chore: update tests to use 1.0 image and update compat note (#614)

* chore: update tests to use 1.0 image and update compat note

* switch from v1.0 to v1

* fix: attempt workaround for #635

* fix: avoid using setproduct in shared vpc access

* disable terraform version verification in tests

Co-authored-by: Morgante Pell <morgantep@google.com>
Co-authored-by: Bharath KKB <bharathkrishnakb@gmail.com>

Author: 3 people

.github/release-please.yml

@@ -1,2 +1,16 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 releaseType: terraform-module
 handleGHRelease: true

.github/workflows/stale.yml

@@ -1,3 +1,17 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 name: "Close stale issues"
 on:
   schedule:

.gitignore

@@ -48,3 +48,6 @@ credentials.json
 env/
 test/fixtures/shared/terraform.tfvars
 .envrc
+
+# tf lock file
+.terraform.lock.hcl

.kitchen.yml

@@ -30,31 +30,37 @@ suites:
   - name: minimal
     driver:
       name: terraform
+      verify_version: false
       command_timeout: 1800
       root_module_directory: test/fixtures/minimal
   - name: vpc_sc_project
     driver:
       name: terraform
+      verify_version: false
       command_timeout: 1800
       root_module_directory: test/fixtures/vpc_sc_project
   - name: fabric_project
     driver:
       name: terraform
+      verify_version: false
       command_timeout: 1800
       root_module_directory: test/fixtures/fabric_project
   - name: app_engine
     driver:
       name: terraform
+      verify_version: false
       command_timeout: 1800
       root_module_directory: test/fixtures/app_engine
   - name: budget
     driver:
       name: terraform
+      verify_version: false
       command_timeout: 1800
       root_module_directory: test/fixtures/budget
   - name: dynamic_shared_vpc
     driver:
       name: terraform
+      verify_version: false
       command_timeout: 1800
       root_module_directory: test/fixtures/dynamic_shared_vpc
     verifier:
@@ -75,11 +81,13 @@ suites:
 #  - name: full
 #    driver:
 #      name: terraform
+#      verify_version: false
 #      command_timeout: 1800
 #      root_module_directory: test/fixtures/full
 #  - name: "shared_vpc_no_subnets"
 #    driver:
 #      name: "terraform"
+#      verify_version: false
 #      command_timeout: 1800
 #      root_module_directory: test/fixtures/shared_vpc_no_subnets/
 #    verifier:

Makefile

@@ -18,7 +18,7 @@
 # Make will use bash instead of sh
 SHELL := /usr/bin/env bash
 
-DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0.13
+DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1
 DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools
 REGISTRY_URL := gcr.io/cloud-foundation-cicd
 

README.md

@@ -12,7 +12,8 @@ To include G Suite integration for creating groups and adding Service Accounts i
 
 ## Compatibility
 
-This module is meant for use with Terraform 0.13. If you haven't
+This module is meant for use with Terraform 0.13+ and tested using Terraform 1.0+. If you find incompatibilities using Terraform >=0.13, please open an issue.
+ If you haven't
 [upgraded][terraform-0.13-upgrade] and need a Terraform
 0.12.x-compatible version of this module, the last released version
 intended for Terraform 0.12.x is [9.2.0].

build/int.cloudbuild.yaml

@@ -150,7 +150,7 @@ tags:
 - 'integration'
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
-  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.13'
+  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1'
 options:
   machineType: 'N1_HIGHCPU_8'
   env:

build/lint.cloudbuild.yaml

@@ -21,4 +21,4 @@ tags:
 - 'lint'
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
-  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.13'
+  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1'

examples/shared_vpc/main.tf

@@ -38,7 +38,7 @@ module "host-project" {
  *****************************************/
 module "vpc" {
   source  = "terraform-google-modules/network/google"
-  version = "~> 2.5.0"
+  version = "~> 3.0"
 
   project_id                             = module.host-project.project_id
   network_name                           = var.network_name

modules/shared_vpc_access/main.tf

@@ -30,8 +30,11 @@ locals {
   }
   gke_shared_vpc_enabled      = contains(var.active_apis, "container.googleapis.com")
   composer_shared_vpc_enabled = contains(var.active_apis, "composer.googleapis.com")
-  active_apis                 = setintersection(keys(local.apis), var.active_apis)
-  subnetwork_api              = length(var.shared_vpc_subnets) != 0 ? tolist(setproduct(local.active_apis, var.shared_vpc_subnets)) : []
+  active_apis                 = [for api in keys(local.apis) : api if contains(var.active_apis, api)]
+  # Can't use setproduct due to https://github.com/terraform-google-modules/terraform-google-project-factory/issues/635
+  subnetwork_api = length(var.shared_vpc_subnets) != 0 ? flatten([
+    for i, api in local.active_apis : [for i, subnet in var.shared_vpc_subnets : "${api},${subnet}"]
+  ]) : []
 }
 
