diff --git a/.gitignore b/.gitignore index a6aa5ce..bfad89b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ -.terraform +.terraform/ .kitchen/ terraform.tfstate.d/ terraform.tfstate* @@ -7,3 +7,5 @@ credentials.json ubuntu* .vscode ci.tar.gz +vendor/ +.bundle diff --git a/.travis.yml b/.travis.yml index a630f3a..bef044e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,10 +1,16 @@ language: ruby +rvm: + - 2.5 cache: directories: - vendor/bundle - vendor/cache - vendor/bin - vendor/google-cloud-sdk +before_install: + - gem update --system + - gem install bundler + - bundle --full-index jobs: stages: - name: prepare cache @@ -31,4 +37,4 @@ jobs: file: "**/*" on: repo: newcontext-oss/terraform-google-instance - branch: master \ No newline at end of file + branch: master diff --git a/Gemfile b/Gemfile index 07cee20..20736fb 100644 --- a/Gemfile +++ b/Gemfile @@ -1,3 +1,5 @@ source 'https://rubygems.org/' do - gem 'kitchen-terraform' -end \ No newline at end of file + gem 'inspec', '~> 2.2.35' # for Terraform 0.12+, make: ~> 4.0.0 + gem 'kitchen-google', '~> 1.5' + gem 'kitchen-terraform', '~> 4.0.0' # for Terraform 0.12+, make: >= 4.0.0 +end diff --git a/Gemfile.lock b/Gemfile.lock index d83271e..3ff571a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,187 +1,271 @@ GEM remote: https://rubygems.org/ specs: - addressable (2.5.2) + addressable (2.6.0) public_suffix (>= 2.0.2, < 4.0) - aws-sdk (2.11.46) - aws-sdk-resources (= 2.11.46) - aws-sdk-core (2.11.46) + aws-eventstream (1.0.3) + aws-sdk (2.11.327) + aws-sdk-resources (= 2.11.327) + aws-sdk-core (2.11.327) aws-sigv4 (~> 1.0) jmespath (~> 1.0) - aws-sdk-resources (2.11.46) - aws-sdk-core (= 2.11.46) - aws-sigv4 (1.0.2) - azure_mgmt_resources (0.16.0) - ms_rest_azure (~> 0.10.0) + aws-sdk-resources (2.11.327) + aws-sdk-core (= 2.11.327) + aws-sigv4 (1.1.0) + aws-eventstream (~> 1.0, >= 1.0.2) + azure_graph_rbac (0.17.1) + ms_rest_azure (~> 0.11.0) + azure_mgmt_key_vault (0.17.4) + ms_rest_azure (~> 0.11.0) + azure_mgmt_resources (0.17.6) + ms_rest_azure (~> 0.11.1) builder (3.2.3) coderay (1.1.2) - concurrent-ruby (1.0.5) + concurrent-ruby (1.1.5) + declarative (0.0.10) + declarative-option (0.1.0) diff-lcs (1.3) docker-api (1.34.2) excon (>= 0.47.0) multi_json - domain_name (0.5.20180417) + domain_name (0.5.20190701) unf (>= 0.0.5, < 1.0.0) - dry-configurable (0.7.0) + dry-configurable (0.8.3) concurrent-ruby (~> 1.0) - dry-container (0.6.0) + dry-core (~> 0.4, >= 0.4.7) + dry-container (0.7.2) concurrent-ruby (~> 1.0) dry-configurable (~> 0.1, >= 0.1.3) - dry-core (0.4.5) + dry-core (0.4.8) + concurrent-ruby (~> 1.0) + dry-equalizer (0.2.2) + dry-inflector (0.1.2) + dry-logic (0.6.1) concurrent-ruby (~> 1.0) - dry-equalizer (0.2.1) - dry-logic (0.4.2) - dry-container (~> 0.2, >= 0.2.6) dry-core (~> 0.2) dry-equalizer (~> 0.2) - dry-types (0.12.2) + dry-types (0.14.1) concurrent-ruby (~> 1.0) - dry-configurable (~> 0.1) dry-container (~> 0.3) - dry-core (~> 0.2, >= 0.2.1) + dry-core (~> 0.4, >= 0.4.4) dry-equalizer (~> 0.2) - dry-logic (~> 0.4, >= 