Merge remote-tracking branch 'upstreamz/master'

terraform-google-modules · Nov 9, 2019 · 366b5cb · 366b5cb
2 parents 23dc5cf + 03f0931
commit 366b5cb
Show file tree

Hide file tree

Showing 50 changed files with 154 additions and 271 deletions.
diff --git a/.dockerignore b/.dockerignore
diff --git a/.kitchen.yml b/.kitchen.yml
@@ -29,31 +29,15 @@ platforms:
   - name: local
 
 suites:
-# Disabled due to issue #274
-# (https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/274)
-#  - name: "deploy_service"
-#    driver:
-#      root_module_directory: test/fixtures/deploy_service
-#    verifier:
-#      systems:
-#        - name: deploy_service
-#          backend: local
   - name: "disable_client_cert"
     driver:
       root_module_directory: test/fixtures/disable_client_cert
     verifier:
       systems:
         - name: disable_client_cert
           backend: local
-# Disabled due to issue #274
-# (https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/274)
-#  - name: "node_pool"
-#    driver:
-#      root_module_directory: test/fixtures/node_pool
-#    verifier:
-#      systems:
-#        - name: node_pool
-#          backend: local
+          controls:
+            - gcloud
   - name: "shared_vpc"
     driver:
       root_module_directory: test/fixtures/shared_vpc
@@ -112,13 +96,18 @@ suites:
       systems:
         - name: simple_zonal_private
           backend: local
+          controls:
+            - gcloud
   - name: "stub_domains"
     driver:
       root_module_directory: test/fixtures/stub_domains
     verifier:
       systems:
         - name: stub_domains
           backend: local
+          controls:
+            - gcloud
+            - kubectl
 # Disabled due to issue #264
 # (https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/264)
 #  - name: stub_domains_private
@@ -148,6 +137,26 @@ suites:
       systems:
         - name: workload_metadata_config
           backend: local
+  - name: "deploy_service"
+    driver:
+      root_module_directory: test/fixtures/deploy_service
+    verifier:
+      systems:
+        - name: deploy_service
+          backend: local
+          controls:
+            - gcloud
+            - kubectl
+  - name: "node_pool"
+    driver:
+      root_module_directory: test/fixtures/node_pool
+    verifier:
+      systems:
+        - name: node_pool
+          backend: local
+          controls:
+            - gcloud
+            - kubectl
   - name: "sandbox_enabled"
     driver:
       root_module_directory: test/fixtures/sandbox_enabled

diff --git a/autogen/outputs.tf b/autogen/outputs.tf
@@ -154,4 +154,12 @@ output "release_channel" {
   description = "The release channel of this cluster"
   value       = var.release_channel
 }
+
+output "identity_namespace" {
+  description = "Workload Identity namespace"
+  value       = var.identity_namespace
+  depends_on = [
+    "google_container_cluster.primary"
+  ]
+}
 {% endif %}
diff --git a/autogen/versions.tf b/autogen/versions.tf
@@ -16,4 +16,12 @@
 
 terraform {
   required_version = ">= 0.12"
+
+  required_providers {
+{% if beta_cluster %}
+    google-beta = "~> 2.18.0"
+{% else %}
+    google = "~> 2.18.0"
+{% endif %}
+  }
 }
diff --git a/build/int.cloudbuild.yaml b/build/int.cloudbuild.yaml
@@ -241,6 +241,46 @@ steps:
     - verify workload-metadata-config-local
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
   args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy workload-metadata-config-local']
+- id: create deploy-service-local
+  waitFor:
+    - prepare
+  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+  args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create deploy-service-local']
+- id: converge deploy-service-local
+  waitFor:
+    - create deploy-service-local
+  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+  args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge deploy-service-local']
+- id: verify deploy-service-local
+  waitFor:
+    - converge deploy-service-local
+  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+  args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify deploy-service-local']
+- id: destroy deploy-service-local
+  waitFor:
+    - verify deploy-service-local
+  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+  args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy deploy-service-local']
+- id: create node-pool-local
+  waitFor:
+    - prepare
+  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+  args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create node-pool-local']
+- id: converge node-pool-local
+  waitFor:
+    - create node-pool-local
+  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+  args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge node-pool-local']
+- id: verify node-pool-local
+  waitFor:
+    - converge node-pool-local
+  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+  args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify node-pool-local']
+- id: destroy node-pool-local
+  waitFor:
+    - verify node-pool-local
+  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+  args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy node-pool-local']
 - id: create sandbox-enabled-local
   waitFor:
     - prepare
@@ -267,3 +307,5 @@ tags:
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
   _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.4.6'
+options:
+  machineType: 'N1_HIGHCPU_8'
diff --git a/examples/deploy_service/main.tf b/examples/deploy_service/main.tf
@@ -19,7 +19,7 @@ locals {
 }
 
