Add basic fixture and tests for the fabric-project submodule

.kitchen.yml

@@ -32,11 +32,11 @@ suites:
       name: terraform
       command_timeout: 1800
       root_module_directory: test/fixtures/minimal
-  - name: submodule_fabric
+  - name: fabric_project
     driver:
       name: terraform
       command_timeout: 1800
-      root_module_directory: test/fixtures/submodule_fabric
+      root_module_directory: test/fixtures/project_fabric
 # Disabled due to issue #275
 # (https://github.com/terraform-google-modules/terraform-google-project-factory/issues/275)
 #  - name: full

CODEOWNERS

@@ -1,4 +1,4 @@
 * @morgante @aaron-lane @adrienthebo
 
 # CFT Fabric
-/modules/fabric-project/ @terraform-google-modules/cft-fabric
+/modules/fabric-project/ @terraform-google-modules/cft-fabric

examples/fabric_project/README.md

@@ -0,0 +1,25 @@
+# Simple Project
+
+This example illustrates how to create a simple project using the `fabric-project` submodule.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|:----:|:-----:|:-----:|
+| activate\_apis | Service APIs to enable. | list(string) | `<list>` | no |
+| billing\_account | Billing account id. | string | n/a | yes |
+| name | Project name, joined with prefix. | string | `"fabric-project"` | no |
+| owners | Optional list of IAM-format members to set as project owners. | list(string) | `<list>` | no |
+| parent | Organization or folder id, in the `organizations/nnn` or `folders/nnn` format. | string | n/a | yes |
+| prefix | Prefix prepended to project name, uses random id by default. | string | `""` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| name | The name of the created project. |
+| project\_id | The project id of the created project. |
+| project\_number | The project number of the created project. |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

examples/submodule_fabric/main.tf → examples/fabric_project/main.tf

@@ -24,7 +24,7 @@ resource "random_string" "prefix" {
   number  = false
   special = false
 }
-module "project-fabric" {
+module "fabric-project" {
   source          = "../../modules/fabric-project"
   activate_apis   = var.activate_apis
   billing_account = var.billing_account

examples/submodule_fabric/outputs.tf → examples/fabric_project/outputs.tf

@@ -14,17 +14,17 @@
  * limitations under the License.
  */
 
-output "id" {
+output "project_id" {
   description = "The project id of the created project."
-  value       = module.project-fabric.project_id
+  value       = module.fabric-project.project_id
 }
 
 output "name" {
   description = "The name of the created project."
-  value       = module.project-fabric.name
+  value       = module.fabric-project.name
 }
 
 output "project_number" {
   description = "The project number of the created project."
-  value       = module.project-fabric.number
+  value       = module.fabric-project.number
 }

modules/fabric-project/README.md

@@ -34,24 +34,24 @@ module "project_myproject" {
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
-| activate\_apis | Service APIs to enable. | list | `<list>` | no |
-| auto\_create\_network | Whether to create the default network for the project | string | `"false"` | no |
+| activate\_apis | Service APIs to enable. | list(string) | `<list>` | no |
+| auto\_create\_network | Whether to create the default network for the project | bool | `"false"` | no |
 | billing\_account | Billing account id. | string | `""` | no |
-| custom\_roles | Map of role name => comma-delimited list of permissions to create in this project. | map | `<map>` | no |
-| editors | Optional list of IAM-format members to set as project editor. | list | `<list>` | no |
-| extra\_bindings\_members | List of comma-delimited IAM-format members for additional IAM bindings, one item per role. | list | `<list>` | no |
-| extra\_bindings\_roles | List of roles for additional IAM bindings, pair with members list below. | list | `<list>` | no |
-| gce\_service\_account\_roles | List of project id=>role to assign to the default GCE service account. | list | `<list>` | no |
-| labels | Resource labels. | map | `<map>` | no |
+| custom\_roles | Map of role name => comma-delimited list of permissions to create in this project. | map(string) | `<map>` | no |
+| editors | Optional list of IAM-format members to set as project editor. | list(string) | `<list>` | no |
+| extra\_bindings\_members | List of comma-delimited IAM-format members for additional IAM bindings, one item per role. | list(string) | `<list>` | no |
+| extra\_bindings\_roles | List of roles for additional IAM bindings, pair with members list below. | list(string) | `<list>` | no |
+| gce\_service\_account\_roles | List of project id=>role to assign to the default GCE service account. | list(string) | `<list>` | no |
+| labels | Resource labels. | map(string) | `<map>` | no |
 | lien\_reason | If non-empty, creates a project lien with this description. | string | `""` | no |
 | name | Project name and id suffix. | string | n/a | yes |
-| oslogin | Enable oslogin. | string | `"false"` | no |
-| oslogin\_admins | List of IAM-format members that will get OS Login admin role. | list | `<list>` | no |
-| oslogin\_users | List of IAM-format members that will get OS Login user role. | list | `<list>` | no |
-| owners | Optional list of IAM-format members to set as project owners. | list | `<list>` | no |
-| parent | The resource name of the parent Folder or Organization. Must be of the form folders/folder_id or organizations/org_id | string | n/a | yes |
-| prefix | Prefix used to generate project id and name | string | n/a | yes |
-| viewers | Optional list of IAM-format members to set as project viewers. | list | `<list>` | no |
+| oslogin | Enable oslogin. | bool | `"false"` | no |
+| oslogin\_admins | List of IAM-format members that will get OS Login admin role. | list(string) | `<list>` | no |
+| oslogin\_users | List of IAM-format members that will get OS Login user role. | list(string) | `<list>` | no |
+| owners | Optional list of IAM-format members to set as project owners. | list(string) | `<list>` | no |
+| parent | The resource name of the parent Folder or Organization. Must be of the form folders/folder_id or organizations/org_id. | string | n/a | yes |
+| prefix | Prefix used to generate project id and name. | string | n/a | yes |
+| viewers | Optional list of IAM-format members to set as project viewers. | list(string) | `<list>` | no |
 
