feat!: Bump instance template version to support terraform 0.14 (#70)

* feat!:Fully support TF 0.14 by bumping instance template version

* Fixed readme and bumped docker container, blocked on gsuite dep in project-factory

* Bumped project-factory in tests

* Module attribution

* Bumped copyright year to 2021

* Fixed lint issues

* Pinned devtools version to 0.13

.gitignore

@@ -27,7 +27,8 @@ Session.vim
 # .tfstate files
 *.tfstate
 *.tfstate.*
-
+# Terraform lock files
+**/.terraform.lock.hcl
 # Crash log files
 crash.log
 

.kitchen.yml

@@ -1,4 +1,4 @@
-# Copyright 2018 Google LLC
+# Copyright 2021 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

Makefile

@@ -1,4 +1,4 @@
-# Copyright 2019 Google LLC
+# Copyright 2021 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -18,7 +18,7 @@
 # Make will use bash instead of sh
 SHELL := /usr/bin/env bash
 
-DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0.12.0
+DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0.13
 DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools
 REGISTRY_URL := gcr.io/cloud-foundation-cicd
 

README.md

@@ -68,35 +68,35 @@ If the user does not share the same domain as the org the bastion is in, you wil
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| additional\_ports | A list of additional ports/ranges to open access to on the instances from IAP. | list(string) | `<list>` | no |
-| create\_instance\_from\_template | Whether to create and instance from the template or not. If false, no instance is created, but the instance template is created and usable by a MIG | bool | `"true"` | no |
-| disk\_size\_gb | Boot disk size in GB | string | `"100"` | no |
-| disk\_type | Boot disk type, can be either pd-ssd, local-ssd, or pd-standard | string | `"pd-standard"` | no |
-| fw\_name\_allow\_ssh\_from\_iap | Firewall rule name for allowing SSH from IAP | string | `"allow-ssh-from-iap-to-tunnel"` | no |
-| host\_project | The network host project ID | string | `""` | no |
-| image | Source image for the Bastion. If image is not specified, image_family will be used (which is the default). | string | `""` | no |
-| image\_family | Source image family for the Bastion. | string | `"centos-7"` | no |
-| image\_project | Project where the source image for the Bastion comes from | string | `"gce-uefi-images"` | no |
-| labels | Key-value map of labels to assign to the bastion host | map | `<map>` | no |
-| machine\_type | Instance type for the Bastion host | string | `"n1-standard-1"` | no |
-| members | List of IAM resources to allow access to the bastion host | list(string) | `<list>` | no |
-| metadata | Key-value map of additional metadata to assign to the instances | map(string) | `<map>` | no |
-| name | Name of the Bastion instance | string | `"bastion-vm"` | no |
-| name\_prefix | Name prefix for instance template | string | `"bastion-instance-template"` | no |
-| network | Self link for the network on which the Bastion should live | string | n/a | yes |
-| project | The project ID to deploy to | string | n/a | yes |
-| random\_role\_id | Enables role random id generation. | bool | `"true"` | no |
-| scopes | List of scopes to attach to the bastion host | list(string) | `<list>` | no |
-| service\_account\_email | If set, the service account and its permissions will not be created. The service account being passed in should have at least the roles listed in the `service_account_roles` variable so that logging and OS Login work as expected. | string | `""` | no |
-| service\_account\_name | Account ID for the service account | string | `"bastion"` | no |
-| service\_account\_roles | List of IAM roles to assign to the service account. | list(string) | `<list>` | no |
-| service\_account\_roles\_supplemental | An additional list of roles to assign to the bastion if desired | list(string) | `<list>` | no |
-| shielded\_vm | Enable shielded VM on the bastion host (recommended) | bool | `"true"` | no |
-| startup\_script | Render a startup script with a template. | string | `""` | no |
-| subnet | Self link for the subnet on which the Bastion should live. Can be private when using IAP | string | n/a | yes |
-| tags | Network tags, provided as a list | list(string) | `<list>` | no |
-| zone | The primary zone where the bastion host will live | string | `"us-central1-a"` | no |
+|------|-------------|------|---------|:--------:|
+| additional\_ports | A list of additional ports/ranges to open access to on the instances from IAP. | `list(string)` | `[]` | no |
+| create\_instance\_from\_template | Whether to create and instance from the template or not. If false, no instance is created, but the instance template is created and usable by a MIG | `bool` | `true` | no |
+| disk\_size\_gb | Boot disk size in GB | `number` | `100` | no |
+| disk\_type | Boot disk type, can be either pd-ssd, local-ssd, or pd-standard | `string` | `"pd-standard"` | no |
+| fw\_name\_allow\_ssh\_from\_iap | Firewall rule name for allowing SSH from IAP | `string` | `"allow-ssh-from-iap-to-tunnel"` | no |
+| host\_project | The network host project ID | `string` | `""` | no |
+| image | Source image for the Bastion. If image is not specified, image\_family will be used (which is the default). | `string` | `""` | no |
+| image\_family | Source image family for the Bastion. | `string` | `"centos-7"` | no |
+| image\_project | Project where the source image for the Bastion comes from | `string` | `"gce-uefi-images"` | no |
+| labels | Key-value map of labels to assign to the bastion host | `map(any)` | `{}` | no |
+| machine\_type | Instance type for the Bastion host | `string` | `"n1-standard-1"` | no |
+| members | List of IAM resources to allow access to the bastion host | `list(string)` | `[]` | no |
+| metadata | Key-value map of additional metadata to assign to the instances | `map(string)` | `{}` | no |
+| name | Name of the Bastion instance | `string` | `"bastion-vm"` | no |
+| name\_prefix | Name prefix for instance template | `string` | `"bastion-instance-template"` | no |
+| network | Self link for the network on which the Bastion should live | `string` | n/a | yes |
+| project | The project ID to deploy to | `string` | n/a | yes |
+| random\_role\_id | Enables role random id generation. | `bool` | `true` | no |
+| scopes | List of scopes to attach to the bastion host | `list(string)` | <pre>[<br>  "cloud-platform"<br>]</pre> | no |
+| service\_account\_email | If set, the service account and its permissions will not be created. The service account being passed in should have at least the roles listed in the `service_account_roles` variable so that logging and OS Login work as expected. | `string` | `""` | no |
+| service\_account\_name | Account ID for the service account | `string` | `"bastion"` | no |
+| service\_account\_roles | List of IAM roles to assign to the service account. | `list(string)` | <pre>[<br>  "roles/logging.logWriter",<br>  "roles/monitoring.metricWriter",<br>  "roles/monitoring.viewer",<br>  "roles/compute.osLogin"<br>]</pre> | no |
+| service\_account\_roles\_supplemental | An additional list of roles to assign to the bastion if desired | `list(string)` | `[]` | no |
+| shielded\_vm | Enable shielded VM on the bastion host (recommended) | `bool` | `true` | no |
+| startup\_script | Render a startup script with a template. | `string` | `""` | no |
+| subnet | Self link for the subnet on which the Bastion should live. Can be private when using IAP | `string` | n/a | yes |
+| tags | Network tags, provided as a list | `list(string)` | `[]` | no |
+| zone | The primary zone where the bastion host will live | `string` | `"us-central1-a"` | no |
 
