aherman
/
terraform
mirror of https://github.com/hashicorp/terraform
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'add-missing-variable-loading'
${ noResults }
terraform/internal/backend/remote-state/gcs
History
Daniel Banck a39e3bce32
make syncdeps 		2 months ago
..
README.md Add backend testing documentation (#37448) 8 months ago
backend.go make copyrightfix 2 months ago
backend_internal_test.go make copyrightfix 2 months ago
backend_state.go make copyrightfix 2 months ago
backend_test.go make copyrightfix 2 months ago
client.go make copyrightfix 2 months ago
go.mod make syncdeps 2 months ago
go.sum make syncdeps 2 months ago
path_or_contents.go make copyrightfix 2 months ago
path_or_contents_test.go make copyrightfix 2 months ago

README.md

How to test the gcs backend

Google Cloud resources needed for testing the backend

You will need access to a Google Cloud project that has Google Cloud Storage and Cloud Key Management Service (KMS) APIs enabled. You will need sufficient permissions to create and manage resources in those services: *IAM roles for Cloud Storage. *IAM roles for Cloud Key Management Service.

For HashiCorp employees, a temporary GCP project can be created for testing here.

No infrastructure needs to be set up within that project before running the tests for the gcs backend; tests will provision and delete GCS buckets and KMS keys themselves. However if you want to use service accounts for accessing the project you will need to create those.

Set up credentials and access

These instructions use application default credentials from a Google Account for simplicity. If you want to use a service account instead, see this documentation on how to create a key file and reference that file when providing credentials through environment variables.

  1. Run gcloud auth application-default login and log in with your Google Account when prompted in the browser. This will create a file at ~/.config/gcloud/application_default_credentials.json on your machine.
  2. Set these environment variables:
    • GOOGLE_CREDENTIALS=~/.config/gcloud/application_default_credentials.json (Required) - this file is created in the previous step.
    • GOOGLE_PROJECT=<project-id> (Required) - here, use the project id that you want to be linked to the GCS buckets created in the tests.
    • TF_ACC=1 (Required) - this signals that you're happy for the test to provision real infrastructure.
    • GOOGLE_REGION=<region> (Required) - This region name is used to set the region of the GCS bucket and the region that customer-managed encryption keys are created in. If in doubt, use "us-central1".

Run the tests!

Run tests in the internal/backend/remote-state/gcs package with the above environment variables set. If any errors indicate an issue with credentials or permissions, please review how you're providing credentials to the code and whether sufficient permissions are present.