.index], "next_hop_instance", null) + next_hop_instance_zone = lookup(var.routes[count.index], "next_hop_instance_zone", null) + next_hop_vpn_tunnel = lookup(var.routes[count.index], "next_hop_vpn_tunnel", null) + next_hop_ilb = lookup(var.routes[count.index], "next_hop_ilb", null) + priority = lookup(var.routes[count.index], "priority", null) + + depends_on = [var.module_depends_on] +} + +resource "null_resource" "delete_default_internet_gateway_routes" { + count = var.delete_default_internet_gateway_routes ? 1 : 0 + + provisioner "local-exec" { + command = "${path.module}/scripts/delete-default-gateway-routes.sh ${var.project_id} ${var.network_name}" + } + + triggers = { + number_of_routes = length(var.routes) + } + + depends_on = [ + google_compute_route.route, + ] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/routes-beta/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/routes-beta/outputs.tf new file mode 100644 index 000000000..0f672ec67 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/routes-beta/outputs.tf @@ -0,0 +1,20 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "routes" { + value = google_compute_route.route + description = "The created routes resources" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/routes-beta/scripts/delete-default-gateway-routes.sh b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/routes-beta/scripts/delete-default-gateway-routes.sh new file mode 100644 index 000000000..8366d5064 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/routes-beta/scripts/delete-default-gateway-routes.sh @@ -0,0 +1,48 @@ +#!/bin/bash +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +set -e + +if [ -n "${GOOGLE_APPLICATION_CREDENTIALS}" ]; then + export CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE=${GOOGLE_APPLICATION_CREDENTIALS} +fi + +PROJECT_ID=$1 +NETWORK_ID=$2 +FILTERED_ROUTES=$(gcloud compute routes list \ + --project="${PROJECT_ID}" \ + --format="value(name)" \ + --filter=" \ + nextHopGateway:(https://www.googleapis.com/compute/v1/projects/${PROJECT_ID}/global/gateways/default-internet-gateway) \ + AND network:(https://www.googleapis.com/compute/v1/projects/${PROJECT_ID}/global/networks/${NETWORK_ID}) \ + AND name~^default-route \ + " +) + +function delete_internet_gateway_routes { + local routes="${1}" + echo "${routes}" | while read -r line; do + echo "Deleting route ${line}..." + gcloud compute routes delete "${line}" --quiet --project="${PROJECT_ID}" + done +} + +if [ -n "${FILTERED_ROUTES}" ]; then + delete_internet_gateway_routes "${FILTERED_ROUTES}" +else + echo "Default internet gateway route(s) not found; exiting..." +fi + diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/routes-beta/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/routes-beta/variables.tf new file mode 100644 index 000000000..989db81a8 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/routes-beta/variables.tf @@ -0,0 +1,46 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The ID of the project where the routes will be created" +} + +variable "network_name" { + description = "The name of the network where routes will be created" +} + +variable "routes" { + type = list(map(string)) + description = "List of routes being created in this VPC" + default = [] +} + +variable "routes_count" { + type = number + description = "Amount of routes being created in this VPC" + default = 0 +} + +variable "delete_default_internet_gateway_routes" { + description = "If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted" + default = "false" +} + +variable "module_depends_on" { + description = "List of modules or resources this module depends on." + type = list + default = [] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/routes-beta/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/routes-beta/versions.tf new file mode 100644 index 000000000..fe58b3536 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/routes-beta/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" + required_providers { + google-beta = "~> 2.19.0" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/routes/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/routes/README.md new file mode 100644 index 000000000..8051ac5de --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/routes/README.md @@ -0,0 +1,79 @@ +# Terraform Network Module + +This submodule is part of the the `terraform-google-network` module. It creates the individual vpc routes and optionally deletes the default internet gateway routes. + +It supports creating: + +- Routes within vpc network. +- Optionally deletes the default internet gateway routes. + +## Usage + +Basic usage of this submodule is as follows: + +```hcl +module "vpc" { + source = "terraform-google-modules/network/google//modules/routes" + version = "~> 2.0.0" + + project_id = "" + network_name = "example-vpc" + + delete_default_internet_gateway_routes = false + + routes = [ + { + name = "egress-internet" + description = "route through IGW to access internet" + destination_range = "0.0.0.0/0" + tags = "egress-inet" + next_hop_internet = "true" + }, + { + name = "app-proxy" + description = "route through proxy to reach app" + destination_range = "10.50.10.0/24" + tags = "app-proxy" + next_hop_instance = "app-proxy-instance" + next_hop_instance_zone = "us-west1-a" + }, + ] +} +``` + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| delete\_default\_internet\_gateway\_routes | If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted | string | `"false"` | no | +| module\_depends\_on | List of modules or resources this module depends on. | list | `` | no | +| network\_name | The name of the network where routes will be created | string | n/a | yes | +| project\_id | The ID of the project where the routes will be created | string | n/a | yes | +| routes | List of routes being created in this VPC | list(map(string)) | `` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| routes | The created routes resources | + + + + +### Routes Input + +The routes list contains maps, where each object represents a route. For the next_hop_* inputs, only one is possible to be used in each route. Having two next_hop_* inputs will produce an error. Each map has the following inputs (please see examples folder for additional references): + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| name | The name of the route being created | string | - | no | +| description | The description of the route being created | string | - | no | +| tags | The network tags assigned to this route. This is a list in string format. Eg. "tag-01,tag-02"| string | - | yes | +| destination\_range | The destination range of outgoing packets that this route applies to. Only IPv4 is supported | string | - | yes +| next\_hop\_internet | Whether the next hop to this route will the default internet gateway. Use "true" to enable this as next hop | string | `"false"` | yes | +| next\_hop\_ip | Network IP address of an instance that should handle matching packets | string | - | yes | +| next\_hop\_instance | URL or name of an instance that should handle matching packets. If just name is specified "next\_hop\_instance\_zone" is required | string | - | yes | +| next\_hop\_instance\_zone | The zone of the instance specified in next\_hop\_instance. Only required if next\_hop\_instance is specified as a name | string | - | no | +| next\_hop\_vpn\_tunnel | URL to a VpnTunnel that should handle matching packets | string | - | yes | +| priority | The priority of this route. Priority is used to break ties in cases where there is more than one matching route of equal prefix length. In the case of two routes with equal prefix length, the one with the lowest-numbered priority value wins | string | `"1000"` | yes | diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/routes/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/routes/main.tf new file mode 100644 index 000000000..839e307a6 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/routes/main.tf @@ -0,0 +1,61 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + routes = { + for i, route in var.routes : + lookup(route, "name", format("%s-%s-%d", lower(var.network_name), "route", i)) => route + } +} + +/****************************************** + Routes + *****************************************/ +resource "google_compute_route" "route" { + for_each = local.routes + + project = var.project_id + network = var.network_name + + name = each.key + description = lookup(each.value, "description", null) + tags = compact(split(",", lookup(each.value, "tags", ""))) + dest_range = lookup(each.value, "destination_range", null) + next_hop_gateway = lookup(each.value, "next_hop_internet", "false") == "true" ? "default-internet-gateway" : null + next_hop_ip = lookup(each.value, "next_hop_ip", null) + next_hop_instance = lookup(each.value, "next_hop_instance", null) + next_hop_instance_zone = lookup(each.value, "next_hop_instance_zone", null) + next_hop_vpn_tunnel = lookup(each.value, "next_hop_vpn_tunnel", null) + priority = lookup(each.value, "priority", null) + + depends_on = [var.module_depends_on] +} + +resource "null_resource" "delete_default_internet_gateway_routes" { + count = var.delete_default_internet_gateway_routes ? 1 : 0 + + provisioner "local-exec" { + command = "${path.module}/scripts/delete-default-gateway-routes.sh ${var.project_id} ${var.network_name}" + } + + triggers = { + number_of_routes = length(var.routes) + } + + depends_on = [ + google_compute_route.route, + ] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/routes/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/routes/outputs.tf new file mode 100644 index 000000000..0f672ec67 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/routes/outputs.tf @@ -0,0 +1,20 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "routes" { + value = google_compute_route.route + description = "The created routes resources" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/routes/scripts/delete-default-gateway-routes.sh b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/routes/scripts/delete-default-gateway-routes.sh new file mode 100755 index 000000000..8366d5064 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/routes/scripts/delete-default-gateway-routes.sh @@ -0,0 +1,48 @@ +#!/bin/bash +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +set -e + +if [ -n "${GOOGLE_APPLICATION_CREDENTIALS}" ]; then + export CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE=${GOOGLE_APPLICATION_CREDENTIALS} +fi + +PROJECT_ID=$1 +NETWORK_ID=$2 +FILTERED_ROUTES=$(gcloud compute routes list \ + --project="${PROJECT_ID}" \ + --format="value(name)" \ + --filter=" \ + nextHopGateway:(https://www.googleapis.com/compute/v1/projects/${PROJECT_ID}/global/gateways/default-internet-gateway) \ + AND network:(https://www.googleapis.com/compute/v1/projects/${PROJECT_ID}/global/networks/${NETWORK_ID}) \ + AND name~^default-route \ + " +) + +function delete_internet_gateway_routes { + local routes="${1}" + echo "${routes}" | while read -r line; do + echo "Deleting route ${line}..." + gcloud compute routes delete "${line}" --quiet --project="${PROJECT_ID}" + done +} + +if [ -n "${FILTERED_ROUTES}" ]; then + delete_internet_gateway_routes "${FILTERED_ROUTES}" +else + echo "Default internet gateway route(s) not found; exiting..." +fi + diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/routes/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/routes/variables.tf new file mode 100644 index 000000000..8eed495ff --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/routes/variables.tf @@ -0,0 +1,40 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The ID of the project where the routes will be created" +} + +variable "network_name" { + description = "The name of the network where routes will be created" +} + +variable "routes" { + type = list(map(string)) + description = "List of routes being created in this VPC" + default = [] +} + +variable "delete_default_internet_gateway_routes" { + description = "If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted" + default = "false" +} + +variable "module_depends_on" { + description = "List of modules or resources this module depends on." + type = list + default = [] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/routes/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/routes/versions.tf new file mode 100644 index 000000000..c1eedd7e1 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/routes/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" + required_providers { + google = "<4.0,>= 2.12" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/subnets-beta/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/subnets-beta/README.md new file mode 100644 index 000000000..e1fc71574 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/subnets-beta/README.md @@ -0,0 +1,95 @@ +# Terraform Network Beta Module + +This submodule is part of the the `terraform-google-network` module. It creates the individual vpc subnets. + +It supports creating: + +- Subnets within vpc network. + +It also uses google beta provider to support the following resource fields: + +- google_compute_subnetwork.purpose +- google_compute_subnetwork.role + +## Usage + +Basic usage of this submodule is as follows: + +```hcl +module "vpc" { + source = "terraform-google-modules/network/google//modules/subnets-beta" + version = "~> 2.0.0" + + project_id = "" + network_name = "example-vpc" + + subnets = [ + { + subnet_name = "subnet-01" + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + subnet_name = "subnet-02" + subnet_ip = "10.10.20.0/24" + subnet_region = "us-west1" + subnet_private_access = "true" + subnet_flow_logs = "true" + description = "This subnet has a description" + purpose = "INTERNAL_HTTPS_LOAD_BALANCER" + role = "ACTIVE" + }, + { + subnet_name = "subnet-03" + subnet_ip = "10.10.30.0/24" + subnet_region = "us-west1" + subnet_flow_logs = "true" + subnet_flow_logs_interval = "INTERVAL_10_MIN" + subnet_flow_logs_sampling = 0.7 + subnet_flow_logs_metadata = "INCLUDE_ALL_METADATA" + } + ] + + secondary_ranges = { + subnet-01 = [ + { + range_name = "subnet-01-secondary-01" + ip_cidr_range = "192.168.64.0/24" + }, + ] + + subnet-02 = [] + } +} +``` + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| module\_depends\_on | List of modules or resources this module depends on. | list | `` | no | +| network\_name | The name of the network where subnets will be created | string | n/a | yes | +| project\_id | The ID of the project where subnets will be created | string | n/a | yes | +| secondary\_ranges | Secondary ranges that will be used in some of the subnets | object | `` | no | +| subnets | The list of subnets being created | list(map(string)) | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| subnets | The created subnet resources | + + + +### Subnet Inputs + +The subnets list contains maps, where each object represents a subnet. Each map has the following inputs (please see examples folder for additional references): + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| subnet\_name | The name of the subnet being created | string | - | yes | +| subnet\_ip | The IP and CIDR range of the subnet being created | string | - | yes | +| subnet\_region | The region where the subnet will be created | string | - | yes | +| subnet\_private\_access | Whether this subnet will have private Google access enabled | string | `"false"` | no | +| subnet\_flow\_logs | Whether the subnet will record and send flow log data to logging | string | `"false"` | no | diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/subnets-beta/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/subnets-beta/main.tf new file mode 100644 index 000000000..4bd88613c --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/subnets-beta/main.tf @@ -0,0 +1,65 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + subnets = { + for x in var.subnets : + "${x.subnet_region}/${x.subnet_name}" => x + } +} + + +/****************************************** + Subnet configuration + *****************************************/ +resource "google_compute_subnetwork" "subnetwork" { + provider = google-beta + for_each = local.subnets + name = each.value.subnet_name + ip_cidr_range = each.value.subnet_ip + region = each.value.subnet_region + private_ip_google_access = lookup(each.value, "subnet_private_access", "false") + dynamic "log_config" { + for_each = lookup(each.value, "subnet_flow_logs", false) ? [{ + aggregation_interval = lookup(each.value, "subnet_flow_logs_interval", null) + flow_sampling = lookup(each.value, "subnet_flow_logs_sampling", null) + metadata = lookup(each.value, "subnet_flow_logs_metadata", null) + }] : [] + content { + aggregation_interval = log_config.value.aggregation_interval + flow_sampling = log_config.value.flow_sampling + metadata = log_config.value.metadata + } + } + network = var.network_name + project = var.project_id + description = lookup(each.value, "description", null) + secondary_ip_range = [ + for i in range( + length( + contains( + keys(var.secondary_ranges), each.value.subnet_name) == true + ? var.secondary_ranges[each.value.subnet_name] + : [] + )) : + var.secondary_ranges[each.value.subnet_name][i] + ] + + purpose = lookup(each.value, "purpose", null) + role = lookup(each.value, "role", null) + + depends_on = [var.module_depends_on] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/subnets-beta/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/subnets-beta/outputs.tf new file mode 100644 index 000000000..6ba07eb1e --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/subnets-beta/outputs.tf @@ -0,0 +1,20 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "subnets" { + value = google_compute_subnetwork.subnetwork + description = "The created subnet resources" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/subnets-beta/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/subnets-beta/variables.tf new file mode 100644 index 000000000..a356b4afd --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/subnets-beta/variables.tf @@ -0,0 +1,40 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The ID of the project where subnets will be created" +} + +variable "network_name" { + description = "The name of the network where subnets will be created" +} + +variable "subnets" { + type = list(map(string)) + description = "The list of subnets being created" +} + +variable "secondary_ranges" { + type = map(list(object({ range_name = string, ip_cidr_range = string }))) + description = "Secondary ranges that will be used in some of the subnets" + default = {} +} + +variable "module_depends_on" { + description = "List of modules or resources this module depends on." + type = list + default = [] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/subnets-beta/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/subnets-beta/versions.tf new file mode 100644 index 000000000..fe58b3536 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/subnets-beta/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" + required_providers { + google-beta = "~> 2.19.0" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/subnets/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/subnets/README.md new file mode 100644 index 000000000..ab2830ee1 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/subnets/README.md @@ -0,0 +1,90 @@ +# Terraform Network Module + +This submodule is part of the the `terraform-google-network` module. It creates the individual vpc subnets. + +It supports creating: + +- Subnets within vpc network. + +## Usage + +Basic usage of this submodule is as follows: + +```hcl +module "vpc" { + source = "terraform-google-modules/network/google//modules/subnets" + version = "~> 2.0.0" + + project_id = "" + network_name = "example-vpc" + + subnets = [ + { + subnet_name = "subnet-01" + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + subnet_name = "subnet-02" + subnet_ip = "10.10.20.0/24" + subnet_region = "us-west1" + subnet_private_access = "true" + subnet_flow_logs = "true" + description = "This subnet has a description" + }, + { + subnet_name = "subnet-03" + subnet_ip = "10.10.30.0/24" + subnet_region = "us-west1" + subnet_flow_logs = "true" + subnet_flow_logs_interval = "INTERVAL_10_MIN" + subnet_flow_logs_sampling = 0.7 + subnet_flow_logs_metadata = "INCLUDE_ALL_METADATA" + } + ] + + secondary_ranges = { + subnet-01 = [ + { + range_name = "subnet-01-secondary-01" + ip_cidr_range = "192.168.64.0/24" + }, + ] + + subnet-02 = [] + } +} +``` + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| network\_name | The name of the network where subnets will be created | string | n/a | yes | +| project\_id | The ID of the project where subnets will be created | string | n/a | yes | +| secondary\_ranges | Secondary ranges that will be used in some of the subnets | object | `` | no | +| subnets | The list of subnets being created | list(map(string)) | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| subnets | The created subnet resources | + + + +### Subnet Inputs + +The subnets list contains maps, where each object represents a subnet. Each map has the following inputs (please see examples folder for additional references): + +| Name | Description | Type | Default | Required | +| ---------------------------- | --------------------------------------------------------------------------------------------------------------- | :----: | :----------------------: | :------: | +| subnet\_name | The name of the subnet being created | string | - | yes | +| subnet\_ip | The IP and CIDR range of the subnet being created | string | - | yes | +| subnet\_region | The region where the subnet will be created | string | - | yes | +| subnet\_private\_access | Whether this subnet will have private Google access enabled | string | `"false"` | no | +| subnet\_flow\_logs | Whether the subnet will record and send flow log data to logging | string | `"false"` | no | +| subnet\_flow\_logs\_interval | If subnet\_flow\_logs is true, sets the aggregation interval for collecting flow logs | string | `"INTERVAL_5_SEC"` | no | +| subnet\_flow\_logs\_sampling | If subnet\_flow\_logs is true, set the sampling rate of VPC flow logs within the subnetwork | string | `"0.5"` | no | +| subnet\_flow\_logs\_metadata | If subnet\_flow\_logs is true, configures whether metadata fields should be added to the reported VPC flow logs | string | `"INCLUDE_ALL_METADATA"` | no | diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/subnets/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/subnets/main.tf new file mode 100644 index 000000000..b9df248b6 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/subnets/main.tf @@ -0,0 +1,59 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + subnets = { + for x in var.subnets : + "${x.subnet_region}/${x.subnet_name}" => x + } +} + + +/****************************************** + Subnet configuration + *****************************************/ +resource "google_compute_subnetwork" "subnetwork" { + for_each = local.subnets + name = each.value.subnet_name + ip_cidr_range = each.value.subnet_ip + region = each.value.subnet_region + private_ip_google_access = lookup(each.value, "subnet_private_access", "false") + dynamic "log_config" { + for_each = lookup(each.value, "subnet_flow_logs", false) ? [{ + aggregation_interval = lookup(each.value, "subnet_flow_logs_interval", "INTERVAL_5_SEC") + flow_sampling = lookup(each.value, "subnet_flow_logs_sampling", "0.5") + metadata = lookup(each.value, "subnet_flow_logs_metadata", "INCLUDE_ALL_METADATA") + }] : [] + content { + aggregation_interval = log_config.value.aggregation_interval + flow_sampling = log_config.value.flow_sampling + metadata = log_config.value.metadata + } + } + network = var.network_name + project = var.project_id + description = lookup(each.value, "description", null) + secondary_ip_range = [ + for i in range( + length( + contains( + keys(var.secondary_ranges), each.value.subnet_name) == true + ? var.secondary_ranges[each.value.subnet_name] + : [] + )) : + var.secondary_ranges[each.value.subnet_name][i] + ] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/subnets/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/subnets/outputs.tf new file mode 100644 index 000000000..6ba07eb1e --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/subnets/outputs.tf @@ -0,0 +1,20 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "subnets" { + value = google_compute_subnetwork.subnetwork + description = "The created subnet resources" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/subnets/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/subnets/variables.tf new file mode 100644 index 000000000..84d7b0992 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/subnets/variables.tf @@ -0,0 +1,34 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The ID of the project where subnets will be created" +} + +variable "network_name" { + description = "The name of the network where subnets will be created" +} + +variable "subnets" { + type = list(map(string)) + description = "The list of subnets being created" +} + +variable "secondary_ranges" { + type = map(list(object({ range_name = string, ip_cidr_range = string }))) + description = "Secondary ranges that will be used in some of the subnets" + default = {} +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/subnets/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/subnets/versions.tf new file mode 100644 index 000000000..c1eedd7e1 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/subnets/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" + required_providers { + google = "<4.0,>= 2.12" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/vpc/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/vpc/README.md new file mode 100644 index 000000000..cae59d021 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/vpc/README.md @@ -0,0 +1,46 @@ +# Terraform Network Module + +This submodule is part of the the `terraform-google-network` module. It creates a vpc network and optionally enables it as a Shared VPC host project. + +It supports creating: + +- A VPC Network +- Optionally enabling the network as a Shared VPC host + +## Usage + +Basic usage of this submodule is as follows: + +```hcl +module "vpc" { + source = "terraform-google-modules/network/google//modules/vpc" + version = "~> 2.0.0" + + project_id = "" + network_name = "example-vpc" + + shared_vpc_host = false +``` + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| auto\_create\_subnetworks | When set to true, the network is created in 'auto subnet mode' and it will create a subnet for each region automatically across the 10.128.0.0/9 address range. When set to false, the network is created in 'custom subnet mode' so the user can explicitly connect subnetwork resources. | bool | `"false"` | no | +| description | An optional description of this resource. The resource must be recreated to modify this field. | string | `""` | no | +| network\_name | The name of the network being created | string | n/a | yes | +| project\_id | The ID of the project where this VPC will be created | string | n/a | yes | +| routing\_mode | The network routing mode (default 'GLOBAL') | string | `"GLOBAL"` | no | +| shared\_vpc\_host | Makes this project a Shared VPC host if 'true' (default 'false') | bool | `"false"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| network | The VPC resource being created | +| network\_name | The name of the VPC being created | +| network\_self\_link | The URI of the VPC being created | +| project\_id | VPC project id | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/vpc/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/vpc/main.tf new file mode 100644 index 000000000..557037938 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/vpc/main.tf @@ -0,0 +1,35 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/****************************************** + VPC configuration + *****************************************/ +resource "google_compute_network" "network" { + name = var.network_name + auto_create_subnetworks = var.auto_create_subnetworks + routing_mode = var.routing_mode + project = var.project_id + description = var.description +} + +/****************************************** + Shared VPC + *****************************************/ +resource "google_compute_shared_vpc_host_project" "shared_vpc_host" { + count = var.shared_vpc_host ? 1 : 0 + project = var.project_id + depends_on = [google_compute_network.network] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/vpc/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/vpc/outputs.tf new file mode 100644 index 000000000..19c9e83e5 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/vpc/outputs.tf @@ -0,0 +1,35 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "network" { + value = google_compute_network.network + description = "The VPC resource being created" +} + +output "network_name" { + value = google_compute_network.network.name + description = "The name of the VPC being created" +} + +output "network_self_link" { + value = google_compute_network.network.self_link + description = "The URI of the VPC being created" +} + +output "project_id" { + value = var.shared_vpc_host ? google_compute_shared_vpc_host_project.shared_vpc_host.*.project[0] : google_compute_network.network.project + description = "VPC project id" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/vpc/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/vpc/variables.tf new file mode 100644 index 000000000..a96751c41 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/vpc/variables.tf @@ -0,0 +1,47 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The ID of the project where this VPC will be created" +} + +variable "network_name" { + description = "The name of the network being created" +} + +variable "routing_mode" { + type = string + default = "GLOBAL" + description = "The network routing mode (default 'GLOBAL')" +} + +variable "shared_vpc_host" { + type = bool + description = "Makes this project a Shared VPC host if 'true' (default 'false')" + default = false +} + +variable "description" { + type = string + description = "An optional description of this resource. The resource must be recreated to modify this field." + default = "" +} + +variable "auto_create_subnetworks" { + type = bool + description = "When set to true, the network is created in 'auto subnet mode' and it will create a subnet for each region automatically across the 10.128.0.0/9 address range. When set to false, the network is created in 'custom subnet mode' so the user can explicitly connect subnetwork resources." + default = false +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/vpc/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/vpc/versions.tf new file mode 100644 index 000000000..c1eedd7e1 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/modules/vpc/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" + required_providers { + google = "<4.0,>= 2.12" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/outputs.tf new file mode 100644 index 000000000..422bd4c06 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/outputs.tf @@ -0,0 +1,80 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "network" { + value = module.vpc + description = "The created network" +} + +output "subnets" { + value = module.subnets.subnets + description = "A map with keys of form subnet_region/subnet_name and values being the outputs of the google_compute_subnetwork resources used to create corresponding subnets." +} + +output "network_name" { + value = module.vpc.network_name + description = "The name of the VPC being created" +} + +output "network_self_link" { + value = module.vpc.network_self_link + description = "The URI of the VPC being created" +} + +output "project_id" { + value = module.vpc.project_id + description = "VPC project id" +} + +output "subnets_names" { + value = [for network in module.subnets.subnets : network.name] + description = "The names of the subnets being created" +} + +output "subnets_ips" { + value = [for network in module.subnets.subnets : network.ip_cidr_range] + description = "The IPs and CIDRs of the subnets being created" +} + +output "subnets_self_links" { + value = [for network in module.subnets.subnets : network.self_link] + description = "The self-links of subnets being created" +} + +output "subnets_regions" { + value = [for network in module.subnets.subnets : network.region] + description = "The region where the subnets will be created" +} + +output "subnets_private_access" { + value = [for network in module.subnets.subnets : network.private_ip_google_access] + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "subnets_flow_logs" { + value = [for network in module.subnets.subnets : length(network.log_config) != 0 ? true : false] + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "subnets_secondary_ranges" { + value = [for network in module.subnets.subnets : network.secondary_ip_range] + description = "The secondary ranges associated with these subnets" +} + +output "route_names" { + value = [for route in module.routes.routes : route.name] + description = "The route names associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/.gitignore b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/.gitignore new file mode 100644 index 000000000..d69ba0d42 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/.gitignore @@ -0,0 +1 @@ +source.sh diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/all_examples/test_output.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/all_examples/test_output.tf new file mode 100644 index 000000000..456f4e14b --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/all_examples/test_output.tf @@ -0,0 +1,23 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// These outputs are used to test the module with inspec +// They do not need to be included in real-world uses of this module + +output "project_id" { + value = var.project_id + description = "The ID of the project to which resources are applied." +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/all_examples/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/all_examples/variables.tf new file mode 100644 index 000000000..c8b58be2b --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/all_examples/variables.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to deploy to" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/main.tf new file mode 100644 index 000000000..cf8dc5d18 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/main.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + network_name = "delete-gw-routes-${var.random_string_for_testing}" +} + +module "example" { + source = "../../../examples/delete_default_gateway_routes" + project_id = var.project_id + network_name = local.network_name +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/outputs.tf new file mode 100644 index 000000000..68e9e0763 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/outputs.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = var.project_id + description = "The ID of the project being used" +} + +output "network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/route.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/route.tf new file mode 100644 index 000000000..f4e72517c --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/route.tf @@ -0,0 +1,30 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# This fixture defines a default internet gateway route that DOESN'T start +# with 'default-route' to test the behavior of the script that deletes +# the default internet gateway routes. + +resource "google_compute_route" "alternative_gateway" { + project = var.project_id + network = module.example.network_name + + name = "alternative-gateway-route" + description = "Alternative gateway route" + dest_range = "0.0.0.0/0" + tags = ["egress-inet"] + next_hop_gateway = "default-internet-gateway" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/variables.tf new file mode 100644 index 000000000..4372ddee8 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/variables.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} + +variable "random_string_for_testing" { + description = "A random string of characters to be appended to resource names to ensure uniqueness" + default = "a1" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/ilb_routing/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/ilb_routing/main.tf new file mode 100644 index 000000000..9dfdf06c4 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/ilb_routing/main.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + network_name = "ilb-routing-${var.random_string_for_testing}" +} + +module "example" { + source = "../../../examples/ilb_routing" + project_id = var.project_id + network_name = local.network_name +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/ilb_routing/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/ilb_routing/outputs.tf new file mode 100644 index 000000000..8add5ef0a --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/ilb_routing/outputs.tf @@ -0,0 +1,60 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = var.project_id + description = "The ID of the project being used" +} + +output "network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_self_link" { + value = module.example.network_self_link + description = "The URI of the VPC being created" +} + +output "output_subnets_names" { + value = module.example.subnets_names + description = "The names of the subnets being created" +} + +output "output_subnets_ips" { + value = module.example.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "output_subnets_regions" { + value = module.example.subnets_regions + description = "The region where subnets will be created" +} + +output "output_routes" { + value = module.example.route_names + description = "The route names associated with this VPC" +} + +output "forwarding_rule" { + value = module.example.forwarding_rule + description = "Forwarding rule link" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/ilb_routing/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/ilb_routing/variables.tf new file mode 100644 index 000000000..4372ddee8 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/ilb_routing/variables.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} + +variable "random_string_for_testing" { + description = "A random string of characters to be appended to resource names to ensure uniqueness" + default = "a1" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/multi_vpc/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/multi_vpc/main.tf new file mode 100644 index 000000000..400a00d34 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/multi_vpc/main.tf @@ -0,0 +1,26 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +locals { + network_01_name = "multi-vpc-${var.random_string_for_testing}-01" + network_02_name = "multi-vpc-${var.random_string_for_testing}-02" +} + +module "example" { + source = "../../../examples/multi_vpc" + project_id = var.project_id + network_01_name = local.network_01_name + network_02_name = local.network_02_name +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/multi_vpc/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/multi_vpc/outputs.tf new file mode 100644 index 000000000..582ee04dc --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/multi_vpc/outputs.tf @@ -0,0 +1,30 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = var.project_id + description = "The ID of the project being used" +} + +output "network_01_name" { + value = local.network_01_name + description = "The name of the VPC network-01" +} + +output "network_02_name" { + value = local.network_02_name + description = "The name of the VPC network-01" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/multi_vpc/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/multi_vpc/variables.tf new file mode 100644 index 000000000..4372ddee8 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/multi_vpc/variables.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} + +variable "random_string_for_testing" { + description = "A random string of characters to be appended to resource names to ensure uniqueness" + default = "a1" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/secondary_ranges/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/secondary_ranges/main.tf new file mode 100644 index 000000000..39c3036b4 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/secondary_ranges/main.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + network_name = "secondary-ranges-${var.random_string_for_testing}" +} + +module "example" { + source = "../../../examples/secondary_ranges" + project_id = var.project_id + network_name = local.network_name +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/secondary_ranges/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/secondary_ranges/outputs.tf new file mode 100644 index 000000000..651f0e000 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/secondary_ranges/outputs.tf @@ -0,0 +1,70 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = var.project_id + description = "The ID of the project being used" +} + +output "network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_self_link" { + value = module.example.network_self_link + description = "The URI of the VPC being created" +} + +output "output_subnets_names" { + value = module.example.subnets_names + description = "The names of the subnets being created" +} + +output "output_subnets_ips" { + value = module.example.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "output_subnets_regions" { + value = module.example.subnets_regions + description = "The region where subnets will be created" +} + +output "output_subnets_private_access" { + value = module.example.