Merge branch 'master' into 1.0-rc1

terraform-google-modules · Jan 14, 2019 · 3738754 · 3738754
2 parents 6b2029d + 33ee5ac
commit 3738754
Show file tree

Hide file tree

Showing 22 changed files with 415 additions and 239 deletions.
diff --git a/.gitignore b/.gitignore
@@ -43,4 +43,3 @@ terraform.tfstate.d/
 credentials.json
 .vscode/
 env/
-test/fixtures/shared/terraform.tfvars
diff --git a/.kitchen.yml b/.kitchen.yml
@@ -21,7 +21,6 @@ platforms:
 
 verifier:
   name: terraform
-  color: false
   systems:
     - name: system
       backend: local

diff --git a/.ruby-version b/.ruby-version
diff --git a/Makefile b/Makefile
@@ -16,10 +16,16 @@
 SHELL := /usr/bin/env bash
 
 # Docker build config variables
-CREDENTIALS_PATH ?= /cft/workdir/credentials.json
-DOCKER_ORG := gcr.io/cloud-foundation-cicd
-DOCKER_TAG_BASE_KITCHEN_TERRAFORM ?= 0.11.10_216.0.0_1.19.1_0.1.10
-DOCKER_REPO_BASE_KITCHEN_TERRAFORM := ${DOCKER_ORG}/cft/kitchen-terraform:${DOCKER_TAG_BASE_KITCHEN_TERRAFORM}
+BUILD_TERRAFORM_VERSION ?= 0.11.10
+BUILD_CLOUD_SDK_VERSION ?= 216.0.0
+BUILD_PROVIDER_GOOGLE_VERSION ?= 1.19.1
+BUILD_PROVIDER_GSUITE_VERSION ?= 0.1.10
+DOCKER_IMAGE_TERRAFORM := cftk/terraform
+DOCKER_TAG_TERRAFORM ?= ${BUILD_TERRAFORM_VERSION}_${BUILD_CLOUD_SDK_VERSION}_${BUILD_PROVIDER_GOOGLE_VERSION}_${BUILD_PROVIDER_GSUITE_VERSION}
+BUILD_RUBY_VERSION ?= 2.5.3
+DOCKER_IMAGE_KITCHEN_TERRAFORM := cftk/kitchen_terraform
+DOCKER_TAG_KITCHEN_TERRAFORM ?= ${BUILD_TERRAFORM_VERSION}_${BUILD_CLOUD_SDK_VERSION}_${BUILD_PROVIDER_GOOGLE_VERSION}_${BUILD_PROVIDER_GSUITE_VERSION}
+
 
 all: check_shell check_python check_golang check_terraform check_docker check_base_files test_check_headers check_headers check_trailing_whitespace generate_docs ## Run all linters and update documentation
 
@@ -40,7 +46,7 @@ check_golang: ## Lint Go source files
 
 .PHONY: check_terraform
 check_terraform:
-	@source test/make.sh && check_terraform ## Lint Terraform source files
+	@source ## Lint Terraform source files
 
 .PHONY: check_docker
 check_docker: ## Lint Dockerfiles
@@ -86,50 +92,57 @@ generate_docs: ## Update README documentation for Terraform variables and output
 release-new-version:
 	@source helpers/release-new-version.sh
 
+# Build Docker
+.PHONY: docker_build_terraform
+docker_build_terraform:
+	docker build -f build/docker/terraform/Dockerfile \
+		--build-arg BUILD_TERRAFORM_VERSION=${BUILD_TERRAFORM_VERSION} \
+		--build-arg BUILD_CLOUD_SDK_VERSION=${BUILD_CLOUD_SDK_VERSION} \
+		--build-arg BUILD_PROVIDER_GOOGLE_VERSION=${BUILD_PROVIDER_GOOGLE_VERSION} \
+		--build-arg BUILD_PROVIDER_GSUITE_VERSION=${BUILD_PROVIDER_GSUITE_VERSION} \
+		-t ${DOCKER_IMAGE_TERRAFORM}:${DOCKER_TAG_TERRAFORM} .
+
+.PHONY: docker_build_kitchen_terraform
+docker_build_kitchen_terraform:
+	docker build -f build/docker/kitchen_terraform/Dockerfile \
+		--build-arg BUILD_TERRAFORM_IMAGE="${DOCKER_IMAGE_TERRAFORM}:${DOCKER_TAG_TERRAFORM}" \
+		--build-arg BUILD_RUBY_VERSION="${BUILD_RUBY_VERSION}" \
+		-t ${DOCKER_IMAGE_KITCHEN_TERRAFORM}:${DOCKER_TAG_KITCHEN_TERRAFORM} .
+
 # Run docker
 .PHONY: docker_run
 docker_run: ## Launch a shell within the Docker test environment
 	docker run --rm -it \
-		-e CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE=${CREDENTIALS_PATH} \
-		-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
-		-v $(CURDIR):/cft/workdir \
-		${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \
+		-v $(CURDIR):/cftk/workdir \
+		${DOCKER_IMAGE_KITCHEN_TERRAFORM}:${DOCKER_TAG_KITCHEN_TERRAFORM} \
 		/bin/bash
 
