Skip to content

Commit 027fa28

Browse files
renato-rudnickirenato-rudnicki
committed
update integration tests
1 parent 49453c7 commit 027fa28

File tree

10 files changed

+165
-66
lines changed

10 files changed

+165
-66
lines changed

3-networks-hub-and-spoke/envs/shared/README.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,11 @@ The purpose of this step is to set up the global [DNS Hub](https://cloud.google.
5252

5353
| Name | Description |
5454
|------|-------------|
55+
| base\_dns\_policy | The name of the DNS policy being created |
5556
| base\_host\_project\_id | The base host project ID |
57+
| base\_network\_name | The name of the VPC being created |
58+
| restricted\_dns\_policy | The name of the DNS policy being created |
5659
| restricted\_host\_project\_id | The restricted host project ID |
60+
| restricted\_network\_name | The name of the VPC being created |
5761

5862
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

3-networks-hub-and-spoke/envs/shared/outputs.tf

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,3 +23,23 @@ output "base_host_project_id" {
2323
value = local.base_net_hub_project_id
2424
description = "The base host project ID"
2525
}
26+
27+
output "base_network_name" {
28+
value = module.base_shared_vpc.network_name
29+
description = "The name of the VPC being created"
30+
}
31+
32+
output "restricted_network_name" {
33+
value = module.restricted_shared_vpc.network_name
34+
description = "The name of the VPC being created"
35+
}
36+
37+
output "base_dns_policy" {
38+
value = module.base_shared_vpc.base_dns_policy
39+
description = "The name of the DNS policy being created"
40+
}
41+
42+
output "restricted_dns_policy" {
43+
value = module.restricted_shared_vpc.restricted_dns_policy
44+
description = "The name of the DNS policy being created"
45+
}

3-networks-hub-and-spoke/modules/base_shared_vpc/README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@
3131

3232
| Name | Description |
3333
|------|-------------|
34+
| base\_dns\_policy | The name of the DNS policy being created |
3435
| firewall\_policy | Policy created for firewall policy rules. |
3536
| network\_name | The name of the VPC being created |
3637
| network\_self\_link | The URI of the VPC being created |

3-networks-hub-and-spoke/modules/base_shared_vpc/main.tf

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,8 @@ locals {
2020
network_name = "vpc-${local.vpc_name}"
2121
private_googleapis_cidr = module.private_service_connect.private_service_connect_ip
2222
google_forward_source_range = "35.199.192.0/19"
23-
advertised_ip = var.environment_code == "p" ? [{ range = local.google_forward_source_range }, { range = local.private_googleapis_cidr }] : [{ range = local.private_googleapis_cidr }]
23+
advertised_ip = var.environment_code == "c" ? [{ range = local.google_forward_source_range }, { range = local.private_googleapis_cidr }] : [{ range = local.private_googleapis_cidr }]
24+
2425
}
2526

2627
/******************************************

3-networks-hub-and-spoke/modules/base_shared_vpc/outputs.tf

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,11 @@ output "network_name" {
1919
description = "The name of the VPC being created"
2020
}
2121

22+
output "base_dns_policy" {
23+
value = google_dns_policy.default_policy.name
24+
description = "The name of the DNS policy being created"
25+
}
26+
2227
output "network_self_link" {
2328
value = module.main.network_self_link
2429
description = "The URI of the VPC being created"

3-networks-hub-and-spoke/modules/restricted_shared_vpc/README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,7 @@
5353
| region1\_router2 | Router 2 for Region 1 |
5454
| region2\_router1 | Router 1 for Region 2 |
5555
| region2\_router2 | Router 2 for Region 2 |
56+
| restricted\_dns\_policy | The name of the DNS policy being created |
5657
| service\_perimeter\_name | Access context manager service perimeter name for the enforced perimeter |
5758
| subnets\_ips | The IPs and CIDRs of the subnets being created |
5859
| subnets\_names | The names of the subnets being created |

