From 9259270d0cfcbe611a951a8af41e9bd1706934ea Mon Sep 17 00:00:00 2001 From: hezijie Date: Tue, 2 Jan 2024 15:05:51 +0800 Subject: [PATCH] try to make 202-mlmsev testable --- .../compute.tf | 2 +- .../main.tf | 9 ++- .../prequisite/main.tf | 61 +++++++++++++++++++ .../prequisite/outputs.tf | 52 ++++++++++++++++ .../prequisite/variables.tf | 5 ++ .../prequisite/versions.tf | 18 ++++++ .../terragrunt.hcl | 34 +++++++++++ .../variables.tf | 1 + .../workspace.tf | 14 ++--- test/e2e/quickstart_test.go | 31 ++++++++-- 10 files changed, 213 insertions(+), 14 deletions(-) create mode 100644 quickstart/202-machine-learning-moderately-secure-existing-VNet/prequisite/main.tf create mode 100644 quickstart/202-machine-learning-moderately-secure-existing-VNet/prequisite/outputs.tf create mode 100644 quickstart/202-machine-learning-moderately-secure-existing-VNet/prequisite/variables.tf create mode 100644 quickstart/202-machine-learning-moderately-secure-existing-VNet/prequisite/versions.tf create mode 100644 quickstart/202-machine-learning-moderately-secure-existing-VNet/terragrunt.hcl diff --git a/quickstart/202-machine-learning-moderately-secure-existing-VNet/compute.tf b/quickstart/202-machine-learning-moderately-secure-existing-VNet/compute.tf index c8ddab0f..9a66eda3 100644 --- a/quickstart/202-machine-learning-moderately-secure-existing-VNet/compute.tf +++ b/quickstart/202-machine-learning-moderately-secure-existing-VNet/compute.tf @@ -3,7 +3,7 @@ resource "random_string" "ci_prefix" { length = 8 upper = false special = false - number = false + numeric = false } # Compute instance diff --git a/quickstart/202-machine-learning-moderately-secure-existing-VNet/main.tf b/quickstart/202-machine-learning-moderately-secure-existing-VNet/main.tf index 8b59d811..d74d3adf 100644 --- a/quickstart/202-machine-learning-moderately-secure-existing-VNet/main.tf +++ b/quickstart/202-machine-learning-moderately-secure-existing-VNet/main.tf @@ -4,11 +4,16 @@ terraform { required_providers { azurerm = { source = "hashicorp/azurerm" - version = "=2.78.0" + version = ">=2.78.0, <3.0" } azureml = { - source = "registry.terraform.io/Telemaco019/azureml" + source = "registry.terraform.io/orobix/azureml" + version = "0.0.5" + } + random = { + source = "hashicorp/random" + version = "3.6.0" } } } diff --git a/quickstart/202-machine-learning-moderately-secure-existing-VNet/prequisite/main.tf b/quickstart/202-machine-learning-moderately-secure-existing-VNet/prequisite/main.tf new file mode 100644 index 00000000..89fc543c --- /dev/null +++ b/quickstart/202-machine-learning-moderately-secure-existing-VNet/prequisite/main.tf @@ -0,0 +1,61 @@ +resource "random_string" "suffix" { + length = 6 + special = false + upper = false +} + +resource "azurerm_resource_group" "network" { + location = var.location + name = "rg-202-mlmsev-network-${random_string.suffix.result}" +} + +resource "azurerm_virtual_network" "vnet" { + address_space = ["192.168.0.0/16"] + location = azurerm_resource_group.network.location + name = "202-mlmsev-vnet" + resource_group_name = azurerm_resource_group.network.name +} + +locals { + subnet_names = [ + "training", + "aks", + "ml", + ] +} + +resource "azurerm_subnet" "subnet" { + count = length(local.subnet_names) + + address_prefixes = [cidrsubnet("192.168.0.0/16", 8, count.index)] + name = local.subnet_names[count.index] + resource_group_name = azurerm_resource_group.network.name + virtual_network_name = azurerm_virtual_network.vnet.name +} + +locals { + private_dns_names = toset([ + "privatelink.api.azureml.ms", + "privatelink.azurecr.io", + "privatelink.notebooks.azure.net", + "privatelink.blob.core.windows.net", + "privatelink.file.core.windows.net", + "privatelink.vaultcore.azure.net", + ]) +} + +resource "azurerm_private_dns_zone" "private_dns_zone" { + for_each = local.private_dns_names + + name = each.value + resource_group_name = azurerm_resource_group.network.name +} + +resource "azurerm_private_dns_zone_virtual_network_link" "link" { + for_each = local.private_dns_names + + name = each.value + private_dns_zone_name = azurerm_private_dns_zone.private_dns_zone[each.value].name + resource_group_name = azurerm_resource_group.network.name + virtual_network_id = azurerm_virtual_network.vnet.id +} \ No newline at end of file diff --git a/quickstart/202-machine-learning-moderately-secure-existing-VNet/prequisite/outputs.tf b/quickstart/202-machine-learning-moderately-secure-existing-VNet/prequisite/outputs.tf new file mode 100644 index 00000000..262b366b --- /dev/null +++ b/quickstart/202-machine-learning-moderately-secure-existing-VNet/prequisite/outputs.tf @@ -0,0 +1,52 @@ +output "aks_subnet_name" { + description = "Name of the existing aks subnet" + value = azurerm_subnet.subnet[index(local.subnet_names, "aks")].name +} + +output "ml_subnet_name" { + description = "Name of the existing ML workspace subnet" + value = azurerm_subnet.subnet[index(local.subnet_names, "ml")].name +} + +output "privatelink_api_azureml_ms_resource_id" { + description = "Resource ID of the existing privatelink.api.azureml.ms private dns zone" + value = azurerm_private_dns_zone.private_dns_zone["privatelink.api.azureml.ms"].id +} + +output "privatelink_azurecr_io_resource_id" { + description = "Resource ID of the existing privatelink.azurecr.io private dns zone" + value = azurerm_private_dns_zone.private_dns_zone["privatelink.azurecr.io"].id +} + +output "privatelink_blob_core_windows_net_resource_id" { + description = "Resource ID of the existing privatelink.blob.core.windows.net private dns zone" + value = azurerm_private_dns_zone.private_dns_zone["privatelink.blob.core.windows.net"].id +} + +output "privatelink_file_core_windows_net_resource_id" { + description = "Resource ID of the existing privatelink.file.core.windows.net private dns zone" + value = azurerm_private_dns_zone.private_dns_zone["privatelink.file.core.windows.net"].id +} + +output "privatelink_notebooks_azure_net_resource_id" { + description = "Resource ID of the existing privatelink.notebooks.azure.net private dns zone" + value = azurerm_private_dns_zone.private_dns_zone["privatelink.notebooks.azure.net"].id +} + +output "privatelink_vaultcore_azure_net_resource_id" { + description = "Resource ID of the existing privatelink.vaultcore.azure.net private dns zone" + value = azurerm_private_dns_zone.private_dns_zone["privatelink.vaultcore.azure.net"].id +} + +output "training_subnet_name" { + description = "Name of the existing training subnet" + value = azurerm_subnet.subnet[index(local.subnet_names, "training")].name +} + +output vnet_name { + value = azurerm_virtual_network.vnet.name +} + +output "resource_group_name" { + value = azurerm_resource_group.network.name +} \ No newline at end of file diff --git a/quickstart/202-machine-learning-moderately-secure-existing-VNet/prequisite/variables.tf b/quickstart/202-machine-learning-moderately-secure-existing-VNet/prequisite/variables.tf new file mode 100644 index 00000000..2a6c1ccc --- /dev/null +++ b/quickstart/202-machine-learning-moderately-secure-existing-VNet/prequisite/variables.tf @@ -0,0 +1,5 @@ +variable "location" { + type = string + default = "East US" + description = "Location of the resources" +} diff --git a/quickstart/202-machine-learning-moderately-secure-existing-VNet/prequisite/versions.tf b/quickstart/202-machine-learning-moderately-secure-existing-VNet/prequisite/versions.tf new file mode 100644 index 00000000..ba14ecaf --- /dev/null +++ b/quickstart/202-machine-learning-moderately-secure-existing-VNet/prequisite/versions.tf @@ -0,0 +1,18 @@ +terraform { + required_version = ">=1.0" + + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = ">=2.78.0, <3.0" + } + random = { + source = "hashicorp/random" + version = "3.6.0" + } + } +} + +provider "azurerm" { + features {} +} \ No newline at end of file diff --git a/quickstart/202-machine-learning-moderately-secure-existing-VNet/terragrunt.hcl b/quickstart/202-machine-learning-moderately-secure-existing-VNet/terragrunt.hcl new file mode 100644 index 00000000..e7835be7 --- /dev/null +++ b/quickstart/202-machine-learning-moderately-secure-existing-VNet/terragrunt.hcl @@ -0,0 +1,34 @@ +include "network" { + path = "../../quickstart-setup/202-machine-learning-moderately-secure-existing-VNet/terragrunt.hcl" +} + +dependency "network" { + config_path = "../../quickstart-setup/202-machine-learning-moderately-secure-existing-VNet" + mock_outputs = { + vnet_name = "vnet" + resource_group_name = "rg" + training_subnet_name = "training" + aks_subnet_name = "aks" + ml_subnet_name = "ml" + privatelink_api_azureml_ms_resource_id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.Network/privateDnsZones/zone1" + privatelink_azurecr_io_resource_id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.Network/privateDnsZones/zone1" + privatelink_notebooks_azure_net_resource_id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.Network/privateDnsZones/zone1" + privatelink_blob_core_windows_net_resource_id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.Network/privateDnsZones/zone1" + privatelink_file_core_windows_net_resource_id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.Network/privateDnsZones/zone1" + privatelink_vaultcore_azure_net_resource_id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.Network/privateDnsZones/zone1" + } +} + +inputs = { + vnet_name = dependency.network.outputs.vnet_name + vnet_resource_group_name = dependency.network.outputs.resource_group_name + training_subnet_name = dependency.network.outputs.training_subnet_name + aks_subnet_name = dependency.network.outputs.aks_subnet_name + ml_subnet_name = dependency.network.outputs.ml_subnet_name + privatelink_api_azureml_ms_resource_id = dependency.network.outputs.privatelink_api_azureml_ms_resource_id + privatelink_azurecr_io_resource_id = dependency.network.outputs.privatelink_azurecr_io_resource_id + privatelink_notebooks_azure_net_resource_id = dependency.network.outputs.privatelink_notebooks_azure_net_resource_id + privatelink_blob_core_windows_net_resource_id = dependency.network.outputs.privatelink_blob_core_windows_net_resource_id + privatelink_file_core_windows_net_resource_id = dependency.network.outputs.privatelink_file_core_windows_net_resource_id + privatelink_vaultcore_azure_net_resource_id = dependency.network.outputs.privatelink_vaultcore_azure_net_resource_id +} \ No newline at end of file diff --git a/quickstart/202-machine-learning-moderately-secure-existing-VNet/variables.tf b/quickstart/202-machine-learning-moderately-secure-existing-VNet/variables.tf index 6abe1b18..30c050cf 100644 --- a/quickstart/202-machine-learning-moderately-secure-existing-VNet/variables.tf +++ b/quickstart/202-machine-learning-moderately-secure-existing-VNet/variables.tf @@ -1,6 +1,7 @@ variable "name" { type = string description = "Name of the deployment" + default = "202mlmsev" } variable "environment" { diff --git a/quickstart/202-machine-learning-moderately-secure-existing-VNet/workspace.tf b/quickstart/202-machine-learning-moderately-secure-existing-VNet/workspace.tf index 8d7d66c6..61e591b1 100644 --- a/quickstart/202-machine-learning-moderately-secure-existing-VNet/workspace.tf +++ b/quickstart/202-machine-learning-moderately-secure-existing-VNet/workspace.tf @@ -21,12 +21,12 @@ resource "azurerm_key_vault" "default" { } resource "azurerm_storage_account" "default" { - name = "st${var.name}${var.environment}" - location = azurerm_resource_group.default.location - resource_group_name = azurerm_resource_group.default.name - account_tier = "Standard" - account_replication_type = "GRS" - allow_nested_items_to_be_public = false + name = "st${var.name}${var.environment}" + location = azurerm_resource_group.default.location + resource_group_name = azurerm_resource_group.default.name + account_tier = "Standard" + account_replication_type = "GRS" + allow_blob_public_access = false network_rules { default_action = "Deny" @@ -150,7 +150,7 @@ resource "azurerm_private_endpoint" "mlw_ple" { subnet_id = data.azurerm_subnet.ml.id private_dns_zone_group { - name = "private-dns-zone-group" + name = "private-dns-zone-group" private_dns_zone_ids = [ var.privatelink_api_azureml_ms_resource_id, var.privatelink_notebooks_azure_net_resource_id diff --git a/test/e2e/quickstart_test.go b/test/e2e/quickstart_test.go index a00e2547..30142f84 100644 --- a/test/e2e/quickstart_test.go +++ b/test/e2e/quickstart_test.go @@ -8,18 +8,18 @@ import ( "strings" "testing" + helper "github.com/Azure/terraform-module-test-helper" "github.com/gruntwork-io/terratest/modules/files" "github.com/gruntwork-io/terratest/modules/packer" + "github.com/gruntwork-io/terratest/modules/terraform" test_structure "github.com/gruntwork-io/terratest/modules/test-structure" "github.com/stretchr/testify/require" - - helper "github.com/Azure/terraform-module-test-helper" - "github.com/gruntwork-io/terratest/modules/terraform" ) var speicalTests = map[string]func(*testing.T){ - "quickstart/201-vmss-packer-jumpbox": test201VmssPackerJumpbox, "quickstart/101-virtual-network-manager-create-management-group-scope": test101VirtualNetworkManagerCreateManagementGroupScope, + "quickstart/201-vmss-packer-jumpbox": test201VmssPackerJumpbox, + "quickstart/202-machine-learning-moderately-secure-existing-VNet": Test202machineLearningModeratelySecureExistingVnet, } func Test_Quickstarts(t *testing.T) { @@ -174,6 +174,29 @@ func test101VirtualNetworkManagerCreateManagementGroupScope(t *testing.T) { }, nil) } +func Test202machineLearningModeratelySecureExistingVnet(t *testing.T) { + rootPath := filepath.Join("..", "..") + examplePath := filepath.Join("quickstart", "202-machine-learning-moderately-secure-existing-VNet") + prequistePath := filepath.Join(examplePath, "prequisite") + helper.RunE2ETest(t, rootPath, prequistePath, terraform.Options{}, func(t *testing.T, output helper.TerraformOutput) { + helper.RunE2ETest(t, rootPath, examplePath, terraform.Options{ + Vars: map[string]interface{}{ + "vnet_name": output["vnet_name"], + "vnet_resource_group_name": output["resource_group_name"], + "training_subnet_name": output["training_subnet_name"], + "aks_subnet_name": output["aks_subnet_name"], + "ml_subnet_name": output["ml_subnet_name"], + "privatelink_api_azureml_ms_resource_id": output["privatelink_api_azureml_ms_resource_id"], + "privatelink_azurecr_io_resource_id": output["privatelink_azurecr_io_resource_id"], + "privatelink_notebooks_azure_net_resource_id": output["privatelink_notebooks_azure_net_resource_id"], + "privatelink_blob_core_windows_net_resource_id": output["privatelink_blob_core_windows_net_resource_id"], + "privatelink_file_core_windows_net_resource_id": output["privatelink_file_core_windows_net_resource_id"], + "privatelink_vaultcore_azure_net_resource_id": output["privatelink_vaultcore_azure_net_resource_id"], + }, + }, nil) + }) +} + func removeDuplicates(s []string) []string { m := make(map[string]struct{}) result := []string{}