Added support for Terrafrom 0.12

terraform-google-modules / terraform-google-vpc-service-controls

Handles opinionated VPC Service Controls and Access Context Manager configuration and deployments

Apache License 2.0

59 stars 67 forks source link

syntax and style checks: Fixed #8

[user@host:~/workspace/google/terraform-google-vpc-service-controls]$ make -s Running shellcheck Running flake8 Running go fmt and go vet Running terraform fmt terraform fmt -diff -check=true -write=false . terraform fmt -diff -check=true -write=false ./examples/simple_example terraform fmt -diff -check=true -write=false ./examples/simple_example_access_level terraform fmt -diff -check=true -write=false ./examples/simple_example_bridge terraform fmt -diff -check=true -write=false ./modules/access_level terraform fmt -diff -check=true -write=false ./modules/bridge_service_perimeter terraform fmt -diff -check=true -write=false ./modules/regular_service_perimeter terraform fmt -diff -check=true -write=false ./test/fixtures/shared terraform fmt -diff -check=true -write=false ./test/fixtures/simple_example Running terraform validate helpers/terraform_validate . Initializing provider plugins... Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary. Success! The configuration is valid. helpers/terraform_validate ./examples/simple_example Initializing modules... Initializing provider plugins... Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary. Success! The configuration is valid. helpers/terraform_validate ./examples/simple_example_access_level Initializing modules... Initializing provider plugins... Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary. Success! The configuration is valid. helpers/terraform_validate ./examples/simple_example_bridge Initializing modules... Initializing provider plugins... Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary. Success! The configuration is valid. helpers/terraform_validate ./modules/access_level Initializing provider plugins... Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary. Success! The configuration is valid. helpers/terraform_validate ./modules/bridge_service_perimeter Initializing provider plugins... Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary. Success! The configuration is valid. helpers/terraform_validate ./modules/regular_service_perimeter Initializing provider plugins... Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary. Success! The configuration is valid. helpers/terraform_validate ./test/fixtures/simple_example Initializing modules... Initializing provider plugins... Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary. Success! The configuration is valid. Running hadolint on Dockerfiles Checking for required files LICENSE README.md Testing the validity of the header check .. ---------------------------------------------------------------------- Ran 2 tests in 0.012s OK Checking file headers Checking for trailing whitespace Generating markdown docs with terraform-docs Skipping ./test/fixtures/shared because README.md does not exist. Skipping ./test/fixtures/simple_example because README.md does not exist. [user@host:~/workspace/google/terraform-google-vpc-service-controls]$

Examples tests: simple

[user@host:~/workspace/google/terraform-google-vpc-service-controls/examples/simple_example]$ terraform apply -auto-approve module.bigquery.google_bigquery_dataset.main: Creating... module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Creating... module.bigquery.google_bigquery_dataset.main: Creation complete after 1s [id=gl-ivankorniienko-seed:sample_dataset] module.bigquery.google_bigquery_table.main[0]: Creating... module.bigquery.google_bigquery_table.main[0]: Creation complete after 0s [id=gl-ivankorniienko-seed:sample_dataset.example_table] module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Creation complete after 5s [id=513681656470] module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Creating... module.access_level_members.google_access_context_manager_access_level.access_level: Creating... module.access_level_members.google_access_context_manager_access_level.access_level: Creation complete after 4s [id=accessPolicies/513681656470/accessLevels/terraform_members] Error: Error creating ServicePerimeter: googleapi: Error 400: Level name 'terraform_members' is not available in this Access Policy resource, but is referenced in 'status' field of Perimeter 'regular_perimeter_1'. If you are trying to delete a Level which is referenced in this Perimeter, you must first remove the reference. on ../../modules/regular_service_perimeter/main.tf line 21, in resource "google_access_context_manager_service_perimeter" "regular_service_perimeter": 21: resource "google_access_context_manager_service_perimeter" "regular_service_perimeter" { [user@host:~/workspace/google/terraform-google-vpc-service-controls/examples/simple_example]$ terraform apply -auto-approve module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Refreshing state... [id=513681656470] module.bigquery.google_bigquery_dataset.main: Refreshing state... [id=gl-ivankorniienko-seed:sample_dataset] module.bigquery.google_bigquery_table.main[0]: Refreshing state... [id=gl-ivankorniienko-seed:sample_dataset.example_table] module.access_level_members.google_access_context_manager_access_level.access_level: Refreshing state... [id=accessPolicies/513681656470/accessLevels/terraform_members] module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Creating... module.access_level_members.google_access_context_manager_access_level.access_level: Modifying... [id=accessPolicies/513681656470/accessLevels/terraform_members] module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Creation complete after 3s [id=accessPolicies/513681656470/servicePerimeters/regular_perimeter_1] module.access_level_members.google_access_context_manager_access_level.access_level: Modifications complete after 4s [id=accessPolicies/513681656470/accessLevels/terraform_members] Apply complete! Resources: 1 added, 1 changed, 0 destroyed. Outputs: dataset_id = gl-ivankorniienko-seed:sample_dataset policy_name = simple_test_policy protected_project_id = gl-ivankorniienko-seed table_id = [ "gl-ivankorniienko-seed:sample_dataset.example_table", ] [user@host:~/workspace/google/terraform-google-vpc-service-controls/examples/simple_example]$ terraform destroy -force module.bigquery.google_bigquery_dataset.main: Refreshing state... [id=gl-ivankorniienko-seed:sample_dataset] module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Refreshing state... [id=513681656470] module.bigquery.google_bigquery_table.main[0]: Refreshing state... [id=gl-ivankorniienko-seed:sample_dataset.example_table] module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Refreshing state... [id=accessPolicies/513681656470/servicePerimeters/regular_perimeter_1] module.access_level_members.google_access_context_manager_access_level.access_level: Refreshing state... [id=accessPolicies/513681656470/accessLevels/terraform_members] module.access_level_members.google_access_context_manager_access_level.access_level: Destroying... [id=accessPolicies/513681656470/accessLevels/terraform_members] module.bigquery.google_bigquery_table.main[0]: Destroying... [id=gl-ivankorniienko-seed:sample_dataset.example_table] module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Destroying... [id=accessPolicies/513681656470/servicePerimeters/regular_perimeter_1] module.bigquery.google_bigquery_table.main[0]: Destruction complete after 1s module.bigquery.google_bigquery_dataset.main: Destroying... [id=gl-ivankorniienko-seed:sample_dataset] module.bigquery.google_bigquery_dataset.main: Destruction complete after 0s module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Destruction complete after 2s Error: Error reading AccessLevel: googleapi: Error 400: Level name 'terraform_members' is not available in this Access Policy resource, but is referenced in 'status' field of Perimeter 'regular_perimeter_1'. If you are trying to delete a Level which is referenced in this Perimeter, you must first remove the reference. [user@host:~/workspace/google/terraform-google-vpc-service-controls/examples/simple_example]$ terraform destroy -force module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Refreshing state... [id=513681656470] module.access_level_members.google_access_context_manager_access_level.access_level: Refreshing state... [id=accessPolicies/513681656470/accessLevels/terraform_members] module.access_level_members.google_access_context_manager_access_level.access_level: Destroying... [id=accessPolicies/513681656470/accessLevels/terraform_members] module.access_level_members.google_access_context_manager_access_level.access_level: Destruction complete after 4s module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Destroying... [id=513681656470] module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Destruction complete after 2s Destroy complete! Resources: 2 destroyed.

Examples tests: simple_example_access_level

[user@host:~/workspace/google/terraform-google-vpc-service-controls/examples/simple_example_access_level]$ terraform apply -auto-approve module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Creating... module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Creation complete after 5s [id=654724432112] module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Creating... module.access_level_1.google_access_context_manager_access_level.access_level: Creating... module.access_level_1.google_access_context_manager_access_level.access_level: Creation complete after 4s [id=accessPolicies/654724432112/accessLevels/single_ip_policy] Error: Error creating ServicePerimeter: googleapi: Error 400: Level name 'single_ip_policy' is not available in this Access Policy resource, but is referenced in 'status' field of Perimeter 'regular_perimeter_1'. If you are trying to delete a Level which is referenced in this Perimeter, you must first remove the reference. on ../../modules/regular_service_perimeter/main.tf line 21, in resource "google_access_context_manager_service_perimeter" "regular_service_perimeter": 21: resource "google_access_context_manager_service_perimeter" "regular_service_perimeter" { [user@host:~/workspace/google/terraform-google-vpc-service-controls/examples/simple_example_access_level]$ terraform apply -auto-approve module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Refreshing state... [id=654724432112] module.access_level_1.google_access_context_manager_access_level.access_level: Refreshing state... [id=accessPolicies/654724432112/accessLevels/single_ip_policy] module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Creating... module.access_level_1.google_access_context_manager_access_level.access_level: Modifying... [id=accessPolicies/654724432112/accessLevels/single_ip_policy] module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Creation complete after 2s [id=accessPolicies/654724432112/servicePerimeters/regular_perimeter_1] module.access_level_1.google_access_context_manager_access_level.access_level: Modifications complete after 3s [id=accessPolicies/654724432112/accessLevels/single_ip_policy] Apply complete! Resources: 1 added, 1 changed, 0 destroyed. Outputs: policy_name = access_level_policy [user@host:~/workspace/google/terraform-google-vpc-service-controls/examples/simple_example_access_level]$ [13:14][user@host:~/workspace/google/terraform-google-vpc-service-controls/examples/simple_example_access_level]$ terraform destroy -force module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Refreshing state... [id=654724432112] module.access_level_1.google_access_context_manager_access_level.access_level: Refreshing state... [id=accessPolicies/654724432112/accessLevels/single_ip_policy] module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Refreshing state... [id=accessPolicies/654724432112/servicePerimeters/regular_perimeter_1] module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Destroying... [id=accessPolicies/654724432112/servicePerimeters/regular_perimeter_1] module.access_level_1.google_access_context_manager_access_level.access_level: Destroying... [id=accessPolicies/654724432112/accessLevels/single_ip_policy] module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Destruction complete after 2s module.access_level_1.google_access_context_manager_access_level.access_level: Destruction complete after 3s module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Destroying... [id=654724432112] module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Destruction complete after 2s Destroy complete! Resources: 3 destroyed.

