From 54bc23b2e81cda4c0bf81b7c03150ff8204420bf Mon Sep 17 00:00:00 2001 From: bharathkkb Date: Sat, 23 Jan 2021 17:30:37 -0600 Subject: [PATCH 1/7] feat!: add Terraform 0.13 constraint and module attribution --- Makefile | 2 +- autogen/main/versions.tf.tmpl | 37 +++++++++++++++---- autogen/safer-cluster/versions.tf.tmpl | 9 ++++- build/int.cloudbuild.yaml | 2 +- build/lint.cloudbuild.yaml | 2 +- modules/asm/versions.tf | 24 ++++++++++++ modules/auth/versions.tf | 24 ++++++++++++ .../versions.tf | 16 ++++++-- modules/beta-private-cluster/versions.tf | 16 ++++++-- .../versions.tf | 16 ++++++-- modules/beta-public-cluster/versions.tf | 16 ++++++-- modules/binary-authorization/main.tf | 2 +- modules/binary-authorization/versions.tf | 24 ++++++++++++ modules/hub/versions.tf | 24 ++++++++++++ .../versions.tf | 16 ++++++-- modules/private-cluster/versions.tf | 16 ++++++-- .../safer-cluster-update-variant/versions.tf | 7 +++- modules/safer-cluster/versions.tf | 7 +++- modules/services/versions.tf | 24 ++++++++++++ modules/workload-identity/versions.tf | 24 ++++++++++++ test/bundle.hcl | 2 +- versions.tf | 16 ++++++-- 22 files changed, 290 insertions(+), 36 deletions(-) create mode 100644 modules/asm/versions.tf create mode 100644 modules/auth/versions.tf create mode 100644 modules/binary-authorization/versions.tf create mode 100644 modules/hub/versions.tf create mode 100644 modules/services/versions.tf create mode 100644 modules/workload-identity/versions.tf diff --git a/Makefile b/Makefile index 27dee100f1..ad5084b497 100644 --- a/Makefile +++ b/Makefile @@ -18,7 +18,7 @@ # Make will use bash instead of sh SHELL := /usr/bin/env bash -DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0.12.2 +DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0.13 DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools REGISTRY_URL := gcr.io/cloud-foundation-cicd diff --git a/autogen/main/versions.tf.tmpl b/autogen/main/versions.tf.tmpl index 8b0e00aee8..b682d80e64 100644 --- a/autogen/main/versions.tf.tmpl +++ b/autogen/main/versions.tf.tmpl @@ -14,16 +14,39 @@ * limitations under the License. */ +{% set module_path_str = module_path|string %} +{% set module_registry_name = module_path_str.split('/')[-1] %} + terraform { - required_version = ">=0.12.6" + required_version = ">=0.13" - required_providers { {% if beta_cluster %} - google-beta = ">= 3.49.0, <4.0.0" - kubernetes = "~> 1.10, != 1.11.0" + required_providers { + google-beta = { + source = "hashicorp/google-beta" + version = ">= 3.49.0, <4.0.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = "~> 1.10, != 1.11.0" + } + } + provider_meta "google-beta" { + module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v13.0.0" + } {% else %} - google = ">= 3.39.0, <4.0.0" - kubernetes = "~> 1.10, != 1.11.0" -{% endif %} + required_providers { + google = { + source = "hashicorp/google" + version = ">= 3.39.0, <4.0.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = "~> 1.10, != 1.11.0" + } } + provider_meta "google" { + module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v13.0.0" + } +{% endif %} } diff --git a/autogen/safer-cluster/versions.tf.tmpl b/autogen/safer-cluster/versions.tf.tmpl index d2096e4100..e5405fd3d2 100644 --- a/autogen/safer-cluster/versions.tf.tmpl +++ b/autogen/safer-cluster/versions.tf.tmpl @@ -16,6 +16,13 @@ {{ autogeneration_note }} +{% set module_path_str = module_path|string %} +{% set module_registry_name = module_path_str.split('/')[-1] %} + terraform { - required_version = ">=0.12" + required_version = ">=0.13" + + provider_meta "google-beta" { + module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v13.0.0" + } } diff --git a/build/int.cloudbuild.yaml b/build/int.cloudbuild.yaml index cc6deaa53f..e0ac5bee9e 100644 --- a/build/int.cloudbuild.yaml +++ b/build/int.cloudbuild.yaml @@ -429,6 +429,6 @@ tags: - 'integration' substitutions: _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools' - _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.12.2' + _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.13' options: machineType: 'N1_HIGHCPU_8' diff --git a/build/lint.cloudbuild.yaml b/build/lint.cloudbuild.yaml index b0443342e6..174674df29 100644 --- a/build/lint.cloudbuild.yaml +++ b/build/lint.cloudbuild.yaml @@ -22,7 +22,7 @@ tags: - 'lint' substitutions: _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools' - _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.12.2' + _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.13' options: machineType: 'N1_HIGHCPU_8' env: diff --git a/modules/asm/versions.tf b/modules/asm/versions.tf new file mode 100644 index 0000000000..59f0913479 --- /dev/null +++ b/modules/asm/versions.tf @@ -0,0 +1,24 @@ + +/** + * Copyright 2021 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = ">= 0.13.0" + + provider_meta "google" { + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:asm/v13.0.0" + } +} diff --git a/modules/auth/versions.tf b/modules/auth/versions.tf new file mode 100644 index 0000000000..c25ff80a25 --- /dev/null +++ b/modules/auth/versions.tf @@ -0,0 +1,24 @@ + +/** + * Copyright 2021 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = ">= 0.13.0" + + provider_meta "google" { + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:auth/v13.0.0" + } +} diff --git a/modules/beta-private-cluster-update-variant/versions.tf b/modules/beta-private-cluster-update-variant/versions.tf index af6c74cab9..d747086151 100644 --- a/modules/beta-private-cluster-update-variant/versions.tf +++ b/modules/beta-private-cluster-update-variant/versions.tf @@ -14,11 +14,21 @@ * limitations under the License. */ + terraform { - required_version = ">=0.12.6" + required_version = ">=0.13" required_providers { - google-beta = ">= 3.49.0, <4.0.0" - kubernetes = "~> 1.10, != 1.11.0" + google-beta = { + source = "hashicorp/google-beta" + version = ">= 3.49.0, <4.0.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = "~> 1.10, != 1.11.0" + } + } + provider_meta "google-beta" { + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-private-cluster-update-variant/v13.0.0" } } diff --git a/modules/beta-private-cluster/versions.tf b/modules/beta-private-cluster/versions.tf index af6c74cab9..daed130510 100644 --- a/modules/beta-private-cluster/versions.tf +++ b/modules/beta-private-cluster/versions.tf @@ -14,11 +14,21 @@ * limitations under the License. */ + terraform { - required_version = ">=0.12.6" + required_version = ">=0.13" required_providers { - google-beta = ">= 3.49.0, <4.0.0" - kubernetes = "~> 1.10, != 1.11.0" + google-beta = { + source = "hashicorp/google-beta" + version = ">= 3.49.0, <4.0.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = "~> 1.10, != 1.11.0" + } + } + provider_meta "google-beta" { + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-private-cluster/v13.0.0" } } diff --git a/modules/beta-public-cluster-update-variant/versions.tf b/modules/beta-public-cluster-update-variant/versions.tf index af6c74cab9..0a40ff5a69 100644 --- a/modules/beta-public-cluster-update-variant/versions.tf +++ b/modules/beta-public-cluster-update-variant/versions.tf @@ -14,11 +14,21 @@ * limitations under the License. */ + terraform { - required_version = ">=0.12.6" + required_version = ">=0.13" required_providers { - google-beta = ">= 3.49.0, <4.0.0" - kubernetes = "~> 1.10, != 1.11.0" + google-beta = { + source = "hashicorp/google-beta" + version = ">= 3.49.0, <4.0.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = "~> 1.10, != 1.11.0" + } + } + provider_meta "google-beta" { + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-public-cluster-update-variant/v13.0.0" } } diff --git a/modules/beta-public-cluster/versions.tf b/modules/beta-public-cluster/versions.tf index af6c74cab9..51a54d8236 100644 --- a/modules/beta-public-cluster/versions.tf +++ b/modules/beta-public-cluster/versions.tf @@ -14,11 +14,21 @@ * limitations under the License. */ + terraform { - required_version = ">=0.12.6" + required_version = ">=0.13" required_providers { - google-beta = ">= 3.49.0, <4.0.0" - kubernetes = "~> 1.10, != 1.11.0" + google-beta = { + source = "hashicorp/google-beta" + version = ">= 3.49.0, <4.0.