Extend inventory-based testing to examples

blueprints/cloud-operations/network-dashboard/deploy-cloud-function/README.md

@@ -55,7 +55,7 @@ tf output -raw troubleshooting_payload
 
 A monitoring dashboard can be optionally be deployed int he same project by setting the `dashboard_json_path` variable to the path of a dashboard JSON file. A sample dashboard is in included, and can be deployed with this variable configuration:
 
-```hcl
+```tfvars
 dashboard_json_path = "../dashboards/quotas-utilization.json"
 ```
 <!-- BEGIN TFDOC -->

blueprints/cloud-operations/terraform-enterprise-wif/tfc-workflow-using-wif/tfc-oidc/README.md

@@ -7,7 +7,7 @@ This is a helper module to prepare GCP Credentials from Terraform Enterprise wor
 module "tfe_oidc" {
   source = "./tfc-oidc"
 
-  impersonate_service_account_email  = "tfe-test@tfe-test-wif.iam.gserviceaccount.com"
+  impersonate_service_account_email = "tfe-test@tfe-test-wif.iam.gserviceaccount.com"
 }
 
 provider "google" {

blueprints/factories/cloud-identity-group-factory/README.md

@@ -11,9 +11,9 @@ Yaml abstraction for Groups can simplify groups creation and members management.
 ```hcl
 module "prod-firewall" {
   source = "./fabric/blueprints/factories/cloud-identity-group-factory"
-  
-  customer_id         = "customers/C0xxxxxxx"
-  data_dir            = "data"
+
+  customer_id = "customers/C0xxxxxxx"
+  data_dir    = "data"
 }
 # tftest skip
 ```

blueprints/factories/net-vpc-firewall-yaml/README.md

@@ -14,23 +14,23 @@ Nested folder structure for yaml configurations is optionally supported, which a
 module "prod-firewall" {
   source = "./fabric/blueprints/factories/net-vpc-firewall-yaml"
 
-  project_id         = "my-prod-project"
-  network            = "my-prod-network"
+  project_id = "my-prod-project"
+  network    = "my-prod-network"
   config_directories = [
     "./prod",
     "./common"
   ]
 
-  log_config  = {
+  log_config = {
     metadata = "INCLUDE_ALL_METADATA"
   }
 }
 
 module "dev-firewall" {
   source = "./fabric/blueprints/factories/net-vpc-firewall-yaml"
 
-  project_id         = "my-dev-project"
-  network            = "my-dev-network"
+  project_id = "my-dev-project"
+  network    = "my-dev-network"
   config_directories = [
     "./dev",
     "./common"

blueprints/factories/project-factory/README.md

@@ -49,8 +49,8 @@ locals {
     trimsuffix(f, ".yaml") => yamldecode(file("${local._data_dir}/${f}"))
   }
   # these are usually set via variables
-  _base_dir = "./fabric/blueprints/factories/project-factory"
-  _data_dir = "${local._base_dir}/sample-data/projects/"
+  _base_dir      = "./fabric/blueprints/factories/project-factory"
+  _data_dir      = "${local._base_dir}/sample-data/projects/"
   _defaults_file = "${local._base_dir}/sample-data/defaults.yaml"
 }
 

blueprints/gke/multitenant-fleet/README.md

@@ -78,15 +78,15 @@ module "gke-fleet" {
       location               = "europe-west1"
       private_cluster_config = local.cluster_defaults.private_cluster_config
       vpc_config = {
-        subnetwork = local.subnet_self_links.ew1
+        subnetwork             = local.subnet_self_links.ew1
         master_ipv4_cidr_block = "172.16.10.0/28"
       }
     }
     cluster-1 = {
       location               = "europe-west3"
       private_cluster_config = local.cluster_defaults.private_cluster_config
       vpc_config = {
-        subnetwork = local.subnet_self_links.ew3
+        subnetwork             = local.subnet_self_links.ew3
         master_ipv4_cidr_block = "172.16.20.0/28"
       }
     }
@@ -95,16 +95,16 @@ module "gke-fleet" {
     cluster-0 = {
       nodepool-0 = {
         node_config = {
-          disk_type = "pd-balanced"
+          disk_type    = "pd-balanced"
           machine_type = "n2-standard-4"
-          spot = true
+          spot         = true
         }
       }
     }
     cluster-1 = {
       nodepool-0 = {
         node_config = {
-          disk_type = "pd-balanced"
+          disk_type    = "pd-balanced"
           machine_type = "n2-standard-4"
         }
       }
@@ -143,13 +143,13 @@ module "gke" {
   prefix             = "myprefix"
   clusters = {
     cluster-0 = {
-      location               = "europe-west1"
+      location = "europe-west1"
       vpc_config = {
         subnetwork = local.subnet_self_links.ew1
       }
     }
     cluster-1 = {
-      location               = "europe-west3"
+      location = "europe-west3"
       vpc_config = {
         subnetwork = local.subnet_self_links.ew3
       }
@@ -159,16 +159,16 @@ module "gke" {
     cluster-0 = {
       nodepool-0 = {
         node_config = {
-          disk_type = "pd-balanced"
+          disk_type    = "pd-balanced"
           machine_type = "n2-standard-4"
-          spot = true
+          spot         = true
         }
       }
     }
     cluster-1 = {
       nodepool-0 = {
         node_config = {
-          disk_type = "pd-balanced"
+          disk_type    = "pd-balanced"
           machine_type = "n2-standard-4"
         }
       }
@@ -205,14 +205,14 @@ module "gke" {
         enable_hierarchical_resource_quota = true
         enable_pod_tree_labels             = true
       }
-      policy_controller    = {
+      policy_controller = {
         audit_interval_seconds     = 30
         exemptable_namespaces      = ["kube-system"]
         log_denies_enabled         = true
         referential_rules_enabled  = true
         template_library_installed = true
       }
-      version              = "1.10.2"
+      version = "1.10.2"
     }
   }
   fleet_configmanagement_clusters = {

blueprints/networking/hub-and-spoke-vpn/README.md

@@ -35,12 +35,12 @@ You can easily create such a project by commenting turning on project creation i
 
