Skip to content

Commit 0ed0b0a

Browse files
fix integration tests and remove DNS Hub Project
1 parent dbe4c6e commit 0ed0b0a

File tree

9 files changed

+37
-233
lines changed

9 files changed

+37
-233
lines changed

1-org/envs/shared/README.md

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
| log\_export\_storage\_location | The location of the storage bucket used to export logs. | `string` | `null` | no |
1919
| log\_export\_storage\_retention\_policy | Configuration of the bucket's data retention policy for how long objects in the bucket should be retained. | <pre>object({<br> is_locked = bool<br> retention_period_days = number<br> })</pre> | `null` | no |
2020
| log\_export\_storage\_versioning | (Optional) Toggles bucket versioning, ability to retain a non-current object version when the live object version gets replaced or deleted. | `bool` | `false` | no |
21-
| project\_budget | Budget configuration for projects.<br> budget\_amount: The amount to use as the budget.<br> alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.<br> alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.<br> alert\_spend\_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default). | <pre>object({<br> dns_hub_budget_amount = optional(number, 1000)<br> dns_hub_alert_spent_percents = optional(list(number), [1.2])<br> dns_hub_alert_pubsub_topic = optional(string, null)<br> dns_hub_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> base_net_hub_budget_amount = optional(number, 1000)<br> base_net_hub_alert_spent_percents = optional(list(number), [1.2])<br> base_net_hub_alert_pubsub_topic = optional(string, null)<br> base_net_hub_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> base_network_budget_amount = optional(number, 1000)<br> base_network_alert_spent_percents = optional(list(number), [1.2])<br> base_network_alert_pubsub_topic = optional(string, null)<br> base_network_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> restricted_net_hub_budget_amount = optional(number, 1000)<br> restricted_net_hub_alert_spent_percents = optional(list(number), [1.2])<br> restricted_net_hub_alert_pubsub_topic = optional(string, null)<br> restricted_net_hub_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> restricted_network_budget_amount = optional(number, 1000)<br> restricted_network_alert_spent_percents = optional(list(number), [1.2])<br> restricted_network_alert_pubsub_topic = optional(string, null)<br> restricted_network_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> interconnect_budget_amount = optional(number, 1000)<br> interconnect_alert_spent_percents = optional(list(number), [1.2])<br> interconnect_alert_pubsub_topic = optional(string, null)<br> interconnect_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> org_secrets_budget_amount = optional(number, 1000)<br> org_secrets_alert_spent_percents = optional(list(number), [1.2])<br> org_secrets_alert_pubsub_topic = optional(string, null)<br> org_secrets_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> org_billing_export_budget_amount = optional(number, 1000)<br> org_billing_export_alert_spent_percents = optional(list(number), [1.2])<br> org_billing_export_alert_pubsub_topic = optional(string, null)<br> org_billing_export_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> org_audit_logs_budget_amount = optional(number, 1000)<br> org_audit_logs_alert_spent_percents = optional(list(number), [1.2])<br> org_audit_logs_alert_pubsub_topic = optional(string, null)<br> org_audit_logs_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> common_kms_budget_amount = optional(number, 1000)<br> common_kms_alert_spent_percents = optional(list(number), [1.2])<br> common_kms_alert_pubsub_topic = optional(string, null)<br> common_kms_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> scc_notifications_budget_amount = optional(number, 1000)<br> scc_notifications_alert_spent_percents = optional(list(number), [1.2])<br> scc_notifications_alert_pubsub_topic = optional(string, null)<br> scc_notifications_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> })</pre> | `{}` | no |
21+
