Refactor tests and add shared helpers

.github/release.yml

@@ -10,8 +10,8 @@ changelog:
         labels:
           - dependencies
 
-    - title: 🔩 Dependencies 
+    - title: 🔩 Dependencies
       labels:
         - dependencies
 
-# This file is managed by the osinfra-io/github-organization-management repository and should not be edited directly.
+# This file is managed by the osinfra-io/github-organization-management repository and should not be edited directly.

.gitignore

@@ -18,9 +18,6 @@ crash.log
 # be included in version control.
 local.tfvars
 
-# Provider.tf is used for local development of modules and shouldn't be added to repos.
-provider.tf
-
 # Ignore override files as they are usually used to override ressources locally
 override.tf
 override.tf.json

.pre-commit-config.yaml

@@ -11,7 +11,7 @@ repos:
       - id: check-symlinks
 
   - repo: https://github.com/antonbabenko/pre-commit-terraform
-    rev: v1.96.1
+    rev: v1.96.2
     hooks:
       - id: terraform_fmt
 
@@ -29,9 +29,11 @@ repos:
       - id: terraform_docs
 
   - repo: https://github.com/bridgecrewio/checkov.git
-    rev: 3.2.257
+    rev: 3.2.296
     hooks:
       - id: checkov
         verbose: true
         args:
+          - --skip-check
+          - "CKV_TF_1"
           - --quiet

README.md

@@ -73,8 +73,8 @@ No requirements.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | 6.4.0 |
-| <a name="provider_google-beta"></a> [google-beta](#provider\_google-beta) | 6.4.0 |
+| <a name="provider_google"></a> [google](#provider\_google) | 6.11.1 |
+| <a name="provider_google-beta"></a> [google-beta](#provider\_google-beta) | 6.11.1 |
 
 ### Modules
 

regional/README.md

@@ -11,13 +11,15 @@ No requirements.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_google"></a> [google](#provider\_google) | 5.40.0 |
-| <a name="provider_helm"></a> [helm](#provider\_helm) | 2.14.1 |
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.31.0 |
+| <a name="provider_google"></a> [google](#provider\_google) | 6.11.1 |
+| <a name="provider_helm"></a> [helm](#provider\_helm) | 2.16.1 |
+| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.33.0 |
 
 ## Modules
 
-No modules.
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_helpers"></a> [helpers](#module\_helpers) | github.com/osinfra-io/terraform-core-helpers//child | v0.1.2 |
 
 ## Resources
 
@@ -54,7 +56,7 @@ No modules.
 | <a name="input_gateway_mci_global_address"></a> [gateway\_mci\_global\_address](#input\_gateway\_mci\_global\_address) | The IP address for the Istio Gateway multi-cluster ingress | `string` | `""` | no |
 | <a name="input_gateway_memory_limits"></a> [gateway\_memory\_limits](#input\_gateway\_memory\_limits) | The memory limit for the Istio gateway | `string` | `"64Mi"` | no |
 | <a name="input_gateway_memory_requests"></a> [gateway\_memory\_requests](#input\_gateway\_memory\_requests) | The memory request for the Istio gateway | `string` | `"32Mi"` | no |
-| <a name="input_istio_version"></a> [istio\_version](#input\_istio\_version) | The version to install, this is used for the chart as well as the image tag | `string` | `"1.23.2"` | no |
+| <a name="input_istio_version"></a> [istio\_version](#input\_istio\_version) | The version to install, this is used for the chart as well as the image tag | `string` | `"1.24.0"` | no |
 | <a name="input_labels"></a> [labels](#input\_labels) | A map of key/value pairs to assign to the resources being created | `map(string)` | `{}` | no |
 | <a name="input_multi_cluster_service_clusters"></a> [multi\_cluster\_service\_clusters](#input\_multi\_cluster\_service\_clusters) | List of clusters to be included in the MultiClusterService | <pre>list(object({<br/>    link = string<br/>  }))</pre> | `[]` | no |
 | <a name="input_node_location"></a> [node\_location](#input\_node\_location) | The zone in which the cluster's nodes should be located. If not specified, the cluster's nodes are located across zones in the region | `string` | `null` | no |

regional/helm/istiod.yml

@@ -7,6 +7,7 @@ meshConfig:
   accessLogFile: /dev/stdout
   defaultConfig:
     proxyMetadata:
+      GRPC_ENFORCE_ALPN_ENABLED: "false" # This can be removed once https://github.com/cert-manager/istio-csr/pull/422 is released
       ISTIO_META_DNS_CAPTURE: "true"
       ISTIO_META_DNS_AUTO_ALLOCATE: "true"
 

