Suppress private_endpoint_subnetwork when master_ipv4_cidr_block is set

[Francis-Liu]

For private flexible clusters, user are still allowed to set master_ipv4_cidr_block. In this situation, private_endpoint_subnetwork will return a non-empty subnet name, which doesn't match the empty subnet in Terraform config (user can set either cidr block or subnet, or neither, but not both, which is error-checked by API). We should ignore the subnet diff in this case. This PR is intended to fix the same issue #10089 attempted to fix. #10089 was reverted by #10096.

Release Note Template for Downstream PRs (will be copied)

container: fixed `google_container_cluster` permadiff when `master_ipv4_cidr_block` is set for a private flexible cluster

[github-actions]

Hello! I am a robot. Tests will require approval from a repository maintainer to run.

@SarahFrench, a repository maintainer, has been assigned to review your changes. If you have not received review feedback within 2 business days, please leave a comment on this PR asking them to take a look.

You can help make sure that review is quick by doing a self-review and by running impacted tests locally.

[Francis-Liu]

@SarahFrench a kindly reminder

[SarahFrench]

Thanks! This had fallen off my radar

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 1 file changed, 9 insertions(+), 1 deletion(-))
google-beta provider: Diff ( 1 file changed, 9 insertions(+), 1 deletion(-))

[modular-magician]

Tests analytics

Total tests: 185
Passed tests: 173
Skipped tests: 12
Affected tests: 0

Click here to see the affected service packages

• container

$\textcolor{green}{\textsf{All tests passed!}}$
View the build log

[SarahFrench]

/gcbrun

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 1 file changed, 9 insertions(+), 1 deletion(-))
google-beta provider: Diff ( 1 file changed, 9 insertions(+), 1 deletion(-))

[modular-magician]

Tests analytics

Total tests: 185
Passed tests: 173
Skipped tests: 12
Affected tests: 0

Click here to see the affected service packages

• container

$\textcolor{green}{\textsf{All tests passed!}}$
View the build log

[SarahFrench]

Hi @Francis-Liu - the code changes make sense to me, but I'm wondering about what testing can be done to verify this change.

Am I right that prior to this PR's changes a user would provision a private flexible cluster with master_ipv4_cidr_block set and on the next apply Terraform would suggest to replace the whole cluster due to the detected diff?

Would you be comfortable adding a new acceptance test or updating an existing one so that it fails prior to this change (due to a non-empty plan) and passes afterwards? By default the test framework will not expect a non empty plan and will fail after provisioning something, which suggests we might not have a test that provisions a cluster configured in the way that triggers this problem.

[Francis-Liu]

Am I right that prior to this PR's changes a user would provision a private flexible cluster with master_ipv4_cidr_block set and on the next apply Terraform would suggest to replace the whole cluster due to the detected diff?

Yes. Precisely, the diff is in private_endpoint_subnetwork. What's interesting about this PR is, it's preparing for our next API change. Currently, there is no diff in private_endpoint_subnetwork with our API, with or without this PR, TF wouldn't suggest to replace the whole cluster. Once this PR is released, we are about to make the change such that the returned private_endpoint_subnetwork will be non empty when master_ipv4_cidr_block is set.

[Francis-Liu]

Let me try to add a acceptance test case as you suggested, to capture potential failures after we make the further API change.

[SarahFrench]

Thanks, that'd be useful to have!

I asked in the provider team for advice about how to time this release with the API update.

Next week I'm at a conference so won't be able to review things properly until March 25th onwards. If this PR needs to be reviewed and merged earlier, to enable release on a specific date please let us know.

[SarahFrench]

Following on from above, handing off to our on-call for the next week: @roaks3. Ryan, if this PR doesn't need anything before the 25th please feel free to reassign back to me

[Francis-Liu]

@roaks3 I have added the acceptance test. Could you please approve & merge this PR so it goes to release 5.22.0

[roaks3]

/gcbrun

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 2 files changed, 58 insertions(+), 1 deletion(-))
google-beta provider: Diff ( 2 files changed, 58 insertions(+), 1 deletion(-))

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 2 files changed, 58 insertions(+), 1 deletion(-))
google-beta provider: Diff ( 2 files changed, 58 insertions(+), 1 deletion(-))

[modular-magician]

Tests analytics

Total tests: 186
Passed tests: 173
Skipped tests: 12
Affected tests: 1

Click here to see the affected service packages

• container

Action taken

Found 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

TestAccContainerCluster_withCidrBlockWithoutPrivateEndpointSubnetwork

Get to know how VCR tests work

[modular-magician]

$\textcolor{red}{\textsf{Tests failed during RECORDING mode:}}$
TestAccContainerCluster_withCidrBlockWithoutPrivateEndpointSubnetwork[Error message] [Debug log]

$\textcolor{red}{\textsf{Please fix these to complete your PR.}}$
View the build log or the debug log for each test

[Francis-Liu]

/gcbrun

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 2 files changed, 64 insertions(+), 1 deletion(-))
google-beta provider: Diff ( 2 files changed, 64 insertions(+), 1 deletion(-))

[modular-magician]

Tests analytics

Total tests: 186
Passed tests: 173
Skipped tests: 12
Affected tests: 1

Click here to see the affected service packages

• container

Action taken

Found 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

TestAccContainerCluster_withCidrBlockWithoutPrivateEndpointSubnetwork

Get to know how VCR tests work

[modular-magician]

$\textcolor{red}{\textsf{Tests failed during RECORDING mode:}}$
TestAccContainerCluster_withCidrBlockWithoutPrivateEndpointSubnetwork[Error message] [Debug log]

$\textcolor{red}{\textsf{Please fix these to complete your PR.}}$
View the build log or the debug log for each test

[Francis-Liu]

/gcbrun

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 2 files changed, 65 insertions(+), 1 deletion(-))
google-beta provider: Diff ( 2 files changed, 65 insertions(+), 1 deletion(-))

[modular-magician]

Tests analytics

Total tests: 186
Passed tests: 173
Skipped tests: 12
Affected tests: 1

Click here to see the affected service packages

• container

Action taken

Found 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

TestAccContainerCluster_withCidrBlockWithoutPrivateEndpointSubnetwork

Get to know how VCR tests work

[modular-magician]

$\textcolor{green}{\textsf{Tests passed during RECORDING mode:}}$
TestAccContainerCluster_withCidrBlockWithoutPrivateEndpointSubnetwork[Debug log]

$\textcolor{green}{\textsf{No issues found for passed tests after REPLAYING rerun.}}$

---

$\textcolor{green}{\textsf{All tests passed!}}$
View the build log or the debug log for each test