diff --git a/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb b/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb index 00a3f3aaab84..93f6dadd3693 100644 --- a/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb +++ b/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb @@ -1684,7 +1684,7 @@ func ResourceContainerCluster() *schema.Resource { Optional: true, ForceNew: true, AtLeastOneOf: privateClusterConfigKeys, - DiffSuppressFunc: tpgresource.CompareSelfLinkOrResourceName, + DiffSuppressFunc: containerClusterPrivateClusterConfigSuppress, Description: `Subnetwork in cluster's network where master's endpoint will be provisioned.`, }, "public_endpoint": { @@ -6387,6 +6387,14 @@ func containerClusterPrivateClusterConfigSuppress(k, old, new string, d *schema. return suppressNodes && !hasSubnet } else if k == "private_cluster_config.#" { return suppressEndpoint && suppressNodes && !hasSubnet && !hasGlobalAccessConfig + } else if k == "private_cluster_config.0.private_endpoint_subnetwork" { + // Before regular compare, for the sake of private flexible cluster, + // suppress diffs in private_endpoint_subnetwork when + // master_ipv4_cidr_block is set + // && private_endpoint_subnetwork is unset in terraform (new value == "") + // && private_endpoint_subnetwork is returned from resource (old value != "") + _, hasMasterCidr := d.GetOk("private_cluster_config.0.master_ipv4_cidr_block") + return (hasMasterCidr && new == "" && old != "") || tpgresource.CompareSelfLinkOrResourceName(k, old, new, d) } return false } diff --git a/mmv1/third_party/terraform/services/container/resource_container_cluster_test.go.erb b/mmv1/third_party/terraform/services/container/resource_container_cluster_test.go.erb index 910fba9602b0..aafdb65f489a 100644 --- a/mmv1/third_party/terraform/services/container/resource_container_cluster_test.go.erb +++ b/mmv1/third_party/terraform/services/container/resource_container_cluster_test.go.erb @@ -5643,6 +5643,62 @@ resource "google_container_cluster" "with_private_endpoint_subnetwork" { `, containerNetName, clusterName) } +func TestAccContainerCluster_withCidrBlockWithoutPrivateEndpointSubnetwork(t *testing.T) { + t.Parallel() + + clusterName := fmt.Sprintf("tf-test-cluster-%s", acctest.RandString(t, 10)) + containerNetName := fmt.Sprintf("tf-test-container-net-%s", acctest.RandString(t, 10)) + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckContainerClusterDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccContainerCluster_withCidrBlockWithoutPrivateEndpointSubnetwork(containerNetName, clusterName, "us-central1-a"), + }, + { + ResourceName: "google_container_cluster.with_private_flexible_cluster", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, + }, + }, + }) +} + +func testAccContainerCluster_withCidrBlockWithoutPrivateEndpointSubnetwork(containerNetName, clusterName, location string) string { + return fmt.Sprintf(` +resource "google_compute_network" "container_network" { + name = "%s" + auto_create_subnetworks = false +} + +resource "google_compute_subnetwork" "container_subnetwork" { + name = google_compute_network.container_network.name + network = google_compute_network.container_network.name + ip_cidr_range = "10.0.36.0/24" +} + +resource "google_container_cluster" "with_private_flexible_cluster" { + name = "%s" + location = "%s" + min_master_version = "1.29" + initial_node_count = 1 + + networking_mode = "VPC_NATIVE" + network = google_compute_network.container_network.name + subnetwork = google_compute_subnetwork.container_subnetwork.name + + private_cluster_config { + enable_private_nodes = true + master_ipv4_cidr_block = "10.42.0.0/28" + } + deletion_protection = false +} +`, containerNetName, clusterName, location) +} + func TestAccContainerCluster_withEnablePrivateEndpointToggle(t *testing.T) { t.Parallel()