diff --git a/cmd/kops/integration_test.go b/cmd/kops/integration_test.go index b5de0b0fa2..c646efbb03 100644 --- a/cmd/kops/integration_test.go +++ b/cmd/kops/integration_test.go @@ -195,20 +195,12 @@ func TestBastionAdditionalUserData(t *testing.T) { // TestMinimalJSON runs the test on a minimal data set and outputs JSON func TestMinimalJSON(t *testing.T) { featureflag.ParseFlags("+TerraformJSON") - unsetFeaureFlag := func() { + unsetFeatureFlags := func() { featureflag.ParseFlags("-TerraformJSON") } - defer unsetFeaureFlag() - newIntegrationTest("minimal-json.example.com", "minimal-json").withJSONOutput().runTestTerraformAWS(t) -} + defer unsetFeatureFlags() -func TestMinimalTerraform011(t *testing.T) { - featureflag.ParseFlags("-Terraform-0.12") - unsetFeaureFlag := func() { - featureflag.ParseFlags("+Terraform-0.12") - } - defer unsetFeaureFlag() - newIntegrationTest("minimal-tf11.example.com", "minimal-tf11").runTestTerraformAWS(t) + newIntegrationTest("minimal-json.example.com", "minimal-json").withJSONOutput().runTestTerraformAWS(t) } // TestPrivateWeave runs the test on a configuration with private topology, weave networking diff --git a/docs/advanced/experimental.md b/docs/advanced/experimental.md index b6e9326a88..810aa5487a 100644 --- a/docs/advanced/experimental.md +++ b/docs/advanced/experimental.md @@ -21,5 +21,5 @@ The following experimental features are currently available: * `+SpotinstHybrid` - Toogles between hybrid and full instance group implementations * `-SpotinstController` - Toggles the installation of the Spot controller addon off * `+SkipEtcdVersionCheck` - Bypasses the check that etcd-manager is using a supported etcd version -* `+TerraformJSON` - Produce kubernetes.ts.json file instead of writing HCL v1 syntax. Can be consumed by terraform 0.12 -* `+VFSVaultSupport` - Enables setting Vault as secret/keystore \ No newline at end of file +* `+TerraformJSON` - Produce kubernetes.tf.json file instead of writing HCLv2 syntax. Can be consumed by terraform 0.12+ +* `+VFSVaultSupport` - Enables setting Vault as secret/keystore diff --git a/docs/terraform.md b/docs/terraform.md index d4581fabc2..a4b0a62950 100644 --- a/docs/terraform.md +++ b/docs/terraform.md @@ -10,11 +10,12 @@ Note that if you modify the Terraform files that kops spits out, it will overrid ### Terraform Version Compatibility | Kops Version | Terraform Version | Feature Flag Notes | -|--------------|-------------------|-------| -| >= 1.18 | >= 0.12 | HCL2 supported by default | -| >= 1.18 | < 0.12 | `KOPS_FEATURE_FLAGS=-Terraform-0.12` | -| >= 1.17 | >= 0.12 | `KOPS_FEATURE_FLAGS=TerraformJSON` outputs JSON | -| <= 1.17 | < 0.12 | Supported by default | +|--------------|-------------------|--------------------| +| >= 1.19 | >= 0.12.26, >= 0.13 | HCL2 supported by default
`KOPS_FEATURE_FLAGS=Terraform-0.12` is now deprecated | +| >= 1.18 | >= 0.12 | HCL2 supported by default | +| >= 1.18 | < 0.12 | `KOPS_FEATURE_FLAGS=-Terraform-0.12` | +| >= 1.17 | >= 0.12 | `KOPS_FEATURE_FLAGS=TerraformJSON` outputs JSON | +| <= 1.17 | < 0.12 | Supported by default | ### Using Terraform @@ -32,13 +33,7 @@ terraform { } ``` -Then run: - -``` -$ terraform init -``` -to set up s3 backend. -Learn more [about Terraform state here](https://www.terraform.io/docs/state/remote.html). +Learn more about [Terraform state](https://www.terraform.io/docs/state/remote.html). #### Initialize/create a cluster @@ -54,7 +49,32 @@ $ kops create cluster \ --target=terraform ``` -The above command will create kops state on S3 (defined in `--state`) and output a representation of your configuration into Terraform files. Thereafter you can preview your changes and then apply as shown below: +The above command will create kops state on S3 (defined in `--state`) and output a representation of your configuration into Terraform files. Thereafter you can preview your changes in `kubernetes.tf` and then use Terraform to create all the resources as shown below: + +Additional Terraform `.tf` files could be added at this stage to customize your deployment, but remember the kops state should continue to remain the ultimate source of truth for the Kubernetes cluster. + +Initialize Terraform to set-up the S3 backend and provider plugins. + +``` +$ terraform init +``` + +If you're using Terraform v0.12.26+, the following warning will be displayed and can be safely ignored. It will not be displayed if you're using Terraform v0.13.0+. + +``` +Warning: Provider source not supported in Terraform v0.12 + + on kubernetes.tf line 665, in terraform: + 665: aws = { + 666: "source" = "hashicorp/aws" + 667: "version" = ">= 2.46.0" + 668: } + +A source was declared for provider aws. Terraform v0.12 does not support the +provider source attribute. It will be ignored. +``` + +Use Terraform to review and create the cloud infrastructure and Kubernetes cluster. ``` $ terraform plan @@ -110,7 +130,6 @@ $ kops delete cluster --yes \ Ps: You don't have to `kops delete cluster` if you just want to recreate from scratch. Deleting kops cluster state means that you've have to `kops create` again. - ### Caveats #### `kops rolling-update` might be needed after editing the cluster @@ -121,13 +140,11 @@ To see your changes applied to the cluster you'll also need to run `kops rolling #### Terraform JSON output -With terraform 0.12 JSON is now officially supported as configuration language. To enable JSON output instead of HCLv1 output you need to enable it through a feature flag. +With terraform 0.12 JSON is now officially supported as configuration language. To enable JSON output instead of HCLv2 output you need to enable it through a feature flag. + ``` export KOPS_FEATURE_FLAGS=TerraformJSON kops update cluster ..... ``` This is an alternative to of using terraforms own configuration syntax HCL. Be sure to delete the existing kubernetes.tf file. Terraform will otherwise use both and then complain. - -Kops will require terraform 0.12 for JSON configuration. Inofficially (partially) it was also supported with terraform 0.11, so you can try and remove the `required_version` in `kubernetes.tf.json`. - diff --git a/go.mod b/go.mod index 6bf97a63e2..7a6e345308 100644 --- a/go.mod +++ b/go.mod @@ -77,7 +77,6 @@ require ( github.com/google/uuid v1.1.1 github.com/gophercloud/gophercloud v0.11.1-0.20200518183226-7aec46f32c19 github.com/gorilla/mux v1.7.3 - github.com/hashicorp/hcl v1.0.0 github.com/hashicorp/hcl/v2 v2.3.0 github.com/hashicorp/vault/api v1.0.4 github.com/huandu/xstrings v1.2.0 // indirect diff --git a/hack/verify-terraform.sh b/hack/verify-terraform.sh index 3dfc400737..e6a78f9215 100755 --- a/hack/verify-terraform.sh +++ b/hack/verify-terraform.sh @@ -20,14 +20,8 @@ set -o pipefail . "$(dirname "${BASH_SOURCE[0]}")/common.sh" -# integration test cluster directories that are terraform 0.11 compatible -CLUSTERS_0_11=( - "minimal-tf11" -) - # Terraform versions -TAG_0_13=0.13.0 -TAG_0_11=0.11.14 +TF_TAG=0.13.5 PROVIDER_CACHE="${KOPS_ROOT}/.cache/terraform" @@ -35,10 +29,8 @@ RC=0 while IFS= read -r -d '' -u 3 test_dir; do [ -f "${test_dir}/kubernetes.tf" ] || [ -f "${test_dir}/kubernetes.tf.json" ] || continue echo -e "${test_dir}\n" - cluster=$(basename "${test_dir}") - kube::util::array_contains "${cluster}" "${CLUSTERS_0_11[@]}" && tag=$TAG_0_11 || tag=$TAG_0_13 - docker run --rm -e "TF_PLUGIN_CACHE_DIR=${PROVIDER_CACHE}" -v "${PROVIDER_CACHE}:${PROVIDER_CACHE}" -v "${test_dir}":"${test_dir}" -w "${test_dir}" --entrypoint=sh hashicorp/terraform:$tag -c '/bin/terraform init >/dev/null && /bin/terraform validate' || RC=$? + docker run --rm -e "TF_PLUGIN_CACHE_DIR=${PROVIDER_CACHE}" -v "${PROVIDER_CACHE}:${PROVIDER_CACHE}" -v "${test_dir}":"${test_dir}" -w "${test_dir}" --entrypoint=sh hashicorp/terraform:${TF_TAG} -c '/bin/terraform init >/dev/null && /bin/terraform validate' || RC=$? done 3< <(find "${KOPS_ROOT}/tests/integration/update_cluster" -maxdepth 1 -type d -print0) if [ $RC != 0 ]; then diff --git a/pkg/featureflag/featureflag.go b/pkg/featureflag/featureflag.go index 18e42de960..46d052ddf0 100644 --- a/pkg/featureflag/featureflag.go +++ b/pkg/featureflag/featureflag.go @@ -91,8 +91,6 @@ var ( SkipEtcdVersionCheck = New("SkipEtcdVersionCheck", Bool(false)) // TerraformJSON outputs terraform in JSON instead of hcl output. JSON output can be also parsed by terraform 0.12 TerraformJSON = New("TerraformJSON", Bool(false)) - // Terraform012 will output terraform in the 0.12 (hcl2) syntax - Terraform012 = New("Terraform-0.12", Bool(true)) // LegacyIAM will permit use of legacy IAM permissions. LegacyIAM = New("LegacyIAM", Bool(false)) // ClusterAddons activates experimental cluster-addons support diff --git a/tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf b/tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf index 330c7a032c..c0f60427dc 100644 --- a/tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf +++ b/tests/integration/update_cluster/bastionadditional_user-data/kubernetes.tf @@ -946,5 +946,11 @@ resource "aws_vpc" "bastionuserdata-example-com" { } terraform { - required_version = ">= 0.12.0" + required_version = ">= 0.12.26" + required_providers { + aws = { + "source" = "hashicorp/aws" + "version" = ">= 2.46.0" + } + } } diff --git a/tests/integration/update_cluster/complex/kubernetes.tf b/tests/integration/update_cluster/complex/kubernetes.tf index 53c3c87216..ae02bfd6c2 100644 --- a/tests/integration/update_cluster/complex/kubernetes.tf +++ b/tests/integration/update_cluster/complex/kubernetes.tf @@ -783,5 +783,11 @@ resource "aws_vpc" "complex-example-com" { } terraform { - required_version = ">= 0.12.0" + required_version = ">= 0.12.26" + required_providers { + aws = { + "source" = "hashicorp/aws" + "version" = ">= 2.46.0" + } + } } diff --git a/tests/integration/update_cluster/existing_iam/kubernetes.tf b/tests/integration/update_cluster/existing_iam/kubernetes.tf index e7afe43924..05858763a6 100644 --- a/tests/integration/update_cluster/existing_iam/kubernetes.tf +++ b/tests/integration/update_cluster/existing_iam/kubernetes.tf @@ -844,5 +844,11 @@ resource "aws_vpc" "existing-iam-example-com" { } terraform { - required_version = ">= 0.12.0" + required_version = ">= 0.12.26" + required_providers { + aws = { + "source" = "hashicorp/aws" + "version" = ">= 2.46.0" + } + } } diff --git a/tests/integration/update_cluster/existing_sg/kubernetes.tf b/tests/integration/update_cluster/existing_sg/kubernetes.tf index 44fb7cb2a1..4fa8531d32 100644 --- a/tests/integration/update_cluster/existing_sg/kubernetes.tf +++ b/tests/integration/update_cluster/existing_sg/kubernetes.tf @@ -1168,5 +1168,11 @@ resource "aws_vpc" "existingsg-example-com" { } terraform { - required_version = ">= 0.12.0" + required_version = ">= 0.12.26" + required_providers { + aws = { + "source" = "hashicorp/aws" + "version" = ">= 2.46.0" + } + } } diff --git a/tests/integration/update_cluster/externallb/kubernetes.tf b/tests/integration/update_cluster/externallb/kubernetes.tf index 973b60ecf3..12cd219215 100644 --- a/tests/integration/update_cluster/externallb/kubernetes.tf +++ b/tests/integration/update_cluster/externallb/kubernetes.tf @@ -573,5 +573,11 @@ resource "aws_vpc" "externallb-example-com" { } terraform { - required_version = ">= 0.12.0" + required_version = ">= 0.12.26" + required_providers { + aws = { + "source" = "hashicorp/aws" + "version" = ">= 2.46.0" + } + } } diff --git a/tests/integration/update_cluster/externalpolicies/kubernetes.tf b/tests/integration/update_cluster/externalpolicies/kubernetes.tf index d97b522184..5a1f2e8c26 100644 --- a/tests/integration/update_cluster/externalpolicies/kubernetes.tf +++ b/tests/integration/update_cluster/externalpolicies/kubernetes.tf @@ -749,5 +749,11 @@ resource "aws_vpc" "externalpolicies-example-com" { } terraform { - required_version = ">= 0.12.0" + required_version = ">= 0.12.26" + required_providers { + aws = { + "source" = "hashicorp/aws" + "version" = ">= 2.46.0" + } + } } diff --git a/tests/integration/update_cluster/ha/kubernetes.tf b/tests/integration/update_cluster/ha/kubernetes.tf index d2e8d794fd..d7fc3f32a6 100644 --- a/tests/integration/update_cluster/ha/kubernetes.tf +++ b/tests/integration/update_cluster/ha/kubernetes.tf @@ -896,5 +896,11 @@ resource "aws_vpc" "ha-example-com" { } terraform { - required_version = ">= 0.12.0" + required_version = ">= 0.12.26" + required_providers { + aws = { + "source" = "hashicorp/aws" + "version" = ">= 2.46.0" + } + } } diff --git a/tests/integration/update_cluster/ha_gce/kubernetes.tf b/tests/integration/update_cluster/ha_gce/kubernetes.tf index e438baf2cb..f248b72d87 100644 --- a/tests/integration/update_cluster/ha_gce/kubernetes.tf +++ b/tests/integration/update_cluster/ha_gce/kubernetes.tf @@ -17,8 +17,7 @@ output "region" { } provider "google" { - region = "us-test1" - version = ">= 3.0.0" + region = "us-test1" } resource "google_compute_disk" "d1-etcd-events-ha-gce-example-com" { @@ -497,5 +496,11 @@ resource "google_compute_network" "default" { } terraform { - required_version = ">= 0.12.0" + required_version = ">= 0.12.26" + required_providers { + google = { + "source" = "hashicorp/google" + "version" = ">= 2.19.0" + } + } } diff --git a/tests/integration/update_cluster/launch_templates/kubernetes.tf b/tests/integration/update_cluster/launch_templates/kubernetes.tf index 53b11aa0d5..56fe0123fc 100644 --- a/tests/integration/update_cluster/launch_templates/kubernetes.tf +++ b/tests/integration/update_cluster/launch_templates/kubernetes.tf @@ -714,5 +714,11 @@ resource "aws_vpc" "launchtemplates-example-com" { } terraform { - required_version = ">= 0.12.0" + required_version = ">= 0.12.26" + required_providers { + aws = { + "source" = "hashicorp/aws" + "version" = ">= 2.46.0" + } + } } diff --git a/tests/integration/update_cluster/lifecycle_phases/cluster-kubernetes.tf b/tests/integration/update_cluster/lifecycle_phases/cluster-kubernetes.tf index 22251c0cce..84a5f7f573 100644 --- a/tests/integration/update_cluster/lifecycle_phases/cluster-kubernetes.tf +++ b/tests/integration/update_cluster/lifecycle_phases/cluster-kubernetes.tf @@ -1,29 +1,29 @@ locals = { - bastion_security_group_ids = ["${aws_security_group.bastion-lifecyclephases-example-com.id}"] - bastions_role_arn = "${aws_iam_role.bastions-lifecyclephases-example-com.arn}" - bastions_role_name = "${aws_iam_role.bastions-lifecyclephases-example-com.name}" + bastion_security_group_ids = [aws_security_group.bastion-lifecyclephases-example-com.id] + bastions_role_arn = aws_iam_role.bastions-lifecyclephases-example-com.arn + bastions_role_name = aws_iam_role.bastions-lifecyclephases-example-com.name cluster_name = "lifecyclephases.example.com" - master_security_group_ids = ["${aws_security_group.masters-lifecyclephases-example-com.id}"] - masters_role_arn = "${aws_iam_role.masters-lifecyclephases-example-com.arn}" - masters_role_name = "${aws_iam_role.masters-lifecyclephases-example-com.name}" - node_security_group_ids = ["${aws_security_group.nodes-lifecyclephases-example-com.id}"] - node_subnet_ids = ["${aws_subnet.us-test-1a-lifecyclephases-example-com.id}"] - nodes_role_arn = "${aws_iam_role.nodes-lifecyclephases-example-com.arn}" - nodes_role_name = "${aws_iam_role.nodes-lifecyclephases-example-com.name}" + master_security_group_ids = [aws_security_group.masters-lifecyclephases-example-com.id] + masters_role_arn = aws_iam_role.masters-lifecyclephases-example-com.arn + masters_role_name = aws_iam_role.masters-lifecyclephases-example-com.name + node_security_group_ids = [aws_security_group.nodes-lifecyclephases-example-com.id] + node_subnet_ids = [aws_subnet.us-test-1a-lifecyclephases-example-com.id] + nodes_role_arn = aws_iam_role.nodes-lifecyclephases-example-com.arn + nodes_role_name = aws_iam_role.nodes-lifecyclephases-example-com.name region = "us-test-1" - vpc_id = "${aws_vpc.lifecyclephases-example-com.id}" + vpc_id = aws_vpc.lifecyclephases-example-com.id } output "bastion_security_group_ids" { - value = ["${aws_security_group.bastion-lifecyclephases-example-com.id}"] + value = [aws_security_group.bastion-lifecyclephases-example-com.id] } output "bastions_role_arn" { - value = "${aws_iam_role.bastions-lifecyclephases-example-com.arn}" + value = aws_iam_role.bastions-lifecyclephases-example-com.arn } output "bastions_role_name" { - value = "${aws_iam_role.bastions-lifecyclephases-example-com.name}" + value = aws_iam_role.bastions-lifecyclephases-example-com.name } output "cluster_name" { @@ -31,31 +31,31 @@ output "cluster_name" { } output "master_security_group_ids" { - value = ["${aws_security_group.masters-lifecyclephases-example-com.id}"] + value = [aws_security_group.masters-lifecyclephases-example-com.id] } output "masters_role_arn" { - value = "${aws_iam_role.masters-lifecyclephases-example-com.arn}" + value = aws_iam_role.masters-lifecyclephases-example-com.arn } output "masters_role_name" { - value = "${aws_iam_role.masters-lifecyclephases-example-com.name}" + value = aws_iam_role.masters-lifecyclephases-example-com.name } output "node_security_group_ids" { - value = ["${aws_security_group.nodes-lifecyclephases-example-com.id}"] + value = [aws_security_group.nodes-lifecyclephases-example-com.id] } output "node_subnet_ids" { - value = ["${aws_subnet.us-test-1a-lifecyclephases-example-com.id}"] + value = [aws_subnet.us-test-1a-lifecyclephases-example-com.id] } output "nodes_role_arn" { - value = "${aws_iam_role.nodes-lifecyclephases-example-com.arn}" + value = aws_iam_role.nodes-lifecyclephases-example-com.arn } output "nodes_role_name" { - value = "${aws_iam_role.nodes-lifecyclephases-example-com.name}" + value = aws_iam_role.nodes-lifecyclephases-example-com.name } output "region" { @@ -63,7 +63,7 @@ output "region" { } output "vpc_id" { - value = "${aws_vpc.lifecyclephases-example-com.id}" + value = aws_vpc.lifecyclephases-example-com.id } provider "aws" { @@ -72,10 +72,10 @@ provider "aws" { resource "aws_autoscaling_group" "bastion-lifecyclephases-example-com" { name = "bastion.lifecyclephases.example.com" - launch_configuration = "${aws_launch_configuration.bastion-lifecyclephases-example-com.id}" + launch_configuration = aws_launch_configuration.bastion-lifecyclephases-example-com.id max_size = 1 min_size = 1 - vpc_zone_identifier = ["${aws_subnet.utility-us-test-1a-lifecyclephases-example-com.id}"] + vpc_zone_identifier = [aws_subnet.utility-us-test-1a-lifecyclephases-example-com.id] tag = { key = "KubernetesCluster" @@ -101,10 +101,10 @@ resource "aws_autoscaling_group" "bastion-lifecyclephases-example-com" { resource "aws_autoscaling_group" "master-us-test-1a-masters-lifecyclephases-example-com" { name = "master-us-test-1a.masters.lifecyclephases.example.com" - launch_configuration = "${aws_launch_configuration.master-us-test-1a-masters-lifecyclephases-example-com.id}" + launch_configuration = aws_launch_configuration.master-us-test-1a-masters-lifecyclephases-example-com.id max_size = 1 min_size = 1 - vpc_zone_identifier = ["${aws_subnet.us-test-1a-lifecyclephases-example-com.id}"] + vpc_zone_identifier = [aws_subnet.us-test-1a-lifecyclephases-example-com.id] tag = { key = "KubernetesCluster" @@ -130,10 +130,10 @@ resource "aws_autoscaling_group" "master-us-test-1a-masters-lifecyclephases-exam resource "aws_autoscaling_group" "nodes-lifecyclephases-example-com" { name = "nodes.lifecyclephases.example.com" - launch_configuration = "${aws_launch_configuration.nodes-lifecyclephases-example-com.id}" + launch_configuration = aws_launch_configuration.nodes-lifecyclephases-example-com.id max_size = 2 min_size = 2 - vpc_zone_identifier = ["${aws_subnet.us-test-1a-lifecyclephases-example-com.id}"] + vpc_zone_identifier = [aws_subnet.us-test-1a-lifecyclephases-example-com.id] tag = { key = "KubernetesCluster" @@ -189,9 +189,9 @@ resource "aws_launch_configuration" "bastion-lifecyclephases-example-com" { name_prefix = "bastion.lifecyclephases.example.com-" image_id = "ami-12345678" instance_type = "t2.micro" - key_name = "${aws_key_pair.kubernetes-lifecyclephases-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id}" - iam_instance_profile = "${aws_iam_instance_profile.bastions-lifecyclephases-example-com.id}" - security_groups = ["${aws_security_group.bastion-lifecyclephases-example-com.id}"] + key_name = aws_key_pair.kubernetes-lifecyclephases-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id + iam_instance_profile = aws_iam_instance_profile.bastions-lifecyclephases-example-com.id + security_groups = [aws_security_group.bastion-lifecyclephases-example-com.id] associate_public_ip_address = true root_block_device = { @@ -211,11 +211,11 @@ resource "aws_launch_configuration" "master-us-test-1a-masters-lifecyclephases-e name_prefix = "master-us-test-1a.masters.lifecyclephases.example.com-" image_id = "ami-12345678" instance_type = "m3.medium" - key_name = "${aws_key_pair.kubernetes-lifecyclephases-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id}" - iam_instance_profile = "${aws_iam_instance_profile.masters-lifecyclephases-example-com.id}" - security_groups = ["${aws_security_group.masters-lifecyclephases-example-com.id}"] + key_name = aws_key_pair.kubernetes-lifecyclephases-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id + iam_instance_profile = aws_iam_instance_profile.masters-lifecyclephases-example-com.id + security_groups = [aws_security_group.masters-lifecyclephases-example-com.id] associate_public_ip_address = false - user_data = "${file("${path.module}/data/aws_launch_configuration_master-us-test-1a.masters.lifecyclephases.example.com_user_data")}" + user_data = file("${path.module}/data/aws_launch_configuration_master-us-test-1a.masters.lifecyclephases.example.com_user_data") root_block_device = { volume_type = "gp2" @@ -239,11 +239,11 @@ resource "aws_launch_configuration" "nodes-lifecyclephases-example-com" { name_prefix = "nodes.lifecyclephases.example.com-" image_id = "ami-12345678" instance_type = "t2.medium" - key_name = "${aws_key_pair.kubernetes-lifecyclephases-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id}" - iam_instance_profile = "${aws_iam_instance_profile.nodes-lifecyclephases-example-com.id}" - security_groups = ["${aws_security_group.nodes-lifecyclephases-example-com.id}"] + key_name = aws_key_pair.kubernetes-lifecyclephases-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id + iam_instance_profile = aws_iam_instance_profile.nodes-lifecyclephases-example-com.id + security_groups = [aws_security_group.nodes-lifecyclephases-example-com.id] associate_public_ip_address = false - user_data = "${file("${path.module}/data/aws_launch_configuration_nodes.lifecyclephases.example.com_user_data")}" + user_data = file("${path.module}/data/aws_launch_configuration_nodes.lifecyclephases.example.com_user_data") root_block_device = { volume_type = "gp2" @@ -258,6 +258,12 @@ resource "aws_launch_configuration" "nodes-lifecyclephases-example-com" { enable_monitoring = false } -terraform = { - required_version = ">= 0.9.3" +terraform { + required_version = ">= 0.12.26" + required_providers { + aws = { + "source" = "hashicorp/aws" + "version" = ">= 2.46.0" + } + } } diff --git a/tests/integration/update_cluster/lifecycle_phases/loadbalancer-kubernetes.tf b/tests/integration/update_cluster/lifecycle_phases/loadbalancer-kubernetes.tf index edf414c86d..b4814bc2d2 100644 --- a/tests/integration/update_cluster/lifecycle_phases/loadbalancer-kubernetes.tf +++ b/tests/integration/update_cluster/lifecycle_phases/loadbalancer-kubernetes.tf @@ -1,29 +1,29 @@ locals = { - bastion_security_group_ids = ["${aws_security_group.bastion-lifecyclephases-example-com.id}"] - bastions_role_arn = "${aws_iam_role.bastions-lifecyclephases-example-com.arn}" - bastions_role_name = "${aws_iam_role.bastions-lifecyclephases-example-com.name}" + bastion_security_group_ids = [aws_security_group.bastion-lifecyclephases-example-com.id] + bastions_role_arn = aws_iam_role.bastions-lifecyclephases-example-com.arn + bastions_role_name = aws_iam_role.bastions-lifecyclephases-example-com.name cluster_name = "lifecyclephases.example.com" - master_security_group_ids = ["${aws_security_group.masters-lifecyclephases-example-com.id}"] - masters_role_arn = "${aws_iam_role.masters-lifecyclephases-example-com.arn}" - masters_role_name = "${aws_iam_role.masters-lifecyclephases-example-com.name}" - node_security_group_ids = ["${aws_security_group.nodes-lifecyclephases-example-com.id}"] - node_subnet_ids = ["${aws_subnet.us-test-1a-lifecyclephases-example-com.id}"] - nodes_role_arn = "${aws_iam_role.nodes-lifecyclephases-example-com.arn}" - nodes_role_name = "${aws_iam_role.nodes-lifecyclephases-example-com.name}" + master_security_group_ids = [aws_security_group.masters-lifecyclephases-example-com.id] + masters_role_arn = aws_iam_role.masters-lifecyclephases-example-com.arn + masters_role_name = aws_iam_role.masters-lifecyclephases-example-com.name + node_security_group_ids = [aws_security_group.nodes-lifecyclephases-example-com.id] + node_subnet_ids = [aws_subnet.us-test-1a-lifecyclephases-example-com.id] + nodes_role_arn = aws_iam_role.nodes-lifecyclephases-example-com.arn + nodes_role_name = aws_iam_role.nodes-lifecyclephases-example-com.name region = "us-test-1" - vpc_id = "${aws_vpc.lifecyclephases-example-com.id}" + vpc_id = aws_vpc.lifecyclephases-example-com.id } output "bastion_security_group_ids" { - value = ["${aws_security_group.bastion-lifecyclephases-example-com.id}"] + value = [aws_security_group.bastion-lifecyclephases-example-com.id] } output "bastions_role_arn" { - value = "${aws_iam_role.bastions-lifecyclephases-example-com.arn}" + value = aws_iam_role.bastions-lifecyclephases-example-com.arn } output "bastions_role_name" { - value = "${aws_iam_role.bastions-lifecyclephases-example-com.name}" + value = aws_iam_role.bastions-lifecyclephases-example-com.name } output "cluster_name" { @@ -31,31 +31,31 @@ output "cluster_name" { } output "master_security_group_ids" { - value = ["${aws_security_group.masters-lifecyclephases-example-com.id}"] + value = [aws_security_group.masters-lifecyclephases-example-com.id] } output "masters_role_arn" { - value = "${aws_iam_role.masters-lifecyclephases-example-com.arn}" + value = aws_iam_role.masters-lifecyclephases-example-com.arn } output "masters_role_name" { - value = "${aws_iam_role.masters-lifecyclephases-example-com.name}" + value = aws_iam_role.masters-lifecyclephases-example-com.name } output "node_security_group_ids" { - value = ["${aws_security_group.nodes-lifecyclephases-example-com.id}"] + value = [aws_security_group.nodes-lifecyclephases-example-com.id] } output "node_subnet_ids" { - value = ["${aws_subnet.us-test-1a-lifecyclephases-example-com.id}"] + value = [aws_subnet.us-test-1a-lifecyclephases-example-com.id] } output "nodes_role_arn" { - value = "${aws_iam_role.nodes-lifecyclephases-example-com.arn}" + value = aws_iam_role.nodes-lifecyclephases-example-com.arn } output "nodes_role_name" { - value = "${aws_iam_role.nodes-lifecyclephases-example-com.name}" + value = aws_iam_role.nodes-lifecyclephases-example-com.name } output "region" { @@ -63,7 +63,7 @@ output "region" { } output "vpc_id" { - value = "${aws_vpc.lifecyclephases-example-com.id}" + value = aws_vpc.lifecyclephases-example-com.id } provider "aws" { @@ -71,13 +71,13 @@ provider "aws" { } resource "aws_autoscaling_attachment" "bastion-lifecyclephases-example-com" { - elb = "${aws_elb.bastion-lifecyclephases-example-com.id}" - autoscaling_group_name = "${aws_autoscaling_group.bastion-lifecyclephases-example-com.id}" + elb = aws_elb.bastion-lifecyclephases-example-com.id + autoscaling_group_name = aws_autoscaling_group.bastion-lifecyclephases-example-com.id } resource "aws_autoscaling_attachment" "master-us-test-1a-masters-lifecyclephases-example-com" { - elb = "${aws_elb.api-lifecyclephases-example-com.id}" - autoscaling_group_name = "${aws_autoscaling_group.master-us-test-1a-masters-lifecyclephases-example-com.id}" + elb = aws_elb.api-lifecyclephases-example-com.id + autoscaling_group_name = aws_autoscaling_group.master-us-test-1a-masters-lifecyclephases-example-com.id } resource "aws_elb" "api-lifecyclephases-example-com" { @@ -90,8 +90,8 @@ resource "aws_elb" "api-lifecyclephases-example-com" { lb_protocol = "TCP" } - security_groups = ["${aws_security_group.api-elb-lifecyclephases-example-com.id}"] - subnets = ["${aws_subnet.utility-us-test-1a-lifecyclephases-example-com.id}"] + security_groups = [aws_security_group.api-elb-lifecyclephases-example-com.id] + subnets = [aws_subnet.utility-us-test-1a-lifecyclephases-example-com.id] health_check = { target = "SSL:443" @@ -119,8 +119,8 @@ resource "aws_elb" "bastion-lifecyclephases-example-com" { lb_protocol = "TCP" } - security_groups = ["${aws_security_group.bastion-elb-lifecyclephases-example-com.id}"] - subnets = ["${aws_subnet.utility-us-test-1a-lifecyclephases-example-com.id}"] + security_groups = [aws_security_group.bastion-elb-lifecyclephases-example-com.id] + subnets = [aws_subnet.utility-us-test-1a-lifecyclephases-example-com.id] health_check = { target = "TCP:22" @@ -144,14 +144,20 @@ resource "aws_route53_record" "api-lifecyclephases-example-com" { type = "A" alias = { - name = "${aws_elb.api-lifecyclephases-example-com.dns_name}" - zone_id = "${aws_elb.api-lifecyclephases-example-com.zone_id}" + name = aws_elb.api-lifecyclephases-example-com.dns_name + zone_id = aws_elb.api-lifecyclephases-example-com.zone_id evaluate_target_health = false } zone_id = "/hostedzone/Z1AFAKE1ZON3YO" } -terraform = { - required_version = ">= 0.9.3" +terraform { + required_version = ">= 0.12.26" + required_providers { + aws = { + "source" = "hashicorp/aws" + "version" = ">= 2.46.0" + } + } } diff --git a/tests/integration/update_cluster/lifecycle_phases/network-kubernetes.tf b/tests/integration/update_cluster/lifecycle_phases/network-kubernetes.tf index 4c6062c824..4e2ce9ecc8 100644 --- a/tests/integration/update_cluster/lifecycle_phases/network-kubernetes.tf +++ b/tests/integration/update_cluster/lifecycle_phases/network-kubernetes.tf @@ -168,5 +168,11 @@ resource "aws_vpc" "lifecyclephases-example-com" { } terraform { - required_version = ">= 0.12.0" + required_version = ">= 0.12.26" + required_providers { + aws = { + "source" = "hashicorp/aws" + "version" = ">= 2.46.0" + } + } } diff --git a/tests/integration/update_cluster/lifecycle_phases/security-kubernetes.tf b/tests/integration/update_cluster/lifecycle_phases/security-kubernetes.tf index b35c6011fa..7e923fec38 100644 --- a/tests/integration/update_cluster/lifecycle_phases/security-kubernetes.tf +++ b/tests/integration/update_cluster/lifecycle_phases/security-kubernetes.tf @@ -1,20 +1,20 @@ locals = { - bastions_role_arn = "${aws_iam_role.bastions-lifecyclephases-example-com.arn}" - bastions_role_name = "${aws_iam_role.bastions-lifecyclephases-example-com.name}" + bastions_role_arn = aws_iam_role.bastions-lifecyclephases-example-com.arn + bastions_role_name = aws_iam_role.bastions-lifecyclephases-example-com.name cluster_name = "lifecyclephases.example.com" - masters_role_arn = "${aws_iam_role.masters-lifecyclephases-example-com.arn}" - masters_role_name = "${aws_iam_role.masters-lifecyclephases-example-com.name}" - nodes_role_arn = "${aws_iam_role.nodes-lifecyclephases-example-com.arn}" - nodes_role_name = "${aws_iam_role.nodes-lifecyclephases-example-com.name}" + masters_role_arn = aws_iam_role.masters-lifecyclephases-example-com.arn + masters_role_name = aws_iam_role.masters-lifecyclephases-example-com.name + nodes_role_arn = aws_iam_role.nodes-lifecyclephases-example-com.arn + nodes_role_name = aws_iam_role.nodes-lifecyclephases-example-com.name region = "us-test-1" } output "bastions_role_arn" { - value = "${aws_iam_role.bastions-lifecyclephases-example-com.arn}" + value = aws_iam_role.bastions-lifecyclephases-example-com.arn } output "bastions_role_name" { - value = "${aws_iam_role.bastions-lifecyclephases-example-com.name}" + value = aws_iam_role.bastions-lifecyclephases-example-com.name } output "cluster_name" { @@ -22,19 +22,19 @@ output "cluster_name" { } output "masters_role_arn" { - value = "${aws_iam_role.masters-lifecyclephases-example-com.arn}" + value = aws_iam_role.masters-lifecyclephases-example-com.arn } output "masters_role_name" { - value = "${aws_iam_role.masters-lifecyclephases-example-com.name}" + value = aws_iam_role.masters-lifecyclephases-example-com.name } output "nodes_role_arn" { - value = "${aws_iam_role.nodes-lifecyclephases-example-com.arn}" + value = aws_iam_role.nodes-lifecyclephases-example-com.arn } output "nodes_role_name" { - value = "${aws_iam_role.nodes-lifecyclephases-example-com.name}" + value = aws_iam_role.nodes-lifecyclephases-example-com.name } output "region" { @@ -47,60 +47,60 @@ provider "aws" { resource "aws_iam_instance_profile" "bastions-lifecyclephases-example-com" { name = "bastions.lifecyclephases.example.com" - role = "${aws_iam_role.bastions-lifecyclephases-example-com.name}" + role = aws_iam_role.bastions-lifecyclephases-example-com.name } resource "aws_iam_instance_profile" "masters-lifecyclephases-example-com" { name = "masters.lifecyclephases.example.com" - role = "${aws_iam_role.masters-lifecyclephases-example-com.name}" + role = aws_iam_role.masters-lifecyclephases-example-com.name } resource "aws_iam_instance_profile" "nodes-lifecyclephases-example-com" { name = "nodes.lifecyclephases.example.com" - role = "${aws_iam_role.nodes-lifecyclephases-example-com.name}" + role = aws_iam_role.nodes-lifecyclephases-example-com.name } resource "aws_iam_role" "bastions-lifecyclephases-example-com" { name = "bastions.lifecyclephases.example.com" - assume_role_policy = "${file("${path.module}/data/aws_iam_role_bastions.lifecyclephases.example.com_policy")}" + assume_role_policy = file("${path.module}/data/aws_iam_role_bastions.lifecyclephases.example.com_policy") } resource "aws_iam_role" "masters-lifecyclephases-example-com" { name = "masters.lifecyclephases.example.com" - assume_role_policy = "${file("${path.module}/data/aws_iam_role_masters.lifecyclephases.example.com_policy")}" + assume_role_policy = file("${path.module}/data/aws_iam_role_masters.lifecyclephases.example.com_policy") } resource "aws_iam_role" "nodes-lifecyclephases-example-com" { name = "nodes.lifecyclephases.example.com" - assume_role_policy = "${file("${path.module}/data/aws_iam_role_nodes.lifecyclephases.example.com_policy")}" + assume_role_policy = file("${path.module}/data/aws_iam_role_nodes.lifecyclephases.example.com_policy") } resource "aws_iam_role_policy" "bastions-lifecyclephases-example-com" { name = "bastions.lifecyclephases.example.com" - role = "${aws_iam_role.bastions-lifecyclephases-example-com.name}" - policy = "${file("${path.module}/data/aws_iam_role_policy_bastions.lifecyclephases.example.com_policy")}" + role = aws_iam_role.bastions-lifecyclephases-example-com.name + policy = file("${path.module}/data/aws_iam_role_policy_bastions.lifecyclephases.example.com_policy") } resource "aws_iam_role_policy" "masters-lifecyclephases-example-com" { name = "masters.lifecyclephases.example.com" - role = "${aws_iam_role.masters-lifecyclephases-example-com.name}" - policy = "${file("${path.module}/data/aws_iam_role_policy_masters.lifecyclephases.example.com_policy")}" + role = aws_iam_role.masters-lifecyclephases-example-com.name + policy = file("${path.module}/data/aws_iam_role_policy_masters.lifecyclephases.example.com_policy") } resource "aws_iam_role_policy" "nodes-lifecyclephases-example-com" { name = "nodes.lifecyclephases.example.com" - role = "${aws_iam_role.nodes-lifecyclephases-example-com.name}" - policy = "${file("${path.module}/data/aws_iam_role_policy_nodes.lifecyclephases.example.com_policy")}" + role = aws_iam_role.nodes-lifecyclephases-example-com.name + policy = file("${path.module}/data/aws_iam_role_policy_nodes.lifecyclephases.example.com_policy") } resource "aws_key_pair" "kubernetes-lifecyclephases-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157" { key_name = "kubernetes.lifecyclephases.