fix: Update precondition for BASIC tier (#20)

The `BASIC` tier precondition failed due to an incorrect truth
table. The condition has been updated and a test case added to
validate a `BASIC` tier use-case.

Refs: #DEVOP-4801

Signed-off-by: Christian Witts <christian@honestbank.com>

examples/create_redis_basic_instance/README.md

@@ -0,0 +1,47 @@
+<!-- BEGIN_TF_DOCS -->
+## Requirements
+
+| Name | Version |
+|------|---------|
+| <a name="requirement_google"></a> [google](#requirement\_google) | ~> 4.0 |
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_random"></a> [random](#provider\_random) | 3.6.2 |
+
+## Modules
+
+| Name | Source | Version |
+|------|--------|---------|
+| <a name="module_google_compute_global_address_private_ip_address"></a> [google\_compute\_global\_address\_private\_ip\_address](#module\_google\_compute\_global\_address\_private\_ip\_address) | git::https://github.com/honestbank/terraform-gcp-sql.git//modules/google_compute_global_address | v1.1.1 |
+| <a name="module_google_service_networking_connection_private_vpc_connection"></a> [google\_service\_networking\_connection\_private\_vpc\_connection](#module\_google\_service\_networking\_connection\_private\_vpc\_connection) | git::https://github.com/honestbank/terraform-gcp-sql.git//modules/google_service_networking_connection | v1.1.1 |
+| <a name="module_private_network"></a> [private\_network](#module\_private\_network) | git::https://github.com/honestbank/terraform-gcp-sql.git//modules/google_compute_network | v1.1.1 |
+| <a name="module_redis_instance"></a> [redis\_instance](#module\_redis\_instance) | ../../modules/memstore_redis | n/a |
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [random_id.instance_suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) | resource |
+
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| <a name="input_google_credentials"></a> [google\_credentials](#input\_google\_credentials) | (Required) Currently the only supported service account credentials are credentials downloaded from Cloud Console or generated by gcloud | `string` | n/a | yes |
+| <a name="input_google_project"></a> [google\_project](#input\_google\_project) | (Required) this field should be your personal project id. The project indicates the default GCP project all of your resources will be created in. Most Terraform resources will have a project field | `string` | n/a | yes |
+| <a name="input_google_region"></a> [google\_region](#input\_google\_region) | (Required) The region will be used to choose the default location for regional resources. Regional resources are spread across several zones. | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| <a name="output_host"></a> [host](#output\_host) | The IP address of the Redis instance. |
+| <a name="output_id"></a> [id](#output\_id) | n/a |
+| <a name="output_name"></a> [name](#output\_name) | The name of the Redis instance. |
+| <a name="output_port"></a> [port](#output\_port) | The port of the Redis instance. |
+| <a name="output_read_endpoint"></a> [read\_endpoint](#output\_read\_endpoint) | The IP address of the Redis instance. |
+| <a name="output_read_endpoint_port"></a> [read\_endpoint\_port](#output\_read\_endpoint\_port) | The port of the Redis instance. |
+<!-- END_TF_DOCS -->

examples/create_redis_basic_instance/main.tf

@@ -0,0 +1,57 @@
+terraform {
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 4.0"
+    }
+  }
+}
+
+
+resource "random_id" "instance_suffix" {
+  byte_length = 4
+}
+
+module "private_network" {
+  #checkov:skip=CKV_TF_1:We use the version tag instead of the commit hash
+  #checkov:skip=CKV2_GCP_18:We ignore the creation of firewall rules
+  source = "git::https://github.com/honestbank/terraform-gcp-sql.git//modules/google_compute_network?ref=v1.1.1"
+  name   = "test-redis-terraform-${random_id.instance_suffix.hex}"
+}
+
+module "google_compute_global_address_private_ip_address" {
+  #checkov:skip=CKV_TF_1:We use the version tag instead of the commit hash
+  source = "git::https://github.com/honestbank/terraform-gcp-sql.git//modules/google_compute_global_address?ref=v1.1.1"
+
+  name          = "redis-pip-${random_id.instance_suffix.hex}"
+  purpose       = "VPC_PEERING"
+  address_type  = "INTERNAL"
+  prefix_length = 16
+  network       = module.private_network.id
+}
+
+module "google_service_networking_connection_private_vpc_connection" {
+  #checkov:skip=CKV_TF_1:We use the version tag instead of the commit hash
+  source = "git::https://github.com/honestbank/terraform-gcp-sql.git//modules/google_service_networking_connection?ref=v1.1.1"
+
+  network                 = module.private_network.id
+  service                 = "servicenetworking.googleapis.com"
+  reserved_peering_ranges = [module.google_compute_global_address_private_ip_address.name]
+}
+
+module "redis_instance" {
+  source      = "../../modules/memstore_redis"
+  memory_size = 1
+
+  depends_on = [module.google_service_networking_connection_private_vpc_connection]
+
+  name                  = "redis-test-${random_id.instance_suffix.hex}"
+  region                = "asia-southeast2"
+  zone                  = "a"
+  alternative_zone      = "b"
+  redis_version         = "REDIS_6_X"
+  network_id            = module.private_network.id
+  tier                  = "BASIC"
+  replicas              = 0
+  read_replicas_enabled = false
+}

