Added variable skip_provisioners to skip 'local-exec'

 * Fix terraform-google-modules#258
 * Added test `simple_regional_skip_local_exec`
 * Remove old upgrading guide from README's

.kitchen.yml

@@ -54,80 +54,80 @@ suites:
 #      systems:
 #        - name: node_pool
 #          backend: local
-  - name: "shared_vpc"
-    driver:
-      root_module_directory: test/fixtures/shared_vpc
-    verifier:
-      systems:
-        - name: shared_vpc
-          backend: local
-  - name: "simple_regional"
-    driver:
-      root_module_directory: test/fixtures/simple_regional
-    verifier:
-      systems:
-        - name: simple_regional
-          backend: local
-  - name: "simple_regional_private"
-    driver:
-      root_module_directory: test/fixtures/simple_regional_private
-    verifier:
-      systems:
-        - name: simple_regional_private
-          backend: local
-  - name: "simple_zonal"
-    driver:
-      root_module_directory: test/fixtures/simple_zonal
-    verifier:
-      systems:
-        - name: gcloud
-          backend: local
-          controls:
-            - gcloud
-        - name: gcp
-          backend: gcp
-          controls:
-            - gcp
-  - name: "simple_zonal_private"
-    driver:
-      root_module_directory: test/fixtures/simple_zonal_private
-    verifier:
-      systems:
-        - name: simple_zonal_private
-          backend: local
-  - name: "stub_domains"
-    driver:
-      root_module_directory: test/fixtures/stub_domains
-    verifier:
-      systems:
-        - name: stub_domains
-          backend: local
-# Disabled due to issue #264
-# (https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/264)
-#  - name: stub_domains_private
+#  - name: "shared_vpc"
 #    driver:
-#      root_module_directory: test/fixtures/stub_domains_private
+#      root_module_directory: test/fixtures/shared_vpc
+#    verifier:
 #      systems:
-#        - name: stub_domains_private
+#        - name: shared_vpc
+#          backend: local
+#  - name: "simple_regional"
+#    driver:
+#      root_module_directory: test/fixtures/simple_regional
+#    verifier:
+#      systems:
+#        - name: simple_regional
+#          backend: local
+#  - name: "simple_regional_private"
+#    driver:
+#      root_module_directory: test/fixtures/simple_regional_private
+#    verifier:
+#      systems:
+#        - name: simple_regional_private
+#          backend: local
+#  - name: "simple_zonal"
+#    driver:
+#      root_module_directory: test/fixtures/simple_zonal
+#    verifier:
+#      systems:
+#        - name: gcloud
+#          backend: local
+#          controls:
+#            - gcloud
+#        - name: gcp
+#          backend: gcp
+#          controls:
+#            - gcp
+#  - name: "simple_zonal_private"
+#    driver:
+#      root_module_directory: test/fixtures/simple_zonal_private
+#    verifier:
+#      systems:
+#        - name: simple_zonal_private
+#          backend: local
+#  - name: "stub_domains"
+#    driver:
+#      root_module_directory: test/fixtures/stub_domains
+#    verifier:
+#      systems:
+#        - name: stub_domains
+#          backend: local
+## Disabled due to issue #264
+## (https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/264)
+##  - name: stub_domains_private
+##    driver:
+##      root_module_directory: test/fixtures/stub_domains_private
+##      systems:
+##        - name: stub_domains_private
+##          backend: local
+#  - name: "upstream_nameservers"
+#    driver:
+#      root_module_directory: test/fixtures/upstream_nameservers
+#    verifier:
+#        systems:
+#          - name: upstream_nameservers
+#            backend: local
+#  - name: "stub_domains_upstream_nameservers"
+#    driver:
+#      root_module_directory: test/fixtures/stub_domains_upstream_nameservers
+#    verifier:
+#        systems:
+#          - name: stub_domains_upstream_nameservers
+#            backend: local
+#  - name: "workload_metadata_config"
+#    driver:
+#      root_module_directory: test/fixtures/workload_metadata_config
+#    verifier:
+#      systems:
+#        - name: workload_metadata_config
 #          backend: local
-  - name: "upstream_nameservers"
-    driver:
-      root_module_directory: test/fixtures/upstream_nameservers
-    verifier:
-        systems:
-          - name: upstream_nameservers
-            backend: local
-  - name: "stub_domains_upstream_nameservers"
-    driver:
-      root_module_directory: test/fixtures/stub_domains_upstream_nameservers
-    verifier:
-        systems:
-          - name: stub_domains_upstream_nameservers
-            backend: local
-  - name: "workload_metadata_config"
-    driver:
-      root_module_directory: test/fixtures/workload_metadata_config
-    verifier:
-      systems:
-        - name: workload_metadata_config
-          backend: local

