diff --git a/.github/workflows/kitchen-tests.yml b/.github/workflows/kitchen-tests.yml
deleted file mode 100644
index 494d36f..0000000
--- a/.github/workflows/kitchen-tests.yml
+++ /dev/null
@@ -1,84 +0,0 @@
-name: kitchen-tests
-
-on:
- push:
- branches:
- - 'main'
- tags:
- - 'v*.*.*'
- pull_request:
- branches:
- - 'main'
-
-env:
- REGISTRY: ghcr.io
- IMAGE_NAME: brownuniversity/terraform-gcp-project
-
-jobs:
- docker:
- runs-on: ubuntu-latest
- outputs:
- full_image_id: ${{ steps.save_full_image_id.outputs.full_image_id }}
- steps:
- - uses: actions/checkout@v3
-
- - name: Set up QEMU
- uses: docker/setup-qemu-action@v2
-
- - name: Set up Docker Buildx
- uses: docker/setup-buildx-action@v2
-
- - name: Log in to the Container registry
- uses: docker/login-action@v2
- with:
- registry: ${{ env.REGISTRY }}
- username: ${{ github.actor }}
- password: ${{ secrets.GITHUB_TOKEN }}
-
- - name: Extract metadata (tags, labels) for Docker
- id: meta
- uses: docker/metadata-action@v4
- with:
- images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- tags: |
- type=ref,event=branch
- type=ref,event=pr
- type=semver,pattern={{major}}.{{minor}}
-
- # NOTE: We are tapping into json output because tags could become a list if prior step is modified
- - id: save_full_image_id
- run: echo "full_image_id=${{ fromJSON(steps.meta.outputs.json).tags[0] }}" >> $GITHUB_OUTPUT
-
- - name: print_tag
- run: echo "${{ fromJSON(steps.meta.outputs.json).tags[0] }}"
-
- - name: Build and push Docker image
- uses: docker/build-push-action@v4
- with:
- context: .
- push: true
- tags: ${{ steps.meta.outputs.tags }}
- labels: ${{ steps.meta.outputs.labels }}
- cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache
- cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:buildcache
-
- kitchen-tests:
- needs: docker
- runs-on: ubuntu-latest
- container:
- image: "${{ needs.docker.outputs.full_image_id }}"
-
- steps:
- - uses: actions/checkout@v3
- - name: Create Credential File
- run: |
- echo "$GCP_CREDENTIAL_JSON" | base64 -d > /tmp/credentials.json
- env:
- GCP_CREDENTIAL_JSON: ${{ secrets.GCP_CI_CREDENTIAL_JSON}}
- - name: Run Kitchen
- run: kitchen test
- env:
- TF_VAR_billing_account: ${{ secrets.GCP_BURWOOD_BILLING_ACCOUNT }}
- TF_VAR_org_id: ${{ secrets.GCP_ORG_ID }}
- TF_VAR_folder_id: ${{ secrets.GCP_CCV_CI_FOLDER_ID }}
- GOOGLE_APPLICATION_CREDENTIALS: /tmp/credentials.json
diff --git a/.github/workflows/pr-labeler.yml b/.github/workflows/pr-labeler.yml
index d436828..5afdeff 100644
--- a/.github/workflows/pr-labeler.yml
+++ b/.github/workflows/pr-labeler.yml
@@ -7,7 +7,7 @@ jobs:
pr-labeler:
runs-on: ubuntu-latest
steps:
- - uses: TimonVS/pr-labeler-action@v4
+ - uses: TimonVS/pr-labeler-action@v5
with:
configuration-path: .github/pr-labeler.yml # optional, .github/pr-labeler.yml is the default value
env:
diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml
index e43769d..97f1b03 100644
--- a/.github/workflows/release-drafter.yml
+++ b/.github/workflows/release-drafter.yml
@@ -11,7 +11,7 @@ jobs:
runs-on: ubuntu-latest
steps:
# Drafts your next Release notes as Pull Requests are merged into "master"
- - uses: release-drafter/release-drafter@v5
+ - uses: release-drafter/release-drafter@v6
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/terraform-tests.yml b/.github/workflows/terraform-tests.yml
new file mode 100644
index 0000000..bbcbcbd
--- /dev/null
+++ b/.github/workflows/terraform-tests.yml
@@ -0,0 +1,36 @@
+name: terraform-tests
+
+on:
+ push:
+ branches:
+ - 'main'
+ tags:
+ - 'v*.*.*'
+ pull_request:
+ branches:
+ - 'main'
+
+
+jobs:
+ terraform-tests:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v4
+ - name: Create Credential File
+ run: |
+ echo "$GCP_CREDENTIAL_JSON" | base64 -d > /tmp/credentials.json
+ env:
+ GCP_CREDENTIAL_JSON: ${{ secrets.GCP_CI_CREDENTIAL_JSON}}
+ - name: Setup Terraform
+ uses: hashicorp/setup-terraform@v3
+ with:
+ terraform_version: 1.9.2
+ - name: Run terraform test
+ run: |
+ terraform init
+ terraform test
+ env:
+ TF_VAR_billing_account: ${{ secrets.GCP_BURWOOD_BILLING_ACCOUNT }}
+ TF_VAR_org_id: ${{ secrets.GCP_ORG_ID }}
+ TF_VAR_folder_id: ${{ secrets.GCP_CCV_CI_FOLDER_ID }}
+ GOOGLE_APPLICATION_CREDENTIALS: /tmp/credentials.json
diff --git a/.kitchen.yml b/.kitchen.yml
deleted file mode 100644
index 3f1ae71..0000000
--- a/.kitchen.yml
+++ /dev/null
@@ -1,20 +0,0 @@
----
-provisioner:
- name: terraform
-
-verifier:
- name: terraform
- systems:
- - name: inspec-gcp
- backend: gcp
-
-platforms:
- - name: terraform
-
-suites:
- - name: simple-project
- driver:
- name: terraform
- root_module_directory: examples/simple-project
- parallelism: 4
- command_timeout: 1800
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index a699936..923305a 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
repos:
- repo: https://github.com/antonbabenko/pre-commit-terraform
- rev: v1.81.0 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
+ rev: v1.92.0 # Get the latest from: https://github.com/antonbabenko/pre-commit-terraform/releases
hooks:
- id: terraform_fmt
- id: terraform_docs
diff --git a/.ruby-version b/.ruby-version
deleted file mode 100644
index be94e6f..0000000
--- a/.ruby-version
+++ /dev/null
@@ -1 +0,0 @@
-3.2.2
diff --git a/.terraform-version b/.terraform-version
deleted file mode 100644
index 3e1ad72..0000000
--- a/.terraform-version
+++ /dev/null
@@ -1 +0,0 @@
-1.5.0
\ No newline at end of file
diff --git a/.terraform.lock.hcl b/.terraform.lock.hcl
new file mode 100644
index 0000000..5eb547b
--- /dev/null
+++ b/.terraform.lock.hcl
@@ -0,0 +1,102 @@
+# This file is maintained automatically by "terraform init".
+# Manual edits may be lost in future updates.
