fix: Correct ACM param defaults (#536)

* edits to the some param descriptions to clarify use relative to google_container_cluster

* edits to the some param descriptions to clarify use relative to google_container_cluster

* terraform fmt fixes

* now ignore setting un specified policy dir, uses configmanagement defaults instead of shadowing them

* now also use configmanagement defaults for sync branch

* ran docs

* focused the param descriptions some, as they were a bit verbose and got good feedback to remove unnecessary detail

* regenerating docs after the change to make descriptions more concise

modules/acm/README.md

@@ -45,18 +45,18 @@ By default, this module will attempt to download the ACM operator from Google di
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
 | cluster\_endpoint | Kubernetes cluster endpoint. | string | n/a | yes |
-| cluster\_name | The unique name to identify the cluster in ACM. | string | n/a | yes |
+| cluster\_name | GCP cluster Name used to reach cluster and which becomes the cluster name in the Config Sync kubernetes custom resource. | string | n/a | yes |
 | create\_ssh\_key | Controls whether a key will be generated for Git authentication | bool | `"true"` | no |
 | enable\_policy\_controller | Whether to enable the ACM Policy Controller on the cluster | bool | `"true"` | no |
 | install\_template\_library | Whether to install the default Policy Controller template library | bool | `"true"` | no |
-| location | The location (zone or region) this cluster has been created in. | string | n/a | yes |
+| location | GCP location used to reach cluster. | string | n/a | yes |
 | operator\_path | Path to the operator yaml config. If unset, will download from GCS releases. | string | `"null"` | no |
-| policy\_dir | Subfolder containing configs in ACM Git repo | string | n/a | yes |
-| project\_id | The project in which the resource belongs. | string | n/a | yes |
+| policy\_dir | Subfolder containing configs in ACM Git repo. If un-set, uses Config Management default. | string | `""` | no |
+| project\_id | GCP project_id used to reach cluster. | string | n/a | yes |
 | secret\_type | git authentication secret type, is passed through to ConfigManagement spec.git.secretType. Overriden to value 'ssh' if `create_ssh_key` is true | string | `"ssh"` | no |
 | skip\_gcloud\_download | Whether to skip downloading gcloud (assumes gcloud and kubectl already available outside the module) | bool | `"false"` | no |
 | ssh\_auth\_key | Key for Git authentication. Overrides 'create_ssh_key' variable. Can be set using 'file(path/to/file)'-function. | string | `"null"` | no |
-| sync\_branch | ACM repo Git branch | string | `"master"` | no |
+| sync\_branch | ACM repo Git branch. If un-set, uses Config Management default. | string | `""` | no |
 | sync\_repo | ACM Git repo address | string | n/a | yes |
 
 ## Outputs

modules/acm/templates/acm-config.yml.tpl

@@ -5,11 +5,11 @@ metadata:
 spec:
   # clusterName is required and must be unique among all managed clusters
   clusterName: ${cluster_name}
-  git:
-    syncRepo: ${sync_repo}
-    syncBranch: ${sync_branch}
-    secretType: ${secret_type}
-    policyDir: ${policy_dir}
   policyController:
     enabled: ${enable_policy_controller}
     templateLibraryInstalled: ${install_template_library}
+  git:
+    syncRepo: ${sync_repo}
+    secretType: ${secret_type}
+    ${policy_dir_node}
+    ${sync_branch_node}

modules/acm/variables.tf

@@ -15,17 +15,17 @@
  */
 
 variable "cluster_name" {
-  description = "The unique name to identify the cluster in ACM."
+  description = "GCP cluster Name used to reach cluster and which becomes the cluster name in the Config Sync kubernetes custom resource."
   type        = string
 }
 
 variable "project_id" {
-  description = "The project in which the resource belongs."
+  description = "GCP project_id used to reach cluster."
   type        = string
 }
 
 variable "location" {
-  description = "The location (zone or region) this cluster has been created in."
+  description = "GCP location used to reach cluster."
   type        = string
 }
 
@@ -41,14 +41,15 @@ variable "sync_repo" {
 }
 
 variable "sync_branch" {
-  description = "ACM repo Git branch"
+  description = "ACM repo Git branch. If un-set, uses Config Management default."
   type        = string
-  default     = "master"
+  default     = ""
 }
 
 variable "policy_dir" {
-  description = "Subfolder containing configs in ACM Git repo"
+  description = "Subfolder containing configs in ACM Git repo. If un-set, uses Config Management default."
   type        = string
+  default     = ""
 }
 
