From f162cf906a952535f3755d709fa3180d6f503c45 Mon Sep 17 00:00:00 2001 From: The Magician Date: Tue, 4 Jun 2019 16:51:12 -0700 Subject: [PATCH] Support for GKE intranode visibility (#801) Signed-off-by: Modular Magician --- google-beta/resource_container_cluster.go | 77 +++++++++---------- .../resource_container_cluster_test.go | 39 ---------- .../docs/r/container_cluster.html.markdown | 6 +- 3 files changed, 43 insertions(+), 79 deletions(-) diff --git a/google-beta/resource_container_cluster.go b/google-beta/resource_container_cluster.go index 25d3a2967c..cb638fb824 100644 --- a/google-beta/resource_container_cluster.go +++ b/google-beta/resource_container_cluster.go @@ -813,13 +813,12 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er Enabled: d.Get("enable_binary_authorization").(bool), ForceSendFields: []string{"Enabled"}, }, - Autoscaling: expandClusterAutoscaling(d.Get("cluster_autoscaling"), d), - MasterAuth: expandMasterAuth(d.Get("master_auth")), - ResourceLabels: expandStringMap(d, "resource_labels"), + Autoscaling: expandClusterAutoscaling(d.Get("cluster_autoscaling"), d), NetworkConfig: &containerBeta.NetworkConfig{ EnableIntraNodeVisibility: d.Get("enable_intranode_visibility").(bool), - ForceSendFields: []string{"Enabled"}, }, + MasterAuth: expandMasterAuth(d.Get("master_auth")), + ResourceLabels: expandStringMap(d, "resource_labels"), } if v, ok := d.GetOk("default_max_pods_per_node"); ok { @@ -1045,7 +1044,6 @@ func resourceContainerClusterRead(d *schema.ResourceData, meta interface{}) erro d.Set("enable_legacy_abac", cluster.LegacyAbac.Enabled) d.Set("logging_service", cluster.LoggingService) d.Set("monitoring_service", cluster.MonitoringService) - d.Set("enable_intranode_visibility", cluster.NetworkConfig.EnableIntraNodeVisibility) d.Set("network", cluster.NetworkConfig.Network) d.Set("subnetwork", cluster.NetworkConfig.Subnetwork) d.Set("enable_binary_authorization", cluster.BinaryAuthorization != nil && cluster.BinaryAuthorization.Enabled) @@ -1060,6 +1058,7 @@ func resourceContainerClusterRead(d *schema.ResourceData, meta interface{}) erro if err := d.Set("authenticator_groups_config", flattenAuthenticatorGroupsConfig(cluster.AuthenticatorGroupsConfig)); err != nil { return err } + d.Set("enable_intranode_visibility", cluster.NetworkConfig.EnableIntraNodeVisibility) if err := d.Set("node_config", flattenNodeConfig(cluster.NodeConfig)); err != nil { return err } @@ -1217,6 +1216,40 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er d.SetPartial("cluster_autoscaling") } + if d.HasChange("enable_intranode_visibility") { + enabled := d.Get("enable_intranode_visibility").(bool) + req := &containerBeta.UpdateClusterRequest{ + Update: &containerBeta.ClusterUpdate{ + DesiredIntraNodeVisibilityConfig: &containerBeta.IntraNodeVisibilityConfig{ + Enabled: enabled, + ForceSendFields: []string{"Enabled"}, + }, + }, + } + updateF := func() error { + log.Println("[DEBUG] updating enable_intranode_visibility") + name := containerClusterFullName(project, location, clusterName) + op, err := config.clientContainerBeta.Projects.Locations.Clusters.Update(name, req).Do() + if err != nil { + return err + } + + // Wait until it's updated + err = containerOperationWait(config, op, project, location, "updating GKE Intra Node Visibility", timeoutInMinutes) + log.Println("[DEBUG] done updating enable_intranode_visibility") + return err + } + + // Call update serially. + if err := lockedCall(lockKey, updateF); err != nil { + return err + } + + log.Printf("[INFO] GKE cluster %s Intra Node Visibility has been updated to %v", d.Id(), enabled) + + d.SetPartial("enable_intranode_visibility") + } + if d.HasChange("maintenance_policy") { var req *containerBeta.SetMaintenancePolicyRequest if mp, ok := d.GetOk("maintenance_policy"); ok { @@ -1381,40 +1414,6 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er d.SetPartial("enable_legacy_abac") } - if d.HasChange("enable_intranode_visibility") { - enabled := d.Get("enable_intranode_visibility").