0.4.2) - inflecto (~> 0.0.0, >= 0.0.2) - dry-validation (0.11.1) + dry-inflector (~> 0.1, >= 0.1.2) + dry-logic (~> 0.5, >= 0.5) + dry-validation (0.13.3) concurrent-ruby (~> 1.0) dry-configurable (~> 0.1, >= 0.1.3) dry-core (~> 0.2, >= 0.2.1) dry-equalizer (~> 0.2) - dry-logic (~> 0.4, >= 0.4.0) - dry-types (~> 0.12.0) + dry-logic (~> 0.5, >= 0.5.0) + dry-types (~> 0.14.0) + equatable (0.6.1) erubis (2.7.0) - excon (0.62.0) - faraday (0.15.0) + excon (0.66.0) + faraday (0.15.4) multipart-post (>= 1.2, < 3) faraday-cookie_jar (0.0.6) faraday (>= 0.7.4) http-cookie (~> 1.0.0) - ffi (1.9.23) - gssapi (1.2.0) + faraday_middleware (0.12.2) + faraday (>= 0.7.4, < 1.0) + ffi (1.11.1) + gcewinpass (1.1.0) + google-api-client (~> 0.13) + google-api-client (0.23.9) + addressable (~> 2.5, >= 2.5.1) + googleauth (>= 0.5, < 0.7.0) + httpclient (>= 2.8.1, < 3.0) + mime-types (~> 3.0) + representable (~> 3.0) + retriable (>= 2.0, < 4.0) + signet (~> 0.9) + googleauth (0.6.7) + faraday (~> 0.12) + jwt (>= 1.4, < 3.0) + memoist (~> 0.16) + multi_json (~> 1.11) + os (>= 0.9, < 2.0) + signet (~> 0.7) + gssapi (1.3.0) ffi (>= 1.0.1) gyoku (1.3.1) builder (>= 2.1.2) - hashie (3.5.7) + hashie (3.6.0) htmlentities (4.3.4) http-cookie (1.0.3) domain_name (~> 0.5) httpclient (2.8.3) - inflecto (0.0.2) inifile (3.0.0) - inspec (2.1.68) + inspec (2.2.112) addressable (~> 2.4) faraday (>= 0.9.0) + faraday_middleware (~> 0.12.2) hashie (~> 3.4) htmlentities json (>= 1.8, < 3.0) method_source (~> 0.8) mixlib-log + multipart-post parallel (~> 1.9) parslet (~> 1.5) pry (~> 0) rspec (~> 3) rspec-its (~> 1.2) - rubyzip (~> 1.1) + rubyzip (~> 1.2, >= 1.2.2) semverse sslshake (~> 1.2) thor (~> 0.20) tomlrb (~> 1.2) - train (~> 1.4) + train (~> 1.4, >= 1.4.37) jmespath (1.4.0) - json (2.1.0) - kitchen-inspec (0.23.1) - hashie (~> 3.4) - inspec (>= 0.34.0, < 3.0.0) - test-kitchen (~> 1.6) - kitchen-terraform (3.3.1) + json (2.2.0) + jwt (2.2.1) + kitchen-google (1.5.0) + gcewinpass (~> 1.1) + google-api-client (~> 0.19) + test-kitchen + kitchen-terraform (4.0.0) dry-types (~> 0.9) dry-validation (~> 0.10) - kitchen-inspec (~> 0.18) + inspec (>= 2.2.34, < 3) mixlib-shellout (~> 2.2) - test-kitchen (~> 1.16) + test-kitchen (~> 1.23) + license-acceptance (1.0.13) + pastel (~> 0.7) + tomlrb (~> 1.2) + tty-box (~> 0.3) + tty-prompt (~> 0.18) little-plugger (1.1.4) logging (2.2.2) little-plugger (~> 1.1) multi_json (~> 1.10) - method_source (0.9.0) - mixlib-install (3.9.3) + memoist (0.16.0) + method_source (0.9.2) + mime-types (3.2.2) + mime-types-data (~> 3.2015) + mime-types-data (3.2019.0331) + mixlib-install (3.11.18) mixlib-shellout mixlib-versioning thor - mixlib-log (2.0.4) - mixlib-shellout (2.3.2) - mixlib-versioning (1.2.2) - ms_rest (0.7.2) + mixlib-log (3.0.1) + mixlib-shellout (2.4.4) + mixlib-versioning (1.2.7) + ms_rest (0.7.4) concurrent-ruby (~> 1.0) faraday (~> 0.9) - timeliness (~> 0.3) - ms_rest_azure (0.10.6) + timeliness (~> 0.3.10) + ms_rest_azure (0.11.1) concurrent-ruby (~> 1.0) faraday (~> 0.9) faraday-cookie_jar (~> 