regional/helpers.tf

@@ -0,0 +1 @@
+../shared/helpers.tf

regional/locals.tf

@@ -2,31 +2,17 @@
 # https://www.terraform.io/docs/language/values/locals.html
 
 locals {
-  env = lookup(local.env_map, local.environment, "none")
-
-  environment = (
-    terraform.workspace == "default" ?
-    "mock-environment" :
-    regex(".*-(?P<environment>[^-]+)$", terraform.workspace)["environment"]
-  )
-
-  env_map = {
-    "non-production" = "nonprod"
-    "production"     = "prod"
-    "sandbox"        = "sb"
-  }
-
   gateway_helm_values = {
     "autoscaling.minReplicas"                  = var.gateway_autoscale_min
-    "labels.tags\\.datadoghq\\.com/env"        = local.environment
+    "labels.tags\\.datadoghq\\.com/env"        = module.helpers.environment
     "labels.tags\\.datadoghq\\.com/version"    = var.istio_version
     "podAnnotations.apm\\.datadoghq\\.com/env" = local.istio_gateway_datadog_apm_env
     "podAnnotations.proxy\\.istio\\.io/config" = <<EOF
     tracing:
       datadog:
         address: $(HOST_IP):8126
     proxyMetadata:
-      DD_ENV: ${local.environment}
+      DD_ENV: ${module.helpers.environment}
       DD_SERVICE: istio-gateway
       DD_VERSION: ${var.istio_version}
     EOF
@@ -44,9 +30,9 @@ locals {
     "global.proxy.resources.requests.cpu"                   = var.proxy_cpu_requests
     "global.proxy.resources.requests.memory"                = var.proxy_memory_requests
     "pilot.autoscaleMin"                                    = var.pilot_autoscale_min
-    "pilot.deploymentLabels.tags\\.datadoghq\\.com/env"     = local.environment
+    "pilot.deploymentLabels.tags\\.datadoghq\\.com/env"     = module.helpers.environment
     "pilot.deploymentLabels.tags\\.datadoghq\\.com/version" = var.istio_version
-    "pilot.podLabels.tags\\.datadoghq\\.com/env"            = local.environment
+    "pilot.podLabels.tags\\.datadoghq\\.com/env"            = module.helpers.environment
     "pilot.podLabels.tags\\.datadoghq\\.com/version"        = var.istio_version
     "pilot.resources.limits.cpu"                            = var.pilot_cpu_limits
     "pilot.resources.limits.memory"                         = var.pilot_memory_limits
@@ -57,7 +43,7 @@ locals {
 
   istio_gateway_datadog_apm_env = <<EOF
     {
-    \"DD_ENV\":\"${local.environment}\"\,
+    \"DD_ENV\":\"${module.helpers.environment}\"\,
     \"DD_SERVICE\":\"istio-gateway\"\,
     \"DD_VERSION\":\"${var.istio_version}\"
     }
@@ -66,7 +52,7 @@ locals {
   istio_gateway_proxy_config = <<EOF
     {
     \"tracing\":{\"datadog\":{\"address\":\"$(HOST_IP):8126\"}}\,
-    \"proxyMetadata\":{\"DD_ENV\":\"${local.environment}\"\,
+    \"proxyMetadata\":{\"DD_ENV\":\"${module.helpers.environment}\"\,
     \"DD_SERVICE\":\"istio-gateway\"\,\"DD_VERSION\":\"${var.istio_version}\"\,
     \"ISTIO_META_DNS_AUTO_ALLOCATE\":\"true\"\,
     \"ISTIO_META_DNS_CAPTURE\":\"true\"\,
@@ -75,21 +61,5 @@ locals {
   EOF
 
