feat: Enable ACM feature on hub (#722)

cloud-pharaoh · web-flow · commit c199dae1503e · 2020-12-03T22:02:44.000-06:00
* enable acm

* update README

* enable gkehub api on test project

* Add Hub Admin role to SA

* add service account key file

* add additional components
diff --git a/modules/acm/README.md b/modules/acm/README.md
@@ -3,9 +3,10 @@
 This module installs [Anthos Config Management](https://cloud.google.com/anthos-config-management/docs/) (ACM) in a Kubernetes cluster.
 
 Specifically, this module automates the following steps for [installing ACM](https://cloud.google.com/anthos-config-management/docs/how-to/installing):
-1. Installing the ACM Operator on your cluster.
-2. Generating an SSH key for accessing Git and providing it to the Operator
-3. Configuring the Operator to connect to your ACM repository
+1. Enabling the ACM feature on hub.
+2. Installing the ACM Operator on your cluster.
+3. Optionally, generating an SSH key for accessing Git and providing it to the Operator
+4. Configuring the Operator to connect to your ACM repository
 
 ## Usage
 
diff --git a/modules/acm/main.tf b/modules/acm/main.tf
@@ -14,6 +14,21 @@
  * limitations under the License.
  */
 
+module "enable_acm" {
+  source  = "terraform-google-modules/gcloud/google"
+  version = "~> 2.0"
+
+  platform              = "linux"
+  upgrade               = true
+  additional_components = ["alpha"]
+
+  service_account_key_file = var.service_account_key_file
+  create_cmd_entrypoint    = "gcloud"
+  create_cmd_body          = "alpha container hub config-management enable --project ${var.project_id}"
+  destroy_cmd_entrypoint   = "gcloud"
+  destroy_cmd_body         = "alpha container hub config-management disable --force --project ${var.project_id}"
+}
+
 module "acm_operator" {
 
   source = "../k8s-operator-crd-support"
diff --git a/test/setup/iam.tf b/test/setup/iam.tf
@@ -33,6 +33,7 @@ locals {
     "roles/compute.instanceAdmin",
     "roles/iam.roleAdmin",
     "roles/iap.admin",
+    "roles/gkehub.admin",
   ]
   # roles as documented https://cloud.google.com/service-mesh/docs/gke-install-new-cluster#setting_up_your_project
   int_asm_required_roles = [
diff --git a/test/setup/main.tf b/test/setup/main.tf
@@ -65,6 +65,7 @@ module "gke-project-2" {
     "pubsub.googleapis.com",
     "serviceusage.googleapis.com",
     "storage-api.googleapis.com",
+    "gkehub.googleapis.com",
   ]
   activate_api_identities = [
     {

Original file line number	Diff line number	Diff line change
`@@ -33,6 +33,7 @@ locals {`
`33`	`33`	`"roles/compute.instanceAdmin",`
`34`	`34`	`"roles/iam.roleAdmin",`
`35`	`35`	`"roles/iap.admin",`
	`36`	`+ "roles/gkehub.admin",`
`36`	`37`	`]`
`37`	`38`	`# roles as documented https://cloud.google.com/service-mesh/docs/gke-install-new-cluster#setting_up_your_project`
`38`	`39`	`int_asm_required_roles = [`
Original file line number	Diff line number	Diff line change
`@@ -65,6 +65,7 @@ module "gke-project-2" {`
`65`	`65`	`"pubsub.googleapis.com",`
`66`	`66`	`"serviceusage.googleapis.com",`
`67`	`67`	`"storage-api.googleapis.com",`
	`68`	`+ "gkehub.googleapis.com",`
`68`	`69`	`]`
`69`	`70`	`activate_api_identities = [`
`70`	`71`	`{`