From 85e3d64295197d0f5b7d9d8a004a84bab09c981c Mon Sep 17 00:00:00 2001 From: Imran Nayer Date: Mon, 20 Nov 2023 21:50:15 +0000 Subject: [PATCH 1/4] fix: mig to TPG GA --- Makefile | 17 +++++++++-------- docs/upgrading_to_vpn_v4.0.md | 7 +++++++ modules/vpn_ha/main.tf | 22 +++++++++++----------- modules/vpn_ha/versions.tf | 4 ++-- outputs.tf | 12 ++++++------ test/integration/discover_test.go | 6 +++++- test/integration/go.mod | 8 ++++---- test/integration/go.sum | 16 ++++++++-------- 8 files changed, 52 insertions(+), 40 deletions(-) create mode 100644 docs/upgrading_to_vpn_v4.0.md diff --git a/Makefile b/Makefile index 3316fcc..2199e0f 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -# Copyright 2019 Google LLC +# Copyright 2020 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,7 +18,7 @@ # Make will use bash instead of sh SHELL := /usr/bin/env bash -DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.14 +DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.17 DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools REGISTRY_URL := gcr.io/cloud-foundation-cicd @@ -27,7 +27,7 @@ REGISTRY_URL := gcr.io/cloud-foundation-cicd docker_run: docker run --rm -it \ -e SERVICE_ACCOUNT_JSON \ - -v $(CURDIR):/workspace \ + -v "$(CURDIR)":/workspace \ $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ /bin/bash @@ -39,7 +39,7 @@ docker_test_prepare: -e TF_VAR_org_id \ -e TF_VAR_folder_id \ -e TF_VAR_billing_account \ - -v $(CURDIR):/workspace \ + -v "$(CURDIR)":/workspace \ $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ /usr/local/bin/execute_with_credentials.sh prepare_environment @@ -51,7 +51,7 @@ docker_test_cleanup: -e TF_VAR_org_id \ -e TF_VAR_folder_id \ -e TF_VAR_billing_account \ - -v $(CURDIR):/workspace \ + -v "$(CURDIR)":/workspace \ $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ /usr/local/bin/execute_with_credentials.sh cleanup_environment @@ -60,7 +60,7 @@ docker_test_cleanup: docker_test_integration: docker run --rm -it \ -e SERVICE_ACCOUNT_JSON \ - -v $(CURDIR):/workspace \ + -v "$(CURDIR)":/workspace \ $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ /usr/local/bin/test_integration.sh @@ -68,7 +68,8 @@ docker_test_integration: .PHONY: docker_test_lint docker_test_lint: docker run --rm -it \ - -v $(CURDIR):/workspace \ + -e EXCLUDE_LINT_DIRS \ + -v "$(CURDIR)":/workspace \ $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ /usr/local/bin/test_lint.sh @@ -76,7 +77,7 @@ docker_test_lint: .PHONY: docker_generate_docs docker_generate_docs: docker run --rm -it \ - -v $(CURDIR):/workspace \ + -v "$(CURDIR)":/workspace \ $(REGISTRY_URL)/${DOCKER_IMAGE_DEVELOPER_TOOLS}:${DOCKER_TAG_VERSION_DEVELOPER_TOOLS} \ /bin/bash -c 'source /usr/local/bin/task_helper_functions.sh && generate_docs' diff --git a/docs/upgrading_to_vpn_v4.0.md b/docs/upgrading_to_vpn_v4.0.md new file mode 100644 index 0000000..4a6ceac --- /dev/null +++ b/docs/upgrading_to_vpn_v4.0.md @@ -0,0 +1,7 @@ +# Upgrading to v4.0.0 + +The v4.0 release contains backwards-incompatible changes. + +This update requires upgrading the minimum provider version `5.7`. + +`google_compute_external_vpn_gateway`, `google_compute_router`, `google_compute_router_interface` and `google_compute_vpn_tunnel` are all set to use GA provider. \ No newline at end of file diff --git a/modules/vpn_ha/main.tf b/modules/vpn_ha/main.tf index b90ab69..91f65d7 100644 --- a/modules/vpn_ha/main.tf +++ b/modules/vpn_ha/main.tf @@ -35,8 +35,8 @@ locals { } resource "google_compute_ha_vpn_gateway" "ha_gateway" { - count = var.create_vpn_gateway == true ? 