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57" - public_key = "${file("${path.module}/data/aws_key_pair_kubernetes.lifecyclephases.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key")}" + public_key = file("${path.module}/data/aws_key_pair_kubernetes.lifecyclephases.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key") } resource "aws_security_group" "api-elb-lifecyclephases-example-com" { name = "api-elb.lifecyclephases.example.com" - vpc_id = "${aws_vpc.lifecyclephases-example-com.id}" + vpc_id = aws_vpc.lifecyclephases-example-com.id description = "Security group for api ELB" tags = { @@ -112,7 +112,7 @@ resource "aws_security_group" "api-elb-lifecyclephases-example-com" { resource "aws_security_group" "bastion-elb-lifecyclephases-example-com" { name = "bastion-elb.lifecyclephases.example.com" - vpc_id = "${aws_vpc.lifecyclephases-example-com.id}" + vpc_id = aws_vpc.lifecyclephases-example-com.id description = "Security group for bastion ELB" tags = { @@ -124,7 +124,7 @@ resource "aws_security_group" "bastion-elb-lifecyclephases-example-com" { resource "aws_security_group" "bastion-lifecyclephases-example-com" { name = "bastion.lifecyclephases.example.com" - vpc_id = "${aws_vpc.lifecyclephases-example-com.id}" + vpc_id = aws_vpc.lifecyclephases-example-com.id description = "Security group for bastion" tags = { @@ -136,7 +136,7 @@ resource "aws_security_group" "bastion-lifecyclephases-example-com" { resource "aws_security_group" "masters-lifecyclephases-example-com" { name = "masters.lifecyclephases.example.com" - vpc_id = "${aws_vpc.lifecyclephases-example-com.id}" + vpc_id = aws_vpc.lifecyclephases-example-com.id description = "Security group for masters" tags = { @@ -148,7 +148,7 @@ resource "aws_security_group" "masters-lifecyclephases-example-com" { resource "aws_security_group" "nodes-lifecyclephases-example-com" { name = "nodes.lifecyclephases.example.com" - vpc_id = "${aws_vpc.lifecyclephases-example-com.id}" + vpc_id = aws_vpc.lifecyclephases-example-com.id description = "Security group for nodes" tags = { @@ -160,8 +160,8 @@ resource "aws_security_group" "nodes-lifecyclephases-example-com" { resource "aws_security_group_rule" "all-master-to-master" { type = "ingress" - security_group_id = "${aws_security_group.masters-lifecyclephases-example-com.id}" - source_security_group_id = "${aws_security_group.masters-lifecyclephases-example-com.id}" + security_group_id = aws_security_group.masters-lifecyclephases-example-com.id + source_security_group_id = aws_security_group.masters-lifecyclephases-example-com.id from_port = 0 to_port = 0 protocol = "-1" @@ -169,8 +169,8 @@ resource "aws_security_group_rule" "all-master-to-master" { resource "aws_security_group_rule" "all-master-to-node" { type = "ingress" - security_group_id = "${aws_security_group.nodes-lifecyclephases-example-com.id}" - source_security_group_id = "${aws_security_group.masters-lifecyclephases-example-com.id}" + security_group_id = aws_security_group.nodes-lifecyclephases-example-com.id + source_security_group_id = aws_security_group.masters-lifecyclephases-example-com.id from_port = 0 to_port = 0 protocol = "-1" @@ -178,8 +178,8 @@ resource "aws_security_group_rule" "all-master-to-node" { resource "aws_security_group_rule" "all-node-to-node" { type = "ingress" - security_group_id = "${aws_security_group.nodes-lifecyclephases-example-com.id}" - source_security_group_id = "${aws_security_group.nodes-lifecyclephases-example-com.id}" + security_group_id = aws_security_group.nodes-lifecyclephases-example-com.id + source_security_group_id = aws_security_group.nodes-lifecyclephases-example-com.id from_port = 0 to_port = 0 protocol = "-1" @@ -187,7 +187,7 @@ resource "aws_security_group_rule" "all-node-to-node" { resource "aws_security_group_rule" "api-elb-egress" { type = "egress" - security_group_id = "${aws_security_group.api-elb-lifecyclephases-example-com.id}" + security_group_id = aws_security_group.api-elb-lifecyclephases-example-com.id from_port = 0 to_port = 0 protocol = "-1" @@ -196,7 +196,7 @@ resource "aws_security_group_rule" "api-elb-egress" { resource "aws_security_group_rule" "bastion-egress" { type = "egress" - security_group_id = "${aws_security_group.bastion-lifecyclephases-example-com.id}" + security_group_id = aws_security_group.bastion-lifecyclephases-example-com.id from_port = 0 to_port = 0 protocol = "-1" @@ -205,7 +205,7 @@ resource "aws_security_group_rule" "bastion-egress" { resource "aws_security_group_rule" "bastion-elb-egress" { type = "egress" - security_group_id = "${aws_security_group.bastion-elb-lifecyclephases-example-com.id}" + security_group_id = aws_security_group.bastion-elb-lifecyclephases-example-com.id from_port = 0 to_port = 0 protocol = "-1" @@ -214,8 +214,8 @@ resource "aws_security_group_rule" "bastion-elb-egress" { resource "aws_security_group_rule" "bastion-to-master-ssh" { type = "ingress" - security_group_id = "${aws_security_group.masters-lifecyclephases-example-com.id}" - source_security_group_id = "${aws_security_group.bastion-lifecyclephases-example-com.id}" + security_group_id = aws_security_group.masters-lifecyclephases-example-com.id + source_security_group_id = aws_security_group.bastion-lifecyclephases-example-com.id from_port = 22 to_port = 22 protocol = "tcp" @@ -223,8 +223,8 @@ resource "aws_security_group_rule" "bastion-to-master-ssh" { resource "aws_security_group_rule" "bastion-to-node-ssh" { type = "ingress" - security_group_id = "${aws_security_group.nodes-lifecyclephases-example-com.id}" - source_security_group_id = "${aws_security_group.bastion-lifecyclephases-example-com.id}" + security_group_id = aws_security_group.nodes-lifecyclephases-example-com.id + source_security_group_id = aws_security_group.bastion-lifecyclephases-example-com.id from_port = 22 to_port = 22 protocol = "tcp" @@ -232,7 +232,7 @@ resource "aws_security_group_rule" "bastion-to-node-ssh" { resource "aws_security_group_rule" "https-api-elb-0-0-0-0--0" { type = "ingress" - security_group_id = "${aws_security_group.api-elb-lifecyclephases-example-com.id}" + security_group_id = aws_security_group.api-elb-lifecyclephases-example-com.id from_port = 443 to_port = 443 protocol = "tcp" @@ -241,8 +241,8 @@ resource "aws_security_group_rule" "https-api-elb-0-0-0-0--0" { resource "aws_security_group_rule" "https-elb-to-master" { type = "ingress" - security_group_id = "${aws_security_group.masters-lifecyclephases-example-com.id}" - source_security_group_id = "${aws_security_group.api-elb-lifecyclephases-example-com.id}" + security_group_id = aws_security_group.masters-lifecyclephases-example-com.id + source_security_group_id = aws_security_group.api-elb-lifecyclephases-example-com.id from_port = 443 to_port = 443 protocol = "tcp" @@ -250,7 +250,7 @@ resource "aws_security_group_rule" "https-elb-to-master" { resource "aws_security_group_rule" "master-egress" { type = "egress" - security_group_id = "${aws_security_group.masters-lifecyclephases-example-com.id}" + security_group_id = aws_security_group.masters-lifecyclephases-example-com.id from_port = 0 to_port = 0 protocol = "-1" @@ -259,7 +259,7 @@ resource "aws_security_group_rule" "master-egress" { resource "aws_security_group_rule" "node-egress" { type = "egress" - security_group_id = "${aws_security_group.nodes-lifecyclephases-example-com.id}" + security_group_id = aws_security_group.nodes-lifecyclephases-example-com.id from_port = 0 to_port = 0 protocol = "-1" @@ -268,8 +268,8 @@ resource "aws_security_group_rule" "node-egress" { resource "aws_security_group_rule" "node-to-master-tcp-1-2379" { type = "ingress" - security_group_id = "${aws_security_group.masters-lifecyclephases-example-com.id}" - source_security_group_id = "${aws_security_group.nodes-lifecyclephases-example-com.id}" + security_group_id = aws_security_group.masters-lifecyclephases-example-com.id + source_security_group_id = aws_security_group.nodes-lifecyclephases-example-com.id from_port = 1 to_port = 2379 protocol = "tcp" @@ -277,8 +277,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-1-2379" { resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" { type = "ingress" - security_group_id = "${aws_security_group.masters-lifecyclephases-example-com.id}" - source_security_group_id = "${aws_security_group.nodes-lifecyclephases-example-com.id}" + security_group_id = aws_security_group.masters-lifecyclephases-example-com.id + source_security_group_id = aws_security_group.nodes-lifecyclephases-example-com.id from_port = 2382 to_port = 4000 protocol = "tcp" @@ -286,8 +286,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" { resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" { type = "ingress" - security_group_id = "${aws_security_group.masters-lifecyclephases-example-com.id}" - source_security_group_id = "${aws_security_group.nodes-lifecyclephases-example-com.id}" + security_group_id = aws_security_group.masters-lifecyclephases-example-com.id + source_security_group_id = aws_security_group.nodes-lifecyclephases-example-com.id from_port = 4003 to_port = 65535 protocol = "tcp" @@ -295,8 +295,8 @@ resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" { resource "aws_security_group_rule" "node-to-master-udp-1-65535" { type = "ingress" - security_group_id = "${aws_security_group.masters-lifecyclephases-example-com.id}" - source_security_group_id = "${aws_security_group.nodes-lifecyclephases-example-com.id}" + security_group_id = aws_security_group.masters-lifecyclephases-example-com.id + source_security_group_id = aws_security_group.nodes-lifecyclephases-example-com.id from_port = 1 to_port = 65535 protocol = "udp" @@ -304,8 +304,8 @@ resource "aws_security_group_rule" "node-to-master-udp-1-65535" { resource "aws_security_group_rule" "ssh-elb-to-bastion" { type = "ingress" - security_group_id = "${aws_security_group.bastion-lifecyclephases-example-com.id}" - source_security_group_id = "${aws_security_group.bastion-elb-lifecyclephases-example-com.id}" + security_group_id = aws_security_group.bastion-lifecyclephases-example-com.id + source_security_group_id = aws_security_group.bastion-elb-lifecyclephases-example-com.id from_port = 22 to_port = 22 protocol = "tcp" @@ -313,13 +313,19 @@ resource "aws_security_group_rule" "ssh-elb-to-bastion" { resource "aws_security_group_rule" "ssh-external-to-bastion-elb-0-0-0-0--0" { type = "ingress" - security_group_id = "${aws_security_group.bastion-elb-lifecyclephases-example-com.id}" + security_group_id = aws_security_group.bastion-elb-lifecyclephases-example-com.id from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } -terraform = { - required_version = ">= 0.9.3" +terraform { + required_version = ">= 0.12.26" + required_providers { + aws = { + "source" = "hashicorp/aws" + "version" = ">= 2.46.0" + } + } } diff --git a/tests/integration/update_cluster/minimal-json/kubernetes.tf.json b/tests/integration/update_cluster/minimal-json/kubernetes.tf.json index 0a5d7df834..e78a27736b 100644 --- a/tests/integration/update_cluster/minimal-json/kubernetes.tf.json +++ b/tests/integration/update_cluster/minimal-json/kubernetes.tf.json @@ -641,6 +641,12 @@ } }, "terraform": { - "required_version": "\u003e= 0.12.0" + "required_providers": { + "aws": { + "source": "hashicorp/aws", + "version": "\u003e= 2.46.0" + } + }, + "required_version": "\u003e= 0.12.26" } } diff --git a/tests/integration/update_cluster/minimal-tf11/data/aws_iam_role_masters.minimal-json.example.com_policy b/tests/integration/update_cluster/minimal-tf11/data/aws_iam_role_masters.minimal-json.example.com_policy deleted file mode 100644 index 66d5de1d5a..0000000000 --- a/tests/integration/update_cluster/minimal-tf11/data/aws_iam_role_masters.minimal-json.example.com_policy +++ /dev/null @@ -1,10 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { "Service": "ec2.amazonaws.com"}, - "Action": "sts:AssumeRole" - } - ] -} diff --git a/tests/integration/update_cluster/minimal-tf11/data/aws_iam_role_masters.minimal-tf11.example.com_policy b/tests/integration/update_cluster/minimal-tf11/data/aws_iam_role_masters.minimal-tf11.example.com_policy deleted file mode 100644 index 66d5de1d5a..0000000000 --- a/tests/integration/update_cluster/minimal-tf11/data/aws_iam_role_masters.minimal-tf11.example.com_policy +++ /dev/null @@ -1,10 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { "Service": "ec2.amazonaws.com"}, - "Action": "sts:AssumeRole" - } - ] -} diff --git a/tests/integration/update_cluster/minimal-tf11/data/aws_iam_role_nodes.minimal-json.example.com_policy b/tests/integration/update_cluster/minimal-tf11/data/aws_iam_role_nodes.minimal-json.example.com_policy deleted file mode 100644 index 66d5de1d5a..0000000000 --- a/tests/integration/update_cluster/minimal-tf11/data/aws_iam_role_nodes.minimal-json.example.com_policy +++ /dev/null @@ -1,10 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { "Service": "ec2.amazonaws.com"}, - "Action": "sts:AssumeRole" - } - ] -} diff --git a/tests/integration/update_cluster/minimal-tf11/data/aws_iam_role_nodes.minimal-tf11.example.com_policy b/tests/integration/update_cluster/minimal-tf11/data/aws_iam_role_nodes.minimal-tf11.example.com_policy deleted file mode 100644 index 66d5de1d5a..0000000000 --- a/tests/integration/update_cluster/minimal-tf11/data/aws_iam_role_nodes.minimal-tf11.example.com_policy +++ /dev/null @@ -1,10 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Principal": { "Service": "ec2.amazonaws.com"}, - "Action": "sts:AssumeRole" - } - ] -} diff --git a/tests/integration/update_cluster/minimal-tf11/data/aws_iam_role_policy_masters.minimal-json.example.com_policy b/tests/integration/update_cluster/minimal-tf11/data/aws_iam_role_policy_masters.minimal-json.example.com_policy deleted file mode 100644 index 340dff1ef9..0000000000 --- a/tests/integration/update_cluster/minimal-tf11/data/aws_iam_role_policy_masters.minimal-json.example.com_policy +++ /dev/null @@ -1,102 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "ec2:*" - ], - "Resource": [ - "*" - ] - }, - { - "Effect": "Allow", - "Action": [ - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeAutoScalingInstances", - "autoscaling:DescribeLaunchConfigurations", - "autoscaling:DescribeTags", - "autoscaling:SetDesiredCapacity", - "autoscaling:TerminateInstanceInAutoScalingGroup", - "autoscaling:UpdateAutoScalingGroup", - "ec2:DescribeLaunchTemplateVersions" - ], - "Resource": [ - "*" - ] - }, - { - "Effect": "Allow", - "Action": [ - "elasticloadbalancing:*" - ], - "Resource": [ - "*" - ] - }, - { - "Effect": "Allow", - "Action": [ - "iam:ListServerCertificates", - "iam:GetServerCertificate" - ], - "Resource": [ - "*" - ] - }, - { - "Effect": "Allow", - "Action": [ - "route53:ChangeResourceRecordSets", - "route53:ListResourceRecordSets", - "route53:GetHostedZone" - ], - "Resource": [ - "arn:aws:route53:::hostedzone/Z1AFAKE1ZON3YO" - ] - }, - { - "Effect": "Allow", - "Action": [ - "route53:GetChange" - ], - "Resource": [ - "arn:aws:route53:::change/*" - ] - }, - { - "Effect": "Allow", - "Action": [ - "route53:ListHostedZones" - ], - "Resource": [ - "*" - ] - }, - { - "Effect": "Allow", - "Action": [ - "route53:ListHostedZones" - ], - "Resource": [ - "*" - ] - }, - { - "Effect": "Allow", - "Action": [ - "ecr:GetAuthorizationToken", - "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:GetRepositoryPolicy", - "ecr:DescribeRepositories", - "ecr:ListImages", - "ecr:BatchGetImage" - ], - "Resource": [ - "*" - ] - } - ] -} diff --git a/tests/integration/update_cluster/minimal-tf11/data/aws_iam_role_policy_masters.minimal-tf11.example.com_policy b/tests/integration/update_cluster/minimal-tf11/data/aws_iam_role_policy_masters.minimal-tf11.example.com_policy deleted file mode 100644 index 3e21f7e846..0000000000 --- a/tests/integration/update_cluster/minimal-tf11/data/aws_iam_role_policy_masters.minimal-tf11.example.com_policy +++ /dev/null @@ -1,170 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "ec2:DescribeAccountAttributes", - "ec2:DescribeInstances", - "ec2:DescribeInternetGateways", - "ec2:DescribeRegions", - "ec2:DescribeRouteTables", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeVolumes" - ], - "Resource": [ - "*" - ] - }, - { - "Effect": "Allow", - "Action": [ - "ec2:CreateSecurityGroup", - "ec2:CreateTags", - "ec2:CreateVolume", - "ec2:DescribeVolumesModifications", - "ec2:ModifyInstanceAttribute", - "ec2:ModifyVolume" - ], - "Resource": [ - "*" - ] - }, - { - "Effect": "Allow", - "Action": [ - "ec2:AttachVolume", - "ec2:AuthorizeSecurityGroupIngress", - "ec2:CreateRoute", - "ec2:DeleteRoute", - "ec2:DeleteSecurityGroup", - "ec2:DeleteVolume", - "ec2:DetachVolume", - "ec2:RevokeSecurityGroupIngress" - ], - "Resource": [ - "*" - ], - "Condition": { - "StringEquals": { - "ec2:ResourceTag/KubernetesCluster": "minimal-tf11.example.com" - } - } - }, - { - "Effect": "Allow", - "Action": [ - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeLaunchConfigurations", - "autoscaling:DescribeTags", - "ec2:DescribeLaunchTemplateVersions" - ], - "Resource": [ - "*" - ] - }, - { - "Effect": "Allow", - "Action": [ - "autoscaling:SetDesiredCapacity", - "autoscaling:TerminateInstanceInAutoScalingGroup", - "autoscaling:UpdateAutoScalingGroup" - ], - "Resource": [ - "*" - ], - "Condition": { - "StringEquals": { - "autoscaling:ResourceTag/KubernetesCluster": "minimal-tf11.example.com" - } - } - }, - { - "Effect": "Allow", - "Action": [ - "elasticloadbalancing:AddTags", - "elasticloadbalancing:AttachLoadBalancerToSubnets", - "elasticloadbalancing:ApplySecurityGroupsToLoadBalancer", - "elasticloadbalancing:CreateLoadBalancer", - "elasticloadbalancing:CreateLoadBalancerPolicy", - "elasticloadbalancing:CreateLoadBalancerListeners", - "elasticloadbalancing:ConfigureHealthCheck", - "elasticloadbalancing:DeleteLoadBalancer", - "elasticloadbalancing:DeleteLoadBalancerListeners", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DetachLoadBalancerFromSubnets", - "elasticloadbalancing:DeregisterInstancesFromLoadBalancer", - "elasticloadbalancing:ModifyLoadBalancerAttributes", - "elasticloadbalancing:RegisterInstancesWithLoadBalancer", - "elasticloadbalancing:SetLoadBalancerPoliciesForBackendServer" - ], - "Resource": [ - "*" - ] - }, - { - "Effect": "Allow", - "Action": [ - "ec2:DescribeVpcs", - "elasticloadbalancing:AddTags", - "elasticloadbalancing:CreateListener", - "elasticloadbalancing:CreateTargetGroup", - "elasticloadbalancing:DeleteListener", - "elasticloadbalancing:DeleteTargetGroup", - "elasticloadbalancing:DeregisterTargets", - "elasticloadbalancing:DescribeListeners", - "elasticloadbalancing:DescribeLoadBalancerPolicies", - "elasticloadbalancing:DescribeTargetGroups", - "elasticloadbalancing:DescribeTargetHealth", - "elasticloadbalancing:ModifyListener", - "elasticloadbalancing:ModifyTargetGroup", - "elasticloadbalancing:RegisterTargets", - "elasticloadbalancing:SetLoadBalancerPoliciesOfListener" - ], - "Resource": [ - "*" - ] - }, - { - "Effect": "Allow", - "Action": [ - "iam:ListServerCertificates", - "iam:GetServerCertificate" - ], - "Resource": [ - "*" - ] - }, - { - "Effect": "Allow", - "Action": [ - "route53:ChangeResourceRecordSets", - "route53:ListResourceRecordSets", - "route53:GetHostedZone" - ], - "Resource": [ - "arn:aws:route53:::hostedzone/Z1AFAKE1ZON3YO" - ] - }, - { - "Effect": "Allow", - "Action": [ - "route53:GetChange" - ], - "Resource": [ - "arn:aws:route53:::change/*" - ] - }, - { - "Effect": "Allow", - "Action": [ - "route53:ListHostedZones" - ], - "Resource": [ - "*" - ] - } - ] -} diff --git a/tests/integration/update_cluster/minimal-tf11/data/aws_iam_role_policy_nodes.minimal-json.example.com_policy b/tests/integration/update_cluster/minimal-tf11/data/aws_iam_role_policy_nodes.minimal-json.example.com_policy deleted file mode 100644 index ef2600b497..0000000000 --- a/tests/integration/update_cluster/minimal-tf11/data/aws_iam_role_policy_nodes.minimal-json.example.com_policy +++ /dev/null @@ -1,68 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "ec2:DescribeInstances", - "ec2:DescribeRegions" - ], - "Resource": [ - "*" - ] - }, - { - "Effect": "Allow", - "Action": [ - "route53:ChangeResourceRecordSets", - "route53:ListResourceRecordSets", - "route53:GetHostedZone" - ], - "Resource": [ - "arn:aws:route53:::hostedzone/Z1AFAKE1ZON3YO" - ] - }, - { - "Effect": "Allow", - "Action": [ - "route53:GetChange" - ], - "Resource": [ - "arn:aws:route53:::change/*" - ] - }, - { - "Effect": "Allow", - "Action": [ - "route53:ListHostedZones" - ], - "Resource": [ - "*" - ] - }, - { - "Effect": "Allow", - "Action": [ - "route53:ListHostedZones" - ], - "Resource": [ - "*" - ] - }, - { - "Effect": "Allow", - "Action": [ - "ecr:GetAuthorizationToken", - "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:GetRepositoryPolicy", - "ecr:DescribeRepositories", - "ecr:ListImages", - "ecr:BatchGetImage" - ], - "Resource": [ - "*" - ] - } - ] -} diff --git a/tests/integration/update_cluster/minimal-tf11/data/aws_iam_role_policy_nodes.minimal-tf11.example.com_policy b/tests/integration/update_cluster/minimal-tf11/data/aws_iam_role_policy_nodes.minimal-tf11.example.com_policy deleted file mode 100644 index ec7bf70d63..0000000000 --- a/tests/integration/update_cluster/minimal-tf11/data/aws_iam_role_policy_nodes.minimal-tf11.example.com_policy +++ /dev/null @@ -1,15 +0,0 @@ -{ - "Version": "2012-10-17", - "Statement": [ - { - "Effect": "Allow", - "Action": [ - "ec2:DescribeInstances", - "ec2:DescribeRegions" - ], - "Resource": [ - "*" - ] - } - ] -} diff --git a/tests/integration/update_cluster/minimal-tf11/data/aws_key_pair_kubernetes.minimal-json.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key b/tests/integration/update_cluster/minimal-tf11/data/aws_key_pair_kubernetes.minimal-json.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key deleted file mode 100644 index 81cb012783..0000000000 --- a/tests/integration/update_cluster/minimal-tf11/data/aws_key_pair_kubernetes.minimal-json.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCtWu40XQo8dczLsCq0OWV+hxm9uV3WxeH9Kgh4sMzQxNtoU1pvW0XdjpkBesRKGoolfWeCLXWxpyQb1IaiMkKoz7MdhQ/6UKjMjP66aFWWp3pwD0uj0HuJ7tq4gKHKRYGTaZIRWpzUiANBrjugVgA+Sd7E/mYwc/DMXkIyRZbvhQ== diff --git a/tests/integration/update_cluster/minimal-tf11/data/aws_key_pair_kubernetes.minimal-tf11.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key b/tests/integration/update_cluster/minimal-tf11/data/aws_key_pair_kubernetes.minimal-tf11.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key deleted file mode 100644 index 81cb012783..0000000000 --- a/tests/integration/update_cluster/minimal-tf11/data/aws_key_pair_kubernetes.minimal-tf11.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCtWu40XQo8dczLsCq0OWV+hxm9uV3WxeH9Kgh4sMzQxNtoU1pvW0XdjpkBesRKGoolfWeCLXWxpyQb1IaiMkKoz7MdhQ/6UKjMjP66aFWWp3pwD0uj0HuJ7tq4gKHKRYGTaZIRWpzUiANBrjugVgA+Sd7E/mYwc/DMXkIyRZbvhQ== diff --git a/tests/integration/update_cluster/minimal-tf11/data/aws_launch_template_master-us-test-1a.masters.minimal-tf11.example.com_user_data b/tests/integration/update_cluster/minimal-tf11/data/aws_launch_template_master-us-test-1a.masters.minimal-tf11.example.com_user_data deleted file mode 100644 index 74aa665932..0000000000 --- a/tests/integration/update_cluster/minimal-tf11/data/aws_launch_template_master-us-test-1a.masters.minimal-tf11.example.com_user_data +++ /dev/null @@ -1 +0,0 @@ -IyEvYmluL2Jhc2gKIyBDb3B5cmlnaHQgMjAxNiBUaGUgS3ViZXJuZXRlcyBBdXRob3JzIEFsbCByaWdodHMgcmVzZXJ2ZWQuCiMKIyBMaWNlbnNlZCB1bmRlciB0aGUgQXBhY2hlIExpY2Vuc2UsIFZlcnNpb24gMi4wICh0aGUgIkxpY2Vuc2UiKTsKIyB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiMgWW91IG1heSBvYnRhaW4gYSBjb3B5IG9mIHRoZSBMaWNlbnNlIGF0CiMKIyAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzL0xJQ0VOU0UtMi4wCiMKIyBVbmxlc3MgcmVxdWlyZWQgYnkgYXBwbGljYWJsZSBsYXcgb3IgYWdyZWVkIHRvIGluIHdyaXRpbmcsIHNvZnR3YXJlCiMgZGlzdHJpYnV0ZWQgdW5kZXIgdGhlIExpY2Vuc2UgaXMgZGlzdHJpYnV0ZWQgb24gYW4gIkFTIElTIiBCQVNJUywKIyBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KIyBTZWUgdGhlIExpY2Vuc2UgZm9yIHRoZSBzcGVjaWZpYyBsYW5ndWFnZSBnb3Zlcm5pbmcgcGVybWlzc2lvbnMgYW5kCiMgbGltaXRhdGlvbnMgdW5kZXIgdGhlIExpY2Vuc2UuCgpzZXQgLW8gZXJyZXhpdApzZXQgLW8gbm91bnNldApzZXQgLW8gcGlwZWZhaWwKCk5PREVVUF9VUkxfQU1ENjQ9aHR0cHM6Ly9hcnRpZmFjdHMuazhzLmlvL2JpbmFyaWVzL2tvcHMvMS4xOS4wLWFscGhhLjMvbGludXgvYW1kNjQvbm9kZXVwLGh0dHBzOi8vZ2l0aHViLmNvbS9rdWJlcm5ldGVzL2tvcHMvcmVsZWFzZXMvZG93bmxvYWQvdjEuMTkuMC1hbHBoYS4zL25vZGV1cC1saW51eC1hbWQ2NCxodHRwczovL2t1YmV1cHYyLnMzLmFtYXpvbmF3cy5jb20va29wcy8xLjE5LjAtYWxwaGEuMy9saW51eC9hbWQ2NC9ub2RldXAKTk9ERVVQX0hBU0hfQU1ENjQ9Njk4MGZkYTRmYTM3YmJkYzA0MzczOGNmNGRkYWM2Mzg4ZWI1N2Y1NjE4OTVjNjkyOTljMWIwZWUyNjNkNDY1ZApOT0RFVVBfVVJMX0FSTTY0PWh0dHBzOi8vYXJ0aWZhY3RzLms4cy5pby9iaW5hcmllcy9rb3BzLzEuMTkuMC1hbHBoYS4zL2xpbnV4L2FybTY0L25vZGV1cCxodHRwczovL2dpdGh1Yi5jb20va3ViZXJuZXRlcy9rb3BzL3JlbGVhc2VzL2Rvd25sb2FkL3YxLjE5LjAtYWxwaGEuMy9ub2RldXAtbGludXgtYXJtNjQsaHR0cHM6Ly9rdWJldXB2Mi5zMy5hbWF6b25hd3MuY29tL2tvcHMvMS4xOS4wLWFscGhhLjMvbGludXgvYXJtNjQvbm9kZXVwCk5PREVVUF9IQVNIX0FSTTY0PWRjYzdmOWYzYzE4MGVlNzZhNTExNjI3ZTQ2ZGEwYWM2OWNkY2I1MThjZGYzYmUzNDhlNWVkMDQ2ZDQ5MWViODcKCmV4cG9ydCBBV1NfUkVHSU9OPXVzLXRlc3QtMQoKCgoKZnVuY3Rpb24gZW5zdXJlLWluc3RhbGwtZGlyKCkgewogIElOU1RBTExfRElSPSIvb3B0L2tvcHMiCiAgIyBPbiBDb250YWluZXJPUywgd2UgaW5zdGFsbCB1bmRlciAvdmFyL2xpYi90b29sYm94OyAvb3B0IGlzIHJvIGFuZCBub2V4ZWMKICBpZiBbWyAtZCAvdmFyL2xpYi90b29sYm94IF1dOyB0aGVuCiAgICBJTlNUQUxMX0RJUj0iL3Zhci9saWIvdG9vbGJveC9rb3BzIgogIGZpCiAgbWtkaXIgLXAgJHtJTlNUQUxMX0RJUn0vYmluCiAgbWtkaXIgLXAgJHtJTlNUQUxMX0RJUn0vY29uZgogIGNkICR7SU5TVEFMTF9ESVJ9Cn0KCiMgUmV0cnkgYSBkb3dubG9hZCB1bnRpbCB3ZSBnZXQgaXQuIGFyZ3M6IG5hbWUsIHNoYSwgdXJsMSwgdXJsMi4uLgpkb3dubG9hZC1vci1idXN0KCkgewogIGxvY2FsIC1yIGZpbGU9IiQxIgogIGxvY2FsIC1yIGhhc2g9IiQyIgogIHNoaWZ0IDIKCiAgdXJscz0oICQqICkKICB3aGlsZSB0cnVlOyBkbwogICAgZm9yIHVybCBpbiAiJHt1cmxzW0BdfSI7IGRvCiAgICAgIGNvbW1hbmRzPSgKICAgICAgICAiY3VybCAtZiAtLWlwdjQgLS1jb21wcmVzc2VkIC1MbyAiJHtmaWxlfSIgLS1jb25uZWN0LXRpbWVvdXQgMjAgLS1yZXRyeSA2IC0tcmV0cnktZGVsYXkgMTAiCiAgICAgICAgIndnZXQgLS1pbmV0NC1vbmx5IC0tY29tcHJlc3Npb249YXV0byAtTyAiJHtmaWxlfSIgLS1jb25uZWN0LXRpbWVvdXQ9MjAgLS10cmllcz02IC0td2FpdD0xMCIKICAgICAgICAiY3VybCAtZiAtLWlwdjQgLUxvICIke2ZpbGV9IiAtLWNvbm5lY3QtdGltZW91dCAyMCAtLXJldHJ5IDYgLS1yZXRyeS1kZWxheSAxMCIKICAgICAgICAid2dldCAtLWluZXQ0LW9ubHkgLU8gIiR7ZmlsZX0iIC0tY29ubmVjdC10aW1lb3V0PTIwIC0tdHJpZXM9NiAtLXdhaXQ9MTAiCiAgICAgICkKICAgICAgZm9yIGNtZCBpbiAiJHtjb21tYW5kc1tAXX0iOyBkbwogICAgICAgIGVjaG8gIkF0dGVtcHRpbmcgZG93bmxvYWQgd2l0aDogJHtjbWR9IHt1cmx9IgogICAgICAgIGlmICEgKCR7Y21kfSAiJHt1cmx9Iik7IHRoZW4KICAgICAgICAgIGVjaG8gIj09IERvd25sb2FkIGZhaWxlZCB3aXRoICR7Y21kfSA9PSIKICAgICAgICAgIGNvbnRpbnVlCiAgICAgICAgZmkKICAgICAgICBpZiBbWyAtbiAiJHtoYXNofSIgXV0gJiYgISB2YWxpZGF0ZS1oYXNoICIke2ZpbGV9IiAiJHtoYXNofSI7IHRoZW4KICAgICAgICAgIGVjaG8gIj09IEhhc2ggdmFsaWRhdGlvbiBvZiAke3VybH0gZmFpbGVkLiBSZXRyeWluZy4gPT0iCiAgICAgICAgICBybSAtZiAiJHtmaWxlfSIKICAgICAgICBlbHNlCiAgICAgICAgICBpZiBbWyAtbiAiJHtoYXNofSIgXV07IHRoZW4KICAgICAgICAgICAgZWNobyAiPT0gRG93bmxvYWRlZCAke3VybH0gKFNIQTEgPSAke2hhc2h9KSA9PSIKICAgICAgICAgIGVsc2UKICAgICAgICAgICAgZWNobyAiPT0gRG93bmxvYWRlZCAke3VybH0gPT0iCiAgICAgICAgICBmaQogICAgICAgICAgcmV0dXJuCiAgICAgICAgZmkKICAgICAgZG9uZQogICAgZG9uZQoKICAgIGVjaG8gIkFsbCBkb3dubG9hZHMgZmFpbGVkOyBzbGVlcGluZyBiZWZvcmUgcmV0cnlpbmciCiAgICBzbGVlcCA2MAogIGRvbmUKfQoKdmFsaWRhdGUtaGFzaCgpIHsKICBsb2NhbCAtciBmaWxlPSIkMSIKICBsb2NhbCAtciBleHBlY3RlZD0iJDIiCiAgbG9jYWwgYWN0dWFsCgogIGFjdHVhbD0kKHNoYTI1NnN1bSAke2ZpbGV9IHwgYXdrICd7IHByaW50ICQxIH0nKSB8fCB0cnVlCiAgaWYgW1sgIiR7YWN0dWFsfSIgIT0gIiR7ZXhwZWN0ZWR9IiBdXTsgdGhlbgogICAgZWNobyAiPT0gJHtmaWxlfSBjb3JydXB0ZWQsIGhhc2ggJHthY3R1YWx9IGRvZXNuJ3QgbWF0Y2ggZXhwZWN0ZWQgJHtleHBlY3RlZH0gPT0iCiAgICByZXR1cm4gMQogIGZpCn0KCmZ1bmN0aW9uIHNwbGl0LWNvbW1hcygpIHsKICBlY2hvICQxIHwgdHIgIiwiICJcbiIKfQoKZnVuY3Rpb24gdHJ5LWRvd25sb2FkLXJlbGVhc2UoKSB7CiAgbG9jYWwgLXIgbm9kZXVwX3VybHM9KCAkKHNwbGl0LWNvbW1hcyAiJHtOT0RFVVBfVVJMfSIpICkKICBpZiBbWyAtbiAiJHtOT0RFVVBfSEFTSDotfSIgXV07IHRoZW4KICAgIGxvY2FsIC1yIG5vZGV1cF9oYXNoPSIke05PREVVUF9IQVNIfSIKICBlbHNlCiAgIyBUT0RPOiBSZW1vdmU/CiAgICBlY2hvICJEb3dubG9hZGluZyBzaGEyNTYgKG5vdCBmb3VuZCBpbiBlbnYpIgogICAgZG93bmxvYWQtb3ItYnVzdCBub2RldXAuc2hhMjU2ICIiICIke25vZGV1cF91cmxzW0BdLyUvLnNoYTI1Nn0iCiAgICBsb2NhbCAtciBub2RldXBfaGFzaD0kKGNhdCBub2RldXAuc2hhMjU2KQogIGZpCgogIGVjaG8gIkRvd25sb2FkaW5nIG5vZGV1cCAoJHtub2RldXBfdXJsc1tAXX0pIgogIGRvd25sb2FkLW9yLWJ1c3Qgbm9kZXVwICIke25vZGV1cF9oYXNofSIgIiR7bm9kZXVwX3VybHNbQF19IgoKICBjaG1vZCAreCBub2RldXAKfQoKZnVuY3Rpb24gZG93bmxvYWQtcmVsZWFzZSgpIHsKICBjYXNlICIkKHVuYW1lIC1tKSIgaW4KICB4ODZfNjQqfGk/ODZfNjQqfGFtZDY0KikKICAgIE5PREVVUF9VUkw9IiR7Tk9ERVVQX1VSTF9BTUQ2NH0iCiAgICBOT0RFVVBfSEFTSD0iJHtOT0RFVVBfSEFTSF9BTUQ2NH0iCiAgICA7OwogIGFhcmNoNjQqfGFybTY0KikKICAgIE5PREVVUF9VUkw9IiR7Tk9ERVVQX1VSTF9BUk02NH0iCiAgICBOT0RFVVBfSEFTSD0iJHtOT0RFVVBfSEFTSF9BUk02NH0iCiAgICA7OwogICopCiAgICBlY2hvICJVbnN1cHBvcnRlZCBob3N0IGFyY2g6ICQodW5hbWUgLW0pIiA+JjIKICAgIGV4aXQgMQogICAgOzsKICBlc2FjCgogICMgSW4gY2FzZSBvZiBmYWlsdXJlIGNoZWNraW5nIGludGVncml0eSBvZiByZWxlYXNlLCByZXRyeS4KICBjZCAke0lOU1RBTExfRElSfS9iaW4KICB1bnRpbCB0cnktZG93bmxvYWQtcmVsZWFzZTsgZG8KICAgIHNsZWVwIDE1CiAgICBlY2hvICJDb3VsZG4ndCBkb3dubG9hZCByZWxlYXNlLiBSZXRyeWluZy4uLiIKICBkb25lCgogIGVjaG8gIlJ1bm5pbmcgbm9kZXVwIgogICMgV2UgY2FuJ3QgcnVuIGluIHRoZSBmb3JlZ3JvdW5kIGJlY2F1c2Ugb2YgaHR0cHM6Ly9naXRodWIuY29tL2RvY2tlci9kb2NrZXIvaXNzdWVzLzIzNzkzCiAgKCBjZCAke0lOU1RBTExfRElSfS9iaW47IC4vbm9kZXVwIC0taW5zdGFsbC1zeXN0ZW1kLXVuaXQgLS1jb25mPSR7SU5TVEFMTF9ESVJ9L2NvbmYva3ViZV9lbnYueWFtbCAtLXY9OCAgKQp9CgojIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMKCi9iaW4vc3lzdGVtZC1tYWNoaW5lLWlkLXNldHVwIHx8IGVjaG8gImZhaWxlZCB0byBzZXQgdXAgZW5zdXJlIG1hY2hpbmUtaWQgY29uZmlndXJlZCIKCmVjaG8gIj09IG5vZGV1cCBub2RlIGNvbmZpZyBzdGFydGluZyA9PSIKZW5zdXJlLWluc3RhbGwtZGlyCgpjYXQgPiBjb25mL2NsdXN0ZXJfc3BlYy55YW1sIDw8ICdfX0VPRl9DTFVTVEVSX1NQRUMnCmNsb3VkQ29uZmlnOiBudWxsCmNvbnRhaW5lclJ1bnRpbWU6IGRvY2tlcgpjb250YWluZXJkOgogIHNraXBJbnN0YWxsOiB0cnVlCmRvY2tlcjoKICBpcE1hc3E6IGZhbHNlCiAgaXBUYWJsZXM6IGZhbHNlCiAgbG9nRHJpdmVyOiBqc29uLWZpbGUKICBsb2dMZXZlbDogaW5mbwogIGxvZ09wdDoKICAtIG1heC1zaXplPTEwbQogIC0gbWF4LWZpbGU9NQogIHN0b3JhZ2U6IG92ZXJsYXkyLG92ZXJsYXksYXVmcwogIHZlcnNpb246IDE4LjA2LjMKZW5jcnlwdGlvbkNvbmZpZzogbnVsbApldGNkQ2x1c3RlcnM6CiAgZXZlbnRzOgogICAgdmVyc2lvbjogMy4zLjEwCiAgbWFpbjoKICAgIHZlcnNpb246IDMuMy4xMAprdWJlQVBJU2VydmVyOgogIGFsbG93UHJpdmlsZWdlZDogdHJ1ZQogIGFub255bW91c0F1dGg6IGZhbHNlCiAgYXBpU2VydmVyQ291bnQ6IDEKICBhdXRob3JpemF0aW9uTW9kZTogQWx3YXlzQWxsb3cKICBiaW5kQWRkcmVzczogMC4wLjAuMAogIGNsb3VkUHJvdmlkZXI6IGF3cwogIGVuYWJsZUFkbWlzc2lvblBsdWdpbnM6CiAgLSBOYW1lc3BhY2VMaWZlY3ljbGUKICAtIExpbWl0UmFuZ2VyCiAgLSBTZXJ2aWNlQWNjb3VudAogIC0gUGVyc2lzdGVudFZvbHVtZUxhYmVsCiAgLSBEZWZhdWx0U3RvcmFnZUNsYXNzCiAgLSBEZWZhdWx0VG9sZXJhdGlvblNlY29uZHMKICAtIE11dGF0aW5nQWRtaXNzaW9uV2ViaG9vawogIC0gVmFsaWRhdGluZ0FkbWlzc2lvbldlYmhvb2sKICAtIE5vZGVSZXN0cmljdGlvbgogIC0gUmVzb3VyY2VRdW90YQogIGV0Y2RTZXJ2ZXJzOgogIC0gaHR0cDovLzEyNy4wLjAuMTo0MDAxCiAgZXRjZFNlcnZlcnNPdmVycmlkZXM6CiAgLSAvZXZlbnRzI2h0dHA6Ly8xMjcuMC4wLjE6NDAwMgogIGltYWdlOiBrOHMuZ2NyLmlvL2t1YmUtYXBpc2VydmVyOnYxLjE0LjAKICBpbnNlY3VyZUJpbmRBZGRyZXNzOiAxMjcuMC4wLjEKICBpbnNlY3VyZVBvcnQ6IDgwODAKICBrdWJlbGV0UHJlZmVycmVkQWRkcmVzc1R5cGVzOgogIC0gSW50ZXJuYWxJUAogIC0gSG9zdG5hbWUKICAtIEV4dGVybmFsSVAKICBsb2dMZXZlbDogMgogIHJlcXVlc3RoZWFkZXJBbGxvd2VkTmFtZXM6CiAgLSBhZ2dyZWdhdG9yCiAgcmVxdWVzdGhlYWRlckV4dHJhSGVhZGVyUHJlZml4ZXM6CiAgLSBYLVJlbW90ZS1FeHRyYS0KICByZXF1ZXN0aGVhZGVyR3JvdXBIZWFkZXJzOgogIC0gWC1SZW1vdGUtR3JvdXAKICByZXF1ZXN0aGVhZGVyVXNlcm5hbWVIZWFkZXJzOgogIC0gWC1SZW1vdGUtVXNlcgogIHNlY3VyZVBvcnQ6IDQ0MwogIHNlcnZpY2VDbHVzdGVySVBSYW5nZTogMTAwLjY0LjAuMC8xMwogIHN0b3JhZ2VCYWNrZW5kOiBldGNkMwprdWJlQ29udHJvbGxlck1hbmFnZXI6CiAgYWxsb2NhdGVOb2RlQ0lEUnM6IHRydWUKICBhdHRhY2hEZXRhY2hSZWNvbmNpbGVTeW5jUGVyaW9kOiAxbTBzCiAgY2xvdWRQcm92aWRlcjogYXdzCiAgY2x1c3RlckNJRFI6IDEwMC45Ni4wLjAvMTEKICBjbHVzdGVyTmFtZTogbWluaW1hbC10ZjExLmV4YW1wbGUuY29tCiAgY29uZmlndXJlQ2xvdWRSb3V0ZXM6IHRydWUKICBpbWFnZTogazhzLmdjci5pby9rdWJlLWNvbnRyb2xsZXItbWFuYWdlcjp2MS4xNC4wCiAgbGVhZGVyRWxlY3Rpb246CiAgICBsZWFkZXJFbGVjdDogdHJ1ZQogIGxvZ0xldmVsOiAyCiAgdXNlU2VydmljZUFjY291bnRDcmVkZW50aWFsczogdHJ1ZQprdWJlUHJveHk6CiAgY2x1c3RlckNJRFI6IDEwMC45Ni4wLjAvMTEKICBjcHVSZXF1ZXN0OiAxMDBtCiAgaG9zdG5hbWVPdmVycmlkZTogJ0Bhd3MnCiAgaW1hZ2U6IGs4cy5nY3IuaW8va3ViZS1wcm94eTp2MS4xNC4wCiAgbG9nTGV2ZWw6IDIKa3ViZVNjaGVkdWxlcjoKICBpbWFnZTogazhzLmdjci5pby9rdWJlLXNjaGVkdWxlcjp2MS4xNC4wCiAgbGVhZGVyRWxlY3Rpb246CiAgICBsZWFkZXJFbGVjdDogdHJ1ZQogIGxvZ0xldmVsOiAyCmt1YmVsZXQ6CiAgYW5vbnltb3VzQXV0aDogZmFsc2UKICBjZ3JvdXBSb290OiAvCiAgY2xvdWRQcm92aWRlcjogYXdzCiAgY2x1c3RlckROUzogMTAwLjY0LjAuMTAKICBjbHVzdGVyRG9tYWluOiBjbHVzdGVyLmxvY2FsCiAgZW5hYmxlRGVidWdnaW5nSGFuZGxlcnM6IHRydWUKICBldmljdGlvbkhhcmQ6IG1lbW9yeS5hdmFpbGFibGU8MTAwTWksbm9kZWZzLmF2YWlsYWJsZTwxMCUsbm9kZWZzLmlub2Rlc0ZyZWU8NSUsaW1hZ2Vmcy5hdmFpbGFibGU8MTAlLGltYWdlZnMuaW5vZGVzRnJlZTw1JQogIGZlYXR1cmVHYXRlczoKICAgIEV4cGVyaW1lbnRhbENyaXRpY2FsUG9kQW5ub3RhdGlvbjogInRydWUiCiAgaG9zdG5hbWVPdmVycmlkZTogJ0Bhd3MnCiAga3ViZWNvbmZpZ1BhdGg6IC92YXIvbGliL2t1YmVsZXQva3ViZWNvbmZpZwogIGxvZ0xldmVsOiAyCiAgbmV0d29ya1BsdWdpbk1UVTogOTAwMQogIG5ldHdvcmtQbHVnaW5OYW1lOiBrdWJlbmV0CiAgbm9uTWFzcXVlcmFkZUNJRFI6IDEwMC42NC4wLjAvMTAKICBwb2RJbmZyYUNvbnRhaW5lckltYWdlOiBrOHMuZ2NyLmlvL3BhdXNlOjMuMgogIHBvZE1hbmlmZXN0UGF0aDogL2V0Yy9rdWJlcm5ldGVzL21hbmlmZXN0cwptYXN0ZXJLdWJlbGV0OgogIGFub255bW91c0F1dGg6IGZhbHNlCiAgY2dyb3VwUm9vdDogLwogIGNsb3VkUHJvdmlkZXI6IGF3cwogIGNsdXN0ZXJETlM6IDEwMC42NC4wLjEwCiAgY2x1c3RlckRvbWFpbjogY2x1c3Rlci5sb2NhbAogIGVuYWJsZURlYnVnZ2luZ0hhbmRsZXJzOiB0cnVlCiAgZXZpY3Rpb25IYXJkOiBtZW1vcnkuYXZhaWxhYmxlPDEwME1pLG5vZGVmcy5hdmFpbGFibGU8MTAlLG5vZGVmcy5pbm9kZXNGcmVlPDUlLGltYWdlZnMuYXZhaWxhYmxlPDEwJSxpbWFnZWZzLmlub2Rlc0ZyZWU8NSUKICBmZWF0dXJlR2F0ZXM6CiAgICBFeHBlcmltZW50YWxDcml0aWNhbFBvZEFubm90YXRpb246ICJ0cnVlIgogIGhvc3RuYW1lT3ZlcnJpZGU6ICdAYXdzJwogIGt1YmVjb25maWdQYXRoOiAvdmFyL2xpYi9rdWJlbGV0L2t1YmVjb25maWcKICBsb2dMZXZlbDogMgogIG5ldHdvcmtQbHVnaW5NVFU6IDkwMDEKICBuZXR3b3JrUGx1Z2luTmFtZToga3ViZW5ldAogIG5vbk1hc3F1ZXJhZGVDSURSOiAxMDAuNjQuMC4wLzEwCiAgcG9kSW5mcmFDb250YWluZXJJbWFnZTogazhzLmdjci5pby9wYXVzZTozLjIKICBwb2RNYW5pZmVzdFBhdGg6IC9ldGMva3ViZXJuZXRlcy9tYW5pZmVzdHMKICByZWdpc3RlclNjaGVkdWxhYmxlOiBmYWxzZQoKX19FT0ZfQ0xVU1RFUl9TUEVDCgpjYXQgPiBjb25mL2lnX3NwZWMueWFtbCA8PCAnX19FT0ZfSUdfU1BFQycKe30KCl9fRU9GX0lHX1NQRUMKCmNhdCA+IGNvbmYva3ViZV9lbnYueWFtbCA8PCAnX19FT0ZfS1VCRV9FTlYnCkFzc2V0czoKICBhbWQ2NDoKICAtIGMzYjczNmZkMGYwMDM3NjVjMTJkOTlmMmM5OTVhODM2OWU2MjQxZjRAaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL2t1YmVybmV0ZXMtcmVsZWFzZS9yZWxlYXNlL3YxLjE0LjAvYmluL2xpbnV4L2FtZDY0L2t1YmVsZXQKICAtIDdlM2EzZWE2NjMxNTNmOTAwY2JkNTI5MDBhMzljOTFmYTlmMzM0YmVAaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL2t1YmVybmV0ZXMtcmVsZWFzZS9yZWxlYXNlL3YxLjE0LjAvYmluL2xpbnV4L2FtZDY0L2t1YmVjdGwKICAtIDNjYTE1YzBhMThlZTgzMDUyMGNmM2E5NTQwOGJlODI2Y2JkMjU1YTE1MzVhMzhlMGJlOTYwOGIyNWFkOGJmNjRAaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL2t1YmVybmV0ZXMtcmVsZWFzZS9uZXR3b3JrLXBsdWdpbnMvY25pLXBsdWdpbnMtYW1kNjQtdjAuNy41LnRnegogIC0gMzQ2ZjkzOTQzOTNlZThkYjVmOGJkMWUyMjllZTlkOTBlNWIzNjkzMWJkZDc1NDMwOGIyYWU2ODg4NGRkNjgyMkBodHRwczovL2Rvd25sb2FkLmRvY2tlci5jb20vbGludXgvc3RhdGljL3N0YWJsZS94ODZfNjQvZG9ja2VyLTE4LjA2LjMtY2UudGd6CiAgYXJtNjQ6CiAgLSBkZjM4ZTA0NTc2MDI2MzkzMDU1Y2NjNzdjMGRjZTczNjEyOTk2NTYxQGh0dHBzOi8vc3RvcmFnZS5nb29nbGVhcGlzLmNvbS9rdWJlcm5ldGVzLXJlbGVhc2UvcmVsZWFzZS92MS4xNC4wL2Jpbi9saW51eC9hcm02NC9rdWJlbGV0CiAgLSAwMWMyYjZiNDNkMzZiNmJmYWZjODBhMzczNzM5MWMxOWViZmI4YWQ1QGh0dHBzOi8vc3RvcmFnZS5nb29nbGVhcGlzLmNvbS9rdWJlcm5ldGVzLXJlbGVhc2UvcmVsZWFzZS92MS4xNC4wL2Jpbi9saW51eC9hcm02NC9rdWJlY3RsCiAgLSA3ZmVjOTFhZjc4ZTk1NDhkZjMwNmYwZWM0M2JlYTUyN2M4YzEwY2MzYTk2ODJjMzNlOTcxYzg1MjJhN2ZjZGVkQGh0dHBzOi8vc3RvcmFnZS5nb29nbGVhcGlzLmNvbS9rdWJlcm5ldGVzLXJlbGVhc2UvbmV0d29yay1wbHVnaW5zL2NuaS1wbHVnaW5zLWFybTY0LXYwLjcuNS50Z3oKICAtIGRlZmIyY2NjOTVjMDgyNTgzMzIxNmM4YjllMGUxNWJhYWE1MWJjZWRiM2VmYzFmMzkzZjUzNTJkMTg0ZGVhZDRAaHR0cHM6Ly9kb3dubG9hZC5kb2NrZXIuY29tL2xpbnV4L3N0YXRpYy9zdGFibGUvYWFyY2g2NC9kb2NrZXItMTguMDYuMy1jZS50Z3oKQ2x1c3Rlck5hbWU6IG1pbmltYWwtdGYxMS5leGFtcGxlLmNvbQpDb25maWdCYXNlOiBtZW1mczovL2NsdXN0ZXJzLmV4YW1wbGUuY29tL21pbmltYWwtdGYxMS5leGFtcGxlLmNvbQpJbnN0YW5jZUdyb3VwTmFtZTogbWFzdGVyLXVzLXRlc3QtMWEKSW5zdGFuY2VHcm91cFJvbGU6IE1hc3RlcgpLdWJlbGV0Q29uZmlnOgogIGFub255bW91c0F1dGg6IGZhbHNlCiAgY2dyb3VwUm9vdDogLwogIGNsb3VkUHJvdmlkZXI6IGF3cwogIGNsdXN0ZXJETlM6IDEwMC42NC4wLjEwCiAgY2x1c3RlckRvbWFpbjogY2x1c3Rlci5sb2NhbAogIGVuYWJsZURlYnVnZ2luZ0hhbmRsZXJzOiB0cnVlCiAgZXZpY3Rpb25IYXJkOiBtZW1vcnkuYXZhaWxhYmxlPDEwME1pLG5vZGVmcy5hdmFpbGFibGU8MTAlLG5vZGVmcy5pbm9kZXNGcmVlPDUlLGltYWdlZnMuYXZhaWxhYmxlPDEwJSxpbWFnZWZzLmlub2Rlc0ZyZWU8NSUKICBmZWF0dXJlR2F0ZXM6CiAgICBFeHBlcmltZW50YWxDcml0aWNhbFBvZEFubm90YXRpb246ICJ0cnVlIgogIGhvc3RuYW1lT3ZlcnJpZGU6ICdAYXdzJwogIGt1YmVjb25maWdQYXRoOiAvdmFyL2xpYi9rdWJlbGV0L2t1YmVjb25maWcKICBsb2dMZXZlbDogMgogIG5ldHdvcmtQbHVnaW5NVFU6IDkwMDEKICBuZXR3b3JrUGx1Z2luTmFtZToga3ViZW5ldAogIG5vZGVMYWJlbHM6CiAgICBrdWJlcm5ldGVzLmlvL3JvbGU6IG1hc3RlcgogICAgbm9kZS1yb2xlLmt1YmVybmV0ZXMuaW8vbWFzdGVyOiAiIgogIG5vbk1hc3F1ZXJhZGVDSURSOiAxMDAuNjQuMC4wLzEwCiAgcG9kSW5mcmFDb250YWluZXJJbWFnZTogazhzLmdjci5pby9wYXVzZTozLjIKICBwb2RNYW5pZmVzdFBhdGg6IC9ldGMva3ViZXJuZXRlcy9tYW5pZmVzdHMKICByZWdpc3RlclNjaGVkdWxhYmxlOiBmYWxzZQpjaGFubmVsczoKLSBtZW1mczovL2NsdXN0ZXJzLmV4YW1wbGUuY29tL21pbmltYWwtdGYxMS5leGFtcGxlLmNvbS9hZGRvbnMvYm9vdHN0cmFwLWNoYW5uZWwueWFtbApldGNkTWFuaWZlc3RzOgotIG1lbWZzOi8vY2x1c3RlcnMuZXhhbXBsZS5jb20vbWluaW1hbC10ZjExLmV4YW1wbGUuY29tL21hbmlmZXN0cy9ldGNkL21haW4ueWFtbAotIG1lbWZzOi8vY2x1c3RlcnMuZXhhbXBsZS5jb20vbWluaW1hbC10ZjExLmV4YW1wbGUuY29tL21hbmlmZXN0cy9ldGNkL2V2ZW50cy55YW1sCnByb3Rva3ViZUltYWdlOgogIGFtZDY0OgogICAgaGFzaDogN2IzYzdmNmFkYmRhMTFiMWVjNzQwYmQ2Yjk2OWM4NGYyNDliN2VlZTgxOGFmOTVmMmQzMjE5NjMwODgyNDVhOAogICAgbmFtZTogcHJvdG9rdWJlOjEuMTkuMC1hbHBoYS4zCiAgICBzb3VyY2VzOgogICAgLSBodHRwczovL2FydGlmYWN0cy5rOHMuaW8vYmluYXJpZXMva29wcy8xLjE5LjAtYWxwaGEuMy9pbWFnZXMvcHJvdG9rdWJlLWFtZDY0LnRhci5negogICAgLSBodHRwczovL2dpdGh1Yi5jb20va3ViZXJuZXRlcy9rb3BzL3JlbGVhc2VzL2Rvd25sb2FkL3YxLjE5LjAtYWxwaGEuMy9pbWFnZXMtcHJvdG9rdWJlLWFtZDY0LnRhci5negogICAgLSBodHRwczovL2t1YmV1cHYyLnMzLmFtYXpvbmF3cy5jb20va29wcy8xLjE5LjAtYWxwaGEuMy9pbWFnZXMvcHJvdG9rdWJlLWFtZDY0LnRhci5negogIGFybTY0OgogICAgaGFzaDogNjkyNzBjYTljMWM5NTBiZTY1YWY0MDMzN2FkZmNjZWMwYTcyODkzMGZhMzIyNGJiMGQyZTg4ZjE4MWYzOWVhZAogICAgbmFtZTogcHJvdG9rdWJlOjEuMTkuMC1hbHBoYS4zCiAgICBzb3VyY2VzOgogICAgLSBodHRwczovL2FydGlmYWN0cy5rOHMuaW8vYmluYXJpZXMva29wcy8xLjE5LjAtYWxwaGEuMy9pbWFnZXMvcHJvdG9rdWJlLWFybTY0LnRhci5negogICAgLSBodHRwczovL2dpdGh1Yi5jb20va3ViZXJuZXRlcy9rb3BzL3JlbGVhc2VzL2Rvd25sb2FkL3YxLjE5LjAtYWxwaGEuMy9pbWFnZXMtcHJvdG9rdWJlLWFybTY0LnRhci5negogICAgLSBodHRwczovL2t1YmV1cHYyLnMzLmFtYXpvbmF3cy5jb20va29wcy8xLjE5LjAtYWxwaGEuMy9pbWFnZXMvcHJvdG9rdWJlLWFybTY0LnRhci5negoKX19FT0ZfS1VCRV9FTlYKCmRvd25sb2FkLXJlbGVhc2UKZWNobyAiPT0gbm9kZXVwIG5vZGUgY29uZmlnIGRvbmUgPT0iCg== diff --git a/tests/integration/update_cluster/minimal-tf11/data/aws_launch_template_nodes.minimal-tf11.example.com_user_data b/tests/integration/update_cluster/minimal-tf11/data/aws_launch_template_nodes.minimal-tf11.example.com_user_data deleted file mode 100644 index b964e085c4..0000000000 --- a/tests/integration/update_cluster/minimal-tf11/data/aws_launch_template_nodes.minimal-tf11.example.com_user_data +++ /dev/null @@ -1 +0,0 @@ -IyEvYmluL2Jhc2gKIyBDb3B5cmlnaHQgMjAxNiBUaGUgS3ViZXJuZXRlcyBBdXRob3JzIEFsbCByaWdodHMgcmVzZXJ2ZWQuCiMKIyBMaWNlbnNlZCB1bmRlciB0aGUgQXBhY2hlIExpY2Vuc2UsIFZlcnNpb24gMi4wICh0aGUgIkxpY2Vuc2UiKTsKIyB5b3UgbWF5IG5vdCB1c2UgdGhpcyBmaWxlIGV4Y2VwdCBpbiBjb21wbGlhbmNlIHdpdGggdGhlIExpY2Vuc2UuCiMgWW91IG1heSBvYnRhaW4gYSBjb3B5IG9mIHRoZSBMaWNlbnNlIGF0CiMKIyAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzL0xJQ0VOU0UtMi4wCiMKIyBVbmxlc3MgcmVxdWlyZWQgYnkgYXBwbGljYWJsZSBsYXcgb3IgYWdyZWVkIHRvIGluIHdyaXRpbmcsIHNvZnR3YXJlCiMgZGlzdHJpYnV0ZWQgdW5kZXIgdGhlIExpY2Vuc2UgaXMgZGlzdHJpYnV0ZWQgb24gYW4gIkFTIElTIiBCQVNJUywKIyBXSVRIT1VUIFdBUlJBTlRJRVMgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZWl0aGVyIGV4cHJlc3Mgb3IgaW1wbGllZC4KIyBTZWUgdGhlIExpY2Vuc2UgZm9yIHRoZSBzcGVjaWZpYyBsYW5ndWFnZSBnb3Zlcm5pbmcgcGVybWlzc2lvbnMgYW5kCiMgbGltaXRhdGlvbnMgdW5kZXIgdGhlIExpY2Vuc2UuCgpzZXQgLW8gZXJyZXhpdApzZXQgLW8gbm91bnNldApzZXQgLW8gcGlwZWZhaWwKCk5PREVVUF9VUkxfQU1ENjQ9aHR0cHM6Ly9hcnRpZmFjdHMuazhzLmlvL2JpbmFyaWVzL2tvcHMvMS4xOS4wLWFscGhhLjMvbGludXgvYW1kNjQvbm9kZXVwLGh0dHBzOi8vZ2l0aHViLmNvbS9rdWJlcm5ldGVzL2tvcHMvcmVsZWFzZXMvZG93bmxvYWQvdjEuMTkuMC1hbHBoYS4zL25vZGV1cC1saW51eC1hbWQ2NCxodHRwczovL2t1YmV1cHYyLnMzLmFtYXpvbmF3cy5jb20va29wcy8xLjE5LjAtYWxwaGEuMy9saW51eC9hbWQ2NC9ub2RldXAKTk9ERVVQX0hBU0hfQU1ENjQ9Njk4MGZkYTRmYTM3YmJkYzA0MzczOGNmNGRkYWM2Mzg4ZWI1N2Y1NjE4OTVjNjkyOTljMWIwZWUyNjNkNDY1ZApOT0RFVVBfVVJMX0FSTTY0PWh0dHBzOi8vYXJ0aWZhY3RzLms4cy5pby9iaW5hcmllcy9rb3BzLzEuMTkuMC1hbHBoYS4zL2xpbnV4L2FybTY0L25vZGV1cCxodHRwczovL2dpdGh1Yi5jb20va3ViZXJuZXRlcy9rb3BzL3JlbGVhc2VzL2Rvd25sb2FkL3YxLjE5LjAtYWxwaGEuMy9ub2RldXAtbGludXgtYXJtNjQsaHR0cHM6Ly9rdWJldXB2Mi5zMy5hbWF6b25hd3MuY29tL2tvcHMvMS4xOS4wLWFscGhhLjMvbGludXgvYXJtNjQvbm9kZXVwCk5PREVVUF9IQVNIX0FSTTY0PWRjYzdmOWYzYzE4MGVlNzZhNTExNjI3ZTQ2ZGEwYWM2OWNkY2I1MThjZGYzYmUzNDhlNWVkMDQ2ZDQ5MWViODcKCmV4cG9ydCBBV1NfUkVHSU9OPXVzLXRlc3QtMQoKCgoKZnVuY3Rpb24gZW5zdXJlLWluc3RhbGwtZGlyKCkgewogIElOU1RBTExfRElSPSIvb3B0L2tvcHMiCiAgIyBPbiBDb250YWluZXJPUywgd2UgaW5zdGFsbCB1bmRlciAvdmFyL2xpYi90b29sYm94OyAvb3B0IGlzIHJvIGFuZCBub2V4ZWMKICBpZiBbWyAtZCAvdmFyL2xpYi90b29sYm94IF1dOyB0aGVuCiAgICBJTlNUQUxMX0RJUj0iL3Zhci9saWIvdG9vbGJveC9rb3BzIgogIGZpCiAgbWtkaXIgLXAgJHtJTlNUQUxMX0RJUn0vYmluCiAgbWtkaXIgLXAgJHtJTlNUQUxMX0RJUn0vY29uZgogIGNkICR7SU5TVEFMTF9ESVJ9Cn0KCiMgUmV0cnkgYSBkb3dubG9hZCB1bnRpbCB3ZSBnZXQgaXQuIGFyZ3M6IG5hbWUsIHNoYSwgdXJsMSwgdXJsMi4uLgpkb3dubG9hZC1vci1idXN0KCkgewogIGxvY2FsIC1yIGZpbGU9IiQxIgogIGxvY2FsIC1yIGhhc2g9IiQyIgogIHNoaWZ0IDIKCiAgdXJscz0oICQqICkKICB3aGlsZSB0cnVlOyBkbwogICAgZm9yIHVybCBpbiAiJHt1cmxzW0BdfSI7IGRvCiAgICAgIGNvbW1hbmRzPSgKICAgICAgICAiY3VybCAtZiAtLWlwdjQgLS1jb21wcmVzc2VkIC1MbyAiJHtmaWxlfSIgLS1jb25uZWN0LXRpbWVvdXQgMjAgLS1yZXRyeSA2IC0tcmV0cnktZGVsYXkgMTAiCiAgICAgICAgIndnZXQgLS1pbmV0NC1vbmx5IC0tY29tcHJlc3Npb249YXV0byAtTyAiJHtmaWxlfSIgLS1jb25uZWN0LXRpbWVvdXQ9MjAgLS10cmllcz02IC0td2FpdD0xMCIKICAgICAgICAiY3VybCAtZiAtLWlwdjQgLUxvICIke2ZpbGV9IiAtLWNvbm5lY3QtdGltZW91dCAyMCAtLXJldHJ5IDYgLS1yZXRyeS1kZWxheSAxMCIKICAgICAgICAid2dldCAtLWluZXQ0LW9ubHkgLU8gIiR7ZmlsZX0iIC0tY29ubmVjdC10aW1lb3V0PTIwIC0tdHJpZXM9NiAtLXdhaXQ9MTAiCiAgICAgICkKICAgICAgZm9yIGNtZCBpbiAiJHtjb21tYW5kc1tAXX0iOyBkbwogICAgICAgIGVjaG8gIkF0dGVtcHRpbmcgZG93bmxvYWQgd2l0aDogJHtjbWR9IHt1cmx9IgogICAgICAgIGlmICEgKCR7Y21kfSAiJHt1cmx9Iik7IHRoZW4KICAgICAgICAgIGVjaG8gIj09IERvd25sb2FkIGZhaWxlZCB3aXRoICR7Y21kfSA9PSIKICAgICAgICAgIGNvbnRpbnVlCiAgICAgICAgZmkKICAgICAgICBpZiBbWyAtbiAiJHtoYXNofSIgXV0gJiYgISB2YWxpZGF0ZS1oYXNoICIke2ZpbGV9IiAiJHtoYXNofSI7IHRoZW4KICAgICAgICAgIGVjaG8gIj09IEhhc2ggdmFsaWRhdGlvbiBvZiAke3VybH0gZmFpbGVkLiBSZXRyeWluZy4gPT0iCiAgICAgICAgICBybSAtZiAiJHtmaWxlfSIKICAgICAgICBlbHNlCiAgICAgICAgICBpZiBbWyAtbiAiJHtoYXNofSIgXV07IHRoZW4KICAgICAgICAgICAgZWNobyAiPT0gRG93bmxvYWRlZCAke3VybH0gKFNIQTEgPSAke2hhc2h9KSA9PSIKICAgICAgICAgIGVsc2UKICAgICAgICAgICAgZWNobyAiPT0gRG93bmxvYWRlZCAke3VybH0gPT0iCiAgICAgICAgICBmaQogICAgICAgICAgcmV0dXJuCiAgICAgICAgZmkKICAgICAgZG9uZQogICAgZG9uZQoKICAgIGVjaG8gIkFsbCBkb3dubG9hZHMgZmFpbGVkOyBzbGVlcGluZyBiZWZvcmUgcmV0cnlpbmciCiAgICBzbGVlcCA2MAogIGRvbmUKfQoKdmFsaWRhdGUtaGFzaCgpIHsKICBsb2NhbCAtciBmaWxlPSIkMSIKICBsb2NhbCAtciBleHBlY3RlZD0iJDIiCiAgbG9jYWwgYWN0dWFsCgogIGFjdHVhbD0kKHNoYTI1NnN1bSAke2ZpbGV9IHwgYXdrICd7IHByaW50ICQxIH0nKSB8fCB0cnVlCiAgaWYgW1sgIiR7YWN0dWFsfSIgIT0gIiR7ZXhwZWN0ZWR9IiBdXTsgdGhlbgogICAgZWNobyAiPT0gJHtmaWxlfSBjb3JydXB0ZWQsIGhhc2ggJHthY3R1YWx9IGRvZXNuJ3QgbWF0Y2ggZXhwZWN0ZWQgJHtleHBlY3RlZH0gPT0iCiAgICByZXR1cm4gMQogIGZpCn0KCmZ1bmN0aW9uIHNwbGl0LWNvbW1hcygpIHsKICBlY2hvICQxIHwgdHIgIiwiICJcbiIKfQoKZnVuY3Rpb24gdHJ5LWRvd25sb2FkLXJlbGVhc2UoKSB7CiAgbG9jYWwgLXIgbm9kZXVwX3VybHM9KCAkKHNwbGl0LWNvbW1hcyAiJHtOT0RFVVBfVVJMfSIpICkKICBpZiBbWyAtbiAiJHtOT0RFVVBfSEFTSDotfSIgXV07IHRoZW4KICAgIGxvY2FsIC1yIG5vZGV1cF9oYXNoPSIke05PREVVUF9IQVNIfSIKICBlbHNlCiAgIyBUT0RPOiBSZW1vdmU/CiAgICBlY2hvICJEb3dubG9hZGluZyBzaGEyNTYgKG5vdCBmb3VuZCBpbiBlbnYpIgogICAgZG93bmxvYWQtb3ItYnVzdCBub2RldXAuc2hhMjU2ICIiICIke25vZGV1cF91cmxzW0BdLyUvLnNoYTI1Nn0iCiAgICBsb2NhbCAtciBub2RldXBfaGFzaD0kKGNhdCBub2RldXAuc2hhMjU2KQogIGZpCgogIGVjaG8gIkRvd25sb2FkaW5nIG5vZGV1cCAoJHtub2RldXBfdXJsc1tAXX0pIgogIGRvd25sb2FkLW9yLWJ1c3Qgbm9kZXVwICIke25vZGV1cF9oYXNofSIgIiR7bm9kZXVwX3VybHNbQF19IgoKICBjaG1vZCAreCBub2RldXAKfQoKZnVuY3Rpb24gZG93bmxvYWQtcmVsZWFzZSgpIHsKICBjYXNlICIkKHVuYW1lIC1tKSIgaW4KICB4ODZfNjQqfGk/ODZfNjQqfGFtZDY0KikKICAgIE5PREVVUF9VUkw9IiR7Tk9ERVVQX1VSTF9BTUQ2NH0iCiAgICBOT0RFVVBfSEFTSD0iJHtOT0RFVVBfSEFTSF9BTUQ2NH0iCiAgICA7OwogIGFhcmNoNjQqfGFybTY0KikKICAgIE5PREVVUF9VUkw9IiR7Tk9ERVVQX1VSTF9BUk02NH0iCiAgICBOT0RFVVBfSEFTSD0iJHtOT0RFVVBfSEFTSF9BUk02NH0iCiAgICA7OwogICopCiAgICBlY2hvICJVbnN1cHBvcnRlZCBob3N0IGFyY2g6ICQodW5hbWUgLW0pIiA+JjIKICAgIGV4aXQgMQogICAgOzsKICBlc2FjCgogICMgSW4gY2FzZSBvZiBmYWlsdXJlIGNoZWNraW5nIGludGVncml0eSBvZiByZWxlYXNlLCByZXRyeS4KICBjZCAke0lOU1RBTExfRElSfS9iaW4KICB1bnRpbCB0cnktZG93bmxvYWQtcmVsZWFzZTsgZG8KICAgIHNsZWVwIDE1CiAgICBlY2hvICJDb3VsZG4ndCBkb3dubG9hZCByZWxlYXNlLiBSZXRyeWluZy4uLiIKICBkb25lCgogIGVjaG8gIlJ1bm5pbmcgbm9kZXVwIgogICMgV2UgY2FuJ3QgcnVuIGluIHRoZSBmb3JlZ3JvdW5kIGJlY2F1c2Ugb2YgaHR0cHM6Ly9naXRodWIuY29tL2RvY2tlci9kb2NrZXIvaXNzdWVzLzIzNzkzCiAgKCBjZCAke0lOU1RBTExfRElSfS9iaW47IC4vbm9kZXVwIC0taW5zdGFsbC1zeXN0ZW1kLXVuaXQgLS1jb25mPSR7SU5TVEFMTF9ESVJ9L2NvbmYva3ViZV9lbnYueWFtbCAtLXY9OCAgKQp9CgojIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMKCi9iaW4vc3lzdGVtZC1tYWNoaW5lLWlkLXNldHVwIHx8IGVjaG8gImZhaWxlZCB0byBzZXQgdXAgZW5zdXJlIG1hY2hpbmUtaWQgY29uZmlndXJlZCIKCmVjaG8gIj09IG5vZGV1cCBub2RlIGNvbmZpZyBzdGFydGluZyA9PSIKZW5zdXJlLWluc3RhbGwtZGlyCgpjYXQgPiBjb25mL2NsdXN0ZXJfc3BlYy55YW1sIDw8ICdfX0VPRl9DTFVTVEVSX1NQRUMnCmNsb3VkQ29uZmlnOiBudWxsCmNvbnRhaW5lclJ1bnRpbWU6IGRvY2tlcgpjb250YWluZXJkOgogIHNraXBJbnN0YWxsOiB0cnVlCmRvY2tlcjoKICBpcE1hc3E6IGZhbHNlCiAgaXBUYWJsZXM6IGZhbHNlCiAgbG9nRHJpdmVyOiBqc29uLWZpbGUKICBsb2dMZXZlbDogaW5mbwogIGxvZ09wdDoKICAtIG1heC1zaXplPTEwbQogIC0gbWF4LWZpbGU9NQogIHN0b3JhZ2U6IG92ZXJsYXkyLG92ZXJsYXksYXVmcwogIHZlcnNpb246IDE4LjA2LjMKa3ViZVByb3h5OgogIGNsdXN0ZXJDSURSOiAxMDAuOTYuMC4wLzExCiAgY3B1UmVxdWVzdDogMTAwbQogIGhvc3RuYW1lT3ZlcnJpZGU6ICdAYXdzJwogIGltYWdlOiBrOHMuZ2NyLmlvL2t1YmUtcHJveHk6djEuMTQuMAogIGxvZ0xldmVsOiAyCmt1YmVsZXQ6CiAgYW5vbnltb3VzQXV0aDogZmFsc2UKICBjZ3JvdXBSb290OiAvCiAgY2xvdWRQcm92aWRlcjogYXdzCiAgY2x1c3RlckROUzogMTAwLjY0LjAuMTAKICBjbHVzdGVyRG9tYWluOiBjbHVzdGVyLmxvY2FsCiAgZW5hYmxlRGVidWdnaW5nSGFuZGxlcnM6IHRydWUKICBldmljdGlvbkhhcmQ6IG1lbW9yeS5hdmFpbGFibGU8MTAwTWksbm9kZWZzLmF2YWlsYWJsZTwxMCUsbm9kZWZzLmlub2Rlc0ZyZWU8NSUsaW1hZ2Vmcy5hdmFpbGFibGU8MTAlLGltYWdlZnMuaW5vZGVzRnJlZTw1JQogIGZlYXR1cmVHYXRlczoKICAgIEV4cGVyaW1lbnRhbENyaXRpY2FsUG9kQW5ub3RhdGlvbjogInRydWUiCiAgaG9zdG5hbWVPdmVycmlkZTogJ0Bhd3MnCiAga3ViZWNvbmZpZ1BhdGg6IC92YXIvbGliL2t1YmVsZXQva3ViZWNvbmZpZwogIGxvZ0xldmVsOiAyCiAgbmV0d29ya1BsdWdpbk1UVTogOTAwMQogIG5ldHdvcmtQbHVnaW5OYW1lOiBrdWJlbmV0CiAgbm9uTWFzcXVlcmFkZUNJRFI6IDEwMC42NC4wLjAvMTAKICBwb2RJbmZyYUNvbnRhaW5lckltYWdlOiBrOHMuZ2NyLmlvL3BhdXNlOjMuMgogIHBvZE1hbmlmZXN0UGF0aDogL2V0Yy9rdWJlcm5ldGVzL21hbmlmZXN0cwoKX19FT0ZfQ0xVU1RFUl9TUEVDCgpjYXQgPiBjb25mL2lnX3NwZWMueWFtbCA8PCAnX19FT0ZfSUdfU1BFQycKe30KCl9fRU9GX0lHX1NQRUMKCmNhdCA+IGNvbmYva3ViZV9lbnYueWFtbCA8PCAnX19FT0ZfS1VCRV9FTlYnCkFzc2V0czoKICBhbWQ2NDoKICAtIGMzYjczNmZkMGYwMDM3NjVjMTJkOTlmMmM5OTVhODM2OWU2MjQxZjRAaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL2t1YmVybmV0ZXMtcmVsZWFzZS9yZWxlYXNlL3YxLjE0LjAvYmluL2xpbnV4L2FtZDY0L2t1YmVsZXQKICAtIDdlM2EzZWE2NjMxNTNmOTAwY2JkNTI5MDBhMzljOTFmYTlmMzM0YmVAaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL2t1YmVybmV0ZXMtcmVsZWFzZS9yZWxlYXNlL3YxLjE0LjAvYmluL2xpbnV4L2FtZDY0L2t1YmVjdGwKICAtIDNjYTE1YzBhMThlZTgzMDUyMGNmM2E5NTQwOGJlODI2Y2JkMjU1YTE1MzVhMzhlMGJlOTYwOGIyNWFkOGJmNjRAaHR0cHM6Ly9zdG9yYWdlLmdvb2dsZWFwaXMuY29tL2t1YmVybmV0ZXMtcmVsZWFzZS9uZXR3b3JrLXBsdWdpbnMvY25pLXBsdWdpbnMtYW1kNjQtdjAuNy41LnRnegogIC0gMzQ2ZjkzOTQzOTNlZThkYjVmOGJkMWUyMjllZTlkOTBlNWIzNjkzMWJkZDc1NDMwOGIyYWU2ODg4NGRkNjgyMkBodHRwczovL2Rvd25sb2FkLmRvY2tlci5jb20vbGludXgvc3RhdGljL3N0YWJsZS94ODZfNjQvZG9ja2VyLTE4LjA2LjMtY2UudGd6CiAgYXJtNjQ6CiAgLSBkZjM4ZTA0NTc2MDI2MzkzMDU1Y2NjNzdjMGRjZTczNjEyOTk2NTYxQGh0dHBzOi8vc3RvcmFnZS5nb29nbGVhcGlzLmNvbS9rdWJlcm5ldGVzLXJlbGVhc2UvcmVsZWFzZS92MS4xNC4wL2Jpbi9saW51eC9hcm02NC9rdWJlbGV0CiAgLSAwMWMyYjZiNDNkMzZiNmJmYWZjODBhMzczNzM5MWMxOWViZmI4YWQ1QGh0dHBzOi8vc3RvcmFnZS5nb29nbGVhcGlzLmNvbS9rdWJlcm5ldGVzLXJlbGVhc2UvcmVsZWFzZS92MS4xNC4wL2Jpbi9saW51eC9hcm02NC9rdWJlY3RsCiAgLSA3ZmVjOTFhZjc4ZTk1NDhkZjMwNmYwZWM0M2JlYTUyN2M4YzEwY2MzYTk2ODJjMzNlOTcxYzg1MjJhN2ZjZGVkQGh0dHBzOi8vc3RvcmFnZS5nb29nbGVhcGlzLmNvbS9rdWJlcm5ldGVzLXJlbGVhc2UvbmV0d29yay1wbHVnaW5zL2NuaS1wbHVnaW5zLWFybTY0LXYwLjcuNS50Z3oKICAtIGRlZmIyY2NjOTVjMDgyNTgzMzIxNmM4YjllMGUxNWJhYWE1MWJjZWRiM2VmYzFmMzkzZjUzNTJkMTg0ZGVhZDRAaHR0cHM6Ly9kb3dubG9hZC5kb2NrZXIuY29tL2xpbnV4L3N0YXRpYy9zdGFibGUvYWFyY2g2NC9kb2NrZXItMTguMDYuMy1jZS50Z3oKQ2x1c3Rlck5hbWU6IG1pbmltYWwtdGYxMS5leGFtcGxlLmNvbQpDb25maWdCYXNlOiBtZW1mczovL2NsdXN0ZXJzLmV4YW1wbGUuY29tL21pbmltYWwtdGYxMS5leGFtcGxlLmNvbQpJbnN0YW5jZUdyb3VwTmFtZTogbm9kZXMKSW5zdGFuY2VHcm91cFJvbGU6IE5vZGUKS3ViZWxldENvbmZpZzoKICBhbm9ueW1vdXNBdXRoOiBmYWxzZQogIGNncm91cFJvb3Q6IC8KICBjbG91ZFByb3ZpZGVyOiBhd3MKICBjbHVzdGVyRE5TOiAxMDAuNjQuMC4xMAogIGNsdXN0ZXJEb21haW46IGNsdXN0ZXIubG9jYWwKICBlbmFibGVEZWJ1Z2dpbmdIYW5kbGVyczogdHJ1ZQogIGV2aWN0aW9uSGFyZDogbWVtb3J5LmF2YWlsYWJsZTwxMDBNaSxub2RlZnMuYXZhaWxhYmxlPDEwJSxub2RlZnMuaW5vZGVzRnJlZTw1JSxpbWFnZWZzLmF2YWlsYWJsZTwxMCUsaW1hZ2Vmcy5pbm9kZXNGcmVlPDUlCiAgZmVhdHVyZUdhdGVzOgogICAgRXhwZXJpbWVudGFsQ3JpdGljYWxQb2RBbm5vdGF0aW9uOiAidHJ1ZSIKICBob3N0bmFtZU92ZXJyaWRlOiAnQGF3cycKICBrdWJlY29uZmlnUGF0aDogL3Zhci9saWIva3ViZWxldC9rdWJlY29uZmlnCiAgbG9nTGV2ZWw6IDIKICBuZXR3b3JrUGx1Z2luTVRVOiA5MDAxCiAgbmV0d29ya1BsdWdpbk5hbWU6IGt1YmVuZXQKICBub2RlTGFiZWxzOgogICAga3ViZXJuZXRlcy5pby9yb2xlOiBub2RlCiAgICBub2RlLXJvbGUua3ViZXJuZXRlcy5pby9ub2RlOiAiIgogIG5vbk1hc3F1ZXJhZGVDSURSOiAxMDAuNjQuMC4wLzEwCiAgcG9kSW5mcmFDb250YWluZXJJbWFnZTogazhzLmdjci5pby9wYXVzZTozLjIKICBwb2RNYW5pZmVzdFBhdGg6IC9ldGMva3ViZXJuZXRlcy9tYW5pZmVzdHMKY2hhbm5lbHM6Ci0gbWVtZnM6Ly9jbHVzdGVycy5leGFtcGxlLmNvbS9taW5pbWFsLXRmMTEuZXhhbXBsZS5jb20vYWRkb25zL2Jvb3RzdHJhcC1jaGFubmVsLnlhbWwKCl9fRU9GX0tVQkVfRU5WCgpkb3dubG9hZC1yZWxlYXNlCmVjaG8gIj09IG5vZGV1cCBub2RlIGNvbmZpZyBkb25lID09Igo= diff --git a/tests/integration/update_cluster/minimal-tf11/id_rsa.pub b/tests/integration/update_cluster/minimal-tf11/id_rsa.pub deleted file mode 100755 index 81cb012783..0000000000 --- a/tests/integration/update_cluster/minimal-tf11/id_rsa.