Skip to content

Commit

Permalink
Add proxy_config field to containerattached resource. (#9401) (#6637)
Browse files Browse the repository at this point in the history
* Add proxy support for container attached clusters

* delete autogen file

* Add proxy support for container attached clusters

* Add proxy support for container attached clusters

* Improve testing and code consistency
[upstream:142340250f56b68400d8316bc8480d2abbc97b9d]

Signed-off-by: Modular Magician <[email protected]>
  • Loading branch information
modular-magician authored Nov 13, 2023
1 parent c7997c2 commit 611848e
Show file tree
Hide file tree
Showing 5 changed files with 199 additions and 1 deletion.
3 changes: 3 additions & 0 deletions .changelog/9401.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:enhancement
containerattached: added `proxy_config` field to `google_container_attached_cluster` resource
```
Original file line number Diff line number Diff line change
Expand Up @@ -276,6 +276,36 @@ than 255 UTF-8 encoded bytes.`,
},
},
},
"proxy_config": {
Type: schema.TypeList,
Optional: true,
Description: `Support for proxy configuration.`,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"kubernetes_secret": {
Type: schema.TypeList,
Optional: true,
Description: `The Kubernetes Secret resource that contains the HTTP(S) proxy configuration.`,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"name": {
Type: schema.TypeString,
Required: true,
Description: `Name of the kubernetes secret containing the proxy config.`,
},
"namespace": {
Type: schema.TypeString,
Required: true,
Description: `Namespace of the kubernetes secret containing the proxy config.`,
},
},
},
},
},
},
},
"cluster_region": {
Type: schema.TypeString,
Computed: true,
Expand Down Expand Up @@ -446,6 +476,12 @@ func resourceContainerAttachedClusterCreate(d *schema.ResourceData, meta interfa
} else if v, ok := d.GetOkExists("binary_authorization"); !tpgresource.IsEmptyValue(reflect.ValueOf(binaryAuthorizationProp)) && (ok || !reflect.DeepEqual(v, binaryAuthorizationProp)) {
obj["binaryAuthorization"] = binaryAuthorizationProp
}
proxyConfigProp, err := expandContainerAttachedClusterProxyConfig(d.Get("proxy_config"), d, config)
if err != nil {
return err
} else if v, ok := d.GetOkExists("proxy_config"); !tpgresource.IsEmptyValue(reflect.ValueOf(proxyConfigProp)) && (ok || !reflect.DeepEqual(v, proxyConfigProp)) {
obj["proxyConfig"] = proxyConfigProp
}
annotationsProp, err := expandContainerAttachedClusterEffectiveAnnotations(d.Get("effective_annotations"), d, config)
if err != nil {
return err
Expand Down Expand Up @@ -627,6 +663,9 @@ func resourceContainerAttachedClusterRead(d *schema.ResourceData, meta interface
if err := d.Set("binary_authorization", flattenContainerAttachedClusterBinaryAuthorization(res["binaryAuthorization"], d, config)); err != nil {
return fmt.Errorf("Error reading Cluster: %s", err)
}
if err := d.Set("proxy_config", flattenContainerAttachedClusterProxyConfig(res["proxyConfig"], d, config)); err != nil {
return fmt.Errorf("Error reading Cluster: %s", err)
}
if err := d.Set("effective_annotations", flattenContainerAttachedClusterEffectiveAnnotations(res["annotations"], d, config)); err != nil {
return fmt.Errorf("Error reading Cluster: %s", err)
}
Expand Down Expand Up @@ -698,6 +737,12 @@ func resourceContainerAttachedClusterUpdate(d *schema.ResourceData, meta interfa
} else if v, ok := d.GetOkExists("binary_authorization"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, binaryAuthorizationProp)) {
obj["binaryAuthorization"] = binaryAuthorizationProp
}
proxyConfigProp, err := expandContainerAttachedClusterProxyConfig(d.Get("proxy_config"), d, config)
if err != nil {
return err
} else if v, ok := d.GetOkExists("proxy_config"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, proxyConfigProp)) {
obj["proxyConfig"] = proxyConfigProp
}
annotationsProp, err := expandContainerAttachedClusterEffectiveAnnotations(d.Get("effective_annotations"), d, config)
if err != nil {
return err
Expand Down Expand Up @@ -745,6 +790,10 @@ func resourceContainerAttachedClusterUpdate(d *schema.ResourceData, meta interfa
updateMask = append(updateMask, "binaryAuthorization")
}

if d.HasChange("proxy_config") {
updateMask = append(updateMask, "proxyConfig")
}

if d.HasChange("effective_annotations") {
updateMask = append(updateMask, "annotations")
}
Expand All @@ -771,9 +820,13 @@ func resourceContainerAttachedClusterUpdate(d *schema.ResourceData, meta interfa
if d.HasChange("binary_authorization") {
newUpdateMask = append(newUpdateMask, "binary_authorization.evaluation_mode")
}
if d.HasChange("proxy_config") {
newUpdateMask = append(newUpdateMask, "proxy_config.kubernetes_secret.name")
newUpdateMask = append(newUpdateMask, "proxy_config.kubernetes_secret.namespace")
}
// Pull out any other set fields from the generated mask.
for _, mask := range updateMask {
if mask == "authorization" || mask == "loggingConfig" || mask == "monitoringConfig" || mask == "binaryAuthorization" {
if mask == "authorization" || mask == "loggingConfig" || mask == "monitoringConfig" || mask == "binaryAuthorization" || mask == "proxyConfig" {
continue
}
newUpdateMask = append(newUpdateMask, mask)
Expand Down Expand Up @@ -1175,6 +1228,42 @@ func flattenContainerAttachedClusterBinaryAuthorizationEvaluationMode(v interfac
return v
}

func flattenContainerAttachedClusterProxyConfig(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
if v == nil {
return nil
}
original := v.(map[string]interface{})
if len(original) == 0 {
return nil
}
transformed := make(map[string]interface{})
transformed["kubernetes_secret"] =
flattenContainerAttachedClusterProxyConfigKubernetesSecret(original["kubernetesSecret"], d, config)