+
+provider "registry.terraform.io/hashicorp/google" {
+ version = "5.38.0"
+ constraints = ">= 3.43.0, >= 3.53.0, >= 4.28.0, >= 5.22.0, 5.38.0, < 6.0.0"
+ hashes = [
+ "h1:5xqoIwJbuXeHvq2NVt9S783fGS05hQUHg1AnnIJ+6EI=",
+ "zh:0db794dfbd4d3604499f1a4011faf7aa3f4c07eace32aa238bdf0b235965259a",
+ "zh:372f399f67c7e320c25e71d5a2c4c9bad6b4f9b35f7fcdc86fb5009711e34751",
+ "zh:a010ff05ea62396ee5d0771c614a7e6abd6a869e8ee9b7d9da0747eb4b10f2ba",
+ "zh:a416a2d7784436409a317cdf42a82eaf98d0f2d935bb5bacb50820f88207e1d9",
+ "zh:b3926e2295604c87aae81f305d0d1960157a734811ec0b3324f933c8c2421b1a",
+ "zh:c317d75cf290fac34be9438c14ecf8a9f80f966823e5346020fe7b6c6281259b",
+ "zh:c97127635c25cc72fc3e2d6bb48b2e9f88730b3c46629bdc335e391791ad53da",
+ "zh:ccfd23ad869c3bd2037a231718dea44e42c12cff605880edbb37c46255bd1e91",
+ "zh:dfd389432df9084e54c32809ab960058bafa002393a051640d11bf70533f1cc7",
+ "zh:ecb5b65be8188a51b19b37be587797a72b238bbdc252aee2e1e22dd5f59e20df",
+ "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+ "zh:fa5f5d9bce05bb02ef58bead70e4b8653feb98293eb4e0d95bce58b3b1f0a943",
+ ]
+}
+
+provider "registry.terraform.io/hashicorp/google-beta" {
+ version = "5.38.0"
+ constraints = ">= 3.43.0, >= 4.11.0, >= 5.22.0, < 6.0.0"
+ hashes = [
+ "h1:Q4bKg0gqqOa3IUks206PqHTTyDM0LsLB/lwpn0AALnk=",
+ "zh:19b33b874b1aa47699dfefc2691464932d6974fbe14bff7b60e0f64b3142e334",
+ "zh:215f675174d4074f11226f5c48b75880b59c2d56f0ae22ae3ea16012023b68e3",
+ "zh:22bc73738a7a57e3a022b28bdb34039da07cc105c1f46b288002c02b05c05a71",
+ "zh:4876a02bc040c98fb662e985a78caecd2b6a7355480362648ff36826e45d09fa",
+ "zh:899a64484ea44092dd0822478032e87f661dd85e8d735adbb553f7796d7ee497",
+ "zh:991990de697bd32066e4f2b67aa10c59b84e18f75170be976e75fb711cd0070f",
+ "zh:a4db4d424c060c0e8f686b0fb714aa7d41e3a5ba20d6aba05496eb8c6e635a3d",
+ "zh:a988d8a24e673aeff6b1a298d731ed69ef63bba7af9cd4ceb5c51834eecf9fde",
+ "zh:be3855a320cc44b1936c0778c9cbcaebe92435a2d5eef1f6e5a967ce2a3dc01e",
+ "zh:e26c72bc15ae27a3a6a99ed0f60ed38f2fca54a310c7ddfee3126b93fb90509e",
+ "zh:efbe757f0764a1dd69d23a440c03eaf69a8e5742ad63e814212611a16d769eb6",
+ "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c",
+ ]
+}
+
+provider "registry.terraform.io/hashicorp/null" {
+ version = "3.2.2"
+ constraints = ">= 2.1.0"
+ hashes = [
+ "h1:IMVAUHKoydFrlPrl9OzasDnw/8ntZFerCC9iXw1rXQY=",
+ "zh:3248aae6a2198f3ec8394218d05bd5e42be59f43a3a7c0b71c66ec0df08b69e7",
+ "zh:32b1aaa1c3013d33c245493f4a65465eab9436b454d250102729321a44c8ab9a",
+ "zh:38eff7e470acb48f66380a73a5c7cdd76cc9b9c9ba9a7249c7991488abe22fe3",
+ "zh:4c2f1faee67af104f5f9e711c4574ff4d298afaa8a420680b0cb55d7bbc65606",
+ "zh:544b33b757c0b954dbb87db83a5ad921edd61f02f1dc86c6186a5ea86465b546",
+ "zh:696cf785090e1e8cf1587499516b0494f47413b43cb99877ad97f5d0de3dc539",
+ "zh:6e301f34757b5d265ae44467d95306d61bef5e41930be1365f5a8dcf80f59452",
