Fixes #42 Standardize integration testing

- added testing infra bash files
- removed credentials path as Terraform variable in respect to ENV variable
- added random suffix for db instance name

.gitignore

@@ -1,6 +1,9 @@
 **/terraform.tfstate*
 **/.terraform*
 **/backend.tf
-**/terraform.tfvars
 **/terraform.tfplan
 **/values-*.yaml
+
+.idea
+.kitchen
+credentials.json

CHANGELOG.md

@@ -0,0 +1,15 @@
+# Change Log
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](http://keepachangelog.com/) and this
+project adheres to [Semantic Versioning](http://semver.org/).
+
+## [Unreleased]
+
+### Added
+
+
+
+### Changed
+

Makefile

@@ -12,11 +12,26 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# Please note that this file was generated from [terraform-google-module-template](https://github.com/terraform-google-modules/terraform-google-module-template).
+# Please make sure to contribute relevant changes upstream!
+
 # Make will use bash instead of sh
 SHELL := /usr/bin/env bash
 
+# Docker build config variables
+CREDENTIALS_PATH ?= /cft/workdir/credentials.json
+
+
+# Docker build config variables
+DOCKER_ORG 				:= gcr.io/cloud-foundation-cicd
+DOCKER_TAG_BASE_KITCHEN_TERRAFORM 	?= 1.0.1
+DOCKER_REPO_BASE_KITCHEN_TERRAFORM 	:= ${DOCKER_ORG}/cft/kitchen-terraform:${DOCKER_TAG_BASE_KITCHEN_TERRAFORM}
+
 # All is the first target in the file so it will get picked up when you just run 'make' on its own
-all: check_shell check_python check_golang check_terraform check_docker check_base_files check_trailing_whitespace generate_docs
+all: check generate_docs
+
+# Run all available linters
+check: check_shell check_python check_golang check_terraform check_docker check_base_files test_check_headers check_headers check_trailing_whitespace
 
 # The .PHONY directive tells make that this isn't a real target and so
 # the presence of a file named 'check_shell' won't cause this target to stop
@@ -45,26 +60,90 @@ check_docker:
 check_base_files:
 	@source test/make.sh && basefiles
 
-.PHONY: check_shebangs
-check_shebangs:
-	@source test/make.sh && check_bash
-
 .PHONY: check_trailing_whitespace
 check_trailing_whitespace:
 	@source test/make.sh && check_trailing_whitespace
 
 .PHONY: test_check_headers
 test_check_headers:
+	@echo "Testing the validity of the header check"
 	@python test/test_verify_boilerplate.py
 
 .PHONY: check_headers
 check_headers:
-	@python test/verify_boilerplate.py
+	@source test/make.sh && check_headers
+
+# Integration tests
+.PHONY: test_integration
+test_integration:
+	test/ci_integration.sh
 
 .PHONY: generate_docs
 generate_docs:
 	@source test/make.sh && generate_docs
 
-.PHONY: test_integration
-test_integration:
-	@source test/test.sh
+# Versioning
+.PHONY: version
+version:
+	@source helpers/version-repo.sh
+
+# Run docker
+.PHONY: docker_run
+docker_run:
+	docker run --rm -it \
+		-e PROJECT_ID \
+		-e SERVICE_ACCOUNT_JSON \
+		-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
+		-v $(CURDIR):/cft/workdir \
+		${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \
+		/bin/bash -c "source test/ci_integration.sh && setup_environment && exec /bin/bash"
+
+.PHONY: docker_create
+docker_create:
+	docker run --rm -it \
+		-e PROJECT_ID \
+		-e SERVICE_ACCOUNT_JSON \
+		-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
+		-v $(CURDIR):/cft/workdir \
+		${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \
+		/bin/bash -c "source test/ci_integration.sh && setup_environment && kitchen create"
+
+.PHONY: docker_converge
+docker_converge:
+	docker run --rm -it \
+		-e PROJECT_ID \
+		-e SERVICE_ACCOUNT_JSON \
+		-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
+		-v $(CURDIR):/cft/workdir \
+		${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \
+		/bin/bash -c "source test/ci_integration.sh && setup_environment && kitchen converge"
+
+.PHONY: docker_verify
+docker_verify:
+	docker run --rm -it \
+		-e PROJECT_ID \
+		-e SERVICE_ACCOUNT_JSON \
+		-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
+		-v $(CURDIR):/cft/workdir \
+		${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \
+		/bin/bash -c "source test/ci_integration.sh && setup_environment && kitchen verify"
+
+.PHONY: docker_destroy
+docker_destroy:
+	docker run --rm -it \
+		-e PROJECT_ID \
+		-e SERVICE_ACCOUNT_JSON \
+		-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
+		-v $(CURDIR):/cft/workdir \
+		${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \
+		/bin/bash -c "source test/ci_integration.sh && setup_environment && kitchen destroy"
+
+.PHONY: test_integration_docker
+test_integration_docker:
+	docker run --rm -it \
+		-e PROJECT_ID \
+		-e SERVICE_ACCOUNT_JSON \
+		-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
+		-v $(CURDIR):/cft/workdir \
+		${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \
+		make test_integration

