Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add workload identity support #234

Merged
merged 7 commits into from
Aug 15, 2019
Merged

Add workload identity support #234

merged 7 commits into from
Aug 15, 2019

Conversation

sylvioneto
Copy link

Workload Identity is already available in beta and it works well.
This PR adds it to beta-private-cluster.

morgante
morgante suggested changes Aug 14, 2019
View reviewed changes
Copy link
Contributor

@morgante morgante left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for looking at this!

modules/beta-private-cluster/cluster_regional.tf Outdated Show resolved Hide resolved
sylvioneto
sylvioneto commented Aug 14, 2019
View reviewed changes
Copy link
Author

@sylvioneto sylvioneto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

moved changes from modules to autogen

@sylvioneto sylvioneto changed the title Add workload identity support to beta-private-cluster Add workload identity support Aug 14, 2019
sylvioneto
sylvioneto commented Aug 15, 2019
View reviewed changes
Copy link
Author

@sylvioneto sylvioneto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

reviewed

@morgante
Copy link
Contributor

Thanks for the contribution. Please resolve the merge conflicts and this looks good to go.

morgante
morgante suggested changes Aug 15, 2019
View reviewed changes
Copy link
Contributor

@morgante morgante left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the fix! Could you also run make generate to generate the submodules?

autogen/variables.tf Show resolved Hide resolved
@morgante morgante merged commit 80e0066 into terraform-google-modules:master Aug 15, 2019
@kopachevsky
Copy link
Contributor

@morgante workload-metadata-config test failing after merge of this PR with terraform crash, updating provider to 2.12 fix the issue, but otherwise:

bash-4.4# kitchen verify workload-metadata-config-local
-----> Starting Kitchen (v1.24.0)
-----> Converging <workload-metadata-config-local>...
       Terraform v0.12.3
       
       Your version of Terraform is out of date! The latest version
       is 0.12.6. You can update by downloading from www.terraform.io/downloads.html
$$$$$$ Running command `terraform workspace select kitchen-terraform-workload-metadata-config-local` in directory /cft/workdir/test/fixtures/workload_metadata_config
$$$$$$ Running command `terraform get -update` in directory /cft/workdir/test/fixtures/workload_metadata_config
       - example in ../../../examples/workload_metadata_config
       - example.gke in ../../../modules/beta-private-cluster
$$$$$$ Running command `terraform validate   ` in directory /cft/workdir/test/fixtures/workload_metadata_config
       Success! The configuration is valid.
       
$$$$$$ Running command `terraform apply -lock=true -lock-timeout=0s -input=false -auto-approve=true  -parallelism=10 -refresh=true  ` in directory /cft/workdir/test/fixtures/workload_metadata_config
       module.example.module.gke.data.google_client_config.default: Refreshing state...
       module.example.module.gke.data.google_compute_zones.available: Refreshing state...
       module.example.data.google_client_config.default: Refreshing state...
       module.example.module.gke.data.google_container_engine_versions.region: Refreshing state...
       module.example.module.gke.data.google_container_engine_versions.zone: Refreshing state...
       random_string.suffix: Creating...
       module.example.module.gke.random_string.cluster_service_account_suffix: Creating...
       random_string.suffix: Creation complete after 0s [id=13xy]
       module.example.module.gke.random_string.cluster_service_account_suffix: Creation complete after 0s [id=dbor]
       google_compute_network.main: Creating...
       module.example.module.gke.random_shuffle.available_zones: Creating...
       module.example.module.gke.random_shuffle.available_zones: Creation complete after 0s [id=-]
       google_compute_network.main: Still creating... [10s elapsed]
       google_compute_network.main: Creation complete after 17s [id=cft-gke-test-13xy]
       google_compute_subnetwork.main: Creating...
       module.example.module.gke.data.google_compute_network.gke_network: Refreshing state...
       google_compute_subnetwork.main: Still creating... [10s elapsed]
       google_compute_subnetwork.main: Still creating... [20s elapsed]
       google_compute_subnetwork.main: Creation complete after 29s [id=us-east4/cft-gke-test-13xy]
       module.example.data.google_compute_subnetwork.subnetwork: Refreshing state...
       module.example.module.gke.data.google_compute_subnetwork.gke_subnetwork: Refreshing state...
       module.example.module.gke.google_container_cluster.primary: Creating...
       
