terraform-google-modules
diff --git a/‎.gitignore‎
Lines changed: 3 additions & 0 deletions b/‎.gitignore‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎.kitchen.yml‎
Lines changed: 28 additions & 25 deletions b/‎.kitchen.yml‎
Lines changed: 28 additions & 25 deletions
diff --git a/‎autogen/main/cluster.tf.tmpl‎
Lines changed: 5 additions & 5 deletions b/‎autogen/main/cluster.tf.tmpl‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎autogen/main/versions.tf.tmpl‎
Lines changed: 3 additions & 3 deletions b/‎autogen/main/versions.tf.tmpl‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎cluster.tf‎
Lines changed: 5 additions & 5 deletions b/‎cluster.tf‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎examples/autopilot_private_firewalls/main.tf‎
Lines changed: 3 additions & 1 deletion b/‎examples/autopilot_private_firewalls/main.tf‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎examples/simple_autopilot_private/network.tf‎
Lines changed: 4 additions & 3 deletions b/‎examples/simple_autopilot_private/network.tf‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎examples/simple_fleet_app_operator_permissions/main.tf‎
Lines changed: 2 additions & 1 deletion b/‎examples/simple_fleet_app_operator_permissions/main.tf‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎examples/simple_regional_with_ipv6/main.tf‎
Lines changed: 3 additions & 1 deletion b/‎examples/simple_regional_with_ipv6/main.tf‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎modules/acm/feature.tf‎
Lines changed: 1 addition & 1 deletion b/‎modules/acm/feature.tf‎
Lines changed: 1 addition & 1 deletion
@@ -37,6 +37,9 @@ Session.vim
 # tf lock file
 .terraform.lock.hcl
 
+# Top level lock used by the test tooling
+/.terraform.lock
+
 # Crash log files
 crash.log
 
 
@@ -14,12 +14,15 @@
 ---
 driver:
   name: "terraform"
-  command_timeout: 2700
   verify_version: false
 
 provisioner:
   name: "terraform"
 
+transport:
+  name: "terraform"
+  command_timeout: 2700
+
 verifier:
   name: terraform
   color: false
@@ -30,14 +33,14 @@ platforms:
 