README.md

@@ -153,6 +153,7 @@ Then perform the following commands on the root folder:
 | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | bool | `"true"` | no |
 | remove\_default\_node\_pool | Remove default node pool while setting up the cluster | bool | `"false"` | no |
 | service\_account | The service account to run nodes as if not overridden in `node_pools`. The create_service_account variable default value (true) will cause a cluster-specific service account to be created. | string | `""` | no |
+| skip\_provisioners | Flag to skip local-exec provisioners. Does not affect if `stub_domains` or `upstream_nameservers` variable set. | bool | `"false"` | no |
 | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | map(list(string)) | `<map>` | no |
 | subnetwork | The subnetwork to host the cluster in (required) | string | n/a | yes |
 | upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | list | `<list>` | no |

autogen/README.md

@@ -201,6 +201,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | resource\_usage\_export\_dataset\_id | The dataset id for which network egress metering for this cluster will be enabled. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | string | `""` | no |
 | sandbox\_enabled | (Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` and `node_version` = `1.12.7-gke.17` or later to use it). | bool | `"false"` | no |
 | service\_account | The service account to run nodes as if not overridden in `node_pools`. The create_service_account variable default value (true) will cause a cluster-specific service account to be created. | string | `""` | no |
+| skip\_provisioners | Flag to skip local-exec provisioners. Does not affect if `stub_domains` or `upstream_nameservers` variable set. | bool | `"false"` | no |
 | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | map(list(string)) | `<map>` | no |
 | subnetwork | The subnetwork to host the cluster in (required) | string | n/a | yes |
 | upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | list | `<list>` | no |

autogen/cluster.tf

@@ -352,6 +352,7 @@ resource "google_container_node_pool" "pools" {
 }
 
 resource "null_resource" "wait_for_cluster" {
+  count = var.skip_provisioners ? 0 : 1
 
   provisioner "local-exec" {
     command = "${path.module}/scripts/wait-for-cluster.sh ${var.project_id} ${var.name}"

autogen/dns.tf

@@ -20,7 +20,7 @@
   Delete default kube-dns configmap
  *****************************************/
 resource "null_resource" "delete_default_kube_dns_configmap" {
-  count = local.custom_kube_dns_config || local.upstream_nameservers_config ? 1 : 0
+  count = (local.custom_kube_dns_config || local.upstream_nameservers_config) && ! var.skip_provisioners ? 1 : 0
 
   provisioner "local-exec" {
     command = "${path.module}/scripts/kubectl_wrapper.sh https://${local.cluster_endpoint} ${data.google_client_config.default.access_token} ${local.cluster_ca_certificate} ${path.module}/scripts/delete-default-resource.sh kube-system configmap kube-dns"

autogen/variables.tf

@@ -304,6 +304,11 @@ variable "cluster_resource_labels" {
   default     = {}
 }
 
+variable "skip_provisioners" {
+  type        = bool
+  description = "Flag to skip local-exec provisioners. Does not affect if `stub_domains` or `upstream_nameservers` variable set."
+  default     = false
+}
 {% if private_cluster %}
 
 variable "deploy_using_private_endpoint" {

cluster.tf

@@ -227,6 +227,7 @@ resource "google_container_node_pool" "pools" {
 }
 
 resource "null_resource" "wait_for_cluster" {
+  count = var.skip_provisioners ? 0 : 1
 
   provisioner "local-exec" {
     command = "${path.module}/scripts/wait-for-cluster.sh ${var.project_id} ${var.name}"

dns.tf

@@ -20,7 +20,7 @@
   Delete default kube-dns configmap
  *****************************************/
 resource "null_resource" "delete_default_kube_dns_configmap" {
-  count = local.custom_kube_dns_config || local.upstream_nameservers_config ? 1 : 0
+  count = (local.custom_kube_dns_config || local.upstream_nameservers_config) && ! var.skip_provisioners ? 1 : 0
 
   provisioner "local-exec" {
     command = "${path.module}/scripts/kubectl_wrapper.sh https://${local.cluster_endpoint} ${data.google_client_config.default.access_token} ${local.cluster_ca_certificate} ${path.module}/scripts/delete-default-resource.sh kube-system configmap kube-dns"

examples/disable_client_cert/README.md

@@ -12,13 +12,13 @@ This example illustrates how to create a simple cluster and disable deprecated s
 |------|-------------|:----:|:-----:|:-----:|
 | cluster\_name\_suffix | A suffix to append to the default cluster name | string | `""` | no |
 | compute\_engine\_service\_account | Service account to associate to the nodes in the cluster | string | n/a | yes |
-| credentials\_path | The path to the GCP credentials JSON file | string | n/a | yes |
 | ip\_range\_pods | The secondary ip range to use for pods | string | n/a | yes |
 | ip\_range\_services | The secondary ip range to use for pods | string | n/a | yes |
 | network | The VPC network to host the cluster in | string | n/a | yes |
 | network\_project\_id | The GCP project housing the VPC network to host the cluster in | string | n/a | yes |
 | project\_id | The project ID to host the cluster in | string | n/a | yes |
 | region | The region to host the cluster in | string | n/a | yes |
+| skip\_provisioners | Flag to skip local-exec provisioners | bool | `"false"` | no |
 | subnetwork | The subnetwork to host the cluster in | string | n/a | yes |
 
