feat!: add Terraform 0.13 constraint and module attribution (#128)

BREAKING CHANGE: Minimum Terraform version increased to 0.13.
terraform-google-modules · Jul 11, 2021 · 008ef77 · 008ef77
1 parent e8e4e08
commit 008ef77
Show file tree

Hide file tree

Showing 12 changed files with 184 additions and 149 deletions.
diff --git a/Makefile b/Makefile
@@ -18,7 +18,7 @@
 # Make will use bash instead of sh
 SHELL := /usr/bin/env bash
 
-DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0.12.0
+DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.0
 DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools
 REGISTRY_URL := gcr.io/cloud-foundation-cicd
 

diff --git a/README.md b/README.md
diff --git a/build/int.cloudbuild.yaml b/build/int.cloudbuild.yaml
@@ -38,4 +38,4 @@ tags:
 - 'integration'
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
-  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.12.0'
+  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.0'
diff --git a/build/lint.cloudbuild.yaml b/build/lint.cloudbuild.yaml
@@ -21,4 +21,4 @@ tags:
 - 'lint'
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
-  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.12.0'
+  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.0'
diff --git a/examples/vault-on-gce/README.md b/examples/vault-on-gce/README.md
@@ -187,20 +187,20 @@ keys:
 ## Inputs
 
 | Name | Description | Type | Default | Required |
-|------|-------------|:----:|:-----:|:-----:|
-| allow\_public\_egress | Whether to create a NAT for external egress. If false, you must also specify an http_proxy to download required executables including Vault, Fluentd and Stackdriver | bool | `"true"` | no |
-| kms\_crypto\_key | Name of the GCP KMS crypto key | string | `"vault-init"` | no |
-| kms\_keyring | Name of the GCP KMS keyring | string | `"vault"` | no |
-| kms\_location | Location for the KMS keyring | string | `"us-east4"` | no |
-| load\_balancing\_scheme | e.g. [INTERNAL|EXTERNAL]. Scheme of the load balancer | string | `"EXTERNAL"` | no |
-| project\_id | Project ID in which to deploy | string | n/a | yes |
-| region | Region in which to deploy | string | `"us-east4"` | no |
+|------|-------------|------|---------|:--------:|
+| allow\_public\_egress | Whether to create a NAT for external egress. If false, you must also specify an http\_proxy to download required executables including Vault, Fluentd and Stackdriver | `bool` | `true` | no |
+| kms\_crypto\_key | Name of the GCP KMS crypto key | `string` | `"vault-init"` | no |
+| kms\_keyring | Name of the GCP KMS keyring | `string` | `"vault"` | no |
+| kms\_location | Location for the KMS keyring | `string` | `"us-east4"` | no |
+| load\_balancing\_scheme | e.g. [INTERNAL\|EXTERNAL]. Scheme of the load balancer | `string` | `"EXTERNAL"` | no |
+| project\_id | Project ID in which to deploy | `string` | n/a | yes |
+| region | Region in which to deploy | `string` | `"us-east4"` | no |
 
 ## Outputs
 
 | Name | Description |
 |------|-------------|
-| vault\_addr |  |
+| vault\_addr | n/a |
 
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
 

diff --git a/main.tf b/main.tf
@@ -27,9 +27,6 @@ provider "google" {
   region  = var.region
 }
 
-# This needs to stay here to allow migration from 4.2 to 5.0
-provider "tls" {}
-
 # Enable required services on the project
 resource "google_project_service" "service" {
   for_each = toset(var.project_services)

diff --git a/modules/cluster/README.md b/modules/cluster/README.md
diff --git a/modules/cluster/crypto.tf b/modules/cluster/crypto.tf
@@ -36,11 +36,6 @@ resource "google_kms_crypto_key" "vault-init" {
 #
 # TLS self-signed certs for Vault.
 #
-
-provider "tls" {
-  version = "~> 2.1.1"
-}
-
 locals {
   manage_tls_count          = var.manage_tls ? 1 : 0
   tls_save_ca_to_disk_count = var.tls_save_ca_to_disk ? 1 : 0

diff --git a/modules/cluster/versions.tf b/modules/cluster/versions.tf
@@ -0,0 +1,36 @@
+/**
+ * Copyright 2021 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+terraform {
+  required_version = ">= 0.13"
+  required_providers {
+
+    tls = {
+      source  = "hashicorp/tls"
+      version = "~> 2.1"
+    }
+
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 3.53"
+    }
+  }
+
+  provider_meta "google" {
+    module_name = "blueprints/terraform/terraform-google-vault:cluster/v1.0.0"
+  }
+
+}
diff --git a/test/setup/main.tf b/test/setup/main.tf
@@ -37,22 +37,21 @@ locals {
 
 module "project_ci" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 8.0"
+  version = "~> 11.1"
 
   name                        = "ci-vault-module"
   random_project_id           = true
   org_id                      = var.org_id
   folder_id                   = var.folder_id
   billing_account             = var.billing_account
-  skip_gcloud_download        = true
   disable_services_on_destroy = false
   default_service_account     = "keep"
   activate_apis               = local.apis
 }
 
 module "svpc" {
   source          = "terraform-google-modules/network/google"
-  version         = "~> 2.4"
+  version         = "~> 3.0"
   project_id      = module.project_ci.project_id
   network_name    = var.network_name
   shared_vpc_host = true
@@ -67,22 +66,20 @@ module "svpc" {
 }
 
 module "service_project_ci" {
-  source  = "terraform-google-modules/project-factory/google//modules/shared_vpc"
-  version = "~> 8.0"
+  source  = "terraform-google-modules/project-factory/google//modules/svpc_service_project"
+  version = "~> 11.1"
 
   name              = "ci-vault-svpc-service"
   random_project_id = true
 
-  org_id             = var.org_id
-  folder_id          = var.folder_id
-  billing_account    = var.billing_account
-  shared_vpc_enabled = true
+  org_id          = var.org_id
+  folder_id       = var.folder_id
+  billing_account = var.billing_account
 
   shared_vpc         = module.svpc.project_id
   shared_vpc_subnets = module.svpc.subnets_self_links
 
   activate_apis               = local.apis
-  skip_gcloud_download        = true
   disable_services_on_destroy = false
   default_service_account     = "keep"
 }

diff --git a/test/setup/versions.tf b/test/setup/versions.tf
@@ -16,8 +16,10 @@
 
 terraform {
   required_version = ">= 0.12.6"
-}
-
-provider "google" {
-  version = "~> 3.30.0"
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 3.53"
+    }
+  }
 }
diff --git a/versions.tf b/versions.tf
@@ -1,5 +1,5 @@
 /**
- * Copyright 2020 Google LLC
+ * Copyright 2021 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,9 +15,17 @@
  */
 
 terraform {
-  required_version = ">= 0.12.6"
-
+  required_version = ">= 0.13"
   required_providers {
-    google = "~> 3.30"
+
+    google = {
+      source  = "hashicorp/google"
+      version = "~> 3.53"
+    }
   }
+
+  provider_meta "google" {
+    module_name = "blueprints/terraform/terraform-google-vault/v1.0.0"
+  }
+
 }