0.0.6) - ms_rest (~> 0.7.2) + ms_rest (~> 0.7.4) + unf_ext (= 0.0.7.2) multi_json (1.13.1) - multipart-post (2.0.0) + multipart-post (2.1.1) + necromancer (0.5.0) net-scp (1.2.1) net-ssh (>= 2.6.5) net-ssh (4.2.0) - net-ssh-gateway (1.3.0) - net-ssh (>= 2.6.5) + net-ssh-gateway (2.0.0) + net-ssh (>= 4.0.0) nori (2.6.0) - parallel (1.12.1) + os (1.0.1) + parallel (1.17.0) parslet (1.8.2) - pry (0.11.3) + pastel (0.7.3) + equatable (~> 0.6) + tty-color (~> 0.5) + pry (0.12.2) coderay (~> 1.1.0) method_source (~> 0.9.0) - public_suffix (3.0.2) - rspec (3.7.0) - rspec-core (~> 3.7.0) - rspec-expectations (~> 3.7.0) - rspec-mocks (~> 3.7.0) - rspec-core (3.7.1) - rspec-support (~> 3.7.0) - rspec-expectations (3.7.0) + public_suffix (3.1.1) + representable (3.0.4) + declarative (< 0.1.0) + declarative-option (< 0.2.0) + uber (< 0.2.0) + retriable (3.1.2) + rspec (3.8.0) + rspec-core (~> 3.8.0) + rspec-expectations (~> 3.8.0) + rspec-mocks (~> 3.8.0) + rspec-core (3.8.2) + rspec-support (~> 3.8.0) + rspec-expectations (3.8.4) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.7.0) - rspec-its (1.2.0) + rspec-support (~> 3.8.0) + rspec-its (1.3.0) rspec-core (>= 3.0.0) rspec-expectations (>= 3.0.0) - rspec-mocks (3.7.0) + rspec-mocks (3.8.1) diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.7.0) - rspec-support (3.7.1) + rspec-support (~> 3.8.0) + rspec-support (3.8.2) rubyntlm (0.6.2) - rubyzip (1.2.1) - semverse (2.0.0) - sslshake (1.2.0) - test-kitchen (1.21.2) + rubyzip (1.2.3) + semverse (3.0.0) + signet (0.11.0) + addressable (~> 2.3) + faraday (~> 0.9) + jwt (>= 1.5, < 3.0) + multi_json (~> 1.10) + sslshake (1.3.0) + strings (0.1.5) + strings-ansi (~> 0.1) + unicode-display_width (~> 1.5) + unicode_utils (~> 1.4) + strings-ansi (0.1.0) + test-kitchen (1.25.0) + license-acceptance (~> 1.0, >= 1.0.11) mixlib-install (~> 3.6) mixlib-shellout (>= 1.2, < 3.0) - net-scp (~> 1.1) + net-scp (>= 1.1, < 3.0) net-ssh (>= 2.9, < 5.0) - net-ssh-gateway (~> 1.2) + net-ssh-gateway (>= 1.2, < 3.0) thor (~> 0.19) winrm (~> 2.0) winrm-elevated (~> 1.0) winrm-fs (~> 1.1) - thor (0.20.0) - timeliness (0.3.8) - tomlrb (1.2.6) - train (1.4.4) + thor (0.20.3) + timeliness (0.3.10) + tomlrb (1.2.8) + train (1.7.6) aws-sdk (~> 2) + azure_graph_rbac (~> 0.16) + azure_mgmt_key_vault (~> 0.17) azure_mgmt_resources (~> 0.15) docker-api (~> 1.26) + google-api-client (~> 0.23.9) + googleauth (~> 0.6.6) inifile json (>= 1.8, < 3.0) - mixlib-shellout (~> 2.0) + mixlib-shellout (>= 2.0) net-scp (~> 1.2) - net-ssh (>= 2.9, < 5.0) + net-ssh (>= 2.9, < 6.0) winrm (~> 2.0) winrm-fs (~> 1.0) + tty-box (0.4.0) + pastel (~> 0.7.2) + strings (~> 0.1.5) + tty-cursor (~> 0.7) + tty-color (0.5.0) + tty-cursor (0.7.0) + tty-prompt (0.19.0) + necromancer (~> 0.5.0) + pastel (~> 0.7.0) + tty-reader (~> 0.6.0) + tty-reader (0.6.0) + tty-cursor (~> 0.7) + tty-screen (~> 0.7) + wisper (~> 2.0.0) + tty-screen (0.7.0) + uber (0.1.0) unf (0.1.4) unf_ext - unf_ext (0.0.7.5) - winrm (2.2.3) + unf_ext (0.0.7.2) + unicode-display_width (1.6.0) + unicode_utils (1.4.0) + winrm (2.3.2) builder (>= 2.1.2) erubis (~> 2.7) gssapi (~> 1.2) @@ -190,20 +274,23 @@ GEM logging (>= 1.6.1, < 3.0) nori (~> 2.0) rubyntlm (~> 0.6.0, >= 0.6.1) - winrm-elevated (1.1.0) + winrm-elevated (1.1.1) winrm (~> 2.0) winrm-fs (~> 1.0) - winrm-fs (1.2.0) + winrm-fs (1.3.2) erubis (~> 2.7) logging (>= 1.6.1, < 3.0) rubyzip (~> 1.1) winrm (~> 2.0) + wisper (2.0.0) PLATFORMS ruby DEPENDENCIES - kitchen-terraform! + inspec (~> 2.2.35)! + kitchen-google (~> 1.5)! + kitchen-terraform (~> 4.0.0)! BUNDLED WITH - 1.16.1 + 1.17.3 diff --git a/README.md b/README.md index d534227..1233e3b 100644 --- a/README.md +++ b/README.md @@ -18,37 +18,44 @@ module "terraform-google-instance" { } ``` +## Requirements + +Terraform version must be less than 0.12. (See below for tips on migrating to 0.12) + ## Development Feel free to submit pull requests to make changes to the module. To begin developing on this module please have a Google Compute Project. -### Install Terraform (options below) +### Required Setup +- See the script bin/example-setup-ubuntu.sh for the complete setup. However, the steps are listed below. + +#### Install Terraform (options below) - [https://github.com/kamatama41/tfenv](https://github.com/kamatama41/tfenv) - brew install terraform - [https://www.terraform.io/downloads.html](https://www.terraform.io/downloads.html) -### Install Ruby (options below) +#### Install Ruby (options below) - [https://github.com/rbenv/rbenv](https://github.com/rbenv/rbenv) - brew install ruby # or other package managers - [http://ruby-lang.org/](http://ruby-lang.org/) -### Install JQ +#### Install JQ - brew install jq # or other package managers - [https://stedolan.github.io/jq/](https://stedolan.github.io/jq/) -### Google IAM Console +#### Google IAM Console Download a credentials JSON file from a user with proper permissions. [https://console.cloud.google.com/iam-admin/iam](https://console.cloud.google.com/iam-admin/iam) Save the file to the root of the repository directory called: `credentials.json` -### Install gcloud CLI +#### Install gcloud CLI - [https://cloud.google.com/sdk/gcloud/](https://cloud.google.com/sdk/gcloud/) @@ -60,32 +67,43 @@ gcloud config set project $(jq -r '.project_id' credentials.json) gcloud config set compute/zone us-west1-a ``` -### Install Kitchen-Terraform +#### Install Kitchen-Terraform and many other required Ruby Gems. ```sh gem install bundler --no-rdoc --no-ri bundle install ``` -### Create an environment variables file +#### Create an environment variables file Create a file in the repository directory called: `.env` It will have environment variables that Terraform uses to run. ```sh -export TF_VAR_engineer_cidrs="[\"$(dig +short myip.opendns.com @resolver1.opendns.com)/32\"]" -export GOOGLE_APPLICATION_CREDENTIALS="credentials.json" +cat > .env </dev/null +``` + +To run Terraform via Test-Kitchen: + +```sh bundle exec kitchen converge ``` @@ -95,7 +113,6 @@ Test-Kitchen will run the module code that is called via this file: To run InSpec via Test-Kitchen: ```sh -source .env bundle exec kitchen verify ``` @@ -105,10 +122,19 @@ Test-Kitchen will run the InSpec controls via this file: To destroy everything via Test-Kitchen: ```sh -source .env bundle exec kitchen destroy ``` +## Migration to Terraform 0.12+ + +This repository does not support Terraform 0.12+ out of the box. +Here are **some** of the things necessary to migrate. +1. Edit Gemfile to change version requirements to be this: + - gem 'inspec', '~> 4.0' + - gem 'kitchen-terraform', '>= 4.0.0' +1. Edit main.tf to change syntax of metadata, at the bottom. See the comment. +1. Testing (verify stage) does not pass - there seem to be problems with the inspec plugins. + ## Authors Module managed by [Nick Willever](https://github.com/nictrix). diff --git a/bin/example-setup-ubuntu.sh b/bin/example-setup-ubuntu.sh new file mode 100644 index 0000000..0d9a036 --- /dev/null +++ b/bin/example-setup-ubuntu.sh @@ -0,0 +1,98 @@ + +# Assumes you have already run +# git clone https://github.com/newcontext-oss/terraform-google-instance.git +# such that the directory terraform-google-instance is a child of +# the current directory. + +# Modify these to your liking +TF_BIN_LOCATION=/usr/local/bin +GCLOUD_REGION="us-west1" +GCLOUD_ZONE="${GCLOUD_REGION}a" +GOOGLE_CREDS="$(pwd)/credentials.json" + +UBUN_VERSION=$(grep '^VERSION=' /etc/os-release| \ + sed -E 's/VERSION="([0-9][0-9]*\.[0-9][0-9]*).*".*$/\1/') +UBUN_MAJOR_VERSION=$(echo "$UBUN_VERSION"| sed 's/\.[0-9][0-9]*//') + +sudo apt install -y ruby ruby-dev bundler jq + +latest_tf=$(curl -s https://www.terraform.io/downloads.html| \ + grep -i linux_amd64|sed 's/^.* tf.zip +unzip tf.zip +sudo mv terraform "$TF_BIN_LOCATION" +rm tf.zip + +# chefdk only available for LTS releases of Ubuntu. +# If we don't have an exact match, then match the major version +CHEF_UBUN_VERSIONS=$(curl -s https://downloads.chef.io/chefdk | \ + awk '{gsub("><", ">\n<"); print}' | \ + grep -E 'Ubuntu [0-9]+\.[0-9]+'| \ + sed 's/^.*Ubuntu \([0-9][0-9]*\.[0-9][0-9]*\).*$/\1/') +echo $CHEF_UBUN_VERSIONS|grep -q "${UBUN_VERSION}" +if [ $? -eq 1 ]; then # no exact match, try major version + CHEF_VERSION=$(echo "$CHEF_UBUN_VERSIONS" | \ + tr ' ' '\n'|grep "$UBUN_MAJOR_VERSION") + if [ -z "$CHEF_VERSION" ]; then + echo "Error, unable to find a ChefDK version matching" + echo "the Ubuntu version $UBUN_VERSION or even major" + echo "version $UBUN_MAJOR_VERSION" + exit 1 + fi +else + CHEF_VERSION="$UBUN_VERSION" +fi +CHEF_URL=$(curl -s https://downloads.chef.io/chefdk | \ + awk '{gsub("><", ">\n<"); gsub("/","/"); print}' | \ + grep "download.*$ss"|sed 's/^.*href="//;s/">Down.