From 6371abc6c738779c244725b6924cdf771930f1f2 Mon Sep 17 00:00:00 2001 From: Ihor Pukha Date: Tue, 2 Jul 2019 15:51:18 +0300 Subject: [PATCH] Add support for Terraform v0.12 #5 --- CHANGELOG.md | 5 ++ Gemfile | 2 +- Makefile | 16 ++--- README.md | 8 ++- examples/multiple_service_accounts/main.tf | 3 +- examples/multiple_service_accounts/outputs.tf | 7 +- .../multiple_service_accounts/variables.tf | 3 +- .../multiple_service_accounts/versions.tf | 19 ++++++ examples/single_service_account/main.tf | 5 +- examples/single_service_account/outputs.tf | 5 +- examples/single_service_account/variables.tf | 4 +- examples/single_service_account/versions.tf | 19 ++++++ main.tf | 65 +++++++++++-------- outputs.tf | 38 ++++++----- .../multiple_service_accounts/main.tf | 3 +- .../multiple_service_accounts/outputs.tf | 5 +- .../multiple_service_accounts/variables.tf | 3 +- .../multiple_service_accounts/versions.tf | 19 ++++++ test/fixtures/single_service_account/main.tf | 3 +- .../single_service_account/outputs.tf | 7 +- .../single_service_account/variables.tf | 3 +- .../single_service_account/versions.tf | 19 ++++++ .../multiple_service_accounts/controls/gcp.rb | 2 +- .../single_service_account/controls/gcp.rb | 2 +- test/make.sh | 20 +----- variables.tf | 10 +++ versions.tf | 19 ++++++ 27 files changed, 223 insertions(+), 91 deletions(-) create mode 100644 examples/multiple_service_accounts/versions.tf create mode 100644 examples/single_service_account/versions.tf create mode 100644 test/fixtures/multiple_service_accounts/versions.tf create mode 100644 test/fixtures/single_service_account/versions.tf create mode 100644 versions.tf diff --git a/CHANGELOG.md b/CHANGELOG.md index 62f591a..8517655 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [Unreleased] +### CHANGED + +- Upgraded for usage with terraform-0.12.x [#6] + ## [0.1.1] - 2019-06-14 @@ -26,3 +30,4 @@ and this project adheres to [0.1.0]: https://github.com/terraform-google-modules/terraform-google-service-accounts/releases/tag/v0.1.0 [#3]: https://github.com/terraform-google-modules/terraform-google-service-accounts/pull/3 [#1]: https://github.com/terraform-google-modules/terraform-google-service-accounts/pull/1 +[#6]: https://github.com/terraform-google-modules/terraform-google-service-accounts/pull/6 \ No newline at end of file diff --git a/Gemfile b/Gemfile index 4dbdea2..6dc7c95 100644 --- a/Gemfile +++ b/Gemfile @@ -15,5 +15,5 @@ ruby '2.5.3' source 'https://rubygems.org/' do - gem 'kitchen-terraform', '~> 4.8' + gem 'kitchen-terraform', '~> 4.9' end diff --git a/Makefile b/Makefile index 730d0ae..1ad0d6a 100644 --- a/Makefile +++ b/Makefile @@ -21,7 +21,7 @@ SHELL := /usr/bin/env bash # Docker build config variables CREDENTIALS_PATH ?= /cft/workdir/credentials.json DOCKER_ORG := gcr.io/cloud-foundation-cicd -DOCKER_TAG_BASE_KITCHEN_TERRAFORM ?= 1.0.1 +DOCKER_TAG_BASE_KITCHEN_TERRAFORM ?= 2.3.0 DOCKER_REPO_BASE_KITCHEN_TERRAFORM := ${DOCKER_ORG}/cft/kitchen-terraform:${DOCKER_TAG_BASE_KITCHEN_TERRAFORM} # All is the first target in the file so it will get picked up when you just run 'make' on its own @@ -30,7 +30,7 @@ all: check generate_docs # Run all available linters .PHONY: check -check: check_shell check_python check_golang check_terraform check_docker check_base_files test_check_headers check_headers check_trailing_whitespace +check: check_shell check_python check_golang check_terraform check_base_files test_check_headers check_headers check_trailing_whitespace # The .PHONY directive tells make that this isn't a real target and so # the presence of a file named 'check_shell' won't cause this target to stop @@ -95,7 +95,7 @@ docker_run: -e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \ -v $(CURDIR):/cft/workdir \ ${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \ - /bin/bash -c "source test/ci_integration.sh && setup_environment && exec /bin/bash" + /bin/bash -c "cd /cft/workdir && source test/ci_integration.sh && setup_environment && exec /bin/bash" .PHONY: docker_create docker_create: @@ -105,7 +105,7 @@ docker_create: -e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \ -v $(CURDIR):/cft/workdir \ ${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \ - /bin/bash -c "source test/ci_integration.sh && setup_environment && kitchen create" + /bin/bash -c "cd /cft/workdir && source test/ci_integration.sh && setup_environment && kitchen create" .PHONY: docker_converge docker_converge: @@ -115,7 +115,7 @@ docker_converge: -e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \ -v $(CURDIR):/cft/workdir \ ${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \ - /bin/bash -c "source test/ci_integration.sh && setup_environment && kitchen converge" + /bin/bash -c "cd /cft/workdir && source test/ci_integration.sh && setup_environment && kitchen converge" .PHONY: docker_verify docker_verify: @@ -125,7 +125,7 @@ docker_verify: -e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \ -v $(CURDIR):/cft/workdir \ ${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \ - /bin/bash -c "source test/ci_integration.sh && setup_environment && kitchen verify" + /bin/bash -c "cd /cft/workdir && source test/ci_integration.sh && setup_environment && kitchen verify" .PHONY: docker_destroy docker_destroy: @@ -135,7 +135,7 @@ docker_destroy: -e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \ -v $(CURDIR):/cft/workdir \ ${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \ - /bin/bash -c "source test/ci_integration.sh && setup_environment && kitchen destroy" + /bin/bash -c "cd /cft/workdir && source test/ci_integration.sh && setup_environment && kitchen destroy" .PHONY: test_integration_docker test_integration_docker: @@ -145,4 +145,4 @@ test_integration_docker: -e GOOGLE_APPLICATION_CREDENTIALS=${CREDENTIALS_PATH} \ -v $(CURDIR):/cft/workdir \ ${DOCKER_REPO_BASE_KITCHEN_TERRAFORM} \ - make test_integration + /bin/bash -c "cd /cft/workdir && source test/ci_integration.sh && setup_environment && make test_integration" diff --git a/README.md b/README.md index 2efbc6a..6151b80 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,12 @@ The resources/services/activations/deletions that this module will create/trigge - two optional organization-level IAM bindings per service account, to enable the service accounts to create and manage Shared VPC networks - one optional service account key per service account +## Compatibility + + This module is meant for use with Terraform 0.12. If you haven't [upgraded](https://www.terraform.io/upgrade-guides/0-12.html) + and need a Terraform 0.11.x-compatible version of this module, the last released version intended for + Terraform 0.11.x is [0.1.1](https://registry.terraform.io/modules/terraform-google-modules/service-accounts/google/0.1.1). + ## Usage Basic usage of this module is as follows: @@ -67,7 +73,7 @@ These sections describe requirements for using this module. The following dependencies must be available: -- [Terraform][terraform] v0.11 +- [Terraform][terraform] v0.12 - [Terraform Provider for GCP][terraform-provider-gcp] plugin >= v2.0 ### IAM diff --git a/examples/multiple_service_accounts/main.tf b/examples/multiple_service_accounts/main.tf index 87a544d..81968fa 100644 --- a/examples/multiple_service_accounts/main.tf +++ b/examples/multiple_service_accounts/main.tf @@ -20,7 +20,7 @@ provider "google" { module "service_accounts" { source = "../.." - project_id = "${var.project_id}" + project_id = var.project_id prefix = "" names = ["test-first", "test-second"] generate_keys = true @@ -30,3 +30,4 @@ module "service_accounts" { "${var.project_id}=>roles/storage.objectViewer", ] } + diff --git a/examples/multiple_service_accounts/outputs.tf b/examples/multiple_service_accounts/outputs.tf index 141bc51..44f1014 100644 --- a/examples/multiple_service_accounts/outputs.tf +++ b/examples/multiple_service_accounts/outputs.tf @@ -16,15 +16,16 @@ output "emails" { description = "The service account emails." - value = "${values(module.service_accounts.emails)}" + value = values(module.service_accounts.emails) } output "iam_emails" { description = "The service account IAM-format emails." - value = "${values(module.service_accounts.iam_emails)}" + value = values(module.service_accounts.iam_emails) } output "keys" { description = "The service account keys." - value = "${module.service_accounts.keys}" + value = module.service_accounts.keys } + diff --git a/examples/multiple_service_accounts/variables.tf b/examples/multiple_service_accounts/variables.tf index b6df58e..189ff9d 100644 --- a/examples/multiple_service_accounts/variables.tf +++ b/examples/multiple_service_accounts/variables.tf @@ -16,5 +16,6 @@ variable "project_id" { description = "The ID of the project in which to provision resources." - type = "string" + type = string } + diff --git a/examples/multiple_service_accounts/versions.tf b/examples/multiple_service_accounts/versions.tf new file mode 100644 index 0000000..2970427 --- /dev/null +++ b/examples/multiple_service_accounts/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = ">= 0.12" +} diff --git a/examples/single_service_account/main.tf b/examples/single_service_account/main.tf index efb2e61..a0dd221 100644 --- a/examples/single_service_account/main.tf +++ b/examples/single_service_account/main.tf @@ -20,8 +20,9 @@ provider "google" { module "service_accounts" { source = "../.." - project_id = "${var.project_id}" - prefix = "${var.prefix}" + project_id = var.project_id + prefix = var.prefix names = ["single-account"] project_roles = ["${var.project_id}=>roles/viewer"] } + diff --git a/examples/single_service_account/outputs.tf b/examples/single_service_account/outputs.tf index a216c75..c95e614 100644 --- a/examples/single_service_account/outputs.tf +++ b/examples/single_service_account/outputs.tf @@ -16,10 +16,11 @@ output "email" { description = "The service account email." - value = "${module.service_accounts.email}" + value = module.service_accounts.email } output "iam_email" { description = "The service account IAM-format email." - value = "${module.service_accounts.iam_email}" + value = module.service_accounts.iam_email } + diff --git a/examples/single_service_account/variables.tf b/examples/single_service_account/variables.tf index 206318d..7083fec 100644 --- a/examples/single_service_account/variables.tf +++ b/examples/single_service_account/variables.tf @@ -16,10 +16,12 @@ variable "project_id" { description = "The ID of the project in which to provision resources." - type = "string" + type = string } variable "prefix" { + type = string description = "Prefix applied to service account names." default = "" } + diff --git a/examples/single_service_account/versions.tf b/examples/single_service_account/versions.tf new file mode 100644 index 0000000..2970427 --- /dev/null +++ b/examples/single_service_account/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = ">= 0.12" +} diff --git a/main.tf b/main.tf index d994c92..7b38a3e 100644 --- a/main.tf +++ b/main.tf @@ -15,73 +15,82 @@ */ locals { - account_billing = "${var.grant_billing_role && var.billing_account_id != ""}" - org_billing = "${var.grant_billing_role && var.billing_account_id == "" && var.org_id != ""}" - prefix = "${var.prefix != "" ? "${var.prefix}-" : ""}" - xpn = "${var.grant_xpn_roles && var.org_id != ""}" + account_billing = var.grant_billing_role && var.billing_account_id != "" + org_billing = var.grant_billing_role && var.billing_account_id == "" && var.org_id != "" + prefix = var.prefix != "" ? "${var.prefix}-" : "" + xpn = var.grant_xpn_roles && var.org_id != "" } # create service accounts resource "google_service_account" "service_accounts" { - count = "${length(var.names)}" + count = length(var.names) account_id = "${local.prefix}${lower(element(var.names, count.index))}" display_name = "Terraform-managed service account" - project = "${var.project_id}" + project = var.project_id } # common roles resource "google_project_iam_member" "project-roles" { - count = "${length(var.project_roles) * length(var.names)}" + count = length(var.project_roles) * length(var.names) - project = "${element( - split("=>", element(var.project_roles, count.index % length(var.project_roles)) - ), 0)}" + project = element( + split( + "=>", + element(var.project_roles, count.index % length(var.project_roles)), + ), + 0, + ) - role = "${element( - split("=>", element(var.project_roles, count.index % length(var.project_roles)) - ), 1)}" + role = element( + split( + "=>", + element(var.project_roles, count.index % length(var.project_roles)), + ), + 1, + ) member = "serviceAccount:${element( google_service_account.service_accounts.*.email, - count.index / length(var.project_roles) + floor(count.index / length(var.project_roles)), )}" } # conditionally assign billing user role at the org level resource "google_organization_iam_member" "billing_user" { - count = "${local.org_billing ? length(var.names) : 0}" - org_id = "${var.org_id}" + count = local.org_billing ? length(var.names) : 0 + org_id = var.org_id role = "roles/billing.user" - member = "serviceAccount:${element(google_service_account.service_accounts.*.email, count.index)}" + member = "serviceAccount:${google_service_account.service_accounts[count.index].email}" } # conditionally assign billing user role on a specific billing account resource "google_billing_account_iam_member" "billing_user" { - count = "${local.account_billing ? length(var.names) : 0}" - billing_account_id = "${var.billing_account_id}" + count = local.account_billing ? length(var.names) : 0 + billing_account_id = var.billing_account_id role = "roles/billing.user" - member = "serviceAccount:${element(google_service_account.service_accounts.*.email, count.index)}" + member = "serviceAccount:${google_service_account.service_accounts[count.index].email}" } # conditionally assign roles for shared VPC # ref: https://cloud.google.com/vpc/docs/shared-vpc resource "google_organization_iam_member" "xpn_admin" { - count = "${local.xpn ? length(var.names) : 0}" - org_id = "${var.org_id}" + count = local.xpn ? length(var.names) : 0 + org_id = var.org_id role = "roles/compute.xpnAdmin" - member = "serviceAccount:${element(google_service_account.service_accounts.*.email, count.index)}" + member = "serviceAccount:${google_service_account.service_accounts[count.index].email}" } resource "google_organization_iam_member" "organization_viewer" { - count = "${local.xpn ? length(var.names) : 0}" - org_id = "${var.org_id}" + count = local.xpn ? length(var.names) : 0 + org_id = var.org_id role = "roles/resourcemanager.organizationViewer" - member = "serviceAccount:${element(google_service_account.service_accounts.*.email, count.index)}" + member = "serviceAccount:${google_service_account.service_accounts[count.index].email}" } # keys resource "google_service_account_key" "keys" { - count = "${var.generate_keys ? length(var.names) : 0}" - service_account_id = "${element(google_service_account.service_accounts.*.email, count.index)}" + count = var.generate_keys ? length(var.names) : 0 + service_account_id = google_service_account.service_accounts[count.index].email } + diff --git a/outputs.tf b/outputs.tf index 1e87e6b..721df90 100644 --- a/outputs.tf +++ b/outputs.tf @@ -16,42 +16,50 @@ output "email" { description = "Service account email (single-use case)." - value = "${element(google_service_account.service_accounts.*.email, 0)}" + value = google_service_account.service_accounts[0].email } output "iam_email" { description = "IAM-format service account email (single-use case)." - value = "serviceAccount:${element(google_service_account.service_accounts.*.email, 0)}" + value = "serviceAccount:${google_service_account.service_accounts[0].email}" } output "emails" { description = "Map of service account emails." - value = "${zipmap(var.names, google_service_account.service_accounts.*.email)}" + value = zipmap(var.names, google_service_account.service_accounts.