From d1ccbb8a4bf5d84cd1659e9d73f159879a392011 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GLON?= Date: Wed, 11 Oct 2017 16:41:41 +0200 Subject: [PATCH 01/15] replalce TypeList by TypeSet --- google/node_config.go | 2 +- google/resource_container_cluster_test.go | 59 +++++++++++++++++++++++ 2 files changed, 60 insertions(+), 1 deletion(-) diff --git a/google/node_config.go b/google/node_config.go index f31e13c515b..a5ba8dde644 100644 --- a/google/node_config.go +++ b/google/node_config.go @@ -3,7 +3,7 @@ package google import ( "github.com/hashicorp/terraform/helper/schema" "github.com/hashicorp/terraform/helper/validation" - "google.golang.org/api/container/v1" + container "google.golang.org/api/container/v1" ) var schemaNodeConfig = &schema.Schema{ diff --git a/google/resource_container_cluster_test.go b/google/resource_container_cluster_test.go index 5201b9b8121..fc6a4f99b97 100644 --- a/google/resource_container_cluster_test.go +++ b/google/resource_container_cluster_test.go @@ -293,6 +293,31 @@ func TestAccContainerCluster_withNodeConfig(t *testing.T) { }) } +func TestAccContainerCluster_withNodeConfigNotSorted(t *testing.T) { + // Make an update with non sorted oauth_scopes + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckContainerClusterDestroy, + Steps: []resource.TestStep{ + { + Config: testAccContainerCluster_withNodeConfigNotsorted, + Check: resource.ComposeTestCheckFunc( + testAccCheckContainerCluster( + "google_container_cluster.with_node_config_not_sorted"), + ), + }, + { + Config: testAccContainerCluster_withNodeConfigNotsorted, + Check: resource.ComposeTestCheckFunc( + testAccCheckContainerCluster( + "google_container_cluster.with_node_config_not_sorted"), + ), + }, + }, + }) +} + func TestAccContainerCluster_withNodeConfigScopeAlias(t *testing.T) { t.Parallel() @@ -1077,6 +1102,40 @@ resource "google_container_cluster" "with_version" { }`, clusterName) } +var testAccContainerCluster_withNodeConfigNotsorted = fmt.Sprintf(` +resource "google_container_cluster" "with_node_config_not_sorted" { + name = "cluster-test-%s" + zone = "us-central1-f" + initial_node_count = 1 + + master_auth { + username = "mr.yoda" + password = "adoy.rm" + } + + node_config { + machine_type = "n1-standard-1" + disk_size_gb = 15 + local_ssd_count = 1 + oauth_scopes = [ + "https://www.googleapis.com/auth/compute", + "https://www.googleapis.com/auth/devstorage.read_only", + "https://www.googleapis.com/auth/logging.write", + "monitoring" + ] + service_account = "default" + metadata { + foo = "bar" + } + image_type = "COS" + labels { + foo = "bar" + } + tags = ["foo", "bar"] + preemptible = true + } +}`, acctest.RandString(10)) + var testAccContainerCluster_withNodeConfig = fmt.Sprintf(` resource "google_container_cluster" "with_node_config" { name = "cluster-test-%s" From f0e705f2d005937047a3fa051682daaeb29f0f8f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GLON?= Date: Wed, 25 Oct 2017 12:03:14 +0200 Subject: [PATCH 02/15] Add network policy --- google/resource_container_cluster.go | 24 +++++++++++++++++++ google/resource_container_cluster_test.go | 7 ++++++ .../docs/r/container_cluster.html.markdown | 3 +++ 3 files changed, 34 insertions(+) diff --git a/google/resource_container_cluster.go b/google/resource_container_cluster.go index d9b21af3cde..c8849838278 100644 --- a/google/resource_container_cluster.go +++ b/google/resource_container_cluster.go @@ -128,6 +128,22 @@ func resourceContainerCluster() *schema.Resource { }, }, }, + "network_policy": { + Type: schema.TypeList, + Optional: true, + ForceNew: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "disabled": { + Type: schema.TypeBool, + Default: true, + Optional: true, + ForceNew: true, + }, + }, + }, + }, }, }, }, @@ -863,6 +879,14 @@ func expandClusterAddonsConfig(configured interface{}) *container.AddonsConfig { ForceSendFields: []string{"Disabled"}, } } + + if v, ok := config["network_policy"]; ok && len(v.