return []interface{}{transformed}
}
func flattenContainerAttachedClusterProxyConfigKubernetesSecret(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
if v == nil {
return nil
}
original := v.(map[string]interface{})
if len(original) == 0 {
return nil
}
transformed := make(map[string]interface{})
transformed["name"] =
flattenContainerAttachedClusterProxyConfigKubernetesSecretName(original["name"], d, config)
transformed["namespace"] =
flattenContainerAttachedClusterProxyConfigKubernetesSecretNamespace(original["namespace"], d, config)
return []interface{}{transformed}
}
func flattenContainerAttachedClusterProxyConfigKubernetesSecretName(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}

func flattenContainerAttachedClusterProxyConfigKubernetesSecretNamespace(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}

func flattenContainerAttachedClusterEffectiveAnnotations(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}
Expand Down Expand Up @@ -1448,6 +1537,59 @@ func expandContainerAttachedClusterBinaryAuthorizationEvaluationMode(v interface
return v, nil
}

func expandContainerAttachedClusterProxyConfig(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
l := v.([]interface{})
if len(l) == 0 || l[0] == nil {
return nil, nil
}
raw := l[0]
original := raw.(map[string]interface{})
transformed := make(map[string]interface{})

transformedKubernetesSecret, err := expandContainerAttachedClusterProxyConfigKubernetesSecret(original["kubernetes_secret"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedKubernetesSecret); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["kubernetesSecret"] = transformedKubernetesSecret
}

return transformed, nil
}

func expandContainerAttachedClusterProxyConfigKubernetesSecret(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
l := v.([]interface{})
if len(l) == 0 || l[0] == nil {
return nil, nil
}
raw := l[0]
original := raw.(map[string]interface{})
transformed := make(map[string]interface{})

transformedName, err := expandContainerAttachedClusterProxyConfigKubernetesSecretName(original["name"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedName); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["name"] = transformedName
}

transformedNamespace, err := expandContainerAttachedClusterProxyConfigKubernetesSecretNamespace(original["namespace"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedNamespace); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["namespace"] = transformedNamespace
}

return transformed, nil
}

func expandContainerAttachedClusterProxyConfigKubernetesSecretName(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}

func expandContainerAttachedClusterProxyConfigKubernetesSecretNamespace(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}

func expandContainerAttachedClusterEffectiveAnnotations(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (map[string]string, error) {
if v == nil {
return map[string]string{}, nil
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -151,6 +151,12 @@ resource "google_container_attached_cluster" "primary" {
binary_authorization {
evaluation_mode = "PROJECT_SINGLETON_POLICY_ENFORCE"
}
proxy_config {
kubernetes_secret {
name = "proxy-config"
namespace = "default"
}
}
}
`, context)
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,12 @@ resource "google_container_attached_cluster" "primary" {
binary_authorization {
evaluation_mode = "PROJECT_SINGLETON_POLICY_ENFORCE"
}
proxy_config {
kubernetes_secret {
name = "proxy-config"
namespace = "default"
}
}
}
`, context)
}
Expand Down Expand Up @@ -138,6 +144,12 @@ resource "google_container_attached_cluster" "primary" {
binary_authorization {
evaluation_mode = "DISABLED"
}
proxy_config {
kubernetes_secret {
name = "new-proxy-config"
namespace = "custom-ns"
}
}
lifecycle {
prevent_destroy = true
}
Expand Down Expand Up @@ -185,6 +197,12 @@ resource "google_container_attached_cluster" "primary" {
binary_authorization {
evaluation_mode = "DISABLED"
}
proxy_config {
kubernetes_secret {
name = "new-proxy-config"
namespace = "custom-ns"
}
}
}
`, context)
}
29 changes: 29 additions & 0 deletions website/docs/r/container_attached_cluster.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -112,6 +112,12 @@ resource "google_container_attached_cluster" "primary" {
binary_authorization {
evaluation_mode = "PROJECT_SINGLETON_POLICY_ENFORCE"
}
proxy_config {
kubernetes_secret {
name = "proxy-config"
namespace = "default"
}
}
}
```
<div class = "oics-button" style="float: right; margin: 0 0 -15px">
Expand Down Expand Up @@ -252,6 +258,11 @@ The following arguments are supported:
Binary Authorization configuration.
Structure is [documented below](#nested_binary_authorization).

* `proxy_config` -
(Optional)
Support for proxy configuration.
Structure is [documented below](#nested_proxy_config).

* `project` - (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.

Expand Down Expand Up @@ -311,6 +322,24 @@ The following arguments are supported:
Configure Binary Authorization evaluation mode.
Possible values are: `DISABLED`, `PROJECT_SINGLETON_POLICY_ENFORCE`.

<a name="nested_proxy_config"></a>The `proxy_config` block supports:

* `kubernetes_secret` -
(Optional)
The Kubernetes Secret resource that contains the HTTP(S) proxy configuration.
Structure is [documented below](#nested_kubernetes_secret).


<a name="nested_kubernetes_secret"></a>The `kubernetes_secret` block supports:

* `name` -
(Required)
Name of the kubernetes secret containing the proxy config.

* `namespace` -
(Required)
Namespace of the kubernetes secret containing the proxy config.

## Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:
Expand Down

0 comments on commit 611848e

Please sign in to comment.