From 3906c7b5aefc0312c7cf25f33f91dd2da0d18ba7 Mon Sep 17 00:00:00 2001 From: pp Date: Thu, 3 Oct 2019 14:59:57 +0300 Subject: [PATCH 1/6] Update test to run all * Fixed #274 --- .dockerignore | 11 ----- .kitchen.yml | 45 +++++++++++-------- examples/disable_client_cert/README.md | 1 - examples/disable_client_cert/variables.tf | 4 -- examples/simple_regional_beta/main.tf | 5 +-- examples/simple_regional_beta/test_outputs.tf | 4 -- examples/simple_regional_beta/variables.tf | 4 -- examples/simple_regional_private_beta/main.tf | 5 +-- .../test_outputs.tf | 4 -- .../simple_regional_private_beta/variables.tf | 4 -- examples/simple_zonal_private/main.tf | 2 +- scripts/wait-for-cluster.sh | 1 + test/ci/deploy-service.yml | 18 -------- test/ci/node-pool.yml | 18 -------- test/ci/shared-vpc.yml | 18 -------- test/ci/simple-regional-private.yml | 18 -------- test/ci/simple-regional.yml | 18 -------- test/ci/simple-zonal-private.yml | 18 -------- test/ci/simple-zonal.yml | 18 -------- test/ci/stub-domains-upstream-nameservers.yml | 18 -------- test/ci/stub-domains.yml | 18 -------- test/ci/upstream-nameservers.yml | 18 -------- test/ci/workload-metadata-config.yml | 19 -------- test/fixtures/disable_client_cert/example.tf | 1 - .../disable_client_cert/inspec.yml | 3 -- test/integration/simple_zonal/controls/gcp.rb | 2 +- test/integration/simple_zonal/inspec.yml | 5 +-- .../simple_zonal_private/inspec.yml | 2 +- test/task_helper_functions.sh | 13 ------ 29 files changed, 36 insertions(+), 279 deletions(-) delete mode 100644 .dockerignore delete mode 100644 test/ci/deploy-service.yml delete mode 100644 test/ci/node-pool.yml delete mode 100644 test/ci/shared-vpc.yml delete mode 100644 test/ci/simple-regional-private.yml delete mode 100644 test/ci/simple-regional.yml delete mode 100644 test/ci/simple-zonal-private.yml delete mode 100644 test/ci/simple-zonal.yml delete mode 100644 test/ci/stub-domains-upstream-nameservers.yml delete mode 100644 test/ci/stub-domains.yml delete mode 100644 test/ci/upstream-nameservers.yml delete mode 100644 test/ci/workload-metadata-config.yml diff --git a/.dockerignore b/.dockerignore deleted file mode 100644 index ab75c635fe..0000000000 --- a/.dockerignore +++ /dev/null @@ -1,11 +0,0 @@ -.git -.terraform -.terraform.d -.kitchen -terraform.tfstate.d -test/fixtures/*/.terraform -test/fixtures/*/terraform.tfstate.d -examples/.kitchen -examples/*/.terraform -examples/*/terraform.tfstate.d - diff --git a/.kitchen.yml b/.kitchen.yml index 9f5df5a03e..0f552f341f 100644 --- a/.kitchen.yml +++ b/.kitchen.yml @@ -29,15 +29,6 @@ platforms: - name: local suites: -# Disabled due to issue #274 -# (https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/274) -# - name: "deploy_service" -# driver: -# root_module_directory: test/fixtures/deploy_service -# verifier: -# systems: -# - name: deploy_service -# backend: local - name: "disable_client_cert" driver: root_module_directory: test/fixtures/disable_client_cert @@ -45,15 +36,8 @@ suites: systems: - name: disable_client_cert backend: local -# Disabled due to issue #274 -# (https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/274) -# - name: "node_pool" -# driver: -# root_module_directory: test/fixtures/node_pool -# verifier: -# systems: -# - name: node_pool -# backend: local + controls: + - gcloud - name: "shared_vpc" driver: root_module_directory: test/fixtures/shared_vpc @@ -95,6 +79,8 @@ suites: systems: - name: simple_zonal_private backend: local + controls: + - gcloud - name: "stub_domains" driver: root_module_directory: test/fixtures/stub_domains @@ -102,6 +88,9 @@ suites: systems: - name: stub_domains backend: local + controls: + - gcloud + - kubectl # Disabled due to issue #264 # (https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/264) # - name: stub_domains_private @@ -131,3 +120,23 @@ suites: systems: - name: workload_metadata_config backend: local + - name: "deploy_service" + driver: + root_module_directory: test/fixtures/deploy_service + verifier: + systems: + - name: deploy_service + backend: local + controls: + - gcloud + - kubectl + - name: "node_pool" + driver: + root_module_directory: test/fixtures/node_pool + verifier: + systems: + - name: node_pool + backend: local + controls: + - gcloud + - kubectl diff --git a/examples/disable_client_cert/README.md b/examples/disable_client_cert/README.md index 2f531b9906..1b75e2b6e0 100644 --- a/examples/disable_client_cert/README.md +++ b/examples/disable_client_cert/README.md @@ -12,7 +12,6 @@ This example illustrates how to create a simple cluster and disable deprecated s |------|-------------|:----:|:-----:|:-----:| | cluster\_name\_suffix | A suffix to append to the default cluster name | string | `""` | no | | compute\_engine\_service\_account | Service account to associate to the nodes in the cluster | string | n/a | yes | -| credentials\_path | The path to the GCP credentials JSON file | string | n/a | yes | | ip\_range\_pods | The secondary ip range to use for pods | string | n/a | yes | | ip\_range\_services | The secondary ip range to use for pods | string | n/a | yes | | network | The VPC network to host the cluster in | string | n/a | yes | diff --git a/examples/disable_client_cert/variables.tf b/examples/disable_client_cert/variables.tf index f1fdb25856..6c918f2344 100644 --- a/examples/disable_client_cert/variables.tf +++ b/examples/disable_client_cert/variables.tf @@ -18,10 +18,6 @@ variable "project_id" { description = "The project ID to host the cluster in" } -variable "credentials_path" { - description = "The path to the GCP credentials JSON file" -} - variable "cluster_name_suffix" { description = "A suffix to append to the default cluster name" default = "" diff --git a/examples/simple_regional_beta/main.tf b/examples/simple_regional_beta/main.tf index fc95090ede..7729c63166 100644 --- a/examples/simple_regional_beta/main.tf +++ b/examples/simple_regional_beta/main.tf @@ -19,9 +19,8 @@ locals { } provider "google-beta" { - version = "~> 2.12.0" - credentials = file(var.credentials_path) - region = var.region + version = "~> 2.12.0" + region = var.region } module "gke" { diff --git a/examples/simple_regional_beta/test_outputs.tf b/examples/simple_regional_beta/test_outputs.tf index f250fef192..e64c40e477 100644 --- a/examples/simple_regional_beta/test_outputs.tf +++ b/examples/simple_regional_beta/test_outputs.tf @@ -21,10 +21,6 @@ output "project_id" { value = var.project_id } -output "credentials_path" { - value = var.credentials_path -} - output "region" { value = module.gke.region } diff --git a/examples/simple_regional_beta/variables.tf b/examples/simple_regional_beta/variables.tf index 1da408a790..4ef289ed6b 100644 --- a/examples/simple_regional_beta/variables.tf +++ b/examples/simple_regional_beta/variables.tf @@ -18,10 +18,6 @@ variable "project_id" { description = "The project ID to host the cluster in" } -variable "credentials_path" { - description = "The path to the GCP credentials JSON file" -} - variable "cluster_name_suffix" { description = "A suffix to append to the default cluster name" default = "" diff --git a/examples/simple_regional_private_beta/main.tf b/examples/simple_regional_private_beta/main.tf index 0ca1873d86..e06567f960 100644 --- a/examples/simple_regional_private_beta/main.tf +++ b/examples/simple_regional_private_beta/main.tf @@ -19,9 +19,8 @@ locals { } provider "google-beta" { - version = "~> 2.12.0" - credentials = file(var.credentials_path) - region = var.region + version = "~> 2.12.0" + region = var.region } data "google_compute_subnetwork" "subnetwork" { diff --git a/examples/simple_regional_private_beta/test_outputs.tf b/examples/simple_regional_private_beta/test_outputs.tf index 033c4beac1..53eab4ee12 100644 --- a/examples/simple_regional_private_beta/test_outputs.tf +++ b/examples/simple_regional_private_beta/test_outputs.tf @@ -21,10 +21,6 @@ output "project_id" { value = var.project_id } -output "credentials_path" { - value = var.credentials_path -} - output "region" { value = module.gke.region } diff --git a/examples/simple_regional_private_beta/variables.tf b/examples/simple_regional_private_beta/variables.tf index 3fb7d8bab1..0ba1656629 100644 --- a/examples/simple_regional_private_beta/variables.tf +++ b/examples/simple_regional_private_beta/variables.tf @@ -18,10 +18,6 @@ variable "project_id" { description = "The project ID to host the cluster in" } -variable "credentials_path" { - description = "The path to the GCP credentials JSON file" -} - variable "cluster_name_suffix" { description = "A suffix to append to the default cluster name" default = "" diff --git a/examples/simple_zonal_private/main.tf b/examples/simple_zonal_private/main.tf index 428218d76a..e58097c560 100644 --- a/examples/simple_zonal_private/main.tf +++ b/examples/simple_zonal_private/main.tf @@ -15,7 +15,7 @@ */ locals { - cluster_type = "simple-regional-private" + cluster_type = "simple-zonal-private" } provider "google" { diff --git a/scripts/wait-for-cluster.sh b/scripts/wait-for-cluster.sh index 42c9841fec..c9146e1826 100755 --- a/scripts/wait-for-cluster.sh +++ b/scripts/wait-for-cluster.sh @@ -15,6 +15,7 @@ set -e +# shellcheck disable=SC2034 if [ -n "${GOOGLE_APPLICATION_CREDENTIALS}" ]; then export CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE=${GOOGLE_APPLICATION_CREDENTIALS} fi diff --git a/test/ci/deploy-service.yml b/test/ci/deploy-service.yml deleted file mode 100644 index 60505669b5..0000000000 --- a/test/ci/deploy-service.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -platform: linux - -inputs: -- name: pull-request - path: terraform-google-kubernetes-engine - -run: - path: make - args: ['test_integration'] - dir: terraform-google-kubernetes-engine - -params: - SUITE: "deploy-service-local" - COMPUTE_ENGINE_SERVICE_ACCOUNT: "" - REGION: "us-east4" - ZONES: '["us-east4-a", "us-east4-b", "us-east4-c"]' diff --git a/test/ci/node-pool.yml b/test/ci/node-pool.yml deleted file mode 100644 index 2402c32eba..0000000000 --- a/test/ci/node-pool.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -platform: linux - -inputs: -- name: pull-request - path: terraform-google-kubernetes-engine - -run: - path: make - args: ['test_integration'] - dir: terraform-google-kubernetes-engine - -params: - SUITE: "node-pool-local" - COMPUTE_ENGINE_SERVICE_ACCOUNT: "" - REGION: "us-east4" - ZONES: '["us-east4-a", "us-east4-b", "us-east4-c"]' diff --git a/test/ci/shared-vpc.yml b/test/ci/shared-vpc.yml deleted file mode 100644 index e209809246..0000000000 --- a/test/ci/shared-vpc.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -platform: linux - -inputs: -- name: pull-request - path: terraform-google-kubernetes-engine - -run: - path: make - args: ['test_integration'] - dir: terraform-google-kubernetes-engine - -params: - SUITE: "shared-vpc-local" - COMPUTE_ENGINE_SERVICE_ACCOUNT: "" - REGION: "us-east4" - ZONES: '["us-east4-a", "us-east4-b", "us-east4-c"]' diff --git a/test/ci/simple-regional-private.yml b/test/ci/simple-regional-private.yml deleted file mode 100644 index 36e00041d3..0000000000 --- a/test/ci/simple-regional-private.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -platform: linux - -inputs: -- name: pull-request - path: terraform-google-kubernetes-engine - -run: - path: make - args: ['test_integration'] - dir: terraform-google-kubernetes-engine - -params: - SUITE: "simple-regional-private-local" - COMPUTE_ENGINE_SERVICE_ACCOUNT: "" - REGION: "us-east4" - ZONES: '["us-east4-a", "us-east4-b", "us-east4-c"]' diff --git a/test/ci/simple-regional.yml b/test/ci/simple-regional.yml deleted file mode 100644 index a3bec48292..0000000000 --- a/test/ci/simple-regional.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -platform: linux - -inputs: -- name: pull-request - path: terraform-google-kubernetes-engine - -run: - path: make - args: ['test_integration'] - dir: terraform-google-kubernetes-engine - -params: - SUITE: "simple-regional-local" - COMPUTE_ENGINE_SERVICE_ACCOUNT: "" - REGION: "us-east4" - ZONES: '["us-east4-a", "us-east4-b", "us-east4-c"]' diff --git a/test/ci/simple-zonal-private.yml b/test/ci/simple-zonal-private.yml deleted file mode 100644 index 45dde32b64..0000000000 --- a/test/ci/simple-zonal-private.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -platform: linux - -inputs: -- name: pull-request - path: terraform-google-kubernetes-engine - -run: - path: make - args: ['test_integration'] - dir: terraform-google-kubernetes-engine - -params: - SUITE: "simple-zonal-private-local" - COMPUTE_ENGINE_SERVICE_ACCOUNT: "" - REGION: "us-east4" - ZONES: '["us-east4-a", "us-east4-b", "us-east4-c"]' diff --git a/test/ci/simple-zonal.yml b/test/ci/simple-zonal.yml deleted file mode 100644 index 6fcde7a1c7..0000000000 --- a/test/ci/simple-zonal.