 .PHONY: docker_create
 docker_create: ## Run `kitchen create` within the Docker test environment
 	docker run --rm -it \
-		-e CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE=${CREDENTIALS_PATH} \
-		-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
-		-v $(CURDIR):/cft/workdir \
-		${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \
+		-v $(CURDIR):/cftk/workdir \
+		${DOCKER_IMAGE_KITCHEN_TERRAFORM}:${DOCKER_TAG_KITCHEN_TERRAFORM} \
 		/bin/bash -c "bundle exec kitchen create"
 
 .PHONY: docker_converge
 docker_converge: ## Run `kitchen converge` within the Docker test environment
 	docker run --rm -it \
-		-e CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE=${CREDENTIALS_PATH} \
-		-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
-		-v $(CURDIR):/cft/workdir \
-		${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \
+		-v $(CURDIR):/cftk/workdir \
+		${DOCKER_IMAGE_KITCHEN_TERRAFORM}:${DOCKER_TAG_KITCHEN_TERRAFORM} \
 		/bin/bash -c "bundle exec kitchen converge && bundle exec kitchen converge"
 
 .PHONY: docker_verify
 docker_verify: ## Run `kitchen verify` within the Docker test environment
 	docker run --rm -it \
-		-e CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE=${CREDENTIALS_PATH} \
-		-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
-		-v $(CURDIR):/cft/workdir \
-		${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \
+		-v $(CURDIR):/cftk/workdir \
+		${DOCKER_IMAGE_KITCHEN_TERRAFORM}:${DOCKER_TAG_KITCHEN_TERRAFORM} \
 		/bin/bash -c "bundle exec kitchen verify"
 
 .PHONY: docker_destroy
 docker_destroy: ## Run `kitchen destroy` within the Docker test environment
 	docker run --rm -it \
-		-e CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE=${CREDENTIALS_PATH} \
-		-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
-		-v $(CURDIR):/cft/workdir \
-		${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \
+		-v $(CURDIR):/cftk/workdir \
+		${DOCKER_IMAGE_KITCHEN_TERRAFORM}:${DOCKER_TAG_KITCHEN_TERRAFORM} \
 		/bin/bash -c "bundle exec kitchen destroy"
 
 .PHONY: test_integration_docker

diff --git a/README.md b/README.md
@@ -327,12 +327,13 @@ test steps non-interactively.
 #### Test configuration
 
 Each test-kitchen instance is configured with a `terraform.tfvars` file in the
-test fixture directory. For convenience, these are symlinked to a single shared file:
+test fixture directory.
 
 ```sh
-cp "test/fixtures/shared/terraform.tfvars.example" \
-  "test/fixtures/shared/terraform.tfvars"
-$EDITOR "test/fixtures/shared/terraform.tfvars"
+for instance in full minimal; do
+  cp "test/fixtures/$instance/terraform.tfvars.example" \
+    "test/fixtures/$instance/terraform.tfvars"
+  $EDITOR "test/fixtures/$instance/terraform.tfvars"
 done
 ```
 