Examples tests: simple_example_bridge

[user@host:~/workspace/google/terraform-google-vpc-service-controls/examples/simple_example_bridge]$ terraform apply -auto-approve module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Refreshing state... [id=720559688269] module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Creating... module.bridge_service_perimeter_1.google_access_context_manager_service_perimeter.bridge_service_perimeter: Creating... module.regular_service_perimeter_2.google_access_context_manager_service_perimeter.regular_service_perimeter: Creating... module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Creation complete after 3s [id=accessPolicies/720559688269/servicePerimeters/regular_perimeter_1] module.regular_service_perimeter_2.google_access_context_manager_service_perimeter.regular_service_perimeter: Creation complete after 4s [id=accessPolicies/720559688269/servicePerimeters/regular_perimeter_2] Error: Error creating ServicePerimeter: googleapi: Error 400: A project is in a Service Perimeter Bridge but no regular Service Perimeter. Each project in a Service Perimeter Bridge must be in a regular Service Perimeter. on ../../modules/bridge_service_perimeter/main.tf line 21, in resource "google_access_context_manager_service_perimeter" "bridge_service_perimeter": 21: resource "google_access_context_manager_service_perimeter" "bridge_service_perimeter" { [13:51][user@host:~/workspace/google/terraform-google-vpc-service-controls/examples/simple_example_bridge]$ terraform apply -auto-approve module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Refreshing state... [id=720559688269] module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Refreshing state... [id=accessPolicies/720559688269/servicePerimeters/regular_perimeter_1] module.regular_service_perimeter_2.google_access_context_manager_service_perimeter.regular_service_perimeter: Refreshing state... [id=accessPolicies/720559688269/servicePerimeters/regular_perimeter_2] module.bridge_service_perimeter_1.google_access_context_manager_service_perimeter.bridge_service_perimeter: Creating... module.bridge_service_perimeter_1.google_access_context_manager_service_perimeter.bridge_service_perimeter: Creation complete after 2s [id=accessPolicies/720559688269/servicePerimeters/bridge_perimeter_1] Apply complete! Resources: 1 added, 0 changed, 0 destroyed. Outputs: policy_name = simple_bridge_policy [user@host:~/workspace/google/terraform-google-vpc-service-controls/examples/simple_example_bridge]$ terraform destroy -force module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Refreshing state... [id=720559688269] module.bridge_service_perimeter_1.google_access_context_manager_service_perimeter.bridge_service_perimeter: Refreshing state... [id=accessPolicies/720559688269/servicePerimeters/bridge_perimeter_1] module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Refreshing state... [id=accessPolicies/720559688269/servicePerimeters/regular_perimeter_1] module.regular_service_perimeter_2.google_access_context_manager_service_perimeter.regular_service_perimeter: Refreshing state... [id=accessPolicies/720559688269/servicePerimeters/regular_perimeter_2] module.bridge_service_perimeter_1.google_access_context_manager_service_perimeter.bridge_service_perimeter: Destroying... [id=accessPolicies/720559688269/servicePerimeters/bridge_perimeter_1] module.regular_service_perimeter_2.google_access_context_manager_service_perimeter.regular_service_perimeter: Destroying... [id=accessPolicies/720559688269/servicePerimeters/regular_perimeter_2] module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Destroying... [id=accessPolicies/720559688269/servicePerimeters/regular_perimeter_1] module.bridge_service_perimeter_1.google_access_context_manager_service_perimeter.bridge_service_perimeter: Destruction complete after 2s Error: Error reading ServicePerimeter: googleapi: Error 400: A project is in a Service Perimeter Bridge but no regular Service Perimeter. Each project in a Service Perimeter Bridge must be in a regular Service Perimeter. Error: Error reading ServicePerimeter: googleapi: Error 400: A project is in a Service Perimeter Bridge but no regular Service Perimeter. Each project in a Service Perimeter Bridge must be in a regular Service Perimeter. [user@host:~/workspace/google/terraform-google-vpc-service-controls/examples/simple_example_bridge]$ terraform destroy -force module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Refreshing state... [id=720559688269] module.regular_service_perimeter_2.google_access_context_manager_service_perimeter.regular_service_perimeter: Refreshing state... [id=accessPolicies/720559688269/servicePerimeters/regular_perimeter_2] module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Refreshing state... [id=accessPolicies/720559688269/servicePerimeters/regular_perimeter_1] module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Destroying... [id=accessPolicies/720559688269/servicePerimeters/regular_perimeter_1] module.regular_service_perimeter_2.google_access_context_manager_service_perimeter.regular_service_perimeter: Destroying... [id=accessPolicies/720559688269/servicePerimeters/regular_perimeter_2] module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Destruction complete after 2s module.regular_service_perimeter_2.google_access_context_manager_service_perimeter.regular_service_perimeter: Destruction complete after 2s module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Destroying... [id=720559688269] module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Destruction complete after 3s Destroy complete! Resources: 3 destroyed.

intergration tests

Please, note: there is an issue with negative tests logged as #6 which is commented here with reference to known issue issue

