From e51804ed4849fa85748a95ca169b92445d258d91 Mon Sep 17 00:00:00 2001 From: Andrew Peabody Date: Fri, 2 Jun 2023 09:01:33 -0700 Subject: [PATCH] fix: policy bundles now use idx as resource name (bundles will be re-applied) (#1657) --- modules/acm/creds.tf | 4 ++-- modules/acm/policy_bundles.tf | 7 ++++--- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/modules/acm/creds.tf b/modules/acm/creds.tf index fb8b5fb37..5bd395da9 100644 --- a/modules/acm/creds.tf +++ b/modules/acm/creds.tf @@ -30,12 +30,12 @@ resource "tls_private_key" "k8sop_creds" { rsa_bits = 4096 } -# Wait for the ACM operator to create the namespace +# Wait for ACM resource "time_sleep" "wait_acm" { count = (var.create_ssh_key == true || var.ssh_auth_key != null || var.enable_policy_controller || var.enable_config_sync) ? 1 : 0 depends_on = [google_gke_hub_feature_membership.main] - create_duration = "300s" + create_duration = (length(var.policy_bundles) > 0) ? "600s" : "300s" } resource "google_service_account_iam_binding" "ksa_iam" { diff --git a/modules/acm/policy_bundles.tf b/modules/acm/policy_bundles.tf index b03987e86..8bd122d1e 100644 --- a/modules/acm/policy_bundles.tf +++ b/modules/acm/policy_bundles.tf @@ -18,12 +18,13 @@ module "policy_bundles" { source = "terraform-google-modules/gcloud/google//modules/kubectl-wrapper" version = "~> 3.1" - for_each = toset(var.policy_bundles) + # Use index as name to avoid long url or special filesystem chars + for_each = { for i, v in var.policy_bundles : i => v } project_id = var.project_id cluster_name = var.cluster_name cluster_location = var.location - kubectl_create_command = "kubectl apply -k ${each.key}" - kubectl_destroy_command = "kubectl delete -k ${each.key}" + kubectl_create_command = "kubectl apply -k ${each.value}" + kubectl_destroy_command = "kubectl delete -k ${each.value}" module_depends_on = [time_sleep.wait_acm] }