 ```hcl
 module "project" {
-  source           = "../../../modules/project"
-  name             = var.project_id
+  source = "../../../modules/project"
+  name   = var.project_id
   # comment or remove this line to enable project creation
   # project_create = false
   # add the following line with your billing account id value
-  billing_account  = "12345-ABCD-12345"
+  billing_account = "12345-ABCD-12345"
   services = [
     "compute.googleapis.com",
     "dns.googleapis.com"

fast/extras/00-cicd-github/README.md

@@ -34,7 +34,7 @@ The `repositories` variable is where you configure which repositories to create,
 
 This is an example that creates repositories for stages 00 and 01, defines an existing repositories as the source for modules, and populates initial files for stages 00, 01, and 02:
 
-```hcl
+```tfvars
 organization = "ludomagno"
 repositories = {
   fast_00_bootstrap = {

fast/stages/00-bootstrap/README.md

@@ -226,7 +226,7 @@ Alongisde the GCS stored files, you can also configure a second copy to be saves
 
 This second set of files is disabled by default, you can enable it by setting the `outputs_location` variable to a valid path on a local filesystem, e.g.
 
-```hcl
+```tfvars
 outputs_location = "~/fast-config"
 ```
 
@@ -297,10 +297,11 @@ variable "groups" {
   description = "Group names to grant organization-level permissions."
   type        = map(string)
   default = {
-    gcp-network-admins      = "net-rockstars"
+    gcp-network-admins = "net-rockstars"
     # [...]
   }
 }
+# tftest skip
 ```
 
 If your groups layout differs substantially from the checklist, define all relevant groups in the `groups` variable, then rearrange IAM roles in the code to match your setup.
@@ -359,7 +360,7 @@ Provider key names are used by the `cicd_repositories` variable to configure aut
 
 This is a sample configuration of a GitHub and a Gitlab provider, `attribute_condition` attribute can use any of the mapped attribute for the provider (refer to the `identity-providers.tf` file for the full list) or set to `null` if needed:
 
-```hcl
+```tfvars
 federated_identity_providers = {
   github-sample = {
     attribute_condition = "attribute.repository_owner==\"my-github-org\""
@@ -374,9 +375,9 @@ federated_identity_providers = {
   gitlab-ce-sample = {
     attribute_condition = "attribute.namespace_path==\"my-gitlab-org\""
     issuer              = "gitlab"
-    custom_settings     = {
-      issuer_uri          = "https://gitlab.fast.example.com"
-      allowed_audiences   = ["https://gitlab.fast.example.com"]
+    custom_settings = {
+      issuer_uri        = "https://gitlab.fast.example.com"
+      allowed_audiences = ["https://gitlab.fast.example.com"]
     }
   }
 }
@@ -390,7 +391,7 @@ The repository design we support is fairly simple, with a repository for modules
 
 This is an example of configuring the bootstrap and resource management repositories in this stage. CI/CD configuration is optional, so the entire variable or any of its attributes can be set to null if not needed.
 
