feat: Add support for terraform validator (#44)

terraform-google-modules · Jul 22, 2020 · d09725f · d09725f
1 parent e56d2e5
commit d09725f
Show file tree

Hide file tree

Showing 12 changed files with 29 additions and 15 deletions.
diff --git a/Makefile b/Makefile
@@ -18,7 +18,7 @@
 # Make will use bash instead of sh
 SHELL := /usr/bin/env bash
 
-DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0.11.0
+DOCKER_TAG_VERSION_DEVELOPER_TOOLS := 0
 DOCKER_IMAGE_DEVELOPER_TOOLS := cft/developer-tools
 REGISTRY_URL := gcr.io/cloud-foundation-cicd
 

diff --git a/examples/cloudbuild_enabled/main.tf b/examples/cloudbuild_enabled/main.tf
@@ -16,11 +16,11 @@
 
 
 provider "google" {
-  version = "~> 3.5.0"
+  version = "~> 3.31.0"
 }
 
 provider "google-beta" {
-  version = "~> 3.5.0"
+  version = "~> 3.31.0"
 }
 
 provider "null" {

diff --git a/examples/simple-folder/main.tf b/examples/simple-folder/main.tf
@@ -15,11 +15,11 @@
  */
 
 provider "google" {
-  version = "~> 3.5.0"
+  version = "~> 3.31.0"
 }
 
 provider "google-beta" {
-  version = "~> 3.5.0"
+  version = "~> 3.31.0"
 }
 
 provider "null" {

diff --git a/examples/simple/main.tf b/examples/simple/main.tf
@@ -15,11 +15,11 @@
  */
 
 provider "google" {
-  version = "~> 3.5.0"
+  version = "~> 3.31.0"
 }
 
 provider "google-beta" {
-  version = "~> 3.5.0"
+  version = "~> 3.31.0"
 }
 
 provider "null" {

diff --git a/modules/cloudbuild/README.md b/modules/cloudbuild/README.md
@@ -27,7 +27,7 @@ Functional examples and sample Cloud Build definitions are included in the [exam
 
 1. Create a new GCP cloud build project using `project_prefix`
 1. Enable APIs in the cloud build project using `activate_apis`
-1. Build a Terraform docker image for Cloud Build
+1. Build a Terraform docker image for Cloud Build, including [terraform-validator](https://github.com/GoogleCloudPlatform/terraform-validator).
 1. Create a GCS bucket for Cloud Build Artifacts using `project_prefix`
 1. Create Cloud Source Repos for pipelines using list of repos in `cloud_source_repos`
     1. Create Cloud Build trigger for terraform apply on master branch
@@ -69,6 +69,7 @@ Functional examples and sample Cloud Build definitions are included in the [exam
 | terraform\_sa\_email | Email for terraform service account. | string | n/a | yes |
 | terraform\_sa\_name | Fully-qualified name of the terraform service account. | string | n/a | yes |
 | terraform\_state\_bucket | Default state bucket, used in Cloud Build substitutions. | string | n/a | yes |
+| terraform\_validator\_release | Default terraform-validator release. | string | `"2020-03-05"` | no |
 | terraform\_version | Default terraform version. | string | `"0.12.24"` | no |
 | terraform\_version\_sha256sum | sha256sum for default terraform version. | string | `"602d2529aafdaa0f605c06adb7c72cfb585d8aa19b3f4d8d189b42589e27bf11"` | no |
 

diff --git a/modules/cloudbuild/cloudbuild_builder/Dockerfile b/modules/cloudbuild/cloudbuild_builder/Dockerfile
@@ -14,21 +14,26 @@
 
 FROM gcr.io/cloud-builders/gcloud-slim
 
+# Use ARG so that values can be overriden by user/cloudbuild
 ARG TERRAFORM_VERSION=0.12.24
 ARG TERRAFORM_VERSION_SHA256SUM=602d2529aafdaa0f605c06adb7c72cfb585d8aa19b3f4d8d189b42589e27bf11
+ARG TERRAFORM_VALIDATOR_RELEASE=2020-03-05
 
 ENV ENV_TERRAFORM_VERSION=$TERRAFORM_VERSION
 ENV ENV_TERRAFORM_VERSION_SHA256SUM=$TERRAFORM_VERSION_SHA256SUM
+ENV ENV_TERRAFORM_VALIDATOR_RELEASE=$TERRAFORM_VALIDATOR_RELEASE
 