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "output_subnets_flow_logs" { + value = module.example.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "output_subnets_secondary_ranges" { + value = module.example.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets" +} + +output "output_routes" { + value = module.example.route_names + description = "The route names associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/secondary_ranges/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/secondary_ranges/variables.tf new file mode 100644 index 000000000..4372ddee8 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/secondary_ranges/variables.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} + +variable "random_string_for_testing" { + description = "A random string of characters to be appended to resource names to ensure uniqueness" + default = "a1" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/simple_project/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/simple_project/main.tf new file mode 100644 index 000000000..20facc00a --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/simple_project/main.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + network_name = "simple-project-${var.random_string_for_testing}" +} + +module "example" { + source = "../../../examples/simple_project" + project_id = var.project_id + network_name = local.network_name +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/simple_project/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/simple_project/outputs.tf new file mode 100644 index 000000000..651f0e000 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/simple_project/outputs.tf @@ -0,0 +1,70 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = var.project_id + description = "The ID of the project being used" +} + +output "network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_self_link" { + value = module.example.network_self_link + description = "The URI of the VPC being created" +} + +output "output_subnets_names" { + value = module.example.subnets_names + description = "The names of the subnets being created" +} + +output "output_subnets_ips" { + value = module.example.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "output_subnets_regions" { + value = module.example.subnets_regions + description = "The region where subnets will be created" +} + +output "output_subnets_private_access" { + value = module.example.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "output_subnets_flow_logs" { + value = module.example.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "output_subnets_secondary_ranges" { + value = module.example.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets" +} + +output "output_routes" { + value = module.example.route_names + description = "The route names associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/simple_project/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/simple_project/variables.tf new file mode 100644 index 000000000..4372ddee8 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/simple_project/variables.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} + +variable "random_string_for_testing" { + description = "A random string of characters to be appended to resource names to ensure uniqueness" + default = "a1" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/simple_project_with_regional_network/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/simple_project_with_regional_network/main.tf new file mode 100644 index 000000000..5853c6b91 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/simple_project_with_regional_network/main.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + network_name = "simple-regional-${var.random_string_for_testing}" +} + +module "example" { + source = "../../../examples/simple_project_with_regional_network" + project_id = var.project_id + network_name = local.network_name +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/simple_project_with_regional_network/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/simple_project_with_regional_network/outputs.tf new file mode 100644 index 000000000..651f0e000 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/simple_project_with_regional_network/outputs.tf @@ -0,0 +1,70 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = var.project_id + description = "The ID of the project being used" +} + +output "network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_self_link" { + value = module.example.network_self_link + description = "The URI of the VPC being created" +} + +output "output_subnets_names" { + value = module.example.subnets_names + description = "The names of the subnets being created" +} + +output "output_subnets_ips" { + value = module.example.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "output_subnets_regions" { + value = module.example.subnets_regions + description = "The region where subnets will be created" +} + +output "output_subnets_private_access" { + value = module.example.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "output_subnets_flow_logs" { + value = module.example.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "output_subnets_secondary_ranges" { + value = module.example.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets" +} + +output "output_routes" { + value = module.example.route_names + description = "The route names associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/simple_project_with_regional_network/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/simple_project_with_regional_network/variables.tf new file mode 100644 index 000000000..4372ddee8 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/simple_project_with_regional_network/variables.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} + +variable "random_string_for_testing" { + description = "A random string of characters to be appended to resource names to ensure uniqueness" + default = "a1" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/submodule_firewall/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/submodule_firewall/main.tf new file mode 100644 index 000000000..398efe434 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/submodule_firewall/main.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + network_name = "submodule-firewall-${var.random_string_for_testing}" +} + +module "example" { + source = "../../../examples/submodule_firewall" + project_id = var.project_id + network_name = local.network_name +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/submodule_firewall/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/submodule_firewall/outputs.tf new file mode 100644 index 000000000..651f0e000 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/submodule_firewall/outputs.tf @@ -0,0 +1,70 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = var.project_id + description = "The ID of the project being used" +} + +output "network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_self_link" { + value = module.example.network_self_link + description = "The URI of the VPC being created" +} + +output "output_subnets_names" { + value = module.example.subnets_names + description = "The names of the subnets being created" +} + +output "output_subnets_ips" { + value = module.example.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "output_subnets_regions" { + value = module.example.subnets_regions + description = "The region where subnets will be created" +} + +output "output_subnets_private_access" { + value = module.example.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "output_subnets_flow_logs" { + value = module.example.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "output_subnets_secondary_ranges" { + value = module.example.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets" +} + +output "output_routes" { + value = module.example.route_names + description = "The route names associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/submodule_firewall/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/submodule_firewall/variables.tf new file mode 100644 index 000000000..4372ddee8 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/submodule_firewall/variables.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} + +variable "random_string_for_testing" { + description = "A random string of characters to be appended to resource names to ensure uniqueness" + default = "a1" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/submodule_network_peering/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/submodule_network_peering/main.tf new file mode 100644 index 000000000..b3c459e0e --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/submodule_network_peering/main.tf @@ -0,0 +1,20 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +module "peerings" { + source = "../../../examples/submodule_network_peering" + project_id = var.project_id +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/submodule_network_peering/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/submodule_network_peering/outputs.tf new file mode 100644 index 000000000..13fb41f55 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/submodule_network_peering/outputs.tf @@ -0,0 +1,23 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = var.project_id +} + +output "peerings" { + value = module.peerings +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/submodule_network_peering/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/submodule_network_peering/variables.tf new file mode 100644 index 000000000..89e4e5786 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/fixtures/submodule_network_peering/variables.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/delete_default_gateway_routes/controls/gcloud.rb b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/delete_default_gateway_routes/controls/gcloud.rb new file mode 100644 index 000000000..d59bdad86 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/delete_default_gateway_routes/controls/gcloud.rb @@ -0,0 +1,45 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') + +control "gcloud" do + title "gcloud configuration" + + # Verify that no routes whose names begin with 'default-route' and whose + # nextHopGateway is the default-internet-gateway exist + describe command("gcloud compute routes list --project=#{project_id} --filter=\"nextHopGateway:https://www.googleapis.com/compute/v1/projects/#{project_id}/global/gateways/default-internet-gateway AND network:https://www.googleapis.com/compute/v1/projects/#{project_id}/global/networks/#{network_name}\" --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "routes" do + it "should only be one" do + expect(data.length).to eq 1 + end + + it "should not begin with 'default-route'" do + expect(data.first["name"]).not_to match(/^default-route/) + end + end + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/delete_default_gateway_routes/inspec.yml b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/delete_default_gateway_routes/inspec.yml new file mode 100644 index 000000000..0b5e75e3d --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/delete_default_gateway_routes/inspec.yml @@ -0,0 +1,8 @@ +name: delete_default_gateway_routes +attributes: + - name: project_id + required: true + type: string + - name: network_name + required: true + type: string diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/ilb_routing/controls/gcloud.rb b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/ilb_routing/controls/gcloud.rb new file mode 100644 index 000000000..e4c3de90b --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/ilb_routing/controls/gcloud.rb @@ -0,0 +1,116 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') +forwarding_rule = attribute('forwarding_rule') + +control "gcloud" do + title "gcloud configuration" + + describe command("gcloud compute networks subnets describe #{network_name}-subnet --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "purpose should be correct" do + expect(data).to include( + "purpose" => "PRIVATE", + ) + end + it "role should not exist" do + expect(data).to_not include( + "role" + ) + end + end + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-01 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "purpose and role should be correct" do + expect(data).to include( + "purpose" => "INTERNAL_HTTPS_LOAD_BALANCER", + "role" => "ACTIVE" + ) + end + end + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-02 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "purpose and role should be correct" do + expect(data).to include( + "purpose" => "INTERNAL_HTTPS_LOAD_BALANCER", + "role" => "BACKUP" + ) + end + end + + describe command("gcloud compute routes describe '#{network_name}-ilb' --project=#{project_id} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "destRange" do + it "should equal '10.10.20.0/24'" do + expect(data["destRange"]).to eq '10.10.20.0/24' + end + end + + describe "tags" do + it "should equal 'egress-inet'" do + expect(data["tags"]).to eq nil + end + end + + describe "nextHopIlb" do + it "should equal the forwarding rule" do + expect(data["nextHopIlb"]).to eq forwarding_rule + end + end + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/ilb_routing/inspec.yml b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/ilb_routing/inspec.yml new file mode 100644 index 000000000..5671b8366 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/ilb_routing/inspec.yml @@ -0,0 +1,15 @@ +name: ilb_routing +depends: + - name: inspec-gcp + git: https://github.com/inspec/inspec-gcp.git + tag: v0.11.0 +attributes: + - name: project_id + required: true + type: string + - name: network_name + required: true + type: string + - name: forwarding_rule + required: true + type: string diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/multi_vpc/controls/gcloud.rb b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/multi_vpc/controls/gcloud.rb new file mode 100644 index 000000000..7c0e1c929 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/multi_vpc/controls/gcloud.rb @@ -0,0 +1,116 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_01_name = attribute('network_01_name') +network_02_name = attribute('network_02_name') + +control "gcloud" do + title "gcloud configuration" + + describe command("gcloud compute routes describe '#{network_01_name}-egress-inet' --project=#{project_id} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + let(:default_internet_gateway) { "https://www.googleapis.com/compute/v1/projects/#{project_id}/global/gateways/default-internet-gateway" } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "destRange" do + it "should equal '0.0.0.0/0'" do + expect(data["destRange"]).to eq '0.0.0.0/0' + end + end + + describe "tags" do + it "should equal 'egress-inet'" do + expect(data["tags"]).to eq ['egress-inet'] + end + end + + describe "nextHopGateway" do + it "should equal the default internet gateway" do + expect(data["nextHopGateway"]).to eq default_internet_gateway + end + end + end + + describe command("gcloud compute routes describe '#{network_02_name}-egress-inet' --project=#{project_id} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + let(:default_internet_gateway) { "https://www.googleapis.com/compute/v1/projects/#{project_id}/global/gateways/default-internet-gateway" } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "destRange" do + it "should equal '0.0.0.0/0'" do + expect(data["destRange"]).to eq '0.0.0.0/0' + end + end + + describe "tags" do + it "should equal 'egress-inet'" do + expect(data["tags"]).to eq ['egress-inet'] + end + end + + describe "nextHopGateway" do + it "should equal the default internet gateway" do + expect(data["nextHopGateway"]).to eq default_internet_gateway + end + end + end + + describe command("gcloud compute routes describe '#{network_02_name}-testapp-proxy' --project=#{project_id} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "destRange" do + it "should equal '10.50.10.0/24'" do + expect(data["destRange"]).to eq '10.50.10.0/24' + end + end + + describe "tags" do + it "should equal 'app-proxy'" do + expect(data["tags"]).to eq ['app-proxy'] + end + end + + describe "nextHopIp" do + it "should equal '10.10.40.10'" do + expect(data["nextHopIp"]).to eq '10.10.40.10' + end + end + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/multi_vpc/inspec.yml b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/multi_vpc/inspec.yml new file mode 100644 index 000000000..4e012dffe --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/multi_vpc/inspec.yml @@ -0,0 +1,11 @@ +name: multi_vpc +attributes: + - name: project_id + required: true + type: string + - name: network_01_name + required: true + type: string + - name: network_02_name + required: true + type: string diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/secondary_ranges/controls/gcloud.rb b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/secondary_ranges/controls/gcloud.rb new file mode 100644 index 000000000..19a1b66da --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/secondary_ranges/controls/gcloud.rb @@ -0,0 +1,101 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') + +control "gcloud" do + title "gcloud configuration" + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-01 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "should have the correct secondaryIpRanges configuration for #{network_name}-subnet-01-01" do + expect(data["secondaryIpRanges"][0]).to include( + "rangeName" => "#{network_name}-subnet-01-01", + "ipCidrRange" => "192.168.64.0/24" + ) + end + + it "should have the correct secondaryIpRanges configuration for #{network_name}-subnet-01-02" do + expect(data["secondaryIpRanges"][1]).to include( + "rangeName" => "#{network_name}-subnet-01-02", + "ipCidrRange" => "192.168.65.0/24" + ) + end + end + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-02 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "should have the correct secondaryIpRanges configuration for #{network_name}-subnet-02" do + expect(data).not_to include("secondaryIpRanges") + end + end + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-03 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "should have the correct secondaryIpRanges configuration for #{network_name}-subnet-03-01" do + expect(data["secondaryIpRanges"][0]).to include( + "rangeName" => "#{network_name}-subnet-03-01", + "ipCidrRange" => "192.168.66.0/24" + ) + end + end + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-04 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "should have the correct secondaryIpRanges configuration for #{network_name}-subnet-04" do + expect(data).not_to include("secondaryIpRanges") + end + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/secondary_ranges/controls/inspec_attributes.rb b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/secondary_ranges/controls/inspec_attributes.rb new file mode 100644 index 000000000..2f9ed48c3 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/secondary_ranges/controls/inspec_attributes.rb @@ -0,0 +1,61 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') + +control "inspec_attributes" do + title "Terraform Outputs" + desc "Terraform Outputs" + + describe attribute("output_network_name") do + it { should eq "#{network_name}" } + end + + describe attribute("output_network_self_link") do + it { should eq "https://www.googleapis.com/compute/v1/projects/#{project_id}/global/networks/#{network_name}" } + end + + describe attribute("output_subnets_ips") do + it { should eq ["10.10.10.0/24", "10.10.20.0/24", "10.10.30.0/24", "10.10.40.0/24"] } + end + + describe attribute("output_routes") do + it { should eq [] } + end + + describe attribute("output_subnets_flow_logs") do + it { should eq [false, true, true, false] } + end + + describe attribute("output_subnets_names") do + it { should eq ["#{network_name}-subnet-01", "#{network_name}-subnet-02", "#{network_name}-subnet-03", "#{network_name}-subnet-04"] } + end + + describe attribute("output_subnets_private_access") do + it { should eq [false, true, false, false] } + end + + describe attribute("output_subnets_regions") do + it { should eq ["us-west1", "us-west1", "us-west1", "us-west1"] } + end + + describe attribute("output_subnets_secondary_ranges") do + it { should eq [{"ip_cidr_range"=>"192.168.64.0/24", "range_name"=>"#{network_name}-subnet-01-01"}, {"ip_cidr_range"=>"192.168.65.0/24", "range_name"=>"#{network_name}-subnet-01-02"}, {"ip_cidr_range"=>"192.168.66.0/24", "range_name"=>"#{network_name}-subnet-03-01"}] } + end + + describe attribute("project_id") do + it { should eq project_id } + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/secondary_ranges/inspec.yml b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/secondary_ranges/inspec.yml new file mode 100644 index 000000000..c11e66122 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/secondary_ranges/inspec.yml @@ -0,0 +1,30 @@ +name: secondary_ranges +attributes: + - name: project_id + required: true + type: string + - name: network_name + required: true + type: string + - name: output_network_name + required: true + type: string + - name: output_network_self_link + required: true + type: string + - name: output_subnets_ips + required: true + - name: output_routes + required: true + - name: output_subnets_flow_logs + required: true + - name: output_subnets_names + required: true + - name: output_subnets_private_access + required: true + - name: output_subnets_regions + required: true + - name: output_subnets_secondary_ranges + required: true + - name: output_project_id + required: true diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/simple_project/controls/gcloud.rb b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/simple_project/controls/gcloud.rb new file mode 100644 index 000000000..0ffad824b --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/simple_project/controls/gcloud.rb @@ -0,0 +1,89 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') + +control "gcloud" do + title "gcloud configuration" + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-01 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "logConfig should not be enabled" do + expect(data).to include( + "logConfig" => { + "enable" => false, + } + ) + end + end + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-02 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "Default log config should be correct" do + expect(data).to include( + "logConfig" => { + "aggregationInterval" => "INTERVAL_5_SEC", + "enable" => true, + "flowSampling" => 0.5, + "metadata" => "INCLUDE_ALL_METADATA" + } + ) + end + end + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-03 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "Log config should be correct" do + expect(data).to include( + "logConfig" => { + "aggregationInterval" => "INTERVAL_10_MIN", + "enable" => true, + "flowSampling" => 0.7, + "metadata" => "INCLUDE_ALL_METADATA" + } + ) + end + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/simple_project/controls/gcp.rb b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/simple_project/controls/gcp.rb new file mode 100644 index 000000000..d48c79da6 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/simple_project/controls/gcp.rb @@ -0,0 +1,57 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') + +control "gcp" do + title "Google Cloud configuration" + + describe google_compute_network( + project: project_id, + name: network_name + ) do + it { should exist } + end + + describe google_compute_subnetwork( + project: project_id, + name: "#{network_name}-subnet-01", + region: "us-west1" + ) do + it { should exist } + its('ip_cidr_range') { should eq "10.10.10.0/24" } + its('private_ip_google_access') { should be false } + end + + describe google_compute_subnetwork( + project: project_id, + name: "#{network_name}-subnet-02", + region: "us-west1" + ) do + it { should exist } + its('ip_cidr_range') { should eq "10.10.20.0/24" } + its('private_ip_google_access') { should be true } + end + + describe google_compute_subnetwork( + project: project_id, + name: "#{network_name}-subnet-03", + region: "us-west1" + ) do + it { should exist } + its('ip_cidr_range') { should eq "10.10.30.0/24" } + its('private_ip_google_access') { should be false } + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/simple_project/inspec.yml b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/simple_project/inspec.yml new file mode 100644 index 000000000..7e69b5296 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/simple_project/inspec.yml @@ -0,0 +1,12 @@ +name: simple_project +depends: + - name: inspec-gcp + git: https://github.com/inspec/inspec-gcp.git + tag: v0.11.0 +attributes: + - name: project_id + required: true + type: string + - name: network_name + required: true + type: string diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/simple_project_with_regional_network/controls/gcp.rb b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/simple_project_with_regional_network/controls/gcp.rb new file mode 100644 index 000000000..84fec52cf --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/simple_project_with_regional_network/controls/gcp.rb @@ -0,0 +1,28 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') + +control "gcp" do + title "Google Cloud configuration" + + describe google_compute_network( + project: project_id, + name: network_name + ) do + it { should exist } + its('routing_config.routing_mode') { should eq 'REGIONAL' } + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/simple_project_with_regional_network/inspec.yml b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/simple_project_with_regional_network/inspec.yml new file mode 100644 index 000000000..b6f43e92f --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/simple_project_with_regional_network/inspec.yml @@ -0,0 +1,12 @@ +name: simple_project_with_regional_network +depends: + - name: inspec-gcp + git: https://github.com/inspec/inspec-gcp.git + tag: v0.11.0 +attributes: + - name: project_id + required: true + type: string + - name: network_name + required: true + type: string diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/submodule_firewall/controls/gcloud.rb b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/submodule_firewall/controls/gcloud.rb new file mode 100644 index 000000000..1bce484f8 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/submodule_firewall/controls/gcloud.rb @@ -0,0 +1,185 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') + +control "gcloud" do + title "gcloud configuration" + + describe command("gcloud compute firewall-rules describe #{network_name}-ingress-internal --project=#{project_id} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "internal rule" do + it "should exist" do + expect(data).to include( + "sourceRanges" => ["10.10.20.0/24", "10.10.10.0/24"] + ) + end + end + + describe "allowed internal rules" do + it "should contain ICMP rule" do + expect(data["allowed"]).to include({"IPProtocol" => "icmp"}) + end + + it "should contain UDP rule" do + expect(data["allowed"]).to include({"IPProtocol" => "udp"}) + end + + it "should contain TCP rule" do + expect(data["allowed"]).to include({"IPProtocol"=>"tcp", "ports"=>["8080", "1000-2000"]}) + end + end + end + + # Custom rules + describe command("gcloud compute firewall-rules describe allow-backend-to-databases --project=#{project_id} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "Custom TAG rule" do + it "has backend tag as source" do + expect(data).to include( + "sourceTags" => ["backed"] + ) + end + + it "has databases tag as target" do + expect(data).to include( + "targetTags" => ["databases"] + ) + end + + it "has expected TCP rule" do + expect(data["allowed"]).to include( + { + "IPProtocol" => "tcp", + "ports" => ["3306", "5432", "1521", "1433"] + } + ) + end + end + end + +describe command("gcloud compute firewall-rules describe deny-ingress-6534-6566 --project=#{project_id} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "deny-ingress-6534-6566" do + it "should be disabled" do + expect(data).to include( + "disabled" => true + ) + end + + it "has 0.0.0.0/0 source range" do + expect(data).to include( + "sourceRanges" => ["0.0.0.0/0"] + ) + end + + it "has expected TCP rules" do + expect(data["denied"]).to include( + { + "IPProtocol" => "tcp", + "ports" => ["6534-6566"] + } + ) + end + + it "has expected UDP rules" do + expect(data["denied"]).to include( + { + "IPProtocol" => "udp", + "ports" => ["6534-6566"] + } + ) + end + end + end + + +describe command("gcloud compute firewall-rules describe allow-all-admin-sa --project=#{project_id} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "allow-all-admin-sa" do + it "should be enabled" do + expect(data).to include( + "disabled" => false + ) + end + + it "should has correct source SA" do + expect(data["sourceServiceAccounts"]).to eq(["admin@my-shiny-org.iam.gserviceaccount.com"]) + end + + it "should has priority 30" do + expect(data["priority"]).to eq(30) + end + + it "has expected TCP rules" do + expect(data["allowed"]).to include( + { + "IPProtocol" => "tcp" + } + ) + end + + it "has expected UDP rules" do + expect(data["allowed"]).to include( + { + "IPProtocol" => "udp" + } + ) + end + end + end + +end + diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/submodule_firewall/controls/gcp.rb b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/submodule_firewall/controls/gcp.rb new file mode 100644 index 000000000..3fb736c0d --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/submodule_firewall/controls/gcp.rb @@ -0,0 +1,32 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') + +control "gcp" do + title "Google Cloud configuration" + + describe google_compute_firewalls(project: project_id) do + its('firewall_names') { should include "#{network_name}-ingress-internal" } + its('firewall_names') { should include "#{network_name}-ingress-tag-http" } + its('firewall_names') { should include "#{network_name}-ingress-tag-https" } + its('firewall_names') { should include "#{network_name}-ingress-tag-ssh" } + its('firewall_names') { should_not include "default-ingress-admins" } + its('firewall_names') { should include "deny-ingress-6534-6566" } + its('firewall_names') { should include "allow-backend-to-databases" } + its('firewall_names') { should include "allow-all-admin-sa" } + end + +end diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/submodule_firewall/controls/inspec_attributes.rb b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/submodule_firewall/controls/inspec_attributes.rb new file mode 100644 index 000000000..25320c41e --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/submodule_firewall/controls/inspec_attributes.rb @@ -0,0 +1,61 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') + +control "inspec_attributes" do + title "Terraform Outputs" + desc "Terraform Outputs" + + describe attribute("output_network_name") do + it { should eq "#{network_name}" } + end + + describe attribute("output_network_self_link") do + it { should eq "https://www.googleapis.com/compute/v1/projects/#{project_id}/global/networks/#{network_name}" } + end + + describe attribute("output_subnets_ips") do + it { should eq ["10.10.10.0/24", "10.10.20.0/24"] } + end + + describe attribute("output_routes") do + it { should eq [] } + end + + describe attribute("output_subnets_flow_logs") do + it { should eq [false, true] } + end + + describe attribute("output_subnets_names") do + it { should eq ["#{network_name}-subnet-01", "#{network_name}-subnet-02"] } + end + + describe attribute("output_subnets_private_access") do + it { should eq [false, true] } + end + + describe attribute("output_subnets_regions") do + it { should eq ["us-west1", "us-west1"] } + end + + describe attribute("output_subnets_secondary_ranges") do + it { should eq [[],[]] } + end + + describe attribute("output_project_id") do + it { should eq project_id } + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/submodule_firewall/inspec.yml b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/submodule_firewall/inspec.yml new file mode 100644 index 000000000..8f1d70e75 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/submodule_firewall/inspec.yml @@ -0,0 +1,34 @@ +name: submodule_firewall +depends: + - name: inspec-gcp + git: https://github.com/inspec/inspec-gcp.git + tag: v0.11.0 +attributes: + - name: project_id + required: true + type: string + - name: network_name + required: true + type: string + - name: output_network_name + required: true + type: string + - name: output_network_self_link + required: true + type: string + - name: output_subnets_ips + required: true + - name: output_routes + required: true + - name: output_subnets_flow_logs + required: true + - name: output_subnets_names + required: true + - name: output_subnets_private_access + required: true + - name: output_subnets_regions + required: true + - name: output_subnets_secondary_ranges + required: true + - name: output_project_id + required: true diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/submodule_network_peering/controls/gcloud.rb b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/submodule_network_peering/controls/gcloud.rb new file mode 100644 index 000000000..894e46dc0 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/submodule_network_peering/controls/gcloud.rb @@ -0,0 +1,107 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +peerings = attribute('peerings') + +control "gcloud" do + title "gcloud configuration" + peerings.each do |key, value| + local_network_peering = value['local_network_peering'] + peer_network_peering = value['peer_network_peering'] + local_network_self_link = local_network_peering['network'] + peer_network_self_link = peer_network_peering['network'] + local_network_name = local_network_self_link.split('/')[-1] + peer_network_name = peer_network_self_link.split('/')[-1] + + describe command("gcloud compute networks peerings list --project=#{project_id} --network=#{local_network_name} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "local VPC peering" do + it "should exist" do + expect(data[0]['peerings'].select{|x| x['name'] == local_network_peering['name']}).not_to be_empty + end + it "should be active" do + expect(data[0]['peerings'].select{|x| x['name'] == local_network_peering['name']}[0]['state']).to eq( + "ACTIVE" + ) + end + it "should be connected to #{peer_network_name} network" do + expect(data[0]['peerings'].select{|x| x['name'] == local_network_peering['name']}[0]['network']).to eq( + peer_network_self_link + ) + end + it "should export custom routes" do + expect(data[0]['peerings'].select{|x| x['name'] == local_network_peering['name']}[0]['exportCustomRoutes']).to eq( + true + ) + end + it "should not import custom routes" do + expect(data[0]['peerings'].select{|x| x['name'] == local_network_peering['name']}[0]['importCustomRoutes']).to eq( + false + ) + end + end + + end + + describe command("gcloud compute networks peerings list --project=#{project_id} --network=#{peer_network_name} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "peer VPC peering" do + it "should exist" do + expect(data[0]['peerings'].select{|x| x['name'] == peer_network_peering['name']}).not_to be_empty + end + it "should be active" do + expect(data[0]['peerings'].select{|x| x['name'] == peer_network_peering['name']}[0]['state']).to eq( + "ACTIVE" + ) + end + it "should be connected to #{local_network_name} network" do + expect(data[0]['peerings'].select{|x| x['name'] == peer_network_peering['name']}[0]['network']).to eq( + local_network_self_link + ) + end + it "should not export custom routes" do + expect(data[0]['peerings'].select{|x| x['name'] == peer_network_peering['name']}[0]['exportCustomRoutes']).to eq( + false + ) + end + it "should import custom routes" do + expect(data[0]['peerings'].select{|x| x['name'] == peer_network_peering['name']}[0]['importCustomRoutes']).to eq( + true + ) + end + end + end + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/submodule_network_peering/inspec.yml b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/submodule_network_peering/inspec.yml new file mode 100644 index 000000000..55de6b25f --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/integration/submodule_network_peering/inspec.yml @@ -0,0 +1,8 @@ +name: submodule_network_peering +attributes: + - name: project_id + required: true + type: string + - name: peerings + type: hash + required: true diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/setup/.gitignore b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/setup/.gitignore new file mode 100644 index 000000000..0e515f83d --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/setup/.gitignore @@ -0,0 +1,2 @@ +terraform.tfvars +source.sh diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/setup/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/setup/README.md new file mode 100644 index 000000000..258fb6981 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/setup/README.md @@ -0,0 +1,35 @@ +# Integration Testing + +Use this directory to create resources reflecting the same resource fixtures +created for use by the CI environment CI integration test pipelines. The intent +of these resources is to run the integration tests locally as closely as +possible to how they will run in the CI system. + +Once created, store the service account key content into the +`SERVICE_ACCOUNT_JSON` environment variable. This reflects the same behavior +as used in CI. + +For example: + +```bash +terraform init +terraform apply +mkdir -p ~/.credentials +terraform output sa_key | base64 --decode > ~/.credentials/network-sa.json +``` + +Then, configure the environment (suggest using direnv) like so: + +```bash +export SERVICE_ACCOUNT_JSON=$(cat ${HOME}/.credentials/network-sa.json) +export PROJECT_ID="network-module" +``` + +With these variables set, change to the root of the module and execute the +`make test_integration` task. This make target is the same that is executed +by this module's CI pipeline during integration testing, and will run the +integration tests from your machine. + +Alternatively, to run the integration tests directly from the Docker +container used by the module's CI pipeline, perform the above steps and then +run the `make test_integration_docker` target diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/setup/iam.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/setup/iam.tf new file mode 100644 index 000000000..fa3c79045 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/setup/iam.tf @@ -0,0 +1,41 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + int_required_roles = [ + "roles/compute.networkAdmin", + "roles/compute.securityAdmin", + "roles/iam.serviceAccountUser", + ] +} + +resource "google_service_account" "int_test" { + project = module.project.project_id + account_id = "ci-network" + display_name = "ci-network" +} + +resource "google_project_iam_member" "int_test" { + count = length(local.int_required_roles) + + project = module.project.project_id + role = local.int_required_roles[count.index] + member = "serviceAccount:${google_service_account.int_test.email}" +} + +resource "google_service_account_key" "int_test" { + service_account_id = google_service_account.int_test.id +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/setup/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/setup/main.tf new file mode 100644 index 000000000..f89684ea1 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/setup/main.tf @@ -0,0 +1,32 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +module "project" { + source = "terraform-google-modules/project-factory/google" + version = "~> 4.0" + + name = "ci-network" + random_project_id = "true" + org_id = var.org_id + folder_id = var.folder_id + billing_account = var.billing_account + + activate_apis = [ + "cloudresourcemanager.googleapis.com", + "compute.googleapis.com", + "serviceusage.googleapis.com" + ] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/setup/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/setup/outputs.tf new file mode 100644 index 000000000..08753a4b9 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/setup/outputs.