Add tests for CloudSQL backup module

build/int.cloudbuild.yaml

@@ -155,6 +155,38 @@ steps:
     name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
     args: ['/bin/bash', '-c', 'cft test run TestPostgreSqlPublicIamModule --stage teardown --verbose']
 
+  - id: apply mysql-backup-local
+    waitFor:
+      - init-all
+    name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+    args: ['/bin/bash', '-c', 'cft test run TestMySqlBackupModuleCreateServiceAccount --stage apply --verbose']
+  - id: verify mysql-backup-local
+    waitFor:
+      - apply mysql-backup-local
+    name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+    args: ['/bin/bash', '-c', 'cft test run TestMySqlBackupModuleCreateServiceAccount --stage verify --verbose']
+  - id: teardown mysql-backup-local
+    waitFor:
+      - verify mysql-backup-local
+    name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+    args: ['/bin/bash', '-c', 'cft test run TestMySqlBackupModuleCreateServiceAccount --stage teardown --verbose']
+
+  - id: apply postgresql-backup-local
+    waitFor:
+      - init-all
+    name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+    args: ['/bin/bash', '-c', 'cft test run TestPostgresqlBackupModuleProvidedServiceAccount --stage apply --verbose']
+  - id: verify postgresql-backup-local
+    waitFor:
+      - apply postgresql-backup-local
+    name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+    args: ['/bin/bash', '-c', 'cft test run TestPostgresqlBackupModuleProvidedServiceAccount --stage verify --verbose']
+  - id: teardown postgresql-backup-local
+    waitFor:
+      - verify postgresql-backup-local
+    name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+    args: ['/bin/bash', '-c', 'cft test run TestPostgresqlBackupModuleProvidedServiceAccount --stage teardown --verbose']
+
 tags:
   - 'ci'
   - 'integration'

examples/mysql-backup-create-service-account/README.md

@@ -0,0 +1,43 @@
+# Cloud SQL Database Backup Example
+
+This example shows how to create:
+
+- a SQL Instance
+- A GCS Bucket for storing the Backup
+- The Workflows for exports (external backups) and (internal) backups
+
+## Run Terraform
+
+Create resources with terraform:
+
+```bash
+terraform init
+terraform plan
+terraform apply
+```
+
+To remove all resources created by terraform:
+
+```bash
+terraform destroy
+```
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_authorized_networks"></a> [authorized\_networks](#input\_authorized\_networks) | List of mapped public networks authorized to access to the instances. Default - short range of GCP health-checkers IPs | `list(map(string))` | <pre>[<br>  {<br>    "name": "sample-gcp-health-checkers-range",<br>    "value": "130.211.0.0/28"<br>  }<br>]</pre> | no |
+| <a name="input_db_name"></a> [db\_name](#input\_db\_name) | The name of the SQL Database instance | `string` | `"example-mysql-public"` | no |
+| <a name="input_project_id"></a> [project\_id](#input\_project\_id) | The ID of the project in which resources will be provisioned. | `string` | n/a | yes |
+| <a name="input_region"></a> [region](#input\_region) | The region of the Cloud SQL resources | `string` | `"us-central1"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_backup_workflow_name"></a> [backup\_workflow\_name](#output\_backup\_workflow\_name) | The name for internal backup workflow |
+| <a name="output_export_workflow_name"></a> [export\_workflow\_name](#output\_export\_workflow\_name) | The name for export workflow |
+| <a name="output_instance_name"></a> [instance\_name](#output\_instance\_name) | The name of the SQL instance |
+| <a name="output_project_id"></a> [project\_id](#output\_project\_id) | The project ID used |
+| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | The service account email running the scheduler and workflow |
+| <a name="output_workflow_location"></a> [workflow\_location](#output\_workflow\_location) | The location where the workflows run |

examples/mysql-backup-create-service-account/main.tf

@@ -0,0 +1,54 @@
+/**
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+module "mysql" {
+  source               = "../../modules/mysql"
+  name                 = var.db_name
+  database_version     = "MYSQL_8_0"
+  random_instance_name = true
+  project_id           = var.project_id
+  zone                 = "${var.region}-a"
+  region               = var.region
+  deletion_protection  = false
+
+  ip_configuration = {
+    ipv4_enabled        = true
+    private_network     = null
+    require_ssl         = true
+    allocated_ip_range  = null
+    authorized_networks = var.authorized_networks
+  }
+}
+
+resource "google_storage_bucket" "backup" {
+  name     = "${module.mysql.instance_name}-backup"
+  location = var.region
+  # TODO: don't use force_destroy for production this is just required for testing
+  force_destroy = true
+  project       = var.project_id
+}
+
+module "backup" {
+  source                = "../../modules/backup"
+  region                = var.region
+  project_id            = var.project_id
+  sql_instance          = module.mysql.instance_name
+  export_databases      = []
+  export_uri            = google_storage_bucket.backup.url
+  backup_retention_time = 1
+  backup_schedule       = "5 * * * *"
+  export_schedule       = "10 * * * *"
+}

examples/mysql-backup-create-service-account/outputs.tf

@@ -0,0 +1,45 @@
+/**
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "backup_workflow_name" {
+  value       = module.backup.backup_workflow_name
+  description = "The name for internal backup workflow"
+}
+
+output "export_workflow_name" {
+  value       = module.backup.export_workflow_name
+  description = "The name for export workflow"
+}
+
+output "project_id" {
+  value       = var.project_id
+  description = "The project ID used"
+}
+
+output "service_account" {
+  value       = module.backup.service_account
+  description = "The service account email running the scheduler and workflow"
+}
+
+output "workflow_location" {
+  value       = var.region
+  description = "The location where the workflows run"
+}
+
+output "instance_name" {
+  value       = module.mysql.instance_name
+  description = "The name of the SQL instance"
+}

