Beta cluster tests to cloudbuild

bohdanyurov-gl · bohdanyurov-gl · commit 49b5aa6c7f65 · 2019-11-04T16:09:19.000+02:00
diff --git a/build/int.cloudbuild.yaml b/build/int.cloudbuild.yaml
@@ -241,6 +241,26 @@ steps:
     - verify workload-metadata-config-local
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
   args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy workload-metadata-config-local']
+- id: create beta-cluster-local
+  waitFor:
+    - prepare
+  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+  args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create beta-cluster-local']
+- id: converge beta-cluster-local
+  waitFor:
+    - create beta-cluster-local
+  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+  args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge beta-cluster-local']
+- id: verify beta-cluster-local
+  waitFor:
+    - converge beta-cluster-local
+  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+  args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify beta-cluster-local']
+- id: destroy beta-cluster-local
+  waitFor:
+    - verify beta-cluster-local
+  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+  args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy sandbox-enabled-local']
 - id: create sandbox-enabled-local
   waitFor:
     - prepare
@@ -264,6 +284,8 @@ steps:
 tags:
 - 'ci'
 - 'integration'
+options:
+  machineType: 'N1_HIGHCPU_8'
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
   _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.4.6'
diff --git a/test/fixtures/beta_cluster/main.tf b/test/fixtures/beta_cluster/main.tf
@@ -16,13 +16,13 @@
 
 
 provider "google" {
-  version = "~> 2.9.0"
+  version = "~> 2.18.0"
   project = var.project_id
   region  = var.region
 }
 
 provider "google-beta" {
-  version = "~> 2.9.0"
+  version = "~> 2.18.0"
   project = var.project_id
   region  = var.region
 }
@@ -56,17 +56,22 @@ module "this" {
   service_account   = "create"
 
   // Beta features
-  istio                       = true
-  database_encryption         = [{
+  istio = true
+
+  database_encryption = [{
     state    = "ENCRYPTED"
     key_name = google_kms_crypto_key.db.self_link
   }]
-  cloudrun                    = true
+
+  cloudrun = true
+
   enable_binary_authorization = true
-  pod_security_policy_config  = [{
+
+  pod_security_policy_config = [{
     enabled = true
   }]
-  node_metadata               = "EXPOSE"
+
+  node_metadata = "EXPOSE"
 }
 
 data "google_client_config" "default" {
diff --git a/test/fixtures/beta_cluster/terraform.tfvars b/test/fixtures/beta_cluster/terraform.tfvars
diff --git a/test/integration/beta_cluster/controls/gcloud.rb b/test/integration/beta_cluster/controls/gcloud.rb
@@ -1,10 +1,10 @@
-# Copyright 2018 Google LLC
+# Copyright 2019 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#      http://www.apache.org/licenses/LICENSE-2.0
+#     https://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/test/integration/beta_cluster/controls/gcp.rb b/test/integration/beta_cluster/controls/gcp.rb
@@ -1,10 +1,10 @@
-# Copyright 2018 Google LLC
+# Copyright 2019 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#      http://www.apache.org/licenses/LICENSE-2.0
+#     https://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/test/setup/iam.tf b/test/setup/iam.tf
@@ -16,6 +16,7 @@
 
 locals {
   int_required_roles = [
+    "roles/cloudkms.admin",
     "roles/cloudkms.cryptoKeyEncrypterDecrypter",
     "roles/compute.networkAdmin",
     "roles/container.clusterAdmin",
@@ -56,3 +57,12 @@ resource "google_project_iam_member" "int_test" {
 resource "google_service_account_key" "int_test" {
   service_account_id = google_service_account.int_test.id
 }
+
+resource "google_project_iam_binding" "kubernetes_engine_kms_access" {
+  project = module.gke-project.project_id
+  role    = "roles/cloudkms.cryptoKeyEncrypterDecrypter"
+
+  members = [
+    "serviceAccount:service-${module.gke-project.project_number}@container-engine-robot.iam.gserviceaccount.com",
+  ]
+}

Original file line number	Diff line number	Diff line change
`@@ -1,10 +1,10 @@`
`1`		`-# Copyright 2018 Google LLC`
	`1`	`+# Copyright 2019 Google LLC`
`2`	`2`	`#`
`3`	`3`	`# Licensed under the Apache License, Version 2.0 (the "License");`
`4`	`4`	`# you may not use this file except in compliance with the License.`
`5`	`5`	`# You may obtain a copy of the License at`
`6`	`6`	`#`
`7`		`-# http://www.apache.org/licenses/LICENSE-2.0`
	`7`	`+# https://www.apache.org/licenses/LICENSE-2.0`
`8`	`8`	`#`
`9`	`9`	`# Unless required by applicable law or agreed to in writing, software`
`10`	`10`	`# distributed under the License is distributed on an "AS IS" BASIS,`