Skip to content

Commit

Permalink
fix: fix compute sa roles (#278)
Browse files Browse the repository at this point in the history 
Co-authored-by: Andrew Peabody <andrewpeabody@google.com>
  • Loading branch information
@amandakarina @apeabody
amandakarina and apeabody authored Nov 12, 2024
1 parent a24a39f commit 2db1efd
Show file tree
Hide file tree
Showing 33 changed files with 111 additions and 52 deletions.
2 changes: 1 addition & 1 deletion 1-bootstrap/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ module "tfstate_bucket" {

module "tf_cloudbuild_workspace" {
source = "terraform-google-modules/bootstrap/google//modules/tf_cloudbuild_workspace"
version = "~> 8.0"
version = "~> 9.0"

for_each = local.cb_config

Expand Down
2 changes: 1 addition & 1 deletion 1-bootstrap/versions.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 3.53, < 7"
version = ">= 6.6, < 7"
}

time = {
Expand Down
1 change: 1 addition & 0 deletions 2-multitenant/envs/development/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
| app\_ip\_addresses | App IP Addresses |
| cluster\_membership\_ids | GKE cluster membership IDs |
| cluster\_project\_id | Cluster Project ID |
| cluster\_project\_number | Cluster Project number |
| cluster\_regions | Regions with clusters |
| cluster\_service\_accounts | The default service accounts used for nodes, if not overridden in node\_pools. |
| cluster\_type | Cluster type |
Expand Down
5 changes: 5 additions & 0 deletions 2-multitenant/envs/development/outputs.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,11 @@ output "cluster_project_id" {
value = module.env.cluster_project_id
}

output "cluster_project_number" {
description = "Cluster Project number"
value = module.env.cluster_project_number
}

output "network_project_id" {
description = "Network Project ID"
value = module.env.network_project_id
Expand Down
1 change: 1 addition & 0 deletions 2-multitenant/envs/nonproduction/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
| app\_ip\_addresses | App IP Addresses |
| cluster\_membership\_ids | GKE cluster membership IDs |
| cluster\_project\_id | Cluster Project ID |
| cluster\_project\_number | Cluster Project number |
| cluster\_regions | Regions with clusters |
| cluster\_service\_accounts | The default service accounts used for nodes, if not overridden in node\_pools. |
| cluster\_type | Cluster type |
Expand Down
5 changes: 5 additions & 0 deletions 2-multitenant/envs/nonproduction/outputs.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,11 @@ output "cluster_project_id" {
value = module.env.cluster_project_id
}

output "cluster_project_number" {
description = "Cluster Project number"
value = module.env.cluster_project_number
}

output "network_project_id" {
description = "Network Project ID"
value = module.env.network_project_id
Expand Down
1 change: 1 addition & 0 deletions 2-multitenant/envs/production/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
| app\_ip\_addresses | App IP Addresses |
| cluster\_membership\_ids | GKE cluster membership IDs |
| cluster\_project\_id | Cluster Project ID |
| cluster\_project\_number | Cluster Project number |
| cluster\_regions | Regions with clusters |
| cluster\_service\_accounts | The default service accounts used for nodes, if not overridden in node\_pools. |
| cluster\_type | Cluster type |
Expand Down
5 changes: 5 additions & 0 deletions 2-multitenant/envs/production/outputs.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,11 @@ output "cluster_project_id" {
value = module.env.cluster_project_id
}

output "cluster_project_number" {
description = "Cluster Project number"
value = module.env.cluster_project_number
}

output "network_project_id" {
description = "Network Project ID"
value = module.env.network_project_id
Expand Down
1 change: 1 addition & 0 deletions 2-multitenant/modules/env_baseline/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ The following resources are created:
| app\_ip\_addresses | App IP Addresses |
| cluster\_membership\_ids | GKE cluster membership IDs |
| cluster\_project\_id | Cluster Project ID |
| cluster\_project\_number | Cluster Project ID |
| cluster\_regions | Regions with clusters |
| cluster\_service\_accounts | The default service accounts used for nodes, if not overridden in node\_pools. |
| cluster\_type | Cluster type |
Expand Down
1 change: 1 addition & 0 deletions 2-multitenant/modules/env_baseline/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@ module "eab_cluster_project" {
svpc_host_project_id = var.network_project_id
shared_vpc_subnets = var.cluster_subnetworks
deletion_policy = "DELETE"
default_service_account = "KEEP"

