Merge branch 'main' into feature/add-custom-metrics-writer-role

.kitchen.yml

@@ -46,31 +46,6 @@ suites:
       systems:
         - name: simple_regional_with_ipv6
           backend: local
-  - name: "stub_domains"
-    transport:
-      root_module_directory: test/fixtures/stub_domains
-    verifier:
-      systems:
-        - name: stub_domains
-          backend: local
-          controls:
-            - gcloud
-            - kubectl
-  # Disabled due to issue #264
-  # (https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/264)
-  #  - name: stub_domains_private
-  #    transport:
-  #      root_module_directory: test/fixtures/stub_domains_private
-  #      systems:
-  #        - name: stub_domains_private
-  #          backend: local
-  - name: "upstream_nameservers"
-    transport:
-      root_module_directory: test/fixtures/upstream_nameservers
-    verifier:
-      systems:
-        - name: upstream_nameservers
-          backend: local
   - name: "stub_domains_upstream_nameservers"
     transport:
       root_module_directory: test/fixtures/stub_domains_upstream_nameservers

CONTRIBUTING.md

@@ -41,25 +41,14 @@ Integration tests are used to verify the behaviour of the root module,
 submodules, and example modules. Additions, changes, and fixes should
 be accompanied with tests.
 
-The integration tests are run using [Kitchen][kitchen],
-[Kitchen-Terraform][kitchen-terraform], and [InSpec][inspec]. These
-tools are packaged within a Docker image for convenience.
+The integration tests are run using[Cloud Foundation Toolkit CLI (CFT CLI)][https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/tree/main/cli],
+and [Blueprint Test][https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/tree/main/infra/blueprint-test]. The CFT CLI
+is packaged within a Docker image for convenience.
 
 The general strategy for these tests is to verify the behaviour of the
 [example modules](./examples/), thus ensuring that the root module,
 submodules, and example modules are all functionally correct.
 
-Six test-kitchen instances are defined:
-
-- `deploy-service`
-- `node-pool`
-- `shared-vpc`
-- `simple-regional`
-- `simple-zonal`
-- `stub-domains`
-
-The test-kitchen instances in `test/fixtures/` wrap identically-named examples in the `examples/` directory.`
-
 ### Test Environment
 The easiest way to test the module is in an isolated test project. The
 setup for such a project is defined in [test/setup](./test/setup/)
@@ -101,14 +90,14 @@ noninteractively, using the prepared test project.
 1. Run `make docker_run` to start the testing Docker container in
    interactive mode.
 
-1. Run `kitchen_do create <EXAMPLE_NAME>` to initialize the working
+1. Run `cft test run <EXAMPLE_NAME> --stage init` to initialize the working
    directory for an example module.
 
-1. Run `kitchen_do converge <EXAMPLE_NAME>` to apply the example module.
+1. Run `cft test run <EXAMPLE_NAME>  --stage apply` to apply the example module.
 
-1. Run `kitchen_do verify <EXAMPLE_NAME>` to test the example module.
+1. Run `cft test run <EXAMPLE_NAME> --stage verify` to test the example module.
 
-1. Run `kitchen_do destroy <EXAMPLE_NAME>` to destroy the example module
+1. Run `cft test run <EXAMPLE_NAME> --stage destroy` to destroy the example module
    state.
 