test/ci_integration.sh

@@ -0,0 +1,64 @@
+#!/usr/bin/env bash
+
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Always clean up.
+DELETE_AT_EXIT="$(mktemp -d)"
+finish() {
+  echo 'BEGIN: finish() trap handler' >&2
+  kitchen destroy "$SUITE"
+  [[ -d "${DELETE_AT_EXIT}" ]] && rm -rf "${DELETE_AT_EXIT}"
+  echo 'END: finish() trap handler' >&2
+}
+
+# Map the input parameters provided by Concourse CI, or whatever mechanism is
+# running the tests to Terraform input variables.  Also setup credentials for
+# use with kitchen-terraform, inspec, and gcloud.
+setup_environment() {
+  local tmpfile
+  tmpfile="$(mktemp)"
+  echo "${SERVICE_ACCOUNT_JSON}" > "${tmpfile}"
+
+  # gcloud variables
+  export CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE="${tmpfile}"
+  # Application default credentials (Terraform google provider and inspec-gcp)
+  export GOOGLE_APPLICATION_CREDENTIALS="${tmpfile}"
+
+  # Terraform variables
+  export TF_VAR_project="$PROJECT_ID"
+}
+
+main() {
+  export SUITE="${SUITE:-}"
+
+  set -eu
+  # Setup trap handler to auto-cleanup
+  export TMPDIR="${DELETE_AT_EXIT}"
+  trap finish EXIT
+
+  # Setup environment variables
+  setup_environment
+  set -x
+
+  # Execute the test lifecycle
+  kitchen create "$SUITE"
+  kitchen converge "$SUITE"
+  kitchen verify "$SUITE"
+}
+
+# if script is being executed and not sourced.
+if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
+  main "$@"
+fi

test/fixtures/mysql-ha/main.tf

@@ -14,13 +14,25 @@
  * limitations under the License.
  */
 
-provider "google" {
-  credentials = "${file(var.credentials_file_path)}"
+provider "google" {}
+
+resource "random_id" "instance_name_suffix" {
+  byte_length = 5
+}
+
+locals {
+  /*
+    Random instance name needed because:
+    "You cannot reuse an instance name for up to a week after you have deleted an instance."
+    See https://cloud.google.com/sql/docs/mysql/delete-instance for details.
+  */
+  instance_name = "${var.mysql_ha_name}-${random_id.instance_name_suffix.hex}"
 }
 
+
 module "mysql" {
   source           = "../../../modules/mysql"
-  name             = "${var.mysql_ha_name}"
+  name = "${local.instance_name}"
   project_id       = "${var.project}"
   database_version = "MYSQL_5_7"
   region           = "us-central1"

test/fixtures/mysql-ha/outputs.tf

@@ -19,7 +19,7 @@ output "project_id" {
 }
 
 output "name" {
-  value = "${var.mysql_ha_name}"
+  value = "${local.instance_name}"
 }
 
 output "authorized_network" {

test/fixtures/mysql-ha/terraform.tfvars

@@ -0,0 +1 @@
+../shared/terraform.tfvars

test/fixtures/mysql-ha/terraform.tfvars.example

@@ -19,7 +19,6 @@
 
 ## These values you *MUST* modify to match your environment
 
-credentials_file_path="../../../credentials.json"
 project="tf-proj"
 mysql_ha_name="tf-mysql-ha"
 mysql_ha_external_ip_range="x.x.x.x/32"

