Skip to content

Commit

Permalink
Made google_container_cluster.user_managed_keys_config not settable a…
Browse files Browse the repository at this point in the history
…nd fixed diff due to server-set values (#12309) (#20314)

[upstream:9a45aa9a44634ac33a3cd7a1024be660accd7647]

Signed-off-by: Modular Magician <[email protected]>
  • Loading branch information
modular-magician authored Nov 12, 2024
1 parent a43ba47 commit 5a7d34c
Show file tree
Hide file tree
Showing 3 changed files with 179 additions and 14 deletions.
6 changes: 6 additions & 0 deletions .changelog/12309.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
```release-note:bug
container: fixed diff on `google_container_cluster.user_managed_keys_config` field for resources that had not set it. (patch release)
```
```release-note:bug
container: marked `google_container_cluster.user_managed_keys_config` as immutable because it can't be updated in place. (patch release)
```
26 changes: 12 additions & 14 deletions google/services/container/resource_container_cluster.go
Original file line number Diff line number Diff line change
Expand Up @@ -2061,6 +2061,7 @@ func ResourceContainerCluster() *schema.Resource {
"user_managed_keys_config": {
Type: schema.TypeList,
Optional: true,
ForceNew: true,
MaxItems: 1,
Description: `The custom keys configuration of the cluster.`,
Elem: &schema.Resource{
Expand Down Expand Up @@ -3989,20 +3990,6 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er
log.Printf("[INFO] GKE cluster %s fleet config has been updated", d.Id())
}

if d.HasChange("user_managed_keys_config") {
req := &container.UpdateClusterRequest{
Update: &container.ClusterUpdate{
UserManagedKeysConfig: expandUserManagedKeysConfig(d.Get("user_managed_keys_config")),
},
}
updateF := updateFunc(req, "updating GKE cluster user managed keys config.")
if err := transport_tpg.LockedCall(lockKey, updateF); err != nil {
return err
}

log.Printf("[INFO] GKE cluster %s user managed key config has been updated to %#v", d.Id(), req.Update.UserManagedKeysConfig)
}

if d.HasChange("enable_k8s_beta_apis") {
log.Print("[INFO] Enable Kubernetes Beta APIs")
if v, ok := d.GetOk("enable_k8s_beta_apis"); ok {
Expand Down Expand Up @@ -6139,11 +6126,22 @@ func flattenUserManagedKeysConfig(c *container.UserManagedKeysConfig) []map[stri
"control_plane_disk_encryption_key": c.ControlPlaneDiskEncryptionKey,
"gkeops_etcd_backup_encryption_key": c.GkeopsEtcdBackupEncryptionKey,
}
allEmpty := true
for _, v := range f {
if v.(string) != "" {
allEmpty = false
}
}
if len(c.ServiceAccountSigningKeys) != 0 {
f["service_account_signing_keys"] = schema.NewSet(schema.HashString, tpgresource.ConvertStringArrToInterface(c.ServiceAccountSigningKeys))
allEmpty = false
}
if len(c.ServiceAccountVerificationKeys) != 0 {
f["service_account_verification_keys"] = schema.NewSet(schema.HashString, tpgresource.ConvertStringArrToInterface(c.ServiceAccountVerificationKeys))
allEmpty = false
}
if allEmpty {
return nil
}
return []map[string]interface{}{f}
}
Expand Down
161 changes: 161 additions & 0 deletions google/services/container/resource_container_cluster_internal_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,11 @@ package container
import (
"testing"

"github.com/google/go-cmp/cmp"
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
"github.com/hashicorp/terraform-provider-google/google/tpgresource"

