feat: Enable ACM feature on hub (#722)

* enable acm * update README * enable gkehub api on test project * Add Hub Admin role to SA * add service account key file * add additional components
terraform-google-modules · Dec 4, 2020 · c199dae · c199dae
1 parent 721f846
commit c199dae
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 3 deletions.
diff --git a/modules/acm/README.md b/modules/acm/README.md
@@ -3,9 +3,10 @@
 This module installs [Anthos Config Management](https://cloud.google.com/anthos-config-management/docs/) (ACM) in a Kubernetes cluster.
 
 Specifically, this module automates the following steps for [installing ACM](https://cloud.google.com/anthos-config-management/docs/how-to/installing):
-1. Installing the ACM Operator on your cluster.
-2. Generating an SSH key for accessing Git and providing it to the Operator
-3. Configuring the Operator to connect to your ACM repository
+1. Enabling the ACM feature on hub.
+2. Installing the ACM Operator on your cluster.
+3. Optionally, generating an SSH key for accessing Git and providing it to the Operator
+4. Configuring the Operator to connect to your ACM repository
 
 ## Usage
 

diff --git a/modules/acm/main.tf b/modules/acm/main.tf
@@ -14,6 +14,21 @@
  * limitations under the License.
  */
 
+module "enable_acm" {
+  source  = "terraform-google-modules/gcloud/google"
+  version = "~> 2.0"
+
+  platform              = "linux"
+  upgrade               = true
+  additional_components = ["alpha"]
+
+  service_account_key_file = var.service_account_key_file
+  create_cmd_entrypoint    = "gcloud"
+  create_cmd_body          = "alpha container hub config-management enable --project ${var.project_id}"
+  destroy_cmd_entrypoint   = "gcloud"
+  destroy_cmd_body         = "alpha container hub config-management disable --force --project ${var.project_id}"
+}
+
 module "acm_operator" {
 
   source = "../k8s-operator-crd-support"

diff --git a/test/setup/iam.tf b/test/setup/iam.tf
@@ -33,6 +33,7 @@ locals {
     "roles/compute.instanceAdmin",
     "roles/iam.roleAdmin",
     "roles/iap.admin",
+    "roles/gkehub.admin",
   ]
   # roles as documented https://cloud.google.com/service-mesh/docs/gke-install-new-cluster#setting_up_your_project
   int_asm_required_roles = [

diff --git a/test/setup/main.tf b/test/setup/main.tf
@@ -65,6 +65,7 @@ module "gke-project-2" {
     "pubsub.googleapis.com",
     "serviceusage.googleapis.com",
     "storage-api.googleapis.com",
+    "gkehub.googleapis.com",
   ]
   activate_api_identities = [
     {