   gateway_domains    = keys(var.gateway_dns)
-  multi_cluster_name = local.zone != null ? "${var.cluster_prefix}-${local.region}-${local.zone}-${local.env}" : "${var.cluster_prefix}-${local.region}-${local.env}"
-
-  region = (
-    terraform.workspace == "default" ?
-    "mock-region" :
-    regex("^(?P<region>[^-]+-[^-]+)", terraform.workspace)["region"]
-  )
-
-  zone = (
-    terraform.workspace == "default" ?
-    "mock-zone" :
-    (
-      regex("^(?P<region>[^-]+-[^-]+)(?:-(?P<zone>[^-]+))?-.*$", terraform.workspace)["zone"] != "" ?
-      regex("^(?P<region>[^-]+-[^-]+)(?:-(?P<zone>[^-]+))?-.*$", terraform.workspace)["zone"] :
-      null
-    )
-  )
+  multi_cluster_name = module.helpers.zone != null ? "${var.cluster_prefix}-${module.helpers.region}-${module.helpers.zone}-${module.helpers.env}" : "${var.cluster_prefix}-${module.helpers.region}-${module.helpers.env}"
 }

regional/main.tf

@@ -6,7 +6,7 @@ resource "google_compute_global_address" "istio_gateway" {
 
 
   labels  = var.labels
-  name    = "istio-gateway-${local.region}"
+  name    = "istio-gateway-${module.helpers.region}"
   project = var.project
 }
 
@@ -33,10 +33,6 @@ resource "helm_release" "base" {
   namespace  = "istio-system"
   repository = var.chart_repository
 
-  values = [
-    file("${path.module}/helm/base.yml")
-  ]
-
   version = var.istio_version
 }
 

regional/manifests/README.md

@@ -9,11 +9,13 @@ No requirements.
 
 | Name | Version |
 |------|---------|
-| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.32.0 |
+| <a name="provider_kubernetes"></a> [kubernetes](#provider\_kubernetes) | 2.33.0 |
 
 ## Modules
 
-No modules.
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_helpers"></a> [helpers](#module\_helpers) | github.com/osinfra-io/terraform-core-helpers//child | v0.1.2 |
 
 ## Resources
 

regional/manifests/helpers.tf

@@ -0,0 +1 @@
+../../shared/helpers.tf

regional/variables.tf

@@ -72,7 +72,7 @@ variable "gateway_memory_requests" {
 variable "istio_version" {
   description = "The version to install, this is used for the chart as well as the image tag"
   type        = string
-  default     = "1.23.2"
+  default     = "1.24.0"
 }
 
 variable "labels" {

shared/helpers.tf

@@ -0,0 +1,6 @@
+# Terraform Core Child Module Helpers (osinfra.io)
+# https://github.com/osinfra-io/terraform-core-helpers
+
+module "helpers" {
+  source = "github.com/osinfra-io/terraform-core-helpers//child?ref=v0.1.2"
+}

tests/fixtures/default/main.tf

@@ -16,6 +16,10 @@ module "test" {
   source = "../../../"
 
   gateway_dns = var.gateway_dns
-  labels      = local.labels
-  project     = var.project
+
+  labels = {
+    "mock-key" = "mock-value"
+  }
+
+  project = var.project
 }

tests/fixtures/default/regional/main.tf

@@ -15,59 +15,17 @@ terraform {
   }
 }
 
-# Helm Provider
-# https://registry.terraform.io/providers/hashicorp/helm/latest
-
-provider "helm" {
-  kubernetes {
-
-    cluster_ca_certificate = base64decode(
-      local.regional.cluster_ca_certificate
-    )
-
-    host  = local.regional.cluster_endpoint
-    token = data.google_client_config.current.access_token
-  }
-}
-
-# Kubernetes Provider
-# https://registry.terraform.io/providers/hashicorp/kubernetes/latest
-
-provider "kubernetes" {
-  cluster_ca_certificate = base64decode(
-    local.regional.cluster_ca_certificate
-  )
-
-  host  = "https://${local.regional.cluster_endpoint}"
-  token = data.google_client_config.current.access_token
-}
-
-# Google Client Config Data Source
-# https://registry.terraform.io/providers/hashicorp/google/latest/docs/data-sources/client_config
-
-data "google_client_config" "current" {
-}
-
-# Remote State Data Source
-# https://www.terraform.io/language/state/remote-state-data
-
-data "terraform_remote_state" "regional" {
-  backend   = "gcs"
-  workspace = "mock-workspace"
-
-  config = {
-    bucket = "mock-bucket"
-  }
-}
-
 module "test" {
   source = "../../../../regional"
 
   artifact_registry    = "mock-docker.pkg.dev/mock-project/mock-virtual"
   cluster_prefix       = "mock"
   enable_istio_gateway = true
   gateway_dns          = var.gateway_dns
-  labels               = local.labels
+
+  labels = {
+    "mock-key" = "mock-value"
+  }
 
   multi_cluster_service_clusters = [
     {