 ## Outputs
 
@@ -61,6 +61,7 @@ module "project_myproject" {
 | custom\_roles | Ids of the created custom roles. |
 | gce\_service\_account | Default GCE service account (depends on services). |
 | gke\_service\_account | Default GKE service account (depends on services). |
+| name | Name (depends on services). |
 | number | Project number (depends on services). |
 | project\_id | Project id (depends on services). |
 

test/fixtures/fabric_project/main.tf

@@ -0,0 +1,31 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+provider "google" {
+  version = "~> 2.18.1"
+}
+
+module "fabric-project" {
+  source = "../../../examples/fabric_project"
+
+  name            = "fabric-project"
+  parent          = var.folder_id
+  billing_account = var.billing_account
+  activate_apis = [
+    "compute.googleapis.com",
+    "container.googleapis.com",
+  ]
+}

test/fixtures/fabric_project/outputs.tf

@@ -0,0 +1,30 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "project_id" {
+  description = "The project id of the created project."
+  value       = module.fabric-project.project_id
+}
+
+output "name" {
+  description = "The name of the created project."
+  value       = module.fabric-project.name
+}
+
+output "project_number" {
+  description = "The project number of the created project."
+  value       = module.fabric-project.project_number
+}

test/fixtures/fabric_project/variables.tf

@@ -0,0 +1,21 @@
+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "folder_id" {
+}
+
+variable "billing_account" {
+}

test/integration/fabric_project/controls/project_fabric.rb

@@ -0,0 +1,61 @@
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+project_id = attribute('project_id')
+
+control 'fabric-project' do
+  title 'Submodule Project Fabric'
+
+  describe command("gcloud projects describe #{project_id} --format=json") do
+    its('exit_status') { should be 0 }
+    its('stderr') { should eq '' }
+
+    let(:metadata) do
+      if subject.exit_status == 0
+        JSON.parse(subject.stdout, symbolize_names: true)
+      else
+        {}
+      end
+    end
+
+    it { expect(metadata).to include(name: project_id[0...-5]) }
+    it { expect(metadata).to include(projectId: project_id) }
+  end
+
+  describe command("gcloud services list --project #{project_id}") do
+    its('exit_status') { should be 0 }
+    its('stderr') { should eq '' }
+
+    its('stdout') { should match(/compute\.googleapis\.com/) }
+    its('stdout') { should match(/container\.googleapis\.com/) }
+  end
+
+  describe command("gcloud alpha resource-manager liens list --project #{project_id} --format=json") do
+    its('exit_status') { should be 0 }
+    its('stderr') { should eq '' }
+
+    let(:liens) do
+      if subject.exit_status == 0
+        JSON.parse(subject.stdout, symbolize_names: true)
+      else
+        []
+      end
+    end
+
+    it "has no liens" do
+      expect(liens).to be_empty
+    end
+  end
+
+end

test/integration/fabric_project/inspec.yml

@@ -0,0 +1,10 @@
+name: fabric_project
+attributes:
+  - name: project_id
+    required: true
+
+  - name: project_number
+    required: true
+
+  - name: name
+    required: true

test/setup/main.tf

@@ -25,7 +25,7 @@ resource "google_folder" "ci_pfactory_folder" {
 
 module "pfactory_project" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 3.0"
+  version = "~> 4.0"
 
   name              = "ci-pfactory-tests"
   random_project_id = true