1 : 0 - provider = google-beta + count = var.create_vpn_gateway == true ? 1 : 0 + # provider = google-beta name = var.name project = var.project_id region = var.region @@ -45,7 +45,7 @@ resource "google_compute_ha_vpn_gateway" "ha_gateway" { } resource "google_compute_external_vpn_gateway" "external_gateway" { - provider = google-beta + # provider = google-beta count = var.peer_external_gateway != null ? 1 : 0 name = var.peer_external_gateway.name != null ? var.peer_external_gateway.name : "external-${var.name}" project = var.project_id @@ -62,12 +62,12 @@ resource "google_compute_external_vpn_gateway" "external_gateway" { } resource "google_compute_router" "router" { - provider = google-beta - count = var.router_name == "" ? 1 : 0 - name = "vpn-${var.name}" - project = var.project_id - region = var.region - network = var.network + # provider = google-beta + count = var.router_name == "" ? 1 : 0 + name = "vpn-${var.name}" + project = var.project_id + region = var.region + network = var.network bgp { advertise_mode = ( var.router_advertise_config == null @@ -144,7 +144,7 @@ resource "google_compute_router_peer" "bgp_peer" { } resource "google_compute_router_interface" "router_interface" { - provider = google-beta + # provider = google-beta for_each = var.tunnels project = var.project_id region = var.region @@ -155,7 +155,7 @@ resource "google_compute_router_interface" "router_interface" { } resource "google_compute_vpn_tunnel" "tunnels" { - provider = google-beta + # provider = google-beta for_each = var.tunnels project = var.project_id region = var.region diff --git a/modules/vpn_ha/versions.tf b/modules/vpn_ha/versions.tf index 444a1f7..96d013a 100644 --- a/modules/vpn_ha/versions.tf +++ b/modules/vpn_ha/versions.tf @@ -19,11 +19,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.74, < 6" + version = ">= 5.7, < 6" } google-beta = { source = "hashicorp/google-beta" - version = ">= 4.74, < 6" + version = ">= 5.7, < 6" } random = { source = "hashicorp/random" diff --git a/outputs.tf b/outputs.tf index c106d61..f16361b 100644 --- a/outputs.tf +++ b/outputs.tf @@ -41,30 +41,30 @@ output "gateway_ip" { output "vpn_tunnels_names-static" { description = "The VPN tunnel name is" - value = google_compute_vpn_tunnel.tunnel-static.*.name + value = google_compute_vpn_tunnel.tunnel-static[*].name } output "vpn_tunnels_self_link-static" { description = "The VPN tunnel self-link is" - value = google_compute_vpn_tunnel.tunnel-static.*.self_link + value = google_compute_vpn_tunnel.tunnel-static[*].self_link } output "ipsec_secret-static" { description = "The secret" - value = google_compute_vpn_tunnel.tunnel-static.*.shared_secret + value = google_compute_vpn_tunnel.tunnel-static[*].shared_secret } output "vpn_tunnels_names-dynamic" { description = "The VPN tunnel name is" - value = google_compute_vpn_tunnel.tunnel-dynamic.*.name + value = google_compute_vpn_tunnel.tunnel-dynamic[*].name } output "vpn_tunnels_self_link-dynamic" { description = "The VPN tunnel self-link is" - value = google_compute_vpn_tunnel.tunnel-dynamic.*.self_link + value = google_compute_vpn_tunnel.tunnel-dynamic[*].self_link } output "ipsec_secret-dynamic" { description = "The secret" - value = google_compute_vpn_tunnel.tunnel-dynamic.