examples/mysql-backup-create-service-account/variables.tf

@@ -0,0 +1,40 @@
+/**
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "project_id" {
+  description = "The ID of the project in which resources will be provisioned."
+  type        = string
+}
+
+variable "db_name" {
+  description = "The name of the SQL Database instance"
+  default     = "example-mysql-public"
+}
+
+variable "authorized_networks" {
+  default = [{
+    name  = "sample-gcp-health-checkers-range"
+    value = "130.211.0.0/28"
+  }]
+  type        = list(map(string))
+  description = "List of mapped public networks authorized to access to the instances. Default - short range of GCP health-checkers IPs"
+}
+
+variable "region" {
+  description = "The region of the Cloud SQL resources"
+  type        = string
+  default     = "us-central1"
+}

examples/mysql-backup-create-service-account/versions.tf

@@ -0,0 +1,20 @@
+/**
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+  required_version = ">=0.12.6"
+}
+

examples/postgresql-backup-provided-service-account/README.md

@@ -0,0 +1,43 @@
+# Cloud SQL Database Backup Example
+
+This example shows how to create:
+
+- a SQL Instance
+- A GCS Bucket for storing the Backup
+- The Workflows for exports (external backups) and (internal) backups
+
+## Run Terraform
+
+Create resources with terraform:
+
+```bash
+terraform init
+terraform plan
+terraform apply
+```
+
+To remove all resources created by terraform:
+
+```bash
+terraform destroy
+```
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_authorized_networks"></a> [authorized\_networks](#input\_authorized\_networks) | List of mapped public networks authorized to access to the instances. Default - short range of GCP health-checkers IPs | `list(map(string))` | <pre>[<br>  {<br>    "name": "sample-gcp-health-checkers-range",<br>    "value": "130.211.0.0/28"<br>  }<br>]</pre> | no |
+| <a name="input_db_name"></a> [db\_name](#input\_db\_name) | The name of the SQL Database instance | `string` | `"example-mysql-public"` | no |
+| <a name="input_project_id"></a> [project\_id](#input\_project\_id) | The ID of the project in which resources will be provisioned. | `string` | n/a | yes |
+| <a name="input_region"></a> [region](#input\_region) | The region of the Cloud SQL resources | `string` | `"us-central1"` | no |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_backup_workflow_name"></a> [backup\_workflow\_name](#output\_backup\_workflow\_name) | The name for internal backup workflow |
+| <a name="output_export_workflow_name"></a> [export\_workflow\_name](#output\_export\_workflow\_name) | The name for export workflow |
+| <a name="output_instance_name"></a> [instance\_name](#output\_instance\_name) | The name of the SQL instance |
+| <a name="output_project_id"></a> [project\_id](#output\_project\_id) | The project ID used |
+| <a name="output_service_account"></a> [service\_account](#output\_service\_account) | The service account email running the scheduler and workflow |
+| <a name="output_workflow_location"></a> [workflow\_location](#output\_workflow\_location) | The location where the workflows run |

examples/postgresql-backup-provided-service-account/main.tf

@@ -0,0 +1,61 @@
+/**
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+module "postgresql" {
+  source               = "../../modules/postgresql"
+  name                 = var.db_name
+  random_instance_name = true
+  database_version     = "POSTGRES_9_6"
+  project_id           = var.project_id
+  zone                 = "${var.region}-a"
+  region               = var.region
+  tier                 = "db-custom-1-3840"
+
+  deletion_protection = false
+
+  ip_configuration = {
+    ipv4_enabled        = true
+    private_network     = null
+    require_ssl         = true
+    allocated_ip_range  = null
+    authorized_networks = var.authorized_networks
+  }
+}
+
+resource "google_storage_bucket" "backup" {
+  name     = "${module.postgresql.instance_name}-backup"
+  location = var.region
+  # TODO: don't use force_destroy for production this is just required for testing
+  force_destroy = true
+  project       = var.project_id
+}
+
+module "backup" {
+  source                = "../../modules/backup"
+  region                = var.region
+  project_id            = var.project_id
+  sql_instance          = module.postgresql.instance_name
+  export_databases      = []
+  export_uri            = google_storage_bucket.backup.url
+  backup_retention_time = 1
+  backup_schedule       = "5 * * * *"
+  export_schedule       = "10 * * * *"
+  service_account       = "${data.google_project.test_project.number}-compute@developer.gserviceaccount.com"
+}
+
+data "google_project" "test_project" {
+  project_id = var.project_id
+}

examples/postgresql-backup-provided-service-account/outputs.tf

@@ -0,0 +1,45 @@
+/**
+ * Copyright 2019 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "backup_workflow_name" {
+  value       = module.backup.backup_workflow_name
+  description = "The name for internal backup workflow"
+}
+
+output "export_workflow_name" {
+  value       = module.backup.export_workflow_name
+  description = "The name for export workflow"
+}
+
+output "project_id" {
+  value       = var.project_id
+  description = "The project ID used"
+}
+
+output "service_account" {
+  value       = "${data.google_project.test_project.number}-compute@developer.gserviceaccount.com"
+  description = "The service account email running the scheduler and workflow"
+}
+
+output "workflow_location" {
+  value       = var.region
+  description = "The location where the workflows run"
+}
+
+output "instance_name" {
+  value       = module.postgresql.instance_name
+  description = "The name of the SQL instance"
+}