 suites:
   - name: "shared_vpc"
-    driver:
+    transport:
       root_module_directory: test/fixtures/shared_vpc
     verifier:
       systems:
         - name: shared_vpc
           backend: local
   - name: "safer_cluster"
-    driver:
+    transport:
       root_module_directory: test/fixtures/safer_cluster
     verifier:
       systems:
@@ -50,14 +53,14 @@ suites:
           controls:
             - network
   - name: "simple_regional"
-    driver:
+    transport:
       root_module_directory: test/fixtures/simple_regional
     verifier:
       systems:
         - name: simple_regional
           backend: local
   - name: "simple_regional_with_networking"
-    driver:
+    transport:
       root_module_directory: test/fixtures/simple_regional_with_networking
     verifier:
       systems:
@@ -74,35 +77,35 @@ suites:
           controls:
             - network
   - name: "simple_regional_private"
-    driver:
+    transport:
       root_module_directory: test/fixtures/simple_regional_private
     verifier:
       systems:
         - name: simple_regional_private
           backend: local
   - name: "simple_regional_with_gateway_api"
-    driver:
+    transport:
       root_module_directory: test/fixtures/simple_regional_with_gateway_api
     verifier:
       systems:
         - name: simple_regional_with_gateway_api
           backend: local
   - name: "simple_regional_with_ipv6"
-    driver:
+    transport:
       root_module_directory: test/fixtures/simple_regional_with_ipv6
     verifier:
       systems:
         - name: simple_regional_with_ipv6
           backend: local
   - name: "simple_regional_with_kubeconfig"
-    driver:
+    transport:
       root_module_directory: test/fixtures/simple_regional_with_kubeconfig
     verifier:
       systems:
         - name: simple_regional_with_kubeconfig
           backend: local
   - name: "simple_zonal"
-    driver:
+    transport:
       root_module_directory: test/fixtures/simple_zonal
     verifier:
       systems:
@@ -116,7 +119,7 @@ suites:
           controls:
             - gcp
   - name: "simple_zonal_private"
-    driver:
+    transport:
       root_module_directory: test/fixtures/simple_zonal_private
     verifier:
       systems:
@@ -125,7 +128,7 @@ suites:
           controls:
             - gcloud
   - name: "stub_domains"
-    driver:
+    transport:
       root_module_directory: test/fixtures/stub_domains
     verifier:
       systems:
@@ -137,27 +140,27 @@ suites:
   # Disabled due to issue #264
   # (https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/issues/264)
   #  - name: stub_domains_private
-  #    driver:
+  #    transport:
   #      root_module_directory: test/fixtures/stub_domains_private
   #      systems:
   #        - name: stub_domains_private
   #          backend: local
   - name: "upstream_nameservers"
-    driver:
+    transport:
       root_module_directory: test/fixtures/upstream_nameservers
     verifier:
       systems:
         - name: upstream_nameservers
           backend: local
   - name: "stub_domains_upstream_nameservers"
-    driver:
+    transport:
       root_module_directory: test/fixtures/stub_domains_upstream_nameservers
     verifier:
       systems:
         - name: stub_domains_upstream_nameservers
           backend: local
   - name: "workload_identity"
-    driver:
+    transport:
       root_module_directory: test/fixtures/workload_identity
     verifier:
       systems:
@@ -170,14 +173,14 @@ suites:
           controls:
             - gcp
   - name: "workload_metadata_config"
-    driver:
+    transport:
       root_module_directory: test/fixtures/workload_metadata_config
     verifier:
       systems:
         - name: workload_metadata_config
           backend: local
   - name: "simple_windows_node_pool"
-    driver:
+    transport:
       root_module_directory: test/fixtures/simple_windows_node_pool
     verifier:
       systems:
@@ -190,7 +193,7 @@ suites:
           controls:
             - gcp
   - name: "deploy_service"
-    driver:
+    transport:
       root_module_directory: test/fixtures/deploy_service
     verifier:
       systems:
@@ -200,7 +203,7 @@ suites:
             - gcloud
             - kubectl
   - name: "node_pool"
-    driver:
+    transport:
       root_module_directory: test/fixtures/node_pool
     verifier:
       systems:
@@ -210,21 +213,21 @@ suites:
             - gcloud
             - kubectl
   - name: "sandbox_enabled"
-    driver:
+    transport:
       root_module_directory: test/fixtures/sandbox_enabled
     verifier:
       systems:
         - name: sandbox_enabled
           backend: local
   - name: "safer_cluster_iap_bastion"
-    driver:
+    transport:
       root_module_directory: test/fixtures/safer_cluster_iap_bastion
     verifier:
       systems:
         - name: safer_cluster_iap_bastion
           backend: local
   - name: "simple_zonal_with_asm"
-    driver:
+    transport:
       root_module_directory: test/fixtures/simple_zonal_with_asm
     verifier:
       systems:
@@ -234,14 +237,14 @@ suites:
             - gcloud
             - kubectl
   - name: "simple_autopilot_private"
-    driver:
+    transport:
       root_module_directory: test/fixtures/simple_autopilot_private
     verifier:
       systems:
         - name: simple_autopilot_private
           backend: local
   - name: "simple_autopilot_public"
-    driver:
+    transport:
       root_module_directory: test/fixtures/simple_autopilot_public
     verifier:
       systems:
 
@@ -184,9 +184,9 @@ resource "google_container_cluster" "primary" {
     dynamic "resource_limits" {
       for_each = local.autoscaling_resource_limits
       content {
-        resource_type = lookup(resource_limits.value, "resource_type")
-        minimum       = lookup(resource_limits.value, "minimum")
-        maximum       = lookup(resource_limits.value, "maximum")
+        resource_type = resource_limits.value["resource_type"]
+        minimum       = resource_limits.value["minimum"]
+        maximum       = resource_limits.value["maximum"]
       }
     }
   }
@@ -598,7 +598,7 @@ resource "google_container_cluster" "primary" {
     content {
       enable_private_endpoint     = private_cluster_config.value.enable_private_endpoint
       enable_private_nodes        = private_cluster_config.value.enable_private_nodes
-      master_ipv4_cidr_block      = private_cluster_config.value.master_ipv4_cidr_block
+      master_ipv4_cidr_block      = var.private_endpoint_subnetwork == null ? private_cluster_config.value.master_ipv4_cidr_block : null
       private_endpoint_subnetwork = private_cluster_config.value.private_endpoint_subnetwork
       dynamic "master_global_access_config" {
         for_each = var.master_global_access_enabled ? [var.master_global_access_enabled] : []
@@ -888,7 +888,7 @@ resource "google_container_node_pool" "windows_pools" {
     min_cpu_platform            = lookup(each.value, "min_cpu_platform", "")
     enable_confidential_storage = lookup(each.value, "enable_confidential_storage", false)
     dynamic "gcfs_config" {
-        for_each = lookup(each.value, "enable_gcfs", false) ? [true] : [false]
+        for_each = lookup(each.value, "enable_gcfs", null ) !=null ? [each.value.enable_gcfs] : []
         content {
           enabled = gcfs_config.value
         }
 
@@ -47,12 +47,12 @@ terraform {
     google = {
       source = "hashicorp/google"
       # Workaround for https://github.com/hashicorp/terraform-provider-google/issues/19428
-      version = ">= 5.40.0, != 5.44.0, < 6.2.0, < 7"
+      version = ">= 5.40.0, != 5.44.0, != 6.2.0, != 6.3.0, < 7"
     }
     google-beta = {
       source = "hashicorp/google-beta"
       # Workaround for https://github.com/hashicorp/terraform-provider-google/issues/19428
-      version = ">= 5.40.0, != 5.44.0, < 6.2.0, < 7"
+      version = ">= 5.40.0, != 5.44.0, != 6.2.0, != 6.3.0, < 7"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
@@ -71,7 +71,7 @@ terraform {
     google = {
       source = "hashicorp/google"
       # Workaround for https://github.com/hashicorp/terraform-provider-google/issues/19428
-      version = ">= 5.40.0, != 5.44.0, < 6.2.0, < 7"
+      version = ">= 5.40.0, != 5.44.0, != 6.2.0, != 6.3.0, < 7"
     }
     kubernetes = {
       source  = "hashicorp/kubernetes"
 
@@ -154,9 +154,9 @@ resource "google_container_cluster" "primary" {
     dynamic "resource_limits" {
       for_each = local.autoscaling_resource_limits
       content {
-        resource_type = lookup(resource_limits.value, "resource_type")
-        minimum       = lookup(resource_limits.value, "minimum")
-        maximum       = lookup(resource_limits.value, "maximum")
+        resource_type = resource_limits.value["resource_type"]
+        minimum       = resource_limits.value["minimum"]
+        maximum       = resource_limits.value["maximum"]
       }
     }
   }
@@ -594,7 +594,7 @@ resource "google_container_node_pool" "pools" {
     min_cpu_platform            = lookup(each.value, "min_cpu_platform", "")
     enable_confidential_storage = lookup(each.value, "enable_confidential_storage", false)
     dynamic "gcfs_config" {
-      for_each = lookup(each.value, "enable_gcfs", false) ? [true] : [false]
+      for_each = lookup(each.value, "enable_gcfs", null) != null ? [each.value.enable_gcfs] : []
       content {
         enabled = gcfs_config.value
       }
@@ -876,7 +876,7 @@ resource "google_container_node_pool" "windows_pools" {
     min_cpu_platform            = lookup(each.value, "min_cpu_platform", "")
     enable_confidential_storage = lookup(each.value, "enable_confidential_storage", false)
     dynamic "gcfs_config" {
-      for_each = lookup(each.value, "enable_gcfs", false) ? [true] : [false]
+      for_each = lookup(each.value, "enable_gcfs", null) != null ? [each.value.enable_gcfs] : []
       content {
         enabled = gcfs_config.value
       }
 
@@ -33,7 +33,9 @@ provider "kubernetes" {
 }
 
 module "gke" {
-  source                            = "../../modules/beta-autopilot-private-cluster/"
+  source  = "terraform-google-modules/kubernetes-engine/google//modules/beta-autopilot-private-cluster"
+  version = "~> 33.0"
+
   project_id                        = var.project_id
   name                              = "${local.cluster_type}-cluster"
   regional                          = true
 
@@ -23,9 +23,10 @@ module "gcp-network" {
 
   subnets = [
     {
-      subnet_name   = local.subnet_name
-      subnet_ip     = "10.0.0.0/17"
-      subnet_region = var.region
+      subnet_name           = local.subnet_name
+      subnet_ip             = "10.0.0.0/17"
+      subnet_region         = var.region
+      subnet_private_access = true
     },
     {
       subnet_name   = local.master_auth_subnetwork
 
