From e9574693e04449122438ad80f1a2886cf2f6a8d5 Mon Sep 17 00:00:00 2001 From: Julien Reichardt Date: Thu, 11 May 2023 04:54:34 +0200 Subject: [PATCH 01/39] chore: Use `google_service_account#member` attribute (#1615) Co-authored-by: Bharath KKB --- autogen/main/sa.tf.tmpl | 8 ++++---- modules/beta-autopilot-private-cluster/sa.tf | 8 ++++---- modules/beta-autopilot-public-cluster/sa.tf | 8 ++++---- modules/beta-private-cluster-update-variant/sa.tf | 8 ++++---- modules/beta-private-cluster/sa.tf | 8 ++++---- modules/beta-public-cluster-update-variant/sa.tf | 8 ++++---- modules/beta-public-cluster/sa.tf | 8 ++++---- modules/private-cluster-update-variant/sa.tf | 8 ++++---- modules/private-cluster/sa.tf | 8 ++++---- sa.tf | 8 ++++---- 10 files changed, 40 insertions(+), 40 deletions(-) diff --git a/autogen/main/sa.tf.tmpl b/autogen/main/sa.tf.tmpl index 0b47560236..17e9755da7 100644 --- a/autogen/main/sa.tf.tmpl +++ b/autogen/main/sa.tf.tmpl @@ -49,28 +49,28 @@ resource "google_project_iam_member" "cluster_service_account-log_writer" { count = var.create_service_account ? 1 : 0 project = google_service_account.cluster_service_account[0].project role = "roles/logging.logWriter" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-metric_writer" { count = var.create_service_account ? 1 : 0 project = google_project_iam_member.cluster_service_account-log_writer[0].project role = "roles/monitoring.metricWriter" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-monitoring_viewer" { count = var.create_service_account ? 1 : 0 project = google_project_iam_member.cluster_service_account-metric_writer[0].project role = "roles/monitoring.viewer" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-resourceMetadata-writer" { count = var.create_service_account ? 1 : 0 project = google_project_iam_member.cluster_service_account-monitoring_viewer[0].project role = "roles/stackdriver.resourceMetadata.writer" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-gcr" { diff --git a/modules/beta-autopilot-private-cluster/sa.tf b/modules/beta-autopilot-private-cluster/sa.tf index 5e703de5aa..16593f5caf 100644 --- a/modules/beta-autopilot-private-cluster/sa.tf +++ b/modules/beta-autopilot-private-cluster/sa.tf @@ -49,28 +49,28 @@ resource "google_project_iam_member" "cluster_service_account-log_writer" { count = var.create_service_account ? 1 : 0 project = google_service_account.cluster_service_account[0].project role = "roles/logging.logWriter" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-metric_writer" { count = var.create_service_account ? 1 : 0 project = google_project_iam_member.cluster_service_account-log_writer[0].project role = "roles/monitoring.metricWriter" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-monitoring_viewer" { count = var.create_service_account ? 1 : 0 project = google_project_iam_member.cluster_service_account-metric_writer[0].project role = "roles/monitoring.viewer" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-resourceMetadata-writer" { count = var.create_service_account ? 1 : 0 project = google_project_iam_member.cluster_service_account-monitoring_viewer[0].project role = "roles/stackdriver.resourceMetadata.writer" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-gcr" { diff --git a/modules/beta-autopilot-public-cluster/sa.tf b/modules/beta-autopilot-public-cluster/sa.tf index 5e703de5aa..16593f5caf 100644 --- a/modules/beta-autopilot-public-cluster/sa.tf +++ b/modules/beta-autopilot-public-cluster/sa.tf @@ -49,28 +49,28 @@ resource "google_project_iam_member" "cluster_service_account-log_writer" { count = var.create_service_account ? 1 : 0 project = google_service_account.cluster_service_account[0].project role = "roles/logging.logWriter" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-metric_writer" { count = var.create_service_account ? 1 : 0 project = google_project_iam_member.cluster_service_account-log_writer[0].project role = "roles/monitoring.metricWriter" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-monitoring_viewer" { count = var.create_service_account ? 1 : 0 project = google_project_iam_member.cluster_service_account-metric_writer[0].project role = "roles/monitoring.viewer" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-resourceMetadata-writer" { count = var.create_service_account ? 1 : 0 project = google_project_iam_member.cluster_service_account-monitoring_viewer[0].project role = "roles/stackdriver.resourceMetadata.writer" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-gcr" { diff --git a/modules/beta-private-cluster-update-variant/sa.tf b/modules/beta-private-cluster-update-variant/sa.tf index 5e703de5aa..16593f5caf 100644 --- a/modules/beta-private-cluster-update-variant/sa.tf +++ b/modules/beta-private-cluster-update-variant/sa.tf @@ -49,28 +49,28 @@ resource "google_project_iam_member" "cluster_service_account-log_writer" { count = var.create_service_account ? 1 : 0 project = google_service_account.cluster_service_account[0].project role = "roles/logging.logWriter" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-metric_writer" { count = var.create_service_account ? 1 : 0 project = google_project_iam_member.cluster_service_account-log_writer[0].project role = "roles/monitoring.metricWriter" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-monitoring_viewer" { count = var.create_service_account ? 1 : 0 project = google_project_iam_member.cluster_service_account-metric_writer[0].project role = "roles/monitoring.viewer" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-resourceMetadata-writer" { count = var.create_service_account ? 1 : 0 project = google_project_iam_member.cluster_service_account-monitoring_viewer[0].project role = "roles/stackdriver.resourceMetadata.writer" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-gcr" { diff --git a/modules/beta-private-cluster/sa.tf b/modules/beta-private-cluster/sa.tf index 5e703de5aa..16593f5caf 100644 --- a/modules/beta-private-cluster/sa.tf +++ b/modules/beta-private-cluster/sa.tf @@ -49,28 +49,28 @@ resource "google_project_iam_member" "cluster_service_account-log_writer" { count = var.create_service_account ? 1 : 0 project = google_service_account.cluster_service_account[0].project role = "roles/logging.logWriter" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-metric_writer" { count = var.create_service_account ? 1 : 0 project = google_project_iam_member.cluster_service_account-log_writer[0].project role = "roles/monitoring.metricWriter" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-monitoring_viewer" { count = var.create_service_account ? 1 : 0 project = google_project_iam_member.cluster_service_account-metric_writer[0].project role = "roles/monitoring.viewer" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-resourceMetadata-writer" { count = var.create_service_account ? 1 : 0 project = google_project_iam_member.cluster_service_account-monitoring_viewer[0].project role = "roles/stackdriver.resourceMetadata.writer" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-gcr" { diff --git a/modules/beta-public-cluster-update-variant/sa.tf b/modules/beta-public-cluster-update-variant/sa.tf index 5e703de5aa..16593f5caf 100644 --- a/modules/beta-public-cluster-update-variant/sa.tf +++ b/modules/beta-public-cluster-update-variant/sa.tf @@ -49,28 +49,28 @@ resource "google_project_iam_member" "cluster_service_account-log_writer" { count = var.create_service_account ? 1 : 0 project = google_service_account.cluster_service_account[0].project role = "roles/logging.logWriter" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-metric_writer" { count = var.create_service_account ? 1 : 0 project = google_project_iam_member.cluster_service_account-log_writer[0].project role = "roles/monitoring.metricWriter" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-monitoring_viewer" { count = var.create_service_account ? 1 : 0 project = google_project_iam_member.cluster_service_account-metric_writer[0].project role = "roles/monitoring.viewer" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-resourceMetadata-writer" { count = var.create_service_account ? 1 : 0 project = google_project_iam_member.cluster_service_account-monitoring_viewer[0].project role = "roles/stackdriver.resourceMetadata.writer" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-gcr" { diff --git a/modules/beta-public-cluster/sa.tf b/modules/beta-public-cluster/sa.tf index 5e703de5aa..16593f5caf 100644 --- a/modules/beta-public-cluster/sa.tf +++ b/modules/beta-public-cluster/sa.tf @@ -49,28 +49,28 @@ resource "google_project_iam_member" "cluster_service_account-log_writer" { count = var.create_service_account ? 1 : 0 project = google_service_account.cluster_service_account[0].project role = "roles/logging.logWriter" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-metric_writer" { count = var.create_service_account ? 1 : 0 project = google_project_iam_member.cluster_service_account-log_writer[0].project role = "roles/monitoring.metricWriter" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-monitoring_viewer" { count = var.create_service_account ? 1 : 0 project = google_project_iam_member.cluster_service_account-metric_writer[0].project role = "roles/monitoring.viewer" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-resourceMetadata-writer" { count = var.create_service_account ? 1 : 0 project = google_project_iam_member.cluster_service_account-monitoring_viewer[0].project role = "roles/stackdriver.resourceMetadata.writer" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-gcr" { diff --git a/modules/private-cluster-update-variant/sa.tf b/modules/private-cluster-update-variant/sa.tf index 5e703de5aa..16593f5caf 100644 --- a/modules/private-cluster-update-variant/sa.tf +++ b/modules/private-cluster-update-variant/sa.tf @@ -49,28 +49,28 @@ resource "google_project_iam_member" "cluster_service_account-log_writer" { count = var.create_service_account ? 1 : 0 project = google_service_account.cluster_service_account[0].project role = "roles/logging.logWriter" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-metric_writer" { count = var.create_service_account ? 1 : 0 project = google_project_iam_member.cluster_service_account-log_writer[0].project role = "roles/monitoring.metricWriter" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-monitoring_viewer" { count = var.create_service_account ? 1 : 0 project = google_project_iam_member.cluster_service_account-metric_writer[0].project role = "roles/monitoring.viewer" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-resourceMetadata-writer" { count = var.create_service_account ? 1 : 0 project = google_project_iam_member.cluster_service_account-monitoring_viewer[0].project role = "roles/stackdriver.resourceMetadata.writer" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-gcr" { diff --git a/modules/private-cluster/sa.tf b/modules/private-cluster/sa.tf index 5e703de5aa..16593f5caf 100644 --- a/modules/private-cluster/sa.tf +++ b/modules/private-cluster/sa.tf @@ -49,28 +49,28 @@ resource "google_project_iam_member" "cluster_service_account-log_writer" { count = var.create_service_account ? 1 : 0 project = google_service_account.cluster_service_account[0].project role = "roles/logging.logWriter" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-metric_writer" { count = var.create_service_account ? 1 : 0 project = google_project_iam_member.cluster_service_account-log_writer[0].project role = "roles/monitoring.metricWriter" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-monitoring_viewer" { count = var.create_service_account ? 1 : 0 project = google_project_iam_member.cluster_service_account-metric_writer[0].project role = "roles/monitoring.viewer" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-resourceMetadata-writer" { count = var.create_service_account ? 1 : 0 project = google_project_iam_member.cluster_service_account-monitoring_viewer[0].project role = "roles/stackdriver.resourceMetadata.writer" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-gcr" { diff --git a/sa.tf b/sa.tf index 5e703de5aa..16593f5caf 100644 --- a/sa.tf +++ b/sa.tf @@ -49,28 +49,28 @@ resource "google_project_iam_member" "cluster_service_account-log_writer" { count = var.create_service_account ? 1 : 0 project = google_service_account.cluster_service_account[0].project role = "roles/logging.logWriter" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-metric_writer" { count = var.create_service_account ? 1 : 0 project = google_project_iam_member.cluster_service_account-log_writer[0].project role = "roles/monitoring.metricWriter" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-monitoring_viewer" { count = var.create_service_account ? 1 : 0 project = google_project_iam_member.cluster_service_account-metric_writer[0].project role = "roles/monitoring.viewer" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-resourceMetadata-writer" { count = var.create_service_account ? 1 : 0 project = google_project_iam_member.cluster_service_account-monitoring_viewer[0].project role = "roles/stackdriver.resourceMetadata.writer" - member = "serviceAccount:${google_service_account.cluster_service_account[0].email}" + member = google_service_account.cluster_service_account[0].member } resource "google_project_iam_member" "cluster_service_account-gcr" { From 146b2e7b0a3385a5f0864a003abd8bee8bec2bc7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Gonz=C3=A1lez?= Date: Thu, 11 May 2023 06:30:53 +0200 Subject: [PATCH 02/39] feat: Add timeouts variable for safer cluster module (#1613) Co-authored-by: Bharath KKB --- autogen/safer-cluster/main.tf.tmpl | 2 ++ autogen/safer-cluster/variables.tf.tmpl | 10 ++++++++++ modules/safer-cluster-update-variant/README.md | 1 + modules/safer-cluster-update-variant/main.tf | 2 ++ modules/safer-cluster-update-variant/variables.tf | 10 ++++++++++ modules/safer-cluster/README.md | 1 + modules/safer-cluster/main.tf | 2 ++ modules/safer-cluster/variables.tf | 10 ++++++++++ 8 files changed, 38 insertions(+) diff --git a/autogen/safer-cluster/main.tf.tmpl b/autogen/safer-cluster/main.tf.tmpl index 2b6926483d..7459598fb6 100644 --- a/autogen/safer-cluster/main.tf.tmpl +++ b/autogen/safer-cluster/main.tf.tmpl @@ -193,4 +193,6 @@ module "gke" { filestore_csi_driver = var.filestore_csi_driver notification_config_topic = var.notification_config_topic + + timeouts = var.timeouts } diff --git a/autogen/safer-cluster/variables.tf.tmpl b/autogen/safer-cluster/variables.tf.tmpl index d7720b77c4..66afc7d3cd 100644 --- a/autogen/safer-cluster/variables.tf.tmpl +++ b/autogen/safer-cluster/variables.tf.tmpl @@ -474,3 +474,13 @@ variable "notification_config_topic" { description = "The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}." default = "" } + +variable "timeouts" { + type = map(string) + description = "Timeout for cluster operations." + default = {} + validation { + condition = !contains([for t in keys(var.timeouts) : contains(["create", "update", "delete"], t)], false) + error_message = "Only create, update, delete timeouts can be specified." + } +} diff --git a/modules/safer-cluster-update-variant/README.md b/modules/safer-cluster-update-variant/README.md index d3676146e7..21eff2cba8 100644 --- a/modules/safer-cluster-update-variant/README.md +++ b/modules/safer-cluster-update-variant/README.md @@ -267,6 +267,7 @@ For simplicity, we suggest using `roles/container.admin` and | sandbox\_enabled | (Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` to use it). | `bool` | `false` | no | | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no | | subnetwork | The subnetwork to host the cluster in | `string` | n/a | yes | +| timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no | | upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | `list(string)` | `[]` | no | | windows\_node\_pools | List of maps containing node pools | `list(map(string))` | `[]` | no | | zones | The zones to host the cluster in | `list(string)` | `[]` | no | diff --git a/modules/safer-cluster-update-variant/main.tf b/modules/safer-cluster-update-variant/main.tf index 9489698570..9bd0429ca2 100644 --- a/modules/safer-cluster-update-variant/main.tf +++ b/modules/safer-cluster-update-variant/main.tf @@ -189,4 +189,6 @@ module "gke" { filestore_csi_driver = var.filestore_csi_driver notification_config_topic = var.notification_config_topic + + timeouts = var.timeouts } diff --git a/modules/safer-cluster-update-variant/variables.tf b/modules/safer-cluster-update-variant/variables.tf index bf39b95350..7a2f1a69d9 100644 --- a/modules/safer-cluster-update-variant/variables.tf +++ b/modules/safer-cluster-update-variant/variables.tf @@ -474,3 +474,13 @@ variable "notification_config_topic" { description = "The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}." default = "" } + +variable "timeouts" { + type = map(string) + description = "Timeout for cluster operations." + default = {} + validation { + condition = !contains([for t in keys(var.timeouts) : contains(["create", "update", "delete"], t)], false) + error_message = "Only create, update, delete timeouts can be specified." + } +} diff --git a/modules/safer-cluster/README.md b/modules/safer-cluster/README.md index d3676146e7..21eff2cba8 100644 --- a/modules/safer-cluster/README.md +++ b/modules/safer-cluster/README.md @@ -267,6 +267,7 @@ For simplicity, we suggest using `roles/container.admin` and | sandbox\_enabled | (Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` to use it). | `bool` | `false` | no | | stub\_domains | Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server | `map(list(string))` | `{}` | no | | subnetwork | The subnetwork to host the cluster in | `string` | n/a | yes | +| timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no | | upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | `list(string)` | `[]` | no | | windows\_node\_pools | List of maps containing node pools | `list(map(string))` | `[]` | no | | zones | The zones to host the cluster in | `list(string)` | `[]` | no | diff --git a/modules/safer-cluster/main.tf b/modules/safer-cluster/main.tf index 1f831cd1cb..b87a2f1d8c 100644 --- a/modules/safer-cluster/main.tf +++ b/modules/safer-cluster/main.tf @@ -189,4 +189,6 @@ module "gke" { filestore_csi_driver = var.filestore_csi_driver notification_config_topic = var.notification_config_topic + + timeouts = var.timeouts } diff --git a/modules/safer-cluster/variables.tf b/modules/safer-cluster/variables.tf index bf39b95350..7a2f1a69d9 100644 --- a/modules/safer-cluster/variables.tf +++ b/modules/safer-cluster/variables.tf @@ -474,3 +474,13 @@ variable "notification_config_topic" { description = "The desired Pub/Sub topic to which notifications will be sent by GKE. Format is projects/{project}/topics/{topic}." default = "" } + +variable "timeouts" { + type = map(string) + description = "Timeout for cluster operations." + default = {} + validation { + condition = !contains([for t in keys(var.timeouts) : contains(["create", "update", "delete"], t)], false) + error_message = "Only create, update, delete timeouts can be specified." + } +} From a50224d274f3e80c6590c7e25c02dd6549b77a7c Mon Sep 17 00:00:00 2001 From: CFT Bot Date: Mon, 15 May 2023 20:34:47 -0700 Subject: [PATCH 03/39] chore: update .github/workflows/stale.yml --- .github/workflows/stale.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index f28f5b6ab4..3db17c00bc 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2022-2023 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,6 +12,9 @@ # See the License for the specific language governing permissions and # limitations under the License. +# NOTE: This file is automatically generated from: +# https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/master/infra/terraform/test-org/github + name: "Close stale issues" on: schedule: @@ -26,4 +29,4 @@ jobs: repo-token: ${{ secrets.GITHUB_TOKEN }} stale-issue-message: 'This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days' stale-pr-message: 'This PR is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days' - exempt-issue-labels: triaged + exempt-issue-labels: triaged,dependencies From eeedf002aa1f5e2c0d130653f5d4742b25d9ae45 Mon Sep 17 00:00:00 2001 From: CFT Bot Date: Tue, 16 May 2023 08:16:19 -0700 Subject: [PATCH 04/39] chore: update .github/trusted-contribution.yml --- .github/trusted-contribution.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/trusted-contribution.yml b/.github/trusted-contribution.yml index f44b8a8475..a3b4ff268b 100644 --- a/.github/trusted-contribution.yml +++ b/.github/trusted-contribution.yml @@ -12,6 +12,9 @@ # See the License for the specific language governing permissions and # limitations under the License. +# NOTE: This file is automatically generated from: +# https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/master/infra/terraform/test-org/github + annotations: - type: comment text: "/gcbrun" From 52ec9994376e44077e4842a2251a76b2e3f2fd9b Mon Sep 17 00:00:00 2001 From: CFT Bot Date: Tue, 16 May 2023 09:03:54 -0700 Subject: [PATCH 05/39] chore: update .github/conventional-commit-lint.yaml --- .github/conventional-commit-lint.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/conventional-commit-lint.yaml b/.github/conventional-commit-lint.yaml index 2aabd6eb42..ee8e163717 100644 --- a/.github/conventional-commit-lint.yaml +++ b/.github/conventional-commit-lint.yaml @@ -1,4 +1,4 @@ -# Copyright 2022 Google LLC +# Copyright 2022-2023 Google LLC # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -12,5 +12,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +# NOTE: This file is automatically generated from: +# https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/master/infra/terraform/test-org/github + enabled: true always_check_pr_title: true From b35467a0078f9f5ac026dbb3712a07c763585d22 Mon Sep 17 00:00:00 2001 From: CFT Bot Date: Tue, 16 May 2023 09:44:44 -0700 Subject: [PATCH 06/39] chore: update CODEOWNERS --- CODEOWNERS | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CODEOWNERS b/CODEOWNERS index 17739239b6..2d41894ccf 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1 +1,4 @@ +# NOTE: This file is automatically generated from values at: +# https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit/blob/master/infra/terraform/test-org/org/locals.tf + * @terraform-google-modules/cft-admins @Jberlinsky @ericyz From ea3e374bbf99c86189b5ca428d6c2a2f07bd1e16 Mon Sep 17 00:00:00 2001 From: Andrew Peabody Date: Tue, 16 May 2023 12:44:18 -0700 Subject: [PATCH 07/39] fix: avoid TPG 4.65.0 and 4.65.1 (#1637) --- autogen/main/versions.tf.tmpl | 6 +++--- modules/beta-autopilot-private-cluster/versions.tf | 4 ++-- modules/beta-autopilot-public-cluster/versions.tf | 4 ++-- modules/beta-private-cluster-update-variant/versions.tf | 4 ++-- modules/beta-private-cluster/versions.tf | 4 ++-- modules/beta-public-cluster-update-variant/versions.tf | 4 ++-- modules/beta-public-cluster/versions.tf | 4 ++-- modules/private-cluster-update-variant/versions.tf | 2 +- modules/private-cluster/versions.tf | 2 +- versions.tf | 2 +- 10 files changed, 18 insertions(+), 18 deletions(-) diff --git a/autogen/main/versions.tf.tmpl b/autogen/main/versions.tf.tmpl index 938fabe866..b8def0506f 100644 --- a/autogen/main/versions.tf.tmpl +++ b/autogen/main/versions.tf.tmpl @@ -24,11 +24,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.51.0, < 5.0" + version = ">= 4.51.0, < 4.65.0, !=4.65.0, !=4.65.1" } google-beta = { source = "hashicorp/google-beta" - version = ">= 4.51.0, < 5.0" + version = ">= 4.51.0, < 4.65.0, !=4.65.0, !=4.65.1" } kubernetes = { source = "hashicorp/kubernetes" @@ -46,7 +46,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.51.0, < 5.0" + version = ">= 4.51.0, < 4.65.0, !=4.65.0, !=4.65.1" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-autopilot-private-cluster/versions.tf b/modules/beta-autopilot-private-cluster/versions.tf index 3a21439ac4..b995d47c09 100644 --- a/modules/beta-autopilot-private-cluster/versions.tf +++ b/modules/beta-autopilot-private-cluster/versions.tf @@ -21,11 +21,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.51.0, < 5.0" + version = ">= 4.51.0, < 4.65.0, !=4.65.0, !=4.65.1" } google-beta = { source = "hashicorp/google-beta" - version = ">= 4.51.0, < 5.0" + version = ">= 4.51.0, < 4.65.0, !=4.65.0, !=4.65.1" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-autopilot-public-cluster/versions.tf b/modules/beta-autopilot-public-cluster/versions.tf index 694efd76ba..88acd578aa 100644 --- a/modules/beta-autopilot-public-cluster/versions.tf +++ b/modules/beta-autopilot-public-cluster/versions.tf @@ -21,11 +21,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.51.0, < 5.0" + version = ">= 4.51.0, < 4.65.0, !=4.65.0, !=4.65.1" } google-beta = { source = "hashicorp/google-beta" - version = ">= 4.51.0, < 5.0" + version = ">= 4.51.0, < 4.65.0, !=4.65.0, !=4.65.1" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-private-cluster-update-variant/versions.tf b/modules/beta-private-cluster-update-variant/versions.tf index f71bb5af7d..b75718e92f 100644 --- a/modules/beta-private-cluster-update-variant/versions.tf +++ b/modules/beta-private-cluster-update-variant/versions.tf @@ -21,11 +21,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.51.0, < 5.0" + version = ">= 4.51.0, < 4.65.0, !=4.65.0, !=4.65.1" } google-beta = { source = "hashicorp/google-beta" - version = ">= 4.51.0, < 5.0" + version = ">= 4.51.0, < 4.65.0, !=4.65.0, !=4.65.1" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-private-cluster/versions.tf b/modules/beta-private-cluster/versions.tf index 957db8711c..e57d3ce149 100644 --- a/modules/beta-private-cluster/versions.tf +++ b/modules/beta-private-cluster/versions.tf @@ -21,11 +21,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.51.0, < 5.0" + version = ">= 4.51.0, < 4.65.0, !=4.65.0, !=4.65.1" } google-beta = { source = "hashicorp/google-beta" - version = ">= 4.51.0, < 5.0" + version = ">= 4.51.0, < 4.65.0, !=4.65.0, !=4.65.1" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-public-cluster-update-variant/versions.tf b/modules/beta-public-cluster-update-variant/versions.tf index a66ffd4e3e..2477ce172a 100644 --- a/modules/beta-public-cluster-update-variant/versions.tf +++ b/modules/beta-public-cluster-update-variant/versions.tf @@ -21,11 +21,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.51.0, < 5.0" + version = ">= 4.51.0, < 4.65.0, !=4.65.0, !=4.65.1" } google-beta = { source = "hashicorp/google-beta" - version = ">= 4.51.0, < 5.0" + version = ">= 4.51.0, < 4.65.0, !=4.65.0, !=4.65.1" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-public-cluster/versions.tf b/modules/beta-public-cluster/versions.tf index ce1283c72e..80c8895abe 100644 --- a/modules/beta-public-cluster/versions.tf +++ b/modules/beta-public-cluster/versions.tf @@ -21,11 +21,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.51.0, < 5.0" + version = ">= 4.51.0, < 4.65.0, !=4.65.0, !=4.65.1" } google-beta = { source = "hashicorp/google-beta" - version = ">= 4.51.0, < 5.0" + version = ">= 4.51.0, < 4.65.0, !=4.65.0, !=4.65.1" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/private-cluster-update-variant/versions.tf b/modules/private-cluster-update-variant/versions.tf index 0559a93a03..e0bf397357 100644 --- a/modules/private-cluster-update-variant/versions.tf +++ b/modules/private-cluster-update-variant/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.51.0, < 5.0" + version = ">= 4.51.0, < 4.65.0, !=4.65.0, !=4.65.1" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/private-cluster/versions.tf b/modules/private-cluster/versions.tf index 127ff0c393..c7936b27d8 100644 --- a/modules/private-cluster/versions.tf +++ b/modules/private-cluster/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.51.0, < 5.0" + version = ">= 4.51.0, < 4.65.0, !=4.65.0, !=4.65.1" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/versions.tf b/versions.tf index bc89138de7..10ff10fe64 100644 --- a/versions.tf +++ b/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.51.0, < 5.0" + version = ">= 4.51.0, < 4.65.0, !=4.65.0, !=4.65.1" } kubernetes = { source = "hashicorp/kubernetes" From 83a8be24ee1bf84371714f49f8c904d3d94492d6 Mon Sep 17 00:00:00 2001 From: Jonathan Meyers Date: Tue, 16 May 2023 23:10:54 +0100 Subject: [PATCH 08/39] fix: allow ACM module to work w/o metrics sa (#1634) --- modules/acm/creds.tf | 1 + modules/acm/outputs.tf | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/acm/creds.tf b/modules/acm/creds.tf index f11e749fe8..fb8b5fb379 100644 --- a/modules/acm/creds.tf +++ b/modules/acm/creds.tf @@ -107,6 +107,7 @@ resource "google_service_account" "acm_metrics_writer_sa" { } resource "google_project_iam_member" "acm_metrics_writer_sa_role" { + count = var.create_metrics_gcp_sa ? 1 : 0 project = var.project_id role = "roles/monitoring.metricWriter" member = "serviceAccount:${google_service_account.acm_metrics_writer_sa[0].email}" diff --git a/modules/acm/outputs.tf b/modules/acm/outputs.tf index 3e9594cee5..1a82e7603a 100644 --- a/modules/acm/outputs.tf +++ b/modules/acm/outputs.tf @@ -34,5 +34,5 @@ output "wait" { output "acm_metrics_writer_sa" { description = "The ACM metrics writer Service Account" - value = google_service_account.acm_metrics_writer_sa[0].email + value = var.create_metrics_gcp_sa ? google_service_account.acm_metrics_writer_sa[0].email : null } From b8614eb86c42f9a0d46aa3c4770d86ac0d1912c9 Mon Sep 17 00:00:00 2001 From: "release-please[bot]" <55107282+release-please[bot]@users.noreply.github.com> Date: Mon, 22 May 2023 08:25:26 -0700 Subject: [PATCH 09/39] chore(master): release 26.1.0 (#1633) Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> --- CHANGELOG.md | 13 +++++++++++++ autogen/main/versions.tf.tmpl | 4 ++-- autogen/safer-cluster/versions.tf.tmpl | 2 +- modules/acm/versions.tf | 4 ++-- modules/asm/versions.tf | 4 ++-- modules/auth/versions.tf | 2 +- modules/beta-autopilot-private-cluster/versions.tf | 2 +- modules/beta-autopilot-public-cluster/versions.tf | 2 +- .../beta-private-cluster-update-variant/versions.tf | 2 +- modules/beta-private-cluster/versions.tf | 2 +- .../beta-public-cluster-update-variant/versions.tf | 2 +- modules/beta-public-cluster/versions.tf | 2 +- modules/binary-authorization/versions.tf | 2 +- modules/fleet-membership/versions.tf | 2 +- modules/hub-legacy/versions.tf | 2 +- modules/private-cluster-update-variant/versions.tf | 2 +- modules/private-cluster/versions.tf | 2 +- modules/safer-cluster-update-variant/versions.tf | 2 +- modules/safer-cluster/versions.tf | 2 +- modules/services/versions.tf | 2 +- modules/workload-identity/versions.tf | 2 +- versions.tf | 2 +- 22 files changed, 37 insertions(+), 24 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3806045445..ce58fcdaea 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,19 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 Extending the adopted spec, each change should have a link to its corresponding pull request appended. +## [26.1.0](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v26.0.0...v26.1.0) (2023-05-16) + + +### Features + +* Add timeouts variable for safer cluster module ([#1613](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/1613)) ([146b2e7](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/commit/146b2e7b0a3385a5f0864a003abd8bee8bec2bc7)) + + +### Bug Fixes + +* allow ACM module to work w/o metrics sa ([#1634](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/1634)) ([83a8be2](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/commit/83a8be24ee1bf84371714f49f8c904d3d94492d6)) +* avoid TPG 4.65.0 and 4.65.1 ([#1637](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/1637)) ([ea3e374](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/commit/ea3e374bbf99c86189b5ca428d6c2a2f07bd1e16)) + ## [26.0.0](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v25.0.0...v26.0.0) (2023-05-10) diff --git a/autogen/main/versions.tf.tmpl b/autogen/main/versions.tf.tmpl index b8def0506f..d635993fdb 100644 --- a/autogen/main/versions.tf.tmpl +++ b/autogen/main/versions.tf.tmpl @@ -40,7 +40,7 @@ terraform { } } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v26.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v26.1.0" } {% else %} required_providers { @@ -58,7 +58,7 @@ terraform { } } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v26.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v26.1.0" } {% endif %} } diff --git a/autogen/safer-cluster/versions.tf.tmpl b/autogen/safer-cluster/versions.tf.tmpl index 7a04e3df05..c163d4b8da 100644 --- a/autogen/safer-cluster/versions.tf.tmpl +++ b/autogen/safer-cluster/versions.tf.tmpl @@ -23,6 +23,6 @@ terraform { required_version = ">=0.13" provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v26.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v26.1.0" } } diff --git a/modules/acm/versions.tf b/modules/acm/versions.tf index 531373c538..f432d09c77 100644 --- a/modules/acm/versions.tf +++ b/modules/acm/versions.tf @@ -19,11 +19,11 @@ terraform { required_version = ">= 0.13.0" provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:acm/v26.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:acm/v26.1.0" } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:acm/v26.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:acm/v26.1.0" } required_providers { diff --git a/modules/asm/versions.tf b/modules/asm/versions.tf index be28990b51..8684252bfa 100644 --- a/modules/asm/versions.tf +++ b/modules/asm/versions.tf @@ -36,10 +36,10 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:asm/v26.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:asm/v26.1.0" } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:asm/v26.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:asm/v26.1.0" } } diff --git a/modules/auth/versions.tf b/modules/auth/versions.tf index 4bc76446bb..037314d6ff 100644 --- a/modules/auth/versions.tf +++ b/modules/auth/versions.tf @@ -26,6 +26,6 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:auth/v26.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:auth/v26.1.0" } } diff --git a/modules/beta-autopilot-private-cluster/versions.tf b/modules/beta-autopilot-private-cluster/versions.tf index b995d47c09..a386eea06d 100644 --- a/modules/beta-autopilot-private-cluster/versions.tf +++ b/modules/beta-autopilot-private-cluster/versions.tf @@ -37,6 +37,6 @@ terraform { } } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-autopilot-private-cluster/v26.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-autopilot-private-cluster/v26.1.0" } } diff --git a/modules/beta-autopilot-public-cluster/versions.tf b/modules/beta-autopilot-public-cluster/versions.tf index 88acd578aa..76686eb64c 100644 --- a/modules/beta-autopilot-public-cluster/versions.tf +++ b/modules/beta-autopilot-public-cluster/versions.tf @@ -37,6 +37,6 @@ terraform { } } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-autopilot-public-cluster/v26.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-autopilot-public-cluster/v26.1.0" } } diff --git a/modules/beta-private-cluster-update-variant/versions.tf b/modules/beta-private-cluster-update-variant/versions.tf index b75718e92f..3343f5cc6e 100644 --- a/modules/beta-private-cluster-update-variant/versions.tf +++ b/modules/beta-private-cluster-update-variant/versions.tf @@ -37,6 +37,6 @@ terraform { } } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-private-cluster-update-variant/v26.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-private-cluster-update-variant/v26.1.0" } } diff --git a/modules/beta-private-cluster/versions.tf b/modules/beta-private-cluster/versions.tf index e57d3ce149..27aa003d10 100644 --- a/modules/beta-private-cluster/versions.tf +++ b/modules/beta-private-cluster/versions.tf @@ -37,6 +37,6 @@ terraform { } } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-private-cluster/v26.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-private-cluster/v26.1.0" } } diff --git a/modules/beta-public-cluster-update-variant/versions.tf b/modules/beta-public-cluster-update-variant/versions.tf index 2477ce172a..92ddf6d8b6 100644 --- a/modules/beta-public-cluster-update-variant/versions.tf +++ b/modules/beta-public-cluster-update-variant/versions.tf @@ -37,6 +37,6 @@ terraform { } } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-public-cluster-update-variant/v26.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-public-cluster-update-variant/v26.1.0" } } diff --git a/modules/beta-public-cluster/versions.tf b/modules/beta-public-cluster/versions.tf index 80c8895abe..0d1a2b7135 100644 --- a/modules/beta-public-cluster/versions.tf +++ b/modules/beta-public-cluster/versions.tf @@ -37,6 +37,6 @@ terraform { } } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-public-cluster/v26.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-public-cluster/v26.1.0" } } diff --git a/modules/binary-authorization/versions.tf b/modules/binary-authorization/versions.tf index 2fa5aceeb4..22e150187e 100644 --- a/modules/binary-authorization/versions.tf +++ b/modules/binary-authorization/versions.tf @@ -28,6 +28,6 @@ terraform { } } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:binary-authorization/v26.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:binary-authorization/v26.1.0" } } diff --git a/modules/fleet-membership/versions.tf b/modules/fleet-membership/versions.tf index 0b170e9944..dc2a81b53b 100644 --- a/modules/fleet-membership/versions.tf +++ b/modules/fleet-membership/versions.tf @@ -32,6 +32,6 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:hub/v26.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:hub/v26.1.0" } } diff --git a/modules/hub-legacy/versions.tf b/modules/hub-legacy/versions.tf index 436891909d..3e527454ea 100644 --- a/modules/hub-legacy/versions.tf +++ b/modules/hub-legacy/versions.tf @@ -28,6 +28,6 @@ terraform { } } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:hub/v26.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:hub/v26.1.0" } } diff --git a/modules/private-cluster-update-variant/versions.tf b/modules/private-cluster-update-variant/versions.tf index e0bf397357..52607bafc0 100644 --- a/modules/private-cluster-update-variant/versions.tf +++ b/modules/private-cluster-update-variant/versions.tf @@ -33,6 +33,6 @@ terraform { } } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:private-cluster-update-variant/v26.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:private-cluster-update-variant/v26.1.0" } } diff --git a/modules/private-cluster/versions.tf b/modules/private-cluster/versions.tf index c7936b27d8..eb389905c8 100644 --- a/modules/private-cluster/versions.tf +++ b/modules/private-cluster/versions.tf @@ -33,6 +33,6 @@ terraform { } } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:private-cluster/v26.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:private-cluster/v26.1.0" } } diff --git a/modules/safer-cluster-update-variant/versions.tf b/modules/safer-cluster-update-variant/versions.tf index 4a47fc0169..2e6807bc39 100644 --- a/modules/safer-cluster-update-variant/versions.tf +++ b/modules/safer-cluster-update-variant/versions.tf @@ -21,6 +21,6 @@ terraform { required_version = ">=0.13" provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:safer-cluster-update-variant/v26.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:safer-cluster-update-variant/v26.1.0" } } diff --git a/modules/safer-cluster/versions.tf b/modules/safer-cluster/versions.tf index 601401d0b2..b5a9789886 100644 --- a/modules/safer-cluster/versions.tf +++ b/modules/safer-cluster/versions.tf @@ -21,6 +21,6 @@ terraform { required_version = ">=0.13" provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:safer-cluster/v26.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:safer-cluster/v26.1.0" } } diff --git a/modules/services/versions.tf b/modules/services/versions.tf index c7d12bb4bf..b88bac5425 100644 --- a/modules/services/versions.tf +++ b/modules/services/versions.tf @@ -19,6 +19,6 @@ terraform { required_version = ">= 0.13.0" provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:services/v26.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:services/v26.1.0" } } diff --git a/modules/workload-identity/versions.tf b/modules/workload-identity/versions.tf index 9e913f7bcb..57c23bcfd3 100644 --- a/modules/workload-identity/versions.tf +++ b/modules/workload-identity/versions.tf @@ -30,6 +30,6 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:workload-identity/v26.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:workload-identity/v26.1.0" } } diff --git a/versions.tf b/versions.tf index 10ff10fe64..098af073b6 100644 --- a/versions.tf +++ b/versions.tf @@ -33,6 +33,6 @@ terraform { } } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine/v26.0.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine/v26.1.0" } } From 14eac9f91a90245d3e00d05a8653f334eb8966ec Mon Sep 17 00:00:00 2001 From: Andrew Peabody Date: Mon, 22 May 2023 10:00:43 -0700 Subject: [PATCH 10/39] fix: correct TPG version constraint (#1637) (#1640) --- autogen/main/versions.tf.tmpl | 6 +++--- modules/beta-autopilot-private-cluster/versions.tf | 4 ++-- modules/beta-autopilot-public-cluster/versions.tf | 4 ++-- modules/beta-private-cluster-update-variant/versions.tf | 4 ++-- modules/beta-private-cluster/versions.tf | 4 ++-- modules/beta-public-cluster-update-variant/versions.tf | 4 ++-- modules/beta-public-cluster/versions.tf | 4 ++-- modules/private-cluster-update-variant/versions.tf | 2 +- modules/private-cluster/versions.tf | 2 +- versions.tf | 2 +- 10 files changed, 18 insertions(+), 18 deletions(-) diff --git a/autogen/main/versions.tf.tmpl b/autogen/main/versions.tf.tmpl index d635993fdb..bd0e440281 100644 --- a/autogen/main/versions.tf.tmpl +++ b/autogen/main/versions.tf.tmpl @@ -24,11 +24,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.51.0, < 4.65.0, !=4.65.0, !=4.65.1" + version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1" } google-beta = { source = "hashicorp/google-beta" - version = ">= 4.51.0, < 4.65.0, !=4.65.0, !=4.65.1" + version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1" } kubernetes = { source = "hashicorp/kubernetes" @@ -46,7 +46,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.51.0, < 4.65.0, !=4.65.0, !=4.65.1" + version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-autopilot-private-cluster/versions.tf b/modules/beta-autopilot-private-cluster/versions.tf index a386eea06d..03d2943176 100644 --- a/modules/beta-autopilot-private-cluster/versions.tf +++ b/modules/beta-autopilot-private-cluster/versions.tf @@ -21,11 +21,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.51.0, < 4.65.0, !=4.65.0, !=4.65.1" + version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1" } google-beta = { source = "hashicorp/google-beta" - version = ">= 4.51.0, < 4.65.0, !=4.65.0, !=4.65.1" + version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-autopilot-public-cluster/versions.tf b/modules/beta-autopilot-public-cluster/versions.tf index 76686eb64c..1a30dfbccc 100644 --- a/modules/beta-autopilot-public-cluster/versions.tf +++ b/modules/beta-autopilot-public-cluster/versions.tf @@ -21,11 +21,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.51.0, < 4.65.0, !=4.65.0, !=4.65.1" + version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1" } google-beta = { source = "hashicorp/google-beta" - version = ">= 4.51.0, < 4.65.0, !=4.65.0, !=4.65.1" + version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-private-cluster-update-variant/versions.tf b/modules/beta-private-cluster-update-variant/versions.tf index 3343f5cc6e..f112ebd6d9 100644 --- a/modules/beta-private-cluster-update-variant/versions.tf +++ b/modules/beta-private-cluster-update-variant/versions.tf @@ -21,11 +21,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.51.0, < 4.65.0, !=4.65.0, !=4.65.1" + version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1" } google-beta = { source = "hashicorp/google-beta" - version = ">= 4.51.0, < 4.65.0, !=4.65.0, !=4.65.1" + version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-private-cluster/versions.tf b/modules/beta-private-cluster/versions.tf index 27aa003d10..2fa77db16d 100644 --- a/modules/beta-private-cluster/versions.tf +++ b/modules/beta-private-cluster/versions.tf @@ -21,11 +21,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.51.0, < 4.65.0, !=4.65.0, !=4.65.1" + version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1" } google-beta = { source = "hashicorp/google-beta" - version = ">= 4.51.0, < 4.65.0, !=4.65.0, !=4.65.1" + version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-public-cluster-update-variant/versions.tf b/modules/beta-public-cluster-update-variant/versions.tf index 92ddf6d8b6..a62c65851b 100644 --- a/modules/beta-public-cluster-update-variant/versions.tf +++ b/modules/beta-public-cluster-update-variant/versions.tf @@ -21,11 +21,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.51.0, < 4.65.0, !=4.65.0, !=4.65.1" + version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1" } google-beta = { source = "hashicorp/google-beta" - version = ">= 4.51.0, < 4.65.0, !=4.65.0, !=4.65.1" + version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-public-cluster/versions.tf b/modules/beta-public-cluster/versions.tf index 0d1a2b7135..64e81e43e6 100644 --- a/modules/beta-public-cluster/versions.tf +++ b/modules/beta-public-cluster/versions.tf @@ -21,11 +21,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.51.0, < 4.65.0, !=4.65.0, !=4.65.1" + version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1" } google-beta = { source = "hashicorp/google-beta" - version = ">= 4.51.0, < 4.65.0, !=4.65.0, !=4.65.1" + version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/private-cluster-update-variant/versions.tf b/modules/private-cluster-update-variant/versions.tf index 52607bafc0..c3d834c08a 100644 --- a/modules/private-cluster-update-variant/versions.tf +++ b/modules/private-cluster-update-variant/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.51.0, < 4.65.0, !=4.65.0, !=4.65.1" + version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/private-cluster/versions.tf b/modules/private-cluster/versions.tf index eb389905c8..f86cf11187 100644 --- a/modules/private-cluster/versions.tf +++ b/modules/private-cluster/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.51.0, < 4.65.0, !