Fix linter errors

Author: Jberlinsky

CHANGELOG.md

@@ -7,10 +7,11 @@ project adheres to [Semantic Versioning](http://semver.org/).
 
 ## [Unreleased]
 ### Changed
+* Add support for private clusters via submodule. #69
 * Set `horizontal_pod_autoscaling` to `true` by default. #42
 * Add `remove_default_node_pool` set to `false` by default #15
 * Allow arbitrary key-value pairs to be set on node pool metadata. #52
-* Add `initial_node_count` parameter to node_pool block. #60 
+* Add `initial_node_count` parameter to node_pool block. #60
 
 ## [v0.4.0] - 2018-12-19
 ### Added

README.md

@@ -1,6 +1,6 @@
 # Terraform Kubernetes Engine Module
 
-This module handles opinionated Google Cloud Platform Kubernetes Engine cluster creation and configuration with Node Pools, IP MASQ, Network Policy, etc. 
+This module handles opinionated Google Cloud Platform Kubernetes Engine cluster creation and configuration with Node Pools, IP MASQ, Network Policy, etc.
 The resources/services/activations/deletions that this module will create/trigger are:
 - Create a GKE cluster with the provided addons
 - Create GKE Node Pool(s) with provided configuration and attach to cluster
@@ -263,7 +263,7 @@ Alternatively, you can simply run `make test_integration_docker` to run all the
 #### Test configuration
 
 Each test-kitchen instance is configured with a `variables.tfvars` file in the test fixture directory, e.g. `test/fixtures/node_pool/terraform.tfvars`.
-For convenience, since all of the variables are project-specific, these files have been symlinked to `test/fixtures/shared/terraform.tfvars`. 
+For convenience, since all of the variables are project-specific, these files have been symlinked to `test/fixtures/shared/terraform.tfvars`.
 Similarly, each test fixture has a `variables.tf` to define these variables, and an `outputs.tf` to facilitate providing necessary information for `inspec` to locate and query against created resources.
 
 Each test-kitchen instance creates a GCP Network and Subnetwork fixture to house resources, and may create any other necessary fixture data as needed.
@@ -313,4 +313,4 @@ are as follows:
 is a compiled language so there is no standard linter.
 * Terraform - terraform has a built-in linter in the 'terraform validate'
 command.
-* Dockerfiles - hadolint. Can be found in homebrew
+* Dockerfiles - hadolint. Can be found in homebrew

auth.tf

@@ -31,4 +31,4 @@ provider "kubernetes" {
   host                   = "https://${local.cluster_endpoint}"
   token                  = "${data.google_client_config.default.access_token}"
   cluster_ca_certificate = "${base64decode(local.cluster_ca_certificate)}"
-}
+}

autogen/README.md

@@ -273,7 +273,7 @@ Alternatively, you can simply run `make test_integration_docker` to run all the
 #### Test configuration
 
 Each test-kitchen instance is configured with a `variables.tfvars` file in the test fixture directory, e.g. `test/fixtures/node_pool/terraform.tfvars`.
-For convenience, since all of the variables are project-specific, these files have been symlinked to `test/fixtures/shared/terraform.tfvars`. 
+For convenience, since all of the variables are project-specific, these files have been symlinked to `test/fixtures/shared/terraform.tfvars`.
 Similarly, each test fixture has a `variables.tf` to define these variables, and an `outputs.tf` to facilitate providing necessary information for `inspec` to locate and query against created resources.
 
 Each test-kitchen instance creates a GCP Network and Subnetwork fixture to house resources, and may create any other necessary fixture data as needed.

build/docker/kitchen_terraform/Dockerfile

@@ -14,6 +14,7 @@
 
 ARG BASE_IMAGE
 
+# hadolint ignore=DL3006
 FROM $BASE_IMAGE
 
 RUN apk add --no-cache \

cluster_regional.tf

@@ -84,6 +84,7 @@ resource "google_container_cluster" "primary" {
       service_account = "${lookup(var.node_pools[0], "service_account", var.service_account)}"
     }
   }
+
   remove_default_node_pool = "${var.remove_default_node_pool}"
 }
 
@@ -154,4 +155,4 @@ resource "null_resource" "wait_for_regional_cluster" {
   }
 
   depends_on = ["google_container_cluster.primary", "google_container_node_pool.pools"]
-}
+}

cluster_zonal.tf

@@ -84,6 +84,7 @@ resource "google_container_cluster" "zonal_primary" {
       service_account = "${lookup(var.node_pools[0], "service_account", var.service_account)}"
     }
   }
+
   remove_default_node_pool = "${var.remove_default_node_pool}"
 }
 
@@ -154,4 +155,4 @@ resource "null_resource" "wait_for_zonal_cluster" {
   }
 
   depends_on = ["google_container_cluster.zonal_primary", "google_container_node_pool.zonal_pools"]
-}
+}

dns.tf

@@ -51,4 +51,4 @@ EOF
   }
 
   depends_on = ["null_resource.delete_default_kube_dns_configmap", "data.google_client_config.default", "google_container_cluster.primary", "google_container_node_pool.pools", "google_container_cluster.zonal_primary", "google_container_node_pool.zonal_pools"]
-}
+}

examples/deploy_service/README.md

@@ -50,4 +50,4 @@ To provision this example, run the following from within this directory:
 - `terraform init` to get the plugins
 - `terraform plan` to see the infrastructure plan
 - `terraform apply` to apply the infrastructure build
-- `terraform destroy` to destroy the built infrastructure
+- `terraform destroy` to destroy the built infrastructure

examples/node_pool/README.md

@@ -44,4 +44,4 @@ To provision this example, run the following from within this directory:
 - `terraform init` to get the plugins
 - `terraform plan` to see the infrastructure plan
 - `terraform apply` to apply the infrastructure build
-- `terraform destroy` to destroy the built infrastructure
+- `terraform destroy` to destroy the built infrastructure

examples/shared_vpc/README.md

@@ -45,4 +45,4 @@ To provision this example, run the following from within this directory:
 - `terraform init` to get the plugins
 - `terraform plan` to see the infrastructure plan
 - `terraform apply` to apply the infrastructure build
-- `terraform destroy` to destroy the built infrastructure
+- `terraform destroy` to destroy the built infrastructure

examples/simple_regional/README.md

@@ -44,4 +44,4 @@ To provision this example, run the following from within this directory:
 - `terraform init` to get the plugins
 - `terraform plan` to see the infrastructure plan
 - `terraform apply` to apply the infrastructure build
-- `terraform destroy` to destroy the built infrastructure
+- `terraform destroy` to destroy the built infrastructure

examples/simple_regional_private/README.md

@@ -44,4 +44,4 @@ To provision this example, run the following from within this directory:
 - `terraform init` to get the plugins
 - `terraform plan` to see the infrastructure plan
 - `terraform apply` to apply the infrastructure build
-- `terraform destroy` to destroy the built infrastructure
+- `terraform destroy` to destroy the built infrastructure

examples/simple_regional_private/main.tf

@@ -24,25 +24,25 @@ provider "google-beta" {
 }
 
 data "google_compute_subnetwork" "subnetwork" {
-  name     = "${var.subnetwork}"
-  project  = "${var.project_id}"
-  region   = "${var.region}"
+  name    = "${var.subnetwork}"
+  project = "${var.project_id}"
+  region  = "${var.region}"
 }
 
 module "gke" {
-  source                          = "../../modules/private-cluster/"
-  project_id                      = "${var.project_id}"
-  name                            = "${local.cluster_type}-cluster${var.cluster_name_suffix}"
-  regional                        = true
-  region                          = "${var.region}"
-  network                         = "${var.network}"
-  subnetwork                      = "${var.subnetwork}"
-  ip_range_pods                   = "${var.ip_range_pods}"
-  ip_range_services               = "${var.ip_range_services}"
-  service_account                 = "${var.compute_engine_service_account}"
-  enable_private_endpoint         = true
-  enable_private_nodes            = true
-  master_ipv4_cidr_block          = "172.16.0.0/28"
+  source                  = "../../modules/private-cluster/"
+  project_id              = "${var.project_id}"
+  name                    = "${local.cluster_type}-cluster${var.cluster_name_suffix}"
+  regional                = true
+  region                  = "${var.region}"
+  network                 = "${var.network}"
+  subnetwork              = "${var.subnetwork}"
+  ip_range_pods           = "${var.ip_range_pods}"
+  ip_range_services       = "${var.ip_range_services}"
+  service_account         = "${var.compute_engine_service_account}"
+  enable_private_endpoint = true
+  enable_private_nodes    = true
+  master_ipv4_cidr_block  = "172.16.0.0/28"
 
   master_authorized_networks_config = [{
     cidr_blocks = [{
@@ -52,4 +52,4 @@ module "gke" {
   }]
 }
 
-data "google_client_config" "default" { }
+data "google_client_config" "default" {}

examples/simple_zonal/README.md

@@ -45,4 +45,4 @@ To provision this example, run the following from within this directory:
 - `terraform init` to get the plugins
 - `terraform plan` to see the infrastructure plan
 - `terraform apply` to apply the infrastructure build
-- `terraform destroy` to destroy the built infrastructure
+- `terraform destroy` to destroy the built infrastructure

examples/simple_zonal/main.tf

@@ -24,17 +24,17 @@ provider "google" {
 }
 
 module "gke" {
-  source             = "../../"
-  project_id         = "${var.project_id}"
-  name               = "${local.cluster_type}-cluster${var.cluster_name_suffix}"
-  regional           = false
-  region             = "${var.region}"
-  zones              = "${var.zones}"
-  network            = "${var.network}"
-  subnetwork         = "${var.subnetwork}"
-  ip_range_pods      = "${var.ip_range_pods}"
-  ip_range_services  = "${var.ip_range_services}"
-  service_account    = "${var.compute_engine_service_account}"
+  source            = "../../"
+  project_id        = "${var.project_id}"
+  name              = "${local.cluster_type}-cluster${var.cluster_name_suffix}"
+  regional          = false
+  region            = "${var.region}"
+  zones             = "${var.zones}"
+  network           = "${var.network}"
+  subnetwork        = "${var.subnetwork}"
+  ip_range_pods     = "${var.ip_range_pods}"
+  ip_range_services = "${var.ip_range_services}"
+  service_account   = "${var.compute_engine_service_account}"
 }
 
 data "google_client_config" "default" {}

examples/simple_zonal_private/README.md

@@ -45,4 +45,4 @@ To provision this example, run the following from within this directory:
 - `terraform init` to get the plugins
 - `terraform plan` to see the infrastructure plan
 - `terraform apply` to apply the infrastructure build
-- `terraform destroy` to destroy the built infrastructure
+- `terraform destroy` to destroy the built infrastructure

examples/simple_zonal_private/main.tf

@@ -24,26 +24,26 @@ provider "google-beta" {
 }
 
 data "google_compute_subnetwork" "subnetwork" {
-  name     = "${var.subnetwork}"
-  project  = "${var.project_id}"
-  region   = "${var.region}"
+  name    = "${var.subnetwork}"
+  project = "${var.project_id}"
+  region  = "${var.region}"
 }
 
 module "gke" {
-  source                          = "../../modules/private-cluster/"
-  project_id                      = "${var.project_id}"
-  name                            = "${local.cluster_type}-cluster${var.cluster_name_suffix}"
-  regional                        = false
-  region                          = "${var.region}"
-  zones                           = "${var.zones}"
-  network                         = "${var.network}"
-  subnetwork                      = "${var.subnetwork}"
-  ip_range_pods                   = "${var.ip_range_pods}"
-  ip_range_services               = "${var.ip_range_services}"
-  service_account                 = "${var.compute_engine_service_account}"
-  enable_private_endpoint         = true
-  enable_private_nodes            = true
-  master_ipv4_cidr_block          = "172.16.0.0/28"
+  source                  = "../../modules/private-cluster/"
+  project_id              = "${var.project_id}"
+  name                    = "${local.cluster_type}-cluster${var.cluster_name_suffix}"
+  regional                = false
+  region                  = "${var.region}"
+  zones                   = "${var.zones}"
+  network                 = "${var.network}"
+  subnetwork              = "${var.subnetwork}"
+  ip_range_pods           = "${var.ip_range_pods}"
+  ip_range_services       = "${var.ip_range_services}"
+  service_account         = "${var.compute_engine_service_account}"
+  enable_private_endpoint = true
+  enable_private_nodes    = true
+  master_ipv4_cidr_block  = "172.16.0.0/28"
 
   master_authorized_networks_config = [{
     cidr_blocks = [{
@@ -53,4 +53,4 @@ module "gke" {
   }]
 }
 
-data "google_client_config" "default" { }
+data "google_client_config" "default" {}

examples/stub_domains/README.md

@@ -49,4 +49,4 @@ To provision this example, run the following from within this directory:
 - `terraform init` to get the plugins
 - `terraform plan` to see the infrastructure plan
 - `terraform apply` to apply the infrastructure build
-- `terraform destroy` to destroy the built infrastructure
+- `terraform destroy` to destroy the built infrastructure

helpers/combine_docfiles.py

@@ -29,8 +29,8 @@
 import re
 import sys
 
-insert_separator_regex = '(.*?\[\^\]\:\ \(autogen_docs_start\))(.*?)(\n\[\^\]\:\ \(autogen_docs_end\).*?$)'  # noqa: E501
-exclude_separator_regex = '(.*?)Copyright 20\d\d Google LLC.*?limitations under the License.(.*?)$'  # noqa: E501
+insert_separator_regex = r'(.*?\[\^\]\:\ \(autogen_docs_start\))(.*?)(\n\[\^\]\:\ \(autogen_docs_end\).*?$)'  # noqa: E501
+exclude_separator_regex = r'(.*?)Copyright 20\d\d Google LLC.*?limitations under the License.(.*?)$'  # noqa: E501
 
 if len(sys.argv) != 3:
     sys.exit(1)
@@ -42,14 +42,17 @@
 replace_content = open(sys.argv[2], "r").read()
 
 # Exclude the specified content from the replacement content
-groups = re.match(
+matched = re.match(
     exclude_separator_regex,
     replace_content,
     re.DOTALL
-).groups(0)
-replace_content = groups[0] + groups[1]
+)
 
-# Find where to put the replacement content, overwrite the input file
-groups = re.match(insert_separator_regex, input, re.DOTALL).groups(0)
-output = groups[0] + replace_content + groups[2]
-open(sys.argv[1], "w").write(output)
+if matched:
+    groups = matched.groups(0)
+    replace_content = groups[0] + groups[1]
+
+    # Find where to put the replacement content, overwrite the input file
+    groups = re.match(insert_separator_regex, input, re.DOTALL).groups(0)
+    output = groups[0] + replace_content + groups[2] + "\n"
+    open(sys.argv[1], "w").write(output)

helpers/generate_modules/generate_modules.py

@@ -66,16 +66,18 @@ def main(argv):
                 module.template_options(BASE_TEMPLATE_OPTIONS)
             )
             with open(os.path.join(module.path, template_file), "w") as f:
-                f.write(rendered)
-                subprocess.call(
-                    [
-                        "terraform",
-                        "fmt",
-                        os.path.join(module.path, template_file)
-                    ],
-                    stdout=DEVNULL_FILE,
-                    stderr=subprocess.STDOUT
-                )
+                f.write(rendered.rstrip())
+                if template_file.endswith(".tf"):
+                    subprocess.call(
+                        [
+                            "terraform",
+                            "fmt",
+                            "-write=true",
+                            os.path.join(module.path, template_file)
+                        ],
+                        stdout=DEVNULL_FILE,
+                        stderr=subprocess.STDOUT
+                    )
                 if template_file.endswith(".sh"):
                     os.chmod(os.path.join(module.path, template_file), 0o755)
     DEVNULL_FILE.close()

main.tf

@@ -152,4 +152,4 @@ data "google_container_engine_versions" "region" {
   provider = "google"
   zone     = "${data.google_compute_zones.available.names[0]}"
   project  = "${var.project_id}"
-}
+}

masq.tf

@@ -41,4 +41,4 @@ EOF
   }
 
   depends_on = ["data.google_client_config.default", "google_container_cluster.primary", "google_container_node_pool.pools", "google_container_cluster.zonal_primary", "google_container_node_pool.zonal_pools"]
-}
+}

modules/private-cluster/README.md

@@ -269,7 +269,7 @@ Alternatively, you can simply run `make test_integration_docker` to run all the
 #### Test configuration
 
 Each test-kitchen instance is configured with a `variables.tfvars` file in the test fixture directory, e.g. `test/fixtures/node_pool/terraform.tfvars`.
-For convenience, since all of the variables are project-specific, these files have been symlinked to `test/fixtures/shared/terraform.tfvars`. 
+For convenience, since all of the variables are project-specific, these files have been symlinked to `test/fixtures/shared/terraform.tfvars`.
 Similarly, each test fixture has a `variables.tf` to define these variables, and an `outputs.tf` to facilitate providing necessary information for `inspec` to locate and query against created resources.
 
 Each test-kitchen instance creates a GCP Network and Subnetwork fixture to house resources, and may create any other necessary fixture data as needed.
@@ -319,4 +319,4 @@ are as follows:
 is a compiled language so there is no standard linter.
 * Terraform - terraform has a built-in linter in the 'terraform validate'
 command.
-* Dockerfiles - hadolint. Can be found in homebrew
+* Dockerfiles - hadolint. Can be found in homebrew

modules/private-cluster/auth.tf

@@ -31,4 +31,4 @@ provider "kubernetes" {
   host                   = "https://${local.cluster_endpoint}"
   token                  = "${data.google_client_config.default.access_token}"
   cluster_ca_certificate = "${base64decode(local.cluster_ca_certificate)}"
-}
+}