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -platform: linux - -inputs: -- name: pull-request - path: terraform-google-kubernetes-engine - -run: - path: make - args: ['test_integration'] - dir: terraform-google-kubernetes-engine - -params: - SUITE: "simple-zonal-local" - COMPUTE_ENGINE_SERVICE_ACCOUNT: "" - REGION: "us-east4" - ZONES: '["us-east4-a", "us-east4-b", "us-east4-c"]' diff --git a/test/ci/stub-domains-upstream-nameservers.yml b/test/ci/stub-domains-upstream-nameservers.yml deleted file mode 100644 index 4015338278..0000000000 --- a/test/ci/stub-domains-upstream-nameservers.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -platform: linux - -inputs: -- name: pull-request - path: terraform-google-kubernetes-engine - -run: - path: make - args: ['test_integration'] - dir: terraform-google-kubernetes-engine - -params: - SUITE: "stub-domains-upstream-nameservers-local" - COMPUTE_ENGINE_SERVICE_ACCOUNT: "" - REGION: "us-east4" - ZONES: '["us-east4-a", "us-east4-b", "us-east4-c"]' diff --git a/test/ci/stub-domains.yml b/test/ci/stub-domains.yml deleted file mode 100644 index c7130a3328..0000000000 --- a/test/ci/stub-domains.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -platform: linux - -inputs: -- name: pull-request - path: terraform-google-kubernetes-engine - -run: - path: make - args: ['test_integration'] - dir: terraform-google-kubernetes-engine - -params: - SUITE: "stub-domains-local" - COMPUTE_ENGINE_SERVICE_ACCOUNT: "" - REGION: "us-east4" - ZONES: '["us-east4-a", "us-east4-b", "us-east4-c"]' diff --git a/test/ci/upstream-nameservers.yml b/test/ci/upstream-nameservers.yml deleted file mode 100644 index 987884010a..0000000000 --- a/test/ci/upstream-nameservers.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- - -platform: linux - -inputs: -- name: pull-request - path: terraform-google-kubernetes-engine - -run: - path: make - args: ['test_integration'] - dir: terraform-google-kubernetes-engine - -params: - SUITE: "upstream-nameservers-local" - COMPUTE_ENGINE_SERVICE_ACCOUNT: "" - REGION: "us-east4" - ZONES: '["us-east4-a", "us-east4-b", "us-east4-c"]' diff --git a/test/ci/workload-metadata-config.yml b/test/ci/workload-metadata-config.yml deleted file mode 100644 index 231c8dfc3a..0000000000 --- a/test/ci/workload-metadata-config.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- - -platform: linux - -inputs: -- name: pull-request - path: terraform-google-kubernetes-engine - -run: - path: make - args: ['test_integration'] - dir: terraform-google-kubernetes-engine - -params: - SUITE: "workload-metadata-config-local" - COMPUTE_ENGINE_SERVICE_ACCOUNT: "" - REGION: "us-east4" - ZONES: '["us-east4-a", "us-east4-b", "us-east4-c"]' - diff --git a/test/fixtures/disable_client_cert/example.tf b/test/fixtures/disable_client_cert/example.tf index c1baed7c36..23ea6da936 100644 --- a/test/fixtures/disable_client_cert/example.tf +++ b/test/fixtures/disable_client_cert/example.tf @@ -18,7 +18,6 @@ module "example" { source = "../../../examples/disable_client_cert" project_id = var.project_id - credentials_path = "" cluster_name_suffix = "-${random_string.suffix.result}" region = var.region network = google_compute_network.main.name diff --git a/test/integration/disable_client_cert/inspec.yml b/test/integration/disable_client_cert/inspec.yml index 7959c6bb01..5803767d32 100644 --- a/test/integration/disable_client_cert/inspec.yml +++ b/test/integration/disable_client_cert/inspec.yml @@ -3,9 +3,6 @@ attributes: - name: project_id required: true type: string - - name: credentials_path - required: true - type: string - name: location required: true type: string diff --git a/test/integration/simple_zonal/controls/gcp.rb b/test/integration/simple_zonal/controls/gcp.rb index 6e9ade64ff..ad6ec1a7b2 100644 --- a/test/integration/simple_zonal/controls/gcp.rb +++ b/test/integration/simple_zonal/controls/gcp.rb @@ -24,7 +24,7 @@ service_account_name = "projects/#{project_id}/serviceAccounts/#{service_account}" end - describe google_service_account name: service_account_name do + describe