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = "~> 1.10, != 1.11.0" + } + } + provider_meta "google-beta" { + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-public-cluster/v13.0.0" } } diff --git a/modules/binary-authorization/main.tf b/modules/binary-authorization/main.tf index 2a5b70843a..5b6ee02085 100644 --- a/modules/binary-authorization/main.tf +++ b/modules/binary-authorization/main.tf @@ -25,7 +25,7 @@ locals { module "project-services" { source = "terraform-google-modules/project-factory/google//modules/project_services" - version = "~> 9.2.0" + version = "~> 10.0" project_id = var.project_id activate_apis = local.required_enabled_apis diff --git a/modules/binary-authorization/versions.tf b/modules/binary-authorization/versions.tf new file mode 100644 index 0000000000..da9e1cff02 --- /dev/null +++ b/modules/binary-authorization/versions.tf @@ -0,0 +1,24 @@ + +/** + * Copyright 2021 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = ">= 0.13.0" + + provider_meta "google" { + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:binary-authorization/v13.0.0" + } +} diff --git a/modules/hub/versions.tf b/modules/hub/versions.tf new file mode 100644 index 0000000000..d1e9f531ae --- /dev/null +++ b/modules/hub/versions.tf @@ -0,0 +1,24 @@ + +/** + * Copyright 2021 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = ">= 0.13.0" + + provider_meta "google" { + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:hub/v13.0.0" + } +} diff --git a/modules/private-cluster-update-variant/versions.tf b/modules/private-cluster-update-variant/versions.tf index 6628273a19..616f806837 100644 --- a/modules/private-cluster-update-variant/versions.tf +++ b/modules/private-cluster-update-variant/versions.tf @@ -14,11 +14,21 @@ * limitations under the License. */ + terraform { - required_version = ">=0.12.6" + required_version = ">=0.13" required_providers { - google = ">= 3.39.0, <4.0.0" - kubernetes = "~> 1.10, != 1.11.0" + google = { + source = "hashicorp/google" + version = ">= 3.39.0, <4.0.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = "~> 1.10, != 1.11.0" + } + } + provider_meta "google" { + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:private-cluster-update-variant/v13.0.0" } } diff --git a/modules/private-cluster/versions.tf b/modules/private-cluster/versions.tf index 6628273a19..ab8ef94cbd 100644 --- a/modules/private-cluster/versions.tf +++ b/modules/private-cluster/versions.tf @@ -14,11 +14,21 @@ * limitations under the License. */ + terraform { - required_version = ">=0.12.6" + required_version = ">=0.13" required_providers { - google = ">= 3.39.0, <4.0.0" - kubernetes = "~> 1.10, != 1.11.0" + google = { + source = "hashicorp/google" + version = ">= 3.39.0, <4.0.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = "~> 1.10, != 1.11.0" + } + } + provider_meta "google" { + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:private-cluster/v13.0.0" } } diff --git a/modules/safer-cluster-update-variant/versions.tf b/modules/safer-cluster-update-variant/versions.tf index 84d40a986f..3a81d551fa 100644 --- a/modules/safer-cluster-update-variant/versions.tf +++ b/modules/safer-cluster-update-variant/versions.tf @@ -16,6 +16,11 @@ // This file was automatically generated from a template in ./autogen/safer-cluster + terraform { - required_version = ">=0.12" + required_version = ">=0.13" + + provider_meta "google-beta" { + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:safer-cluster-update-variant/v13.0.0" + } } diff --git a/modules/safer-cluster/versions.tf b/modules/safer-cluster/versions.tf index 84d40a986f..69f2393d5e 100644 --- a/modules/safer-cluster/versions.tf +++ b/modules/safer-cluster/versions.tf @@ -16,6 +16,11 @@ // This file was automatically generated from a template in ./autogen/safer-cluster + terraform { - required_version = ">=0.12" + required_version = ">=0.13" + + provider_meta "google-beta" { + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:safer-cluster/v13.0.0" + } } diff --git a/modules/services/versions.tf b/modules/services/versions.tf new file mode 100644 index 0000000000..fdda240b35 --- /dev/null +++ b/modules/services/versions.tf @@ -0,0 +1,24 @@ + +/** + * Copyright 2021 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = ">= 0.13.0" + + provider_meta "google" { + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:services/v13.0.0" + } +} diff --git a/modules/workload-identity/versions.tf b/modules/workload-identity/versions.tf new file