([]interface{})) > 0 { + addon := v.([]interface{})[0].(map[string]interface{}) + ac.NetworkPolicyConfig = &container.NetworkPolicyConfig{ + Disabled: addon["disabled"].(bool), + ForceSendFields: []string{"Disabled"}, + } + } return ac } diff --git a/google/resource_container_cluster_test.go b/google/resource_container_cluster_test.go index fc6a4f99b97..a2d212d88f8 100644 --- a/google/resource_container_cluster_test.go +++ b/google/resource_container_cluster_test.go @@ -706,9 +706,14 @@ func testAccCheckContainerCluster(n string) resource.TestCheckFunc { if cluster.AddonsConfig != nil && cluster.AddonsConfig.KubernetesDashboard != nil { kubernetesDashboardDisabled = cluster.AddonsConfig.KubernetesDashboard.Disabled } + networkPolicyDisabled := false + if cluster.AddonsConfig != nil && cluster.AddonsConfig.NetworkPolicyConfig != nil { + networkPolicyDisabled = cluster.AddonsConfig.NetworkPolicyConfig.Disabled + } clusterTests = append(clusterTests, clusterTestField{"addons_config.0.http_load_balancing.0.disabled", httpLoadBalancingDisabled}) clusterTests = append(clusterTests, clusterTestField{"addons_config.0.horizontal_pod_autoscaling.0.disabled", horizontalPodAutoscalingDisabled}) clusterTests = append(clusterTests, clusterTestField{"addons_config.0.kubernetes_dashboard.0.disabled", kubernetesDashboardDisabled}) + clusterTests = append(clusterTests, clusterTestField{"addons_config.0.network_policy.0.disabled", networkPolicyDisabled}) for i, np := range cluster.NodePools { prefix := fmt.Sprintf("node_pool.%d.", i) @@ -915,6 +920,7 @@ resource "google_container_cluster" "primary" { addons_config { http_load_balancing { disabled = true } kubernetes_dashboard { disabled = true } + network_policy { disabled = true } } }`, clusterName) } @@ -930,6 +936,7 @@ resource "google_container_cluster" "primary" { http_load_balancing { disabled = false } kubernetes_dashboard { disabled = true } horizontal_pod_autoscaling { disabled = true } + network_policy { disabled = false } } }`, clusterName) } diff --git a/website/docs/r/container_cluster.html.markdown b/website/docs/r/container_cluster.html.markdown index b002a183f3a..6ce3e239b89 100644 --- a/website/docs/r/container_cluster.html.markdown +++ b/website/docs/r/container_cluster.html.markdown @@ -154,6 +154,9 @@ The `addons_config` block supports: add-on, which controls whether the Kubernetes Dashboard is enabled for this cluster. It is enabled by default; set `disabled = true` to disable. +* `network_policy` - (Optional) The status of the Network Policy + add-on. It is disable by default; set `disabled = false` to enable. + This example `addons_config` disables two addons: ``` From 1fb2e80b08664c2638c06b5710c35bf7a56ad0c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GLON?= Date: Thu, 2 Nov 2017 09:07:48 +0100 Subject: [PATCH 03/15] test improvement --- google/resource_container_cluster.go | 8 ++++++++ google/resource_container_cluster_test.go | 6 ++++-- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/google/resource_container_cluster.go b/google/resource_container_cluster.go index c8849838278..7fbb13e0931 100644 --- a/google/resource_container_cluster.go +++ b/google/resource_container_cluster.go @@ -933,6 +933,14 @@ func flattenClusterAddonsConfig(c *container.AddonsConfig) []map[string]interfac }, } } + + if c.NetworkPolicyConfig != nil { + result["network_policy"] = []map[string]interface{}{ + { + "disabled": c.NetworkPolicyConfig.Disabled, + }, + } + } return []map[string]interface{}{result} } diff --git a/google/resource_container_cluster_test.go b/google/resource_container_cluster_test.go index a2d212d88f8..44b074d29b2 100644 --- a/google/resource_container_cluster_test.go +++ b/google/resource_container_cluster_test.go @@ -72,6 +72,7 @@ func TestAccContainerCluster_withAddons(t *testing.T) { "google_container_cluster.primary"), resource.TestCheckResourceAttr("google_container_cluster.primary", "addons_config.0.http_load_balancing.0.disabled", "true"), resource.TestCheckResourceAttr("google_container_cluster.primary", "addons_config.0.kubernetes_dashboard.0.disabled", "true"), + resource.TestCheckResourceAttr("google_container_cluster.primary", "addons_config.0.network_policy.0.disabled", "false"), ), }, { @@ -82,6 +83,7 @@ func TestAccContainerCluster_withAddons(t *testing.T) { resource.TestCheckResourceAttr("google_container_cluster.primary", "addons_config.0.horizontal_pod_autoscaling.0.disabled", "true"), resource.TestCheckResourceAttr("google_container_cluster.primary", "addons_config.0.http_load_balancing.0.disabled", "false"), resource.TestCheckResourceAttr("google_container_cluster.primary", "addons_config.0.kubernetes_dashboard.0.disabled", "true"), + resource.TestCheckResourceAttr("google_container_cluster.primary", "addons_config.0.kubernetes_dashboard.0.disabled", "true"), ), }, }, @@ -920,7 +922,7 @@ resource "google_container_cluster" "primary" { addons_config { http_load_balancing { disabled = true } kubernetes_dashboard { disabled = true } - network_policy { disabled = true } + network_policy { disabled = false } } }`, clusterName) } @@ -936,7 +938,7 @@ resource "google_container_cluster" "primary" { http_load_balancing { disabled = false } kubernetes_dashboard { disabled = true } horizontal_pod_autoscaling { disabled = true } - network_policy { disabled = false } + network_policy { disabled = true } } }`, clusterName) } From 55492f0b8d37324e6edfe2328f8f7ac42440d723 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GLON?= Date: Mon, 13 Nov 2017 08:36:35 +0100 Subject: [PATCH 04/15] correct test --- google/resource_container_cluster_test.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/google/resource_container_cluster_test.go b/google/resource_container_cluster_test.go index 44b074d29b2..e1c62d4beed 100644 --- a/google/resource_container_cluster_test.go +++ b/google/resource_container_cluster_test.go @@ -72,7 +72,7 @@ func TestAccContainerCluster_withAddons(t *testing.T) { "google_container_cluster.primary"), resource.TestCheckResourceAttr("google_container_cluster.primary", "addons_config.0.http_load_balancing.0.disabled", "true"), resource.TestCheckResourceAttr("google_container_cluster.primary", "addons_config.0.kubernetes_dashboard.0.disabled", "true"), - resource.TestCheckResourceAttr("google_container_cluster.primary", "addons_config.0.network_policy.0.disabled", "false"), + resource.TestCheckResourceAttr("google_container_cluster.primary", "addons_config.0.network_policy.0.disabled", "true"), ), }, { @@ -83,7 +83,7 @@ func TestAccContainerCluster_withAddons(t *testing.T) { resource.TestCheckResourceAttr("google_container_cluster.primary", "addons_config.0.horizontal_pod_autoscaling.0.disabled", "true"), resource.TestCheckResourceAttr("google_container_cluster.primary", "addons_config.0.http_load_balancing.0.disabled", "false"), resource.TestCheckResourceAttr("google_container_cluster.primary", "addons_config.0.kubernetes_dashboard.0.disabled", "true"), - resource.TestCheckResourceAttr("google_container_cluster.primary", "addons_config.0.kubernetes_dashboard.0.disabled", "true"), + resource.TestCheckResourceAttr("google_container_cluster.primary", "addons_config.0.network_policy.0.disabled", "false"), ), }, }, @@ -922,7 +922,7 @@ resource "google_container_cluster" "primary" { addons_config { http_load_balancing { disabled = true } kubernetes_dashboard { disabled = true } - network_policy { disabled = false } + network_policy { disabled = true } } }`, clusterName) } @@ -938,7 +938,7 @@ resource "google_container_cluster" "primary" { http_load_balancing { disabled = false } kubernetes_dashboard { disabled = true } horizontal_pod_autoscaling { disabled = true } - network_policy { disabled = true } + network_policy { disabled = false } } }`, clusterName) } From 63e38be95a6dec94c452d5c9cc8da786dae77bf8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GLON?