3-networks-hub-and-spoke/modules/restricted_shared_vpc/main.tf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ locals {
2020
network_name = "vpc-${local.vpc_name}"
2121
restricted_googleapis_cidr = module.private_service_connect.private_service_connect_ip
2222
google_forward_source_range = "35.199.192.0/19"
23-
advertised_ip = var.environment_code == "p" ? [{ range = local.google_forward_source_range }, { range = local.restricted_googleapis_cidr }] : [{ range = local.restricted_googleapis_cidr }]
23+
advertised_ip = var.environment_code == "c" ? [{ range = local.google_forward_source_range }, { range = local.restricted_googleapis_cidr }] : [{ range = local.restricted_googleapis_cidr }]
2424
}
2525

2626
/******************************************

3-networks-hub-and-spoke/modules/restricted_shared_vpc/outputs.tf

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,11 @@ output "network_name" {
1919
description = "The name of the VPC being created"
2020
}
2121

22+
output "restricted_dns_policy" {
23+
value = google_dns_policy.default_policy.name
24+
description = "The name of the DNS policy being created"
25+
}
26+
2227
output "network_self_link" {
2328
value = module.main.network_self_link
2429
description = "The URI of the VPC being created"

test/integration/networks/networks_test.go

Lines changed: 33 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -51,6 +51,7 @@ func getNetworkResourceNames(envCode string, networkMode string, firewallMode st
5151
"base": {
5252
"network_name": fmt.Sprintf("vpc-%s-shared-base%s", envCode, networkMode),
5353
"global_address": fmt.Sprintf("ga-%s-shared-base%s-vpc-peering-internal", envCode, networkMode),
54+
"dns_zone_forward": "fz-dns-hub",
5455
"dns_zone_googleapis": fmt.Sprintf("dz-%s-shared-base-apis", envCode),
5556
"dns_zone_gcr": fmt.Sprintf("dz-%s-shared-base-gcr", envCode),
5657
"dns_zone_pkg_dev": fmt.Sprintf("dz-%s-shared-base-pkg-dev", envCode),
@@ -69,6 +70,7 @@ func getNetworkResourceNames(envCode string, networkMode string, firewallMode st
6970
"restricted": {
7071
"network_name": fmt.Sprintf("vpc-%s-shared-restricted%s", envCode, networkMode),
7172
"global_address": fmt.Sprintf("ga-%s-shared-restricted%s-vpc-peering-internal", envCode, networkMode),
73+
"dns_zone_forward": "fz-dns-hub",
7274
"dns_zone_googleapis": fmt.Sprintf("dz-%s-shared-restricted-apis", envCode),
7375
"dns_zone_gcr": fmt.Sprintf("dz-%s-shared-restricted-gcr", envCode),
7476
"dns_zone_pkg_dev": fmt.Sprintf("dz-%s-shared-restricted-pkg-dev", envCode),
@@ -331,22 +333,17 @@ func TestNetworks(t *testing.T) {
331333
tfdDir = "../../../3-networks-hub-and-spoke/envs/%s"
332334
}
333335