mode 100644 index 0000000000..d692f0ded8 --- /dev/null +++ b/modules/workload-identity/versions.tf @@ -0,0 +1,24 @@ + +/** + * Copyright 2021 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = ">= 0.13.0" + + provider_meta "google" { + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:workload-identity/v13.0.0" + } +} diff --git a/test/bundle.hcl b/test/bundle.hcl index 1940d7df1c..da8610d25b 100644 --- a/test/bundle.hcl +++ b/test/bundle.hcl @@ -1,5 +1,5 @@ terraform { - version = "0.12.29" + version = "0.13.6" } providers { diff --git a/versions.tf b/versions.tf index 6628273a19..4b6f695a51 100644 --- a/versions.tf +++ b/versions.tf @@ -14,11 +14,21 @@ * limitations under the License. */ + terraform { - required_version = ">=0.12.6" + required_version = ">=0.13" required_providers { - google = ">= 3.39.0, <4.0.0" - kubernetes = "~> 1.10, != 1.11.0" + google = { + source = "hashicorp/google" + version = ">= 3.39.0, <4.0.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = "~> 1.10, != 1.11.0" + } + } + provider_meta "google" { + module_name = "blueprints/terraform/terraform-google-kubernetes-engine/v13.0.0" } } From eb41d5986c44969de3d9f6681fae3a4693a3f04a Mon Sep 17 00:00:00 2001 From: bharathkkb Date: Sat, 23 Jan 2021 21:33:14 -0600 Subject: [PATCH 2/7] fix example --- examples/safer_cluster_iap_bastion/apis.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/safer_cluster_iap_bastion/apis.tf b/examples/safer_cluster_iap_bastion/apis.tf index 2ebc75a782..7a213824a5 100644 --- a/examples/safer_cluster_iap_bastion/apis.tf +++ b/examples/safer_cluster_iap_bastion/apis.tf @@ -16,7 +16,7 @@ module "enabled_google_apis" { source = "terraform-google-modules/project-factory/google//modules/project_services" - version = "~> 8.0" + version = "~> 10.0" project_id = var.project_id disable_services_on_destroy = false From 133fd5796e88d1a1fc17d29bff95a548f3e8b971 Mon Sep 17 00:00:00 2001 From: bharathkkb Date: Sat, 23 Jan 2021 22:34:19 -0600 Subject: [PATCH 3/7] fix example provider --- examples/safer_cluster_iap_bastion/provider.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/safer_cluster_iap_bastion/provider.tf b/examples/safer_cluster_iap_bastion/provider.tf index 9996ca6ec6..25831f5b9c 100644 --- a/examples/safer_cluster_iap_bastion/provider.tf +++ b/examples/safer_cluster_iap_bastion/provider.tf @@ -15,7 +15,7 @@ */ provider "google" { - version = "~> 3.42.0" + version = "~> 3.50.0" } provider "google-beta" { From 49d5da965b53f0481aaf4cd27852ae1e8e759483 Mon Sep 17 00:00:00 2001 From: bharathkkb Date: Sun, 24 Jan 2021 14:02:00 -0600 Subject: [PATCH 4/7] fix fw null --- autogen/main/main.tf.tmpl | 2 +- main.tf | 2 +- modules/beta-private-cluster-update-variant/main.tf | 2 +- modules/beta-private-cluster/main.tf | 2 +- modules/beta-public-cluster-update-variant/main.tf | 2 +- modules/beta-public-cluster/main.tf | 2 +- modules/private-cluster-update-variant/main.tf | 2 +- modules/private-cluster/main.tf | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/autogen/main/main.tf.tmpl b/autogen/main/main.tf.tmpl index 2dc3d75d6f..ebb8475bc9 100644 --- a/autogen/main/main.tf.tmpl +++ b/autogen/main/main.tf.tmpl @@ -77,7 +77,7 @@ locals { {% endif %} cluster_subnet_cidr = var.add_cluster_firewall_rules ? data.google_compute_subnetwork.gke_subnetwork[0].ip_cidr_range : null - cluster_alias_ranges_cidr = var.add_cluster_firewall_rules ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {} + cluster_alias_ranges_cidr = (var.add_cluster_firewall_rules && data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range != null) ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {} cluster_network_policy = var.network_policy ? [{ enabled = true diff --git a/main.tf b/main.tf index a8feef2175..0c5cbc9902 100644 --- a/main.tf +++ b/main.tf @@ -68,7 +68,7 @@ locals { default_auto_upgrade = var.regional ? true : false cluster_subnet_cidr = var.add_cluster_firewall_rules ? data.google_compute_subnetwork.gke_subnetwork[0].ip_cidr_range : null - cluster_alias_ranges_cidr = var.add_cluster_firewall_rules ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {} + cluster_alias_ranges_cidr = (var.add_cluster_firewall_rules && data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range != null) ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {} cluster_network_policy = var.network_policy ? [{ enabled = true diff --git a/modules/beta-private-cluster-update-variant/main.tf b/modules/beta-private-cluster-update-variant/main.tf index fc3da46c84..b7d504086d 100644 --- a/modules/beta-private-cluster-update-variant/main.tf +++ b/modules/beta-private-cluster-update-variant/main.tf @@ -69,7 +69,7 @@ locals { default_auto_upgrade = var.regional || var.release_channel != null ? true : false cluster_subnet_cidr = var.add_cluster_firewall_rules ? data.google_compute_subnetwork.gke_subnetwork[0].ip_cidr_range : null - cluster_alias_ranges_cidr = var.add_cluster_firewall_rules ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {} + cluster_alias_ranges_cidr = (var.add_cluster_firewall_rules && data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range != null) ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {} cluster_network_policy = var.network_policy ? [{ enabled = true diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf index fc3da46c84..b7d504086d 100644 --- a/modules/beta-private-cluster/main.tf +++ b/modules/beta-private-cluster/main.tf @@ -69,7 +69,7 @@ locals { default_auto_upgrade = var.regional || var.release_channel != null ? true : false cluster_subnet_cidr = var.add_cluster_firewall_rules ? data.google_compute_subnetwork.gke_subnetwork[0].ip_cidr_range : null - cluster_alias_ranges_cidr = var.add_cluster_firewall_rules ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {} + cluster_alias_ranges_cidr = (var.add_cluster_firewall_rules && data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range != null) ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {} cluster_network_policy = var.network_policy ? [{ enabled = true diff --git a/modules/beta-public-cluster-update-variant/main.tf b/modules/beta-public-cluster-update-variant/main.tf index eae4610b65..6ae437f088 100644 --- a/modules/beta-public-cluster-update-variant/main.tf +++ b/modules/beta-public-cluster-update-variant/main.tf @@ -69,7 +69,7 @@ locals { default_auto_upgrade = var.regional || var.release_channel != null ? true : false cluster_subnet_cidr = var.add_cluster_firewall_rules ? data.google_compute_subnetwork.gke_subnetwork[0].ip_cidr_range : null - cluster_alias_ranges_cidr = var.add_cluster_firewall_rules ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {} + cluster_alias_ranges_cidr = (var.add_cluster_firewall_rules && data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range != null) ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {} cluster_network_policy = var.network_policy ? [{ enabled = true diff --git a/modules/beta-public-cluster/main.tf b/modules/beta-public-cluster/main.tf index eae4610b65..6ae437f088 100644 --- a/modules/beta-public-cluster/main.tf +++ b/modules/beta-public-cluster/main.tf @@ -69,7 +69,7 @@ locals { default_auto_upgrade = var.regional || var.release_channel != null ? true : false cluster_subnet_cidr = var.add_cluster_firewall_rules ? data.google_compute_subnetwork.gke_subnetwork[0].ip_cidr_range : null - cluster_alias_ranges_cidr = var.add_cluster_firewall_rules ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {} + cluster_alias_ranges_cidr = (var.add_cluster_firewall_rules && data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range != null) ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {} cluster_network_policy = var.network_policy ? [{ enabled = true diff --git a/modules/private-cluster-update-variant/main.tf b/modules/private-cluster-update-variant/main.tf index d645f25549..f3baf4cffc 100644 --- a/modules/private-cluster-update-variant/main.tf +++ b/modules/private-cluster-update-variant/main.tf @@ -68,7 +68,7 @@ locals { default_auto_upgrade = var.regional ? true : false cluster_subnet_cidr = var.add_cluster_firewall_rules ? data.google_compute_subnetwork.gke_subnetwork[0].ip_cidr_range : null - cluster_alias_ranges_cidr = var.add_cluster_firewall_rules ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {} + cluster_alias_ranges_cidr = (var.add_cluster_firewall_rules && data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range != null) ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {} cluster_network_policy = var.network_policy ? [{ enabled = true diff --git a/modules/private-cluster/main.tf b/modules/private-cluster/main.tf index d645f25549..f3baf4cffc 100644 --- a/modules/private-cluster/main.tf +++ b/modules/private-cluster/main.tf @@ -68,7 +68,7 @@ locals { default_auto_upgrade = var.regional ? true : false cluster_subnet_cidr = var.add_cluster_firewall_rules ? data.google_compute_subnetwork.gke_subnetwork[0].ip_cidr_range : null - cluster_alias_ranges_cidr = var.add_cluster_firewall_rules ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {} + cluster_alias_ranges_cidr = (var.add_cluster_firewall_rules && data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range != null) ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {} cluster_network_policy = var.network_policy ? [{ enabled = true From 80f71287ea401a9bdea21f3de5d77ac6c99b0070 Mon Sep 17 00:00:00 2001 From: bharathkkb Date: Tue, 26 Jan 2021 20:30:48 -0600 Subject: [PATCH 5/7] depend on computed attrib for example with network --- autogen/main/cluster.tf.tmpl | 4 ++-- examples/safer_cluster/main.tf | 3 ++- modules/beta-private-cluster-update-variant/cluster.tf | 4 ++-- modules/beta-private-cluster/cluster.tf | 4 ++-- modules/beta-public-cluster-update-variant/cluster.tf | 4 ++-- modules/beta-public-cluster/cluster.tf | 4 ++-- 6 files changed, 12 insertions(+), 11 deletions(-) diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 09868231fd..a24adc9b8e 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -567,10 +567,10 @@ resource "google_container_node_pool" "pools" { } dynamic "linux_node_config" { - for_each = merge( + for_each = length(merge( local.node_pools_linux_node_configs_sysctls["all"], local.node_pools_linux_node_configs_sysctls[each.value["name"]] - ) != {} ? [1] : [] + )) != 0 ? [1] : [] content { sysctls = merge( diff --git a/examples/safer_cluster/main.tf b/examples/safer_cluster/main.tf index 9d61784081..bf5dad706e 100644 --- a/examples/safer_cluster/main.tf +++ b/examples/safer_cluster/main.tf @@ -27,6 +27,7 @@ locals { master_auth_subnetwork = "safer-cluster-master-subnet" pods_range_name = "ip-range-pods-${random_string.suffix.result}" svc_range_name = "ip-range-svc-${random_string.suffix.result}" + subnet_names = [for subnet_self_link in module.gcp-network.subnets_self_links : split("/", subnet_self_link)[length(split("/", subnet_self_link)) - 1]] } provider "google" { @@ -53,7 +54,7 @@ module "gke" { regional = true region = var.region network = module.gcp-network.network_name - subnetwork = module.gcp-network.subnets_names[index(module.gcp-network.subnets_names, local.subnet_name)] + subnetwork = local.subnet_names[index(module.gcp-network.subnets_names, local.subnet_name)] ip_range_pods = local.pods_range_name ip_range_services = local.svc_range_name compute_engine_service_account = var.compute_engine_service_account diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 3b5a466367..6a3d034482 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -523,10 +523,10 @@ resource "google_container_node_pool" "pools" { } dynamic "linux_node_config" { - for_each = merge( + for_each = length(merge( local.node_pools_linux_node_configs_sysctls["all"], local.node_pools_linux_node_configs_sysctls[each.value["name"]] - ) != {} ? [1] : [] + )) != 0 ? [1] : [] content { sysctls = merge( diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 15991746a8..5a5fe1e7b5 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -439,10 +439,10 @@ resource "google_container_node_pool" "pools" { } dynamic "linux_node_config" { - for_each = merge( + for_each = length(merge( local.node_pools_linux_node_configs_sysctls["all"], local.node_pools_linux_node_configs_sysctls[each.value["name"]] - ) != {} ? [1] : [] + )) != 0 ? [1] : [] content { sysctls = merge( diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index 87a12e6c4a..09051e8f78 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -504,10 +504,10 @@ resource "google_container_node_pool" "pools" { } dynamic "linux_node_config" { - for_each = merge( + for_each = length(merge( local.node_pools_linux_node_configs_sysctls["all"], local.node_pools_linux_node_configs_sysctls[each.value["name"]] - ) != {} ? [1] : [] + )) != 