Move root Terraform files to ./autogen/ directory, and set up submodule structure

Makefile

@@ -24,7 +24,7 @@ DOCKER_TAG_KITCHEN_TERRAFORM ?= ${DOCKER_TAG_BASE_KITCHEN_TERRAFORM}
 DOCKER_IMAGE_KITCHEN_TERRAFORM := cft/kitchen-terraform_terraform-google-kubernetes-engine
 
 # All is the first target in the file so it will get picked up when you just run 'make' on its own
-all: check_shell check_python check_golang check_terraform check_docker check_base_files test_check_headers check_headers check_trailing_whitespace generate_docs
+all: check_shell check_python check_golang check_terraform check_docker check_base_files test_check_headers check_headers check_trailing_whitespace test_helpers generate_docs
 
 # The .PHONY directive tells make that this isn't a real target and so
 # the presence of a file named 'check_shell' won't cause this target to stop
@@ -71,6 +71,10 @@ check_headers:
 	@echo "Checking file headers"
 	@python test/verify_boilerplate.py
 
+.PHONY: test_helpers
+test_helpers:
+	./test/helpers/generate_modules/test_generate_modules.py
+
 # Integration tests
 .PHONY: test_integration
 test_integration:
@@ -85,6 +89,11 @@ test_integration:
 generate_docs:
 	@source test/make.sh && generate_docs
 
+.PHONY: generate
+generate:
+	@pip install -r ./helpers/generate_modules/requirements.txt
+	@./helpers/generate_modules/generate_modules.py
+
 # Versioning
 .PHONY: version
 version:

README.md

@@ -199,6 +199,8 @@ The project has the following folders and files:
 
 - /: root folder
 - /examples: examples for using this module
+- /helpers: Helper scripts
+- /modules: Specific implementations of the module (see Submodules section of this file)
 - /scripts: Scripts for specific tasks on module (see Infrastructure section on this file)
 - /test: Folders with files for testing the module (see Testing section on this file)
 - /main.tf: main file for this module, contains all the resources to create
@@ -206,6 +208,16 @@ The project has the following folders and files:
 - /output.tf: the outputs of the module
 - /readme.MD: this file
 
+## Submodules
+
+To more cleanly handle cases where desired functionality would require complex duplication of Terraform resources (i.e. [PR 51](https://github.com/terraform-google-modules/terraform-google-kubernetes-engine/pull/51)), this repository is divided into multiple submodules. To ensure backwards compatibility with the module before this change, using the root of the repository as the source of a module will default to the [./modules/public-cluster](`public-cluster`) submodule.
+
+The following submodules currently exist:
+
+- [./modules/public-cluster](`public-cluster`), which creates a GKE cluster with its nodes and endpoint publicly accessible.
+
+Submodules, and the reverse-compatible wrapper for the root of the repository, are generated by running `make generate`. When making changes to this repository, please ensure that your change is made in the [./autogen](`autogen`) directory if it is expected to propagate to all submodules.
+
 ## Testing
 