bash-4.4# kitchen create -----> Starting Kitchen (v1.24.0) -----> Creating <simple-example-local>... Terraform v0.12.3 + provider.google v2.5.1 Your version of Terraform is out of date! The latest version is 0.12.5. You can update by downloading from www.terraform.io/downloads.html $$$$$$ Running command `terraform init -input=false -lock=true -lock-timeout=0s -upgrade -force-copy -backend=true -get=true -get-plugins=true -verify-plugins=true` in directory /cft/workdir/test/fixtures/simple_example Upgrading modules... - example in ../../../examples/simple_example - example.access_context_manager_policy in ../../.. - example.access_level_members in ../../../modules/access_level Downloading github.com/terraform-google-modules/terraform-google-bigquery for example.bigquery... - example.bigquery in .terraform/modules/example.bigquery - example.regular_service_perimeter_1 in ../../../modules/regular_service_perimeter Initializing the backend... Initializing provider plugins... - Checking for available provider plugins... - Downloading plugin for provider "google" (terraform-providers/google) 2.5.1... Terraform has been successfully initialized! $$$$$$ Running command `terraform workspace select kitchen-terraform-simple-example-local` in directory /cft/workdir/test/fixtures/simple_example Workspace "kitchen-terraform-simple-example-local" doesn't exist. You can create this workspace with the "new" subcommand. $$$$$$ Running command `terraform workspace new kitchen-terraform-simple-example-local` in directory /cft/workdir/test/fixtures/simple_example Created and switched to workspace "kitchen-terraform-simple-example-local"! You're now on a new, empty workspace. Workspaces isolate their state, so if you run "terraform plan" Terraform will not see any existing state for this configuration. Finished creating <simple-example-local> (0m39.11s). -----> Kitchen is finished. (0m40.88s) bash-4.4# kitchen converge -----> Starting Kitchen (v1.24.0) -----> Converging <simple-example-local>... Terraform v0.12.3 + provider.google v2.5.1 Your version of Terraform is out of date! The latest version is 0.12.5. You can update by downloading from www.terraform.io/downloads.html $$$$$$ Running command `terraform workspace select kitchen-terraform-simple-example-local` in directory /cft/workdir/test/fixtures/simple_example $$$$$$ Running command `terraform get -update` in directory /cft/workdir/test/fixtures/simple_example - example in ../../../examples/simple_example - example.access_context_manager_policy in ../../.. - example.access_level_members in ../../../modules/access_level Downloading github.com/terraform-google-modules/terraform-google-bigquery for example.bigquery... - example.bigquery in .terraform/modules/example.bigquery - example.regular_service_perimeter_1 in ../../../modules/regular_service_perimeter $$$$$$ Running command `terraform validate ` in directory /cft/workdir/test/fixtures/simple_example Success! The configuration is valid. $$$$$$ Running command `terraform apply -lock=true -lock-timeout=0s -input=false -auto-approve=true -parallelism=10 -refresh=true ` in directory /cft/workdir/test/fixtures/simple_example module.example.module.bigquery.google_bigquery_dataset.main: Creating... module.example.module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Creating... module.example.module.bigquery.google_bigquery_dataset.main: Creation complete after 1s [id=gl-ivankorniienko-seed:sample_dataset] module.example.module.bigquery.google_bigquery_table.main[0]: Creating... module.example.module.bigquery.google_bigquery_table.main[0]: Creation complete after 1s [id=gl-ivankorniienko-seed:sample_dataset.example_table] module.example.module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Creation complete after 6s [id=633168425836] module.example.module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Creating... module.example.module.access_level_members.google_access_context_manager_access_level.access_level: Creating... module.example.module.access_level_members.google_access_context_manager_access_level.access_level: Creation complete after 4s [id=accessPolicies/633168425836/accessLevels/terraform_members] Error: Error creating ServicePerimeter: googleapi: Error 400: Level name 'terraform_members' is not available in this Access Policy resource, but is referenced in 'status' field of Perimeter 'regular_perimeter_1'. If you are trying to delete a Level which is referenced in this Perimeter, you must first remove the reference. on ../../../modules/regular_service_perimeter/main.tf line 21, in resource "google_access_context_manager_service_perimeter" "regular_service_perimeter": 21: resource "google_access_context_manager_service_perimeter" "regular_service_perimeter" { >>>>>> ------Exception------- >>>>>> Class: Kitchen::ActionFailed >>>>>> Message: 1 actions failed. >>>>>> Converge failed on instance <simple-example-local>. Please see .kitchen/logs/simple-example-local.log for more details >>>>>> ---------------------- >>>>>> Please see .kitchen/logs/kitchen.log for more details >>>>>> Also try running `kitchen diagnose --all` for configuration bash-4.4# bash-4.4# kitchen converge -----> Starting Kitchen (v1.24.0) -----> Converging <simple-example-local>... Terraform v0.12.3 + provider.google v2.5.1 Your version of Terraform is out of date! The latest version is 0.12.5. You can update by downloading from www.terraform.io/downloads.html $$$$$$ Running command `terraform workspace select kitchen-terraform-simple-example-local` in directory /cft/workdir/test/fixtures/simple_example $$$$$$ Running command `terraform get -update` in directory /cft/workdir/test/fixtures/simple_example - example in ../../../examples/simple_example - example.access_context_manager_policy in ../../.. - example.access_level_members in ../../../modules/access_level Downloading github.com/terraform-google-modules/terraform-google-bigquery for example.bigquery... - example.bigquery in .terraform/modules/example.bigquery - example.regular_service_perimeter_1 in ../../../modules/regular_service_perimeter $$$$$$ Running command `terraform validate ` in directory /cft/workdir/test/fixtures/simple_example Success! The configuration is valid. $$$$$$ Running command `terraform apply -lock=true -lock-timeout=0s -input=false -auto-approve=true -parallelism=10 -refresh=true ` in directory /cft/workdir/test/fixtures/simple_example module.example.module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Refreshing state... [id=633168425836] module.example.module.bigquery.google_bigquery_dataset.main: Refreshing state... [id=gl-ivankorniienko-seed:sample_dataset] module.example.module.access_level_members.google_access_context_manager_access_level.access_level: Refreshing state... [id=accessPolicies/633168425836/accessLevels/terraform_members] module.example.module.bigquery.google_bigquery_table.main[0]: Refreshing state... [id=gl-ivankorniienko-seed:sample_dataset.example_table] module.example.module.access_level_members.google_access_context_manager_access_level.access_level: Modifying... [id=accessPolicies/633168425836/accessLevels/terraform_members] module.example.module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Creating... module.example.module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Creation complete after 2s [id=accessPolicies/633168425836/servicePerimeters/regular_perimeter_1] module.example.module.access_level_members.google_access_context_manager_access_level.access_level: Modifications complete after 3s [id=accessPolicies/633168425836/accessLevels/terraform_members] Apply complete! Resources: 1 added, 1 changed, 0 destroyed. Outputs: parent_id = 826592752744 policy_name = simple_test_policy protected_project_id = gl-ivankorniienko-seed public_project_id = gl-ik-test Finished converging <simple-example-local> (0m11.89s). -----> Kitchen is finished. (0m13.30s) bash-4.4# bash-4.4# kitchen verify -----> Starting Kitchen (v1.24.0) -----> Setting up <simple-example-local>... Finished setting up <simple-example-local> (0m0.00s). -----> Verifying <simple-example-local>... $$$$$$ Running command `terraform workspace select kitchen-terraform-simple-example-local` in directory /cft/workdir/test/fixtures/simple_example $$$$$$ Running command `terraform output -json` in directory /cft/workdir/test/fixtures/simple_example simple_example: Verifying Skipping profile: 'inspec-gcp' on unsupported platform: 'alpine/3.9.4'. Profile: simple_example Version: (not specified) Target: local:// ✔ big_query_vpc_positive_test: Command: `bq query --use_legacy=false --project_id=gl-ivankorniienko-seed 'select * from `gl-ivankorniienko-seed.sample_dataset.example_table` limit 10'` ✔ Command: `bq query --use_legacy=false --project_id=gl-ivankorniienko-seed 'select * from `gl-ivankorniienko-seed.sample_dataset.example_table` limit 10'` exit_status should equal 0 ✔ Command: `bq query --use_legacy=false --project_id=gl-ivankorniienko-seed 'select * from `gl-ivankorniienko-seed.sample_dataset.example_table` limit 10'` stderr should include "Current status: DONE" × big_query_vpc_negative_test: Command: `bq query --use_legacy=false --project_id=gl-ik-test 'select * from `gl-ivankorniienko-seed.sample_dataset.example_table` limit 10'` (3 failed) × Command: `bq query --use_legacy=false --project_id=gl-ik-test 'select * from `gl-ivankorniienko-seed.sample_dataset.example_table` limit 10'` exit_status should equal 1 expected #<Integer:3> => 1 got #<Integer:1> => 0 Compared using equal?, which compares object identity, but expected and actual are not the same object. Use `expect(actual).to eq(expected)` if you don't care about object identity in this example. × Command: `bq query --use_legacy=false --project_id=gl-ik-test 'select * from `gl-ivankorniienko-seed.sample_dataset.example_table` limit 10'` stderr should eq "" expected: "" got: "\rWaiting on bqjob_r14b7c363454e520a_0000016c3d992b62_1 ... (0s) Current status: RUNNING\r ... \rWaiting on bqjob_r14b7c363454e520a_0000016c3d992b62_1 ... (0s) Current status: DONE " (compared using ==) × Command: `bq query --use_legacy=false --project_id=gl-ik-test 'select * from `gl-ivankorniienko-seed.sample_dataset.example_table` limit 10'` stdout should include "Request is prohibited by organization's policy." expected "\n" to include "Request is prohibited by organization's policy." Diff: @@ -1,2 +1 @@ -Request is prohibited by organization's policy. Profile Summary: 1 successful control, 1 control failure, 0 controls skipped Test Summary: 2 successful, 3 failures, 0 skipped >>>>>> ------Exception------- >>>>>> Class: Kitchen::ActionFailed >>>>>> Message: 1 actions failed. >>>>>> Verify failed on instance <simple-example-local>. Please see .kitchen/logs/simple-example-local.log for more details >>>>>> ---------------------- >>>>>> Please see .kitchen/logs/kitchen.log for more details >>>>>> Also try running `kitchen diagnose --all` for configuration

Updated checks

Linters

[18:40][user@host:~/workspace/google/terraform-google-vpc-service-controls]$ make -s
Running shellcheck
Running flake8
Running go fmt and go vet
Running terraform fmt
terraform fmt -diff -check=true -write=false . 
terraform fmt -diff -check=true -write=false ./examples/simple_example 
terraform fmt -diff -check=true -write=false ./examples/simple_example_access_level 
terraform fmt -diff -check=true -write=false ./examples/simple_example_bridge 
terraform fmt -diff -check=true -write=false ./modules/access_level 
terraform fmt -diff -check=true -write=false ./modules/bridge_service_perimeter 
terraform fmt -diff -check=true -write=false ./modules/regular_service_perimeter 
terraform fmt -diff -check=true -write=false ./test/fixtures/shared 
terraform fmt -diff -check=true -write=false ./test/fixtures/simple_example 
Running terraform validate
helpers/terraform_validate . 

Initializing provider plugins...

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
Success! The configuration is valid.

helpers/terraform_validate ./examples/simple_example 
Initializing modules...

Initializing provider plugins...

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
Success! The configuration is valid.

helpers/terraform_validate ./examples/simple_example_access_level 
Initializing modules...

Initializing provider plugins...

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
Success! The configuration is valid.

helpers/terraform_validate ./examples/simple_example_bridge 
Initializing modules...

Initializing provider plugins...

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
Success! The configuration is valid.

helpers/terraform_validate ./modules/access_level 

Initializing provider plugins...