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = module.project.project_id +} + +output "sa_key" { + value = google_service_account_key.int_test.private_key + sensitive = true +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/setup/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/setup/variables.tf new file mode 100644 index 000000000..53dd1ed77 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/setup/variables.tf @@ -0,0 +1,26 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +variable "org_id" { + description = "The numeric organization id" +} + +variable "folder_id" { + description = "The folder to deploy in" +} + +variable "billing_account" { + description = "The billing account id associated with the project, e.g. XXXXXX-YYYYYY-ZZZZZZ" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/setup/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/setup/versions.tf new file mode 100644 index 000000000..38af399dc --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/test/setup/versions.tf @@ -0,0 +1,27 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} + +provider "google" { + version = "~> 2.12.0" +} + +provider "google-beta" { + version = "~> 2.12.0" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/variables.tf new file mode 100644 index 000000000..1770d50fa --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/variables.tf @@ -0,0 +1,70 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The ID of the project where this VPC will be created" +} + +variable "network_name" { + description = "The name of the network being created" +} + +variable "routing_mode" { + type = string + default = "GLOBAL" + description = "The network routing mode (default 'GLOBAL')" +} + +variable "shared_vpc_host" { + type = bool + description = "Makes this project a Shared VPC host if 'true' (default 'false')" + default = false +} + +variable "subnets" { + type = list(map(string)) + description = "The list of subnets being created" +} + +variable "secondary_ranges" { + type = map(list(object({ range_name = string, ip_cidr_range = string }))) + description = "Secondary ranges that will be used in some of the subnets" + default = {} +} + +variable "routes" { + type = list(map(string)) + description = "List of routes being created in this VPC" + default = [] +} + +variable "delete_default_internet_gateway_routes" { + description = "If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted" + default = "false" +} + + +variable "description" { + type = string + description = "An optional description of this resource. The resource must be recreated to modify this field." + default = "" +} + +variable "auto_create_subnetworks" { + type = bool + description = "When set to true, the network is created in 'auto subnet mode' and it will create a subnet for each region automatically across the 10.128.0.0/9 address range. When set to false, the network is created in 'custom subnet mode' so the user can explicitly connect subnetwork resources." + default = false +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/versions.tf new file mode 100644 index 000000000..c1eedd7e1 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/five/terraform-google-network-2.3.0/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" + required_providers { + google = "<4.0,>= 2.12" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/CHANGELOG.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/CHANGELOG.md new file mode 100644 index 000000000..cff2bda83 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/CHANGELOG.md @@ -0,0 +1,272 @@ +# Changelog + +All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines. + +## [2.3.0](https://www.github.com/terraform-google-modules/terraform-google-network/compare/v2.2.0...v2.3.0) (2020-04-16) + + +### Features + +* Add beta provider support for routes and subnets ([#124](https://www.github.com/terraform-google-modules/terraform-google-network/issues/124)) ([6c94a6f](https://www.github.com/terraform-google-modules/terraform-google-network/commit/6c94a6fd89989d1dd113e0a156f0c5d7cdd8407e)), closes [#68](https://www.github.com/terraform-google-modules/terraform-google-network/issues/68) + +## [2.2.0](https://www.github.com/terraform-google-modules/terraform-google-network/compare/v2.1.2...v2.2.0) (2020-04-07) + + +### Features + +* add network output ([#169](https://www.github.com/terraform-google-modules/terraform-google-network/issues/169)) ([0dc6965](https://www.github.com/terraform-google-modules/terraform-google-network/commit/0dc6965ab52f946b9e3d16dc8f8e3557d369da01)) + +### [2.1.2](https://www.github.com/terraform-google-modules/terraform-google-network/compare/v2.1.1...v2.1.2) (2020-04-02) + + +### Bug Fixes + +* Add support for enable_logging on firewall rules ([#155](https://www.github.com/terraform-google-modules/terraform-google-network/issues/155)) ([febec4e](https://www.github.com/terraform-google-modules/terraform-google-network/commit/febec4ef4b2d6080b18429106b19a8fbc5452bec)) +* Add variables type as first parameter on all variables ([#167](https://www.github.com/terraform-google-modules/terraform-google-network/issues/167)) ([2fff1e7](https://www.github.com/terraform-google-modules/terraform-google-network/commit/2fff1e7cd5188e24a413bc302c8a061c4f3bb19b)) +* remove invalid/outdated create_network variable ([#159](https://www.github.com/terraform-google-modules/terraform-google-network/issues/159)) ([6fac78e](https://www.github.com/terraform-google-modules/terraform-google-network/commit/6fac78e5b25a2ab72824b0ebefff6704a46fd984)) +* Resolve error with destroy and shared VPC host config ([#168](https://www.github.com/terraform-google-modules/terraform-google-network/issues/168)) ([683ae07](https://www.github.com/terraform-google-modules/terraform-google-network/commit/683ae072382c03f8b032944e539e9fa8601bad1f)), closes [#163](https://www.github.com/terraform-google-modules/terraform-google-network/issues/163) + +### [2.1.1](https://www.github.com/terraform-google-modules/terraform-google-network/compare/v2.1.0...v2.1.1) (2020-02-04) + + +### Bug Fixes + +* Correct the service_project_ids type ([#152](https://www.github.com/terraform-google-modules/terraform-google-network/issues/152)) ([80b6f54](https://www.github.com/terraform-google-modules/terraform-google-network/commit/80b6f54c007bc5b89709a9eebe330af058ca2260)) +* Resolve "Invalid expanding argument value" issue with the newer versions of terraform ([#153](https://www.github.com/terraform-google-modules/terraform-google-network/issues/153)) ([5f61ffb](https://www.github.com/terraform-google-modules/terraform-google-network/commit/5f61ffb3cb03a4d0ddb02dde1a3085aa428aeb38)) + +## [2.1.0](https://www.github.com/terraform-google-modules/terraform-google-network/compare/v2.0.2...v2.1.0) (2020-01-31) + + +### Features + +* add subnets output with full subnet info ([#129](https://www.github.com/terraform-google-modules/terraform-google-network/issues/129)) ([b424186](https://www.github.com/terraform-google-modules/terraform-google-network/commit/b4241861d8e670d555a43b82f4451581a8e27367)) + + +### Bug Fixes + +* Make project_id output dependent on shared_vpc host enablement ([#150](https://www.github.com/terraform-google-modules/terraform-google-network/issues/150)) ([75f9f04](https://www.github.com/terraform-google-modules/terraform-google-network/commit/75f9f0494c2a17b6d53fb265b3a4c77490b2914b)) + +### [2.0.2](https://github.com/terraform-google-modules/terraform-google-network/compare/v2.0.1...v2.0.2) (2020-01-21) + + +### Bug Fixes + +* relax version constraint in README ([1a39c7d](https://github.com/terraform-google-modules/terraform-google-network/commit/1a39c7df1d9d12e250500c3321e82ff78b0cd900)) + +## [2.0.1] - 2019-12-18 + +### Fixed + +- Fixed bug for allowing internal firewall rules. [#123](https://github.com/terraform-google-modules/terraform-google-network/pull/123) +- Provided Terraform provider versions and relaxed version constraints. [#131](https://github.com/terraform-google-modules/terraform-google-network/pull/131) + +## [2.0.0](https://github.com/terraform-google-modules/terraform-google-network/compare/v1.5.0...v2.0.0) (2019-12-09) + +v2.0.0 is a backwards-incompatible release. Please see the [upgrading guide](./docs/upgrading_to_v2.0.md). + +### Added + +- Split main module up into vpc, subnets, and routes submodules. [#103] + +### Fixed + +- Fixes subnet recreation when a subnet is updated. [#73] + + +## [1.5.0](https://github.com/terraform-google-modules/terraform-google-network/compare/v1.3.0...v1.5.0) (2019-11-12) + +### Added + +- Added submodule `network-peering` [#101] + +## [1.4.3] - 2019-10-31 + +### Fixed + +- Fixed issue with depending on outputs introduced in 1.4.1. [#95] + +## [1.4.2] - 2019-10-30 + +### Fixed + +- The outputs `network_name`, `network_self_link`, and + `subnets_secondary_ranges` depend on resource attributes rather than + data source attributes when `create_network` = `true`. [#94] + +## [1.4.1] - 2019-10-29 + +### Added + +- Made network creation optional in root module. [#88] + +### Fixed + +- Fixed issue with depending on outputs introduced in 1.4.0. [#92] + +## [1.4.0] - 2019-10-14 + +### Added + +- Add dynamic firewall rules support to firewall submodule. [#79] + +### Fixed + +- Add `depends_on` to `created_subnets` data fetch (fixes issue [#80]). [#81] + +## [1.3.0](https://github.com/terraform-google-modules/terraform-google-network/compare/v1.2.0...v1.3.0) (2019-10-10) + +### Changed + +- Set default value for `next_hop_internet`. [#64] + +### Added + +- Add host service agent role management to Shared VPC submodule [#72] + +## 1.2.0 (2019-09-18) + +### Added + +- Added `description` variable for subnets. [#66] + +### Fixed + +- Made setting `secondary_ranges` optional. [#16] + +## [1.1.0] - 2019-07-24 + +### Added + +- `auto_create_subnetworks` variable and `description` variable. [#57] + +## [1.0.0] - 2019-07-12 + +### Changed + +- Supported version of Terraform is 0.12. [#47] + +## [0.8.0] - 2019-06-12 + +### Added + +- A submodule to configure Shared VPC network attachments. [#45] + +## [0.7.0] - 2019-05-27 + +### Added + +- New firewall submodule [#40] + +### Fixed + +- Shared VPC service account roles are included in the README. [#32] +- Shared VPC host project explicitly depends on the network to avoid a + race condition. [#36] +- gcloud dependency is included in the README. [#38] + +## [0.6.0] - 2019-02-21 + +### Added + +- Add ability to delete default gateway route [#29] + +## [0.5.0] - 2019-01-31 + +### Changed + +- Make `routing_mode` a configurable variable. Defaults to "GLOBAL" [#26] + +### Added + +- Subnet self links as outputs. [#27] +- Support for route creation [#14] +- Add example for VPC with many secondary ranges [#23] +- Add example for VPC with regional routing mode [#26] + +### Fixed + +- Resolved issue with networks that have no secondary networks [#19] + +## [0.4.0] - 2018-09-25 + +### Changed + +- Make `subnet_private_access` and `subnet_flow_logs` into strings to be consistent with `shared_vpc` flag [#13] + +## [0.3.0] - 2018-09-11 + +### Changed + +- Make `subnet_private_access` default to false [#6] + +### Added + +- Add support for controlling subnet flow logs [#6] + +## [0.2.0] - 2018-08-16 + +### Added + +- Add support for Shared VPC hosting + +## [0.1.0] - 2018-08-08 + +### Added + +- Initial release +- A Google Virtual Private Network (VPC) +- Subnets within the VPC +- Secondary ranges for the subnets (if applicable) + +[Unreleased]: https://github.com/terraform-google-modules/terraform-google-network/compare/v2.0.1...HEAD +[2.0.1]: https://github.com/terraform-google-modules/terraform-google-network/compare/v2.0.0...v2.0.1 +[2.0.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v1.5.0...v2.0.0 +[1.5.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v1.4.3...v1.5.0 +[1.4.3]: https://github.com/terraform-google-modules/terraform-google-network/compare/v1.4.2...v1.4.3 +[1.4.2]: https://github.com/terraform-google-modules/terraform-google-network/compare/v1.4.1...v1.4.2 +[1.4.1]: https://github.com/terraform-google-modules/terraform-google-network/compare/v1.4.0...v1.4.1 +[1.4.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v1.3.0...v1.4.0 +[1.3.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v1.2.0...v1.3.0 +[1.2.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v1.1.0...v1.2.0 +[1.1.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v1.0.0...v1.1.0 +[1.0.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v0.8.0...v1.0.0 +[0.8.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v0.7.0...v0.8.0 +[0.7.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v0.6.0...v0.7.0 +[0.6.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v0.5.0...v0.6.0 +[0.5.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v0.4.0...v0.5.0 +[0.4.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v0.3.0...v0.4.0 +[0.3.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v0.2.0...v0.3.0 +[0.2.0]: https://github.com/terraform-google-modules/terraform-google-network/compare/v0.1.0...v0.2.0 +[0.1.0]: https://github.com/terraform-google-modules/terraform-google-network/releases/tag/v0.1.0 + +[#73]: https://github.com/terraform-google-modules/terraform-google-network/pull/73 +[#103]: https://github.com/terraform-google-modules/terraform-google-network/pull/103 +[#101]: https://github.com/terraform-google-modules/terraform-google-network/pull/101 +[#95]: https://github.com/terraform-google-modules/terraform-google-network/issues/95 +[#94]: https://github.com/terraform-google-modules/terraform-google-network/pull/94 +[#92]: https://github.com/terraform-google-modules/terraform-google-network/issues/92 +[#88]: https://github.com/terraform-google-modules/terraform-google-network/issues/88 +[#81]: https://github.com/terraform-google-modules/terraform-google-network/pull/81 +[#80]: https://github.com/terraform-google-modules/terraform-google-network/issues/80 +[#79]: https://github.com/terraform-google-modules/terraform-google-network/pull/79 +[#72]: https://github.com/terraform-google-modules/terraform-google-network/pull/72 +[#64]: https://github.com/terraform-google-modules/terraform-google-network/pull/64 +[#66]: https://github.com/terraform-google-modules/terraform-google-network/pull/66 +[#16]: https://github.com/terraform-google-modules/terraform-google-network/pull/16 +[#57]: https://github.com/terraform-google-modules/terraform-google-network/pull/57 +[#47]: https://github.com/terraform-google-modules/terraform-google-network/pull/47 +[#45]: https://github.com/terraform-google-modules/terraform-google-network/pull/45 +[#40]: https://github.com/terraform-google-modules/terraform-google-network/pull/40 +[#38]: https://github.com/terraform-google-modules/terraform-google-network/pull/38 +[#36]: https://github.com/terraform-google-modules/terraform-google-network/pull/36 +[#32]: https://github.com/terraform-google-modules/terraform-google-network/pull/32 +[#29]: https://github.com/terraform-google-modules/terraform-google-network/pull/29 +[#27]: https://github.com/terraform-google-modules/terraform-google-network/pull/27 +[#26]: https://github.com/terraform-google-modules/terraform-google-network/pull/26 +[#23]: https://github.com/terraform-google-modules/terraform-google-network/pull/23 +[#19]: https://github.com/terraform-google-modules/terraform-google-network/pull/19 +[#14]: https://github.com/terraform-google-modules/terraform-google-network/pull/14 +[#13]: https://github.com/terraform-google-modules/terraform-google-network/pull/13 +[#6]: https://github.com/terraform-google-modules/terraform-google-network/pull/6 +[keepachangelog-site]: https://keepachangelog.com/en/1.0.0/ +[semver-site]: https://semver.org/spec/v2.0.0.html diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/CODEOWNERS b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/CODEOWNERS new file mode 100644 index 000000000..3a0760e1f --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/CODEOWNERS @@ -0,0 +1,9 @@ +* @terraform-google-modules/cft-admins @andreyk-code @jeanno + +# CFT Fabric +/examples/submodule_svpc_access/ @terraform-google-modules/cft-fabric +/modules/fabric-net-svpc-access/ @terraform-google-modules/cft-fabric +/modules/fabric-net-firewall/ @terraform-google-modules/cft-fabric +/examples/submodule_firewall/ @terraform-google-modules/cft-fabric +/modules/network-peering/ @terraform-google-modules/cft-fabric +/examples/submodule_network_peering/ @terraform-google-modules/cft-fabric diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/CONTRIBUTING.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/CONTRIBUTING.md new file mode 100644 index 000000000..a350db595 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/CONTRIBUTING.md @@ -0,0 +1,99 @@ +# Contributing + +This document provides guidelines for contributing to the module. + +## Dependencies + +The following dependencies must be installed on the development system: + +- [Docker Engine][docker-engine] +- [Google Cloud SDK][google-cloud-sdk] +- [make] + +## Generating Documentation for Inputs and Outputs + +The Inputs and Outputs tables in the READMEs of the root module, +submodules, and example modules are automatically generated based on +the `variables` and `outputs` of the respective modules. These tables +must be refreshed if the module interfaces are changed. + +### Execution + +Run `make generate_docs` to generate new Inputs and Outputs tables. + +## Integration Testing + +Integration tests are used to verify the behaviour of the root module, +submodules, and example modules. Additions, changes, and fixes should +be accompanied with tests. + +The integration tests are run using [Kitchen][kitchen], +[Kitchen-Terraform][kitchen-terraform], and [InSpec][inspec]. These +tools are packaged within a Docker image for convenience. + +The general strategy for these tests is to verify the behaviour of the +[example modules](./examples/), thus ensuring that the root module, +submodules, and example modules are all functionally correct. + +### Test Environment +The easiest way to test the module is in an isolated test project. The setup for such a project is defined in [test/setup](./test/setup/) directory. + +To use this setup, you need a service account with Project Creator access on a folder. Export the Service Account credentials to your environment like so: + +``` +export SERVICE_ACCOUNT_JSON=$(< credentials.json) +``` + +You will also need to set a few environment variables: +``` +export TF_VAR_org_id="your_org_id" +export TF_VAR_folder_id="your_folder_id" +export TF_VAR_billing_account="your_billing_account_id" +``` + +With these settings in place, you can prepare a test project using Docker: +``` +make docker_test_prepare +``` + +### Noninteractive Execution + +Run `make docker_test_integration` to test all of the example modules +noninteractively, using the prepared test project. + +### Interactive Execution + +1. Run `make docker_run` to start the testing Docker container in + interactive mode. + +1. Run `kitchen_do create ` to initialize the working + directory for an example module. + +1. Run `kitchen_do converge ` to apply the example module. + +1. Run `kitchen_do verify ` to test the example module. + +1. Run `kitchen_do destroy ` to destroy the example module + state. + +## Linting and Formatting + +Many of the files in the repository can be linted or formatted to +maintain a standard of quality. + +### Execution + +Run `make docker_test_lint`. + +[docker-engine]: https://www.docker.com/products/docker-engine +[flake8]: http://flake8.pycqa.org/en/latest/ +[gofmt]: https://golang.org/cmd/gofmt/ +[google-cloud-sdk]: https://cloud.google.com/sdk/install +[hadolint]: https://github.com/hadolint/hadolint +[inspec]: https://inspec.io/ +[kitchen-terraform]: https://github.com/newcontext-oss/kitchen-terraform +[kitchen]: https://kitchen.ci/ +[make]: https://en.wikipedia.org/wiki/Make_(software) +[shellcheck]: https://www.shellcheck.net/ +[terraform-docs]: https://github.com/segmentio/terraform-docs +[terraform]: https://terraform.io/ diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/Gemfile b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/Gemfile new file mode 100644 index 000000000..af3b9546f --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/Gemfile @@ -0,0 +1,19 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ruby '2.6.3' + +source 'https://rubygems.org/' do + gem 'kitchen-terraform', '~> 4.3' +end diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/LICENSE b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/LICENSE new file mode 100644 index 000000000..d64569567 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/Makefile b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/Makefile new file mode 100644 index 000000000..fd4c92203 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/Makefile @@ -0,0 +1,82 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Make will use bash instead of sh +SHELL := /usr/bin/env bash + +DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0.6.0 +DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools +REGISTRY_URL := gcr.io/cloud-foundation-cicd + +# Enter docker container for local development +.PHONY: docker_run +docker_run: + docker run --rm -it \ + -e SERVICE_ACCOUNT_JSON \ + -v $(CURDIR):/workspace \ + $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ + /bin/bash + +# Execute prepare tests within the docker container +.PHONY: docker_test_prepare +docker_test_prepare: + docker run --rm -it \ + -e SERVICE_ACCOUNT_JSON \ + -e TF_VAR_org_id \ + -e TF_VAR_folder_id \ + -e TF_VAR_billing_account \ + -v $(CURDIR):/workspace \ + $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ + /usr/local/bin/execute_with_credentials.sh prepare_environment + +# Clean up test environment within the docker container +.PHONY: docker_test_cleanup +docker_test_cleanup: + docker run --rm -it \ + -e SERVICE_ACCOUNT_JSON \ + -e TF_VAR_org_id \ + -e TF_VAR_folder_id \ + -e TF_VAR_billing_account \ + -v $(CURDIR):/workspace \ + $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ + /usr/local/bin/execute_with_credentials.sh cleanup_environment + +# Execute integration tests within the docker container +.PHONY: docker_test_integration +docker_test_integration: + docker run --rm -it \ + -e SERVICE_ACCOUNT_JSON \ + -v $(CURDIR):/workspace \ + $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ + /usr/local/bin/test_integration.sh + +# Execute lint tests within the docker container +.PHONY: docker_test_lint +docker_test_lint: + docker run --rm -it \ + -v $(CURDIR):/workspace \ + $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ + /usr/local/bin/test_lint.sh + +# Generate documentation +.PHONY: docker_generate_docs +docker_generate_docs: + docker run --rm -it \ + -v $(CURDIR):/workspace \ + $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ + /bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs' + +# Alias for backwards compatibility +.PHONY: generate_docs +generate_docs: docker_generate_docs diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/README.md new file mode 100644 index 000000000..969239134 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/README.md @@ -0,0 +1,183 @@ +# Terraform Network Module + +This modules makes it easy to set up a new VPC Network in GCP by defining your network and subnet ranges in a concise syntax. + +It supports creating: + +- A Google Virtual Private Network (VPC) +- Subnets within the VPC +- Secondary ranges for the subnets (if applicable) + +Sub modules are provided for creating individual vpc, subnets, and routes. See the modules directory for the various sub modules usage. + +## Compatibility + +This module is meant for use with Terraform 0.12. If you haven't [upgraded](https://www.terraform.io/upgrade-guides/0-12.html) and need a Terraform 0.11.x-compatible version of this module, the last released version intended for Terraform 0.11.x is [0.8.0](https://registry.terraform.io/modules/terraform-google-modules/network/google/0.8.0). + +## Usage +You can go to the examples folder, however the usage of the module could be like this in your own main.tf file: + +```hcl +module "vpc" { + source = "terraform-google-modules/network/google" + version = "~> 2.3" + + project_id = "" + network_name = "example-vpc" + routing_mode = "GLOBAL" + + subnets = [ + { + subnet_name = "subnet-01" + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + subnet_name = "subnet-02" + subnet_ip = "10.10.20.0/24" + subnet_region = "us-west1" + subnet_private_access = "true" + subnet_flow_logs = "true" + description = "This subnet has a description" + }, + { + subnet_name = "subnet-03" + subnet_ip = "10.10.30.0/24" + subnet_region = "us-west1" + subnet_flow_logs = "true" + subnet_flow_logs_interval = "INTERVAL_10_MIN" + subnet_flow_logs_sampling = 0.7 + subnet_flow_logs_metadata = "INCLUDE_ALL_METADATA" + } + ] + + secondary_ranges = { + subnet-01 = [ + { + range_name = "subnet-01-secondary-01" + ip_cidr_range = "192.168.64.0/24" + }, + ] + + subnet-02 = [] + } + + routes = [ + { + name = "egress-internet" + description = "route through IGW to access internet" + destination_range = "0.0.0.0/0" + tags = "egress-inet" + next_hop_internet = "true" + }, + { + name = "app-proxy" + description = "route through proxy to reach app" + destination_range = "10.50.10.0/24" + tags = "app-proxy" + next_hop_instance = "app-proxy-instance" + next_hop_instance_zone = "us-west1-a" + }, + ] +} +``` + +Then perform the following commands on the root folder: + +- `terraform init` to get the plugins +- `terraform plan` to see the infrastructure plan +- `terraform apply` to apply the infrastructure build +- `terraform destroy` to destroy the built infrastructure + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| auto\_create\_subnetworks | When set to true, the network is created in 'auto subnet mode' and it will create a subnet for each region automatically across the 10.128.0.0/9 address range. When set to false, the network is created in 'custom subnet mode' so the user can explicitly connect subnetwork resources. | bool | `"false"` | no | +| delete\_default\_internet\_gateway\_routes | If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted | string | `"false"` | no | +| description | An optional description of this resource. The resource must be recreated to modify this field. | string | `""` | no | +| network\_name | The name of the network being created | string | n/a | yes | +| project\_id | The ID of the project where this VPC will be created | string | n/a | yes | +| routes | List of routes being created in this VPC | list(map(string)) | `` | no | +| routing\_mode | The network routing mode (default 'GLOBAL') | string | `"GLOBAL"` | no | +| secondary\_ranges | Secondary ranges that will be used in some of the subnets | object | `` | no | +| shared\_vpc\_host | Makes this project a Shared VPC host if 'true' (default 'false') | bool | `"false"` | no | +| subnets | The list of subnets being created | list(map(string)) | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| network | The created network | +| network\_name | The name of the VPC being created | +| network\_self\_link | The URI of the VPC being created | +| project\_id | VPC project id | +| route\_names | The route names associated with this VPC | +| subnets | A map with keys of form subnet_region/subnet_name and values being the outputs of the google_compute_subnetwork resources used to create corresponding subnets. | +| subnets\_flow\_logs | Whether the subnets will have VPC flow logs enabled | +| subnets\_ips | The IPs and CIDRs of the subnets being created | +| subnets\_names | The names of the subnets being created | +| subnets\_private\_access | Whether the subnets will have access to Google API's without a public IP | +| subnets\_regions | The region where the subnets will be created | +| subnets\_secondary\_ranges | The secondary ranges associated with these subnets | +| subnets\_self\_links | The self-links of subnets being created | + + + +### Subnet Inputs + +The subnets list contains maps, where each object represents a subnet. Each map has the following inputs (please see examples folder for additional references): + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| subnet\_name | The name of the subnet being created | string | - | yes | +| subnet\_ip | The IP and CIDR range of the subnet being created | string | - | yes | +| subnet\_region | The region where the subnet will be created | string | - | yes | +| subnet\_private\_access | Whether this subnet will have private Google access enabled | string | `"false"` | no | +| subnet\_flow\_logs | Whether the subnet will record and send flow log data to logging | string | `"false"` | no | + +### Route Inputs + +The routes list contains maps, where each object represents a route. For the next_hop_* inputs, only one is possible to be used in each route. Having two next_hop_* inputs will produce an error. Each map has the following inputs (please see examples folder for additional references): + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| name | The name of the route being created | string | - | no | +| description | The description of the route being created | string | - | no | +| tags | The network tags assigned to this route. This is a list in string format. Eg. "tag-01,tag-02"| string | - | yes | +| destination\_range | The destination range of outgoing packets that this route applies to. Only IPv4 is supported | string | - | yes +| next\_hop\_internet | Whether the next hop to this route will the default internet gateway. Use "true" to enable this as next hop | string | `"false"` | yes | +| next\_hop\_ip | Network IP address of an instance that should handle matching packets | string | - | yes | +| next\_hop\_instance | URL or name of an instance that should handle matching packets. If just name is specified "next\_hop\_instance\_zone" is required | string | - | yes | +| next\_hop\_instance\_zone | The zone of the instance specified in next\_hop\_instance. Only required if next\_hop\_instance is specified as a name | string | - | no | +| next\_hop\_vpn\_tunnel | URL to a VpnTunnel that should handle matching packets | string | - | yes | +| priority | The priority of this route. Priority is used to break ties in cases where there is more than one matching route of equal prefix length. In the case of two routes with equal prefix length, the one with the lowest-numbered priority value wins | string | `"1000"` | yes | + +## Requirements +### Installed Software +- [Terraform](https://www.terraform.io/downloads.html) ~> 0.12.6 +- [Terraform Provider for GCP](https://github.com/terraform-providers/terraform-provider-google) ~> 2.19 +- [Terraform Provider for GCP Beta](https://github.com/terraform-providers/terraform-provider-google-beta) ~> + 2.19 +- [gcloud](https://cloud.google.com/sdk/gcloud/) >243.0.0 + +### Configure a Service Account +In order to execute this module you must have a Service Account with the following roles: + +- roles/compute.networkAdmin on the organization or folder + +If you are going to manage a Shared VPC, you must have either: + +- roles/compute.xpnAdmin on the organization +- roles/compute.xpnAdmin on the folder (beta) + +### Enable API's +In order to operate with the Service Account you must activate the following API on the project where the Service Account was created: + +- Compute Engine API - compute.googleapis.com + +## Contributing + +Refer to the [contribution guidelines](./CONTRIBUTING.md) for +information on contributing to this module. diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/build/int.cloudbuild.yaml b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/build/int.cloudbuild.yaml new file mode 100644 index 000000000..06c7799aa --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/build/int.cloudbuild.yaml @@ -0,0 +1,169 @@ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +timeout: 3600s +steps: +- id: prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && prepare_environment'] + env: + - 'TF_VAR_org_id=$_ORG_ID' + - 'TF_VAR_folder_id=$_FOLDER_ID' + - 'TF_VAR_billing_account=$_BILLING_ACCOUNT' +- id: create simple-project-local + waitFor: + - prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create simple-project-local'] +- id: converge simple-project-local + waitFor: + - create simple-project-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge simple-project-local'] +- id: verify simple-project-local + waitFor: + - converge simple-project-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify simple-project-local'] +- id: destroy simple-project-local + waitFor: + - verify simple-project-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy simple-project-local'] +- id: create simple-project-with-regional-network-local + waitFor: + - prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create simple-project-with-regional-network-local'] +- id: converge simple-project-with-regional-network-local + waitFor: + - create simple-project-with-regional-network-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge simple-project-with-regional-network-local'] +- id: verify simple-project-with-regional-network-local + waitFor: + - converge simple-project-with-regional-network-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify simple-project-with-regional-network-local'] +- id: destroy simple-project-with-regional-network-local + waitFor: + - verify simple-project-with-regional-network-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy simple-project-with-regional-network-local'] +- id: create secondary-ranges-local + waitFor: + - prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create secondary-ranges-local'] +- id: converge secondary-ranges-local + waitFor: + - create secondary-ranges-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge secondary-ranges-local'] +- id: verify secondary-ranges-local + waitFor: + - converge secondary-ranges-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify secondary-ranges-local'] +- id: destroy secondary-ranges-local + waitFor: + - verify secondary-ranges-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy secondary-ranges-local'] +- id: create multi-vpc-local + waitFor: + - prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create multi-vpc-local'] +- id: converge multi-vpc-local + waitFor: + - create multi-vpc-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge multi-vpc-local'] +- id: verify multi-vpc-local + waitFor: + - converge multi-vpc-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify multi-vpc-local'] +- id: destroy multi-vpc-local + waitFor: + - verify multi-vpc-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy multi-vpc-local'] +- id: create delete-default-gateway-routes-local + waitFor: + - prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create delete-default-gateway-routes-local'] +- id: converge delete-default-gateway-routes-local + waitFor: + - create delete-default-gateway-routes-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge delete-default-gateway-routes-local'] +- id: verify delete-default-gateway-routes-local + waitFor: + - converge delete-default-gateway-routes-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify delete-default-gateway-routes-local'] +- id: destroy delete-default-gateway-routes-local + waitFor: + - verify delete-default-gateway-routes-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy delete-default-gateway-routes-local'] +- id: create submodule-firewall-local + waitFor: + - prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create submodule-firewall-local'] +- id: converge submodule-firewall-local + waitFor: + - create submodule-firewall-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge submodule-firewall-local'] +- id: verify submodule-firewall-local + waitFor: + - converge submodule-firewall-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify submodule-firewall-local'] +- id: destroy submodule-firewall-local + waitFor: + - verify submodule-firewall-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy submodule-firewall-local'] +- id: create submodule-network-peering-local + waitFor: + - prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create submodule-network-peering-local'] +- id: converge submodule-network-peering-local + waitFor: + - create submodule-network-peering-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge submodule-network-peering-local'] +- id: verify submodule-network-peering-local + waitFor: + - converge submodule-network-peering-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify submodule-network-peering-local'] +- id: destroy submodule-network-peering-local + waitFor: + - verify submodule-network-peering-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy submodule-network-peering-local'] +tags: +- 'ci' +- 'integration' +substitutions: + _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools' + _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.6.0' diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/build/lint.cloudbuild.yaml b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/build/lint.cloudbuild.yaml new file mode 100644 index 000000000..3f3923fb7 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/build/lint.cloudbuild.yaml @@ -0,0 +1,24 @@ +# Copyright 2018 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +steps: +- name: 'gcr.io/cloud-foundation-cicd/cft/developer-tools:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + id: 'lint' + args: ['/usr/local/bin/test_lint.sh'] +tags: +- 'ci' +- 'lint' +substitutions: + _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools' + _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.6.0' diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/codelabs/simple/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/codelabs/simple/README.md new file mode 100644 index 000000000..fdc16c917 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/codelabs/simple/README.md @@ -0,0 +1,3 @@ +# Networking Codelab + +The Terraform configuration in this directory is used for a [simple codelab](https://codelabs.developers.google.com/codelabs/hashicorp-terraform-networking/index.html#0). diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/codelabs/simple/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/codelabs/simple/main.tf new file mode 100644 index 000000000..93e234fc4 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/codelabs/simple/main.tf @@ -0,0 +1,110 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +resource "random_id" "network_id" { + byte_length = 8 +} + +resource "google_project_service" "compute" { + service = "compute.googleapis.com" +} + +# Create the network +module "vpc" { + source = "terraform-google-modules/network/google" + version = "~> 0.4.0" + + # Give the network a name and project + project_id = google_project_service.compute.project + network_name = "my-custom-vpc-${random_id.network_id.hex}" + + subnets = [ + { + # Creates your first subnet in us-west1 and defines a range for it + subnet_name = "my-first-subnet" + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + # Creates a dedicated subnet for GKE + subnet_name = "my-gke-subnet" + subnet_ip = "10.10.20.0/24" + subnet_region = "us-west1" + }, + ] + + # Define secondary ranges for each of your subnets + secondary_ranges = { + my-first-subnet = [] + + my-gke-subnet = [ + { + # Define a secondary range for Kubernetes pods to use + range_name = "my-gke-pods-range" + ip_cidr_range = "192.168.64.0/24" + }, + ] + } +} + +resource "random_id" "instance_id" { + byte_length = 8 +} + +# Launch a VM on it +resource "google_compute_instance" "default" { + name = "vm-${random_id.instance_id.hex}" + project = google_project_service.compute.project + machine_type = "f1-micro" + zone = "us-west1-a" + + boot_disk { + initialize_params { + image = "debian-cloud/debian-9" + } + } + + network_interface { + subnetwork = module.vpc.subnets_names[0] + subnetwork_project = google_project_service.compute.project + + access_config { + # Include this section to give the VM an external ip address + } + } + + # Apply the firewall rule to allow external IPs to ping this instance + tags = ["allow-ping"] +} + +# Allow traffic to the VM +resource "google_compute_firewall" "allow-ping" { + name = "default-ping" + network = module.vpc.network_name + project = google_project_service.compute.project + + allow { + protocol = "icmp" + } + + # Allow traffic from everywhere to instances with an http-server tag + source_ranges = ["0.0.0.0/0"] + target_tags = ["allow-ping"] +} + +output "ip" { + value = google_compute_instance.default.network_interface.0.access_config.0.nat_ip +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/docs/upgrading_to_v2.0.