=4.65.0, !=4.65.1" + version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/versions.tf b/versions.tf index 098af073b6..ae2eea3569 100644 --- a/versions.tf +++ b/versions.tf @@ -21,7 +21,7 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.51.0, < 4.65.0, !=4.65.0, !=4.65.1" + version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1" } kubernetes = { source = "hashicorp/kubernetes" From 139f98e5572b0e3501668ea1cec51cdd9438b5c4 Mon Sep 17 00:00:00 2001 From: "release-please[bot]" <55107282+release-please[bot]@users.noreply.github.com> Date: Mon, 22 May 2023 12:01:19 -0700 Subject: [PATCH 11/39] chore(master): release 26.1.1 (#1642) Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> --- CHANGELOG.md | 7 +++++++ autogen/main/versions.tf.tmpl | 4 ++-- autogen/safer-cluster/versions.tf.tmpl | 2 +- modules/acm/versions.tf | 4 ++-- modules/asm/versions.tf | 4 ++-- modules/auth/versions.tf | 2 +- modules/beta-autopilot-private-cluster/versions.tf | 2 +- modules/beta-autopilot-public-cluster/versions.tf | 2 +- modules/beta-private-cluster-update-variant/versions.tf | 2 +- modules/beta-private-cluster/versions.tf | 2 +- modules/beta-public-cluster-update-variant/versions.tf | 2 +- modules/beta-public-cluster/versions.tf | 2 +- modules/binary-authorization/versions.tf | 2 +- modules/fleet-membership/versions.tf | 2 +- modules/hub-legacy/versions.tf | 2 +- modules/private-cluster-update-variant/versions.tf | 2 +- modules/private-cluster/versions.tf | 2 +- modules/safer-cluster-update-variant/versions.tf | 2 +- modules/safer-cluster/versions.tf | 2 +- modules/services/versions.tf | 2 +- modules/workload-identity/versions.tf | 2 +- versions.tf | 2 +- 22 files changed, 31 insertions(+), 24 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ce58fcdaea..8441dd0ce8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 Extending the adopted spec, each change should have a link to its corresponding pull request appended. +## [26.1.1](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v26.1.0...v26.1.1) (2023-05-22) + + +### Bug Fixes + +* correct TPG version constraint ([#1637](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/1637)) ([#1640](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/1640)) ([14eac9f](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/commit/14eac9f91a90245d3e00d05a8653f334eb8966ec)) + ## [26.1.0](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v26.0.0...v26.1.0) (2023-05-16) diff --git a/autogen/main/versions.tf.tmpl b/autogen/main/versions.tf.tmpl index bd0e440281..dff9be6575 100644 --- a/autogen/main/versions.tf.tmpl +++ b/autogen/main/versions.tf.tmpl @@ -40,7 +40,7 @@ terraform { } } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v26.1.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v26.1.1" } {% else %} required_providers { @@ -58,7 +58,7 @@ terraform { } } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v26.1.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v26.1.1" } {% endif %} } diff --git a/autogen/safer-cluster/versions.tf.tmpl b/autogen/safer-cluster/versions.tf.tmpl index c163d4b8da..43256bcc81 100644 --- a/autogen/safer-cluster/versions.tf.tmpl +++ b/autogen/safer-cluster/versions.tf.tmpl @@ -23,6 +23,6 @@ terraform { required_version = ">=0.13" provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v26.1.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v26.1.1" } } diff --git a/modules/acm/versions.tf b/modules/acm/versions.tf index f432d09c77..798bcde0d2 100644 --- a/modules/acm/versions.tf +++ b/modules/acm/versions.tf @@ -19,11 +19,11 @@ terraform { required_version = ">= 0.13.0" provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:acm/v26.1.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:acm/v26.1.1" } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:acm/v26.1.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:acm/v26.1.1" } required_providers { diff --git a/modules/asm/versions.tf b/modules/asm/versions.tf index 8684252bfa..f4647e3002 100644 --- a/modules/asm/versions.tf +++ b/modules/asm/versions.tf @@ -36,10 +36,10 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:asm/v26.1.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:asm/v26.1.1" } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:asm/v26.1.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:asm/v26.1.1" } } diff --git a/modules/auth/versions.tf b/modules/auth/versions.tf index 037314d6ff..2bb1f69432 100644 --- a/modules/auth/versions.tf +++ b/modules/auth/versions.tf @@ -26,6 +26,6 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:auth/v26.1.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:auth/v26.1.1" } } diff --git a/modules/beta-autopilot-private-cluster/versions.tf b/modules/beta-autopilot-private-cluster/versions.tf index 03d2943176..48c66f49c7 100644 --- a/modules/beta-autopilot-private-cluster/versions.tf +++ b/modules/beta-autopilot-private-cluster/versions.tf @@ -37,6 +37,6 @@ terraform { } } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-autopilot-private-cluster/v26.1.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-autopilot-private-cluster/v26.1.1" } } diff --git a/modules/beta-autopilot-public-cluster/versions.tf b/modules/beta-autopilot-public-cluster/versions.tf index 1a30dfbccc..222893ba2b 100644 --- a/modules/beta-autopilot-public-cluster/versions.tf +++ b/modules/beta-autopilot-public-cluster/versions.tf @@ -37,6 +37,6 @@ terraform { } } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-autopilot-public-cluster/v26.1.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-autopilot-public-cluster/v26.1.1" } } diff --git a/modules/beta-private-cluster-update-variant/versions.tf b/modules/beta-private-cluster-update-variant/versions.tf index f112ebd6d9..d3830965ed 100644 --- a/modules/beta-private-cluster-update-variant/versions.tf +++ b/modules/beta-private-cluster-update-variant/versions.tf @@ -37,6 +37,6 @@ terraform { } } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-private-cluster-update-variant/v26.1.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-private-cluster-update-variant/v26.1.1" } } diff --git a/modules/beta-private-cluster/versions.tf b/modules/beta-private-cluster/versions.tf index 2fa77db16d..3e2272062c 100644 --- a/modules/beta-private-cluster/versions.tf +++ b/modules/beta-private-cluster/versions.tf @@ -37,6 +37,6 @@ terraform { } } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-private-cluster/v26.1.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-private-cluster/v26.1.1" } } diff --git a/modules/beta-public-cluster-update-variant/versions.tf b/modules/beta-public-cluster-update-variant/versions.tf index a62c65851b..e1fec308d0 100644 --- a/modules/beta-public-cluster-update-variant/versions.tf +++ b/modules/beta-public-cluster-update-variant/versions.tf @@ -37,6 +37,6 @@ terraform { } } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-public-cluster-update-variant/v26.1.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-public-cluster-update-variant/v26.1.1" } } diff --git a/modules/beta-public-cluster/versions.tf b/modules/beta-public-cluster/versions.tf index 64e81e43e6..09e30992d8 100644 --- a/modules/beta-public-cluster/versions.tf +++ b/modules/beta-public-cluster/versions.tf @@ -37,6 +37,6 @@ terraform { } } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-public-cluster/v26.1.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-public-cluster/v26.1.1" } } diff --git a/modules/binary-authorization/versions.tf b/modules/binary-authorization/versions.tf index 22e150187e..a87228e125 100644 --- a/modules/binary-authorization/versions.tf +++ b/modules/binary-authorization/versions.tf @@ -28,6 +28,6 @@ terraform { } } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:binary-authorization/v26.1.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:binary-authorization/v26.1.1" } } diff --git a/modules/fleet-membership/versions.tf b/modules/fleet-membership/versions.tf index dc2a81b53b..2295a97723 100644 --- a/modules/fleet-membership/versions.tf +++ b/modules/fleet-membership/versions.tf @@ -32,6 +32,6 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:hub/v26.1.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:hub/v26.1.1" } } diff --git a/modules/hub-legacy/versions.tf b/modules/hub-legacy/versions.tf index 3e527454ea..17d897a5fd 100644 --- a/modules/hub-legacy/versions.tf +++ b/modules/hub-legacy/versions.tf @@ -28,6 +28,6 @@ terraform { } } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:hub/v26.1.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:hub/v26.1.1" } } diff --git a/modules/private-cluster-update-variant/versions.tf b/modules/private-cluster-update-variant/versions.tf index c3d834c08a..995ea24cb5 100644 --- a/modules/private-cluster-update-variant/versions.tf +++ b/modules/private-cluster-update-variant/versions.tf @@ -33,6 +33,6 @@ terraform { } } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:private-cluster-update-variant/v26.1.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:private-cluster-update-variant/v26.1.1" } } diff --git a/modules/private-cluster/versions.tf b/modules/private-cluster/versions.tf index f86cf11187..c7ec2ed77d 100644 --- a/modules/private-cluster/versions.tf +++ b/modules/private-cluster/versions.tf @@ -33,6 +33,6 @@ terraform { } } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:private-cluster/v26.1.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:private-cluster/v26.1.1" } } diff --git a/modules/safer-cluster-update-variant/versions.tf b/modules/safer-cluster-update-variant/versions.tf index 2e6807bc39..2a39439029 100644 --- a/modules/safer-cluster-update-variant/versions.tf +++ b/modules/safer-cluster-update-variant/versions.tf @@ -21,6 +21,6 @@ terraform { required_version = ">=0.13" provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:safer-cluster-update-variant/v26.1.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:safer-cluster-update-variant/v26.1.1" } } diff --git a/modules/safer-cluster/versions.tf b/modules/safer-cluster/versions.tf index b5a9789886..7f52d19480 100644 --- a/modules/safer-cluster/versions.tf +++ b/modules/safer-cluster/versions.tf @@ -21,6 +21,6 @@ terraform { required_version = ">=0.13" provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:safer-cluster/v26.1.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:safer-cluster/v26.1.1" } } diff --git a/modules/services/versions.tf b/modules/services/versions.tf index b88bac5425..7b51a08ba2 100644 --- a/modules/services/versions.tf +++ b/modules/services/versions.tf @@ -19,6 +19,6 @@ terraform { required_version = ">= 0.13.0" provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:services/v26.1.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:services/v26.1.1" } } diff --git a/modules/workload-identity/versions.tf b/modules/workload-identity/versions.tf index 57c23bcfd3..75c3ab09a8 100644 --- a/modules/workload-identity/versions.tf +++ b/modules/workload-identity/versions.tf @@ -30,6 +30,6 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:workload-identity/v26.1.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:workload-identity/v26.1.1" } } diff --git a/versions.tf b/versions.tf index ae2eea3569..26c2a2f8a4 100644 --- a/versions.tf +++ b/versions.tf @@ -33,6 +33,6 @@ terraform { } } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine/v26.1.0" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine/v26.1.1" } } From 05159eced4455602907032b73b88a4ed8a9a5719 Mon Sep 17 00:00:00 2001 From: Andrew Peabody Date: Mon, 22 May 2023 22:24:47 -0700 Subject: [PATCH 12/39] chore: && is masking prepare_environment failures (#1641) --- build/int.cloudbuild.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/int.cloudbuild.yaml b/build/int.cloudbuild.yaml index e50738bc07..410960c7bd 100644 --- a/build/int.cloudbuild.yaml +++ b/build/int.cloudbuild.yaml @@ -16,7 +16,7 @@ timeout: 12600s steps: - id: prepare name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS' - args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && prepare_environment && chmod 600 /builder/home/.netrc && sleep 120'] + args: ['/bin/bash', '-c', 'source /usr/local/bin/task_helper_functions.sh && prepare_environment ; chmod 600 /builder/home/.netrc && sleep 120'] env: - 'TF_VAR_org_id=$_ORG_ID' - 'TF_VAR_folder_id=$_FOLDER_ID' From e87044fe58680d9fc5a07a0ebbcf1f9c9cf9a351 Mon Sep 17 00:00:00 2001 From: Avinash Jha <39315791+avinashkumar1289@users.noreply.github.com> Date: Wed, 24 May 2023 00:37:18 +0530 Subject: [PATCH 13/39] chore: Attach KMS Key in Safer IAP GKE cluster (#1614) Co-authored-by: Bharath KKB --- examples/safer_cluster_iap_bastion/README.md | 5 ++++ examples/safer_cluster_iap_bastion/apis.tf | 6 +++++ examples/safer_cluster_iap_bastion/cluster.tf | 6 +++++ examples/safer_cluster_iap_bastion/kms.tf | 25 +++++++++++++++++++ examples/safer_cluster_iap_bastion/outputs.tf | 15 +++++++++++ 5 files changed, 57 insertions(+) create mode 100644 examples/safer_cluster_iap_bastion/kms.tf diff --git a/examples/safer_cluster_iap_bastion/README.md b/examples/safer_cluster_iap_bastion/README.md index 7a1eb998b0..f527858d5e 100644 --- a/examples/safer_cluster_iap_bastion/README.md +++ b/examples/safer_cluster_iap_bastion/README.md @@ -4,6 +4,8 @@ This end to end example aims to showcase access patterns to a [Safer Cluster](.. Additionally we deploy a [tinyproxy](https://tinyproxy.github.io/) daemon which allows `kubectl` commands to be piped through the bastion host allowing ease of development from a local machine with the security of GKE Private Clusters. +GKE Autopilot clusters are deployed with Application-layer Secrets Encryption that protects your secrets in etcd with a key you manage in [Cloud KMS](https://github.com/terraform-google-modules/terraform-google-kms/blob/master/README.md). + ## Setup To deploy this example: @@ -59,6 +61,9 @@ To deploy this example: | cluster\_name | Cluster name | | endpoint | Cluster endpoint | | get\_credentials\_command | gcloud get-credentials command to generate kubeconfig for the private cluster | +| keyring | The name of the keyring. | +| keyring\_resource | The location of the keyring. | +| keys | Map of key name => key self link. | | location | Cluster location (region if regional cluster, zone if zonal cluster) | | master\_authorized\_networks\_config | Networks from which access to master is permitted | | network\_name | The name of the VPC being created | diff --git a/examples/safer_cluster_iap_bastion/apis.tf b/examples/safer_cluster_iap_bastion/apis.tf index 44cfc5d757..8665a9b3d1 100644 --- a/examples/safer_cluster_iap_bastion/apis.tf +++ b/examples/safer_cluster_iap_bastion/apis.tf @@ -20,6 +20,11 @@ module "enabled_google_apis" { project_id = var.project_id disable_services_on_destroy = false + activate_api_identities = [{ + api = "container.googleapis.com", + roles = ["roles/cloudkms.cryptoKeyDecrypter", + "roles/cloudkms.cryptoKeyEncrypter"], + }] activate_apis = [ "serviceusage.googleapis.com", @@ -32,5 +37,6 @@ module "enabled_google_apis" { "binaryauthorization.googleapis.com", "stackdriver.googleapis.com", "iap.googleapis.com", + "cloudkms.googleapis.com", ] } diff --git a/examples/safer_cluster_iap_bastion/cluster.tf b/examples/safer_cluster_iap_bastion/cluster.tf index b462784548..c1ab5f9e6c 100644 --- a/examples/safer_cluster_iap_bastion/cluster.tf +++ b/examples/safer_cluster_iap_bastion/cluster.tf @@ -29,6 +29,12 @@ module "gke" { cidr_block = "${module.bastion.ip_address}/32" display_name = "Bastion Host" }] + database_encryption = [ + { + "key_name" : module.kms.keys["gke-key"], + "state" : "ENCRYPTED" + } + ] grant_registry_access = true node_pools = [ { diff --git a/examples/safer_cluster_iap_bastion/kms.tf b/examples/safer_cluster_iap_bastion/kms.tf new file mode 100644 index 0000000000..93dea01c0e --- /dev/null +++ b/examples/safer_cluster_iap_bastion/kms.tf @@ -0,0 +1,25 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +module "kms" { + source = "terraform-google-modules/kms/google" + version = "~> 2.2.1" + project_id = var.project_id + location = var.region + keyring = "gke-keyring" + keys = ["gke-key"] + prevent_destroy = false +} diff --git a/examples/safer_cluster_iap_bastion/outputs.tf b/examples/safer_cluster_iap_bastion/outputs.tf index 7525f0be59..8d9f9d2fdd 100644 --- a/examples/safer_cluster_iap_bastion/outputs.tf +++ b/examples/safer_cluster_iap_bastion/outputs.tf @@ -85,3 +85,18 @@ output "bastion_kubectl_command" { description = "kubectl command using the local proxy once the bastion_ssh command is running" value = "HTTPS_PROXY=localhost:8888 kubectl get pods --all-namespaces" } + +output "keyring" { + description = "The name of the keyring." + value = module.kms.keyring +} + +output "keyring_resource" { + description = "The location of the keyring." + value = module.kms.keyring_resource +} + +output "keys" { + description = "Map of key name => key self link." + value = module.kms.keys +} From de8fe2a9023513f5fb48a7d8ea16d8da5f636bdc Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 25 May 2023 15:28:16 -0700 Subject: [PATCH 14/39] chore(deps): update tf modules (#1624) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- examples/acm-terraform-blog-part1/terraform/gke.tf | 2 +- examples/acm-terraform-blog-part2/terraform/gke.tf | 2 +- examples/acm-terraform-blog-part3/terraform/gke.tf | 4 ++-- examples/safer_cluster_iap_bastion/network.tf | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/examples/acm-terraform-blog-part1/terraform/gke.tf b/examples/acm-terraform-blog-part1/terraform/gke.tf index 9d6ce2868c..d877dae6a0 100644 --- a/examples/acm-terraform-blog-part1/terraform/gke.tf +++ b/examples/acm-terraform-blog-part1/terraform/gke.tf @@ -31,7 +31,7 @@ module "enabled_google_apis" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google" - version = "~> 25.0" + version = "~> 26.0" project_id = module.enabled_google_apis.project_id name = "sfl-acm-part1" region = var.region diff --git a/examples/acm-terraform-blog-part2/terraform/gke.tf b/examples/acm-terraform-blog-part2/terraform/gke.tf index a8b94387c1..ceee1ffd0e 100644 --- a/examples/acm-terraform-blog-part2/terraform/gke.tf +++ b/examples/acm-terraform-blog-part2/terraform/gke.tf @@ -31,7 +31,7 @@ module "enabled_google_apis" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google" - version = "~> 25.0" + version = "~> 26.0" project_id = module.enabled_google_apis.project_id name = "sfl-acm-part2" region = var.region diff --git a/examples/acm-terraform-blog-part3/terraform/gke.tf b/examples/acm-terraform-blog-part3/terraform/gke.tf index b412f36da7..dc338f29aa 100644 --- a/examples/acm-terraform-blog-part3/terraform/gke.tf +++ b/examples/acm-terraform-blog-part3/terraform/gke.tf @@ -33,7 +33,7 @@ module "enabled_google_apis" { module "gke" { source = "terraform-google-modules/kubernetes-engine/google//modules/beta-public-cluster" - version = "~> 25.0" + version = "~> 26.0" project_id = module.enabled_google_apis.project_id name = "sfl-acm-part3" region = var.region @@ -48,7 +48,7 @@ module "gke" { module "wi" { source = "terraform-google-modules/kubernetes-engine/google//modules/workload-identity" - version = "~> 25.0" + version = "~> 26.0" gcp_sa_name = "cnrmsa" cluster_name = module.gke.name name = "cnrm-controller-manager" diff --git a/examples/safer_cluster_iap_bastion/network.tf b/examples/safer_cluster_iap_bastion/network.tf index 13638f1105..10a952660a 100644 --- a/examples/safer_cluster_iap_bastion/network.tf +++ b/examples/safer_cluster_iap_bastion/network.tf @@ -49,7 +49,7 @@ module "vpc" { module "cloud-nat" { source = "terraform-google-modules/cloud-nat/google" - version = "~> 2.0" + version = "~> 3.0" project_id = module.enabled_google_apis.project_id region = var.region router = "safer-router" From 9e3d16a7e36c2d6f730e9b31a138906941a4a674 Mon Sep 17 00:00:00 2001 From: Andrew Peabody Date: Thu, 1 Jun 2023 08:55:22 -0700 Subject: [PATCH 15/39] chore: expose enable_fleet_feature in ACM example (#1648) --- examples/simple_zonal_with_acm/README.md | 1 + examples/simple_zonal_with_acm/acm.tf | 2 ++ examples/simple_zonal_with_acm/variables.tf | 6 ++++++ 3 files changed, 9 insertions(+) diff --git a/examples/simple_zonal_with_acm/README.md b/examples/simple_zonal_with_acm/README.md index 9c8c4fe2e5..986b66e3cd 100644 --- a/examples/simple_zonal_with_acm/README.md +++ b/examples/simple_zonal_with_acm/README.md @@ -39,6 +39,7 @@ After applying the Terraform configuration, you can run the following commands t | Name | Description | Type | Default | Required | |------|-------------|------|---------|:--------:| | cluster\_name\_suffix | A suffix to append to the default cluster name | `string` | `""` | no | +| enable\_fleet\_feature | Whether to enable the ACM feature on the fleet. | `bool` | `true` | no | | project\_id | The project ID to host the cluster in | `string` | n/a | yes | | region | The region to host the cluster in | `string` | `"us-central1"` | no | | zone | The zone to host the cluster in | `string` | `"us-central1-a"` | no | diff --git a/examples/simple_zonal_with_acm/acm.tf b/examples/simple_zonal_with_acm/acm.tf index c72df471e0..e4662d08f9 100644 --- a/examples/simple_zonal_with_acm/acm.tf +++ b/examples/simple_zonal_with_acm/acm.tf @@ -24,6 +24,8 @@ module "acm" { sync_branch = "1.0.0" policy_dir = "foo-corp" + enable_fleet_feature = var.enable_fleet_feature + secret_type = "ssh" policy_bundles = ["https://github.com/GoogleCloudPlatform/acm-policy-controller-library/bundles/policy-essentials-v2022#e4094aacb91a35b0219f6f4cf6a31580e85b3c28"] diff --git a/examples/simple_zonal_with_acm/variables.tf b/examples/simple_zonal_with_acm/variables.tf index 722b32e674..7885098dad 100644 --- a/examples/simple_zonal_with_acm/variables.tf +++ b/examples/simple_zonal_with_acm/variables.tf @@ -36,3 +36,9 @@ variable "zone" { description = "The zone to host the cluster in" default = "us-central1-a" } + +variable "enable_fleet_feature" { + description = "Whether to enable the ACM feature on the fleet." + type = bool + default = true +} From 7a0f4caef75bc6a272a41e2250263ad6224bf587 Mon Sep 17 00:00:00 2001 From: CFT Bot Date: Thu, 1 Jun 2023 10:16:51 -0700 Subject: [PATCH 16/39] chore: update .github/workflows/lint.yaml --- .github/workflows/lint.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index cf1bae4f34..fedc554dd6 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -35,7 +35,7 @@ jobs: - id: variables run: | MAKEFILE=$(find . -name Makefile -print -quit) - if [ ! -z "$MAKEFILE" ]; then + if [ -z "$MAKEFILE" ]; then echo dev-tools=gcr.io/cloud-foundation-cicd/cft/developer-tools:1 >> "$GITHUB_OUTPUT" else VERSION=$(grep "DOCKER_TAG_VERSION_DEVELOPER_TOOLS := " $MAKEFILE | cut -d\ -f3) From 044968d3393ddfc3b3710b16187016151f06c4fb Mon Sep 17 00:00:00 2001 From: CFT Bot Date: Thu, 1 Jun 2023 12:18:59 -0700 Subject: [PATCH 17/39] chore: update .github/renovate.json --- .github/renovate.json | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/renovate.json b/.github/renovate.json index bccd0c174a..bb2b478857 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -16,6 +16,9 @@ "stabilityDays":0 }, "separateMajorMinor":false, + "constraints": { + "go": "1.18" + }, "packageRules": [ { "matchPaths": ["examples/**", "test/**", ".github/**"], @@ -35,7 +38,8 @@ "postUpdateOptions": ["gomodTidy"] }, { - "matchPackageNames": ["go"], + "matchDatasources": ["golang-version"], + "rangeStrategy": "bump", "allowedVersions": "<1.19.0", "postUpdateOptions": ["gomodTidy"] }, From e51804ed4849fa85748a95ca169b92445d258d91 Mon Sep 17 00:00:00 2001 From: Andrew Peabody Date: Fri, 2 Jun 2023 09:01:33 -0700 Subject: [PATCH 18/39] fix: policy bundles now use idx as resource name (bundles will be re-applied) (#1657) --- modules/acm/creds.tf | 4 ++-- modules/acm/policy_bundles.tf | 7 ++++--- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/modules/acm/creds.tf b/modules/acm/creds.tf index fb8b5fb379..5bd395da97 100644 --- a/modules/acm/creds.tf +++ b/modules/acm/creds.tf @@ -30,12 +30,12 @@ resource "tls_private_key" "k8sop_creds" { rsa_bits = 4096 } -# Wait for the ACM operator to create the namespace +# Wait for ACM resource "time_sleep" "wait_acm" { count = (var.create_ssh_key == true || var.ssh_auth_key != null || var.enable_policy_controller || var.enable_config_sync) ? 1 : 0 depends_on = [google_gke_hub_feature_membership.main] - create_duration = "300s" + create_duration = (length(var.policy_bundles) > 0) ? "600s" : "300s" } resource "google_service_account_iam_binding" "ksa_iam" { diff --git a/modules/acm/policy_bundles.tf b/modules/acm/policy_bundles.tf index b03987e867..8bd122d1e0 100644 --- a/modules/acm/policy_bundles.tf +++ b/modules/acm/policy_bundles.tf @@ -18,12 +18,13 @@ module "policy_bundles" { source = "terraform-google-modules/gcloud/google//modules/kubectl-wrapper" version = "~> 3.1" - for_each = toset(var.policy_bundles) + # Use index as name to avoid long url or special filesystem chars + for_each = { for i, v in var.policy_bundles : i => v } project_id = var.project_id cluster_name = var.cluster_name cluster_location = var.location - kubectl_create_command = "kubectl apply -k ${each.key}" - kubectl_destroy_command = "kubectl delete -k ${each.key}" + kubectl_create_command = "kubectl apply -k ${each.value}" + kubectl_destroy_command = "kubectl delete -k ${each.value}" module_depends_on = [time_sleep.wait_acm] } From e522073f24067359f8af1bd2ddc9092b594fb945 Mon Sep 17 00:00:00 2001 From: slimatic Date: Fri, 2 Jun 2023 12:59:15 -0400 Subject: [PATCH 19/39] feat(cluster.tf): add support to set initial release channel version (#1625) Co-authored-by: Andrew Peabody --- autogen/main/cluster.tf.tmpl | 2 +- cluster.tf | 2 +- .../README.md | 49 ++++++++++++ .../main.tf | 76 +++++++++++++++++++ .../outputs.tf | 35 +++++++++ .../test_outputs.tf | 1 + .../variables.tf | 54 +++++++++++++ .../versions.tf | 28 +++++++ .../beta-autopilot-private-cluster/cluster.tf | 2 +- .../beta-autopilot-public-cluster/cluster.tf | 2 +- .../cluster.tf | 2 +- modules/beta-private-cluster/cluster.tf | 2 +- .../cluster.tf | 2 +- modules/beta-public-cluster/cluster.tf | 2 +- .../private-cluster-update-variant/cluster.tf | 2 +- modules/private-cluster/cluster.tf | 2 +- test/fixtures/shared/variables.tf | 6 ++ .../example.tf | 30 ++++++++ .../network.tf | 46 +++++++++++ .../outputs.tf | 1 + .../variables.tf | 1 + 21 files changed, 337 insertions(+), 10 deletions(-) create mode 100644 examples/simple_regional_private_with_cluster_version/README.md create mode 100644 examples/simple_regional_private_with_cluster_version/main.tf create mode 100644 examples/simple_regional_private_with_cluster_version/outputs.tf create mode 120000 examples/simple_regional_private_with_cluster_version/test_outputs.tf create mode 100644 examples/simple_regional_private_with_cluster_version/variables.tf create mode 100644 examples/simple_regional_private_with_cluster_version/versions.tf create mode 100644 test/fixtures/simple_regional_private_with_cluster_version/example.tf create mode 100644 test/fixtures/simple_regional_private_with_cluster_version/network.tf create mode 120000 test/fixtures/simple_regional_private_with_cluster_version/outputs.tf create mode 120000 test/fixtures/simple_regional_private_with_cluster_version/variables.tf diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 1f645109b8..d263170b10 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -83,7 +83,7 @@ resource "google_container_cluster" "primary" { disabled = var.disable_default_snat } - min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : null + min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : var.kubernetes_version == "latest" ? null : var.kubernetes_version {% if beta_cluster and autopilot_cluster != true %} dynamic "cluster_telemetry" { diff --git a/cluster.tf b/cluster.tf index 694bc2eb05..a6f45f0a3f 100644 --- a/cluster.tf +++ b/cluster.tf @@ -69,7 +69,7 @@ resource "google_container_cluster" "primary" { disabled = var.disable_default_snat } - min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : null + min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : var.kubernetes_version == "latest" ? null : var.kubernetes_version # only one of logging/monitoring_service or logging/monitoring_config can be specified logging_service = local.logmon_config_is_set ? null : var.logging_service diff --git a/examples/simple_regional_private_with_cluster_version/README.md b/examples/simple_regional_private_with_cluster_version/README.md new file mode 100644 index 0000000000..160fc74a4c --- /dev/null +++ b/examples/simple_regional_private_with_cluster_version/README.md @@ -0,0 +1,49 @@ +# Simple Regional Cluster + +This example illustrates how to create a simple private cluster with beta features. + +[^]: (autogen_docs_start) + +## Inputs + +| Name | Description | Type | Default | Required | +|------|-------------|:----:|:-----:|:-----:| +| cloudrun | Boolean to enable / disable CloudRun | string | `"true"` | no | +| cluster\_name\_suffix | A suffix to append to the default cluster name | string | `""` | no | +| compute\_engine\_service\_account | Service account to associate to the nodes in the cluster | string | n/a | yes | +| credentials\_path | The path to the GCP credentials JSON file | string | n/a | yes | +| ip\_range\_pods | The secondary ip range to use for pods | string | n/a | yes | +| ip\_range\_services | The secondary ip range to use for pods | string | n/a | yes | +| istio | Boolean to enable / disable Istio | string | `"true"` | no | +| network | The VPC network to host the cluster in | string | n/a | yes | +| project\_id | The project ID to host the cluster in | string | n/a | yes | +| region | The region to host the cluster in | string | n/a | yes | +| subnetwork | The subnetwork to host the cluster in | string | n/a | yes | + +## Outputs + +| Name | Description | +|------|-------------| +| ca\_certificate | | +| client\_token | | +| cluster\_name | Cluster name | +| credentials\_path | | +| ip\_range\_pods | The secondary IP range used for pods | +| ip\_range\_services | The secondary IP range used for services | +| kubernetes\_endpoint | | +| location | | +| master\_kubernetes\_version | The master Kubernetes version | +| network | | +| project\_id | | +| region | | +| service\_account | The service account to default running nodes as if not overridden in `node_pools`. | +| subnetwork | | +| zones | List of zones in which the cluster resides | + +[^]: (autogen_docs_end) + +To provision this example, run the following from within this directory: +- `terraform init` to get the plugins +- `terraform plan` to see the infrastructure plan +- `terraform apply` to apply the infrastructure build +- `terraform destroy` to destroy the built infrastructure diff --git a/examples/simple_regional_private_with_cluster_version/main.tf b/examples/simple_regional_private_with_cluster_version/main.tf new file mode 100644 index 0000000000..87b415afb5 --- /dev/null +++ b/examples/simple_regional_private_with_cluster_version/main.tf @@ -0,0 +1,76 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + cluster_type = "simple-regional-private" +} + +data "google_client_config" "default" {} + +provider "kubernetes" { + host = "https://${module.gke.endpoint}" + token = data.google_client_config.default.access_token + cluster_ca_certificate = base64decode(module.gke.ca_certificate) +} + +data "google_compute_subnetwork" "subnetwork" { + name = var.subnetwork + project = var.project_id + region = var.region +} + +module "gke" { + source = "../../modules/private-cluster/" + project_id = var.project_id + name = "${local.cluster_type}-cluster${var.cluster_name_suffix}" + regional = true + region = var.region + network = var.network + kubernetes_version = var.kubernetes_version + subnetwork = var.subnetwork + ip_range_pods = var.ip_range_pods + ip_range_services = var.ip_range_services + create_service_account = false + service_account = var.compute_engine_service_account + enable_private_endpoint = true + enable_private_nodes = true + master_ipv4_cidr_block = "172.16.0.0/28" + default_max_pods_per_node = 20 + remove_default_node_pool = true + + node_pools = [ + { + name = "pool-01" + min_count = 1 + max_count = 100 + local_ssd_count = 0 + disk_size_gb = 100 + disk_type = "pd-standard" + auto_repair = true + auto_upgrade = true + service_account = var.compute_engine_service_account + preemptible = false + max_pods_per_node = 12 + }, + ] + + master_authorized_networks = [ + { + cidr_block = data.google_compute_subnetwork.subnetwork.ip_cidr_range + display_name = "VPC" + }, + ] +} diff --git a/examples/simple_regional_private_with_cluster_version/outputs.tf b/examples/simple_regional_private_with_cluster_version/outputs.tf new file mode 100644 index 0000000000..01a13147c2 --- /dev/null +++ b/examples/simple_regional_private_with_cluster_version/outputs.tf @@ -0,0 +1,35 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "kubernetes_endpoint" { + sensitive = true + value = module.gke.endpoint +} + +output "client_token" { + sensitive = true + value = base64encode(data.google_client_config.default.access_token) +} + +output "ca_certificate" { + value = module.gke.ca_certificate +} + +output "service_account" { + description = "The default service account used for running nodes." + value = module.gke.service_account +} + diff --git a/examples/simple_regional_private_with_cluster_version/test_outputs.tf b/examples/simple_regional_private_with_cluster_version/test_outputs.tf new file mode 120000 index 0000000000..17b34213ba --- /dev/null +++ b/examples/simple_regional_private_with_cluster_version/test_outputs.tf @@ -0,0 +1 @@ +../../test/fixtures/all_examples/test_outputs.tf \ No newline at end of file diff --git a/examples/simple_regional_private_with_cluster_version/variables.tf b/examples/simple_regional_private_with_cluster_version/variables.tf new file mode 100644 index 0000000000..5bc992dd49 --- /dev/null +++ b/examples/simple_regional_private_with_cluster_version/variables.tf @@ -0,0 +1,54 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "project_id" { + description = "The project ID to host the cluster in" +} + +variable "cluster_name_suffix" { + description = "A suffix to append to the default cluster name" + default = "" +} + +variable "region" { + description = "The region to host the cluster in" +} + +variable "network" { + description = "The VPC network to host the cluster in" +} + +variable "subnetwork" { + description = "The subnetwork to host the cluster in" +} + +variable "ip_range_pods" { + description = "The secondary ip range to use for pods" +} + +variable "ip_range_services" { + description = "The secondary ip range to use for services" +} + +variable "compute_engine_service_account" { + description = "Service account to associate to the nodes in the cluster" +} + +variable "kubernetes_version" { + type = string + description = "The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region." + default = "latest" +} diff --git a/examples/simple_regional_private_with_cluster_version/versions.tf b/examples/simple_regional_private_with_cluster_version/versions.tf new file mode 100644 index 0000000000..e8fbb1aadd --- /dev/null +++ b/examples/simple_regional_private_with_cluster_version/versions.tf @@ -0,0 +1,28 @@ +/** + * Copyright 2021 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_providers { + google = { + source = "hashicorp/google" + version = "~> 4.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + } + } + required_version = ">= 0.13" +} diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf index 9d40a5aa50..a4432a6584 100644 --- a/modules/beta-autopilot-private-cluster/cluster.tf +++ b/modules/beta-autopilot-private-cluster/cluster.tf @@ -67,7 +67,7 @@ resource "google_container_cluster" "primary" { disabled = var.disable_default_snat } - min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : null + min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : var.kubernetes_version == "latest" ? null : var.kubernetes_version cluster_autoscaling { dynamic "auto_provisioning_defaults" { diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf index e6d4920b4f..84c48a6735 100644 --- a/modules/beta-autopilot-public-cluster/cluster.tf +++ b/modules/beta-autopilot-public-cluster/cluster.tf @@ -67,7 +67,7 @@ resource "google_container_cluster" "primary" { disabled = var.disable_default_snat } - min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : null + min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : var.kubernetes_version == "latest" ? null : var.kubernetes_version cluster_autoscaling { dynamic "auto_provisioning_defaults" { diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 926b3a5232..7f75a953db 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -75,7 +75,7 @@ resource "google_container_cluster" "primary" { disabled = var.disable_default_snat } - min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : null + min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : var.kubernetes_version == "latest" ? null : var.kubernetes_version dynamic "cluster_telemetry" { for_each = local.cluster_telemetry_type_is_set ? [1] : [] diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index fc2d22d5eb..63cbe46e99 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -75,7 +75,7 @@ resource "google_container_cluster" "primary" { disabled = var.disable_default_snat } - min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : null + min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : var.kubernetes_version == "latest" ? null : var.kubernetes_version dynamic "cluster_telemetry" { for_each = local.cluster_telemetry_type_is_set ? [1] : [] diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index 2a7b1be0b9..98738a3cf8 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -75,7 +75,7 @@ resource "google_container_cluster" "primary" { disabled = var.disable_default_snat } - min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : null + min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : var.kubernetes_version == "latest" ? null : var.kubernetes_version dynamic "cluster_telemetry" { for_each = local.cluster_telemetry_type_is_set ? [1] : [] diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index e5d70fef24..754747b791 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -75,7 +75,7 @@ resource "google_container_cluster" "primary" { disabled = var.disable_default_snat } - min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : null + min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : var.kubernetes_version == "latest" ? null : var.kubernetes_version dynamic "cluster_telemetry" { for_each = local.cluster_telemetry_type_is_set ? [1] : [] diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index adfea3660a..d54761c189 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -69,7 +69,7 @@ resource "google_container_cluster" "primary" { disabled = var.disable_default_snat } - min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : null + min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : var.kubernetes_version == "latest" ? null : var.kubernetes_version # only one of logging/monitoring_service or logging/monitoring_config can be specified logging_service = local.logmon_config_is_set ? null : var.logging_service diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index ae67d7d403..22cceeb2f0 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -69,7 +69,7 @@ resource "google_container_cluster" "primary" { disabled = var.disable_default_snat } - min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : null + min_master_version = var.release_channel == null || var.release_channel == "UNSPECIFIED" ? local.master_version : var.kubernetes_version == "latest" ? null : var.kubernetes_version # only one of logging/monitoring_service or logging/monitoring_config can be specified logging_service = local.logmon_config_is_set ? null : var.logging_service diff --git a/test/fixtures/shared/variables.tf b/test/fixtures/shared/variables.tf index 4465351548..8cf5823b20 100644 --- a/test/fixtures/shared/variables.tf +++ b/test/fixtures/shared/variables.tf @@ -39,3 +39,9 @@ variable "registry_project_ids" { description = "Projects to use for granting access to GCR registries, if requested" type = list(string) } + +variable "kubernetes_version" { + type = string + description = "The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region." + default = "latest" +} diff --git a/test/fixtures/simple_regional_private_with_cluster_version/example.tf b/test/fixtures/simple_regional_private_with_cluster_version/example.tf new file mode 100644 index 0000000000..85c8b88b99 --- /dev/null +++ b/test/fixtures/simple_regional_private_with_cluster_version/example.tf @@ -0,0 +1,30 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +module "example" { + source = "../../../examples/simple_regional_private_with_cluster_version" + + project_id = var.project_ids[1] + cluster_name_suffix = "-${random_string.suffix.result}" + kubernetes_version = var.kubernetes_version + region = var.region + network = google_compute_network.main.name + subnetwork = google_compute_subnetwork.main.name + ip_range_pods = google_compute_subnetwork.main.secondary_ip_range[0].range_name + ip_range_services = google_compute_subnetwork.main.secondary_ip_range[1].range_name + compute_engine_service_account = var.compute_engine_service_accounts[1] +} + diff --git a/test/fixtures/simple_regional_private_with_cluster_version/network.tf b/test/fixtures/simple_regional_private_with_cluster_version/network.tf new file mode 100644 index 0000000000..8d643281e1 --- /dev/null +++ b/test/fixtures/simple_regional_private_with_cluster_version/network.tf @@ -0,0 +1,46 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +resource "random_string" "suffix" { + length = 4 + special = false + upper = false +} + +resource "google_compute_network" "main" { + project = var.project_ids[1] + name = "cft-gke-test-${random_string.suffix.result}" + auto_create_subnetworks = false +} + +resource "google_compute_subnetwork" "main" { + project = var.project_ids[1] + name = "cft-gke-test-${random_string.suffix.result}" + ip_cidr_range = "10.0.0.0/17" + region = var.region + network = google_compute_network.main.self_link + + secondary_ip_range { + range_name = "cft-gke-test-pods-${random_string.suffix.result}" + ip_cidr_range = "192.168.0.0/18" + } + + secondary_ip_range { + range_name = "cft-gke-test-services-${random_string.suffix.result}" + ip_cidr_range = "192.168.64.0/18" + } +} + diff --git a/test/fixtures/simple_regional_private_with_cluster_version/outputs.tf b/test/fixtures/simple_regional_private_with_cluster_version/outputs.tf new file mode 120000 index 0000000000..726bdc722f --- /dev/null +++ b/test/fixtures/simple_regional_private_with_cluster_version/outputs.tf @@ -0,0 +1 @@ +../shared/outputs.tf \ No newline at end of file diff --git a/test/fixtures/simple_regional_private_with_cluster_version/variables.tf b/test/fixtures/simple_regional_private_with_cluster_version/variables.tf new file mode 120000 index 0000000000..c113c00a3d --- /dev/null +++ b/test/fixtures/simple_regional_private_with_cluster_version/variables.tf @@ -0,0 +1 @@ +../shared/variables.tf \ No newline at end of file From 2fe171500c3496eb88b9fdf83318b0927d225e4b Mon Sep 17 00:00:00 2001 From: Andrew Peabody Date: Fri, 2 Jun 2023 11:37:15 -0700 Subject: [PATCH 20/39] fix: update policy-essentials hash 59f4695 using ref (#1659) --- examples/simple_zonal_with_acm/acm.tf | 2 +- modules/acm/policy_bundles.tf | 7 +++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/examples/simple_zonal_with_acm/acm.tf b/examples/simple_zonal_with_acm/acm.tf index e4662d08f9..61b2b61bce 100644 --- a/examples/simple_zonal_with_acm/acm.tf +++ b/examples/simple_zonal_with_acm/acm.tf @@ -28,7 +28,7 @@ module "acm" { secret_type = "ssh" - policy_bundles = ["https://github.com/GoogleCloudPlatform/acm-policy-controller-library/bundles/policy-essentials-v2022#e4094aacb91a35b0219f6f4cf6a31580e85b3c28"] + policy_bundles = ["https://github.com/GoogleCloudPlatform/acm-policy-controller-library/bundles/policy-essentials-v2022?ref=59f4695394285078f7c2029ec7d0f9ed1d6d700a"] create_metrics_gcp_sa = true } diff --git a/modules/acm/policy_bundles.tf b/modules/acm/policy_bundles.tf index 8bd122d1e0..b03987e867 100644 --- a/modules/acm/policy_bundles.tf +++ b/modules/acm/policy_bundles.tf @@ -18,13 +18,12 @@ module "policy_bundles" { source = "terraform-google-modules/gcloud/google//modules/kubectl-wrapper" version = "~> 3.1" - # Use index as name to avoid long url or special filesystem chars - for_each = { for i, v in var.policy_bundles : i => v } + for_each = toset(var.policy_bundles) project_id = var.project_id cluster_name = var.cluster_name cluster_location = var.location - kubectl_create_command = "kubectl apply -k ${each.value}" - kubectl_destroy_command = "kubectl delete -k ${each.value}" + kubectl_create_command = "kubectl apply -k ${each.key}" + kubectl_destroy_command = "kubectl delete -k ${each.key}" module_depends_on = [time_sleep.wait_acm] } From d252579613ca44e11ad28a59f930cdb42dea2c29 Mon Sep 17 00:00:00 2001 From: Edvin N Date: Tue, 6 Jun 2023 04:31:38 +0200 Subject: [PATCH 21/39] feat!: Add protect_config beta feature (#1617) feat!: add protect_config beta feature --- autogen/main/cluster.tf.tmpl | 7 +++++++ autogen/main/variables.tf.tmpl | 11 +++++++++++ modules/beta-autopilot-private-cluster/README.md | 2 ++ modules/beta-autopilot-private-cluster/cluster.tf | 7 +++++++ modules/beta-autopilot-private-cluster/variables.tf | 11 +++++++++++ modules/beta-autopilot-public-cluster/README.md | 2 ++ modules/beta-autopilot-public-cluster/cluster.tf | 7 +++++++ modules/beta-autopilot-public-cluster/variables.tf | 11 +++++++++++ modules/beta-private-cluster-update-variant/README.md | 2 ++ .../beta-private-cluster-update-variant/cluster.tf | 7 +++++++ .../beta-private-cluster-update-variant/variables.tf | 11 +++++++++++ modules/beta-private-cluster/README.md | 2 ++ modules/beta-private-cluster/cluster.tf | 7 +++++++ modules/beta-private-cluster/variables.tf | 11 +++++++++++ modules/beta-public-cluster-update-variant/README.md | 2 ++ modules/beta-public-cluster-update-variant/cluster.tf | 7 +++++++ .../beta-public-cluster-update-variant/variables.tf | 11 +++++++++++ modules/beta-public-cluster/README.md | 2 ++ modules/beta-public-cluster/cluster.tf | 7 +++++++ modules/beta-public-cluster/variables.tf | 11 +++++++++++ 20 files changed, 138 insertions(+) diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index d263170b10..58ab5a57cb 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -315,6 +315,13 @@ resource "google_container_cluster" "primary" { {% if beta_cluster %} networking_mode = "VPC_NATIVE" + + protect_config { + workload_config { + audit_mode = var.workload_config_audit_mode + } + workload_vulnerability_mode = var.workload_vulnerability_mode + } {% endif %} ip_allocation_policy { cluster_secondary_range_name = var.ip_range_pods diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index e15a94bf38..d0d140b656 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -530,6 +530,17 @@ variable "enable_confidential_nodes" { description = "An optional flag to enable confidential node config." default = false } +variable "workload_vulnerability_mode" { + description = "(beta) Vulnerability mode." + type = string + default = "" +} + +variable "workload_config_audit_mode" { + description = "(beta) Worload config audit mode." + type = string + default = "DISABLED" +} {% endif %} variable "disable_default_snat" { diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md index bbe9381708..9a3871bed3 100644 --- a/modules/beta-autopilot-private-cluster/README.md +++ b/modules/beta-autopilot-private-cluster/README.md @@ -129,6 +129,8 @@ Then perform the following commands on the root folder: | subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes | | timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no | | upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | `list(string)` | `[]` | no | +| workload\_config\_audit\_mode | (beta) Worload config audit mode. | `string` | `"DISABLED"` | no | +| workload\_vulnerability\_mode | (beta) Vulnerability mode. | `string` | `""` | no | | zones | The zones to host the cluster in (optional if regional cluster / required if zonal) | `list(string)` | `[]` | no | ## Outputs diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf index a4432a6584..5d836127bc 100644 --- a/modules/beta-autopilot-private-cluster/cluster.tf +++ b/modules/beta-autopilot-private-cluster/cluster.tf @@ -128,6 +128,13 @@ resource "google_container_cluster" "primary" { } networking_mode = "VPC_NATIVE" + + protect_config { + workload_config { + audit_mode = var.workload_config_audit_mode + } + workload_vulnerability_mode = var.workload_vulnerability_mode + } ip_allocation_policy { cluster_secondary_range_name = var.ip_range_pods services_secondary_range_name = var.ip_range_services diff --git a/modules/beta-autopilot-private-cluster/variables.tf b/modules/beta-autopilot-private-cluster/variables.tf index 8b0bf17e28..a9bd584314 100644 --- a/modules/beta-autopilot-private-cluster/variables.tf +++ b/modules/beta-autopilot-private-cluster/variables.tf @@ -366,6 +366,17 @@ variable "enable_confidential_nodes" { description = "An optional flag to enable confidential node config." default = false } +variable "workload_vulnerability_mode" { + description = "(beta) Vulnerability mode." + type = string + default = "" +} + +variable "workload_config_audit_mode" { + description = "(beta) Worload config audit mode." + type = string + default = "DISABLED" +} variable "disable_default_snat" { type = bool diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md index 91a48d9ce3..00b9a25f39 100644 --- a/modules/beta-autopilot-public-cluster/README.md +++ b/modules/beta-autopilot-public-cluster/README.md @@ -118,6 +118,8 @@ Then perform the following commands on the root folder: | subnetwork | The subnetwork to host the cluster in (required) | `string` | n/a | yes | | timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no | | upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | `list(string)` | `[]` | no | +| workload\_config\_audit\_mode | (beta) Worload config audit mode. | `string` | `"DISABLED"` | no | +| workload\_vulnerability\_mode | (beta) Vulnerability mode. | `string` | `""` | no | | zones | The zones to host the cluster in (optional if regional cluster / required if zonal) | `list(string)` | `[]` | no | ## Outputs diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf index 84c48a6735..75e6e67f31 100644 --- a/modules/beta-autopilot-public-cluster/cluster.tf +++ b/modules/beta-autopilot-public-cluster/cluster.tf @@ -128,6 +128,13 @@ resource "google_container_cluster" "primary" { } networking_mode = "VPC_NATIVE" + + protect_config { + workload_config { + audit_mode = var.workload_config_audit_mode + } + workload_vulnerability_mode = var.workload_vulnerability_mode + } ip_allocation_policy { cluster_secondary_range_name = var.ip_range_pods services_secondary_range_name = var.ip_range_services diff --git a/modules/beta-autopilot-public-cluster/variables.tf b/modules/beta-autopilot-public-cluster/variables.tf index 947bf6df89..e244b73728 100644 --- a/modules/beta-autopilot-public-cluster/variables.tf +++ b/modules/beta-autopilot-public-cluster/variables.tf @@ -336,6 +336,17 @@ variable "enable_confidential_nodes" { description = "An optional flag to enable confidential node config." default = false } +variable "workload_vulnerability_mode" { + description = "(beta) Vulnerability mode." + type = string + default = "" +} + +variable "workload_config_audit_mode" { + description = "(beta) Worload config audit mode." + type = string + default = "DISABLED" +} variable "disable_default_snat" { type = bool diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index b5f670446f..c782d85e1e 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -264,6 +264,8 @@ Then perform the following commands on the root folder: | timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no | | upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | `list(string)` | `[]` | no | | windows\_node\_pools | List of maps containing Windows node pools | `list(map(string))` | `[]` | no | +| workload\_config\_audit\_mode | (beta) Worload config audit mode. | `string` | `"DISABLED"` | no | +| workload\_vulnerability\_mode | (beta) Vulnerability mode. | `string` | `""` | no | | zones | The zones to host the cluster in (optional if regional cluster / required if zonal) | `list(string)` | `[]` | no | ## Outputs diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 7f75a953db..519c54d8f2 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -256,6 +256,13 @@ resource "google_container_cluster" "primary" { datapath_provider = var.datapath_provider networking_mode = "VPC_NATIVE" + + protect_config { + workload_config { + audit_mode = var.workload_config_audit_mode + } + workload_vulnerability_mode = var.workload_vulnerability_mode + } ip_allocation_policy { cluster_secondary_range_name = var.ip_range_pods services_secondary_range_name = var.ip_range_services diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index 3ec0e20301..11bd398c68 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -502,6 +502,17 @@ variable "enable_confidential_nodes" { description = "An optional flag to enable confidential node config." default = false } +variable "workload_vulnerability_mode" { + description = "(beta) Vulnerability mode." + type = string + default = "" +} + +variable "workload_config_audit_mode" { + description = "(beta) Worload config audit mode." + type = string + default = "DISABLED" +} variable "disable_default_snat" { type = bool diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index b696bfbfab..f707b3f289 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -242,6 +242,8 @@ Then perform the following commands on the root folder: | timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no | | upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | `list(string)` | `[]` | no | | windows\_node\_pools | List of maps containing Windows node pools | `list(map(string))` | `[]` | no | +| workload\_config\_audit\_mode | (beta) Worload config audit mode. | `string` | `"DISABLED"` | no | +| workload\_vulnerability\_mode | (beta) Vulnerability mode. | `string` | `""` | no | | zones | The zones to host the cluster in (optional if regional cluster / required if zonal) | `list(string)` | `[]` | no | ## Outputs diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 63cbe46e99..b53205c4d8 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -256,6 +256,13 @@ resource "google_container_cluster" "primary" { datapath_provider = var.datapath_provider networking_mode = "VPC_NATIVE" + + protect_config { + workload_config { + audit_mode = var.workload_config_audit_mode + } + workload_vulnerability_mode = var.workload_vulnerability_mode + } ip_allocation_policy { cluster_secondary_range_name = var.ip_range_pods services_secondary_range_name = var.ip_range_services diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index 3ec0e20301..11bd398c68 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -502,6 +502,17 @@ variable "enable_confidential_nodes" { description = "An optional flag to enable confidential node config." default = false } +variable "workload_vulnerability_mode" { + description = "(beta) Vulnerability mode." + type = string + default = "" +} + +variable "workload_config_audit_mode" { + description = "(beta) Worload config audit mode." + type = string + default = "DISABLED" +} variable "disable_default_snat" { type = bool diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index b79f37d9bc..233b62570d 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -253,6 +253,8 @@ Then perform the following commands on the root folder: | timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no | | upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | `list(string)` | `[]` | no | | windows\_node\_pools | List of maps containing Windows node pools | `list(map(string))` | `[]` | no | +| workload\_config\_audit\_mode | (beta) Worload config audit mode. | `string` | `"DISABLED"` | no | +| workload\_vulnerability\_mode | (beta) Vulnerability mode. | `string` | `""` | no | | zones | The zones to host the cluster in (optional if regional cluster / required if zonal) | `list(string)` | `[]` | no | ## Outputs diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index 98738a3cf8..c086223b59 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -256,6 +256,13 @@ resource "google_container_cluster" "primary" { datapath_provider = var.datapath_provider networking_mode = "VPC_NATIVE" + + protect_config { + workload_config { + audit_mode = var.workload_config_audit_mode + } + workload_vulnerability_mode = var.workload_vulnerability_mode + } ip_allocation_policy { cluster_secondary_range_name = var.ip_range_pods services_secondary_range_name = var.ip_range_services diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index 9609703039..5e033e3eb3 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -472,6 +472,17 @@ variable "enable_confidential_nodes" { description = "An optional flag to enable confidential node config." default = false } +variable "workload_vulnerability_mode" { + description = "(beta) Vulnerability mode." + type = string + default = "" +} + +variable "workload_config_audit_mode" { + description = "(beta) Worload config audit mode." + type = string + default = "DISABLED" +} variable "disable_default_snat" { type = bool diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 9d0e115ae5..be5efc9a01 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -231,6 +231,8 @@ Then perform the following commands on the root folder: | timeouts | Timeout for cluster operations. | `map(string)` | `{}` | no | | upstream\_nameservers | If specified, the values replace the nameservers taken by default from the node’s /etc/resolv.conf | `list(string)` | `[]` | no | | windows\_node\_pools | List of maps containing Windows node pools | `list(map(string))` | `[]` | no | +| workload\_config\_audit\_mode | (beta) Worload config audit mode. | `string` | `"DISABLED"` | no | +| workload\_vulnerability\_mode | (beta) Vulnerability mode. | `string` | `""` | no | | zones | The zones to host the cluster in (optional if regional cluster / required if zonal) | `list(string)` | `[]` | no | ## Outputs diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 754747b791..ed021f26be 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -256,6 +256,13 @@ resource "google_container_cluster" "primary" { datapath_provider = var.datapath_provider networking_mode = "VPC_NATIVE" + + protect_config { + workload_config { + audit_mode = var.workload_config_audit_mode + } + workload_vulnerability_mode = var.workload_vulnerability_mode + } ip_allocation_policy { cluster_secondary_range_name = var.ip_range_pods services_secondary_range_name = var.ip_range_services diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index 9609703039..5e033e3eb3 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -472,6 +472,17 @@ variable "enable_confidential_nodes" { description = "An optional flag to enable confidential node config." default = false } +variable "workload_vulnerability_mode" { + description = "(beta) Vulnerability mode." + type = string + default = "" +} + +variable "workload_config_audit_mode" { + description = "(beta) Worload config audit mode." + type = string + default = "DISABLED" +} variable "disable_default_snat" { type = bool From 00d76363cc00a82224994e131261fa9724aacc40 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 14 Jun 2023 10:12:27 -0700 Subject: [PATCH 22/39] chore(deps): update module go to 1.18 (#1666) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- test/integration/go.mod | 94 ++++++++++++++++++++++++++++++++++++++++- test/integration/go.sum | 5 --- 2 files changed, 93 insertions(+), 6 deletions(-) diff --git a/test/integration/go.mod b/test/integration/go.mod index b2407ccb3b..d81021642f 100644 --- a/test/integration/go.mod +++ b/test/integration/go.mod @@ -1,9 +1,101 @@ module github.com/terraform-google-modules/terraform-google-kubernetes-engine/test/integration -go 1.16 +go 1.18 require ( github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test v0.4.1 github.com/gruntwork-io/terratest v0.41.11 github.com/stretchr/testify v1.8.2 ) + +require ( + cloud.google.com/go v0.83.0 // indirect + cloud.google.com/go/storage v1.10.0 // indirect + github.com/PuerkitoBio/purell v1.1.1 // indirect + github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect + github.com/agext/levenshtein v1.2.3 // indirect + github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect + github.com/aws/aws-sdk-go v1.40.56 // indirect + github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect + github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect + github.com/cpuguy83/go-md2man/v2 v2.0.0 // indirect + github.com/davecgh/go-spew v1.1.1 // indirect + github.com/docker/spdystream v0.0.0-20181023171402-6480d4af844c // indirect + github.com/go-errors/errors v1.0.2-0.20180813162953-d98b870cc4e0 // indirect + github.com/go-logr/logr v0.2.0 // indirect + github.com/go-openapi/jsonpointer v0.19.5 // indirect + github.com/go-openapi/jsonreference v0.19.3 // indirect + github.com/go-openapi/swag v0.19.5 // indirect + github.com/go-sql-driver/mysql v1.4.1 // indirect + github.com/gogo/protobuf v1.3.2 // indirect + github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect + github.com/golang/protobuf v1.5.2 // indirect + github.com/golang/snappy v0.0.3 // indirect + github.com/google/gofuzz v1.1.0 // indirect + github.com/google/uuid v1.2.0 // indirect + github.com/googleapis/gax-go/v2 v2.0.5 // indirect + github.com/googleapis/gnostic v0.5.1 // indirect + github.com/gruntwork-io/go-commons v0.8.0 // indirect + github.com/hashicorp/errwrap v1.0.0 // indirect + github.com/hashicorp/go-cleanhttp v0.5.2 // indirect + github.com/hashicorp/go-getter v1.6.1 // indirect + github.com/hashicorp/go-multierror v1.1.0 // indirect + github.com/hashicorp/go-safetemp v1.0.0 // indirect + github.com/hashicorp/go-version v1.3.0 // indirect + github.com/hashicorp/hcl/v2 v2.9.1 // indirect + github.com/hashicorp/terraform-json v0.13.0 // indirect + github.com/imdario/mergo v0.3.11 // indirect + github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a // indirect + github.com/jmespath/go-jmespath v0.4.0 // indirect + github.com/json-iterator/go v1.1.11 // indirect + github.com/jstemmer/go-junit-report v0.9.1 // indirect + github.com/klauspost/compress v1.13.0 // indirect + github.com/mailru/easyjson v0.7.0 // indirect + github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326 // indirect + github.com/mitchellh/go-homedir v1.1.0 // indirect + github.com/mitchellh/go-testing-interface v1.14.2-0.20210217184823-a52172cd2f64 // indirect + github.com/mitchellh/go-wordwrap v1.0.1 // indirect + github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect + github.com/modern-go/reflect2 v1.0.1 // indirect + github.com/pmezard/go-difflib v1.0.0 // indirect + github.com/pquerna/otp v1.2.0 // indirect + github.com/russross/blackfriday/v2 v2.1.0 // indirect + github.com/spf13/pflag v1.0.5 // indirect + github.com/tidwall/gjson v1.12.1 // indirect + github.com/tidwall/match v1.1.1 // indirect + github.com/tidwall/pretty v1.2.0 // indirect + github.com/tidwall/sjson v1.2.4 // indirect + github.com/tmccombs/hcl2json v0.3.3 // indirect + github.com/ulikunitz/xz v0.5.8 // indirect + github.com/urfave/cli v1.22.2 // indirect + github.com/zclconf/go-cty v1.9.1 // indirect + go.opencensus.io v0.23.0 // indirect + golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a // indirect + golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 // indirect + golang.org/x/mod v0.4.2 // indirect + golang.org/x/net v0.0.0-20211209124913-491a49abca63 // indirect + golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c // indirect + golang.org/x/sys v0.0.0-20220517195934-5e4e11fc645e // indirect + golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d // indirect + golang.org/x/text v0.3.7 // indirect + golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e // indirect + golang.org/x/tools v0.1.5 // indirect + golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect + google.golang.org/api v0.47.0 // indirect + google.golang.org/appengine v1.6.7 // indirect + google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c // indirect + google.golang.org/grpc v1.38.0 // indirect + google.golang.org/protobuf v1.27.1 // indirect + gopkg.in/inf.v0 v0.9.1 // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect + k8s.io/api v0.20.6 // indirect + k8s.io/apimachinery v0.20.6 // indirect + k8s.io/client-go v0.20.6 // indirect + k8s.io/klog/v2 v2.4.0 // indirect + k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 // indirect + k8s.io/utils v0.0.0-20210802155522-efc7438f0176 // indirect + sigs.k8s.io/kustomize/kyaml v0.13.6 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.0.3 // indirect + sigs.k8s.io/yaml v1.2.0 // indirect +) diff --git a/test/integration/go.sum b/test/integration/go.sum index 7f2a032904..d2623e48fc 100644 --- a/test/integration/go.sum +++ b/test/integration/go.sum @@ -103,7 +103,6 @@ github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRF github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/apparentlymart/go-dump v0.0.0-20180507223929-23540a00eaa3/go.mod h1:oL81AME2rN47vu18xqj1S1jPIPuN7afo62yKTNn3XMM= -github.com/apparentlymart/go-textseg v1.0.0 h1:rRmlIsPEEhUTIKQb7T++Nz/A5Q6C9IuX2wFoYVvnCs0= github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/Nj9VFpLOpjS5yuumk= github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw= github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= @@ -343,7 +342,6 @@ github.com/go-sql-driver/mysql v1.4.1 h1:g24URVg0OFbNUTx9qqY1IRZ9D9z3iPyi5zKhQZp github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-test/deep v1.0.3/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= -github.com/go-test/deep v1.0.4/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/go-test/deep v1.0.7 h1:/VSMRlnY/JSyqxQUzQLKVMAskpY/NZKFA5j2P+0pP2M= github.com/go-test/deep v1.0.7/go.mod h1:QV8Hv/iy04NyLBxAdO9njL0iVPN1S4d/A3NVv1V36o8= github.com/godbus/dbus v0.0.0-20151105175453-c7fdd8b5cd55/go.mod h1:/YcGZj5zSblfDWMMoOzV4fas9FZnQYTkDnsGvmh2Grw= @@ -412,7 +410,6 @@ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o= -github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= github.com/google/go-containerregistry v0.6.0/go.mod h1:euCCtNbZ6tKqi1E72vwDj2xZcN5ttKpZLfa/wSo5iLw= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g= @@ -497,7 +494,6 @@ github.com/hashicorp/go-version v1.3.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09 github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/hcl/v2 v2.9.1 h1:eOy4gREY0/ZQHNItlfuEZqtcQbXIxzojlP301hDpnac= github.com/hashicorp/hcl/v2 v2.9.1/go.mod h1:FwWsfWEjyV/CMj8s/gqAuiviY72rJ1/oayI9WftqcKg= @@ -737,7 +733,6 @@ github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6Mwd github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= -github.com/slack-go/slack v0.10.3/go.mod h1:hlGi5oXA+Gt+yWTPP0plCdRKmjsDxecdHxYQdlMQKOw= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= From 6dd5ae07a96fc4789f59421e96962e1b3be4a559 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 14 Jun 2023 16:00:06 -0700 Subject: [PATCH 23/39] chore(deps): bump github.com/hashicorp/go-getter from 1.6.1 to 1.7.0 in /test/integration (#1670) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- test/integration/go.mod | 51 +++--- test/integration/go.sum | 391 +++++++++++++++++++++++++++++++++++++--- 2 files changed, 387 insertions(+), 55 deletions(-) diff --git a/test/integration/go.mod b/test/integration/go.mod index d81021642f..f3be9764c8 100644 --- a/test/integration/go.mod +++ b/test/integration/go.mod @@ -9,13 +9,15 @@ require ( ) require ( - cloud.google.com/go v0.83.0 // indirect - cloud.google.com/go/storage v1.10.0 // indirect + cloud.google.com/go v0.104.0 // indirect + cloud.google.com/go/compute v1.10.0 // indirect + cloud.google.com/go/iam v0.5.0 // indirect + cloud.google.com/go/storage v1.27.0 // indirect github.com/PuerkitoBio/purell v1.1.1 // indirect github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect github.com/agext/levenshtein v1.2.3 // indirect github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect - github.com/aws/aws-sdk-go v1.40.56 // indirect + github.com/aws/aws-sdk-go v1.44.122 // indirect github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect github.com/cpuguy83/go-md2man/v2 v2.0.0 // indirect @@ -28,28 +30,28 @@ require ( github.com/go-openapi/swag v0.19.5 // indirect github.com/go-sql-driver/mysql v1.4.1 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect + github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.2 // indirect - github.com/golang/snappy v0.0.3 // indirect + github.com/google/go-cmp v0.5.9 // indirect github.com/google/gofuzz v1.1.0 // indirect - github.com/google/uuid v1.2.0 // indirect - github.com/googleapis/gax-go/v2 v2.0.5 // indirect + github.com/google/uuid v1.3.0 // indirect + github.com/googleapis/enterprise-certificate-proxy v0.2.0 // indirect + github.com/googleapis/gax-go/v2 v2.6.0 // indirect github.com/googleapis/gnostic v0.5.1 // indirect github.com/gruntwork-io/go-commons v0.8.0 // indirect github.com/hashicorp/errwrap v1.0.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect - github.com/hashicorp/go-getter v1.6.1 // indirect + github.com/hashicorp/go-getter v1.7.0 // indirect github.com/hashicorp/go-multierror v1.1.0 // indirect github.com/hashicorp/go-safetemp v1.0.0 // indirect - github.com/hashicorp/go-version v1.3.0 // indirect + github.com/hashicorp/go-version v1.6.0 // indirect github.com/hashicorp/hcl/v2 v2.9.1 // indirect github.com/hashicorp/terraform-json v0.13.0 // indirect github.com/imdario/mergo v0.3.11 // indirect github.com/jinzhu/copier v0.0.0-20190924061706-b57f9002281a // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/json-iterator/go v1.1.11 // indirect - github.com/jstemmer/go-junit-report v0.9.1 // indirect - github.com/klauspost/compress v1.13.0 // indirect + github.com/klauspost/compress v1.15.11 // indirect github.com/mailru/easyjson v0.7.0 // indirect github.com/mattn/go-zglob v0.0.2-0.20190814121620-e3c945676326 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect @@ -66,26 +68,23 @@ require ( github.com/tidwall/pretty v1.2.0 // indirect github.com/tidwall/sjson v1.2.4 // indirect github.com/tmccombs/hcl2json v0.3.3 // indirect - github.com/ulikunitz/xz v0.5.8 // indirect + github.com/ulikunitz/xz v0.5.10 // indirect github.com/urfave/cli v1.22.2 // indirect github.com/zclconf/go-cty v1.9.1 // indirect go.opencensus.io v0.23.0 // indirect - golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a // indirect - golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 // indirect - golang.org/x/mod v0.4.2 // indirect - golang.org/x/net v0.0.0-20211209124913-491a49abca63 // indirect - golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c // indirect - golang.org/x/sys v0.0.0-20220517195934-5e4e11fc645e // indirect - golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d // indirect - golang.org/x/text v0.3.7 // indirect + golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 // indirect + golang.org/x/net v0.1.0 // indirect + golang.org/x/oauth2 v0.1.0 // indirect + golang.org/x/sys v0.1.0 // indirect + golang.org/x/term v0.1.0 // indirect + golang.org/x/text v0.4.0 // indirect golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e // indirect - golang.org/x/tools v0.1.5 // indirect - golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect - google.golang.org/api v0.47.0 // indirect + golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect + google.golang.org/api v0.100.0 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c // indirect - google.golang.org/grpc v1.38.0 // indirect - google.golang.org/protobuf v1.27.1 // indirect + google.golang.org/genproto v0.0.0-20221025140454-527a21cfbd71 // indirect + google.golang.org/grpc v1.50.1 // indirect + google.golang.org/protobuf v1.28.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/test/integration/go.sum b/test/integration/go.sum index d2623e48fc..244e853c7f 100644 --- a/test/integration/go.sum +++ b/test/integration/go.sum @@ -19,27 +19,167 @@ cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmW cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= -cloud.google.com/go v0.83.0 h1:bAMqZidYkmIsUqe6PtkEPT7Q+vfizScn+jfNA6jwK9c= cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY= +cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM= +cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY= +cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ= +cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= +cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4= +cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc= +cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2ZA= +cloud.google.com/go v0.100.2/go.mod h1:4Xra9TjzAeYHrl5+oeLlzbM2k3mjVhZh4UqTZ//w99A= +cloud.google.com/go v0.102.0/go.mod h1:oWcCzKlqJ5zgHQt9YsaeTY9KzIvjyy0ArmiBUgpQ+nc= +cloud.google.com/go v0.102.1/go.mod h1:XZ77E9qnTEnrgEOvr4xzfdX5TRo7fB4T2F4O6+34hIU= +cloud.google.com/go v0.104.0 h1:gSmWO7DY1vOm0MVU6DNXM11BWHHsTUmsC5cv1fuW5X8= +cloud.google.com/go v0.104.0/go.mod h1:OO6xxXdJyvuJPcEPBLN9BJPD+jep5G1+2U5B5gkRYtA= +cloud.google.com/go/aiplatform v1.22.0/go.mod h1:ig5Nct50bZlzV6NvKaTwmplLLddFx0YReh9WfTO5jKw= +cloud.google.com/go/aiplatform v1.24.0/go.mod h1:67UUvRBKG6GTayHKV8DBv2RtR1t93YRu5B1P3x99mYY= +cloud.google.com/go/analytics v0.11.0/go.mod h1:DjEWCu41bVbYcKyvlws9Er60YE4a//bK6mnhWvQeFNI= +cloud.google.com/go/analytics v0.12.0/go.mod h1:gkfj9h6XRf9+TS4bmuhPEShsh3hH8PAZzm/41OOhQd4= +cloud.google.com/go/area120 v0.5.0/go.mod h1:DE/n4mp+iqVyvxHN41Vf1CR602GiHQjFPusMFW6bGR4= +cloud.google.com/go/area120 v0.6.0/go.mod h1:39yFJqWVgm0UZqWTOdqkLhjoC7uFfgXRC8g/ZegeAh0= +cloud.google.com/go/artifactregistry v1.6.0/go.mod h1:IYt0oBPSAGYj/kprzsBjZ/4LnG/zOcHyFHjWPCi6SAQ= +cloud.google.com/go/artifactregistry v1.7.0/go.mod h1:mqTOFOnGZx8EtSqK/ZWcsm/4U8B77rbcLP6ruDU2Ixk= +cloud.google.com/go/asset v1.5.0/go.mod h1:5mfs8UvcM5wHhqtSv8J1CtxxaQq3AdBxxQi2jGW/K4o= +cloud.google.com/go/asset v1.7.0/go.mod h1:YbENsRK4+xTiL+Ofoj5Ckf+O17kJtgp3Y3nn4uzZz5s= +cloud.google.com/go/asset v1.8.0/go.mod h1:mUNGKhiqIdbr8X7KNayoYvyc4HbbFO9URsjbytpUaW0= +cloud.google.com/go/assuredworkloads v1.5.0/go.mod h1:n8HOZ6pff6re5KYfBXcFvSViQjDwxFkAkmUFffJRbbY= +cloud.google.com/go/assuredworkloads v1.6.0/go.mod h1:yo2YOk37Yc89Rsd5QMVECvjaMKymF9OP+QXWlKXUkXw= +cloud.google.com/go/assuredworkloads v1.7.0/go.mod h1:z/736/oNmtGAyU47reJgGN+KVoYoxeLBoj4XkKYscNI= +cloud.google.com/go/automl v1.5.0/go.mod h1:34EjfoFGMZ5sgJ9EoLsRtdPSNZLcfflJR39VbVNS2M0= +cloud.google.com/go/automl v1.6.0/go.mod h1:ugf8a6Fx+zP0D59WLhqgTDsQI9w07o64uf/Is3Nh5p8= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= +cloud.google.com/go/bigquery v1.42.0/go.mod h1:8dRTJxhtG+vwBKzE5OseQn/hiydoQN3EedCaOdYmxRA= +cloud.google.com/go/billing v1.4.0/go.mod h1:g9IdKBEFlItS8bTtlrZdVLWSSdSyFUZKXNS02zKMOZY= +cloud.google.com/go/billing v1.5.0/go.mod h1:mztb1tBc3QekhjSgmpf/CV4LzWXLzCArwpLmP2Gm88s= +cloud.google.com/go/binaryauthorization v1.1.0/go.mod h1:xwnoWu3Y84jbuHa0zd526MJYmtnVXn0syOjaJgy4+dM= +cloud.google.com/go/binaryauthorization v1.2.0/go.mod h1:86WKkJHtRcv5ViNABtYMhhNWRrD1Vpi//uKEy7aYEfI= +cloud.google.com/go/cloudtasks v1.5.0/go.mod h1:fD92REy1x5woxkKEkLdvavGnPJGEn8Uic9nWuLzqCpY= +cloud.google.com/go/cloudtasks v1.6.0/go.mod h1:C6Io+sxuke9/KNRkbQpihnW93SWDU3uXt92nu85HkYI= +cloud.google.com/go/compute v0.1.0/go.mod h1:GAesmwr110a34z04OlxYkATPBEfVhkymfTBXtfbBFow= +cloud.google.com/go/compute v1.3.0/go.mod h1:cCZiE1NHEtai4wiufUhW8I8S1JKkAnhnQJWM7YD99wM= +cloud.google.com/go/compute v1.5.0/go.mod h1:9SMHyhJlzhlkJqrPAc839t2BZFTSk6Jdj6mkzQJeu0M= +cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz/FMzPu0s= +cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU= +cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U= +cloud.google.com/go/compute v1.10.0 h1:aoLIYaA1fX3ywihqpBk2APQKOo20nXsp1GEZQbx5Jk4= +cloud.google.com/go/compute v1.10.0/go.mod h1:ER5CLbMxl90o2jtNbGSbtfOpQKR0t15FOtRsugnLrlU= +cloud.google.com/go/containeranalysis v0.5.1/go.mod h1:1D92jd8gRR/c0fGMlymRgxWD3Qw9C1ff6/T7mLgVL8I= +cloud.google.com/go/containeranalysis v0.6.0/go.mod h1:HEJoiEIu+lEXM+k7+qLCci0h33lX3ZqoYFdmPcoO7s4= +cloud.google.com/go/datacatalog v1.3.0/go.mod h1:g9svFY6tuR+j+hrTw3J2dNcmI0dzmSiyOzm8kpLq0a0= +cloud.google.com/go/datacatalog v1.5.0/go.mod h1:M7GPLNQeLfWqeIm3iuiruhPzkt65+Bx8dAKvScX8jvs= +cloud.google.com/go/datacatalog v1.6.0/go.mod h1:+aEyF8JKg+uXcIdAmmaMUmZ3q1b/lKLtXCmXdnc0lbc= +cloud.google.com/go/dataflow v0.6.0/go.mod h1:9QwV89cGoxjjSR9/r7eFDqqjtvbKxAK2BaYU6PVk9UM= +cloud.google.com/go/dataflow v0.7.0/go.mod h1:PX526vb4ijFMesO1o202EaUmouZKBpjHsTlCtB4parQ= +cloud.google.com/go/dataform v0.3.0/go.mod h1:cj8uNliRlHpa6L3yVhDOBrUXH+BPAO1+KFMQQNSThKo= +cloud.google.com/go/dataform v0.4.0/go.mod h1:fwV6Y4Ty2yIFL89huYlEkwUPtS7YZinZbzzj5S9FzCE= +cloud.google.com/go/datalabeling v0.5.0/go.mod h1:TGcJ0G2NzcsXSE/97yWjIZO0bXj0KbVlINXMG9ud42I= +cloud.google.com/go/datalabeling v0.6.0/go.mod h1:WqdISuk/+WIGeMkpw/1q7bK/tFEZxsrFJOJdY2bXvTQ= +cloud.google.com/go/dataqna v0.5.0/go.mod h1:90Hyk596ft3zUQ8NkFfvICSIfHFh1Bc7C4cK3vbhkeo= +cloud.google.com/go/dataqna v0.6.0/go.mod h1:1lqNpM7rqNLVgWBJyk5NF6Uen2PHym0jtVJonplVsDA= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= +cloud.google.com/go/datastream v1.2.0/go.mod h1:i/uTP8/fZwgATHS/XFu0TcNUhuA0twZxxQ3EyCUQMwo= +cloud.google.com/go/datastream v1.3.0/go.mod h1:cqlOX8xlyYF/uxhiKn6Hbv6WjwPPuI9W2M9SAXwaLLQ= +cloud.google.com/go/dialogflow v1.15.0/go.mod h1:HbHDWs33WOGJgn6rfzBW1Kv807BE3O1+xGbn59zZWI4= +cloud.google.com/go/dialogflow v1.16.1/go.mod h1:po6LlzGfK+smoSmTBnbkIZY2w8ffjz/RcGSS+sh1el0= +cloud.google.com/go/dialogflow v1.17.0/go.mod h1:YNP09C/kXA1aZdBgC/VtXX74G/TKn7XVCcVumTflA+8= +cloud.google.com/go/documentai v1.7.0/go.mod h1:lJvftZB5NRiFSX4moiye1SMxHx0Bc3x1+p9e/RfXYiU= +cloud.google.com/go/documentai v1.8.0/go.mod h1:xGHNEB7CtsnySCNrCFdCyyMz44RhFEEX2Q7UD0c5IhU= +cloud.google.com/go/domains v0.6.0/go.mod h1:T9Rz3GasrpYk6mEGHh4rymIhjlnIuB4ofT1wTxDeT4Y= +cloud.google.com/go/domains v0.7.0/go.mod h1:PtZeqS1xjnXuRPKE/88Iru/LdfoRyEHYA9nFQf4UKpg= +cloud.google.com/go/edgecontainer v0.1.0/go.mod h1:WgkZ9tp10bFxqO8BLPqv2LlfmQF1X8lZqwW4r1BTajk= +cloud.google.com/go/edgecontainer v0.2.0/go.mod h1:RTmLijy+lGpQ7BXuTDa4C4ssxyXT34NIuHIgKuP4s5w= cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= +cloud.google.com/go/functions v1.6.0/go.mod h1:3H1UA3qiIPRWD7PeZKLvHZ9SaQhR26XIJcC0A5GbvAk= +cloud.google.com/go/functions v1.7.0/go.mod h1:+d+QBcWM+RsrgZfV9xo6KfA1GlzJfxcfZcRPEhDDfzg= +cloud.google.com/go/gaming v1.5.0/go.mod h1:ol7rGcxP/qHTRQE/RO4bxkXq+Fix0j6D4LFPzYTIrDM= +cloud.google.com/go/gaming v1.6.0/go.mod h1:YMU1GEvA39Qt3zWGyAVA9bpYz/yAhTvaQ1t2sK4KPUA= +cloud.google.com/go/gkeconnect v0.5.0/go.mod h1:c5lsNAg5EwAy7fkqX/+goqFsU1Da/jQFqArp+wGNr/o= +cloud.google.com/go/gkeconnect v0.6.0/go.mod h1:Mln67KyU/sHJEBY8kFZ0xTeyPtzbq9StAVvEULYK16A= +cloud.google.com/go/gkehub v0.9.0/go.mod h1:WYHN6WG8w9bXU0hqNxt8rm5uxnk8IH+lPY9J2TV7BK0= +cloud.google.com/go/gkehub v0.10.0/go.mod h1:UIPwxI0DsrpsVoWpLB0stwKCP+WFVG9+y977wO+hBH0= +cloud.google.com/go/grafeas v0.2.0/go.mod h1:KhxgtF2hb0P191HlY5besjYm6MqTSTj3LSI+M+ByZHc= +cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp4bnY= +cloud.google.com/go/iam v0.5.0 h1:fz9X5zyTWBmamZsqvqZqD7khbifcZF/q+Z1J8pfhIUg= +cloud.google.com/go/iam v0.5.0/go.mod h1:wPU9Vt0P4UmCux7mqtRu6jcpPAb74cP1fh50J3QpkUc= +cloud.google.com/go/language v1.4.0/go.mod h1:F9dRpNFQmJbkaop6g0JhSBXCNlO90e1KWx5iDdxbWic= +cloud.google.com/go/language v1.6.0/go.mod h1:6dJ8t3B+lUYfStgls25GusK04NLh3eDLQnWM3mdEbhI= +cloud.google.com/go/lifesciences v0.5.0/go.mod h1:3oIKy8ycWGPUyZDR/8RNnTOYevhaMLqh5vLUXs9zvT8= +cloud.google.com/go/lifesciences v0.6.0/go.mod h1:ddj6tSX/7BOnhxCSd3ZcETvtNr8NZ6t/iPhY2Tyfu08= +cloud.google.com/go/mediatranslation v0.5.0/go.mod h1:jGPUhGTybqsPQn91pNXw0xVHfuJ3leR1wj37oU3y1f4= +cloud.google.com/go/mediatranslation v0.6.0/go.mod h1:hHdBCTYNigsBxshbznuIMFNe5QXEowAuNmmC7h8pu5w= +cloud.google.com/go/memcache v1.4.0/go.mod h1:rTOfiGZtJX1AaFUrOgsMHX5kAzaTQ8azHiuDoTPzNsE= +cloud.google.com/go/memcache v1.5.0/go.mod h1:dk3fCK7dVo0cUU2c36jKb4VqKPS22BTkf81Xq617aWM= +cloud.google.com/go/metastore v1.5.0/go.mod h1:2ZNrDcQwghfdtCwJ33nM0+GrBGlVuh8rakL3vdPY3XY= +cloud.google.com/go/metastore v1.6.0/go.mod h1:6cyQTls8CWXzk45G55x57DVQ9gWg7RiH65+YgPsNh9s= +cloud.google.com/go/networkconnectivity v1.4.0/go.mod h1:nOl7YL8odKyAOtzNX73/M5/mGZgqqMeryi6UPZTk/rA= +cloud.google.com/go/networkconnectivity v1.5.0/go.mod h1:3GzqJx7uhtlM3kln0+x5wyFvuVH1pIBJjhCpjzSt75o= +cloud.google.com/go/networksecurity v0.5.0/go.mod h1:xS6fOCoqpVC5zx15Z/MqkfDwH4+m/61A3ODiDV1xmiQ= +cloud.google.com/go/networksecurity v0.6.0/go.mod h1:Q5fjhTr9WMI5mbpRYEbiexTzROf7ZbDzvzCrNl14nyU= +cloud.google.com/go/notebooks v1.2.0/go.mod h1:9+wtppMfVPUeJ8fIWPOq1UnATHISkGXGqTkxeieQ6UY= +cloud.google.com/go/notebooks v1.3.0/go.mod h1:bFR5lj07DtCPC7YAAJ//vHskFBxA5JzYlH68kXVdk34= +cloud.google.com/go/osconfig v1.7.0/go.mod h1:oVHeCeZELfJP7XLxcBGTMBvRO+1nQ5tFG9VQTmYS2Fs= +cloud.google.com/go/osconfig v1.8.0/go.mod h1:EQqZLu5w5XA7eKizepumcvWx+m8mJUhEwiPqWiZeEdg= +cloud.google.com/go/oslogin v1.4.0/go.mod h1:YdgMXWRaElXz/lDk1Na6Fh5orF7gvmJ0FGLIs9LId4E= +cloud.google.com/go/oslogin v1.5.0/go.mod h1:D260Qj11W2qx/HVF29zBg+0fd6YCSjSqLUkY/qEenQU= +cloud.google.com/go/phishingprotection v0.5.0/go.mod h1:Y3HZknsK9bc9dMi+oE8Bim0lczMU6hrX0UpADuMefr0= +cloud.google.com/go/phishingprotection v0.6.0/go.mod h1:9Y3LBLgy0kDTcYET8ZH3bq/7qni15yVUoAxiFxnlSUA= +cloud.google.com/go/privatecatalog v0.5.0/go.mod h1:XgosMUvvPyxDjAVNDYxJ7wBW8//hLDDYmnsNcMGq1K0= +cloud.google.com/go/privatecatalog v0.6.0/go.mod h1:i/fbkZR0hLN29eEWiiwue8Pb+GforiEIBnV9yrRUOKI= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= +cloud.google.com/go/recaptchaenterprise v1.3.1/go.mod h1:OdD+q+y4XGeAlxRaMn1Y7/GveP6zmq76byL6tjPE7d4= +cloud.google.com/go/recaptchaenterprise/v2 v2.1.0/go.mod h1:w9yVqajwroDNTfGuhmOjPDN//rZGySaf6PtFVcSCa7o= +cloud.google.com/go/recaptchaenterprise/v2 v2.2.0/go.mod h1:/Zu5jisWGeERrd5HnlS3EUGb/D335f9k51B/FVil0jk= +cloud.google.com/go/recaptchaenterprise/v2 v2.3.0/go.mod h1:O9LwGCjrhGHBQET5CA7dd5NwwNQUErSgEDit1DLNTdo= +cloud.google.com/go/recommendationengine v0.5.0/go.mod h1:E5756pJcVFeVgaQv3WNpImkFP8a+RptV6dDLGPILjvg= +cloud.google.com/go/recommendationengine v0.6.0/go.mod h1:08mq2umu9oIqc7tDy8sx+MNJdLG0fUi3vaSVbztHgJ4= +cloud.google.com/go/recommender v1.5.0/go.mod h1:jdoeiBIVrJe9gQjwd759ecLJbxCDED4A6p+mqoqDvTg= +cloud.google.com/go/recommender v1.6.0/go.mod h1:+yETpm25mcoiECKh9DEScGzIRyDKpZ0cEhWGo+8bo+c= +cloud.google.com/go/redis v1.7.0/go.mod h1:V3x5Jq1jzUcg+UNsRvdmsfuFnit1cfe3Z/PGyq/lm4Y= +cloud.google.com/go/redis v1.8.0/go.mod h1:Fm2szCDavWzBk2cDKxrkmWBqoCiL1+Ctwq7EyqBCA/A= +cloud.google.com/go/retail v1.8.0/go.mod h1:QblKS8waDmNUhghY2TI9O3JLlFk8jybHeV4BF19FrE4= +cloud.google.com/go/retail v1.9.0/go.mod h1:g6jb6mKuCS1QKnH/dpu7isX253absFl6iE92nHwlBUY= +cloud.google.com/go/scheduler v1.4.0/go.mod h1:drcJBmxF3aqZJRhmkHQ9b3uSSpQoltBPGPxGAWROx6s= +cloud.google.com/go/scheduler v1.5.0/go.mod h1:ri073ym49NW3AfT6DZi21vLZrG07GXr5p3H1KxN5QlI= +cloud.google.com/go/secretmanager v1.6.0/go.mod h1:awVa/OXF6IiyaU1wQ34inzQNc4ISIDIrId8qE5QGgKA= +cloud.google.com/go/security v1.5.0/go.mod h1:lgxGdyOKKjHL4YG3/YwIL2zLqMFCKs0UbQwgyZmfJl4= +cloud.google.com/go/security v1.7.0/go.mod h1:mZklORHl6Bg7CNnnjLH//0UlAlaXqiG7Lb9PsPXLfD0= +cloud.google.com/go/security v1.8.0/go.mod h1:hAQOwgmaHhztFhiQ41CjDODdWP0+AE1B3sX4OFlq+GU= +cloud.google.com/go/securitycenter v1.13.0/go.mod h1:cv5qNAqjY84FCN6Y9z28WlkKXyWsgLO832YiWwkCWcU= +cloud.google.com/go/securitycenter v1.14.0/go.mod h1:gZLAhtyKv85n52XYWt6RmeBdydyxfPeTrpToDPw4Auc= +cloud.google.com/go/servicedirectory v1.4.0/go.mod h1:gH1MUaZCgtP7qQiI+F+A+OpeKF/HQWgtAddhTbhL2bs= +cloud.google.com/go/servicedirectory v1.5.0/go.mod h1:QMKFL0NUySbpZJ1UZs3oFAmdvVxhhxB6eJ/Vlp73dfg= +cloud.google.com/go/speech v1.6.0/go.mod h1:79tcr4FHCimOp56lwC01xnt/WPJZc4v3gzyT7FoBkCM= +cloud.google.com/go/speech v1.7.0/go.mod h1:KptqL+BAQIhMsj1kOP2la5DSEEerPDuOP/2mmkhHhZQ= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= -cloud.google.com/go/storage v1.10.0 h1:STgFzyU5/8miMl0//zKh2aQeTyeaUH3WN9bSUiJ09bA= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= +cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq6kuBTW58Y= +cloud.google.com/go/storage v1.23.0/go.mod h1:vOEEDNFnciUMhBeT6hsJIn3ieU5cFRmzeLgDvXzfIXc= +cloud.google.com/go/storage v1.27.0 h1:YOO045NZI9RKfCj1c5A/ZtuuENUc8OAW+gHdGnDgyMQ= +cloud.google.com/go/storage v1.27.0/go.mod h1:x9DOL8TK/ygDUMieqwfhdpQryTeEkhGKMi80i/iqR2s= +cloud.google.com/go/talent v1.1.0/go.mod h1:Vl4pt9jiHKvOgF9KoZo6Kob9oV4lwd/ZD5Cto54zDRw= +cloud.google.com/go/talent v1.2.0/go.mod h1:MoNF9bhFQbiJ6eFD3uSsg0uBALw4n4gaCaEjBw9zo8g= +cloud.google.com/go/videointelligence v1.6.0/go.mod h1:w0DIDlVRKtwPCn/C4iwZIJdvC69yInhW0cfi+p546uU= +cloud.google.com/go/videointelligence v1.7.0/go.mod h1:k8pI/1wAhjznARtVT9U1llUaFNPh7muw8QyOUpavru4= +cloud.google.com/go/vision v1.2.0/go.mod h1:SmNwgObm5DpFBme2xpyOyasvBc1aPdjvMk2bBk0tKD0= +cloud.google.com/go/vision/v2 v2.2.0/go.mod h1:uCdV4PpN1S0jyCyq8sIM42v2Y6zOLkZs+4R9LrGYwFo= +cloud.google.com/go/vision/v2 v2.3.0/go.mod h1:UO61abBx9QRMFkNBbf1D8B1LXdS2cGiiCRx0vSpZoUo= +cloud.google.com/go/webrisk v1.4.0/go.mod h1:Hn8X6Zr+ziE2aNd8SliSDWpEnSS1u4R9+xXZmFiHmGE= +cloud.google.com/go/webrisk v1.5.0/go.mod h1:iPG6fr52Tv7sGk0H6qUFzmL3HHZev1htXuWDEEsqMTg= +cloud.google.com/go/workflows v1.6.0/go.mod h1:6t9F5h/unJz41YqfBmqSASJSXccBLtD1Vwf+KmJENM0= +cloud.google.com/go/workflows v1.7.0/go.mod h1:JhSrZuVZWuiDfKEFxU0/F1PQjmpnpcoISEXH2bcHC3M= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/Azure/azure-sdk-for-go v16.2.1+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v50.2.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= @@ -114,8 +254,9 @@ github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:l github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU= github.com/aws/aws-sdk-go v1.15.11/go.mod h1:mFuSZ37Z9YOHbQEwBWztmVzqXrEkub65tZoCYDt7FT0= github.com/aws/aws-sdk-go v1.15.78/go.mod h1:E3/ieXAlvM0XWO57iftYVDLLvQ824smPP3ATZkfNZeM= -github.com/aws/aws-sdk-go v1.40.56 h1:FM2yjR0UUYFzDTMx+mH9Vyw1k1EUUxsAFzk+BjkzANA= github.com/aws/aws-sdk-go v1.40.56/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= +github.com/aws/aws-sdk-go v1.44.122 h1:p6mw01WBaNpbdP2xrisz5tIkcNwzj/HysobNoaAHjgo= +github.com/aws/aws-sdk-go v1.44.122/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= github.com/beorn7/perks v0.0.0-20160804104726-4c0e84591b9a/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= @@ -151,6 +292,12 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= +github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= +github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= github.com/containerd/aufs v0.0.0-20200908144142-dab0cbea06f4/go.mod h1:nukgQABAEopAHvB6j7cnP5zJ+/3aVcE7hCYqvIwAHyE= github.com/containerd/aufs v0.0.0-20201003224125-76a6863f2989/go.mod h1:AkGGQs9NM2vtYHaUen+NljV0/baGCAPELGm2q9ZXpWU= @@ -300,6 +447,9 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= +github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= +github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= +github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= @@ -363,8 +513,9 @@ github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4er github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e h1:1r7pUrabqp18hOBcwBwiTsbnFeTZHV9eER/QT5JVZxY= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= @@ -373,6 +524,7 @@ github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8= +github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -392,7 +544,6 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/snappy v0.0.3 h1:fHPg5GQYlCeLIPB9BZqMVR5nR9A+IM5zcgeTdjMYmLA= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= @@ -409,7 +560,10 @@ github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o= +github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= +github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-containerregistry v0.6.0/go.mod h1:euCCtNbZ6tKqi1E72vwDj2xZcN5ttKpZLfa/wSo5iLw= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g= @@ -432,18 +586,33 @@ github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.2.0 h1:qJYtXnJRWmpe7m/3XlyhrsLrEURqHRM2kxzoxXqyUDs= github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= +github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= +github.com/googleapis/enterprise-certificate-proxy v0.1.0/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= +github.com/googleapis/enterprise-certificate-proxy v0.2.0 h1:y8Yozv7SZtlU//QXbezB6QkpuE6jMD2/gfzk4AftXjs= +github.com/googleapis/enterprise-certificate-proxy v0.2.0/go.mod h1:8C0jb7/mgJe/9KK8Lm7X9ctZC2t60YyIpYEI16jx0Qg= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= -github.com/googleapis/gax-go/v2 v2.0.5 h1:sjZBwGj9Jlw33ImPtvFviGYvseOtDM7hkSKB7+Tv3SM= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= +github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= +github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM= +github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/OthfcblKl4IGNaM= +github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99EXz9pXxye9YM= +github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c= +github.com/googleapis/gax-go/v2 v2.5.1/go.mod h1:h6B0KMMFNtI2ddbGJn3T3ZbwkeT6yqEF02fYlzkUCyo= +github.com/googleapis/gax-go/v2 v2.6.0 h1:SXk3ABtQYDT/OH8jAyvEOQ58mgawq5C4o/4/89qN2ZU= +github.com/googleapis/gax-go/v2 v2.6.0/go.mod h1:1mjbznJAPHFpesgE5ucqfYEscaz5kMdcIDwU/6+DDoY= github.com/googleapis/gnostic v0.4.1/go.mod h1:LRhVm6pbyptWbWbuZ38d1eyptfvIytN3ir6b65WBswg= github.com/googleapis/gnostic v0.5.1 h1:A8Yhf6EtqTv9RMsU6MQTyrtV1TjWlR6xU9BsZIwuTCM= github.com/googleapis/gnostic v0.5.1/go.mod h1:6U4PtQXGIEt/Z3h5MAT7FNofLnw9vXk2cUuW7uA/OeU= +github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/handlers v0.0.0-20150720190736-60c7bfde3e33/go.mod h1:Qkdc/uu4tH4g6mTK6auzZ766c4CA0Ng8+o/OAirnOIQ= github.com/gorilla/mux v1.7.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs= @@ -473,8 +642,8 @@ github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtng github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-getter v1.5.9/go.mod h1:BrrV/1clo8cCYu6mxvboYg+KutTiFnXjMEgDD8+i7ZI= -github.com/hashicorp/go-getter v1.6.1 h1:NASsgP4q6tL94WH6nJxKWj8As2H/2kop/bB1d8JMyRY= -github.com/hashicorp/go-getter v1.6.1/go.mod h1:IZCrswsZPeWv9IkVnLElzRU/gz/QPi6pZHn4tv6vbwA= +github.com/hashicorp/go-getter v1.7.0 h1:bzrYP+qu/gMrL1au7/aDvkoOVGUJpeKBgbqRHACAFDY= +github.com/hashicorp/go-getter v1.7.0/go.mod h1:W7TalhMmbPmsSMdNjD0ZskARur/9GJ17cfHTRtXV744= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-multierror v0.0.0-20161216184304-ed905158d874/go.mod h1:JMRHfdO9jKNzS/+BTlxCjKNQHg/jZAft8U7LloJvN7I= @@ -489,8 +658,9 @@ github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdv github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/hashicorp/go-version v1.3.0 h1:McDWVJIU/y+u1BRV06dPaLfLCaT7fUTJLp5r04x7iNw= github.com/hashicorp/go-version v1.3.