 ### Requirements

autogen/main.tf

+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/******************************************
+  Get available zones in region
+ *****************************************/
+data "google_compute_zones" "available" {
+  project = "${var.project_id}"
+  region  = "${var.region}"
+}
+
+resource "random_shuffle" "available_zones" {
+  input        = ["${data.google_compute_zones.available.names}"]
+  result_count = 3
+}
+
+locals {
+  kubernetes_version     = "${var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.region.latest_node_version}"
+  node_version           = "${var.node_version != "" ? var.node_version : local.kubernetes_version}"
+  custom_kube_dns_config = "${length(keys(var.stub_domains)) > 0 ? true : false}"
+  network_project_id     = "${var.network_project_id != "" ? var.network_project_id : var.project_id}"
+
+  cluster_type = "${var.regional ? "regional" : "zonal"}"
+
+  cluster_type_output_name = {
+    regional = "${element(concat(google_container_cluster.primary.*.name, list("")), 0)}"
+    zonal    = "${element(concat(google_container_cluster.zonal_primary.*.name, list("")), 0)}"
+  }
+
+  cluster_type_output_location = {
+    regional = "${element(concat(google_container_cluster.primary.*.region, list("")), 0)}"
+    zonal    = "${element(concat(google_container_cluster.zonal_primary.*.zone, list("")), 0)}"
+  }
+
+  cluster_type_output_region = {
+    regional = "${element(concat(google_container_cluster.primary.*.region, list("")), 0)}"
+    zonal    = "${var.region}"
+  }
+
+  cluster_type_output_regional_zones = "${concat(google_container_cluster.primary.*.additional_zones, list(list()))}"
+  cluster_type_output_zonal_zones    = "${concat(slice(var.zones,1,length(var.zones)), list(list()))}"
+
+  cluster_type_output_zones = {
+    regional = "${local.cluster_type_output_regional_zones[0]}"
+    zonal    = "${concat(google_container_cluster.zonal_primary.*.zone, local.cluster_type_output_zonal_zones[0])}"
+  }
+
+  cluster_type_output_endpoint = {
+    regional = "${element(concat(google_container_cluster.primary.*.endpoint, list("")), 0)}"
+    zonal    = "${element(concat(google_container_cluster.zonal_primary.*.endpoint, list("")), 0)}"
+  }
+
+  cluster_type_output_master_auth = {
+    regional = "${concat(google_container_cluster.primary.*.master_auth, list())}"
+    zonal    = "${concat(google_container_cluster.zonal_primary.*.master_auth, list())}"
+  }
+
+  cluster_type_output_master_version = {
+    regional = "${element(concat(google_container_cluster.primary.*.master_version, list("")), 0)}"
+    zonal    = "${element(concat(google_container_cluster.zonal_primary.*.master_version, list("")), 0)}"
+  }
+
+  cluster_type_output_min_master_version = {
+    regional = "${element(concat(google_container_cluster.primary.*.min_master_version, list("")), 0)}"
+    zonal    = "${element(concat(google_container_cluster.zonal_primary.*.min_master_version, list("")), 0)}"
+  }
+
+  cluster_type_output_logging_service = {
+    regional = "${element(concat(google_container_cluster.primary.*.logging_service, list("")), 0)}"
+    zonal    = "${element(concat(google_container_cluster.zonal_primary.*.logging_service, list("")), 0)}"
+  }
+
+  cluster_type_output_monitoring_service = {
+    regional = "${element(concat(google_container_cluster.primary.*.monitoring_service, list("")), 0)}"
+    zonal    = "${element(concat(google_container_cluster.zonal_primary.*.monitoring_service, list("")), 0)}"
+  }
+
+  cluster_type_output_network_policy_enabled = {
+    regional = "${element(concat(google_container_cluster.primary.*.addons_config.0.network_policy_config.0.disabled, list("")), 0)}"
+    zonal    = "${element(concat(google_container_cluster.zonal_primary.*.addons_config.0.network_policy_config.0.disabled, list("")), 0)}"
+  }
+
+  cluster_type_output_http_load_balancing_enabled = {
+    regional = "${element(concat(google_container_cluster.primary.*.addons_config.0.http_load_balancing.0.disabled, list("")), 0)}"
+    zonal    = "${element(concat(google_container_cluster.zonal_primary.*.addons_config.0.http_load_balancing.0.disabled, list("")), 0)}"
+  }
+
+  cluster_type_output_horizontal_pod_autoscaling_enabled = {
+    regional = "${element(concat(google_container_cluster.primary.*.addons_config.0.horizontal_pod_autoscaling.0.disabled, list("")), 0)}"
+    zonal    = "${element(concat(google_container_cluster.zonal_primary.*.addons_config.0.horizontal_pod_autoscaling.0.disabled, list("")), 0)}"
+  }
+
+  cluster_type_output_kubernetes_dashboard_enabled = {
+    regional = "${element(concat(google_container_cluster.primary.*.addons_config.0.kubernetes_dashboard.0.disabled, list("")), 0)}"
+    zonal    = "${element(concat(google_container_cluster.zonal_primary.*.addons_config.0.kubernetes_dashboard.0.disabled, list("")), 0)}"
+  }
+
+  cluster_type_output_node_pools_names = {
+    regional = "${concat(google_container_node_pool.pools.*.name, list(""))}"
+    zonal    = "${concat(google_container_node_pool.zonal_pools.*.name, list(""))}"
+  }
+
+  cluster_type_output_node_pools_versions = {
+    regional = "${concat(google_container_node_pool.pools.*.version, list(""))}"
+    zonal    = "${concat(google_container_node_pool.zonal_pools.*.version, list(""))}"
+  }
+
+  cluster_master_auth_list_layer1 = "${local.cluster_type_output_master_auth[local.cluster_type]}"
+  cluster_master_auth_list_layer2 = "${local.cluster_master_auth_list_layer1[0]}"
+  cluster_master_auth_map         = "${local.cluster_master_auth_list_layer2[0]}"
+
+  # cluster locals
+  cluster_name                = "${local.cluster_type_output_name[local.cluster_type]}"
+  cluster_location            = "${local.cluster_type_output_location[local.cluster_type]}"
+  cluster_region              = "${local.cluster_type_output_region[local.cluster_type]}"
+  cluster_zones               = "${sort(local.cluster_type_output_zones[local.cluster_type])}"
+  cluster_endpoint            = "${local.cluster_type_output_endpoint[local.cluster_type]}"
+  cluster_ca_certificate      = "${lookup(local.cluster_master_auth_map, "cluster_ca_certificate")}"
+  cluster_master_version      = "${local.cluster_type_output_master_version[local.cluster_type]}"
+  cluster_min_master_version  = "${local.cluster_type_output_min_master_version[local.cluster_type]}"
+  cluster_logging_service     = "${local.cluster_type_output_logging_service[local.cluster_type]}"
+  cluster_monitoring_service  = "${local.cluster_type_output_monitoring_service[local.cluster_type]}"
+  cluster_node_pools_names    = "${local.cluster_type_output_node_pools_names[local.cluster_type]}"
+  cluster_node_pools_versions = "${local.cluster_type_output_node_pools_versions[local.cluster_type]}"
+
+  cluster_network_policy_enabled             = "${local.cluster_type_output_network_policy_enabled[local.cluster_type] ? false : true}"
+  cluster_http_load_balancing_enabled        = "${local.cluster_type_output_http_load_balancing_enabled[local.cluster_type] ? false : true}"
+  cluster_horizontal_pod_autoscaling_enabled = "${local.cluster_type_output_horizontal_pod_autoscaling_enabled[local.cluster_type] ? false : true}"
+  cluster_kubernetes_dashboard_enabled       = "${local.cluster_type_output_kubernetes_dashboard_enabled[local.cluster_type] ? false : true}"
+}
+
+/******************************************
+  Get available container engine versions
+ *****************************************/
+data "google_container_engine_versions" "region" {
+  zone    = "${data.google_compute_zones.available.names[0]}"
+  project = "${var.project_id}"
+}