-```hcl
+```tfvars
 cicd_repositories = {
   bootstrap = {
     branch            = null

fast/stages/01-resman/README.md

@@ -109,7 +109,7 @@ This stage provides a single built-in customization that offers a minimal (but u
 
 Consider the following example in a `tfvars` file:
 
-```hcl
+```tfvars
 team_folders = {
   team-a = {
     descriptive_name = "Team A"

fast/stages/02-security/README.md

@@ -114,7 +114,7 @@ To support these scenarios, key IAM bindings are configured by default to be add
 
 An example of how to configure keys:
 
-```hcl
+```tfvars
 # terraform.tfvars
 
 kms_defaults = {
@@ -128,14 +128,14 @@ kms_keys = {
         "user:user1@example.com"
       ]
     }
-    labels = { service = "compute" }
-    locations = null
+    labels          = { service = "compute" }
+    locations       = null
     rotation_period = null
   }
   storage = {
-    iam = null
-    labels = { service = "compute" }
-    locations = ["europe"]
+    iam             = null
+    labels          = { service = "compute" }
+    locations       = ["europe"]
     rotation_period = null
   }
 }
@@ -162,7 +162,7 @@ The VPC SC configuration is set up by default in dry-run mode to allow easy expe
 
 Access levels are defined via the `vpc_sc_access_levels` variable, and referenced by key in perimeter definitions:
 
-```hcl
+```tfvars
 vpc_sc_access_levels = {
   onprem = {
     conditions = [{
@@ -176,7 +176,7 @@ vpc_sc_access_levels = {
 
 Ingress and egress policy are defined via the `vpc_sc_egress_policies` and `vpc_sc_ingress_policies`, and referenced by key in perimeter definitions:
 
-```hcl
+```tfvars
 vpc_sc_egress_policies = {
   iac-gcs = {
     from = {
@@ -187,7 +187,7 @@ vpc_sc_egress_policies = {
     to = {
       operations = [{
         method_selectors = ["*"]
-        service_name = "storage.googleapis.com"
+        service_name     = "storage.googleapis.com"
       }]
       resources = ["projects/123456782"]
     }
@@ -217,7 +217,7 @@ Support for independently adding projects to perimeters outside of this Terrafor
 
 Access levels and egress/ingress policies are referenced in perimeters via keys.
 
-```hcl
+```tfvars
 vpc_sc_perimeters = {
   dev = {
     egress_policies  = ["iac-gcs"]

modules/__experimental/net-neg/README.md

@@ -7,11 +7,11 @@ Note: this module will integrated into a general-purpose load balancing module i
 ## Example
 ```hcl
 module "neg" {
-  source     = "./fabric/modules/net-neg"
+  source     = "./fabric/modules/__experimental/net-neg/"
   project_id = "myproject"
   name       = "myneg"
-  network    = module.vpc.self_link
-  subnetwork = module.vpc.subnet_self_links["europe-west1/default"]
+  network    = var.vpc.self_link
+  subnetwork = var.subnet.self_link
   zone       = "europe-west1-b"
   endpoints = [
     for instance in module.vm.instances :
@@ -22,6 +22,7 @@ module "neg" {
     }
   ]
 }
+# tftest skip
 ```
 <!-- BEGIN TFDOC -->
 

modules/api-gateway/README.md

@@ -6,11 +6,11 @@ This module allows creating an API with its associated API config and API gatewa
 ## Basic example
 ```hcl
 module "gateway" {
-  source                = "./fabric/modules/api-gateway"
-  project_id            = "my-project"
-  api_id                = "api"
-  region                = "europe-west1"
-  spec                  = <<EOT
+  source     = "./fabric/modules/api-gateway"
+  project_id = "my-project"
+  api_id     = "api"
+  region     = "europe-west1"
+  spec       = <<EOT
   # The OpenAPI spec contents
   # ...
   EOT
@@ -31,7 +31,7 @@ module "gateway" {
   EOT
   service_account_email = "sa@my-project.iam.gserviceaccount.com"
   iam = {
-    "roles/apigateway.admin" = [ "user:user@example.com" ]
+    "roles/apigateway.admin" = ["user:user@example.com"]
   }
 }
 # tftest modules=1 resources=7
@@ -40,18 +40,18 @@ module "gateway" {
 ## Basic example + service account creation
 ```hcl
 module "gateway" {
-  source                = "./fabric/modules/api-gateway"
-  project_id            = "my-project"
-  api_id                = "api"
-  region                = "europe-west1"
-  spec                  = <<EOT
+  source                 = "./fabric/modules/api-gateway"
+  project_id             = "my-project"
+  api_id                 = "api"
+  region                 = "europe-west1"
+  spec                   = <<EOT
   # The OpenAPI spec contents
   # ...
   EOT
   service_account_create = true
   iam = {
-    "roles/apigateway.admin" = [ "user:mirene@google.com" ]
-    "roles/apigateway.viewer" = [ "user:mirene@google.com" ]
+    "roles/apigateway.admin"  = ["user:mirene@google.com"]
+    "roles/apigateway.viewer" = ["user:mirene@google.com"]
   }
 }
 # tftest modules=1 resources=11