From 6e558590287f47c4631c807d22161c2fdab50653 Mon Sep 17 00:00:00 2001 From: Chris Stephens Date: Mon, 3 Jun 2019 22:21:30 +0000 Subject: [PATCH] Support for GKE intranode visibility Signed-off-by: Modular Magician --- google/resource_container_cluster.go | 63 ++++++++++++------- .../docs/r/container_cluster.html.markdown | 6 +- 2 files changed, 45 insertions(+), 24 deletions(-) diff --git a/google/resource_container_cluster.go b/google/resource_container_cluster.go index ce6f3b873e9..6e63059cdf4 100644 --- a/google/resource_container_cluster.go +++ b/google/resource_container_cluster.go @@ -201,7 +201,7 @@ func resourceContainerCluster() *schema.Resource { }, }, }, - }, + }, }, }, @@ -256,9 +256,10 @@ func resourceContainerCluster() *schema.Resource { "enable_binary_authorization": { Removed: "This field is in beta. Use it in the the google-beta provider instead. See https://terraform.io/docs/providers/google/provider_versions.html for more details.", - Computed: true, + Computed: true, Type: schema.TypeBool, Optional: true, + }, "enable_kubernetes_alpha": { @@ -452,10 +453,10 @@ func resourceContainerCluster() *schema.Resource { "pod_security_policy_config": { // Remove return nil from expand when this is removed for good. - Removed: "This field is in beta. Use it in the the google-beta provider instead. See https://terraform.io/docs/providers/google/provider_versions.html for more details.", - Type: schema.TypeList, - Optional: true, - MaxItems: 1, + Removed: "This field is in beta. Use it in the the google-beta provider instead. See https://terraform.io/docs/providers/google/provider_versions.html for more details.", + Type: schema.TypeList, + Optional: true, + MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "enabled": { @@ -521,7 +522,7 @@ func resourceContainerCluster() *schema.Resource { ConflictsWith: ipAllocationRangeFields, }, - "subnetwork_name": { + "subnetwork_name": { Type: schema.TypeString, Optional: true, ForceNew: true, @@ -546,11 +547,11 @@ func resourceContainerCluster() *schema.Resource { DiffSuppressFunc: cidrOrSizeDiffSuppress, }, "node_ipv4_cidr_block": { - Type: schema.TypeString, - Optional: true, - Computed: true, - ForceNew: true, - ConflictsWith: ipAllocationRangeFields, + Type: schema.TypeString, + Optional: true, + Computed: true, + ForceNew: true, + ConflictsWith: ipAllocationRangeFields, DiffSuppressFunc: cidrOrSizeDiffSuppress, }, @@ -587,15 +588,15 @@ func resourceContainerCluster() *schema.Resource { Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ "enable_private_endpoint": { - Type: schema.TypeBool, - Optional: true, - ForceNew: true, + Type: schema.TypeBool, + Optional: true, + ForceNew: true, DiffSuppressFunc: containerClusterPrivateClusterConfigSuppress, }, "enable_private_nodes": { - Type: schema.TypeBool, - Optional: true, - ForceNew: true, + Type: schema.TypeBool, + Optional: true, + ForceNew: true, DiffSuppressFunc: containerClusterPrivateClusterConfigSuppress, }, "master_ipv4_cidr_block": { @@ -621,6 +622,10 @@ func resourceContainerCluster() *schema.Resource { Optional: true, Elem: &schema.Schema{Type: schema.TypeString}, }, + + + "enable_intranode_visibility": { + "This field is in beta. Use it in the the google-beta provider instead. See https://terraform.io/docs/providers/google/provider_versions.html for more details.", }, } } @@ -697,10 +702,11 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er EnableKubernetesAlpha: d.Get("enable_kubernetes_alpha").(bool), IpAllocationPolicy: expandIPAllocationPolicy(d.Get("ip_allocation_policy")), PodSecurityPolicyConfig: expandPodSecurityPolicyConfig(d.Get("pod_security_policy_config")), - MasterAuth: expandMasterAuth(d.Get("master_auth")), - ResourceLabels: expandStringMap(d, "resource_labels"), + MasterAuth: expandMasterAuth(d.Get("master_auth")), + ResourceLabels: expandStringMap(d, "resource_labels"), } + // Only allow setting node_version on create if it's set to the equivalent master version, // since `InitialClusterVersion` only accepts valid master-style versions. if v, ok := d.GetOk("node_version"); ok { @@ -782,6 +788,7 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er cluster.PrivateClusterConfig = expandPrivateClusterConfig(v) } + req := &containerBeta.CreateClusterRequest{ Cluster: cluster, } @@ -809,7 +816,7 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er _, getErr := config.clientContainerBeta.Projects.Locations.Clusters.Get(containerClusterFullName(project, location, clusterName)).Do() if getErr != nil { // Make errcheck happy - log.Printf("[WARN] Cluster %s was created in an error state and not found", clusterName) + log.Printf("[WARN] Cluster %s was created in an error state and not found", clusterName) } if deleteErr := cleanFailedContainerCluster(d, meta); deleteErr != nil { @@ -943,6 +950,7 @@ func resourceContainerClusterRead(d *schema.ResourceData, meta interface{}) erro return err } + d.Set("resource_labels", cluster.ResourceLabels) return nil } @@ -1406,6 +1414,7 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er d.SetPartial("master_auth") } + if d.HasChange("resource_labels") { resourceLabels := d.Get("resource_labels").(map[string]interface{}) req := &containerBeta.SetLabelsRequest{ @@ -1610,6 +1619,7 @@ func expandClusterAddonsConfig(configured interface{}) *containerBeta.AddonsConf } } + return ac } @@ -1629,11 +1639,11 @@ func expandIPAllocationPolicy(configured interface{}) *containerBeta.IPAllocatio ClusterIpv4CidrBlock: config["cluster_ipv4_cidr_block"].(string), ServicesIpv4CidrBlock: config["services_ipv4_cidr_block"].(string), - NodeIpv4CidrBlock: config["node_ipv4_cidr_block"].(string), + NodeIpv4CidrBlock: config["node_ipv4_cidr_block"].(string), ClusterSecondaryRangeName: config["cluster_secondary_range_name"].(string), ServicesSecondaryRangeName: config["services_secondary_range_name"].(string), - ForceSendFields: []string{"UseIpAliases"}, + ForceSendFields: []string{"UseIpAliases"}, } } @@ -1655,6 +1665,7 @@ func expandMaintenancePolicy(configured interface{}) *containerBeta.MaintenanceP } } + func expandMasterAuth(configured interface{}) *containerBeta.MasterAuth { l := configured.([]interface{}) if len(l) == 0 || l[0] == nil { @@ -1734,12 +1745,14 @@ func expandPrivateClusterConfig(configured interface{}) *containerBeta.PrivateCl } } + func expandPodSecurityPolicyConfig(configured interface{}) *containerBeta.PodSecurityPolicyConfig { // Removing lists is hard - the element count (#) will have a diff from nil -> computed // If we set this to empty on Read, it will be stable. return nil } + func flattenNetworkPolicy(c *containerBeta.NetworkPolicy) []map[string]interface{} { result := []map[string]interface{}{} if c != nil { @@ -1823,6 +1836,7 @@ func flattenPrivateClusterConfig(c *containerBeta.PrivateClusterConfig) []map[st } } + func flattenIPAllocationPolicy(c *containerBeta.Cluster, d *schema.ResourceData, config *Config) []map[string]interface{} { if c == nil || c.IpAllocationPolicy == nil { return nil @@ -1901,6 +1915,7 @@ func flattenMasterAuth(ma *containerBeta.MasterAuth) []map[string]interface{} { return masterAuth } + func flattenMasterAuthorizedNetworksConfig(c *containerBeta.MasterAuthorizedNetworksConfig) []map[string]interface{} { if c == nil { return nil @@ -1919,6 +1934,8 @@ func flattenMasterAuthorizedNetworksConfig(c *containerBeta.MasterAuthorizedNetw return []map[string]interface{}{result} } + + func resourceContainerClusterStateImporter(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { config := meta.(*Config) diff --git a/website/docs/r/container_cluster.html.markdown b/website/docs/r/container_cluster.html.markdown index adf286e8e29..ec9a01bb203 100644 --- a/website/docs/r/container_cluster.html.markdown +++ b/website/docs/r/container_cluster.html.markdown @@ -283,9 +283,13 @@ to the datasource. A `region` can have a different set of supported versions tha * `subnetwork` - (Optional) The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched. -* `vertical_pod_autoscaling` - Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. +* `vertical_pod_autoscaling` - (Optional, [Beta](https://terraform.io/docs/providers/google/provider_versions.html)) + Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. Structure is documented below. +* `enable_intranode_visibility` - (Optional, [Beta](https://terraform.io/docs/providers/google/provider_versions.html)) + Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network. + The `addons_config` block supports: * `horizontal_pod_autoscaling` - (Optional) The status of the Horizontal Pod Autoscaling