Merge pull request #189 from terraform-google-modules/aaron-lane-upda…

…te-from-template

Update from template

Gemfile

@@ -12,6 +12,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+ruby '2.5.3'
+
 source 'https://rubygems.org/' do
-  gem 'kitchen-terraform', '~> 4.1'
+  gem 'kitchen-terraform', '~> 4.8'
 end

Makefile

@@ -12,16 +12,25 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# Please note that this file was generated from [terraform-google-module-template](https://github.com/terraform-google-modules/terraform-google-module-template).
+# Please make sure to contribute relevant changes upstream!
+
 # Make will use bash instead of sh
 SHELL := /usr/bin/env bash
 
 # Docker build config variables
-CREDENTIALS_PATH ?= /cft/workdir/credentials.json
-DOCKER_ORG := gcr.io/cloud-foundation-cicd
-DOCKER_TAG_BASE_KITCHEN_TERRAFORM ?= 0.11.11_235.0.0_1.19.1_0.1.10
-DOCKER_REPO_BASE_KITCHEN_TERRAFORM := ${DOCKER_ORG}/cft/kitchen-terraform:${DOCKER_TAG_BASE_KITCHEN_TERRAFORM}
+CREDENTIALS_PATH 			?= /cft/workdir/credentials.json
+DOCKER_ORG 				:= gcr.io/cloud-foundation-cicd
+DOCKER_TAG_BASE_KITCHEN_TERRAFORM 	?= 1.0.1
+DOCKER_REPO_BASE_KITCHEN_TERRAFORM 	:= ${DOCKER_ORG}/cft/kitchen-terraform:${DOCKER_TAG_BASE_KITCHEN_TERRAFORM}
+
+# All is the first target in the file so it will get picked up when you just run 'make' on its own
+.PHONY: all
+all: check generate_docs
 
-all: check_shell check_python check_golang check_terraform check_docker check_base_files test_check_headers check_headers check_trailing_whitespace ## Run all linters
+# Run all available linters
+.PHONY: check
+check: check_shell check_python check_golang check_terraform check_docker check_base_files test_check_headers check_headers check_trailing_whitespace
 
 # The .PHONY directive tells make that this isn't a real target and so
 # the presence of a file named 'check_shell' won't cause this target to stop
@@ -50,10 +59,6 @@ check_docker: ## Lint Dockerfiles
 check_base_files:
 	@source test/make.sh && basefiles
 
-.PHONY: check_shebangs
-check_shebangs: ## Check that scripts have correct shebangs
-	@source test/make.sh && check_bash
-
 .PHONY: check_trailing_whitespace
 check_trailing_whitespace:
 	@source test/make.sh && check_trailing_whitespace
@@ -65,8 +70,7 @@ test_check_headers:
 
 .PHONY: check_headers
 check_headers: ## Check that source files have appropriate boilerplate
-	@echo "Checking file headers"
-	@python test/verify_boilerplate.py
+	@source test/make.sh && check_headers
 
 .PHONY: test_migrate
 test_migrate:
@@ -100,91 +104,94 @@ release-new-version:
 docker_run: ## Launch a shell within the Docker test environment
 	docker run --rm -it \
 		-e BILLING_ACCOUNT_ID  \
-		-e SERVICE_ACCOUNT_JSON \
 		-e DOMAIN \
 		-e FOLDER_ID \
 		-e GROUP_NAME \
 		-e ADMIN_ACCOUNT_EMAIL \
 		-e ORG_ID \
 		-e PROJECT_ID \
+		-e SERVICE_ACCOUNT_JSON \
+		-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
 		-v $(CURDIR):/cft/workdir \
 		${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \
-		/bin/bash -c 'source test/ci_integration.sh && setup_environment && exec /bin/bash'
+		/bin/bash -c "source test/ci_integration.sh && setup_environment && exec /bin/bash"
 
 .PHONY: docker_create
 docker_create: ## Run `kitchen create` within the Docker test environment
 	docker run --rm -it \
 		-e BILLING_ACCOUNT_ID  \
-		-e SERVICE_ACCOUNT_JSON \
 		-e DOMAIN \
 		-e FOLDER_ID \
 		-e GROUP_NAME \
 		-e ADMIN_ACCOUNT_EMAIL \
 		-e ORG_ID \
 		-e PROJECT_ID \
+		-e SERVICE_ACCOUNT_JSON \
+		-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
 		-v $(CURDIR):/cft/workdir \
 		${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \
-		/bin/bash -c 'source test/ci_integration.sh && setup_environment && bundle exec kitchen create'
+		/bin/bash -c "source test/ci_integration.sh && setup_environment && kitchen create"
 