 ## Outputs
 

build/int.cloudbuild.yaml

@@ -1,4 +1,4 @@
-# Copyright 2018 Google LLC
+# Copyright 2021 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -38,4 +38,4 @@ tags:
 - 'integration'
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
-  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.12.0'
+  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.13'

build/lint.cloudbuild.yaml

@@ -1,4 +1,4 @@
-# Copyright 2019 Google LLC
+# Copyright 2021 Google LLC
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -21,4 +21,4 @@ tags:
 - 'lint'
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
-  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.12.0'
+  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.13'

examples/bastion_group/README.md

@@ -47,11 +47,15 @@ bastion-host module instead.
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| members | List of members in the standard GCP form: user:{email}, serviceAccount:{email}, group:{email} | list | `<list>` | no |
-| project | Project ID where the bastion will run | string | n/a | yes |
-| region | Region where the bastion will run | string | `"us-west1"` | no |
-| target\_size | Number of instances to create | string | `"2"` | no |
-| zone | Zone where they bastion will run | string | `"us-west1-a"` | no |
+|------|-------------|------|---------|:--------:|
+| members | List of members in the standard GCP form: user:{email}, serviceAccount:{email}, group:{email} | `list` | `[]` | no |
+| project | Project ID where the bastion will run | `string` | n/a | yes |
+| region | Region where the bastion will run | `string` | `"us-west1"` | no |
+| target\_size | Number of instances to create | `number` | `2` | no |
+| zone | Zone where they bastion will run | `string` | `"us-west1-a"` | no |
+
+## Outputs
+
+No output.
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

examples/bastion_group/main.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019 Google LLC
+ * Copyright 2021 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

examples/bastion_group/variables.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019 Google LLC
+ * Copyright 2021 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

examples/bastion_group/versions.tf

@@ -0,0 +1,29 @@
+/**
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+terraform {
+  required_version = ">=0.13"
+  required_providers {
+    google = {
+      source = "hashicorp/google"
+    }
+    google-beta = {
+      source = "hashicorp/google-beta"
+    }
+    random = {
+      source = "hashicorp/random"
+    }
+  }
+}

