feat: start work on switching to native Terraform resources for hub r…

…egistration and ACM
terraform-google-modules · Aug 21, 2021 · e03fe58 · e03fe58
1 parent 29bdc55
commit e03fe58
Show file tree

Hide file tree

Showing 24 changed files with 528 additions and 578 deletions.
diff --git a/examples/simple_zonal_with_acm/acm.tf b/examples/simple_zonal_with_acm/acm.tf
@@ -15,13 +15,14 @@
  */
 
 module "acm" {
-  source           = "../../modules/acm"
-  project_id       = var.project_id
-  location         = module.gke.location
-  cluster_name     = module.gke.name
-  sync_repo        = var.acm_sync_repo
-  sync_branch      = var.acm_sync_branch
-  policy_dir       = var.acm_policy_dir
-  cluster_endpoint = module.gke.endpoint
-  operator_path    = var.operator_path
+  source       = "../../modules/acm"
+  project_id   = var.project_id
+  location     = module.gke.location
+  cluster_name = module.gke.name
+
+  sync_repo   = "[email protected]:GoogleCloudPlatform/csp-config-management.git"
+  sync_branch = "1.0.0"
+  policy_dir  = "foo-corp"
+
+  secret_type = "ssh"
 }
diff --git a/examples/simple_zonal_with_acm/main.tf b/examples/simple_zonal_with_acm/main.tf
@@ -32,17 +32,20 @@ provider "kubernetes" {
 }
 
 module "gke" {
-  source            = "../../"
-  project_id        = var.project_id
-  name              = "${local.cluster_type}-cluster${var.cluster_name_suffix}"
-  regional          = false
-  region            = var.region
-  zones             = var.zones
-  network           = var.network
-  subnetwork        = var.subnetwork
-  ip_range_pods     = var.ip_range_pods
-  ip_range_services = var.ip_range_services
-  service_account   = "create"
+  source     = "../../"
+  project_id = var.project_id
+  regional   = false
+  region     = var.region
+  zones      = [var.zone]
+
+  name = "${local.cluster_type}-cluster${var.cluster_name_suffix}"
+
+  network           = google_compute_network.main.name
+  subnetwork        = google_compute_subnetwork.main.name
+  ip_range_pods     = google_compute_subnetwork.main.secondary_ip_range[0].range_name
+  ip_range_services = google_compute_subnetwork.main.secondary_ip_range[1].range_name
+
+  service_account = "create"
   node_pools = [
     {
       name         = "acm-node-pool"

diff --git a/test/fixtures/simple_zonal/network.tf → examples/simple_zonal_with_acm/network.tf b/test/fixtures/simple_zonal/network.tf → examples/simple_zonal_with_acm/network.tf
@@ -1,5 +1,5 @@
 /**
- * Copyright 2018 Google LLC
+ * Copyright 2021 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,17 +20,14 @@ resource "random_string" "suffix" {
   upper   = false
 }
 
-provider "google" {
-  version = "~> 3.42.0"
-  project = var.project_ids[1]
-}
-
 resource "google_compute_network" "main" {
+  project                 = var.project_id
   name                    = "cft-gke-test-${random_string.suffix.result}"
   auto_create_subnetworks = false
 }
 
 resource "google_compute_subnetwork" "main" {
+  project       = var.project_id
   name          = "cft-gke-test-${random_string.suffix.result}"
   ip_cidr_range = "10.0.0.0/17"
   region        = var.region

diff --git a/examples/simple_zonal_with_acm/outputs.tf b/examples/simple_zonal_with_acm/outputs.tf
@@ -25,7 +25,8 @@ output "client_token" {
 }
 
 output "ca_certificate" {
-  value = module.gke.ca_certificate
+  value     = module.gke.ca_certificate
+  sensitive = true
 }
 
 output "service_account" {
@@ -38,3 +39,48 @@ output "acm_git_creds_public" {
   value       = module.acm.git_creds_public
 }
 
+# Standard test outputs
+output "project_id" {
+  value = var.project_id
+}
+
+output "region" {
+  value = module.gke.region
+}
+
+output "cluster_name" {
+  description = "Cluster name"
+  value       = module.gke.name
+}
+
+output "network" {
+  value = google_compute_network.main.name
+}
+
+output "subnetwork" {
+  value = google_compute_subnetwork.main.name
+}
+
+output "location" {
+  value = module.gke.location
+}
+
+output "ip_range_pods" {
+  description = "The secondary IP range used for pods"
+  value       = google_compute_subnetwork.main.secondary_ip_range[0].range_name
+}
+
+output "ip_range_services" {
+  description = "The secondary IP range used for services"
+  value       = google_compute_subnetwork.main.secondary_ip_range[1].range_name
+}
+
+output "zones" {
+  description = "List of zones in which the cluster resides"
+  value       = module.gke.zones
+}
+
+output "master_kubernetes_version" {
+  description = "The master Kubernetes version"
+  value       = module.gke.master_version
+}
diff --git a/examples/simple_zonal_with_acm/test_outputs.tf b/examples/simple_zonal_with_acm/test_outputs.tf
diff --git a/examples/simple_zonal_with_acm/variables.tf b/examples/simple_zonal_with_acm/variables.tf
@@ -25,49 +25,11 @@ variable "cluster_name_suffix" {
 
 variable "region" {
   description = "The region to host the cluster in"
+  default     = "us-central1"
 }
 
