Update GKE SVPC example to prevent -target usage

2020-10-26 23:17:25 +01:00 · 2020-10-26 23:17:25 +01:00 · f919a8dba0
parent 7ab87d0790
commit f919a8dba0
3 changed files with 13 additions and 24 deletions
--- a/networking/shared-vpc-gke/README.md
+++ b/networking/shared-vpc-gke/README.md
@ -6,19 +6,6 @@ The sample has been purposefully kept simple so that it can be used as a basis f

 ![High-level diagram](diagram.png "High-level diagram")

-## Applying the example
-
-The example cannot be applied from scratch with a single `terraform apply` command, as Terraform is unable to manage Shared VPC project registration for multiple projects, before those are created and exist in state. To apply the example from scratch, follow this order:
-
-```bash
-tf apply \
-  -target module.project-svc-gce \
-  -target module.project-svc-gke
-tf apply
-```
-
-Once the first command has run successfully, the service projects exist in state and can be referenced by the multiple resource in the host project module that manages project registration.
-
 ## Accessing the bastion instance and GKE cluster

 The bastion VM has no public address so access is mediated via [IAP](https://cloud.google.com/iap/docs), which is supported transparently in the `gcloud compute ssh` command. Authentication is via OS Login set as a project default.
--- a/networking/shared-vpc-gke/main.tf
+++ b/networking/shared-vpc-gke/main.tf
@ -27,11 +27,8 @@ module "project-host" {
  name            = "net"
  services        = concat(var.project_services, ["dns.googleapis.com"])
  shared_vpc_host_config = {
-    enabled = true
-    service_projects = [
-      module.project-svc-gce.project_id,
-      module.project-svc-gke.project_id
-    ]
+    enabled          = true
+    service_projects = [] # defined later
  }
  iam_roles = [
    "roles/container.hostServiceAgentUser", "roles/owner"
@ -53,6 +50,10 @@ module "project-svc-gce" {
  services        = var.project_services
  oslogin         = true
  oslogin_admins  = var.owners_gce
+  shared_vpc_service_config = {
+    attach       = true
+    host_project = module.project-host.project_id
+  }
  iam_roles = [
    "roles/logging.logWriter",
    "roles/monitoring.metricWriter",
@ -75,6 +76,10 @@ module "project-svc-gke" {
  prefix          = var.prefix
  name            = "gke"
  services        = var.project_services
+  shared_vpc_service_config = {
+    attach       = true
+    host_project = module.project-host.project_id
+  }
  iam_roles = [
    "roles/container.developer",
    "roles/logging.logWriter",
--- a/tests/networking/shared_vpc_gke/test_plan.py
+++ b/tests/networking/shared_vpc_gke/test_plan.py
@ -22,9 +22,6 @@ FIXTURES_DIR = os.path.join(os.path.dirname(__file__), 'fixture')

 def test_resources(e2e_plan_runner):
  "Test that plan works and the numbers of resources is as expected."
-  modules, resources = e2e_plan_runner(FIXTURES_DIR, targets=[
-      "module.test.module.project-svc-gce",
-      "module.test.module.project-svc-gke"
-  ])
-  assert len(modules) == 4
-  assert len(resources) == 16
+  modules, resources = e2e_plan_runner(FIXTURES_DIR)
+  assert len(modules) == 11
+  assert len(resources) == 43