From d122a55f82c0625ca88ffb1055d758406d902cd1 Mon Sep 17 00:00:00 2001 From: Marco Ferrari Date: Wed, 28 Dec 2022 08:33:57 +0200 Subject: [PATCH] feat!: Set the provided SA when creating autopilot clusters (#1495) Co-authored-by: Bharath KKB --- autogen/main/cluster.tf.tmpl | 11 ++++ autogen/main/versions.tf.tmpl | 4 +- build/int.cloudbuild.yaml | 23 ++++++- .../README.md | 33 ++++++++++ .../main.tf | 59 ++++++++++++++++++ .../network.tf | 50 ++++++++++++++++ .../outputs.tf | 60 +++++++++++++++++++ .../variables.tf | 19 ++++++ .../versions.tf | 28 +++++++++ .../beta-autopilot-private-cluster/cluster.tf | 9 +++ .../versions.tf | 2 +- .../beta-autopilot-public-cluster/cluster.tf | 9 +++ .../beta-autopilot-public-cluster/versions.tf | 2 +- .../versions.tf | 2 +- modules/beta-private-cluster/versions.tf | 2 +- .../versions.tf | 2 +- modules/beta-public-cluster/versions.tf | 2 +- .../versions.tf | 2 +- modules/private-cluster/versions.tf | 2 +- test/integration/go.mod | 16 ++--- test/integration/go.sum | 0 ...e_autopilot_private_non_default_sa_test.go | 42 +++++++++++++ test/integration/utils/utils.go | 30 ++++++++++ versions.tf | 2 +- 24 files changed, 389 insertions(+), 22 deletions(-) create mode 100644 examples/simple_autopilot_private_non_default_sa/README.md create mode 100644 examples/simple_autopilot_private_non_default_sa/main.tf create mode 100644 examples/simple_autopilot_private_non_default_sa/network.tf create mode 100644 examples/simple_autopilot_private_non_default_sa/outputs.tf create mode 100644 examples/simple_autopilot_private_non_default_sa/variables.tf create mode 100644 examples/simple_autopilot_private_non_default_sa/versions.tf mode change 100755 => 100644 test/integration/go.mod mode change 100755 => 100644 test/integration/go.sum create mode 100644 test/integration/simple_autopilot_private_non_default_sa/simple_autopilot_private_non_default_sa_test.go create mode 100644 test/integration/utils/utils.go diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 3abf6b0f8..368fbeed3 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -150,6 +150,17 @@ resource "google_container_cluster" "primary" { } } {% endif %} + {% if autopilot_cluster == true %} + cluster_autoscaling { + dynamic "auto_provisioning_defaults" { + for_each = var.create_service_account ? [1] : [] + + content { + service_account = local.service_account + } + } + } + {% endif %} vertical_pod_autoscaling { enabled = var.enable_vertical_pod_autoscaling } diff --git a/autogen/main/versions.tf.tmpl b/autogen/main/versions.tf.tmpl index a85658bde..6a0f85719 100644 --- a/autogen/main/versions.tf.tmpl +++ b/autogen/main/versions.tf.tmpl @@ -24,7 +24,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 4.42.0, < 5.0" + version = ">= 4.44.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" @@ -38,7 +38,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.36.0, < 5.0" + version = ">= 4.44.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/build/int.cloudbuild.yaml b/build/int.cloudbuild.yaml index bcae8a781..f48a35e4d 100644 --- a/build/int.cloudbuild.yaml +++ b/build/int.cloudbuild.yaml @@ -401,9 +401,26 @@ steps: - verify private-zonal-with-networking name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' args: ['/bin/bash', '-c', 'cft test run TestPrivateZonalWithNetworking --stage teardown --verbose --test-dir test/integration'] - - - +- id: init simple-autopilot-private-non-default-sa + waitFor: + - prepare + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'cft test run TestSimpleAutopilotPrivateNonDefaultSA --stage init --verbose'] +- id: apply simple-autopilot-private-non-default-sa + waitFor: + - init simple-autopilot-private-non-default-sa + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'cft test run TestSimpleAutopilotPrivateNonDefaultSA --stage apply --verbose'] +- id: verify simple-autopilot-private-non-default-sa + waitFor: + - apply simple-autopilot-private-non-default-sa + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'cft test run TestSimpleAutopilotPrivateNonDefaultSA --stage verify --verbose'] +- id: teardown simple-autopilot-private-non-default-sa + waitFor: + - verify simple-autopilot-private-non-default-sa + name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' + args: ['/bin/bash', '-c', 'cft test run TestSimpleAutopilotPrivateNonDefaultSA --stage teardown --verbose'] tags: - 'ci' - 'integration' diff --git a/examples/simple_autopilot_private_non_default_sa/README.md b/examples/simple_autopilot_private_non_default_sa/README.md new file mode 100644 index 000000000..9256580e8 --- /dev/null +++ b/examples/simple_autopilot_private_non_default_sa/README.md @@ -0,0 +1,33 @@ +# Simple Regional Autopilot Cluster + +This example illustrates how to create a simple autopilot cluster with beta features and +not using the default service account. + + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|------|---------|:--------:| +| project\_id | The project