feat: option to install asmcli

terraform-google-modules · Sep 4, 2024 · 3aa0635 · 3aa0635
1 parent f96ca9f
commit 3aa0635
Show file tree

Hide file tree

Showing 29 changed files with 423 additions and 18 deletions.
diff --git a/README.md b/README.md
@@ -44,6 +44,7 @@ Setting it to `never` will *never* gcloud download and setting it to `always` wi
 |------|-------------|------|---------|:--------:|
 | activate\_service\_account | Set to false to skip running `gcloud auth activate-service-account`. Optional. | `bool` | `true` | no |
 | additional\_components | Additional gcloud CLI components to install. Defaults to none. Valid value are components listed in `gcloud components list` | `list(string)` | `[]` | no |
+| asmcli\_version | The asmcli version to download. Optional. | `string` | `null` | no |
 | create\_cmd\_body | On create, the command body you'd like to run with your entrypoint. | `string` | `"info"` | no |
 | create\_cmd\_entrypoint | On create, the command entrypoint you'd like to use. Can also be set to a custom script. Module's bin directory will be prepended to path. | `string` | `"gcloud"` | no |
 | create\_cmd\_triggers | List of any additional triggers to re-run the create command execution when either of values in the maps change. Some keys are reserved and will be overwritten if specified in this option. (eg. `md5`, `arguments`, `download_gcloud_command`, `download_jq_command`, etc. See details in [the source](https://github.com/terraform-google-modules/terraform-google-gcloud/blob/master/main.tf).) | `map(any)` | `{}` | no |
@@ -65,6 +66,7 @@ Setting it to `never` will *never* gcloud download and setting it to `always` wi
 
 | Name | Description |
 |------|-------------|
+| asmcli\_downloaded | Whether asmcli was downloaded or not |
 | bin\_dir | The full bin path of the modules executables |
 | create\_cmd\_bin | The full bin path & command used on create |
 | destroy\_cmd\_bin | The full bin path & command used on destroy |

diff --git a/examples/asmcli_example/README.md b/examples/asmcli_example/README.md
@@ -0,0 +1,27 @@
+# Asmcli Example
+
+This example illustrates how to use `asmscli` with the`gcloud` module.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| project\_id | The ID of the project in which to provision resources. | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| asmcli\_downloaded | asmcli version |
+| ca\_certificate | The cluster ca certificate (base64 encoded) |
+| client\_token | The bearer token for auth |
+| kubernetes\_endpoint | The cluster endpoint |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+
+To provision this example, run the following from within this directory:
+- `terraform init` to get the plugins
+- `terraform plan` to see the infrastructure plan
+- `terraform apply` to apply the infrastructure build
+- `terraform destroy` to destroy the built infrastructure
diff --git a/examples/asmcli_example/main.tf b/examples/asmcli_example/main.tf
@@ -0,0 +1,75 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+module "network" {
+  source       = "terraform-google-modules/network/google"
+  version      = "~> 9.0"
+  project_id   = var.project_id
+  network_name = "asmcli-example-network"
+
+  subnets = [
+    {
+      subnet_name   = "asmcli-example-subnet"
+      subnet_ip     = "10.0.0.0/17"
+      subnet_region = "us-central1"
+    },
+  ]
+
+  secondary_ranges = {
+    ("asmcli-example-subnet") = [
+      {
+        range_name    = "asmcli-example-pods"
+        ip_cidr_range = "192.168.0.0/18"
+      },
+      {
+        range_name    = "asmcli-example-services"
+        ip_cidr_range = "192.168.64.0/18"
+      },
+    ]
+  }
+}
+
+module "gke" {
+  source                 = "terraform-google-modules/kubernetes-engine/google"
+  version                = "~> 32.0"
+  project_id             = var.project_id
+  name                   = "asmcli-example"
+  regional               = true
+  region                 = "us-central1"
+  network                = module.network.network_name
+  subnetwork             = module.network.subnets_names[0]
+  ip_range_pods          = "asmcli-example-pods"
+  ip_range_services      = "asmcli-example-services"
+  create_service_account = true
+  deletion_protection    = false
+}
+
+module "asmcli" {
+  source  = "terraform-google-modules/gcloud/google"
+  version = "~> 3.0"
+
+  platform              = "linux"
+  additional_components = ["kubectl"]
+  skip_download         = false
+
+  asmcli_version = "1.22"
+
+  create_cmd_entrypoint = "asmcli"
+  create_cmd_body       = "install --project_id ${var.project_id} --cluster_name ${module.gke.name} --cluster_location ${module.gke.location} --enable_all --ca mesh_ca"
+}
+
+data "google_client_config" "default" {
+}
diff --git a/examples/asmcli_example/outputs.tf b/examples/asmcli_example/outputs.tf
@@ -0,0 +1,37 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "asmcli_downloaded" {
+  description = "asmcli version"
+  value       = module.asmcli.asmcli_downloaded
+}
+
+output "kubernetes_endpoint" {
+  description = "The cluster endpoint"
+  sensitive   = true
+  value       = module.gke.endpoint
+}
+
+output "client_token" {
+  description = "The bearer token for auth"
+  sensitive   = true
+  value       = base64encode(data.google_client_config.default.access_token)
+}
+
+output "ca_certificate" {
+  description = "The cluster ca certificate (base64 encoded)"
+  value       = module.gke.ca_certificate
+}
diff --git a/examples/asmcli_example/variables.tf b/examples/asmcli_example/variables.tf
@@ -0,0 +1,20 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "project_id" {
+  description = "The ID of the project in which to provision resources."
+  type        = string
+}
diff --git a/examples/asmcli_example/versions.tf b/examples/asmcli_example/versions.tf
@@ -0,0 +1,24 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+  required_version = ">= 1.3"
+  required_providers {
+    google = {
+      source = "hashicorp/google"
+    }
+  }
+}
diff --git a/examples/dependency_example/versions.tf b/examples/dependency_example/versions.tf
@@ -15,7 +15,7 @@
  */
 