examples/create_redis_basic_instance/outputs.tf

@@ -0,0 +1,27 @@
+output "id" {
+  value = module.redis_instance.id
+}
+
+output "name" {
+  value       = module.redis_instance.name
+  description = "The name of the Redis instance."
+}
+
+output "host" {
+  value       = module.redis_instance.host
+  description = "The IP address of the Redis instance."
+}
+
+output "port" {
+  value       = module.redis_instance.port
+  description = "The port of the Redis instance."
+}
+
+output "read_endpoint" {
+  value       = module.redis_instance.read_endpoint
+  description = "The IP address of the Redis instance."
+}
+output "read_endpoint_port" {
+  value       = module.redis_instance.read_endpoint_port
+  description = "The port of the Redis instance."
+}

examples/create_redis_basic_instance/providers.tf

@@ -0,0 +1,31 @@
+# Do not alias this provider - it seems that Terraform or Google requires at least
+# one 'google' provider without an alias, otherwise it complains about the 'google'
+# provider being missing.
+
+provider "google" {
+  project     = var.google_project
+  region      = var.google_region
+  credentials = var.google_credentials
+
+  scopes = [
+    # Default scopes
+    "https://www.googleapis.com/auth/compute",
+    "https://www.googleapis.com/auth/cloud-platform",
+    "https://www.googleapis.com/auth/ndev.clouddns.readwrite",
+    "https://www.googleapis.com/auth/devstorage.full_control",
+
+    # Cloud SQL Admin API, v1beta4
+    "https://www.googleapis.com/auth/sqlservice.admin",
+    "https://www.googleapis.com/auth/cloud-platform",
+
+    # Required for google_client_openid_userinfo
+    "https://www.googleapis.com/auth/userinfo.email",
+  ]
+}
+
+provider "google" {
+  alias       = "vpc"
+  project     = var.google_project
+  region      = var.google_region
+  credentials = var.google_credentials
+}

examples/create_redis_basic_instance/variables-providers.tf

@@ -0,0 +1,14 @@
+variable "google_project" {
+  description = "(Required) this field should be your personal project id. The project indicates the default GCP project all of your resources will be created in. Most Terraform resources will have a project field"
+  type        = string
+}
+
+variable "google_region" {
+  description = "(Required) The region will be used to choose the default location for regional resources. Regional resources are spread across several zones."
+  type        = string
+}
+
+variable "google_credentials" {
+  description = "(Required) Currently the only supported service account credentials are credentials downloaded from Cloud Console or generated by gcloud"
+  type        = string
+}

modules/memstore_redis/main.tf

@@ -36,7 +36,7 @@ resource "google_redis_instance" "cache" {
       error_message = "Read replicas cannot be enabled with less than 5GB of memory."
     }
     precondition {
-      condition     = ((var.tier == "BASIC" && (var.replicas != 0 || var.read_replicas_enabled)) || var.tier == "STANDARD_HA")
+      condition     = ((var.tier == "BASIC" && var.replicas == 0 && var.read_replicas_enabled == false) || var.tier == "STANDARD_HA")
       error_message = "Read replicas are not supported on the BASIC tier."
     }
     precondition {

test/main_test.go

@@ -45,3 +45,41 @@ func TestTerraformCreateGCPMemstore(t *testing.T) {
 	})
 
 }
+
+func TestTerraformCreateGCPMemstoreBasic(t *testing.T) {
+	t.Parallel()
+
+	t.Run("create BASIC tier Redis with public ip", func(t *testing.T) {
+		t.Parallel()
+
+		testDirectory := test_structure.CopyTerraformFolderToTemp(t, "..", "examples/create_redis_basic_instance")
+
+		// retryable errors in terraform testing.
+		terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{
+			TerraformDir: testDirectory,
+			Vars: map[string]interface{}{
+				"google_region": "asia-southeast2",
+			},
+		})
+
+		defer terraform.Destroy(t, terraformOptions)
+
+		terraform.InitAndApply(t, terraformOptions)
+
+		var output string
+
+		output = terraform.Output(t, terraformOptions, "id")
+		assert.NotEmpty(t, output)
+
+		output = terraform.Output(t, terraformOptions, "name")
+		assert.NotEmpty(t, output)
+
+		output = terraform.Output(t, terraformOptions, "host")
+		assert.NotEmpty(t, output)
+
+		output = terraform.Output(t, terraformOptions, "port")
+		assert.NotEmpty(t, output)
+
+	})
+
+}