address comments

modules/asm/main.tf

@@ -29,6 +29,7 @@ locals {
   root_cert              = lookup(var.ca_certs, "root_cert", "none")
   cert_chain             = lookup(var.ca_certs, "cert_chain", "none")
   revision_name_string   = (var.revision_name == "" ? "none" : var.revision_name)
+  asm_minor_version      = tonumber(split(".", var.asm_version)[1])
   # https://github.com/GoogleCloudPlatform/anthos-service-mesh-packages/blob/1cf61b679cd369f42a0e735f8e201de1a6a6433b/scripts/asm-installer/install_asm#L1970
   iam_roles = [
     "roles/container.admin",
@@ -48,6 +49,8 @@ locals {
   asm_iam_member = var.enable_gcp_iam_roles ? coalesce(var.impersonate_service_account, var.service_account, var.iam_member) : ""
   # compute any additonal resources that ASM provisioner should depend on
   additional_depends_on = concat(var.enable_gcp_apis ? [module.asm-services[0].project_id] : [], local.asm_iam_member != "" ? [for k, v in google_project_iam_member.asm_iam : v.etag] : [])
+  # base command template for ASM installation
+  kubectl_create_command_base = "${path.module}/scripts/install_asm.sh ${var.project_id} ${var.cluster_name} ${var.location} ${var.asm_version} ${var.mode} ${var.managed_control_plane} ${var.skip_validation} ${local.options_string} ${local.custom_overlays_string} ${var.enable_all} ${var.enable_cluster_roles} ${var.enable_cluster_labels} ${var.enable_gcp_components} ${var.enable_registration} ${var.outdir} ${var.ca} ${local.ca_cert} ${local.ca_key} ${local.root_cert} ${local.cert_chain} ${local.service_account_string} ${local.key_file_string} ${local.asm_git_tag_string} ${local.revision_name_string}"
 }
 
 resource "google_project_iam_member" "asm_iam" {
@@ -97,6 +100,7 @@ module "asm_install" {
   service_account_key_file    = var.service_account_key_file
   impersonate_service_account = var.impersonate_service_account
 
-  kubectl_create_command  = "${path.module}/scripts/install_asm.sh ${var.project_id} ${var.cluster_name} ${var.location} ${var.asm_version} ${var.mode} ${var.managed_control_plane} ${var.skip_validation} ${local.options_string} ${local.custom_overlays_string} ${var.enable_all} ${var.enable_cluster_roles} ${var.enable_cluster_labels} ${var.enable_gcp_components} ${var.enable_registration} ${var.enable_namespace_creation} ${var.outdir} ${var.ca} ${local.ca_cert} ${local.ca_key} ${local.root_cert} ${local.cert_chain} ${local.service_account_string} ${local.key_file_string} ${local.asm_git_tag_string} ${local.revision_name_string}"
+  # enable_namespace_creation flag is only available starting 1.10
+  kubectl_create_command  = (local.asm_minor_version > 9 ? "${local.kubectl_create_command_base} ${var.enable_namespace_creation}" : local.kubectl_create_command_base)
   kubectl_destroy_command = "${path.module}/scripts/destroy_asm.sh"
 }

modules/asm/scripts/install_asm.sh

@@ -35,17 +35,17 @@ ENABLE_CLUSTER_ROLES=${11}
 ENABLE_CLUSTER_LABELS=${12}
 ENABLE_GCP_COMPONENTS=${13}
 ENABLE_REGISTRATION=${14}
-ENABLE_NAMESPACE_CREATION=${15}
-OUTDIR=${16}
-CA=${17}
-CA_CERT=${18}
-CA_KEY=${19}
-ROOT_CERT=${20}
-CERT_CHAIN=${21}
-SERVICE_ACCOUNT=${22}
-KEY_FILE=${23}
-ASM_GIT_TAG=${24}
-REVISION_NAME=${25}
+OUTDIR=${15}
+CA=${16}
+CA_CERT=${17}
+CA_KEY=${18}
+ROOT_CERT=${19}
+CERT_CHAIN=${20}
+SERVICE_ACCOUNT=${21}
+KEY_FILE=${22}
+ASM_GIT_TAG=${23}
+REVISION_NAME=${24}
+ENABLE_NAMESPACE_CREATION=${25}
 
 # Set SKIP_VALIDATION variable
 if [[ ${SKIP_VALIDATION} = "true" ]]; then
@@ -178,11 +178,10 @@ else
     ENABLE_REGISTRATION_COMMAND_SNIPPET="--enable_registration"
 fi
 
-if [[ "${ENABLE_NAMESPACE_CREATION}" = false ]]; then
-    ENABLE_NAMESPACE_CREATION_COMMAND_SNIPPET=""
-elif [[ "${ASM_VERSION#*\.}" -gt 9 ]]; then
-    # --enable_namespace_creation flag is only available starting ASM 1.10
+if [[ "${ENABLE_NAMESPACE_CREATION}" = true ]]; then
     ENABLE_NAMESPACE_CREATION_COMMAND_SNIPPET="--enable_namespace_creation"
+else
+    ENABLE_NAMESPACE_CREATION_COMMAND_SNIPPET=""
 fi
 
 if [[ "${OUTDIR}" = "none" ]]; then