-variable "zones" {
-  type        = list(string)
-  description = "The zone to host the cluster in (required if is a zonal cluster)"
-}
-
-variable "network" {
-  description = "The VPC network to host the cluster in"
-}
-
-variable "subnetwork" {
-  description = "The subnetwork to host the cluster in"
-}
-
-variable "ip_range_pods" {
-  description = "The secondary ip range to use for pods"
-}
-
-variable "ip_range_services" {
-  description = "The secondary ip range to use for services"
-}
-
-variable "acm_sync_repo" {
-  description = "Anthos config management Git repo"
-  type        = string
-  default     = "[email protected]:GoogleCloudPlatform/csp-config-management.git"
-}
-
-variable "acm_sync_branch" {
-  description = "Anthos config management Git branch"
-  type        = string
-  default     = "1.0.0"
-}
-
-variable "acm_policy_dir" {
-  description = "Subfolder containing configs in ACM Git repo"
-  type        = string
-  default     = "foo-corp"
-}
-
-variable "operator_path" {
-  description = "Path to the operator yaml config. If unset, will download from GCS releases."
+variable "zone" {
   type        = string
-  default     = null
+  description = "The zone to host the cluster in"
+  default     = "us-central1-a"
 }
diff --git a/modules/acm/main.tf b/modules/acm/main.tf
@@ -14,50 +14,34 @@
  * limitations under the License.
  */
 
-module "enable_acm" {
-  source  = "terraform-google-modules/gcloud/google"
-  version = "~> 2.0"
+module "acm_operator" {
+  source = "../hub-acm-feature"
 
-  platform              = "linux"
-  upgrade               = true
-  additional_components = ["alpha"]
+  cluster_name          = var.cluster_name
+  project_id            = var.project_id
+  location              = var.location
+  cluster_membership_id = var.cluster_membership_id
 
-  service_account_key_file = var.service_account_key_file
-  create_cmd_entrypoint    = "gcloud"
-  create_cmd_body          = "alpha container hub config-management enable --project ${var.project_id}"
-  destroy_cmd_entrypoint   = "gcloud"
-  destroy_cmd_body         = "alpha container hub config-management disable --force --project ${var.project_id}"
-}
+  source_format = var.source_format
+  sync_repo     = var.sync_repo
+  sync_branch   = var.sync_branch
+  sync_revision = var.sync_revision
+  policy_dir    = var.policy_dir
 
-module "acm_operator" {
+  create_ssh_key = var.create_ssh_key
+  secret_type    = var.secret_type
+  ssh_auth_key   = var.ssh_auth_key
 
-  source = "../k8s-operator-crd-support"
-
-  cluster_name             = var.cluster_name
-  project_id               = var.project_id
-  location                 = var.location
-  operator_path            = var.operator_path
-  enable_multi_repo        = var.enable_multi_repo
-  sync_repo                = var.sync_repo
-  sync_branch              = var.sync_branch
-  sync_revision            = var.sync_revision
-  policy_dir               = var.policy_dir
-  cluster_endpoint         = var.cluster_endpoint
-  create_ssh_key           = var.create_ssh_key
-  secret_type              = var.secret_type
-  ssh_auth_key             = var.ssh_auth_key
   enable_policy_controller = var.enable_policy_controller
   install_template_library = var.install_template_library
-  source_format            = var.source_format
-  hierarchy_controller     = var.hierarchy_controller
   enable_log_denies        = var.enable_log_denies
+
+  hierarchy_controller = var.hierarchy_controller
+
+  # Necessary for generating credentials secrets
   service_account_key_file = var.service_account_key_file
   use_existing_context     = var.use_existing_context
 
-  operator_latest_manifest_url  = "gs://config-management-release/released/latest/config-management-operator.yaml"
-  operator_cr_template_path     = "${path.module}/templates/acm-config.yml.tpl"
   operator_credential_namespace = "config-management-system"
   operator_credential_name      = "git-creds"
-
-  rootsync_cr_template_path = "${path.module}/templates/root-sync.yml.tpl"
 }
diff --git a/modules/acm/templates/acm-config.yml.tpl b/modules/acm/templates/acm-config.yml.tpl
diff --git a/modules/acm/templates/root-sync.yml.tpl b/modules/acm/templates/root-sync.yml.tpl