From 658acb014d06e54757e60302aa9da91c37669c13 Mon Sep 17 00:00:00 2001
From: Grant Sorbo <gtsorbo@google.com>
Date: Fri, 20 Sep 2024 17:15:30 -0500
Subject: [PATCH] fix: reformat subnetwork secondary range block (#187)

fix: constrain provider version for GKE examples to <5.44
fix: add real attribute condition for OIDC example
---
 .../gh-runner-gke-dind-rootless/versions.tf   |  8 ++++++--
 examples/gh-runner-gke-dind/versions.tf       |  8 ++++++--
 examples/gh-runner-gke-simple/versions.tf     |  8 ++++++--
 examples/oidc-simple/main.tf                  |  7 ++++---
 modules/gh-runner-gke/main.tf                 | 19 ++++++++++---------
 modules/gh-runner-gke/versions.tf             |  5 +++++
 6 files changed, 37 insertions(+), 18 deletions(-)

diff --git a/examples/gh-runner-gke-dind-rootless/versions.tf b/examples/gh-runner-gke-dind-rootless/versions.tf
index 52f9cc4..12e52e1 100644
--- a/examples/gh-runner-gke-dind-rootless/versions.tf
+++ b/examples/gh-runner-gke-dind-rootless/versions.tf
@@ -16,11 +16,15 @@
 
 terraform {
   required_providers {
+    # TODO: undo version constraint pending provider bug
+    # https://github.com/GoogleCloudPlatform/magic-modules/pull/11688
     google = {
-      source = "hashicorp/google"
+      source  = "hashicorp/google"
+      version = ">= 4.3.0, < 5.44"
     }
     google-beta = {
-      source = "hashicorp/google-beta"
+      source  = "hashicorp/google-beta"
+      version = ">= 4.3.0, < 5.44"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
diff --git a/examples/gh-runner-gke-dind/versions.tf b/examples/gh-runner-gke-dind/versions.tf
index 52f9cc4..12e52e1 100644
--- a/examples/gh-runner-gke-dind/versions.tf
+++ b/examples/gh-runner-gke-dind/versions.tf
@@ -16,11 +16,15 @@
 
 terraform {
   required_providers {
+    # TODO: undo version constraint pending provider bug
+    # https://github.com/GoogleCloudPlatform/magic-modules/pull/11688
     google = {
-      source = "hashicorp/google"
+      source  = "hashicorp/google"
+      version = ">= 4.3.0, < 5.44"
     }
     google-beta = {
-      source = "hashicorp/google-beta"
+      source  = "hashicorp/google-beta"
+      version = ">= 4.3.0, < 5.44"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
diff --git a/examples/gh-runner-gke-simple/versions.tf b/examples/gh-runner-gke-simple/versions.tf
index 52f9cc4..12e52e1 100644
--- a/examples/gh-runner-gke-simple/versions.tf
+++ b/examples/gh-runner-gke-simple/versions.tf
@@ -16,11 +16,15 @@
 
 terraform {
   required_providers {
+    # TODO: undo version constraint pending provider bug
+    # https://github.com/GoogleCloudPlatform/magic-modules/pull/11688
     google = {
-      source = "hashicorp/google"
+      source  = "hashicorp/google"
+      version = ">= 4.3.0, < 5.44"
     }
     google-beta = {
-      source = "hashicorp/google-beta"
+      source  = "hashicorp/google-beta"
+      version = ">= 4.3.0, < 5.44"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
diff --git a/examples/oidc-simple/main.tf b/examples/oidc-simple/main.tf
index a8fae5b..4065df5 100644
--- a/examples/oidc-simple/main.tf
+++ b/examples/oidc-simple/main.tf
@@ -30,9 +30,10 @@ module "oidc" {
   source  = "terraform-google-modules/github-actions-runners/google//modules/gh-oidc"
   version = "~> 3.0"
 
-  project_id  = var.project_id
-  pool_id     = "example-pool"
-  provider_id = "example-gh-provider"
+  project_id          = var.project_id
+  pool_id             = "example-pool"
+  provider_id         = "example-gh-provider"
+  attribute_condition = "assertion.repository_owner_id=='1342004'"
   sa_mapping = {
     (google_service_account.sa.account_id) = {
       sa_name   = google_service_account.sa.name
diff --git a/modules/gh-runner-gke/main.tf b/modules/gh-runner-gke/main.tf
index 46d7abd..9abc5b6 100644
--- a/modules/gh-runner-gke/main.tf
+++ b/modules/gh-runner-gke/main.tf
@@ -35,15 +35,16 @@ resource "google_compute_subnetwork" "gh-subnetwork" {
   ip_cidr_range = var.subnet_ip
   region        = var.region
   network       = google_compute_network.gh-network[0].name
-  secondary_ip_range = [
-    {
-      range_name    = var.ip_range_pods_name
-      ip_cidr_range = var.ip_range_pods_cidr
-    },
-    { range_name    = var.ip_range_services_name
-      ip_cidr_range = var.ip_range_services_cider
-    }
-  ]
+
+  secondary_ip_range {
+    range_name    = var.ip_range_pods_name
+    ip_cidr_range = var.ip_range_pods_cidr
+  }
+
+  secondary_ip_range {
+    range_name    = var.ip_range_services_name
+    ip_cidr_range = var.ip_range_services_cider
+  }
 }
 /*****************************************
   Runner GKE
diff --git a/modules/gh-runner-gke/versions.tf b/modules/gh-runner-gke/versions.tf
index 0778952..20c3e8c 100644
--- a/modules/gh-runner-gke/versions.tf
+++ b/modules/gh-runner-gke/versions.tf
@@ -23,6 +23,11 @@ terraform {
       version = ">= 4.3.0, < 7"
     }
 
+    google-beta = {
+      source  = "hashicorp/google-beta"
+      version = ">= 4.3.0, < 7"
+    }
+
     kubernetes = {
       source  = "hashicorp/kubernetes"
       version = "~> 2.0"