334-
var tfdDirDNS string
335-
if networkMode == "" {
336-
tfdDirDNS = "../../../3-networks-dual-svpc/envs/production"
337-
} else {
338-
tfdDirDNS = "../../../3-networks-hub-and-spoke/envs/shared"
339-
}
340-
341336
envCode := string(envName[0:1])
342337
networks := tft.NewTFBlueprintTest(t,
343338
tft.WithTFDir(fmt.Sprintf(tfdDir, envName)),
344-
tft.WithTFDir(fmt.Sprintf(tfdDirDNS)),
345339
tft.WithVars(vars),
346340
tft.WithRetryableTerraformErrors(testutils.RetryableTransientErrors, 10, 2*time.Minute),
347341
tft.WithPolicyLibraryPath("/workspace/policy-library", bootstrap.GetTFSetupStringOutput("project_id")),
348342
tft.WithBackendConfig(backendConfig),
349343
)
344+
345+
networkMode := getNetworkMode(t)
346+
350347
networks.DefineVerify(
351348
func(assert *assert.Assertions) {
352349
// perform default verification ensuring Terraform reports no additional changes on an applied blueprint
@@ -359,9 +356,6 @@ func TestNetworks(t *testing.T) {
359356
servicePerimeterLink := fmt.Sprintf("accessPolicies/%s/servicePerimeters/%s", policyID, networks.GetStringOutput("restricted_service_perimeter_name"))
360357
accessLevel := fmt.Sprintf("accessPolicies/%s/accessLevels/%s", policyID, networks.GetStringOutput("access_level_name_dry_run"))
361358
networkNames := getNetworkResourceNames(envCode, networkMode, firewallMode)
362-
baseSharedProjectID := networks.GetStringOutput("base_host_project_id")
363-
restrictedProjectID := networks.GetStringOutput("restricted_host_project_id")
364-
dnsFwZoneName := "fz-dns-hub"
365359

366360
servicePerimeter, err := gcloud.RunCmdE(t, fmt.Sprintf("access-context-manager perimeters dry-run describe %s --policy %s", servicePerimeterLink, policyID))
367361
assert.NoError(err)
@@ -378,22 +372,30 @@ func TestNetworks(t *testing.T) {
378372
} {
379373
projectID := networks.GetStringOutput(fmt.Sprintf("%s_host_project_id", networkType))
380374

381-
for _, dnsType := range []string{
382-
"dns_zone_googleapis",
383-
"dns_zone_gcr",
384-
"dns_zone_pkg_dev",
385-
"dns_zone_peering_zone",
386-
} {
387-
dnsName := networkNames[networkType][dnsType]
388-
dnsZone := gcloud.Runf(t, "dns managed-zones describe %s --project %s --impersonate-service-account %s", dnsName, projectID, terraformSA)
389-
assert.Equal(dnsName, dnsZone.Get("name").String(), fmt.Sprintf("dnsZone %s should exist", dnsName))
375+
if networkMode == "-spoke" {
376+
for _, dnsType := range []string{
377+
"dns_zone_googleapis",
378+
"dns_zone_gcr",
379+
"dns_zone_pkg_dev",
380+
"dns_zone_peering_zone",
381+
} {
382+
dnsName := networkNames[networkType][dnsType]
383+
dnsZone := gcloud.Runf(t, "dns managed-zones describe %s --project %s --impersonate-service-account %s", dnsName, projectID, terraformSA)
384+
assert.Equal(dnsName, dnsZone.Get("name").String(), fmt.Sprintf("dnsZone %s should exist", dnsName))
385+
}
386+
} else {
387+
for _, dnsType := range []string{
388+
"dns_zone_googleapis",
389+
"dns_zone_gcr",
390+
"dns_zone_pkg_dev",
391+
"dns_zone_forward",
392+
} {
393+
dnsName := networkNames[networkType][dnsType]
394+
dnsZone := gcloud.Runf(t, "dns managed-zones describe %s --project %s --impersonate-service-account %s", dnsName, projectID, terraformSA)
395+
assert.Equal(dnsName, dnsZone.Get("name").String(), fmt.Sprintf("dnsZone %s should exist", dnsName))
396+
}
390397
}
391398

392-
dnsZoneSharedBaseHubSpoke := gcloud.Runf(t, "dns managed-zones describe %s --project %s --impersonate-service-account %s", dnsFwZoneName, baseSharedProjectID, terraformSA)
393-
assert.Equal(dnsFwZoneName, dnsZoneSharedBaseHubSpoke.Get("name").String(), fmt.Sprintf("dnsZone %s should exist for base", dnsFwZoneName))
394-
dnsZoneRestrictedHubSpoke := gcloud.Runf(t, "dns managed-zones describe %s --project %s --impersonate-service-account %s", dnsFwZoneName, restrictedProjectID, terraformSA)
395-
assert.Equal(dnsFwZoneName, dnsZoneRestrictedHubSpoke .Get("name").String(), fmt.Sprintf("dnsZone %s should exist for restricted", dnsFwZoneName))
396-
397399
networkName := networkNames[networkType]["network_name"]
398400
networkUrl := fmt.Sprintf("https://www.googleapis.com/compute/v1/projects/%s/global/networks/%s", projectID, networkName)
399401
dnsPolicyName := networkNames[networkType]["dns_policy_name"]
@@ -462,18 +464,16 @@ func TestNetworks(t *testing.T) {
462464
} {
463465

464466
routerName := networkNames[networkType][router.router]
467+
bgpAdvertisedIpRange := "35.199.192.0/19"
465468
computeRouter := gcloud.Runf(t, "compute routers describe %s --region %s --project %s --impersonate-service-account %s", routerName, router.region, projectID, terraformSA)
466469
networkSelfLink := fmt.Sprintf("https://www.googleapis.com/compute/v1/projects/%s/global/networks/%s", projectID, networkNames[networkType]["network_name"])
467470
assert.Equal(routerName, computeRouter.Get("name").String(), fmt.Sprintf("router %s should exist", routerName))
468471
assert.Equal("64514", computeRouter.Get("bgp.asn").String(), fmt.Sprintf("router %s should have bgp asm 64514", routerName))
469-
assert.Equal(1, len(computeRouter.Get("bgp.advertisedIpRanges").Array()), fmt.Sprintf("router %s should have only one advertised IP range", routerName))
470-
assert.Equal(googleapisCIDR[envName][networkType], computeRouter.Get("bgp.advertisedIpRanges.0.range").String(), fmt.Sprintf("router %s should have only range %s", routerName, googleapisCIDR[envName][networkType]))
471-
assert.Equal(networkSelfLink, computeRouter.Get("network").String(), fmt.Sprintf("router %s should have be from network %s", routerName, networkNames[networkType]["network_name"]))
472-
473-
dnsZoneSharedBaseSVPC := gcloud.Runf(t, "dns managed-zones describe %s --project %s --impersonate-service-account %s", dnsFwZoneName, baseSharedProjectID, terraformSA)
474-
assert.Equal(dnsFwZoneName, dnsZoneSharedBaseSVPC.Get("name").String(), fmt.Sprintf("dnsZone %s should exist for base", dnsFwZoneName))
475-
dnsZoneRestrictedSVPC := gcloud.Runf(t, "dns managed-zones describe %s --project %s --impersonate-service-account %s", dnsFwZoneName, restrictedProjectID, terraformSA)
476-
assert.Equal(dnsFwZoneName, dnsZoneRestrictedSVPC.Get("name").String(), fmt.Sprintf("dnsZone %s should exist for restricted", dnsFwZoneName))
472+
assert.Equal(networkSelfLink, computeRouter.Get("network").String(), fmt.Sprintf("router %s should be on network %s", routerName, networkNames[networkType]["network_name"]))
473+
if strings.Contains(projectID, "prj-p") && networkMode != "-spoke" {
474+
assert.Equal(bgpAdvertisedIpRange, computeRouter.Get("bgp.advertisedIpRanges.0.range").String(), fmt.Sprintf("router %s should have range %s", routerName, bgpAdvertisedIpRange))
475+
assert.Equal(googleapisCIDR[envName][networkType], computeRouter.Get("bgp.advertisedIpRanges.0.range").String(), fmt.Sprintf("router %s should have only range %s", routerName, googleapisCIDR[envName][networkType]))
476+
}
477477
}
478478
}
479479
}
@@ -483,4 +483,3 @@ func TestNetworks(t *testing.T) {
483483

484484
}
485485
}
486-

0 commit comments

Comments
 (0)