       Error: rpc error: code = Unavailable desc = transport is closing
       
       
       panic: interface conversion: interface {} is nil, not map[string]interface {}
       2019-08-16T13:14:06.272Z [DEBUG] plugin.terraform-provider-google-beta_v2.9.1_x4: 
       2019-08-16T13:14:06.272Z [DEBUG] plugin.terraform-provider-google-beta_v2.9.1_x4: goroutine 31 [running]:
       2019-08-16T13:14:06.272Z [DEBUG] plugin.terraform-provider-google-beta_v2.9.1_x4: github.com/terraform-providers/terraform-provider-google-beta/google-beta.expandWorkloadIdentityConfig(...)
       2019-08-16T13:14:06.272Z [DEBUG] plugin.terraform-provider-google-beta_v2.9.1_x4: 	/opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-google-beta/google-beta/resource_container_cluster.go:2199
       2019-08-16T13:14:06.272Z [DEBUG] plugin.terraform-provider-google-beta_v2.9.1_x4: github.com/terraform-providers/terraform-provider-google-beta/google-beta.resourceContainerClusterCreate(0xc00086f1f0, 0x1c43640, 0xc0000e4900, 0x0, 0x0)
       2019-08-16T13:14:06.272Z [DEBUG] plugin.terraform-provider-google-beta_v2.9.1_x4: 	/opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-google-beta/google-beta/resource_container_cluster.go:1000 +0x362b
       2019-08-16T13:14:06.272Z [DEBUG] plugin.terraform-provider-google-beta_v2.9.1_x4: github.com/terraform-providers/terraform-provider-google-beta/vendor/github.com/hashicorp/terraform/helper/schema.(*Resource).Apply(0xc0004c9980, 0xc0007aa370, 0xc00017e4c0, 0x1c43640, 0xc0000e4900, 0x1bb4c01, 0xc0002bc0e8, 0xc0003c9bc0)
       2019-08-16T13:14:06.272Z [DEBUG] plugin.terraform-provider-google-beta_v2.9.1_x4: 	/opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-google-beta/vendor/github.com/hashicorp/terraform/helper/schema/resource.go:286 +0x363
       2019-08-16T13:14:06.272Z [DEBUG] plugin.terraform-provider-google-beta_v2.9.1_x4: github.com/terraform-providers/terraform-provider-google-beta/vendor/github.com/hashicorp/terraform/helper/schema.(*Provider).Apply(0xc0003c0000, 0xc00091f9b8, 0xc0007aa370, 0xc00017e4c0, 0xc000621948, 0xc000878750, 0x1bb8760)
       2019-08-16T13:14:06.272Z [DEBUG] plugin.terraform-provider-google-beta_v2.9.1_x4: 	/opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-google-beta/vendor/github.com/hashicorp/terraform/helper/schema/provider.go:285 +0x9c
       2019-08-16T13:14:06.272Z [DEBUG] plugin.terraform-provider-google-beta_v2.9.1_x4: github.com/terraform-providers/terraform-provider-google-beta/vendor/github.com/hashicorp/terraform/helper/plugin.(*GRPCProviderServer).ApplyResourceChange(0xc00057a6b8, 0x226b060, 0xc00086c1b0, 0xc000646180, 0xc00057a6b8, 0xc00086c120, 0x1c38b80)
       2019-08-16T13:14:06.272Z [DEBUG] plugin.terraform-provider-google-beta_v2.9.1_x4: 	/opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-google-beta/vendor/github.com/hashicorp/terraform/helper/plugin/grpc_provider.go:851 +0x87a
       2019-08-16T13:14:06.272Z [DEBUG] plugin.terraform-provider-google-beta_v2.9.1_x4: github.com/terraform-providers/terraform-provider-google-beta/vendor/github.com/hashicorp/terraform/internal/tfplugin5._Provider_ApplyResourceChange_Handler(0x1f6d700, 0xc00057a6b8, 0x226b060, 0xc00086c1b0, 0xc0007aa0a0, 0x0, 0x0, 0x0, 0xc000873500, 0x14a8)
       2019-08-16T13:14:06.272Z [DEBUG] plugin.terraform-provider-google-beta_v2.9.1_x4: 	/opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-google-beta/vendor/github.com/hashicorp/terraform/internal/tfplugin5/tfplugin5.pb.go:3217 +0x23e
       2019-08-16T13:14:06.272Z [DEBUG] plugin.terraform-provider-google-beta_v2.9.1_x4: github.com/terraform-providers/terraform-provider-google-beta/vendor/google.golang.org/grpc.(*Server).processUnaryRPC(0xc000083380, 0x22732c0, 0xc000001800, 0xc000470000, 0xc00053a150, 0x349fa40, 0x0, 0x0, 0x0)
       2019-08-16T13:14:06.272Z [DEBUG] plugin.terraform-provider-google-beta_v2.9.1_x4: 	/opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-google-beta/vendor/google.golang.org/grpc/server.go:972 +0x4a2
       2019-08-16T13:14:06.272Z [DEBUG] plugin.terraform-provider-google-beta_v2.9.1_x4: github.com/terraform-providers/terraform-provider-google-beta/vendor/google.golang.org/grpc.(*Server).handleStream(0xc000083380, 0x22732c0, 0xc000001800, 0xc000470000, 0x0)
       2019-08-16T13:14:06.272Z [DEBUG] plugin.terraform-provider-google-beta_v2.9.1_x4: 	/opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-google-beta/vendor/google.golang.org/grpc/server.go:1252 +0xe02
       2019-08-16T13:14:06.272Z [DEBUG] plugin.terraform-provider-google-beta_v2.9.1_x4: github.com/terraform-providers/terraform-provider-google-beta/vendor/google.golang.org/grpc.(*Server).serveStreams.func1.1(0xc0004aa000, 0xc000083380, 0x22732c0, 0xc000001800, 0xc000470000)
       2019-08-16T13:14:06.272Z [DEBUG] plugin.terraform-provider-google-beta_v2.9.1_x4: 	/opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-google-beta/vendor/google.golang.org/grpc/server.go:691 +0x9f
       2019-08-16T13:14:06.272Z [DEBUG] plugin.terraform-provider-google-beta_v2.9.1_x4: created by github.com/terraform-providers/terraform-provider-google-beta/vendor/google.golang.org/grpc.(*Server).serveStreams.func1
       2019-08-16T13:14:06.272Z [DEBUG] plugin.terraform-provider-google-beta_v2.9.1_x4: 	/opt/teamcity-agent/work/5d79fe75d4460a2f/src/github.com/terraform-providers/terraform-provider-google-beta/vendor/google.golang.org/grpc/server.go:689 +0xa1
       2019-08-16T13:14:06.274Z [DEBUG] plugin: plugin process exited: path=/cft/workdir/test/fixtures/workload_metadata_config/.terraform/plugins/linux_amd64/terraform-provider-google-beta_v2.9.1_x4 pid=1929 error="exit status 2"
