diff --git a/src/bootstrap/cloud/terraform/cluster.tf b/src/bootstrap/cloud/terraform/cluster.tf index a8a342d6..29f151b4 100644 --- a/src/bootstrap/cloud/terraform/cluster.tf +++ b/src/bootstrap/cloud/terraform/cluster.tf @@ -149,5 +149,5 @@ resource "google_project_iam_member" "gke_node_roles" { "roles/monitoring.metricWriter", "roles/stackdriver.resourceMetadata.writer", ]) - role = each.key + role = each.key } diff --git a/src/bootstrap/cloud/terraform/dns.tf b/src/bootstrap/cloud/terraform/dns.tf index fbc22689..1536d826 100644 --- a/src/bootstrap/cloud/terraform/dns.tf +++ b/src/bootstrap/cloud/terraform/dns.tf @@ -1,7 +1,7 @@ resource "google_dns_managed_zone" "external-dns" { - name = "external-dns" - dns_name = "${var.domain}." - count = var.domain == "" ? 0 : 1 + name = "external-dns" + dns_name = "${var.domain}." + count = var.domain == "" ? 0 : 1 # This is used to be true but is no longer, but we keep it here so that # Terraform doesn't delete and recreate the zone. description = "Automatically managed zone by kubernetes.io/external-dns" @@ -47,8 +47,8 @@ data "google_iam_policy" "external-dns" { } resource "google_dns_managed_zone_iam_policy" "external-dns" { - count = var.domain == "" ? 0 : 1 - project = google_dns_managed_zone.external-dns[0].project + count = var.domain == "" ? 0 : 1 + project = google_dns_managed_zone.external-dns[0].project managed_zone = google_dns_managed_zone.external-dns[0].name - policy_data = data.google_iam_policy.external-dns.policy_data + policy_data = data.google_iam_policy.external-dns.policy_data } diff --git a/src/bootstrap/cloud/terraform/input.tf b/src/bootstrap/cloud/terraform/input.tf index 071009d8..00d180f6 100644 --- a/src/bootstrap/cloud/terraform/input.tf +++ b/src/bootstrap/cloud/terraform/input.tf @@ -66,8 +66,8 @@ variable "certificate_subject_organizational_unit" { variable "cluster_type" { description = "GKE cluster type. Must be one of {zonal,regional}." - type = string - default = "zonal" + type = string + default = "zonal" validation { condition = contains(["zonal", "regional"], var.cluster_type) @@ -77,6 +77,6 @@ variable "cluster_type" { variable "onprem_federation" { description = "Enable google cloud robotics layer 1" - type = bool - default = true + type = bool + default = true } diff --git a/src/bootstrap/cloud/terraform/multi-cluster-ingress.tf b/src/bootstrap/cloud/terraform/multi-cluster-ingress.tf index 14c03eca..3383b167 100644 --- a/src/bootstrap/cloud/terraform/multi-cluster-ingress.tf +++ b/src/bootstrap/cloud/terraform/multi-cluster-ingress.tf @@ -8,18 +8,18 @@ resource "google_gke_hub_feature" "multi_cluster_service_discovery" { count = length(var.additional_regions) > 0 ? 1 : 0 - name = "multiclusterservicediscovery" - location = "global" - project = data.google_project.project.project_id + name = "multiclusterservicediscovery" + location = "global" + project = data.google_project.project.project_id depends_on = [google_project_service.project-services["gkehub.googleapis.com"]] } resource "google_gke_hub_feature" "multi_cluster_ingress" { count = length(var.additional_regions) > 0 ? 1 : 0 - name = "multiclusteringress" + name = "multiclusteringress" location = "global" - project = data.google_project.project.project_id + project = data.google_project.project.project_id spec { multiclusteringress { config_membership = google_gke_hub_membership.cloud_robotics[0].id @@ -40,8 +40,8 @@ resource "google_gke_hub_membership" "cloud_robotics" { count = length(var.additional_regions) > 0 ? 