 provider "google" {
-  version = "~> 2.12.0"
+  version = "~> 2.18.0"
   region  = var.region
 }
 

diff --git a/examples/disable_client_cert/README.md b/examples/disable_client_cert/README.md
@@ -12,7 +12,6 @@ This example illustrates how to create a simple cluster and disable deprecated s
 |------|-------------|:----:|:-----:|:-----:|
 | cluster\_name\_suffix | A suffix to append to the default cluster name | string | `""` | no |
 | compute\_engine\_service\_account | Service account to associate to the nodes in the cluster | string | n/a | yes |
-| credentials\_path | The path to the GCP credentials JSON file | string | n/a | yes |
 | ip\_range\_pods | The secondary ip range to use for pods | string | n/a | yes |
 | ip\_range\_services | The secondary ip range to use for pods | string | n/a | yes |
 | network | The VPC network to host the cluster in | string | n/a | yes |

diff --git a/examples/disable_client_cert/main.tf b/examples/disable_client_cert/main.tf
@@ -19,7 +19,7 @@ locals {
 }
 
 provider "google" {
-  version = "~> 2.12.0"
+  version = "~> 2.18.0"
   region  = var.region
 }
 

diff --git a/examples/disable_client_cert/variables.tf b/examples/disable_client_cert/variables.tf
@@ -18,10 +18,6 @@ variable "project_id" {
   description = "The project ID to host the cluster in"
 }
 
-variable "credentials_path" {
-  description = "The path to the GCP credentials JSON file"
-}
-
 variable "cluster_name_suffix" {
   description = "A suffix to append to the default cluster name"
   default     = ""

diff --git a/examples/node_pool_update_variant/main.tf b/examples/node_pool_update_variant/main.tf
@@ -19,7 +19,7 @@ locals {
 }
 
 provider "google" {
-  version = "~> 2.12.0"
+  version = "~> 2.18.0"
   region  = var.region
 }
 

diff --git a/examples/shared_vpc/main.tf b/examples/shared_vpc/main.tf
@@ -19,7 +19,7 @@ locals {
 }
 
 provider "google" {
-  version = "~> 2.12.0"
+  version = "~> 2.18.0"
   region  = var.region
 }
 

diff --git a/examples/simple_regional/main.tf b/examples/simple_regional/main.tf
@@ -19,7 +19,7 @@ locals {
 }
 
 provider "google" {
-  version = "~> 2.12.0"
+  version = "~> 2.18.0"
   region  = var.region
 }
 

diff --git a/examples/simple_regional_private/main.tf b/examples/simple_regional_private/main.tf
@@ -19,7 +19,7 @@ locals {
 }
 
 provider "google" {
-  version = "~> 2.12.0"
+  version = "~> 2.18.0"
   region  = var.region
 }
 

diff --git a/examples/simple_regional_private_beta/main.tf b/examples/simple_regional_private_beta/main.tf
@@ -19,9 +19,8 @@ locals {
 }
 
 provider "google-beta" {
-  version     = "~> 2.18.0"
-  credentials = file(var.credentials_path)
-  region      = var.region
+  version = "~> 2.18.0"
+  region  = var.region
 }
 
 data "google_compute_subnetwork" "subnetwork" {

diff --git a/examples/simple_regional_private_beta/test_outputs.tf b/examples/simple_regional_private_beta/test_outputs.tf
@@ -21,10 +21,6 @@ output "project_id" {
   value = var.project_id
 }
 
-output "credentials_path" {
-  value = var.credentials_path
-}
-
 output "region" {
   value = module.gke.region
 }

diff --git a/examples/simple_regional_private_beta/variables.tf b/examples/simple_regional_private_beta/variables.tf
@@ -18,10 +18,6 @@ variable "project_id" {
   description = "The project ID to host the cluster in"
 }
 