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek= +github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= @@ -528,7 +698,6 @@ github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/ github.com/json-iterator/go v1.1.11 h1:uVUAXhF2To8cbw/3xN3pxj6kk7TYKs98NIrTqPlMWAQ= github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= -github.com/jstemmer/go-junit-report v0.9.1 h1:6QPYqodiu3GuPL+7mfx+NwDdp2eTkp9IfEUpgAwUN0o= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= @@ -540,8 +709,9 @@ github.com/klauspost/compress v1.11.2/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYs github.com/klauspost/compress v1.11.3/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs= github.com/klauspost/compress v1.12.3/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= -github.com/klauspost/compress v1.13.0 h1:2T7tUoQrQT+fQWdaY5rjWztFGAFwbGD04iPJg90ZiOs= github.com/klauspost/compress v1.13.0/go.mod h1:8dP1Hq4DHOhN9w426knH3Rhby4rFm6D8eO+e+Dq5Gzg= +github.com/klauspost/compress v1.15.11 h1:Lcadnb3RKGin4FYM/orgq0qde+nc15E5Cbqg4B9Sx9c= +github.com/klauspost/compress v1.15.11/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -590,6 +760,7 @@ github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrk github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= +github.com/mitchellh/go-testing-interface v1.14.1/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8= github.com/mitchellh/go-testing-interface v1.14.2-0.20210217184823-a52172cd2f64 h1:+9bM6qWXndPx7+czi9+Jj6zHPioFpfdhwVGOYOgujMY= github.com/mitchellh/go-testing-interface v1.14.2-0.20210217184823-a52172cd2f64/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8= github.com/mitchellh/go-wordwrap v0.0.0-20150314170334-ad45545899c7/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo= @@ -795,8 +966,9 @@ github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1 github.com/tmccombs/hcl2json v0.3.3 h1:+DLNYqpWE0CsOQiEZu+OZm5ZBImake3wtITYxQ8uLFQ= github.com/tmccombs/hcl2json v0.3.3/go.mod h1:Y2chtz2x9bAeRTvSibVRVgbLJhLJXKlUeIvjeVdnm4w= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= -github.com/ulikunitz/xz v0.5.8 h1:ERv8V6GKqVi23rgu5cj9pVfVzJbOqAY2Ntl88O6c2nQ= github.com/ulikunitz/xz v0.5.8/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= +github.com/ulikunitz/xz v0.5.10 h1:t92gobL9l3HE202wg3rlk19F6X+JOxl9BBrCCMYEYd8= +github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14= github.com/urfave/cli v0.0.0-20171014202726-7bc6a0acffa5/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= @@ -824,6 +996,7 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/yvasiyarov/go-metrics v0.0.0-20140926110328-57bccd1ccd43/go.mod h1:aX5oPXxHm3bOH+xeAttToC8pqch2ScQN/JoXYupl6xs= github.com/yvasiyarov/gorelic v0.0.0-20141212073537-a9bba5b9ab50/go.mod h1:NUSPSUX/bi6SeDMUh6brw0nXpxHnc96TguQh0+r/ssA= github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg= @@ -849,6 +1022,7 @@ go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0 h1:gqCw0LfLxScz8irSi8exQc7fyQ0fKQU/qnC/X8+V/1M= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= +go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5/go.mod h1:nmDLcffg48OtT/PSW0Hg7FvpRQsQh5OSqIylirxKC7o= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= @@ -873,8 +1047,9 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= -golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a h1:kr2P4QFmQr29mSLA43kwrOcgcReGTfbE9N577tCTuBc= golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 h1:7I4JAnoQBe7ZtJcBaYHi5UtiO8tQHbUSXxL+pnGRANg= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -898,7 +1073,6 @@ golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRu golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 h1:VLliZ0d+/avPrXXH+OakdXhpJuEoBZuwh1m2j7U6Iug= golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= @@ -910,8 +1084,8 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.2 h1:Gz96sIWK3OalVv/I/qNygP42zyoKp3xptRVCWRFEBvo= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -965,8 +1139,20 @@ golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96b golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20211209124913-491a49abca63 h1:iocB37TsdFuN6IBRZ+ry36wrkoV51/tl5vOWqkcPGvY= golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.0.0-20220617184016-355a448f1bc9/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.0.0-20220909164309-bea034e7d591/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= +golang.org/x/net v0.0.0-20221014081412-f15817d10f9b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= +golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0= +golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -979,8 +1165,21 @@ golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c h1:pkQiBZBvdos9qq4wBAHqlzuZHEXo07pqV06ef90u1WI= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= +golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= +golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= +golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE= +golang.org/x/oauth2 v0.0.0-20220622183110-fd043fe589d2/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE= +golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= +golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= +golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= +golang.org/x/oauth2 v0.1.0 h1:isLCZuhj4v+tYv7eskaN4v/TM+A1begWWgyVJDdl1+Y= +golang.org/x/oauth2 v0.1.0/go.mod h1:G9FE4dLTsbXUu90h/Pf85g4w1D+SSAgR+q46nJZ8M4A= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -992,6 +1191,9 @@ golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1076,11 +1278,35 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220517195934-5e4e11fc645e h1:w36l2Uw3dRan1K3TyXriXvY+6T56GNmlKGcqiQUJDfM= -golang.org/x/sys v0.0.0-20220517195934-5e4e11fc645e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220502124256-b6088ccd6cba/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220610221304-9f5ed59c137d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220624220833-87e55d714810/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U= +golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d h1:SZxvLBoTP5yHO3Frd4z4vrF+DBX9vMVanchswa69toE= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw= +golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1089,8 +1315,9 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg= +golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1155,13 +1382,19 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.5 h1:ouewzE6p+/VEB31YYnTbEJdi8pFqKp4P4n85vwo3DHA= +golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= +golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= +golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 h1:H2TDz8ibqkAF6YGhCdN3jS9O0/s90v0rJh3X/OLHEUk= +golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= google.golang.org/api v0.0.0-20160322025152-9bf6e6e569ff/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= @@ -1185,8 +1418,34 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.44.0/go.mod h1:EBOGZqzyhtvMDoxwS97ctnh0zUmYY6CxqXsc1AvkYD8= -google.golang.org/api v0.47.0 h1:sQLWZQvP6jPGIP4JGPkJu4zHswrv81iobiyszr3b/0I= google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= +google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4= +google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw= +google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU= +google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k= +google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= +google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= +google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI= +google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3hg9I= +google.golang.org/api v0.63.0/go.mod h1:gs4ij2ffTRXwuzzgJl/56BdwJaA194ijkfn++9tDuPo= +google.golang.org/api v0.67.0/go.mod h1:ShHKP8E60yPsKNw/w8w+VYaj9H6buA5UqDp8dhbQZ6g= +google.golang.org/api v0.70.0/go.mod h1:Bs4ZM2HGifEvXwd50TtW70ovgJffJYw2oRCOFU/SkfA= +google.golang.org/api v0.71.0/go.mod h1:4PyU6e6JogV1f9eA4voyrTY2batOLdgZ5qZ5HOCc4j8= +google.golang.org/api v0.74.0/go.mod h1:ZpfMZOVRMywNyvJFeqL9HRWBgAuRfSjJFpe9QtRRyDs= +google.golang.org/api v0.75.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69ljA= +google.golang.org/api v0.77.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69ljA= +google.golang.org/api v0.78.0/go.mod h1:1Sg78yoMLOhlQTeF+ARBoytAcH1NNyyl390YMy6rKmw= +google.golang.org/api v0.80.0/go.mod h1:xY3nI94gbvBrE0J6NHXhxOmW97HG7Khjkku6AFB3Hyg= +google.golang.org/api v0.84.0/go.mod h1:NTsGnUFJMYROtiquksZHBWtHfeMC7iYthki7Eq3pa8o= +google.golang.org/api v0.85.0/go.mod h1:AqZf8Ep9uZ2pyTvgL+x0D3Zt0eoT9b5E8fmzfu6FO2g= +google.golang.org/api v0.90.0/go.mod h1:+Sem1dnrKlrXMR/X0bPnMWyluQe4RsNoYfmNLhOIkzw= +google.golang.org/api v0.93.0/go.mod h1:+Sem1dnrKlrXMR/X0bPnMWyluQe4RsNoYfmNLhOIkzw= +google.golang.org/api v0.95.0/go.mod h1:eADj+UBuxkh5zlrSntJghuNeg8HwQ1w5lTKkuqaETEI= +google.golang.org/api v0.96.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s= +google.golang.org/api v0.97.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s= +google.golang.org/api v0.98.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s= +google.golang.org/api v0.100.0 h1:LGUYIrbW9pzYQQ8NWXlaIVkgnfubVBZbMFb9P8TK374= +google.golang.org/api v0.100.0/go.mod h1:ZE3Z2+ZOr87Rx7dqFsdRQkRBk36kDtp/h+QpHbB7a70= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1239,10 +1498,69 @@ google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210329143202-679c6ae281ee/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c h1:wtujag7C+4D6KMoulW9YauvK2lgdvCMS260jsqqBXr0= google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= +google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= +google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= +google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24= +google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= +google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= +google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= +google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= +google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w= +google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20211221195035-429b39de9b1c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20220126215142-9970aeb2e350/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20220207164111-0872dc986b00/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20220218161850-94dd64e39d7c/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= +google.golang.org/genproto v0.0.0-20220222213610-43724f9ea8cf/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= +google.golang.org/genproto v0.0.0-20220304144024-325a89244dc8/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= +google.golang.org/genproto v0.0.0-20220310185008-1973136f34c6/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= +google.golang.org/genproto v0.0.0-20220324131243-acbaeb5b85eb/go.mod h1:hAL49I2IFola2sVEjAn7MEwsja0xp51I0tlGAf9hz4E= +google.golang.org/genproto v0.0.0-20220407144326-9054f6ed7bac/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220413183235-5e96e2839df9/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220414192740-2d67ff6cf2b4/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220421151946-72621c1f0bd3/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220429170224-98d788798c3e/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= +google.golang.org/genproto v0.0.0-20220505152158-f39f71e6c8f3/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= +google.golang.org/genproto v0.0.0-20220518221133-4f43b3371335/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= +google.golang.org/genproto v0.0.0-20220523171625-347a074981d8/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= +google.golang.org/genproto v0.0.0-20220608133413-ed9918b62aac/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= +google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= +google.golang.org/genproto v0.0.0-20220617124728-180714bec0ad/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= +google.golang.org/genproto v0.0.0-20220624142145-8cd45d7dbd1f/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= +google.golang.org/genproto v0.0.0-20220628213854-d9e0b6570c03/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= +google.golang.org/genproto v0.0.0-20220722212130-b98a9ff5e252/go.mod h1:GkXuJDJ6aQ7lnJcRF+SJVgFdQhypqgl3LB1C9vabdRE= +google.golang.org/genproto v0.0.0-20220801145646-83ce21fca29f/go.mod h1:iHe1svFLAZg9VWz891+QbRMwUv9O/1Ww+/mngYeThbc= +google.golang.org/genproto v0.0.0-20220815135757-37a418bb8959/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk= +google.golang.org/genproto v0.0.0-20220817144833-d7fd3f11b9b1/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk= +google.golang.org/genproto v0.0.0-20220822174746-9e6da59bd2fc/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk= +google.golang.org/genproto v0.0.0-20220829144015-23454907ede3/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk= +google.golang.org/genproto v0.0.0-20220829175752-36a9c930ecbf/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk= +google.golang.org/genproto v0.0.0-20220913154956-18f8339a66a5/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo= +google.golang.org/genproto v0.0.0-20220914142337-ca0e39ece12f/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo= +google.golang.org/genproto v0.0.0-20220915135415-7fd63a7952de/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo= +google.golang.org/genproto v0.0.0-20220916172020-2692e8806bfa/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo= +google.golang.org/genproto v0.0.0-20220919141832-68c03719ef51/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo= +google.golang.org/genproto v0.0.0-20220920201722-2b89144ce006/go.mod h1:ht8XFiar2npT/g4vkk7O0WYS1sHOHbdujxbEp7CJWbw= +google.golang.org/genproto v0.0.0-20220926165614-551eb538f295/go.mod h1:woMGP53BroOrRY3xTxlbr8Y3eB/nzAvvFM83q7kG2OI= +google.golang.org/genproto v0.0.0-20220926220553-6981cbe3cfce/go.mod h1:woMGP53BroOrRY3xTxlbr8Y3eB/nzAvvFM83q7kG2OI= +google.golang.org/genproto v0.0.0-20221010155953-15ba04fc1c0e/go.mod h1:3526vdqwhZAwq4wsRUaVG555sVgsNmIjRtO7t/JH29U= +google.golang.org/genproto v0.0.0-20221014173430-6e2ab493f96b/go.mod h1:1vXfmgAz9N9Jx0QA82PqRVauvCz1SGSz739p0f183jM= +google.golang.org/genproto v0.0.0-20221014213838-99cd37c6964a/go.mod h1:1vXfmgAz9N9Jx0QA82PqRVauvCz1SGSz739p0f183jM= +google.golang.org/genproto v0.0.0-20221025140454-527a21cfbd71 h1:GEgb2jF5zxsFJpJfg9RoDDWm7tiwc/DDSTE2BtLUkXU= +google.golang.org/genproto v0.0.0-20221025140454-527a21cfbd71/go.mod h1:9qHF0xnpdSfF6knlcsnpzUu5y+rpwgbvsyGAZPBMg4s= google.golang.org/grpc v0.0.0-20160317175043-d3ddb4469d5a/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= @@ -1268,8 +1586,21 @@ google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.38.0 h1:/9BgsAsa5nWe26HqOlvlgJnqBuktYOLCgjCPqsa56W0= google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= +google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= +google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= +google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= +google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= +google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= +google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ= +google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= +google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= +google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= +google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= +google.golang.org/grpc v1.49.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= +google.golang.org/grpc v1.50.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= +google.golang.org/grpc v1.50.1 h1:DS/BukOZWp8s6p4Dt/tOaJaTQyPyOoCcrjroHuCeLzY= +google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= @@ -1283,8 +1614,10 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.27.1 h1:SnqbnDw1V7RiZcXPx5MEeqPv2s79L9i7BJUlG/+RurQ= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= +google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= From 29d925997ec0fd5ecbd6dd5792f220fc48a5725b Mon Sep 17 00:00:00 2001 From: Edvin N Date: Thu, 15 Jun 2023 02:10:16 +0200 Subject: [PATCH 24/39] fix: set max firewall name to 36 (#1645) Signed-off-by: Edvin Norling Co-authored-by: Bharath KKB --- autogen/main/firewall.tf.tmpl | 16 ++++++++-------- firewall.tf | 14 +++++++------- .../beta-autopilot-private-cluster/firewall.tf | 16 ++++++++-------- .../beta-autopilot-public-cluster/firewall.tf | 16 ++++++++-------- .../firewall.tf | 16 ++++++++-------- modules/beta-private-cluster/firewall.tf | 16 ++++++++-------- .../firewall.tf | 16 ++++++++-------- modules/beta-public-cluster/firewall.tf | 16 ++++++++-------- .../private-cluster-update-variant/firewall.tf | 14 +++++++------- modules/private-cluster/firewall.tf | 14 +++++++------- .../safer_cluster/safer_cluster_test.go | 4 ++-- 11 files changed, 79 insertions(+), 79 deletions(-) diff --git a/autogen/main/firewall.tf.tmpl b/autogen/main/firewall.tf.tmpl index 64d4df3bda..90efd57d37 100644 --- a/autogen/main/firewall.tf.tmpl +++ b/autogen/main/firewall.tf.tmpl @@ -26,7 +26,7 @@ *****************************************/ resource "google_compute_firewall" "intra_egress" { count = var.add_cluster_firewall_rules ? 1 : 0 - name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-intra-cluster-egress" + name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-intra-cluster-egress" description = "Managed by terraform gke module: Allow pods to communicate with each other and the master" project = local.network_project_id network = var.network @@ -70,7 +70,7 @@ resource "google_compute_firewall" "intra_egress" { *****************************************/ resource "google_compute_firewall" "tpu_egress" { count = var.add_cluster_firewall_rules && var.enable_tpu ? 1 : 0 - name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-tpu-egress" + name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-tpu-egress" description = "Managed by terraform gke module: Allow pods to communicate with TPUs" project = local.network_project_id network = var.network @@ -105,7 +105,7 @@ resource "google_compute_firewall" "tpu_egress" { *****************************************/ resource "google_compute_firewall" "master_webhooks" { count = var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules ? 1 : 0 - name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-webhooks" + name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-webhooks" description = "Managed by terraform gke module: Allow master to hit pods for admission controllers/webhooks" project = local.network_project_id network = var.network @@ -137,7 +137,7 @@ resource "google_compute_firewall" "master_webhooks" { resource "google_compute_firewall" "shadow_allow_pods" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-all" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-all" description = "Managed by terraform gke module: A shadow firewall rule to match the default rule allowing pod communication." project = local.network_project_id network = var.network @@ -166,7 +166,7 @@ resource "google_compute_firewall" "shadow_allow_pods" { resource "google_compute_firewall" "shadow_allow_master" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-master" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-master" description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication." project = local.network_project_id network = var.network @@ -192,7 +192,7 @@ resource "google_compute_firewall" "shadow_allow_master" { resource "google_compute_firewall" "shadow_allow_nodes" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-vms" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-vms" description = "Managed by Terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication." project = local.network_project_id network = var.network @@ -227,7 +227,7 @@ resource "google_compute_firewall" "shadow_allow_nodes" { resource "google_compute_firewall" "shadow_allow_inkubelet" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-inkubelet" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-inkubelet" description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes & pods communication to kubelet." project = local.network_project_id network = var.network @@ -254,7 +254,7 @@ resource "google_compute_firewall" "shadow_allow_inkubelet" { resource "google_compute_firewall" "shadow_deny_exkubelet" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-exkubelet" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-exkubelet" description = "Managed by terraform GKE module: A shadow firewall rule to match the default deny rule to kubelet." project = local.network_project_id network = var.network diff --git a/firewall.tf b/firewall.tf index a754fda5c6..94cec9e103 100644 --- a/firewall.tf +++ b/firewall.tf @@ -26,7 +26,7 @@ *****************************************/ resource "google_compute_firewall" "intra_egress" { count = var.add_cluster_firewall_rules ? 1 : 0 - name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-intra-cluster-egress" + name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-intra-cluster-egress" description = "Managed by terraform gke module: Allow pods to communicate with each other and the master" project = local.network_project_id network = var.network @@ -63,7 +63,7 @@ resource "google_compute_firewall" "intra_egress" { *****************************************/ resource "google_compute_firewall" "master_webhooks" { count = var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules ? 1 : 0 - name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-webhooks" + name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-webhooks" description = "Managed by terraform gke module: Allow master to hit pods for admission controllers/webhooks" project = local.network_project_id network = var.network @@ -93,7 +93,7 @@ resource "google_compute_firewall" "master_webhooks" { resource "google_compute_firewall" "shadow_allow_pods" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-all" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-all" description = "Managed by terraform gke module: A shadow firewall rule to match the default rule allowing pod communication." project = local.network_project_id network = var.network @@ -122,7 +122,7 @@ resource "google_compute_firewall" "shadow_allow_pods" { resource "google_compute_firewall" "shadow_allow_master" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-master" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-master" description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication." project = local.network_project_id network = var.network @@ -148,7 +148,7 @@ resource "google_compute_firewall" "shadow_allow_master" { resource "google_compute_firewall" "shadow_allow_nodes" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-vms" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-vms" description = "Managed by Terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication." project = local.network_project_id network = var.network @@ -183,7 +183,7 @@ resource "google_compute_firewall" "shadow_allow_nodes" { resource "google_compute_firewall" "shadow_allow_inkubelet" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-inkubelet" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-inkubelet" description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes & pods communication to kubelet." project = local.network_project_id network = var.network @@ -210,7 +210,7 @@ resource "google_compute_firewall" "shadow_allow_inkubelet" { resource "google_compute_firewall" "shadow_deny_exkubelet" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-exkubelet" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-exkubelet" description = "Managed by terraform GKE module: A shadow firewall rule to match the default deny rule to kubelet." project = local.network_project_id network = var.network diff --git a/modules/beta-autopilot-private-cluster/firewall.tf b/modules/beta-autopilot-private-cluster/firewall.tf index 96eecab803..4701c82a2c 100644 --- a/modules/beta-autopilot-private-cluster/firewall.tf +++ b/modules/beta-autopilot-private-cluster/firewall.tf @@ -26,7 +26,7 @@ *****************************************/ resource "google_compute_firewall" "intra_egress" { count = var.add_cluster_firewall_rules ? 1 : 0 - name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-intra-cluster-egress" + name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-intra-cluster-egress" description = "Managed by terraform gke module: Allow pods to communicate with each other and the master" project = local.network_project_id network = var.network @@ -64,7 +64,7 @@ resource "google_compute_firewall" "intra_egress" { *****************************************/ resource "google_compute_firewall" "tpu_egress" { count = var.add_cluster_firewall_rules && var.enable_tpu ? 1 : 0 - name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-tpu-egress" + name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-tpu-egress" description = "Managed by terraform gke module: Allow pods to communicate with TPUs" project = local.network_project_id network = var.network @@ -93,7 +93,7 @@ resource "google_compute_firewall" "tpu_egress" { *****************************************/ resource "google_compute_firewall" "master_webhooks" { count = var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules ? 1 : 0 - name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-webhooks" + name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-webhooks" description = "Managed by terraform gke module: Allow master to hit pods for admission controllers/webhooks" project = local.network_project_id network = var.network @@ -120,7 +120,7 @@ resource "google_compute_firewall" "master_webhooks" { resource "google_compute_firewall" "shadow_allow_pods" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-all" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-all" description = "Managed by terraform gke module: A shadow firewall rule to match the default rule allowing pod communication." project = local.network_project_id network = var.network @@ -149,7 +149,7 @@ resource "google_compute_firewall" "shadow_allow_pods" { resource "google_compute_firewall" "shadow_allow_master" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-master" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-master" description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication." project = local.network_project_id network = var.network @@ -175,7 +175,7 @@ resource "google_compute_firewall" "shadow_allow_master" { resource "google_compute_firewall" "shadow_allow_nodes" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-vms" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-vms" description = "Managed by Terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication." project = local.network_project_id network = var.network @@ -210,7 +210,7 @@ resource "google_compute_firewall" "shadow_allow_nodes" { resource "google_compute_firewall" "shadow_allow_inkubelet" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-inkubelet" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-inkubelet" description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes & pods communication to kubelet." project = local.network_project_id network = var.network @@ -237,7 +237,7 @@ resource "google_compute_firewall" "shadow_allow_inkubelet" { resource "google_compute_firewall" "shadow_deny_exkubelet" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-exkubelet" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-exkubelet" description = "Managed by terraform GKE module: A shadow firewall rule to match the default deny rule to kubelet." project = local.network_project_id network = var.network diff --git a/modules/beta-autopilot-public-cluster/firewall.tf b/modules/beta-autopilot-public-cluster/firewall.tf index df15a02367..1e61965ca2 100644 --- a/modules/beta-autopilot-public-cluster/firewall.tf +++ b/modules/beta-autopilot-public-cluster/firewall.tf @@ -26,7 +26,7 @@ *****************************************/ resource "google_compute_firewall" "intra_egress" { count = var.add_cluster_firewall_rules ? 1 : 0 - name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-intra-cluster-egress" + name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-intra-cluster-egress" description = "Managed by terraform gke module: Allow pods to communicate with each other and the master" project = local.network_project_id network = var.network @@ -67,7 +67,7 @@ resource "google_compute_firewall" "intra_egress" { *****************************************/ resource "google_compute_firewall" "tpu_egress" { count = var.add_cluster_firewall_rules && var.enable_tpu ? 1 : 0 - name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-tpu-egress" + name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-tpu-egress" description = "Managed by terraform gke module: Allow pods to communicate with TPUs" project = local.network_project_id network = var.network @@ -99,7 +99,7 @@ resource "google_compute_firewall" "tpu_egress" { *****************************************/ resource "google_compute_firewall" "master_webhooks" { count = var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules ? 1 : 0 - name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-webhooks" + name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-webhooks" description = "Managed by terraform gke module: Allow master to hit pods for admission controllers/webhooks" project = local.network_project_id network = var.network @@ -129,7 +129,7 @@ resource "google_compute_firewall" "master_webhooks" { resource "google_compute_firewall" "shadow_allow_pods" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-all" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-all" description = "Managed by terraform gke module: A shadow firewall rule to match the default rule allowing pod communication." project = local.network_project_id network = var.network @@ -158,7 +158,7 @@ resource "google_compute_firewall" "shadow_allow_pods" { resource "google_compute_firewall" "shadow_allow_master" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-master" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-master" description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication." project = local.network_project_id network = var.network @@ -184,7 +184,7 @@ resource "google_compute_firewall" "shadow_allow_master" { resource "google_compute_firewall" "shadow_allow_nodes" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-vms" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-vms" description = "Managed by Terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication." project = local.network_project_id network = var.network @@ -219,7 +219,7 @@ resource "google_compute_firewall" "shadow_allow_nodes" { resource "google_compute_firewall" "shadow_allow_inkubelet" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-inkubelet" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-inkubelet" description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes & pods communication to kubelet." project = local.network_project_id network = var.network @@ -246,7 +246,7 @@ resource "google_compute_firewall" "shadow_allow_inkubelet" { resource "google_compute_firewall" "shadow_deny_exkubelet" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-exkubelet" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-exkubelet" description = "Managed by terraform GKE module: A shadow firewall rule to match the default deny rule to kubelet." project = local.network_project_id network = var.network diff --git a/modules/beta-private-cluster-update-variant/firewall.tf b/modules/beta-private-cluster-update-variant/firewall.tf index 96eecab803..4701c82a2c 100644 --- a/modules/beta-private-cluster-update-variant/firewall.tf +++ b/modules/beta-private-cluster-update-variant/firewall.tf @@ -26,7 +26,7 @@ *****************************************/ resource "google_compute_firewall" "intra_egress" { count = var.add_cluster_firewall_rules ? 1 : 0 - name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-intra-cluster-egress" + name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-intra-cluster-egress" description = "Managed by terraform gke module: Allow pods to communicate with each other and the master" project = local.network_project_id network = var.network @@ -64,7 +64,7 @@ resource "google_compute_firewall" "intra_egress" { *****************************************/ resource "google_compute_firewall" "tpu_egress" { count = var.add_cluster_firewall_rules && var.enable_tpu ? 1 : 0 - name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-tpu-egress" + name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-tpu-egress" description = "Managed by terraform gke module: Allow pods to communicate with TPUs" project = local.network_project_id network = var.network @@ -93,7 +93,7 @@ resource "google_compute_firewall" "tpu_egress" { *****************************************/ resource "google_compute_firewall" "master_webhooks" { count = var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules ? 1 : 0 - name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-webhooks" + name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-webhooks" description = "Managed by terraform gke module: Allow master to hit pods for admission controllers/webhooks" project = local.network_project_id network = var.network @@ -120,7 +120,7 @@ resource "google_compute_firewall" "master_webhooks" { resource "google_compute_firewall" "shadow_allow_pods" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-all" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-all" description = "Managed by terraform gke module: A shadow firewall rule to match the default rule allowing pod communication." project = local.network_project_id network = var.network @@ -149,7 +149,7 @@ resource "google_compute_firewall" "shadow_allow_pods" { resource "google_compute_firewall" "shadow_allow_master" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-master" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-master" description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication." project = local.network_project_id network = var.network @@ -175,7 +175,7 @@ resource "google_compute_firewall" "shadow_allow_master" { resource "google_compute_firewall" "shadow_allow_nodes" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-vms" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-vms" description = "Managed by Terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication." project = local.network_project_id network = var.network @@ -210,7 +210,7 @@ resource "google_compute_firewall" "shadow_allow_nodes" { resource "google_compute_firewall" "shadow_allow_inkubelet" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-inkubelet" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-inkubelet" description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes & pods communication to kubelet." project = local.network_project_id network = var.network @@ -237,7 +237,7 @@ resource "google_compute_firewall" "shadow_allow_inkubelet" { resource "google_compute_firewall" "shadow_deny_exkubelet" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-exkubelet" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-exkubelet" description = "Managed by terraform GKE module: A shadow firewall rule to match the default deny rule to kubelet." project = local.network_project_id network = var.network diff --git a/modules/beta-private-cluster/firewall.tf b/modules/beta-private-cluster/firewall.tf index 96eecab803..4701c82a2c 100644 --- a/modules/beta-private-cluster/firewall.tf +++ b/modules/beta-private-cluster/firewall.tf @@ -26,7 +26,7 @@ *****************************************/ resource "google_compute_firewall" "intra_egress" { count = var.add_cluster_firewall_rules ? 1 : 0 - name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-intra-cluster-egress" + name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-intra-cluster-egress" description = "Managed by terraform gke module: Allow pods to communicate with each other and the master" project = local.network_project_id network = var.network @@ -64,7 +64,7 @@ resource "google_compute_firewall" "intra_egress" { *****************************************/ resource "google_compute_firewall" "tpu_egress" { count = var.add_cluster_firewall_rules && var.enable_tpu ? 1 : 0 - name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-tpu-egress" + name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-tpu-egress" description = "Managed by terraform gke module: Allow pods to communicate with TPUs" project = local.network_project_id network = var.network @@ -93,7 +93,7 @@ resource "google_compute_firewall" "tpu_egress" { *****************************************/ resource "google_compute_firewall" "master_webhooks" { count = var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules ? 1 : 0 - name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-webhooks" + name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-webhooks" description = "Managed by terraform gke module: Allow master to hit pods for admission controllers/webhooks" project = local.network_project_id network = var.network @@ -120,7 +120,7 @@ resource "google_compute_firewall" "master_webhooks" { resource "google_compute_firewall" "shadow_allow_pods" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-all" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-all" description = "Managed by terraform gke module: A shadow firewall rule to match the default rule allowing pod communication." project = local.network_project_id network = var.network @@ -149,7 +149,7 @@ resource "google_compute_firewall" "shadow_allow_pods" { resource "google_compute_firewall" "shadow_allow_master" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-master" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-master" description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication." project = local.network_project_id network = var.network @@ -175,7 +175,7 @@ resource "google_compute_firewall" "shadow_allow_master" { resource "google_compute_firewall" "shadow_allow_nodes" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-vms" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-vms" description = "Managed by Terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication." project = local.network_project_id network = var.network @@ -210,7 +210,7 @@ resource "google_compute_firewall" "shadow_allow_nodes" { resource "google_compute_firewall" "shadow_allow_inkubelet" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-inkubelet" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-inkubelet" description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes & pods communication to kubelet." project = local.network_project_id network = var.network @@ -237,7 +237,7 @@ resource "google_compute_firewall" "shadow_allow_inkubelet" { resource "google_compute_firewall" "shadow_deny_exkubelet" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-exkubelet" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-exkubelet" description = "Managed by terraform GKE module: A shadow firewall rule to match the default deny rule to kubelet." project = local.network_project_id network = var.network diff --git a/modules/beta-public-cluster-update-variant/firewall.tf b/modules/beta-public-cluster-update-variant/firewall.tf index df15a02367..1e61965ca2 100644 --- a/modules/beta-public-cluster-update-variant/firewall.tf +++ b/modules/beta-public-cluster-update-variant/firewall.tf @@ -26,7 +26,7 @@ *****************************************/ resource "google_compute_firewall" "intra_egress" { count = var.add_cluster_firewall_rules ? 1 : 0 - name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-intra-cluster-egress" + name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-intra-cluster-egress" description = "Managed by terraform gke module: Allow pods to communicate with each other and the master" project = local.network_project_id network = var.network @@ -67,7 +67,7 @@ resource "google_compute_firewall" "intra_egress" { *****************************************/ resource "google_compute_firewall" "tpu_egress" { count = var.add_cluster_firewall_rules && var.enable_tpu ? 1 : 0 - name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-tpu-egress" + name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-tpu-egress" description = "Managed by terraform gke module: Allow pods to communicate with TPUs" project = local.network_project_id network = var.network @@ -99,7 +99,7 @@ resource "google_compute_firewall" "tpu_egress" { *****************************************/ resource "google_compute_firewall" "master_webhooks" { count = var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules ? 1 : 0 - name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-webhooks" + name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-webhooks" description = "Managed by terraform gke module: Allow master to hit pods for admission controllers/webhooks" project = local.network_project_id network = var.network @@ -129,7 +129,7 @@ resource "google_compute_firewall" "master_webhooks" { resource "google_compute_firewall" "shadow_allow_pods" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-all" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-all" description = "Managed by terraform gke module: A shadow firewall rule to match the default rule allowing pod communication." project = local.network_project_id network = var.network @@ -158,7 +158,7 @@ resource "google_compute_firewall" "shadow_allow_pods" { resource "google_compute_firewall" "shadow_allow_master" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-master" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-master" description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication." project = local.network_project_id network = var.network @@ -184,7 +184,7 @@ resource "google_compute_firewall" "shadow_allow_master" { resource "google_compute_firewall" "shadow_allow_nodes" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-vms" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-vms" description = "Managed by Terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication." project = local.network_project_id network = var.network @@ -219,7 +219,7 @@ resource "google_compute_firewall" "shadow_allow_nodes" { resource "google_compute_firewall" "shadow_allow_inkubelet" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-inkubelet" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-inkubelet" description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes & pods communication to kubelet." project = local.network_project_id network = var.network @@ -246,7 +246,7 @@ resource "google_compute_firewall" "shadow_allow_inkubelet" { resource "google_compute_firewall" "shadow_deny_exkubelet" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-exkubelet" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-exkubelet" description = "Managed by terraform GKE module: A shadow firewall rule to match the default deny rule to kubelet." project = local.network_project_id network = var.network diff --git a/modules/beta-public-cluster/firewall.tf b/modules/beta-public-cluster/firewall.tf index df15a02367..1e61965ca2 100644 --- a/modules/beta-public-cluster/firewall.tf +++ b/modules/beta-public-cluster/firewall.tf @@ -26,7 +26,7 @@ *****************************************/ resource "google_compute_firewall" "intra_egress" { count = var.add_cluster_firewall_rules ? 1 : 0 - name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-intra-cluster-egress" + name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-intra-cluster-egress" description = "Managed by terraform gke module: Allow pods to communicate with each other and the master" project = local.network_project_id network = var.network @@ -67,7 +67,7 @@ resource "google_compute_firewall" "intra_egress" { *****************************************/ resource "google_compute_firewall" "tpu_egress" { count = var.add_cluster_firewall_rules && var.enable_tpu ? 1 : 0 - name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-tpu-egress" + name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-tpu-egress" description = "Managed by terraform gke module: Allow pods to communicate with TPUs" project = local.network_project_id network = var.network @@ -99,7 +99,7 @@ resource "google_compute_firewall" "tpu_egress" { *****************************************/ resource "google_compute_firewall" "master_webhooks" { count = var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules ? 1 : 0 - name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-webhooks" + name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-webhooks" description = "Managed by terraform gke module: Allow master to hit pods for admission controllers/webhooks" project = local.network_project_id network = var.network @@ -129,7 +129,7 @@ resource "google_compute_firewall" "master_webhooks" { resource "google_compute_firewall" "shadow_allow_pods" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-all" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-all" description = "Managed by terraform gke module: A shadow firewall rule to match the default rule allowing pod communication." project = local.network_project_id network = var.network @@ -158,7 +158,7 @@ resource "google_compute_firewall" "shadow_allow_pods" { resource "google_compute_firewall" "shadow_allow_master" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-master" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-master" description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication." project = local.network_project_id network = var.network @@ -184,7 +184,7 @@ resource "google_compute_firewall" "shadow_allow_master" { resource "google_compute_firewall" "shadow_allow_nodes" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-vms" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-vms" description = "Managed by Terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication." project = local.network_project_id network = var.network @@ -219,7 +219,7 @@ resource "google_compute_firewall" "shadow_allow_nodes" { resource "google_compute_firewall" "shadow_allow_inkubelet" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-inkubelet" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-inkubelet" description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes & pods communication to kubelet." project = local.network_project_id network = var.network @@ -246,7 +246,7 @@ resource "google_compute_firewall" "shadow_allow_inkubelet" { resource "google_compute_firewall" "shadow_deny_exkubelet" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-exkubelet" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-exkubelet" description = "Managed by terraform GKE module: A shadow firewall rule to match the default deny rule to kubelet." project = local.network_project_id network = var.network diff --git a/modules/private-cluster-update-variant/firewall.tf b/modules/private-cluster-update-variant/firewall.tf index d9507532c3..a5d89cefe0 100644 --- a/modules/private-cluster-update-variant/firewall.tf +++ b/modules/private-cluster-update-variant/firewall.tf @@ -26,7 +26,7 @@ *****************************************/ resource "google_compute_firewall" "intra_egress" { count = var.add_cluster_firewall_rules ? 