diff --git a/build/docker/kitchen_terraform/Dockerfile b/build/docker/kitchen_terraform/Dockerfile
@@ -0,0 +1,61 @@
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ARG BUILD_TERRAFORM_IMAGE
+ARG BUILD_RUBY_VERSION
+FROM $BUILD_TERRAFORM_IMAGE as cfkt_terraform
+
+
+
+FROM ruby:$BUILD_RUBY_VERSION-alpine
+
+RUN apk add --no-cache \
+        bash \
+        curl \
+        git \
+        g++ \
+        jq \
+        make \
+        musl-dev \
+        python
+
+SHELL ["/bin/bash", "-c"]
+
+ENV APP_BASE_DIR="/cftk"
+
+COPY --from=cfkt_terraform $APP_BASE_DIR $APP_BASE_DIR
+
+ENV HOME="$APP_BASE_DIR/home"
+ENV PATH $APP_BASE_DIR/bin:$APP_BASE_DIR/google-cloud-sdk/bin:$PATH
+ENV GOOGLE_APPLICATION_CREDENTIALS="$CREDENTIALS_PATH" \
+    CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE="$CREDENTIALS_PATH"
+
+# Fix base64 inconsistency
+SHELL ["/bin/bash", "-c"]
+RUN echo 'base64() { if [[ $@ == "--decode" ]]; then command base64 -d | more; else command base64 "$@"; fi; }' >> $APP_BASE_DIR/home/.bashrc
+
+RUN terraform --version && \
+    gcloud --version && \
+    ruby --version && \
+    bundle --version
+
+WORKDIR $APP_BASE_DIR/workdir
+
+COPY ./Gemfile ./
+
+RUN bundle install
+
+RUN gcloud components install beta --quiet
+RUN gcloud components install alpha --quiet
+
diff --git a/build/docker/terraform/Dockerfile b/build/docker/terraform/Dockerfile
@@ -0,0 +1,102 @@
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM alpine:3.8 as builder
+
+RUN apk add --no-cache \
+  bash \
+  git \
+  go \
+  make \
+  musl-dev
+
+ENV APP_BASE_DIR="/cftk"
+
+RUN mkdir -p $APP_BASE_DIR/home && \
+  mkdir -p $APP_BASE_DIR/bin && \
+  mkdir -p $APP_BASE_DIR/workdir
+
+ENV GOPATH="/root/go"
+
+ARG BUILD_PROVIDER_GOOGLE_VERSION
+ENV PROVIDER_GOOGLE_VERSION="${BUILD_PROVIDER_GOOGLE_VERSION}"
+
+RUN mkdir -p $APP_BASE_DIR/home/.terraform.d/plugins && \
+  mkdir -p $GOPATH/src/github.com/terraform-providers && \
+  cd $GOPATH/src/github.com/terraform-providers && \
+  git clone https://github.com/terraform-providers/terraform-provider-google.git && \
+  cd terraform-provider-google && \
+  git fetch --all --tags --prune && \
+  git checkout tags/v${PROVIDER_GOOGLE_VERSION} -b v${PROVIDER_GOOGLE_VERSION} && \
+  make fmt && \
+  make build && \
+  mv $GOPATH/bin/terraform-provider-google \
+  $APP_BASE_DIR/home/.terraform.d/plugins/terraform-provider-google_v${PROVIDER_GOOGLE_VERSION}
+
+
+
+FROM alpine:3.8
+
+RUN apk add --no-cache \
+  bash \
+  curl \
+  git \
+  jq \
+  make \
+  python2
+
+ENV APP_BASE_DIR="/cftk"
+
+COPY --from=builder $APP_BASE_DIR $APP_BASE_DIR
+
+ENV HOME="$APP_BASE_DIR/home"
+ENV PATH $APP_BASE_DIR/bin:$APP_BASE_DIR/google-cloud-sdk/bin:$PATH
+ENV GOOGLE_APPLICATION_CREDENTIALS="$CREDENTIALS_PATH" \
+  CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE="$CREDENTIALS_PATH"
+
+# Fix base64 inconsistency
+SHELL ["/bin/bash", "-c"]
+RUN echo 'base64() { if [[ $@ == "--decode" ]]; then command base64 -d | more; else command base64 "$@"; fi; }' >> $APP_BASE_DIR/home/.bashrc
+
+ARG BUILD_CLOUD_SDK_VERSION
+ENV CLOUD_SDK_VERSION="${BUILD_CLOUD_SDK_VERSION}"
+
+RUN cd cftk && \
+  curl -LO https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-${CLOUD_SDK_VERSION}-linux-x86_64.tar.gz && \
+  tar xzf google-cloud-sdk-${CLOUD_SDK_VERSION}-linux-x86_64.tar.gz && \
+  rm google-cloud-sdk-${CLOUD_SDK_VERSION}-linux-x86_64.tar.gz && \
+  ln -s /lib /lib64 && \
+  gcloud config set core/disable_usage_reporting true && \
+  gcloud config set component_manager/disable_update_check true && \
+  gcloud config set metrics/environment github_docker_image && \
+  gcloud --version
+
+ARG BUILD_TERRAFORM_VERSION
+ENV TERRAFORM_VERSION="${BUILD_TERRAFORM_VERSION}"
+
+RUN curl -LO https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip && \
+  unzip terraform_${TERRAFORM_VERSION}_linux_amd64.zip && \
+  rm terraform_${TERRAFORM_VERSION}_linux_amd64.zip && \
+  mv terraform $APP_BASE_DIR/bin && \
+  terraform --version
+
+ARG BUILD_PROVIDER_GSUITE_VERSION
+ENV PROVIDER_GSUITE_VERSION="${BUILD_PROVIDER_GSUITE_VERSION}"
+
+RUN curl -LO https://github.com/DeviaVir/terraform-provider-gsuite/releases/download/v${PROVIDER_GSUITE_VERSION}/terraform-provider-gsuite_${PROVIDER_GSUITE_VERSION}_linux_amd64.tgz && \
+  tar xzf terraform-provider-gsuite_${PROVIDER_GSUITE_VERSION}_linux_amd64.tgz && \
+  rm terraform-provider-gsuite_${PROVIDER_GSUITE_VERSION}_linux_amd64.tgz && \
+  mv terraform-provider-gsuite_v${PROVIDER_GSUITE_VERSION} $APP_BASE_DIR/home/.terraform.d/plugins/
+
+WORKDIR $APP_BASE_DIR/workdir
diff --git a/main.tf b/main.tf
@@ -17,26 +17,25 @@
 module "project-factory" {
   source = "modules/core_project_factory"
 
