ci: Initial Terraform configurations (Work in Progress)

.gitignore

@@ -30,3 +30,15 @@ api_key
 
 # Python utilities
 *.pyc
+
+# Terraform
+*.hcl
+**/.terraform/.terraform/
+**/.terraform/plugins/
+**/.terraform/providers/
+**/.terraform/plugin_path
+*.lock.
+*.tfstate
+*.tfstate.backup
+*.tfstate.*.backup
+*.tfstate.lock.info

.terraform/README.md

@@ -0,0 +1,40 @@
+# Terraform Integration Testing Script
+
+### Command:
+
+`test.sh [module]`
+
+#### Examples:
+
+```shell
+test.sh java-accessapproval
+```
+
+Performs integration testing on the `java-accessapproval` submodule only.
+
+```shell
+test.sh
+```
+
+Performs integration testing on all modules defined in `modules-under-test.txt`.
+
+### GCP Project Selection or Creation+Deletion
+
+#### Using an existing project
+
+If the environment variable `GOOGLE_CLOUD_PROJECT` is defined with a
+GCP Project ID, that project will be used for all integration tests and
+will not be deleted after use.
+
+#### Automatic creation and deletion of single-use project
+
+If the environment variable `GOOGLE_CLOUD_PROJECT` is not defined,
+a single-use project will be created with a random suffix. In this
+situation, the following environment variables will be used or
+values will be prompted for them:
+
+* `TF_VAR_folder_id` : [GCP Folder](https://cloud.google.com/resource-manager/docs/creating-managing-folders)
+  in which new GCP projects will be created
+* `TF_VAR_billing_account` : [Billing account](https://cloud.google.com/billing/docs/concepts) to be
+  used for created GCP projects
+* `TF_VAR_project_prefix` : Prefix to use for all created GCP projects

.terraform/helpers/create-project.sh

@@ -0,0 +1,62 @@
+#!/bin/bash
+#
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+#####################
+# Expected Current Directory: Root repo directory (/google-cloud-java)
+# Expected Environment Variables:
+#   TF_VAR_folder_id : Folder in which new GCP projects will be created
+#   TF_VAR_billing_account : Billing account to be used for created GCP projects
+#   TF_VAR_project_prefix : Prefix to use for all created GCP projects
+#####################
+
+create_project_dir="./.terraform/modules/create-project"
+
+function createProject() {
+  # Ensure required environment variables are set.
+  if [ -z "${TF_VAR_folder_id+x}" ]; then
+    echo -n "Which GCP folder should be used when creating new GCP projects? Set TF_VAR_folder_id environment variable: "
+    read -r folder_id
+    export TF_VAR_folder_id="${folder_id}"
+  fi
+  if [ -z "${TF_VAR_billing_account+x}" ]; then
+    echo -n "Which GCP billing account should be assigned to created GCP projects? Set TF_VAR_billing_account environment variable: "
+    read -r billing_acct
+    export TF_VAR_billing_account="${billing_acct}"
+  fi
+  if [ -z "${TF_VAR_project_prefix+x}" ]; then
+    echo -n "What should be the project prefix for any created GCP project? Set TF_VAR_project_prefix environment variable: "
+    read -r prefix
+    export TF_VAR_project_prefix="${prefix}"
+  fi
+
+  # Provision GCP Project
+  pushd "$create_project_dir" || exit
+
+  terraform init || exit
+  terraform plan || exit
+  terraform apply -auto-approve || exit
+  GOOGLE_CLOUD_PROJECT=$(terraform output -raw project_id)
+  export GOOGLE_CLOUD_PROJECT
+
+  popd || exit
+}
+
+function destroyProject() {
+  pushd "$create_project_dir" || exit
+  terraform destroy -auto-approve || exit
+  popd || exit
+}

.terraform/helpers/gcloud-login.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+#
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# Perform gcloud auth login if no current credentials are available.
+if gcloud auth application-default print-access-token &>/dev/null; then
+  true
+else
+  if ! gcloud auth application-default login; then
+    exit
+  fi
+fi
+if gcloud auth print-access-token &>/dev/null; then
+  true
+else
+  if ! gcloud auth login; then
+    exit
+  fi
+fi

.terraform/helpers/test-module.sh

@@ -0,0 +1,62 @@
+#!/bin/bash
+#
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+function performTest() {
+  if [ -z "${GOOGLE_CLOUD_PROJECT+x}" ]; then
+    echo "Error: GOOGLE_CLOUD_PROJECT environment variable not set."
+    exit
+  fi
+
+  # Provision resources for module with configuration found in './<module>/.terraform' directory
+  pushd ./"$1"/.terraform || exit
+  terraform init || exit
+  terraform plan -var="project_id=$GOOGLE_CLOUD_PROJECT" || exit
+  terraform apply -auto-approve -var="project_id=$GOOGLE_CLOUD_PROJECT" || exit
+
+  # Set module-specific environment variables for upcoming integration test(s)
+  if [[ -f "./env.sh" ]]; then
+    source "./env.sh"
+  fi
+
+  # Perform integration testing
+  pushd ../ || exit
+  mvn -B ${INTEGRATION_TEST_ARGS} \
+    -ntp \
+    -Penable-integration-tests \
+    -DtrimStackTrace=false \
+    -Dclirr.skip=true \
+    -Denforcer.skip=true \
+    -Dcheckstyle.skip=true \
+    -fae \
+    verify
+
+  exit_code=$?
+  popd || exit
+
+  # Clean up provisioned resources regardless of exit code
+  if [[ -f "./predestroy.sh" ]]; then
+    source "./predestroy.sh"
+  fi
+  terraform destroy -auto-approve -var="project_id=$GOOGLE_CLOUD_PROJECT" || exit
+  popd || exit
+
+  # Stop execution if integration test failed
+  if [[ $exit_code != 0 ]]; then
+    echo "Execution stopped with error in $1"
+    exit
+  fi
+}