1 : 0 - name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-intra-cluster-egress" + name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-intra-cluster-egress" description = "Managed by terraform gke module: Allow pods to communicate with each other and the master" project = local.network_project_id network = var.network @@ -60,7 +60,7 @@ resource "google_compute_firewall" "intra_egress" { *****************************************/ resource "google_compute_firewall" "master_webhooks" { count = var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules ? 1 : 0 - name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-webhooks" + name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-webhooks" description = "Managed by terraform gke module: Allow master to hit pods for admission controllers/webhooks" project = local.network_project_id network = var.network @@ -87,7 +87,7 @@ resource "google_compute_firewall" "master_webhooks" { resource "google_compute_firewall" "shadow_allow_pods" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-all" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-all" description = "Managed by terraform gke module: A shadow firewall rule to match the default rule allowing pod communication." project = local.network_project_id network = var.network @@ -116,7 +116,7 @@ resource "google_compute_firewall" "shadow_allow_pods" { resource "google_compute_firewall" "shadow_allow_master" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-master" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-master" description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication." project = local.network_project_id network = var.network @@ -142,7 +142,7 @@ resource "google_compute_firewall" "shadow_allow_master" { resource "google_compute_firewall" "shadow_allow_nodes" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-vms" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-vms" description = "Managed by Terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication." project = local.network_project_id network = var.network @@ -177,7 +177,7 @@ resource "google_compute_firewall" "shadow_allow_nodes" { resource "google_compute_firewall" "shadow_allow_inkubelet" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-inkubelet" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-inkubelet" description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes & pods communication to kubelet." project = local.network_project_id network = var.network @@ -204,7 +204,7 @@ resource "google_compute_firewall" "shadow_allow_inkubelet" { resource "google_compute_firewall" "shadow_deny_exkubelet" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-exkubelet" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-exkubelet" description = "Managed by terraform GKE module: A shadow firewall rule to match the default deny rule to kubelet." project = local.network_project_id network = var.network diff --git a/modules/private-cluster/firewall.tf b/modules/private-cluster/firewall.tf index d9507532c3..a5d89cefe0 100644 --- a/modules/private-cluster/firewall.tf +++ b/modules/private-cluster/firewall.tf @@ -26,7 +26,7 @@ *****************************************/ resource "google_compute_firewall" "intra_egress" { count = var.add_cluster_firewall_rules ? 1 : 0 - name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-intra-cluster-egress" + name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-intra-cluster-egress" description = "Managed by terraform gke module: Allow pods to communicate with each other and the master" project = local.network_project_id network = var.network @@ -60,7 +60,7 @@ resource "google_compute_firewall" "intra_egress" { *****************************************/ resource "google_compute_firewall" "master_webhooks" { count = var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules ? 1 : 0 - name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-webhooks" + name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-webhooks" description = "Managed by terraform gke module: Allow master to hit pods for admission controllers/webhooks" project = local.network_project_id network = var.network @@ -87,7 +87,7 @@ resource "google_compute_firewall" "master_webhooks" { resource "google_compute_firewall" "shadow_allow_pods" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-all" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-all" description = "Managed by terraform gke module: A shadow firewall rule to match the default rule allowing pod communication." project = local.network_project_id network = var.network @@ -116,7 +116,7 @@ resource "google_compute_firewall" "shadow_allow_pods" { resource "google_compute_firewall" "shadow_allow_master" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-master" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-master" description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication." project = local.network_project_id network = var.network @@ -142,7 +142,7 @@ resource "google_compute_firewall" "shadow_allow_master" { resource "google_compute_firewall" "shadow_allow_nodes" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-vms" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-vms" description = "Managed by Terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication." project = local.network_project_id network = var.network @@ -177,7 +177,7 @@ resource "google_compute_firewall" "shadow_allow_nodes" { resource "google_compute_firewall" "shadow_allow_inkubelet" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-inkubelet" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-inkubelet" description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes & pods communication to kubelet." project = local.network_project_id network = var.network @@ -204,7 +204,7 @@ resource "google_compute_firewall" "shadow_allow_inkubelet" { resource "google_compute_firewall" "shadow_deny_exkubelet" { count = var.add_shadow_firewall_rules ? 1 : 0 - name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-exkubelet" + name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-exkubelet" description = "Managed by terraform GKE module: A shadow firewall rule to match the default deny rule to kubelet." project = local.network_project_id network = var.network diff --git a/test/integration/safer_cluster/safer_cluster_test.go b/test/integration/safer_cluster/safer_cluster_test.go index 1d87c878ed..79b482ff13 100644 --- a/test/integration/safer_cluster/safer_cluster_test.go +++ b/test/integration/safer_cluster/safer_cluster_test.go @@ -63,8 +63,8 @@ func TestSaferCluster(t *testing.T) { for _, pth := range validateJSONPaths { g.JSONEq(assert, op, pth) } - gcloud.Runf(t, "compute firewall-rules --project %s describe gke-%s-intra-cluster-egress", projectId, clusterName[:25]) - gcloud.Runf(t, "compute firewall-rules --project %s describe gke-%s-webhooks", projectId, clusterName[:25]) + gcloud.Runf(t, "compute firewall-rules --project %s describe gke-%s-intra-cluster-egress", projectId, clusterName) + gcloud.Runf(t, "compute firewall-rules --project %s describe gke-%s-webhooks", projectId, clusterName) }) bpt.Test() From 36c02c895fa8d4ee4911feea11e8ada3b48527a9 Mon Sep 17 00:00:00 2001 From: CFT Bot Date: Thu, 15 Jun 2023 08:18:55 -0700 Subject: [PATCH 25/39] chore: update .github/renovate.json --- .github/renovate.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/renovate.json b/.github/renovate.json index bb2b478857..5d9e0435ea 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -17,7 +17,7 @@ }, "separateMajorMinor":false, "constraints": { - "go": "1.18" + "go": "1.20" }, "packageRules": [ { @@ -40,7 +40,7 @@ { "matchDatasources": ["golang-version"], "rangeStrategy": "bump", - "allowedVersions": "<1.19.0", + "allowedVersions": "<1.21.0", "postUpdateOptions": ["gomodTidy"] }, { From 11735188d5f8890363344924992d2d0dd97642e1 Mon Sep 17 00:00:00 2001 From: Marco Ferrari Date: Fri, 16 Jun 2023 02:43:16 +0300 Subject: [PATCH 26/39] feat(TPG>=4.32.0)!: Support enabling Policy Controller mutations (#1665) --- modules/acm/README.md | 20 ++++++++++++-------- modules/acm/feature.tf | 1 + modules/acm/variables.tf | 6 ++++++ modules/acm/versions.tf | 4 ++-- 4 files changed, 21 insertions(+), 10 deletions(-) diff --git a/modules/acm/README.md b/modules/acm/README.md index 4766079de0..ec56c25c7e 100644 --- a/modules/acm/README.md +++ b/modules/acm/README.md @@ -3,6 +3,7 @@ This module installs [Anthos Config Management](https://cloud.google.com/anthos-config-management/docs/) (ACM) in a Kubernetes cluster. Specifically, this module automates the following steps for [installing ACM](https://cloud.google.com/anthos-config-management/docs/how-to/installing): + 1. Enabling the ACM feature on the fleet 2. Registering the cluster to the fleet 3. Optionally, generating an SSH key for accessing Git and providing it to the Operator @@ -11,6 +12,7 @@ Specifically, this module automates the following steps for [installing ACM](htt 6. Optionally, create and configure a Google Cloud Service Account for writing ACM metrics to Cloud Monitoring ## Fleet feature + Only the first cluster in a fleet should activate the ACM fleet feature. Other clusters should disable feature activation by setting `enable_fleet_feature = false`. @@ -46,9 +48,10 @@ module "acm" { ``` To deploy this config: + 1. Configure the [Kubernetes Provider](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs) for the target cluster, for example: -``` +```tf provider "kubernetes" { host = "https://${module.gke.endpoint}" token = data.google_client_config.default.access_token @@ -58,13 +61,13 @@ provider "kubernetes" { data "google_client_config" "default" {} ``` -2. Run `terraform apply` -3. Inspect the `git_creds_public` [output](#outputs) to retrieve the public key used for accessing Git. Whitelist this key for access to your Git repo. Instructions for some popular Git hosting providers are included for convenience: +1. Run `terraform apply` +1. Inspect the `git_creds_public` [output](#outputs) to retrieve the public key used for accessing Git. Whitelist this key for access to your Git repo. Instructions for some popular Git hosting providers are included for convenience: - * [Cloud Souce Repositories](https://cloud.google.com/source-repositories/docs/authentication#ssh) - * [Bitbucket](https://confluence.atlassian.com/bitbucket/set-up-an-ssh-key-728138079.html) - * [GitHub](https://help.github.com/articles/adding-a-new-ssh-key-to-your-github-account/) - * [Gitlab](https://docs.gitlab.com/ee/ssh/) +* [Cloud Souce Repositories](https://cloud.google.com/source-repositories/docs/authentication#ssh) +* [Bitbucket](https://confluence.atlassian.com/bitbucket/set-up-an-ssh-key-728138079.html) +* [GitHub](https://help.github.com/articles/adding-a-new-ssh-key-to-your-github-account/) +* [Gitlab](https://docs.gitlab.com/ee/ssh/) ## Inputs @@ -80,6 +83,7 @@ data "google_client_config" "default" {} | enable\_fleet\_feature | Whether to enable the ACM feature on the fleet. | `bool` | `true` | no | | enable\_fleet\_registration | Whether to create a new membership. | `bool` | `true` | no | | enable\_log\_denies | Whether to enable logging of all denies and dryrun failures for ACM Policy Controller. | `bool` | `false` | no | +| enable\_mutation | Whether to enable mutations for ACM Policy Controller. | `bool` | `false` | no | | enable\_policy\_controller | Whether to enable the ACM Policy Controller on the cluster | `bool` | `true` | no | | enable\_referential\_rules | Enables referential constraints which reference another object in it definition and are therefore eventually consistent. | `bool` | `true` | no | | hierarchy\_controller | Configurations for Hierarchy Controller. See [Hierarchy Controller docs](https://cloud.google.com/anthos-config-management/docs/how-to/installing-hierarchy-controller) for more details | `map(any)` | `null` | no | @@ -87,7 +91,7 @@ data "google_client_config" "default" {} | install\_template\_library | Whether to install the default Policy Controller template library | `bool` | `true` | no | | location | GCP location used to reach cluster. | `string` | n/a | yes | | metrics\_gcp\_sa\_name | The name of the Google service account for ACM metrics writing | `string` | `"acm-metrics-writer"` | no | -| policy\_bundles | A list of Policy Controller policy bundles git urls (example: https://github.com/GoogleCloudPlatform/acm-policy-controller-library.git/bundles/policy-essentials-v2022) to install on the cluster. | `list(string)` | `[]` | no | +| policy\_bundles | A list of Policy Controller policy bundles git urls (example: ) to install on the cluster. | `list(string)` | `[]` | no | | policy\_dir | Subfolder containing configs in ACM Git repo. If un-set, uses Config Management default. | `string` | `""` | no | | project\_id | GCP project\_id used to reach cluster. | `string` | n/a | yes | | secret\_type | git authentication secret type, is passed through to ConfigManagement spec.git.secretType. Overriden to value 'ssh' if `create_ssh_key` is true | `string` | `"ssh"` | no | diff --git a/modules/acm/feature.tf b/modules/acm/feature.tf index 101bac31ee..0b9fb42378 100644 --- a/modules/acm/feature.tf +++ b/modules/acm/feature.tf @@ -60,6 +60,7 @@ resource "google_gke_hub_feature_membership" "main" { content { enabled = true + mutation_enabled = var.enable_mutation referential_rules_enabled = var.enable_referential_rules template_library_installed = var.install_template_library log_denies_enabled = var.enable_log_denies diff --git a/modules/acm/variables.tf b/modules/acm/variables.tf index dfb4f6d2fd..0d6a39438b 100644 --- a/modules/acm/variables.tf +++ b/modules/acm/variables.tf @@ -134,6 +134,12 @@ variable "enable_log_denies" { default = false } +variable "enable_mutation" { + description = "Whether to enable mutations for ACM Policy Controller." + type = bool + default = false +} + # Hierarchy Controller config variable "hierarchy_controller" { description = "Configurations for Hierarchy Controller. See [Hierarchy Controller docs](https://cloud.google.com/anthos-config-management/docs/how-to/installing-hierarchy-controller) for more details" diff --git a/modules/acm/versions.tf b/modules/acm/versions.tf index 798bcde0d2..79c147e218 100644 --- a/modules/acm/versions.tf +++ b/modules/acm/versions.tf @@ -29,11 +29,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.19.0, < 5.0" + version = ">= 4.32.0, < 5.0" } google-beta = { source = "hashicorp/google-beta" - version = ">= 4.19.0, < 5.0" + version = ">= 4.32.0, < 5.0" } kubernetes = { source = "hashicorp/kubernetes" From 18b6fb9ad880e9b8f637c8f6e9e68cac1d83208a Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 16 Jun 2023 15:27:04 -0700 Subject: [PATCH 27/39] chore(deps): update module go to 1.20 (#1673) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- test/integration/go.mod | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/integration/go.mod b/test/integration/go.mod index f3be9764c8..1d0b5e850b 100644 --- a/test/integration/go.mod +++ b/test/integration/go.mod @@ -1,6 +1,6 @@ module github.com/terraform-google-modules/terraform-google-kubernetes-engine/test/integration -go 1.18 +go 1.20 require ( github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test v0.4.1 From 4abaa70f0bade356dc295925c53e86332cbf2a73 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 21 Jun 2023 08:51:11 -0700 Subject: [PATCH 28/39] chore(deps): update terraform terraform-google-modules/cloud-nat/google to v4 (#1677) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- examples/safer_cluster_iap_bastion/network.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/safer_cluster_iap_bastion/network.tf b/examples/safer_cluster_iap_bastion/network.tf index 10a952660a..554d61a058 100644 --- a/examples/safer_cluster_iap_bastion/network.tf +++ b/examples/safer_cluster_iap_bastion/network.tf @@ -49,7 +49,7 @@ module "vpc" { module "cloud-nat" { source = "terraform-google-modules/cloud-nat/google" - version = "~> 3.0" + version = "~> 4.0" project_id = module.enabled_google_apis.project_id region = var.region router = "safer-router" From bad069d21c69c44ed1f7ceabfa42fb18cf391f1b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 27 Jun 2023 15:43:39 -0700 Subject: [PATCH 29/39] chore(deps): bump golang.org/x/net from 0.0.0-20211209124913-491a49abca63 to 0.7.0 in /test/integration (#1667) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- test/integration/go.mod | 8 ++++---- test/integration/go.sum | 12 ++++++++---- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/test/integration/go.mod b/test/integration/go.mod index 1d0b5e850b..60a4686900 100644 --- a/test/integration/go.mod +++ b/test/integration/go.mod @@ -73,11 +73,11 @@ require ( github.com/zclconf/go-cty v1.9.1 // indirect go.opencensus.io v0.23.0 // indirect golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 // indirect - golang.org/x/net v0.1.0 // indirect + golang.org/x/net v0.7.0 // indirect golang.org/x/oauth2 v0.1.0 // indirect - golang.org/x/sys v0.1.0 // indirect - golang.org/x/term v0.1.0 // indirect - golang.org/x/text v0.4.0 // indirect + golang.org/x/sys v0.5.0 // indirect + golang.org/x/term v0.5.0 // indirect + golang.org/x/text v0.7.0 // indirect golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect google.golang.org/api v0.100.0 // indirect diff --git a/test/integration/go.sum b/test/integration/go.sum index 244e853c7f..4034d56bf6 100644 --- a/test/integration/go.sum +++ b/test/integration/go.sum @@ -1151,8 +1151,9 @@ golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.0.0-20220909164309-bea034e7d591/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= golang.org/x/net v0.0.0-20221014081412-f15817d10f9b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= -golang.org/x/net v0.1.0 h1:hZ/3BUoy5aId7sCpA/Tc5lt8DkFgdVS2onTpJsZ/fl0= golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= +golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= +golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1300,13 +1301,15 @@ golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220624220833-87e55d714810/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.1.0 h1:g6Z6vPFA9dYBAF7DWcH6sCcOntplXsDKcliusYijMlw= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1316,8 +1319,9 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.4.0 h1:BrVqGRd7+k1DiOgtnFvAkoQEWQvBc25ouMJM6429SFg= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= From c9d17282167f098d1d799d215f36b6fe05f974cd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 29 Jun 2023 10:30:31 -0700 Subject: [PATCH 30/39] chore(deps): bump golang.org/x/crypto from 0.0.0-20210513164829-c07d793c2f9a to 0.1.0 in /test/integration (#1669) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- test/integration/go.mod | 2 +- test/integration/go.sum | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/test/integration/go.mod b/test/integration/go.mod index 60a4686900..e29807707d 100644 --- a/test/integration/go.mod +++ b/test/integration/go.mod @@ -72,7 +72,7 @@ require ( github.com/urfave/cli v1.22.2 // indirect github.com/zclconf/go-cty v1.9.1 // indirect go.opencensus.io v0.23.0 // indirect - golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 // indirect + golang.org/x/crypto v0.1.0 // indirect golang.org/x/net v0.7.0 // indirect golang.org/x/oauth2 v0.1.0 // indirect golang.org/x/sys v0.5.0 // indirect diff --git a/test/integration/go.sum b/test/integration/go.sum index 4034d56bf6..aa1735dc50 100644 --- a/test/integration/go.sum +++ b/test/integration/go.sum @@ -1048,8 +1048,9 @@ golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 h1:7I4JAnoQBe7ZtJcBaYHi5UtiO8tQHbUSXxL+pnGRANg= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.1.0 h1:MDRAIl0xIo9Io2xV565hzXHw3zVseKrJKodhohM5CjU= +golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= From c4809044b52b91505bfba5ef9f25526aa0361788 Mon Sep 17 00:00:00 2001 From: "release-please[bot]" <55107282+release-please[bot]@users.noreply.github.com> Date: Thu, 29 Jun 2023 14:51:42 -0500 Subject: [PATCH 31/39] chore(master): release 27.0.0 (#1658) Co-authored-by: release-please[bot] <55107282+release-please[bot]@users.noreply.github.com> --- CHANGELOG.md | 20 +++++++++++++++++++ autogen/main/versions.tf.tmpl | 4 ++-- autogen/safer-cluster/versions.tf.tmpl | 2 +- modules/acm/versions.tf | 4 ++-- modules/asm/versions.tf | 4 ++-- modules/auth/versions.tf | 2 +- .../versions.tf | 2 +- .../beta-autopilot-public-cluster/versions.tf | 2 +- .../versions.tf | 2 +- modules/beta-private-cluster/versions.tf | 2 +- .../versions.tf | 2 +- modules/beta-public-cluster/versions.tf | 2 +- modules/binary-authorization/versions.tf | 2 +- modules/fleet-membership/versions.tf | 2 +- modules/hub-legacy/versions.tf | 2 +- .../versions.tf | 2 +- modules/private-cluster/versions.tf | 2 +- .../safer-cluster-update-variant/versions.tf | 2 +- modules/safer-cluster/versions.tf | 2 +- modules/services/versions.tf | 2 +- modules/workload-identity/versions.tf | 2 +- versions.tf | 2 +- 22 files changed, 44 insertions(+), 24 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8441dd0ce8..e0d2f9284a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,26 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 Extending the adopted spec, each change should have a link to its corresponding pull request appended. +## [27.0.0](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v26.1.1...v27.0.0) (2023-06-29) + + +### ⚠ BREAKING CHANGES + +* **TPG>=4.32.0:** Support enabling Policy Controller mutations ([#1665](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/1665)) + +### Features + +* Add protect_config beta feature ([#1617](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/1617)) ([d252579](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/commit/d252579613ca44e11ad28a59f930cdb42dea2c29)) +* **cluster.tf:** add support to set initial release channel version ([#1625](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/1625)) ([e522073](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/commit/e522073f24067359f8af1bd2ddc9092b594fb945)) +* **TPG>=4.32.0:** Support enabling Policy Controller mutations ([#1665](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/1665)) ([1173518](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/commit/11735188d5f8890363344924992d2d0dd97642e1)) + + +### Bug Fixes + +* extend acm wait when policy bundles are present ([#1657](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/1657)) ([e51804e](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/commit/e51804ed4849fa85748a95ca169b92445d258d91)) +* set max firewall name to 36 ([#1645](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/1645)) ([29d9259](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/commit/29d925997ec0fd5ecbd6dd5792f220fc48a5725b)) +* update policy-essentials hash 59f4695 using ref ([#1659](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/1659)) ([2fe1715](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/commit/2fe171500c3496eb88b9fdf83318b0927d225e4b)) + ## [26.1.1](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/compare/v26.1.0...v26.1.1) (2023-05-22) diff --git a/autogen/main/versions.tf.tmpl b/autogen/main/versions.tf.tmpl index dff9be6575..6d8e18877d 100644 --- a/autogen/main/versions.tf.tmpl +++ b/autogen/main/versions.tf.tmpl @@ -40,7 +40,7 @@ terraform { } } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v26.1.1" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v27.0.0" } {% else %} required_providers { @@ -58,7 +58,7 @@ terraform { } } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v26.1.1" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v27.0.0" } {% endif %} } diff --git a/autogen/safer-cluster/versions.tf.tmpl b/autogen/safer-cluster/versions.tf.tmpl index 43256bcc81..d6bf91ea9f 100644 --- a/autogen/safer-cluster/versions.tf.tmpl +++ b/autogen/safer-cluster/versions.tf.tmpl @@ -23,6 +23,6 @@ terraform { required_version = ">=0.13" provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v26.1.1" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v27.0.0" } } diff --git a/modules/acm/versions.tf b/modules/acm/versions.tf index 79c147e218..a7f8affa48 100644 --- a/modules/acm/versions.tf +++ b/modules/acm/versions.tf @@ -19,11 +19,11 @@ terraform { required_version = ">= 0.13.0" provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:acm/v26.1.1" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:acm/v27.0.0" } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:acm/v26.1.1" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:acm/v27.0.0" } required_providers { diff --git a/modules/asm/versions.tf b/modules/asm/versions.tf index f4647e3002..bd3e5770cd 100644 --- a/modules/asm/versions.tf +++ b/modules/asm/versions.tf @@ -36,10 +36,10 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:asm/v26.1.1" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:asm/v27.0.0" } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:asm/v26.1.1" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:asm/v27.0.0" } } diff --git a/modules/auth/versions.tf b/modules/auth/versions.tf index 2bb1f69432..fff1f99f63 100644 --- a/modules/auth/versions.tf +++ b/modules/auth/versions.tf @@ -26,6 +26,6 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:auth/v26.1.1" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:auth/v27.0.0" } } diff --git a/modules/beta-autopilot-private-cluster/versions.tf b/modules/beta-autopilot-private-cluster/versions.tf index 48c66f49c7..2b32af35cf 100644 --- a/modules/beta-autopilot-private-cluster/versions.tf +++ b/modules/beta-autopilot-private-cluster/versions.tf @@ -37,6 +37,6 @@ terraform { } } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-autopilot-private-cluster/v26.1.1" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-autopilot-private-cluster/v27.0.0" } } diff --git a/modules/beta-autopilot-public-cluster/versions.tf b/modules/beta-autopilot-public-cluster/versions.tf index 222893ba2b..5971b37dfc 100644 --- a/modules/beta-autopilot-public-cluster/versions.tf +++ b/modules/beta-autopilot-public-cluster/versions.tf @@ -37,6 +37,6 @@ terraform { } } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-autopilot-public-cluster/v26.1.1" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-autopilot-public-cluster/v27.0.0" } } diff --git a/modules/beta-private-cluster-update-variant/versions.tf b/modules/beta-private-cluster-update-variant/versions.tf index d3830965ed..cd693cbba4 100644 --- a/modules/beta-private-cluster-update-variant/versions.tf +++ b/modules/beta-private-cluster-update-variant/versions.tf @@ -37,6 +37,6 @@ terraform { } } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-private-cluster-update-variant/v26.1.1" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-private-cluster-update-variant/v27.0.0" } } diff --git a/modules/beta-private-cluster/versions.tf b/modules/beta-private-cluster/versions.tf index 3e2272062c..92019612cb 100644 --- a/modules/beta-private-cluster/versions.tf +++ b/modules/beta-private-cluster/versions.tf @@ -37,6 +37,6 @@ terraform { } } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-private-cluster/v26.1.1" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-private-cluster/v27.0.0" } } diff --git a/modules/beta-public-cluster-update-variant/versions.tf b/modules/beta-public-cluster-update-variant/versions.tf index e1fec308d0..b50ce3140e 100644 --- a/modules/beta-public-cluster-update-variant/versions.tf +++ b/modules/beta-public-cluster-update-variant/versions.tf @@ -37,6 +37,6 @@ terraform { } } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-public-cluster-update-variant/v26.1.1" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-public-cluster-update-variant/v27.0.0" } } diff --git a/modules/beta-public-cluster/versions.tf b/modules/beta-public-cluster/versions.tf index 09e30992d8..099b995995 100644 --- a/modules/beta-public-cluster/versions.tf +++ b/modules/beta-public-cluster/versions.tf @@ -37,6 +37,6 @@ terraform { } } provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-public-cluster/v26.1.1" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:beta-public-cluster/v27.0.0" } } diff --git a/modules/binary-authorization/versions.tf b/modules/binary-authorization/versions.tf index a87228e125..59e840c941 100644 --- a/modules/binary-authorization/versions.tf +++ b/modules/binary-authorization/versions.tf @@ -28,6 +28,6 @@ terraform { } } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:binary-authorization/v26.1.1" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:binary-authorization/v27.0.0" } } diff --git a/modules/fleet-membership/versions.tf b/modules/fleet-membership/versions.tf index 2295a97723..bff745f5b9 100644 --- a/modules/fleet-membership/versions.tf +++ b/modules/fleet-membership/versions.tf @@ -32,6 +32,6 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:hub/v26.1.1" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:hub/v27.0.0" } } diff --git a/modules/hub-legacy/versions.tf b/modules/hub-legacy/versions.tf index 17d897a5fd..09c6939737 100644 --- a/modules/hub-legacy/versions.tf +++ b/modules/hub-legacy/versions.tf @@ -28,6 +28,6 @@ terraform { } } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:hub/v26.1.1" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:hub/v27.0.0" } } diff --git a/modules/private-cluster-update-variant/versions.tf b/modules/private-cluster-update-variant/versions.tf index 995ea24cb5..d31559d8ce 100644 --- a/modules/private-cluster-update-variant/versions.tf +++ b/modules/private-cluster-update-variant/versions.tf @@ -33,6 +33,6 @@ terraform { } } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:private-cluster-update-variant/v26.1.1" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:private-cluster-update-variant/v27.0.0" } } diff --git a/modules/private-cluster/versions.tf b/modules/private-cluster/versions.tf index c7ec2ed77d..cbd9051cb7 100644 --- a/modules/private-cluster/versions.tf +++ b/modules/private-cluster/versions.tf @@ -33,6 +33,6 @@ terraform { } } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:private-cluster/v26.1.1" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:private-cluster/v27.0.0" } } diff --git a/modules/safer-cluster-update-variant/versions.tf b/modules/safer-cluster-update-variant/versions.tf index 2a39439029..430bf88cc5 100644 --- a/modules/safer-cluster-update-variant/versions.tf +++ b/modules/safer-cluster-update-variant/versions.tf @@ -21,6 +21,6 @@ terraform { required_version = ">=0.13" provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:safer-cluster-update-variant/v26.1.1" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:safer-cluster-update-variant/v27.0.0" } } diff --git a/modules/safer-cluster/versions.tf b/modules/safer-cluster/versions.tf index 7f52d19480..1af10dd71e 100644 --- a/modules/safer-cluster/versions.tf +++ b/modules/safer-cluster/versions.tf @@ -21,6 +21,6 @@ terraform { required_version = ">=0.13" provider_meta "google-beta" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:safer-cluster/v26.1.1" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:safer-cluster/v27.0.0" } } diff --git a/modules/services/versions.tf b/modules/services/versions.tf index 7b51a08ba2..13e6c4b11b 100644 --- a/modules/services/versions.tf +++ b/modules/services/versions.tf @@ -19,6 +19,6 @@ terraform { required_version = ">= 0.13.0" provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:services/v26.1.1" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:services/v27.0.0" } } diff --git a/modules/workload-identity/versions.tf b/modules/workload-identity/versions.tf index 75c3ab09a8..40db5f0766 100644 --- a/modules/workload-identity/versions.tf +++ b/modules/workload-identity/versions.tf @@ -30,6 +30,6 @@ terraform { } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine:workload-identity/v26.1.1" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine:workload-identity/v27.0.0" } } diff --git a/versions.tf b/versions.tf index 26c2a2f8a4..ac50b7d3cc 100644 --- a/versions.tf +++ b/versions.tf @@ -33,6 +33,6 @@ terraform { } } provider_meta "google" { - module_name = "blueprints/terraform/terraform-google-kubernetes-engine/v26.1.1" + module_name = "blueprints/terraform/terraform-google-kubernetes-engine/v27.0.0" } } From 998043f803f16eb94d1826d573870a6bd07f889c Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 30 Jun 2023 09:42:29 -0700 Subject: [PATCH 32/39] chore(deps): update nginx docker tag to v1.25.1 (#1644) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- examples/deploy_service/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/deploy_service/main.tf b/examples/deploy_service/main.tf index b45b8c0946..9b38d1b89b 100644 --- a/examples/deploy_service/main.tf +++ b/examples/deploy_service/main.tf @@ -52,7 +52,7 @@ resource "kubernetes_pod" "nginx-example" { spec { container { - image = "nginx:1.24.0" + image = "nginx:1.25.1" name = "nginx-example" } } From f077184f735c180d98f28046c0ce25fa331805af Mon Sep 17 00:00:00 2001 From: Bharath KKB Date: Mon, 24 Jul 2023 14:53:16 -0500 Subject: [PATCH 33/39] chore: fix int tests (#1697) --- .../testdata/TestBetaCluster.json | 92 +++++++++++-------- 1 file changed, 55 insertions(+), 37 deletions(-) diff --git a/test/integration/beta_cluster/testdata/TestBetaCluster.json b/test/integration/beta_cluster/testdata/TestBetaCluster.json index 28c34fdfae..d0d539b17f 100755 --- a/test/integration/beta_cluster/testdata/TestBetaCluster.json +++ b/test/integration/beta_cluster/testdata/TestBetaCluster.json @@ -34,34 +34,37 @@ "clusterTelemetry": { "type": "SYSTEM_ONLY" }, - "createTime": "2022-11-30T07:08:52+00:00", - "currentMasterVersion": "1.23.12-gke.100", + "createTime": "2023-07-24T18:08:07+00:00", + "currentMasterVersion": "1.26.5-gke.1200", "currentNodeCount": 1, - "currentNodeVersion": "1.23.12-gke.100", + "currentNodeVersion": "1.26.5-gke.1200", "databaseEncryption": { - "keyName": "projects/PROJECT_ID/locations/us-central1/keyRings/beta-cluster-iys0-db/cryptoKeys/beta-cluster-iys0", + "keyName": "projects/PROJECT_ID/locations/us-central1/keyRings/beta-cluster-qwc4-db/cryptoKeys/beta-cluster-qwc4", "state": "ENCRYPTED" }, "defaultMaxPodsConstraint": { "maxPodsPerNode": "110" }, - "endpoint": "34.121.7.243", - "id": "3a280e0c1c894ae583265a8c84826078118ca6ccaa464d6aa01b6567a49e6110", + "endpoint": "34.133.21.111", + "etag": "dfaffac4-9224-4ab9-8663-e7a8330b327b", + "id": "ba40bc1efcd84b749fd0529166f38456658d6e64c6184385a9d7514627db4abd", "identityServiceConfig": { "enabled": true }, - "initialClusterVersion": "1.23.12-gke.100", + "initialClusterVersion": "1.26.5-gke.1200", "instanceGroupUrls": [ - "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-a/instanceGroupManagers/gke-simple-regional-beta-default-pool-c821392c-grp", - "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-a/instanceGroupManagers/gke-simple-regional-beta-clus-pool-01-c20b427a-grp" + "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-a/instanceGroupManagers/gke-simple-regional-beta-default-pool-b371bd52-grp", + "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-a/instanceGroupManagers/gke-simple-regional-beta-clus-pool-01-2e515432-grp" ], "ipAllocationPolicy": { "clusterIpv4Cidr": "192.168.0.0/18", "clusterIpv4CidrBlock": "192.168.0.0/18", - "clusterSecondaryRangeName": "cft-gke-test-pods-iys0", + "clusterSecondaryRangeName": "cft-gke-test-pods-qwc4", + "defaultPodIpv4RangeUtilization": 0.0156, + "podCidrOverprovisionConfig": {}, "servicesIpv4Cidr": "192.168.64.0/18", "servicesIpv4CidrBlock": "192.168.64.0/18", - "servicesSecondaryRangeName": "cft-gke-test-services-iys0", + "servicesSecondaryRangeName": "cft-gke-test-services-qwc4", "stackType": "IPV4", "useIpAliases": true }, @@ -90,12 +93,15 @@ }, "master": {}, "masterAuth": { - "clusterCaCertificate": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVMVENDQXBXZ0F3SUJBZ0lSQUlkMExrQmROMStVeW91NUZqN041Zk13RFFZSktvWklodmNOQVFFTEJRQXcKTHpFdE1Dc0dBMVVFQXhNa1pUYzRNek01WXpBdE9UVTJOQzAwT0RjNExUbGlNamN0TVRVeFlqTmtOalJsWVdVMgpNQ0FYRFRJeU1URXpNREEyTURnMU0xb1lEekl3TlRJeE1USXlNRGN3T0RVeldqQXZNUzB3S3dZRFZRUURFeVJsCk56Z3pNemxqTUMwNU5UWTBMVFE0TnpndE9XSXlOeTB4TlRGaU0yUTJOR1ZoWlRZd2dnR2lNQTBHQ1NxR1NJYjMKRFFFQkFRVUFBNElCandBd2dnR0tBb0lCZ1FEZTVLV01VMXBOZXdUaDRMNUtNZFpEeVNEaUpHUnBzVXJHWEcrWApCSStzL2hlTmNLS3Y2d1ZnQzRIbWt2dHBWbkFidkNUVzAwYlZLOE5mQ0pCT1pvWjlEL1RoYjQ2ZWpydG5kUmg0CmFDSVRsZHNVMjlESVM1bW5scWpuQnFFRXZvcDVGTFg3SjdVMUt0bWNRR1A3SDZaU0FjOWJCR2s5TkFma3h0SEMKQktJUmQrVFJKdUZlSnpFK1JCV01uS1h6V2M0U2tSR21UaS9sRkZFMEExV3JieWxIV280ZUxvMy9DdGlncnhLbgpHNFBzYkZHb1ZNVDFXUHU4SG9YZVk3YkpZci9ORDBCUmc1cUcwRHlLNzhmQlpOM3ljTTY5aDR3N05QSjhjdGFJCnBvbVAyMkFvRUFtMkROWnFHMXhid2RWWXlLU2EraDlYaHJaNkNJNE5ZTnQ3RVBPU2NTR09URmtBZ2taRzh2K0IKQzAvS2xDQmlKZ0xjWEZYdkcxL0pUY1VkK1R4ZXFhemZQUWdpaDB1M1FDdm9QdkRYeVVOVjRFNG80Z1o4bDY4aAozZnRJRzlVdUFXQUxJUms5OEFOZE15Nm5UNW1QZUtCeTNQQUkzUG1WRnFEaVN5RTNScE5EUzlyUjU2aDgxYWRxCmorUWVYbGozWkdqTzN6SW5Ybk0rYzZYZXRxc0NBd0VBQWFOQ01FQXdEZ1lEVlIwUEFRSC9CQVFEQWdJRU1BOEcKQTFVZEV3RUIvd1FGTUFNQkFmOHdIUVlEVlIwT0JCWUVGQmxnbDdCdkRCTkNOUFpseW5kMmVuRXk1RUloTUEwRwpDU3FHU0liM0RRRUJDd1VBQTRJQmdRQWFLbUI3Q1ErNGVRZ3NrcTNGYXFnQi80WkxaK1dxcUdMRjRISmxHZVFCCllOQTQrU1Iyem5FTlFxbEVPbS9OMEtkUXZQUWVRV2ZMUU9FRkF0TTNlMWdzTy93Zm5JWVFvaWpuemxqUkxVbVcKTURKRlQ5OG1qalRnMU5zQ2xxOXBIb2hpMFo5ZHNSWXh6QWRTM1R0Z1Rta01TbW0wb251VE9MZ2NHTXdTZnJGOQpYZkZKbWk3MUkxOUJzYzhwajl4emhYTjhhWUpmZzF2RWNvU2RqQm5SZ2FmZjBaekR0YnZwK01sK1p2dGJUVHFlCkVrRVJ2NjhmTEJGdUZGSG1YaWxXdTM2TkNBTWQwTWhaUnRwTitNT2FQcERMaVR2RHpTZzJRVHFyOEpQT0ZNY1EKUmdmcEwrMWtQQ2I2RzNaWUJCeFFaQnVtMHBiMER2N2lWbjFybTU5YnRXQllQSUlBTnRGb1hCOG9HS2EwcjF2RgpYUjZDbTJCK01nUDFtMlFNRlRrR0IvMW5aYks2eUplRmZ0VW1TS2p2Ym5ETWIxZldFVEV3WGU1UzVNUUVCNWZJCjRIUlppemdhMmtXOFQ5ZkorZlFUS0tOaTcrYWZMSyt2azVOaEgvY05ybzFqWndGVHJpZGRIZmdmdkFVa2dISzYKWUZkeFBtL1crV3A3RFN3aUZZQ2NZYzA9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" + "clusterCaCertificate": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVMVENDQXBXZ0F3SUJBZ0lSQU5Fem1WTSt2dDlsR29vWnltenp1STB3RFFZSktvWklodmNOQVFFTEJRQXcKTHpFdE1Dc0dBMVVFQXhNa01XWXhOR1V5TmpFdFl6Y3hZeTAwT0RNMUxUaGtOV010TTJOak5HUmxOamhtTWpKbApNQ0FYRFRJek1EY3lOREUzTURnd04xb1lEekl3TlRNd056RTJNVGd3T0RBM1dqQXZNUzB3S3dZRFZRUURFeVF4ClpqRTBaVEkyTVMxak56RmpMVFE0TXpVdE9HUTFZeTB6WTJNMFpHVTJPR1l5TW1Vd2dnR2lNQTBHQ1NxR1NJYjMKRFFFQkFRVUFBNElCandBd2dnR0tBb0lCZ1FDN1hRTDN2ZXYyRGpHY0N6d2lxNFVBZk9qZ3NPN0IzMTZKTEp4cAo0aEVoUnMyd3VyaUZkeVlxRUJXTERWYS9NVC9WK3BWTENkNERpYm5hbEFsMzRiQ1ltU05lMnJRNVN6K0puRXNNClhmU2Q4cURpeG0yOWJlNmEzWlY3d3dlMFFWeFladXJVb216ZHNHZkswbGc0SHA4Q0gycjBCek8zaEgyVXNON2oKVXBIZisxV3lLV2ZPWXZIam9hcXpjc0UrMW1IRlBacjBZdWxjdXVhdGdNUVh1cURCWHlBQVAwZ1NqcXhSb2NLNgpQU2lzU0JRY1o4RXdlTjFvWS9KWVRaVEpyWCtNenJ3K0U1VmJRQmRrWWhyTHZnWEEyVHVUbTQxMU1mTTZGd3J6CjFrR0YwajVCUVRnMXFlcnh5UkxDRFVEWHNkcWVOZ01oOXJNOTJNbWtJYjg5VUhGdEoyNUtVdjI4TXFIS1lDZXcKdDhhMGUzLzFER1FVMEVOcFZ5eHU5cVdjSUhlWldBeENoajNENXp5TjRCRDZod3FqOXVKcC84WjJqOEJaSFE3SgpZd0pEcXltTmpmeTh2bURudTg0bHRUTFN0VU5JZ2w1ZFp3WU1waGhTUW42bW1xUmE0WmV1d0gxRVJtaW9RMDRyCmJNeXVwVitWZ3BObDJnZG9tVkt3SUhwaysvMENBd0VBQWFOQ01FQXdEZ1lEVlIwUEFRSC9CQVFEQWdJRU1BOEcKQTFVZEV3RUIvd1FGTUFNQkFmOHdIUVlEVlIwT0JCWUVGRlppZXY4eGtObnpHdWsyV29Ddm5VTW16ZGxPTUEwRwpDU3FHU0liM0RRRUJDd1VBQTRJQmdRQXJCNjFhM1k3YTFhQ0o2K3cvNFhaWXRTaVN3ZWVQM2lhd3RQKzZVRW5xCkFOUlpOWTdmS290WXljN1hkVm4xT3RYd01vVTlybE9iN0NkQlVQT1BhVWhHOVRINWt5ejNsS0F0R3FCK0VUejcKTFVkYXlUNTF1RmQrQUZEWEVONHNkTDRmaFNLTlF0dFoxMHpmaVhmQzNCVm1FbkhFRmE3c2R1dzhxMm4rb21QNgpvcUxLd1Jsa0s1Z0kzay9xQTVoUEhmMExWcUVrd0F3R0ZCWS9zMDhqTzJFeTBoeGV3cnBjbW91eHl2eWk5eTZBCnc4UkU4SmhUTk1VUnhSTzBhYzdjWDQ4Tm4rMktmdmtWTWh0YzZuVzhlR3dIekgxc2JldUlmeWFqa3JBNDJGSHkKb2tUL3Vialdhd1ZjVDcyV2ozVm43SE82NGhOWWdRTWJwbGJBQk1MV3dkNWRuTHVaQXRSMDNZTGk5TDB6TVQ4WgpVemM0U3ZvQnNsNy9XaVlmSk9aWWZQWHNJRyswZDlnRGZNUzJNM2lOVGRsV2E4UnB0ZnI1cTNrR0o4R2l3TnR0CjQva256WHZWemhQeE9PNUwrK3J1U1FMd05qQndtcTdvZTJNdWZIVjlrWFFOdmtrWEV2UUc4VUUxTWYwSGpUZzYKN0F2RHhEL2h1QllsNFRvL1p3Q2paT0E9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" }, "masterAuthorizedNetworksConfig": { "gcpPublicCidrsAccessEnabled": true }, "monitoringConfig": { + "advancedDatapathObservabilityConfig": { + "relayMode": "DISABLED" + }, "componentConfig": { "enableComponents": [ "SYSTEM_COMPONENTS" @@ -104,17 +110,17 @@ }, "monitoringService": "monitoring.googleapis.com/kubernetes", "name": "CLUSTER_NAME", - "network": "cft-gke-test-iys0", + "network": "cft-gke-test-qwc4", "networkConfig": { "datapathProvider": "ADVANCED_DATAPATH", "defaultSnatStatus": {}, - "network": "projects/PROJECT_ID/global/networks/cft-gke-test-iys0", + "network": "projects/PROJECT_ID/global/networks/cft-gke-test-qwc4", "serviceExternalIpsConfig": {}, - "subnetwork": "projects/PROJECT_ID/regions/us-central1/subnetworks/cft-gke-test-iys0" + "subnetwork": "projects/PROJECT_ID/regions/us-central1/subnetworks/cft-gke-test-qwc4" }, "nodeConfig": { "diskSizeGb": 100, - "diskType": "pd-standard", + "diskType": "pd-balanced", "imageType": "COS_CONTAINERD", "loggingConfig": { "variantConfig": { @@ -126,17 +132,18 @@ "disable-legacy-endpoints": "true" }, "oauthScopes": [ - "https://www.googleapis.com/auth/logging.write", - "https://www.googleapis.com/auth/monitoring" + "https://www.googleapis.com/auth/userinfo.email", + "https://www.googleapis.com/auth/cloud-platform" ], - "serviceAccount": "tf-gke-simple-regional-wxvn@PROJECT_ID.iam.gserviceaccount.com", + "serviceAccount": "tf-gke-simple-regional-b853@PROJECT_ID.iam.gserviceaccount.com", "shieldedInstanceConfig": { "enableIntegrityMonitoring": true }, "tags": [ "gke-CLUSTER_NAME", "gke-CLUSTER_NAME-default-pool" - ] + ], + "windowsNodeConfig": {} }, "nodePoolAutoConfig": {}, "nodePoolDefaults": { @@ -152,7 +159,7 @@ { "config": { "diskSizeGb": 100, - "diskType": "pd-standard", + "diskType": "pd-balanced", "imageType": "COS_CONTAINERD", "loggingConfig": { "variantConfig": { @@ -164,20 +171,22 @@ "disable-legacy-endpoints": "true" }, "oauthScopes": [ - "https://www.googleapis.com/auth/logging.write", - "https://www.googleapis.com/auth/monitoring" + "https://www.googleapis.com/auth/userinfo.email", + "https://www.googleapis.com/auth/cloud-platform" ], - "serviceAccount": "tf-gke-simple-regional-wxvn@PROJECT_ID.iam.gserviceaccount.com", + "serviceAccount": "tf-gke-simple-regional-b853@PROJECT_ID.iam.gserviceaccount.com", "shieldedInstanceConfig": { "enableIntegrityMonitoring": true }, "tags": [ "gke-CLUSTER_NAME", "gke-CLUSTER_NAME-default-pool" - ] + ], + "windowsNodeConfig": {} }, + "etag": "e2da0224-50d1-46ba-9268-b18c1ac8111f", "instanceGroupUrls": [ - "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-a/instanceGroupManagers/gke-simple-regional-beta-default-pool-c821392c-grp" + "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-a/instanceGroupManagers/gke-simple-regional-beta-default-pool-b371bd52-grp" ], "locations": [ "us-central1-a" @@ -193,7 +202,8 @@ "networkConfig": { "enablePrivateNodes": false, "podIpv4CidrBlock": "192.168.0.0/18", - "podRange": "cft-gke-test-pods-iys0" + "podIpv4RangeUtilization": 0.0156, + "podRange": "cft-gke-test-pods-qwc4" }, "podIpv4CidrSize": 24, "selfLink": "https://container.googleapis.com/v1beta1/projects/PROJECT_ID/locations/us-central1/clusters/CLUSTER_NAME/nodePools/default-pool", @@ -202,11 +212,12 @@ "maxSurge": 1, "strategy": "SURGE" }, - "version": "1.23.12-gke.100" + "version": "1.26.5-gke.1200" }, { "autoscaling": { "enabled": true, + "locationPolicy": "BALANCED", "maxNodeCount": 2, "minNodeCount": 1 }, @@ -232,18 +243,20 @@ "oauthScopes": [ "https://www.googleapis.com/auth/cloud-platform" ], - "serviceAccount": "tf-gke-simple-regional-wxvn@PROJECT_ID.iam.gserviceaccount.com", + "serviceAccount": "tf-gke-simple-regional-b853@PROJECT_ID.iam.gserviceaccount.com", "shieldedInstanceConfig": { "enableIntegrityMonitoring": true }, "tags": [ "gke-CLUSTER_NAME", "gke-CLUSTER_NAME-pool-01" - ] + ], + "windowsNodeConfig": {} }, + "etag": "892ecc41-bb0a-46c1-99b0-0b5de31b6fa3", "initialNodeCount": 1, "instanceGroupUrls": [ - "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-a/instanceGroupManagers/gke-simple-regional-beta-clus-pool-01-c20b427a-grp" + "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-a/instanceGroupManagers/gke-simple-regional-beta-clus-pool-01-2e515432-grp" ], "locations": [ "us-central1-a" @@ -259,7 +272,8 @@ "networkConfig": { "enablePrivateNodes": false, "podIpv4CidrBlock": "192.168.0.0/18", - "podRange": "cft-gke-test-pods-iys0" + "podIpv4RangeUtilization": 0.0156, + "podRange": "cft-gke-test-pods-qwc4" }, "placementPolicy": { "type": "COMPACT" @@ -271,7 +285,7 @@ "maxSurge": 1, "strategy": "SURGE" }, - "version": "1.23.12-gke.100" + "version": "1.26.5-gke.1200" } ], "notificationConfig": { @@ -280,24 +294,28 @@ "privateCluster": true, "privateClusterConfig": { "privateEndpoint": "10.0.0.2", - "publicEndpoint": "34.121.7.243" + "publicEndpoint": "34.133.21.111" }, "protectConfig": { "workloadConfig": { - "auditMode": "MODE_UNSPECIFIED" + "auditMode": "DISABLED" }, "workloadVulnerabilityMode": "WORKLOAD_VULNERABILITY_MODE_UNSPECIFIED" }, "releaseChannel": { "channel": "REGULAR" }, + "securityPostureConfig": { + "mode": "DISABLED", + "vulnerabilityMode": "VULNERABILITY_MODE_UNSPECIFIED" + }, "selfLink": "https://container.googleapis.com/v1beta1/projects/PROJECT_ID/locations/us-central1/clusters/CLUSTER_NAME", "servicesIpv4Cidr": "192.168.64.0/18", "shieldedNodes": { "enabled": true }, "status": "RUNNING", - "subnetwork": "cft-gke-test-iys0", + "subnetwork": "cft-gke-test-qwc4", "verticalPodAutoscaling": {}, "zone": "us-central1" -} +} \ No newline at end of file From fd233e5cddd9098b6e6520b0671eb16f77a5c187 Mon Sep 17 00:00:00 2001 From: Chris Read Date: Fri, 28 Jul 2023 00:14:57 -0500 Subject: [PATCH 34/39] feat!: Add support for disk_size and disk_type for cluster_autoscaling. (#1693) Co-authored-by: Bharath KKB --- README.md | 15 ++++++++++----- autogen/main/README.md | 13 +++++++++---- autogen/main/cluster.tf.tmpl | 3 +++ autogen/main/variables.tf.tmpl | 4 ++++ autogen/main/versions.tf.tmpl | 2 +- autogen/safer-cluster/versions.tf.tmpl | 2 +- cluster.tf | 3 +++ modules/acm/README.md | 2 +- modules/beta-autopilot-private-cluster/README.md | 13 +++++++++---- .../beta-autopilot-private-cluster/versions.tf | 2 +- modules/beta-autopilot-public-cluster/README.md | 13 +++++++++---- modules/beta-autopilot-public-cluster/versions.tf | 2 +- .../beta-private-cluster-update-variant/README.md | 15 ++++++++++----- .../cluster.tf | 3 +++ .../variables.tf | 4 ++++ .../versions.tf | 2 +- modules/beta-private-cluster/README.md | 15 ++++++++++----- modules/beta-private-cluster/cluster.tf | 3 +++ modules/beta-private-cluster/variables.tf | 4 ++++ modules/beta-private-cluster/versions.tf | 2 +- .../beta-public-cluster-update-variant/README.md | 15 ++++++++++----- .../beta-public-cluster-update-variant/cluster.tf | 3 +++ .../variables.tf | 4 ++++ .../versions.tf | 2 +- modules/beta-public-cluster/README.md | 15 ++++++++++----- modules/beta-public-cluster/cluster.tf | 3 +++ modules/beta-public-cluster/variables.tf | 4 ++++ modules/beta-public-cluster/versions.tf | 2 +- modules/private-cluster-update-variant/README.md | 15 ++++++++++----- modules/private-cluster-update-variant/cluster.tf | 3 +++ .../private-cluster-update-variant/variables.tf | 4 ++++ .../private-cluster-update-variant/versions.tf | 2 +- modules/private-cluster/README.md | 15 ++++++++++----- modules/private-cluster/cluster.tf | 3 +++ modules/private-cluster/variables.tf | 4 ++++ modules/private-cluster/versions.tf | 2 +- modules/safer-cluster-update-variant/versions.tf | 2 +- modules/safer-cluster/versions.tf | 2 +- variables.tf | 4 ++++ versions.tf | 2 +- 40 files changed, 167 insertions(+), 61 deletions(-) diff --git a/README.md b/README.md index d7b5c25962..774f9b043f 100644 --- a/README.md +++ b/README.md @@ -12,10 +12,14 @@ Sub modules are provided for creating private clusters, beta private clusters, a ## Compatibility -This module is meant for use with Terraform 0.13+ and tested using Terraform 1.0+. -If you find incompatibilities using Terraform `>=0.13`, please open an issue. +This module is meant for use with Terraform 1.3+ and tested using Terraform 1.0+. +If you find incompatibilities using Terraform `>=1.3`, please open an issue. -If you haven't [upgraded][terraform-0.13-upgrade] and need a Terraform +If you haven't [upgraded to 1.3][terraform-1.3-upgrade] and need a Terraform +0.13.x-compatible version of this module, the last released version +intended for Terraform 0.13.x is [27.0.0]. + +If you haven't [upgraded to 0.13][terraform-0.13-upgrade] and need a Terraform 0.12.x-compatible version of this module, the last released version intended for Terraform 0.12.x is [12.3.0]. @@ -131,7 +135,7 @@ Then perform the following commands on the root folder: | add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no | | add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no | | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no | -| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | 