 .PHONY: docker_converge
 docker_converge: ## Run `kitchen converge` within the Docker test environment
 	docker run --rm -it \
 		-e BILLING_ACCOUNT_ID  \
-		-e SERVICE_ACCOUNT_JSON \
 		-e DOMAIN \
 		-e FOLDER_ID \
 		-e GROUP_NAME \
 		-e ADMIN_ACCOUNT_EMAIL \
 		-e ORG_ID \
 		-e PROJECT_ID \
+		-e SERVICE_ACCOUNT_JSON \
+		-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
 		-v $(CURDIR):/cft/workdir \
 		${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \
-		/bin/bash -c 'source test/ci_integration.sh && setup_environment && bundle exec kitchen converge'
+		/bin/bash -c "source test/ci_integration.sh && setup_environment && kitchen converge"
 
 .PHONY: docker_verify
 docker_verify: ## Run `kitchen verify` within the Docker test environment
 	docker run --rm -it \
 		-e BILLING_ACCOUNT_ID  \
-		-e SERVICE_ACCOUNT_JSON \
 		-e DOMAIN \
 		-e FOLDER_ID \
 		-e GROUP_NAME \
 		-e ADMIN_ACCOUNT_EMAIL \
 		-e ORG_ID \
 		-e PROJECT_ID \
+		-e SERVICE_ACCOUNT_JSON \
+		-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
 		-v $(CURDIR):/cft/workdir \
 		${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \
-		/bin/bash -c 'source test/ci_integration.sh && setup_environment && bundle exec kitchen verify'
+		/bin/bash -c "source test/ci_integration.sh && setup_environment && kitchen verify"
 
 .PHONY: docker_destroy
 docker_destroy: ## Run `kitchen destroy` within the Docker test environment
 	docker run --rm -it \
 		-e BILLING_ACCOUNT_ID  \
-		-e SERVICE_ACCOUNT_JSON \
 		-e DOMAIN \
 		-e FOLDER_ID \
 		-e GROUP_NAME \
 		-e ADMIN_ACCOUNT_EMAIL \
 		-e ORG_ID \
 		-e PROJECT_ID \
+		-e SERVICE_ACCOUNT_JSON \
+		-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
 		-v $(CURDIR):/cft/workdir \
 		${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \
-		/bin/bash -c 'source test/ci_integration.sh && setup_environment && bundle exec kitchen destroy'
+		/bin/bash -c "source test/ci_integration.sh && setup_environment && kitchen destroy"
 
 .PHONY: test_integration_docker
 test_integration_docker:
 	docker run --rm -it \
 		-e BILLING_ACCOUNT_ID  \
-		-e SERVICE_ACCOUNT_JSON \
 		-e DOMAIN \
 		-e FOLDER_ID \
 		-e GROUP_NAME \
 		-e ADMIN_ACCOUNT_EMAIL \
 		-e ORG_ID \
 		-e PROJECT_ID \
+		-e SERVICE_ACCOUNT_JSON \
+		-e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \
 		-v $(CURDIR):/cft/workdir \
 		${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \
-		test/ci_integration.sh
-
-help: ## Prints help for targets with comments
-	@grep -E '^[a-zA-Z._-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
+		make test_integration

README.md

@@ -426,4 +426,4 @@ versions][release-new-version].
 [terraform-provider-gsuite]: https://github.com/DeviaVir/terraform-provider-gsuite
 [glossary]: /docs/GLOSSARY.md
 [release-new-version]: https://www.terraform.io/docs/registry/modules/publish.html#releasing-new-versions
-[application-default-credentials]: https://cloud.google.com/docs/authentication/production#providing_credentials_to_your_application
+[application-default-credentials]: https://cloud.google.com/docs/authentication/production#providing_credentials_to_your_application

examples/app_engine/README.md

@@ -30,4 +30,4 @@ Expected variables:
 | domain\_example | The organization's domain |
 | project\_info\_example | The ID of the created project |
 
