google-cloud-java icon indicating copy to clipboard operation
google-cloud-java copied to clipboard

Published 20 hours ago verified publisher icon googleapis

ci: Initial Terraform configurations (Work in Progress)

Open burkedavison opened this issue 2 years ago • 2 comments

See ./.terraform/test.sh for instructions.

These terraform configurations are (currently) designed to create and destroy a new GCP project for each module being tested. To run the script, you must identify a GCP Folder ID in which the project(s) will be created, and a GCP Billing Account ID to assign to the created project(s).

This is a work in progress. We have not decided we want to do this, but it does offer full isolation between integration tests.

terraform and gcloud must be installed. Developed on MacOS. Not yet tested on Linux.

burkedavison avatar Sep 21 '22 19:09 burkedavison

Have you looked into how we will run it as part of CI/Kokoro? I guess we'll need to configure Kokoro service account to have permissions on the projects directory.

meltsufin avatar Sep 21 '22 20:09 meltsufin

Kokoro is part of the discussion, but not the current focus until we can iron out some of the issues currently being faced.

There are some issues with this create+destroy project workflow that I need to resolve; and we haven't made a clear decision yet on whether we want to continue down this path. If we choose to continue having Terraform create+destroy projects, then yes - we'd need to give Kokoro's service account project creation+deletion permissions and define a specific folder for it to use.

However, we could also choose to have a single project in which dedicated instances of resources (like database instances, network instances, etc) get created for each test; but this also has issues that would need to be resolved. (For example, we can't delete container networks due to GCE Enforcer firewall rule dependencies, so would that mean our java-container ITs litter the project with old networks, or would java-container be set up to use only a single network -- or would we have a set of networks that could be allocated+released to allow only a single owner at a time...)

On Wed, Sep 21, 2022 at 4:23 PM Mike Eltsufin @.***> wrote:

Have you looked into how we will run it as part of CI/Kokoro? I guess we'll need to configure Kokoro service account to have permissions on the products directory.

— Reply to this email directly, view it on GitHub https://github.com/googleapis/google-cloud-java/pull/8436#issuecomment-1254189406, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJV4PTUCYDEJ7DEWL2HBIUDV7NVCLANCNFSM6AAAAAAQSLS2XE . You are receiving this because you authored the thread.Message ID: @.***>

burkedavison avatar Sep 21 '22 20:09 burkedavison

See https://github.com/googleapis/google-cloud-java/pull/8555 for continuation of this effort.

burkedavison avatar Oct 25 '22 21:10 burkedavison