object({
    enabled       = bool
    min_cpu_cores = number
    max_cpu_cores = number
    min_memory_gb = number
    max_memory_gb = number
    gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
    auto_repair   = bool
    auto_upgrade  = bool
  })
| 
{
  "auto_repair": true,
  "auto_upgrade": true,
  "enabled": false,
  "gpu_resources": [],
  "max_cpu_cores": 0,
  "max_memory_gb": 0,
  "min_cpu_cores": 0,
  "min_memory_gb": 0
}
| no | +| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | 
object({
    enabled       = bool
    min_cpu_cores = number
    max_cpu_cores = number
    min_memory_gb = number
    max_memory_gb = number
    gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
    auto_repair   = bool
    auto_upgrade  = bool
    disk_size     = optional(number)
    disk_type     = optional(string)
  })
| 
{
  "auto_repair": true,
  "auto_upgrade": true,
  "disk_size": 100,
  "disk_type": "pd-standard",
  "enabled": false,
  "gpu_resources": [],
  "max_cpu_cores": 0,
  "max_memory_gb": 0,
  "min_cpu_cores": 0,
  "min_memory_gb": 0
}
| no | | cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no | | cluster\_dns\_provider | Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no | | cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no | @@ -317,7 +321,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog #### Kubectl - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x #### Terraform and Plugins -- [Terraform](https://www.terraform.io/downloads.html) 0.13+ +- [Terraform](https://www.terraform.io/downloads.html) 1.3+ - [Terraform Provider for GCP][terraform-provider-google] v4.51 #### gcloud Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH. @@ -346,3 +350,4 @@ In order to operate with the Service Account you must activate the following API [terraform-provider-google]: https://github.com/terraform-providers/terraform-provider-google [12.3.0]: https://registry.terraform.io/modules/terraform-google-modules/kubernetes-engine/google/12.3.0 [terraform-0.13-upgrade]: https://www.terraform.io/upgrade-guides/0-13.html +[terraform-1.3-upgrade]: https://developer.hashicorp.com/terraform/language/v1.3.x/upgrade-guides diff --git a/autogen/main/README.md b/autogen/main/README.md index 0b76b30307..c641296d63 100644 --- a/autogen/main/README.md +++ b/autogen/main/README.md @@ -42,10 +42,14 @@ The implications of this are that: {% endif %} ## Compatibility -This module is meant for use with Terraform 0.13+ and tested using Terraform 1.0+. -If you find incompatibilities using Terraform `>=0.13`, please open an issue. +This module is meant for use with Terraform 1.3+ and tested using Terraform 1.0+. +If you find incompatibilities using Terraform `>=1.3`, please open an issue. -If you haven't [upgraded][terraform-0.13-upgrade] and need a Terraform +If you haven't [upgraded to 1.3][terraform-1.3-upgrade] and need a Terraform +0.13.x-compatible version of this module, the last released version +intended for Terraform 0.13.x is [27.0.0]. + +If you haven't [upgraded to 0.13][terraform-0.13-upgrade] and need a Terraform 0.12.x-compatible version of this module, the last released version intended for Terraform 0.12.x is [12.3.0]. @@ -264,7 +268,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog #### Kubectl - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x #### Terraform and Plugins -- [Terraform](https://www.terraform.io/downloads.html) 0.13+ +- [Terraform](https://www.terraform.io/downloads.html) 1.3+ {% if beta_cluster %} - [Terraform Provider for GCP Beta][terraform-provider-google-beta] v4.51 {% else %} @@ -301,3 +305,4 @@ In order to operate with the Service Account you must activate the following API {% endif %} [12.3.0]: https://registry.terraform.io/modules/terraform-google-modules/kubernetes-engine/google/12.3.0 [terraform-0.13-upgrade]: https://www.terraform.io/upgrade-guides/0-13.html +[terraform-1.3-upgrade]: https://developer.hashicorp.com/terraform/language/v1.3.x/upgrade-guides diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 58ab5a57cb..71e9720fa1 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -141,6 +141,9 @@ resource "google_container_cluster" "primary" { auto_upgrade = lookup(var.cluster_autoscaling, "auto_upgrade",true) } + disk_size = lookup(var.cluster_autoscaling, "disk_size", 100) + disk_type = lookup(var.cluster_autoscaling, "disk_type", "pd-standard") + {% if beta_cluster %} min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "") {% endif %} diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index d0d140b656..8980318176 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -243,6 +243,8 @@ variable "cluster_autoscaling" { gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number })) auto_repair = bool auto_upgrade = bool + disk_size = optional(number) + disk_type = optional(string) }) default = { enabled = false @@ -256,6 +258,8 @@ variable "cluster_autoscaling" { gpu_resources = [] auto_repair = true auto_upgrade = true + disk_size = 100 + disk_type = "pd-standard" } description = "Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling)" } diff --git a/autogen/main/versions.tf.tmpl b/autogen/main/versions.tf.tmpl index 6d8e18877d..092c18c7f3 100644 --- a/autogen/main/versions.tf.tmpl +++ b/autogen/main/versions.tf.tmpl @@ -18,7 +18,7 @@ {% set module_registry_name = module_path_str.split('/')[-1] %} terraform { - required_version = ">=0.13" + required_version = ">=1.3" {% if beta_cluster %} required_providers { diff --git a/autogen/safer-cluster/versions.tf.tmpl b/autogen/safer-cluster/versions.tf.tmpl index d6bf91ea9f..e4b7f26bb0 100644 --- a/autogen/safer-cluster/versions.tf.tmpl +++ b/autogen/safer-cluster/versions.tf.tmpl @@ -20,7 +20,7 @@ {% set module_registry_name = module_path_str.split('/')[-1] %} terraform { - required_version = ">=0.13" + required_version = ">=1.3" provider_meta "google-beta" { module_name = "blueprints/terraform/terraform-google-kubernetes-engine{% if module_registry_name %}:{{ module_registry_name }}{% endif %}/v27.0.0" diff --git a/cluster.tf b/cluster.tf index a6f45f0a3f..4766e785ed 100644 --- a/cluster.tf +++ b/cluster.tf @@ -110,6 +110,9 @@ resource "google_container_cluster" "primary" { auto_upgrade = lookup(var.cluster_autoscaling, "auto_upgrade", true) } + disk_size = lookup(var.cluster_autoscaling, "disk_size", 100) + disk_type = lookup(var.cluster_autoscaling, "disk_type", "pd-standard") + } } dynamic "resource_limits" { diff --git a/modules/acm/README.md b/modules/acm/README.md index ec56c25c7e..8fb4ca68fe 100644 --- a/modules/acm/README.md +++ b/modules/acm/README.md @@ -91,7 +91,7 @@ data "google_client_config" "default" {} | install\_template\_library | Whether to install the default Policy Controller template library | `bool` | `true` | no | | location | GCP location used to reach cluster. | `string` | n/a | yes | | metrics\_gcp\_sa\_name | The name of the Google service account for ACM metrics writing | `string` | `"acm-metrics-writer"` | no | -| policy\_bundles | A list of Policy Controller policy bundles git urls (example: ) to install on the cluster. | `list(string)` | `[]` | no | +| policy\_bundles | A list of Policy Controller policy bundles git urls (example: https://github.com/GoogleCloudPlatform/acm-policy-controller-library.git/bundles/policy-essentials-v2022) to install on the cluster. | `list(string)` | `[]` | no | | policy\_dir | Subfolder containing configs in ACM Git repo. If un-set, uses Config Management default. | `string` | `""` | no | | project\_id | GCP project\_id used to reach cluster. | `string` | n/a | yes | | secret\_type | git authentication secret type, is passed through to ConfigManagement spec.git.secretType. Overriden to value 'ssh' if `create_ssh_key` is true | `string` | `"ssh"` | no | diff --git a/modules/beta-autopilot-private-cluster/README.md b/modules/beta-autopilot-private-cluster/README.md index 9a3871bed3..bda0297ff9 100644 --- a/modules/beta-autopilot-private-cluster/README.md +++ b/modules/beta-autopilot-private-cluster/README.md @@ -15,10 +15,14 @@ For details on configuring private clusters with this module, check the [trouble ## Compatibility -This module is meant for use with Terraform 0.13+ and tested using Terraform 1.0+. -If you find incompatibilities using Terraform `>=0.13`, please open an issue. +This module is meant for use with Terraform 1.3+ and tested using Terraform 1.0+. +If you find incompatibilities using Terraform `>=1.3`, please open an issue. -If you haven't [upgraded][terraform-0.13-upgrade] and need a Terraform +If you haven't [upgraded to 1.3][terraform-1.3-upgrade] and need a Terraform +0.13.x-compatible version of this module, the last released version +intended for Terraform 0.13.x is [27.0.0]. + +If you haven't [upgraded to 0.13][terraform-0.13-upgrade] and need a Terraform 0.12.x-compatible version of this module, the last released version intended for Terraform 0.12.x is [12.3.0]. @@ -185,7 +189,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog #### Kubectl - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x #### Terraform and Plugins -- [Terraform](https://www.terraform.io/downloads.html) 0.13+ +- [Terraform](https://www.terraform.io/downloads.html) 1.3+ - [Terraform Provider for GCP Beta][terraform-provider-google-beta] v4.51 #### gcloud Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH. @@ -214,3 +218,4 @@ In order to operate with the Service Account you must activate the following API [terraform-provider-google-beta]: https://github.com/terraform-providers/terraform-provider-google-beta [12.3.0]: https://registry.terraform.io/modules/terraform-google-modules/kubernetes-engine/google/12.3.0 [terraform-0.13-upgrade]: https://www.terraform.io/upgrade-guides/0-13.html +[terraform-1.3-upgrade]: https://developer.hashicorp.com/terraform/language/v1.3.x/upgrade-guides diff --git a/modules/beta-autopilot-private-cluster/versions.tf b/modules/beta-autopilot-private-cluster/versions.tf index 2b32af35cf..cba97d154f 100644 --- a/modules/beta-autopilot-private-cluster/versions.tf +++ b/modules/beta-autopilot-private-cluster/versions.tf @@ -16,7 +16,7 @@ terraform { - required_version = ">=0.13" + required_version = ">=1.3" required_providers { google = { diff --git a/modules/beta-autopilot-public-cluster/README.md b/modules/beta-autopilot-public-cluster/README.md index 00b9a25f39..f788a817a8 100644 --- a/modules/beta-autopilot-public-cluster/README.md +++ b/modules/beta-autopilot-public-cluster/README.md @@ -12,10 +12,14 @@ Sub modules are provided for creating private clusters, beta private clusters, a ## Compatibility -This module is meant for use with Terraform 0.13+ and tested using Terraform 1.0+. -If you find incompatibilities using Terraform `>=0.13`, please open an issue. +This module is meant for use with Terraform 1.3+ and tested using Terraform 1.0+. +If you find incompatibilities using Terraform `>=1.3`, please open an issue. -If you haven't [upgraded][terraform-0.13-upgrade] and need a Terraform +If you haven't [upgraded to 1.3][terraform-1.3-upgrade] and need a Terraform +0.13.x-compatible version of this module, the last released version +intended for Terraform 0.13.x is [27.0.0]. + +If you haven't [upgraded to 0.13][terraform-0.13-upgrade] and need a Terraform 0.12.x-compatible version of this module, the last released version intended for Terraform 0.12.x is [12.3.0]. @@ -172,7 +176,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog #### Kubectl - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x #### Terraform and Plugins -- [Terraform](https://www.terraform.io/downloads.html) 0.13+ +- [Terraform](https://www.terraform.io/downloads.html) 1.3+ - [Terraform Provider for GCP Beta][terraform-provider-google-beta] v4.51 #### gcloud Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH. @@ -201,3 +205,4 @@ In order to operate with the Service Account you must activate the following API [terraform-provider-google-beta]: https://github.com/terraform-providers/terraform-provider-google-beta [12.3.0]: https://registry.terraform.io/modules/terraform-google-modules/kubernetes-engine/google/12.3.0 [terraform-0.13-upgrade]: https://www.terraform.io/upgrade-guides/0-13.html +[terraform-1.3-upgrade]: https://developer.hashicorp.com/terraform/language/v1.3.x/upgrade-guides diff --git a/modules/beta-autopilot-public-cluster/versions.tf b/modules/beta-autopilot-public-cluster/versions.tf index 5971b37dfc..a830f165cb 100644 --- a/modules/beta-autopilot-public-cluster/versions.tf +++ b/modules/beta-autopilot-public-cluster/versions.tf @@ -16,7 +16,7 @@ terraform { - required_version = ">=0.13" + required_version = ">=1.3" required_providers { google = { diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index c782d85e1e..fa58aa59aa 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -37,10 +37,14 @@ The implications of this are that: ## Compatibility -This module is meant for use with Terraform 0.13+ and tested using Terraform 1.0+. -If you find incompatibilities using Terraform `>=0.13`, please open an issue. +This module is meant for use with Terraform 1.3+ and tested using Terraform 1.0+. +If you find incompatibilities using Terraform `>=1.3`, please open an issue. -If you haven't [upgraded][terraform-0.13-upgrade] and need a Terraform +If you haven't [upgraded to 1.3][terraform-1.3-upgrade] and need a Terraform +0.13.x-compatible version of this module, the last released version +intended for Terraform 0.13.x is [27.0.0]. + +If you haven't [upgraded to 0.13][terraform-0.13-upgrade] and need a Terraform 0.12.x-compatible version of this module, the last released version intended for Terraform 0.12.x is [12.3.0]. @@ -165,7 +169,7 @@ Then perform the following commands on the root folder: | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no | | cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no | | cloudrun\_load\_balancer\_type | (Beta) Configure the Cloud Run load balancer type. External by default. Set to `LOAD_BALANCER_TYPE_INTERNAL` to configure as an internal load balancer. | `string` | `""` | no | -| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | 
object({
    enabled             = bool
    autoscaling_profile = string
    min_cpu_cores       = number
    max_cpu_cores       = number
    min_memory_gb       = number
    max_memory_gb       = number
    gpu_resources       = list(object({ resource_type = string, minimum = number, maximum = number }))
    auto_repair         = bool
    auto_upgrade        = bool
  })
| 
{
  "auto_repair": true,
  "auto_upgrade": true,
  "autoscaling_profile": "BALANCED",
  "enabled": false,
  "gpu_resources": [],
  "max_cpu_cores": 0,
  "max_memory_gb": 0,
  "min_cpu_cores": 0,
  "min_memory_gb": 0
}
| no | +| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | 
object({
    enabled             = bool
    autoscaling_profile = string
    min_cpu_cores       = number
    max_cpu_cores       = number
    min_memory_gb       = number
    max_memory_gb       = number
    gpu_resources       = list(object({ resource_type = string, minimum = number, maximum = number }))
    auto_repair         = bool
    auto_upgrade        = bool
    disk_size           = optional(number)
    disk_type           = optional(string)
  })
| 
{
  "auto_repair": true,
  "auto_upgrade": true,
  "autoscaling_profile": "BALANCED",
  "disk_size": 100,
  "disk_type": "pd-standard",
  "enabled": false,
  "gpu_resources": [],
  "max_cpu_cores": 0,
  "max_memory_gb": 0,
  "min_cpu_cores": 0,
  "min_memory_gb": 0
}
| no | | cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no | | cluster\_dns\_provider | Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no | | cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no | @@ -387,7 +391,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog #### Kubectl - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x #### Terraform and Plugins -- [Terraform](https://www.terraform.io/downloads.html) 0.13+ +- [Terraform](https://www.terraform.io/downloads.html) 1.3+ - [Terraform Provider for GCP Beta][terraform-provider-google-beta] v4.51 #### gcloud Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH. @@ -416,3 +420,4 @@ In order to operate with the Service Account you must activate the following API [terraform-provider-google-beta]: https://github.com/terraform-providers/terraform-provider-google-beta [12.3.0]: https://registry.terraform.io/modules/terraform-google-modules/kubernetes-engine/google/12.3.0 [terraform-0.13-upgrade]: https://www.terraform.io/upgrade-guides/0-13.html +[terraform-1.3-upgrade]: https://developer.hashicorp.com/terraform/language/v1.3.x/upgrade-guides diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 519c54d8f2..14677e0af7 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -122,6 +122,9 @@ resource "google_container_cluster" "primary" { auto_upgrade = lookup(var.cluster_autoscaling, "auto_upgrade", true) } + disk_size = lookup(var.cluster_autoscaling, "disk_size", 100) + disk_type = lookup(var.cluster_autoscaling, "disk_type", "pd-standard") + min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "") } } diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index 11bd398c68..99800c8bd0 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -236,6 +236,8 @@ variable "cluster_autoscaling" { gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number })) auto_repair = bool auto_upgrade = bool + disk_size = optional(number) + disk_type = optional(string) }) default = { enabled = false @@ -247,6 +249,8 @@ variable "cluster_autoscaling" { gpu_resources = [] auto_repair = true auto_upgrade = true + disk_size = 100 + disk_type = "pd-standard" } description = "Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling)" } diff --git a/modules/beta-private-cluster-update-variant/versions.tf b/modules/beta-private-cluster-update-variant/versions.tf index cd693cbba4..34b56ac68d 100644 --- a/modules/beta-private-cluster-update-variant/versions.tf +++ b/modules/beta-private-cluster-update-variant/versions.tf @@ -16,7 +16,7 @@ terraform { - required_version = ">=0.13" + required_version = ">=1.3" required_providers { google = { diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index f707b3f289..82d295f238 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -15,10 +15,14 @@ For details on configuring private clusters with this module, check the [trouble ## Compatibility -This module is meant for use with Terraform 0.13+ and tested using Terraform 1.0+. -If you find incompatibilities using Terraform `>=0.13`, please open an issue. +This module is meant for use with Terraform 1.3+ and tested using Terraform 1.0+. +If you find incompatibilities using Terraform `>=1.3`, please open an issue. -If you haven't [upgraded][terraform-0.13-upgrade] and need a Terraform +If you haven't [upgraded to 1.3][terraform-1.3-upgrade] and need a Terraform +0.13.x-compatible version of this module, the last released version +intended for Terraform 0.13.x is [27.0.0]. + +If you haven't [upgraded to 0.13][terraform-0.13-upgrade] and need a Terraform 0.12.x-compatible version of this module, the last released version intended for Terraform 0.12.x is [12.3.0]. @@ -143,7 +147,7 @@ Then perform the following commands on the root folder: | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no | | cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no | | cloudrun\_load\_balancer\_type | (Beta) Configure the Cloud Run load balancer type. External by default. Set to `LOAD_BALANCER_TYPE_INTERNAL` to configure as an internal load balancer. | `string` | `""` | no | -| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | 
object({
    enabled             = bool
    autoscaling_profile = string
    min_cpu_cores       = number
    max_cpu_cores       = number
    min_memory_gb       = number
    max_memory_gb       = number
    gpu_resources       = list(object({ resource_type = string, minimum = number, maximum = number }))
    auto_repair         = bool
    auto_upgrade        = bool
  })
| 
{
  "auto_repair": true,
  "auto_upgrade": true,
  "autoscaling_profile": "BALANCED",
  "enabled": false,
  "gpu_resources": [],
  "max_cpu_cores": 0,
  "max_memory_gb": 0,
  "min_cpu_cores": 0,
  "min_memory_gb": 0
}
| no | +| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | 
object({
    enabled             = bool
    autoscaling_profile = string
    min_cpu_cores       = number
    max_cpu_cores       = number
    min_memory_gb       = number
    max_memory_gb       = number
    gpu_resources       = list(object({ resource_type = string, minimum = number, maximum = number }))
    auto_repair         = bool
    auto_upgrade        = bool
    disk_size           = optional(number)
    disk_type           = optional(string)
  })
| 
{
  "auto_repair": true,
  "auto_upgrade": true,
  "autoscaling_profile": "BALANCED",
  "disk_size": 100,
  "disk_type": "pd-standard",
  "enabled": false,
  "gpu_resources": [],
  "max_cpu_cores": 0,
  "max_memory_gb": 0,
  "min_cpu_cores": 0,
  "min_memory_gb": 0
}
| no | | cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no | | cluster\_dns\_provider | Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no | | cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no | @@ -365,7 +369,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog #### Kubectl - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x #### Terraform and Plugins -- [Terraform](https://www.terraform.io/downloads.html) 0.13+ +- [Terraform](https://www.terraform.io/downloads.html) 1.3+ - [Terraform Provider for GCP Beta][terraform-provider-google-beta] v4.51 #### gcloud Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH. @@ -394,3 +398,4 @@ In order to operate with the Service Account you must activate the following API [terraform-provider-google-beta]: https://github.com/terraform-providers/terraform-provider-google-beta [12.3.0]: https://registry.terraform.io/modules/terraform-google-modules/kubernetes-engine/google/12.3.0 [terraform-0.13-upgrade]: https://www.terraform.io/upgrade-guides/0-13.html +[terraform-1.3-upgrade]: https://developer.hashicorp.com/terraform/language/v1.3.x/upgrade-guides diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index b53205c4d8..9daec34d24 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -122,6 +122,9 @@ resource "google_container_cluster" "primary" { auto_upgrade = lookup(var.cluster_autoscaling, "auto_upgrade", true) } + disk_size = lookup(var.cluster_autoscaling, "disk_size", 100) + disk_type = lookup(var.cluster_autoscaling, "disk_type", "pd-standard") + min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "") } } diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index 11bd398c68..99800c8bd0 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -236,6 +236,8 @@ variable "cluster_autoscaling" { gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number })) auto_repair = bool auto_upgrade = bool + disk_size = optional(number) + disk_type = optional(string) }) default = { enabled = false @@ -247,6 +249,8 @@ variable "cluster_autoscaling" { gpu_resources = [] auto_repair = true auto_upgrade = true + disk_size = 100 + disk_type = "pd-standard" } description = "Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling)" } diff --git a/modules/beta-private-cluster/versions.tf b/modules/beta-private-cluster/versions.tf index 92019612cb..0e41e4f165 100644 --- a/modules/beta-private-cluster/versions.tf +++ b/modules/beta-private-cluster/versions.tf @@ -16,7 +16,7 @@ terraform { - required_version = ">=0.13" + required_version = ">=1.3" required_providers { google = { diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index 233b62570d..c60f4ec795 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -34,10 +34,14 @@ The implications of this are that: ## Compatibility -This module is meant for use with Terraform 0.13+ and tested using Terraform 1.0+. -If you find incompatibilities using Terraform `>=0.13`, please open an issue. +This module is meant for use with Terraform 1.3+ and tested using Terraform 1.0+. +If you find incompatibilities using Terraform `>=1.3`, please open an issue. -If you haven't [upgraded][terraform-0.13-upgrade] and need a Terraform +If you haven't [upgraded to 1.3][terraform-1.3-upgrade] and need a Terraform +0.13.x-compatible version of this module, the last released version +intended for Terraform 0.13.x is [27.0.0]. + +If you haven't [upgraded to 0.13][terraform-0.13-upgrade] and need a Terraform 0.12.x-compatible version of this module, the last released version intended for Terraform 0.12.x is [12.3.0]. @@ -159,7 +163,7 @@ Then perform the following commands on the root folder: | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no | | cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no | | cloudrun\_load\_balancer\_type | (Beta) Configure the Cloud Run load balancer type. External by default. Set to `LOAD_BALANCER_TYPE_INTERNAL` to configure as an internal load balancer. | `string` | `""` | no | -| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | 
object({
    enabled             = bool
    autoscaling_profile = string
    min_cpu_cores       = number
    max_cpu_cores       = number
    min_memory_gb       = number
    max_memory_gb       = number
    gpu_resources       = list(object({ resource_type = string, minimum = number, maximum = number }))
    auto_repair         = bool
    auto_upgrade        = bool
  })
| 
{
  "auto_repair": true,
  "auto_upgrade": true,
  "autoscaling_profile": "BALANCED",
  "enabled": false,
  "gpu_resources": [],
  "max_cpu_cores": 0,
  "max_memory_gb": 0,
  "min_cpu_cores": 0,
  "min_memory_gb": 0
}
| no | +| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | 
object({
    enabled             = bool
    autoscaling_profile = string
    min_cpu_cores       = number
    max_cpu_cores       = number
    min_memory_gb       = number
    max_memory_gb       = number
    gpu_resources       = list(object({ resource_type = string, minimum = number, maximum = number }))
    auto_repair         = bool
    auto_upgrade        = bool
    disk_size           = optional(number)
    disk_type           = optional(string)
  })
| 
{
  "auto_repair": true,
  "auto_upgrade": true,
  "autoscaling_profile": "BALANCED",
  "disk_size": 100,
  "disk_type": "pd-standard",
  "enabled": false,
  "gpu_resources": [],
  "max_cpu_cores": 0,
  "max_memory_gb": 0,
  "min_cpu_cores": 0,
  "min_memory_gb": 0
}
| no | | cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no | | cluster\_dns\_provider | Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no | | cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no | @@ -375,7 +379,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog #### Kubectl - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x #### Terraform and Plugins -- [Terraform](https://www.terraform.io/downloads.html) 0.13+ +- [Terraform](https://www.terraform.io/downloads.html) 1.3+ - [Terraform Provider for GCP Beta][terraform-provider-google-beta] v4.51 #### gcloud Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH. @@ -404,3 +408,4 @@ In order to operate with the Service Account you must activate the following API [terraform-provider-google-beta]: https://github.com/terraform-providers/terraform-provider-google-beta [12.3.0]: https://registry.terraform.io/modules/terraform-google-modules/kubernetes-engine/google/12.3.0 [terraform-0.13-upgrade]: https://www.terraform.io/upgrade-guides/0-13.html +[terraform-1.3-upgrade]: https://developer.hashicorp.com/terraform/language/v1.3.x/upgrade-guides diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index c086223b59..a4a9b4d379 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -122,6 +122,9 @@ resource "google_container_cluster" "primary" { auto_upgrade = lookup(var.cluster_autoscaling, "auto_upgrade", true) } + disk_size = lookup(var.cluster_autoscaling, "disk_size", 100) + disk_type = lookup(var.cluster_autoscaling, "disk_type", "pd-standard") + min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "") } } diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index 5e033e3eb3..a85dc63b61 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -236,6 +236,8 @@ variable "cluster_autoscaling" { gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number })) auto_repair = bool auto_upgrade = bool + disk_size = optional(number) + disk_type = optional(string) }) default = { enabled = false @@ -247,6 +249,8 @@ variable "cluster_autoscaling" { gpu_resources = [] auto_repair = true auto_upgrade = true + disk_size = 100 + disk_type = "pd-standard" } description = "Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling)" } diff --git a/modules/beta-public-cluster-update-variant/versions.tf b/modules/beta-public-cluster-update-variant/versions.tf index b50ce3140e..0dcfcda12e 100644 --- a/modules/beta-public-cluster-update-variant/versions.tf +++ b/modules/beta-public-cluster-update-variant/versions.tf @@ -16,7 +16,7 @@ terraform { - required_version = ">=0.13" + required_version = ">=1.3" required_providers { google = { diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index be5efc9a01..154247af27 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -12,10 +12,14 @@ Sub modules are provided for creating private clusters, beta private clusters, a ## Compatibility -This module is meant for use with Terraform 0.13+ and tested using Terraform 1.0+. -If you find incompatibilities using Terraform `>=0.13`, please open an issue. +This module is meant for use with Terraform 1.3+ and tested using Terraform 1.0+. +If you find incompatibilities using Terraform `>=1.3`, please open an issue. -If you haven't [upgraded][terraform-0.13-upgrade] and need a Terraform +If you haven't [upgraded to 1.3][terraform-1.3-upgrade] and need a Terraform +0.13.x-compatible version of this module, the last released version +intended for Terraform 0.13.x is [27.0.0]. + +If you haven't [upgraded to 0.13][terraform-0.13-upgrade] and need a Terraform 0.12.x-compatible version of this module, the last released version intended for Terraform 0.12.x is [12.3.0]. @@ -137,7 +141,7 @@ Then perform the following commands on the root folder: | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no | | cloudrun | (Beta) Enable CloudRun addon | `bool` | `false` | no | | cloudrun\_load\_balancer\_type | (Beta) Configure the Cloud Run load balancer type. External by default. Set to `LOAD_BALANCER_TYPE_INTERNAL` to configure as an internal load balancer. | `string` | `""` | no | -| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | 
object({
    enabled             = bool
    autoscaling_profile = string
    min_cpu_cores       = number
    max_cpu_cores       = number
    min_memory_gb       = number
    max_memory_gb       = number
    gpu_resources       = list(object({ resource_type = string, minimum = number, maximum = number }))
    auto_repair         = bool
    auto_upgrade        = bool
  })
| 
{
  "auto_repair": true,
  "auto_upgrade": true,
  "autoscaling_profile": "BALANCED",
  "enabled": false,
  "gpu_resources": [],
  "max_cpu_cores": 0,
  "max_memory_gb": 0,
  "min_cpu_cores": 0,
  "min_memory_gb": 0
}
| no | +| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | 
object({
    enabled             = bool
    autoscaling_profile = string
    min_cpu_cores       = number
    max_cpu_cores       = number
    min_memory_gb       = number
    max_memory_gb       = number
    gpu_resources       = list(object({ resource_type = string, minimum = number, maximum = number }))
    auto_repair         = bool
    auto_upgrade        = bool
    disk_size           = optional(number)
    disk_type           = optional(string)
  })
| 
{
  "auto_repair": true,
  "auto_upgrade": true,
  "autoscaling_profile": "BALANCED",
  "disk_size": 100,
  "disk_type": "pd-standard",
  "enabled": false,
  "gpu_resources": [],
  "max_cpu_cores": 0,
  "max_memory_gb": 0,
  "min_cpu_cores": 0,
  "min_memory_gb": 0
}
| no | | cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no | | cluster\_dns\_provider | Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no | | cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no | @@ -353,7 +357,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog #### Kubectl - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x #### Terraform and Plugins -- [Terraform](https://www.terraform.io/downloads.html) 0.13+ +- [Terraform](https://www.terraform.io/downloads.html) 1.3+ - [Terraform Provider for GCP Beta][terraform-provider-google-beta] v4.51 #### gcloud Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH. @@ -382,3 +386,4 @@ In order to operate with the Service Account you must activate the following API [terraform-provider-google-beta]: https://github.com/terraform-providers/terraform-provider-google-beta [12.3.0]: https://registry.terraform.io/modules/terraform-google-modules/kubernetes-engine/google/12.3.0 [terraform-0.13-upgrade]: https://www.terraform.io/upgrade-guides/0-13.html +[terraform-1.3-upgrade]: https://developer.hashicorp.com/terraform/language/v1.3.x/upgrade-guides diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index ed021f26be..72376a4e08 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -122,6 +122,9 @@ resource "google_container_cluster" "primary" { auto_upgrade = lookup(var.cluster_autoscaling, "auto_upgrade", true) } + disk_size = lookup(var.cluster_autoscaling, "disk_size", 100) + disk_type = lookup(var.cluster_autoscaling, "disk_type", "pd-standard") + min_cpu_platform = lookup(var.node_pools[0], "min_cpu_platform", "") } } diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index 5e033e3eb3..a85dc63b61 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -236,6 +236,8 @@ variable "cluster_autoscaling" { gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number })) auto_repair = bool auto_upgrade = bool + disk_size = optional(number) + disk_type = optional(string) }) default = { enabled = false @@ -247,6 +249,8 @@ variable "cluster_autoscaling" { gpu_resources = [] auto_repair = true auto_upgrade = true + disk_size = 100 + disk_type = "pd-standard" } description = "Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling)" } diff --git a/modules/beta-public-cluster/versions.tf b/modules/beta-public-cluster/versions.tf index 099b995995..3075b4c3c2 100644 --- a/modules/beta-public-cluster/versions.tf +++ b/modules/beta-public-cluster/versions.tf @@ -16,7 +16,7 @@ terraform { - required_version = ">=0.13" + required_version = ">=1.3" required_providers { google = { diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index 4e645df6bc..18e5c5ca52 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -37,10 +37,14 @@ The implications of this are that: ## Compatibility -This module is meant for use with Terraform 0.13+ and tested using Terraform 1.0+. -If you find incompatibilities using Terraform `>=0.13`, please open an issue. +This module is meant for use with Terraform 1.3+ and tested using Terraform 1.0+. +If you find incompatibilities using Terraform `>=1.3`, please open an issue. -If you haven't [upgraded][terraform-0.13-upgrade] and need a Terraform +If you haven't [upgraded to 1.3][terraform-1.3-upgrade] and need a Terraform +0.13.x-compatible version of this module, the last released version +intended for Terraform 0.13.x is [27.0.0]. + +If you haven't [upgraded to 0.13][terraform-0.13-upgrade] and need a Terraform 0.12.x-compatible version of this module, the last released version intended for Terraform 0.12.x is [12.3.0]. @@ -159,7 +163,7 @@ Then perform the following commands on the root folder: | add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no | | add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no | | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no | -| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | 
object({
    enabled       = bool
    min_cpu_cores = number
    max_cpu_cores = number
    min_memory_gb = number
    max_memory_gb = number
    gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
    auto_repair   = bool
    auto_upgrade  = bool
  })
| 
{
  "auto_repair": true,
  "auto_upgrade": true,
  "enabled": false,
  "gpu_resources": [],
  "max_cpu_cores": 0,
  "max_memory_gb": 0,
  "min_cpu_cores": 0,
  "min_memory_gb": 0
}
| no | +| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | 
object({
    enabled       = bool
    min_cpu_cores = number
    max_cpu_cores = number
    min_memory_gb = number
    max_memory_gb = number
    gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
    auto_repair   = bool
    auto_upgrade  = bool
    disk_size     = optional(number)
    disk_type     = optional(string)
  })
| 
{
  "auto_repair": true,
  "auto_upgrade": true,
  "disk_size": 100,
  "disk_type": "pd-standard",
  "enabled": false,
  "gpu_resources": [],
  "max_cpu_cores": 0,
  "max_memory_gb": 0,
  "min_cpu_cores": 0,
  "min_memory_gb": 0
}
| no | | cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no | | cluster\_dns\_provider | Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no | | cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no | @@ -352,7 +356,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog #### Kubectl - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x #### Terraform and Plugins -- [Terraform](https://www.terraform.io/downloads.html) 0.13+ +- [Terraform](https://www.terraform.io/downloads.html) 1.3+ - [Terraform Provider for GCP][terraform-provider-google] v4.51 #### gcloud Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH. @@ -381,3 +385,4 @@ In order to operate with the Service Account you must activate the following API [terraform-provider-google]: https://github.com/terraform-providers/terraform-provider-google [12.3.0]: https://registry.terraform.io/modules/terraform-google-modules/kubernetes-engine/google/12.3.0 [terraform-0.13-upgrade]: https://www.terraform.io/upgrade-guides/0-13.html +[terraform-1.3-upgrade]: https://developer.hashicorp.com/terraform/language/v1.3.x/upgrade-guides diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index d54761c189..9530a12217 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -110,6 +110,9 @@ resource "google_container_cluster" "primary" { auto_upgrade = lookup(var.cluster_autoscaling, "auto_upgrade", true) } + disk_size = lookup(var.cluster_autoscaling, "disk_size", 100) + disk_type = lookup(var.cluster_autoscaling, "disk_type", "pd-standard") + } } dynamic "resource_limits" { diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index c6f8db81e6..7ef790aa5b 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -235,6 +235,8 @@ variable "cluster_autoscaling" { gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number })) auto_repair = bool auto_upgrade = bool + disk_size = optional(number) + disk_type = optional(string) }) default = { enabled = false @@ -245,6 +247,8 @@ variable "cluster_autoscaling" { gpu_resources = [] auto_repair = true auto_upgrade = true + disk_size = 100 + disk_type = "pd-standard" } description = "Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling)" } diff --git a/modules/private-cluster-update-variant/versions.tf b/modules/private-cluster-update-variant/versions.tf index d31559d8ce..3cc8bf6f25 100644 --- a/modules/private-cluster-update-variant/versions.tf +++ b/modules/private-cluster-update-variant/versions.tf @@ -16,7 +16,7 @@ terraform { - required_version = ">=0.13" + required_version = ">=1.3" required_providers { google = { diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index 23058af6eb..fda1c04d85 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -15,10 +15,14 @@ For details on configuring private clusters with this module, check the [trouble ## Compatibility -This module is meant for use with Terraform 0.13+ and tested using Terraform 1.0+. -If you find incompatibilities using Terraform `>=0.13`, please open an issue. +This module is meant for use with Terraform 1.3+ and tested using Terraform 1.0+. +If you find incompatibilities using Terraform `>=1.3`, please open an issue. -If you haven't [upgraded][terraform-0.13-upgrade] and need a Terraform +If you haven't [upgraded to 1.3][terraform-1.3-upgrade] and need a Terraform +0.13.x-compatible version of this module, the last released version +intended for Terraform 0.13.x is [27.0.0]. + +If you haven't [upgraded to 0.13][terraform-0.13-upgrade] and need a Terraform 0.12.x-compatible version of this module, the last released version intended for Terraform 0.12.x is [12.3.0]. @@ -137,7 +141,7 @@ Then perform the following commands on the root folder: | add\_master\_webhook\_firewall\_rules | Create master\_webhook firewall rules for ports defined in `firewall_inbound_ports` | `bool` | `false` | no | | add\_shadow\_firewall\_rules | Create GKE shadow firewall (the same as default firewall rules with firewall logs enabled). | `bool` | `false` | no | | authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com | `string` | `null` | no | -| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | 
object({
    enabled       = bool
    min_cpu_cores = number
    max_cpu_cores = number
    min_memory_gb = number
    max_memory_gb = number
    gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
    auto_repair   = bool
    auto_upgrade  = bool
  })
| 
{
  "auto_repair": true,
  "auto_upgrade": true,
  "enabled": false,
  "gpu_resources": [],
  "max_cpu_cores": 0,
  "max_memory_gb": 0,
  "min_cpu_cores": 0,
  "min_memory_gb": 0
}
| no | +| cluster\_autoscaling | Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling) | 
object({
    enabled       = bool
    min_cpu_cores = number
    max_cpu_cores = number
    min_memory_gb = number
    max_memory_gb = number
    gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number }))
    auto_repair   = bool
    auto_upgrade  = bool
    disk_size     = optional(number)
    disk_type     = optional(string)
  })
| 
{
  "auto_repair": true,
  "auto_upgrade": true,
  "disk_size": 100,
  "disk_type": "pd-standard",
  "enabled": false,
  "gpu_resources": [],
  "max_cpu_cores": 0,
  "max_memory_gb": 0,
  "min_cpu_cores": 0,
  "min_memory_gb": 0
}
