Revert "Revert "Concourse CI""

terraform-google-modules · Jan 15, 2019 · 3b2360e · 3b2360e
1 parent 33ee5ac
commit 3b2360e
Show file tree

Hide file tree

Showing 22 changed files with 227 additions and 391 deletions.
diff --git a/.gitignore b/.gitignore
@@ -41,3 +41,4 @@ crash.log
 terraform.tfstate.d/
 *.auto.tfvars
 credentials.json
+test/fixtures/shared/terraform.tfvars
diff --git a/.kitchen.yml b/.kitchen.yml
@@ -21,6 +21,7 @@ platforms:
 
 verifier:
   name: terraform
+  color: false
   systems:
     - name: system
       backend: local

diff --git a/.ruby-version b/.ruby-version
@@ -0,0 +1 @@
+2.5.3
diff --git a/Makefile b/Makefile
@@ -16,16 +16,10 @@
 SHELL := /usr/bin/env bash
 
 # Docker build config variables
-BUILD_TERRAFORM_VERSION ?= 0.11.10
-BUILD_CLOUD_SDK_VERSION ?= 216.0.0
-BUILD_PROVIDER_GOOGLE_VERSION ?= 1.19.1
-BUILD_PROVIDER_GSUITE_VERSION ?= 0.1.10
-DOCKER_IMAGE_TERRAFORM := cftk/terraform
-DOCKER_TAG_TERRAFORM ?= ${BUILD_TERRAFORM_VERSION}_${BUILD_CLOUD_SDK_VERSION}_${BUILD_PROVIDER_GOOGLE_VERSION}_${BUILD_PROVIDER_GSUITE_VERSION}
-BUILD_RUBY_VERSION ?= 2.5.3
-DOCKER_IMAGE_KITCHEN_TERRAFORM := cftk/kitchen_terraform
-DOCKER_TAG_KITCHEN_TERRAFORM ?= ${BUILD_TERRAFORM_VERSION}_${BUILD_CLOUD_SDK_VERSION}_${BUILD_PROVIDER_GOOGLE_VERSION}_${BUILD_PROVIDER_GSUITE_VERSION}
-
+CREDENTIALS_PATH ?= /cft/workdir/credentials.json
+DOCKER_ORG := gcr.io/cloud-foundation-cicd
+DOCKER_TAG_BASE_KITCHEN_TERRAFORM ?= 0.11.10_216.0.0_1.19.1_0.1.10
+DOCKER_REPO_BASE_KITCHEN_TERRAFORM := ${DOCKER_ORG}/cft/kitchen-terraform:${DOCKER_TAG_BASE_KITCHEN_TERRAFORM}
 
 all: check_shell check_python check_golang check_terraform check_docker check_base_files test_check_headers check_headers check_trailing_whitespace generate_docs ## Run all linters and update documentation
 
@@ -46,7 +40,7 @@ check_golang: ## Lint Go source files
 
 .PHONY: check_terraform
 check_terraform:
-	@source ## Lint Terraform source files
+	@source test/make.sh && check_terraform ## Lint Terraform source files
 
 .PHONY: check_docker
 check_docker: ## Lint Dockerfiles
@@ -92,57 +86,50 @@ generate_docs: ## Update README documentation for Terraform variables and output
 release-new-version:
 	@source helpers/release-new-version.sh
 
-# Build Docker
-.PHONY: docker_build_terraform
-docker_build_terraform:
-	docker build -f build/docker/terraform/Dockerfile \
-		--build-arg BUILD_TERRAFORM_VERSION=${BUILD_TERRAFORM_VERSION} \
-		--build-arg BUILD_CLOUD_SDK_VERSION=${BUILD_CLOUD_SDK_VERSION} \
-		--build-arg BUILD_PROVIDER_GOOGLE_VERSION=${BUILD_PROVIDER_GOOGLE_VERSION} \
-		--build-arg BUILD_PROVIDER_GSUITE_VERSION=${BUILD_PROVIDER_GSUITE_VERSION} \
-		-t ${DOCKER_IMAGE_TERRAFORM}:${DOCKER_TAG_TERRAFORM} .
-
-.PHONY: docker_build_kitchen_terraform
-docker_build_kitchen_terraform:
-	docker build -f build/docker/kitchen_terraform/Dockerfile \
-		--build-arg BUILD_TERRAFORM_IMAGE="${DOCKER_IMAGE_TERRAFORM}:${DOCKER_TAG_TERRAFORM}" \
-		--build-arg BUILD_RUBY_VERSION="${BUILD_RUBY_VERSION}" \
-		-t ${DOCKER_IMAGE_KITCHEN_TERRAFORM}:${DOCKER_TAG_KITCHEN_TERRAFORM} .
-
 # Run docker
 .PHONY: docker_run
 docker_run: ## Launch a shell within the Docker test environment
 	docker run --rm -it \
-		-v $(CURDIR):/cftk/workdir \
-		${DOCKER_IMAGE_KITCHEN_TERRAFORM}:${DOCKER_TAG_KITCHEN_TERRAFORM} \
+		-e CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE=${CREDENTIALS_PATH} \
+		-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
+		-v $(CURDIR):/cft/workdir \
+		${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \
 		/bin/bash
 
 .PHONY: docker_create
 docker_create: ## Run `kitchen create` within the Docker test environment
 	docker run --rm -it \
-		-v $(CURDIR):/cftk/workdir \
-		${DOCKER_IMAGE_KITCHEN_TERRAFORM}:${DOCKER_TAG_KITCHEN_TERRAFORM} \
+		-e CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE=${CREDENTIALS_PATH} \
+		-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
+		-v $(CURDIR):/cft/workdir \
+		${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \
 		/bin/bash -c "bundle exec kitchen create"
 