autogen/outputs.tf

+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "name" {
+  description = "Cluster name"
+  value       = "${local.cluster_name}"
+}
+
+output "type" {
+  description = "Cluster type (regional / zonal)"
+  value       = "${local.cluster_type}"
+}
+
+output "location" {
+  description = "Cluster location (region if regional cluster, zone if zonal cluster)"
+  value       = "${local.cluster_location}"
+}
+
+output "region" {
+  description = "Cluster region"
+  value       = "${local.cluster_region}"
+}
+
+output "zones" {
+  description = "List of zones in which the cluster resides"
+  value       = "${local.cluster_zones}"
+}
+
+output "endpoint" {
+  sensitive   = true
+  description = "Cluster endpoint"
+  value       = "${local.cluster_endpoint}"
+}
+
+output "min_master_version" {
+  description = "Minimum master kubernetes version"
+  value       = "${local.cluster_min_master_version}"
+}
+
+output "logging_service" {
+  description = "Logging service used"
+  value       = "${local.cluster_logging_service}"
+}
+
+output "monitoring_service" {
+  description = "Monitoring service used"
+  value       = "${local.cluster_monitoring_service}"
+}
+
+output "master_authorized_networks_config" {
+  description = "Networks from which access to master is permitted"
+  value       = "${var.master_authorized_networks_config}"
+}
+
+output "master_version" {
+  description = "Current master kubernetes version"
+  value       = "${local.cluster_master_version}"
+}
+
+output "ca_certificate" {
+  sensitive   = true
+  description = "Cluster ca certificate (base64 encoded)"
+  value       = "${local.cluster_ca_certificate}"
+}
+
+output "network_policy_enabled" {
+  description = "Whether network policy enabled"
+  value       = "${local.cluster_network_policy_enabled}"
+}
+
+output "http_load_balancing_enabled" {
+  description = "Whether http load balancing enabled"
+  value       = "${local.cluster_http_load_balancing_enabled}"
+}
+
+output "horizontal_pod_autoscaling_enabled" {
+  description = "Whether horizontal pod autoscaling enabled"
+  value       = "${local.cluster_horizontal_pod_autoscaling_enabled}"
+}
+
+output "kubernetes_dashboard_enabled" {
+  description = "Whether kubernetes dashboard enabled"
+  value       = "${local.cluster_kubernetes_dashboard_enabled}"
+}
+
+output "node_pools_names" {
+  description = "List of node pools names"
+  value       = "${local.cluster_node_pools_names}"
+}
+
+output "node_pools_versions" {
+  description = "List of node pools versions"
+  value       = "${local.cluster_node_pools_versions}"
+}

autogen/variables.tf

+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "project_id" {
+  description = "The project ID to host the cluster in (required)"
+}
+
+variable "name" {
+  description = "The name of the cluster (required)"
+}
+
+variable "description" {
+  description = "The description of the cluster"
+  default     = ""
+}
+
+variable "regional" {
+  description = "Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!)"
+  default     = true
+}
+
+variable "region" {
+  description = "The region to host the cluster in (required)"
+}
+
+variable "zones" {
+  type        = "list"
+  description = "The zones to host the cluster in (optional if regional cluster / required if zonal)"
+  default     = [""]
+}
+
+variable "network" {
+  description = "The VPC network to host the cluster in (required)"
+}
+
+variable "network_project_id" {
+  description = "The project ID of the shared VPC's host (for shared vpc support)"
+  default     = ""
+}
+
+variable "subnetwork" {
+  description = "The subnetwork to host the cluster in (required)"
+}
+
+variable "kubernetes_version" {
+  description = "The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region."
+  default     = "latest"
+}
+
+variable "node_version" {
+  description = "The Kubernetes version of the node pools. Defaults kubernetes_version (master) variable and can be overridden for individual node pools by setting the `version` key on them. Must be empyty or set the same as master at cluster creation."
+  default     = ""
+}
+
+variable "master_authorized_networks_config" {
+  type = "list"
+
+  description = <<EOF
+  The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists)
+
+  ### example format ###
+  master_authorized_networks_config = [{
+    cidr_blocks = [{
+      cidr_block   = "10.0.0.0/8"
+      display_name = "example_network"
+    }],
+  }]
+
+  EOF
+
+  default = []
+}
+
+variable "horizontal_pod_autoscaling" {
+  description = "Enable horizontal pod autoscaling addon"
+  default     = true
+}
+
+variable "http_load_balancing" {
+  description = "Enable httpload balancer addon"
+  default     = true
+}
+
+variable "kubernetes_dashboard" {
+  description = "Enable kubernetes dashboard addon"
+  default     = false
+}
+
+variable "network_policy" {
+  description = "Enable network policy addon"
+  default     = false
+}
+
+variable "maintenance_start_time" {
+  description = "Time window specified for daily maintenance operations in RFC3339 format"
+  default     = "05:00"
+}
+
+variable "ip_range_pods" {
+  description = "The secondary ip range to use for pods"
+}
+
+variable "ip_range_services" {
+  description = "The secondary ip range to use for pods"
+}
+
+variable "remove_default_node_pool" {
+  description = "Remove default node pool while setting up the cluster"
+  default     = false
+}
+
+variable "node_pools" {
+  type        = "list"
+  description = "List of maps containing node pools"
+
+  default = [
+    {
+      name = "default-node-pool"
+    },
+  ]
+}
+
+variable "node_pools_labels" {
+  type        = "map"
+  description = "Map of maps containing node labels by node-pool name"
+
+  default = {
+    all               = {}
+    default-node-pool = {}
+  }
+}
+
+variable "node_pools_metadata" {
+  type        = "map"
+  description = "Map of maps containing node metadata by node-pool name"
+
+  default = {
+    all               = {}
+    default-node-pool = {}
+  }
+}
+
+variable "node_pools_taints" {
+  type        = "map"
+  description = "Map of lists containing node taints by node-pool name"
+
+  default = {
+    all               = []
+    default-node-pool = []
+  }
+}
+
+variable "node_pools_tags" {
+  type        = "map"
+  description = "Map of lists containing node network tags by node-pool name"
+
+  default = {
+    all               = []
+    default-node-pool = []
+  }
+}
+
+variable "stub_domains" {
+  type        = "map"
+  description = "Map of stub domains and their resolvers to forward DNS queries for a certain domain to an external DNS server"
+  default     = {}
+}
+
+variable "non_masquerade_cidrs" {
+  type        = "list"
+  description = "List of strings in CIDR notation that specify the IP address ranges that do not use IP masquerading."
+  default     = ["10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"]
+}
+
+variable "ip_masq_resync_interval" {
+  description = "The interval at which the agent attempts to sync its ConfigMap file from the disk."
+  default     = "60s"
+}
+
+variable "ip_masq_link_local" {
+  description = "Whether to masquerade traffic to the link-local prefix (169.254.0.0/16)."
+  default     = "false"
+}
+
+variable "logging_service" {
+  description = "The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none"
+  default     = "logging.googleapis.com"
+}
+
+variable "monitoring_service" {
+  description = "The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none"
+  default     = "monitoring.googleapis.com"
+}
+
+variable "service_account" {
+  description = "The service account to default running nodes as if not overridden in `node_pools`. Defaults to the compute engine default service account"
+  default     = ""
+}

