chore: update tests to use 1.0 image and update compat note (#51)

* chore: update tests to use 1.0 image and update compat note

* mark keys op as sensitive

Co-authored-by: Bharath KKB <[email protected]>

Author: cloud-foundation-bot

.github/release-please.yml

@@ -1,2 +1,16 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 releaseType: terraform-module
 handleGHRelease: true

.github/workflows/stale.yml

@@ -1,3 +1,17 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 name: "Close stale issues"
 on:
   schedule:

.gitignore

@@ -47,3 +47,6 @@ credentials.json
 **/*.gpg
 **/get-key
 **/*.zip
+
+# tf lock file
+.terraform.lock.hcl

Makefile

@@ -18,7 +18,7 @@
 # Make will use bash instead of sh
 SHELL := /usr/bin/env bash
 
-DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0.13
+DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 1.0
 DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools
 REGISTRY_URL := gcr.io/cloud-foundation-cicd
 

README.md

@@ -11,7 +11,8 @@ The resources/services/activations/deletions that this module will create/trigge
 - one optional service account key per service account
 
 ## Compatibility
-This module is meant for use with Terraform 0.13. If you haven't
+This module is meant for use with Terraform 0.13+ and tested using Terraform 1.0+. If you find incompatibilities using Terraform >=0.13, please open an issue.
+ If you haven't
 [upgraded](https://www.terraform.io/upgrade-guides/0-13.html) and need a Terraform
 0.12.x-compatible version of this module, the last released version
 intended for Terraform 0.12.x is [v3.0.1](https://registry.terraform.io/modules/terraform-google-modules/-service-accounts/google/v3.0.1).

build/int.cloudbuild.yaml

@@ -38,4 +38,4 @@ tags:
 - 'integration'
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
-  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.13'
+  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.0'

build/lint.cloudbuild.yaml

@@ -22,4 +22,4 @@ tags:
 - 'lint'
 substitutions:
   _DOCKER_IMAGE_DEVELOPER_TOOLS: 'cft/developer-tools'
-  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '0.13'
+  _DOCKER_TAG_VERSION_DEVELOPER_TOOLS: '1.0'

modules/key-distributor/README.md

@@ -146,12 +146,12 @@ gpg --decrypt data.gpg
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | create\_wrapper\_script | Whether to create the get-key wrapper script | `bool` | `true` | no |
-| folder\_ids | Folder IDs where the Cloud Function will have access to create Service Account keys. | `list` | `[]` | no |
+| folder\_ids | Folder IDs where the Cloud Function will have access to create Service Account keys. | `list(any)` | `[]` | no |
 | function\_members | List of IAM members (users, groups, etc) with the invoker permission on the CLoud Function | `list(string)` | n/a | yes |
 | function\_name | Name of the Cloud Function | `string` | `"key-distributor"` | no |
 | org\_id | Organization ID where the Cloud Function will have access to create Service Account keys. | `string` | `""` | no |
 | project\_id | Project Id for the Cloud Function. Also if folder\_ids and project\_ids are empty, the Cloud Function will be granted access to create keys in this project by default. | `string` | n/a | yes |
-| project\_ids | Project IDs where the Cloud Function will have access to create Service Account keys. | `list` | `[]` | no |
+| project\_ids | Project IDs where the Cloud Function will have access to create Service Account keys. | `list(any)` | `[]` | no |
 | public\_key\_file | Path of the ascii armored gpg public key. Create by running `gpg --export --armor <key-id> > pubkey.asc` | `string` | `"pubkey.asc"` | no |
 | region | The region where the Cloud Function will run | `string` | `"us-central1"` | no |
 

modules/key-distributor/variables.tf

@@ -21,13 +21,13 @@ variable "org_id" {
 }
 
 variable "folder_ids" {
-  type        = list
+  type        = list(any)
   description = "Folder IDs where the Cloud Function will have access to create Service Account keys."
   default     = []
 }
 
 variable "project_ids" {
-  type        = list
+  type        = list(any)
   description = "Project IDs where the Cloud Function will have access to create Service Account keys."
   default     = []
 }

test/fixtures/multiple_service_accounts/outputs.tf

@@ -32,6 +32,7 @@ output "iam_emails" {
 output "keys" {
   description = "The service account keys."
   value       = module.example.keys
+  sensitive   = true
 }
 
 output "project_id" {