*.shared_secret + value = google_compute_vpn_tunnel.tunnel-dynamic[*].shared_secret } diff --git a/test/integration/discover_test.go b/test/integration/discover_test.go index eb87cca..0fa285f 100644 --- a/test/integration/discover_test.go +++ b/test/integration/discover_test.go @@ -1,4 +1,4 @@ -// Copyright 2023 Google LLC +// Copyright 2022 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -15,11 +15,15 @@ package test import ( + // should be imported to enable testing for GO modules "testing" + // should be imported to use terraform helpers in blueprints test framework "github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/tft" ) +// entry function for the test; can be named as Test* func TestAll(t *testing.T) { + // the helper to autodiscover and test blueprint examples tft.AutoDiscoverAndTest(t) } diff --git a/test/integration/go.mod b/test/integration/go.mod index ba6c734..9bf7850 100644 --- a/test/integration/go.mod +++ b/test/integration/go.mod @@ -3,7 +3,7 @@ module github.com/GoogleCloudPlatform/terraform-google-cloud-armor/test/integrat go 1.20 require ( - github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test v0.8.1 + github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test v0.9.2 github.com/stretchr/testify v1.8.4 ) @@ -50,7 +50,7 @@ require ( github.com/mitchellh/go-testing-interface v1.14.2-0.20210821155943-2d9075ca8770 // indirect github.com/mitchellh/go-wordwrap v1.0.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/tidwall/gjson v1.16.0 // indirect + github.com/tidwall/gjson v1.17.0 // indirect github.com/tidwall/match v1.1.1 // indirect github.com/tidwall/pretty v1.2.1 // indirect github.com/tidwall/sjson v1.2.5 // indirect @@ -59,7 +59,7 @@ require ( github.com/zclconf/go-cty v1.14.0 // indirect go.opencensus.io v0.24.0 // indirect golang.org/x/crypto v0.14.0 // indirect - golang.org/x/mod v0.12.0 // indirect + golang.org/x/mod v0.13.0 // indirect golang.org/x/net v0.17.0 // indirect golang.org/x/oauth2 v0.12.0 // indirect golang.org/x/sync v0.3.0 // indirect @@ -76,5 +76,5 @@ require ( gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/kube-openapi v0.0.0-20230905202853-d090da108d2f // indirect - sigs.k8s.io/kustomize/kyaml v0.14.3 // indirect + sigs.k8s.io/kustomize/kyaml v0.15.0 // indirect ) diff --git a/test/integration/go.sum b/test/integration/go.sum index f1d656a..a2f924b 100644 --- a/test/integration/go.sum +++ b/test/integration/go.sum @@ -187,8 +187,8 @@ cloud.google.com/go/workflows v1.7.0/go.mod h1:JhSrZuVZWuiDfKEFxU0/F1PQjmpnpcoIS dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test v0.8.1 h1:erzHPGm9u0JWWTLSHDRcPTV0CnEAVH1QmPoFDlYB/PU= -github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test v0.8.1/go.mod h1:MKce59reXZa9rwYplsr7DBbDIw444JNZvH5hmGEMJTg= +github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test v0.9.2 h1:7fdp02N9fd8itrSe/p7njaSKAUYJGgxn8ajgZfbFK+I= +github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test v0.9.2/go.mod h1:yyde2qkA+GhCou8exSJwifnJlAcWCNcU1vs911CEOJg= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo= github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= @@ -429,8 +429,8 @@ github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/tidwall/gjson v1.14.2/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= -github.com/tidwall/gjson v1.16.0 h1:SyXa+dsSPpUlcwEDuKuEBJEz5vzTvOea+9rjyYodQFg= -github.com/tidwall/gjson v1.16.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= +github.com/tidwall/gjson v1.17.0 h1:/Jocvlh98kcTfpN2+JzGQWQcqrPQwDrVEMApx/M5ZwM= +github.com/tidwall/gjson v1.17.