 terraform {
-  required_version = ">= 0.13"
+  required_version = ">= 1.3"
   required_providers {
     random = {
       source = "hashicorp/random"

diff --git a/examples/kubectl_wrapper_example/versions.tf b/examples/kubectl_wrapper_example/versions.tf
@@ -20,5 +20,5 @@ terraform {
       source = "hashicorp/google"
     }
   }
-  required_version = ">= 0.13"
+  required_version = ">= 1.3"
 }
diff --git a/examples/script_example/versions.tf b/examples/script_example/versions.tf
@@ -15,7 +15,7 @@
  */
 
 terraform {
-  required_version = ">= 0.13"
+  required_version = ">= 1.3"
   required_providers {
     google = {
       source = "hashicorp/google"

diff --git a/examples/simple_example/versions.tf b/examples/simple_example/versions.tf
@@ -15,7 +15,7 @@
  */
 
 terraform {
-  required_version = ">= 0.13"
+  required_version = ">= 1.3"
   required_providers {
     google = {
       source = "hashicorp/google"

diff --git a/kitchen.yml b/kitchen.yml
@@ -27,6 +27,19 @@ platforms:
   - name: skipped_env
 
 suites:
+  - name: asmcli_example
+    driver:
+      command_timeout: 3600
+      root_module_directory: test/fixtures/asmcli_example/
+    verifier:
+      color: false
+      systems:
+        - name: asmcli_example local
+          backend: local
+          controls:
+            - asmcli
+    excludes:
+      - skipped_env
   - name: simple_example
     driver:
       command_timeout: 1800

diff --git a/main.tf b/main.tf
@@ -1,5 +1,5 @@
 /**
- * Copyright 2018 Google LLC
+ * Copyright 2018-2024 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -29,6 +29,7 @@ locals {
   gcloud_download_url = var.gcloud_download_url != "" ? var.gcloud_download_url : "https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-${var.gcloud_sdk_version}-${var.platform}-x86_64.tar.gz"
   jq_platform         = var.platform == "darwin" ? "osx-amd" : var.platform
   jq_download_url     = var.jq_download_url != "" ? var.jq_download_url : "https://github.com/stedolan/jq/releases/download/jq-${var.jq_version}/jq-${local.jq_platform}64"
+  asmcli_download_url = var.asmcli_version != null ? "https://storage.googleapis.com/csm-artifacts/asm/asmcli_${var.asmcli_version}" : ""
 
