Merge pull request #73 from GoogleCloudPlatform/develop

Changed order of resource creation/installation

jupyter-on-gke/iap_module/iap.tf

@@ -24,13 +24,6 @@ data "local_file" "static_ingress_yaml" {
   filename = "${path.module}/deployments/static-ingress.yaml"
 }
 
-data "google_compute_backend_service" "jupyter-ingress" {
-  name = var.service_name
-  project = var.project_id
-
-  depends_on = [ kubectl_manifest.backend_config ]
-}
-
 # Reserve IP Address
 resource "google_compute_global_address" "default" {
   provider     = google-beta
@@ -40,12 +33,14 @@ resource "google_compute_global_address" "default" {
   ip_version   = "IPV4"
 }
 
+# The configuration that will trigger turning on IAP
 resource "kubectl_manifest" "backend_config" {
   override_namespace = var.namespace
   yaml_body          = templatefile("${path.module}/deployments/backend-config.yaml", {})
   depends_on = [ kubectl_manifest.static_ingress ]
 }
 
+# Specifies the domain for the SSL certificate, wildcard domains are not supported
 resource "kubectl_manifest" "managed_cert" {
   override_namespace = var.namespace
   yaml_body          = templatefile("${path.module}/deployments/managed-cert.yaml", {
@@ -54,6 +49,7 @@ resource "kubectl_manifest" "managed_cert" {
   depends_on = [ google_compute_global_address.default ]
 }
 
+# Ingress for IAP
 resource "kubectl_manifest" "static_ingress" {
   override_namespace = var.namespace
 
@@ -63,6 +59,7 @@ resource "kubectl_manifest" "static_ingress" {
   depends_on = [ google_compute_global_address.default, kubectl_manifest.managed_cert ]
 }
 
+# Secret used by the BackendConfig, contains the OAuth client info
 resource "kubernetes_secret" "my-secret" {
   metadata {
     name = "my-secret"

jupyter-on-gke/jupyterhub.tf

@@ -31,6 +31,16 @@ provider "google-beta" {
   region = var.location
 }
 
+data "google_project" "project" {
+  project_id = var.project_id
+}
+
+# The data of the GCP backend service. IAP is enabled on this backend service
+data "google_compute_backend_service" "jupyter-ingress" {
+  name = var.service_name
+  project = var.project_id
+}
+
 resource "kubernetes_namespace" "namespace" {
   count = var.create_namespace ? 1 : 0
   metadata {
@@ -53,7 +63,10 @@ module "iap_auth" {
   client_secret = var.client_secret
   service_name = var.service_name
 
-  depends_on = [ kubernetes_namespace.namespace ]
+  depends_on = [
+    helm_release.jupyterhub,
+    kubernetes_namespace.namespace, 
+  ]
 }
 
 resource "helm_release" "jupyterhub" {
@@ -64,14 +77,13 @@ resource "helm_release" "jupyterhub" {
   cleanup_on_fail = "true"
 
   values = [
-    templatefile(var.add_auth ? "${path.module}/jupyter_config/config-selfauth.yaml" : "${path.module}/jupyter_config/config.yaml", {
-      service_id = var.add_auth ? "${module.iap_auth[0].backend_service_id}" : "none"
-      project_number = "${var.project_number}"
+    templatefile(var.add_auth ? "${path.module}/jupyter_config/config-selfauth.yaml" : "${path.module}/jupyter_config/config-filestore.yaml", {
+      service_id = var.add_auth && data.google_compute_backend_service.jupyter-ingress.generated_id != null ? "${data.google_compute_backend_service.jupyter-ingress.generated_id}" : "no-id-yet"
+      project_number = data.google_project.project.number
     })
   ]
 
   depends_on = [  
-    module.iap_auth,
     kubernetes_namespace.namespace
   ]
 }

jupyter-on-gke/variables.tf

@@ -33,13 +33,7 @@ variable "add_auth" {
 variable "project_id" {
   type        = string
   description = "GCP project id"
-  default     = "<>Project ID here"
-}
-
-variable "project_number" {
-  type        = string
-  description = "GCP project number (Not to be confused with porject id)"
-  default     = "<Project Number Here>"
+  default     = "<Project ID here>"
 }
 
 variable "location" {