ID to host the cluster in | `any` | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| cluster\_name | Cluster name | +| kubernetes\_endpoint | The cluster endpoint | +| location | n/a | +| master\_kubernetes\_version | Kubernetes version of the master | +| network\_name | The name of the VPC being created | +| region | The region in which the cluster resides | +| service\_account | The service account to default running nodes as if not overridden in `node_pools`. | +| subnet\_names | The names of the subnet being created | +| zones | List of zones in which the cluster resides | + + + +To provision this example, run the following from within this directory: +- `terraform init` to get the plugins +- `terraform plan` to see the infrastructure plan +- `terraform apply` to apply the infrastructure build +- `terraform destroy` to destroy the built infrastructure diff --git a/examples/simple_autopilot_private_non_default_sa/main.tf b/examples/simple_autopilot_private_non_default_sa/main.tf new file mode 100644 index 000000000..e8368eb02 --- /dev/null +++ b/examples/simple_autopilot_private_non_default_sa/main.tf @@ -0,0 +1,59 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + cluster_type = "simple-ap-private-non-default-sa" + network_name = "${local.cluster_type}-network" + subnet_name = "${local.cluster_type}-subnet" + master_auth_subnetwork = "${local.cluster_type}-master-subnet" + pods_range_name = "ip-range-pods-${local.cluster_type}" + svc_range_name = "ip-range-svc-${local.cluster_type}" + subnet_names = [for subnet_self_link in module.gcp-network.subnets_self_links : split("/", subnet_self_link)[length(split("/", subnet_self_link)) - 1]] +} + + +data "google_client_config" "default" {} + +provider "kubernetes" { + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} + +module "gke" { + source = "../../modules/beta-autopilot-private-cluster/" + project_id = var.project_id + name = "${local.cluster_type}-cluster" + regional = true + region = "us-central1" + network = module.gcp-network.network_name + subnetwork = local.subnet_names[index(module.gcp-network.subnets_names, local.subnet_name)] + ip_range_pods = local.pods_range_name + ip_range_services = local.svc_range_name + release_channel = "REGULAR" + enable_vertical_pod_autoscaling = true + enable_private_endpoint = true + enable_private_nodes = true + master_ipv4_cidr_block = "172.16.0.0/28" + datapath_provider = "ADVANCED_DATAPATH" + + master_authorized_networks = [ + { + cidr_block = "10.60.0.0/17" + display_name = "VPC" + }, + ] +} diff --git a/examples/simple_autopilot_private_non_default_sa/network.tf b/examples/simple_autopilot_private_non_default_sa/network.tf new file mode 100644 index 000000000..9f3689370 --- /dev/null +++ b/examples/simple_autopilot_private_non_default_sa/network.tf @@ -0,0 +1,50 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +module "gcp-network" { + source = "terraform-google-modules/network/google" + version = ">= 4.0.1" + + project_id = var.project_id + network_name = local.network_name + + subnets = [ + { + subnet_name = local.subnet_name + subnet_ip = "10.0.0.0/17" + subnet_region = "us-central1" + subnet_private_access = true + }, + { + subnet_name = local.master_auth_subnetwork + subnet_ip = "10.60.0.0/17" + subnet_region = "us-central1" + }, + ] + + secondary_ranges = { + (local.subnet_name) = [ + { + range_name = local.pods_range_name + ip_cidr_range = "192.168.0.0/18" + }, + { + range_name = local.svc_range_name + ip_cidr_range = "192.168.64.0/18" + }, + ] + } +} diff --git a/examples/simple_autopilot_private_non_default_sa/outputs.tf b/examples/simple_autopilot_private_non_default_sa/outputs.tf new file mode 100644 index 000000000..cfe5ee17f --- /dev/null +++ b/examples/simple_autopilot_private_non_default_sa/outputs.tf @@ -0,0 +1,60 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "kubernetes_endpoint" { + description = "The cluster endpoint" + sensitive = true + value = module.gke.endpoint +} + +output "cluster_name" { + description = "Cluster name" + value = module.gke.name +} + +output "location" { + value = module.gke.location +} + +output "master_kubernetes_version" { + description = "Kubernetes version of the master" + value = module.gke.master_version +} + +output "service_account" { + description = "The service account to default running nodes as if not overridden in `node_pools`." + value = module.gke.service_account +} + +output "network_name" { + description = "The name of the VPC being created" + value = module.gcp-network.network_name +} + +output "subnet_names" { + description = "The names of the subnet being created" + value = module.gcp-network.subnets_names +} + +output "region" { + description = "The region in which the cluster resides" + value = module.gke.region +} + +output "zones" { + description = "List of zones in which the cluster resides" + value = module.gke.zones +} diff --git a/examples/simple_autopilot_private_non_default_sa/variables.tf b/examples/simple_autopilot_private_non_default_sa/variables.tf new file mode 100644 index 000000000..80f4b3cf3 --- /dev/null +++ b/examples/simple_autopilot_private_non_default_sa/variables.