"google.golang.org/api/container/v1"
)

func TestContainerClusterEnableK8sBetaApisCustomizeDiff(t *testing.T) {
Expand Down Expand Up @@ -208,3 +211,161 @@ func TestContainerCluster_NodeVersionCustomizeDiff(t *testing.T) {
}
}
}

func TestContainerCluster_flattenUserManagedKeysConfig(t *testing.T) {
t.Parallel()

cases := []struct {
name string
config *container.UserManagedKeysConfig
want []map[string]interface{}
}{
{
name: "nil",
},
{
name: "empty",
config: &container.UserManagedKeysConfig{},
},
{
name: "cluster_ca",
config: &container.UserManagedKeysConfig{
ClusterCa: "value",
},
want: []map[string]interface{}{
{
"cluster_ca": "value",
"etcd_api_ca": "",
"etcd_peer_ca": "",
"aggregation_ca": "",
"control_plane_disk_encryption_key": "",
"gkeops_etcd_backup_encryption_key": "",
},
},
},
{
name: "etcd_api_ca",
config: &container.UserManagedKeysConfig{
EtcdApiCa: "value",
},
want: []map[string]interface{}{
{
"cluster_ca": "",
"etcd_api_ca": "value",
"etcd_peer_ca": "",
"aggregation_ca": "",
"control_plane_disk_encryption_key": "",
"gkeops_etcd_backup_encryption_key": "",
},
},
},
{
name: "etcd_peer_ca",
config: &container.UserManagedKeysConfig{
EtcdPeerCa: "value",
},
want: []map[string]interface{}{
{
"cluster_ca": "",
"etcd_api_ca": "",
"etcd_peer_ca": "value",
"aggregation_ca": "",
"control_plane_disk_encryption_key": "",
"gkeops_etcd_backup_encryption_key": "",
},
},
},
{
name: "aggregation_ca",
config: &container.UserManagedKeysConfig{
AggregationCa: "value",
},
want: []map[string]interface{}{
{
"cluster_ca": "",
"etcd_api_ca": "",
"etcd_peer_ca": "",
"aggregation_ca": "value",
"control_plane_disk_encryption_key": "",
"gkeops_etcd_backup_encryption_key": "",
},
},
},
{
name: "control_plane_disk_encryption_key",
config: &container.UserManagedKeysConfig{
ControlPlaneDiskEncryptionKey: "value",
},
want: []map[string]interface{}{
{
"cluster_ca": "",
"etcd_api_ca": "",
"etcd_peer_ca": "",
"aggregation_ca": "",
"control_plane_disk_encryption_key": "value",
"gkeops_etcd_backup_encryption_key": "",
},
},
},
{
name: "gkeops_etcd_backup_encryption_key",
config: &container.UserManagedKeysConfig{
GkeopsEtcdBackupEncryptionKey: "value",
},
want: []map[string]interface{}{
{
"cluster_ca": "",
"etcd_api_ca": "",
"etcd_peer_ca": "",
"aggregation_ca": "",
"control_plane_disk_encryption_key": "",
"gkeops_etcd_backup_encryption_key": "value",
},
},
},
{
name: "service_account_signing_keys",
config: &container.UserManagedKeysConfig{
ServiceAccountSigningKeys: []string{"value"},
},
want: []map[string]interface{}{
{
"cluster_ca": "",
"etcd_api_ca": "",
"etcd_peer_ca": "",
"aggregation_ca": "",
"control_plane_disk_encryption_key": "",
"gkeops_etcd_backup_encryption_key": "",
"service_account_signing_keys": schema.NewSet(schema.HashString, []interface{}{"value"}),
},
},
},
{
name: "service_account_verification_keys",
config: &container.UserManagedKeysConfig{
ServiceAccountVerificationKeys: []string{"value"},
},
want: []map[string]interface{}{
{
"cluster_ca": "",
"etcd_api_ca": "",
"etcd_peer_ca": "",
"aggregation_ca": "",
"control_plane_disk_encryption_key": "",
"gkeops_etcd_backup_encryption_key": "",
"service_account_verification_keys": schema.NewSet(schema.HashString, []interface{}{"value"}),
},
},
},
}

for _, tc := range cases {
t.Run(tc.name, func(t *testing.T) {
t.Parallel()
got := flattenUserManagedKeysConfig(tc.config)
if diff := cmp.Diff(got, tc.want); diff != "" {
t.Errorf("flattenUserManagedKeysConfig(%s) returned unexpected diff. +got, -want:\n%s", tc.name, diff)
}
})
}
}

0 comments on commit 5a7d34c

Please sign in to comment.