 .PHONY: docker_converge
 docker_converge: ## Run `kitchen converge` within the Docker test environment
 	docker run --rm -it \
-		-v $(CURDIR):/cftk/workdir \
-		${DOCKER_IMAGE_KITCHEN_TERRAFORM}:${DOCKER_TAG_KITCHEN_TERRAFORM} \
+		-e CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE=${CREDENTIALS_PATH} \
+		-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
+		-v $(CURDIR):/cft/workdir \
+		${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \
 		/bin/bash -c "bundle exec kitchen converge && bundle exec kitchen converge"
 
 .PHONY: docker_verify
 docker_verify: ## Run `kitchen verify` within the Docker test environment
 	docker run --rm -it \
-		-v $(CURDIR):/cftk/workdir \
-		${DOCKER_IMAGE_KITCHEN_TERRAFORM}:${DOCKER_TAG_KITCHEN_TERRAFORM} \
+		-e CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE=${CREDENTIALS_PATH} \
+		-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
+		-v $(CURDIR):/cft/workdir \
+		${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \
 		/bin/bash -c "bundle exec kitchen verify"
 
 .PHONY: docker_destroy
 docker_destroy: ## Run `kitchen destroy` within the Docker test environment
 	docker run --rm -it \
-		-v $(CURDIR):/cftk/workdir \
-		${DOCKER_IMAGE_KITCHEN_TERRAFORM}:${DOCKER_TAG_KITCHEN_TERRAFORM} \
+		-e CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE=${CREDENTIALS_PATH} \
+		-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
+		-v $(CURDIR):/cft/workdir \
+		${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \
 		/bin/bash -c "bundle exec kitchen destroy"
 
 .PHONY: test_integration_docker

diff --git a/README.md b/README.md
@@ -334,13 +334,12 @@ test steps non-interactively.
 #### Test configuration
 
 Each test-kitchen instance is configured with a `terraform.tfvars` file in the
-test fixture directory.
+test fixture directory. For convenience, these are symlinked to a single shared file:
 
 ```sh
-for instance in full minimal; do
-  cp "test/fixtures/$instance/terraform.tfvars.example" \
-    "test/fixtures/$instance/terraform.tfvars"
-  $EDITOR "test/fixtures/$instance/terraform.tfvars"
+cp "test/fixtures/shared/terraform.tfvars.example" \
+  "test/fixtures/shared/terraform.tfvars"
+$EDITOR "test/fixtures/shared/terraform.tfvars"
 done
 ```
 

diff --git a/build/docker/kitchen_terraform/Dockerfile b/build/docker/kitchen_terraform/Dockerfile
diff --git a/build/docker/terraform/Dockerfile b/build/docker/terraform/Dockerfile
diff --git a/main.tf b/main.tf
@@ -143,8 +143,9 @@ resource "google_resource_manager_lien" "lien" {
 resource "google_project_service" "project_services" {
   count = "${length(var.activate_apis)}"
 
-  project = "${local.project_id}"
-  service = "${element(var.activate_apis, count.index)}"
+  project            = "${local.project_id}"
+  service            = "${element(var.activate_apis, count.index)}"
+  disable_on_destroy = "${var.disable_services_on_destroy}"
 
   depends_on = ["google_project.project"]
 }

diff --git a/test/fixtures/full/extra_outputs.tf b/test/fixtures/full/extra_outputs.tf
@@ -0,0 +1,19 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "extra_service_account_email" {
+  value = "${google_service_account.extra_service_account.email}"
+}
diff --git a/test/fixtures/full/main.tf b/test/fixtures/full/main.tf
@@ -36,12 +36,23 @@ provider "gsuite" {
   version = "~> 0.1.9"
 }
 
+locals {
+  shared_vpc_subnets = ["projects/${var.shared_vpc}/regions/${module.vpc.subnets_regions[0]}/subnetworks/${module.vpc.subnets_names[0]}"]
+}
+
+resource "random_string" "suffix" {
+  length  = 8
+  special = false
+  upper   = false
+}
+
 module "vpc" {
   source          = "terraform-google-modules/network/google"
   version         = "~> 0.4.0"
-  network_name    = "${var.name}"
+  network_name    = "pf-test-int-full-${random_string.suffix.result}"
   project_id      = "${var.shared_vpc}"
-  shared_vpc_host = "true"
+  # The provided project must already be a Shared VPC host
+  shared_vpc_host = "false"
 
   subnets = [
     {
@@ -63,8 +74,8 @@ module "vpc" {
 
 module "project-factory" {
   source              = "../../../"
-  name                = "${var.name}"
-  random_project_id   = true
+  name                = "pf-ci-test-full-${random_string.suffix.result}"
+  random_project_id   = "true"
   org_id              = "${var.org_id}"
   folder_id           = "${var.folder_id}"
   usage_bucket_name   = "${var.usage_bucket_name}"
@@ -74,7 +85,7 @@ module "project-factory" {
   group_role          = "${var.group_role}"
   group_name          = "${var.group_name}"
   shared_vpc          = "${var.shared_vpc}"
-  shared_vpc_subnets  = ["projects/${var.shared_vpc}/regions/${module.vpc.subnets_regions[0]}/subnetworks/${module.vpc.subnets_names[0]}"]
+  shared_vpc_subnets  = "${local.shared_vpc_subnets}"
   sa_role             = "${var.sa_role}"
   sa_group            = "${var.sa_group}"
   credentials_path    = "${var.credentials_path}"
@@ -85,6 +96,8 @@ module "project-factory" {
     "container.googleapis.com",
   ]
 
+  disable_services_on_destroy = "false"
+
   app_engine {
     location_id = "${var.region}"
     auth_domain = "${var.domain}"