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/docs/upgrading_to_v2.0.md new file mode 100644 index 000000000..542680135 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/docs/upgrading_to_v2.0.md @@ -0,0 +1,140 @@ +# Upgrading to v2.x + +The v2.x release of _google-network_ is a backwards incompatible +release. + +Because v2.x changed how the subnet resource is iterated on, resources in Terraform state need to be migrated in order to avoid the resources from getting destroyed and recreated. + +## Output Changes +In version 2.x, a few output names were [changed](https://github.com/terraform-google-modules/terraform-google-network/compare/v1.5.0...v2.0.0#diff-c09d00f135e3672d079ff6e0556d957d): + +- `svpc_host_project_id` was renamed to `project_id`. +- `routes` was renamed to `route_names` + +## Migration Instructions + +First, upgrade to the new version of this module. + +```diff + module "kubernetes_engine_private_cluster" { + source = "terraform-google-modules/network/google" +- version = "~> 1.5" ++ version = "~> 2.0" + + # ... + } +``` + +If you run `terraform plan` at this point, Terraform will inform you that it will attempt to delete and recreate your existing subnets. This is almost certainly not the behavior you want. + +You will need to migrate your state, either [manually](#manual-migration-steps) or [automatically](#migration-script). + +### Migration Script + +1. Download the script: + + ```sh + curl -O https://raw.githubusercontent.com/terraform-google-modules/terraform-google-network/master/helpers/migrate.py + chmod +x migrate.py + ``` + +2. Back up your Terraform state: + + ```sh + terraform state pull >> state.bak + ``` + +2. Run the script to output the migration commands: + + ```sh + $ ./migrate.py --dryrun + terraform state mv 'module.example.module.test-vpc-module-02.google_compute_network.network[0]' 'module.example.module.test-vpc-module-02.module.vpc.google_compute_network.network' + terraform state mv 'module.example.module.test-vpc-module-02.google_compute_subnetwork.subnetwork' 'module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork' + terraform state mv 'module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork[0]' 'module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork["us-west1/multi-vpc-a1-02-subnet-01"]' + terraform state mv 'module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork[1]' 'module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork["us-west1/multi-vpc-a1-02-subnet-02"]' + terraform state mv 'module.example.module.test-vpc-module-02.google_compute_route.route' 'module.example.module.test-vpc-module-02.module.routes.google_compute_route.route' + terraform state mv 'module.example.module.test-vpc-module-02.module.routes.google_compute_route.route[0]' 'module.example.module.test-vpc-module-02.module.routes.google_compute_route.route["multi-vpc-a1-02-egress-inet"]' + terraform state mv 'module.example.module.test-vpc-module-02.module.routes.google_compute_route.route[1]' 'module.example.module.test-vpc-module-02.module.routes.google_compute_route.route["multi-vpc-a1-02-testapp-proxy"]' + + ``` + +3. Execute the migration script: + + ```sh + $ ./migrate.py + ---- Migrating the following modules: + -- module.example.module.test-vpc-module-02 + ---- Commands to run: + Move "module.example.module.test-vpc-module-02.google_compute_network.network[0]" to "module.example.module.test-vpc-module-02.module.vpc.google_compute_network.network" + Successfully moved 1 object(s). + Move "module.example.module.test-vpc-module-02.google_compute_subnetwork.subnetwork" to "module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork" + Successfully moved 1 object(s). + Move "module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork[0]" to "module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork[\"us-west1/multi-vpc-a1-02-subnet-01\"]" + Successfully moved 1 object(s). + Move "module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork[1]" to "module.example.module.test-vpc-module-02.module.subnets.google_compute_subnetwork.subnetwork[\"us-west1/multi-vpc-a1-02-subnet-02\"]" + Successfully moved 1 object(s). + Move "module.example.module.test-vpc-module-02.google_compute_route.route" to "module.example.module.test-vpc-module-02.module.routes.google_compute_route.route" + Successfully moved 1 object(s). + Move "module.example.module.test-vpc-module-02.module.routes.google_compute_route.route[0]" to "module.example.module.test-vpc-module-02.module.routes.google_compute_route.route[\"multi-vpc-a1-02-egress-inet\"]" + Successfully moved 1 object(s). + Move "module.example.module.test-vpc-module-02.module.routes.google_compute_route.route[1]" to "module.example.module.test-vpc-module-02.module.routes.google_compute_route.route[\"multi-vpc-a1-02-testapp-proxy\"]" + Successfully moved 1 object(s). + + ``` + +4. Run `terraform plan` to confirm no changes are expected. + +### Manual Migration Steps + +In this example here are the commands used migrate the vpc and subnets created by the `simple_project` in the examples directory. _please note the need to escape the quotes on the new resource_. You may also use the migration script. + +- `terraform state mv module.example.module.test-vpc-module.google_compute_network.network module.example.module.test-vpc-module.module.vpc.google_compute_subnetwork.network` + +- `terraform state mv module.example.module.test-vpc-module.google_compute_subnetwork.subnetwork module.example.module.test-vpc-module.module.subnets.google_compute_subnetwork.subnetwork` + +- `terraform state mv module.example.module.test-vpc-module.module.subnets.google_compute_subnetwork.subnetwork[0] module.example.module.test-vpc-module.module.subnets.google_compute_subnetwork.subnetwork[\"us-west1/simple-project-timh-subnet-01\"]` + +- `terraform state mv module.example.module.test-vpc-module.module.subnets.google_compute_subnetwork.subnetwork[1] module.example.module.test-vpc-module.module.subnets.google_compute_subnetwork.subnetwork[\"us-west1/simple-project-timh-subnet-02\"]` + +*You'll notice that because of a terraform [issue](https://github.com/hashicorp/terraform/issues/22301), we need to move the whole resource collection first before renaming to the `for_each` keys* + +`terraform plan` should now return a no-op and show no new changes. + +```Shell +$ terraform plan +Refreshing Terraform state in-memory prior to plan... +The refreshed state will be used to calculate this plan, but will not be +persisted to local or remote state storage. + +module.example.module.test-vpc-module.google_compute_network.network: Refreshing state... [id=simple-project-timh] +module.example.module.test-vpc-module.google_compute_subnetwork.subnetwork["us-west1/simple-project-timh-subnet-02"]: Refreshing state... [id=us-west1/simple-project-timh-subnet-02] +module.example.module.test-vpc-module.google_compute_subnetwork.subnetwork["us-west1/simple-project-timh-subnet-01"]: Refreshing state... [id=us-west1/simple-project-timh-subnet-01] + +------------------------------------------------------------------------ + +No changes. Infrastructure is up-to-date. + +This means that Terraform did not detect any differences between your +configuration and real physical resources that exist. As a result, no +actions need to be performed. +``` + +### Known Issues + +If your previous state only contains a **single** subnet or route then `terraform mv` will throw an error similar to the following during migration: + +``` +Error: Invalid target address + +Cannot move to +module.example.module.test-vpc-module-01.module.routes.google_compute_route.route["multi-vpc-a1-01-egress-inet"]: +module.example.module.test-vpc-module-01.module.routes.google_compute_route.route +does not exist in the current state. +``` + +This is due to a terraform mv [issue](https://github.com/hashicorp/terraform/issues/22301) + +The workaround is to either + +1. Create a temporary subnet or route prior to migration +2. Manually updating the state file. Update the `index_key` of the appropriate user and push the to the remote state if necessary. diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/README.md new file mode 100644 index 000000000..2735dfb5a --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/README.md @@ -0,0 +1,29 @@ +# Delete Default Gateway Routes + +This example configures a single simple VPC inside of a project. + +This VPC has a single subnet with no secondary ranges, and ensures the default internet gateway route is deleted. + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| network\_name | The name of the VPC network being created | string | n/a | yes | +| project\_id | The project ID to host the network in | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| network\_name | The name of the VPC being created | +| network\_self\_link | The URI of the VPC being created | +| route\_names | The routes associated with this VPC | +| subnets\_flow\_logs | Whether the subnets will have VPC flow logs enabled | +| subnets\_ips | The IP and cidrs of the subnets being created | +| subnets\_names | The names of the subnets being created | +| subnets\_private\_access | Whether the subnets will have access to Google API's without a public IP | +| subnets\_regions | The region where subnets will be created | +| subnets\_secondary\_ranges | The secondary ranges associated with these subnets | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/main.tf new file mode 100644 index 000000000..c24c08c78 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/main.tf @@ -0,0 +1,42 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 3.3.0" +} + +provider "null" { + version = "~> 2.1" +} + +locals { + subnet_01 = "${var.network_name}-subnet-01" +} + +module "test-vpc-module" { + source = "../../" + project_id = var.project_id + network_name = var.network_name + delete_default_internet_gateway_routes = "true" + + subnets = [ + { + subnet_name = local.subnet_01 + subnet_ip = "10.20.30.0/24" + subnet_region = "us-west1" + }, + ] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/outputs.tf new file mode 100644 index 000000000..d7a27ff41 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/outputs.tf @@ -0,0 +1,60 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "network_name" { + value = module.test-vpc-module.network_name + description = "The name of the VPC being created" +} + +output "network_self_link" { + value = module.test-vpc-module.network_self_link + description = "The URI of the VPC being created" +} + +output "subnets_names" { + value = module.test-vpc-module.subnets_names + description = "The names of the subnets being created" +} + +output "subnets_ips" { + value = module.test-vpc-module.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "subnets_regions" { + value = module.test-vpc-module.subnets_regions + description = "The region where subnets will be created" +} + +output "subnets_private_access" { + value = module.test-vpc-module.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "subnets_flow_logs" { + value = module.test-vpc-module.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "subnets_secondary_ranges" { + value = module.test-vpc-module.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets" +} + +output "route_names" { + value = module.test-vpc-module.route_names + description = "The routes associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/variables.tf new file mode 100644 index 000000000..add931101 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/variables.tf @@ -0,0 +1,23 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to host the network in" +} + +variable "network_name" { + description = "The name of the VPC network being created" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/versions.tf new file mode 100644 index 000000000..27ba8fc12 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/delete_default_gateway_routes/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/ilb_routing/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/ilb_routing/README.md new file mode 100644 index 000000000..d289ebf89 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/ilb_routing/README.md @@ -0,0 +1,33 @@ +# ILB routing example + +This example configures a single VPC inside of a project. + +This VPC has three subnets and a forwarding rule. Please note, that this is simply example resource usage, this module +wouldn't work as is. + +More information: +- https://cloud.google.com/load-balancing/docs/internal/setting-up-ilb-next-hop +- https://cloud.google.com/load-balancing/docs/l7-internal/proxy-only-subnets + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| network\_name | The name of the VPC network being created | string | n/a | yes | +| project\_id | The project ID to host the network in | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| forwarding\_rule | Forwarding rule link | +| network\_name | The name of the VPC being created | +| network\_self\_link | The URI of the VPC being created | +| project\_id | VPC project id | +| route\_names | The routes associated with this VPC | +| subnets\_ips | The IP and cidrs of the subnets being created | +| subnets\_names | The names of the subnets being created | +| subnets\_regions | The region where subnets will be created | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/ilb_routing/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/ilb_routing/main.tf new file mode 100644 index 000000000..0c33e1def --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/ilb_routing/main.tf @@ -0,0 +1,127 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 2.19.0" +} + +provider "google-beta" { + version = "~> 2.19.0" +} + +provider "null" { + version = "~> 2.1" +} + +module "vpc" { + source = "../../modules/vpc" + network_name = var.network_name + project_id = var.project_id +} + +module "subnets" { + source = "../../modules/subnets-beta" + project_id = var.project_id + network_name = module.vpc.network_name + + subnets = [ + { + subnet_name = "${var.network_name}-subnet" + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + subnet_name = "${var.network_name}-subnet-01" + subnet_ip = "10.20.10.0/24" + subnet_region = "us-west1" + purpose = "INTERNAL_HTTPS_LOAD_BALANCER" + role = "ACTIVE" + } + ] +} + +module "subnets-backup" { + source = "../../modules/subnets-beta" + project_id = var.project_id + network_name = module.vpc.network_name + + subnets = [ + { + subnet_name = "${var.network_name}-subnet-02" + subnet_ip = "10.20.20.0/24" + subnet_region = "us-west1" + purpose = "INTERNAL_HTTPS_LOAD_BALANCER" + role = "BACKUP" + } + ] + + module_depends_on = [module.subnets.subnets] +} + +resource "google_compute_health_check" "this" { + project = var.project_id + name = "${var.network_name}-test" + check_interval_sec = 1 + timeout_sec = 1 + + tcp_health_check { + port = "80" + } +} + +resource "google_compute_region_backend_service" "this" { + project = var.project_id + name = "${var.network_name}-test" + region = "us-west1" + health_checks = [google_compute_health_check.this.self_link] +} + +resource "google_compute_forwarding_rule" "this" { + project = var.project_id + name = "${var.network_name}-fw-role" + + network = module.vpc.network_name + subnetwork = module.subnets.subnets["us-west1/${var.network_name}-subnet"].name + backend_service = google_compute_region_backend_service.this.self_link + region = "us-west1" + load_balancing_scheme = "INTERNAL" + all_ports = true +} + +module "routes" { + source = "../../modules/routes-beta" + project_id = var.project_id + network_name = module.vpc.network_name + routes_count = 2 + + routes = [ + { + name = "${var.network_name}-egress-inet" + description = "route through IGW to access internet" + destination_range = "0.0.0.0/0" + tags = "egress-inet" + next_hop_internet = "true" + }, + { + name = "${var.network_name}-ilb" + description = "route through ilb" + destination_range = "10.10.20.0/24" + next_hop_ilb = google_compute_forwarding_rule.this.self_link + }, + ] + + module_depends_on = [module.subnets.subnets, module.subnets-backup.subnets] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/ilb_routing/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/ilb_routing/outputs.tf new file mode 100644 index 000000000..676e23f32 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/ilb_routing/outputs.tf @@ -0,0 +1,55 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "network_name" { + value = module.vpc.network_name + description = "The name of the VPC being created" +} + +output "network_self_link" { + value = module.vpc.network_self_link + description = "The URI of the VPC being created" +} + +output "project_id" { + value = module.vpc.project_id + description = "VPC project id" +} + +output "subnets_names" { + value = [for network in concat(module.subnets.subnets, module.subnets-backup.subnets) : network.name] + description = "The names of the subnets being created" +} + +output "subnets_ips" { + value = [for network in concat(module.subnets.subnets, module.subnets-backup.subnets) : network.ip_cidr_range] + description = "The IP and cidrs of the subnets being created" +} + +output "subnets_regions" { + value = [for network in concat(module.subnets.subnets, module.subnets-backup.subnets) : network.region] + description = "The region where subnets will be created" +} + +output "route_names" { + value = [for route in module.routes.routes : route.name] + description = "The routes associated with this VPC" +} + +output "forwarding_rule" { + value = google_compute_forwarding_rule.this.self_link + description = "Forwarding rule link" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/ilb_routing/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/ilb_routing/variables.tf new file mode 100644 index 000000000..add931101 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/ilb_routing/variables.tf @@ -0,0 +1,23 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to host the network in" +} + +variable "network_name" { + description = "The name of the VPC network being created" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/ilb_routing/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/ilb_routing/versions.tf new file mode 100644 index 000000000..27ba8fc12 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/ilb_routing/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/multi_vpc/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/multi_vpc/README.md new file mode 100644 index 000000000..339b2c4ff --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/multi_vpc/README.md @@ -0,0 +1,37 @@ +# Multiple Networks + +This example configures a host network project with two separate networks. + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| network\_01\_name | The name of the first VPC network being created | string | n/a | yes | +| network\_02\_name | The name of the second VPC network being created | string | n/a | yes | +| project\_id | The project ID to host the network in | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| network\_01\_name | The name of the VPC network-01 | +| network\_01\_routes | The routes associated with network-01 | +| network\_01\_self\_link | The URI of the VPC network-01 | +| network\_01\_subnets | The names of the subnets being created on network-01 | +| network\_01\_subnets\_flow\_logs | Whether the subnets will have VPC flow logs enabled | +| network\_01\_subnets\_ips | The IP and cidrs of the subnets being created on network-01 | +| network\_01\_subnets\_private\_access | Whether the subnets will have access to Google API's without a public IP on network-01 | +| network\_01\_subnets\_regions | The region where the subnets will be created on network-01 | +| network\_01\_subnets\_secondary\_ranges | The secondary ranges associated with these subnets on network-01 | +| network\_02\_name | The name of the VPC network-02 | +| network\_02\_routes | The routes associated with network-02 | +| network\_02\_self\_link | The URI of the VPC network-02 | +| network\_02\_subnets | The names of the subnets being created on network-02 | +| network\_02\_subnets\_flow\_logs | Whether the subnets will have VPC flow logs enabled | +| network\_02\_subnets\_ips | The IP and cidrs of the subnets being created on network-02 | +| network\_02\_subnets\_private\_access | Whether the subnets will have access to Google API's without a public IP on network-02 | +| network\_02\_subnets\_regions | The region where the subnets will be created on network-02 | +| network\_02\_subnets\_secondary\_ranges | The secondary ranges associated with these subnets on network-02 | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/multi_vpc/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/multi_vpc/main.tf new file mode 100644 index 000000000..085f571e2 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/multi_vpc/main.tf @@ -0,0 +1,144 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 3.3.0" +} + +provider "null" { + version = "~> 2.1" +} + +locals { + network_01_subnet_01 = "${var.network_01_name}-subnet-01" + network_01_subnet_02 = "${var.network_01_name}-subnet-02" + network_01_subnet_03 = "${var.network_01_name}-subnet-03" + network_02_subnet_01 = "${var.network_02_name}-subnet-01" + network_02_subnet_02 = "${var.network_02_name}-subnet-02" + + network_01_routes = [ + { + name = "${var.network_01_name}-egress-inet" + description = "route through IGW to access internet" + destination_range = "0.0.0.0/0" + tags = "egress-inet" + next_hop_internet = "true" + }, + ] + + network_02_routes = [ + { + name = "${var.network_02_name}-egress-inet" + description = "route through IGW to access internet" + destination_range = "0.0.0.0/0" + tags = "egress-inet" + next_hop_internet = "true" + }, + { + name = "${var.network_02_name}-testapp-proxy" + description = "route through proxy to reach app" + destination_range = "10.50.10.0/24" + tags = "app-proxy" + next_hop_ip = "10.10.40.10" + }, + ] +} + +module "test-vpc-module-01" { + source = "../../" + project_id = var.project_id + network_name = var.network_01_name + + subnets = [ + { + subnet_name = local.network_01_subnet_01 + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + subnet_private_access = "false" + subnet_flow_logs = "true" + }, + { + subnet_name = local.network_01_subnet_02 + subnet_ip = "10.10.20.0/24" + subnet_region = "us-west1" + subnet_private_access = "false" + subnet_flow_logs = "true" + }, + { + subnet_name = local.network_01_subnet_03 + subnet_ip = "10.10.30.0/24" + subnet_region = "us-west1" + subnet_private_access = "false" + subnet_flow_logs = "true" + }, + ] + + secondary_ranges = { + "${local.network_01_subnet_01}" = [ + { + range_name = "${local.network_01_subnet_01}-01" + ip_cidr_range = "192.168.64.0/24" + }, + { + range_name = "${local.network_01_subnet_01}-02" + ip_cidr_range = "192.168.65.0/24" + }, + ] + + "${local.network_01_subnet_02}" = [ + { + range_name = "${local.network_02_subnet_01}-01" + ip_cidr_range = "192.168.74.0/24" + }, + ] + } + + routes = "${local.network_01_routes}" +} + +module "test-vpc-module-02" { + source = "../../" + project_id = var.project_id + network_name = var.network_02_name + + subnets = [ + { + subnet_name = "${local.network_02_subnet_01}" + subnet_ip = "10.10.40.0/24" + subnet_region = "us-west1" + subnet_private_access = "false" + subnet_flow_logs = "true" + }, + { + subnet_name = "${local.network_02_subnet_02}" + subnet_ip = "10.10.50.0/24" + subnet_region = "us-west1" + subnet_private_access = "false" + subnet_flow_logs = "true" + }, + ] + + secondary_ranges = { + "${local.network_02_subnet_01}" = [ + { + range_name = "${local.network_02_subnet_02}-01" + ip_cidr_range = "192.168.75.0/24" + }, + ] + } + + routes = local.network_02_routes +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/multi_vpc/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/multi_vpc/outputs.tf new file mode 100644 index 000000000..c2d6a8285 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/multi_vpc/outputs.tf @@ -0,0 +1,107 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# vpc 1 +output "network_01_name" { + value = module.test-vpc-module-01.network_name + description = "The name of the VPC network-01" +} + +output "network_01_self_link" { + value = module.test-vpc-module-01.network_self_link + description = "The URI of the VPC network-01" +} + +output "network_01_subnets" { + value = module.test-vpc-module-01.subnets_names + description = "The names of the subnets being created on network-01" +} + +output "network_01_subnets_ips" { + value = module.test-vpc-module-01.subnets_ips + description = "The IP and cidrs of the subnets being created on network-01" +} + +output "network_01_subnets_regions" { + value = module.test-vpc-module-01.subnets_regions + description = "The region where the subnets will be created on network-01" +} + +output "network_01_subnets_private_access" { + value = module.test-vpc-module-01.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP on network-01" +} + +output "network_01_subnets_flow_logs" { + value = module.test-vpc-module-01.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "network_01_subnets_secondary_ranges" { + value = module.test-vpc-module-01.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets on network-01" +} + +output "network_01_routes" { + value = module.test-vpc-module-01.route_names + description = "The routes associated with network-01" +} + +# vpc 2 +output "network_02_name" { + value = module.test-vpc-module-02.network_name + description = "The name of the VPC network-02" +} + +output "network_02_self_link" { + value = module.test-vpc-module-02.network_self_link + description = "The URI of the VPC network-02" +} + +output "network_02_subnets" { + value = module.test-vpc-module-02.subnets_names + description = "The names of the subnets being created on network-02" +} + +output "network_02_subnets_ips" { + value = module.test-vpc-module-02.subnets_ips + description = "The IP and cidrs of the subnets being created on network-02" +} + +output "network_02_subnets_regions" { + value = module.test-vpc-module-02.subnets_regions + description = "The region where the subnets will be created on network-02" +} + +output "network_02_subnets_private_access" { + value = module.test-vpc-module-02.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP on network-02" +} + +output "network_02_subnets_flow_logs" { + value = module.test-vpc-module-02.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "network_02_subnets_secondary_ranges" { + value = module.test-vpc-module-02.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets on network-02" +} + +output "network_02_routes" { + value = module.test-vpc-module-02.route_names + description = "The routes associated with network-02" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/multi_vpc/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/multi_vpc/variables.tf new file mode 100644 index 000000000..f378f835b --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/multi_vpc/variables.tf @@ -0,0 +1,27 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to host the network in" +} + +variable "network_01_name" { + description = "The name of the first VPC network being created" +} + +variable "network_02_name" { + description = "The name of the second VPC network being created" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/multi_vpc/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/multi_vpc/versions.tf new file mode 100644 index 000000000..27ba8fc12 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/multi_vpc/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/secondary_ranges/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/secondary_ranges/README.md new file mode 100644 index 000000000..acca7c730 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/secondary_ranges/README.md @@ -0,0 +1,31 @@ +# Secondary Ranges + +This example configures a single simple VPC inside of a project. + +This VPC has three subnets, with the first subnet being given two secondary +ranges and the third being given a single secondary range. + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| network\_name | The name of the VPC network being created | string | n/a | yes | +| project\_id | The project ID to host the network in | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| network\_name | The name of the VPC being created | +| network\_self\_link | The URI of the VPC being created | +| project\_id | VPC project id | +| route\_names | The routes associated with this VPC | +| subnets\_flow\_logs | Whether the subnets will have VPC flow logs enabled | +| subnets\_ips | The IP and cidrs of the subnets being created | +| subnets\_names | The names of the subnets being created | +| subnets\_private\_access | Whether the subnets will have access to Google API's without a public IP | +| subnets\_regions | The region where subnets will be created | +| subnets\_secondary\_ranges | The secondary ranges associated with these subnets | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/secondary_ranges/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/secondary_ranges/main.tf new file mode 100644 index 000000000..2c3389eb3 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/secondary_ranges/main.tf @@ -0,0 +1,87 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 3.3.0" +} + +provider "null" { + version = "~> 2.1" +} + +locals { + subnet_01 = "${var.network_name}-subnet-01" + subnet_02 = "${var.network_name}-subnet-02" + subnet_03 = "${var.network_name}-subnet-03" + subnet_04 = "${var.network_name}-subnet-04" +} + +module "vpc-secondary-ranges" { + source = "../../" + project_id = var.project_id + network_name = var.network_name + + subnets = [ + { + subnet_name = "${local.subnet_01}" + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + subnet_name = "${local.subnet_02}" + subnet_ip = "10.10.20.0/24" + subnet_region = "us-west1" + subnet_private_access = "true" + subnet_flow_logs = "true" + }, + { + subnet_name = "${local.subnet_03}" + subnet_ip = "10.10.30.0/24" + subnet_region = "us-west1" + subnet_flow_logs = "true" + subnet_flow_logs_interval = "INTERVAL_15_MIN" + subnet_flow_logs_sampling = 0.9 + subnet_flow_logs_metadata = "INCLUDE_ALL_METADATA" + }, + { + subnet_name = "${local.subnet_04}" + subnet_ip = "10.10.40.0/24" + subnet_region = "us-west1" + }, + ] + + secondary_ranges = { + "${local.subnet_01}" = [ + { + range_name = "${local.subnet_01}-01" + ip_cidr_range = "192.168.64.0/24" + }, + { + range_name = "${local.subnet_01}-02" + ip_cidr_range = "192.168.65.0/24" + }, + ] + + "${local.subnet_02}" = [] + + "${local.subnet_03}" = [ + { + range_name = "${local.subnet_03}-01" + ip_cidr_range = "192.168.66.0/24" + }, + ] + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/secondary_ranges/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/secondary_ranges/outputs.tf new file mode 100644 index 000000000..6c3f49cb4 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/secondary_ranges/outputs.tf @@ -0,0 +1,65 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "network_name" { + value = module.vpc-secondary-ranges.network_name + description = "The name of the VPC being created" +} + +output "network_self_link" { + value = module.vpc-secondary-ranges.network_self_link + description = "The URI of the VPC being created" +} + +output "project_id" { + value = module.vpc-secondary-ranges.project_id + description = "VPC project id" +} + +output "subnets_names" { + value = module.vpc-secondary-ranges.subnets_names + description = "The names of the subnets being created" +} + +output "subnets_ips" { + value = module.vpc-secondary-ranges.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "subnets_regions" { + value = module.vpc-secondary-ranges.subnets_regions + description = "The region where subnets will be created" +} + +output "subnets_private_access" { + value = module.vpc-secondary-ranges.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "subnets_flow_logs" { + value = module.vpc-secondary-ranges.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "subnets_secondary_ranges" { + value = flatten(module.vpc-secondary-ranges.subnets_secondary_ranges) + description = "The secondary ranges associated with these subnets" +} + +output "route_names" { + value = module.vpc-secondary-ranges.route_names + description = "The routes associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/secondary_ranges/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/secondary_ranges/variables.tf new file mode 100644 index 000000000..add931101 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/secondary_ranges/variables.tf @@ -0,0 +1,23 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to host the network in" +} + +variable "network_name" { + description = "The name of the VPC network being created" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/secondary_ranges/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/secondary_ranges/versions.tf new file mode 100644 index 000000000..27ba8fc12 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/secondary_ranges/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/simple_project/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/simple_project/README.md new file mode 100644 index 000000000..a4325668c --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/simple_project/README.md @@ -0,0 +1,30 @@ +# Simple Project + +This example configures a single simple VPC inside of a project. + +This VPC has two subnets, with no secondary ranges. + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| network\_name | The name of the VPC network being created | string | n/a | yes | +| project\_id | The project ID to host the network in | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| network\_name | The name of the VPC being created | +| network\_self\_link | The URI of the VPC being created | +| project\_id | VPC project id | +| route\_names | The routes associated with this VPC | +| subnets\_flow\_logs | Whether the subnets will have VPC flow logs enabled | +| subnets\_ips | The IP and cidrs of the subnets being created | +| subnets\_names | The names of the subnets being created | +| subnets\_private\_access | Whether the subnets will have access to Google API's without a public IP | +| subnets\_regions | The region where subnets will be created | +| subnets\_secondary\_ranges | The secondary ranges associated with these subnets | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/simple_project/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/simple_project/main.tf new file mode 100644 index 000000000..5d18bb239 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/simple_project/main.tf @@ -0,0 +1,59 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 3.3.0" +} + +provider "null" { + version = "~> 2.1" +} + +locals { + subnet_01 = "${var.network_name}-subnet-01" + subnet_02 = "${var.network_name}-subnet-02" + subnet_03 = "${var.network_name}-subnet-03" +} + +module "test-vpc-module" { + source = "../../" + project_id = var.project_id + network_name = var.network_name + + subnets = [ + { + subnet_name = "${local.subnet_01}" + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + subnet_name = "${local.subnet_02}" + subnet_ip = "10.10.20.0/24" + subnet_region = "us-west1" + subnet_private_access = "true" + subnet_flow_logs = "true" + }, + { + subnet_name = "${local.subnet_03}" + subnet_ip = "10.10.30.0/24" + subnet_region = "us-west1" + subnet_flow_logs = "true" + subnet_flow_logs_interval = "INTERVAL_10_MIN" + subnet_flow_logs_sampling = 0.7 + subnet_flow_logs_metadata = "INCLUDE_ALL_METADATA" + } + ] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/simple_project/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/simple_project/outputs.tf new file mode 100644 index 000000000..f69ae0437 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/simple_project/outputs.tf @@ -0,0 +1,65 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "network_name" { + value = module.test-vpc-module.network_name + description = "The name of the VPC being created" +} + +output "network_self_link" { + value = module.test-vpc-module.network_self_link + description = "The URI of the VPC being created" +} + +output "project_id" { + value = module.test-vpc-module.project_id + description = "VPC project id" +} + +output "subnets_names" { + value = module.test-vpc-module.subnets_names + description = "The names of the subnets being created" +} + +output "subnets_ips" { + value = module.test-vpc-module.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "subnets_regions" { + value = module.test-vpc-module.subnets_regions + description = "The region where subnets will be created" +} + +output "subnets_private_access" { + value = module.test-vpc-module.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "subnets_flow_logs" { + value = module.test-vpc-module.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "subnets_secondary_ranges" { + value = module.test-vpc-module.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets" +} + +output "route_names" { + value = module.test-vpc-module.route_names + description = "The routes associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/simple_project/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/simple_project/variables.tf new file mode 100644 index 000000000..add931101 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/simple_project/variables.tf @@ -0,0 +1,23 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to host the network in" +} + +variable "network_name" { + description = "The name of the VPC network being created" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/simple_project/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/simple_project/versions.tf new file mode 100644 index 000000000..27ba8fc12 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/simple_project/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/README.md new file mode 100644 index 000000000..354711e2a --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/README.md @@ -0,0 +1,30 @@ +# Simple Project + +This example configures a single simple regional VPC inside of a project. + +This VPC has two subnets, with no secondary ranges. + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| network\_name | The name of the VPC network being created | string | n/a | yes | +| project\_id | The project ID to host the network in | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| network\_name | The name of the VPC being created | +| network\_self\_link | The URI of the VPC being created | +| project\_id | VPC project id | +| route\_names | The routes associated with this VPC | +| subnets\_flow\_logs | Whether the subnets will have VPC flow logs enabled | +| subnets\_ips | The IP and cidrs of the subnets being created | +| subnets\_names | The names of the subnets being created | +| subnets\_private\_access | Whether the subnets will have access to Google API's without a public IP | +| subnets\_regions | The region where subnets will be created | +| subnets\_secondary\_ranges | The secondary ranges associated with these subnets | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/main.tf new file mode 100644 index 000000000..354b1af41 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/main.tf @@ -0,0 +1,50 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 3.3.0" +} + +provider "null" { + version = "~> 2.1" +} + +locals { + subnet_01 = "${var.network_name}-subnet-01" + subnet_02 = "${var.network_name}-subnet-02" +} + +module "test-vpc-module" { + source = "../../" + project_id = var.project_id + network_name = var.network_name + routing_mode = "REGIONAL" + + subnets = [ + { + subnet_name = "${local.subnet_01}" + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + subnet_name = "${local.subnet_02}" + subnet_ip = "10.10.20.0/24" + subnet_region = "us-west1" + subnet_private_access = "true" + subnet_flow_logs = "true" + }, + ] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/outputs.tf new file mode 100644 index 000000000..f69ae0437 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/outputs.tf @@ -0,0 +1,65 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "network_name" { + value = module.test-vpc-module.network_name + description = "The name of the VPC being created" +} + +output "network_self_link" { + value = module.test-vpc-module.network_self_link + description = "The URI of the VPC being created" +} + +output "project_id" { + value = module.test-vpc-module.project_id + description = "VPC project id" +} + +output "subnets_names" { + value = module.test-vpc-module.subnets_names + description = "The names of the subnets being created" +} + +output "subnets_ips" { + value = module.test-vpc-module.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "subnets_regions" { + value = module.test-vpc-module.subnets_regions + description = "The region where subnets will be created" +} + +output "subnets_private_access" { + value = module.test-vpc-module.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "subnets_flow_logs" { + value = module.test-vpc-module.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "subnets_secondary_ranges" { + value = module.test-vpc-module.