 RUN apt-get update && \
    /builder/google-cloud-sdk/bin/gcloud -q components install alpha beta && \
-    apt-get -y install curl jq unzip ca-certificates && \
+    apt-get -y install curl jq unzip git ca-certificates && \
     curl https://releases.hashicorp.com/terraform/${ENV_TERRAFORM_VERSION}/terraform_${ENV_TERRAFORM_VERSION}_linux_amd64.zip \
       > terraform_linux_amd64.zip && \
     echo "${ENV_TERRAFORM_VERSION_SHA256SUM} terraform_linux_amd64.zip" > terraform_SHA256SUMS && \
     sha256sum -c terraform_SHA256SUMS --status && \
     unzip terraform_linux_amd64.zip -d /builder/terraform && \
     rm -f terraform_linux_amd64.zip && \
+    gsutil cp gs://terraform-validator/releases/${ENV_TERRAFORM_VALIDATOR_RELEASE}/terraform-validator-linux-amd64 /builder/terraform/terraform-validator && \
+    chmod +x /builder/terraform/terraform-validator && \
     apt-get remove --purge -y curl unzip && \
     apt-get --purge -y autoremove && \
     apt-get clean && \

diff --git a/modules/cloudbuild/cloudbuild_builder/cloudbuild.yaml b/modules/cloudbuild/cloudbuild_builder/cloudbuild.yaml
@@ -21,11 +21,13 @@ steps:
     '--tag=gcr.io/${PROJECT_ID}/terraform',
     '--build-arg=TERRAFORM_VERSION=${_TERRAFORM_VERSION}',
     '--build-arg=TERRAFORM_VERSION_SHA256SUM=${_TERRAFORM_VERSION_SHA256SUM}',
+    '--build-arg=TERRAFORM_VALIDATOR_RELEASE=${_TERRAFORM_VALIDATOR_RELEASE}',
     '.'
     ]
 - name: 'gcr.io/${PROJECT_ID}/terraform'
   args: ['version']
 substitutions:
   _TERRAFORM_VERSION: '0.12.24' # default value
   _TERRAFORM_VERSION_SHA256SUM: '602d2529aafdaa0f605c06adb7c72cfb585d8aa19b3f4d8d189b42589e27bf11' # default value
+  _TERRAFORM_VALIDATOR_RELEASE: '2020-03-05'
 images: ['gcr.io/${PROJECT_ID}/terraform']
diff --git a/modules/cloudbuild/main.tf b/modules/cloudbuild/main.tf
@@ -241,7 +241,7 @@ resource "null_resource" "cloudbuild_terraform_builder" {
       gcloud builds submit ${path.module}/cloudbuild_builder/ \
       --project ${module.cloudbuild_project.project_id} \
       --config=${path.module}/cloudbuild_builder/cloudbuild.yaml \
-      --substitutions=_TERRAFORM_VERSION=${var.terraform_version},_TERRAFORM_VERSION_SHA256SUM=${var.terraform_version_sha256sum}
+      --substitutions=_TERRAFORM_VERSION=${var.terraform_version},_TERRAFORM_VERSION_SHA256SUM=${var.terraform_version_sha256sum},_TERRAFORM_VALIDATOR_RELEASE=${var.terraform_validator_release}
   EOT
   }
   depends_on = [

diff --git a/modules/cloudbuild/variables.tf b/modules/cloudbuild/variables.tf
@@ -131,6 +131,12 @@ variable "terraform_version_sha256sum" {
   default     = "602d2529aafdaa0f605c06adb7c72cfb585d8aa19b3f4d8d189b42589e27bf11"
 }
 
+variable "terraform_validator_release" {
+  description = "Default terraform-validator release."
+  type        = string
+  default     = "2020-03-05"
+}
+
 variable "skip_gcloud_download" {
   description = "Whether to skip downloading gcloud (assumes gcloud is already available outside the module)"
   type        = bool

diff --git a/test/setup/main.tf b/test/setup/main.tf
@@ -16,7 +16,7 @@
 
 module "project" {
   source  = "terraform-google-modules/project-factory/google"
-  version = "~> 5.0"
+  version = "~> 8.0"
 
   name              = "ci-bootstrap"
   random_project_id = true

diff --git a/test/setup/versions.tf b/test/setup/versions.tf
@@ -19,9 +19,9 @@ terraform {
 }
 
 provider "google" {
-  version = "~> 2.13.0"
+  version = "~> 3.31"
 }
 
 provider "google-beta" {
-  version = "~> 2.13.0"
+  version = "~> 3.31"
 }
diff --git a/versions.tf b/versions.tf
@@ -18,7 +18,7 @@ terraform {
   required_version = "~> 0.12.6"
 
   required_providers {
-    google      = "~> 3.3"
-    google-beta = "~> 3.3"
+    google      = "~> 3.31"
+    google-beta = "~> 3.31"
   }
 }