chore: update integration tests (terraform-google-modules#169)

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

Author: gtsorbo

build/int.cloudbuild.yaml

@@ -24,38 +24,59 @@ steps:
   - 'TF_VAR_org_id=$_ORG_ID'
   - 'TF_VAR_folder_id=$_FOLDER_ID'
   - 'TF_VAR_billing_account=$_BILLING_ACCOUNT'
-- id: create
+- id: init-all
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
-  args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create']
-- id: converge
+  args: ['/bin/bash', '-c', 'cft test run all --stage init --verbose']
+  waitFor:
+      - prepare
+# test/fixtures/gh-runner-mig-container-vm
+- id: apply-gh-runner-mig-container-vm
+  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+  args: ['/bin/bash', '-c', 'cft test run TestGHRunnerMIGContainerVM --stage apply --verbose']
+  waitFor:
+      - init-all
+- id: verify-gh-runner-mig-container-vm
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
-  args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge']
-- id: verify
+  args: ['/bin/bash', '-c', 'cft test run TestGHRunnerMIGContainerVM --stage verify --verbose']
+  waitFor:
+    - apply-gh-runner-mig-container-vm
+- id: destroy-gh-runner-mig-container-vm
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
-  args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify']
-- id: destroy
+  args: ['/bin/bash', '-c', 'cft test run TestGHRunnerMIGContainerVM --stage destroy --verbose']
+  waitFor:
+    - verify-gh-runner-mig-container-vm
+# test/fixtures/gh-runner-gke
+- id: apply-gh-runner-gke
+  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+  args: ['/bin/bash', '-c', 'cft test run TestGHRunnerGKE --stage apply --verbose']
+  waitFor:
+      - init-all
+- id: verify-gh-runner-gke
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
-  args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy']
-- id: create-oidc
+  args: ['/bin/bash', '-c', 'cft test run TestGHRunnerGKE --stage verify --verbose']
   waitFor:
-      - destroy
+      - apply-gh-runner-gke
+- id: destroy-gh-runner-gke
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
-  args: ['/bin/bash', '-c', 'cd test/integration && RUN_STAGE=init go test -v -run TestOIDCSimple ./... -p 1']
-- id: converge-oidc
+  args: ['/bin/bash', '-c', 'cft test run TestGHRunnerGKE --stage destroy --verbose']
   waitFor:
-      - create-oidc
+      - verify-gh-runner-gke
+# examples/oidc-simple
+- id: apply-oidc
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
   args: ['/bin/bash', '-c', 'cd test/integration && RUN_STAGE=apply go test -v -run TestOIDCSimple ./... -p 1']
-- id: verify-oidc
   waitFor:
-      - converge-oidc
+      - init-all
+- id: verify-oidc
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
   args: ['/bin/bash', '-c', 'cd test/integration && RUN_STAGE=verify go test -v -run TestOIDCSimple ./... -p 1']
-- id: destroy-oidc
   waitFor:
-      - verify-oidc
+      - apply-oidc
+- id: destroy-oidc
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
   args: ['/bin/bash', '-c', 'cd test/integration && RUN_STAGE=teardown go test -v -run TestOIDCSimple ./... -p 1']
+  waitFor:
+      - verify-oidc
 tags:
 - 'ci'
 - 'integration'

examples/gh-runner-gke-simple/providers.tf

@@ -21,7 +21,7 @@ data "google_client_config" "default" {
 }
 
 provider "kubernetes" {
-  host                   = module.runner-gke.kubernetes_endpoint
+  host                   = "https://${module.runner-gke.kubernetes_endpoint}"
   token                  = data.google_client_config.default.access_token
   cluster_ca_certificate = base64decode(module.runner-gke.ca_certificate)
 }

kitchen.yml

@@ -65,6 +65,7 @@ module "runner-cluster" {
   monitoring_service       = "monitoring.googleapis.com/kubernetes"
   remove_default_node_pool = true
   service_account          = local.service_account
+  gce_pd_csi_driver        = true
   node_pools = [
     {
       name         = "runner-pool"

modules/gh-runner-gke/main.tf

@@ -14,24 +14,6 @@
  * limitations under the License.
  */
 
-output "kubernetes_endpoint" {
-  description = "The cluster endpoint"
-  sensitive   = true
-  value       = module.example_gke_runner.kubernetes_endpoint
-}
-
-output "client_token" {
-  description = "The bearer token for auth"
-  sensitive   = true
-  value       = module.example_gke_runner.client_token
-}
-
-output "ca_certificate" {
-  description = "The cluster ca certificate (base64 encoded)"
-  sensitive   = true
-  value       = module.example_gke_runner.ca_certificate
-}
-
 output "service_account" {
   description = "The default service account used for running nodes."
   value       = module.example_gke_runner.service_account

test/fixtures/gh-runner-gke/outputs.tf

@@ -0,0 +1,25 @@
+// Copyright 2022 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package test
+
+import (
+	"testing"
+
+	"github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/tft"
+)
+
+func TestAll(t *testing.T) {
+	tft.AutoDiscoverAndTest(t)
+}

test/integration/discover_test.go

@@ -0,0 +1,54 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package gh_runner_gke
+
+import (
+	"testing"
+
+	"github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/gcloud"
+	"github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/tft"
+	"github.com/gruntwork-io/terratest/modules/k8s"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGHRunnerGKE(t *testing.T) {
+	bpt := tft.NewTFBlueprintTest(t)
+	bpt.DefineVerify(func(assert *assert.Assertions) {
+		bpt.DefaultVerify(assert)
+
+		// get outputs
+		projectId := bpt.GetStringOutput("project_id")
+		location := bpt.GetStringOutput("location")
+		clusterName := bpt.GetStringOutput("cluster_name")
+
+		// Check cluster is running
+		cluster := gcloud.Runf(t, "container clusters describe %s --location %s --project %s", clusterName, location, projectId)
+		assert.Contains([]string{"RUNNING"}, cluster.Get("status").String())
+
+		// Get cluster credentials
+		gcloud.Runf(t, "container clusters get-credentials %s --location %s --project %s", clusterName, location, projectId)
+		k8sOpts := k8s.KubectlOptions{}
+
+		// Check the "runner-k8s-config" secret exists
+		secret, err := k8s.RunKubectlAndGetOutputE(t, &k8sOpts, "get", "secret", "runner-k8s-config", "-o", "json")
+		if err != nil {
+			t.Fatalf("Error getting secret: %s", err)
+		}
+
+		assert.NotNil(t, secret, "The secret 'runner-k8s-config' should exist and have data")
+	})
+
+	bpt.Test()
+}