0 ? [1] : [] content { sysctls = merge( diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 1c9df5d0d5..c580bef1ab 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -420,10 +420,10 @@ resource "google_container_node_pool" "pools" { } dynamic "linux_node_config" { - for_each = merge( + for_each = length(merge( local.node_pools_linux_node_configs_sysctls["all"], local.node_pools_linux_node_configs_sysctls[each.value["name"]] - ) != {} ? [1] : [] + )) != 0 ? [1] : [] content { sysctls = merge( From 3cb8dc06b3db73d887e418ab073ae945760dd576 Mon Sep 17 00:00:00 2001 From: bharathkkb Date: Tue, 26 Jan 2021 20:48:01 -0600 Subject: [PATCH 6/7] remove check for secondary_ip_range --- autogen/main/main.tf.tmpl | 2 +- main.tf | 2 +- modules/beta-private-cluster-update-variant/main.tf | 2 +- modules/beta-private-cluster/main.tf | 2 +- modules/beta-public-cluster-update-variant/main.tf | 2 +- modules/beta-public-cluster/main.tf | 2 +- modules/private-cluster-update-variant/main.tf | 2 +- modules/private-cluster/main.tf | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/autogen/main/main.tf.tmpl b/autogen/main/main.tf.tmpl index ebb8475bc9..2dc3d75d6f 100644 --- a/autogen/main/main.tf.tmpl +++ b/autogen/main/main.tf.tmpl @@ -77,7 +77,7 @@ locals { {% endif %} cluster_subnet_cidr = var.add_cluster_firewall_rules ? data.google_compute_subnetwork.gke_subnetwork[0].ip_cidr_range : null - cluster_alias_ranges_cidr = (var.add_cluster_firewall_rules && data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range != null) ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {} + cluster_alias_ranges_cidr = var.add_cluster_firewall_rules ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {} cluster_network_policy = var.network_policy ? [{ enabled = true diff --git a/main.tf b/main.tf index 0c5cbc9902..a8feef2175 100644 --- a/main.tf +++ b/main.tf @@ -68,7 +68,7 @@ locals { default_auto_upgrade = var.regional ? true : false cluster_subnet_cidr = var.add_cluster_firewall_rules ? data.google_compute_subnetwork.gke_subnetwork[0].ip_cidr_range : null - cluster_alias_ranges_cidr = (var.add_cluster_firewall_rules && data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range != null) ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {} + cluster_alias_ranges_cidr = var.add_cluster_firewall_rules ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {} cluster_network_policy = var.network_policy ? [{ enabled = true diff --git a/modules/beta-private-cluster-update-variant/main.tf b/modules/beta-private-cluster-update-variant/main.tf index b7d504086d..fc3da46c84 100644 --- a/modules/beta-private-cluster-update-variant/main.tf +++ b/modules/beta-private-cluster-update-variant/main.tf @@ -69,7 +69,7 @@ locals { default_auto_upgrade = var.regional || var.release_channel != null ? true : false cluster_subnet_cidr = var.add_cluster_firewall_rules ? data.google_compute_subnetwork.gke_subnetwork[0].ip_cidr_range : null - cluster_alias_ranges_cidr = (var.add_cluster_firewall_rules && data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range != null) ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {} + cluster_alias_ranges_cidr = var.add_cluster_firewall_rules ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {} cluster_network_policy = var.network_policy ? [{ enabled = true diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf index b7d504086d..fc3da46c84 100644 --- a/modules/beta-private-cluster/main.tf +++ b/modules/beta-private-cluster/main.tf @@ -69,7 +69,7 @@ locals { default_auto_upgrade = var.regional || var.release_channel != null ? true : false cluster_subnet_cidr = var.add_cluster_firewall_rules ? data.google_compute_subnetwork.gke_subnetwork[0].ip_cidr_range : null - cluster_alias_ranges_cidr = (var.add_cluster_firewall_rules && data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range != null) ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {} + cluster_alias_ranges_cidr = var.add_cluster_firewall_rules ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {} cluster_network_policy = var.network_policy ? [{ enabled = true diff --git