       2019/08/16 13:14:06 [DEBUG] module.example.module.gke.google_container_cluster.primary: apply errored, but we're indicating that via the Error pointer rather than returning it: rpc error: code = Unavailable desc = transport is closing
       2019/08/16 13:14:06 [TRACE] module.example.module.gke: eval: *terraform.EvalMaybeTainted
       2019/08/16 13:14:06 [TRACE] EvalMaybeTainted: module.example.module.gke.google_container_cluster.primary encountered an error during creation, so it is now marked as tainted
       2019/08/16 13:14:06 [TRACE] module.example.module.gke: eval: *terraform.EvalWriteState
       2019/08/16 13:14:06 [TRACE] EvalWriteState: removing state object for module.example.module.gke.google_container_cluster.primary
       2019/08/16 13:14:06 [TRACE] module.example.module.gke: eval: *terraform.EvalApplyProvisioners
       2019/08/16 13:14:06 [TRACE] EvalApplyProvisioners: google_container_cluster.primary has no state, so skipping provisioners
       2019/08/16 13:14:06 [TRACE] module.example.module.gke: eval: *terraform.EvalMaybeTainted
       2019/08/16 13:14:06 [TRACE] EvalMaybeTainted: module.example.module.gke.google_container_cluster.primary encountered an error during creation, so it is now marked as tainted
       2019/08/16 13:14:06 [TRACE] module.example.module.gke: eval: *terraform.EvalWriteState
       2019/08/16 13:14:06 [TRACE] EvalWriteState: removing state object for module.example.module.gke.google_container_cluster.primary
       2019/08/16 13:14:06 [TRACE] module.example.module.gke: eval: *terraform.EvalIf
       2019/08/16 13:14:06 [TRACE] module.example.module.gke: eval: *terraform.EvalIf
       2019/08/16 13:14:06 [TRACE] module.example.module.gke: eval: *terraform.EvalWriteDiff
       2019/08/16 13:14:06 [TRACE] module.example.module.gke: eval: *terraform.EvalApplyPost
       2019/08/16 13:14:06 [ERROR] module.example.module.gke: eval: *terraform.EvalApplyPost, err: rpc error: code = Unavailable desc = transport is closing
       2019/08/16 13:14:06 [ERROR] module.example.module.gke: eval: *terraform.EvalSequence, err: rpc error: code = Unavailable desc = transport is closing
       2019/08/16 13:14:06 [TRACE] [walkApply] Exiting eval tree: module.example.module.gke.google_container_cluster.primary
       2019/08/16 13:14:06 [TRACE] vertex "module.example.module.gke.google_container_cluster.primary": visit complete
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_output_istio_enabled" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_output_intranode_visbility_enabled" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_output_endpoint" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_istio_enabled" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_output_regional_zones" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_output_monitoring_service" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_output_name" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_output_region" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_monitoring_service" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_region" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_output_master_auth" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.output.monitoring_service" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.output.region" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_master_auth_list_layer1" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_master_auth_list_layer2" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_output_http_load_balancing_enabled" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_intranode_visibility_enabled" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_master_auth_map" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_endpoint" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.output.intranode_visibility_enabled" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_ca_certificate" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_output_master_version" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_name" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_output_zones" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_output_vertical_pod_autoscaling_enabled" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_master_version" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_output_network_policy_enabled" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_vertical_pod_autoscaling_enabled" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.output.region" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_output_kubernetes_dashboard_enabled" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.output.vertical_pod_autoscaling_enabled" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_output_min_master_version" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_kubernetes_dashboard_enabled" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.output.istio_enabled" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "output.region" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.provider.kubernetes" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_zones" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_http_load_balancing_enabled" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.output.zones" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.output.http_load_balancing_enabled" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_output_logging_service" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_output_pod_security_policy_enabled" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_logging_service" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_pod_security_policy_enabled" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_output_horizontal_pod_autoscaling_enabled" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.output.kubernetes_dashboard_enabled" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.kubernetes_config_map.ip-masq-agent (prepare state)" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.output.ca_certificate" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_min_master_version" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.output.logging_service" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.output.master_version" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.output.pod_security_policy_enabled" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.kubernetes_config_map.kube-dns (prepare state)" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.kubernetes_config_map.kube-dns-upstream-nameservers-and-stub-domains (prepare state)" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.kubernetes_config_map.kube-dns-upstream-namservers (prepare state)" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.provider.kubernetes (close)" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_output_location" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_location" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.output.ca_certificate" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "output.ca_certificate" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.output.name" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.output.cluster_name" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "output.cluster_name" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_network_policy_enabled" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.output.network_policy_enabled" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.output.zones" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "output.zones" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_horizontal_pod_autoscaling_enabled" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.output.horizontal_pod_autoscaling_enabled" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.output.min_master_version" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.google_container_node_pool.pools[0]" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_output_node_pools_versions" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_node_pools_versions" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.output.node_pools_versions" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.output.master_kubernetes_version" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "output.master_kubernetes_version" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.null_resource.wait_for_cluster" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "provisioner.local-exec (close)" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_output_node_pools_names" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.local.cluster_node_pools_names" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.output.node_pools_names" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.provider.google-beta (close)" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.output.endpoint" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.output.kubernetes_endpoint" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "output.kubernetes_endpoint" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.module.gke.output.location" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "module.example.output.location" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "output.location" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "meta.count-boundary (EachMode fixup)" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "provider.null (close)" errored, so skipping
       2019/08/16 13:14:06 [TRACE] dag/walk: upstream of "root" errored, so skipping
       2019/08/16 13:14:06 [TRACE] statemgr.Filesystem: no original state snapshot to back up
       2019/08/16 13:14:06 [TRACE] statemgr.Filesystem: state has changed since last snapshot, so incrementing serial to 8
       2019/08/16 13:14:06 [TRACE] statemgr.Filesystem: writing snapshot at terraform.tfstate.d/kitchen-terraform-workload-metadata-config-local/terraform.tfstate
       2019/08/16 13:14:06 [TRACE] statemgr.Filesystem: removing lock metadata file terraform.tfstate.d/kitchen-terraform-workload-metadata-config-local/.terraform.tfstate.lock.info
       2019/08/16 13:14:06 [TRACE] statemgr.Filesystem: unlocking terraform.tfstate.d/kitchen-terraform-workload-metadata-config-local/terraform.tfstate using fcntl flock
       2019-08-16T13:14:06.289Z [DEBUG] plugin: plugin exited
       2019-08-16T13:14:06.294Z [DEBUG] plugin: plugin process exited: path=/cft/bin/terraform pid=1886
       2019-08-16T13:14:06.294Z [DEBUG] plugin: plugin process exited: path=/cft/bin/terraform pid=1722
       2019-08-16T13:14:06.294Z [DEBUG] plugin: plugin process exited: path=/cft/workdir/test/fixtures/workload_metadata_config/.terraform/plugins/linux_amd64/terraform-provider-null_v2.1.2_x4 pid=1897
       2019-08-16T13:14:06.294Z [DEBUG] plugin: plugin exited
       2019-08-16T13:14:06.294Z [DEBUG] plugin: plugin exited
       2019-08-16T13:14:06.294Z [DEBUG] plugin: plugin exited
       2019-08-16T13:14:06.294Z [DEBUG] plugin: plugin process exited: path=/cft/bin/terraform pid=1816
       2019-08-16T13:14:06.295Z [DEBUG] plugin: plugin exited
       