 ## Linting and Formatting

build/int.cloudbuild.yaml

@@ -200,36 +200,52 @@ steps:
     - verify simple-zonal-private-local
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
   args: ['/bin/bash', '-c', 'cft test run TestSimpleZonalPrivate --stage teardown --verbose']
-- id: converge stub-domains-local
+- id: apply stub-domains-local
   waitFor:
     - create-all
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
-  args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge stub-domains-local']
+  args: ['/bin/bash', '-c', 'cft test run TestStubDomains --stage apply --verbose --test-dir test/integration']
 - id: verify stub-domains-local
   waitFor:
-    - converge stub-domains-local
+    - apply stub-domains-local
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
-  args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify stub-domains-local']
+  args: ['/bin/bash', '-c', 'cft test run TestStubDomains --stage verify --verbose --test-dir test/integration']
 - id: destroy stub-domains-local
   waitFor:
     - verify stub-domains-local
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
-  args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy stub-domains-local']
-- id: converge upstream-nameservers-local
+  args: ['/bin/bash', '-c', 'cft test run TestStubDomains --stage destroy --verbose --test-dir test/integration']
+# Disabled: https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/264
+# - id: apply stub-domains-private-local
+#   waitFor:
+#     - create-all
+#   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+#   args: ['/bin/bash', '-c', 'cft test run TestStubDomainsPrivate --stage apply --verbose --test-dir test/integration']
+# - id: verify stub-domains-private-local
+#   waitFor:
+#     - apply stub-domains-private-local
+#   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+#   args: ['/bin/bash', '-c', 'cft test run TestStubDomainsPrivate --stage verify --verbose --test-dir test/integration']
+# - id: destroy stub-domains-private-local
+#   waitFor:
+#     - verify stub-domains-private-local
+#   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+#   args: ['/bin/bash', '-c', 'cft test run TestStubDomainsPrivate --stage destroy --verbose --test-dir test/integration']
+- id: apply upstream-nameservers-local
   waitFor:
     - create-all
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
-  args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge upstream-nameservers-local']
+  args: ['/bin/bash', '-c', 'cft test run TestUpstreamNameservers --stage apply --verbose --test-dir test/integration']
 - id: verify upstream-nameservers-local
   waitFor:
-    - converge upstream-nameservers-local
+    - apply upstream-nameservers-local
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
-  args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify upstream-nameservers-local']
+  args: ['/bin/bash', '-c', 'cft test run TestUpstreamNameservers --stage verify --verbose --test-dir test/integration']
 - id: destroy upstream-nameservers-local
   waitFor:
     - verify upstream-nameservers-local
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
-  args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy upstream-nameservers-local']
+  args: ['/bin/bash', '-c', 'cft test run TestUpstreamNameservers --stage destroy --verbose --test-dir test/integration']
 - id: converge stub-domains-upstream-nameservers-local
   waitFor:
     - create-all

test/fixtures/stub_domains/example.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2018 Google LLC
+ * Copyright 2018-2025 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -14,6 +14,10 @@
  * limitations under the License.
  */
 
+locals {
+  compute_engine_service_account = var.compute_engine_service_accounts[1]
+}
+
 module "example" {
   source = "../../../examples/stub_domains"
 
@@ -24,6 +28,6 @@ module "example" {
   subnetwork                     = google_compute_subnetwork.main.name
   ip_range_pods                  = google_compute_subnetwork.main.secondary_ip_range[0].range_name
   ip_range_services              = google_compute_subnetwork.main.secondary_ip_range[1].range_name
-  compute_engine_service_account = var.compute_engine_service_accounts[1]
+  compute_engine_service_account = local.compute_engine_service_account
 }
 

test/fixtures/stub_domains/outputs.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2018 Google LLC
+ * Copyright 2018-2025 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -56,3 +56,11 @@ output "service_account" {
   description = "The service account to default running nodes as if not overridden in `node_pools`."
   value       = module.example.service_account
 }
+
+output "random_string" {
+  value = random_string.suffix.result
+}
+
+output "compute_engine_service_account" {
+  value = local.compute_engine_service_account
+}

test/fixtures/stub_domains_private/main.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2018 Google LLC
+ * Copyright 2018-2025 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -14,6 +14,10 @@
  * limitations under the License.
  */
 
+locals {
+  compute_engine_service_account = var.compute_engine_service_accounts[1]
+}
+
 resource "random_string" "suffix" {
   length  = 4
   special = false
@@ -49,7 +53,7 @@ resource "google_compute_subnetwork" "main" {
 module "example" {
   source = "../../../examples/stub_domains_private"
 