examples/iap_tunneling/README.md

@@ -40,11 +40,15 @@ External IP address was not found; defaulting to using IAP tunneling.
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| instance | Name of the example VM instance to create and allow SSH from IAP. | string | n/a | yes |
-| members | List of members in the standard GCP form: user:{email}, serviceAccount:{email}, group:{email} | list(string) | n/a | yes |
-| project | Project ID where to set up the instance and IAP tunneling | string | n/a | yes |
-| region | Region to create the subnet and example VM. | string | `"us-west1"` | no |
-| zone | Zone of the example VM instance to create and allow SSH from IAP. | string | `"us-west1-a"` | no |
+|------|-------------|------|---------|:--------:|
+| instance | Name of the example VM instance to create and allow SSH from IAP. | `any` | n/a | yes |
+| members | List of members in the standard GCP form: user:{email}, serviceAccount:{email}, group:{email} | `list(string)` | n/a | yes |
+| project | Project ID where to set up the instance and IAP tunneling | `any` | n/a | yes |
+| region | Region to create the subnet and example VM. | `string` | `"us-west1"` | no |
+| zone | Zone of the example VM instance to create and allow SSH from IAP. | `string` | `"us-west1-a"` | no |
+
+## Outputs
+
+No output.
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

examples/iap_tunneling/main.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019 Google LLC
+ * Copyright 2021 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

examples/iap_tunneling/variables.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019 Google LLC
+ * Copyright 2021 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

examples/iap_tunneling/versions.tf

@@ -0,0 +1,23 @@
+/**
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+terraform {
+  required_version = ">=0.13"
+  required_providers {
+    google = {
+      source = "hashicorp/google"
+    }
+  }
+}

examples/simple_example/README.md

@@ -34,10 +34,14 @@ External IP address was not found; defaulting to using IAP tunneling.
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| members | List of members in the standard GCP form: user:{email}, serviceAccount:{email}, group:{email} | list | `<list>` | no |
-| project | Project ID where the bastion will run | string | n/a | yes |
-| region | Region where the bastion will run | string | `"us-west1"` | no |
-| zone | Zone where they bastion will run | string | `"us-west1-a"` | no |
+|------|-------------|------|---------|:--------:|
+| members | List of members in the standard GCP form: user:{email}, serviceAccount:{email}, group:{email} | `list` | `[]` | no |
+| project | Project ID where the bastion will run | `string` | n/a | yes |
+| region | Region where the bastion will run | `string` | `"us-west1"` | no |
+| zone | Zone where they bastion will run | `string` | `"us-west1-a"` | no |
+
+## Outputs
+
+No output.
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

examples/simple_example/main.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019 Google LLC
+ * Copyright 2021 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

examples/simple_example/variables.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019 Google LLC
+ * Copyright 2021 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

examples/simple_example/versions.tf

@@ -0,0 +1,29 @@
+/**
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+terraform {
+  required_version = ">=0.13"
+  required_providers {
+    google = {
+      source = "hashicorp/google"
+    }
+    google-beta = {
+      source = "hashicorp/google-beta"
+    }
+    random = {
+      source = "hashicorp/random"
+    }
+  }
+}

examples/two_service_example/README.md

@@ -73,12 +73,16 @@ You can also try SSHing to the other host, priv-host-a-2. This should work. Try
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| network | Self link for the VPC network | string | n/a | yes |
-| project | The ID of the project in which to provision resources. | string | n/a | yes |
-| subnet | Self link for the Subnet within var.network | string | n/a | yes |
-| user\_a | User in the IAM policy format of user:{email} | string | n/a | yes |
-| user\_b | User in the IAM policy format of user:{email} | string | n/a | yes |
-| zone |  | string | `"us-west1-a"` | no |
+|------|-------------|------|---------|:--------:|
+| network | Self link for the VPC network | `string` | n/a | yes |
+| project | The ID of the project in which to provision resources. | `string` | n/a | yes |
+| subnet | Self link for the Subnet within var.network | `string` | n/a | yes |
+| user\_a | User in the IAM policy format of user:{email} | `any` | n/a | yes |
+| user\_b | User in the IAM policy format of user:{email} | `any` | n/a | yes |
+| zone | n/a | `string` | `"us-west1-a"` | no |
+
+## Outputs
+
+No output.
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->

examples/two_service_example/iam.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019 Google LLC
+ * Copyright 2021 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

examples/two_service_example/instances.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019 Google LLC
+ * Copyright 2021 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

examples/two_service_example/main.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019 Google LLC
+ * Copyright 2021 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

examples/two_service_example/variables.tf

@@ -1,5 +1,5 @@
 /**
- * Copyright 2019 Google LLC
+ * Copyright 2021 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

examples/two_service_example/versions.tf

@@ -0,0 +1,29 @@
+/**
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+terraform {
+  required_version = ">=0.13"
+  required_providers {
+    google = {
+      source = "hashicorp/google"
+    }
+    google-beta = {
+      source = "hashicorp/google-beta"
+    }
+    random = {
+      source = "hashicorp/random"
+    }
+  }
+}