*.email) } output "iam_emails" { description = "IAM-format service account emails." - value = "${zipmap(var.names, formatlist("serviceAccount:%s", google_service_account.service_accounts.*.email))}" + value = zipmap( + var.names, + formatlist( + "serviceAccount:%s", + google_service_account.service_accounts.*.email, + ), + ) } data "template_file" "keys" { - count = "${length(var.names)}" + count = length(var.names) template = "$${key}" - vars { - key = "${ - var.generate_keys - ? base64decode(element( - concat(google_service_account_key.keys.*.private_key, list("")), - count.index - )) - : "" - }" + vars = { + key = var.generate_keys ? base64decode( + element( + concat(google_service_account_key.keys.*.private_key, [""]), + count.index, + ), + ) : "" } } output "keys" { description = "Map of service account keys." sensitive = true - value = "${zipmap(formatlist("%s-key.json", var.names), data.template_file.keys.*.rendered)}" + value = zipmap( + formatlist("%s-key.json", var.names), + data.template_file.keys.*.rendered, + ) } + diff --git a/test/fixtures/multiple_service_accounts/main.tf b/test/fixtures/multiple_service_accounts/main.tf index 7a2c9ef..c20a3e1 100644 --- a/test/fixtures/multiple_service_accounts/main.tf +++ b/test/fixtures/multiple_service_accounts/main.tf @@ -16,5 +16,6 @@ module "example" { source = "../../../examples/multiple_service_accounts" - project_id = "${var.project_id}" + project_id = var.project_id } + diff --git a/test/fixtures/multiple_service_accounts/outputs.tf b/test/fixtures/multiple_service_accounts/outputs.tf index 85a01d5..587e1e2 100644 --- a/test/fixtures/multiple_service_accounts/outputs.tf +++ b/test/fixtures/multiple_service_accounts/outputs.tf @@ -16,10 +16,11 @@ output "emails" { description = "The service account emails." - value = "${module.example.emails}" + value = module.example.emails } output "project_id" { description = "Project id variable." - value = "${var.project_id}" + value = var.project_id } + diff --git a/test/fixtures/multiple_service_accounts/variables.tf b/test/fixtures/multiple_service_accounts/variables.tf index 093f6b1..1f95eaa 100644 --- a/test/fixtures/multiple_service_accounts/variables.tf +++ b/test/fixtures/multiple_service_accounts/variables.tf @@ -16,5 +16,6 @@ variable "project_id" { description = "The ID of the project in which to provision resources." - type = "string" + type = string } + diff --git a/test/fixtures/multiple_service_accounts/versions.tf b/test/fixtures/multiple_service_accounts/versions.tf new file mode 100644 index 0000000..2970427 --- /dev/null +++ b/test/fixtures/multiple_service_accounts/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = ">= 0.12" +} diff --git a/test/fixtures/single_service_account/main.tf b/test/fixtures/single_service_account/main.tf index d3a0f7a..74ec8f5 100644 --- a/test/fixtures/single_service_account/main.tf +++ b/test/fixtures/single_service_account/main.tf @@ -16,5 +16,6 @@ module "example" { source = "../../../examples/single_service_account" - project_id = "${var.project_id}" + project_id = var.project_id } + diff --git a/test/fixtures/single_service_account/outputs.tf b/test/fixtures/single_service_account/outputs.tf index f11f73d..ab01cda 100644 --- a/test/fixtures/single_service_account/outputs.tf +++ b/test/fixtures/single_service_account/outputs.tf @@ -16,15 +16,16 @@ output "email" { description = "The service account email." - value = "${module.example.email}" + value = module.example.email } output "iam_email" { description = "The service account IAM-format email." - value = "${module.example.iam_email}" + value = module.example.iam_email } output "project_id" { description = "Project id variable." - value = "${var.project_id}" + value = var.project_id } + diff --git a/test/fixtures/single_service_account/variables.tf b/test/fixtures/single_service_account/variables.tf index 093f6b1..1f95eaa 100644 --- a/test/fixtures/single_service_account/variables.tf +++ b/test/fixtures/single_service_account/variables.tf @@ -16,5 +16,6 @@ variable "project_id" { description = "The ID of the project in which to provision resources." - type = "string" + type = string } + diff --git a/test/fixtures/single_service_account/versions.tf b/test/fixtures/single_service_account/versions.tf new file mode 100644 index 0000000..832ec1d --- /dev/null +++ b/test/fixtures/single_service_account/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2018 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = ">= 0.12" +} diff --git a/test/integration/multiple_service_accounts/controls/gcp.rb b/test/integration/multiple_service_accounts/controls/gcp.rb index a8b91b4..a6c671f 100644 --- a/test/integration/multiple_service_accounts/controls/gcp.rb +++ b/test/integration/multiple_service_accounts/controls/gcp.rb @@ -4,7 +4,7 @@ # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, diff --git a/test/integration/single_service_account/controls/gcp.rb b/test/integration/single_service_account/controls/gcp.rb index c382ce7..bd731bb 100644 --- a/test/integration/single_service_account/controls/gcp.rb +++ b/test/integration/single_service_account/controls/gcp.rb @@ -4,7 +4,7 @@ # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, diff --git a/test/make.sh b/test/make.sh index a5b3aeb..803acd7 100755 --- a/test/make.sh +++ b/test/make.sh @@ -62,28 +62,14 @@ function basefiles() { done } -# This function runs the hadolint linter on -# every file named 'Dockerfile' -function docker() { - echo "Running hadolint on Dockerfiles" - find_files . -name "Dockerfile" -print0 \ - | compat_xargs -0 hadolint -} - # This function runs 'terraform validate' and 'terraform fmt' # against all directory paths which contain *.tf files. function check_terraform() { - set -e echo "Running terraform validate" - find_files . -name "*.tf" -print0 \ - | compat_xargs -0 -n1 dirname \ - | sort -u \ - | compat_xargs -t -n1 terraform validate --check-variables=false + #shellcheck disable=SC2156 + find . -name "*.tf" -not -path "./test/fixtures/shared/*" -not -path "./test/fixtures/all_examples/*" -exec bash -c 'cd $(dirname "{}") && terraform init && terraform validate ' \; echo "Running terraform fmt" - find_files . -name "*.tf" -print0 \ - | compat_xargs -0 -n1 dirname \ - | sort -u \ - | compat_xargs -t -n1 terraform fmt -check=true -write=false + find_files . -name "*.tf" -exec terraform fmt -check=true -write=false {} \; } # This function runs 'go fmt' and 'go vet' on every file diff --git a/variables.tf b/variables.tf index 357e57b..1fe774f 100644 --- a/variables.tf +++ b/variables.tf @@ -15,45 +15,55 @@ */ variable "project_id" { + type = string description = "Project id where service account will be created." } variable "prefix" { + type = string description = "Prefix applied to service account names." default = "" } variable "names" { + type = list(string) description = "Names of the service accounts to create." default = [] } variable "project_roles" { + type = list(string) description = "Common roles to apply to all service accounts, project=>role as elements." default = [] } variable "grant_billing_role" { + type = bool description = "Grant billing user role." default = false } variable "billing_account_id" { + type = string description = "If assigning billing role, specificy a billing account (default is to assign at the organizational level)." default = "" } variable "grant_xpn_roles" { + type = bool description = "Grant roles for shared VPC management." default = true } variable "org_id" { + type = string description = "Id of the organization for org-level roles." default = "" } variable "generate_keys" { + type = bool description = "Generate keys for service accounts." default = false } + diff --git a/versions.tf b/versions.tf new file mode 100644 index 0000000..2970427 --- /dev/null +++ b/versions.tf @@ -0,0 +1,19 @@ +/** + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +terraform { + required_version = ">= 0.12" +}