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
Success! The configuration is valid.

helpers/terraform_validate ./modules/bridge_service_perimeter 

Initializing provider plugins...

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
Success! The configuration is valid.

helpers/terraform_validate ./modules/regular_service_perimeter 

Initializing provider plugins...

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
Success! The configuration is valid.

helpers/terraform_validate ./test/fixtures/simple_example 
Initializing modules...

Initializing provider plugins...

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.
Success! The configuration is valid.

Running hadolint on Dockerfiles
Checking for required files LICENSE README.md
Testing the validity of the header check
..
----------------------------------------------------------------------
Ran 2 tests in 0.010s

OK
Checking file headers
Checking for trailing whitespace
Generating markdown docs with terraform-docs
Skipping ./test/fixtures/shared because README.md does not exist.
Skipping ./test/fixtures/simple_example because README.md does not exist.
[18:41][user@host:~/workspace/google/terraform-google-vpc-service-controls]$ echo $?
0
[18:41][user@host:~/workspace/google/terraform-google-vpc-service-controls]$

Examples:

simple example

[18:47][user@host:~/workspace/google/terraform-google-vpc-service-controls/examples/simple_example]$ terraform apply -auto-approve 
module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Creating...
module.bigquery.google_bigquery_dataset.main: Creating...
module.bigquery.google_bigquery_dataset.main: Creation complete after 2s [id=gl-ivankorniienko-seed:sample_dataset]
module.bigquery.google_bigquery_table.main[0]: Creating...
module.bigquery.google_bigquery_table.main[0]: Creation complete after 1s [id=gl-ivankorniienko-seed:sample_dataset.example_table]
module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Creation complete after 7s [id=625395856769]
module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Creating...
module.access_level_members.google_access_context_manager_access_level.access_level: Creating...
module.access_level_members.google_access_context_manager_access_level.access_level: Creation complete after 3s [id=accessPolicies/625395856769/accessLevels/terraform_members]

Error: Error creating ServicePerimeter: googleapi: Error 400: Level name 'terraform_members' is not available in this Access Policy resource, but is referenced in 'status' field of Perimeter 'regular_perimeter_1'. If you are trying to delete a Level which is referenced in this Perimeter, you must first remove the reference.

  on ../../modules/regular_service_perimeter/main.tf line 21, in resource "google_access_context_manager_service_perimeter" "regular_service_perimeter":
  21: resource "google_access_context_manager_service_perimeter" "regular_service_perimeter" {

[18:47][user@host:~/workspace/google/terraform-google-vpc-service-controls/examples/simple_example]$ terraform apply -auto-approve 
module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Refreshing state... [id=625395856769]
module.bigquery.google_bigquery_dataset.main: Refreshing state... [id=gl-ivankorniienko-seed:sample_dataset]
module.bigquery.google_bigquery_table.main[0]: Refreshing state... [id=gl-ivankorniienko-seed:sample_dataset.example_table]
module.access_level_members.google_access_context_manager_access_level.access_level: Refreshing state... [id=accessPolicies/625395856769/accessLevels/terraform_members]
module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Creating...
module.access_level_members.google_access_context_manager_access_level.access_level: Modifying... [id=accessPolicies/625395856769/accessLevels/terraform_members]
module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Creation complete after 3s [id=accessPolicies/625395856769/servicePerimeters/regular_perimeter_1]
module.access_level_members.google_access_context_manager_access_level.access_level: Modifications complete after 4s [id=accessPolicies/625395856769/accessLevels/terraform_members]

Apply complete! Resources: 1 added, 1 changed, 0 destroyed.

Outputs:

dataset_id = gl-ivankorniienko-seed:sample_dataset
policy_name = simple_test_policy
protected_project_id = gl-ivankorniienko-seed
table_id = [
  "gl-ivankorniienko-seed:sample_dataset.example_table",
]
[18:47][user@host:~/workspace/google/terraform-google-vpc-service-controls/examples/simple_example]$ terraform destroy -force 
module.bigquery.google_bigquery_dataset.main: Refreshing state... [id=gl-ivankorniienko-seed:sample_dataset]
module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Refreshing state... [id=625395856769]
module.bigquery.google_bigquery_table.main[0]: Refreshing state... [id=gl-ivankorniienko-seed:sample_dataset.example_table]
module.access_level_members.google_access_context_manager_access_level.access_level: Refreshing state... [id=accessPolicies/625395856769/accessLevels/terraform_members]
module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Refreshing state... [id=accessPolicies/625395856769/servicePerimeters/regular_perimeter_1]
module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Destroying... [id=accessPolicies/625395856769/servicePerimeters/regular_perimeter_1]
module.access_level_members.google_access_context_manager_access_level.access_level: Destroying... [id=accessPolicies/625395856769/accessLevels/terraform_members]
module.bigquery.google_bigquery_table.main[0]: Destroying... [id=gl-ivankorniienko-seed:sample_dataset.example_table]
module.bigquery.google_bigquery_table.main[0]: Destruction complete after 1s
module.bigquery.google_bigquery_dataset.main: Destroying... [id=gl-ivankorniienko-seed:sample_dataset]
module.bigquery.google_bigquery_dataset.main: Destruction complete after 1s
module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Destruction complete after 2s
module.access_level_members.google_access_context_manager_access_level.access_level: Destruction complete after 3s
module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Destroying... [id=625395856769]
module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Destruction complete after 2s

Destroy complete! Resources: 5 destroyed.
[18:47][user@host:~/workspace/google/terraform-google-vpc-service-controls/examples/simple_example]$

simple example access level

[18:45][user@host:~/workspace/google/terraform-google-vpc-service-controls/examples/simple_example_access_level]$ terraform apply -auto-approve 
module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Creating...
module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Creation complete after 6s [id=270053033394]
module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Creating...
module.access_level_1.google_access_context_manager_access_level.access_level: Creating...
module.access_level_1.google_access_context_manager_access_level.access_level: Creation complete after 3s [id=accessPolicies/270053033394/accessLevels/single_ip_policy]

Error: Error creating ServicePerimeter: googleapi: Error 400: Level name 'single_ip_policy' is not available in this Access Policy resource, but is referenced in 'status' field of Perimeter 'regular_perimeter_1'. If you are trying to delete a Level which is referenced in this Perimeter, you must first remove the reference.

  on ../../modules/regular_service_perimeter/main.tf line 21, in resource "google_access_context_manager_service_perimeter" "regular_service_perimeter":
  21: resource "google_access_context_manager_service_perimeter" "regular_service_perimeter" {

[18:46][user@host:~/workspace/google/terraform-google-vpc-service-controls/examples/simple_example_access_level]$ terraform apply -auto-approve 
module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Refreshing state... [id=270053033394]
module.access_level_1.google_access_context_manager_access_level.access_level: Refreshing state... [id=accessPolicies/270053033394/accessLevels/single_ip_policy]
module.access_level_1.google_access_context_manager_access_level.access_level: Modifying... [id=accessPolicies/270053033394/accessLevels/single_ip_policy]
module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Creating...
module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Creation complete after 3s [id=accessPolicies/270053033394/servicePerimeters/regular_perimeter_1]
module.access_level_1.google_access_context_manager_access_level.access_level: Modifications complete after 4s [id=accessPolicies/270053033394/accessLevels/single_ip_policy]

Apply complete! Resources: 1 added, 1 changed, 0 destroyed.

Outputs:

policy_name = access_level_policy
[18:46][user@host:~/workspace/google/terraform-google-vpc-service-controls/examples/simple_example_access_level]$ terraform destroy -force 
module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Refreshing state... [id=270053033394]
module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Refreshing state... [id=accessPolicies/270053033394/servicePerimeters/regular_perimeter_1]
module.access_level_1.google_access_context_manager_access_level.access_level: Refreshing state... [id=accessPolicies/270053033394/accessLevels/single_ip_policy]
module.access_level_1.google_access_context_manager_access_level.access_level: Destroying... [id=accessPolicies/270053033394/accessLevels/single_ip_policy]
module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Destroying... [id=accessPolicies/270053033394/servicePerimeters/regular_perimeter_1]
module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Destruction complete after 2s
module.access_level_1.google_access_context_manager_access_level.access_level: Destruction complete after 3s
module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Destroying... [id=270053033394]
module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Destruction complete after 2s

Destroy complete! Resources: 3 destroyed.
[18:46][user@host:~/workspace/google/terraform-google-vpc-service-controls/examples/simple_example_access_level]$

simple example bridge:

[18:42][user@host:~/workspace/google/terraform-google-vpc-service-controls/examples/simple_example_bridge]$ terraform apply -auto-approve 
module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Creating...
module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Creation complete after 6s [id=1074888007018]
module.bridge_service_perimeter_1.google_access_context_manager_service_perimeter.bridge_service_perimeter: Creating...
module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Creating...
module.regular_service_perimeter_2.google_access_context_manager_service_perimeter.regular_service_perimeter: Creating...
module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Creation complete after 3s [id=accessPolicies/1074888007018/servicePerimeters/regular_perimeter_1]
module.regular_service_perimeter_2.google_access_context_manager_service_perimeter.regular_service_perimeter: Creation complete after 4s [id=accessPolicies/1074888007018/servicePerimeters/regular_perimeter_2]