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to host the cluster in" +} diff --git a/examples/simple_autopilot_private_non_default_sa/versions.tf b/examples/simple_autopilot_private_non_default_sa/versions.tf new file mode 100644 index 000000000..210a18748 --- /dev/null +++ b/examples/simple_autopilot_private_non_default_sa/versions.tf @@ -0,0 +1,28 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_providers { + google = { + source = "hashicorp/google" + version = "~> 4.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + } + } + required_version = ">= 0.13" +} diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf index d61138267..1679ed045 100644 --- a/modules/beta-autopilot-private-cluster/cluster.tf +++ b/modules/beta-autopilot-private-cluster/cluster.tf @@ -71,6 +71,15 @@ resource "google_container_cluster" "primary" { } } } + cluster_autoscaling { + dynamic "auto_provisioning_defaults" { + for_each = var.create_service_account ? [1] : [] + + content { + service_account = local.service_account + } + } + } vertical_pod_autoscaling { enabled = var.enable_vertical_pod_autoscaling } diff --git a/modules/beta-autopilot-private-cluster/versions.tf b/modules/beta-autopilot-private-cluster/versions.tf index 3d0c10df5..d2c56938f 100644 --- a/modules/beta-autopilot-private-cluster/versions.tf +++ b/modules/beta-autopilot-private-cluster/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 4.42.0, < 5.0" + version = ">= 4.44.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf index aa78edc45..9fe5820da 100644 --- a/modules/beta-autopilot-public-cluster/cluster.tf +++ b/modules/beta-autopilot-public-cluster/cluster.tf @@ -71,6 +71,15 @@ resource "google_container_cluster" "primary" { } } } + cluster_autoscaling { + dynamic "auto_provisioning_defaults" { + for_each = var.create_service_account ? [1] : [] + + content { + service_account = local.service_account + } + } + } vertical_pod_autoscaling { enabled = var.enable_vertical_pod_autoscaling } diff --git a/modules/beta-autopilot-public-cluster/versions.tf b/modules/beta-autopilot-public-cluster/versions.tf index a12bef4ec..f33d10d73 100644 --- a/modules/beta-autopilot-public-cluster/versions.tf +++ b/modules/beta-autopilot-public-cluster/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 4.42.0, < 5.0" + version = ">= 4.44.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-private-cluster-update-variant/versions.tf b/modules/beta-private-cluster-update-variant/versions.tf index fe3f5580d..309dfee7b 100644 --- a/modules/beta-private-cluster-update-variant/versions.tf +++ b/modules/beta-private-cluster-update-variant/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 4.42.0, < 5.0" + version = ">= 4.44.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-private-cluster/versions.tf b/modules/beta-private-cluster/versions.tf index 7a504e28c..1484f8db3 100644 --- a/modules/beta-private-cluster/versions.tf +++ b/modules/beta-private-cluster/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 4.42.0, < 5.0" + version = ">= 4.44.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-public-cluster-update-variant/versions.tf b/modules/beta-public-cluster-update-variant/versions.tf index 0e0bee1e7..5239940eb 100644 --- a/modules/beta-public-cluster-update-variant/versions.tf +++ b/modules/beta-public-cluster-update-variant/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 4.42.0, < 5.0" + version = ">= 4.44.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-public-cluster/versions.tf b/modules/beta-public-cluster/versions.tf index 75cc6b48d..637074ea1 100644 --- a/modules/beta-public-cluster/versions.tf +++ b/modules/beta-public-cluster/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google-beta = { source = "hashicorp/google-beta" - version = ">= 4.42.0, < 5.0" + version = ">= 4.44.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/private-cluster-update-variant/versions.tf b/modules/private-cluster-update-variant/versions.tf index d59900d20..ebf289042 100644 --- a/modules/private-cluster-update-variant/versions.tf +++ b/modules/private-cluster-update-variant/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.36.0, < 5.0" + version = ">= 4.44.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/private-cluster/versions.tf b/modules/private-cluster/versions.tf index f914717b7..b761b263b 100644 --- a/modules/private-cluster/versions.tf +++ b/modules/private-cluster/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.36.0, < 5.0" + version = ">= 4.44.