| project\_budget | Budget configuration for projects.<br> budget\_amount: The amount to use as the budget.<br> alert\_spent\_percents: A list of percentages of the budget to alert on when threshold is exceeded.<br> alert\_pubsub\_topic: The name of the Cloud Pub/Sub topic where budget related messages will be published, in the form of `projects/{project_id}/topics/{topic_id}`.<br> alert\_spend\_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default). | <pre>object({<br> base_net_hub_budget_amount = optional(number, 1000)<br> base_net_hub_alert_spent_percents = optional(list(number), [1.2])<br> base_net_hub_alert_pubsub_topic = optional(string, null)<br> base_net_hub_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> base_network_budget_amount = optional(number, 1000)<br> base_network_alert_spent_percents = optional(list(number), [1.2])<br> base_network_alert_pubsub_topic = optional(string, null)<br> base_network_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> restricted_net_hub_budget_amount = optional(number, 1000)<br> restricted_net_hub_alert_spent_percents = optional(list(number), [1.2])<br> restricted_net_hub_alert_pubsub_topic = optional(string, null)<br> restricted_net_hub_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> restricted_network_budget_amount = optional(number, 1000)<br> restricted_network_alert_spent_percents = optional(list(number), [1.2])<br> restricted_network_alert_pubsub_topic = optional(string, null)<br> restricted_network_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> interconnect_budget_amount = optional(number, 1000)<br> interconnect_alert_spent_percents = optional(list(number), [1.2])<br> interconnect_alert_pubsub_topic = optional(string, null)<br> interconnect_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> org_secrets_budget_amount = optional(number, 1000)<br> org_secrets_alert_spent_percents = optional(list(number), [1.2])<br> org_secrets_alert_pubsub_topic = optional(string, null)<br> org_secrets_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> org_billing_export_budget_amount = optional(number, 1000)<br> org_billing_export_alert_spent_percents = optional(list(number), [1.2])<br> org_billing_export_alert_pubsub_topic = optional(string, null)<br> org_billing_export_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> org_audit_logs_budget_amount = optional(number, 1000)<br> org_audit_logs_alert_spent_percents = optional(list(number), [1.2])<br> org_audit_logs_alert_pubsub_topic = optional(string, null)<br> org_audit_logs_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> common_kms_budget_amount = optional(number, 1000)<br> common_kms_alert_spent_percents = optional(list(number), [1.2])<br> common_kms_alert_pubsub_topic = optional(string, null)<br> common_kms_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> scc_notifications_budget_amount = optional(number, 1000)<br> scc_notifications_alert_spent_percents = optional(list(number), [1.2])<br> scc_notifications_alert_pubsub_topic = optional(string, null)<br> scc_notifications_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")<br> })</pre> | `{}` | no |
2222
| project\_deletion\_policy | The deletion policy for the project created. | `string` | `"PREVENT"` | no |
2323
| remote\_state\_bucket | Backend bucket to load Terraform Remote State Data from previous steps. | `string` | n/a | yes |
2424
| scc\_notification\_filter | Filter used to create the Security Command Center Notification, you can see more details on how to create filters in https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications#create-filter | `string` | `"state = \"ACTIVE\""` | no |
@@ -37,7 +37,6 @@
3737
| cai\_monitoring\_topic | CAI Monitoring Cloud Function Pub/Sub Topic name. |
3838
| common\_folder\_name | The common folder name |
3939
| common\_kms\_project\_id | The org Cloud Key Management Service (KMS) project ID |
40-
| dns\_hub\_project\_id | The DNS hub project ID |
4140
| domains\_to\_allow | The list of domains to allow users from in IAM. |
4241
| interconnect\_project\_id | The Dedicated Interconnect project ID |
4342
| interconnect\_project\_number | The Dedicated Interconnect project number |

1-org/envs/shared/outputs.tf

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -79,11 +79,6 @@ output "scc_notifications_project_id" {
7979
description = "The SCC notifications project ID"
8080
}
8181

82-
output "dns_hub_project_id" {
83-
value = module.dns_hub.project_id
84-
description = "The DNS hub project ID"
85-
}
86-
8782
output "base_net_hub_project_id" {
8883
value = try(module.base_network_hub[0].project_id, null)
8984
description = "The Base Network hub project ID"

1-org/envs/shared/projects.tf

Lines changed: 0 additions & 42 deletions
Original file line numberDiff line numberDiff line change
@@ -233,48 +233,6 @@ module "scc_notifications" {
233233
budget_alert_spend_basis = var.project_budget.scc_notifications_budget_alert_spend_basis
234234
}
235235

236-
/******************************************
237-
Project for DNS Hub
238-
*****************************************/
239-
240-
module "dns_hub" {
241-
source = "terraform-google-modules/project-factory/google"
242-
version = "~> 17.0"
243-
244-
random_project_id = true
245-
random_project_id_length = 4
246-
default_service_account = "deprivilege"
247-
name = "${local.project_prefix}-net-dns"
248-
org_id = local.org_id
249-
billing_account = local.billing_account
250-
folder_id = google_folder.network.id
251-
deletion_policy = var.project_deletion_policy
252-
253-
activate_apis = [
254-
"compute.googleapis.com",
255-
"dns.googleapis.com",
256-
"servicenetworking.googleapis.com",
257-
"logging.googleapis.com",
258-
"cloudresourcemanager.googleapis.com",
259-
"billingbudgets.googleapis.com"
260-
]
261-
262-
labels = {
263-
environment = "network"
264-
application_name = "org-dns-hub"
265-
billing_code = "1234"
266-
primary_contact = "example1"
267-
secondary_contact = "example2"
268-
business_code = "shared"
269-
env_code = "net"
270-
vpc = "none"
271-
}
272-
budget_alert_pubsub_topic = var.project_budget.dns_hub_alert_pubsub_topic
273-
budget_alert_spent_percents = var.project_budget.dns_hub_alert_spent_percents
274-
budget_amount = var.project_budget.dns_hub_budget_amount
275-
budget_alert_spend_basis = var.project_budget.dns_hub_budget_alert_spend_basis
276-
}
277-
278236
/******************************************
279237
Project for Base Network Hub
280238
*****************************************/

1-org/envs/shared/variables.tf

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -97,10 +97,6 @@ variable "project_budget" {
9797
alert_spend_basis: The type of basis used to determine if spend has passed the threshold. Possible choices are `CURRENT_SPEND` or `FORECASTED_SPEND` (default).
9898
EOT
9999
type = object({
100-
dns_hub_budget_amount = optional(number, 1000)
101-
dns_hub_alert_spent_percents = optional(list(number), [1.2])
102-
dns_hub_alert_pubsub_topic = optional(string, null)
103-
dns_hub_budget_alert_spend_basis = optional(string, "FORECASTED_SPEND")
104100
base_net_hub_budget_amount = optional(number, 1000)
105101
base_net_hub_alert_spent_percents = optional(list(number), [1.2])
106102
base_net_hub_alert_pubsub_topic = optional(string, null)

3-networks-hub-and-spoke/envs/shared/README.md

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,7 @@ The purpose of this step is to set up the global [DNS Hub](https://cloud.google.
5252

5353
| Name | Description |
5454
|------|-------------|
55-
| project | Project name |
55+
| base\_host\_project\_id | The base host project ID |
56+
| restricted\_host\_project\_id | The restricted host project ID |
5657

5758
<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

3-networks-hub-and-spoke/envs/shared/outputs.tf

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,8 +14,12 @@
1414
* limitations under the License.
1515
*/
1616

17-
output "project" {
17+
output "restricted_host_project_id" {
1818
value = local.restricted_net_hub_project_id
19-
description = "Project name"
19+
description = "The restricted host project ID"
2020
}
2121

22+
output "base_host_project_id" {
23+
value = local.base_net_hub_project_id
24+
description = "The base host project ID"
25+
}

test/integration/networks/networks_test.go

Lines changed: 28 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -38,14 +38,6 @@ func getNetworkMode(t *testing.T) string {
3838
return ""
3939
}
4040

41-
func getFirewallMode(t *testing.T) string {
42-
mode := utils.ValFromEnv(t, "TF_VAR_example_foundations_mode")
43-
if mode == "HubAndSpoke" {
44-
return "hub-and-spoke"
45-
}
46-
return "dual-svpc"
47-
}
48-
4941
func getNetworkResourceNames(envCode string, networkMode string, firewallMode string) map[string]map[string]string {
5042
return map[string]map[string]string{
5143
"base": {
@@ -331,9 +323,17 @@ func TestNetworks(t *testing.T) {
331323
tfdDir = "../../../3-networks-hub-and-spoke/envs/%s"
332324
}
333325

326+
var tfdDirDNS string
327+
if networkMode == "" {
328+
tfdDirDNS = "../../../3-networks-dual-svpc/envs/production"
329+
} else {
330+
tfdDirDNS = "../../../3-networks-hub-and-spoke/envs/shared"
331+
}
332+
334333
envCode := string(envName[0:1])
335334
networks := tft.NewTFBlueprintTest(t,
336335
tft.WithTFDir(fmt.Sprintf(tfdDir, envName)),
336+
tft.WithTFDir(fmt.Sprintf(tfdDirDNS)),
337337
tft.WithVars(vars),
338338
tft.WithRetryableTerraformErrors(testutils.RetryableTransientErrors, 10, 2*time.Minute),
339339
tft.WithPolicyLibraryPath("/workspace/policy-library", bootstrap.GetTFSetupStringOutput("project_id")),
@@ -378,6 +378,16 @@ func TestNetworks(t *testing.T) {
378378
assert.Equal(dnsName, dnsZone.Get("name").String(), fmt.Sprintf("dnsZone %s should exist", dnsName))
379379
}
380380

381+
baseSharedProjectID := networks.GetStringOutput("base_host_project_id")
382+
dnsFwZoneName := "fz-dns-hub"
383+
dnsZone := gcloud.Runf(t, "dns managed-zones describe %s --project %s --impersonate-service-account %s", dnsFwZoneName, baseSharedProjectID, terraformSA)
384+
assert.Equal(dnsFwZoneName, dnsZone.Get("name").String(), fmt.Sprintf("dnsZone %s should exist", dnsFwZoneName))
385+
386+
restrictedProjectID := networks.GetStringOutput("restricted_host_project_id")
387+
dnsFwZoneName := "fz-dns-hub"
388+
dnsZone := gcloud.Runf(t, "dns managed-zones describe %s --project %s --impersonate-service-account %s", dnsFwZoneName, restrictedProjectID, terraformSA)
389+
assert.Equal(dnsFwZoneName, dnsZone.Get("name").String(), fmt.Sprintf("dnsZone %s should exist", dnsFwZoneName))
390+
381391
networkName := networkNames[networkType]["network_name"]
382392
networkUrl := fmt.Sprintf("https://www.googleapis.com/compute/v1/projects/%s/global/networks/%s", projectID, networkName)
383393
dnsPolicyName := networkNames[networkType]["dns_policy_name"]
@@ -453,6 +463,16 @@ func TestNetworks(t *testing.T) {
453463
assert.Equal(1, len(computeRouter.Get("bgp.advertisedIpRanges").Array()), fmt.Sprintf("router %s should have only one advertised IP range", routerName))
454464
assert.Equal(googleapisCIDR[envName][networkType], computeRouter.Get("bgp.advertisedIpRanges.0.range").String(), fmt.Sprintf("router %s should have only range %s", routerName, googleapisCIDR[envName][networkType]))
455465
assert.Equal(networkSelfLink, computeRouter.Get("network").String(), fmt.Sprintf("router %s should have be from network %s", routerName, networkNames[networkType]["network_name"]))
466+
467+
baseSharedProjectID := networks.GetStringOutput("base_host_project_id")
468+
dnsFwZoneName := "fz-dns-hub"
469+
dnsZone := gcloud.Runf(t, "dns managed-zones describe %s --project %s --impersonate-service-account %s", dnsFwZoneName, baseSharedProjectID, terraformSA)
470+
assert.Equal(dnsFwZoneName, dnsZone.Get("name").String(), fmt.Sprintf("dnsZone %s should exist", dnsFwZoneName))
471+
472+
restrictedProjectID := networks.GetStringOutput("restricted_host_project_id")
473+
dnsFwZoneName := "fz-dns-hub"
474+
dnsZone := gcloud.Runf(t, "dns managed-zones describe %s --project %s --impersonate-service-account %s", dnsFwZoneName, restrictedProjectID, terraformSA)
475+
assert.Equal(dnsFwZoneName, dnsZone.Get("name").String(), fmt.Sprintf("dnsZone %s should exist", dnsFwZoneName))
456476
}
457477
}
458478
}

test/integration/org/org_test.go

Lines changed: 0 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -442,16 +442,6 @@ func TestOrg(t *testing.T) {
442442
"securitycenter.googleapis.com",
443443
},
444444
},
445-
{
446-
output: "dns_hub_project_id",
447-
apis: []string{
448-
"compute.googleapis.com",
449-
"dns.googleapis.com",
450-
"servicenetworking.googleapis.com",
451-
"logging.googleapis.com",
452-
"cloudresourcemanager.googleapis.com",
453-
},
454-
},
455445
} {
456446
projectID := org.GetStringOutput(projectOutput.output)
457447
prj := gcloud.Runf(t, "projects describe %s", projectID)

0 commit comments

Comments
 (0)