.terraform/modules-under-test.txt

@@ -0,0 +1,20 @@
+# Modules to be tested when no specific module is given to test.sh as an argument
+java-accessapproval
+java-bigqueryconnection
+java-container
+java-compute
+java-containeranalysis
+java-datacatalog
+java-datalabeling
+java-errorreporting
+java-game-servers
+java-iot
+java-kms
+java-monitoring
+java-resourcemanager
+java-secretmanager
+java-speech
+java-trace
+java-translate
+java-video-intelligence
+java-vision

.terraform/modules/create-project/README.md

@@ -0,0 +1,5 @@
+# 'create-project' Root Module
+
+This 'root' module creates a GCP project with a given prefix
+and a random ID suffix.
+

.terraform/modules/create-project/main.tf

@@ -0,0 +1,31 @@
+terraform {
+  required_providers {
+    google = {
+      source = "hashicorp/google"
+    }
+  }
+}
+
+provider "google" {
+  region = var.region
+  zone   = var.zone
+}
+
+resource "random_id" "id" {
+  byte_length = 3
+  keepers     = {
+    folder_id       = var.folder_id
+    billing_account = var.billing_account
+  }
+}
+
+locals {
+  project_id = lower("${var.project_prefix}-${random_id.id.hex}")
+}
+
+resource "google_project" "project" {
+  name            = local.project_id
+  project_id      = local.project_id
+  folder_id       = random_id.id.keepers.folder_id
+  billing_account = random_id.id.keepers.billing_account
+}

.terraform/modules/create-project/outputs.tf

@@ -0,0 +1,3 @@
+output "project_id" {
+  value = google_project.project.project_id
+}

.terraform/modules/create-project/variables.tf

@@ -0,0 +1,28 @@
+variable "project_prefix" {
+  type        = string
+  description = "Prefix to use when creating the GCP project"
+}
+
+variable "folder_id" {
+  type        = string
+  description = "GCP folder ID in which to create the project"
+  sensitive   = true
+}
+
+variable "billing_account" {
+  type        = string
+  description = "GCP Billing Account ID for the test project"
+  sensitive   = true
+}
+
+variable "region" {
+  type        = string
+  description = "GCP region to deploy resources to."
+  default     = "us-central1"
+}
+
+variable "zone" {
+  type        = string
+  description = "GCP zone to deploy resources to. Must be a zone in the chosen region."
+  default     = "us-central1-c"
+}

.terraform/test.sh

@@ -0,0 +1,83 @@
+#!/bin/bash
+#
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+#####################
+# This script uses the Terraform configurations found in the submodules
+# of this repository to provision a given GCP project with the correct
+# resources, perform integration testing, and then destroying the used
+# resources.
+#
+# Expected Environment Variables:
+#   GOOGLE_CLOUD_PROJECT :
+#     If defined, no GCP project will be created or destroyed.
+#     If not defined, a GCP project will be created for single-use, then destroyed.
+#
+#   If GOOGLE_CLOUD_PROJECT is not defined, the following environment variables
+#   are used. If not available, their values will be requested by prompt:
+#     TF_VAR_folder_id : Folder in which new GCP projects will be created
+#     TF_VAR_billing_account : Billing account to be used for created GCP projects
+#     TF_VAR_project_prefix : Prefix to use for all created GCP projects
+#
+#####################
+# Single Module Usage:
+# ./.terraform/test.sh <module> :: Tests only the given module
+#   ex: ./.terraform/test.sh java-accessapproval
+#
+# All Module Usage:
+# ./.terraform/test.sh :: Tests all modules in modules-under-test.txt
+
+# Ensure current directory is root repo folder
+scriptDir="$(cd -P -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd -P)"
+cd "$scriptDir/.." || exit
+
+source ./.terraform/helpers/gcloud-login.sh
+source ./.terraform/helpers/create-project.sh
+source ./.terraform/helpers/test-module.sh
+
+# Create a single-use project if one is not already provided via GOOGLE_CLOUD_PROJECT env var.
+if [ -z "${GOOGLE_CLOUD_PROJECT+x}" ]; then
+  echo "GOOGLE_CLOUD_PROJECT environment variable not set. Creating single-use project!"
+  createProject
+  createdProject=true
+else
+  createdProject=false
+fi
+
+# Use the project ID in gcloud set-quota-project. Clear the existing quota project directly from
+# the configuration, and re-set.
+gcloud config set project "$GOOGLE_CLOUD_PROJECT"
+sed -i.bak '/quota_project_id/d' ~/.config/gcloud/application_default_credentials.json
+gcloud auth application-default set-quota-project "$GOOGLE_CLOUD_PROJECT"
+
+if [ -n "$1" ]; then
+  # If shell script given a specific module as its argument
+  performTest "$1"
+else
+  # Otherwise, iterate through the list found in modules-under-test.txt
+  while IFS= read -r module; do
+    # Ignore lines starting with '#'
+    [[ "$module" =~ ^#.* ]] && continue
+
+    performTest "$module"
+  done <"./.terraform/modules-under-test.txt"
+fi
+
+if [ $createdProject ]; then
+  echo "Destroying single-use project $GOOGLE_CLOUD_PROJECT created at start."
+  destroyProject
+  export -n GOOGLE_CLOUD_PROJECT
+fi