Terraform 0.12.x

[RexBelli]

It looks like the new version of Terraform made some breaking changes to the syntax. Indeed when I tried to use this module with the new version, I quickly ran into errors I wasn't sure how to resolve.

I ran the included migration tool (I committed the results here), and am still receiving errors:

Error: Incorrect condition type

  on terraform-google-forseti/modules/server/main.tf line 252, in data "template_file" "forseti_server_config":
 252:     GROUPS_SETTINGS_DISABLE_POLLING                     = var.groups_settings_disable_polling ? "true" : "false"
    |----------------
    | var.groups_settings_disable_polling is "False"

The condition expression must be of type bool.

Are there plans to add support for the new version?

[morgante]

Yes, we do plan to add support in the coming few weeks but it will be a gradual process.

[hshin-g]

+1 to this as Cloud Shell comes with Terraform v0.12.2.

[jeffmccune]

Gary and I are working on this

Acceptance Criteria:

• [x] integration suites pass in the aaron-lane-0.12 release branch PR. (#202) into (#201) (All suites passing as of ab6afc3 Update make docker_run for 0.12.x as per comments in this thread)
• [x] README includes note about 0.12 support
• [x] README includes last release supporting 0.11
• [x] CHANGELOG staged and ready to release (Aaron has this already, though tagged Unreleased) in #202. May need one more update prior to publication of the tagged release.
• [x] Modules and providers pinned to appropriate versions for 0.12. (dependent Modules and providers are all working with Terraform 0.12.x as exercised via integration tests.)
• [ ] All changes reviewed and merged.

[jeffmccune]

Gary and I left off working in #202 (which is based on #198) trying to troubleshoot this error:

Error: Error patching router us-central1/forseti-simple-example-midge: googleapi: Error 400: Invalid value for field 'resource.nats[0].subnetworks[0].sourceIpRangesToNat': ''. The subnetwork is already configured with ALL_IP_RANGES for Nat which conflicts with the specified IpRangeToNatOption options in this Nat., invalid

  on ../../../examples/real_time_enforcer/nat.tf line 41, in resource "google_compute_router_nat" "main":
  41: resource "google_compute_router_nat" "main" {

Here's the build log location. We're sort of stumped, this may be an issue with the provider?

https://concourse.infra.cft.tips/teams/cft/pipelines/terraform-google-forseti/jobs/integration-tests/builds/519#L5d1c3fba:365

[jeffmccune]

@aaron-lane @ingwarr Gary and I are picking up working on the forseti lint test job, which is failing in ~3 ways. Once lint tests are passing we'll work on the sourceIpRangesToNat issue.

[jeffmccune]

Lint tests are green as of 6d634ac Fix make generate_docs for 0.12 in #202

Switching back to working on the integration tests.

[jeffmccune]

@aaron-lane @ingwarr kitchen verify simple-example-local is passing on my local machine as of e7cc11a Fix boolean logic error in module.server.null_resource.missing_emails for 0.12

In CI, we're still getting the The subnetwork is already configured with ALL_IP_RANGES error. See this line in Build 529.

In CI, the following are passing in build 529:

• run-tests-real-time-enforcer
• run-tests-real-time-enforcer-roles
• run-tests-real-time-enforcer-sinks

See the capture of the output of kitchen verify simple-example-local to inform the 0.12.x release.

https://gist.github.com/jeffmccune/508d3c06d145a4a723290b25257bcba5

[aaron-lane]

Great! Let's verify shared-vpc-local works locally and we can wrap this up.

[jeffmccune]

@aaron-lane I verified shared-vpc-local as of ab6afc3 Update make docker_run for 0.12.x, results at https://gist.github.com/jeffmccune/c2d12dca8f80c7f0eff2af06e6e96f93