helpers/generate_modules/generate_modules.py

+#!/usr/bin/env python
+
+# Copyright 2018 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import os
+import shutil
+import subprocess
+import sys
+import hcl
+
+
+def boilerplate():
+    """
+    Generate common boilerplate for a Terraform file.
+
+    Returns:
+        str: The evaluated boilerplate.
+    """
+    with open("./test/boilerplate/boilerplate.tf.txt") as fh:
+        buf = fh.read()
+        buf += "\n\n"
+        buf += "// File autogenerated by " + \
+            "`helpers/generate_modules/generate_module.py`\n"
+        return buf
+
+
+def root_main_tf(variables):
+    """
+    Generate the root level `main.tf`.
+
+    Args:
+        variables ([str]): A list of variables to pass from the root module
+            to the `public-cluster` module.
+
+
+    Returns:
+        str: The contents of the file `main.tf`.
+    """
+
+    buf = boilerplate()
+    buf += """
+
+module "kubernetes-engine" {
+  source = "modules/public-cluster"
+
+"""
+    for name in sorted(variables):
+        buf += '{name} = "${{var.{name}}}"\n'.format(
+            name=name
+        )
+    buf += "}\n"
+
+    return buf
+
+
+def root_outputs_tf(outputs):
+    """
+    Generate the root level `outputs.tf`.
+
+    Args:
+        outputs (map[str, map[str, str]]): A map of parsed outputs to emit from
+            the `public-cluster` module to the root module.
+
+
+    Returns:
+        str: The contents of the file `outputs.tf`.
+    """
+
+    buf = boilerplate()
+
+    buf += "\n\n"
+    for name in sorted(outputs):
+        desc = outputs[name].get("description", None)
+
+        buf += 'output "{name}" {{\n'.format(
+            name=name
+        )
+        buf += 'value = "${{module.kubernetes-engine.{name}}}"\n'.format(
+            name=name
+        )
+
+        if desc:
+            buf += 'description = "{desc}"\n'.format(
+                desc=desc
+            )
+
+        buf += "}\n"
+
+    return buf
+
+
+def _copy_recursively(src, dest):
+    for node in os.listdir(src):
+        src_path = os.path.join(src, node)
+        dest_path = os.path.join(dest, node)
+        if os.path.isdir(src_path):
+            if not os.path.exists(dest_path):
+                os.mkdir(dest_path)
+            _copy_recursively(src_path, dest_path)
+        elif os.path.isfile(src_path):
+            shutil.copyfile(src_path, dest_path)
+
+
+def create_submodules():
+    # Read `modules/*` for directories
+    # For every directory, copy all files in `autogen/` there.
+    modules = next(os.walk("./modules"))[1]
+    for module in modules:
+        dest_folder = os.path.join("./modules", module)
+        _copy_recursively("./autogen", dest_folder)
+
+
+def create_root_module_wrapper():
+    with open("./modules/public-cluster/variables.tf") as fh:
+        variables_text = fh.read()
+        variables = hcl.loads(variables_text)['variable']
+
+    with open("./modules/public-cluster/outputs.tf") as fh:
+        outputs = hcl.loads(fh.read())['output']
+
+    with open("./variables.tf", "w") as fh:
+        fh.write(variables_text)
+
+    with open("./main.tf", "w") as fh:
+        fh.write(root_main_tf(variables))
+
+    with open("./outputs.tf", "w") as fh:
+        fh.write(root_outputs_tf(outputs))
+
+
+def main(argv):
+    create_submodules()
+    create_root_module_wrapper()
+
+    subprocess.call(["terraform", "fmt"])
+
+
+if __name__ == "__main__":
+    main(sys.argv)

