diff --git a/mmv1/products/gkehub/api.yaml b/mmv1/products/gkehub/api.yaml new file mode 100644 index 000000000000..1eda47cf9db9 --- /dev/null +++ b/mmv1/products/gkehub/api.yaml @@ -0,0 +1,117 @@ +# Copyright 2020 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: GKEHub +display_name: GKEHub +versions: + - !ruby/object:Api::Product::Version + name: beta + base_url: https://gkehub.googleapis.com/v1beta1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: GKEHub API + url: https://console.cloud.google.com/apis/library/gkehub.googleapis.com +objects: + - !ruby/object:Api::Resource + min_version: beta + name: 'Membership' + base_url: "projects/{{project}}/locations/global/memberships" + create_url: "projects/{{project}}/locations/global/memberships?membershipId={{membership_id}}" + update_url: "projects/{{project}}/locations/global/memberships/{{membership_id}}" + self_link: "{{name}}" + update_verb: :PATCH + update_mask: true + description: | + Membership contains information about a member cluster. + references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Registering a Cluster': + 'https://cloud.google.com/anthos/multicluster-management/connect/registering-a-cluster#register_cluster' + api: 'https://cloud.google.com/gkehub/docs/reference/rest/v1beta1/projects.locations.memberships' + async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + kind: 'gkehub#operation' + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: 'true' + allowed: + - 'true' + - 'false' + error: !ruby/object:Api::OpAsync::Error + path: 'error/errors' + message: 'message' + + properties: + - !ruby/object:Api::Type::String + name: 'membershipId' + description: | + The client-provided identifier of the membership. + required: true + input: true + url_param_only: true + - !ruby/object:Api::Type::String + name: 'name' + output: true + description: | + The unique identifier of the membership. + - !ruby/object:Api::Type::String + name: 'description' + description: | + The name of this entity type to be displayed on the console. + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + Labels to apply to this membership. + - !ruby/object:Api::Type::NestedObject + name: 'endpoint' + input: true + description: | + If this Membership is a Kubernetes API server hosted on GKE, this is a self link to its GCP resource. + properties: + - !ruby/object:Api::Type::NestedObject + name: 'gkeCluster' + input: true + description: | + If this Membership is a Kubernetes API server hosted on GKE, this is a self link to its GCP resource. + properties: + - !ruby/object:Api::Type::String + name: 'resourceLink' + description: | + Self-link of the GCP resource for the GKE cluster. + For example: `//container.googleapis.com/projects/my-project/zones/us-west1-a/clusters/my-cluster`. + It can be at the most 1000 characters in length. If the cluster is provisioned with Terraform, + this is `"//container.googleapis.com/${google_container_cluster.my-cluster.id}"`. + input: true + required: true + - !ruby/object:Api::Type::NestedObject + name: 'authority' + description: | + Authority encodes how Google will recognize identities from this Membership. + See the workload identity documentation for more details: + https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity + properties: + - !ruby/object:Api::Type::String + name: 'issuer' + required: true + description: | + A JSON Web Token (JWT) issuer URI. `issuer` must start with `https://` and // be a valid + with length <2000 characters. diff --git a/mmv1/products/gkehub/terraform.yaml b/mmv1/products/gkehub/terraform.yaml new file mode 100644 index 000000000000..e10b08273d26 --- /dev/null +++ b/mmv1/products/gkehub/terraform.yaml @@ -0,0 +1,44 @@ +# Copyright 2020 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Provider::Terraform::Config +overrides: !ruby/object:Overrides::ResourceOverrides + Membership: !ruby/object:Overrides::Terraform::ResourceOverride + autogen_async: true + examples: + - !ruby/object:Provider::Terraform::Examples + min_version: beta + name: "gkehub_membership_basic" + primary_resource_id: "basic_membership" + vars: + name: "basic" + cluster_name: "basiccluster" + - !ruby/object:Provider::Terraform::Examples + min_version: beta + name: "gkehub_membership_issuer" + primary_resource_id: "issuer_membership" + vars: + name: "basic" + cluster_name: "basiccluster" + test_env_vars: + project: :PROJECT_NAME + # Skip sweeper gen since this is a child resource. + skip_sweeper: true + id_format: "{{name}}" + import_format: ["{{name}}"] +# This is for copying files over +files: !ruby/object:Provider::Config::Files + # These files have templating (ERB) code that will be run. + # This is usually to add licensing info, autogeneration notices, etc. + compile: +<%= lines(indent(compile('provider/terraform/product~compile.yaml'), 4)) -%> diff --git a/mmv1/templates/terraform/examples/gkehub_membership_basic.tf.erb b/mmv1/templates/terraform/examples/gkehub_membership_basic.tf.erb new file mode 100644 index 000000000000..2ee93dda95d1 --- /dev/null +++ b/mmv1/templates/terraform/examples/gkehub_membership_basic.tf.erb @@ -0,0 +1,17 @@ +resource "google_container_cluster" "primary" { + name = "<%= ctx[:vars]['cluster_name'] %>" + location = "us-central1-a" + initial_node_count = 1 + provider = google-beta +} + +resource "google_gke_hub_membership" "membership" { + membership_id = "<%= ctx[:vars]['name'] %>" + endpoint { + gke_cluster { + resource_link = "//container.googleapis.com/${google_container_cluster.primary.id}" + } + } + description = "test resource." + provider = google-beta +} diff --git a/mmv1/templates/terraform/examples/gkehub_membership_issuer.tf.erb b/mmv1/templates/terraform/examples/gkehub_membership_issuer.tf.erb new file mode 100644 index 000000000000..0a203a5c2cfa --- /dev/null +++ b/mmv1/templates/terraform/examples/gkehub_membership_issuer.tf.erb @@ -0,0 +1,23 @@ +resource "google_container_cluster" "primary" { + name = "<%= ctx[:vars]['cluster_name'] %>" + location = "us-central1-a" + initial_node_count = 1 + workload_identity_config { + identity_namespace = "<%= ctx[:test_env_vars]['project'] %>.svc.id.goog" + } + provider = google-beta +} + +resource "google_gke_hub_membership" "membership" { + membership_id = "<%= ctx[:vars]['name'] %>" + endpoint { + gke_cluster { + resource_link = "//container.googleapis.com/${google_container_cluster.primary.id}" + } + } + authority { + issuer = "https://container.googleapis.com/v1/${google_container_cluster.primary.id}" + } + description = "test resource." + provider = google-beta +}