From 97371905789f34ab8e7cda4cd32e17b36fb661c6 Mon Sep 17 00:00:00 2001
From: Bharath KKB <bharathkrishnakb@gmail.com>
Date: Thu, 19 Mar 2020 08:48:04 -0500
Subject: [PATCH] fix: Use gcloud module for ACM submodule, will force
 reinstall of ACM (#442)

* fix acm provisioner errors

* use gcloud module

* fix tests for #454
---
 build/int.cloudbuild.yaml                     | 10 +-
 modules/acm/main.tf                           | 93 +++++++------------
 .../beta_cluster/controls/gcloud.rb           |  2 +-
 3 files changed, 42 insertions(+), 63 deletions(-)

diff --git a/build/int.cloudbuild.yaml b/build/int.cloudbuild.yaml
index 897b38938b..05c66836fe 100644
--- a/build/int.cloudbuild.yaml
+++ b/build/int.cloudbuild.yaml
@@ -279,11 +279,11 @@ steps:
     - converge beta-cluster-local
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
   args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do verify beta-cluster-local']
-#- id: destroy beta-cluster-local
-#  waitFor:
-#    - verify beta-cluster-local
-#  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
-#  args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy beta-cluster-local']
+- id: destroy beta-cluster-local
+  waitFor:
+    - verify beta-cluster-local
+  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+  args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && kitchen_do destroy beta-cluster-local']
 - id: create deploy-service-local
   waitFor:
     - prepare
diff --git a/modules/acm/main.tf b/modules/acm/main.tf
index 69b5755337..694eddf623 100644
--- a/modules/acm/main.tf
+++ b/modules/acm/main.tf
@@ -38,51 +38,39 @@ resource "tls_private_key" "git_creds" {
   rsa_bits  = 4096
 }
 
-resource "null_resource" "acm_operator_config" {
-  count = local.download_operator ? 1 : 0
-
-  provisioner "local-exec" {
-    command = "gsutil cp gs://config-management-release/released/latest/config-management-operator.yaml ${path.module}/config-management-operator.yaml"
-  }
-
-  provisioner "local-exec" {
-    when    = destroy
-    command = "rm -f ${path.module}/config-management-operator.yaml"
-  }
+module "acm_operator_config" {
+  source  = "terraform-google-modules/gcloud/google"
+  version = "~> 0.5"
+  enabled = local.download_operator
+
+  create_cmd_entrypoint  = "gsutil"
+  create_cmd_body        = "cp gs://config-management-release/released/latest/config-management-operator.yaml ${path.module}/config-management-operator.yaml"
+  destroy_cmd_entrypoint = "rm"
+  destroy_cmd_body       = "-f ${path.module}/config-management-operator.yaml"
 }
 
-resource "null_resource" "acm_operator" {
-  provisioner "local-exec" {
-    command = "${path.module}/scripts/kubectl_wrapper.sh ${local.cluster_endpoint} ${local.token} ${local.cluster_ca_certificate} kubectl apply -f ${local.operator_path}"
-  }
+module "acm_operator" {
+  source                = "terraform-google-modules/gcloud/google"
+  version               = "~> 0.5"
+  module_depends_on     = [module.acm_operator_config.wait, data.google_client_config.default.project, data.google_container_cluster.primary.name]
+  additional_components = ["kubectl"]
 
-  provisioner "local-exec" {
-    when    = destroy
-    command = "${path.module}/scripts/kubectl_wrapper.sh ${local.cluster_endpoint} ${local.token} ${local.cluster_ca_certificate} kubectl delete -f ${local.operator_path}"
-  }
-
-  depends_on = [
-    null_resource.acm_operator_config,
-    data.google_client_config.default,
-    data.google_container_cluster.primary,
-  ]
+  create_cmd_entrypoint  = "${path.module}/scripts/kubectl_wrapper.sh"
+  create_cmd_body        = "${local.cluster_endpoint} ${local.token} ${local.cluster_ca_certificate} kubectl apply -f ${local.operator_path}"
+  destroy_cmd_entrypoint = "${path.module}/scripts/kubectl_wrapper.sh"
+  destroy_cmd_body       = "${local.cluster_endpoint} ${local.token} ${local.cluster_ca_certificate} kubectl delete -f ${local.operator_path}"
 }
 