 /******************************************
@@ -47,19 +50,19 @@ resource "google_compute_subnetwork_iam_member" "service_shared_vpc_subnet_users
   provider = google-beta
   count    = var.grant_services_network_role ? length(local.subnetwork_api) : 0
   subnetwork = element(
-    split("/", local.subnetwork_api[count.index][1]),
+    split("/", split(",", local.subnetwork_api[count.index])[1]),
     index(
-      split("/", local.subnetwork_api[count.index][1]),
+      split("/", split(",", local.subnetwork_api[count.index])[1]),
       "subnetworks",
     ) + 1,
   )
   role = "roles/compute.networkUser"
   region = element(
-    split("/", local.subnetwork_api[count.index][1]),
-    index(split("/", local.subnetwork_api[count.index][1]), "regions") + 1,
+    split("/", split(",", local.subnetwork_api[count.index])[1]),
+    index(split("/", split(",", local.subnetwork_api[count.index])[1]), "regions") + 1,
   )
   project = var.host_project_id
-  member  = format("serviceAccount:%s", local.apis[local.subnetwork_api[count.index][0]])
+  member  = format("serviceAccount:%s", local.apis[split(",", local.subnetwork_api[count.index])[0]])
 }
 
 /******************************************
@@ -68,7 +71,7 @@ resource "google_compute_subnetwork_iam_member" "service_shared_vpc_subnet_users
  if "dataflow.googleapis.com" compute.networkUser role granted to dataflow service account for Dataflow on shared VPC Project if no subnets defined
  *****************************************/
 resource "google_project_iam_member" "service_shared_vpc_user" {
-  for_each = (length(var.shared_vpc_subnets) == 0) && var.enable_shared_vpc_service_project && var.grant_services_network_role ? local.active_apis : []
+  for_each = (length(var.shared_vpc_subnets) == 0) && var.enable_shared_vpc_service_project && var.grant_services_network_role ? toset(local.active_apis) : []
   project  = var.host_project_id
   role     = "roles/compute.networkUser"
   member   = format("serviceAccount:%s", local.apis[each.value])

test/integration/app_engine/inspec.yml

@@ -1,3 +1,17 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 name: app_engine
 attributes:
   - name: project_id

test/integration/budget/inspec.yml

@@ -1,3 +1,17 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 name: budget
 attributes:
   - name: project_id

test/integration/dynamic_shared_vpc/inspec.yml

@@ -1,3 +1,17 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 name: dynamic_shared_vpc
 depends:
   - name: inspec-gcp

test/integration/fabric_project/inspec.yml

@@ -1,3 +1,17 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 name: fabric_project
 attributes:
   - name: project_id

test/integration/full/inspec.yml

@@ -1,3 +1,17 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 name: full
 attributes:
   - name: project_name

test/integration/minimal/inspec.yml

@@ -1,3 +1,17 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 name: minimal
 attributes:
   - name: project_id

test/integration/vpc_sc_project/inspec.yml

@@ -1,3 +1,17 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 name: vpc_sc_project
 attributes:
   - name: project_id

test/setup/main.tf

@@ -25,14 +25,13 @@ resource "google_folder" "ci_pfactory_folder" {
 
 module "pfactory_project" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 9.2"
+  version = "~> 11.0"
 
-  name                 = "ci-pfactory-tests"
-  random_project_id    = true
-  org_id               = var.org_id
-  folder_id            = google_folder.ci_pfactory_folder.id
-  billing_account      = var.billing_account
-  skip_gcloud_download = true
+  name              = "ci-pfactory-tests"
+  random_project_id = true
+  org_id            = var.org_id
+  folder_id         = google_folder.ci_pfactory_folder.id
+  billing_account   = var.billing_account
 
   activate_apis = [
     "admin.googleapis.com",