fix: fixes lint issues and generates metadata (#93)

Co-authored-by: Awais Malik <awmalik@google.com>

.kitchen.yml

@@ -23,6 +23,7 @@ suites:
     driver:
       name: terraform
       root_module_directory: test/fixtures/single_tunnels
+      verify_version: false
       command_timeout: 1800
     verifier:
       name: terraform
@@ -36,6 +37,7 @@ suites:
     driver:
       name: terraform
       root_module_directory: test/fixtures/vpn_ha
+      verify_version: false
       command_timeout: 1800
     verifier:
       name: terraform

Makefile

@@ -18,7 +18,7 @@
 # Make will use bash instead of sh
 SHELL := /usr/bin/env bash
 
-DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.0
+DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.10
 DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools
 REGISTRY_URL := gcr.io/cloud-foundation-cicd
 

build/int.cloudbuild.yaml

@@ -38,4 +38,4 @@ tags:
 - 'integration'
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
-  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.0'
+  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.10'

build/lint.cloudbuild.yaml

@@ -21,4 +21,4 @@ tags:
 - 'lint'
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
-  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.0'
+  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.10'

metadata.yaml

@@ -0,0 +1,185 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: blueprints.cloud.google.com/v1alpha1
+kind: BlueprintMetadata
+metadata:
+  name: terraform-google-vpn
+  annotations:
+    config.kubernetes.io/local-config: "true"
+spec:
+  title: 'Terraform Google Cloud Platform - '
+  source:
+    repo: https://github.com/terraform-google-modules/terraform-google-vpn
+    sourceType: git
+  version: 2.3.0
+  actuationTool:
+    type: Terraform
+    version: '>=0.13.0'
+  subBlueprints:
+  - name: vpn_ha
+    location: modules/vpn_ha
+  examples:
+  - name: multi_tunnels
+    location: examples/multi_tunnels
+  - name: single_tunnels
+    location: examples/single_tunnels
+  - name: vpn_ha
+    location: examples/vpn_ha
+  variables:
+  - name: advertised_route_priority
+    description: Please enter the priority for the advertised route to BGP peer(default is 100)
+    type: number
+    default: 100
+    required: false
+  - name: bgp_cr_session_range
+    description: Please enter the cloud-router interface IP/Session IP
+    type: list(string)
+    default:
+    - 169.254.1.1/30
+    - 169.254.1.5/30
+    required: false
+  - name: bgp_remote_session_range
+    description: Please enter the remote environments BGP Session IP
+    type: list(string)
+    default:
+    - 169.254.1.2
+    - 169.254.1.6
+    required: false
+  - name: cr_enabled
+    description: If there is a cloud router for BGP routing
+    type: bool
+    default: false
+    required: false
+  - name: cr_name
+    description: The name of cloud router for BGP routing
+    type: string
+    default: ""
+    required: false
+  - name: gateway_name
+    description: The name of VPN gateway
+    type: string
+    default: test-vpn
+    required: false
+  - name: ike_version
+    description: Please enter the IKE version used by this tunnel (default is IKEv2)
+    type: number
+    default: 2
+    required: false
+  - name: local_traffic_selector
+    description: |