1 : 0 membership_id = "cloud-robotics" - project = data.google_project.project.project_id - location = var.region + project = data.google_project.project.project_id + location = var.region endpoint { gke_cluster { resource_link = google_container_cluster.cloud-robotics.id @@ -51,10 +51,10 @@ resource "google_gke_hub_membership" "cloud_robotics" { } resource "google_gke_hub_membership" "cloud_robotics_ar" { - for_each = var.additional_regions - project = data.google_project.project.project_id - membership_id = format("%s-%s", each.key, "ar-cloud-robotics") - location = each.value.region + for_each = var.additional_regions + project = data.google_project.project.project_id + membership_id = format("%s-%s", each.key, "ar-cloud-robotics") + location = each.value.region endpoint { gke_cluster { resource_link = google_container_cluster.cloud-robotics-ar[each.key].id diff --git a/src/bootstrap/cloud/terraform/project.tf b/src/bootstrap/cloud/terraform/project.tf index e67102d8..761fe437 100644 --- a/src/bootstrap/cloud/terraform/project.tf +++ b/src/bootstrap/cloud/terraform/project.tf @@ -32,13 +32,13 @@ resource "google_project_service" "project-services" { "servicemanagement.googleapis.com", "serviceusage.googleapis.com", "storage-component.googleapis.com", - ], length(var.additional_regions) == 0 ? [] : [ + ], length(var.additional_regions) == 0 ? [] : [ # Following APIs are only needed when using multi-cluster gateways. - "gkeconnect.googleapis.com", - "gkehub.googleapis.com", - "trafficdirector.googleapis.com", - "multiclusterservicediscovery.googleapis.com", - "multiclusteringress.googleapis.com", + "gkeconnect.googleapis.com", + "gkehub.googleapis.com", + "trafficdirector.googleapis.com", + "multiclusterservicediscovery.googleapis.com", + "multiclusteringress.googleapis.com", ])) service = each.value } diff --git a/src/bootstrap/cloud/terraform/registry.tf b/src/bootstrap/cloud/terraform/registry.tf index 2ee418d5..b1dc17d6 100644 --- a/src/bootstrap/cloud/terraform/registry.tf +++ b/src/bootstrap/cloud/terraform/registry.tf @@ -1,19 +1,19 @@ # Container registry configuration locals { - service_acounts = flatten([ - "serviceAccount:${google_service_account.gke_node.email}", - "serviceAccount:${google_service_account.human-acl.email}", - var.onprem_federation ? ["serviceAccount:${google_service_account.robot-service[0].email}"] : [], - ]) - private_repo_access = flatten([ - for sa in local.service_acounts : [ - for prj in var.private_image_repositories : { - prj = prj - sa = sa - } - ] - ]) + service_acounts = flatten([ + "serviceAccount:${google_service_account.gke_node.email}", + "serviceAccount:${google_service_account.human-acl.email}", + var.onprem_federation ? ["serviceAccount:${google_service_account.robot-service[0].email}"] : [], + ]) + private_repo_access = flatten([ + for sa in local.service_acounts : [ + for prj in var.private_image_repositories : { + prj = prj + sa = sa + } + ] + ]) } resource "google_artifact_registry_repository_iam_member" "gcrio_gar_reader" { diff --git a/src/bootstrap/cloud/terraform/service-account.tf b/src/bootstrap/cloud/terraform/service-account.tf index f6184c32..e3473ef5 100644 --- a/src/bootstrap/cloud/terraform/service-account.tf +++ b/src/bootstrap/cloud/terraform/service-account.tf @@ -11,7 +11,7 @@ resource "google_service_account" "robot-service" { account_id = "robot-service" display_name = "robot-service" project = data.google_project.project.project_id - count = var.onprem_federation ? 1 : 0 + count = var.onprem_federation ? 1 : 0 } # Allow the the token-vendor to impersonate the "robot-service" service account @@ -57,9 +57,9 @@ resource "google_project_iam_member" "robot-service-roles" { project = data.google_project.project.project_id member = "serviceAccount:${google_service_account.robot-service[0].email}" for_each = var.onprem_federation ? toset([ - "roles/cloudtrace.agent", # Upload cloud traces + "roles/cloudtrace.agent", # Upload cloud traces "roles/container.clusterViewer", # Sync CRs from the GKE cluster. - "roles/logging.logWriter", # Upload text logs to Cloud logging + "roles/logging.logWriter", # Upload text logs to Cloud logging # Required to use robot-service@ for GKE clusters that simulate robots "roles/monitoring.viewer", ]) : toset([])