+ "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+ "zh:913a929070c819e59e94bb37a2a253c228f83921136ff4a7aa1a178c7cce5422",
+ "zh:aa9015926cd152425dbf86d1abdbc74bfe0e1ba3d26b3db35051d7b9ca9f72ae",
+ "zh:bb04798b016e1e1d49bcc76d62c53b56c88c63d6f2dfe38821afef17c416a0e1",
+ "zh:c23084e1b23577de22603cff752e59128d83cfecc2e6819edadd8cf7a10af11e",
+ ]
+}
+
+provider "registry.terraform.io/hashicorp/random" {
+ version = "3.6.2"
+ constraints = ">= 2.2.0"
+ hashes = [
+ "h1:VavG5unYCa3SYISMKF9pzc3718M0bhPlcbUZZGl7wuo=",
+ "zh:0ef01a4f81147b32c1bea3429974d4d104bbc4be2ba3cfa667031a8183ef88ec",
+ "zh:1bcd2d8161e89e39886119965ef0f37fcce2da9c1aca34263dd3002ba05fcb53",
+ "zh:37c75d15e9514556a5f4ed02e1548aaa95c0ecd6ff9af1119ac905144c70c114",
+ "zh:4210550a767226976bc7e57d988b9ce48f4411fa8a60cd74a6b246baf7589dad",
+ "zh:562007382520cd4baa7320f35e1370ffe84e46ed4e2071fdc7e4b1a9b1f8ae9b",
+ "zh:5efb9da90f665e43f22c2e13e0ce48e86cae2d960aaf1abf721b497f32025916",
+ "zh:6f71257a6b1218d02a573fc9bff0657410404fb2ef23bc66ae8cd968f98d5ff6",
+ "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+ "zh:9647e18f221380a85f2f0ab387c68fdafd58af6193a932417299cdcae4710150",
+ "zh:bb6297ce412c3c2fa9fec726114e5e0508dd2638cad6a0cb433194930c97a544",
+ "zh:f83e925ed73ff8a5ef6e3608ad9225baa5376446349572c2449c0c0b3cf184b7",
+ "zh:fbef0781cb64de76b1df1ca11078aecba7800d82fd4a956302734999cfd9a4af",
+ ]
+}
+
+provider "registry.terraform.io/hashicorp/time" {
+ version = "0.12.0"
+ constraints = ">= 0.5.0"
+ hashes = [
+ "h1:Os2Ok7txtlUJHh6Hg7o+74Ql85SnRb/fGmah22yXpLw=",
+ "zh:019a4c09af254ef80b72cf0d843dfe72d99483e227138cf5b514a1b9977ab4c3",
+ "zh:0ae310ec740ebc6f275529507d60bb747d0bf39e72fc5a2fa90d74486006132c",
+ "zh:13d6aec117f05237fbf8c7d91d6ebb19797b00aa87e7a812642d3ea4738a394e",
+ "zh:2e87abbc261f9317d0c2ef26e01d5fabf77679da7d2cac6f47df7d198f720989",
+ "zh:4a6d471176ce0264455aa7d5457b8702f78400010c201c1719708958a1b7b647",
+ "zh:78d5eefdd9e494defcb3c68d282b8f96630502cac21d1ea161f53cfe9bb483b3",
+ "zh:8978d5474a6da30bc0ad21c17db188d6918cacf3df3f6506b72ef3a268d53e2e",
+ "zh:b109efe138dfcb45dc04a9cc6809d185ab8b0ebc12040847c2dac430fda5af68",
+ "zh:b58e039b9106ac0a8de3c07f53b5279d7f0215fb35f2d23df642dfce0875382f",
+ "zh:ba2cbb2e515922d13efe3a46647be84f5426fcfcaa0f1520b3efeab8db847ed3",
+ "zh:c6c1ef1f26f25bca3abb5e07fa33dca37ed39cc26d0ff877964f2ffe5edd618c",
+ "zh:f8e171f923b7d2e789abd034072465dec3e6133c3a7644b7a7a965a74d52224e",
+ ]
+}
diff --git a/.tool-versions b/.tool-versions
index bbb0794..3874604 100644
--- a/.tool-versions
+++ b/.tool-versions
@@ -1,2 +1 @@
-terraform 1.5.0
-ruby 3.2.2
+terraform 1.9.2
diff --git a/Dockerfile b/Dockerfile
deleted file mode 100644
index c13d66d..0000000
--- a/Dockerfile
+++ /dev/null
@@ -1,27 +0,0 @@
-FROM hashicorp/terraform:1.5.0
-
-COPY .ruby-version .ruby-version
-
-# Update and install all of the required packages.
-# At the end, remove the apk cache
-RUN apk upgrade && \
- apk add --update \
- bash \
- curl-dev \
- curl \
- "ruby-dev=~$(cat .ruby-version)" \
- "ruby-full=~$(cat .ruby-version)" \
- build-base \
- python3 && \
- rm -rf /var/cache/apk/*
-
-RUN mkdir /usr/app
-WORKDIR /usr/app
-
-COPY Gemfile* ./
-RUN gem install bundler && \
- bundle config set system 'true' && \
- bundle install
-
-
-ENTRYPOINT ["/bin/bash"]
\ No newline at end of file
diff --git a/Gemfile b/Gemfile
deleted file mode 100644
index 00a7e64..0000000
--- a/Gemfile
+++ /dev/null
@@ -1,3 +0,0 @@
-source "https://rubygems.org/" do
- gem "kitchen-terraform", "~> 7.0.0"
- end
\ No newline at end of file
diff --git a/README.md b/README.md
index 3213407..b348ec2 100644
--- a/README.md
+++ b/README.md
@@ -37,8 +37,8 @@ code by adding a `module` configuration and setting its `source` parameter to UR
| Name | Version |
|------|---------|
-| [terraform](#requirement\_terraform) | >= 1.5.0 |
-| [google](#requirement\_google) | >= 4.69.0, <5.0.0 |
+| [terraform](#requirement\_terraform) | >= 1.9.0 |
+| [google](#requirement\_google) | 5.38.0 |
## Providers
@@ -48,8 +48,8 @@ No providers.
| Name | Source | Version |
|------|--------|---------|
-| [project](#module\_project) | terraform-google-modules/project-factory/google | = 14.2.0 |
-| [projects\_iam\_bindings](#module\_projects\_iam\_bindings) | terraform-google-modules/iam/google//modules/projects_iam | 7.6.0 |
+| [project](#module\_project) | terraform-google-modules/project-factory/google | ~> 15.0 |
+| [projects\_iam\_bindings](#module\_projects\_iam\_bindings) | terraform-google-modules/iam/google//modules/projects_iam | 7.7.1 |
## Resources
@@ -74,11 +74,14 @@ No resources.
| Name | Description |
|------|-------------|
-| [activate\_apis](#output\_activate\_apis) | Active Google APIS |
+| [activate\_apis](#output\_activate\_apis) | Activate APIs |
+| [enabled\_apis](#output\_enabled\_apis) | Active Google APIS |
| [folder\_id](#output\_folder\_id) | Folder ID |
+| [members](#output\_members) | Members |
| [org\_id](#output\_org\_id) | Organization ID |
| [project\_id](#output\_project\_id) | Project ID |
| [project\_name](#output\_project\_name) | Project Name |
+| [roles](#output\_roles) | Roles |
| [service\_account\_display\_name](#output\_service\_account\_display\_name) | Name of service account |
| [service\_account\_email](#output\_service\_account\_email) | Email for service account |
@@ -96,31 +99,27 @@ Use [GitLab Flow](https://docs.gitlab.com/ee/topics/gitlab_flow.html#production-
### Version managers
-We recommend using [asdf](https://asdf-vm.com) to manage your versions of Terrafom and Ruby.
+We recommend using [asdf](https://asdf-vm.com) to manage your versions of Terraform.
```
brew install asdf
```
-Alternatively you can use [tfenv](https://github.com/tfutils/tfenv) and [rbenv](https://github.com/rbenv/rbenv)
+### Terraform
-### Terraform and Ruby
-
-The tests can simply run in CI. If you want to run the tests locally, you will need to install the version of terraform and Ruby specified in the `.tool-versions` file (or `.terraform-version`, `.ruby-version`).
+You can also install the latest version of terraform version via brew.
```
-asdf plugin-add terraform https://github.com/asdf-community/asdf-hashicorp.git
-asdf plugin add ruby https://github.com/asdf-vm/asdf-ruby.git
-asdf install
+brew tap hashicorp/tap
+brew install hashicorp/tap/terraform
```
#### Pre-commit hooks
-You should make sure that pre-commit hooks are installed to run the formater, linter, etc. Install and configure terraform [pre-commit hooks](https://github.com/antonbabenko/pre-commit-terraform) as follows:
-Install rependencies
+You should make sure that pre-commit hooks are installed to run the formater, linter, etc. Install and configure terraform [pre-commit hooks](https://github.com/antonbabenko/pre-commit-terraform) as follows:
```
-brew bundle install
+brew install pre-commit
```
Install the pre-commit hook globally
@@ -156,27 +155,7 @@ to set and uset the `GOOGLE_APPLICATION_CREDENTIALS` variable.