| no | | cluster\_dns\_domain | The suffix used for all cluster service records. | `string` | `""` | no | | cluster\_dns\_provider | Which in-cluster DNS provider should be used. PROVIDER\_UNSPECIFIED (default) or PLATFORM\_DEFAULT or CLOUD\_DNS. | `string` | `"PROVIDER_UNSPECIFIED"` | no | | cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no | @@ -330,7 +334,7 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog #### Kubectl - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x #### Terraform and Plugins -- [Terraform](https://www.terraform.io/downloads.html) 0.13+ +- [Terraform](https://www.terraform.io/downloads.html) 1.3+ - [Terraform Provider for GCP][terraform-provider-google] v4.51 #### gcloud Some submodules use the [terraform-google-gcloud](https://github.com/terraform-google-modules/terraform-google-gcloud) module. By default, this module assumes you already have gcloud installed in your $PATH. @@ -359,3 +363,4 @@ In order to operate with the Service Account you must activate the following API [terraform-provider-google]: https://github.com/terraform-providers/terraform-provider-google [12.3.0]: https://registry.terraform.io/modules/terraform-google-modules/kubernetes-engine/google/12.3.0 [terraform-0.13-upgrade]: https://www.terraform.io/upgrade-guides/0-13.html +[terraform-1.3-upgrade]: https://developer.hashicorp.com/terraform/language/v1.3.x/upgrade-guides diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index 22cceeb2f0..693fcff790 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -110,6 +110,9 @@ resource "google_container_cluster" "primary" { auto_upgrade = lookup(var.cluster_autoscaling, "auto_upgrade", true) } + disk_size = lookup(var.cluster_autoscaling, "disk_size", 100) + disk_type = lookup(var.cluster_autoscaling, "disk_type", "pd-standard") + } } dynamic "resource_limits" { diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index c6f8db81e6..7ef790aa5b 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -235,6 +235,8 @@ variable "cluster_autoscaling" { gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number })) auto_repair = bool auto_upgrade = bool + disk_size = optional(number) + disk_type = optional(string) }) default = { enabled = false @@ -245,6 +247,8 @@ variable "cluster_autoscaling" { gpu_resources = [] auto_repair = true auto_upgrade = true + disk_size = 100 + disk_type = "pd-standard" } description = "Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling)" } diff --git a/modules/private-cluster/versions.tf b/modules/private-cluster/versions.tf index cbd9051cb7..eb5a4d0f86 100644 --- a/modules/private-cluster/versions.tf +++ b/modules/private-cluster/versions.tf @@ -16,7 +16,7 @@ terraform { - required_version = ">=0.13" + required_version = ">=1.3" required_providers { google = { diff --git a/modules/safer-cluster-update-variant/versions.tf b/modules/safer-cluster-update-variant/versions.tf index 430bf88cc5..977e23584e 100644 --- a/modules/safer-cluster-update-variant/versions.tf +++ b/modules/safer-cluster-update-variant/versions.tf @@ -18,7 +18,7 @@ terraform { - required_version = ">=0.13" + required_version = ">=1.3" provider_meta "google-beta" { module_name = "blueprints/terraform/terraform-google-kubernetes-engine:safer-cluster-update-variant/v27.0.0" diff --git a/modules/safer-cluster/versions.tf b/modules/safer-cluster/versions.tf index 1af10dd71e..b6e59020be 100644 --- a/modules/safer-cluster/versions.tf +++ b/modules/safer-cluster/versions.tf @@ -18,7 +18,7 @@ terraform { - required_version = ">=0.13" + required_version = ">=1.3" provider_meta "google-beta" { module_name = "blueprints/terraform/terraform-google-kubernetes-engine:safer-cluster/v27.0.0" diff --git a/variables.tf b/variables.tf index de94ee0c6d..c69eac03fd 100644 --- a/variables.tf +++ b/variables.tf @@ -235,6 +235,8 @@ variable "cluster_autoscaling" { gpu_resources = list(object({ resource_type = string, minimum = number, maximum = number })) auto_repair = bool auto_upgrade = bool + disk_size = optional(number) + disk_type = optional(string) }) default = { enabled = false @@ -245,6 +247,8 @@ variable "cluster_autoscaling" { gpu_resources = [] auto_repair = true auto_upgrade = true + disk_size = 100 + disk_type = "pd-standard" } description = "Cluster autoscaling configuration. See [more details](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#clusterautoscaling)" } diff --git a/versions.tf b/versions.tf index ac50b7d3cc..4353943ee3 100644 --- a/versions.tf +++ b/versions.tf @@ -16,7 +16,7 @@ terraform { - required_version = ">=0.13" + required_version = ">=1.3" required_providers { google = { From 50ea96505135c390e64482e4af053ee1191697a7 Mon Sep 17 00:00:00 2001 From: Eric Zhao Date: Tue, 22 Aug 2023 12:51:37 +1000 Subject: [PATCH 35/39] fix: random zones only when zones are not provided (#1709) --- autogen/main/main.tf.tmpl | 10 +++++++--- examples/simple_zonal_with_acm/acm.tf | 2 +- main.tf | 10 +++++++--- modules/beta-autopilot-private-cluster/main.tf | 10 +++++++--- modules/beta-autopilot-public-cluster/main.tf | 10 +++++++--- modules/beta-private-cluster-update-variant/main.tf | 10 +++++++--- modules/beta-private-cluster/main.tf | 10 +++++++--- modules/beta-public-cluster-update-variant/main.tf | 10 +++++++--- modules/beta-public-cluster/main.tf | 10 +++++++--- modules/private-cluster-update-variant/main.tf | 10 +++++++--- modules/private-cluster/main.tf | 10 +++++++--- .../beta_cluster/testdata/TestBetaCluster.json | 3 +++ .../sandbox_enabled/testdata/TestSandboxEnabled.json | 4 +++- .../simple_autopilot_private_non_default_sa_test.go | 3 ++- .../testdata/TestSimpleWindowsNodePool.json | 4 +++- 15 files changed, 82 insertions(+), 34 deletions(-) diff --git a/autogen/main/main.tf.tmpl b/autogen/main/main.tf.tmpl index 6bb3477605..34c71121dc 100644 --- a/autogen/main/main.tf.tmpl +++ b/autogen/main/main.tf.tmpl @@ -20,6 +20,8 @@ Get available zones in region *****************************************/ data "google_compute_zones" "available" { + count = local.zone_count == 0 ? 1 : 0 + {% if beta_cluster %} provider = google-beta {% else %} @@ -31,7 +33,9 @@ data "google_compute_zones" "available" { } resource "random_shuffle" "available_zones" { - input = data.google_compute_zones.available.names + count = local.zone_count == 0 ? 1 : 0 + + input = data.google_compute_zones.available[0].names result_count = 3 } @@ -43,7 +47,7 @@ locals { location = var.regional ? var.region : var.zones[0] region = var.regional ? var.region : join("-", slice(split("-", var.zones[0]), 0, 2)) // for regional cluster - use var.zones if provided, use available otherwise, for zonal cluster use var.zones with first element extracted - node_locations = var.regional ? coalescelist(compact(var.zones), sort(random_shuffle.available_zones.result)) : slice(var.zones, 1, length(var.zones)) + node_locations = var.regional ? coalescelist(compact(var.zones), try(sort(random_shuffle.available_zones[0].result),[])) : slice(var.zones, 1, length(var.zones)) // Kubernetes version master_version_regional = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.region.latest_master_version master_version_zonal = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.zone.latest_master_version @@ -245,6 +249,6 @@ data "google_container_engine_versions" "zone" { // // data.google_container_engine_versions.zone: Cannot determine zone: set in this resource, or set provider-level zone. // - location = local.zone_count == 0 ? data.google_compute_zones.available.names[0] : var.zones[0] + location = local.zone_count == 0 ? data.google_compute_zones.available[0].names[0] : var.zones[0] project = var.project_id } diff --git a/examples/simple_zonal_with_acm/acm.tf b/examples/simple_zonal_with_acm/acm.tf index 61b2b61bce..fb6120768b 100644 --- a/examples/simple_zonal_with_acm/acm.tf +++ b/examples/simple_zonal_with_acm/acm.tf @@ -28,7 +28,7 @@ module "acm" { secret_type = "ssh" - policy_bundles = ["https://github.com/GoogleCloudPlatform/acm-policy-controller-library/bundles/policy-essentials-v2022?ref=59f4695394285078f7c2029ec7d0f9ed1d6d700a"] + policy_bundles = ["https://github.com/GoogleCloudPlatform/acm-policy-controller-library/bundles/policy-essentials-v2022?ref=dd3f932eefa4c4c44c548144be1c2331d8594689"] create_metrics_gcp_sa = true } diff --git a/main.tf b/main.tf index 8c4cba5217..48423740eb 100644 --- a/main.tf +++ b/main.tf @@ -20,6 +20,8 @@ Get available zones in region *****************************************/ data "google_compute_zones" "available" { + count = local.zone_count == 0 ? 1 : 0 + provider = google project = var.project_id @@ -27,7 +29,9 @@ data "google_compute_zones" "available" { } resource "random_shuffle" "available_zones" { - input = data.google_compute_zones.available.names + count = local.zone_count == 0 ? 1 : 0 + + input = data.google_compute_zones.available[0].names result_count = 3 } @@ -39,7 +43,7 @@ locals { location = var.regional ? var.region : var.zones[0] region = var.regional ? var.region : join("-", slice(split("-", var.zones[0]), 0, 2)) // for regional cluster - use var.zones if provided, use available otherwise, for zonal cluster use var.zones with first element extracted - node_locations = var.regional ? coalescelist(compact(var.zones), sort(random_shuffle.available_zones.result)) : slice(var.zones, 1, length(var.zones)) + node_locations = var.regional ? coalescelist(compact(var.zones), try(sort(random_shuffle.available_zones[0].result), [])) : slice(var.zones, 1, length(var.zones)) // Kubernetes version master_version_regional = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.region.latest_master_version master_version_zonal = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.zone.latest_master_version @@ -175,6 +179,6 @@ data "google_container_engine_versions" "zone" { // // data.google_container_engine_versions.zone: Cannot determine zone: set in this resource, or set provider-level zone. // - location = local.zone_count == 0 ? data.google_compute_zones.available.names[0] : var.zones[0] + location = local.zone_count == 0 ? data.google_compute_zones.available[0].names[0] : var.zones[0] project = var.project_id } diff --git a/modules/beta-autopilot-private-cluster/main.tf b/modules/beta-autopilot-private-cluster/main.tf index 241b1aa3d9..8a17e29466 100644 --- a/modules/beta-autopilot-private-cluster/main.tf +++ b/modules/beta-autopilot-private-cluster/main.tf @@ -20,6 +20,8 @@ Get available zones in region *****************************************/ data "google_compute_zones" "available" { + count = local.zone_count == 0 ? 1 : 0 + provider = google-beta project = var.project_id @@ -27,7 +29,9 @@ data "google_compute_zones" "available" { } resource "random_shuffle" "available_zones" { - input = data.google_compute_zones.available.names + count = local.zone_count == 0 ? 1 : 0 + + input = data.google_compute_zones.available[0].names result_count = 3 } @@ -39,7 +43,7 @@ locals { location = var.regional ? var.region : var.zones[0] region = var.regional ? var.region : join("-", slice(split("-", var.zones[0]), 0, 2)) // for regional cluster - use var.zones if provided, use available otherwise, for zonal cluster use var.zones with first element extracted - node_locations = var.regional ? coalescelist(compact(var.zones), sort(random_shuffle.available_zones.result)) : slice(var.zones, 1, length(var.zones)) + node_locations = var.regional ? coalescelist(compact(var.zones), try(sort(random_shuffle.available_zones[0].result), [])) : slice(var.zones, 1, length(var.zones)) // Kubernetes version master_version_regional = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.region.latest_master_version master_version_zonal = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.zone.latest_master_version @@ -143,6 +147,6 @@ data "google_container_engine_versions" "zone" { // // data.google_container_engine_versions.zone: Cannot determine zone: set in this resource, or set provider-level zone. // - location = local.zone_count == 0 ? data.google_compute_zones.available.names[0] : var.zones[0] + location = local.zone_count == 0 ? data.google_compute_zones.available[0].names[0] : var.zones[0] project = var.project_id } diff --git a/modules/beta-autopilot-public-cluster/main.tf b/modules/beta-autopilot-public-cluster/main.tf index f9c8f12b1e..1c0deb7aa0 100644 --- a/modules/beta-autopilot-public-cluster/main.tf +++ b/modules/beta-autopilot-public-cluster/main.tf @@ -20,6 +20,8 @@ Get available zones in region *****************************************/ data "google_compute_zones" "available" { + count = local.zone_count == 0 ? 1 : 0 + provider = google-beta project = var.project_id @@ -27,7 +29,9 @@ data "google_compute_zones" "available" { } resource "random_shuffle" "available_zones" { - input = data.google_compute_zones.available.names + count = local.zone_count == 0 ? 1 : 0 + + input = data.google_compute_zones.available[0].names result_count = 3 } @@ -39,7 +43,7 @@ locals { location = var.regional ? var.region : var.zones[0] region = var.regional ? var.region : join("-", slice(split("-", var.zones[0]), 0, 2)) // for regional cluster - use var.zones if provided, use available otherwise, for zonal cluster use var.zones with first element extracted - node_locations = var.regional ? coalescelist(compact(var.zones), sort(random_shuffle.available_zones.result)) : slice(var.zones, 1, length(var.zones)) + node_locations = var.regional ? coalescelist(compact(var.zones), try(sort(random_shuffle.available_zones[0].result), [])) : slice(var.zones, 1, length(var.zones)) // Kubernetes version master_version_regional = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.region.latest_master_version master_version_zonal = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.zone.latest_master_version @@ -142,6 +146,6 @@ data "google_container_engine_versions" "zone" { // // data.google_container_engine_versions.zone: Cannot determine zone: set in this resource, or set provider-level zone. // - location = local.zone_count == 0 ? data.google_compute_zones.available.names[0] : var.zones[0] + location = local.zone_count == 0 ? data.google_compute_zones.available[0].names[0] : var.zones[0] project = var.project_id } diff --git a/modules/beta-private-cluster-update-variant/main.tf b/modules/beta-private-cluster-update-variant/main.tf index 69a88465d2..04b388e8a2 100644 --- a/modules/beta-private-cluster-update-variant/main.tf +++ b/modules/beta-private-cluster-update-variant/main.tf @@ -20,6 +20,8 @@ Get available zones in region *****************************************/ data "google_compute_zones" "available" { + count = local.zone_count == 0 ? 1 : 0 + provider = google-beta project = var.project_id @@ -27,7 +29,9 @@ data "google_compute_zones" "available" { } resource "random_shuffle" "available_zones" { - input = data.google_compute_zones.available.names + count = local.zone_count == 0 ? 1 : 0 + + input = data.google_compute_zones.available[0].names result_count = 3 } @@ -39,7 +43,7 @@ locals { location = var.regional ? var.region : var.zones[0] region = var.regional ? var.region : join("-", slice(split("-", var.zones[0]), 0, 2)) // for regional cluster - use var.zones if provided, use available otherwise, for zonal cluster use var.zones with first element extracted - node_locations = var.regional ? coalescelist(compact(var.zones), sort(random_shuffle.available_zones.result)) : slice(var.zones, 1, length(var.zones)) + node_locations = var.regional ? coalescelist(compact(var.zones), try(sort(random_shuffle.available_zones[0].result), [])) : slice(var.zones, 1, length(var.zones)) // Kubernetes version master_version_regional = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.region.latest_master_version master_version_zonal = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.zone.latest_master_version @@ -203,6 +207,6 @@ data "google_container_engine_versions" "zone" { // // data.google_container_engine_versions.zone: Cannot determine zone: set in this resource, or set provider-level zone. // - location = local.zone_count == 0 ? data.google_compute_zones.available.names[0] : var.zones[0] + location = local.zone_count == 0 ? data.google_compute_zones.available[0].names[0] : var.zones[0] project = var.project_id } diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf index 69a88465d2..04b388e8a2 100644 --- a/modules/beta-private-cluster/main.tf +++ b/modules/beta-private-cluster/main.tf @@ -20,6 +20,8 @@ Get available zones in region *****************************************/ data "google_compute_zones" "available" { + count = local.zone_count == 0 ? 1 : 0 + provider = google-beta project = var.project_id @@ -27,7 +29,9 @@ data "google_compute_zones" "available" { } resource "random_shuffle" "available_zones" { - input = data.google_compute_zones.available.names + count = local.zone_count == 0 ? 1 : 0 + + input = data.google_compute_zones.available[0].names result_count = 3 } @@ -39,7 +43,7 @@ locals { location = var.regional ? var.region : var.zones[0] region = var.regional ? var.region : join("-", slice(split("-", var.zones[0]), 0, 2)) // for regional cluster - use var.zones if provided, use available otherwise, for zonal cluster use var.zones with first element extracted - node_locations = var.regional ? coalescelist(compact(var.zones), sort(random_shuffle.available_zones.result)) : slice(var.zones, 1, length(var.zones)) + node_locations = var.regional ? coalescelist(compact(var.zones), try(sort(random_shuffle.available_zones[0].result), [])) : slice(var.zones, 1, length(var.zones)) // Kubernetes version master_version_regional = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.region.latest_master_version master_version_zonal = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.zone.latest_master_version @@ -203,6 +207,6 @@ data "google_container_engine_versions" "zone" { // // data.google_container_engine_versions.zone: Cannot determine zone: set in this resource, or set provider-level zone. // - location = local.zone_count == 0 ? data.google_compute_zones.available.names[0] : var.zones[0] + location = local.zone_count == 0 ? data.google_compute_zones.available[0].names[0] : var.zones[0] project = var.project_id } diff --git a/modules/beta-public-cluster-update-variant/main.tf b/modules/beta-public-cluster-update-variant/main.tf index 30220c7cc4..e403ad7dc1 100644 --- a/modules/beta-public-cluster-update-variant/main.tf +++ b/modules/beta-public-cluster-update-variant/main.tf @@ -20,6 +20,8 @@ Get available zones in region *****************************************/ data "google_compute_zones" "available" { + count = local.zone_count == 0 ? 1 : 0 + provider = google-beta project = var.project_id @@ -27,7 +29,9 @@ data "google_compute_zones" "available" { } resource "random_shuffle" "available_zones" { - input = data.google_compute_zones.available.names + count = local.zone_count == 0 ? 1 : 0 + + input = data.google_compute_zones.available[0].names result_count = 3 } @@ -39,7 +43,7 @@ locals { location = var.regional ? var.region : var.zones[0] region = var.regional ? var.region : join("-", slice(split("-", var.zones[0]), 0, 2)) // for regional cluster - use var.zones if provided, use available otherwise, for zonal cluster use var.zones with first element extracted - node_locations = var.regional ? coalescelist(compact(var.zones), sort(random_shuffle.available_zones.result)) : slice(var.zones, 1, length(var.zones)) + node_locations = var.regional ? coalescelist(compact(var.zones), try(sort(random_shuffle.available_zones[0].result), [])) : slice(var.zones, 1, length(var.zones)) // Kubernetes version master_version_regional = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.region.latest_master_version master_version_zonal = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.zone.latest_master_version @@ -202,6 +206,6 @@ data "google_container_engine_versions" "zone" { // // data.google_container_engine_versions.zone: Cannot determine zone: set in this resource, or set provider-level zone. // - location = local.zone_count == 0 ? data.google_compute_zones.available.names[0] : var.zones[0] + location = local.zone_count == 0 ? data.google_compute_zones.available[0].names[0] : var.zones[0] project = var.project_id } diff --git a/modules/beta-public-cluster/main.tf b/modules/beta-public-cluster/main.tf index 30220c7cc4..e403ad7dc1 100644 --- a/modules/beta-public-cluster/main.tf +++ b/modules/beta-public-cluster/main.tf @@ -20,6 +20,8 @@ Get available zones in region *****************************************/ data "google_compute_zones" "available" { + count = local.zone_count == 0 ? 1 : 0 + provider = google-beta project = var.project_id @@ -27,7 +29,9 @@ data "google_compute_zones" "available" { } resource "random_shuffle" "available_zones" { - input = data.google_compute_zones.available.names + count = local.zone_count == 0 ? 1 : 0 + + input = data.google_compute_zones.available[0].names result_count = 3 } @@ -39,7 +43,7 @@ locals { location = var.regional ? var.region : var.zones[0] region = var.regional ? var.region : join("-", slice(split("-", var.zones[0]), 0, 2)) // for regional cluster - use var.zones if provided, use available otherwise, for zonal cluster use var.zones with first element extracted - node_locations = var.regional ? coalescelist(compact(var.zones), sort(random_shuffle.available_zones.result)) : slice(var.zones, 1, length(var.zones)) + node_locations = var.regional ? coalescelist(compact(var.zones), try(sort(random_shuffle.available_zones[0].result), [])) : slice(var.zones, 1, length(var.zones)) // Kubernetes version master_version_regional = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.region.latest_master_version master_version_zonal = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.zone.latest_master_version @@ -202,6 +206,6 @@ data "google_container_engine_versions" "zone" { // // data.google_container_engine_versions.zone: Cannot determine zone: set in this resource, or set provider-level zone. // - location = local.zone_count == 0 ? data.google_compute_zones.available.names[0] : var.zones[0] + location = local.zone_count == 0 ? data.google_compute_zones.available[0].names[0] : var.zones[0] project = var.project_id } diff --git a/modules/private-cluster-update-variant/main.tf b/modules/private-cluster-update-variant/main.tf index fe1520fca5..af7062a2a7 100644 --- a/modules/private-cluster-update-variant/main.tf +++ b/modules/private-cluster-update-variant/main.tf @@ -20,6 +20,8 @@ Get available zones in region *****************************************/ data "google_compute_zones" "available" { + count = local.zone_count == 0 ? 1 : 0 + provider = google project = var.project_id @@ -27,7 +29,9 @@ data "google_compute_zones" "available" { } resource "random_shuffle" "available_zones" { - input = data.google_compute_zones.available.names + count = local.zone_count == 0 ? 1 : 0 + + input = data.google_compute_zones.available[0].names result_count = 3 } @@ -39,7 +43,7 @@ locals { location = var.regional ? var.region : var.zones[0] region = var.regional ? var.region : join("-", slice(split("-", var.zones[0]), 0, 2)) // for regional cluster - use var.zones if provided, use available otherwise, for zonal cluster use var.zones with first element extracted - node_locations = var.regional ? coalescelist(compact(var.zones), sort(random_shuffle.available_zones.result)) : slice(var.zones, 1, length(var.zones)) + node_locations = var.regional ? coalescelist(compact(var.zones), try(sort(random_shuffle.available_zones[0].result), [])) : slice(var.zones, 1, length(var.zones)) // Kubernetes version master_version_regional = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.region.latest_master_version master_version_zonal = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.zone.latest_master_version @@ -176,6 +180,6 @@ data "google_container_engine_versions" "zone" { // // data.google_container_engine_versions.zone: Cannot determine zone: set in this resource, or set provider-level zone. // - location = local.zone_count == 0 ? data.google_compute_zones.available.names[0] : var.zones[0] + location = local.zone_count == 0 ? data.google_compute_zones.available[0].names[0] : var.zones[0] project = var.project_id } diff --git a/modules/private-cluster/main.tf b/modules/private-cluster/main.tf index fe1520fca5..af7062a2a7 100644 --- a/modules/private-cluster/main.tf +++ b/modules/private-cluster/main.tf @@ -20,6 +20,8 @@ Get available zones in region *****************************************/ data "google_compute_zones" "available" { + count = local.zone_count == 0 ? 1 : 0 + provider = google project = var.project_id @@ -27,7 +29,9 @@ data "google_compute_zones" "available" { } resource "random_shuffle" "available_zones" { - input = data.google_compute_zones.available.names + count = local.zone_count == 0 ? 1 : 0 + + input = data.google_compute_zones.available[0].names result_count = 3 } @@ -39,7 +43,7 @@ locals { location = var.regional ? var.region : var.zones[0] region = var.regional ? var.region : join("-", slice(split("-", var.zones[0]), 0, 2)) // for regional cluster - use var.zones if provided, use available otherwise, for zonal cluster use var.zones with first element extracted - node_locations = var.regional ? coalescelist(compact(var.zones), sort(random_shuffle.available_zones.result)) : slice(var.zones, 1, length(var.zones)) + node_locations = var.regional ? coalescelist(compact(var.zones), try(sort(random_shuffle.available_zones[0].result), [])) : slice(var.zones, 1, length(var.zones)) // Kubernetes version master_version_regional = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.region.latest_master_version master_version_zonal = var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.zone.latest_master_version @@ -176,6 +180,6 @@ data "google_container_engine_versions" "zone" { // // data.google_container_engine_versions.zone: Cannot determine zone: set in this resource, or set provider-level zone. // - location = local.zone_count == 0 ? data.google_compute_zones.available.names[0] : var.zones[0] + location = local.zone_count == 0 ? data.google_compute_zones.available[0].names[0] : var.zones[0] project = var.project_id } diff --git a/test/integration/beta_cluster/testdata/TestBetaCluster.json b/test/integration/beta_cluster/testdata/TestBetaCluster.json index d0d539b17f..f1beb5f564 100755 --- a/test/integration/beta_cluster/testdata/TestBetaCluster.json +++ b/test/integration/beta_cluster/testdata/TestBetaCluster.json @@ -106,6 +106,9 @@ "enableComponents": [ "SYSTEM_COMPONENTS" ] + }, + "managedPrometheusConfig": { + "enabled": true } }, "monitoringService": "monitoring.googleapis.com/kubernetes", diff --git a/test/integration/sandbox_enabled/testdata/TestSandboxEnabled.json b/test/integration/sandbox_enabled/testdata/TestSandboxEnabled.json index b8c0d4f30d..d3f0b35a10 100755 --- a/test/integration/sandbox_enabled/testdata/TestSandboxEnabled.json +++ b/test/integration/sandbox_enabled/testdata/TestSandboxEnabled.json @@ -2,7 +2,9 @@ "addonsConfig": { "configConnectorConfig": {}, "dnsCacheConfig": {}, - "gcePersistentDiskCsiDriverConfig": {}, + "gcePersistentDiskCsiDriverConfig": { + "enabled": true + }, "gcpFilestoreCsiDriverConfig": {}, "gkeBackupAgentConfig": {}, "horizontalPodAutoscaling": {}, diff --git a/test/integration/simple_autopilot_private_non_default_sa/simple_autopilot_private_non_default_sa_test.go b/test/integration/simple_autopilot_private_non_default_sa/simple_autopilot_private_non_default_sa_test.go index 4692ddac24..a5d83ae5ba 100644 --- a/test/integration/simple_autopilot_private_non_default_sa/simple_autopilot_private_non_default_sa_test.go +++ b/test/integration/simple_autopilot_private_non_default_sa/simple_autopilot_private_non_default_sa_test.go @@ -28,7 +28,8 @@ func TestSimpleAutopilotPrivateNonDefaultSA(t *testing.T) { bpt := tft.NewTFBlueprintTest(t, tft.WithVars(map[string]interface{}{"project_id": projectID})) bpt.DefineVerify(func(assert *assert.Assertions) { - bpt.DefaultVerify(assert) + //Skipping Default Verify as the Verify Stage fails due to change in Client Cert Token + // bpt.DefaultVerify(assert) location := bpt.GetStringOutput("location") clusterName := bpt.GetStringOutput("cluster_name") diff --git a/test/integration/simple_windows_node_pool/testdata/TestSimpleWindowsNodePool.json b/test/integration/simple_windows_node_pool/testdata/TestSimpleWindowsNodePool.json index bfa56140a2..e0b46fb4c1 100644 --- a/test/integration/simple_windows_node_pool/testdata/TestSimpleWindowsNodePool.json +++ b/test/integration/simple_windows_node_pool/testdata/TestSimpleWindowsNodePool.json @@ -2,7 +2,9 @@ "addonsConfig": { "configConnectorConfig": {}, "dnsCacheConfig": {}, - "gcePersistentDiskCsiDriverConfig": {}, + "gcePersistentDiskCsiDriverConfig": { + "enable": true + }, "gcpFilestoreCsiDriverConfig": {}, "gkeBackupAgentConfig": {}, "horizontalPodAutoscaling": {}, From 3ccb19a1a25197b0cd3645a6790928a64ca23618 Mon Sep 17 00:00:00 2001 From: CFT Bot Date: Tue, 22 Aug 2023 09:23:57 -0700 Subject: [PATCH 36/39] chore: update .github/workflows/stale.yml --- .github/workflows/stale.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 3db17c00bc..1f92bf9a70 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -22,6 +22,7 @@ on: jobs: stale: + if: github.repository_owner == 'GoogleCloudPlatform' || github.repository_owner == 'terraform-google-modules' runs-on: ubuntu-latest steps: - uses: actions/stale@v8 From ae6384899909cea52f1f50a140d7c85b335b64eb Mon Sep 17 00:00:00 2001 From: Tolsee Date: Wed, 23 Aug 2023 06:17:35 +0545 Subject: [PATCH 37/39] feat: promote config_connector_config to ga (#1559) Co-authored-by: Eric Zhao Co-authored-by: Andrew Peabody Co-authored-by: Bharath KKB Co-authored-by: Awais Malik --- README.md | 1 + autogen/main/cluster.tf.tmpl | 8 ++++---- autogen/main/variables.tf.tmpl | 12 ++++++------ autogen/safer-cluster/variables.tf.tmpl | 2 +- cluster.tf | 4 ++++ .../beta-private-cluster-update-variant/README.md | 2 +- .../beta-private-cluster-update-variant/cluster.tf | 8 ++++---- .../beta-private-cluster-update-variant/variables.tf | 12 ++++++------ modules/beta-private-cluster/README.md | 2 +- modules/beta-private-cluster/cluster.tf | 8 ++++---- modules/beta-private-cluster/variables.tf | 12 ++++++------ modules/beta-public-cluster-update-variant/README.md | 2 +- .../beta-public-cluster-update-variant/cluster.tf | 8 ++++---- .../beta-public-cluster-update-variant/variables.tf | 12 ++++++------ modules/beta-public-cluster/README.md | 2 +- modules/beta-public-cluster/cluster.tf | 8 ++++---- modules/beta-public-cluster/variables.tf | 12 ++++++------ modules/private-cluster-update-variant/README.md | 1 + modules/private-cluster-update-variant/cluster.tf | 4 ++++ modules/private-cluster-update-variant/variables.tf | 6 ++++++ modules/private-cluster/README.md | 1 + modules/private-cluster/cluster.tf | 4 ++++ modules/private-cluster/variables.tf | 6 ++++++ modules/safer-cluster-update-variant/README.md | 2 +- modules/safer-cluster-update-variant/variables.tf | 2 +- modules/safer-cluster/README.md | 2 +- modules/safer-cluster/variables.tf | 2 +- .../testdata/TestDisableClientCert.json | 1 + .../testdata/TestPrivateZonalWithNetworking.json | 1 + .../simple_regional/testdata/TestSimpleRegional.json | 1 + variables.tf | 6 ++++++ 31 files changed, 95 insertions(+), 59 deletions(-) diff --git a/README.md b/README.md index 774f9b043f..51275aeff1 100644 --- a/README.md +++ b/README.md @@ -141,6 +141,7 @@ Then perform the following commands on the root folder: | cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no | | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | +| config\_connector | Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no | | configure\_ip\_masq | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | `bool` | `false` | no | | create\_service\_account | Defines if service account specified to run nodes should be created. | `bool` | `true` | no | | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | 
[
  {
    "key_name": "",
    "state": "DECRYPTED"
  }
]
| no | diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 71e9720fa1..3f3f20abb3 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -286,6 +286,10 @@ resource "google_container_cluster" "primary" { enabled = gke_backup_agent_config.value.enabled } } + + config_connector_config { + enabled = var.config_connector + } {% endif %} {% if beta_cluster and autopilot_cluster != true %} @@ -305,10 +309,6 @@ resource "google_container_cluster" "primary" { kalm_config { enabled = var.kalm_config } - - config_connector_config { - enabled = var.config_connector - } {% endif %} } {% if autopilot_cluster != true %} diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index 8980318176..f720df4b32 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -711,6 +711,12 @@ variable "enable_kubernetes_alpha" { description = "Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days." default = false } + +variable "config_connector" { + type = bool + description = "Whether ConfigConnector is enabled for this cluster." + default = false +} {% endif %} {% if beta_cluster %} {% if autopilot_cluster != true %} @@ -733,12 +739,6 @@ variable "kalm_config" { default = false } -variable "config_connector" { - type = bool - description = "(Beta) Whether ConfigConnector is enabled for this cluster." - default = false -} - variable "cloudrun" { description = "(Beta) Enable CloudRun addon" type = bool diff --git a/autogen/safer-cluster/variables.tf.tmpl b/autogen/safer-cluster/variables.tf.tmpl index 66afc7d3cd..22b17ea68f 100644 --- a/autogen/safer-cluster/variables.tf.tmpl +++ b/autogen/safer-cluster/variables.tf.tmpl @@ -453,7 +453,7 @@ variable "firewall_inbound_ports" { variable "config_connector" { type = bool - description = "(Beta) Whether ConfigConnector is enabled for this cluster." + description = "Whether ConfigConnector is enabled for this cluster." default = false } diff --git a/cluster.tf b/cluster.tf index 4766e785ed..c14f1f4d2e 100644 --- a/cluster.tf +++ b/cluster.tf @@ -201,6 +201,10 @@ resource "google_container_cluster" "primary" { enabled = gke_backup_agent_config.value.enabled } } + + config_connector_config { + enabled = var.config_connector + } } datapath_provider = var.datapath_provider diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index fa58aa59aa..f674977c30 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -176,7 +176,7 @@ Then perform the following commands on the root folder: | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | | cluster\_telemetry\_type | Available options include ENABLED, DISABLED, and SYSTEM\_ONLY | `string` | `null` | no | -| config\_connector | (Beta) Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no | +| config\_connector | Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no | | configure\_ip\_masq | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | `bool` | `false` | no | | create\_service\_account | Defines if service account specified to run nodes should be created. | `bool` | `true` | no | | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | 
[
  {
    "key_name": "",
    "state": "DECRYPTED"
  }
]
| no | diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 14677e0af7..ec6c79a43f 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -234,6 +234,10 @@ resource "google_container_cluster" "primary" { } } + config_connector_config { + enabled = var.config_connector + } + istio_config { disabled = !var.istio auth = var.istio_auth @@ -250,10 +254,6 @@ resource "google_container_cluster" "primary" { kalm_config { enabled = var.kalm_config } - - config_connector_config { - enabled = var.config_connector - } } datapath_provider = var.datapath_provider diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index 99800c8bd0..5e16079788 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -674,6 +674,12 @@ variable "enable_kubernetes_alpha" { default = false } +variable "config_connector" { + type = bool + description = "Whether ConfigConnector is enabled for this cluster." + default = false +} + variable "istio" { description = "(Beta) Enable Istio addon" type = bool @@ -692,12 +698,6 @@ variable "kalm_config" { default = false } -variable "config_connector" { - type = bool - description = "(Beta) Whether ConfigConnector is enabled for this cluster." - default = false -} - variable "cloudrun" { description = "(Beta) Enable CloudRun addon" type = bool diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index 82d295f238..b1897ba5d5 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -154,7 +154,7 @@ Then perform the following commands on the root folder: | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | | cluster\_telemetry\_type | Available options include ENABLED, DISABLED, and SYSTEM\_ONLY | `string` | `null` | no | -| config\_connector | (Beta) Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no | +| config\_connector | Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no | | configure\_ip\_masq | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | `bool` | `false` | no | | create\_service\_account | Defines if service account specified to run nodes should be created. | `bool` | `true` | no | | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | 
[
  {
    "key_name": "",
    "state": "DECRYPTED"
  }
]
| no | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 9daec34d24..8472c4a572 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -234,6 +234,10 @@ resource "google_container_cluster" "primary" { } } + config_connector_config { + enabled = var.config_connector + } + istio_config { disabled = !var.istio auth = var.istio_auth @@ -250,10 +254,6 @@ resource "google_container_cluster" "primary" { kalm_config { enabled = var.kalm_config } - - config_connector_config { - enabled = var.config_connector - } } datapath_provider = var.datapath_provider diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index 99800c8bd0..5e16079788 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -674,6 +674,12 @@ variable "enable_kubernetes_alpha" { default = false } +variable "config_connector" { + type = bool + description = "Whether ConfigConnector is enabled for this cluster." + default = false +} + variable "istio" { description = "(Beta) Enable Istio addon" type = bool @@ -692,12 +698,6 @@ variable "kalm_config" { default = false } -variable "config_connector" { - type = bool - description = "(Beta) Whether ConfigConnector is enabled for this cluster." - default = false -} - variable "cloudrun" { description = "(Beta) Enable CloudRun addon" type = bool diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index c60f4ec795..c49044213e 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -170,7 +170,7 @@ Then perform the following commands on the root folder: | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | | cluster\_telemetry\_type | Available options include ENABLED, DISABLED, and SYSTEM\_ONLY | `string` | `null` | no | -| config\_connector | (Beta) Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no | +| config\_connector | Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no | | configure\_ip\_masq | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | `bool` | `false` | no | | create\_service\_account | Defines if service account specified to run nodes should be created. | `bool` | `true` | no | | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | 
[
  {
    "key_name": "",
    "state": "DECRYPTED"
  }
]
| no | diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index a4a9b4d379..3068099d25 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -234,6 +234,10 @@ resource "google_container_cluster" "primary" { } } + config_connector_config { + enabled = var.config_connector + } + istio_config { disabled = !var.istio auth = var.istio_auth @@ -250,10 +254,6 @@ resource "google_container_cluster" "primary" { kalm_config { enabled = var.kalm_config } - - config_connector_config { - enabled = var.config_connector - } } datapath_provider = var.datapath_provider diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index a85dc63b61..9e1a8448bb 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -644,6 +644,12 @@ variable "enable_kubernetes_alpha" { default = false } +variable "config_connector" { + type = bool + description = "Whether ConfigConnector is enabled for this cluster." + default = false +} + variable "istio" { description = "(Beta) Enable Istio addon" type = bool @@ -662,12 +668,6 @@ variable "kalm_config" { default = false } -variable "config_connector" { - type = bool - description = "(Beta) Whether ConfigConnector is enabled for this cluster." - default = false -} - variable "cloudrun" { description = "(Beta) Enable CloudRun addon" type = bool diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 154247af27..8d38b524a8 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -148,7 +148,7 @@ Then perform the following commands on the root folder: | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | | cluster\_telemetry\_type | Available options include ENABLED, DISABLED, and SYSTEM\_ONLY | `string` | `null` | no | -| config\_connector | (Beta) Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no | +| config\_connector | Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no | | configure\_ip\_masq | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | `bool` | `false` | no | | create\_service\_account | Defines if service account specified to run nodes should be created. | `bool` | `true` | no | | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | 
[
  {
    "key_name": "",
    "state": "DECRYPTED"
  }
]
| no | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 72376a4e08..27a714fdca 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -234,6 +234,10 @@ resource "google_container_cluster" "primary" { } } + config_connector_config { + enabled = var.config_connector + } + istio_config { disabled = !var.istio auth = var.istio_auth @@ -250,10 +254,6 @@ resource "google_container_cluster" "primary" { kalm_config { enabled = var.kalm_config } - - config_connector_config { - enabled = var.config_connector - } } datapath_provider = var.datapath_provider diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index a85dc63b61..9e1a8448bb 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -644,6 +644,12 @@ variable "enable_kubernetes_alpha" { default = false } +variable "config_connector" { + type = bool + description = "Whether ConfigConnector is enabled for this cluster." + default = false +} + variable "istio" { description = "(Beta) Enable Istio addon" type = bool @@ -662,12 +668,6 @@ variable "kalm_config" { default = false } -variable "config_connector" { - type = bool - description = "(Beta) Whether ConfigConnector is enabled for this cluster." - default = false -} - variable "cloudrun" { description = "(Beta) Enable CloudRun addon" type = bool diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index 18e5c5ca52..ee133e5eeb 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -169,6 +169,7 @@ Then perform the following commands on the root folder: | cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no | | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | +| config\_connector | Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no | | configure\_ip\_masq | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | `bool` | `false` | no | | create\_service\_account | Defines if service account specified to run nodes should be created. | `bool` | `true` | no | | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | 
[
  {
    "key_name": "",
    "state": "DECRYPTED"
  }
]
| no | diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index 9530a12217..f57916fbaf 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -201,6 +201,10 @@ resource "google_container_cluster" "primary" { enabled = gke_backup_agent_config.value.enabled } } + + config_connector_config { + enabled = var.config_connector + } } datapath_provider = var.datapath_provider diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index 7ef790aa5b..227d53f7d6 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -644,3 +644,9 @@ variable "enable_kubernetes_alpha" { description = "Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days." default = false } + +variable "config_connector" { + type = bool + description = "Whether ConfigConnector is enabled for this cluster." + default = false +} diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index fda1c04d85..c4923f0ffa 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -147,6 +147,7 @@ Then perform the following commands on the root folder: | cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no | | cluster\_ipv4\_cidr | The IP address range of the kubernetes pods in this cluster. Default is an automatically assigned CIDR. | `string` | `null` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | +| config\_connector | Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no | | configure\_ip\_masq | Enables the installation of ip masquerading, which is usually no longer required when using aliasied IP addresses. IP masquerading uses a kubectl call, so when you have a private cluster, you will need access to the API server. | `bool` | `false` | no | | create\_service\_account | Defines if service account specified to run nodes should be created. | `bool` | `true` | no | | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | 
[
  {
    "key_name": "",
    "state": "DECRYPTED"
  }
]
| no | diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index 693fcff790..cc33e59b26 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -201,6 +201,10 @@ resource "google_container_cluster" "primary" { enabled = gke_backup_agent_config.value.enabled } } + + config_connector_config { + enabled = var.config_connector + } } datapath_provider = var.datapath_provider diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index 7ef790aa5b..227d53f7d6 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -644,3 +644,9 @@ variable "enable_kubernetes_alpha" { description = "Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days." default = false } + +variable "config_connector" { + type = bool + description = "Whether ConfigConnector is enabled for this cluster." + default = false +} diff --git a/modules/safer-cluster-update-variant/README.md b/modules/safer-cluster-update-variant/README.md index 21eff2cba8..eb7efac8d1 100644 --- a/modules/safer-cluster-update-variant/README.md +++ b/modules/safer-cluster-update-variant/README.md @@ -210,7 +210,7 @@ For simplicity, we suggest using `roles/container.admin` and | cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | | compute\_engine\_service\_account | Use the given service account for nodes rather than creating a new dedicated service account. | `string` | `""` | no | -| config\_connector | (Beta) Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no | +| config\_connector | Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no | | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | 
[
  {
    "key_name": "",
    "state": "DECRYPTED"
  }
]