helpers/generate_modules/requirements.txt

+pyhcl==0.3.10

main.tf

@@ -14,138 +14,41 @@
  * limitations under the License.
  */
 
-/******************************************
-  Get available zones in region
- *****************************************/
-data "google_compute_zones" "available" {
-  project = "${var.project_id}"
-  region  = "${var.region}"
-}
-
-resource "random_shuffle" "available_zones" {
-  input        = ["${data.google_compute_zones.available.names}"]
-  result_count = 3
-}
-
-locals {
-  kubernetes_version     = "${var.kubernetes_version != "latest" ? var.kubernetes_version : data.google_container_engine_versions.region.latest_node_version}"
-  node_version           = "${var.node_version != "" ? var.node_version : local.kubernetes_version}"
-  custom_kube_dns_config = "${length(keys(var.stub_domains)) > 0 ? true : false}"
-  network_project_id     = "${var.network_project_id != "" ? var.network_project_id : var.project_id}"
-
-  cluster_type = "${var.regional ? "regional" : "zonal"}"
-
-  cluster_type_output_name = {
-    regional = "${element(concat(google_container_cluster.primary.*.name, list("")), 0)}"
-    zonal    = "${element(concat(google_container_cluster.zonal_primary.*.name, list("")), 0)}"
-  }
-
-  cluster_type_output_location = {
-    regional = "${element(concat(google_container_cluster.primary.*.region, list("")), 0)}"
-    zonal    = "${element(concat(google_container_cluster.zonal_primary.*.zone, list("")), 0)}"
-  }
-
-  cluster_type_output_region = {
-    regional = "${element(concat(google_container_cluster.primary.*.region, list("")), 0)}"
-    zonal    = "${var.region}"
-  }
-
-  cluster_type_output_regional_zones = "${concat(google_container_cluster.primary.*.additional_zones, list(list()))}"
-  cluster_type_output_zonal_zones    = "${concat(slice(var.zones,1,length(var.zones)), list(list()))}"
-
-  cluster_type_output_zones = {
-    regional = "${local.cluster_type_output_regional_zones[0]}"
-    zonal    = "${concat(google_container_cluster.zonal_primary.*.zone, local.cluster_type_output_zonal_zones[0])}"
-  }
-
-  cluster_type_output_endpoint = {
-    regional = "${element(concat(google_container_cluster.primary.*.endpoint, list("")), 0)}"
-    zonal    = "${element(concat(google_container_cluster.zonal_primary.*.endpoint, list("")), 0)}"
-  }
-
-  cluster_type_output_master_auth = {
-    regional = "${concat(google_container_cluster.primary.*.master_auth, list())}"
-    zonal    = "${concat(google_container_cluster.zonal_primary.*.master_auth, list())}"
-  }
-
-  cluster_type_output_master_version = {
-    regional = "${element(concat(google_container_cluster.primary.*.master_version, list("")), 0)}"
-    zonal    = "${element(concat(google_container_cluster.zonal_primary.*.master_version, list("")), 0)}"
-  }
-
-  cluster_type_output_min_master_version = {
-    regional = "${element(concat(google_container_cluster.primary.*.min_master_version, list("")), 0)}"
-    zonal    = "${element(concat(google_container_cluster.zonal_primary.*.min_master_version, list("")), 0)}"
-  }
-
-  cluster_type_output_logging_service = {
-    regional = "${element(concat(google_container_cluster.primary.*.logging_service, list("")), 0)}"
-    zonal    = "${element(concat(google_container_cluster.zonal_primary.*.logging_service, list("")), 0)}"
-  }
-
-  cluster_type_output_monitoring_service = {
-    regional = "${element(concat(google_container_cluster.primary.*.monitoring_service, list("")), 0)}"
-    zonal    = "${element(concat(google_container_cluster.zonal_primary.*.monitoring_service, list("")), 0)}"
-  }
-
-  cluster_type_output_network_policy_enabled = {
-    regional = "${element(concat(google_container_cluster.primary.*.addons_config.0.network_policy_config.0.disabled, list("")), 0)}"
-    zonal    = "${element(concat(google_container_cluster.zonal_primary.*.addons_config.0.network_policy_config.0.disabled, list("")), 0)}"
-  }
-
-  cluster_type_output_http_load_balancing_enabled = {
-    regional = "${element(concat(google_container_cluster.primary.*.addons_config.0.http_load_balancing.0.disabled, list("")), 0)}"
-    zonal    = "${element(concat(google_container_cluster.zonal_primary.*.addons_config.0.http_load_balancing.0.disabled, list("")), 0)}"
-  }
-
-  cluster_type_output_horizontal_pod_autoscaling_enabled = {
-    regional = "${element(concat(google_container_cluster.primary.*.addons_config.0.horizontal_pod_autoscaling.0.disabled, list("")), 0)}"
-    zonal    = "${element(concat(google_container_cluster.zonal_primary.*.addons_config.0.horizontal_pod_autoscaling.0.disabled, list("")), 0)}"
-  }
-
-  cluster_type_output_kubernetes_dashboard_enabled = {
-    regional = "${element(concat(google_container_cluster.primary.*.addons_config.0.kubernetes_dashboard.0.disabled, list("")), 0)}"
-    zonal    = "${element(concat(google_container_cluster.zonal_primary.*.addons_config.0.kubernetes_dashboard.0.disabled, list("")), 0)}"
-  }
-