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= @@ -505,8 +505,8 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc= -golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.13.0 h1:I/DsJXRlw/8l/0c24sM9yb0T4z9liZTduXvdAWYiysY= +golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -993,6 +993,6 @@ rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= -sigs.k8s.io/kustomize/kyaml v0.14.3 h1:WpabVAKZe2YEp/irTSHwD6bfjwZnTtSDewd2BVJGMZs= -sigs.k8s.io/kustomize/kyaml v0.14.3/go.mod h1:npvh9epWysfQ689Rtt/U+dpOJDTBn8kUnF1O6VzvmZA= +sigs.k8s.io/kustomize/kyaml v0.15.0 h1:ynlLMAxDhrY9otSg5GYE2TcIz31XkGZ2Pkj7SdolD84= +sigs.k8s.io/kustomize/kyaml v0.15.0/go.mod h1:+uMkBahdU1KNOj78Uta4rrXH+iH7wvg+nW7+GULvREA= sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= From 4d13b42602fe1b0c08160d7b8962f15e7368cd66 Mon Sep 17 00:00:00 2001 From: Imran Nayer Date: Mon, 20 Nov 2023 21:58:21 +0000 Subject: [PATCH 2/4] fix: mig to TPG GA --- docs/upgrading_to_vpn_v4.0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/upgrading_to_vpn_v4.0.md b/docs/upgrading_to_vpn_v4.0.md index 4a6ceac..508dc5e 100644 --- a/docs/upgrading_to_vpn_v4.0.md +++ b/docs/upgrading_to_vpn_v4.0.md @@ -4,4 +4,4 @@ The v4.0 release contains backwards-incompatible changes. This update requires upgrading the minimum provider version `5.7`. -`google_compute_external_vpn_gateway`, `google_compute_router`, `google_compute_router_interface` and `google_compute_vpn_tunnel` are all set to use GA provider. \ No newline at end of file +`google_compute_external_vpn_gateway`, `google_compute_router`, `google_compute_router_interface` and `google_compute_vpn_tunnel` are all set to use GA provider. From 3dc871712203be8e21195b89c0cd1161b1cc026b Mon Sep 17 00:00:00 2001 From: Imran Nayer Date: Mon, 20 Nov 2023 22:28:16 +0000 Subject: [PATCH 3/4] remove commented code --- modules/vpn_ha/main.tf | 5 ----- 1 file changed, 5 deletions(-) diff --git a/modules/vpn_ha/main.tf b/modules/vpn_ha/main.tf index 91f65d7..ac48bfa 100644 --- a/modules/vpn_ha/main.tf +++ b/modules/vpn_ha/main.tf @@ -36,7 +36,6 @@ locals { resource "google_compute_ha_vpn_gateway" "ha_gateway" { count = var.create_vpn_gateway == true ? 1 : 0 - # provider = google-beta name = var.name project = var.project_id region = var.region @@ -45,7 +44,6 @@ resource "google_compute_ha_vpn_gateway" "ha_gateway" { } resource "google_compute_external_vpn_gateway" "external_gateway" { - # provider = google-beta count = var.peer_external_gateway != null ? 1 : 0 name = var.peer_external_gateway.name != null ? var.peer_external_gateway.name : "external-${var.name}" project = var.project_id @@ -62,7 +60,6 @@ resource "google_compute_external_vpn_gateway" "external_gateway" { } resource "google_compute_router" "router" { - # provider = google-beta count = var.router_name == "" ? 1 : 0 name = "vpn-${var.name}" project = var.project_id @@ -144,7 +141,6 @@ resource "google_compute_router_peer" "bgp_peer" { } resource "google_compute_router_interface" "router_interface" { - # provider = google-beta for_each = var.tunnels project = var.project_id region = var.region @@ -155,7 +151,6 @@ resource "google_compute_router_interface" "router_interface" { } resource "google_compute_vpn_tunnel" "tunnels" { - # provider = google-beta for_each = var.tunnels project = var.project_id region = var.region From a4f75cd10ce18facb0a2bc6e1e4ef1bc7e4b91cf Mon Sep 17 00:00:00 2001 From: Imran Nayer Date: Mon, 20 Nov 2023 22:30:37 +0000 Subject: [PATCH 4/4] remove commented code --- modules/vpn_ha/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/vpn_ha/main.tf b/modules/vpn_ha/main.tf index ac48bfa..2337f6d 100644 --- a/modules/vpn_ha/main.tf +++ b/modules/vpn_ha/main.tf @@ -35,7 +35,7 @@ locals { } resource "google_compute_ha_vpn_gateway" "ha_gateway" { - count = var.create_vpn_gateway == true ? 1 : 0 + count = var.create_vpn_gateway == true ? 1 : 0 name = var.name project = var.project_id region = var.region