 variable "cluster_endpoint" {

modules/config-sync/README.md

@@ -48,16 +48,16 @@ To deploy this config:
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
 | cluster\_endpoint | Kubernetes cluster endpoint. | string | n/a | yes |
-| cluster\_name | The unique name to identify the cluster in ACM. | string | n/a | yes |
+| cluster\_name | GCP cluster name used to reach cluster and which becomes the cluster name in the Config Sync kubernetes custom resource. | string | n/a | yes |
 | create\_ssh\_key | Controls whether a key will be generated for Git authentication | bool | `"true"` | no |
-| location | The location (zone or region) this cluster has been created in. | string | n/a | yes |
+| location | GCP location used to reach cluster. | string | n/a | yes |
 | operator\_path | Path to the operator yaml config. If unset, will download from GCS releases. | string | `"null"` | no |
-| policy\_dir | Subfolder containing configs in ACM Git repo | string | n/a | yes |
-| project\_id | The project in which the resource belongs. | string | n/a | yes |
+| policy\_dir | Subfolder containing configs in ACM Git repo. If un-set, uses Config Management default. | string | `""` | no |
+| project\_id | GCP project_id used to reach cluster. | string | n/a | yes |
 | secret\_type | credential secret type, passed through to ConfigManagement spec.git.secretType. Overriden to value 'ssh' if `create_ssh_key` is true | string | n/a | yes |
 | skip\_gcloud\_download | Whether to skip downloading gcloud (assumes gcloud and kubectl already available outside the module) | bool | `"false"` | no |
 | ssh\_auth\_key | Key for Git authentication. Overrides 'create_ssh_key' variable. Can be set using 'file(path/to/file)'-function. | string | `"null"` | no |
-| sync\_branch | ACM repo Git branch | string | `"master"` | no |
+| sync\_branch | ACM repo Git branch. If un-set, uses Config Management default. | string | `""` | no |
 | sync\_repo | ACM Git repo address | string | n/a | yes |
 
 ## Outputs

modules/config-sync/templates/config-sync-config.yml.tpl

@@ -7,6 +7,6 @@ spec:
   clusterName: ${cluster_name}
   git:
     syncRepo: ${sync_repo}
-    syncBranch: ${sync_branch}
     secretType: ${secret_type}
-    policyDir: ${policy_dir}
+    ${sync_branch_node}
+    ${policy_dir_node}

modules/config-sync/variables.tf

@@ -15,17 +15,17 @@
  */
 
 variable "cluster_name" {
-  description = "The unique name to identify the cluster in ACM."
+  description = "GCP cluster name used to reach cluster and which becomes the cluster name in the Config Sync kubernetes custom resource."
   type        = string
 }
 
 variable "project_id" {
-  description = "The project in which the resource belongs."
+  description = "GCP project_id used to reach cluster."
   type        = string
 }
 
 variable "location" {
-  description = "The location (zone or region) this cluster has been created in."
+  description = "GCP location used to reach cluster."
   type        = string
 }
 
@@ -41,14 +41,15 @@ variable "sync_repo" {
 }
 
 variable "sync_branch" {
-  description = "ACM repo Git branch"
+  description = "ACM repo Git branch. If un-set, uses Config Management default."
   type        = string
-  default     = "master"
+  default     = ""
 }
 
 variable "policy_dir" {
-  description = "Subfolder containing configs in ACM Git repo"
+  description = "Subfolder containing configs in ACM Git repo. If un-set, uses Config Management default."
   type        = string
+  default     = ""
 }
 
 variable "cluster_endpoint" {

modules/k8s-operator-crd-support/main.tf

@@ -22,6 +22,8 @@ locals {
   k8sop_creds_secret_key   = var.secret_type == "cookiefile" ? "cookie_file" : var.secret_type
   should_download_manifest = var.operator_path == null ? true : false
   manifest_path            = local.should_download_manifest ? "${path.root}/.terraform/tmp/config-management-operator.yaml" : var.operator_path
+  sync_branch_node         = var.sync_branch != "" ? format("syncBranch: %s", var.sync_branch) : ""
+  policy_dir_node          = var.policy_dir != "" ? format("policyDir: %s", var.policy_dir) : ""
 }
 
 
@@ -87,8 +89,8 @@ data "template_file" "k8sop_config" {
   vars = {
     cluster_name             = var.cluster_name
     sync_repo                = var.sync_repo
-    sync_branch              = var.sync_branch
-    policy_dir               = var.policy_dir
+    sync_branch_node         = local.sync_branch_node
+    policy_dir_node          = local.policy_dir_node
     secret_type              = var.create_ssh_key ? "ssh" : var.secret_type
     enable_policy_controller = var.enable_policy_controller ? "true" : "false"
     install_template_library = var.install_template_library ? "true" : "false"

modules/k8s-operator-crd-support/variables.tf

@@ -15,17 +15,17 @@
  */
 
 variable "cluster_name" {
-  description = "The unique name to identify the cluster in ACM."
+  description = "GCP cluster name used to reach cluster and which becomes the cluster name in the Config Sync kubernetes custom resource."
   type        = string
 }
 
 variable "project_id" {
-  description = "The project in which the resource belongs."
+  description = "GCP project_id used to reach cluster."
   type        = string
 }
 
 variable "location" {
-  description = "The location (zone or region) this cluster has been created in."
+  description = "GCP location used to reach cluster."
   type        = string
 }
 
@@ -51,14 +51,15 @@ variable "secret_type" {
 }
 
 variable "sync_branch" {
-  description = "ACM repo Git branch"
+  description = "ACM repo Git branch. If un-set, uses Config Management default."
   type        = string
-  default     = "master"
+  default     = ""
 }
 
 variable "policy_dir" {
-  description = "Subfolder containing configs in ACM Git repo"
+  description = "Subfolder containing configs in ACM Git repo. If un-set, uses Config Management default."
   type        = string
+  default     = ""
 }
 
 variable "cluster_endpoint" {