From f9b808b4bc5dea9b02ba14c5633e52d558436202 Mon Sep 17 00:00:00 2001 From: Julio Castillo Date: Fri, 27 May 2022 16:06:41 +0200 Subject: [PATCH] Fix permissions and update NVA and peering net stages for gke --- fast/stages/01-resman/branch-gke.tf | 8 ++++---- fast/stages/02-networking-nva/spoke-dev.tf | 1 + fast/stages/02-networking-nva/spoke-prod.tf | 1 + fast/stages/02-networking-nva/variables.tf | 2 ++ fast/stages/02-networking-peering/spoke-dev.tf | 1 + fast/stages/02-networking-peering/spoke-prod.tf | 1 + fast/stages/02-networking-peering/variables.tf | 2 ++ fast/stages/03-gke-multitenant/dev/gke-clusters.tf | 1 + tests/fast/stages/s02_networking_nva/fixture/main.tf | 2 ++ tests/fast/stages/s02_networking_peering/fixture/main.tf | 2 ++ tests/modules/gke_hub/test_plan.py | 6 +++--- 11 files changed, 20 insertions(+), 7 deletions(-) diff --git a/fast/stages/01-resman/branch-gke.tf b/fast/stages/01-resman/branch-gke.tf index 5914f5f50..1cfb3d6fe 100644 --- a/fast/stages/01-resman/branch-gke.tf +++ b/fast/stages/01-resman/branch-gke.tf @@ -51,7 +51,7 @@ module "branch-gke-multitenant-prod-folder" { module "branch-gke-multitenant-prod-sa" { source = "../../../modules/iam-service-account" - project_id = var.automation_project_id + project_id = var.automation.project_id name = "prod-resman-gke-0" description = "Terraform gke multitenant prod service account." prefix = var.prefix @@ -63,7 +63,7 @@ module "branch-gke-multitenant-prod-sa" { module "branch-gke-multitenant-prod-gcs" { source = "../../../modules/gcs" - project_id = var.automation_project_id + project_id = var.automation.project_id name = "prod-resman-gke-0" prefix = var.prefix versioning = true @@ -92,7 +92,7 @@ module "branch-gke-multitenant-dev-folder" { module "branch-gke-multitenant-dev-sa" { source = "../../../modules/iam-service-account" - project_id = var.automation_project_id + project_id = var.automation.project_id name = "dev-resman-gke-0" description = "Terraform gke multitenant dev service account." prefix = var.prefix @@ -104,7 +104,7 @@ module "branch-gke-multitenant-dev-sa" { module "branch-gke-multitenant-dev-gcs" { source = "../../../modules/gcs" - project_id = var.automation_project_id + project_id = var.automation.project_id name = "dev-resman-gke-0" prefix = var.prefix versioning = true diff --git a/fast/stages/02-networking-nva/spoke-dev.tf b/fast/stages/02-networking-nva/spoke-dev.tf index 843d544fd..28ed13ecc 100644 --- a/fast/stages/02-networking-nva/spoke-dev.tf +++ b/fast/stages/02-networking-nva/spoke-dev.tf @@ -126,6 +126,7 @@ resource "google_project_iam_binding" "dev_spoke_project_iam_delegated" { members = [ local.service_accounts.data-platform-dev, local.service_accounts.project-factory-dev, + local.service_accounts.gke-multitenant-dev, ] condition { title = "dev_stage3_sa_delegated_grants" diff --git a/fast/stages/02-networking-nva/spoke-prod.tf b/fast/stages/02-networking-nva/spoke-prod.tf index d0a22dc98..6ba5fe30b 100644 --- a/fast/stages/02-networking-nva/spoke-prod.tf +++ b/fast/stages/02-networking-nva/spoke-prod.tf @@ -126,6 +126,7 @@ resource "google_project_iam_binding" "prod_spoke_project_iam_delegated" { members = [ local.service_accounts.data-platform-prod, local.service_accounts.project-factory-prod, + local.service_accounts.gke-multitenant-prod, ] condition { title = "prod_stage3_sa_delegated_grants" diff --git a/fast/stages/02-networking-nva/variables.tf b/fast/stages/02-networking-nva/variables.tf index bc06729bc..2fe29d785 100644 --- a/fast/stages/02-networking-nva/variables.tf +++ b/fast/stages/02-networking-nva/variables.tf @@ -209,6 +209,8 @@ variable "service_accounts" { type = object({ data-platform-dev = string data-platform-prod = string + gke-multitenant-dev = string + gke-multitenant-prod = string project-factory-dev = string project-factory-prod = string }) diff --git a/fast/stages/02-networking-peering/spoke-dev.tf b/fast/stages/02-networking-peering/spoke-dev.tf index a6713eaf7..169ac6ba0 