-  cluster_type_output_node_pools_names = {
-    regional = "${concat(google_container_node_pool.pools.*.name, list(""))}"
-    zonal    = "${concat(google_container_node_pool.zonal_pools.*.name, list(""))}"
-  }
-
-  cluster_type_output_node_pools_versions = {
-    regional = "${concat(google_container_node_pool.pools.*.version, list(""))}"
-    zonal    = "${concat(google_container_node_pool.zonal_pools.*.version, list(""))}"
-  }
-
-  cluster_master_auth_list_layer1 = "${local.cluster_type_output_master_auth[local.cluster_type]}"
-  cluster_master_auth_list_layer2 = "${local.cluster_master_auth_list_layer1[0]}"
-  cluster_master_auth_map         = "${local.cluster_master_auth_list_layer2[0]}"
-
-  # cluster locals
-  cluster_name                = "${local.cluster_type_output_name[local.cluster_type]}"
-  cluster_location            = "${local.cluster_type_output_location[local.cluster_type]}"
-  cluster_region              = "${local.cluster_type_output_region[local.cluster_type]}"
-  cluster_zones               = "${sort(local.cluster_type_output_zones[local.cluster_type])}"
-  cluster_endpoint            = "${local.cluster_type_output_endpoint[local.cluster_type]}"
-  cluster_ca_certificate      = "${lookup(local.cluster_master_auth_map, "cluster_ca_certificate")}"
-  cluster_master_version      = "${local.cluster_type_output_master_version[local.cluster_type]}"
-  cluster_min_master_version  = "${local.cluster_type_output_min_master_version[local.cluster_type]}"
-  cluster_logging_service     = "${local.cluster_type_output_logging_service[local.cluster_type]}"
-  cluster_monitoring_service  = "${local.cluster_type_output_monitoring_service[local.cluster_type]}"
-  cluster_node_pools_names    = "${local.cluster_type_output_node_pools_names[local.cluster_type]}"
-  cluster_node_pools_versions = "${local.cluster_type_output_node_pools_versions[local.cluster_type]}"
-
-  cluster_network_policy_enabled             = "${local.cluster_type_output_network_policy_enabled[local.cluster_type] ? false : true}"
-  cluster_http_load_balancing_enabled        = "${local.cluster_type_output_http_load_balancing_enabled[local.cluster_type] ? false : true}"
-  cluster_horizontal_pod_autoscaling_enabled = "${local.cluster_type_output_horizontal_pod_autoscaling_enabled[local.cluster_type] ? false : true}"
-  cluster_kubernetes_dashboard_enabled       = "${local.cluster_type_output_kubernetes_dashboard_enabled[local.cluster_type] ? false : true}"
-}
-
-/******************************************
-  Get available container engine versions
- *****************************************/
-data "google_container_engine_versions" "region" {
-  zone    = "${data.google_compute_zones.available.names[0]}"
-  project = "${var.project_id}"
+// File autogenerated by `helpers/generate_modules/generate_module.py`
+
+module "kubernetes-engine" {
+  source = "modules/public-cluster"
+
+  description                       = "${var.description}"
+  horizontal_pod_autoscaling        = "${var.horizontal_pod_autoscaling}"
+  http_load_balancing               = "${var.http_load_balancing}"
+  ip_masq_link_local                = "${var.ip_masq_link_local}"
+  ip_masq_resync_interval           = "${var.ip_masq_resync_interval}"
+  ip_range_pods                     = "${var.ip_range_pods}"
+  ip_range_services                 = "${var.ip_range_services}"
+  kubernetes_dashboard              = "${var.kubernetes_dashboard}"
+  kubernetes_version                = "${var.kubernetes_version}"
+  logging_service                   = "${var.logging_service}"
+  maintenance_start_time            = "${var.maintenance_start_time}"
+  master_authorized_networks_config = "${var.master_authorized_networks_config}"
+  monitoring_service                = "${var.monitoring_service}"
+  name                              = "${var.name}"
+  network                           = "${var.network}"
+  network_policy                    = "${var.network_policy}"
+  network_project_id                = "${var.network_project_id}"
+  node_pools                        = "${var.node_pools}"
+  node_pools_labels                 = "${var.node_pools_labels}"
+  node_pools_metadata               = "${var.node_pools_metadata}"
+  node_pools_tags                   = "${var.node_pools_tags}"
+  node_pools_taints                 = "${var.node_pools_taints}"
+  node_version                      = "${var.node_version}"
+  non_masquerade_cidrs              = "${var.non_masquerade_cidrs}"
+  project_id                        = "${var.project_id}"
+  region                            = "${var.region}"
+  regional                          = "${var.regional}"
+  remove_default_node_pool          = "${var.remove_default_node_pool}"
+  service_account                   = "${var.service_account}"
+  stub_domains                      = "${var.stub_domains}"
+  subnetwork                        = "${var.subnetwork}"
+  zones                             = "${var.zones}"
 }