| no | | datapath\_provider | The desired datapath provider for this cluster. By default, `ADVANCED_DATAPATH` enables Dataplane-V2 feature. `DATAPATH_PROVIDER_UNSPECIFIED` enables the IPTables-based kube-proxy implementation as a fallback since upgrading to V2 requires a cluster re-creation. | `string` | `"ADVANCED_DATAPATH"` | no | | default\_max\_pods\_per\_node | The maximum number of pods to schedule per node | `number` | `110` | no | diff --git a/modules/safer-cluster-update-variant/variables.tf b/modules/safer-cluster-update-variant/variables.tf index 7a2f1a69d9..6b6405d019 100644 --- a/modules/safer-cluster-update-variant/variables.tf +++ b/modules/safer-cluster-update-variant/variables.tf @@ -453,7 +453,7 @@ variable "firewall_inbound_ports" { variable "config_connector" { type = bool - description = "(Beta) Whether ConfigConnector is enabled for this cluster." + description = "Whether ConfigConnector is enabled for this cluster." default = false } diff --git a/modules/safer-cluster/README.md b/modules/safer-cluster/README.md index 21eff2cba8..eb7efac8d1 100644 --- a/modules/safer-cluster/README.md +++ b/modules/safer-cluster/README.md @@ -210,7 +210,7 @@ For simplicity, we suggest using `roles/container.admin` and | cluster\_dns\_scope | The scope of access to cluster DNS records. DNS\_SCOPE\_UNSPECIFIED (default) or CLUSTER\_SCOPE or VPC\_SCOPE. | `string` | `"DNS_SCOPE_UNSPECIFIED"` | no | | cluster\_resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster | `map(string)` | `{}` | no | | compute\_engine\_service\_account | Use the given service account for nodes rather than creating a new dedicated service account. | `string` | `""` | no | -| config\_connector | (Beta) Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no | +| config\_connector | Whether ConfigConnector is enabled for this cluster. | `bool` | `false` | no | | database\_encryption | Application-layer Secrets Encryption settings. The object format is {state = string, key\_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key\_name is the name of a CloudKMS key. | `list(object({ state = string, key_name = string }))` | 
[
  {
    "key_name": "",
    "state": "DECRYPTED"
  }
]
| no | | datapath\_provider | The desired datapath provider for this cluster. By default, `ADVANCED_DATAPATH` enables Dataplane-V2 feature. `DATAPATH_PROVIDER_UNSPECIFIED` enables the IPTables-based kube-proxy implementation as a fallback since upgrading to V2 requires a cluster re-creation. | `string` | `"ADVANCED_DATAPATH"` | no | | default\_max\_pods\_per\_node | The maximum number of pods to schedule per node | `number` | `110` | no | diff --git a/modules/safer-cluster/variables.tf b/modules/safer-cluster/variables.tf index 7a2f1a69d9..6b6405d019 100644 --- a/modules/safer-cluster/variables.tf +++ b/modules/safer-cluster/variables.tf @@ -453,7 +453,7 @@ variable "firewall_inbound_ports" { variable "config_connector" { type = bool - description = "(Beta) Whether ConfigConnector is enabled for this cluster." + description = "Whether ConfigConnector is enabled for this cluster." default = false } diff --git a/test/integration/disable_client_cert/testdata/TestDisableClientCert.json b/test/integration/disable_client_cert/testdata/TestDisableClientCert.json index 9d58f326f8..1718c9829d 100755 --- a/test/integration/disable_client_cert/testdata/TestDisableClientCert.json +++ b/test/integration/disable_client_cert/testdata/TestDisableClientCert.json @@ -1,5 +1,6 @@ { "addonsConfig": { + "configConnectorConfig": {}, "dnsCacheConfig": {}, "gcePersistentDiskCsiDriverConfig": { "enabled": true diff --git a/test/integration/private_zonal_with_networking/testdata/TestPrivateZonalWithNetworking.json b/test/integration/private_zonal_with_networking/testdata/TestPrivateZonalWithNetworking.json index b2b0009907..5d0cd6984b 100755 --- a/test/integration/private_zonal_with_networking/testdata/TestPrivateZonalWithNetworking.json +++ b/test/integration/private_zonal_with_networking/testdata/TestPrivateZonalWithNetworking.json @@ -1,5 +1,6 @@ { "addonsConfig": { + "configConnectorConfig": {}, "dnsCacheConfig": {}, "gcePersistentDiskCsiDriverConfig": { "enabled": true diff --git a/test/integration/simple_regional/testdata/TestSimpleRegional.json b/test/integration/simple_regional/testdata/TestSimpleRegional.json index e251db79e9..f39aca4e1a 100644 --- a/test/integration/simple_regional/testdata/TestSimpleRegional.json +++ b/test/integration/simple_regional/testdata/TestSimpleRegional.json @@ -1,5 +1,6 @@ { "addonsConfig": { + "configConnectorConfig": {}, "dnsCacheConfig": {}, "gcePersistentDiskCsiDriverConfig": { "enabled": true diff --git a/variables.tf b/variables.tf index c69eac03fd..b25846e0ad 100644 --- a/variables.tf +++ b/variables.tf @@ -614,3 +614,9 @@ variable "enable_kubernetes_alpha" { description = "Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days." default = false } + +variable "config_connector" { + type = bool + description = "Whether ConfigConnector is enabled for this cluster." + default = false +} From 822e8e076f5869a20a13ac3a939e6127e2f72bbb Mon Sep 17 00:00:00 2001 From: CFT Bot Date: Thu, 24 Aug 2023 09:00:34 -0700 Subject: [PATCH 38/39] chore: update .github/renovate.json --- .github/renovate.json | 37 +++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/.github/renovate.json b/.github/renovate.json index 5d9e0435ea..b68ca8fbba 100644 --- a/.github/renovate.json +++ b/.github/renovate.json @@ -1,37 +1,34 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": [ - "config:base", + "config:recommended", ":semanticCommits", ":preserveSemverRanges", ":rebaseStalePrs" ], - "stabilityDays":7, + "minimumReleaseAge": "7 days", "ignorePaths": [], "labels": ["dependencies"], - "vulnerabilityAlerts":{ - "labels":[ - "type:security" - ], - "stabilityDays":0 - }, - "separateMajorMinor":false, - "constraints": { - "go": "1.20" + "vulnerabilityAlerts": { + "labels": ["type:security"], + "minimumReleaseAge": null }, + "constraints": {"go": "1.20"}, "packageRules": [ { - "matchPaths": ["examples/**", "test/**", ".github/**"], + "matchFileNames": ["examples/**", "test/**", ".github/**"], "extends": [":semanticCommitTypeAll(chore)"] }, { - "matchPaths": ["*", "modules/**"], + "matchFileNames": ["*", "modules/**"], "extends": [":semanticCommitTypeAll(fix)"] }, { - "matchDepTypes": ["module"], - "groupName": "TF modules" + "matchFileNames": ["*", "modules/**"], + "matchUpdateTypes": "major", + "commitMessagePrefix": "fix(deps)!:" }, + {"matchDepTypes": ["module"], "groupName": "TF modules"}, { "matchDepTypes": ["require"], "groupName": "GO modules", @@ -45,20 +42,24 @@ }, { "matchPackageNames": ["google", "google-beta"], - "groupName": "terraform googles" + "groupName": "Terraform Google Provider" } ], "regexManagers": [ { "fileMatch": ["(^|/)Makefile$"], - "matchStrings": ["DOCKER_TAG_VERSION_DEVELOPER_TOOLS := (?.*?)\\n"], + "matchStrings": [ + "DOCKER_TAG_VERSION_DEVELOPER_TOOLS := (?.*?)\\n" + ], "datasourceTemplate": "docker", "registryUrlTemplate": "https://gcr.io/cloud-foundation-cicd", "depNameTemplate": "cft/developer-tools" }, { "fileMatch": ["(^|/)build/(int|lint)\\.cloudbuild\\.yaml$"], - "matchStrings": [" _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '(?.*?)'\\n"], + "matchStrings": [ + " _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '(?.*?)'\\n" + ], "datasourceTemplate": "docker", "registryUrlTemplate": "https://gcr.io/cloud-foundation-cicd", "depNameTemplate": "cft/developer-tools" From 2f5a2769fada01333b178d0bc9ec1e8192535043 Mon Sep 17 00:00:00 2001 From: Bharath KKB Date: Fri, 25 Aug 2023 15:48:04 -0500 Subject: [PATCH 39/39] feat!: support gcs fuse addon (#1722) --- README.md | 1 + autogen/main/cluster.tf.tmpl | 8 ++ autogen/main/main.tf.tmpl | 7 +- autogen/main/variables.tf.tmpl | 6 ++ autogen/main/versions.tf.tmpl | 4 +- cluster.tf | 8 ++ examples/simple_regional/main.tf | 1 + main.tf | 7 +- .../versions.tf | 4 +- .../beta-autopilot-public-cluster/versions.tf | 4 +- .../README.md | 1 + .../cluster.tf | 8 ++ .../main.tf | 7 +- .../variables.tf | 6 ++ .../versions.tf | 4 +- modules/beta-private-cluster/README.md | 1 + modules/beta-private-cluster/cluster.tf | 8 ++ modules/beta-private-cluster/main.tf | 7 +- modules/beta-private-cluster/variables.tf | 6 ++ modules/beta-private-cluster/versions.tf | 4 +- .../README.md | 1 + .../cluster.tf | 8 ++ .../main.tf | 7 +- .../variables.tf | 6 ++ .../versions.tf | 4 +- modules/beta-public-cluster/README.md | 1 + modules/beta-public-cluster/cluster.tf | 8 ++ modules/beta-public-cluster/main.tf | 7 +- modules/beta-public-cluster/variables.tf | 6 ++ modules/beta-public-cluster/versions.tf | 4 +- .../private-cluster-update-variant/README.md | 1 + .../private-cluster-update-variant/cluster.tf | 8 ++ .../private-cluster-update-variant/main.tf | 7 +- .../variables.tf | 6 ++ modules/private-cluster/README.md | 1 + modules/private-cluster/cluster.tf | 8 ++ modules/private-cluster/main.tf | 7 +- modules/private-cluster/variables.tf | 6 ++ .../testdata/TestSimpleRegional.json | 94 +++++++++++-------- variables.tf | 6 ++ 40 files changed, 223 insertions(+), 75 deletions(-) diff --git a/README.md b/README.md index 51275aeff1..79513bd60c 100644 --- a/README.md +++ b/README.md @@ -163,6 +163,7 @@ Then perform the following commands on the root folder: | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no | | gateway\_api\_channel | The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`. | `string` | `null` | no | | gce\_pd\_csi\_driver | Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `true` | no | +| gcs\_fuse\_csi\_driver | Whether GCE FUSE CSI driver is enabled for this cluster. | `bool` | `false` | no | | gke\_backup\_agent\_config | Whether Backup for GKE agent is enabled for this cluster. | `bool` | `false` | no | | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no | | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no | diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 3f3f20abb3..ea7c68fdf5 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -287,6 +287,14 @@ resource "google_container_cluster" "primary" { } } + dynamic "gcs_fuse_csi_driver_config" { + for_each = local.gcs_fuse_csi_driver_config + + content { + enabled = gcs_fuse_csi_driver_config.value.enabled + } + } + config_connector_config { enabled = var.config_connector } diff --git a/autogen/main/main.tf.tmpl b/autogen/main/main.tf.tmpl index 34c71121dc..80679d4f7a 100644 --- a/autogen/main/main.tf.tmpl +++ b/autogen/main/main.tf.tmpl @@ -103,9 +103,10 @@ locals { enabled = false provider = null }] - cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }] - logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus - gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }] + cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }] + logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus + gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }] + gcs_fuse_csi_driver_config = var.gcs_fuse_csi_driver ? [{ enabled = true }] : [] {% endif %} {% if beta_cluster and autopilot_cluster != true %} cluster_cloudrun_config_load_balancer_config = (var.cloudrun && var.cloudrun_load_balancer_type != "") ? { diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index f720df4b32..a2effe8e07 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -676,6 +676,12 @@ variable "gke_backup_agent_config" { default = false } +variable "gcs_fuse_csi_driver" { + type = bool + description = "Whether GCE FUSE CSI driver is enabled for this cluster." + default = false +} + {% endif %} variable "timeouts" { type = map(string) diff --git a/autogen/main/versions.tf.tmpl b/autogen/main/versions.tf.tmpl index 092c18c7f3..494d40d45f 100644 --- a/autogen/main/versions.tf.tmpl +++ b/autogen/main/versions.tf.tmpl @@ -24,11 +24,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1" + version = ">= 4.76.0, < 5.0, !=4.65.0, !=4.65.1" } google-beta = { source = "hashicorp/google-beta" - version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1" + version = ">= 4.76.0, < 5.0, !=4.65.0, !=4.65.1" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/cluster.tf b/cluster.tf index c14f1f4d2e..a7d07d0a75 100644 --- a/cluster.tf +++ b/cluster.tf @@ -202,6 +202,14 @@ resource "google_container_cluster" "primary" { } } + dynamic "gcs_fuse_csi_driver_config" { + for_each = local.gcs_fuse_csi_driver_config + + content { + enabled = gcs_fuse_csi_driver_config.value.enabled + } + } + config_connector_config { enabled = var.config_connector } diff --git a/examples/simple_regional/main.tf b/examples/simple_regional/main.tf index 3b1f43fdd9..33a1fdaf77 100644 --- a/examples/simple_regional/main.tf +++ b/examples/simple_regional/main.tf @@ -40,4 +40,5 @@ module "gke" { service_account = var.compute_engine_service_account enable_cost_allocation = true enable_binary_authorization = var.enable_binary_authorization + gcs_fuse_csi_driver = true } diff --git a/main.tf b/main.tf index 48423740eb..e307ff82a4 100644 --- a/main.tf +++ b/main.tf @@ -88,9 +88,10 @@ locals { enabled = false provider = null }] - cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }] - logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus - gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }] + cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }] + logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus + gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }] + gcs_fuse_csi_driver_config = var.gcs_fuse_csi_driver ? [{ enabled = true }] : [] cluster_authenticator_security_group = var.authenticator_security_group == null ? [] : [{ security_group = var.authenticator_security_group diff --git a/modules/beta-autopilot-private-cluster/versions.tf b/modules/beta-autopilot-private-cluster/versions.tf index cba97d154f..7125c7b741 100644 --- a/modules/beta-autopilot-private-cluster/versions.tf +++ b/modules/beta-autopilot-private-cluster/versions.tf @@ -21,11 +21,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1" + version = ">= 4.76.0, < 5.0, !=4.65.0, !=4.65.1" } google-beta = { source = "hashicorp/google-beta" - version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1" + version = ">= 4.76.0, < 5.0, !=4.65.0, !=4.65.1" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-autopilot-public-cluster/versions.tf b/modules/beta-autopilot-public-cluster/versions.tf index a830f165cb..cb0a26bc62 100644 --- a/modules/beta-autopilot-public-cluster/versions.tf +++ b/modules/beta-autopilot-public-cluster/versions.tf @@ -21,11 +21,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1" + version = ">= 4.76.0, < 5.0, !=4.65.0, !=4.65.1" } google-beta = { source = "hashicorp/google-beta" - version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1" + version = ">= 4.76.0, < 5.0, !=4.65.0, !=4.65.1" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index f674977c30..6b3283c001 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -207,6 +207,7 @@ Then perform the following commands on the root folder: | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no | | gateway\_api\_channel | The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`. | `string` | `null` | no | | gce\_pd\_csi\_driver | Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `true` | no | +| gcs\_fuse\_csi\_driver | Whether GCE FUSE CSI driver is enabled for this cluster. | `bool` | `false` | no | | gke\_backup\_agent\_config | Whether Backup for GKE agent is enabled for this cluster. | `bool` | `false` | no | | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no | | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no | diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index ec6c79a43f..8e5613585a 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -234,6 +234,14 @@ resource "google_container_cluster" "primary" { } } + dynamic "gcs_fuse_csi_driver_config" { + for_each = local.gcs_fuse_csi_driver_config + + content { + enabled = gcs_fuse_csi_driver_config.value.enabled + } + } + config_connector_config { enabled = var.config_connector } diff --git a/modules/beta-private-cluster-update-variant/main.tf b/modules/beta-private-cluster-update-variant/main.tf index 04b388e8a2..6f0139cfb2 100644 --- a/modules/beta-private-cluster-update-variant/main.tf +++ b/modules/beta-private-cluster-update-variant/main.tf @@ -88,9 +88,10 @@ locals { enabled = false provider = null }] - cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }] - logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus - gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }] + cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }] + logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus + gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }] + gcs_fuse_csi_driver_config = var.gcs_fuse_csi_driver ? [{ enabled = true }] : [] cluster_cloudrun_config_load_balancer_config = (var.cloudrun && var.cloudrun_load_balancer_type != "") ? { load_balancer_type = var.cloudrun_load_balancer_type } : {} diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index 5e16079788..5daeb3daad 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -640,6 +640,12 @@ variable "gke_backup_agent_config" { default = false } +variable "gcs_fuse_csi_driver" { + type = bool + description = "Whether GCE FUSE CSI driver is enabled for this cluster." + default = false +} + variable "timeouts" { type = map(string) description = "Timeout for cluster operations." diff --git a/modules/beta-private-cluster-update-variant/versions.tf b/modules/beta-private-cluster-update-variant/versions.tf index 34b56ac68d..090b353012 100644 --- a/modules/beta-private-cluster-update-variant/versions.tf +++ b/modules/beta-private-cluster-update-variant/versions.tf @@ -21,11 +21,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1" + version = ">= 4.76.0, < 5.0, !=4.65.0, !=4.65.1" } google-beta = { source = "hashicorp/google-beta" - version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1" + version = ">= 4.76.0, < 5.0, !=4.65.0, !=4.65.1" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index b1897ba5d5..da568a971a 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -185,6 +185,7 @@ Then perform the following commands on the root folder: | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no | | gateway\_api\_channel | The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`. | `string` | `null` | no | | gce\_pd\_csi\_driver | Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `true` | no | +| gcs\_fuse\_csi\_driver | Whether GCE FUSE CSI driver is enabled for this cluster. | `bool` | `false` | no | | gke\_backup\_agent\_config | Whether Backup for GKE agent is enabled for this cluster. | `bool` | `false` | no | | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no | | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 8472c4a572..2a61b84bc0 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -234,6 +234,14 @@ resource "google_container_cluster" "primary" { } } + dynamic "gcs_fuse_csi_driver_config" { + for_each = local.gcs_fuse_csi_driver_config + + content { + enabled = gcs_fuse_csi_driver_config.value.enabled + } + } + config_connector_config { enabled = var.config_connector } diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf index 04b388e8a2..6f0139cfb2 100644 --- a/modules/beta-private-cluster/main.tf +++ b/modules/beta-private-cluster/main.tf @@ -88,9 +88,10 @@ locals { enabled = false provider = null }] - cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }] - logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus - gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }] + cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }] + logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus + gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }] + gcs_fuse_csi_driver_config = var.gcs_fuse_csi_driver ? [{ enabled = true }] : [] cluster_cloudrun_config_load_balancer_config = (var.cloudrun && var.cloudrun_load_balancer_type != "") ? { load_balancer_type = var.cloudrun_load_balancer_type } : {} diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index 5e16079788..5daeb3daad 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -640,6 +640,12 @@ variable "gke_backup_agent_config" { default = false } +variable "gcs_fuse_csi_driver" { + type = bool + description = "Whether GCE FUSE CSI driver is enabled for this cluster." + default = false +} + variable "timeouts" { type = map(string) description = "Timeout for cluster operations." diff --git a/modules/beta-private-cluster/versions.tf b/modules/beta-private-cluster/versions.tf index 0e41e4f165..736e1f16bf 100644 --- a/modules/beta-private-cluster/versions.tf +++ b/modules/beta-private-cluster/versions.tf @@ -21,11 +21,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1" + version = ">= 4.76.0, < 5.0, !=4.65.0, !=4.65.1" } google-beta = { source = "hashicorp/google-beta" - version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1" + version = ">= 4.76.0, < 5.0, !=4.65.0, !=4.65.1" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index c49044213e..6ac0ba92ff 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -198,6 +198,7 @@ Then perform the following commands on the root folder: | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no | | gateway\_api\_channel | The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`. | `string` | `null` | no | | gce\_pd\_csi\_driver | Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `true` | no | +| gcs\_fuse\_csi\_driver | Whether GCE FUSE CSI driver is enabled for this cluster. | `bool` | `false` | no | | gke\_backup\_agent\_config | Whether Backup for GKE agent is enabled for this cluster. | `bool` | `false` | no | | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no | | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no | diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index 3068099d25..86742e65c4 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -234,6 +234,14 @@ resource "google_container_cluster" "primary" { } } + dynamic "gcs_fuse_csi_driver_config" { + for_each = local.gcs_fuse_csi_driver_config + + content { + enabled = gcs_fuse_csi_driver_config.value.enabled + } + } + config_connector_config { enabled = var.config_connector } diff --git a/modules/beta-public-cluster-update-variant/main.tf b/modules/beta-public-cluster-update-variant/main.tf index e403ad7dc1..febe765811 100644 --- a/modules/beta-public-cluster-update-variant/main.tf +++ b/modules/beta-public-cluster-update-variant/main.tf @@ -88,9 +88,10 @@ locals { enabled = false provider = null }] - cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }] - logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus - gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }] + cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }] + logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus + gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }] + gcs_fuse_csi_driver_config = var.gcs_fuse_csi_driver ? [{ enabled = true }] : [] cluster_cloudrun_config_load_balancer_config = (var.cloudrun && var.cloudrun_load_balancer_type != "") ? { load_balancer_type = var.cloudrun_load_balancer_type } : {} diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index 9e1a8448bb..2b900e4f93 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -610,6 +610,12 @@ variable "gke_backup_agent_config" { default = false } +variable "gcs_fuse_csi_driver" { + type = bool + description = "Whether GCE FUSE CSI driver is enabled for this cluster." + default = false +} + variable "timeouts" { type = map(string) description = "Timeout for cluster operations." diff --git a/modules/beta-public-cluster-update-variant/versions.tf b/modules/beta-public-cluster-update-variant/versions.tf index 0dcfcda12e..214a5841b8 100644 --- a/modules/beta-public-cluster-update-variant/versions.tf +++ b/modules/beta-public-cluster-update-variant/versions.tf @@ -21,11 +21,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1" + version = ">= 4.76.0, < 5.0, !=4.65.0, !=4.65.1" } google-beta = { source = "hashicorp/google-beta" - version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1" + version = ">= 4.76.0, < 5.0, !=4.65.0, !=4.65.1" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 8d38b524a8..f325ea56ad 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -176,6 +176,7 @@ Then perform the following commands on the root folder: | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no | | gateway\_api\_channel | The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`. | `string` | `null` | no | | gce\_pd\_csi\_driver | Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `true` | no | +| gcs\_fuse\_csi\_driver | Whether GCE FUSE CSI driver is enabled for this cluster. | `bool` | `false` | no | | gke\_backup\_agent\_config | Whether Backup for GKE agent is enabled for this cluster. | `bool` | `false` | no | | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no | | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 27a714fdca..69f9842591 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -234,6 +234,14 @@ resource "google_container_cluster" "primary" { } } + dynamic "gcs_fuse_csi_driver_config" { + for_each = local.gcs_fuse_csi_driver_config + + content { + enabled = gcs_fuse_csi_driver_config.value.enabled + } + } + config_connector_config { enabled = var.config_connector } diff --git a/modules/beta-public-cluster/main.tf b/modules/beta-public-cluster/main.tf index e403ad7dc1..febe765811 100644 --- a/modules/beta-public-cluster/main.tf +++ b/modules/beta-public-cluster/main.tf @@ -88,9 +88,10 @@ locals { enabled = false provider = null }] - cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }] - logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus - gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }] + cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }] + logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus + gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }] + gcs_fuse_csi_driver_config = var.gcs_fuse_csi_driver ? [{ enabled = true }] : [] cluster_cloudrun_config_load_balancer_config = (var.cloudrun && var.cloudrun_load_balancer_type != "") ? { load_balancer_type = var.cloudrun_load_balancer_type } : {} diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index 9e1a8448bb..2b900e4f93 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -610,6 +610,12 @@ variable "gke_backup_agent_config" { default = false } +variable "gcs_fuse_csi_driver" { + type = bool + description = "Whether GCE FUSE CSI driver is enabled for this cluster." + default = false +} + variable "timeouts" { type = map(string) description = "Timeout for cluster operations." diff --git a/modules/beta-public-cluster/versions.tf b/modules/beta-public-cluster/versions.tf index 3075b4c3c2..39299bb4d7 100644 --- a/modules/beta-public-cluster/versions.tf +++ b/modules/beta-public-cluster/versions.tf @@ -21,11 +21,11 @@ terraform { required_providers { google = { source = "hashicorp/google" - version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1" + version = ">= 4.76.0, < 5.0, !=4.65.0, !=4.65.1" } google-beta = { source = "hashicorp/google-beta" - version = ">= 4.51.0, < 5.0, !=4.65.0, !=4.65.1" + version = ">= 4.76.0, < 5.0, !=4.65.0, !=4.65.1" } kubernetes = { source = "hashicorp/kubernetes" diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index ee133e5eeb..596cc827b7 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -194,6 +194,7 @@ Then perform the following commands on the root folder: | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no | | gateway\_api\_channel | The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`. | `string` | `null` | no | | gce\_pd\_csi\_driver | Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `true` | no | +| gcs\_fuse\_csi\_driver | Whether GCE FUSE CSI driver is enabled for this cluster. | `bool` | `false` | no | | gke\_backup\_agent\_config | Whether Backup for GKE agent is enabled for this cluster. | `bool` | `false` | no | | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no | | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no | diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index f57916fbaf..8f75d404a2 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -202,6 +202,14 @@ resource "google_container_cluster" "primary" { } } + dynamic "gcs_fuse_csi_driver_config" { + for_each = local.gcs_fuse_csi_driver_config + + content { + enabled = gcs_fuse_csi_driver_config.value.enabled + } + } + config_connector_config { enabled = var.config_connector } diff --git a/modules/private-cluster-update-variant/main.tf b/modules/private-cluster-update-variant/main.tf index af7062a2a7..6d4b06f7de 100644 --- a/modules/private-cluster-update-variant/main.tf +++ b/modules/private-cluster-update-variant/main.tf @@ -88,9 +88,10 @@ locals { enabled = false provider = null }] - cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }] - logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus - gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }] + cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }] + logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus + gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }] + gcs_fuse_csi_driver_config = var.gcs_fuse_csi_driver ? [{ enabled = true }] : [] cluster_authenticator_security_group = var.authenticator_security_group == null ? [] : [{ security_group = var.authenticator_security_group diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index 227d53f7d6..ca215e3093 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -611,6 +611,12 @@ variable "gke_backup_agent_config" { default = false } +variable "gcs_fuse_csi_driver" { + type = bool + description = "Whether GCE FUSE CSI driver is enabled for this cluster." + default = false +} + variable "timeouts" { type = map(string) description = "Timeout for cluster operations." diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index c4923f0ffa..c4b7c59ba8 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -172,6 +172,7 @@ Then perform the following commands on the root folder: | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no | | gateway\_api\_channel | The gateway api channel of this cluster. Accepted values are `CHANNEL_STANDARD` and `CHANNEL_DISABLED`. | `string` | `null` | no | | gce\_pd\_csi\_driver | Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `true` | no | +| gcs\_fuse\_csi\_driver | Whether GCE FUSE CSI driver is enabled for this cluster. | `bool` | `false` | no | | gke\_backup\_agent\_config | Whether Backup for GKE agent is enabled for this cluster. | `bool` | `false` | no | | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer and artifactregistry.reader roles. | `bool` | `false` | no | | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no | diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index cc33e59b26..a621347dc5 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -202,6 +202,14 @@ resource "google_container_cluster" "primary" { } } + dynamic "gcs_fuse_csi_driver_config" { + for_each = local.gcs_fuse_csi_driver_config + + content { + enabled = gcs_fuse_csi_driver_config.value.enabled + } + } + config_connector_config { enabled = var.config_connector } diff --git a/modules/private-cluster/main.tf b/modules/private-cluster/main.tf index af7062a2a7..6d4b06f7de 100644 --- a/modules/private-cluster/main.tf +++ b/modules/private-cluster/main.tf @@ -88,9 +88,10 @@ locals { enabled = false provider = null }] - cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }] - logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus - gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }] + cluster_gce_pd_csi_config = var.gce_pd_csi_driver ? [{ enabled = true }] : [{ enabled = false }] + logmon_config_is_set = length(var.logging_enabled_components) > 0 || length(var.monitoring_enabled_components) > 0 || var.monitoring_enable_managed_prometheus + gke_backup_agent_config = var.gke_backup_agent_config ? [{ enabled = true }] : [{ enabled = false }] + gcs_fuse_csi_driver_config = var.gcs_fuse_csi_driver ? [{ enabled = true }] : [] cluster_authenticator_security_group = var.authenticator_security_group == null ? [] : [{ security_group = var.authenticator_security_group diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index 227d53f7d6..ca215e3093 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -611,6 +611,12 @@ variable "gke_backup_agent_config" { default = false } +variable "gcs_fuse_csi_driver" { + type = bool + description = "Whether GCE FUSE CSI driver is enabled for this cluster." + default = false +} + variable "timeouts" { type = map(string) description = "Timeout for cluster operations." diff --git a/test/integration/simple_regional/testdata/TestSimpleRegional.json b/test/integration/simple_regional/testdata/TestSimpleRegional.json index f39aca4e1a..31d14b4180 100644 --- a/test/integration/simple_regional/testdata/TestSimpleRegional.json +++ b/test/integration/simple_regional/testdata/TestSimpleRegional.json @@ -6,6 +6,9 @@ "enabled": true }, "gcpFilestoreCsiDriverConfig": {}, + "gcsFuseCsiDriverConfig": { + "enabled": true + }, "gkeBackupAgentConfig": {}, "horizontalPodAutoscaling": {}, "httpLoadBalancing": {}, @@ -27,35 +30,37 @@ "costManagementConfig": { "enabled": true }, - "createTime": "2023-01-12T04:59:06+00:00", - "currentMasterVersion": "1.25.4-gke.2100", + "createTime": "2023-08-25T16:39:57+00:00", + "currentMasterVersion": "1.27.3-gke.100", "currentNodeCount": 3, - "currentNodeVersion": "1.25.4-gke.2100", + "currentNodeVersion": "1.27.3-gke.100", "databaseEncryption": { "state": "DECRYPTED" }, "defaultMaxPodsConstraint": { "maxPodsPerNode": "110" }, - "endpoint": "35.226.100.112", - "etag": "ae242170-5148-4c6f-a649-592e540337d4", - "id": "c916e72d2f4c47b88a07514cba092a5414edcdcbafc648ad9921d0513c7a7c84", - "initialClusterVersion": "1.25.4-gke.2100", + "endpoint": "35.238.117.51", + "etag": "a214a2ff-16ea-4e65-8c01-43e7a6cece82", + "id": "8e4011253bcb4fbc943f88ae797f124f0f001ed95cc94b229231d68b8a44e20b", + "initialClusterVersion": "1.27.3-gke.100", "instanceGroupUrls": [ - "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-a/instanceGroupManagers/gke-simple-regional-clus-default-pool-9c052bb2-grp", - "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-c/instanceGroupManagers/gke-simple-regional-clus-default-pool-daba78bc-grp", - "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-f/instanceGroupManagers/gke-simple-regional-clus-default-pool-16a6ddb1-grp", - "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-a/instanceGroupManagers/gke-simple-regional--default-node-poo-5496474f-grp", - "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-c/instanceGroupManagers/gke-simple-regional--default-node-poo-acd77da1-grp", - "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-f/instanceGroupManagers/gke-simple-regional--default-node-poo-eabd6db0-grp" + "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-a/instanceGroupManagers/gke-simple-regional-clus-default-pool-209983a6-grp", + "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-c/instanceGroupManagers/gke-simple-regional-clus-default-pool-6094c28c-grp", + "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-f/instanceGroupManagers/gke-simple-regional-clus-default-pool-a9225012-grp", + "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-a/instanceGroupManagers/gke-simple-regional--default-node-poo-8fb4fd0f-grp", + "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-c/instanceGroupManagers/gke-simple-regional--default-node-poo-24ffed9f-grp", + "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-f/instanceGroupManagers/gke-simple-regional--default-node-poo-1d2dc357-grp" ], "ipAllocationPolicy": { "clusterIpv4Cidr": "192.168.0.0/18", "clusterIpv4CidrBlock": "192.168.0.0/18", - "clusterSecondaryRangeName": "cft-gke-test-pods-he07", + "clusterSecondaryRangeName": "cft-gke-test-pods-44kc", + "defaultPodIpv4RangeUtilization": 0.0469, + "podCidrOverprovisionConfig": {}, "servicesIpv4Cidr": "192.168.64.0/18", "servicesIpv4CidrBlock": "192.168.64.0/18", - "servicesSecondaryRangeName": "cft-gke-test-services-he07", + "servicesSecondaryRangeName": "cft-gke-test-services-44kc", "stackType": "IPV4", "useIpAliases": true }, @@ -86,26 +91,32 @@ } }, "masterAuth": { - "clusterCaCertificate": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVMVENDQXBXZ0F3SUJBZ0lSQU9hSWNZb2ptSXR0R2N3VlJac1NRZ2d3RFFZSktvWklodmNOQVFFTEJRQXcKTHpFdE1Dc0dBMVVFQXhNa00yVXhaR0l6T1RBdE1XSTVOaTAwTkRKbExUZ3haVEl0TUdFeFkySmtaR1ExT1RCagpNQ0FYRFRJek1ERXhNakF6TlRrd05sb1lEekl3TlRNd01UQTBNRFExT1RBMldqQXZNUzB3S3dZRFZRUURFeVF6ClpURmtZak01TUMweFlqazJMVFEwTW1VdE9ERmxNaTB3WVRGalltUmtaRFU1TUdNd2dnR2lNQTBHQ1NxR1NJYjMKRFFFQkFRVUFBNElCandBd2dnR0tBb0lCZ1FEWW1rd3RyNHNTL2tpdEVITERaQkdEakdEU1JTQmQ3L0dCMndhUQpxVkd2ckNPSXBURjdhZmYyYW9yL2t2WStHRnhCV1BtL0JBZlo2RUtocG5iaDlpelZhc2xxRURyc1Y0YW9VMW1mClAxbHl5Ty84cGR5ZHJuY2tGeVJmMERsNWR4RFEvY0hlRFJqdjUrNXl0d3g3V0pVU21ERXNyVytRQXNCQllGSEwKNDlCUkVIT3c2cEF2VERJcTRlcVFyaWdKRWVtMlp0SzRsYWZqNXRSZG5TU2dUT1lQa25VUVgwZkcxS0xCcVJ2bQpuR0RqRWQxbGpQdlNZRStDTUZnNHpGdmVoVC80R1ZIdUxYdmtiMnZYVkFzckpPOWl0eFJRNURSb0tmS05DS1cxCnYxYWpKQ1pJOUVKKy9Mc3JvbGZoMTB1Zm5iN2tkN2djOHoxQU5TQnBBYzZ5WEJQeEJiK0g5VDhGZHo5enp2WEoKYURBdnh1dTZTYkJVaVVTTFJINUVIdjIwTVhIUWU5VVI0RXVkSmNTVHhheTRwMm5CZzFGcDJrNEY3bkVYWkZWdwpTSUpRcDhkUXpFc281eS81ZDI2dG1OL1dqNG5oRGJDRUdzM0dIVmY0SU9RSEpkNW9NNVBsWEtYZUhZcW5QWlJMCm5NS25Cem9neDdzbUd5ZUFqeW1VMWdhQldsa0NBd0VBQWFOQ01FQXdEZ1lEVlIwUEFRSC9CQVFEQWdJRU1BOEcKQTFVZEV3RUIvd1FGTUFNQkFmOHdIUVlEVlIwT0JCWUVGUEgxYzVsUCtkR1lQK0FPTEFjUlhTbHpBQ2k2TUEwRwpDU3FHU0liM0RRRUJDd1VBQTRJQmdRQ2JYVTRKTENRdDllYlVqbEVCZE1QOTFyQmxsQktjSExSU0VPdWVrNTQ1ClhIeWs2RUdidGtDTWd2cEV6Z1lRS2taZ05ZbHlwbU9RdFdqTkJpWHpHb0tiUlFZNjNhR0RBZzlQbE85S3VDa2wKajZHR1hkM09GMFluRUZhYVVNcHNyYzdhS3NYSVpKYnoyT000bjUyaVJEYnZtOHN1aytNcmFxdDhYWnBFRGZhNwpndGlIRVNrbi94WHFhenRrdzc4enFydFdjRjNzTjljQXV5MEs5QzA4TGxnMCs4TzIyVEl4WmJEOE45czAvRjgzCm9KejVnUEZ1Nlc5eENibS93MGJWK0dDMFBGMkZhaTB6dDg0bXZISFNiNlhRS0RxaTllZGcwdFNWMGVLMG8ySi8KK0VuMmx2MXhjM3NFQnMvM3NJZHJVU3ppdEkwRk52aE00aS8xZzRmV2YrUEVqeGRsOENtNjF4MlpzV2hBZExwaQpvK0dhdDE0T0hqMXFrWUlHWG8yQnZLWWQvcXE5VUFZTXF6amdIcTNxanhpMWVtTjBTa1ZsN2xkeXFoU3JhS2IzCkZPc2lNU3poODB6WFFpRzM2SXp5K0hGdjV4TWNyQWpuM2RpZmtHejVmQzNuUXd4QnZkdEF0YU9pTHFjTU1QY1QKaEI3T0I0cExpcGZNa0JvQVY1YlZ5cUE9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" + "clusterCaCertificate": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVMRENDQXBTZ0F3SUJBZ0lRQ0J5aEs4ZEtSMTNBeGIrTkxTM1FSREFOQmdrcWhraUc5dzBCQVFzRkFEQXYKTVMwd0t3WURWUVFERXlReE56VTNaR1l4WkMwMFpUY3dMVFF5TVdZdE9XWmpPUzB4TVRZelpXRXdNbUpsWmpRdwpJQmNOTWpNd09ESTFNVFV6T1RVM1doZ1BNakExTXpBNE1UY3hOak01TlRkYU1DOHhMVEFyQmdOVkJBTVRKREUzCk5UZGtaakZrTFRSbE56QXROREl4WmkwNVptTTVMVEV4TmpObFlUQXlZbVZtTkRDQ0FhSXdEUVlKS29aSWh2Y04KQVFFQkJRQURnZ0dQQURDQ0FZb0NnZ0dCQUtDYW1KRWwvT04rUUxIWGh0dVVaVVQ5VHFYMnNoeTZtL2lvQ3d0dgp1TG9LVTYzQzRvS0N1ajQzbXRYMVFTaUFRLzloNHVqV0xucW9PUzdpd2FrWnZHMHpBdjJrZmNuVUtXQnM5MTJRCm40K05pcU1EVWRyd1Fab0NwMTl2MDhGOFBSTTZCWFVIRUNnQUtvanhSeVpyTzkrZDVESndXNFRHUzhJWVNleTUKR2xnUkFyQk5LMXBzb09ZMHhaZGpxTUxDNnpkTEMyT01PaVhOcXVMUGNkUFk0aHFGSDZ0cXFOY09kTllNaWVBUwpwNGM3YS83WFA1cnF0M1NiSlhYbkZmVFFmL1dablJiUWh1SDRxRmpUUUVrdEdieW9rT0tEQ09QS0lGNEVwc1czCmR5M2ZVNkhDaWR2V2JCSHEvV21JVWpRWmxlSE5UWkZack5HVC9tcmF2R0RsWjZFaHkvY2psam5DZi90NXduK1AKb1BOZUVjaWxkZDhmNWpqQTc4TW1ValNiV3Z0c01xY2VKTEQ3eUx4RUhGNEZnOXJ1c2wyZU9SZDBQSFkzYmFOZAp4SUlVcVF0M3JORmc4Q0NoSnA0N2w1T3YzTHQzWTI5SjVTRHo2dkM4c3psUkl3NE1TNVQ0OGQ0T200T0VrcVRuCkFmWGw2TjFETzVGRjJKOHZCeHA4Q2Q3NEd3SURBUUFCbzBJd1FEQU9CZ05WSFE4QkFmOEVCQU1DQWdRd0R3WUQKVlIwVEFRSC9CQVV3QXdFQi96QWRCZ05WSFE0RUZnUVVaa1FWVXdBcmZLZEpBSWZzUFBSdmFraktabll3RFFZSgpLb1pJaHZjTkFRRUxCUUFEZ2dHQkFIenEvaWxoekNMeEJuYkp2c2lsdkthTXRpbXRxSjNqTFh5NkdvYW56U3F0ClY1STZFZ01Jd3Zubml4ZVhOb0lrQnhJbDlGcUVmV1g0eHFGLytQb1JoU1dMZHkyZUk1d1I4WkJzaU9lcDA0ZTgKdW80Nk1tdU93alZkM2pOZExOdW1ZRlRqVzR3TStKUytPNUQ0SUo3YXpPVVF1K2gvd2ViQ1pXSjkxbUcxcUtnRQo4WVM3d3pKYlJiU0lQL2tMdWN6aGM4V2dnL1Z2czBldklaNFY2SHRFeFo1UmFjZ3lMcGhvKzNBQlFjakwvVDFWCjRLQ08zUFAyMmo5ZkRLUXNYdEppMHNmV3lMSmwybERwb1ZHMGJGZ2l1MFJxY05XM2dDTTNZYWs3dVRpelozOWYKU3I1NHU0SzBMQVdXbnRqc0NBR0RkajNFYmw0eFVGWWo5SG1zVURKNm5ncFdmejBHeHJQL29rUm5WV05MZjRJMwpuRlYzb0o4S0ZQRjVhUmQwYXNKZnc2a3VpZTNwZytYanlVRlp5ek51a1ZqcUFXdWFVV1lPUjg5Mnd3T0tnNFUrCnJQTUU3RzhqRFBjNWt0MVZ4dktQY0NOckkxdjgralBTSktDYnhCWFU2bXdRSFRnUGVzVWJuUDkrd1FobWpkdHkKME1JOFlpOWltdWtmTy9JMHpSRkJDdz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" }, "masterAuthorizedNetworksConfig": { "gcpPublicCidrsAccessEnabled": true }, "monitoringConfig": { + "advancedDatapathObservabilityConfig": { + "relayMode": "DISABLED" + }, "componentConfig": { "enableComponents": [ "SYSTEM_COMPONENTS" ] + }, + "managedPrometheusConfig": { + "enabled": true } }, "monitoringService": "monitoring.googleapis.com/kubernetes", "name": "CLUSTER_NAME", - "network": "cft-gke-test-he07", + "network": "cft-gke-test-44kc", "networkConfig": { "defaultSnatStatus": {}, - "network": "projects/PROJECT_ID/global/networks/cft-gke-test-he07", + "network": "projects/PROJECT_ID/global/networks/cft-gke-test-44kc", "serviceExternalIpsConfig": {}, - "subnetwork": "projects/PROJECT_ID/regions/us-central1/subnetworks/cft-gke-test-he07" + "subnetwork": "projects/PROJECT_ID/regions/us-central1/subnetworks/cft-gke-test-44kc" }, "nodeConfig": { "diskSizeGb": 100, @@ -124,7 +135,7 @@ "https://www.googleapis.com/auth/userinfo.email", "https://www.googleapis.com/auth/cloud-platform" ], - "serviceAccount": "SERVICE_ACCOUNT", + "serviceAccount": "gke-sa-int-test-p1-e155@PROJECT_ID.iam.gserviceaccount.com", "shieldedInstanceConfig": { "enableIntegrityMonitoring": true }, @@ -166,7 +177,7 @@ "https://www.googleapis.com/auth/userinfo.email", "https://www.googleapis.com/auth/cloud-platform" ], - "serviceAccount": "SERVICE_ACCOUNT", + "serviceAccount": "gke-sa-int-test-p1-e155@PROJECT_ID.iam.gserviceaccount.com", "shieldedInstanceConfig": { "enableIntegrityMonitoring": true }, @@ -179,11 +190,11 @@ "mode": "GKE_METADATA" } }, - "etag": "1f6c7e1b-edb7-4bab-b19b-fc7156d1f83e", + "etag": "3bb00743-9dbf-4e92-9512-1e64fb8f1b8a", "instanceGroupUrls": [ - "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-a/instanceGroupManagers/gke-simple-regional-clus-default-pool-9c052bb2-grp", - "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-c/instanceGroupManagers/gke-simple-regional-clus-default-pool-daba78bc-grp", - "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-f/instanceGroupManagers/gke-simple-regional-clus-default-pool-16a6ddb1-grp" + "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-a/instanceGroupManagers/gke-simple-regional-clus-default-pool-209983a6-grp", + "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-c/instanceGroupManagers/gke-simple-regional-clus-default-pool-6094c28c-grp", + "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-f/instanceGroupManagers/gke-simple-regional-clus-default-pool-a9225012-grp" ], "locations": [ "us-central1-a", @@ -201,7 +212,8 @@ "networkConfig": { "enablePrivateNodes": false, "podIpv4CidrBlock": "192.168.0.0/18", - "podRange": "cft-gke-test-pods-he07" + "podIpv4RangeUtilization": 0.0469, + "podRange": "cft-gke-test-pods-44kc" }, "podIpv4CidrSize": 24, "selfLink": "https://container.googleapis.com/v1/projects/PROJECT_ID/locations/us-central1/clusters/CLUSTER_NAME/nodePools/default-pool", @@ -210,7 +222,7 @@ "maxSurge": 1, "strategy": "SURGE" }, - "version": "1.25.4-gke.2100" + "version": "1.27.3-gke.100" }, { "autoscaling": { @@ -241,7 +253,7 @@ "oauthScopes": [ "https://www.googleapis.com/auth/cloud-platform" ], - "serviceAccount": "SERVICE_ACCOUNT", + "serviceAccount": "gke-sa-int-test-p1-e155@PROJECT_ID.iam.gserviceaccount.com", "shieldedInstanceConfig": { "enableIntegrityMonitoring": true }, @@ -254,12 +266,12 @@ "mode": "GKE_METADATA" } }, - "etag": "ce97aa50-d1d2-44a7-a150-fd00360a3275", + "etag": "c1cb03bd-8b4e-4a06-9c4e-213b87aa86a3", "initialNodeCount": 1, "instanceGroupUrls": [ - "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-a/instanceGroupManagers/gke-simple-regional--default-node-poo-5496474f-grp", - "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-c/instanceGroupManagers/gke-simple-regional--default-node-poo-acd77da1-grp", - "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-f/instanceGroupManagers/gke-simple-regional--default-node-poo-eabd6db0-grp" + "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-a/instanceGroupManagers/gke-simple-regional--default-node-poo-8fb4fd0f-grp", + "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-c/instanceGroupManagers/gke-simple-regional--default-node-poo-24ffed9f-grp", + "https://www.googleapis.com/compute/v1/projects/PROJECT_ID/zones/us-central1-f/instanceGroupManagers/gke-simple-regional--default-node-poo-1d2dc357-grp" ], "locations": [ "us-central1-a", @@ -277,7 +289,8 @@ "networkConfig": { "enablePrivateNodes": false, "podIpv4CidrBlock": "192.168.0.0/18", - "podRange": "cft-gke-test-pods-he07" + "podIpv4RangeUtilization": 0.0469, + "podRange": "cft-gke-test-pods-44kc" }, "podIpv4CidrSize": 24, "selfLink": "https://container.googleapis.com/v1/projects/PROJECT_ID/locations/us-central1/clusters/CLUSTER_NAME/nodePools/default-node-pool", @@ -286,7 +299,7 @@ "maxSurge": 1, "strategy": "SURGE" }, - "version": "1.25.4-gke.2100" + "version": "1.27.3-gke.100" } ], "notificationConfig": { @@ -294,7 +307,14 @@ }, "privateClusterConfig": { "privateEndpoint": "10.0.0.2", - "publicEndpoint": "35.226.100.112" + "publicEndpoint": "35.238.117.51" + }, + "releaseChannel": { + "channel": "REGULAR" + }, + "securityPostureConfig": { + "mode": "BASIC", + "vulnerabilityMode": "VULNERABILITY_MODE_UNSPECIFIED" }, "selfLink": "https://container.googleapis.com/v1/projects/PROJECT_ID/locations/us-central1/clusters/CLUSTER_NAME", "servicesIpv4Cidr": "192.168.64.0/18", @@ -302,10 +322,10 @@ "enabled": true }, "status": "RUNNING", - "subnetwork": "cft-gke-test-he07", + "subnetwork": "cft-gke-test-44kc", "verticalPodAutoscaling": {}, "workloadIdentityConfig": { "workloadPool": "PROJECT_ID.svc.id.goog" }, "zone": "us-central1" -} +} \ No newline at end of file diff --git a/variables.tf b/variables.tf index b25846e0ad..f1be61ecbe 100644 --- a/variables.tf +++ b/variables.tf @@ -581,6 +581,12 @@ variable "gke_backup_agent_config" { default = false } +variable "gcs_fuse_csi_driver" { + type = bool + description = "Whether GCE FUSE CSI driver is enabled for this cluster." + default = false +} + variable "timeouts" { type = map(string) description = "Timeout for cluster operations."