-[^]: (autogen_docs_end)
+[^]: (autogen_docs_end)

examples/gke_shared_vpc/README.md

@@ -35,4 +35,4 @@ More information about GKE with Shared VPC can be found here: https://cloud.goog
 | shared\_vpc | The ID of the host project which hosts the shared VPC | string | n/a | yes |
 | shared\_vpc\_subnets | List of subnets fully qualified subnet IDs (ie. projects/$PROJECT_ID/regions/$REGION/subnetworks/$SUBNET_ID) | list | `<list>` | no |
 
-[^]: (autogen_docs_end)
+[^]: (autogen_docs_end)

examples/group_project/README.md

@@ -35,4 +35,4 @@ Expected variables:
 | group\_email\_example | The email of the created GSuite group |
 | project\_info\_example | The ID of the created project |
 
-[^]: (autogen_docs_end)
+[^]: (autogen_docs_end)

examples/project-hierarchy/README.md

@@ -39,4 +39,4 @@ Expected variables:
 | project\_info\_example | The ID of the created prod_gke project |
 | project\_info\_factory\_example | The ID of the created factory project |
 
-[^]: (autogen_docs_end)
+[^]: (autogen_docs_end)

examples/shared_vpc/README.md

@@ -10,11 +10,11 @@ It includes creating the host project and using the [network module](https://git
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
-| billing\_account | The ID of the billing account to associate this project with | string | - | yes |
-| credentials\_path | Path to a Service Account credentials file with permissions documented in the readme | string | - | yes |
-| host\_project\_name | Name for Shared VPC host project | string | `shared-vpc-host` | no |
-| network\_name | Name for Shared VPC network | string | `shared-network` | no |
-| organization\_id | The organization id for the associated services | string | - | yes |
+| billing\_account | The ID of the billing account to associate this project with | string | n/a | yes |
+| credentials\_path | Path to a Service Account credentials file with permissions documented in the readme | string | n/a | yes |
+| host\_project\_name | Name for Shared VPC host project | string | `"shared-vpc-host"` | no |
+| network\_name | Name for Shared VPC network | string | `"shared-network"` | no |
+| organization\_id | The organization id for the associated services | string | n/a | yes |
 
 ## Outputs
 
@@ -24,4 +24,4 @@ It includes creating the host project and using the [network module](https://git
 | network\_name | The name of the VPC being created |
 | network\_self\_link | The URI of the VPC being created |
 
-[^]: (autogen_docs_end)
+[^]: (autogen_docs_end)

examples/simple_project/README.md

@@ -25,4 +25,4 @@ Expected variables:
 | domain\_example | The organization's domain |
 | project\_info\_example | The ID of the created project |
 
-[^]: (autogen_docs_end)
+[^]: (autogen_docs_end)

helpers/combine_docfiles.py

@@ -13,6 +13,11 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+
+# Please note that this file was generated from
+# [terraform-google-module-template](https://github.com/terraform-google-modules/terraform-google-module-template).
+# Please make sure to contribute relevant changes upstream!
+
 ''' Combine file from:
   * script argument 1
   with content of file from:
@@ -24,6 +29,7 @@
   regex specified here
 '''
 
+import os
 import re
 import sys
 
@@ -33,15 +39,29 @@
 if len(sys.argv) != 3:
     sys.exit(1)
 
+if not os.path.isfile(sys.argv[1]):
+    sys.exit(0)
+
 input = open(sys.argv[1], "r").read()
 replace_content = open(sys.argv[2], "r").read()
 
 # Exclude the specified content from the replacement content
-groups = re.match(exclude_separator_regex, replace_content,
-                  re.DOTALL).groups(0)
+groups = re.match(
+    exclude_separator_regex,
+    replace_content,
+    re.DOTALL
+).groups(0)
 replace_content = groups[0] + groups[1]
 
 # Find where to put the replacement content, overwrite the input file
-groups = re.match(insert_separator_regex, input, re.DOTALL).groups(0)
-output = groups[0] + replace_content + groups[2]
+match = re.match(insert_separator_regex, input, re.DOTALL)
+if match is None:
+    print("ERROR: Could not find autogen docs anchors in", sys.argv[1])
+    print("To fix this, insert the following anchors in your README where "
+          "module inputs and outputs should be documented.")
+    print("[^]: (autogen_docs_start)")
+    print("[^]: (autogen_docs_end)")
+    sys.exit(1)
+groups = match.groups(0)
+output = groups[0] + replace_content + groups[2] + "\n"
 open(sys.argv[1], "w").write(output)

modules/core_project_factory/README.md

@@ -48,4 +48,4 @@
 | service\_account\_name | The fully-qualified name of the default service account |
 | service\_account\_unique\_id | The unique id of the default service account |
 