+      Local traffic selector to use when establishing the VPN tunnel with peer VPN gateway.
+      Value should be list of CIDR formatted strings and ranges should be disjoint.
+    type: list(string)
+    default:
+    - 0.0.0.0/0
+    required: false
+  - name: network
+    description: The name of VPC being created
+    type: string
+    required: true
+  - name: peer_asn
+    description: Please enter the ASN of the BGP peer that cloud router will use
+    type: list(string)
+    default:
+    - "65101"
+    required: false
+  - name: peer_ips
+    description: IP address of remote-peer/gateway
+    type: list(string)
+    required: true
+  - name: project_id
+    description: The ID of the project where this VPC will be created
+    type: string
+    required: true
+  - name: region
+    description: The region in which you want to create the VPN gateway
+    type: string
+    required: true
+  - name: remote_subnet
+    description: remote subnet ip range in CIDR format - x.x.x.x/x
+    type: list(string)
+    default: []
+    required: false
+  - name: remote_traffic_selector
+    description: |
+      Remote traffic selector to use when establishing the VPN tunnel with peer VPN gateway.
+      Value should be list of CIDR formatted strings and ranges should be disjoint.
+    type: list(string)
+    default:
+    - 0.0.0.0/0
+    required: false
+  - name: route_priority
+    description: Priority for static route being created
+    type: number
+    default: 1000
+    required: false
+  - name: route_tags
+    description: A list of instance tags to which this route applies.
+    type: list(string)
+    default: []
+    required: false
+  - name: shared_secret
+    description: Please enter the shared secret/pre-shared key
+    type: string
+    default: ""
+    required: false
+  - name: tunnel_count
+    description: The number of tunnels from each VPN gw (default is 1)
+    type: number
+    default: 1
+    required: false
+  - name: tunnel_name_prefix
+    description: The optional custom name of VPN tunnel being created
+    type: string
+    default: ""
+    required: false
+  - name: vpn_gw_ip
+    description: Please enter the public IP address of the VPN Gateway, if you have already one. Do not set this variable to autocreate one
+    type: string
+    default: ""
+    required: false
+  outputs:
+  - name: gateway_ip
+    description: The VPN Gateway Public IP
+  - name: gateway_self_link
+    description: The self-link of the Gateway
+  - name: ipsec_secret-dynamic
+    description: The secret
+  - name: ipsec_secret-static
+    description: The secret
+  - name: name
+    description: The name of the Gateway
+  - name: network
+    description: The name of the VPC
+  - name: project_id
+    description: The Project-ID
+  - name: vpn_tunnels_names-dynamic
+    description: The VPN tunnel name is
+  - name: vpn_tunnels_names-static
+    description: The VPN tunnel name is
+  - name: vpn_tunnels_self_link-dynamic
+    description: The VPN tunnel self-link is
+  - name: vpn_tunnels_self_link-static
+    description: The VPN tunnel self-link is
+  roles:
+  - level: Project
+    roles:
+    - roles/owner
+    - roles/compute.networkAdmin
+    - roles/compute.instanceAdmin
+    - roles/iam.serviceAccountUser
+  services:
+  - cloudresourcemanager.googleapis.com
+  - compute.googleapis.com