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets" +} + +output "route_names" { + value = module.test-vpc-module.route_names + description = "The routes associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/variables.tf new file mode 100644 index 000000000..add931101 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/variables.tf @@ -0,0 +1,23 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to host the network in" +} + +variable "network_name" { + description = "The name of the VPC network being created" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/versions.tf new file mode 100644 index 000000000..27ba8fc12 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/simple_project_with_regional_network/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_firewall/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_firewall/README.md new file mode 100644 index 000000000..48f2bd1c2 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_firewall/README.md @@ -0,0 +1,32 @@ +# Simple Project With Firewall + +This example configures a single simple VPC inside of a project, and adds a basic firewall. + +This VPC has two subnets, with no secondary ranges. + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| network\_name | The name of the VPC network being created | string | n/a | yes | +| project\_id | The project ID to host the network in | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| admin\_ranges | Firewall attributes for admin ranges. | +| internal\_ranges | Firewall attributes for internal ranges. | +| network\_name | The name of the VPC being created | +| network\_self\_link | The URI of the VPC being created | +| project\_id | VPC project id | +| route\_names | The routes associated with this VPC | +| subnets\_flow\_logs | Whether the subnets will have VPC flow logs enabled | +| subnets\_ips | The IP and cidrs of the subnets being created | +| subnets\_names | The names of the subnets being created | +| subnets\_private\_access | Whether the subnets will have access to Google API's without a public IP | +| subnets\_regions | The region where subnets will be created | +| subnets\_secondary\_ranges | The secondary ranges associated with these subnets | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_firewall/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_firewall/main.tf new file mode 100644 index 000000000..85ed04135 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_firewall/main.tf @@ -0,0 +1,143 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 3.3.0" +} + +provider "null" { + version = "~> 2.1" +} + +locals { + subnet_01 = "${var.network_name}-subnet-01" + subnet_02 = "${var.network_name}-subnet-02" +} + +module "test-vpc-module" { + source = "../../" + project_id = var.project_id + network_name = var.network_name + + subnets = [ + { + subnet_name = local.subnet_01 + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + subnet_name = local.subnet_02 + subnet_ip = "10.10.20.0/24" + subnet_region = "us-west1" + subnet_private_access = "true" + subnet_flow_logs = "true" + }, + ] +} + +// Custom firewall rules +locals { + custom_rules = { + // Example of custom tcp/udp rule + deny-ingress-6534-6566 = { + description = "Deny all INGRESS to port 6534-6566" + direction = "INGRESS" + action = "deny" + ranges = ["0.0.0.0/0"] # source or destination ranges (depends on `direction`) + use_service_accounts = false # if `true` targets/sources expect list of instances SA, if false - list of tags + targets = null # target_service_accounts or target_tags depends on `use_service_accounts` value + sources = null # source_service_accounts or source_tags depends on `use_service_accounts` value + rules = [{ + protocol = "tcp" + ports = ["6534-6566"] + }, + { + protocol = "udp" + ports = ["6534-6566"] + }] + + extra_attributes = { + disabled = true + priority = 95 + } + } + + // Example how to allow connection from instances with `backend` tag, to instances with `databases` tag + allow-backend-to-databases = { + description = "Allow backend nodes connection to databases instances" + direction = "INGRESS" + action = "allow" + ranges = null + use_service_accounts = false + targets = ["databases"] # target_tags + sources = ["backed"] # source_tags + rules = [{ + protocol = "tcp" + ports = ["3306", "5432", "1521", "1433"] + }] + + extra_attributes = {} + } + + // Example how to allow connection from an instance with a given service account + allow-all-admin-sa = { + description = "Allow all traffic from admin sa instances" + direction = "INGRESS" + action = "allow" + ranges = null + use_service_accounts = true + targets = null + sources = ["admin@my-shiny-org.iam.gserviceaccount.com"] + rules = [{ + protocol = "tcp" + ports = null # all ports + }, + { + protocol = "udp" + ports = null # all ports + } + ] + extra_attributes = { + priority = 30 + } + } + } +} + + + +module "test-firewall-submodule" { + source = "../../modules/fabric-net-firewall" + project_id = var.project_id + network = module.test-vpc-module.network_name + internal_ranges_enabled = true + internal_ranges = module.test-vpc-module.subnets_ips + + internal_allow = [ + { + protocol = "icmp" + }, + { + protocol = "tcp", + ports = ["8080", "1000-2000"] + }, + { + protocol = "udp" + # all ports will be opened if `ports` key isn't specified + }, + ] + custom_rules = local.custom_rules +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_firewall/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_firewall/outputs.tf new file mode 100644 index 000000000..182dc845b --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_firewall/outputs.tf @@ -0,0 +1,75 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "network_name" { + value = module.test-vpc-module.network_name + description = "The name of the VPC being created" +} + +output "internal_ranges" { + description = "Firewall attributes for internal ranges." + value = module.test-firewall-submodule.internal_ranges +} + +output "admin_ranges" { + description = "Firewall attributes for admin ranges." + value = module.test-firewall-submodule.admin_ranges +} + +output "network_self_link" { + value = module.test-vpc-module.network_self_link + description = "The URI of the VPC being created" +} + +output "project_id" { + value = module.test-vpc-module.project_id + description = "VPC project id" +} + +output "subnets_names" { + value = module.test-vpc-module.subnets_names + description = "The names of the subnets being created" +} + +output "subnets_ips" { + value = module.test-vpc-module.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "subnets_regions" { + value = module.test-vpc-module.subnets_regions + description = "The region where subnets will be created" +} + +output "subnets_private_access" { + value = module.test-vpc-module.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "subnets_flow_logs" { + value = module.test-vpc-module.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "subnets_secondary_ranges" { + value = module.test-vpc-module.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets" +} + +output "route_names" { + value = module.test-vpc-module.route_names + description = "The routes associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_firewall/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_firewall/variables.tf new file mode 100644 index 000000000..add931101 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_firewall/variables.tf @@ -0,0 +1,23 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to host the network in" +} + +variable "network_name" { + description = "The name of the VPC network being created" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_firewall/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_firewall/versions.tf new file mode 100644 index 000000000..27ba8fc12 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_firewall/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_network_peering/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_network_peering/README.md new file mode 100644 index 000000000..4cc9dfdaa --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_network_peering/README.md @@ -0,0 +1,19 @@ +# Simple VPC Network Peering + +This example creates a VPC Network peering between two VPCs. + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| project\_id | The project ID to put the resources in | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| peering1 | Peering1 module output. | +| peering2 | Peering2 module output. | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_network_peering/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_network_peering/main.tf new file mode 100644 index 000000000..7f9e207e7 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_network_peering/main.tf @@ -0,0 +1,66 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 3.3.0" +} + +provider "google-beta" { + version = "~> 3.3.0" +} + +provider "null" { + version = "~> 2.1" +} + +module "local-network" { + source = "../../" + project_id = var.project_id + network_name = "local-network" + subnets = [] +} + +module "peer-network-1" { + source = "../../" + project_id = var.project_id + network_name = "peer-network-1" + subnets = [] +} + +module "peer-network-2" { + source = "../../" + project_id = var.project_id + network_name = "peer-network-2" + subnets = [] +} + +module "peering-1" { + source = "../../modules/network-peering" + + local_network = module.local-network.network_self_link + peer_network = module.peer-network-1.network_self_link + export_local_custom_routes = true +} + +module "peering-2" { + source = "../../modules/network-peering" + + local_network = module.local-network.network_self_link + peer_network = module.peer-network-2.network_self_link + export_local_custom_routes = true + + module_depends_on = [module.peering-1.complete] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_network_peering/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_network_peering/outputs.tf new file mode 100644 index 000000000..0beb8220e --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_network_peering/outputs.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "peering1" { + description = "Peering1 module output." + value = module.peering-1 +} + +output "peering2" { + description = "Peering2 module output." + value = module.peering-2 +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_network_peering/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_network_peering/variables.tf new file mode 100644 index 000000000..87cb7f64a --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_network_peering/variables.tf @@ -0,0 +1,20 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to put the resources in" + type = string +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_network_peering/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_network_peering/versions.tf new file mode 100644 index 000000000..27ba8fc12 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_network_peering/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_svpc_access/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_svpc_access/README.md new file mode 100644 index 000000000..c8e66b959 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_svpc_access/README.md @@ -0,0 +1,24 @@ +# Shared VPC with service projects + +This simple example configures a shared VPC, and grants access to it to service projects. + +The VPC has two subnets with no secondary ranges, service projects are configured as follows: + +- the first service project is granted VPC-level access +- the second service project is granted subnet-level access to the second subnet +- the third service project is granted subnet-level access to the first and second subnet + +Subnet-level access in this example is only granted to the default GCE service accounts for illustrative purposes. More realistic examples should grant access to other service accounts (possibly including the GKE robot service accounts as per [documentation](https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-shared-vpc)), and project users/groups that need to use the Shared VPC from other projects (eg to create VMs). + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| host\_project\_id | Id of the host project where the shared VPC will be created. | string | n/a | yes | +| network\_name | Name of the shared VPC. | string | `"test-svpc"` | no | +| service\_project\_id | Service project id. | string | n/a | yes | +| service\_project\_number | Service project number. | string | n/a | yes | +| service\_project\_owners | Service project owners, in IAM format. | list | `` | no | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_svpc_access/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_svpc_access/main.tf new file mode 100644 index 000000000..21091d1c7 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_svpc_access/main.tf @@ -0,0 +1,62 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +provider "google" { + version = "~> 3.3.0" +} + +provider "null" { + version = "~> 2.1" +} + +locals { + net_data_users = compact(concat( + var.service_project_owners, + ["serviceAccount:${var.service_project_number}@cloudservices.gserviceaccount.com"] + )) +} + +module "net-vpc-shared" { + source = "../.." + project_id = var.host_project_id + network_name = var.network_name + shared_vpc_host = true + + subnets = [ + { + subnet_name = "networking" + subnet_ip = "10.10.10.0/24" + subnet_region = "europe-west1" + }, + { + subnet_name = "data" + subnet_ip = "10.10.20.0/24" + subnet_region = "europe-west1" + }, + ] +} + +module "net-svpc-access" { + source = "../../modules/fabric-net-svpc-access" + host_project_id = module.net-vpc-shared.project_id + service_project_num = 1 + service_project_ids = [var.service_project_id] + host_subnets = ["data"] + host_subnet_regions = ["europe-west1"] + host_subnet_users = { + data = join(",", local.net_data_users) + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_svpc_access/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_svpc_access/outputs.tf new file mode 100644 index 000000000..437465a52 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_svpc_access/outputs.tf @@ -0,0 +1,16 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_svpc_access/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_svpc_access/variables.tf new file mode 100644 index 000000000..346eab79d --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_svpc_access/variables.tf @@ -0,0 +1,37 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "host_project_id" { + description = "Id of the host project where the shared VPC will be created." +} + +variable "service_project_id" { + description = "Service project id." +} + +variable "service_project_number" { + description = "Service project number." +} + +variable "service_project_owners" { + description = "Service project owners, in IAM format." + default = [] +} + +variable "network_name" { + description = "Name of the shared VPC." + default = "test-svpc" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_svpc_access/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_svpc_access/versions.tf new file mode 100644 index 000000000..27ba8fc12 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/examples/submodule_svpc_access/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/helpers/migrate.py b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/helpers/migrate.py new file mode 100755 index 000000000..37a0fd105 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/helpers/migrate.py @@ -0,0 +1,423 @@ +#!/usr/bin/env python3 + +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import argparse +import copy +import subprocess +import sys +import re +import json + +MIGRATIONS = [ + { + "resource_type": "google_compute_network", + "name": "network", + "module": ".module.vpc", + "new_plural": False + }, + { + "resource_type": "google_compute_shared_vpc_host_project", + "name": "shared_vpc_host", + "module": ".module.vpc", + "new_plural": False + }, + { + "resource_type": "google_compute_subnetwork", + "name": "subnetwork", + "module": ".module.subnets", + "for_each_migration": True, + "for_each_migration_key": "id" + }, + { + "resource_type": "google_compute_route", + "name": "route", + "module": ".module.routes", + "for_each_migration": True, + "for_each_migration_key": "id" + }, + { + "resource_type": "null_resource", + "name": "delete_default_internet_gateway_routes", + "module": ".module.routes" + } +] + + +class ModuleMigration: + """ + Migrate the resources from a flat project factory to match the new + module structure created by the G Suite refactor. + """ + + def __init__(self, source_module, state): + self.source_module = source_module + self.state = state + + def moves(self): + """ + Generate the set of old/new resource pairs that will be migrated + to the `destination` module. + """ + resources = self.targets() + for_each_migrations = [] + + moves = [] + for (old, migration) in resources: + new = copy.deepcopy(old) + new.module += migration["module"] + + # Update the copied resource with the "rename" value if it is set + if "rename" in migration: + new.name = migration["rename"] + + old.plural = migration.get("old_plural", True) + new.plural = migration.get("new_plural", True) + + if (migration.get("for_each_migration", False) and + migration.get("old_plural", True)): + for_each_migrations.append((old, new, migration)) + else: + pair = (old.path(), new.path()) + moves.append(pair) + + for_each_moves = self.for_each_moves(for_each_migrations) + return moves + for_each_moves + + def for_each_moves(self, for_each_migrations): + """ + When migrating from count to for_each we need to move the + whole collection first + https://github.com/hashicorp/terraform/issues/22301 + """ + for_each_initial_migration = {} + moves = [] + + for (old, new, migration) in for_each_migrations: + # Do the initial migration of the whole collection + # only once if it hasn't been done yet + key = old.resource_type + "." + old.name + if key not in for_each_initial_migration: + for_each_initial_migration[key] = True + old.plural = False + new.plural = False + + pair = (old.path(), new.path()) + moves.append(pair) + + # Whole collection is moved to new location. Now needs right index + new.plural = True + new_indexed = copy.deepcopy(new) + new_indexed.key = self.state.resource_value( + old, migration["for_each_migration_key"]) + pair = (new.path(), new_indexed.path()) + moves.append(pair) + + return moves + + def targets(self): + """ + A list of resources that will be moved to the new module """ + to_move = [] + + for migration in MIGRATIONS: + resource_type = migration["resource_type"] + resource_name = migration["name"] + matching_resources = self.source_module.get_resources( + resource_type, + resource_name) + to_move += [(r, migration) for r in matching_resources] + + return to_move + + +class TerraformModule: + """ + A Terraform module with associated resources. + """ + + def __init__(self, name, resources): + """ + Create a new module and associate it with a list of resources. + """ + self.name = name + self.resources = resources + + def get_resources(self, resource_type=None, resource_name=None): + """ + Return a list of resources matching the given resource type and name. + """ + + ret = [] + for resource in self.resources: + matches_type = (resource_type is None or + resource_type == resource.resource_type) + + name_pattern = re.compile(r'%s(\[\d+\])?' % resource_name) + matches_name = (resource_name is None or + name_pattern.match(resource.name)) + + if matches_type and matches_name: + ret.append(resource) + + return ret + + def has_resource(self, resource_type=None, resource_name=None): + """ + Does this module contain a resource with the matching type and name? + """ + for resource in self.resources: + matches_type = (resource_type is None or + resource_type == resource.resource_type) + + matches_name = (resource_name is None or + resource_name in resource.name) + + if matches_type and matches_name: + return True + + return False + + def __repr__(self): + return "{}({!r}, {!r})".format( + self.__class__.__name__, + self.name, + [repr(resource) for resource in self.resources]) + + +class TerraformResource: + """ + A Terraform resource, defined by the the identifier of that resource. + """ + + @classmethod + def from_path(cls, path): + """ + Generate a new Terraform resource, based on the fully qualified + Terraform resource path. + """ + if re.match(r'\A[\w.\["/\]-]+\Z', path) is None: + raise ValueError( + "Invalid Terraform resource path {!r}".format(path)) + + parts = path.split(".") + name = parts.pop() + resource_type = parts.pop() + module = ".".join(parts) + return cls(module, resource_type, name) + + def __init__(self, module, resource_type, name): + """ + Create a new TerraformResource from a pre-parsed path. + """ + self.module = module + self.resource_type = resource_type + self.key = None + self.plural = True + + find_suffix = re.match(r'(^.+)\[(\d+)\]', name) + if find_suffix: + self.name = find_suffix.group(1) + self.index = find_suffix.group(2) + else: + self.name = name + self.index = -1 + + def path(self): + """ + Return the fully qualified resource path. + """ + parts = [self.module, self.resource_type, self.name] + if parts[0] == '': + del parts[0] + path = ".".join(parts) + if self.key is not None: + path = "{0}[\"{1}\"]".format(path, self.key) + elif self.index != -1 and self.plural: + path = "{0}[{1}]".format(path, self.index) + return path + + def __repr__(self): + return "{}({!r}, {!r}, {!r})".format( + self.__class__.__name__, + self.module, + self.resource_type, + self.name) + + +class TerraformState: + """ + A Terraform state representation, pulled from terraform state pull + Used for getting values out of individual resources + """ + + def __init__(self): + self.read_state() + + def read_state(self): + """ + Read the terraform state + """ + argv = ["terraform", "state", "pull"] + result = subprocess.run(argv, + capture_output=True, + check=True, + encoding='utf-8') + + self.state = json.loads(result.stdout) + + def resource_value(self, resource, key): + # Find the resource in the state + state_resource_list = [r for r in self.state["resources"] if + r.get("module", "none") == resource.module and + r["type"] == resource.resource_type and + r["name"] == resource.name] + + if (len(state_resource_list) != 1): + raise ValueError( + "Could not find resource list in state for {}" + .format(resource)) + + index = int(resource.index) + # If this a collection use the index to find the right resource, + # otherwise use the first + if (index >= 0): + state_resource = [r for r in state_resource_list[0]["instances"] if + r["index_key"] == index] + + if (len(state_resource) != 1): + raise ValueError( + "Could not find resource in state for {} key {}" + .format(resource, resource.index)) + else: + state_resource = state_resource_list[0]["instances"] + + return state_resource[0]["attributes_flat"][key] + + +def group_by_module(resources): + """ + Group a set of resources according to their containing module. + """ + + groups = {} + for resource in resources: + if resource.module in groups: + groups[resource.module].append(resource) + else: + groups[resource.module] = [resource] + + return [ + TerraformModule(name, contained) + for name, contained in groups.items() + ] + + +def read_resources(): + """ + Read the terraform state at the given path. + """ + argv = ["terraform", "state", "list"] + result = subprocess.run(argv, + capture_output=True, + check=True, + encoding='utf-8') + elements = result.stdout.split("\n") + elements.pop() + return elements + + +def state_changes_for_module(module, state): + """ + Compute the Terraform state changes (deletions and moves) for a single + module. + """ + commands = [] + + migration = ModuleMigration(module, state) + + for (old, new) in migration.moves(): + wrapper = "'{0}'" + argv = ["terraform", + "state", + "mv", + wrapper.format(old), + wrapper.format(new)] + commands.append(argv) + + return commands + + +def migrate(state=None, dryrun=False): + """ + Generate and run terraform state mv commands to migrate resources from one + state structure to another + """ + + # Generate a list of Terraform resource states from the output of + # `terraform state list` + resources = [ + TerraformResource.from_path(path) + for path in read_resources() + ] + + # Group resources based on the module where they're defined. + modules = group_by_module(resources) + + # Filter our list of Terraform modules down to anything that looks like a + # google network original module. We key this off the presence off of + # `terraform-google-network` resource type and names + modules_to_migrate = [ + module for module in modules + if module.has_resource("google_compute_network", "network") + ] + + print("---- Migrating the following modules:") + for module in modules_to_migrate: + print("-- " + module.name) + + # Collect a list of resources for each module + commands = [] + for module in modules_to_migrate: + commands += state_changes_for_module(module, state) + + print("---- Commands to run:") + for argv in commands: + if dryrun: + print(" ".join(argv)) + else: + argv = [arg.strip("'") for arg in argv] + subprocess.run(argv, check=True, encoding='utf-8') + + +def main(argv): + parser = argparser() + args = parser.parse_args(argv[1:]) + + state = TerraformState() + + migrate(state=state, dryrun=args.dryrun) + + +def argparser(): + parser = argparse.ArgumentParser(description='Migrate Terraform state') + parser.add_argument('--dryrun', action='store_true', + help='Print the `terraform state mv` commands instead ' + 'of running the commands.') + return parser + + +if __name__ == "__main__": + main(sys.argv) diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/main.tf new file mode 100644 index 000000000..93794145a --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/main.tf @@ -0,0 +1,51 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/****************************************** + VPC configuration + *****************************************/ +module "vpc" { + source = "./modules/vpc" + network_name = var.network_name + auto_create_subnetworks = var.auto_create_subnetworks + routing_mode = var.routing_mode + project_id = var.project_id + description = var.description + shared_vpc_host = var.shared_vpc_host +} + +/****************************************** + Subnet configuration + *****************************************/ +module "subnets" { + source = "./modules/subnets" + project_id = var.project_id + network_name = module.vpc.network_name + subnets = var.subnets + secondary_ranges = var.secondary_ranges +} + +/****************************************** + Routes + *****************************************/ +module "routes" { + source = "./modules/routes" + project_id = var.project_id + network_name = module.vpc.network_name + routes = var.routes + delete_default_internet_gateway_routes = var.delete_default_internet_gateway_routes + module_depends_on = [module.subnets.subnets] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/fabric-net-firewall/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/fabric-net-firewall/README.md new file mode 100644 index 000000000..7a8fb0a7f --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/fabric-net-firewall/README.md @@ -0,0 +1,98 @@ +# Google Cloud VPC Firewall + +This module allows creation of a minimal VPC firewall, supporting basic configurable rules for IP range-based intra-VPC and administrator ingress, tag-based SSH/HTTP/HTTPS ingress, and custom rule definitions. + +The HTTP and HTTPS rules use the same network tags that are assigned to instances when the "Allow HTTP[S] traffic" checkbox is flagged in the Cloud Console. The SSH rule uses a generic `ssh` tag. + +All IP source ranges are configurable through variables, and are set by default to `0.0.0.0/0` for tag-based rules. Allowed protocols and/or ports for the intra-VPC rule are also configurable through a variable. + +Custom rules are set through a map where keys are rule names, and values use this custom type: + +```hcl +map(object({ + description = string + direction = string # (INGRESS|EGRESS) + action = string # (allow|deny) + ranges = list(string) # list of IP CIDR ranges + sources = list(string) # tags or SAs (ignored for EGRESS) + targets = list(string) # tags or SAs + use_service_accounts = bool # use tags or SAs in sources/targets + rules = list(object({ + protocol = string + ports = list(string) + })) + extra_attributes = map(string) # map, optional keys disabled or priority +})) +``` + +The resources created/managed by this module are: + +- one optional ingress rule from internal CIDR ranges, only allowing ICMP by default +- one optional ingress rule from admin CIDR ranges, allowing all protocols on all ports +- one optional ingress rule for SSH on network tag `ssh` +- one optional ingress rule for HTTP on network tag `http-server` +- one optional ingress rule for HTTPS on network tag `https-server` +- one or more optional custom rules + + +## Usage + +Basic usage of this module is as follows: + +```hcl +module "net-firewall" { + source = "terraform-google-modules/network/google//modules/fabric-net-firewall" + project_id = "my-project" + network = "my-vpc" + internal_ranges_enabled = true + internal_ranges = ["10.0.0.0/0"] + custom_rules = { + ingress-sample = { + description = "Dummy sample ingress rule, tag-based." + direction = "INGRESS" + action = "allow" + ranges = ["192.168.0.0"] + sources = ["spam-tag"] + targets = ["foo-tag", "egg-tag"] + use_service_accounts = false + rules = [ + { + protocol = "tcp" + ports = [] + } + ] + extra_attributes = {} + } + } +} +``` + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| admin\_ranges | IP CIDR ranges that have complete access to all subnets. | list | `` | no | +| admin\_ranges\_enabled | Enable admin ranges-based rules. | string | `"false"` | no | +| custom\_rules | List of custom rule definitions (refer to variables file for syntax). | object | `` | no | +| http\_source\_ranges | List of IP CIDR ranges for tag-based HTTP rule, defaults to 0.0.0.0/0. | list | `` | no | +| https\_source\_ranges | List of IP CIDR ranges for tag-based HTTPS rule, defaults to 0.0.0.0/0. | list | `` | no | +| internal\_allow | Allow rules for internal ranges. | list | `` | no | +| internal\_ranges | IP CIDR ranges for intra-VPC rules. | list | `` | no | +| internal\_ranges\_enabled | Create rules for intra-VPC ranges. | string | `"false"` | no | +| network | Name of the network this set of firewall rules applies to. | string | n/a | yes | +| project\_id | Project id of the project that holds the network. | string | n/a | yes | +| ssh\_source\_ranges | List of IP CIDR ranges for tag-based SSH rule, defaults to 0.0.0.0/0. | list | `` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| admin\_ranges | Admin ranges data. | +| custom\_egress\_allow\_rules | Custom egress rules with allow blocks. | +| custom\_egress\_deny\_rules | Custom egress rules with allow blocks. | +| custom\_ingress\_allow\_rules | Custom ingress rules with allow blocks. | +| custom\_ingress\_deny\_rules | Custom ingress rules with deny blocks. | +| internal\_ranges | Internal ranges. | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/fabric-net-firewall/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/fabric-net-firewall/main.tf new file mode 100644 index 000000000..89b969152 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/fabric-net-firewall/main.tf @@ -0,0 +1,157 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +############################################################################### +# rules based on IP ranges +############################################################################### + +resource "google_compute_firewall" "allow-internal" { + count = var.internal_ranges_enabled == true && length(var.internal_allow) > 0 ? 1 : 0 + name = "${var.network}-ingress-internal" + description = "Allow ingress traffic from internal IP ranges" + network = var.network + project = var.project_id + source_ranges = var.internal_ranges + + dynamic "allow" { + for_each = [for rule in var.internal_allow : + { + protocol = lookup(rule, "protocol", null) + ports = lookup(rule, "ports", null) + } + ] + content { + protocol = allow.value.protocol + ports = allow.value.ports + } + } + +} + + + + + +resource "google_compute_firewall" "allow-admins" { + count = var.admin_ranges_enabled == true ? 1 : 0 + name = "${var.network}-ingress-admins" + description = "Access from the admin subnet to all subnets" + network = var.network + project = var.project_id + source_ranges = var.admin_ranges + + allow { + protocol = "icmp" + } + + allow { + protocol = "tcp" + } + + allow { + protocol = "udp" + } +} + +############################################################################### +# rules based on tags +############################################################################### + +resource "google_compute_firewall" "allow-tag-ssh" { + count = length(var.ssh_source_ranges) > 0 ? 1 : 0 + name = "${var.network}-ingress-tag-ssh" + description = "Allow SSH to machines with the 'ssh' tag" + network = var.network + project = var.project_id + source_ranges = var.ssh_source_ranges + target_tags = ["ssh"] + + allow { + protocol = "tcp" + ports = ["22"] + } +} + +resource "google_compute_firewall" "allow-tag-http" { + count = length(var.http_source_ranges) > 0 ? 1 : 0 + name = "${var.network}-ingress-tag-http" + description = "Allow HTTP to machines with the 'http-server' tag" + network = var.network + project = var.project_id + source_ranges = var.http_source_ranges + target_tags = ["http-server"] + + allow { + protocol = "tcp" + ports = ["80"] + } +} + +resource "google_compute_firewall" "allow-tag-https" { + count = length(var.https_source_ranges) > 0 ? 1 : 0 + name = "${var.network}-ingress-tag-https" + description = "Allow HTTPS to machines with the 'https' tag" + network = var.network + project = var.project_id + source_ranges = var.https_source_ranges + target_tags = ["https-server"] + + allow { + protocol = "tcp" + ports = ["443"] + } +} + +################################################################################ +# dynamic rules # +################################################################################ + +resource "google_compute_firewall" "custom" { + # provider = "google-beta" + for_each = var.custom_rules + name = each.key + description = each.value.description + direction = each.value.direction + network = var.network + project = var.project_id + source_ranges = each.value.direction == "INGRESS" ? each.value.ranges : null + destination_ranges = each.value.direction == "EGRESS" ? each.value.ranges : null + source_tags = each.value.use_service_accounts || each.value.direction == "EGRESS" ? null : each.value.sources + source_service_accounts = each.value.use_service_accounts && each.value.direction == "INGRESS" ? each.value.sources : null + target_tags = each.value.use_service_accounts ? null : each.value.targets + target_service_accounts = each.value.use_service_accounts ? each.value.targets : null + disabled = lookup(each.value.extra_attributes, "disabled", false) + priority = lookup(each.value.extra_attributes, "priority", 1000) + enable_logging = lookup(each.value.extra_attributes, "enable_logging", null) + + dynamic "allow" { + for_each = [for rule in each.value.rules : rule if each.value.action == "allow"] + iterator = rule + content { + protocol = rule.value.protocol + ports = rule.value.ports + } + } + + dynamic "deny" { + for_each = [for rule in each.value.rules : rule if each.value.action == "deny"] + iterator = rule + content { + protocol = rule.value.protocol + ports = rule.value.ports + } + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/fabric-net-firewall/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/fabric-net-firewall/outputs.tf new file mode 100644 index 000000000..6a36296f7 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/fabric-net-firewall/outputs.tf @@ -0,0 +1,65 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "internal_ranges" { + description = "Internal ranges." + + value = { + enabled = var.internal_ranges_enabled + ranges = var.internal_ranges_enabled ? join(",", var.internal_ranges) : "" + } +} + +output "admin_ranges" { + description = "Admin ranges data." + + value = { + enabled = var.admin_ranges_enabled + ranges = var.admin_ranges_enabled ? join(",", var.admin_ranges) : "" + } +} + +output "custom_ingress_allow_rules" { + description = "Custom ingress rules with allow blocks." + value = [ + for rule in google_compute_firewall.custom : + rule.name if rule.direction == "INGRESS" && length(rule.allow) > 0 + ] +} + +output "custom_ingress_deny_rules" { + description = "Custom ingress rules with deny blocks." + value = [ + for rule in google_compute_firewall.custom : + rule.name if rule.direction == "INGRESS" && length(rule.deny) > 0 + ] +} + +output "custom_egress_allow_rules" { + description = "Custom egress rules with allow blocks." + value = [ + for rule in google_compute_firewall.custom : + rule.name if rule.direction == "EGRESS" && length(rule.allow) > 0 + ] +} + +output "custom_egress_deny_rules" { + description = "Custom egress rules with allow blocks." + value = [ + for rule in google_compute_firewall.custom : + rule.name if rule.direction == "EGRESS" && length(rule.deny) > 0 + ] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/fabric-net-firewall/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/fabric-net-firewall/variables.tf new file mode 100644 index 000000000..80249cb94 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/fabric-net-firewall/variables.tf @@ -0,0 +1,86 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "network" { + description = "Name of the network this set of firewall rules applies to." +} + +variable "project_id" { + description = "Project id of the project that holds the network." +} + +variable "internal_ranges_enabled" { + description = "Create rules for intra-VPC ranges." + default = false +} + +variable "internal_ranges" { + description = "IP CIDR ranges for intra-VPC rules." + default = [] +} + +variable "internal_allow" { + description = "Allow rules for internal ranges." + default = [ + { + protocol = "icmp" + }, + ] +} + +variable "admin_ranges_enabled" { + description = "Enable admin ranges-based rules." + default = false +} + +variable "admin_ranges" { + description = "IP CIDR ranges that have complete access to all subnets." + default = [] +} + +variable "ssh_source_ranges" { + description = "List of IP CIDR ranges for tag-based SSH rule, defaults to 0.0.0.0/0." + default = ["0.0.0.0/0"] +} + +variable "http_source_ranges" { + description = "List of IP CIDR ranges for tag-based HTTP rule, defaults to 0.0.0.0/0." + default = ["0.0.0.0/0"] +} + +variable "https_source_ranges" { + description = "List of IP CIDR ranges for tag-based HTTPS rule, defaults to 0.0.0.0/0." + default = ["0.0.0.0/0"] +} + +variable "custom_rules" { + description = "List of custom rule definitions (refer to variables file for syntax)." + default = {} + type = map(object({ + description = string + direction = string + action = string # (allow|deny) + ranges = list(string) + sources = list(string) + targets = list(string) + use_service_accounts = bool + rules = list(object({ + protocol = string + ports = list(string) + })) + extra_attributes = map(string) + })) +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/fabric-net-firewall/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/fabric-net-firewall/versions.tf new file mode 100644 index 000000000..c1eedd7e1 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/fabric-net-firewall/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" + required_providers { + google = "<4.0,>= 2.12" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/README.md new file mode 100644 index 000000000..3ef174361 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/README.md @@ -0,0 +1,58 @@ +# Google Cloud Shared VPC Access Configuration + +This module allows configuring service project access to a Shared VPC, created with the top-level network module. The module allows: + +- attaching service projects to the Shared VPC host project +- assigning IAM roles for each Shared VPC subnet + +Full details on service project configuration can be found in the Google Cloud documentation on *[Provisioning Shared VPC](https://cloud.google.com/vpc/docs/provisioning-shared-vpc)*, and to *[Setting up clusters with Shared VPC](https://cloud.google.com/kubernetes-engine/docs/how-to/cluster-shared-vpc)*. Details and use cases of using service accounts as role recipients for Shared VPC are in the *[Service accounts as project admins](https://cloud.google.com/vpc/docs/provisioning-shared-vpc#sa-as-spa)* section of the first document above. + +The resources created/managed by this module are: + +- one `google_compute_shared_vpc_service_project` resource for each project where full VPC access is needed +- one `google_compute_subnetwork_iam_binding` for each subnetwork where individual subnetwork access is needed + +## Usage + +Basic usage of this module is as follows: + +```hcl +module "net-shared-vpc-access" { + source = "terraform-google-modules/network/google//modules/fabric-net-svpc-access" + version = "~> 1.4.0" + host_project_id = "my-host-project-id" + service_project_num = 1 + service_project_ids = ["my-service-project-id"] + host_subnets = ["my-subnet"] + host_subnet_regions = ["europe-west1"] + host_subnet_users = { + my-subnet = "group:my-service-owners@example.org,serviceAccount:1234567890@cloudservices.gserviceaccount.com" + } + host_service_agent_role = true + host_service_agent_users = [ + "serviceAccount:service-123456789@container-engine-robot.iam.gserviceaccount.com" + ] +} +``` + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| host\_project\_id | Project id of the shared VPC host project. | string | n/a | yes | +| host\_service\_agent\_role | Assign host service agent role to users in host_service_agent_users variable. | bool | `"false"` | no | +| host\_service\_agent\_users | List of IAM-style users that will be granted the host service agent role on the host project. | list(string) | `` | no | +| host\_subnet\_regions | List of subnet regions, one per subnet. | list(string) | `` | no | +| host\_subnet\_users | Map of comma-delimited IAM-style members to which network user roles for subnets will be assigned. | map(any) | `` | no | +| host\_subnets | List of subnet names on which to grant network user role. | list(string) | `` | no | +| service\_project\_ids | Ids of the service projects that will be attached to the Shared VPC. | list(string) | n/a | yes | +| service\_project\_num | Number of service projects that will be attached to the Shared VPC. | number | `"0"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| service\_projects | Project ids of the services with access to all subnets. | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/main.tf new file mode 100644 index 000000000..a51c74b7b --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/main.tf @@ -0,0 +1,40 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +resource "google_compute_shared_vpc_service_project" "projects" { + count = var.service_project_num + host_project = var.host_project_id + service_project = element(var.service_project_ids, count.index) +} + +resource "google_compute_subnetwork_iam_binding" "network_users" { + count = length(var.host_subnets) + project = var.host_project_id + region = element(var.host_subnet_regions, count.index) + subnetwork = element(var.host_subnets, count.index) + role = "roles/compute.networkUser" + + members = compact(split(",", lookup(var.host_subnet_users, + element(var.host_subnets, count.index)) + )) +} + +resource "google_project_iam_binding" "service_agents" { + count = var.host_service_agent_role ? 1 : 0 + project = var.host_project_id + role = "roles/container.hostServiceAgentUser" + members = var.host_service_agent_users +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/outputs.tf new file mode 100644 index 000000000..dc7925943 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/outputs.tf @@ -0,0 +1,20 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "service_projects" { + description = "Project ids of the services with access to all subnets." + value = google_compute_shared_vpc_service_project.projects.