-variable "credentials_path" {
-  description = "The path to the GCP credentials JSON file"
-}
-
 variable "cluster_name_suffix" {
   description = "A suffix to append to the default cluster name"
   default     = ""

diff --git a/examples/simple_zonal/main.tf b/examples/simple_zonal/main.tf
@@ -19,7 +19,7 @@ locals {
 }
 
 provider "google" {
-  version = "~> 2.12.0"
+  version = "~> 2.18.0"
   region  = var.region
 }
 

diff --git a/examples/simple_zonal_private/main.tf b/examples/simple_zonal_private/main.tf
@@ -15,11 +15,11 @@
  */
 
 locals {
-  cluster_type = "simple-regional-private"
+  cluster_type = "simple-zonal-private"
 }
 
 provider "google" {
-  version = "~> 2.12.0"
+  version = "~> 2.18.0"
   region  = var.region
 }
 

diff --git a/examples/stub_domains/main.tf b/examples/stub_domains/main.tf
@@ -19,7 +19,7 @@ locals {
 }
 
 provider "google" {
-  version = "~> 2.12.0"
+  version = "~> 2.18.0"
   region  = var.region
 }
 

diff --git a/examples/stub_domains_private/main.tf b/examples/stub_domains_private/main.tf
@@ -15,14 +15,10 @@
  */
 
 provider "google" {
-  version = "~> 2.12.0"
+  version = "~> 2.18.0"
   region  = var.region
 }
 
-provider "random" {
-  version = "~> 2.1"
-}
-
 data "google_compute_subnetwork" "subnetwork" {
   name    = var.subnetwork
   project = var.project_id

diff --git a/examples/stub_domains_upstream_nameservers/main.tf b/examples/stub_domains_upstream_nameservers/main.tf
@@ -19,7 +19,7 @@ locals {
 }
 
 provider "google" {
-  version = "~> 2.12.0"
+  version = "~> 2.18.0"
   region  = var.region
 }
 

diff --git a/examples/upstream_nameservers/main.tf b/examples/upstream_nameservers/main.tf
@@ -19,7 +19,7 @@ locals {
 }
 
 provider "google" {
-  version = "~> 2.12.0"
+  version = "~> 2.18.0"
   region  = var.region
 }
 

diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md
@@ -212,6 +212,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | endpoint | Cluster endpoint |
 | horizontal\_pod\_autoscaling\_enabled | Whether horizontal pod autoscaling enabled |
 | http\_load\_balancing\_enabled | Whether http load balancing enabled |
+| identity\_namespace | Workload Identity namespace |
 | intranode\_visibility\_enabled | Whether intra-node visibility is enabled |
 | istio\_enabled | Whether Istio is enabled |
 | kubernetes\_dashboard\_enabled | Whether kubernetes dashboard enabled |

diff --git a/modules/beta-private-cluster-update-variant/outputs.tf b/modules/beta-private-cluster-update-variant/outputs.tf
@@ -153,3 +153,11 @@ output "release_channel" {
   description = "The release channel of this cluster"
   value       = var.release_channel
 }
+
+output "identity_namespace" {
+  description = "Workload Identity namespace"
+  value       = var.identity_namespace
+  depends_on = [
+    "google_container_cluster.primary"
+  ]
+}
diff --git a/modules/beta-private-cluster-update-variant/versions.tf b/modules/beta-private-cluster-update-variant/versions.tf
@@ -16,4 +16,8 @@
 
 terraform {
   required_version = ">= 0.12"
+
+  required_providers {
+    google-beta = "~> 2.18.0"
+  }
 }
diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md
@@ -212,6 +212,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | endpoint | Cluster endpoint |
 | horizontal\_pod\_autoscaling\_enabled | Whether horizontal pod autoscaling enabled |
 | http\_load\_balancing\_enabled | Whether http load balancing enabled |
+| identity\_namespace | Workload Identity namespace |
 | intranode\_visibility\_enabled | Whether intra-node visibility is enabled |
 | istio\_enabled | Whether Istio is enabled |
 | kubernetes\_dashboard\_enabled | Whether kubernetes dashboard enabled |

diff --git a/modules/beta-private-cluster/outputs.tf b/modules/beta-private-cluster/outputs.tf
@@ -153,3 +153,11 @@ output "release_channel" {
   description = "The release channel of this cluster"
   value       = var.release_channel
 }
+
+output "identity_namespace" {
+  description = "Workload Identity namespace"
+  value       = var.identity_namespace
+  depends_on = [
+    "google_container_cluster.primary"
+  ]
+}