google_service_account(name: service_account_name) do its("display_name") { should eq "Terraform-managed service account for cluster #{attribute("cluster_name")}" } its("project_id") { should eq project_id } end diff --git a/test/integration/simple_zonal/inspec.yml b/test/integration/simple_zonal/inspec.yml index 5cb8ff9e01..3a3bc74145 100644 --- a/test/integration/simple_zonal/inspec.yml +++ b/test/integration/simple_zonal/inspec.yml @@ -2,7 +2,7 @@ name: simple_zonal depends: - name: inspec-gcp git: https://github.com/inspec/inspec-gcp.git - tag: v0.10.0 + tag: v0.16.0 attributes: - name: project_id required: true @@ -25,7 +25,4 @@ attributes: - name: service_account required: true type: string - - name: service_account - required: true - type: string diff --git a/test/integration/simple_zonal_private/inspec.yml b/test/integration/simple_zonal_private/inspec.yml index ebe54e2374..4af03f2087 100644 --- a/test/integration/simple_zonal_private/inspec.yml +++ b/test/integration/simple_zonal_private/inspec.yml @@ -1,4 +1,4 @@ -name: simple_regional_private +name: simple_zonal_private attributes: - name: project_id required: true diff --git a/test/task_helper_functions.sh b/test/task_helper_functions.sh index 70ab3db5c8..ddfbab53c7 100755 --- a/test/task_helper_functions.sh +++ b/test/task_helper_functions.sh @@ -49,16 +49,3 @@ function check_generate() { rm -Rf "${tempdir}" return $((rval)) } - -find_files() { - local pth="$1" - shift - find "${pth}" '(' \ - -path '*/.git' -o \ - -path '*/.terraform' -o \ - -path '*/.kitchen' -o \ - -path './autogen' -o \ - -path './test/fixtures/all_examples' -o \ - -path './test/fixtures/shared' ')' \ - -prune -o -type f "$@" -} From eadb54a569695df65b53ea5411484341e55c24ee Mon Sep 17 00:00:00 2001 From: pp Date: Tue, 29 Oct 2019 14:34:35 +0200 Subject: [PATCH 2/6] Added steps for `deploy-service-local` and `node-pool-local` --- build/int.cloudbuild.yaml | 40 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/build/int.cloudbuild.yaml b/build/int.cloudbuild.yaml index 379205db45..d397b703e3 100644 --- a/build/int.cloudbuild.yaml +++ b/build/int.cloudbuild.yaml @@ -221,6 +221,46 @@ steps: - verify workload-metadata-config-local name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy workload-metadata-config-local'] +- id: create deploy-service-local + waitFor: + - prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create deploy-service-local'] +- id: converge deploy-service-local + waitFor: + - create deploy-service-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge deploy-service-local'] +- id: verify deploy-service-local + waitFor: + - converge deploy-service-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify deploy-service-local'] +- id: destroy deploy-service-local + waitFor: + - verify deploy-service-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy deploy-service-local'] +- id: create node-pool-local + waitFor: + - prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do create node-pool-local'] +- id: converge node-pool-local + waitFor: + - create node-pool-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do converge node-pool-local'] +- id: verify node-pool-local + waitFor: + - converge node-pool-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify node-pool-local'] +- id: destroy node-pool-local + waitFor: + - verify node-pool-local + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy node-pool-local'] tags: - 'ci' - 'integration' From fd2230a516b634e68dac0c0f543ea4bfe4d26e8e Mon Sep 17 00:00:00 2001 From: Bohdan Yurov Date: Thu, 24 Oct 2019 19:15:32 +0200 Subject: [PATCH 3/6] Fixes #261: Invalid plan when re-applying terraform module https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/261 Bumbed minimal provider version to 2.18 --- autogen/versions.tf | 8 ++++++++ examples/deploy_service/main.tf | 2 +- examples/disable_client_cert/main.tf | 2 +- examples/node_pool_update_variant/main.tf | 2 +- examples/shared_vpc/main.tf | 2 +- examples/simple_regional/main.tf | 2 +- examples/simple_regional_private/main.tf | 2 +- examples/simple_zonal/main.tf | 2 +- examples/simple_zonal_private/main.tf | 2 +- examples/stub_domains/main.tf | 2 +- examples/stub_domains_private/main.tf | 6 +----- examples/stub_domains_upstream_nameservers/main.tf | 2 +- examples/upstream_nameservers/main.tf | 2 +- modules/beta-private-cluster-update-variant/versions.tf | 4 ++++ modules/beta-private-cluster/versions.tf | 4 ++++ modules/beta-public-cluster/versions.tf | 4 ++++ modules/private-cluster-update-variant/versions.tf | 4 ++++ modules/private-cluster/versions.tf | 4 ++++ versions.tf | 4 ++++ 19 files changed, 44 insertions(+), 16 deletions(-) diff --git a/autogen/versions.tf b/autogen/versions.tf index 832ec1df39..387a2e37c8 100644 --- a/autogen/versions.tf +++ b/autogen/versions.tf @@ -16,4 +16,12 @@ terraform { required_version = ">= 0.12" + + required_providers { +{% if beta_cluster %} + google-beta = "~> 2.18.0" +{% else %} + google = "~> 2.18.0" +{% endif %} + } } diff --git a/examples/deploy_service/main.tf b/examples/deploy_service/main.tf index 3e15164913..a61aa9c9b8 100644 --- a/examples/deploy_service/main.tf +++ b/examples/deploy_service/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 2.12.0" + version = "~> 2.18.0" region = var.region } diff --git a/examples/disable_client_cert/main.tf b/examples/disable_client_cert/main.tf index 221eb994ce..4d040ffcb7 100644 --- a/examples/disable_client_cert/main.tf +++ b/examples/disable_client_cert/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 2.12.0" + version = "~> 2.18.0" region = var.region } diff --git a/examples/node_pool_update_variant/main.tf b/examples/node_pool_update_variant/main.tf index c10e797511..9b29a5f0fe 100644 --- a/examples/node_pool_update_variant/main.tf +++ b/examples/node_pool_update_variant/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 2.12.0" + version = "~> 2.18.0" region = var.region } diff --git a/examples/shared_vpc/main.tf b/examples/shared_vpc/main.tf index 766239ead8..3533130a4e 100644 --- a/examples/shared_vpc/main.tf +++ b/examples/shared_vpc/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 2.12.0" + version = "~> 2.18.0" region = var.region } diff --git a/examples/simple_regional/main.tf b/examples/simple_regional/main.tf index 353ae91906..772cf8d0e5 100644 --- a/examples/simple_regional/main.tf +++ b/examples/simple_regional/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 2.12.0" + version = "~> 2.18.0" region = var.region } diff --git a/examples/simple_regional_private/main.tf b/examples/simple_regional_private/main.tf index 89568e86ee..f17a3728a6 100644 --- a/examples/simple_regional_private/main.tf +++ b/examples/simple_regional_private/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 2.12.0" + version = "~> 2.18.0" region = var.region } diff --git a/examples/simple_zonal/main.tf b/examples/simple_zonal/main.tf index edd90f7a0d..3490252a4a 100644 --- a/examples/simple_zonal/main.tf +++ b/examples/simple_zonal/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 2.12.0" + version = "~> 2.18.0" region = var.region } diff --git a/examples/simple_zonal_private/main.tf b/examples/simple_zonal_private/main.tf index 428218d76a..7a3db12157 100644 --- a/examples/simple_zonal_private/main.tf +++ b/examples/simple_zonal_private/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 2.12.0" + version = "~> 2.18.0" region = var.region } diff --git a/examples/stub_domains/main.tf b/examples/stub_domains/main.tf index 37264f781b..b81dc0cf8c 100644 --- a/examples/stub_domains/main.tf +++ b/examples/stub_domains/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 2.12.0" + version = "~> 2.18.0" region = var.region } diff --git a/examples/stub_domains_private/main.tf b/examples/stub_domains_private/main.tf index 65bc48247d..3f268e75a4 100644 --- a/examples/stub_domains_private/main.tf +++ b/examples/stub_domains_private/main.tf @@ -15,14 +15,10 @@ */ provider "google" { - version = "~> 2.12.0" + version = "~> 2.18.0" region = var.region } -provider "random" { - version = "~> 2.1" -} - data "google_compute_subnetwork" "subnetwork" { name = var.subnetwork project = var.project_id diff --git a/examples/stub_domains_upstream_nameservers/main.tf b/examples/stub_domains_upstream_nameservers/main.tf index 0da83b95c6..4b7448b7e8 100644 --- a/examples/stub_domains_upstream_nameservers/main.tf +++ b/examples/stub_domains_upstream_nameservers/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 2.12.0" + version = "~> 2.18.0" region = var.region } diff --git a/examples/upstream_nameservers/main.tf b/examples/upstream_nameservers/main.tf index ecded7c29c..784e8a0cd3 100644 --- a/examples/upstream_nameservers/main.tf +++ b/examples/upstream_nameservers/main.tf @@ -19,7 +19,7 @@ locals { } provider "google" { - version = "~> 2.12.0" + version = "~> 2.18.0" region = var.region } diff --git a/modules/beta-private-cluster-update-variant/versions.tf b/modules/beta-private-cluster-update-variant/versions.tf index 832ec1df39..8e29303fa9 100644 --- a/modules/beta-private-cluster-update-variant/versions.tf +++ b/modules/beta-private-cluster-update-variant/versions.tf @@ -16,4 +16,8 @@ terraform { required_version = ">= 0.12" + + required_providers { + google-beta = "~> 2.18.0" + } } diff --git a/modules/beta-private-cluster/versions.tf b/modules/beta-private-cluster/versions.tf index 832ec1df39..8e29303fa9 100644 --- a/modules/beta-private-cluster/versions.tf +++ b/modules/beta-private-cluster/versions.tf @@ -16,4 +16,8 @@ terraform { required_version = ">= 0.12" + + required_providers { + google-beta = "~> 2.18.0" + } } diff --git a/modules/beta-public-cluster/versions.tf b/modules/beta-public-cluster/versions.tf index 832ec1df39..8e29303fa9 100644 --- a/modules/beta-public-cluster/versions.tf +++ b/modules/beta-public-cluster/versions.tf @@ -16,4 +16,8 @@ terraform { required_version = ">= 0.12" + + required_providers { + google-beta = "~> 2.18.0" + } } diff --git a/modules/private-cluster-update-variant/versions.tf b/modules/private-cluster-update-variant/versions.tf index 832ec1df39..e4544656fa 100644 --- a/modules/private-cluster-update-variant/versions.tf +++ b/modules/private-cluster-update-variant/versions.tf @@ -16,4 +16,8 @@ terraform { required_version = ">= 0.12" + + required_providers { + google = "~> 2.18.0" + } } diff --git a/modules/private-cluster/versions.tf b/modules/private-cluster/versions.tf index 832ec1df39..e4544656fa 100644 --- a/modules/private-cluster/versions.tf +++ b/modules/private-cluster/versions.tf @@ -16,4 +16,8 @@ terraform { required_version = ">= 0.12" + + required_providers { + google = "~> 2.18.0" + } } diff --git a/versions.tf b/versions.tf index 832ec1df39..e4544656fa 100644 --- a/versions.tf +++ b/versions.tf @@ -16,4 +16,8 @@ terraform { required_version = ">= 0.12" + + required_providers { + google = "~> 2.18.0" + } } From 6e3802df7c214a16f2abeae2d7004760400bb6de Mon Sep 17 00:00:00 2001 From: Ken Evensen Date: Fri, 1 Nov 2019 10:14:26 -0700 Subject: [PATCH 4/6] Tying identity namespace output to successful cluster creation. --- autogen/outputs.tf | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/autogen/outputs.tf b/autogen/outputs.tf index 704569d00e..842502ecea 100644 --- a/autogen/outputs.tf +++ b/autogen/outputs.tf @@ -154,4 +154,12 @@ output "release_channel" { description = "The release channel of this cluster" value = var.release_channel } + +output "identity_namespace" { + description = "Workload Identity namespace" + value = var.identity_namespace + depends_on = [ + "google_container_cluster.primary" + ] +} {% endif %} From a79537c8f0a9c7669c84d834b517ab3e9ff32241 Mon Sep 17 00:00:00 2001 From: Ken Evensen Date: Fri, 1 Nov 2019 10:16:46 -0700 Subject: [PATCH 5/6] Post generate --- modules/beta-private-cluster-update-variant/README.md | 1 + modules/beta-private-cluster-update-variant/outputs.tf | 8 ++++++++ modules/beta-private-cluster/README.md | 1 + modules/beta-private-cluster/outputs.tf | 8 ++++++++ modules/beta-public-cluster/README.md | 1 + modules/beta-public-cluster/outputs.tf | 8 ++++++++ 6 files changed, 27 insertions(+) diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index 93daea71ca..e9b13daa59 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -212,6 +212,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o | endpoint | Cluster endpoint | | horizontal\_pod\_autoscaling\_enabled | Whether horizontal pod autoscaling enabled | | http\_load\_balancing\_enabled | Whether http load balancing enabled | +| identity\_namespace | Workload Identity namespace | | intranode\_visibility\_enabled | Whether intra-node visibility is enabled | | istio\_enabled | Whether Istio is enabled | | kubernetes\_dashboard\_enabled | Whether kubernetes dashboard enabled | diff --git a/modules/beta-private-cluster-update-variant/outputs.tf b/modules/beta-private-cluster-update-variant/outputs.tf index 956c8c2d5d..fb3f29c401 100644 --- a/modules/beta-private-cluster-update-variant/outputs.tf +++ b/modules/beta-private-cluster-update-variant/outputs.tf @@ -153,3 +153,11 @@ output "release_channel" { description = "The release channel of this cluster" value = var.release_channel } + +output "identity_namespace" { + description = "Workload Identity namespace" + value = var.identity_namespace + depends_on = [ + "google_container_cluster.primary" + ] +} diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index 4096848139..ed98fb6093 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -212,6 +212,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o | endpoint | Cluster endpoint | | horizontal\_pod\_autoscaling\_enabled | Whether horizontal pod autoscaling enabled | | http\_load\_balancing\_enabled | Whether http load balancing enabled | +| identity\_namespace | Workload Identity namespace | | intranode\_visibility\_enabled | Whether intra-node visibility is enabled | | istio\_enabled | Whether Istio is enabled | | kubernetes\_dashboard\_enabled | Whether kubernetes dashboard enabled | diff --git a/modules/beta-private-cluster/outputs.tf b/modules/beta-private-cluster/outputs.tf index 956c8c2d5d..fb3f29c401 100644 --- a/modules/beta-private-cluster/outputs.tf +++ b/modules/beta-private-cluster/outputs.tf @@ -153,3 +153,11 @@ output "release_channel" { description = "The release channel of this cluster" value = var.release_channel } + +output "identity_namespace" { + description = "Workload Identity namespace" + value = var.identity_namespace + depends_on = [ + "google_container_cluster.primary" + ] +} diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 258ea431e4..a9e71538e2 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -203,6 +203,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o | endpoint | Cluster endpoint | | horizontal\_pod\_autoscaling\_enabled | Whether horizontal pod autoscaling enabled | | http\_load\_balancing\_enabled | Whether http load balancing enabled | +| identity\_namespace | Workload Identity namespace | | intranode\_visibility\_enabled | Whether intra-node visibility is enabled | | istio\_enabled | Whether Istio is enabled | | kubernetes\_dashboard\_enabled | Whether kubernetes dashboard enabled | diff --git a/modules/beta-public-cluster/outputs.tf b/modules/beta-public-cluster/outputs.tf index 956c8c2d5d..fb3f29c401 100644 --- a/modules/beta-public-cluster/outputs.tf +++ b/modules/beta-public-cluster/outputs.tf @@ -153,3 +153,11 @@ output "release_channel" { description = "The release channel of this cluster" value = var.release_channel } + +output "identity_namespace" { + description = "Workload Identity namespace" + value = var.identity_namespace + depends_on = [ + "google_container_cluster.primary" + ] +} From ccaa36c9ed316ed3cf4855cd6771b712d7f43119 Mon Sep 17 00:00:00 2001 From: pp Date: Thu, 31 Oct 2019 02:44:41 +0200 Subject: [PATCH 6/6] Fix lint in simple_regional_privat_beta example --- build/int.cloudbuild.yaml | 2 ++ examples/simple_regional_private_beta/main.tf | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/build/int.cloudbuild.yaml b/build/int.cloudbuild.yaml index c9c666b238..09b5d3eb7e 100644 --- a/build/int.cloudbuild.yaml +++ b/build/int.cloudbuild.yaml @@ -307,3 +307,5 @@ tags: substitutions: _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools' _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.4.6' +options: + machineType: 'N1_HIGHCPU_8' diff --git a/examples/simple_regional_private_beta/main.tf b/examples/simple_regional_private_beta/main.tf index dfc33991fa..4e1d405940 100644 --- a/examples/simple_regional_private_beta/main.tf +++ b/examples/simple_regional_private_beta/main.tf @@ -19,8 +19,8 @@ locals { } provider "google-beta" { - version = "~> 2.18.0" - region = var.region + version = "~> 2.18.0" + region = var.region } data "google_compute_subnetwork" "subnetwork" {