### Testing
-This repository uses Kitchen-Terraform to test the terraform modules. In the [examples](/examples) directory you can find examples of how each module can be used. Those examples are fed to [Test Kitchen][https://kitchen.ci/]. To install test kitchen, first make sure you have Ruby and bundler installed.
-
-```
-gem install bundler
-```
-
-Then install the prerequisites for test kitchen.
-
-```
-bundle install
-```
-
-You'll need to add some common credentials and secret variables
-
-And now you're ready to run test kitchen. Test kitchen has a couple main commands:
-
-- `bundle exec kitchen create` initializes terraform.
-- `bundle exec kitchen converge` runs our terraform examples.
-- `bundle exec kitchen verify` runs our inspec scripts against a converged kitchen.
-- `bundle exec kitchen destroy` destroys infrastructure.
-- `bundle exec kitchen test` does all the above.
+The tests can be run locally with `terraform test` after running `terraform init`. You will need to supply `org_id`, `folder_id`, and `billing_account` variables through `terraform.tfvars` file. Please see `terraform.tfvars.example` file for an example.
### CI
@@ -186,4 +165,4 @@ This project has three workflows enabled:
2. Realease Drafter: When merging to master, a release is drafted using the [Release-Drafter Action](https://github.com/marketplace/actions/release-drafter)
-3. `Kitchen test` runs on PR, merge to main and releases.
+3. `terraform test` runs on PR, merge to main and releases.
diff --git a/examples/simple-project/versions.tf b/examples/simple-project/versions.tf
deleted file mode 100644
index fd126d1..0000000
--- a/examples/simple-project/versions.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-terraform {
- required_version = ">= 1.5.0"
-}
diff --git a/main.tf b/main.tf
index 2b86034..b429b5c 100644
--- a/main.tf
+++ b/main.tf
@@ -1,6 +1,6 @@
module "project" {
source = "terraform-google-modules/project-factory/google"
- version = "= 14.2.0"
+ version = "~> 15.0"
name = var.project_name
random_project_id = true
@@ -15,14 +15,14 @@ module "project" {
labels = var.labels
}
-
# -----------------------------
# iam permissions
# -----------------------------
module "projects_iam_bindings" {
- source = "terraform-google-modules/iam/google//modules/projects_iam"
- version = "7.6.0"
+ source = "terraform-google-modules/iam/google//modules/projects_iam"
+ version = "7.7.1"
+
mode = "authoritative"
projects = [module.project.project_id]
bindings = {
diff --git a/outputs.tf b/outputs.tf
index c18f752..c439c4f 100644
--- a/outputs.tf
+++ b/outputs.tf
@@ -18,8 +18,23 @@ output "service_account_email" {
value = module.project.service_account_email
}
-output "activate_apis" {
+output "enabled_apis" {
description = "Active Google APIS"
+ value = module.project.enabled_apis
+}
+
+output "roles" {
+ description = "Roles"
+ value = module.projects_iam_bindings.roles
+}
+
+output "members" {
+ description = "Members"
+ value = module.projects_iam_bindings.members
+}
+
+output "activate_apis" {
+ description = "Activate APIs"
value = var.activate_apis
}
diff --git a/test/README.md b/test/README.md
deleted file mode 100644
index f3b7a8a..0000000
--- a/test/README.md
+++ /dev/null
@@ -1,66 +0,0 @@
-# Example InSpec Profile For GCP
-
-This example shows the implementation of an InSpec profile for GCP that depends on the [InSpec GCP Resource Pack](https://github.com/inspec/inspec-gcp). See the [README](https://github.com/inspec/inspec-gcp) for instructions on setting up appropriate GCP credentials.
-
-## Create a profile
-
-```
-$ inspec init profile --platform gcp my-profile
-Create new profile at /Users/spaterson/my-profile
- * Create directory libraries
- * Create file README.md
- * Create directory controls
- * Create file controls/example.rb
- * Create file inspec.yml
- * Create file attributes.yml
- * Create file libraries/.gitkeep
-
-```
-
-## Update `attributes.yml` to point to your project
-
-```
-gcp_project_id: 'my-gcp-project'
-```
-
-## Run the tests
-
-```
-$ cd gcp-profile/
-$ inspec exec . -t gcp:// --attrs attributes.yml
-
-Profile: GCP InSpec Profile (my-profile)
-Version: 0.1.0
-Target: gcp://local-service-account@my-gcp-project.iam.gserviceaccount.com
-
- ✔ gcp-single-region-1.0: Ensure single region has the correct properties.