*//;') +FILE_NAME=$(basename "$CHEF_URL") +curl "$CHEF_URL" -o "$FILE_NAME" +sudo dpkg -i "$FILE_NAME" + + +cd terraform-google-instance +echo "Now go to the Google IAM Console and retrieve the credentials" +echo "of a service account which can create Google cloud instances." +echo "Save the credentials (as JSON) in:" +echo " $GOOGLE_CREDS" + +initial=1 +seconds=0 +while [ ! -f "$GOOGLE_CREDS" ];do + if [ $initial -eq 1 ]; then + initial=0 + else + echo -en "\rwaiting for credentials $seconds seconds" + sleep 10 + (( seconds += 10 )) +done + + +gcloud_project=$(jq -r '.project_id' $GOOGLE_CREDS) +gcloud auth activate-service-account --key-file $GOOGLE_CREDS +gcloud config set project $gcloud_project +gcloud config set compute/zone $GCLOUD_ZONE + +cat > .env </dev/null +ln ubuntu.pub test/fixtures/tf_module/ +bundle install --path gems # install all dependencies + +echo "All set to run some interactive commands. First run:" +echo " . .env" +echo "Next, execute the configuration to create a Google cloud" +echo "instance with this command:" +echo " bundle exec kitchen converge" +echo "And then you can run the InSpec tests with this command:" +echo " bundle exec kitchen verify" +echo "You can clean things up via this command:" +echo " bundle exec kitchen destroy" diff --git a/bin/kitchen.sh b/bin/kitchen.sh index acaebff..5572a73 100755 --- a/bin/kitchen.sh +++ b/bin/kitchen.sh @@ -1,11 +1,14 @@ #!/usr/bin/env bash # Decrypt sensitive files +#XXX even encrypted, this is risky IF PRs are allowed to kick off builds openssl aes-256-cbc -K $encrypted_cfdeb2eb7efd_key -iv $encrypted_cfdeb2eb7efd_iv -in ci.tar.gz.enc -out ci.tar.gz -d # Decompress sensitive files tar -zxf ci.tar.gz rm ci.tar.gz +#export GCLOUD_PROJECT=$(jq -r '.project_id' credentials.json) +#export TF_VAR_gcloud_project=$GCLOUD_PROJECT # Add binaries to bin directory mkdir -p vendor/bin @@ -18,17 +21,25 @@ rm google-cloud-sdk-*-linux-x86_64.tar.gz ./vendor/google-cloud-sdk/install.sh -q # Authenticate using the credentials.json -gcloud auth activate-service-account --key-file credentials.json -gcloud config set project $(jq -r '.project_id' credentials.json) +export GOOGLE_APPLICATION_CREDENTIALS="$PWD/credentials.json" +gcloud auth activate-service-account --key-file "$GOOGLE_APPLICATION_CREDENTIALS" +gcloud config set project "$GCLOUD_PROJECT" gcloud config set compute/zone us-west1-a +source .env + yes | ssh-keygen -f ubuntu -N '' >/dev/null -source .env +my_public_ip=$(dig +short myip.opendns.com @resolver1.opendns.com) +export TF_VAR_engineer_cidrs="[\"$my_public_ip/32\"]" +export TF_VAR_gcloud_project="$GCLOUD_PROJECT" +export TF_VAR_ssh_key="$(pwd)/ubuntu.pub" + + bundle exec kitchen test --destroy always KITCHEN_EXIT_CODE=$? # cleanup rm -Rf credentials.json .env ubuntu* -exit $KITCHEN_EXIT_CODE \ No newline at end of file +exit $KITCHEN_EXIT_CODE diff --git a/ci.tar.gz.enc b/ci.tar.gz.enc deleted file mode 100644 index b537238..0000000 Binary files a/ci.tar.gz.enc and /dev/null differ diff --git a/.kitchen.yml b/kitchen.yml similarity index 77% rename from .kitchen.yml rename to kitchen.yml index fd87047..678c4ce 100644 --- a/.kitchen.yml +++ b/kitchen.yml @@ -8,13 +8,15 @@ provisioner: verifier: name: terraform - groups: + format: documentation + systems: - name: default + backend: gcp controls: - instance +platforms: + - name: gcp + suites: - name: kt_suite - -platforms: - - name: terraform \ No newline at end of file diff --git a/main.tf b/main.tf index 7a1299a..d6c754d 100644 --- a/main.tf +++ b/main.tf @@ -22,7 +22,11 @@ resource "google_compute_instance" "database" { } } - metadata { + + # uncomment this next code line and comment the following to enable Terraform 0.12+ functionality + metadata = { + # metadata { sshKeys = "ubuntu:${file(var.ssh_public_key_filepath)}" } + } diff --git a/test/fixtures/tf_module/main.tf b/test/fixtures/tf_module/main.tf index 5d21c4f..128f74e 100644 --- a/test/fixtures/tf_module/main.tf +++ b/test/fixtures/tf_module/main.tf @@ -1,3 +1,19 @@ +variable "gcloud_project" { + # type = "string" + description = "The name of the GCP project to deploy against. Set this using TF_VAR_gcloud_project environment variable" +} + +variable "ssh_key" { + # type = "string" + description = "The path to the public key to use to access the Google instance. Set this using TF_VAR_ssh_key environment variable." +} + module "terraform-google-instance" { - source = "../../.." + source = "../../.." + ssh_public_key_filepath = "${var.ssh_key}" +} + +output "gcloud_project" { + description = "The name of the GCP project to deploy against. We need this output to pass the value to tests." + value = "${var.gcloud_project}" } diff --git a/test/integration/kt_suite/controls/default.rb b/test/integration/kt_suite/controls/default.rb index 3f20e40..b047f23 100644 --- a/test/integration/kt_suite/controls/default.rb +++ b/test/integration/kt_suite/controls/default.rb @@ -1,7 +1,14 @@ +# frozen_string_literal: true + +gcloud_project = attribute('gcloud_project', + { description: "The name of the project where resources are deployed. This should be passed to Terraform via environment variable" }) + control "instance" do - describe command('gcloud compute instances describe database') do - its('stdout') { should match (/name: database/) } - its('stdout') { should match (/- key: sshKeys/) } - its('stdout') { should match (/status: RUNNING/) } + describe google_compute_instance(project: "#{gcloud_project}", zone: 'us-west1-a', name: 'database') do + its('tag_count'){should eq 2} + its('status') { should eq "RUNNING" } + its('machine_type') { should match "n1-standard-2" } + its('first_network_interface_name'){ should eq "external-nat" } + its('disk_count'){should eq 2} end -end \ No newline at end of file +end diff --git a/test/integration/kt_suite/inspec.yml b/test/integration/kt_suite/inspec.yml index ca249e2..0a09296 100644 --- a/test/integration/kt_suite/inspec.yml +++ b/test/integration/kt_suite/inspec.yml @@ -1,2 +1,5 @@ --- -name: default \ No newline at end of file +name: default +depends: + - name: inspec-gcp + url: https://github.com/inspec/inspec-gcp/archive/master.tar.gz diff --git a/variables.tf b/variables.tf index 51b6752..e25b8df 100644 --- a/variables.tf +++ b/variables.tf @@ -1,6 +1,5 @@ variable "ssh_public_key_filepath" { description = "Filepath for the ssh public key" type = "string" - - default = "ubuntu.pub" + default = "ubuntu.pub" } diff --git a/version b/version index 9ff151c..1474d00 100644 --- a/version +++ b/version @@ -1 +1 @@ -v0.1.0 \ No newline at end of file +v0.2.0