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCtWu40XQo8dczLsCq0OWV+hxm9uV3WxeH9Kgh4sMzQxNtoU1pvW0XdjpkBesRKGoolfWeCLXWxpyQb1IaiMkKoz7MdhQ/6UKjMjP66aFWWp3pwD0uj0HuJ7tq4gKHKRYGTaZIRWpzUiANBrjugVgA+Sd7E/mYwc/DMXkIyRZbvhQ== diff --git a/tests/integration/update_cluster/minimal-tf11/in-v1alpha2.yaml b/tests/integration/update_cluster/minimal-tf11/in-v1alpha2.yaml deleted file mode 100644 index 9d5d0545c7..0000000000 --- a/tests/integration/update_cluster/minimal-tf11/in-v1alpha2.yaml +++ /dev/null @@ -1,80 +0,0 @@ -apiVersion: kops.k8s.io/v1alpha2 -kind: Cluster -metadata: - creationTimestamp: "2016-12-10T22:42:27Z" - name: minimal-tf11.example.com -spec: - kubernetesApiAccess: - - 0.0.0.0/0 - channel: stable - cloudProvider: aws - configBase: memfs://clusters.example.com/minimal-tf11.example.com - etcdClusters: - - etcdMembers: - - instanceGroup: master-us-test-1a - name: us-test-1a - name: main - - etcdMembers: - - instanceGroup: master-us-test-1a - name: us-test-1a - name: events - iam: {} - kubelet: - anonymousAuth: false - kubernetesVersion: v1.14.0 - masterInternalName: api.internal.minimal-tf11.example.com - masterPublicName: api.minimal-tf11.example.com - networkCIDR: 172.20.0.0/16 - networking: - kubenet: {} - nonMasqueradeCIDR: 100.64.0.0/10 - sshAccess: - - 0.0.0.0/0 - topology: - masters: public - nodes: public - subnets: - - cidr: 172.20.32.0/19 - name: us-test-1a - type: Public - zone: us-test-1a - ---- - -apiVersion: kops.k8s.io/v1alpha2 -kind: InstanceGroup -metadata: - creationTimestamp: "2016-12-10T22:42:28Z" - name: nodes - labels: - kops.k8s.io/cluster: minimal-tf11.example.com -spec: - associatePublicIp: true - image: kope.io/k8s-1.4-debian-jessie-amd64-hvm-ebs-2016-10-21 - machineType: t2.medium - maxSize: 2 - minSize: 2 - role: Node - subnets: - - us-test-1a - ---- - -apiVersion: kops.k8s.io/v1alpha2 -kind: InstanceGroup -metadata: - creationTimestamp: "2016-12-10T22:42:28Z" - name: master-us-test-1a - labels: - kops.k8s.io/cluster: minimal-tf11.example.com -spec: - associatePublicIp: true - image: kope.io/k8s-1.4-debian-jessie-amd64-hvm-ebs-2016-10-21 - machineType: m3.medium - maxSize: 1 - minSize: 1 - role: Master - subnets: - - us-test-1a - - diff --git a/tests/integration/update_cluster/minimal-tf11/kubernetes.tf b/tests/integration/update_cluster/minimal-tf11/kubernetes.tf deleted file mode 100644 index 133d6f4c77..0000000000 --- a/tests/integration/update_cluster/minimal-tf11/kubernetes.tf +++ /dev/null @@ -1,629 +0,0 @@ -locals = { - cluster_name = "minimal-tf11.example.com" - master_autoscaling_group_ids = ["${aws_autoscaling_group.master-us-test-1a-masters-minimal-tf11-example-com.id}"] - master_security_group_ids = ["${aws_security_group.masters-minimal-tf11-example-com.id}"] - masters_role_arn = "${aws_iam_role.masters-minimal-tf11-example-com.arn}" - masters_role_name = "${aws_iam_role.masters-minimal-tf11-example-com.name}" - node_autoscaling_group_ids = ["${aws_autoscaling_group.nodes-minimal-tf11-example-com.id}"] - node_security_group_ids = ["${aws_security_group.nodes-minimal-tf11-example-com.id}"] - node_subnet_ids = ["${aws_subnet.us-test-1a-minimal-tf11-example-com.id}"] - nodes_role_arn = "${aws_iam_role.nodes-minimal-tf11-example-com.arn}" - nodes_role_name = "${aws_iam_role.nodes-minimal-tf11-example-com.name}" - region = "us-test-1" - route_table_public_id = "${aws_route_table.minimal-tf11-example-com.id}" - subnet_us-test-1a_id = "${aws_subnet.us-test-1a-minimal-tf11-example-com.id}" - vpc_cidr_block = "${aws_vpc.minimal-tf11-example-com.cidr_block}" - vpc_id = "${aws_vpc.minimal-tf11-example-com.id}" -} - -output "cluster_name" { - value = "minimal-tf11.example.com" -} - -output "master_autoscaling_group_ids" { - value = ["${aws_autoscaling_group.master-us-test-1a-masters-minimal-tf11-example-com.id}"] -} - -output "master_security_group_ids" { - value = ["${aws_security_group.masters-minimal-tf11-example-com.id}"] -} - -output "masters_role_arn" { - value = "${aws_iam_role.masters-minimal-tf11-example-com.arn}" -} - -output "masters_role_name" { - value = "${aws_iam_role.masters-minimal-tf11-example-com.name}" -} - -output "node_autoscaling_group_ids" { - value = ["${aws_autoscaling_group.nodes-minimal-tf11-example-com.id}"] -} - -output "node_security_group_ids" { - value = ["${aws_security_group.nodes-minimal-tf11-example-com.id}"] -} - -output "node_subnet_ids" { - value = ["${aws_subnet.us-test-1a-minimal-tf11-example-com.id}"] -} - -output "nodes_role_arn" { - value = "${aws_iam_role.nodes-minimal-tf11-example-com.arn}" -} - -output "nodes_role_name" { - value = "${aws_iam_role.nodes-minimal-tf11-example-com.name}" -} - -output "region" { - value = "us-test-1" -} - -output "route_table_public_id" { - value = "${aws_route_table.minimal-tf11-example-com.id}" -} - -output "subnet_us-test-1a_id" { - value = "${aws_subnet.us-test-1a-minimal-tf11-example-com.id}" -} - -output "vpc_cidr_block" { - value = "${aws_vpc.minimal-tf11-example-com.cidr_block}" -} - -output "vpc_id" { - value = "${aws_vpc.minimal-tf11-example-com.id}" -} - -provider "aws" { - region = "us-test-1" -} - -resource "aws_autoscaling_group" "master-us-test-1a-masters-minimal-tf11-example-com" { - name = "master-us-test-1a.masters.minimal-tf11.example.com" - - launch_template = { - id = "${aws_launch_template.master-us-test-1a-masters-minimal-tf11-example-com.id}" - version = "${aws_launch_template.master-us-test-1a-masters-minimal-tf11-example-com.latest_version}" - } - - max_size = 1 - min_size = 1 - vpc_zone_identifier = ["${aws_subnet.us-test-1a-minimal-tf11-example-com.id}"] - - tag = { - key = "KubernetesCluster" - value = "minimal-tf11.example.com" - propagate_at_launch = true - } - - tag = { - key = "Name" - value = "master-us-test-1a.masters.minimal-tf11.example.com" - propagate_at_launch = true - } - - tag = { - key = "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" - value = "master" - propagate_at_launch = true - } - - tag = { - key = "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master" - value = "" - propagate_at_launch = true - } - - tag = { - key = "k8s.io/role/master" - value = "1" - propagate_at_launch = true - } - - tag = { - key = "kops.k8s.io/instancegroup" - value = "master-us-test-1a" - propagate_at_launch = true - } - - tag = { - key = "kubernetes.io/cluster/minimal-tf11.example.com" - value = "owned" - propagate_at_launch = true - } - - metrics_granularity = "1Minute" - enabled_metrics = ["GroupDesiredCapacity", "GroupInServiceInstances", "GroupMaxSize", "GroupMinSize", "GroupPendingInstances", "GroupStandbyInstances", "GroupTerminatingInstances", "GroupTotalInstances"] -} - -resource "aws_autoscaling_group" "nodes-minimal-tf11-example-com" { - name = "nodes.minimal-tf11.example.com" - - launch_template = { - id = "${aws_launch_template.nodes-minimal-tf11-example-com.id}" - version = "${aws_launch_template.nodes-minimal-tf11-example-com.latest_version}" - } - - max_size = 2 - min_size = 2 - vpc_zone_identifier = ["${aws_subnet.us-test-1a-minimal-tf11-example-com.id}"] - - tag = { - key = "KubernetesCluster" - value = "minimal-tf11.example.com" - propagate_at_launch = true - } - - tag = { - key = "Name" - value = "nodes.minimal-tf11.example.com" - propagate_at_launch = true - } - - tag = { - key = "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" - value = "node" - propagate_at_launch = true - } - - tag = { - key = "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" - value = "" - propagate_at_launch = true - } - - tag = { - key = "k8s.io/role/node" - value = "1" - propagate_at_launch = true - } - - tag = { - key = "kops.k8s.io/instancegroup" - value = "nodes" - propagate_at_launch = true - } - - tag = { - key = "kubernetes.io/cluster/minimal-tf11.example.com" - value = "owned" - propagate_at_launch = true - } - - metrics_granularity = "1Minute" - enabled_metrics = ["GroupDesiredCapacity", "GroupInServiceInstances", "GroupMaxSize", "GroupMinSize", "GroupPendingInstances", "GroupStandbyInstances", "GroupTerminatingInstances", "GroupTotalInstances"] -} - -resource "aws_ebs_volume" "us-test-1a-etcd-events-minimal-tf11-example-com" { - availability_zone = "us-test-1a" - size = 20 - type = "gp2" - encrypted = false - - tags = { - KubernetesCluster = "minimal-tf11.example.com" - Name = "us-test-1a.etcd-events.minimal-tf11.example.com" - "k8s.io/etcd/events" = "us-test-1a/us-test-1a" - "k8s.io/role/master" = "1" - "kubernetes.io/cluster/minimal-tf11.example.com" = "owned" - } -} - -resource "aws_ebs_volume" "us-test-1a-etcd-main-minimal-tf11-example-com" { - availability_zone = "us-test-1a" - size = 20 - type = "gp2" - encrypted = false - - tags = { - KubernetesCluster = "minimal-tf11.example.com" - Name = "us-test-1a.etcd-main.minimal-tf11.example.com" - "k8s.io/etcd/main" = "us-test-1a/us-test-1a" - "k8s.io/role/master" = "1" - "kubernetes.io/cluster/minimal-tf11.example.com" = "owned" - } -} - -resource "aws_iam_instance_profile" "masters-minimal-tf11-example-com" { - name = "masters.minimal-tf11.example.com" - role = "${aws_iam_role.masters-minimal-tf11-example-com.name}" -} - -resource "aws_iam_instance_profile" "nodes-minimal-tf11-example-com" { - name = "nodes.minimal-tf11.example.com" - role = "${aws_iam_role.nodes-minimal-tf11-example-com.name}" -} - -resource "aws_iam_role" "masters-minimal-tf11-example-com" { - name = "masters.minimal-tf11.example.com" - assume_role_policy = "${file("${path.module}/data/aws_iam_role_masters.minimal-tf11.example.com_policy")}" -} - -resource "aws_iam_role" "nodes-minimal-tf11-example-com" { - name = "nodes.minimal-tf11.example.com" - assume_role_policy = "${file("${path.module}/data/aws_iam_role_nodes.minimal-tf11.example.com_policy")}" -} - -resource "aws_iam_role_policy" "masters-minimal-tf11-example-com" { - name = "masters.minimal-tf11.example.com" - role = "${aws_iam_role.masters-minimal-tf11-example-com.name}" - policy = "${file("${path.module}/data/aws_iam_role_policy_masters.minimal-tf11.example.com_policy")}" -} - -resource "aws_iam_role_policy" "nodes-minimal-tf11-example-com" { - name = "nodes.minimal-tf11.example.com" - role = "${aws_iam_role.nodes-minimal-tf11-example-com.name}" - policy = "${file("${path.module}/data/aws_iam_role_policy_nodes.minimal-tf11.example.com_policy")}" -} - -resource "aws_internet_gateway" "minimal-tf11-example-com" { - vpc_id = "${aws_vpc.minimal-tf11-example-com.id}" - - tags = { - KubernetesCluster = "minimal-tf11.example.com" - Name = "minimal-tf11.example.com" - "kubernetes.io/cluster/minimal-tf11.example.com" = "owned" - } -} - -resource "aws_key_pair" "kubernetes-minimal-tf11-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157" { - key_name = "kubernetes.minimal-tf11.example.com-c4:a6:ed:9a:a8:89:b9:e2:c3:9c:d6:63:eb:9c:71:57" - public_key = "${file("${path.module}/data/aws_key_pair_kubernetes.minimal-tf11.example.com-c4a6ed9aa889b9e2c39cd663eb9c7157_public_key")}" - - tags = { - KubernetesCluster = "minimal-tf11.example.com" - Name = "minimal-tf11.example.com" - "kubernetes.io/cluster/minimal-tf11.example.com" = "owned" - } -} - -resource "aws_launch_template" "master-us-test-1a-masters-minimal-tf11-example-com" { - name_prefix = "master-us-test-1a.masters.minimal-tf11.example.com-" - - lifecycle = { - create_before_destroy = true - } - - block_device_mappings = { - device_name = "/dev/xvda" - - ebs = { - volume_type = "gp2" - volume_size = 64 - delete_on_termination = true - } - } - - block_device_mappings = { - device_name = "/dev/sdc" - virtual_name = "ephemeral0" - } - - iam_instance_profile = { - name = "${aws_iam_instance_profile.masters-minimal-tf11-example-com.id}" - } - - image_id = "ami-12345678" - instance_type = "m3.medium" - key_name = "${aws_key_pair.kubernetes-minimal-tf11-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id}" - - network_interfaces = { - associate_public_ip_address = true - delete_on_termination = true - security_groups = ["${aws_security_group.masters-minimal-tf11-example-com.id}"] - } - - tags = { - KubernetesCluster = "minimal-tf11.example.com" - Name = "master-us-test-1a.masters.minimal-tf11.example.com" - "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "master" - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master" = "" - "k8s.io/role/master" = "1" - "kops.k8s.io/instancegroup" = "master-us-test-1a" - "kubernetes.io/cluster/minimal-tf11.example.com" = "owned" - } - - tag_specifications = { - resource_type = "instance" - - tags = { - KubernetesCluster = "minimal-tf11.example.com" - Name = "master-us-test-1a.masters.minimal-tf11.example.com" - "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "master" - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master" = "" - "k8s.io/role/master" = "1" - "kops.k8s.io/instancegroup" = "master-us-test-1a" - "kubernetes.io/cluster/minimal-tf11.example.com" = "owned" - } - } - - tag_specifications = { - resource_type = "volume" - - tags = { - KubernetesCluster = "minimal-tf11.example.com" - Name = "master-us-test-1a.masters.minimal-tf11.example.com" - "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "master" - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/master" = "" - "k8s.io/role/master" = "1" - "kops.k8s.io/instancegroup" = "master-us-test-1a" - "kubernetes.io/cluster/minimal-tf11.example.com" = "owned" - } - } - - user_data = "${file("${path.module}/data/aws_launch_template_master-us-test-1a.masters.minimal-tf11.example.com_user_data")}" -} - -resource "aws_launch_template" "nodes-minimal-tf11-example-com" { - name_prefix = "nodes.minimal-tf11.example.com-" - - lifecycle = { - create_before_destroy = true - } - - block_device_mappings = { - device_name = "/dev/xvda" - - ebs = { - volume_type = "gp2" - volume_size = 128 - delete_on_termination = true - } - } - - iam_instance_profile = { - name = "${aws_iam_instance_profile.nodes-minimal-tf11-example-com.id}" - } - - image_id = "ami-12345678" - instance_type = "t2.medium" - key_name = "${aws_key_pair.kubernetes-minimal-tf11-example-com-c4a6ed9aa889b9e2c39cd663eb9c7157.id}" - - network_interfaces = { - associate_public_ip_address = true - delete_on_termination = true - security_groups = ["${aws_security_group.nodes-minimal-tf11-example-com.id}"] - } - - tags = { - KubernetesCluster = "minimal-tf11.example.com" - Name = "nodes.minimal-tf11.example.com" - "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "node" - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = "" - "k8s.io/role/node" = "1" - "kops.k8s.io/instancegroup" = "nodes" - "kubernetes.io/cluster/minimal-tf11.example.com" = "owned" - } - - tag_specifications = { - resource_type = "instance" - - tags = { - KubernetesCluster = "minimal-tf11.example.com" - Name = "nodes.minimal-tf11.example.com" - "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "node" - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = "" - "k8s.io/role/node" = "1" - "kops.k8s.io/instancegroup" = "nodes" - "kubernetes.io/cluster/minimal-tf11.example.com" = "owned" - } - } - - tag_specifications = { - resource_type = "volume" - - tags = { - KubernetesCluster = "minimal-tf11.example.com" - Name = "nodes.minimal-tf11.example.com" - "k8s.io/cluster-autoscaler/node-template/label/kubernetes.io/role" = "node" - "k8s.io/cluster-autoscaler/node-template/label/node-role.kubernetes.io/node" = "" - "k8s.io/role/node" = "1" - "kops.k8s.io/instancegroup" = "nodes" - "kubernetes.io/cluster/minimal-tf11.example.com" = "owned" - } - } - - user_data = "${file("${path.module}/data/aws_launch_template_nodes.minimal-tf11.example.com_user_data")}" -} - -resource "aws_route" "route-0-0-0-0--0" { - route_table_id = "${aws_route_table.minimal-tf11-example-com.id}" - destination_cidr_block = "0.0.0.0/0" - gateway_id = "${aws_internet_gateway.minimal-tf11-example-com.id}" -} - -resource "aws_route_table" "minimal-tf11-example-com" { - vpc_id = "${aws_vpc.minimal-tf11-example-com.id}" - - tags = { - KubernetesCluster = "minimal-tf11.example.com" - Name = "minimal-tf11.example.com" - "kubernetes.io/cluster/minimal-tf11.example.com" = "owned" - "kubernetes.io/kops/role" = "public" - } -} - -resource "aws_route_table_association" "us-test-1a-minimal-tf11-example-com" { - subnet_id = "${aws_subnet.us-test-1a-minimal-tf11-example-com.id}" - route_table_id = "${aws_route_table.minimal-tf11-example-com.id}" -} - -resource "aws_security_group" "masters-minimal-tf11-example-com" { - name = "masters.minimal-tf11.example.com" - vpc_id = "${aws_vpc.minimal-tf11-example-com.id}" - description = "Security group for masters" - - tags = { - KubernetesCluster = "minimal-tf11.example.com" - Name = "masters.minimal-tf11.example.com" - "kubernetes.io/cluster/minimal-tf11.example.com" = "owned" - } -} - -resource "aws_security_group" "nodes-minimal-tf11-example-com" { - name = "nodes.minimal-tf11.example.com" - vpc_id = "${aws_vpc.minimal-tf11-example-com.id}" - description = "Security group for nodes" - - tags = { - KubernetesCluster = "minimal-tf11.example.com" - Name = "nodes.minimal-tf11.example.com" - "kubernetes.io/cluster/minimal-tf11.example.com" = "owned" - } -} - -resource "aws_security_group_rule" "all-master-to-master" { - type = "ingress" - security_group_id = "${aws_security_group.masters-minimal-tf11-example-com.id}" - source_security_group_id = "${aws_security_group.masters-minimal-tf11-example-com.id}" - from_port = 0 - to_port = 0 - protocol = "-1" -} - -resource "aws_security_group_rule" "all-master-to-node" { - type = "ingress" - security_group_id = "${aws_security_group.nodes-minimal-tf11-example-com.id}" - source_security_group_id = "${aws_security_group.masters-minimal-tf11-example-com.id}" - from_port = 0 - to_port = 0 - protocol = "-1" -} - -resource "aws_security_group_rule" "all-node-to-node" { - type = "ingress" - security_group_id = "${aws_security_group.nodes-minimal-tf11-example-com.id}" - source_security_group_id = "${aws_security_group.nodes-minimal-tf11-example-com.id}" - from_port = 0 - to_port = 0 - protocol = "-1" -} - -resource "aws_security_group_rule" "https-external-to-master-0-0-0-0--0" { - type = "ingress" - security_group_id = "${aws_security_group.masters-minimal-tf11-example-com.id}" - from_port = 443 - to_port = 443 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] -} - -resource "aws_security_group_rule" "master-egress" { - type = "egress" - security_group_id = "${aws_security_group.masters-minimal-tf11-example-com.id}" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] -} - -resource "aws_security_group_rule" "node-egress" { - type = "egress" - security_group_id = "${aws_security_group.nodes-minimal-tf11-example-com.id}" - from_port = 0 - to_port = 0 - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] -} - -resource "aws_security_group_rule" "node-to-master-tcp-1-2379" { - type = "ingress" - security_group_id = "${aws_security_group.masters-minimal-tf11-example-com.id}" - source_security_group_id = "${aws_security_group.nodes-minimal-tf11-example-com.id}" - from_port = 1 - to_port = 2379 - protocol = "tcp" -} - -resource "aws_security_group_rule" "node-to-master-tcp-2382-4000" { - type = "ingress" - security_group_id = "${aws_security_group.masters-minimal-tf11-example-com.id}" - source_security_group_id = "${aws_security_group.nodes-minimal-tf11-example-com.id}" - from_port = 2382 - to_port = 4000 - protocol = "tcp" -} - -resource "aws_security_group_rule" "node-to-master-tcp-4003-65535" { - type = "ingress" - security_group_id = "${aws_security_group.masters-minimal-tf11-example-com.id}" - source_security_group_id = "${aws_security_group.nodes-minimal-tf11-example-com.id}" - from_port = 4003 - to_port = 65535 - protocol = "tcp" -} - -resource "aws_security_group_rule" "node-to-master-udp-1-65535" { - type = "ingress" - security_group_id = "${aws_security_group.masters-minimal-tf11-example-com.id}" - source_security_group_id = "${aws_security_group.nodes-minimal-tf11-example-com.id}" - from_port = 1 - to_port = 65535 - protocol = "udp" -} - -resource "aws_security_group_rule" "ssh-external-to-master-0-0-0-0--0" { - type = "ingress" - security_group_id = "${aws_security_group.masters-minimal-tf11-example-com.id}" - from_port = 22 - to_port = 22 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] -} - -resource "aws_security_group_rule" "ssh-external-to-node-0-0-0-0--0" { - type = "ingress" - security_group_id = "${aws_security_group.nodes-minimal-tf11-example-com.id}" - from_port = 22 - to_port = 22 - protocol = "tcp" - cidr_blocks = ["0.0.0.0/0"] -} - -resource "aws_subnet" "us-test-1a-minimal-tf11-example-com" { - vpc_id = "${aws_vpc.minimal-tf11-example-com.id}" - cidr_block = "172.20.32.0/19" - availability_zone = "us-test-1a" - - tags = { - KubernetesCluster = "minimal-tf11.example.com" - Name = "us-test-1a.minimal-tf11.example.com" - SubnetType = "Public" - "kubernetes.io/cluster/minimal-tf11.example.com" = "owned" - "kubernetes.io/role/elb" = "1" - } -} - -resource "aws_vpc" "minimal-tf11-example-com" { - cidr_block = "172.20.0.0/16" - enable_dns_hostnames = true - enable_dns_support = true - - tags = { - KubernetesCluster = "minimal-tf11.example.com" - Name = "minimal-tf11.example.com" - "kubernetes.io/cluster/minimal-tf11.example.com" = "owned" - } -} - -resource "aws_vpc_dhcp_options" "minimal-tf11-example-com" { - domain_name = "us-test-1.compute.internal" - domain_name_servers = ["AmazonProvidedDNS"] - - tags = { - KubernetesCluster = "minimal-tf11.example.com" - Name = "minimal-tf11.example.com" - "kubernetes.io/cluster/minimal-tf11.example.com" = "owned" - } -} - -resource "aws_vpc_dhcp_options_association" "minimal-tf11-example-com" { - vpc_id = "${aws_vpc.minimal-tf11-example-com.id}" - dhcp_options_id = "${aws_vpc_dhcp_options.minimal-tf11-example-com.id}" -} - -terraform = { - required_version = ">= 0.9.3" -} diff --git a/tests/integration/update_cluster/minimal/kubernetes.tf b/tests/integration/update_cluster/minimal/kubernetes.tf index ae646a8a84..1a31d0583d 100644 --- a/tests/integration/update_cluster/minimal/kubernetes.tf +++ b/tests/integration/update_cluster/minimal/kubernetes.tf @@ -570,5 +570,11 @@ resource "aws_vpc" "minimal-example-com" { } terraform { - required_version = ">= 0.12.0" + required_version = ">= 0.12.26" + required_providers { + aws = { + "source" = "hashicorp/aws" + "version" = ">= 2.46.0" + } + } } diff --git a/tests/integration/update_cluster/minimal_gce/kubernetes.tf b/tests/integration/update_cluster/minimal_gce/kubernetes.tf index e4b1859041..6701cf54d0 100644 --- a/tests/integration/update_cluster/minimal_gce/kubernetes.tf +++ b/tests/integration/update_cluster/minimal_gce/kubernetes.tf @@ -17,8 +17,7 @@ output "region" { } provider "google" { - region = "us-test1" - version = ">= 3.0.0" + region = "us-test1" } resource "google_compute_disk" "d1-etcd-events-minimal-gce-example-com" { @@ -329,5 +328,11 @@ resource "google_compute_network" "default" { } terraform { - required_version = ">= 0.12.0" + required_version = ">= 0.12.26" + required_providers { + google = { + "source" = "hashicorp/google" + "version" = ">= 2.19.0" + } + } } diff --git a/tests/integration/update_cluster/mixed_instances/kubernetes.tf b/tests/integration/update_cluster/mixed_instances/kubernetes.tf index 252b21c2aa..7523308155 100644 --- a/tests/integration/update_cluster/mixed_instances/kubernetes.tf +++ b/tests/integration/update_cluster/mixed_instances/kubernetes.tf @@ -914,5 +914,11 @@ resource "aws_vpc" "mixedinstances-example-com" { } terraform { - required_version = ">= 0.12.0" + required_version = ">= 0.12.26" + required_providers { + aws = { + "source" = "hashicorp/aws" + "version" = ">= 2.46.0" + } + } } diff --git a/tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf b/tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf index d6506dbac1..a7691d1abe 100644 --- a/tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf +++ b/tests/integration/update_cluster/mixed_instances_spot/kubernetes.tf @@ -914,5 +914,11 @@ resource "aws_vpc" "mixedinstances-example-com" { } terraform { - required_version = ">= 0.12.0" + required_version = ">= 0.12.26" + required_providers { + aws = { + "source" = "hashicorp/aws" + "version" = ">= 2.46.0" + } + } } diff --git a/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf b/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf index 3b60aff6df..86d00296c7 100644 --- a/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf +++ b/tests/integration/update_cluster/private-shared-subnet/kubernetes.tf @@ -804,5 +804,11 @@ resource "aws_security_group" "nodes-private-shared-subnet-example-com" { } terraform { - required_version = ">= 0.12.0" + required_version = ">= 0.12.26" + required_providers { + aws = { + "source" = "hashicorp/aws" + "version" = ">= 2.46.0" + } + } } diff --git a/tests/integration/update_cluster/privatecalico/kubernetes.tf b/tests/integration/update_cluster/privatecalico/kubernetes.tf index c3ccb7ac08..0a29d6b527 100644 --- a/tests/integration/update_cluster/privatecalico/kubernetes.tf +++ b/tests/integration/update_cluster/privatecalico/kubernetes.tf @@ -945,5 +945,11 @@ resource "aws_vpc" "privatecalico-example-com" { } terraform { - required_version = ">= 0.12.0" + required_version = ">= 0.12.26" + required_providers { + aws = { + "source" = "hashicorp/aws" + "version" = ">= 2.46.0" + } + } } diff --git a/tests/integration/update_cluster/privatecanal/kubernetes.tf b/tests/integration/update_cluster/privatecanal/kubernetes.tf index c29f08492e..fbe3a6d999 100644 --- a/tests/integration/update_cluster/privatecanal/kubernetes.tf +++ b/tests/integration/update_cluster/privatecanal/kubernetes.tf @@ -936,5 +936,11 @@ resource "aws_vpc" "privatecanal-example-com" { } terraform { - required_version = ">= 0.12.0" + required_version = ">= 0.12.26" + required_providers { + aws = { + "source" = "hashicorp/aws" + "version" = ">= 2.46.0" + } + } } diff --git a/tests/integration/update_cluster/privatecilium/kubernetes.tf b/tests/integration/update_cluster/privatecilium/kubernetes.tf index 9a9d5fc288..e8a6eec761 100644 --- a/tests/integration/update_cluster/privatecilium/kubernetes.tf +++ b/tests/integration/update_cluster/privatecilium/kubernetes.tf @@ -936,5 +936,11 @@ resource "aws_vpc" "privatecilium-example-com" { } terraform { - required_version = ">= 0.12.0" + required_version = ">= 0.12.26" + required_providers { + aws = { + "source" = "hashicorp/aws" + "version" = ">= 2.46.0" + } + } } diff --git a/tests/integration/update_cluster/privatecilium2/kubernetes.tf b/tests/integration/update_cluster/privatecilium2/kubernetes.tf index 9a9d5fc288..e8a6eec761 100644 --- a/tests/integration/update_cluster/privatecilium2/kubernetes.tf +++ b/tests/integration/update_cluster/privatecilium2/kubernetes.tf @@ -936,5 +936,11 @@ resource "aws_vpc" "privatecilium-example-com" { } terraform { - required_version = ">= 0.12.0" + required_version = ">= 0.12.26" + required_providers { + aws = { + "source" = "hashicorp/aws" + "version" = ">= 2.46.0" + } + } } diff --git a/tests/integration/update_cluster/privateciliumadvanced/kubernetes.tf b/tests/integration/update_cluster/privateciliumadvanced/kubernetes.tf index 62c2283a15..c50f8afb10 100644 --- a/tests/integration/update_cluster/privateciliumadvanced/kubernetes.tf +++ b/tests/integration/update_cluster/privateciliumadvanced/kubernetes.tf @@ -950,5 +950,11 @@ resource "aws_vpc" "privateciliumadvanced-example-com" { } terraform { - required_version = ">= 0.12.0" + required_version = ">= 0.12.26" + required_providers { + aws = { + "source" = "hashicorp/aws" + "version" = ">= 2.46.0" + } + } } diff --git a/tests/integration/update_cluster/privatedns1/kubernetes.tf b/tests/integration/update_cluster/privatedns1/kubernetes.tf index 8078f38636..60c7cad7cc 100644 --- a/tests/integration/update_cluster/privatedns1/kubernetes.tf +++ b/tests/integration/update_cluster/privatedns1/kubernetes.tf @@ -1027,5 +1027,11 @@ resource "aws_vpc" "privatedns1-example-com" { } terraform { - required_version = ">= 0.12.0" + required_version = ">= 0.12.26" + required_providers { + aws = { + "source" = "hashicorp/aws" + "version" = ">= 2.46.0" + } + } } diff --git a/tests/integration/update_cluster/privatedns2/kubernetes.tf b/tests/integration/update_cluster/privatedns2/kubernetes.tf index 3851584616..66abf12729 100644 --- a/tests/integration/update_cluster/privatedns2/kubernetes.tf +++ b/tests/integration/update_cluster/privatedns2/kubernetes.tf @@ -896,5 +896,11 @@ resource "aws_subnet" "utility-us-test-1a-privatedns2-example-com" { } terraform { - required_version = ">= 0.12.0" + required_version = ">= 0.12.26" + required_providers { + aws = { + "source" = "hashicorp/aws" + "version" = ">= 2.46.0" + } + } } diff --git a/tests/integration/update_cluster/privateflannel/kubernetes.tf b/tests/integration/update_cluster/privateflannel/kubernetes.tf index d236feab7b..eccd20f6d9 100644 --- a/tests/integration/update_cluster/privateflannel/kubernetes.tf +++ b/tests/integration/update_cluster/privateflannel/kubernetes.tf @@ -936,5 +936,11 @@ resource "aws_vpc" "privateflannel-example-com" { } terraform { - required_version = ">= 0.12.0" + required_version = ">= 0.12.26" + required_providers { + aws = { + "source" = "hashicorp/aws" + "version" = ">= 2.46.0" + } + } } diff --git a/tests/integration/update_cluster/privatekopeio/kubernetes.tf b/tests/integration/update_cluster/privatekopeio/kubernetes.tf index ee36fd7569..43a7999fe2 100644 --- a/tests/integration/update_cluster/privatekopeio/kubernetes.tf +++ b/tests/integration/update_cluster/privatekopeio/kubernetes.tf @@ -984,5 +984,11 @@ resource "aws_vpc" "privatekopeio-example-com" { } terraform { - required_version = ">= 0.12.0" + required_version = ">= 0.12.26" + required_providers { + aws = { + "source" = "hashicorp/aws" + "version" = ">= 2.46.0" + } + } } diff --git a/tests/integration/update_cluster/privateweave/kubernetes.tf b/tests/integration/update_cluster/privateweave/kubernetes.tf index 1e5c0d6d45..1fd8ba8c7c 100644 --- a/tests/integration/update_cluster/privateweave/kubernetes.tf +++ b/tests/integration/update_cluster/privateweave/kubernetes.tf @@ -936,5 +936,11 @@ resource "aws_vpc" "privateweave-example-com" { } terraform { - required_version = ">= 0.12.0" + required_version = ">= 0.12.26" + required_providers { + aws = { + "source" = "hashicorp/aws" + "version" = ">= 2.46.0" + } + } } diff --git a/tests/integration/update_cluster/public-jwks/kubernetes.tf b/tests/integration/update_cluster/public-jwks/kubernetes.tf index ba9831a285..c768d0f4e3 100644 --- a/tests/integration/update_cluster/public-jwks/kubernetes.tf +++ b/tests/integration/update_cluster/public-jwks/kubernetes.tf @@ -597,5 +597,11 @@ resource "aws_vpc" "minimal-example-com" { } terraform { - required_version = ">= 0.12.0" + required_version = ">= 0.12.26" + required_providers { + aws = { + "source" = "hashicorp/aws" + "version" = ">= 2.46.0" + } + } } diff --git a/tests/integration/update_cluster/shared_subnet/kubernetes.tf b/tests/integration/update_cluster/shared_subnet/kubernetes.tf index b5da2511d6..c0613a72b3 100644 --- a/tests/integration/update_cluster/shared_subnet/kubernetes.tf +++ b/tests/integration/update_cluster/shared_subnet/kubernetes.tf @@ -496,5 +496,11 @@ resource "aws_security_group" "nodes-sharedsubnet-example-com" { } terraform { - required_version = ">= 0.12.0" + required_version = ">= 0.12.26" + required_providers { + aws = { + "source" = "hashicorp/aws" + "version" = ">= 2.46.0" + } + } } diff --git a/tests/integration/update_cluster/shared_vpc/kubernetes.tf b/tests/integration/update_cluster/shared_vpc/kubernetes.tf index c318df5ff0..d2b3dac1d4 100644 --- a/tests/integration/update_cluster/shared_vpc/kubernetes.tf +++ b/tests/integration/update_cluster/shared_vpc/kubernetes.tf @@ -530,5 +530,11 @@ resource "aws_subnet" "us-test-1a-sharedvpc-example-com" { } terraform { - required_version = ">= 0.12.0" + required_version = ">= 0.12.26" + required_providers { + aws = { + "source" = "hashicorp/aws" + "version" = ">= 2.46.0" + } + } } diff --git a/tests/integration/update_cluster/unmanaged/kubernetes.tf b/tests/integration/update_cluster/unmanaged/kubernetes.tf index b6bf50dffe..4cf27bd16f 100644 --- a/tests/integration/update_cluster/unmanaged/kubernetes.tf +++ b/tests/integration/update_cluster/unmanaged/kubernetes.tf @@ -861,5 +861,11 @@ resource "aws_subnet" "utility-us-test-1b-unmanaged-example-com" { } terraform { - required_version = ">= 0.12.0" + required_version = ">= 0.12.26" + required_providers { + aws = { + "source" = "hashicorp/aws" + "version" = ">= 2.46.0" + } + } } diff --git a/upup/pkg/fi/cloudup/apply_cluster.go b/upup/pkg/fi/cloudup/apply_cluster.go index 851f470cda..b316d979b0 100644 --- a/upup/pkg/fi/cloudup/apply_cluster.go +++ b/upup/pkg/fi/cloudup/apply_cluster.go @@ -724,11 +724,7 @@ func (c *ApplyClusterCmd) Run(ctx context.Context) error { case TargetTerraform: checkExisting = false outDir := c.OutDir - tfVersion := terraform.Version011 - if featureflag.Terraform012.Enabled() && !featureflag.TerraformJSON.Enabled() { - tfVersion = terraform.Version012 - } - tf := terraform.NewTerraformTarget(cloud, region, project, outDir, tfVersion, cluster.Spec.Target) + tf := terraform.NewTerraformTarget(cloud, region, project, outDir, cluster.Spec.Target) // We include a few "util" variables in the TF output if err := tf.AddOutputVariable("region", terraform.LiteralFromStringValue(region)); err != nil { diff --git a/upup/pkg/fi/cloudup/awstasks/autoscalinggroup_test.go b/upup/pkg/fi/cloudup/awstasks/autoscalinggroup_test.go index b304067a9e..1c30ebb2e2 100644 --- a/upup/pkg/fi/cloudup/awstasks/autoscalinggroup_test.go +++ b/upup/pkg/fi/cloudup/awstasks/autoscalinggroup_test.go @@ -243,7 +243,13 @@ resource "aws_autoscaling_group" "test" { } terraform { - required_version = ">= 0.12.0" + required_version = ">= 0.12.26" + required_providers { + aws = { + "source" = "hashicorp/aws" + "version" = ">= 2.46.0" + } + } } `, }, @@ -311,7 +317,13 @@ resource "aws_autoscaling_group" "test1" { } terraform { - required_version = ">= 0.12.0" + required_version = ">= 0.12.26" + required_providers { + aws = { + "source" = "hashicorp/aws" + "version" = ">= 2.46.0" + } + } } `, }, diff --git a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform.go b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform.go index 3de3674f43..9425f5aeb5 100644 --- a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform.go +++ b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform.go @@ -216,14 +216,7 @@ func (t *LaunchTemplate) RenderTerraform(target *terraform.TerraformTarget, a, e return err } if d != nil { - if featureflag.Terraform012.Enabled() && !featureflag.TerraformJSON.Enabled() { - userDataResource := fi.WrapResource(fi.NewBytesResource(d)) - - tf.UserData, err = target.AddFile("aws_launch_template", fi.StringValue(e.Name), "user_data", userDataResource, true) - if err != nil { - return err - } - } else { + if featureflag.TerraformJSON.Enabled() { b64d := base64.StdEncoding.EncodeToString(d) if b64d != "" { b64UserDataResource := fi.WrapResource(fi.NewStringResource(b64d)) @@ -232,6 +225,13 @@ func (t *LaunchTemplate) RenderTerraform(target *terraform.TerraformTarget, a, e return err } } + } else { + userDataResource := fi.WrapResource(fi.NewBytesResource(d)) + + tf.UserData, err = target.AddFile("aws_launch_template", fi.StringValue(e.Name), "user_data", userDataResource, true) + if err != nil { + return err + } } } } diff --git a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform_test.go b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform_test.go index 3d2c76a409..405286a566 100644 --- a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform_test.go +++ b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform_test.go @@ -84,7 +84,13 @@ resource "aws_launch_template" "test" { } terraform { - required_version = ">= 0.12.0" + required_version = ">= 0.12.26" + required_providers { + aws = { + "source" = "hashicorp/aws" + "version" = ">= 2.46.0" + } + } } `, }, @@ -154,7 +160,13 @@ resource "aws_launch_template" "test" { } terraform { - required_version = ">= 0.12.0" + required_version = ">= 0.12.26" + required_providers { + aws = { + "source" = "hashicorp/aws" + "version" = ">= 2.46.0" + } + } } `, }, diff --git a/upup/pkg/fi/cloudup/awstasks/render_test.go b/upup/pkg/fi/cloudup/awstasks/render_test.go index 3e98bf3023..c0e07ad873 100644 --- a/upup/pkg/fi/cloudup/awstasks/render_test.go +++ b/upup/pkg/fi/cloudup/awstasks/render_test.go @@ -56,7 +56,7 @@ func doRenderTests(t *testing.T, method string, cases []*renderTest) { switch method { case "RenderTerraform": - target = terraform.NewTerraformTarget(cloud, "eu-west-2", "test", outdir, terraform.Version012, nil) + target = terraform.NewTerraformTarget(cloud, "eu-west-2", "test", outdir, nil) filename = "kubernetes.tf" case "RenderCloudformation": target = cloudformation.NewCloudformationTarget(cloud, "eu-west-2", "test", outdir) diff --git a/upup/pkg/fi/cloudup/terraform/BUILD.bazel b/upup/pkg/fi/cloudup/terraform/BUILD.bazel index d56bb59675..1354d0f557 100644 --- a/upup/pkg/fi/cloudup/terraform/BUILD.bazel +++ b/upup/pkg/fi/cloudup/terraform/BUILD.bazel @@ -4,12 +4,11 @@ go_library( name = "go_default_library", srcs = [ "hcl2.go", - "hcl_printer.go", "lifecycle.go", "literal.go", "target.go", - "target_0_11.go", - "target_0_12.go", + "target_hcl2.go", + "target_json.go", ], importpath = "k8s.io/kops/upup/pkg/fi/cloudup/terraform", visibility = ["//visibility:public"], @@ -17,9 +16,6 @@ go_library( "//pkg/apis/kops:go_default_library", "//pkg/featureflag:go_default_library", "//upup/pkg/fi:go_default_library", - "//vendor/github.com/hashicorp/hcl/hcl/ast:go_default_library", - "//vendor/github.com/hashicorp/hcl/hcl/printer:go_default_library", - "//vendor/github.com/hashicorp/hcl/json/parser:go_default_library", "//vendor/github.com/hashicorp/hcl/v2:go_default_library", "//vendor/github.com/hashicorp/hcl/v2/hclsyntax:go_default_library", "//vendor/github.com/hashicorp/hcl/v2/hclwrite:go_default_library", @@ -33,7 +29,7 @@ go_test( name = "go_default_test", srcs = [ "hcl2_test.go", - "target_0_12_test.go", + "target_hcl2_test.go", ], embed = [":go_default_library"], deps = [ diff --git a/upup/pkg/fi/cloudup/terraform/hcl_printer.go b/upup/pkg/fi/cloudup/terraform/hcl_printer.go deleted file mode 100644 index bf73085520..0000000000 --- a/upup/pkg/fi/cloudup/terraform/hcl_printer.go +++ /dev/null @@ -1,133 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package terraform - -import ( - "bytes" - "fmt" - "strings" - - "github.com/hashicorp/hcl/hcl/ast" - hcl_printer "github.com/hashicorp/hcl/hcl/printer" - "k8s.io/klog/v2" - "k8s.io/kops/pkg/featureflag" -) - -const safeChars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_" - -// sanitizer fixes up an invalid HCL AST, as produced by the HCL parser for JSON -type astSanitizer struct { -} - -// output prints creates b printable HCL output and returns it. -func (v *astSanitizer) visit(n interface{}) { - switch t := n.(type) { - case *ast.File: - v.visit(t.Node) - case *ast.ObjectList: - var index int - for { - if index == len(t.Items) { - break - } - - v.visit(t.Items[index]) - index++ - } - case *ast.ObjectKey: - case *ast.ObjectItem: - v.visitObjectItem(t) - case *ast.LiteralType: - case *ast.ListType: - case *ast.ObjectType: - v.visit(t.List) - default: - klog.Warningf(" unknown type: %T\n", n) - } - -} - -func (v *astSanitizer) visitObjectItem(o *ast.ObjectItem) { - for i, k := range o.Keys { - if i == 0 { - text := k.Token.Text - if text != "" && text[0] == '"' && text[len(text)-1] == '"' { - v := text[1 : len(text)-1] - safe := true - for _, c := range v { - if !strings.ContainsRune(safeChars, c) { - safe = false - break - } - } - if safe { - k.Token.Text = v - } - } - - } - } - - // A hack so that Assign.IsValid is true, so that the printer will output = - o.Assign.Line = 1 - - v.visit(o.Val) -} - -func hclPrint(node ast.Node) ([]byte, error) { - var sanitizer astSanitizer - sanitizer.visit(node) - - var b bytes.Buffer - err := hcl_printer.Fprint(&b, node) - if err != nil { - return nil, fmt.Errorf("error writing HCL: %v", err) - } - s := b.String() - - // Remove extra whitespace... - s = strings.Replace(s, "\n\n", "\n", -1) - - // ...but leave whitespace between resources - s = strings.Replace(s, "}\nresource", "}\n\nresource", -1) - - // Workaround HCL insanity #6359: quotes are _not_ escaped in quotes (huh?) - // This hits the file function - s = strings.Replace(s, "(\\\"", "(\"", -1) - s = strings.Replace(s, "\\\")", "\")", -1) - - // We don't need to escape > or < - s = strings.Replace(s, "\\u003c", "<", -1) - s = strings.Replace(s, "\\u003e", ">", -1) - - if featureflag.SkipTerraformFormat.Enabled() { - klog.Infof("feature-flag SkipTerraformFormat was set; skipping terraform format") - return []byte(s), nil - } - - // Apply Terraform style (alignment etc.) - formatted, err := hcl_printer.Format([]byte(s)) - if err != nil { - klog.Errorf("Invalid HCL follows:") - for i, line := range strings.Split(s, "\n") { - klog.Errorf("%d\t%s", (i + 1), line) - } - return nil, fmt.Errorf("error formatting HCL: %v", err) - } - - return formatted, nil -} diff --git a/upup/pkg/fi/cloudup/terraform/target.go b/upup/pkg/fi/cloudup/terraform/target.go index 37d62ddf17..c0dbefb114 100644 --- a/upup/pkg/fi/cloudup/terraform/target.go +++ b/upup/pkg/fi/cloudup/terraform/target.go @@ -27,25 +27,16 @@ import ( "k8s.io/klog/v2" "k8s.io/kops/pkg/apis/kops" + "k8s.io/kops/pkg/featureflag" "k8s.io/kops/upup/pkg/fi" ) -// Version represents which terraform version is targeted -type Version string - -// Version011 represents terraform versions before 0.12 -const Version011 Version = "0.11" - -// Version012 represents terraform versions 0.12 and above -const Version012 Version = "0.12" - type TerraformTarget struct { Cloud fi.Cloud Region string Project string ClusterName string - Version Version outDir string @@ -61,12 +52,11 @@ type TerraformTarget struct { clusterSpecTarget *kops.TargetSpec } -func NewTerraformTarget(cloud fi.Cloud, region, project string, outDir string, version Version, clusterSpecTarget *kops.TargetSpec) *TerraformTarget { +func NewTerraformTarget(cloud fi.Cloud, region, project string, outDir string, clusterSpecTarget *kops.TargetSpec) *TerraformTarget { return &TerraformTarget{ Cloud: cloud, Region: region, Project: project, - Version: version, outDir: outDir, files: make(map[string][]byte), @@ -193,13 +183,10 @@ func tfGetProviderExtraConfig(c *kops.TargetSpec) map[string]string { func (t *TerraformTarget) Finish(taskMap map[string]fi.Task) error { var err error - switch t.Version { - case Version011: - err = t.finish011(taskMap) - case Version012: - err = t.finish012(taskMap) - default: - err = fmt.Errorf("unrecognized terraform version %v", t.Version) + if featureflag.TerraformJSON.Enabled() { + err = t.finishJSON(taskMap) + } else { + err = t.finishHCL2(taskMap) } if err != nil { return err diff --git a/upup/pkg/fi/cloudup/terraform/target_0_12.go b/upup/pkg/fi/cloudup/terraform/target_hcl2.go similarity index 86% rename from upup/pkg/fi/cloudup/terraform/target_0_12.go rename to upup/pkg/fi/cloudup/terraform/target_hcl2.go index d31fe9d448..6fc0e8652e 100644 --- a/upup/pkg/fi/cloudup/terraform/target_0_12.go +++ b/upup/pkg/fi/cloudup/terraform/target_hcl2.go @@ -27,7 +27,7 @@ import ( "k8s.io/kops/upup/pkg/fi" ) -func (t *TerraformTarget) finish012(taskMap map[string]fi.Task) error { +func (t *TerraformTarget) finishHCL2(taskMap map[string]fi.Task) error { resourcesByType := make(map[string]map[string]interface{}) f := hclwrite.NewEmptyFile() @@ -42,9 +42,6 @@ func (t *TerraformTarget) finish012(taskMap map[string]fi.Task) error { providerBlock := rootBody.AppendNewBlock("provider", []string{providerName}) providerBody := providerBlock.Body() providerBody.SetAttributeValue("region", cty.StringVal(t.Region)) - if t.Cloud.ProviderID() == kops.CloudProviderGCE { - providerBody.SetAttributeValue("version", cty.StringVal(">= 3.0.0")) - } for k, v := range tfGetProviderExtraConfig(t.clusterSpecTarget) { providerBody.SetAttributeValue(k, cty.StringVal(v)) } @@ -87,7 +84,22 @@ func (t *TerraformTarget) finish012(taskMap map[string]fi.Task) error { terraformBlock := rootBody.AppendNewBlock("terraform", []string{}) terraformBody := terraformBlock.Body() - terraformBody.SetAttributeValue("required_version", cty.StringVal(">= 0.12.0")) + terraformBody.SetAttributeValue("required_version", cty.StringVal(">= 0.12.26")) + + requiredProvidersBlock := terraformBody.AppendNewBlock("required_providers", []string{}) + requiredProvidersBody := requiredProvidersBlock.Body() + + if t.Cloud.ProviderID() == kops.CloudProviderGCE { + writeMap(requiredProvidersBody, "google", map[string]cty.Value{ + "source": cty.StringVal("hashicorp/google"), + "version": cty.StringVal(">= 2.19.0"), + }) + } else if t.Cloud.ProviderID() == kops.CloudProviderAWS { + writeMap(requiredProvidersBody, "aws", map[string]cty.Value{ + "source": cty.StringVal("hashicorp/aws"), + "version": cty.StringVal(">= 2.46.0"), + }) + } bytes := hclwrite.Format(f.Bytes()) t.files["kubernetes.tf"] = bytes diff --git a/upup/pkg/fi/cloudup/terraform/target_0_12_test.go b/upup/pkg/fi/cloudup/terraform/target_hcl2_test.go similarity index 100% rename from upup/pkg/fi/cloudup/terraform/target_0_12_test.go rename to upup/pkg/fi/cloudup/terraform/target_hcl2_test.go diff --git a/upup/pkg/fi/cloudup/terraform/target_0_11.go b/upup/pkg/fi/cloudup/terraform/target_json.go similarity index 73% rename from upup/pkg/fi/cloudup/terraform/target_0_11.go rename to upup/pkg/fi/cloudup/terraform/target_json.go index 0fd59331c8..b7a583a8be 100644 --- a/upup/pkg/fi/cloudup/terraform/target_0_11.go +++ b/upup/pkg/fi/cloudup/terraform/target_json.go @@ -19,16 +19,12 @@ package terraform import ( "encoding/json" "fmt" - "os" - "path" - hcl_parser "github.com/hashicorp/hcl/json/parser" "k8s.io/kops/pkg/apis/kops" - "k8s.io/kops/pkg/featureflag" "k8s.io/kops/upup/pkg/fi" ) -func (t *TerraformTarget) finish011(taskMap map[string]fi.Task) error { +func (t *TerraformTarget) finishJSON(taskMap map[string]fi.Task) error { resourcesByType := make(map[string]map[string]interface{}) for _, res := range t.resources { @@ -56,7 +52,6 @@ func (t *TerraformTarget) finish011(taskMap map[string]fi.Task) error { providerGoogle[k] = v } providersByName["google"] = providerGoogle - providerGoogle["version"] = ">= 3.0.0" } else if t.Cloud.ProviderID() == kops.CloudProviderAWS { providerAWS := make(map[string]interface{}) providerAWS["region"] = t.Region @@ -108,16 +103,7 @@ func (t *TerraformTarget) finish011(taskMap map[string]fi.Task) error { } } - // See https://github.com/kubernetes/kops/pull/2424 for why we require 0.9.3 - terraformConfiguration := make(map[string]interface{}) - if featureflag.TerraformJSON.Enabled() { - terraformConfiguration["required_version"] = ">= 0.12.0" - } else { - terraformConfiguration["required_version"] = ">= 0.9.3" - } - data := make(map[string]interface{}) - data["terraform"] = terraformConfiguration data["resource"] = resourcesByType if len(providersByName) != 0 { data["provider"] = providersByName @@ -129,29 +115,39 @@ func (t *TerraformTarget) finish011(taskMap map[string]fi.Task) error { data["locals"] = localVariables } + terraformConfiguration := make(map[string]interface{}) + terraformConfiguration["required_version"] = ">= 0.12.26" + + requiredProvidersByName := make(map[string]interface{}) + if t.Cloud.ProviderID() == kops.CloudProviderGCE { + requiredProviderGoogle := make(map[string]interface{}) + requiredProviderGoogle["source"] = "hashicorp/google" + requiredProviderGoogle["version"] = ">= 2.19.0" + for k, v := range tfGetProviderExtraConfig(t.clusterSpecTarget) { + requiredProviderGoogle[k] = v + } + requiredProvidersByName["google"] = requiredProviderGoogle + } else if t.Cloud.ProviderID() == kops.CloudProviderAWS { + requiredProviderAWS := make(map[string]interface{}) + requiredProviderAWS["source"] = "hashicorp/aws" + requiredProviderAWS["version"] = ">= 2.46.0" + for k, v := range tfGetProviderExtraConfig(t.clusterSpecTarget) { + requiredProviderAWS[k] = v + } + requiredProvidersByName["aws"] = requiredProviderAWS + } + + if len(requiredProvidersByName) != 0 { + terraformConfiguration["required_providers"] = requiredProvidersByName + } + + data["terraform"] = terraformConfiguration + jsonBytes, err := json.MarshalIndent(data, "", " ") if err != nil { return fmt.Errorf("error marshaling terraform data to json: %v", err) } - if featureflag.TerraformJSON.Enabled() { - t.files["kubernetes.tf.json"] = jsonBytes - p := path.Join(t.outDir, "kubernetes.tf") - if _, err := os.Stat(p); err == nil { - return fmt.Errorf("Error generating kubernetes.tf.json: If you are upgrading from terraform 0.11 or earlier please read the release notes. Also, the kubernetes.tf file is already present. Please move the file away since it will be replaced by the kubernetes.tf.json file. ") - } - } else { - f, err := hcl_parser.Parse(jsonBytes) - if err != nil { - return fmt.Errorf("error parsing terraform json: %v", err) - } - - b, err := hclPrint(f) - if err != nil { - return fmt.Errorf("error writing terraform data to output: %v", err) - } - - t.files["kubernetes.tf"] = b - } + t.files["kubernetes.tf.json"] = jsonBytes return nil } diff --git a/vendor/modules.txt b/vendor/modules.txt index 6fe2ba5237..f6017d30fe 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -370,7 +370,6 @@ github.com/hashicorp/go-version github.com/hashicorp/golang-lru github.com/hashicorp/golang-lru/simplelru # github.com/hashicorp/hcl v1.0.0 -## explicit github.com/hashicorp/hcl github.com/hashicorp/hcl/hcl/ast github.com/hashicorp/hcl/hcl/parser