// Skip disabling APIs for gkehub.googleapis.com
// https://cloud.google.com/anthos/fleet-management/docs/troubleshooting#error_when_disabling_the_fleet_api
Expand Down
12 changes: 9 additions & 3 deletions 2-multitenant/modules/env_baseline/outputs.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,11 @@ output "cluster_project_id" {
value = data.google_project.eab_cluster_project.project_id
}

output "cluster_project_number" {
description = "Cluster Project ID"
value = data.google_project.eab_cluster_project.number
}

output "network_project_id" {
description = "Network Project ID"
value = var.network_project_id
Expand Down Expand Up @@ -72,7 +77,8 @@ output "cluster_type" {

output "cluster_service_accounts" {
description = "The default service accounts used for nodes, if not overridden in node_pools."
value = [
for value in merge(module.gke-standard, module.gke-autopilot) : value.service_account
]
value = setunion(
[for value in merge(module.gke-standard, module.gke-autopilot) : value.service_account],
[for value in module.eab_cluster_project : "${value.project_number}-compute@developer.gserviceaccount.com"]
)
}
4 changes: 2 additions & 2 deletions 2-multitenant/modules/env_baseline/versions.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5, != 5.44.0, != 6.2.0, < 7"
version = ">= 6.6, < 7"
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5, != 5.44.0, != 6.2.0, < 7"
version = ">= 6.6, < 7"
}
}

Expand Down
2 changes: 1 addition & 1 deletion 3-fleetscope/modules/env_baseline/versions.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5, < 7"
version = ">= 6.6, < 7"
}
google-beta = {
source = "hashicorp/google-beta"
Expand Down
5 changes: 3 additions & 2 deletions 4-appfactory/envs/shared/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,8 +33,9 @@ locals {
resource "google_folder" "app_folder" {
for_each = toset(local.application_names)

display_name = each.key
parent = var.common_folder_id
display_name = each.key
parent = var.common_folder_id
deletion_protection = false
}

module "components" {
Expand Down
2 changes: 1 addition & 1 deletion 4-appfactory/envs/shared/versions.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5, < 7"
version = ">= 6.6, < 7"
}
}

Expand Down
4 changes: 3 additions & 1 deletion 4-appfactory/modules/app-group-baseline/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,7 @@ module "app_admin_project" {
org_id = var.org_id
folder_id = var.folder_id
deletion_policy = "DELETE"
default_service_account = "KEEP"
activate_apis = [
"iam.googleapis.com",
"cloudresourcemanager.googleapis.com",
Expand All @@ -75,7 +76,7 @@ resource "google_sourcerepo_repository" "app_infra_repo" {

module "tf_cloudbuild_workspace" {
source = "terraform-google-modules/bootstrap/google//modules/tf_cloudbuild_workspace"
version = "~> 8.0"
version = "~> 9.0"

project_id = local.admin_project_id
tf_repo_uri = google_sourcerepo_repository.app_infra_repo.url
Expand Down Expand Up @@ -137,4 +138,5 @@ module "app_infra_project" {
folder_id = each.value.folder_id
activate_apis = var.infra_project_apis
deletion_policy = "DELETE"
default_service_account = "KEEP"
}
4 changes: 2 additions & 2 deletions 4-appfactory/modules/app-group-baseline/versions.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5, < 7"
version = ">= 6.6, < 7"
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5, < 7"
version = ">= 6.6, < 7"
}
}

Expand Down
2 changes: 1 addition & 1 deletion 5-appinfra/modules/alloydb-psc-setup/versions.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5, < 7"
version = ">= 6.6, < 7"
}
random = {
source = "hashicorp/random"
Expand Down
4 changes: 2 additions & 2 deletions 5-appinfra/modules/cicd-pipeline/versions.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,11 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5, < 7"
version = ">= 6.6, < 7"
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 5, < 7"
version = ">= 6.6, < 7"
}
}