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/test/integration/go.mod b/test/integration/go.mod old mode 100755 new mode 100644 index d78b6f187..85d8f9cf9 --- a/test/integration/go.mod +++ b/test/integration/go.mod @@ -1,10 +1,17 @@ -module github.com/terraform-google-modules/workspace/test/integration +module github.com/terraform-google-modules/terraform-google-kubernetes-engine/test/integration go 1.18 require ( github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test v0.4.0 + github.com/go-openapi/jsonreference v0.19.5 // indirect + github.com/go-openapi/swag v0.19.14 // indirect + github.com/google/go-cmp v0.5.8 // indirect github.com/stretchr/testify v1.8.1 + golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd // indirect + golang.org/x/net v0.0.0-20220722155237-a158d28d115b // indirect + golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect + google.golang.org/protobuf v1.28.0 // indirect ) require ( @@ -19,13 +26,10 @@ require ( github.com/davecgh/go-spew v1.1.1 // indirect github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0 // indirect github.com/go-openapi/jsonpointer v0.19.5 // indirect - github.com/go-openapi/jsonreference v0.19.5 // indirect - github.com/go-openapi/swag v0.19.14 // indirect github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect github.com/golang/protobuf v1.5.2 // indirect github.com/golang/snappy v0.0.3 // indirect github.com/google/gnostic v0.5.7-v3refs // indirect - github.com/google/go-cmp v0.5.8 // indirect github.com/googleapis/gax-go/v2 v2.0.5 // indirect github.com/gruntwork-io/terratest v0.40.7 // indirect github.com/hashicorp/errwrap v1.0.0 // indirect @@ -55,12 +59,9 @@ require ( github.com/ulikunitz/xz v0.5.8 // indirect github.com/zclconf/go-cty v1.9.1 // indirect go.opencensus.io v0.23.0 // indirect - golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd // indirect golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 // indirect golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect - golang.org/x/net v0.0.0-20220722155237-a158d28d115b // indirect golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c // indirect - golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect golang.org/x/text v0.3.7 // indirect golang.org/x/tools v0.1.10 // indirect golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect @@ -68,7 +69,6 @@ require ( google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c // indirect google.golang.org/grpc v1.38.0 // indirect - google.golang.org/protobuf v1.28.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 // indirect diff --git a/test/integration/go.sum b/test/integration/go.sum old mode 100755 new mode 100644 diff --git a/test/integration/simple_autopilot_private_non_default_sa/simple_autopilot_private_non_default_sa_test.go b/test/integration/simple_autopilot_private_non_default_sa/simple_autopilot_private_non_default_sa_test.go new file mode 100644 index 000000000..4692ddac2 --- /dev/null +++ b/test/integration/simple_autopilot_private_non_default_sa/simple_autopilot_private_non_default_sa_test.go @@ -0,0 +1,42 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package simple_autopilot_private_non_default_sa + +import ( + "testing" + + "github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/gcloud" + "github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/tft" + "github.com/stretchr/testify/assert" + "github.com/terraform-google-modules/terraform-google-kubernetes-engine/test/integration/utils" +) + +func TestSimpleAutopilotPrivateNonDefaultSA(t *testing.T) { + projectID := utils.GetTestProjectFromSetup(t, 1) + bpt := tft.NewTFBlueprintTest(t, tft.WithVars(map[string]interface{}{"project_id": projectID})) + + bpt.DefineVerify(func(assert *assert.Assertions) { + bpt.DefaultVerify(assert) + + location := bpt.GetStringOutput("location") + clusterName := bpt.GetStringOutput("cluster_name") + sa := bpt.GetStringOutput("service_account") + + op := gcloud.Runf(t, "container clusters describe %s --zone %s --project %s", clusterName, location, projectID) + assert.True(op.Get("autopilot.enabled").Bool(), "should be autopilot") + assert.Equal(sa, op.Get("autoscaling.autoprovisioningNodePoolDefaults.serviceAccount").String(), "should have custom SA") + }) + bpt.Test() +} diff --git a/test/integration/utils/utils.go b/test/integration/utils/utils.go new file mode 100644 index 000000000..3c7097ed0 --- /dev/null +++ b/test/integration/utils/utils.go @@ -0,0 +1,30 @@ +// Copyright 2022 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package utils + +import ( + "testing" + + "github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/tft" +) + +func GetTestProjectFromSetup(t *testing.T, idx int) string { + setup := tft.NewTFBlueprintTest(t) + projectIDs := setup.GetTFSetupOutputListVal("project_ids") + if len(projectIDs)-1 < idx { + t.Fatalf("project_ids has %d elements, index of %d is invalid", len(projectIDs), idx) + } + return projectIDs[idx] +} diff --git a/versions.tf b/versions.tf index e08a8f3fd..eebc0fed1 100644 --- a/versions.tf +++ b/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.36.0, < 5.0" + version = ">= 4.44.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes"