From 5a7d34c3ee252fd7150a38ab594c9d4685323d4d Mon Sep 17 00:00:00 2001 From: The Magician Date: Tue, 12 Nov 2024 15:16:37 -0800 Subject: [PATCH] Made google_container_cluster.user_managed_keys_config not settable and fixed diff due to server-set values (#12309) (#20314) [upstream:9a45aa9a44634ac33a3cd7a1024be660accd7647] Signed-off-by: Modular Magician --- .changelog/12309.txt | 6 + .../container/resource_container_cluster.go | 26 ++- ...esource_container_cluster_internal_test.go | 161 ++++++++++++++++++ 3 files changed, 179 insertions(+), 14 deletions(-) create mode 100644 .changelog/12309.txt diff --git a/.changelog/12309.txt b/.changelog/12309.txt new file mode 100644 index 00000000000..26229bd582c --- /dev/null +++ b/.changelog/12309.txt @@ -0,0 +1,6 @@ +```release-note:bug +container: fixed diff on `google_container_cluster.user_managed_keys_config` field for resources that had not set it. (patch release) +``` +```release-note:bug +container: marked `google_container_cluster.user_managed_keys_config` as immutable because it can't be updated in place. (patch release) +``` \ No newline at end of file diff --git a/google/services/container/resource_container_cluster.go b/google/services/container/resource_container_cluster.go index f07e7abd602..b01b8049845 100644 --- a/google/services/container/resource_container_cluster.go +++ b/google/services/container/resource_container_cluster.go @@ -2061,6 +2061,7 @@ func ResourceContainerCluster() *schema.Resource { "user_managed_keys_config": { Type: schema.TypeList, Optional: true, + ForceNew: true, MaxItems: 1, Description: `The custom keys configuration of the cluster.`, Elem: &schema.Resource{ @@ -3989,20 +3990,6 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er log.Printf("[INFO] GKE cluster %s fleet config has been updated", d.Id()) } - if d.HasChange("user_managed_keys_config") { - req := &container.UpdateClusterRequest{ - Update: &container.ClusterUpdate{ - UserManagedKeysConfig: expandUserManagedKeysConfig(d.Get("user_managed_keys_config")), - }, - } - updateF := updateFunc(req, "updating GKE cluster user managed keys config.") - if err := transport_tpg.LockedCall(lockKey, updateF); err != nil { - return err - } - - log.Printf("[INFO] GKE cluster %s user managed key config has been updated to %#v", d.Id(), req.Update.UserManagedKeysConfig) - } - if d.HasChange("enable_k8s_beta_apis") { log.Print("[INFO] Enable Kubernetes Beta APIs") if v, ok := d.GetOk("enable_k8s_beta_apis"); ok { @@ -6139,11 +6126,22 @@ func flattenUserManagedKeysConfig(c *container.UserManagedKeysConfig) []map[stri "control_plane_disk_encryption_key": c.ControlPlaneDiskEncryptionKey, "gkeops_etcd_backup_encryption_key": c.GkeopsEtcdBackupEncryptionKey, } + allEmpty := true + for _, v := range f { + if v.(string) != "" { + allEmpty = false + } + } if len(c.ServiceAccountSigningKeys) != 0 { f["service_account_signing_keys"] = schema.NewSet(schema.HashString, tpgresource.ConvertStringArrToInterface(c.ServiceAccountSigningKeys)) + allEmpty = false } if len(c.ServiceAccountVerificationKeys) != 0 { f["service_account_verification_keys"] = schema.NewSet(schema.HashString, tpgresource.ConvertStringArrToInterface(c.ServiceAccountVerificationKeys)) + allEmpty = false + } + if allEmpty { + return nil } return []map[string]interface{}{f} } diff --git a/google/services/container/resource_container_cluster_internal_test.go b/google/services/container/resource_container_cluster_internal_test.go index 48b34bd0dd2..b1764bb6d3f 100644 --- a/google/services/container/resource_container_cluster_internal_test.go +++ b/google/services/container/resource_container_cluster_internal_test.go @@ -5,8 +5,11 @@ package container import ( "testing" + "github.com/google/go-cmp/cmp" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/hashicorp/terraform-provider-google/google/tpgresource" + + "google.golang.org/api/container/v1" ) func