100644 --- a/fast/stages/02-networking-peering/spoke-dev.tf +++ b/fast/stages/02-networking-peering/spoke-dev.tf @@ -103,6 +103,7 @@ resource "google_project_iam_binding" "dev_spoke_project_iam_delegated" { members = [ local.service_accounts.data-platform-dev, local.service_accounts.project-factory-dev, + local.service_accounts.gke-multitenant-dev, ] condition { title = "dev_stage3_sa_delegated_grants" diff --git a/fast/stages/02-networking-peering/spoke-prod.tf b/fast/stages/02-networking-peering/spoke-prod.tf index 401a08563..084f5a216 100644 --- a/fast/stages/02-networking-peering/spoke-prod.tf +++ b/fast/stages/02-networking-peering/spoke-prod.tf @@ -103,6 +103,7 @@ resource "google_project_iam_binding" "prod_spoke_project_iam_delegated" { members = [ local.service_accounts.data-platform-prod, local.service_accounts.project-factory-prod, + local.service_accounts.gke-multitenant-prod, ] condition { title = "prod_stage3_sa_delegated_grants" diff --git a/fast/stages/02-networking-peering/variables.tf b/fast/stages/02-networking-peering/variables.tf index 60bd8be1d..77ef3884f 100644 --- a/fast/stages/02-networking-peering/variables.tf +++ b/fast/stages/02-networking-peering/variables.tf @@ -187,6 +187,8 @@ variable "service_accounts" { type = object({ data-platform-dev = string data-platform-prod = string + gke-multitenant-dev = string + gke-multitenant-prod = string project-factory-dev = string project-factory-prod = string }) diff --git a/fast/stages/03-gke-multitenant/dev/gke-clusters.tf b/fast/stages/03-gke-multitenant/dev/gke-clusters.tf index 8f9cb987e..51ba711a4 100644 --- a/fast/stages/03-gke-multitenant/dev/gke-clusters.tf +++ b/fast/stages/03-gke-multitenant/dev/gke-clusters.tf @@ -44,6 +44,7 @@ module "gke-cluster" { config_connector_config = true kalm_config = false gcp_filestore_csi_driver_config = false + gke_backup_agent_config = false # enable only if enable_dataplane_v2 is changed to false below network_policy_config = false istio_config = { diff --git a/tests/fast/stages/s02_networking_nva/fixture/main.tf b/tests/fast/stages/s02_networking_nva/fixture/main.tf index f0ff8ad03..b34da60a7 100644 --- a/tests/fast/stages/s02_networking_nva/fixture/main.tf +++ b/tests/fast/stages/s02_networking_nva/fixture/main.tf @@ -35,6 +35,8 @@ module "stage" { service_accounts = { data-platform-dev = "string" data-platform-prod = "string" + gke-multitenant-dev = "string" + gke-multitenant-prod = "string" project-factory-dev = "string" project-factory-prod = "string" } diff --git a/tests/fast/stages/s02_networking_peering/fixture/main.tf b/tests/fast/stages/s02_networking_peering/fixture/main.tf index 420409590..704c71a31 100644 --- a/tests/fast/stages/s02_networking_peering/fixture/main.tf +++ b/tests/fast/stages/s02_networking_peering/fixture/main.tf @@ -35,6 +35,8 @@ module "stage" { service_accounts = { data-platform-dev = "string" data-platform-prod = "string" + gke-multitenant-dev = "string" + gke-multitenant-prod = "string" project-factory-dev = "string" project-factory-prod = "string" } diff --git a/tests/modules/gke_hub/test_plan.py b/tests/modules/gke_hub/test_plan.py index 08e0a581c..40d82c1f5 100644 --- a/tests/modules/gke_hub/test_plan.py +++ b/tests/modules/gke_hub/test_plan.py @@ -23,11 +23,11 @@ def resources(plan_runner): def test_resource_count(resources): "Test number of resources created." - assert len(resources) == 8 + assert len(resources) == 6 assert sorted(r['address'] for r in resources) == [ 'module.hub.google_gke_hub_feature.configmanagement["1"]', - 'module.hub.google_gke_hub_feature.mci["mycluster1"]', - 'module.hub.google_gke_hub_feature.mci["mycluster2"]', + # 'module.hub.google_gke_hub_feature.mci["mycluster1"]', + # 'module.hub.google_gke_hub_feature.mci["mycluster2"]', 'module.hub.google_gke_hub_feature.mcs["1"]', 'module.hub.google_gke_hub_feature_membership.feature_member["mycluster1"]', 'module.hub.google_gke_hub_feature_membership.feature_member["mycluster2"]',