 ## Outputs

examples/disable_client_cert/main.tf

@@ -37,6 +37,7 @@ module "gke" {
   create_service_account   = false
   service_account          = var.compute_engine_service_account
   issue_client_certificate = false
+  skip_provisioners        = var.skip_provisioners
 }
 
 data "google_client_config" "default" {

examples/disable_client_cert/variables.tf

@@ -18,10 +18,6 @@ variable "project_id" {
   description = "The project ID to host the cluster in"
 }
 
-variable "credentials_path" {
-  description = "The path to the GCP credentials JSON file"
-}
-
 variable "cluster_name_suffix" {
   description = "A suffix to append to the default cluster name"
   default     = ""
@@ -55,3 +51,9 @@ variable "compute_engine_service_account" {
   description = "Service account to associate to the nodes in the cluster"
 }
 
+variable "skip_provisioners" {
+  type        = bool
+  description = "Flag to skip local-exec provisioners"
+  default     = false
+}
+

examples/simple_regional/README.md

@@ -14,6 +14,7 @@ This example illustrates how to create a simple cluster.
 | network | The VPC network to host the cluster in | string | n/a | yes |
 | project\_id | The project ID to host the cluster in | string | n/a | yes |
 | region | The region to host the cluster in | string | n/a | yes |
+| skip\_provisioners | Flag to skip local-exec provisioners | bool | `"false"` | no |
 | subnetwork | The subnetwork to host the cluster in | string | n/a | yes |
 
 ## Outputs

examples/simple_regional/main.tf

@@ -35,6 +35,7 @@ module "gke" {
   ip_range_services      = var.ip_range_services
   create_service_account = false
   service_account        = var.compute_engine_service_account
+  skip_provisioners      = var.skip_provisioners
 }
 
 data "google_client_config" "default" {

modules/beta-private-cluster/README.md

@@ -194,6 +194,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | resource\_usage\_export\_dataset\_id | The dataset id for which network egress metering for this cluster will be enabled. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | string | `""` | no |
 | sandbox\_enabled | (Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` and `node_version` = `1.12.7-gke.17` or later to use it). | bool | `"false"` | no |
 | service\_account | The service account to run nodes as if not overridden in `node_pools`. The create_service_account variable default value (true) will cause a cluster-specific service account to be created. | string | `""` | no |
+| skip\_provisioners | Flag to skip local-exec provisioners. Does not affect if `stub_domains` or `upstream_nameservers` variable set. | bool | `"false"` | no |
 | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | map(list(string)) | `<map>` | no |
 | subnetwork | The subnetwork to host the cluster in (required) | string | n/a | yes |
 | upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | list | `<list>` | no |

modules/beta-private-cluster/cluster.tf

@@ -328,6 +328,7 @@ resource "google_container_node_pool" "pools" {
 }
 
 resource "null_resource" "wait_for_cluster" {
+  count = var.skip_provisioners ? 0 : 1
 
   provisioner "local-exec" {
     command = "${path.module}/scripts/wait-for-cluster.sh ${var.project_id} ${var.name}"

modules/beta-private-cluster/dns.tf

@@ -20,7 +20,7 @@
   Delete default kube-dns configmap
  *****************************************/
 resource "null_resource" "delete_default_kube_dns_configmap" {
-  count = local.custom_kube_dns_config || local.upstream_nameservers_config ? 1 : 0
+  count = (local.custom_kube_dns_config || local.upstream_nameservers_config) && ! var.skip_provisioners ? 1 : 0
 
   provisioner "local-exec" {
     command = "${path.module}/scripts/kubectl_wrapper.sh https://${local.cluster_endpoint} ${data.google_client_config.default.access_token} ${local.cluster_ca_certificate} ${path.module}/scripts/delete-default-resource.sh kube-system configmap kube-dns"

modules/beta-private-cluster/variables.tf

@@ -302,6 +302,11 @@ variable "cluster_resource_labels" {
   default     = {}
 }
 
+variable "skip_provisioners" {
+  type        = bool
+  description = "Flag to skip local-exec provisioners. Does not affect if `stub_domains` or `upstream_nameservers` variable set."
+  default     = false
+}
 