-resource "null_resource" "git_creds_secret" {
-  count = var.create_ssh_key ? 1 : 0
-
-  provisioner "local-exec" {
-    command = "${path.module}/scripts/kubectl_wrapper.sh ${local.cluster_endpoint} ${local.token} ${local.cluster_ca_certificate} kubectl create secret generic git-creds -n=config-management-system --from-literal=ssh='${local.private_key}'"
-  }
+module "git_creds_secret" {
+  source                = "terraform-google-modules/gcloud/google"
+  version               = "~> 0.5"
+  module_depends_on     = [module.acm_operator.wait]
+  additional_components = ["kubectl"]
 
-  provisioner "local-exec" {
-    when    = destroy
-    command = "${path.module}/scripts/kubectl_wrapper.sh ${local.cluster_endpoint} ${local.token} ${local.cluster_ca_certificate} kubectl delete secret git-creds -n=config-management-system"
-  }
-
-  depends_on = [
-    null_resource.acm_operator
-  ]
+  create_cmd_entrypoint  = "${path.module}/scripts/kubectl_wrapper.sh"
+  create_cmd_body        = "${local.cluster_endpoint} ${local.token} ${local.cluster_ca_certificate} kubectl create secret generic git-creds -n=config-management-system --from-literal=ssh='${local.private_key}'"
+  destroy_cmd_entrypoint = "${path.module}/scripts/kubectl_wrapper.sh"
+  destroy_cmd_body       = "${local.cluster_endpoint} ${local.token} ${local.cluster_ca_certificate} kubectl delete secret git-creds -n=config-management-system"
 }
 
 data "template_file" "acm_config" {
@@ -99,23 +87,14 @@ data "template_file" "acm_config" {
   }
 }
 
-resource "null_resource" "acm_config" {
-  triggers = {
-    config = data.template_file.acm_config.rendered
-  }
-
-  provisioner "local-exec" {
-    command = "echo '${data.template_file.acm_config.rendered}' | ${path.module}/scripts/kubectl_wrapper.sh ${local.cluster_endpoint} ${local.token} ${local.cluster_ca_certificate} kubectl apply -f -"
-  }
-
-  provisioner "local-exec" {
-    when    = destroy
-    command = "echo '${data.template_file.acm_config.rendered}' | ${path.module}/scripts/kubectl_wrapper.sh ${local.cluster_endpoint} ${local.token} ${local.cluster_ca_certificate} kubectl delete -f -"
-  }
+module "acm_config" {
+  source                = "terraform-google-modules/gcloud/google"
+  version               = "~> 0.5"
+  module_depends_on     = [module.acm_operator.wait, module.git_creds_secret.wait]
+  additional_components = ["kubectl"]
 
-  depends_on = [
-    null_resource.acm_operator,
-    null_resource.git_creds_secret,
-  ]
+  create_cmd_entrypoint  = "echo"
+  create_cmd_body        = "'${data.template_file.acm_config.rendered}' | ${path.module}/scripts/kubectl_wrapper.sh ${local.cluster_endpoint} ${local.token} ${local.cluster_ca_certificate} kubectl apply -f -"
+  destroy_cmd_entrypoint = "echo"
+  destroy_cmd_body       = "'${data.template_file.acm_config.rendered}' | ${path.module}/scripts/kubectl_wrapper.sh ${local.cluster_endpoint} ${local.token} ${local.cluster_ca_certificate} kubectl delete -f -"
 }
-
diff --git a/test/integration/beta_cluster/controls/gcloud.rb b/test/integration/beta_cluster/controls/gcloud.rb
index 722578842c..7170656d69 100644
--- a/test/integration/beta_cluster/controls/gcloud.rb
+++ b/test/integration/beta_cluster/controls/gcloud.rb
@@ -68,7 +68,7 @@
       end
 
       it "has the expected nodeMetadata conseal config" do
-        expect(data['nodeConfig']['workloadMetadataConfig']).to eq({
+        expect(data['nodeConfig']['workloadMetadataConfig']).to include({
           "nodeMetadata" => 'EXPOSE',
         })
       end