       
       
       !!!!!!!!!!!!!!!!!!!!!!!!!!! TERRAFORM CRASH !!!!!!!!!!!!!!!!!!!!!!!!!!!!
       
       Terraform crashed! This is always indicative of a bug within Terraform.
       A crash log has been placed at "crash.log" relative to your current
       working directory. It would be immensely helpful if you could please
       report the crash with Terraform[1] so that we can fix this.
       
       When reporting bugs, please include your terraform version. That
       information is available on the first line of crash.log. You can also
       get it by running 'terraform --version' on the command line.

@sylvioneto
Copy link
Author

I'm using the module with provider version 2.12 since it was merged and works perfectly. I created a cluster successfully.

@morgante
Copy link
Contributor

@kopachevsky Yes we just need to update to the latest provider.

richardmcsong
richardmcsong reviewed Aug 17, 2019
View reviewed changes
Copy link
Contributor

@richardmcsong richardmcsong left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The workload_identity_config fails when you have a pre-existing cluster made without this changeset. It tries to change the cluster definition to add an empty block workload_identity_config {}, with the provider failing: Error: googleapi: Error 400: Must specify a field to update., badRequest. This might be better served by a dynamic terraform block, to prevent the block from being defined at all if var.identity_namespace is empty.

autogen/cluster.tf Show resolved Hide resolved
@sylvioneto sylvioneto mentioned this pull request Aug 17, 2019
Merged
@sylvioneto
Copy link
Author

@richardmcsong I've opened a PR to implement the fix you suggested. Thank you for pointing it.
#237

This was referenced Sep 20, 2019
Closed
Closed
CPL-markus pushed a commit to WALTER-GROUP/terraform-google-kubernetes-engine that referenced this pull request Jul 15, 2024
@morgante
Merge pull request terraform-google-modules#234 from sylvioneto/master
4798249 
Add workload identity support
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@richardmcsong richardmcsong richardmcsong left review comments

@morgante morgante morgante approved these changes

@aaron-lane aaron-lane Awaiting requested review from aaron-lane

@adrienthebo adrienthebo Awaiting requested review from adrienthebo

@Jberlinsky Jberlinsky Awaiting requested review from Jberlinsky

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@sylvioneto @morgante @kopachevsky @richardmcsong