Error: Error creating ServicePerimeter: googleapi: Error 400: A project is in a Service Perimeter Bridge but no regular Service Perimeter. Each project in a Service Perimeter Bridge must be in a regular Service Perimeter.

  on ../../modules/bridge_service_perimeter/main.tf line 21, in resource "google_access_context_manager_service_perimeter" "bridge_service_perimeter":
  21: resource "google_access_context_manager_service_perimeter" "bridge_service_perimeter" {

[18:42][user@host:~/workspace/google/terraform-google-vpc-service-controls/examples/simple_example_bridge]$ terraform apply -auto-approve 
module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Refreshing state... [id=1074888007018]
module.regular_service_perimeter_2.google_access_context_manager_service_perimeter.regular_service_perimeter: Refreshing state... [id=accessPolicies/1074888007018/servicePerimeters/regular_perimeter_2]
module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Refreshing state... [id=accessPolicies/1074888007018/servicePerimeters/regular_perimeter_1]
module.bridge_service_perimeter_1.google_access_context_manager_service_perimeter.bridge_service_perimeter: Creating...
module.bridge_service_perimeter_1.google_access_context_manager_service_perimeter.bridge_service_perimeter: Creation complete after 2s [id=accessPolicies/1074888007018/servicePerimeters/bridge_perimeter_1]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Outputs:

policy_name = simple_bridge_policy
[18:42][user@host:~/workspace/google/terraform-google-vpc-service-controls/examples/simple_example_bridge]$ 
[18:44][user@host:~/workspace/google/terraform-google-vpc-service-controls/examples/simple_example_bridge]$ terraform destroy -force 
module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Refreshing state... [id=1074888007018]
module.bridge_service_perimeter_1.google_access_context_manager_service_perimeter.bridge_service_perimeter: Refreshing state... [id=accessPolicies/1074888007018/servicePerimeters/bridge_perimeter_1]
module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Refreshing state... [id=accessPolicies/1074888007018/servicePerimeters/regular_perimeter_1]
module.regular_service_perimeter_2.google_access_context_manager_service_perimeter.regular_service_perimeter: Refreshing state... [id=accessPolicies/1074888007018/servicePerimeters/regular_perimeter_2]
module.bridge_service_perimeter_1.google_access_context_manager_service_perimeter.bridge_service_perimeter: Destroying... [id=accessPolicies/1074888007018/servicePerimeters/bridge_perimeter_1]
module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Destroying... [id=accessPolicies/1074888007018/servicePerimeters/regular_perimeter_1]
module.regular_service_perimeter_2.google_access_context_manager_service_perimeter.regular_service_perimeter: Destroying... [id=accessPolicies/1074888007018/servicePerimeters/regular_perimeter_2]
module.bridge_service_perimeter_1.google_access_context_manager_service_perimeter.bridge_service_perimeter: Destruction complete after 2s

Error: Error reading ServicePerimeter: googleapi: Error 400: A project is in a Service Perimeter Bridge but no regular Service Perimeter. Each project in a Service Perimeter Bridge must be in a regular Service Perimeter.

Error: Error reading ServicePerimeter: googleapi: Error 400: A project is in a Service Perimeter Bridge but no regular Service Perimeter. Each project in a Service Perimeter Bridge must be in a regular Service Perimeter.

[18:45][user@host:~/workspace/google/terraform-google-vpc-service-controls/examples/simple_example_bridge]$ terraform destroy -force 
module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Refreshing state... [id=1074888007018]
module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Refreshing state... [id=accessPolicies/1074888007018/servicePerimeters/regular_perimeter_1]
module.regular_service_perimeter_2.google_access_context_manager_service_perimeter.regular_service_perimeter: Refreshing state... [id=accessPolicies/1074888007018/servicePerimeters/regular_perimeter_2]
module.regular_service_perimeter_2.google_access_context_manager_service_perimeter.regular_service_perimeter: Destroying... [id=accessPolicies/1074888007018/servicePerimeters/regular_perimeter_2]
module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Destroying... [id=accessPolicies/1074888007018/servicePerimeters/regular_perimeter_1]
module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Destruction complete after 2s
module.regular_service_perimeter_2.google_access_context_manager_service_perimeter.regular_service_perimeter: Destruction complete after 2s
module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Destroying... [id=1074888007018]
module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Destruction complete after 3s

Destroy complete! Resources: 3 destroyed.
[18:45][user@host:~/workspace/google/terraform-google-vpc-service-controls/examples/simple_example_bridge]$

integration tests:

bash-4.4# cp credentials.json /tmp/tmp.WhuHzVlJs3
bash-4.4# kitchen  list
Instance              Driver     Provisioner  Verifier   Transport  Last Action    Last Error
simple-example-local  Terraform  Terraform    Terraform  Ssh        <Not Created>  <None>
bash-4.4# kitchen create
-----> Starting Kitchen (v1.24.0)
-----> Creating <simple-example-local>...
       Terraform v0.12.3
       + provider.google v2.5.1

       Your version of Terraform is out of date! The latest version
       is 0.12.5. You can update by downloading from www.terraform.io/downloads.html
$$$$$$ Running command `terraform init -input=false -lock=true -lock-timeout=0s  -upgrade -force-copy -backend=true  -get=true -get-plugins=true -verify-plugins=true` in directory /cft/workdir/test/fixtures/simple_example
       Upgrading modules...
       - example in ../../../examples/simple_example
       - example.access_context_manager_policy in ../../..
       - example.access_level_members in ../../../modules/access_level
       Downloading github.com/terraform-google-modules/terraform-google-bigquery for example.bigquery...
       - example.bigquery in .terraform/modules/example.bigquery
       - example.regular_service_perimeter_1 in ../../../modules/regular_service_perimeter

       Initializing the backend...

       Initializing provider plugins...
       - Checking for available provider plugins...
       - Downloading plugin for provider "google" (terraform-providers/google) 2.5.1...

       Terraform has been successfully initialized!
$$$$$$ Running command `terraform workspace select kitchen-terraform-simple-example-local` in directory /cft/workdir/test/fixtures/simple_example

       Workspace "kitchen-terraform-simple-example-local" doesn't exist.

       You can create this workspace with the "new" subcommand.
$$$$$$ Running command `terraform workspace new kitchen-terraform-simple-example-local` in directory /cft/workdir/test/fixtures/simple_example
       Created and switched to workspace "kitchen-terraform-simple-example-local"!

       You're now on a new, empty workspace. Workspaces isolate their state,
       so if you run "terraform plan" Terraform will not see any existing state
       for this configuration.
       Finished creating <simple-example-local> (0m7.06s).
-----> Kitchen is finished. (0m8.45s)
bash-4.4# kitchen converge
-----> Starting Kitchen (v1.24.0)
-----> Converging <simple-example-local>...
       Terraform v0.12.3
       + provider.google v2.5.1

       Your version of Terraform is out of date! The latest version
       is 0.12.5. You can update by downloading from www.terraform.io/downloads.html
$$$$$$ Running command `terraform workspace select kitchen-terraform-simple-example-local` in directory /cft/workdir/test/fixtures/simple_example
$$$$$$ Running command `terraform get -update` in directory /cft/workdir/test/fixtures/simple_example
       - example in ../../../examples/simple_example
       - example.access_context_manager_policy in ../../..
       - example.access_level_members in ../../../modules/access_level
       Downloading github.com/terraform-google-modules/terraform-google-bigquery for example.bigquery...
       - example.bigquery in .terraform/modules/example.bigquery
       - example.regular_service_perimeter_1 in ../../../modules/regular_service_perimeter
$$$$$$ Running command `terraform validate   ` in directory /cft/workdir/test/fixtures/simple_example
       Success! The configuration is valid.

$$$$$$ Running command `terraform apply -lock=true -lock-timeout=0s -input=false -auto-approve=true  -parallelism=10 -refresh=true  ` in directory /cft/workdir/test/fixtures/simple_example
       module.example.module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Creating...
       module.example.module.bigquery.google_bigquery_dataset.main: Creating...
       module.example.module.bigquery.google_bigquery_dataset.main: Creation complete after 1s [id=gl-ivankorniienko-seed:sample_dataset]
       module.example.module.bigquery.google_bigquery_table.main[0]: Creating...
       module.example.module.bigquery.google_bigquery_table.main[0]: Creation complete after 1s [id=gl-ivankorniienko-seed:sample_dataset.example_table]
       module.example.module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Creation complete after 5s [id=533493164376]
       module.example.module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Creating...
       module.example.module.access_level_members.google_access_context_manager_access_level.access_level: Creating...
       module.example.module.access_level_members.google_access_context_manager_access_level.access_level: Creation complete after 4s [id=accessPolicies/533493164376/accessLevels/terraform_members]

       Error: Error creating ServicePerimeter: googleapi: Error 400: Level name 'terraform_members' is not available in this Access Policy resource, but is referenced in 'status' field of Perimeter 'regular_perimeter_1'. If you are trying to delete a Level which is referenced in this Perimeter, you must first remove the reference.

         on ../../../modules/regular_service_perimeter/main.tf line 21, in resource "google_access_context_manager_service_perimeter" "regular_service_perimeter":
         21: resource "google_access_context_manager_service_perimeter" "regular_service_perimeter" {

>>>>>> ------Exception-------
>>>>>> Class: Kitchen::ActionFailed
>>>>>> Message: 1 actions failed.
>>>>>>     Converge failed on instance <simple-example-local>.  Please see .kitchen/logs/simple-example-local.log for more details
>>>>>> ----------------------
>>>>>> Please see .kitchen/logs/kitchen.log for more details
>>>>>> Also try running `kitchen diagnose --all` for configuration

bash-4.4# kitchen converge
-----> Starting Kitchen (v1.24.0)
-----> Converging <simple-example-local>...
       Terraform v0.12.3
       + provider.google v2.5.1

       Your version of Terraform is out of date! The latest version
       is 0.12.5. You can update by downloading from www.terraform.io/downloads.html
$$$$$$ Running command `terraform workspace select kitchen-terraform-simple-example-local` in directory /cft/workdir/test/fixtures/simple_example
$$$$$$ Running command `terraform get -update` in directory /cft/workdir/test/fixtures/simple_example
       - example in ../../../examples/simple_example
       - example.access_context_manager_policy in ../../..
       - example.access_level_members in ../../../modules/access_level
       Downloading github.com/terraform-google-modules/terraform-google-bigquery for example.bigquery...
       - example.bigquery in .terraform/modules/example.bigquery
       - example.regular_service_perimeter_1 in ../../../modules/regular_service_perimeter
$$$$$$ Running command `terraform validate   ` in directory /cft/workdir/test/fixtures/simple_example
       Success! The configuration is valid.

$$$$$$ Running command `terraform apply -lock=true -lock-timeout=0s -input=false -auto-approve=true  -parallelism=10 -refresh=true  ` in directory /cft/workdir/test/fixtures/simple_example
       module.example.module.bigquery.google_bigquery_dataset.main: Refreshing state... [id=gl-ivankorniienko-seed:sample_dataset]
       module.example.module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Refreshing state... [id=533493164376]
       module.example.module.bigquery.google_bigquery_table.main[0]: Refreshing state... [id=gl-ivankorniienko-seed:sample_dataset.example_table]
       module.example.module.access_level_members.google_access_context_manager_access_level.access_level: Refreshing state... [id=accessPolicies/533493164376/accessLevels/terraform_members]
       module.example.module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Creating...
       module.example.module.access_level_members.google_access_context_manager_access_level.access_level: Modifying... [id=accessPolicies/533493164376/accessLevels/terraform_members]
       module.example.module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Creation complete after 3s [id=accessPolicies/533493164376/servicePerimeters/regular_perimeter_1]
       module.example.module.access_level_members.google_access_context_manager_access_level.access_level: Modifications complete after 4s [id=accessPolicies/533493164376/accessLevels/terraform_members]

       Apply complete! Resources: 1 added, 1 changed, 0 destroyed.

       Outputs:

       parent_id = 826592752744
       policy_name = simple_test_policy
       protected_project_id = gl-ivankorniienko-seed
       public_project_id = gl-ik-test
       Finished converging <simple-example-local> (0m11.31s).
-----> Kitchen is finished. (0m12.69s)
bash-4.4# 
bash-4.4# kitchen verify
-----> Starting Kitchen (v1.24.0)
-----> Setting up <simple-example-local>...
       Finished setting up <simple-example-local> (0m0.00s).
-----> Verifying <simple-example-local>...
$$$$$$ Running command `terraform workspace select kitchen-terraform-simple-example-local` in directory /cft/workdir/test/fixtures/simple_example
$$$$$$ Running command `terraform output -json` in directory /cft/workdir/test/fixtures/simple_example
simple_example: Verifying
Skipping profile: 'inspec-gcp' on unsupported platform: 'alpine/3.9.4'.

Profile: simple_example
Version: (not specified)
Target:  local://

  ✔  big_query_vpc_positive_test: Command: `bq query --use_legacy=false --project_id=gl-ivankorniienko-seed 'select * from `gl-ivankorniienko-seed.sample_dataset.example_table` limit 10'`
     ✔  Command: `bq query --use_legacy=false --project_id=gl-ivankorniienko-seed 'select * from `gl-ivankorniienko-seed.sample_dataset.example_table` limit 10'` exit_status should equal 0
     ✔  Command: `bq query --use_legacy=false --project_id=gl-ivankorniienko-seed 'select * from `gl-ivankorniienko-seed.sample_dataset.example_table` limit 10'` stderr should include "Current status: DONE"
  ×  big_query_vpc_negative_test: Command: `bq query --use_legacy=false --project_id=gl-ik-test 'select * from `gl-ivankorniienko-seed.sample_dataset.example_table` limit 10'` (3 failed)
     ×  Command: `bq query --use_legacy=false --project_id=gl-ik-test 'select * from `gl-ivankorniienko-seed.sample_dataset.example_table` limit 10'` exit_status should equal 1

     expected #<Integer:3> => 1
          got #<Integer:1> => 0

     Compared using equal?, which compares object identity,
     but expected and actual are not the same object. Use
     `expect(actual).to eq(expected)` if you don't care about
     object identity in this example.

     ×  Command: `bq query --use_legacy=false --project_id=gl-ik-test 'select * from `gl-ivankorniienko-seed.sample_dataset.example_table` limit 10'` stderr should eq ""

     expected: ""
          got: "\rWaiting on bqjob_r6ff7449b6235e88e_0000016c439380b7_1 ... (0s) Current status: RUNNING\r          ...           \rWaiting on bqjob_r6ff7449b6235e88e_0000016c439380b7_1 ... (0s) Current status: DONE   "

     (compared using ==)

     ×  Command: `bq query --use_legacy=false --project_id=gl-ik-test 'select * from `gl-ivankorniienko-seed.sample_dataset.example_table` limit 10'` stdout should include "Request is prohibited by organization's policy."
     expected "\n" to include "Request is prohibited by organization's policy."
     Diff:
     @@ -1,2 +1 @@
     -Request is prohibited by organization's policy.

Profile Summary: 1 successful control, 1 control failure, 0 controls skipped
Test Summary: 2 successful, 3 failures, 0 skipped
>>>>>> ------Exception-------
>>>>>> Class: Kitchen::ActionFailed
>>>>>> Message: 1 actions failed.
>>>>>>     Verify failed on instance <simple-example-local>.  Please see .kitchen/logs/simple-example-local.log for more details
>>>>>> ----------------------
>>>>>> Please see .kitchen/logs/kitchen.log for more details
>>>>>> Also try running `kitchen diagnose --all` for configuration

bash-4.4# kitchen destroy
-----> Starting Kitchen (v1.24.0)
-----> Destroying <simple-example-local>...
       Terraform v0.12.3
       + provider.google v2.5.1

       Your version of Terraform is out of date! The latest version
       is 0.12.5. You can update by downloading from www.terraform.io/downloads.html
$$$$$$ Running command `terraform init -input=false -lock=true -lock-timeout=0s  -force-copy -backend=true  -get=true -get-plugins=true -verify-plugins=true` in directory /cft/workdir/test/fixtures/simple_example
       Initializing modules...

       Initializing the backend...

       Initializing provider plugins...

       Terraform has been successfully initialized!
$$$$$$ Running command `terraform workspace select kitchen-terraform-simple-example-local` in directory /cft/workdir/test/fixtures/simple_example
$$$$$$ Running command `terraform destroy -auto-approve -lock=true -lock-timeout=0s -input=false  -parallelism=10 -refresh=true  ` in directory /cft/workdir/test/fixtures/simple_example
       module.example.module.bigquery.google_bigquery_dataset.main: Refreshing state... [id=gl-ivankorniienko-seed:sample_dataset]
       module.example.module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Refreshing state... [id=533493164376]
       module.example.module.bigquery.google_bigquery_table.main[0]: Refreshing state... [id=gl-ivankorniienko-seed:sample_dataset.example_table]
       module.example.module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Refreshing state... [id=accessPolicies/533493164376/servicePerimeters/regular_perimeter_1]
       module.example.module.access_level_members.google_access_context_manager_access_level.access_level: Refreshing state... [id=accessPolicies/533493164376/accessLevels/terraform_members]
       module.example.module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Destroying... [id=accessPolicies/533493164376/servicePerimeters/regular_perimeter_1]
       module.example.module.access_level_members.google_access_context_manager_access_level.access_level: Destroying... [id=accessPolicies/533493164376/accessLevels/terraform_members]
       module.example.module.bigquery.google_bigquery_table.main[0]: Destroying... [id=gl-ivankorniienko-seed:sample_dataset.example_table]
       module.example.module.bigquery.google_bigquery_table.main[0]: Destruction complete after 1s
       module.example.module.bigquery.google_bigquery_dataset.main: Destroying... [id=gl-ivankorniienko-seed:sample_dataset]
       module.example.module.bigquery.google_bigquery_dataset.main: Destruction complete after 0s
       module.example.module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Destruction complete after 2s
       module.example.module.access_level_members.google_access_context_manager_access_level.access_level: Destruction complete after 2s
       module.example.module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Destroying... [id=533493164376]
       module.example.module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Destruction complete after 3s

       Destroy complete! Resources: 5 destroyed.
$$$$$$ Running command `terraform workspace select default` in directory /cft/workdir/test/fixtures/simple_example
       Switched to workspace "default".
$$$$$$ Running command `terraform workspace delete kitchen-terraform-simple-example-local` in directory /cft/workdir/test/fixtures/simple_example
       Deleted workspace "kitchen-terraform-simple-example-local"!
       Finished destroying <simple-example-local> (0m11.38s).
-----> Kitchen is finished. (0m12.75s)
bash-4.4#

Updated syntax checks:

[18:13][user@host:~/workspace/google/terraform-google-vpc-service-controls]$ make -s Running shellcheck Running flake8 Running go fmt and go vet Running terraform fmt terraform fmt -diff -check=true -write=false . terraform fmt -diff -check=true -write=false ./examples/simple_example terraform fmt -diff -check=true -write=false ./examples/simple_example_access_level terraform fmt -diff -check=true -write=false ./examples/simple_example_bridge terraform fmt -diff -check=true -write=false ./modules/access_level terraform fmt -diff -check=true -write=false ./modules/bridge_service_perimeter terraform fmt -diff -check=true -write=false ./modules/regular_service_perimeter terraform fmt -diff -check=true -write=false ./test/fixtures/shared terraform fmt -diff -check=true -write=false ./test/fixtures/simple_example Running terraform validate helpers/terraform_validate . Initializing provider plugins... The following providers do not have any version constraints in configuration, so the latest version was installed. To prevent automatic upgrades to new major versions that may contain breaking changes, it is recommended to add version = "..." constraints to the corresponding provider blocks in configuration, with the constraint strings suggested below. * provider.google: version = "~> 2.5" Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary. Success! The configuration is valid. helpers/terraform_validate ./examples/simple_example Initializing modules... Initializing provider plugins... Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary. Success! The configuration is valid. helpers/terraform_validate ./examples/simple_example_access_level Initializing modules... Initializing provider plugins... Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary. Success! The configuration is valid. helpers/terraform_validate ./examples/simple_example_bridge Initializing modules... Initializing provider plugins... Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary. Success! The configuration is valid. helpers/terraform_validate ./modules/access_level Initializing provider plugins... The following providers do not have any version constraints in configuration, so the latest version was installed. To prevent automatic upgrades to new major versions that may contain breaking changes, it is recommended to add version = "..." constraints to the corresponding provider blocks in configuration, with the constraint strings suggested below. * provider.google: version = "~> 2.5" Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary. Success! The configuration is valid. helpers/terraform_validate ./modules/bridge_service_perimeter Initializing provider plugins... The following providers do not have any version constraints in configuration, so the latest version was installed. To prevent automatic upgrades to new major versions that may contain breaking changes, it is recommended to add version = "..." constraints to the corresponding provider blocks in configuration, with the constraint strings suggested below. * provider.google: version = "~> 2.5" Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary. Success! The configuration is valid. helpers/terraform_validate ./modules/regular_service_perimeter Initializing provider plugins... The following providers do not have any version constraints in configuration, so the latest version was installed. To prevent automatic upgrades to new major versions that may contain breaking changes, it is recommended to add version = "..." constraints to the corresponding provider blocks in configuration, with the constraint strings suggested below. * provider.google: version = "~> 2.5" Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary. Success! The configuration is valid. helpers/terraform_validate ./test/fixtures/simple_example Initializing modules... Initializing provider plugins... Terraform has been successfully initialized! You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work. If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary. Success! The configuration is valid. Running hadolint on Dockerfiles Checking for required files LICENSE README.md Testing the validity of the header check .. ---------------------------------------------------------------------- Ran 2 tests in 0.012s OK Checking file headers Checking for trailing whitespace Generating markdown docs with terraform-docs Skipping ./test/fixtures/shared because README.md does not exist. Skipping ./test/fixtures/simple_example because README.md does not exist. [18:42][user@host:~/workspace/google/terraform-google-vpc-service-controls]$

Updated integration tests run:

bash-4.4# kitchen create && kitchen converge || kitchen converge && kitchen verify -----> Starting Kitchen (v1.24.0) -----> Creating <simple-example-local>... Terraform v0.12.3 + provider.google v2.5.1 Your version of Terraform is out of date! The latest version is 0.12.6. You can update by downloading from www.terraform.io/downloads.html $$$$$$ Running command `terraform init -input=false -lock=true -lock-timeout=0s -upgrade -force-copy -backend=true -get=true -get-plugins=true -verify-plugins=true` in directory /cft/workdir/test/fixtures/simple_example Upgrading modules... - example in ../../../examples/simple_example - example.access_context_manager_policy in ../../.. - example.access_level_members in ../../../modules/access_level Downloading terraform-google-modules/bigquery/google 2.0.0 for example.bigquery... - example.bigquery in .terraform/modules/example.bigquery/terraform-google-modules-terraform-google-bigquery-030f333 - example.regular_service_perimeter_1 in ../../../modules/regular_service_perimeter Initializing the backend... Initializing provider plugins... - Checking for available provider plugins... - Downloading plugin for provider "google" (terraform-providers/google) 2.5.1... Terraform has been successfully initialized! $$$$$$ Running command `terraform workspace select kitchen-terraform-simple-example-local` in directory /cft/workdir/test/fixtures/simple_example Workspace "kitchen-terraform-simple-example-local" doesn't exist. You can create this workspace with the "new" subcommand. $$$$$$ Running command `terraform workspace new kitchen-terraform-simple-example-local` in directory /cft/workdir/test/fixtures/simple_example Created and switched to workspace "kitchen-terraform-simple-example-local"! You're now on a new, empty workspace. Workspaces isolate their state, so if you run "terraform plan" Terraform will not see any existing state for this configuration. Finished creating <simple-example-local> (0m6.99s). -----> Kitchen is finished. (0m8.48s) -----> Starting Kitchen (v1.24.0) -----> Converging <simple-example-local>... Terraform v0.12.3 + provider.google v2.5.1 Your version of Terraform is out of date! The latest version is 0.12.6. You can update by downloading from www.terraform.io/downloads.html $$$$$$ Running command `terraform workspace select kitchen-terraform-simple-example-local` in directory /cft/workdir/test/fixtures/simple_example $$$$$$ Running command `terraform get -update` in directory /cft/workdir/test/fixtures/simple_example - example in ../../../examples/simple_example - example.access_context_manager_policy in ../../.. - example.access_level_members in ../../../modules/access_level Downloading terraform-google-modules/bigquery/google 2.0.0 for example.bigquery... - example.bigquery in .terraform/modules/example.bigquery/terraform-google-modules-terraform-google-bigquery-030f333 - example.regular_service_perimeter_1 in ../../../modules/regular_service_perimeter $$$$$$ Running command `terraform validate ` in directory /cft/workdir/test/fixtures/simple_example Success! The configuration is valid. $$$$$$ Running command `terraform apply -lock=true -lock-timeout=0s -input=false -auto-approve=true -parallelism=10 -refresh=true ` in directory /cft/workdir/test/fixtures/simple_example module.example.module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Creating... module.example.module.bigquery.google_bigquery_dataset.main: Creating... module.example.module.bigquery.google_bigquery_dataset.main: Creation complete after 2s [id=gl-ivankorniienko-seed:sample_dataset] module.example.module.bigquery.google_bigquery_table.main[0]: Creating... module.example.module.bigquery.google_bigquery_table.main[0]: Creation complete after 0s [id=gl-ivankorniienko-seed:sample_dataset.example_table] module.example.module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Creation complete after 7s [id=609943399274] module.example.module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Creating... module.example.module.access_level_members.google_access_context_manager_access_level.access_level: Creating... module.example.module.access_level_members.google_access_context_manager_access_level.access_level: Creation complete after 4s [id=accessPolicies/609943399274/accessLevels/terraform_members] Error: Error creating ServicePerimeter: googleapi: Error 400: Level name 'terraform_members' is not available in this Access Policy resource, but is referenced in 'status' field of Perimeter 'regular_perimeter_1'. If you are trying to delete a Level which is referenced in this Perimeter, you must first remove the reference. on ../../../modules/regular_service_perimeter/main.tf line 17, in resource "google_access_context_manager_service_perimeter" "regular_service_perimeter": 17: resource "google_access_context_manager_service_perimeter" "regular_service_perimeter" { >>>>>> ------Exception------- >>>>>> Class: Kitchen::ActionFailed >>>>>> Message: 1 actions failed. >>>>>> Converge failed on instance <simple-example-local>. Please see .kitchen/logs/simple-example-local.log for more details >>>>>> ---------------------- >>>>>> Please see .kitchen/logs/kitchen.log for more details >>>>>> Also try running `kitchen diagnose --all` for configuration -----> Starting Kitchen (v1.24.0) -----> Converging <simple-example-local>... Terraform v0.12.3 + provider.google v2.5.1 Your version of Terraform is out of date! The latest version is 0.12.6. You can update by downloading from www.terraform.io/downloads.html $$$$$$ Running command `terraform workspace select kitchen-terraform-simple-example-local` in directory /cft/workdir/test/fixtures/simple_example $$$$$$ Running command `terraform get -update` in directory /cft/workdir/test/fixtures/simple_example - example in ../../../examples/simple_example - example.access_context_manager_policy in ../../.. - example.access_level_members in ../../../modules/access_level Downloading terraform-google-modules/bigquery/google 2.0.0 for example.bigquery... - example.bigquery in .terraform/modules/example.bigquery/terraform-google-modules-terraform-google-bigquery-030f333 - example.regular_service_perimeter_1 in ../../../modules/regular_service_perimeter $$$$$$ Running command `terraform validate ` in directory /cft/workdir/test/fixtures/simple_example Success! The configuration is valid. $$$$$$ Running command `terraform apply -lock=true -lock-timeout=0s -input=false -auto-approve=true -parallelism=10 -refresh=true ` in directory /cft/workdir/test/fixtures/simple_example module.example.module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Refreshing state... [id=609943399274] module.example.module.bigquery.google_bigquery_dataset.main: Refreshing state... [id=gl-ivankorniienko-seed:sample_dataset] module.example.module.bigquery.google_bigquery_table.main[0]: Refreshing state... [id=gl-ivankorniienko-seed:sample_dataset.example_table] module.example.module.access_level_members.google_access_context_manager_access_level.access_level: Refreshing state... [id=accessPolicies/609943399274/accessLevels/terraform_members] module.example.module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Creating... module.example.module.access_level_members.google_access_context_manager_access_level.access_level: Modifying... [id=accessPolicies/609943399274/accessLevels/terraform_members] module.example.module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Creation complete after 3s [id=accessPolicies/609943399274/servicePerimeters/regular_perimeter_1] module.example.module.access_level_members.google_access_context_manager_access_level.access_level: Modifications complete after 5s [id=accessPolicies/609943399274/accessLevels/terraform_members] Apply complete! Resources: 1 added, 1 changed, 0 destroyed. Outputs: parent_id = 826592752744 policy_name = simple_test_policy protected_project_id = gl-ivankorniienko-seed public_project_id = gl-ik-test Finished converging <simple-example-local> (0m12.31s). -----> Kitchen is finished. (0m13.81s) -----> Starting Kitchen (v1.24.0) -----> Setting up <simple-example-local>... Finished setting up <simple-example-local> (0m0.00s). -----> Verifying <simple-example-local>... $$$$$$ Running command `terraform workspace select kitchen-terraform-simple-example-local` in directory /cft/workdir/test/fixtures/simple_example $$$$$$ Running command `terraform output -json` in directory /cft/workdir/test/fixtures/simple_example simple_example: Verifying Skipping profile: 'inspec-gcp' on unsupported platform: 'alpine/3.9.4'. Profile: simple_example Version: (not specified) Target: local:// ✔ big_query_vpc_positive_test: Command: `bq query --use_legacy=false --project_id=gl-ivankorniienko-seed 'select * from `gl-ivankorniienko-seed.sample_dataset.example_table` limit 10'` ✔ Command: `bq query --use_legacy=false --project_id=gl-ivankorniienko-seed 'select * from `gl-ivankorniienko-seed.sample_dataset.example_table` limit 10'` exit_status should equal 0 ✔ Command: `bq query --use_legacy=false --project_id=gl-ivankorniienko-seed 'select * from `gl-ivankorniienko-seed.sample_dataset.example_table` limit 10'` stderr should include "Current status: DONE" × big_query_vpc_negative_test: Command: `bq query --use_legacy=false --project_id=gl-ik-test 'select * from `gl-ivankorniienko-seed.sample_dataset.example_table` limit 10'` (3 failed) × Command: `bq query --use_legacy=false --project_id=gl-ik-test 'select * from `gl-ivankorniienko-seed.sample_dataset.example_table` limit 10'` exit_status should equal 1 expected #<Integer:3> => 1 got #<Integer:1> => 0 Compared using equal?, which compares object identity, but expected and actual are not the same object. Use `expect(actual).to eq(expected)` if you don't care about object identity in this example. × Command: `bq query --use_legacy=false --project_id=gl-ik-test 'select * from `gl-ivankorniienko-seed.sample_dataset.example_table` limit 10'` stderr should eq "" expected: "" got: "\rWaiting on bqjob_r2e4af861c2d25ec_0000016c6cbdc0c2_1 ... (0s) Current status: RUNNING\r ... \rWaiting on bqjob_r2e4af861c2d25ec_0000016c6cbdc0c2_1 ... (0s) Current status: DONE " (compared using ==) × Command: `bq query --use_legacy=false --project_id=gl-ik-test 'select * from `gl-ivankorniienko-seed.sample_dataset.example_table` limit 10'` stdout should include "Request is prohibited by organization's policy." expected "\n" to include "Request is prohibited by organization's policy." Diff: @@ -1,2 +1 @@ -Request is prohibited by organization's policy. Profile Summary: 1 successful control, 1 control failure, 0 controls skipped Test Summary: 2 successful, 3 failures, 0 skipped >>>>>> ------Exception------- >>>>>> Class: Kitchen::ActionFailed >>>>>> Message: 1 actions failed. >>>>>> Verify failed on instance <simple-example-local>. Please see .kitchen/logs/simple-example-local.log for more details >>>>>> ---------------------- >>>>>> Please see .kitchen/logs/kitchen.log for more details >>>>>> Also try running `kitchen diagnose --all` for configuration bash-4.4# bash-4.4# kitchen destroy || kitchen destroy -----> Starting Kitchen (v1.24.0) -----> Destroying <simple-example-local>... Terraform v0.12.3 + provider.google v2.5.1 Your version of Terraform is out of date! The latest version is 0.12.6. You can update by downloading from www.terraform.io/downloads.html $$$$$$ Running command `terraform init -input=false -lock=true -lock-timeout=0s -force-copy -backend=true -get=true -get-plugins=true -verify-plugins=true` in directory /cft/workdir/test/fixtures/simple_example Initializing modules... Initializing the backend... Initializing provider plugins... Terraform has been successfully initialized! $$$$$$ Running command `terraform workspace select kitchen-terraform-simple-example-local` in directory /cft/workdir/test/fixtures/simple_example $$$$$$ Running command `terraform destroy -auto-approve -lock=true -lock-timeout=0s -input=false -parallelism=10 -refresh=true ` in directory /cft/workdir/test/fixtures/simple_example module.example.module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Refreshing state... [id=609943399274] module.example.module.bigquery.google_bigquery_dataset.main: Refreshing state... [id=gl-ivankorniienko-seed:sample_dataset] module.example.module.bigquery.google_bigquery_table.main[0]: Refreshing state... [id=gl-ivankorniienko-seed:sample_dataset.example_table] module.example.module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Refreshing state... [id=accessPolicies/609943399274/servicePerimeters/regular_perimeter_1] module.example.module.access_level_members.google_access_context_manager_access_level.access_level: Refreshing state... [id=accessPolicies/609943399274/accessLevels/terraform_members] module.example.module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Destroying... [id=accessPolicies/609943399274/servicePerimeters/regular_perimeter_1] module.example.module.bigquery.google_bigquery_table.main[0]: Destroying... [id=gl-ivankorniienko-seed:sample_dataset.example_table] module.example.module.access_level_members.google_access_context_manager_access_level.access_level: Destroying... [id=accessPolicies/609943399274/accessLevels/terraform_members] module.example.module.bigquery.google_bigquery_table.main[0]: Destruction complete after 1s module.example.module.bigquery.google_bigquery_dataset.main: Destroying... [id=gl-ivankorniienko-seed:sample_dataset] module.example.module.bigquery.google_bigquery_dataset.main: Destruction complete after 0s module.example.module.regular_service_perimeter_1.google_access_context_manager_service_perimeter.regular_service_perimeter: Destruction complete after 2s module.example.module.access_level_members.google_access_context_manager_access_level.access_level: Destruction complete after 3s module.example.module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Destroying... [id=609943399274] module.example.module.access_context_manager_policy.google_access_context_manager_access_policy.access_policy: Destruction complete after 2s Destroy complete! Resources: 5 destroyed. $$$$$$ Running command `terraform workspace select default` in directory /cft/workdir/test/fixtures/simple_example Switched to workspace "default". $$$$$$ Running command `terraform workspace delete kitchen-terraform-simple-example-local` in directory /cft/workdir/test/fixtures/simple_example Deleted workspace "kitchen-terraform-simple-example-local"! Finished destroying <simple-example-local> (0m9.41s). -----> Kitchen is finished. (0m10.88s) bash-4.4#

terraform-google-modules / terraform-google-vpc-service-controls