*.service_project +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/variables.tf new file mode 100644 index 000000000..579d2f84b --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/variables.tf @@ -0,0 +1,63 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "host_project_id" { + type = string + description = "Project id of the shared VPC host project." +} + +# passed-in values can be dynamic, so variables used in count need to be separate + +variable "service_project_num" { + type = number + description = "Number of service projects that will be attached to the Shared VPC." + default = 0 +} + +variable "service_project_ids" { + type = list(string) + description = "Ids of the service projects that will be attached to the Shared VPC." +} + +variable "host_subnets" { + type = list(string) + description = "List of subnet names on which to grant network user role." + default = [] +} + +variable "host_subnet_regions" { + type = list(string) + description = "List of subnet regions, one per subnet." + default = [] +} + +variable "host_subnet_users" { + type = map(any) + description = "Map of comma-delimited IAM-style members to which network user roles for subnets will be assigned." + default = {} +} + +variable "host_service_agent_role" { + type = bool + description = "Assign host service agent role to users in host_service_agent_users variable." + default = false +} + +variable "host_service_agent_users" { + type = list(string) + description = "List of IAM-style users that will be granted the host service agent role on the host project." + default = [] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/versions.tf new file mode 100644 index 000000000..c1eedd7e1 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/fabric-net-svpc-access/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" + required_providers { + google = "<4.0,>= 2.12" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/network-peering/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/network-peering/README.md new file mode 100644 index 000000000..41f0fdf4f --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/network-peering/README.md @@ -0,0 +1,66 @@ +# Google Network Peering + +This module allows creation of a [VPC Network Peering](https://cloud.google.com/vpc/docs/vpc-peering) between two networks. + +The resources created/managed by this module are: + +- one network peering from `local network` to `peer network` +- one network peering from `peer network` to `local network` + +## Usage + +Basic usage of this module is as follows: + +```hcl +module "peering" { + source = "terraform-google-modules/network/google//modules/network-peering" + + prefix = "name-prefix" + local_network = "" + peer_network = "" +} +``` + +If you need to create more than one peering for the same VPC Network `(A -> B, A -> C)` you have to use output from the first module as a dependency for the second one to keep order of peering creation (It is not currently possible to create more than one peering connection for a VPC Network at the same time). + +```hcl +module "peering-a-b" { + source = "terraform-google-modules/network/google//modules/network-peering" + + prefix = "name-prefix" + local_network = "" + peer_network = "" +} + +module "peering-a-c" { + source = "terraform-google-modules/network/google//modules/network-peering" + + prefix = "name-prefix" + local_network = "" + peer_network = "" + + module_depends_on = [module.peering-a-b.complete] +} +``` + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| export\_local\_custom\_routes | Export custom routes to peer network from local network. | bool | `"false"` | no | +| export\_peer\_custom\_routes | Export custom routes to local network from peer network. | bool | `"false"` | no | +| local\_network | Resource link of the network to add a peering to. | string | n/a | yes | +| module\_depends\_on | List of modules or resources this module depends on. | list | `` | no | +| peer\_network | Resource link of the peer network. | string | n/a | yes | +| prefix | Name prefix for the network peerings | string | `"network-peering"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| complete | Output to be used as a module dependency. | +| local\_network\_peering | Network peering resource. | +| peer\_network\_peering | Peer network peering resource. | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/network-peering/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/network-peering/main.tf new file mode 100644 index 000000000..722734b81 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/network-peering/main.tf @@ -0,0 +1,52 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + local_network_name = element(reverse(split("/", var.local_network)), 0) + peer_network_name = element(reverse(split("/", var.peer_network)), 0) +} + +resource "google_compute_network_peering" "local_network_peering" { + provider = "google-beta" + name = "${var.prefix}-${local.local_network_name}-${local.peer_network_name}" + network = var.local_network + peer_network = var.peer_network + export_custom_routes = var.export_local_custom_routes + import_custom_routes = var.export_peer_custom_routes + + depends_on = ["null_resource.module_depends_on"] +} + +resource "google_compute_network_peering" "peer_network_peering" { + provider = "google-beta" + name = "${var.prefix}-${local.peer_network_name}-${local.local_network_name}" + network = var.peer_network + peer_network = var.local_network + export_custom_routes = var.export_peer_custom_routes + import_custom_routes = var.export_local_custom_routes + + depends_on = ["null_resource.module_depends_on", "google_compute_network_peering.local_network_peering"] +} + +resource "null_resource" "module_depends_on" { + triggers = { + value = length(var.module_depends_on) + } +} + +resource "null_resource" "complete" { + depends_on = ["google_compute_network_peering.local_network_peering", "google_compute_network_peering.peer_network_peering"] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/network-peering/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/network-peering/outputs.tf new file mode 100644 index 000000000..2f7606226 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/network-peering/outputs.tf @@ -0,0 +1,30 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "local_network_peering" { + description = "Network peering resource." + value = google_compute_network_peering.local_network_peering +} + +output "peer_network_peering" { + description = "Peer network peering resource." + value = google_compute_network_peering.peer_network_peering +} + +output "complete" { + description = "Output to be used as a module dependency." + value = null_resource.complete.id +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/network-peering/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/network-peering/variables.tf new file mode 100644 index 000000000..b528440ff --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/network-peering/variables.tf @@ -0,0 +1,49 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "prefix" { + description = "Name prefix for the network peerings" + type = string + default = "network-peering" +} + +variable "local_network" { + description = "Resource link of the network to add a peering to." + type = string +} + +variable "peer_network" { + description = "Resource link of the peer network." + type = string +} + +variable "export_peer_custom_routes" { + description = "Export custom routes to local network from peer network." + type = bool + default = false +} + +variable "export_local_custom_routes" { + description = "Export custom routes to peer network from local network." + type = bool + default = false +} + +variable "module_depends_on" { + description = "List of modules or resources this module depends on." + type = list + default = [] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/network-peering/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/network-peering/versions.tf new file mode 100644 index 000000000..c1eedd7e1 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/network-peering/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" + required_providers { + google = "<4.0,>= 2.12" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/routes-beta/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/routes-beta/README.md new file mode 100644 index 000000000..058e3e468 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/routes-beta/README.md @@ -0,0 +1,91 @@ +# Terraform Network Beta Module + +This submodule is part of the the `terraform-google-network` module. It creates the individual vpc routes and optionally deletes the default internet gateway routes. + +It supports creating: + +- Routes within vpc network. +- Optionally deletes the default internet gateway routes. + +It also uses google beta provider to support the following resource fields: + +- google_compute_route.next_hop_ilb + +## Usage + +Basic usage of this submodule is as follows: + +```hcl +module "vpc" { + source = "terraform-google-modules/network/google//modules/routes-beta" + version = "~> 2.0.0" + + project_id = "" + network_name = "example-vpc" + + delete_default_internet_gateway_routes = false + + routes = [ + { + name = "egress-internet" + description = "route through IGW to access internet" + destination_range = "0.0.0.0/0" + tags = "egress-inet" + next_hop_internet = "true" + }, + { + name = "app-proxy" + description = "route through proxy to reach app" + destination_range = "10.50.10.0/24" + tags = "app-proxy" + next_hop_instance = "app-proxy-instance" + next_hop_instance_zone = "us-west1-a" + }, + { + name = "test-proxy" + description = "route through idp to reach app" + destination_range = "10.50.10.0/24" + tags = "app-proxy" + next_hop_ilb = var.ilb_link + }, + ] +} +``` + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| delete\_default\_internet\_gateway\_routes | If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted | string | `"false"` | no | +| module\_depends\_on | List of modules or resources this module depends on. | list | `` | no | +| network\_name | The name of the network where routes will be created | string | n/a | yes | +| project\_id | The ID of the project where the routes will be created | string | n/a | yes | +| routes | List of routes being created in this VPC | list(map(string)) | `` | no | +| routes\_count | Amount of routes being created in this VPC | number | `"0"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| routes | The created routes resources | + + + + +### Routes Input + +The routes list contains maps, where each object represents a route. For the next_hop_* inputs, only one is possible to be used in each route. Having two next_hop_* inputs will produce an error. Each map has the following inputs (please see examples folder for additional references): + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| name | The name of the route being created | string | - | no | +| description | The description of the route being created | string | - | no | +| tags | The network tags assigned to this route. This is a list in string format. Eg. "tag-01,tag-02"| string | - | yes | +| destination\_range | The destination range of outgoing packets that this route applies to. Only IPv4 is supported | string | - | yes +| next\_hop\_internet | Whether the next hop to this route will the default internet gateway. Use "true" to enable this as next hop | string | `"false"` | yes | +| next\_hop\_ip | Network IP address of an instance that should handle matching packets | string | - | yes | +| next\_hop\_instance | URL or name of an instance that should handle matching packets. If just name is specified "next\_hop\_instance\_zone" is required | string | - | yes | +| next\_hop\_instance\_zone | The zone of the instance specified in next\_hop\_instance. Only required if next\_hop\_instance is specified as a name | string | - | no | +| next\_hop\_vpn\_tunnel | URL to a VpnTunnel that should handle matching packets | string | - | yes | +| priority | The priority of this route. Priority is used to break ties in cases where there is more than one matching route of equal prefix length. In the case of two routes with equal prefix length, the one with the lowest-numbered priority value wins | string | `"1000"` | yes | diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/routes-beta/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/routes-beta/main.tf new file mode 100644 index 000000000..686bdf37a --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/routes-beta/main.tf @@ -0,0 +1,56 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/****************************************** + Routes + *****************************************/ +resource "google_compute_route" "route" { + provider = google-beta + count = var.routes_count + + project = var.project_id + network = var.network_name + + name = lookup(var.routes[count.index], "name", format("%s-%s-%d", lower(var.network_name), "route", count.index)) + description = lookup(var.routes[count.index], "description", null) + tags = compact(split(",", lookup(var.routes[count.index], "tags", ""))) + dest_range = lookup(var.routes[count.index], "destination_range", null) + next_hop_gateway = lookup(var.routes[count.index], "next_hop_internet", "false") == "true" ? "default-internet-gateway" : "" + next_hop_ip = lookup(var.routes[count.index], "next_hop_ip", null) + next_hop_instance = lookup(var.routes[count.index], "next_hop_instance", null) + next_hop_instance_zone = lookup(var.routes[count.index], "next_hop_instance_zone", null) + next_hop_vpn_tunnel = lookup(var.routes[count.index], "next_hop_vpn_tunnel", null) + next_hop_ilb = lookup(var.routes[count.index], "next_hop_ilb", null) + priority = lookup(var.routes[count.index], "priority", null) + + depends_on = [var.module_depends_on] +} + +resource "null_resource" "delete_default_internet_gateway_routes" { + count = var.delete_default_internet_gateway_routes ? 1 : 0 + + provisioner "local-exec" { + command = "${path.module}/scripts/delete-default-gateway-routes.sh ${var.project_id} ${var.network_name}" + } + + triggers = { + number_of_routes = length(var.routes) + } + + depends_on = [ + google_compute_route.route, + ] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/routes-beta/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/routes-beta/outputs.tf new file mode 100644 index 000000000..0f672ec67 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/routes-beta/outputs.tf @@ -0,0 +1,20 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "routes" { + value = google_compute_route.route + description = "The created routes resources" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/routes-beta/scripts/delete-default-gateway-routes.sh b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/routes-beta/scripts/delete-default-gateway-routes.sh new file mode 100644 index 000000000..8366d5064 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/routes-beta/scripts/delete-default-gateway-routes.sh @@ -0,0 +1,48 @@ +#!/bin/bash +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +set -e + +if [ -n "${GOOGLE_APPLICATION_CREDENTIALS}" ]; then + export CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE=${GOOGLE_APPLICATION_CREDENTIALS} +fi + +PROJECT_ID=$1 +NETWORK_ID=$2 +FILTERED_ROUTES=$(gcloud compute routes list \ + --project="${PROJECT_ID}" \ + --format="value(name)" \ + --filter=" \ + nextHopGateway:(https://www.googleapis.com/compute/v1/projects/${PROJECT_ID}/global/gateways/default-internet-gateway) \ + AND network:(https://www.googleapis.com/compute/v1/projects/${PROJECT_ID}/global/networks/${NETWORK_ID}) \ + AND name~^default-route \ + " +) + +function delete_internet_gateway_routes { + local routes="${1}" + echo "${routes}" | while read -r line; do + echo "Deleting route ${line}..." + gcloud compute routes delete "${line}" --quiet --project="${PROJECT_ID}" + done +} + +if [ -n "${FILTERED_ROUTES}" ]; then + delete_internet_gateway_routes "${FILTERED_ROUTES}" +else + echo "Default internet gateway route(s) not found; exiting..." +fi + diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/routes-beta/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/routes-beta/variables.tf new file mode 100644 index 000000000..989db81a8 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/routes-beta/variables.tf @@ -0,0 +1,46 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The ID of the project where the routes will be created" +} + +variable "network_name" { + description = "The name of the network where routes will be created" +} + +variable "routes" { + type = list(map(string)) + description = "List of routes being created in this VPC" + default = [] +} + +variable "routes_count" { + type = number + description = "Amount of routes being created in this VPC" + default = 0 +} + +variable "delete_default_internet_gateway_routes" { + description = "If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted" + default = "false" +} + +variable "module_depends_on" { + description = "List of modules or resources this module depends on." + type = list + default = [] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/routes-beta/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/routes-beta/versions.tf new file mode 100644 index 000000000..fe58b3536 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/routes-beta/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" + required_providers { + google-beta = "~> 2.19.0" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/routes/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/routes/README.md new file mode 100644 index 000000000..8051ac5de --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/routes/README.md @@ -0,0 +1,79 @@ +# Terraform Network Module + +This submodule is part of the the `terraform-google-network` module. It creates the individual vpc routes and optionally deletes the default internet gateway routes. + +It supports creating: + +- Routes within vpc network. +- Optionally deletes the default internet gateway routes. + +## Usage + +Basic usage of this submodule is as follows: + +```hcl +module "vpc" { + source = "terraform-google-modules/network/google//modules/routes" + version = "~> 2.0.0" + + project_id = "" + network_name = "example-vpc" + + delete_default_internet_gateway_routes = false + + routes = [ + { + name = "egress-internet" + description = "route through IGW to access internet" + destination_range = "0.0.0.0/0" + tags = "egress-inet" + next_hop_internet = "true" + }, + { + name = "app-proxy" + description = "route through proxy to reach app" + destination_range = "10.50.10.0/24" + tags = "app-proxy" + next_hop_instance = "app-proxy-instance" + next_hop_instance_zone = "us-west1-a" + }, + ] +} +``` + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| delete\_default\_internet\_gateway\_routes | If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted | string | `"false"` | no | +| module\_depends\_on | List of modules or resources this module depends on. | list | `` | no | +| network\_name | The name of the network where routes will be created | string | n/a | yes | +| project\_id | The ID of the project where the routes will be created | string | n/a | yes | +| routes | List of routes being created in this VPC | list(map(string)) | `` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| routes | The created routes resources | + + + + +### Routes Input + +The routes list contains maps, where each object represents a route. For the next_hop_* inputs, only one is possible to be used in each route. Having two next_hop_* inputs will produce an error. Each map has the following inputs (please see examples folder for additional references): + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| name | The name of the route being created | string | - | no | +| description | The description of the route being created | string | - | no | +| tags | The network tags assigned to this route. This is a list in string format. Eg. "tag-01,tag-02"| string | - | yes | +| destination\_range | The destination range of outgoing packets that this route applies to. Only IPv4 is supported | string | - | yes +| next\_hop\_internet | Whether the next hop to this route will the default internet gateway. Use "true" to enable this as next hop | string | `"false"` | yes | +| next\_hop\_ip | Network IP address of an instance that should handle matching packets | string | - | yes | +| next\_hop\_instance | URL or name of an instance that should handle matching packets. If just name is specified "next\_hop\_instance\_zone" is required | string | - | yes | +| next\_hop\_instance\_zone | The zone of the instance specified in next\_hop\_instance. Only required if next\_hop\_instance is specified as a name | string | - | no | +| next\_hop\_vpn\_tunnel | URL to a VpnTunnel that should handle matching packets | string | - | yes | +| priority | The priority of this route. Priority is used to break ties in cases where there is more than one matching route of equal prefix length. In the case of two routes with equal prefix length, the one with the lowest-numbered priority value wins | string | `"1000"` | yes | diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/routes/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/routes/main.tf new file mode 100644 index 000000000..839e307a6 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/routes/main.tf @@ -0,0 +1,61 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + routes = { + for i, route in var.routes : + lookup(route, "name", format("%s-%s-%d", lower(var.network_name), "route", i)) => route + } +} + +/****************************************** + Routes + *****************************************/ +resource "google_compute_route" "route" { + for_each = local.routes + + project = var.project_id + network = var.network_name + + name = each.key + description = lookup(each.value, "description", null) + tags = compact(split(",", lookup(each.value, "tags", ""))) + dest_range = lookup(each.value, "destination_range", null) + next_hop_gateway = lookup(each.value, "next_hop_internet", "false") == "true" ? "default-internet-gateway" : null + next_hop_ip = lookup(each.value, "next_hop_ip", null) + next_hop_instance = lookup(each.value, "next_hop_instance", null) + next_hop_instance_zone = lookup(each.value, "next_hop_instance_zone", null) + next_hop_vpn_tunnel = lookup(each.value, "next_hop_vpn_tunnel", null) + priority = lookup(each.value, "priority", null) + + depends_on = [var.module_depends_on] +} + +resource "null_resource" "delete_default_internet_gateway_routes" { + count = var.delete_default_internet_gateway_routes ? 1 : 0 + + provisioner "local-exec" { + command = "${path.module}/scripts/delete-default-gateway-routes.sh ${var.project_id} ${var.network_name}" + } + + triggers = { + number_of_routes = length(var.routes) + } + + depends_on = [ + google_compute_route.route, + ] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/routes/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/routes/outputs.tf new file mode 100644 index 000000000..0f672ec67 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/routes/outputs.tf @@ -0,0 +1,20 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "routes" { + value = google_compute_route.route + description = "The created routes resources" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/routes/scripts/delete-default-gateway-routes.sh b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/routes/scripts/delete-default-gateway-routes.sh new file mode 100755 index 000000000..8366d5064 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/routes/scripts/delete-default-gateway-routes.sh @@ -0,0 +1,48 @@ +#!/bin/bash +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +set -e + +if [ -n "${GOOGLE_APPLICATION_CREDENTIALS}" ]; then + export CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE=${GOOGLE_APPLICATION_CREDENTIALS} +fi + +PROJECT_ID=$1 +NETWORK_ID=$2 +FILTERED_ROUTES=$(gcloud compute routes list \ + --project="${PROJECT_ID}" \ + --format="value(name)" \ + --filter=" \ + nextHopGateway:(https://www.googleapis.com/compute/v1/projects/${PROJECT_ID}/global/gateways/default-internet-gateway) \ + AND network:(https://www.googleapis.com/compute/v1/projects/${PROJECT_ID}/global/networks/${NETWORK_ID}) \ + AND name~^default-route \ + " +) + +function delete_internet_gateway_routes { + local routes="${1}" + echo "${routes}" | while read -r line; do + echo "Deleting route ${line}..." + gcloud compute routes delete "${line}" --quiet --project="${PROJECT_ID}" + done +} + +if [ -n "${FILTERED_ROUTES}" ]; then + delete_internet_gateway_routes "${FILTERED_ROUTES}" +else + echo "Default internet gateway route(s) not found; exiting..." +fi + diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/routes/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/routes/variables.tf new file mode 100644 index 000000000..8eed495ff --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/routes/variables.tf @@ -0,0 +1,40 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The ID of the project where the routes will be created" +} + +variable "network_name" { + description = "The name of the network where routes will be created" +} + +variable "routes" { + type = list(map(string)) + description = "List of routes being created in this VPC" + default = [] +} + +variable "delete_default_internet_gateway_routes" { + description = "If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted" + default = "false" +} + +variable "module_depends_on" { + description = "List of modules or resources this module depends on." + type = list + default = [] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/routes/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/routes/versions.tf new file mode 100644 index 000000000..c1eedd7e1 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/routes/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" + required_providers { + google = "<4.0,>= 2.12" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/subnets-beta/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/subnets-beta/README.md new file mode 100644 index 000000000..e1fc71574 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/subnets-beta/README.md @@ -0,0 +1,95 @@ +# Terraform Network Beta Module + +This submodule is part of the the `terraform-google-network` module. It creates the individual vpc subnets. + +It supports creating: + +- Subnets within vpc network. + +It also uses google beta provider to support the following resource fields: + +- google_compute_subnetwork.purpose +- google_compute_subnetwork.role + +## Usage + +Basic usage of this submodule is as follows: + +```hcl +module "vpc" { + source = "terraform-google-modules/network/google//modules/subnets-beta" + version = "~> 2.0.0" + + project_id = "" + network_name = "example-vpc" + + subnets = [ + { + subnet_name = "subnet-01" + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + subnet_name = "subnet-02" + subnet_ip = "10.10.20.0/24" + subnet_region = "us-west1" + subnet_private_access = "true" + subnet_flow_logs = "true" + description = "This subnet has a description" + purpose = "INTERNAL_HTTPS_LOAD_BALANCER" + role = "ACTIVE" + }, + { + subnet_name = "subnet-03" + subnet_ip = "10.10.30.0/24" + subnet_region = "us-west1" + subnet_flow_logs = "true" + subnet_flow_logs_interval = "INTERVAL_10_MIN" + subnet_flow_logs_sampling = 0.7 + subnet_flow_logs_metadata = "INCLUDE_ALL_METADATA" + } + ] + + secondary_ranges = { + subnet-01 = [ + { + range_name = "subnet-01-secondary-01" + ip_cidr_range = "192.168.64.0/24" + }, + ] + + subnet-02 = [] + } +} +``` + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| module\_depends\_on | List of modules or resources this module depends on. | list | `` | no | +| network\_name | The name of the network where subnets will be created | string | n/a | yes | +| project\_id | The ID of the project where subnets will be created | string | n/a | yes | +| secondary\_ranges | Secondary ranges that will be used in some of the subnets | object | `` | no | +| subnets | The list of subnets being created | list(map(string)) | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| subnets | The created subnet resources | + + + +### Subnet Inputs + +The subnets list contains maps, where each object represents a subnet. Each map has the following inputs (please see examples folder for additional references): + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| subnet\_name | The name of the subnet being created | string | - | yes | +| subnet\_ip | The IP and CIDR range of the subnet being created | string | - | yes | +| subnet\_region | The region where the subnet will be created | string | - | yes | +| subnet\_private\_access | Whether this subnet will have private Google access enabled | string | `"false"` | no | +| subnet\_flow\_logs | Whether the subnet will record and send flow log data to logging | string | `"false"` | no | diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/subnets-beta/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/subnets-beta/main.tf new file mode 100644 index 000000000..4bd88613c --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/subnets-beta/main.tf @@ -0,0 +1,65 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + subnets = { + for x in var.subnets : + "${x.subnet_region}/${x.subnet_name}" => x + } +} + + +/****************************************** + Subnet configuration + *****************************************/ +resource "google_compute_subnetwork" "subnetwork" { + provider = google-beta + for_each = local.subnets + name = each.value.subnet_name + ip_cidr_range = each.value.subnet_ip + region = each.value.subnet_region + private_ip_google_access = lookup(each.value, "subnet_private_access", "false") + dynamic "log_config" { + for_each = lookup(each.value, "subnet_flow_logs", false) ? [{ + aggregation_interval = lookup(each.value, "subnet_flow_logs_interval", null) + flow_sampling = lookup(each.value, "subnet_flow_logs_sampling", null) + metadata = lookup(each.value, "subnet_flow_logs_metadata", null) + }] : [] + content { + aggregation_interval = log_config.value.aggregation_interval + flow_sampling = log_config.value.flow_sampling + metadata = log_config.value.metadata + } + } + network = var.network_name + project = var.project_id + description = lookup(each.value, "description", null) + secondary_ip_range = [ + for i in range( + length( + contains( + keys(var.secondary_ranges), each.value.subnet_name) == true + ? var.secondary_ranges[each.value.subnet_name] + : [] + )) : + var.secondary_ranges[each.value.subnet_name][i] + ] + + purpose = lookup(each.value, "purpose", null) + role = lookup(each.value, "role", null) + + depends_on = [var.module_depends_on] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/subnets-beta/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/subnets-beta/outputs.tf new file mode 100644 index 000000000..6ba07eb1e --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/subnets-beta/outputs.tf @@ -0,0 +1,20 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "subnets" { + value = google_compute_subnetwork.subnetwork + description = "The created subnet resources" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/subnets-beta/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/subnets-beta/variables.tf new file mode 100644 index 000000000..a356b4afd --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/subnets-beta/variables.tf @@ -0,0 +1,40 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The ID of the project where subnets will be created" +} + +variable "network_name" { + description = "The name of the network where subnets will be created" +} + +variable "subnets" { + type = list(map(string)) + description = "The list of subnets being created" +} + +variable "secondary_ranges" { + type = map(list(object({ range_name = string, ip_cidr_range = string }))) + description = "Secondary ranges that will be used in some of the subnets" + default = {} +} + +variable "module_depends_on" { + description = "List of modules or resources this module depends on." + type = list + default = [] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/subnets-beta/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/subnets-beta/versions.tf new file mode 100644 index 000000000..fe58b3536 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/subnets-beta/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" + required_providers { + google-beta = "~> 2.19.0" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/subnets/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/subnets/README.md new file mode 100644 index 000000000..ab2830ee1 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/subnets/README.md @@ -0,0 +1,90 @@ +# Terraform Network Module + +This submodule is part of the the `terraform-google-network` module. It creates the individual vpc subnets. + +It supports creating: + +- Subnets within vpc network. + +## Usage + +Basic usage of this submodule is as follows: + +```hcl +module "vpc" { + source = "terraform-google-modules/network/google//modules/subnets" + version = "~> 2.0.0" + + project_id = "" + network_name = "example-vpc" + + subnets = [ + { + subnet_name = "subnet-01" + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + }, + { + subnet_name = "subnet-02" + subnet_ip = "10.10.20.0/24" + subnet_region = "us-west1" + subnet_private_access = "true" + subnet_flow_logs = "true" + description = "This subnet has a description" + }, + { + subnet_name = "subnet-03" + subnet_ip = "10.10.30.0/24" + subnet_region = "us-west1" + subnet_flow_logs = "true" + subnet_flow_logs_interval = "INTERVAL_10_MIN" + subnet_flow_logs_sampling = 0.7 + subnet_flow_logs_metadata = "INCLUDE_ALL_METADATA" + } + ] + + secondary_ranges = { + subnet-01 = [ + { + range_name = "subnet-01-secondary-01" + ip_cidr_range = "192.168.64.0/24" + }, + ] + + subnet-02 = [] + } +} +``` + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| network\_name | The name of the network where subnets will be created | string | n/a | yes | +| project\_id | The ID of the project where subnets will be created | string | n/a | yes | +| secondary\_ranges | Secondary ranges that will be used in some of the subnets | object | `` | no | +| subnets | The list of subnets being created | list(map(string)) | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| subnets | The created subnet resources | + + + +### Subnet Inputs + +The subnets list contains maps, where each object represents a subnet. Each map has the following inputs (please see examples folder for additional references): + +| Name | Description | Type | Default | Required | +| ---------------------------- | --------------------------------------------------------------------------------------------------------------- | :----: | :----------------------: | :------: | +| subnet\_name | The name of the subnet being created | string | - | yes | +| subnet\_ip | The IP and CIDR range of the subnet being created | string | - | yes | +| subnet\_region | The region where the subnet will be created | string | - | yes | +| subnet\_private\_access | Whether this subnet will have private Google access enabled | string | `"false"` | no | +| subnet\_flow\_logs | Whether the subnet will record and send flow log data to logging | string | `"false"` | no | +| subnet\_flow\_logs\_interval | If subnet\_flow\_logs is true, sets the aggregation interval for collecting flow logs | string | `"INTERVAL_5_SEC"` | no | +| subnet\_flow\_logs\_sampling | If subnet\_flow\_logs is true, set the sampling rate of VPC flow logs within the subnetwork | string | `"0.5"` | no | +| subnet\_flow\_logs\_metadata | If subnet\_flow\_logs is true, configures whether metadata fields should be added to the reported VPC flow logs | string | `"INCLUDE_ALL_METADATA"` | no | diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/subnets/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/subnets/main.tf new file mode 100644 index 000000000..b9df248b6 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/subnets/main.tf @@ -0,0 +1,59 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + subnets = { + for x in var.subnets : + "${x.subnet_region}/${x.subnet_name}" => x + } +} + + +/****************************************** + Subnet configuration + *****************************************/ +resource "google_compute_subnetwork" "subnetwork" { + for_each = local.subnets + name = each.value.subnet_name + ip_cidr_range = each.value.subnet_ip + region = each.value.subnet_region + private_ip_google_access = lookup(each.value, "subnet_private_access", "false") + dynamic "log_config" { + for_each = lookup(each.value, "subnet_flow_logs", false) ? [{ + aggregation_interval = lookup(each.value, "subnet_flow_logs_interval", "INTERVAL_5_SEC") + flow_sampling = lookup(each.value, "subnet_flow_logs_sampling", "0.5") + metadata = lookup(each.value, "subnet_flow_logs_metadata", "INCLUDE_ALL_METADATA") + }] : [] + content { + aggregation_interval = log_config.value.aggregation_interval + flow_sampling = log_config.value.flow_sampling + metadata = log_config.value.metadata + } + } + network = var.network_name + project = var.project_id + description = lookup(each.value, "description", null) + secondary_ip_range = [ + for i in range( + length( + contains( + keys(var.secondary_ranges), each.value.subnet_name) == true + ? var.secondary_ranges[each.value.subnet_name] + : [] + )) : + var.secondary_ranges[each.value.subnet_name][i] + ] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/subnets/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/subnets/outputs.tf new file mode 100644 index 000000000..6ba07eb1e --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/subnets/outputs.tf @@ -0,0 +1,20 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "subnets" { + value = google_compute_subnetwork.subnetwork + description = "The created subnet resources" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/subnets/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/subnets/variables.tf new file mode 100644 index 000000000..84d7b0992 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/subnets/variables.tf @@ -0,0 +1,34 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The ID of the project where subnets will be created" +} + +variable "network_name" { + description = "The name of the network where subnets will be created" +} + +variable "subnets" { + type = list(map(string)) + description = "The list of subnets being created" +} + +variable "secondary_ranges" { + type = map(list(object({ range_name = string, ip_cidr_range = string }))) + description = "Secondary ranges that will be used in some of the subnets" + default = {} +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/subnets/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/subnets/versions.tf new file mode 100644 index 000000000..c1eedd7e1 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/subnets/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" + required_providers { + google = "<4.0,>= 2.12" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/vpc/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/vpc/README.md new file mode 100644 index 000000000..cae59d021 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/vpc/README.md @@ -0,0 +1,46 @@ +# Terraform Network Module + +This submodule is part of the the `terraform-google-network` module. It creates a vpc network and optionally enables it as a Shared VPC host project. + +It supports creating: + +- A VPC Network +- Optionally enabling the network as a Shared VPC host + +## Usage + +Basic usage of this submodule is as follows: + +```hcl +module "vpc" { + source = "terraform-google-modules/network/google//modules/vpc" + version = "~> 2.0.0" + + project_id = "" + network_name = "example-vpc" + + shared_vpc_host = false +``` + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| auto\_create\_subnetworks | When set to true, the network is created in 'auto subnet mode' and it will create a subnet for each region automatically across the 10.128.0.0/9 address range. When set to false, the network is created in 'custom subnet mode' so the user can explicitly connect subnetwork resources. | bool | `"false"` | no | +| description | An optional description of this resource. The resource must be recreated to modify this field. | string | `""` | no | +| network\_name | The name of the network being created | string | n/a | yes | +| project\_id | The ID of the project where this VPC will be created | string | n/a | yes | +| routing\_mode | The network routing mode (default 'GLOBAL') | string | `"GLOBAL"` | no | +| shared\_vpc\_host | Makes this project a Shared VPC host if 'true' (default 'false') | bool | `"false"` | no | + +## Outputs + +| Name | Description | +|------|-------------| +| network | The VPC resource being created | +| network\_name | The name of the VPC being created | +| network\_self\_link | The URI of the VPC being created | +| project\_id | VPC project id | + + diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/vpc/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/vpc/main.tf new file mode 100644 index 000000000..557037938 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/vpc/main.tf @@ -0,0 +1,35 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/****************************************** + VPC configuration + *****************************************/ +resource "google_compute_network" "network" { + name = var.network_name + auto_create_subnetworks = var.auto_create_subnetworks + routing_mode = var.routing_mode + project = var.project_id + description = var.description +} + +/****************************************** + Shared VPC + *****************************************/ +resource "google_compute_shared_vpc_host_project" "shared_vpc_host" { + count = var.shared_vpc_host ? 