modules/vpn_ha/README.md

@@ -144,7 +144,7 @@ module "vpn_ha" {
 | router\_asn | Router ASN used for auto-created router. | `number` | `64514` | no |
 | router\_name | Name of router, leave blank to create one. | `string` | `""` | no |
 | tunnels | VPN tunnel configurations, bgp\_peer\_options is usually null. | <pre>map(object({<br>    bgp_peer = object({<br>      address = string<br>      asn     = number<br>    })<br>    bgp_peer_options = object({<br>      advertise_groups    = list(string)<br>      advertise_ip_ranges = map(string)<br>      advertise_mode      = string<br>      route_priority      = number<br>    })<br>    bgp_session_range               = string<br>    ike_version                     = number<br>    vpn_gateway_interface           = number<br>    peer_external_gateway_interface = number<br>    shared_secret                   = string<br>  }))</pre> | `{}` | no |
-| vpn\_gateway\_self\_link | self\_link of existing VPN gateway to be used for the vpn tunnel | `any` | `null` | no |
+| vpn\_gateway\_self\_link | self\_link of existing VPN gateway to be used for the vpn tunnel | `string` | `null` | no |
 
 ## Outputs
 

modules/vpn_ha/metadata.yaml

@@ -0,0 +1,159 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: blueprints.cloud.google.com/v1alpha1
+kind: BlueprintMetadata
+metadata:
+  name: terraform-google-vpn
+  annotations:
+    config.kubernetes.io/local-config: "true"
+spec:
+  title: Cloud VPN HA Module
+  source:
+    repo: https://github.com/terraform-google-modules/terraform-google-vpn
+    sourceType: git
+  version: 2.3.0
+  actuationTool:
+    type: Terraform
+    version: '>=0.13.0'
+  examples:
+  - name: multi_tunnels
+    location: examples/multi_tunnels
+  - name: single_tunnels
+    location: examples/single_tunnels
+  - name: vpn_ha
+    location: examples/vpn_ha
+  variables:
+  - name: create_vpn_gateway
+    description: create a VPN gateway
+    type: bool
+    default: true
+    required: false
+  - name: labels
+    description: Labels for vpn components
+    type: map(string)
+    default: {}
+    required: false
+  - name: name
+    description: VPN gateway name, and prefix used for dependent resources.
+    type: string
+    required: true
+  - name: network
+    description: VPC used for the gateway and routes.
+    type: string
+    required: true
+  - name: peer_external_gateway
+    description: Configuration of an external VPN gateway to which this VPN is connected.
+    type: |-
+      object({
+          redundancy_type = string
+          interfaces = list(object({
+            id         = number
+            ip_address = string
+          }))
+        })
+    required: false
+  - name: peer_gcp_gateway
+    description: Self Link URL of the peer side HA GCP VPN gateway to which this VPN tunnel is connected.
+    type: string
+    required: false
+  - name: project_id
+    description: Project where resources will be created.
+    type: string
+    required: true
+  - name: region
+    description: Region used for resources.
+    type: string
+    required: true
+  - name: route_priority
+    description: Route priority, defaults to 1000.
+    type: number
+    default: 1000
+    required: false
+  - name: router_advertise_config
+    description: Router custom advertisement configuration, ip_ranges is a map of address ranges and descriptions.
+    type: |-
+      object({
+          groups    = list(string)
+          ip_ranges = map(string)
+          mode      = string
+        })
+    required: false
+  - name: router_asn
+    description: Router ASN used for auto-created router.
+    type: number
+    default: 64514
+    required: false
+  - name: router_name
+    description: Name of router, leave blank to create one.
+    type: string
+    default: ""
+    required: false
+  - name: tunnels
+    description: VPN tunnel configurations, bgp_peer_options is usually null.
+    type: |-
+      map(object({
+          bgp_peer = object({
+            address = string
+            asn     = number
+          })
+          bgp_peer_options = object({
+            advertise_groups    = list(string)
+            advertise_ip_ranges = map(string)
+            advertise_mode      = string
+            route_priority      = number
+          })
+          bgp_session_range               = string
+          ike_version                     = number
+          vpn_gateway_interface           = number
+          peer_external_gateway_interface = number
+          shared_secret                   = string
+        }))
+    default: {}
+    required: false
+  - name: vpn_gateway_self_link
+    description: self_link of existing VPN gateway to be used for the vpn tunnel
+    type: string
+    required: false
+  outputs:
+  - name: external_gateway
+    description: External VPN gateway resource.
+  - name: gateway
+    description: HA VPN gateway resource.
+  - name: name
+    description: VPN gateway name.
+  - name: random_secret
+    description: Generated secret.
+  - name: router
+    description: Router resource (only if auto-created).
+  - name: router_name
+    description: Router name.
+  - name: self_link
+    description: HA VPN gateway self link.
+  - name: tunnel_names
+    description: VPN tunnel names.
+  - name: tunnel_self_links
+    description: VPN tunnel self links.
+  - name: tunnels
+    description: VPN tunnel resources.
+  roles:
+  - level: Project
+    roles:
+    - roles/owner
+    - roles/compute.networkAdmin
+    - roles/compute.instanceAdmin
+    - roles/iam.serviceAccountUser
+  services:
+  - cloudresourcemanager.googleapis.com
+  - compute.googleapis.com

modules/vpn_ha/variables.tf

@@ -104,6 +104,7 @@ variable "tunnels" {
 
 variable "vpn_gateway_self_link" {
   description = "self_link of existing VPN gateway to be used for the vpn tunnel"
+  type        = string
   default     = null
 }