Expand Down
2 changes: 2 additions & 0 deletions build/int.cloudbuild.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -148,6 +148,7 @@ steps:
]
waitFor:
- appinfra-apply
- fleetscope-verify

- id: appsource-verify-cymbal-shop
name: "gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS"
Expand All @@ -159,6 +160,7 @@ steps:
]
waitFor:
- appinfra-apply
- fleetscope-verify

- id: app-e2e
name: "gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS"
Expand Down
2 changes: 1 addition & 1 deletion ...ples/cymbal-bank/5-appinfra/cymbal-bank/accounts-userservice/envs/development/versions.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5, < 7"
version = ">= 6.6, < 7"
}
}
}
2 changes: 1 addition & 1 deletion ...es/cymbal-bank/5-appinfra/cymbal-bank/accounts-userservice/envs/nonproduction/versions.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5, < 7"
version = ">= 6.6, < 7"
}
}
}
2 changes: 1 addition & 1 deletion examples/cymbal-bank/5-appinfra/cymbal-bank/accounts-userservice/envs/production/versions.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5, < 7"
version = ">= 6.6, < 7"
}
}
}
2 changes: 1 addition & 1 deletion examples/cymbal-bank/5-appinfra/cymbal-bank/ledger-ledgerwriter/envs/development/versions.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5, < 7"
version = ">= 6.6, < 7"
}
}
}
2 changes: 1 addition & 1 deletion ...les/cymbal-bank/5-appinfra/cymbal-bank/ledger-ledgerwriter/envs/nonproduction/versions.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5, < 7"
version = ">= 6.6, < 7"
}
}
}
2 changes: 1 addition & 1 deletion examples/cymbal-bank/5-appinfra/cymbal-bank/ledger-ledgerwriter/envs/production/versions.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5, < 7"
version = ">= 6.6, < 7"
}
}
}
2 changes: 1 addition & 1 deletion examples/cymbal-shop/5-appinfra/cymbal-shop/cymbalshop/envs/shared/versions.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 5, < 7"
version = ">= 6.6, < 7"
}
}

Expand Down
10 changes: 4 additions & 6 deletions test/integration/appsource/cymbal_bank_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -213,16 +213,14 @@ func TestSourceCymbalBank(t *testing.T) {
} else if slices.Contains([]string{"IN_PROGRESS", "PENDING_RELEASE"}, latestRolloutState) {
return true, nil
} else {
logsCmd := fmt.Sprintf("logging read --project=%s", servicesInfoMap[serviceName].ProjectID)
logs := gcloud.Runf(t, logsCmd).Array()
for _, log := range logs {
t.Logf("%s build-log: %s", servicesInfoMap[serviceName].ServiceName, log.Get("textPayload").String())
}
logsCmd := fmt.Sprintf("builds log %s", rollouts[0].Get("deployingBuild").String())
logs := gcloud.Runf(t, logsCmd).String()
t.Logf("%s build-log: %s", servicesInfoMap[serviceName].ServiceName, logs)
return false, fmt.Errorf("Rollout %s.", latestRolloutState)
}
}
}
utils.Poll(t, pollCloudDeploy(rolloutListCmd), 40, 60*time.Second)
utils.Poll(t, pollCloudDeploy(rolloutListCmd), 30, 60*time.Second)
})
appsource.Test()
})
Expand Down
8 changes: 3 additions & 5 deletions test/integration/appsource/cymbal_shop_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -141,11 +141,9 @@ func TestSourceCymbalShop(t *testing.T) {
} else if slices.Contains([]string{"IN_PROGRESS", "PENDING_RELEASE"}, latestRolloutState) {
return true, nil
} else {
logsCmd := fmt.Sprintf("logging read --project=%s", projectID)
logs := gcloud.Runf(t, logsCmd).Array()
for _, log := range logs {
t.Logf("%s build-log: %s", serviceName, log.Get("textPayload").String())
}
logsCmd := fmt.Sprintf("builds log %s", rollouts[0].Get("deployingBuild").String())
logs := gcloud.Runf(t, logsCmd).String()
t.Logf("%s build-log: %s", serviceName, logs)
return false, fmt.Errorf("Rollout %s.", latestRolloutState)
}
}
Expand Down
Loading

0 comments on commit 2db1efd

Please sign in to comment.