@@ -35,7 +35,8 @@ resource "google_gke_hub_scope" "scope" {
 
 # Grant permissions to the app operator to work with the Fleet Scope.
 module "permissions" {
-  source = "../../modules/fleet-app-operator-permissions"
+  source  = "terraform-google-modules/kubernetes-engine/google//modules/fleet-app-operator-permissions"
+  version = "~> 33.0"
 
   fleet_project_id = var.fleet_project_id
   scope_id         = google_gke_hub_scope.scope.scope_id
 
@@ -27,7 +27,9 @@ provider "kubernetes" {
 }
 
 module "gke" {
-  source                 = "terraform-google-modules/kubernetes-engine/google"
+  source  = "terraform-google-modules/kubernetes-engine/google"
+  version = "~> 33.0"
+
   project_id             = var.project_id
   name                   = "${local.cluster_type}-cluster${var.cluster_name_suffix}"
   regional               = true
 
@@ -29,7 +29,7 @@ resource "google_gke_hub_feature_membership" "main" {
     google_gke_hub_feature.acm
   ]
 
-  location = "global"
+  location = module.registration.location
   feature  = "configmanagement"
 
   membership = module.registration.cluster_membership_id
Original file line number	Diff line number	Diff line change
`@@ -154,9 +154,9 @@ resource "google_container_cluster" "primary" {`
`154`	`154`	`dynamic "resource_limits" {`
`155`	`155`	`for_each = local.autoscaling_resource_limits`
`156`	`156`	`content {`
`157`		`- resource_type = lookup(resource_limits.value, "resource_type")`
`158`		`- minimum = lookup(resource_limits.value, "minimum")`
`159`		`- maximum = lookup(resource_limits.value, "maximum")`
	`157`	`+ resource_type = resource_limits.value["resource_type"]`
	`158`	`+ minimum = resource_limits.value["minimum"]`
	`159`	`+ maximum = resource_limits.value["maximum"]`
`160`	`160`	`}`
`161`	`161`	`}`
`162`	`162`	`}`
`@@ -594,7 +594,7 @@ resource "google_container_node_pool" "pools" {`
`594`	`594`	`min_cpu_platform = lookup(each.value, "min_cpu_platform", "")`
`595`	`595`	`enable_confidential_storage = lookup(each.value, "enable_confidential_storage", false)`
`596`	`596`	`dynamic "gcfs_config" {`
`597`		`- for_each = lookup(each.value, "enable_gcfs", false) ? [true] : [false]`
	`597`	`+ for_each = lookup(each.value, "enable_gcfs", null) != null ? [each.value.enable_gcfs] : []`
`598`	`598`	`content {`
`599`	`599`	`enabled = gcfs_config.value`
`600`	`600`	`}`
`@@ -876,7 +876,7 @@ resource "google_container_node_pool" "windows_pools" {`
`876`	`876`	`min_cpu_platform = lookup(each.value, "min_cpu_platform", "")`
`877`	`877`	`enable_confidential_storage = lookup(each.value, "enable_confidential_storage", false)`
`878`	`878`	`dynamic "gcfs_config" {`
`879`		`- for_each = lookup(each.value, "enable_gcfs", false) ? [true] : [false]`
	`879`	`+ for_each = lookup(each.value, "enable_gcfs", null) != null ? [each.value.enable_gcfs] : []`
`880`	`880`	`content {`
`881`	`881`	`enabled = gcfs_config.value`
`882`	`882`	`}`
Original file line number	Diff line number	Diff line change
`@@ -23,9 +23,10 @@ module "gcp-network" {`
`23`	`23`
`24`	`24`	`subnets = [`
`25`	`25`	`{`
`26`		`- subnet_name = local.subnet_name`
`27`		`- subnet_ip = "10.0.0.0/17"`
`28`		`- subnet_region = var.region`
	`26`	`+ subnet_name = local.subnet_name`
	`27`	`+ subnet_ip = "10.0.0.0/17"`
	`28`	`+ subnet_region = var.region`
	`29`	`+ subnet_private_access = true`
`29`	`30`	`},`
`30`	`31`	`{`
`31`	`32`	`subnet_name = local.master_auth_subnetwork`
Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@ resource "google_gke_hub_feature_membership" "main" {`
`29`	`29`	`google_gke_hub_feature.acm`
`30`	`30`	`]`
`31`	`31`
`32`		`- location = "global"`
	`32`	`+ location = module.registration.location`
`33`	`33`	`feature = "configmanagement"`
`34`	`34`
`35`	`35`	`membership = module.registration.cluster_membership_id`