a/modules/beta-public-cluster-update-variant/main.tf b/modules/beta-public-cluster-update-variant/main.tf index 6ae437f088..eae4610b65 100644 --- a/modules/beta-public-cluster-update-variant/main.tf +++ b/modules/beta-public-cluster-update-variant/main.tf @@ -69,7 +69,7 @@ locals { default_auto_upgrade = var.regional || var.release_channel != null ? true : false cluster_subnet_cidr = var.add_cluster_firewall_rules ? data.google_compute_subnetwork.gke_subnetwork[0].ip_cidr_range : null - cluster_alias_ranges_cidr = (var.add_cluster_firewall_rules && data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range != null) ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {} + cluster_alias_ranges_cidr = var.add_cluster_firewall_rules ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {} cluster_network_policy = var.network_policy ? [{ enabled = true diff --git a/modules/beta-public-cluster/main.tf b/modules/beta-public-cluster/main.tf index 6ae437f088..eae4610b65 100644 --- a/modules/beta-public-cluster/main.tf +++ b/modules/beta-public-cluster/main.tf @@ -69,7 +69,7 @@ locals { default_auto_upgrade = var.regional || var.release_channel != null ? true : false cluster_subnet_cidr = var.add_cluster_firewall_rules ? data.google_compute_subnetwork.gke_subnetwork[0].ip_cidr_range : null - cluster_alias_ranges_cidr = (var.add_cluster_firewall_rules && data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range != null) ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {} + cluster_alias_ranges_cidr = var.add_cluster_firewall_rules ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {} cluster_network_policy = var.network_policy ? [{ enabled = true diff --git a/modules/private-cluster-update-variant/main.tf b/modules/private-cluster-update-variant/main.tf index f3baf4cffc..d645f25549 100644 --- a/modules/private-cluster-update-variant/main.tf +++ b/modules/private-cluster-update-variant/main.tf @@ -68,7 +68,7 @@ locals { default_auto_upgrade = var.regional ? true : false cluster_subnet_cidr = var.add_cluster_firewall_rules ? data.google_compute_subnetwork.gke_subnetwork[0].ip_cidr_range : null - cluster_alias_ranges_cidr = (var.add_cluster_firewall_rules && data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range != null) ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {} + cluster_alias_ranges_cidr = var.add_cluster_firewall_rules ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {} cluster_network_policy = var.network_policy ? [{ enabled = true diff --git a/modules/private-cluster/main.tf b/modules/private-cluster/main.tf index f3baf4cffc..d645f25549 100644 --- a/modules/private-cluster/main.tf +++ b/modules/private-cluster/main.tf @@ -68,7 +68,7 @@ locals { default_auto_upgrade = var.regional ? true : false cluster_subnet_cidr = var.add_cluster_firewall_rules ? data.google_compute_subnetwork.gke_subnetwork[0].ip_cidr_range : null - cluster_alias_ranges_cidr = (var.add_cluster_firewall_rules && data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range != null) ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {} + cluster_alias_ranges_cidr = var.add_cluster_firewall_rules ? { for range in toset(data.google_compute_subnetwork.gke_subnetwork[0].secondary_ip_range) : range.range_name => range.ip_cidr_range } : {} cluster_network_policy = var.network_policy ? [{ enabled = true From 0ef26d1b3346334c1c6379b30d5cd95bdbf114df Mon Sep 17 00:00:00 2001 From: bharathkkb Date: Tue, 26 Jan 2021 21:34:28 -0600 Subject: [PATCH 7/7] fix dep in iap example --- test/fixtures/safer_cluster_iap_bastion/example.tf | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/test/fixtures/safer_cluster_iap_bastion/example.tf b/test/fixtures/safer_cluster_iap_bastion/example.tf index c6af2866ab..0713b7bc06 100644 --- a/test/fixtures/safer_cluster_iap_bastion/example.tf +++ b/test/fixtures/safer_cluster_iap_bastion/example.tf @@ -31,7 +31,8 @@ resource "google_project_iam_member" "member" { } data "google_container_cluster" "safer" { - project = var.project_ids[1] - name = module.example.cluster_name - location = module.example.location + project = var.project_ids[1] + name = module.example.cluster_name + location = module.example.location + depends_on = [module.example] }