-  compute_engine_service_account = var.compute_engine_service_accounts[1]
+  compute_engine_service_account = local.compute_engine_service_account
   ip_range_pods                  = google_compute_subnetwork.main.secondary_ip_range[0].range_name
   ip_range_services              = google_compute_subnetwork.main.secondary_ip_range[1].range_name
   network                        = google_compute_network.main.name

test/fixtures/stub_domains_private/outputs.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2018 Google LLC
+ * Copyright 2018-2025 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -56,3 +56,11 @@ output "service_account" {
   description = "The service account to default running nodes as if not overridden in `node_pools`."
   value       = module.example.service_account
 }
+
+output "random_string" {
+  value = random_string.suffix.result
+}
+
+output "compute_engine_service_account" {
+  value = local.compute_engine_service_account
+}

test/fixtures/upstream_nameservers/example.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2018 Google LLC
+ * Copyright 2018-2025 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -14,6 +14,10 @@
  * limitations under the License.
  */
 
+locals {
+  compute_engine_service_account = var.compute_engine_service_accounts[1]
+}
+
 module "example" {
   source = "../../../examples/upstream_nameservers"
 
@@ -24,6 +28,6 @@ module "example" {
   subnetwork                     = google_compute_subnetwork.main.name
   ip_range_pods                  = google_compute_subnetwork.main.secondary_ip_range[0].range_name
   ip_range_services              = google_compute_subnetwork.main.secondary_ip_range[1].range_name
-  compute_engine_service_account = var.compute_engine_service_accounts[1]
+  compute_engine_service_account = local.compute_engine_service_account
 }
 

test/fixtures/upstream_nameservers/outputs.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2018 Google LLC
+ * Copyright 2018-2025 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -56,3 +56,11 @@ output "service_account" {
   description = "The service account to default running nodes as if not overridden in `node_pools`."
   value       = module.example.service_account
 }
+
+output "random_string" {
+  value = random_string.suffix.result
+}
+
+output "compute_engine_service_account" {
+  value = local.compute_engine_service_account
+}

test/integration/node_pool/testdata/TestNodePool.json

@@ -249,7 +249,6 @@
       "name": "default-pool",
       "networkConfig": {
         "podIpv4CidrBlock": "192.168.0.0/18",
-        "podIpv4RangeUtilization": 0.0624,
         "podRange": "cft-gke-test-pods-RANDOM_STRING"
       },
       "podIpv4CidrSize": 24,
@@ -302,7 +301,6 @@
       "name": "nap-e2-medium-1d469r1p",
       "networkConfig": {
         "podIpv4CidrBlock": "192.168.0.0/18",
-        "podIpv4RangeUtilization": 0.0624,
         "podRange": "cft-gke-test-pods-RANDOM_STRING"
       },
       "placementPolicy": {},
@@ -395,7 +393,6 @@
       "name": "pool-01",
       "networkConfig": {
         "podIpv4CidrBlock": "192.168.0.0/18",
-        "podIpv4RangeUtilization": 0.0624,
         "podRange": "cft-gke-test-pods-RANDOM_STRING"
       },
       "podIpv4CidrSize": 24,
@@ -490,7 +487,6 @@
       "name": "pool-02",
       "networkConfig": {
         "podIpv4CidrBlock": "192.168.0.0/18",
-        "podIpv4RangeUtilization": 0.0624,
         "podRange": "cft-gke-test-pods-RANDOM_STRING"
       },
       "podIpv4CidrSize": 24,
@@ -583,7 +579,6 @@
       "networkConfig": {
         "enablePrivateNodes": false,
         "podIpv4CidrBlock": "172.16.0.0/18",
-        "podIpv4RangeUtilization": 0.0625,
         "podRange": "test"
       },
       "podIpv4CidrSize": 24,
@@ -671,7 +666,6 @@
       "name": "pool-04",
       "networkConfig": {
         "podIpv4CidrBlock": "192.168.0.0/18",
-        "podIpv4RangeUtilization": 0.0624,
         "podRange": "cft-gke-test-pods-RANDOM_STRING"
       },
       "podIpv4CidrSize": 24,
@@ -759,7 +753,6 @@
       "name": "pool-05",
       "networkConfig": {
         "podIpv4CidrBlock": "192.168.0.0/18",
-        "podIpv4RangeUtilization": 0.0624,
         "podRange": "cft-gke-test-pods-RANDOM_STRING"
       },
       "podIpv4CidrSize": 24,