 variable "deploy_using_private_endpoint" {
   type        = bool

modules/beta-public-cluster/README.md

@@ -185,6 +185,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | resource\_usage\_export\_dataset\_id | The dataset id for which network egress metering for this cluster will be enabled. If enabled, a daemonset will be created in the cluster to meter network egress traffic. | string | `""` | no |
 | sandbox\_enabled | (Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` and `node_version` = `1.12.7-gke.17` or later to use it). | bool | `"false"` | no |
 | service\_account | The service account to run nodes as if not overridden in `node_pools`. The create_service_account variable default value (true) will cause a cluster-specific service account to be created. | string | `""` | no |
+| skip\_provisioners | Flag to skip local-exec provisioners. Does not affect if `stub_domains` or `upstream_nameservers` variable set. | bool | `"false"` | no |
 | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | map(list(string)) | `<map>` | no |
 | subnetwork | The subnetwork to host the cluster in (required) | string | n/a | yes |
 | upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | list | `<list>` | no |

modules/beta-public-cluster/cluster.tf

@@ -323,6 +323,7 @@ resource "google_container_node_pool" "pools" {
 }
 
 resource "null_resource" "wait_for_cluster" {
+  count = var.skip_provisioners ? 0 : 1
 
   provisioner "local-exec" {
     command = "${path.module}/scripts/wait-for-cluster.sh ${var.project_id} ${var.name}"

modules/beta-public-cluster/dns.tf

@@ -20,7 +20,7 @@
   Delete default kube-dns configmap
  *****************************************/
 resource "null_resource" "delete_default_kube_dns_configmap" {
-  count = local.custom_kube_dns_config || local.upstream_nameservers_config ? 1 : 0
+  count = (local.custom_kube_dns_config || local.upstream_nameservers_config) && ! var.skip_provisioners ? 1 : 0
 
   provisioner "local-exec" {
     command = "${path.module}/scripts/kubectl_wrapper.sh https://${local.cluster_endpoint} ${data.google_client_config.default.access_token} ${local.cluster_ca_certificate} ${path.module}/scripts/delete-default-resource.sh kube-system configmap kube-dns"

modules/beta-public-cluster/variables.tf

@@ -302,6 +302,11 @@ variable "cluster_resource_labels" {
   default     = {}
 }
 
+variable "skip_provisioners" {
+  type        = bool
+  description = "Flag to skip local-exec provisioners. Does not affect if `stub_domains` or `upstream_nameservers` variable set."
+  default     = false
+}
 
 variable "istio" {
   description = "(Beta) Enable Istio addon"

modules/private-cluster/README.md

@@ -178,6 +178,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | bool | `"true"` | no |
 | remove\_default\_node\_pool | Remove default node pool while setting up the cluster | bool | `"false"` | no |
 | service\_account | The service account to run nodes as if not overridden in `node_pools`. The create_service_account variable default value (true) will cause a cluster-specific service account to be created. | string | `""` | no |
+| skip\_provisioners | Flag to skip local-exec provisioners. Does not affect if `stub_domains` or `upstream_nameservers` variable set. | bool | `"false"` | no |
 | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | map(list(string)) | `<map>` | no |
 | subnetwork | The subnetwork to host the cluster in (required) | string | n/a | yes |
 | upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | list | `<list>` | no |

modules/private-cluster/cluster.tf

@@ -232,6 +232,7 @@ resource "google_container_node_pool" "pools" {
 }
 
 resource "null_resource" "wait_for_cluster" {
+  count = var.skip_provisioners ? 0 : 1
 
   provisioner "local-exec" {
     command = "${path.module}/scripts/wait-for-cluster.sh ${var.project_id} ${var.name}"

modules/private-cluster/dns.tf

@@ -20,7 +20,7 @@
   Delete default kube-dns configmap
  *****************************************/
 resource "null_resource" "delete_default_kube_dns_configmap" {
-  count = local.custom_kube_dns_config || local.upstream_nameservers_config ? 1 : 0
+  count = (local.custom_kube_dns_config || local.upstream_nameservers_config) && ! var.skip_provisioners ? 1 : 0
 
   provisioner "local-exec" {
     command = "${path.module}/scripts/kubectl_wrapper.sh https://${local.cluster_endpoint} ${data.google_client_config.default.access_token} ${local.cluster_ca_certificate} ${path.module}/scripts/delete-default-resource.sh kube-system configmap kube-dns"

modules/private-cluster/variables.tf

@@ -292,6 +292,11 @@ variable "cluster_resource_labels" {
   default     = {}
 }
 
+variable "skip_provisioners" {
+  type        = bool
+  description = "Flag to skip local-exec provisioners. Does not affect if `stub_domains` or `upstream_nameservers` variable set."
+  default     = false
+}
 
 variable "deploy_using_private_endpoint" {
   type        = bool