modules/public-cluster/auth.tf

+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/******************************************
+  Retrieve authentication token
+ *****************************************/
+data "google_client_config" "default" {}
+
+/******************************************
+  Configure provider
+ *****************************************/
+provider "kubernetes" {
+  load_config_file       = false
+  host                   = "https://${local.cluster_endpoint}"
+  token                  = "${data.google_client_config.default.access_token}"
+  cluster_ca_certificate = "${base64decode(local.cluster_ca_certificate)}"
+}

modules/public-cluster/cluster_regional.tf

+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/******************************************
+  Create regional cluster
+ *****************************************/
+resource "google_container_cluster" "primary" {
+  count       = "${var.regional ? 1 : 0}"
+  name        = "${var.name}"
+  description = "${var.description}"
+  project     = "${var.project_id}"
+
+  region           = "${var.region}"
+  additional_zones = ["${coalescelist(compact(var.zones), sort(random_shuffle.available_zones.result))}"]
+
+  network            = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}"
+  subnetwork         = "${replace(data.google_compute_subnetwork.gke_subnetwork.self_link, "https://www.googleapis.com/compute/v1/", "")}"
+  min_master_version = "${local.kubernetes_version}"
+
+  logging_service    = "${var.logging_service}"
+  monitoring_service = "${var.monitoring_service}"
+
+  master_authorized_networks_config = "${var.master_authorized_networks_config}"
+
+  addons_config {
+    http_load_balancing {
+      disabled = "${var.http_load_balancing ? 0 : 1}"
+    }
+
+    horizontal_pod_autoscaling {
+      disabled = "${var.horizontal_pod_autoscaling ? 0 : 1}"
+    }
+
+    kubernetes_dashboard {
+      disabled = "${var.kubernetes_dashboard ? 0 : 1}"
+    }
+
+    network_policy_config {
+      disabled = "${var.network_policy ? 0 : 1}"
+    }
+  }
+
+  ip_allocation_policy {
+    cluster_secondary_range_name  = "${var.ip_range_pods}"
+    services_secondary_range_name = "${var.ip_range_services}"
+  }
+
+  maintenance_policy {
+    daily_maintenance_window {
+      start_time = "${var.maintenance_start_time}"
+    }
+  }
+
+  lifecycle {
+    ignore_changes = ["node_pool"]
+  }
+
+  timeouts {
+    create = "30m"
+    update = "30m"
+    delete = "30m"
+  }
+
+  node_pool {
+    name = "default-pool"
+
+    node_config {
+      service_account = "${lookup(var.node_pools[0], "service_account", var.service_account)}"
+    }
+  }
+
+  remove_default_node_pool = "${var.remove_default_node_pool}"
+}
+
+/******************************************
+  Create regional node pools
+ *****************************************/
+resource "google_container_node_pool" "pools" {
+  count              = "${var.regional ? length(var.node_pools) : 0}"
+  name               = "${lookup(var.node_pools[count.index], "name")}"
+  project            = "${var.project_id}"
+  region             = "${var.region}"
+  cluster            = "${var.name}"
+  version            = "${lookup(var.node_pools[count.index], "auto_upgrade", false) ? "" : lookup(var.node_pools[count.index], "version", local.node_version)}"
+  initial_node_count = "${lookup(var.node_pools[count.index], "min_count", 1)}"
+
+  autoscaling {
+    min_node_count = "${lookup(var.node_pools[count.index], "min_count", 1)}"
+    max_node_count = "${lookup(var.node_pools[count.index], "max_count", 100)}"
+  }
+
+  management {
+    auto_repair  = "${lookup(var.node_pools[count.index], "auto_repair", true)}"
+    auto_upgrade = "${lookup(var.node_pools[count.index], "auto_upgrade", true)}"
+  }
+
+  node_config {
+    image_type   = "${lookup(var.node_pools[count.index], "image_type", "COS")}"
+    machine_type = "${lookup(var.node_pools[count.index], "machine_type", "n1-standard-2")}"
+    labels       = "${merge(map("cluster_name", var.name), map("node_pool", lookup(var.node_pools[count.index], "name")), var.node_pools_labels["all"], var.node_pools_labels[lookup(var.node_pools[count.index], "name")])}"
+    metadata     = "${merge(map("cluster_name", var.name), map("node_pool", lookup(var.node_pools[count.index], "name")), var.node_pools_metadata["all"], var.node_pools_metadata[lookup(var.node_pools[count.index], "name")])}"
+    taint        = "${concat(var.node_pools_taints["all"], var.node_pools_taints[lookup(var.node_pools[count.index], "name")])}"
+    tags         = ["${concat(list("gke-${var.name}"), list("gke-${var.name}-${lookup(var.node_pools[count.index], "name")}"), var.node_pools_tags["all"], var.node_pools_tags[lookup(var.node_pools[count.index], "name")])}"]
+
+    disk_size_gb    = "${lookup(var.node_pools[count.index], "disk_size_gb", 100)}"
+    disk_type       = "${lookup(var.node_pools[count.index], "disk_type", "pd-standard")}"
+    service_account = "${lookup(var.node_pools[count.index], "service_account", var.service_account)}"
+    preemptible     = "${lookup(var.node_pools[count.index], "preemptible", false)}"
+
+    oauth_scopes = [
+      "https://www.googleapis.com/auth/cloud-platform",
+    ]
+  }
+
+  lifecycle {
+    ignore_changes = ["initial_node_count"]
+  }
+
+  timeouts {
+    create = "30m"
+    update = "30m"
+    delete = "30m"
+  }
+
+  depends_on = ["google_container_cluster.primary"]
+}
+
+resource "null_resource" "wait_for_regional_cluster" {
+  count = "${var.regional ? 1 : 0}"
+
+  provisioner "local-exec" {
+    command = "${path.module}/scripts/wait-for-cluster.sh ${var.project_id} ${var.name}"
+  }
+
+  provisioner "local-exec" {
+    when    = "destroy"
+    command = "${path.module}/scripts/wait-for-cluster.sh ${var.project_id} ${var.name}"
+  }
+
+  depends_on = ["google_container_cluster.primary", "google_container_node_pool.pools"]
+}