test/fixtures/mysql-ha/variables.tf

@@ -14,10 +14,6 @@
  * limitations under the License.
  */
 
-variable "credentials_file_path" {
-  description = "Service account json auth path"
-}
-
 variable "project" {
   description = "The project to run tests against"
 }

test/fixtures/mysql-simple/main.tf

@@ -14,13 +14,24 @@
  * limitations under the License.
  */
 
-provider "google" {
-  credentials = "${file(var.credentials_file_path)}"
+provider "google" {}
+
+resource "random_id" "instance_name_suffix" {
+  byte_length = 5
+}
+
+locals {
+  /*
+    Random instance name needed because:
+    "You cannot reuse an instance name for up to a week after you have deleted an instance."
+    See https://cloud.google.com/sql/docs/mysql/delete-instance for details.
+  */
+  instance_name = "${var.mysql_simple_name}-${random_id.instance_name_suffix.hex}"
 }
 
 module "mysql" {
   source           = "../../../modules/mysql"
-  name             = "${var.mysql_simple_name}"
+  name = "${local.instance_name}"
   project_id       = "${var.project}"
   database_version = "MYSQL_5_7"
   region           = "us-central1"

test/fixtures/mysql-simple/outputs.tf

@@ -19,5 +19,5 @@ output "project_id" {
 }
 
 output "name" {
-  value = "${var.mysql_simple_name}"
+  value = "${local.instance_name}"
 }

test/fixtures/mysql-simple/terraform.tfvars

@@ -0,0 +1 @@
+../shared/terraform.tfvars

test/fixtures/mysql-simple/terraform.tfvars.example

@@ -19,6 +19,5 @@
 
 ## These values you *MUST* modify to match your environment
 
-credentials_file_path="../../../credentials.json"
 project="tf-proj"
 mysql_simple_name="tf-mysql-simple"

test/fixtures/mysql-simple/variables.tf

@@ -13,11 +13,6 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
-variable "credentials_file_path" {
-  description = "Service account json auth path"
-}
-
 variable "project" {
   description = "The project to run tests against"
 }

test/fixtures/postgresql-ha/main.tf

@@ -14,13 +14,25 @@
  * limitations under the License.
  */
 
-provider "google" {
-  credentials = "${file(var.credentials_file_path)}"
+provider "google" {}
+
+
+resource "random_id" "instance_name_suffix" {
+  byte_length = 5
+}
+
+locals {
+  /*
+    Random instance name needed because:
+    "You cannot reuse an instance name for up to a week after you have deleted an instance."
+    See https://cloud.google.com/sql/docs/mysql/delete-instance for details.
+  */
+  instance_name = "${var.pg_ha_name}-${random_id.instance_name_suffix.hex}"
 }
 
 module "pg" {
   source           = "../../../modules/postgresql"
-  name             = "${var.pg_ha_name}"
+  name = "${local.instance_name}"
   project_id       = "${var.project}"
   database_version = "POSTGRES_9_6"
   region           = "us-central1"

test/fixtures/postgresql-ha/outputs.tf

@@ -19,7 +19,7 @@ output "project_id" {
 }
 
 output "name" {
-  value = "${var.pg_ha_name}"
+  value = "${local.instance_name}"
 }
 
 output "authorized_network" {

test/fixtures/postgresql-ha/terraform.tfvars

@@ -0,0 +1 @@
+../shared/terraform.tfvars

test/fixtures/postgresql-ha/terraform.tfvars.example

@@ -19,7 +19,6 @@
 
 ## These values you *MUST* modify to match your environment
 
-credentials_file_path="../../../credentials.json"
 project="tf-proj"
 pg_ha_name="tf-pg-ha"
 pg_ha_external_ip_range="x.x.x.x/32"

test/fixtures/postgresql-ha/variables.tf

@@ -13,11 +13,6 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-
-variable "credentials_file_path" {
-  description = "Service account json auth path"
-}
-
 variable "project" {
   description = "The project to run tests against"
 }