TestContainerClusterEnableK8sBetaApisCustomizeDiff(t *testing.T) { @@ -208,3 +211,161 @@ func TestContainerCluster_NodeVersionCustomizeDiff(t *testing.T) { } } } + +func TestContainerCluster_flattenUserManagedKeysConfig(t *testing.T) { + t.Parallel() + + cases := []struct { + name string + config *container.UserManagedKeysConfig + want []map[string]interface{} + }{ + { + name: "nil", + }, + { + name: "empty", + config: &container.UserManagedKeysConfig{}, + }, + { + name: "cluster_ca", + config: &container.UserManagedKeysConfig{ + ClusterCa: "value", + }, + want: []map[string]interface{}{ + { + "cluster_ca": "value", + "etcd_api_ca": "", + "etcd_peer_ca": "", + "aggregation_ca": "", + "control_plane_disk_encryption_key": "", + "gkeops_etcd_backup_encryption_key": "", + }, + }, + }, + { + name: "etcd_api_ca", + config: &container.UserManagedKeysConfig{ + EtcdApiCa: "value", + }, + want: []map[string]interface{}{ + { + "cluster_ca": "", + "etcd_api_ca": "value", + "etcd_peer_ca": "", + "aggregation_ca": "", + "control_plane_disk_encryption_key": "", + "gkeops_etcd_backup_encryption_key": "", + }, + }, + }, + { + name: "etcd_peer_ca", + config: &container.UserManagedKeysConfig{ + EtcdPeerCa: "value", + }, + want: []map[string]interface{}{ + { + "cluster_ca": "", + "etcd_api_ca": "", + "etcd_peer_ca": "value", + "aggregation_ca": "", + "control_plane_disk_encryption_key": "", + "gkeops_etcd_backup_encryption_key": "", + }, + }, + }, + { + name: "aggregation_ca", + config: &container.UserManagedKeysConfig{ + AggregationCa: "value", + }, + want: []map[string]interface{}{ + { + "cluster_ca": "", + "etcd_api_ca": "", + "etcd_peer_ca": "", + "aggregation_ca": "value", + "control_plane_disk_encryption_key": "", + "gkeops_etcd_backup_encryption_key": "", + }, + }, + }, + { + name: "control_plane_disk_encryption_key", + config: &container.UserManagedKeysConfig{ + ControlPlaneDiskEncryptionKey: "value", + }, + want: []map[string]interface{}{ + { + "cluster_ca": "", + "etcd_api_ca": "", + "etcd_peer_ca": "", + "aggregation_ca": "", + "control_plane_disk_encryption_key": "value", + "gkeops_etcd_backup_encryption_key": "", + }, + }, + }, + { + name: "gkeops_etcd_backup_encryption_key", + config: &container.UserManagedKeysConfig{ + GkeopsEtcdBackupEncryptionKey: "value", + }, + want: []map[string]interface{}{ + { + "cluster_ca": "", + "etcd_api_ca": "", + "etcd_peer_ca": "", + "aggregation_ca": "", + "control_plane_disk_encryption_key": "", + "gkeops_etcd_backup_encryption_key": "value", + }, + }, + }, + { + name: "service_account_signing_keys", + config: &container.UserManagedKeysConfig{ + ServiceAccountSigningKeys: []string{"value"}, + }, + want: []map[string]interface{}{ + { + "cluster_ca": "", + "etcd_api_ca": "", + "etcd_peer_ca": "", + "aggregation_ca": "", + "control_plane_disk_encryption_key": "", + "gkeops_etcd_backup_encryption_key": "", + "service_account_signing_keys": schema.NewSet(schema.HashString, []interface{}{"value"}), + }, + }, + }, + { + name: "service_account_verification_keys", + config: &container.UserManagedKeysConfig{ + ServiceAccountVerificationKeys: []string{"value"}, + }, + want: []map[string]interface{}{ + { + "cluster_ca": "", + "etcd_api_ca": "", + "etcd_peer_ca": "", + "aggregation_ca": "", + "control_plane_disk_encryption_key": "", + "gkeops_etcd_backup_encryption_key": "", + "service_account_verification_keys": schema.NewSet(schema.HashString, []interface{}{"value"}), + }, + }, + }, + } + + for _, tc := range cases { + t.Run(tc.name, func(t *testing.T) { + t.Parallel() + got := flattenUserManagedKeysConfig(tc.config) + if diff := cmp.Diff(got, tc.want); diff != "" { + t.Errorf("flattenUserManagedKeysConfig(%s) returned unexpected diff. +got, -want:\n%s", tc.name, diff) + } + }) + } +}