- ✔ Region europe-west2 zone_names should include "europe-west2-a"
- ✔ gcp-regions-loop-1.0: Ensure regions have the correct properties in bulk.
- ✔ Region asia-east1 should be up
- ✔ Region asia-northeast1 should be up
- ✔ Region asia-south1 should be up
- ✔ Region asia-southeast1 should be up
- ✔ Region australia-southeast1 should be up
- ✔ Region europe-north1 should be up
- ✔ Region europe-west1 should be up
- ✔ Region europe-west2 should be up
- ✔ Region europe-west3 should be up
- ✔ Region europe-west4 should be up
- ✔ Region northamerica-northeast1 should be up
- ✔ Region southamerica-east1 should be up
- ✔ Region us-central1 should be up
- ✔ Region us-east1 should be up
- ✔ Region us-east4 should be up
- ✔ Region us-west1 should be up
- ✔ Region us-west2 should be up
-
-
-Profile: Google Cloud Platform Resource Pack (inspec-gcp)
-Version: 0.5.0
-Target: gcp://local-service-account@my-gcp-project.iam.gserviceaccount.com
-
- No tests executed.
-
-Profile Summary: 2 successful controls, 0 control failures, 0 controls skipped
-Test Summary: 18 successful, 0 failures, 0 skipped
-```
\ No newline at end of file
diff --git a/test/integration/simple-project/controls/project.rb b/test/integration/simple-project/controls/project.rb
deleted file mode 100644
index 1db6849..0000000
--- a/test/integration/simple-project/controls/project.rb
+++ /dev/null
@@ -1,49 +0,0 @@
-title "Test creation of a GCP Project"
-
-project_id = attribute("project_id")
-project_name = attribute("project_name")
-organization_id = attribute("organization_id")
-folder_id = attribute("folder_id")
-service_account_email = attribute("service_account_email")
-activated_apis = attribute('activated_apis')
-
-
-describe google_project(project: project_id) do
- it { should exist }
- its('project_id') { should eq project_id }
-end
-
-describe google_project(project: project_id) do
- its('lifecycle_state') { should eq "ACTIVE" }
-end
-
-describe google_project(project: project_id) do
- its('name') { should eq project_name }
-end
-
-describe google_project(project: project_id) do
- its('parent.type') { should eq "folder" }
- its('parent.id') {should eq folder_id.to_s}
-end
-
-activated_apis.each do |api|
- describe google_project_service(project: project_id, name: api) do
- it { should exist }
- its('state') { should cmp "ENABLED" }
- end
-end
-
-describe google_project_iam_binding(project: project_id, role: 'roles/stackdriver.resourceMetadata.writer') do
- it { should exist }
- its('members') {should include "serviceAccount:#{service_account_email}" }
-end
-
-describe google_project_iam_binding(project: project_id, role: 'roles/monitoring.metricWriter') do
- it { should exist }
- its('members') {should include "serviceAccount:#{service_account_email}" }
-end
-
-describe google_project_iam_binding(project: project_id, role: 'roles/logging.logWriter') do
- it { should exist }
- its('members') {should include "serviceAccount:#{service_account_email}" }
-end
diff --git a/test/integration/simple-project/inspec.yml b/test/integration/simple-project/inspec.yml
deleted file mode 100644
index c9ed8ad..0000000
--- a/test/integration/simple-project/inspec.yml
+++ /dev/null
@@ -1,40 +0,0 @@
-name: simple-project
-title: GCP InSpec Profile
-maintainer: Brown CIS
-copyright: Brown University
-license: MIT
-summary: An InSpec Compliance Profile For GCP
-version: 0.1.0
-inspec_version: ">= 2.3.5"
-attributes:
- - name: project_id
- required: true
- description: "The GCP project identifier."
- type: string
- - name: project_name
- required: true
- description: "The GCP project name."
- type: string
- - name: organization_id
- required: true
- description: "The GCP organization identifier."
- - name: folder_id
- required: true
- description: "The GCP parent folder identifier."