modules/public-cluster/cluster_zonal.tf

+/**
+ * Copyright 2018 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/******************************************
+  Create zonal cluster
+ *****************************************/
+resource "google_container_cluster" "zonal_primary" {
+  count       = "${var.regional ? 0 : 1}"
+  name        = "${var.name}"
+  description = "${var.description}"
+  project     = "${var.project_id}"
+
+  zone             = "${var.zones[0]}"
+  additional_zones = ["${slice(var.zones,1,length(var.zones))}"]
+
+  network            = "${replace(data.google_compute_network.gke_network.self_link, "https://www.googleapis.com/compute/v1/", "")}"
+  subnetwork         = "${replace(data.google_compute_subnetwork.gke_subnetwork.self_link, "https://www.googleapis.com/compute/v1/", "")}"
+  min_master_version = "${local.kubernetes_version}"
+
+  logging_service    = "${var.logging_service}"
+  monitoring_service = "${var.monitoring_service}"
+
+  master_authorized_networks_config = "${var.master_authorized_networks_config}"
+
+  addons_config {
+    http_load_balancing {
+      disabled = "${var.http_load_balancing ? 0 : 1}"
+    }
+
+    horizontal_pod_autoscaling {
+      disabled = "${var.horizontal_pod_autoscaling ? 0 : 1}"
+    }
+
+    kubernetes_dashboard {
+      disabled = "${var.kubernetes_dashboard ? 0 : 1}"
+    }
+
+    network_policy_config {
+      disabled = "${var.network_policy ? 0 : 1}"
+    }
+  }
+
+  ip_allocation_policy {
+    cluster_secondary_range_name  = "${var.ip_range_pods}"
+    services_secondary_range_name = "${var.ip_range_services}"
+  }
+
+  maintenance_policy {
+    daily_maintenance_window {
+      start_time = "${var.maintenance_start_time}"
+    }
+  }
+
+  lifecycle {
+    ignore_changes = ["node_pool"]
+  }
+
+  timeouts {
+    create = "30m"
+    update = "30m"
+    delete = "30m"
+  }
+
+  node_pool {
+    name = "default-pool"
+
+    node_config {
+      service_account = "${lookup(var.node_pools[0], "service_account", var.service_account)}"
+    }
+  }
+
+  remove_default_node_pool = "${var.remove_default_node_pool}"
+}
+
+/******************************************
+  Create zonal node pools
+ *****************************************/
+resource "google_container_node_pool" "zonal_pools" {
+  count              = "${var.regional ? 0 : length(var.node_pools)}"
+  name               = "${lookup(var.node_pools[count.index], "name")}"
+  project            = "${var.project_id}"
+  zone               = "${var.zones[0]}"
+  cluster            = "${var.name}"
+  version            = "${lookup(var.node_pools[count.index], "auto_upgrade", false) ? "" : lookup(var.node_pools[count.index], "version", local.node_version)}"
+  initial_node_count = "${lookup(var.node_pools[count.index], "min_count", 1)}"
+
+  autoscaling {
+    min_node_count = "${lookup(var.node_pools[count.index], "min_count", 1)}"
+    max_node_count = "${lookup(var.node_pools[count.index], "max_count", 100)}"
+  }
+
+  management {
+    auto_repair  = "${lookup(var.node_pools[count.index], "auto_repair", true)}"
+    auto_upgrade = "${lookup(var.node_pools[count.index], "auto_upgrade", false)}"
+  }
+
+  node_config {
+    image_type   = "${lookup(var.node_pools[count.index], "image_type", "COS")}"
+    machine_type = "${lookup(var.node_pools[count.index], "machine_type", "n1-standard-2")}"
+    labels       = "${merge(map("cluster_name", var.name), map("node_pool", lookup(var.node_pools[count.index], "name")), var.node_pools_labels["all"], var.node_pools_labels[lookup(var.node_pools[count.index], "name")])}"
+    metadata     = "${merge(map("cluster_name", var.name), map("node_pool", lookup(var.node_pools[count.index], "name")), var.node_pools_metadata["all"], var.node_pools_metadata[lookup(var.node_pools[count.index], "name")])}"
+    taint        = "${concat(var.node_pools_taints["all"], var.node_pools_taints[lookup(var.node_pools[count.index], "name")])}"
+    tags         = ["${concat(list("gke-${var.name}"), list("gke-${var.name}-${lookup(var.node_pools[count.index], "name")}"), var.node_pools_tags["all"], var.node_pools_tags[lookup(var.node_pools[count.index], "name")])}"]
+
+    disk_size_gb    = "${lookup(var.node_pools[count.index], "disk_size_gb", 100)}"
+    disk_type       = "${lookup(var.node_pools[count.index], "disk_type", "pd-standard")}"
+    service_account = "${lookup(var.node_pools[count.index], "service_account", var.service_account)}"
+    preemptible     = "${lookup(var.node_pools[count.index], "preemptible", false)}"
+
+    oauth_scopes = [
+      "https://www.googleapis.com/auth/cloud-platform",
+    ]
+  }
+
+  lifecycle {
+    ignore_changes = ["initial_node_count"]
+  }
+
+  timeouts {
+    create = "30m"
+    update = "30m"
+    delete = "30m"
+  }
+
+  depends_on = ["google_container_cluster.zonal_primary"]
+}
+
+resource "null_resource" "wait_for_zonal_cluster" {
+  count = "${var.regional ? 0 : 1}"
+
+  provisioner "local-exec" {
+    command = "${path.module}/scripts/wait-for-cluster.sh ${var.project_id} ${var.name}"
+  }
+
+  provisioner "local-exec" {
+    when    = "destroy"
+    command = "${path.module}/scripts/wait-for-cluster.sh ${var.project_id} ${var.name}"
+  }
+
+  depends_on = ["google_container_cluster.zonal_primary", "google_container_node_pool.zonal_pools"]
+}