   create_cmd_bin  = local.skip_download ? var.create_cmd_entrypoint : "${local.gcloud_bin_path}/${var.create_cmd_entrypoint}"
   destroy_cmd_bin = local.skip_download ? var.destroy_cmd_entrypoint : "${local.gcloud_bin_path}/${var.destroy_cmd_entrypoint}"
@@ -41,8 +42,9 @@ locals {
   prepare_cache_command                        = "mkdir -p ${local.cache_path}"
   download_gcloud_command                      = "curl -sL -o ${local.cache_path}/google-cloud-sdk.tar.gz ${local.gcloud_download_url}"
   download_jq_command                          = "curl -sL -o ${local.cache_path}/jq ${local.jq_download_url} && chmod +x ${local.cache_path}/jq"
-  decompress_command                           = "tar -xzf ${local.gcloud_tar_path} -C ${local.cache_path} && cp ${local.cache_path}/jq ${local.cache_path}/google-cloud-sdk/bin/"
-  decompress_wrapper                           = fileexists(local.gcloud_tar_path) ? local.decompress_command : "${local.prepare_cache_command} && ${local.download_gcloud_command} && ${local.download_jq_command} && ${local.decompress_command}"
+  download_asmcli_command                      = "curl -sL -o ${local.cache_path}/asmcli ${local.asmcli_download_url} && chmod +x ${local.cache_path}/asmcli"
+  decompress_command                           = var.asmcli_version != null ? "tar -xzf ${local.gcloud_tar_path} -C ${local.cache_path} && cp ${local.cache_path}/jq ${local.cache_path}/google-cloud-sdk/bin/ && cp ${local.cache_path}/asmcli ${local.cache_path}/google-cloud-sdk/bin/" : "tar -xzf ${local.gcloud_tar_path} -C ${local.cache_path} && cp ${local.cache_path}/jq ${local.cache_path}/google-cloud-sdk/bin/"
+  decompress_wrapper                           = fileexists(local.gcloud_tar_path) ? local.decompress_command : var.asmcli_version != null ? "${local.prepare_cache_command} && ${local.download_gcloud_command} && ${local.download_jq_command} && ${local.download_asmcli_command} && ${local.decompress_command}" : "${local.prepare_cache_command} && ${local.download_gcloud_command} && ${local.download_jq_command} && ${local.decompress_command}"
   upgrade_command                              = "${local.gcloud} components update --quiet"
   additional_components_command                = "${path.module}/scripts/check_components.sh ${local.gcloud} ${local.components}"
   gcloud_auth_service_account_key_file_command = "${local.gcloud} auth activate-service-account --key-file ${var.service_account_key_file}"
@@ -126,6 +128,23 @@ resource "null_resource" "download_jq" {
   depends_on = [null_resource.prepare_cache]
 }
 
+resource "null_resource" "download_asmcli" {
+  count = (var.enabled && !local.skip_download && var.asmcli_version != null) ? 1 : 0
+
+  triggers = merge({
+    md5                     = md5(var.create_cmd_entrypoint)
+    arguments               = md5(var.create_cmd_body)
+    download_asmcli_command = local.download_asmcli_command
+  }, var.create_cmd_triggers)
+
+  provisioner "local-exec" {
+    when    = create
+    command = self.triggers.download_asmcli_command
+  }
+
+  depends_on = [null_resource.prepare_cache]
+}
+
 resource "null_resource" "decompress" {
   count = (var.enabled && !local.skip_download) ? 1 : 0
 
@@ -135,14 +154,15 @@ resource "null_resource" "decompress" {
     decompress_command      = local.decompress_command
     download_gcloud_command = local.download_gcloud_command
     download_jq_command     = local.download_jq_command
+    download_asmcli_command = local.download_asmcli_command
   }, var.create_cmd_triggers)
 
   provisioner "local-exec" {
     when    = create
     command = self.triggers.decompress_command
   }
 
-  depends_on = [null_resource.download_gcloud, null_resource.download_jq]
+  depends_on = [null_resource.download_gcloud, null_resource.download_jq, null_resource.download_asmcli]
 }
 
 resource "null_resource" "upgrade" {

diff --git a/modules/kubectl-fleet-wrapper/versions.tf b/modules/kubectl-fleet-wrapper/versions.tf
@@ -15,7 +15,7 @@
  */
 
 terraform {
-  required_version = ">= 0.13"
+  required_version = ">= 1.3"
   required_providers {
 
     google = {

diff --git a/modules/kubectl-wrapper/versions.tf b/modules/kubectl-wrapper/versions.tf
@@ -15,7 +15,7 @@
  */
 
 terraform {
-  required_version = ">= 0.13"
+  required_version = ">= 1.3"
   required_providers {
 
     google = {

diff --git a/outputs.tf b/outputs.tf
@@ -39,3 +39,8 @@ output "downloaded" {
   value       = !local.skip_download
   depends_on  = [local.wait]
 }
+
+output "asmcli_downloaded" {
+  description = "Whether asmcli was downloaded or not"
+  value       = var.asmcli_version != null
+}
diff --git a/test/fixtures/asmcli_example/main.tf b/test/fixtures/asmcli_example/main.tf
@@ -0,0 +1,21 @@
+/**
+ * Copyright 2024 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+module "example" {
+  source = "../../../examples/asmcli_example"
+
+  project_id = var.project_id
+}