(bool) - req := &containerBeta.UpdateClusterRequest{ - Update: &containerBeta.ClusterUpdate{ - DesiredIntraNodeVisibilityConfig: &containerBeta.IntraNodeVisibilityConfig{ - Enabled: enabled, - ForceSendFields: []string{"Enabled"}, - }, - }, - } - updateF := func() error { - log.Println("[DEBUG] updating enable_intranode_visibility") - name := containerClusterFullName(project, location, clusterName) - op, err := config.clientContainerBeta.Projects.Locations.Clusters.Update(name, req).Do() - if err != nil { - return err - } - - // Wait until it's updated - err = containerOperationWait(config, op, project, location, "updating GKE Intra Node Visibility", timeoutInMinutes) - log.Println("[DEBUG] done updating enable_intranode_visibility") - return err - } - - // Call update serially. - if err := lockedCall(lockKey, updateF); err != nil { - return err - } - - log.Printf("[INFO] GKE cluster %s Intra Node Visibility has been updated to %v", d.Id(), enabled) - - d.SetPartial("enable_intranode_visibility") - } - if d.HasChange("monitoring_service") || d.HasChange("logging_service") { logging := d.Get("logging_service").(string) monitoring := d.Get("monitoring_service").(string) diff --git a/google-beta/resource_container_cluster_test.go b/google-beta/resource_container_cluster_test.go index c7ab793415..8cb93a4db2 100644 --- a/google-beta/resource_container_cluster_test.go +++ b/google-beta/resource_container_cluster_test.go @@ -760,34 +760,6 @@ func TestAccContainerCluster_withDefaultLegacyAbac(t *testing.T) { }) } -/* - Since GKE disables Intra Node Visibility by default, this test will ensure that Intra Node Visibility is disabled by default to be - more consistent with default settings in the Cloud Console -*/ -func TestAccContainerCluster_withDefaultIntraNodeVisibility(t *testing.T) { - t.Parallel() - - resource.Test(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, - CheckDestroy: testAccCheckContainerClusterDestroy, - Steps: []resource.TestStep{ - { - Config: testAccContainerCluster_defaultIntraNodeVisibility(acctest.RandString(10)), - Check: resource.ComposeTestCheckFunc( - resource.TestCheckResourceAttr("google_container_cluster.default_intranode_visibility", "enable_intranode_visibility", "false"), - ), - }, - { - ResourceName: "google_container_cluster.default_intranode_visibility", - ImportStateIdPrefix: "us-central1-a/", - ImportState: true, - ImportStateVerify: true, - }, - }, - }) -} - func TestAccContainerCluster_withVersion(t *testing.T) { t.Parallel() @@ -2433,22 +2405,12 @@ resource "google_container_cluster" "with_legacy_abac" { }`, clusterName) } -func testAccContainerCluster_defaultIntraNodeVisibility(clusterName string) string { - return fmt.Sprintf(` -resource "google_container_cluster" "default_intranode_visibility" { - name = "cluster-test-%s" - zone = "us-central1-a" - initial_node_count = 1 -}`, clusterName) -} - func testAccContainerCluster_withIntraNodeVisibility(clusterName string) string { return fmt.Sprintf(` resource "google_container_cluster" "with_intranode_visibility" { name = "cluster-test-%s" zone = "us-central1-a" initial_node_count = 1 - enable_intranode_visibility = true }`, clusterName) } @@ -2459,7 +2421,6 @@ resource "google_container_cluster" "with_intranode_visibility" { name = "cluster-test-%s" zone = "us-central1-a" initial_node_count = 1 - enable_intranode_visibility = false }`, clusterName) } diff --git a/website/docs/r/container_cluster.html.markdown b/website/docs/r/container_cluster.html.markdown index 8873c1e289..612ed1455d 100644 --- a/website/docs/r/container_cluster.html.markdown +++ b/website/docs/r/container_cluster.html.markdown @@ -287,9 +287,13 @@ to the datasource. A `region` can have a different set of supported versions tha * `subnetwork` - (Optional) The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched. -* `vertical_pod_autoscaling` - Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. +* `vertical_pod_autoscaling` - (Optional, [Beta](https://terraform.io/docs/providers/google/provider_versions.html)) + Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below. +* `enable_intranode_visibility` - (Optional, [Beta](https://terraform.io/docs/providers/google/provider_versions.html)) + Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network. + The `addons_config` block supports: * `horizontal_pod_autoscaling` - (Optional) The status of the Horizontal Pod Autoscaling