-  group_name                  = "${var.group_name}"
-  group_role                  = "${var.group_role}"
-  lien                        = "${var.lien}"
-  random_project_id           = "${var.random_project_id}"
-  org_id                      = "${var.org_id}"
-  domain                      = "${var.domain}"
-  name                        = "${var.name}"
-  shared_vpc                  = "${var.shared_vpc}"
-  billing_account             = "${var.billing_account}"
-  folder_id                   = "${var.folder_id}"
-  sa_role                     = "${var.sa_role}"
-  activate_apis               = "${var.activate_apis}"
-  usage_bucket_name           = "${var.usage_bucket_name}"
-  usage_bucket_prefix         = "${var.usage_bucket_prefix}"
-  credentials_path            = "${var.credentials_path}"
-  shared_vpc_subnets          = "${var.shared_vpc_subnets}"
-  labels                      = "${var.labels}"
-  bucket_project              = "${var.bucket_project}"
-  bucket_name                 = "${var.bucket_name}"
-  auto_create_network         = "${var.auto_create_network}"
-  app_engine                  = "${var.app_engine}"
-  disable_services_on_destroy = "${var.disable_services_on_destroy}"
+  group_name          = "${var.group_name}"
+  group_role          = "${var.group_role}"
+  lien                = "${var.lien}"
+  random_project_id   = "${var.random_project_id}"
+  org_id              = "${var.org_id}"
+  domain              = "${var.domain}"
+  name                = "${var.name}"
+  shared_vpc          = "${var.shared_vpc}"
+  billing_account     = "${var.billing_account}"
+  folder_id           = "${var.folder_id}"
+  sa_role             = "${var.sa_role}"
+  activate_apis       = "${var.activate_apis}"
+  usage_bucket_name   = "${var.usage_bucket_name}"
+  usage_bucket_prefix = "${var.usage_bucket_prefix}"
+  credentials_path    = "${var.credentials_path}"
+  shared_vpc_subnets  = "${var.shared_vpc_subnets}"
+  labels              = "${var.labels}"
+  bucket_project      = "${var.bucket_project}"
+  bucket_name         = "${var.bucket_name}"
+  auto_create_network = "${var.auto_create_network}"
+  app_engine          = "${var.app_engine}"
 }
diff --git a/test/fixtures/full/extra_outputs.tf b/test/fixtures/full/extra_outputs.tf