1 : 0 + project = var.project_id + depends_on = [google_compute_network.network] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/vpc/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/vpc/outputs.tf new file mode 100644 index 000000000..19c9e83e5 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/vpc/outputs.tf @@ -0,0 +1,35 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "network" { + value = google_compute_network.network + description = "The VPC resource being created" +} + +output "network_name" { + value = google_compute_network.network.name + description = "The name of the VPC being created" +} + +output "network_self_link" { + value = google_compute_network.network.self_link + description = "The URI of the VPC being created" +} + +output "project_id" { + value = var.shared_vpc_host ? google_compute_shared_vpc_host_project.shared_vpc_host.*.project[0] : google_compute_network.network.project + description = "VPC project id" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/vpc/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/vpc/variables.tf new file mode 100644 index 000000000..a96751c41 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/vpc/variables.tf @@ -0,0 +1,47 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The ID of the project where this VPC will be created" +} + +variable "network_name" { + description = "The name of the network being created" +} + +variable "routing_mode" { + type = string + default = "GLOBAL" + description = "The network routing mode (default 'GLOBAL')" +} + +variable "shared_vpc_host" { + type = bool + description = "Makes this project a Shared VPC host if 'true' (default 'false')" + default = false +} + +variable "description" { + type = string + description = "An optional description of this resource. The resource must be recreated to modify this field." + default = "" +} + +variable "auto_create_subnetworks" { + type = bool + description = "When set to true, the network is created in 'auto subnet mode' and it will create a subnet for each region automatically across the 10.128.0.0/9 address range. When set to false, the network is created in 'custom subnet mode' so the user can explicitly connect subnetwork resources." + default = false +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/vpc/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/vpc/versions.tf new file mode 100644 index 000000000..c1eedd7e1 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/modules/vpc/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" + required_providers { + google = "<4.0,>= 2.12" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/outputs.tf new file mode 100644 index 000000000..422bd4c06 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/outputs.tf @@ -0,0 +1,80 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "network" { + value = module.vpc + description = "The created network" +} + +output "subnets" { + value = module.subnets.subnets + description = "A map with keys of form subnet_region/subnet_name and values being the outputs of the google_compute_subnetwork resources used to create corresponding subnets." +} + +output "network_name" { + value = module.vpc.network_name + description = "The name of the VPC being created" +} + +output "network_self_link" { + value = module.vpc.network_self_link + description = "The URI of the VPC being created" +} + +output "project_id" { + value = module.vpc.project_id + description = "VPC project id" +} + +output "subnets_names" { + value = [for network in module.subnets.subnets : network.name] + description = "The names of the subnets being created" +} + +output "subnets_ips" { + value = [for network in module.subnets.subnets : network.ip_cidr_range] + description = "The IPs and CIDRs of the subnets being created" +} + +output "subnets_self_links" { + value = [for network in module.subnets.subnets : network.self_link] + description = "The self-links of subnets being created" +} + +output "subnets_regions" { + value = [for network in module.subnets.subnets : network.region] + description = "The region where the subnets will be created" +} + +output "subnets_private_access" { + value = [for network in module.subnets.subnets : network.private_ip_google_access] + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "subnets_flow_logs" { + value = [for network in module.subnets.subnets : length(network.log_config) != 0 ? true : false] + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "subnets_secondary_ranges" { + value = [for network in module.subnets.subnets : network.secondary_ip_range] + description = "The secondary ranges associated with these subnets" +} + +output "route_names" { + value = [for route in module.routes.routes : route.name] + description = "The route names associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/all_examples/test_output.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/all_examples/test_output.tf new file mode 100644 index 000000000..456f4e14b --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/all_examples/test_output.tf @@ -0,0 +1,23 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// These outputs are used to test the module with inspec +// They do not need to be included in real-world uses of this module + +output "project_id" { + value = var.project_id + description = "The ID of the project to which resources are applied." +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/all_examples/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/all_examples/variables.tf new file mode 100644 index 000000000..c8b58be2b --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/all_examples/variables.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to deploy to" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/main.tf new file mode 100644 index 000000000..cf8dc5d18 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/main.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + network_name = "delete-gw-routes-${var.random_string_for_testing}" +} + +module "example" { + source = "../../../examples/delete_default_gateway_routes" + project_id = var.project_id + network_name = local.network_name +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/outputs.tf new file mode 100644 index 000000000..68e9e0763 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/outputs.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = var.project_id + description = "The ID of the project being used" +} + +output "network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/route.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/route.tf new file mode 100644 index 000000000..f4e72517c --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/route.tf @@ -0,0 +1,30 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +# This fixture defines a default internet gateway route that DOESN'T start +# with 'default-route' to test the behavior of the script that deletes +# the default internet gateway routes. + +resource "google_compute_route" "alternative_gateway" { + project = var.project_id + network = module.example.network_name + + name = "alternative-gateway-route" + description = "Alternative gateway route" + dest_range = "0.0.0.0/0" + tags = ["egress-inet"] + next_hop_gateway = "default-internet-gateway" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/variables.tf new file mode 100644 index 000000000..4372ddee8 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/delete_default_gateway_routes/variables.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} + +variable "random_string_for_testing" { + description = "A random string of characters to be appended to resource names to ensure uniqueness" + default = "a1" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/ilb_routing/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/ilb_routing/main.tf new file mode 100644 index 000000000..9dfdf06c4 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/ilb_routing/main.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + network_name = "ilb-routing-${var.random_string_for_testing}" +} + +module "example" { + source = "../../../examples/ilb_routing" + project_id = var.project_id + network_name = local.network_name +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/ilb_routing/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/ilb_routing/outputs.tf new file mode 100644 index 000000000..8add5ef0a --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/ilb_routing/outputs.tf @@ -0,0 +1,60 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = var.project_id + description = "The ID of the project being used" +} + +output "network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_self_link" { + value = module.example.network_self_link + description = "The URI of the VPC being created" +} + +output "output_subnets_names" { + value = module.example.subnets_names + description = "The names of the subnets being created" +} + +output "output_subnets_ips" { + value = module.example.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "output_subnets_regions" { + value = module.example.subnets_regions + description = "The region where subnets will be created" +} + +output "output_routes" { + value = module.example.route_names + description = "The route names associated with this VPC" +} + +output "forwarding_rule" { + value = module.example.forwarding_rule + description = "Forwarding rule link" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/ilb_routing/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/ilb_routing/variables.tf new file mode 100644 index 000000000..4372ddee8 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/ilb_routing/variables.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} + +variable "random_string_for_testing" { + description = "A random string of characters to be appended to resource names to ensure uniqueness" + default = "a1" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/multi_vpc/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/multi_vpc/main.tf new file mode 100644 index 000000000..400a00d34 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/multi_vpc/main.tf @@ -0,0 +1,26 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +locals { + network_01_name = "multi-vpc-${var.random_string_for_testing}-01" + network_02_name = "multi-vpc-${var.random_string_for_testing}-02" +} + +module "example" { + source = "../../../examples/multi_vpc" + project_id = var.project_id + network_01_name = local.network_01_name + network_02_name = local.network_02_name +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/multi_vpc/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/multi_vpc/outputs.tf new file mode 100644 index 000000000..582ee04dc --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/multi_vpc/outputs.tf @@ -0,0 +1,30 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = var.project_id + description = "The ID of the project being used" +} + +output "network_01_name" { + value = local.network_01_name + description = "The name of the VPC network-01" +} + +output "network_02_name" { + value = local.network_02_name + description = "The name of the VPC network-01" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/multi_vpc/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/multi_vpc/variables.tf new file mode 100644 index 000000000..4372ddee8 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/multi_vpc/variables.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} + +variable "random_string_for_testing" { + description = "A random string of characters to be appended to resource names to ensure uniqueness" + default = "a1" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/secondary_ranges/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/secondary_ranges/main.tf new file mode 100644 index 000000000..39c3036b4 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/secondary_ranges/main.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + network_name = "secondary-ranges-${var.random_string_for_testing}" +} + +module "example" { + source = "../../../examples/secondary_ranges" + project_id = var.project_id + network_name = local.network_name +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/secondary_ranges/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/secondary_ranges/outputs.tf new file mode 100644 index 000000000..651f0e000 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/secondary_ranges/outputs.tf @@ -0,0 +1,70 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = var.project_id + description = "The ID of the project being used" +} + +output "network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_self_link" { + value = module.example.network_self_link + description = "The URI of the VPC being created" +} + +output "output_subnets_names" { + value = module.example.subnets_names + description = "The names of the subnets being created" +} + +output "output_subnets_ips" { + value = module.example.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "output_subnets_regions" { + value = module.example.subnets_regions + description = "The region where subnets will be created" +} + +output "output_subnets_private_access" { + value = module.example.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "output_subnets_flow_logs" { + value = module.example.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "output_subnets_secondary_ranges" { + value = module.example.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets" +} + +output "output_routes" { + value = module.example.route_names + description = "The route names associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/secondary_ranges/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/secondary_ranges/variables.tf new file mode 100644 index 000000000..4372ddee8 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/secondary_ranges/variables.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} + +variable "random_string_for_testing" { + description = "A random string of characters to be appended to resource names to ensure uniqueness" + default = "a1" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/simple_project/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/simple_project/main.tf new file mode 100644 index 000000000..20facc00a --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/simple_project/main.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + network_name = "simple-project-${var.random_string_for_testing}" +} + +module "example" { + source = "../../../examples/simple_project" + project_id = var.project_id + network_name = local.network_name +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/simple_project/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/simple_project/outputs.tf new file mode 100644 index 000000000..651f0e000 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/simple_project/outputs.tf @@ -0,0 +1,70 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = var.project_id + description = "The ID of the project being used" +} + +output "network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_self_link" { + value = module.example.network_self_link + description = "The URI of the VPC being created" +} + +output "output_subnets_names" { + value = module.example.subnets_names + description = "The names of the subnets being created" +} + +output "output_subnets_ips" { + value = module.example.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "output_subnets_regions" { + value = module.example.subnets_regions + description = "The region where subnets will be created" +} + +output "output_subnets_private_access" { + value = module.example.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "output_subnets_flow_logs" { + value = module.example.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "output_subnets_secondary_ranges" { + value = module.example.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets" +} + +output "output_routes" { + value = module.example.route_names + description = "The route names associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/simple_project/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/simple_project/variables.tf new file mode 100644 index 000000000..4372ddee8 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/simple_project/variables.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} + +variable "random_string_for_testing" { + description = "A random string of characters to be appended to resource names to ensure uniqueness" + default = "a1" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/simple_project_with_regional_network/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/simple_project_with_regional_network/main.tf new file mode 100644 index 000000000..5853c6b91 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/simple_project_with_regional_network/main.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + network_name = "simple-regional-${var.random_string_for_testing}" +} + +module "example" { + source = "../../../examples/simple_project_with_regional_network" + project_id = var.project_id + network_name = local.network_name +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/simple_project_with_regional_network/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/simple_project_with_regional_network/outputs.tf new file mode 100644 index 000000000..651f0e000 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/simple_project_with_regional_network/outputs.tf @@ -0,0 +1,70 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = var.project_id + description = "The ID of the project being used" +} + +output "network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_self_link" { + value = module.example.network_self_link + description = "The URI of the VPC being created" +} + +output "output_subnets_names" { + value = module.example.subnets_names + description = "The names of the subnets being created" +} + +output "output_subnets_ips" { + value = module.example.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "output_subnets_regions" { + value = module.example.subnets_regions + description = "The region where subnets will be created" +} + +output "output_subnets_private_access" { + value = module.example.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "output_subnets_flow_logs" { + value = module.example.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "output_subnets_secondary_ranges" { + value = module.example.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets" +} + +output "output_routes" { + value = module.example.route_names + description = "The route names associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/simple_project_with_regional_network/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/simple_project_with_regional_network/variables.tf new file mode 100644 index 000000000..4372ddee8 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/simple_project_with_regional_network/variables.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} + +variable "random_string_for_testing" { + description = "A random string of characters to be appended to resource names to ensure uniqueness" + default = "a1" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/submodule_firewall/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/submodule_firewall/main.tf new file mode 100644 index 000000000..398efe434 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/submodule_firewall/main.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + network_name = "submodule-firewall-${var.random_string_for_testing}" +} + +module "example" { + source = "../../../examples/submodule_firewall" + project_id = var.project_id + network_name = local.network_name +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/submodule_firewall/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/submodule_firewall/outputs.tf new file mode 100644 index 000000000..651f0e000 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/submodule_firewall/outputs.tf @@ -0,0 +1,70 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = var.project_id + description = "The ID of the project being used" +} + +output "network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_name" { + value = module.example.network_name + description = "The name of the VPC being created" +} + +output "output_network_self_link" { + value = module.example.network_self_link + description = "The URI of the VPC being created" +} + +output "output_subnets_names" { + value = module.example.subnets_names + description = "The names of the subnets being created" +} + +output "output_subnets_ips" { + value = module.example.subnets_ips + description = "The IP and cidrs of the subnets being created" +} + +output "output_subnets_regions" { + value = module.example.subnets_regions + description = "The region where subnets will be created" +} + +output "output_subnets_private_access" { + value = module.example.subnets_private_access + description = "Whether the subnets will have access to Google API's without a public IP" +} + +output "output_subnets_flow_logs" { + value = module.example.subnets_flow_logs + description = "Whether the subnets will have VPC flow logs enabled" +} + +output "output_subnets_secondary_ranges" { + value = module.example.subnets_secondary_ranges + description = "The secondary ranges associated with these subnets" +} + +output "output_routes" { + value = module.example.route_names + description = "The route names associated with this VPC" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/submodule_firewall/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/submodule_firewall/variables.tf new file mode 100644 index 000000000..4372ddee8 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/submodule_firewall/variables.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} + +variable "random_string_for_testing" { + description = "A random string of characters to be appended to resource names to ensure uniqueness" + default = "a1" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/submodule_network_peering/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/submodule_network_peering/main.tf new file mode 100644 index 000000000..b3c459e0e --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/submodule_network_peering/main.tf @@ -0,0 +1,20 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +module "peerings" { + source = "../../../examples/submodule_network_peering" + project_id = var.project_id +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/submodule_network_peering/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/submodule_network_peering/outputs.tf new file mode 100644 index 000000000..13fb41f55 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/submodule_network_peering/outputs.tf @@ -0,0 +1,23 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = var.project_id +} + +output "peerings" { + value = module.peerings +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/submodule_network_peering/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/submodule_network_peering/variables.tf new file mode 100644 index 000000000..89e4e5786 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/fixtures/submodule_network_peering/variables.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The GCP project to use for integration tests" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/delete_default_gateway_routes/controls/gcloud.rb b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/delete_default_gateway_routes/controls/gcloud.rb new file mode 100644 index 000000000..d59bdad86 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/delete_default_gateway_routes/controls/gcloud.rb @@ -0,0 +1,45 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') + +control "gcloud" do + title "gcloud configuration" + + # Verify that no routes whose names begin with 'default-route' and whose + # nextHopGateway is the default-internet-gateway exist + describe command("gcloud compute routes list --project=#{project_id} --filter=\"nextHopGateway:https://www.googleapis.com/compute/v1/projects/#{project_id}/global/gateways/default-internet-gateway AND network:https://www.googleapis.com/compute/v1/projects/#{project_id}/global/networks/#{network_name}\" --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "routes" do + it "should only be one" do + expect(data.length).to eq 1 + end + + it "should not begin with 'default-route'" do + expect(data.first["name"]).not_to match(/^default-route/) + end + end + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/delete_default_gateway_routes/inspec.yml b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/delete_default_gateway_routes/inspec.yml new file mode 100644 index 000000000..0b5e75e3d --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/delete_default_gateway_routes/inspec.yml @@ -0,0 +1,8 @@ +name: delete_default_gateway_routes +attributes: + - name: project_id + required: true + type: string + - name: network_name + required: true + type: string diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/ilb_routing/controls/gcloud.rb b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/ilb_routing/controls/gcloud.rb new file mode 100644 index 000000000..e4c3de90b --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/ilb_routing/controls/gcloud.rb @@ -0,0 +1,116 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') +forwarding_rule = attribute('forwarding_rule') + +control "gcloud" do + title "gcloud configuration" + + describe command("gcloud compute networks subnets describe #{network_name}-subnet --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "purpose should be correct" do + expect(data).to include( + "purpose" => "PRIVATE", + ) + end + it "role should not exist" do + expect(data).to_not include( + "role" + ) + end + end + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-01 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "purpose and role should be correct" do + expect(data).to include( + "purpose" => "INTERNAL_HTTPS_LOAD_BALANCER", + "role" => "ACTIVE" + ) + end + end + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-02 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "purpose and role should be correct" do + expect(data).to include( + "purpose" => "INTERNAL_HTTPS_LOAD_BALANCER", + "role" => "BACKUP" + ) + end + end + + describe command("gcloud compute routes describe '#{network_name}-ilb' --project=#{project_id} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "destRange" do + it "should equal '10.10.20.0/24'" do + expect(data["destRange"]).to eq '10.10.20.0/24' + end + end + + describe "tags" do + it "should equal 'egress-inet'" do + expect(data["tags"]).to eq nil + end + end + + describe "nextHopIlb" do + it "should equal the forwarding rule" do + expect(data["nextHopIlb"]).to eq forwarding_rule + end + end + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/ilb_routing/inspec.yml b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/ilb_routing/inspec.yml new file mode 100644 index 000000000..5671b8366 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/ilb_routing/inspec.yml @@ -0,0 +1,15 @@ +name: ilb_routing +depends: + - name: inspec-gcp + git: https://github.com/inspec/inspec-gcp.git + tag: v0.11.0 +attributes: + - name: project_id + required: true + type: string + - name: network_name + required: true + type: string + - name: forwarding_rule + required: true + type: string diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/multi_vpc/controls/gcloud.rb b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/multi_vpc/controls/gcloud.rb new file mode 100644 index 000000000..7c0e1c929 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/multi_vpc/controls/gcloud.rb @@ -0,0 +1,116 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_01_name = attribute('network_01_name') +network_02_name = attribute('network_02_name') + +control "gcloud" do + title "gcloud configuration" + + describe command("gcloud compute routes describe '#{network_01_name}-egress-inet' --project=#{project_id} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + let(:default_internet_gateway) { "https://www.googleapis.com/compute/v1/projects/#{project_id}/global/gateways/default-internet-gateway" } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "destRange" do + it "should equal '0.0.0.0/0'" do + expect(data["destRange"]).to eq '0.0.0.0/0' + end + end + + describe "tags" do + it "should equal 'egress-inet'" do + expect(data["tags"]).to eq ['egress-inet'] + end + end + + describe "nextHopGateway" do + it "should equal the default internet gateway" do + expect(data["nextHopGateway"]).to eq default_internet_gateway + end + end + end + + describe command("gcloud compute routes describe '#{network_02_name}-egress-inet' --project=#{project_id} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + let(:default_internet_gateway) { "https://www.googleapis.com/compute/v1/projects/#{project_id}/global/gateways/default-internet-gateway" } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "destRange" do + it "should equal '0.0.0.0/0'" do + expect(data["destRange"]).to eq '0.0.0.0/0' + end + end + + describe "tags" do + it "should equal 'egress-inet'" do + expect(data["tags"]).to eq ['egress-inet'] + end + end + + describe "nextHopGateway" do + it "should equal the default internet gateway" do + expect(data["nextHopGateway"]).to eq default_internet_gateway + end + end + end + + describe command("gcloud compute routes describe '#{network_02_name}-testapp-proxy' --project=#{project_id} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "destRange" do + it "should equal '10.50.10.0/24'" do + expect(data["destRange"]).to eq '10.50.10.0/24' + end + end + + describe "tags" do + it "should equal 'app-proxy'" do + expect(data["tags"]).to eq ['app-proxy'] + end + end + + describe "nextHopIp" do + it "should equal '10.10.40.10'" do + expect(data["nextHopIp"]).to eq '10.10.40.10' + end + end + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/multi_vpc/inspec.yml b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/multi_vpc/inspec.yml new file mode 100644 index 000000000..4e012dffe --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/multi_vpc/inspec.yml @@ -0,0 +1,11 @@ +name: multi_vpc +attributes: + - name: project_id + required: true + type: string + - name: network_01_name + required: true + type: string + - name: network_02_name + required: true + type: string diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/secondary_ranges/controls/gcloud.rb b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/secondary_ranges/controls/gcloud.rb new file mode 100644 index 000000000..19a1b66da --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/secondary_ranges/controls/gcloud.rb @@ -0,0 +1,101 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') + +control "gcloud" do + title "gcloud configuration" + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-01 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "should have the correct secondaryIpRanges configuration for #{network_name}-subnet-01-01" do + expect(data["secondaryIpRanges"][0]).to include( + "rangeName" => "#{network_name}-subnet-01-01", + "ipCidrRange" => "192.168.64.0/24" + ) + end + + it "should have the correct secondaryIpRanges configuration for #{network_name}-subnet-01-02" do + expect(data["secondaryIpRanges"][1]).to include( + "rangeName" => "#{network_name}-subnet-01-02", + "ipCidrRange" => "192.168.65.0/24" + ) + end + end + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-02 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "should have the correct secondaryIpRanges configuration for #{network_name}-subnet-02" do + expect(data).not_to include("secondaryIpRanges") + end + end + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-03 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "should have the correct secondaryIpRanges configuration for #{network_name}-subnet-03-01" do + expect(data["secondaryIpRanges"][0]).to include( + "rangeName" => "#{network_name}-subnet-03-01", + "ipCidrRange" => "192.168.66.0/24" + ) + end + end + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-04 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "should have the correct secondaryIpRanges configuration for #{network_name}-subnet-04" do + expect(data).not_to include("secondaryIpRanges") + end + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/secondary_ranges/controls/inspec_attributes.rb b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/secondary_ranges/controls/inspec_attributes.rb new file mode 100644 index 000000000..2f9ed48c3 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/secondary_ranges/controls/inspec_attributes.rb @@ -0,0 +1,61 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') + +control "inspec_attributes" do + title "Terraform Outputs" + desc "Terraform Outputs" + + describe attribute("output_network_name") do + it { should eq "#{network_name}" } + end + + describe attribute("output_network_self_link") do + it { should eq "https://www.googleapis.com/compute/v1/projects/#{project_id}/global/networks/#{network_name}" } + end + + describe attribute("output_subnets_ips") do + it { should eq ["10.10.10.0/24", "10.10.20.0/24", "10.10.30.0/24", "10.10.40.0/24"] } + end + + describe attribute("output_routes") do + it { should eq [] } + end + + describe attribute("output_subnets_flow_logs") do + it { should eq [false, true, true, false] } + end + + describe attribute("output_subnets_names") do + it { should eq ["#{network_name}-subnet-01", "#{network_name}-subnet-02", "#{network_name}-subnet-03", "#{network_name}-subnet-04"] } + end + + describe attribute("output_subnets_private_access") do + it { should eq [false, true, false, false] } + end + + describe attribute("output_subnets_regions") do + it { should eq ["us-west1", "us-west1", "us-west1", "us-west1"] } + end + + describe attribute("output_subnets_secondary_ranges") do + it { should eq [{"ip_cidr_range"=>"192.168.64.0/24", "range_name"=>"#{network_name}-subnet-01-01"}, {"ip_cidr_range"=>"192.168.65.0/24", "range_name"=>"#{network_name}-subnet-01-02"}, {"ip_cidr_range"=>"192.168.66.0/24", "range_name"=>"#{network_name}-subnet-03-01"}] } + end + + describe attribute("project_id") do + it { should eq project_id } + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/secondary_ranges/inspec.yml b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/secondary_ranges/inspec.yml new file mode 100644 index 000000000..c11e66122 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/secondary_ranges/inspec.yml @@ -0,0 +1,30 @@ +name: secondary_ranges +attributes: + - name: project_id + required: true + type: string + - name: network_name + required: true + type: string + - name: output_network_name + required: true + type: string + - name: output_network_self_link + required: true + type: string + - name: output_subnets_ips + required: true + - name: output_routes + required: true + - name: output_subnets_flow_logs + required: true + - name: output_subnets_names + required: true + - name: output_subnets_private_access + required: true + - name: output_subnets_regions + required: true + - name: output_subnets_secondary_ranges + required: true + - name: output_project_id + required: true diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/simple_project/controls/gcloud.rb b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/simple_project/controls/gcloud.rb new file mode 100644 index 000000000..0ffad824b --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/simple_project/controls/gcloud.rb @@ -0,0 +1,89 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') + +control "gcloud" do + title "gcloud configuration" + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-01 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "logConfig should not be enabled" do + expect(data).to include( + "logConfig" => { + "enable" => false, + } + ) + end + end + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-02 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "Default log config should be correct" do + expect(data).to include( + "logConfig" => { + "aggregationInterval" => "INTERVAL_5_SEC", + "enable" => true, + "flowSampling" => 0.5, + "metadata" => "INCLUDE_ALL_METADATA" + } + ) + end + end + + describe command("gcloud compute networks subnets describe #{network_name}-subnet-03 --project=#{project_id} --region=us-west1 --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + it "Log config should be correct" do + expect(data).to include( + "logConfig" => { + "aggregationInterval" => "INTERVAL_10_MIN", + "enable" => true, + "flowSampling" => 0.7, + "metadata" => "INCLUDE_ALL_METADATA" + } + ) + end + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/simple_project/controls/gcp.rb b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/simple_project/controls/gcp.rb new file mode 100644 index 000000000..d48c79da6 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/simple_project/controls/gcp.rb @@ -0,0 +1,57 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') + +control "gcp" do + title "Google Cloud configuration" + + describe google_compute_network( + project: project_id, + name: network_name + ) do + it { should exist } + end + + describe google_compute_subnetwork( + project: project_id, + name: "#{network_name}-subnet-01", + region: "us-west1" + ) do + it { should exist } + its('ip_cidr_range') { should eq "10.10.10.0/24" } + its('private_ip_google_access') { should be false } + end + + describe google_compute_subnetwork( + project: project_id, + name: "#{network_name}-subnet-02", + region: "us-west1" + ) do + it { should exist } + its('ip_cidr_range') { should eq "10.10.20.0/24" } + its('private_ip_google_access') { should be true } + end + + describe google_compute_subnetwork( + project: project_id, + name: "#{network_name}-subnet-03", + region: "us-west1" + ) do + it { should exist } + its('ip_cidr_range') { should eq "10.10.30.0/24" } + its('private_ip_google_access') { should be false } + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/simple_project/inspec.yml b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/simple_project/inspec.yml new file mode 100644 index 000000000..7e69b5296 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/simple_project/inspec.yml @@ -0,0 +1,12 @@ +name: simple_project +depends: + - name: inspec-gcp + git: https://github.com/inspec/inspec-gcp.git + tag: v0.11.0 +attributes: + - name: project_id + required: true + type: string + - name: network_name + required: true + type: string diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/simple_project_with_regional_network/controls/gcp.rb b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/simple_project_with_regional_network/controls/gcp.rb new file mode 100644 index 000000000..84fec52cf --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/simple_project_with_regional_network/controls/gcp.rb @@ -0,0 +1,28 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') + +control "gcp" do + title "Google Cloud configuration" + + describe google_compute_network( + project: project_id, + name: network_name + ) do + it { should exist } + its('routing_config.routing_mode') { should eq 'REGIONAL' } + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/simple_project_with_regional_network/inspec.yml b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/simple_project_with_regional_network/inspec.yml new file mode 100644 index 000000000..b6f43e92f --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/simple_project_with_regional_network/inspec.yml @@ -0,0 +1,12 @@ +name: simple_project_with_regional_network +depends: + - name: inspec-gcp + git: https://github.com/inspec/inspec-gcp.git + tag: v0.11.0 +attributes: + - name: project_id + required: true + type: string + - name: network_name + required: true + type: string diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/submodule_firewall/controls/gcloud.rb b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/submodule_firewall/controls/gcloud.rb new file mode 100644 index 000000000..1bce484f8 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/submodule_firewall/controls/gcloud.rb @@ -0,0 +1,185 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') + +control "gcloud" do + title "gcloud configuration" + + describe command("gcloud compute firewall-rules describe #{network_name}-ingress-internal --project=#{project_id} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "internal rule" do + it "should exist" do + expect(data).to include( + "sourceRanges" => ["10.10.20.0/24", "10.10.10.0/24"] + ) + end + end + + describe "allowed internal rules" do + it "should contain ICMP rule" do + expect(data["allowed"]).to include({"IPProtocol" => "icmp"}) + end + + it "should contain UDP rule" do + expect(data["allowed"]).to include({"IPProtocol" => "udp"}) + end + + it "should contain TCP rule" do + expect(data["allowed"]).to include({"IPProtocol"=>"tcp", "ports"=>["8080", "1000-2000"]}) + end + end + end + + # Custom rules + describe command("gcloud compute firewall-rules describe allow-backend-to-databases --project=#{project_id} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "Custom TAG rule" do + it "has backend tag as source" do + expect(data).to include( + "sourceTags" => ["backed"] + ) + end + + it "has databases tag as target" do + expect(data).to include( + "targetTags" => ["databases"] + ) + end + + it "has expected TCP rule" do + expect(data["allowed"]).to include( + { + "IPProtocol" => "tcp", + "ports" => ["3306", "5432", "1521", "1433"] + } + ) + end + end + end + +describe command("gcloud compute firewall-rules describe deny-ingress-6534-6566 --project=#{project_id} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "deny-ingress-6534-6566" do + it "should be disabled" do + expect(data).to include( + "disabled" => true + ) + end + + it "has 0.0.0.0/0 source range" do + expect(data).to include( + "sourceRanges" => ["0.0.0.0/0"] + ) + end + + it "has expected TCP rules" do + expect(data["denied"]).to include( + { + "IPProtocol" => "tcp", + "ports" => ["6534-6566"] + } + ) + end + + it "has expected UDP rules" do + expect(data["denied"]).to include( + { + "IPProtocol" => "udp", + "ports" => ["6534-6566"] + } + ) + end + end + end + + +describe command("gcloud compute firewall-rules describe allow-all-admin-sa --project=#{project_id} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "allow-all-admin-sa" do + it "should be enabled" do + expect(data).to include( + "disabled" => false + ) + end + + it "should has correct source SA" do + expect(data["sourceServiceAccounts"]).to eq(["admin@my-shiny-org.iam.gserviceaccount.com"]) + end + + it "should has priority 30" do + expect(data["priority"]).to eq(30) + end + + it "has expected TCP rules" do + expect(data["allowed"]).to include( + { + "IPProtocol" => "tcp" + } + ) + end + + it "has expected UDP rules" do + expect(data["allowed"]).to include( + { + "IPProtocol" => "udp" + } + ) + end + end + end + +end + diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/submodule_firewall/controls/gcp.rb b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/submodule_firewall/controls/gcp.rb new file mode 100644 index 000000000..3fb736c0d --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/submodule_firewall/controls/gcp.rb @@ -0,0 +1,32 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') + +control "gcp" do + title "Google Cloud configuration" + + describe google_compute_firewalls(project: project_id) do + its('firewall_names') { should include "#{network_name}-ingress-internal" } + its('firewall_names') { should include "#{network_name}-ingress-tag-http" } + its('firewall_names') { should include "#{network_name}-ingress-tag-https" } + its('firewall_names') { should include "#{network_name}-ingress-tag-ssh" } + its('firewall_names') { should_not include "default-ingress-admins" } + its('firewall_names') { should include "deny-ingress-6534-6566" } + its('firewall_names') { should include "allow-backend-to-databases" } + its('firewall_names') { should include "allow-all-admin-sa" } + end + +end diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/submodule_firewall/controls/inspec_attributes.rb b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/submodule_firewall/controls/inspec_attributes.rb new file mode 100644 index 000000000..25320c41e --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/submodule_firewall/controls/inspec_attributes.rb @@ -0,0 +1,61 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +network_name = attribute('network_name') + +control "inspec_attributes" do + title "Terraform Outputs" + desc "Terraform Outputs" + + describe attribute("output_network_name") do + it { should eq "#{network_name}" } + end + + describe attribute("output_network_self_link") do + it { should eq "https://www.googleapis.com/compute/v1/projects/#{project_id}/global/networks/#{network_name}" } + end + + describe attribute("output_subnets_ips") do + it { should eq ["10.10.10.0/24", "10.10.20.0/24"] } + end + + describe attribute("output_routes") do + it { should eq [] } + end + + describe attribute("output_subnets_flow_logs") do + it { should eq [false, true] } + end + + describe attribute("output_subnets_names") do + it { should eq ["#{network_name}-subnet-01", "#{network_name}-subnet-02"] } + end + + describe attribute("output_subnets_private_access") do + it { should eq [false, true] } + end + + describe attribute("output_subnets_regions") do + it { should eq ["us-west1", "us-west1"] } + end + + describe attribute("output_subnets_secondary_ranges") do + it { should eq [[],[]] } + end + + describe attribute("output_project_id") do + it { should eq project_id } + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/submodule_firewall/inspec.yml b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/submodule_firewall/inspec.yml new file mode 100644 index 000000000..8f1d70e75 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/submodule_firewall/inspec.yml @@ -0,0 +1,34 @@ +name: submodule_firewall +depends: + - name: inspec-gcp + git: https://github.com/inspec/inspec-gcp.git + tag: v0.11.0 +attributes: + - name: project_id + required: true + type: string + - name: network_name + required: true + type: string + - name: output_network_name + required: true + type: string + - name: output_network_self_link + required: true + type: string + - name: output_subnets_ips + required: true + - name: output_routes + required: true + - name: output_subnets_flow_logs + required: true + - name: output_subnets_names + required: true + - name: output_subnets_private_access + required: true + - name: output_subnets_regions + required: true + - name: output_subnets_secondary_ranges + required: true + - name: output_project_id + required: true diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/submodule_network_peering/controls/gcloud.rb b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/submodule_network_peering/controls/gcloud.rb new file mode 100644 index 000000000..894e46dc0 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/submodule_network_peering/controls/gcloud.rb @@ -0,0 +1,107 @@ +# Copyright 2019 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +project_id = attribute('project_id') +peerings = attribute('peerings') + +control "gcloud" do + title "gcloud configuration" + peerings.each do |key, value| + local_network_peering = value['local_network_peering'] + peer_network_peering = value['peer_network_peering'] + local_network_self_link = local_network_peering['network'] + peer_network_self_link = peer_network_peering['network'] + local_network_name = local_network_self_link.split('/')[-1] + peer_network_name = peer_network_self_link.split('/')[-1] + + describe command("gcloud compute networks peerings list --project=#{project_id} --network=#{local_network_name} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "local VPC peering" do + it "should exist" do + expect(data[0]['peerings'].select{|x| x['name'] == local_network_peering['name']}).not_to be_empty + end + it "should be active" do + expect(data[0]['peerings'].select{|x| x['name'] == local_network_peering['name']}[0]['state']).to eq( + "ACTIVE" + ) + end + it "should be connected to #{peer_network_name} network" do + expect(data[0]['peerings'].select{|x| x['name'] == local_network_peering['name']}[0]['network']).to eq( + peer_network_self_link + ) + end + it "should export custom routes" do + expect(data[0]['peerings'].select{|x| x['name'] == local_network_peering['name']}[0]['exportCustomRoutes']).to eq( + true + ) + end + it "should not import custom routes" do + expect(data[0]['peerings'].select{|x| x['name'] == local_network_peering['name']}[0]['importCustomRoutes']).to eq( + false + ) + end + end + + end + + describe command("gcloud compute networks peerings list --project=#{project_id} --network=#{peer_network_name} --format=json") do + its(:exit_status) { should eq 0 } + its(:stderr) { should eq '' } + + let(:data) do + if subject.exit_status == 0 + JSON.parse(subject.stdout) + else + {} + end + end + + describe "peer VPC peering" do + it "should exist" do + expect(data[0]['peerings'].select{|x| x['name'] == peer_network_peering['name']}).not_to be_empty + end + it "should be active" do + expect(data[0]['peerings'].select{|x| x['name'] == peer_network_peering['name']}[0]['state']).to eq( + "ACTIVE" + ) + end + it "should be connected to #{local_network_name} network" do + expect(data[0]['peerings'].select{|x| x['name'] == peer_network_peering['name']}[0]['network']).to eq( + local_network_self_link + ) + end + it "should not export custom routes" do + expect(data[0]['peerings'].select{|x| x['name'] == peer_network_peering['name']}[0]['exportCustomRoutes']).to eq( + false + ) + end + it "should import custom routes" do + expect(data[0]['peerings'].select{|x| x['name'] == peer_network_peering['name']}[0]['importCustomRoutes']).to eq( + true + ) + end + end + end + end +end diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/submodule_network_peering/inspec.yml b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/submodule_network_peering/inspec.yml new file mode 100644 index 000000000..55de6b25f --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/integration/submodule_network_peering/inspec.yml @@ -0,0 +1,8 @@ +name: submodule_network_peering +attributes: + - name: project_id + required: true + type: string + - name: peerings + type: hash + required: true diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/setup/README.md b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/setup/README.md new file mode 100644 index 000000000..258fb6981 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/setup/README.md @@ -0,0 +1,35 @@ +# Integration Testing + +Use this directory to create resources reflecting the same resource fixtures +created for use by the CI environment CI integration test pipelines. The intent +of these resources is to run the integration tests locally as closely as +possible to how they will run in the CI system. + +Once created, store the service account key content into the +`SERVICE_ACCOUNT_JSON` environment variable. This reflects the same behavior +as used in CI. + +For example: + +```bash +terraform init +terraform apply +mkdir -p ~/.credentials +terraform output sa_key | base64 --decode > ~/.credentials/network-sa.json +``` + +Then, configure the environment (suggest using direnv) like so: + +```bash +export SERVICE_ACCOUNT_JSON=$(cat ${HOME}/.credentials/network-sa.json) +export PROJECT_ID="network-module" +``` + +With these variables set, change to the root of the module and execute the +`make test_integration` task. This make target is the same that is executed +by this module's CI pipeline during integration testing, and will run the +integration tests from your machine. + +Alternatively, to run the integration tests directly from the Docker +container used by the module's CI pipeline, perform the above steps and then +run the `make test_integration_docker` target diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/setup/iam.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/setup/iam.tf new file mode 100644 index 000000000..fa3c79045 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/setup/iam.tf @@ -0,0 +1,41 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + int_required_roles = [ + "roles/compute.networkAdmin", + "roles/compute.securityAdmin", + "roles/iam.serviceAccountUser", + ] +} + +resource "google_service_account" "int_test" { + project = module.project.project_id + account_id = "ci-network" + display_name = "ci-network" +} + +resource "google_project_iam_member" "int_test" { + count = length(local.int_required_roles) + + project = module.project.project_id + role = local.int_required_roles[count.index] + member = "serviceAccount:${google_service_account.int_test.email}" +} + +resource "google_service_account_key" "int_test" { + service_account_id = google_service_account.int_test.id +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/setup/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/setup/main.tf new file mode 100644 index 000000000..f89684ea1 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/setup/main.tf @@ -0,0 +1,32 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +module "project" { + source = "terraform-google-modules/project-factory/google" + version = "~> 4.0" + + name = "ci-network" + random_project_id = "true" + org_id = var.org_id + folder_id = var.folder_id + billing_account = var.billing_account + + activate_apis = [ + "cloudresourcemanager.googleapis.com", + "compute.googleapis.com", + "serviceusage.googleapis.com" + ] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/setup/outputs.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/setup/outputs.tf new file mode 100644 index 000000000..08753a4b9 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/setup/outputs.tf @@ -0,0 +1,24 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "project_id" { + value = module.project.project_id +} + +output "sa_key" { + value = google_service_account_key.int_test.private_key + sensitive = true +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/setup/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/setup/variables.tf new file mode 100644 index 000000000..53dd1ed77 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/setup/variables.tf @@ -0,0 +1,26 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +variable "org_id" { + description = "The numeric organization id" +} + +variable "folder_id" { + description = "The folder to deploy in" +} + +variable "billing_account" { + description = "The billing account id associated with the project, e.g. XXXXXX-YYYYYY-ZZZZZZ" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/setup/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/setup/versions.tf new file mode 100644 index 000000000..38af399dc --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/test/setup/versions.tf @@ -0,0 +1,27 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" +} + +provider "google" { + version = "~> 2.12.0" +} + +provider "google-beta" { + version = "~> 2.12.0" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/variables.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/variables.tf new file mode 100644 index 000000000..1770d50fa --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/variables.tf @@ -0,0 +1,70 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The ID of the project where this VPC will be created" +} + +variable "network_name" { + description = "The name of the network being created" +} + +variable "routing_mode" { + type = string + default = "GLOBAL" + description = "The network routing mode (default 'GLOBAL')" +} + +variable "shared_vpc_host" { + type = bool + description = "Makes this project a Shared VPC host if 'true' (default 'false')" + default = false +} + +variable "subnets" { + type = list(map(string)) + description = "The list of subnets being created" +} + +variable "secondary_ranges" { + type = map(list(object({ range_name = string, ip_cidr_range = string }))) + description = "Secondary ranges that will be used in some of the subnets" + default = {} +} + +variable "routes" { + type = list(map(string)) + description = "List of routes being created in this VPC" + default = [] +} + +variable "delete_default_internet_gateway_routes" { + description = "If set, ensure that all routes within the network specified whose names begin with 'default-route' and with a next hop of 'default-internet-gateway' are deleted" + default = "false" +} + + +variable "description" { + type = string + description = "An optional description of this resource. The resource must be recreated to modify this field." + default = "" +} + +variable "auto_create_subnetworks" { + type = bool + description = "When set to true, the network is created in 'auto subnet mode' and it will create a subnet for each region automatically across the 10.128.0.0/9 address range. When set to false, the network is created in 'custom subnet mode' so the user can explicitly connect subnetwork resources." + default = false +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/versions.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/versions.tf new file mode 100644 index 000000000..c1eedd7e1 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/four/terraform-google-network-2.3.0/versions.tf @@ -0,0 +1,22 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = "~> 0.12.6" + required_providers { + google = "<4.0,>= 2.12" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/modules.json b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/modules.json new file mode 100644 index 000000000..04a6d2e7d --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/modules/modules.json @@ -0,0 +1 @@ +{"Modules":[{"Key":"four","Source":"terraform-google-modules/network/google","Version":"2.3.0","Dir":".terraform/modules/four/terraform-google-network-2.3.0"},{"Key":"five.routes","Source":"./modules/routes","Dir":".terraform/modules/five/terraform-google-network-2.3.0/modules/routes"},{"Key":"five.vpc","Source":"./modules/vpc","Dir":".terraform/modules/five/terraform-google-network-2.3.0/modules/vpc"},{"Key":"five","Source":"terraform-google-modules/network/google","Version":"2.3.0","Dir":".terraform/modules/five/terraform-google-network-2.3.0"},{"Key":"five.subnets","Source":"./modules/subnets","Dir":".terraform/modules/five/terraform-google-network-2.3.0/modules/subnets"},{"Key":"four.routes","Source":"./modules/routes","Dir":".terraform/modules/four/terraform-google-network-2.3.0/modules/routes"},{"Key":"four.subnets","Source":"./modules/subnets","Dir":".terraform/modules/four/terraform-google-network-2.3.0/modules/subnets"},{"Key":"four.vpc","Source":"./modules/vpc","Dir":".terraform/modules/four/terraform-google-network-2.3.0/modules/vpc"},{"Key":"second","Source":"./beta","Dir":"beta"},{"Key":"","Source":"","Dir":"."},{"Key":"first","Source":"./alpha","Dir":"alpha"},{"Key":"three","Source":"./alpha","Dir":"alpha"}]} \ No newline at end of file diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/plugins/darwin_amd64/lock.json b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/plugins/darwin_amd64/lock.json new file mode 100755 index 000000000..4a906973c --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/.terraform/plugins/darwin_amd64/lock.json @@ -0,0 +1,6 @@ +{ + "aws": "15303dfdb1e55005e47559799f5c38f5d8bbca517db42898172c9d637d5b8113", + "azurerm": "718d753146a7589a552a7586dde44e24c12a1719b8122ecca1e244d861d7fca6", + "google": "8a868aee3493785d724d5521a252b28b0763376c50205283cb4e773a612f396b", + "null": "b1d97b7013b6aaa4205bad9db8ce7ff4d6fc27d7c6ed8b2227213f3441f6208e" +} \ No newline at end of file diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/alpha/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/alpha/main.tf new file mode 100644 index 000000000..a3a53b9cc --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/alpha/main.tf @@ -0,0 +1,8 @@ +provider "aws" { + version = "~> 2.0" + region = "us-east-1" +} + +resource "aws_vpc" "example" { + cidr_block = "10.0.0.0/16" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/beta/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/beta/main.tf new file mode 100644 index 000000000..abad9ab4e --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/beta/main.tf @@ -0,0 +1,9 @@ +provider "azurerm" { + version = "~> 2.0" + features {} +} + +resource "azurerm_resource_group" "example" { + name = "example-resources" + location = "West Europe" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/charlie/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/charlie/main.tf new file mode 100644 index 000000000..2c19a5f94 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/charlie/main.tf @@ -0,0 +1,10 @@ +provider "kubernetes" { + config_context_auth_info = "ops" + config_context_cluster = "mycluster" +} + +resource "kubernetes_namespace" "example" { + metadata { + name = "my-first-namespace" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/main.tf new file mode 100644 index 000000000..994c5e4d2 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-and-ext-modules/main.tf @@ -0,0 +1,45 @@ +module "first" { + source = "./alpha" +} + +module "second" { + source = "./beta" +} + +module "three" { + source = "./alpha" +} + +module "four" { + source = "terraform-google-modules/network/google" + version = "~> 2.3" + + project_id = "1234567891234567" + network_name = "example-first" + routing_mode = "GLOBAL" + + subnets = [ + { + subnet_name = "subnet-a-01" + subnet_ip = "10.10.10.0/24" + subnet_region = "us-west1" + } + ] +} + +module "five" { + source = "terraform-google-modules/network/google" + version = "~> 2.3" + + project_id = "1234567891234567" + network_name = "example-second" + routing_mode = "GLOBAL" + + subnets = [ + { + subnet_name = "subnet-b-01" + subnet_ip = "10.20.10.0/24" + subnet_region = "us-west1" + } + ] +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-modules-only/.terraform/modules/modules.json b/internal/terraform/rootmodule/testdata/single-root-local-modules-only/.terraform/modules/modules.json new file mode 100644 index 000000000..599ad8f0d --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-modules-only/.terraform/modules/modules.json @@ -0,0 +1 @@ +{"Modules":[{"Key":"","Source":"","Dir":"."},{"Key":"first","Source":"./alpha","Dir":"alpha"},{"Key":"second","Source":"./alpha","Dir":"alpha"},{"Key":"three","Source":"./beta","Dir":"beta"}]} \ No newline at end of file diff --git a/internal/terraform/rootmodule/testdata/single-root-local-modules-only/.terraform/plugins/darwin_amd64/lock.json b/internal/terraform/rootmodule/testdata/single-root-local-modules-only/.terraform/plugins/darwin_amd64/lock.json new file mode 100755 index 000000000..301444681 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-modules-only/.terraform/plugins/darwin_amd64/lock.json @@ -0,0 +1,4 @@ +{ + "aws": "15303dfdb1e55005e47559799f5c38f5d8bbca517db42898172c9d637d5b8113", + "azurerm": "718d753146a7589a552a7586dde44e24c12a1719b8122ecca1e244d861d7fca6" +} \ No newline at end of file diff --git a/internal/terraform/rootmodule/testdata/single-root-local-modules-only/alpha/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-modules-only/alpha/main.tf new file mode 100644 index 000000000..a3a53b9cc --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-modules-only/alpha/main.tf @@ -0,0 +1,8 @@ +provider "aws" { + version = "~> 2.0" + region = "us-east-1" +} + +resource "aws_vpc" "example" { + cidr_block = "10.0.0.0/16" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-modules-only/beta/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-modules-only/beta/main.tf new file mode 100644 index 000000000..abad9ab4e --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-modules-only/beta/main.tf @@ -0,0 +1,9 @@ +provider "azurerm" { + version = "~> 2.0" + features {} +} + +resource "azurerm_resource_group" "example" { + name = "example-resources" + location = "West Europe" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-modules-only/charlie/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-modules-only/charlie/main.tf new file mode 100644 index 000000000..2c19a5f94 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-modules-only/charlie/main.tf @@ -0,0 +1,10 @@ +provider "kubernetes" { + config_context_auth_info = "ops" + config_context_cluster = "mycluster" +} + +resource "kubernetes_namespace" "example" { + metadata { + name = "my-first-namespace" + } +} diff --git a/internal/terraform/rootmodule/testdata/single-root-local-modules-only/main.tf b/internal/terraform/rootmodule/testdata/single-root-local-modules-only/main.tf new file mode 100644 index 000000000..4b130282c --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-local-modules-only/main.tf @@ -0,0 +1,11 @@ +module "first" { + source = "./alpha" +} + +module "second" { + source = "./alpha" +} + +module "three" { + source = "./beta" +} diff --git a/internal/terraform/rootmodule/testdata/single-root-no-modules/.terraform/plugins/darwin_amd64/lock.json b/internal/terraform/rootmodule/testdata/single-root-no-modules/.terraform/plugins/darwin_amd64/lock.json new file mode 100755 index 000000000..51a6f9448 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-no-modules/.terraform/plugins/darwin_amd64/lock.json @@ -0,0 +1,3 @@ +{ + "random": "7903b3f4d7067b3e8ca2440aa4342b57286310e074a806d0f1a673034969817b" +} \ No newline at end of file diff --git a/internal/terraform/rootmodule/testdata/single-root-no-modules/main.tf b/internal/terraform/rootmodule/testdata/single-root-no-modules/main.tf new file mode 100644 index 000000000..68ce7ea61 --- /dev/null +++ b/internal/terraform/rootmodule/testdata/single-root-no-modules/main.tf @@ -0,0 +1,6 @@ +resource "random_pet" "application" { + count = 3 + keepers = { + unique = "unique" + } +} diff --git a/internal/terraform/rootmodule/types.go b/internal/terraform/rootmodule/types.go index 31056cd90..f99099051 100644 --- a/internal/terraform/rootmodule/types.go +++ b/internal/terraform/rootmodule/types.go @@ -21,7 +21,15 @@ type TerraformExecFinder interface { TerraformExecutorForDir(path string) (*exec.Executor, error) } +type RootModuleCandidateFinder interface { + RootModuleCandidatesByPath(path string) []string +} + type RootModuleManager interface { + ParserFinder + TerraformExecFinder + RootModuleCandidateFinder + SetLogger(logger *log.Logger) SetTerraformExecPath(path string) SetTerraformExecLogPath(logPath string) @@ -29,8 +37,6 @@ type RootModuleManager interface { AddRootModule(dir string) error PathsToWatch() []string RootModuleByPath(path string) (RootModule, error) - ParserForDir(path string) (lang.Parser, error) - TerraformExecutorForDir(path string) (*exec.Executor, error) } type RootModule interface { diff --git a/internal/terraform/rootmodule/walker.go b/internal/terraform/rootmodule/walker.go new file mode 100644 index 000000000..b43f39b51 --- /dev/null +++ b/internal/terraform/rootmodule/walker.go @@ -0,0 +1,74 @@ +package rootmodule + +import ( + "io/ioutil" + "log" + "os" + "path/filepath" +) + +var ( + discardLogger = log.New(ioutil.Discard, "", 0) + + // skipDirNames represent directory names which would never contain + // plugin/module cache, so it's safe to skip them during the walk + skipDirNames = map[string]bool{ + ".git": true, + ".idea": true, + ".vscode": true, + "terraform.tfstate.d": true, + } +) + +type Walker struct { + logger *log.Logger +} + +func NewWalker() *Walker { + return &Walker{ + logger: discardLogger, + } +} + +func (w *Walker) SetLogger(logger *log.Logger) { + w.logger = logger +} + +type WalkFunc func(rootModulePath string) error + +func (w *Walker) WalkInitializedRootModules(path string, wf WalkFunc) error { + w.logger.Printf("walking through %s", path) + return filepath.Walk(path, func(path string, info os.FileInfo, err error) error { + if err != nil { + w.logger.Printf("unable to access %s: %s", path, err.Error()) + return nil + } + + if info.Name() == ".terraform" { + rootDir, err := filepath.Abs(filepath.Dir(path)) + if err != nil { + return err + } + + w.logger.Printf("found root module %s", rootDir) + return wf(rootDir) + } + + if !info.IsDir() { + // All files are skipped, we only care about dirs + return nil + } + + if isSkippableDir(info.Name()) { + w.logger.Printf("skipping %s", path) + return filepath.SkipDir + } + + return nil + }) +} + +func isSkippableDir(dirName string) bool { + _, ok := skipDirNames[dirName] + return ok +} diff --git a/internal/terraform/schema/schema_storage.go b/internal/terraform/schema/schema_storage.go index 666ffb8fe..44abfd794 100644 --- a/internal/terraform/schema/schema_storage.go +++ b/internal/terraform/schema/schema_storage.go @@ -119,7 +119,7 @@ func (s *Storage) ObtainSchemasForModule(tf *exec.Executor, dir string) error { go func() { err := s.obtainSchemasForModule(tf, dir) if err != nil { - s.logger.Println("error obtaining schemas:", err) + s.logger.Printf("error obtaining schemas for %s: %s", dir, err) } }() @@ -140,10 +140,10 @@ func (s *Storage) obtainSchemasForModule(tf *exec.Executor, dir string) error { start := time.Now() ps, err := tf.ProviderSchemas() if err != nil { - return fmt.Errorf("Unable to retrieve schemas: %s", err) + return fmt.Errorf("Unable to retrieve schemas for %q: %w", dir, err) } s.ps = ps - s.logger.Printf("Schemas retrieved in %s", time.Since(start)) + s.logger.Printf("Schemas retrieved for %q in %s", dir, time.Since(start)) return nil } diff --git a/langserver/handlers/complete_test.go b/langserver/handlers/complete_test.go index 26f87c53d..bb9e3ecc7 100644 --- a/langserver/handlers/complete_test.go +++ b/langserver/handlers/complete_test.go @@ -25,12 +25,15 @@ func TestCompletion_withoutInitialization(t *testing.T) { "character": 0, "line": 1 } - }`, TempDir().URI())}, session.SessionNotInitialized.Err()) + }`, TempDir(t).URI())}, session.SessionNotInitialized.Err()) } func TestCompletion_withValidData(t *testing.T) { + tmpDir := TempDir(t) + InitDir(t, tmpDir.Dir()) + ls := langserver.NewLangServerMock(t, NewMockSession(map[string]*rootmodule.RootModuleMock{ - TempDir().Dir(): { + tmpDir.Dir(): { TerraformExecQueue: &exec.MockQueue{ Q: []*exec.MockItem{ { @@ -54,7 +57,7 @@ func TestCompletion_withValidData(t *testing.T) { "capabilities": {}, "rootUri": %q, "processId": 12345 - }`, TempDir().URI())}) + }`, TempDir(t).URI())}) ls.Notify(t, &langserver.CallRequest{ Method: "initialized", ReqParams: "{}", @@ -68,7 +71,7 @@ func TestCompletion_withValidData(t *testing.T) { "text": "provider \"test\" {\n\n}\n", "uri": "%s/main.tf" } - }`, TempDir().URI())}) + }`, TempDir(t).URI())}) ls.CallAndExpectResponse(t, &langserver.CallRequest{ Method: "textDocument/completion", @@ -80,7 +83,7 @@ func TestCompletion_withValidData(t *testing.T) { "character": 0, "line": 1 } - }`, TempDir().URI())}, `{ + }`, TempDir(t).URI())}, `{ "jsonrpc": "2.0", "id": 3, "result": { diff --git a/langserver/handlers/did_open.go b/langserver/handlers/did_open.go index 9fed7f083..0d0443905 100644 --- a/langserver/handlers/did_open.go +++ b/langserver/handlers/did_open.go @@ -2,7 +2,11 @@ package handlers import ( "context" + "fmt" + "os" + "strings" + "github.com/creachadair/jrpc2" lsctx "github.com/hashicorp/terraform-ls/internal/context" ilsp "github.com/hashicorp/terraform-ls/internal/lsp" lsp "github.com/sourcegraph/go-lsp" @@ -15,5 +19,51 @@ func TextDocumentDidOpen(ctx context.Context, params lsp.DidOpenTextDocumentPara } f := ilsp.FileFromDocumentItem(params.TextDocument) - return fs.Open(f) + err = fs.Open(f) + if err != nil { + return err + } + + cf, err := lsctx.RootModuleCandidateFinder(ctx) + if err != nil { + return err + } + + rootDir, _ := lsctx.RootDirectory(ctx) + + candidates := cf.RootModuleCandidatesByPath(f.Dir()) + if len(candidates) == 0 { + msg := fmt.Sprintf("No root module found for %s"+ + " functionality may be limited", f.Filename()) + return jrpc2.ServerPush(ctx, "window/showMessage", lsp.ShowMessageParams{ + Type: lsp.MTWarning, + Message: msg, + }) + } + if len(candidates) > 1 { + // TODO: Suggest specifying explicit root modules? + + msg := fmt.Sprintf("Alternative root modules found for %s (%s), picked: %s", + f.Filename(), renderCandidates(rootDir, candidates[1:]), + renderCandidate(rootDir, candidates[0])) + return jrpc2.ServerPush(ctx, "window/showMessage", lsp.ShowMessageParams{ + Type: lsp.MTWarning, + Message: msg, + }) + } + + return nil +} + +func renderCandidates(rootDir string, candidatePaths []string) string { + for i, p := range candidatePaths { + // This helps displaying shorter, but still relevant paths + candidatePaths[i] = renderCandidate(rootDir, p) + } + return strings.Join(candidatePaths, ", ") +} + +func renderCandidate(rootDir, path string) string { + return strings.TrimPrefix( + strings.TrimPrefix(path, rootDir), string(os.PathSeparator)) } diff --git a/langserver/handlers/did_open_test.go b/langserver/handlers/did_open_test.go index ba9a423eb..6c7cde4d1 100644 --- a/langserver/handlers/did_open_test.go +++ b/langserver/handlers/did_open_test.go @@ -22,5 +22,5 @@ func TestLangServer_didOpenWithoutInitialization(t *testing.T) { "text": "provider \"github\" {\n\n}\n", "uri": "%s/main.tf" } - }`, TempDir().URI())}, session.SessionNotInitialized.Err()) + }`, TempDir(t).URI())}, session.SessionNotInitialized.Err()) } diff --git a/langserver/handlers/formatting.go b/langserver/handlers/formatting.go index ca159deae..9b0faa4e6 100644 --- a/langserver/handlers/formatting.go +++ b/langserver/handlers/formatting.go @@ -30,6 +30,8 @@ func (h *logHandler) TextDocumentFormatting(ctx context.Context, params lsp.Docu tf, err := tff.TerraformExecutorForDir(fh.Dir()) if err != nil { + // TODO: detect no root module found error + // -> find OS-wide executor instead return edits, err } diff --git a/langserver/handlers/formatting_test.go b/langserver/handlers/formatting_test.go index e6c8b4f77..bf0b1df65 100644 --- a/langserver/handlers/formatting_test.go +++ b/langserver/handlers/formatting_test.go @@ -24,17 +24,19 @@ func TestLangServer_formattingWithoutInitialization(t *testing.T) { "text": "provider \"github\" {\n\n}\n", "uri": "%s/main.tf" } - }`, TempDir().URI())}, session.SessionNotInitialized.Err()) + }`, TempDir(t).URI())}, session.SessionNotInitialized.Err()) } func TestLangServer_formatting_basic(t *testing.T) { + tmpDir := TempDir(t) + InitDir(t, tmpDir.Dir()) queue := validTfMockCalls() queue.Q = append(queue.Q, &exec.MockItem{ Args: []string{"fmt", "-"}, Stdout: "provider \"test\" {\n\n}\n", }) ls := langserver.NewLangServerMock(t, NewMockSession(map[string]*rootmodule.RootModuleMock{ - TempDir().Dir(): {TerraformExecQueue: queue}, + tmpDir.Dir(): {TerraformExecQueue: queue}, })) stop := ls.Start(t) defer stop() @@ -45,7 +47,7 @@ func TestLangServer_formatting_basic(t *testing.T) { "capabilities": {}, "rootUri": %q, "processId": 12345 - }`, TempDir().URI())}) + }`, TempDir(t).URI())}) ls.Notify(t, &langserver.CallRequest{ Method: "initialized", ReqParams: "{}", @@ -59,14 +61,14 @@ func TestLangServer_formatting_basic(t *testing.T) { "text": "provider \"test\" {\n\n}\n", "uri": "%s/main.tf" } - }`, TempDir().URI())}) + }`, TempDir(t).URI())}) ls.CallAndExpectResponse(t, &langserver.CallRequest{ Method: "textDocument/formatting", ReqParams: fmt.Sprintf(`{ "textDocument": { "uri": "%s/main.tf" } - }`, TempDir().URI())}, `{ + }`, TempDir(t).URI())}, `{ "jsonrpc": "2.0", "id": 3, "result": [ diff --git a/langserver/handlers/handlers_test.go b/langserver/handlers/handlers_test.go index 54d086ff9..c6e00116b 100644 --- a/langserver/handlers/handlers_test.go +++ b/langserver/handlers/handlers_test.go @@ -3,6 +3,7 @@ package handlers import ( "fmt" "os" + "path/filepath" "testing" "github.com/hashicorp/terraform-ls/internal/lsp" @@ -13,7 +14,7 @@ import ( func TestInitalizeAndShutdown(t *testing.T) { ls := langserver.NewLangServerMock(t, NewMockSession(map[string]*rootmodule.RootModuleMock{ - TempDir().Dir(): {TerraformExecQueue: validTfMockCalls()}, + TempDir(t).Dir(): {TerraformExecQueue: validTfMockCalls()}, })) stop := ls.Start(t) defer stop() @@ -24,7 +25,7 @@ func TestInitalizeAndShutdown(t *testing.T) { "capabilities": {}, "rootUri": %q, "processId": 12345 - }`, TempDir().URI())}, `{ + }`, TempDir(t).URI())}, `{ "jsonrpc": "2.0", "id": 1, "result": { @@ -49,7 +50,7 @@ func TestInitalizeAndShutdown(t *testing.T) { func TestEOF(t *testing.T) { ms := newMockSession(map[string]*rootmodule.RootModuleMock{ - TempDir().Dir(): {TerraformExecQueue: validTfMockCalls()}, + TempDir(t).Dir(): {TerraformExecQueue: validTfMockCalls()}, }) ls := langserver.NewLangServerMock(t, ms.new) stop := ls.Start(t) @@ -61,7 +62,7 @@ func TestEOF(t *testing.T) { "capabilities": {}, "rootUri": %q, "processId": 12345 - }`, TempDir().URI())}, `{ + }`, TempDir(t).URI())}, `{ "jsonrpc": "2.0", "id": 1, "result": { @@ -110,7 +111,30 @@ func TestMain(m *testing.M) { os.Exit(m.Run()) } -func TempDir() lsp.FileHandler { - tmpDir := os.TempDir() +func TempDir(t *testing.T) lsp.FileHandler { + tmpDir := filepath.Join(os.TempDir(), "terraform-ls", t.Name()) + + err := os.MkdirAll(tmpDir, 0755) + if err != nil { + if os.IsExist(err) { + return lsp.FileHandlerFromDirPath(tmpDir) + } + t.Fatal(err) + } + + t.Cleanup(func() { + err := os.RemoveAll(tmpDir) + if err != nil { + t.Fatal(err) + } + }) + return lsp.FileHandlerFromDirPath(tmpDir) } + +func InitDir(t *testing.T, dir string) { + err := os.Mkdir(filepath.Join(dir, ".terraform"), 0755) + if err != nil { + t.Fatal(err) + } +} diff --git a/langserver/handlers/initialize.go b/langserver/handlers/initialize.go index c5502bbf5..0bb7f284b 100644 --- a/langserver/handlers/initialize.go +++ b/langserver/handlers/initialize.go @@ -6,6 +6,7 @@ import ( lsctx "github.com/hashicorp/terraform-ls/internal/context" ilsp "github.com/hashicorp/terraform-ls/internal/lsp" + "github.com/hashicorp/terraform-ls/internal/terraform/rootmodule" lsp "github.com/sourcegraph/go-lsp" ) @@ -34,7 +35,12 @@ func (lh *logHandler) Initialize(ctx context.Context, params lsp.InitializeParam return serverCaps, fmt.Errorf("URI %q is not valid", params.RootURI) } - err := lsctx.SetClientCapabilities(ctx, ¶ms.Capabilities) + err := lsctx.SetRootDirectory(ctx, fh.FullPath()) + if err != nil { + return serverCaps, err + } + + err = lsctx.SetClientCapabilities(ctx, ¶ms.Capabilities) if err != nil { return serverCaps, err } @@ -49,7 +55,12 @@ func (lh *logHandler) Initialize(ctx context.Context, params lsp.InitializeParam return serverCaps, err } - err = rmm.AddRootModule(fh.Dir()) + walker := rootmodule.NewWalker() + walker.SetLogger(lh.logger) + err = walker.WalkInitializedRootModules(fh.Dir(), func(dir string) error { + lh.logger.Printf("Adding root module (via %T): %s", rmm, dir) + return rmm.AddRootModule(dir) + }) if err != nil { return serverCaps, err } diff --git a/langserver/handlers/initialize_test.go b/langserver/handlers/initialize_test.go index 46c6271c4..1f0c8851e 100644 --- a/langserver/handlers/initialize_test.go +++ b/langserver/handlers/initialize_test.go @@ -12,7 +12,7 @@ import ( func TestInitialize_twice(t *testing.T) { ls := langserver.NewLangServerMock(t, NewMockSession(map[string]*rootmodule.RootModuleMock{ - TempDir().Dir(): {TerraformExecQueue: validTfMockCalls()}, + TempDir(t).Dir(): {TerraformExecQueue: validTfMockCalls()}, })) stop := ls.Start(t) defer stop() @@ -23,19 +23,21 @@ func TestInitialize_twice(t *testing.T) { "capabilities": {}, "rootUri": %q, "processId": 12345 - }`, TempDir().URI())}) + }`, TempDir(t).URI())}) ls.CallAndExpectError(t, &langserver.CallRequest{ Method: "initialize", ReqParams: fmt.Sprintf(`{ "capabilities": {}, "rootUri": %q, "processId": 12345 - }`, TempDir().URI())}, code.SystemError.Err()) + }`, TempDir(t).URI())}, code.SystemError.Err()) } func TestInitialize_withIncompatibleTerraformVersion(t *testing.T) { + tmpDir := TempDir(t) + InitDir(t, tmpDir.Dir()) ls := langserver.NewLangServerMock(t, NewMockSession(map[string]*rootmodule.RootModuleMock{ - TempDir().Dir(): { + tmpDir.Dir(): { TerraformExecQueue: &exec.MockCall{ Args: []string{"version"}, Stdout: "Terraform v0.11.0\n", @@ -51,12 +53,12 @@ func TestInitialize_withIncompatibleTerraformVersion(t *testing.T) { "capabilities": {}, "processId": 12345, "rootUri": %q - }`, TempDir().URI())}, code.SystemError.Err()) + }`, TempDir(t).URI())}, code.SystemError.Err()) } func TestInitialize_withInvalidRootURI(t *testing.T) { ls := langserver.NewLangServerMock(t, NewMockSession(map[string]*rootmodule.RootModuleMock{ - TempDir().Dir(): {TerraformExecQueue: validTfMockCalls()}, + TempDir(t).Dir(): {TerraformExecQueue: validTfMockCalls()}, })) stop := ls.Start(t) defer stop() diff --git a/langserver/handlers/service.go b/langserver/handlers/service.go index cf0973a89..845d0ce3d 100644 --- a/langserver/handlers/service.go +++ b/langserver/handlers/service.go @@ -111,6 +111,8 @@ func (svc *service) Assigner() (jrpc2.Assigner, error) { return nil }) + rootDir := "" + m := map[string]rpch.Func{ "initialize": func(ctx context.Context, req *jrpc2.Request) (interface{}, error) { err := session.Initialize(req) @@ -120,6 +122,7 @@ func (svc *service) Assigner() (jrpc2.Assigner, error) { ctx = lsctx.WithFilesystem(fs, ctx) ctx = lsctx.WithClientCapabilitiesSetter(cc, ctx) ctx = lsctx.WithWatcher(ww, ctx) + ctx = lsctx.WithRootDirectory(&rootDir, ctx) ctx = lsctx.WithRootModuleManager(rmm, ctx) return handle(ctx, req, lh.Initialize) @@ -147,6 +150,8 @@ func (svc *service) Assigner() (jrpc2.Assigner, error) { return nil, err } ctx = lsctx.WithFilesystem(fs, ctx) + ctx = lsctx.WithRootDirectory(&rootDir, ctx) + ctx = lsctx.WithRootModuleCandidateFinder(rmm, ctx) return handle(ctx, req, TextDocumentDidOpen) }, "textDocument/didClose": func(ctx context.Context, req *jrpc2.Request) (interface{}, error) { diff --git a/langserver/handlers/service_mock.go b/langserver/handlers/service_mock_test.go similarity index 75% rename from langserver/handlers/service_mock.go rename to langserver/handlers/service_mock_test.go index 093e0ceaf..64c187bed 100644 --- a/langserver/handlers/service_mock.go +++ b/langserver/handlers/service_mock_test.go @@ -2,6 +2,10 @@ package handlers import ( "context" + "io/ioutil" + "log" + "os" + "testing" "github.com/hashicorp/terraform-ls/internal/terraform/rootmodule" "github.com/hashicorp/terraform-ls/internal/watcher" @@ -19,18 +23,29 @@ func (ms *mockSession) new(srvCtx context.Context) session.Session { sessCtx, stopSession := context.WithCancel(srvCtx) ms.stopFunc = stopSession + logger := testLogger() + rmmm := rootmodule.NewRootModuleManagerMock(ms.mockRMs) + svc := &service{ - logger: discardLogs, + logger: logger, srvCtx: srvCtx, sessCtx: sessCtx, stopSession: ms.stop, - newRootModuleManager: rootmodule.NewRootModuleManagerMock(ms.mockRMs), + newRootModuleManager: rmmm, newWatcher: watcher.MockWatcher(), } return svc } +func testLogger() *log.Logger { + if testing.Verbose() { + return log.New(os.Stdout, "", log.LstdFlags|log.Lshortfile) + } + + return log.New(ioutil.Discard, "", 0) +} + func (ms *mockSession) stop() { ms.stopFunc() ms.stopFuncCalled = true diff --git a/langserver/handlers/shutdown_test.go b/langserver/handlers/shutdown_test.go index 4d3996121..6a8695b4b 100644 --- a/langserver/handlers/shutdown_test.go +++ b/langserver/handlers/shutdown_test.go @@ -11,7 +11,7 @@ import ( func TestShutdown_twice(t *testing.T) { ls := langserver.NewLangServerMock(t, NewMockSession(map[string]*rootmodule.RootModuleMock{ - TempDir().Dir(): {TerraformExecQueue: validTfMockCalls()}, + TempDir(t).Dir(): {TerraformExecQueue: validTfMockCalls()}, })) stop := ls.Start(t) defer stop() @@ -22,7 +22,7 @@ func TestShutdown_twice(t *testing.T) { "capabilities": {}, "rootUri": %q, "processId": 12345 - }`, TempDir().URI())}) + }`, TempDir(t).URI())}) ls.Call(t, &langserver.CallRequest{ Method: "shutdown", ReqParams: `{}`})