- - name: service_account_display_name
- required: true
- description: "The GCP service_account_display_name"
- type: string
- - name: service_account_email
- required: true
- description: "The GCP service_account_display_name"
- type: string
- - name: activated_apis
- required: true
- description: "The GCP active activate_apis"
-depends:
- - name: inspec-gcp
- git: https://github.com/inspec/inspec-gcp.git
- tag: v1.10.37
-supports:
- - platform: gcp
diff --git a/examples/simple-project/main.tf b/tests/simple-project/main.tf
similarity index 93%
rename from examples/simple-project/main.tf
rename to tests/simple-project/main.tf
index 17afe22..3588097 100644
--- a/examples/simple-project/main.tf
+++ b/tests/simple-project/main.tf
@@ -14,4 +14,5 @@ module "simple-project" {
billing_account = var.billing_account
activate_apis = var.activate_apis
folder_id = var.folder_id
+ org_id = var.org_id
}
diff --git a/examples/simple-project/outputs.tf b/tests/simple-project/outputs.tf
similarity index 71%
rename from examples/simple-project/outputs.tf
rename to tests/simple-project/outputs.tf
index dafea28..d93b974 100644
--- a/examples/simple-project/outputs.tf
+++ b/tests/simple-project/outputs.tf
@@ -14,6 +14,17 @@ output "service_account_email" {
value = module.simple-project.service_account_email
}
+output "enabled_apis" {
+ value = module.simple-project.enabled_apis
+}
+
+output "roles" {
+ value = module.simple-project.roles
+}
+
+output "members" {
+ value = module.simple-project.members
+}
output "activate_apis" {
value = var.activate_apis
diff --git a/examples/simple-project/variables.tf b/tests/simple-project/variables.tf
similarity index 100%
rename from examples/simple-project/variables.tf
rename to tests/simple-project/variables.tf
diff --git a/tests/simple-project/versions.tf b/tests/simple-project/versions.tf
new file mode 100644
index 0000000..bfb98ab
--- /dev/null
+++ b/tests/simple-project/versions.tf
@@ -0,0 +1,3 @@
+terraform {
+ required_version = ">= 1.9.0"
+}
diff --git a/tests/simple_project.tftest.hcl b/tests/simple_project.tftest.hcl
new file mode 100644
index 0000000..54c38de
--- /dev/null
+++ b/tests/simple_project.tftest.hcl
@@ -0,0 +1,46 @@
+run "simple_project_test" {
+
+ module {
+ source = "./tests/simple-project"
+ }
+
+ assert {
+ condition = output.project_id != null
+ error_message = "Project does not exist!"
+ }
+
+ assert {
+ condition = output.project_name == "inspec-project"
+ error_message = "Project name is not correct!"
+ }
+
+ assert {
+ condition = contains(output.enabled_apis, "compute.googleapis.com")
+ error_message = "Compute API is not enabled!"
+ }
+
+ assert {
+ condition = contains(output.enabled_apis, "cloudresourcemanager.googleapis.com")
+ error_message = "Cloud Resource Manager API is not enabled!"
+ }
+
+ assert {
+ condition = contains(output.members, "serviceAccount:${output.service_account_email}")
+ error_message = "Service account not a member to the project!"
+ }
+
+ assert {
+ condition = contains(output.roles, "roles/stackdriver.resourceMetadata.writer")
+ error_message = "Stackdriver IAM binding not created!"
+ }
+
+ assert {
+ condition = contains(output.roles, "roles/monitoring.metricWriter")
+ error_message = "Monitoring IAM binding not created!"
+ }
+
+ assert {
+ condition = contains(output.roles, "roles/logging.logWriter")
+ error_message = "Logging IAM binding not created!"
+ }
+}
\ No newline at end of file
diff --git a/examples/simple-project/terraform.tfvars.example b/tests/terraform.tfvars.example
similarity index 100%
rename from examples/simple-project/terraform.tfvars.example
rename to tests/terraform.tfvars.example
diff --git a/version.tf b/version.tf
index d77d8ab..8515a14 100644
--- a/version.tf
+++ b/version.tf
@@ -1,7 +1,10 @@
terraform {
- required_version = ">= 1.5.0"
+ required_version = ">= 1.9.0"
required_providers {
- google = ">= 4.69.0, <5.0.0"
+ google = {
+ source = "hashicorp/google"
+ version = "5.38.0"
+ }
}
}