-[^]: (autogen_docs_end)
+[^]: (autogen_docs_end)

modules/gsuite_enabled/README.md

@@ -105,4 +105,4 @@ The roles granted are specifically:
 [^]: (autogen_docs_end)
 
 [examples]: ../../examples/
-[root-module]: ../../README.md
+[root-module]: ../../README.md

modules/gsuite_group/README.md

@@ -17,4 +17,4 @@
 | domain | The domain of the group's organization. |
 | email | The email address of the group. |
 
-[^]: (autogen_docs_end)
+[^]: (autogen_docs_end)

modules/project_services/README.md

@@ -38,4 +38,4 @@ See [examples/project_services](./examples/project_services) for an example.
 |------|-------------|
 | project\_id | The GCP project you want to enable APIs on |
 
-[^]: (autogen_docs_end)
+[^]: (autogen_docs_end)

modules/project_services/examples/project_services/README.md

@@ -21,4 +21,4 @@ Expected variables:
 |------|-------------|
 | project\_id | The GCP project you want to enable APIs on |
 
-[^]: (autogen_docs_end)
+[^]: (autogen_docs_end)

test/ci_integration.sh

@@ -18,7 +18,7 @@
 DELETE_AT_EXIT="$(mktemp -d)"
 finish() {
   echo 'BEGIN: finish() trap handler' >&2
-  kitchen destroy
+  kitchen destroy "$SUITE"
   [[ -d "${DELETE_AT_EXIT}" ]] && rm -rf "${DELETE_AT_EXIT}"
   echo 'END: finish() trap handler' >&2
 }
@@ -29,7 +29,7 @@ finish() {
 setup_environment() {
   local tmpfile
   tmpfile="$(mktemp)"
-  echo "${SERVICE_ACCOUNT_JSON}" >"${tmpfile}"
+  echo "${SERVICE_ACCOUNT_JSON}" > "${tmpfile}"
 
   # gcloud variables
   export CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE="${tmpfile}"
@@ -47,9 +47,12 @@ setup_environment() {
   export TF_VAR_shared_vpc="${PROJECT_ID}"
   TF_VAR_random_string_for_testing="${RANDOM_STRING_FOR_TESTING:-$(LC_ALL=C tr -dc 'a-z0-9' < /dev/urandom | fold -w 5 | head -n 1)}"
   export TF_VAR_random_string_for_testing
+  export TF_VAR_project_id="$PROJECT_ID"
 }
 
 main() {
+  export SUITE="${SUITE:-}"
+
   set -eu
   # Setup trap handler to auto-cleanup
   export TMPDIR="${DELETE_AT_EXIT}"
@@ -60,10 +63,10 @@ main() {
   set -x
 
   # Execute the test lifecycle
-  kitchen create
-  kitchen converge
-  kitchen converge
-  kitchen verify
+  kitchen create "$SUITE"
+  kitchen converge "$SUITE"
+  kitchen converge "$SUITE"
+  kitchen verify "$SUITE"
 }
 
 # if script is being executed and not sourced.

test/fixtures/full/README.md

@@ -15,6 +15,7 @@
 | group\_role |  | string | `"roles/viewer"` | no |
 | gsuite\_admin\_account |  | string | n/a | yes |
 | org\_id |  | string | n/a | yes |
+| random\_string\_for\_testing | A random string of characters to be appended to resource names to ensure uniqueness | string | n/a | yes |
 | region |  | string | `"us-east4"` | no |
 | sa\_group |  | string | `""` | no |
 | sa\_role |  | string | `"roles/editor"` | no |
@@ -38,7 +39,9 @@
 | sa\_role |  |
 | service\_account\_email |  |
 | shared\_vpc |  |
+| shared\_vpc\_subnet\_name |  |
+| shared\_vpc\_subnet\_region |  |
 | usage\_bucket\_name |  |
 | usage\_bucket\_prefix |  |
 
-[^]: (autogen_docs_end)
+[^]: (autogen_docs_end)