Skip to content

Commit

Permalink
add node config shielded instance config
Browse files Browse the repository at this point in the history
Signed-off-by: Modular Magician <[email protected]>
  • Loading branch information
megan07 authored and modular-magician committed Sep 26, 2019
1 parent 6bae555 commit 29d5e80
Show file tree
Hide file tree
Showing 3 changed files with 147 additions and 0 deletions.
39 changes: 39 additions & 0 deletions google-beta/node_config.go
Original file line number Diff line number Diff line change
Expand Up @@ -147,6 +147,24 @@ var schemaNodeConfig = &schema.Schema{
Elem: &schema.Schema{Type: schema.TypeString},
},

"shielded_instance_config": {
Type: schema.TypeList,
Optional: true,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"enable_secure_boot": {
Type: schema.TypeBool,
Optional: true,
},
"enable_integrity_monitoring": {
Type: schema.TypeBool,
Optional: true,
},
},
},
},

"taint": {
Type: schema.TypeList,
Optional: true,
Expand Down Expand Up @@ -298,6 +316,15 @@ func expandNodeConfig(v interface{}) *containerBeta.NodeConfig {
}
nc.Tags = tags
}

if v, ok := nodeConfig["shielded_instance_config"]; ok && len(v.([]interface{})) > 0 {
conf := v.([]interface{})[0].(map[string]interface{})
nc.ShieldedInstanceConfig = &containerBeta.ShieldedInstanceConfig{
EnableSecureBoot: conf["enable_secure_boot"].(bool),
EnableIntegrityMonitoring: conf["enable_integrity_monitoring"].(bool),
}
}

// Preemptible Is Optional+Default, so it always has a value
nc.Preemptible = nodeConfig["preemptible"].(bool)

Expand Down Expand Up @@ -357,6 +384,7 @@ func flattenNodeConfig(c *containerBeta.NodeConfig) []map[string]interface{} {
"tags": c.Tags,
"preemptible": c.Preemptible,
"min_cpu_platform": c.MinCpuPlatform,
"shielded_instance_config": flattenShieldedInstanceConfig(c.ShieldedInstanceConfig),
"taint": flattenTaints(c.Taints),
"workload_metadata_config": flattenWorkloadMetadataConfig(c.WorkloadMetadataConfig),
"sandbox_config": flattenSandboxConfig(c.SandboxConfig),
Expand All @@ -380,6 +408,17 @@ func flattenContainerGuestAccelerators(c []*containerBeta.AcceleratorConfig) []m
return result
}

func flattenShieldedInstanceConfig(c *containerBeta.ShieldedInstanceConfig) []map[string]interface{} {
result := []map[string]interface{}{}
if c != nil {
result = append(result, map[string]interface{}{
"enable_secure_boot": c.EnableSecureBoot,
"enable_integrity_monitoring": c.EnableIntegrityMonitoring,
})
}
return result
}

func flattenTaints(c []*containerBeta.NodeTaint) []map[string]interface{} {
result := []map[string]interface{}{}
for _, taint := range c {
Expand Down
64 changes: 64 additions & 0 deletions google-beta/resource_container_cluster_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -744,6 +744,29 @@ func TestAccContainerCluster_withNodeConfigTaints(t *testing.T) {
})
}

func TestAccContainerCluster_withNodeConfigShieldedInstanceConfig(t *testing.T) {
t.Parallel()

clusterName := fmt.Sprintf("cluster-test-%s", acctest.RandString(10))

resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_withNodeConfigShieldedInstanceConfig(clusterName),
},
{
ResourceName: "google_container_cluster.with_node_config",
ImportStateIdPrefix: "us-central1-f/",
ImportState: true,
ImportStateVerify: true,
},
},
})
}

func TestAccContainerCluster_withWorkloadMetadataConfig(t *testing.T) {
t.Parallel()

Expand Down Expand Up @@ -2283,6 +2306,47 @@ resource "google_container_cluster" "with_node_config" {
}`, acctest.RandString(10))
}

func testAccContainerCluster_withNodeConfigShieldedInstanceConfig(clusterName string) string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_node_config" {
name = "%s"
zone = "us-central1-f"
initial_node_count = 1
node_config {
machine_type = "n1-standard-1"
disk_size_gb = 15
disk_type = "pd-ssd"
local_ssd_count = 1
oauth_scopes = [
"https://www.googleapis.com/auth/monitoring",
"https://www.googleapis.com/auth/compute",
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write"
]
service_account = "default"
metadata = {
foo = "bar"
disable-legacy-endpoints = "true"
}
labels = {
foo = "bar"
}
tags = ["foo", "bar"]
preemptible = true
min_cpu_platform = "Intel Broadwell"
// Updatable fields
image_type = "COS"
shielded_instance_config {
enable_secure_boot = true
enable_integrity_monitoring = true
}
}
}`, clusterName)
}

func testAccContainerCluster_withWorkloadMetadataConfig() string {
return fmt.Sprintf(`
data "google_container_engine_versions" "central1a" {
Expand Down
44 changes: 44 additions & 0 deletions google-beta/resource_container_node_pool_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -665,6 +665,30 @@ func TestAccContainerNodePool_EmptyGuestAccelerator(t *testing.T) {
})
}

func TestAccContainerNodePool_shieldedInstanceConfig(t *testing.T) {
t.Parallel()

cluster := fmt.Sprintf("tf-nodepool-test-%s", acctest.RandString(10))
np := fmt.Sprintf("tf-nodepool-test-%s", acctest.RandString(10))

resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerNodePoolDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerNodePool_shieldedInstanceConfig(cluster, np),
},
{
ResourceName: "google_container_node_pool.np",
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"max_pods_per_node"},
},
},
})
}

func testAccCheckContainerNodePoolDestroy(s *terraform.State) error {
config := testAccProvider.Meta().(*Config)

Expand Down Expand Up @@ -1429,3 +1453,23 @@ resource "google_container_node_pool" "np" {
}
}`, cluster, np)
}

func testAccContainerNodePool_shieldedInstanceConfig(cluster, np string) string {
return fmt.Sprintf(`
resource "google_container_cluster" "cluster" {
name = "%s"
location = "us-central1-a"
initial_node_count = 3
}
resource "google_container_node_pool" "np" {
name = "%s"
location = "us-central1-a"
cluster = "${google_container_cluster.cluster.name}"
initial_node_count = 2
shielded_instance_config {
enable_secure_boot = true
enable_integrity_monitoring = true
}
}`, cluster, np)
}

0 comments on commit 29d5e80

Please sign in to comment.