= Date: Thu, 16 Nov 2017 23:00:08 +0100 Subject: [PATCH 05/15] Add cluster network polocy enabled --- google/resource_container_cluster.go | 79 +++++++++++++++++++++++ google/resource_container_cluster_test.go | 63 ++++++++++++++++++ 2 files changed, 142 insertions(+) diff --git a/google/resource_container_cluster.go b/google/resource_container_cluster.go index 7fbb13e0931..1c5d31d769e 100644 --- a/google/resource_container_cluster.go +++ b/google/resource_container_cluster.go @@ -276,6 +276,31 @@ func resourceContainerCluster() *schema.Resource { StateFunc: StoreResourceName, }, + "network_policy": { + Type: schema.TypeList, + Optional: true, + Computed: true, + ForceNew: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enabled": { + Type: schema.TypeBool, + ForceNew: true, + Optional: true, + Default: true, + }, + "provider": { + Type: schema.TypeString, + ForceNew: true, + Default: "PROVIDER_UNSPECIFIED", + Optional: true, + ValidateFunc: validation.StringInSlice([]string{"PROVIDER_UNSPECIFIED", "CALICO"}, false), + }, + }, + }, + }, + "node_config": schemaNodeConfig, "node_pool": { @@ -414,6 +439,10 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er cluster.Network = network } + if v, ok := d.GetOk("network_policy"); ok && len(v.([]interface{})) > 0 { + cluster.NetworkPolicy = expandNetworkPolicy(v) + } + if v, ok := d.GetOk("subnetwork"); ok { cluster.Subnetwork = v.(string) } @@ -496,6 +525,9 @@ func resourceContainerClusterRead(d *schema.ResourceData, meta interface{}) erro } d.Set("name", cluster.Name) + + d.Set("network_policy", flattenNetworkPolicy(cluster.NetworkPolicy)) + d.Set("zone", cluster.Zone) locations := []string{} @@ -759,6 +791,29 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er d.SetPartial("monitoring_service") } + if d.HasChange("network_policy") { + np, _ := d.GetOk("network_policy") + + req := &container.SetNetworkPolicyRequest{ + NetworkPolicy: expandNetworkPolicy(np), + } + op, err := config.clientContainer.Projects.Zones.Clusters.SetNetworkPolicy( + project, zoneName, clusterName, req).Do() + if err != nil { + return err + } + + // Wait until it's updated + waitErr := containerOperationWait(config, op, project, zoneName, "updating GKE cluster network policy", timeoutInMinutes, 2) + if waitErr != nil { + return waitErr + } + log.Printf("[INFO] Network policy for GKE cluster %s has been updated", d.Id()) + + d.SetPartial("network_policy") + + } + if n, ok := d.GetOk("node_pool.#"); ok { for i := 0; i < n.(int); i++ { if err := nodePoolUpdate(d, meta, clusterName, fmt.Sprintf("node_pool.%d.", i), timeoutInMinutes); err != nil { @@ -910,6 +965,30 @@ func expandMasterAuthorizedNetworksConfig(configured interface{}) *container.Mas return result } +func expandNetworkPolicy(configured interface{}) *container.NetworkPolicy { + result := &container.NetworkPolicy{} + if configured != nil && len(configured.([]interface{})) > 0 { + config := configured.([]interface{})[0].(map[string]interface{}) + if enabled, ok := config["enabled"]; ok && enabled.(bool) { + result.Enabled = true + if provider, ok := config["provider"]; ok { + result.Provider = provider.(string) + } + } + } + return result +} + +func flattenNetworkPolicy(c *container.NetworkPolicy) []map[string]interface{} { + if c == nil { + c = &container.NetworkPolicy{} + } + result := make(map[string]interface{}) + result["enabled"] = c.Enabled + result["provider"] = c.Provider + return []map[string]interface{}{result} +} + func flattenClusterAddonsConfig(c *container.AddonsConfig) []map[string]interface{} { result := make(map[string]interface{}) if c.HorizontalPodAutoscaling != nil { diff --git a/google/resource_container_cluster_test.go b/google/resource_container_cluster_test.go index e1c62d4beed..4fd05e37197 100644 --- a/google/resource_container_cluster_test.go +++ b/google/resource_container_cluster_test.go @@ -109,6 +109,36 @@ func TestAccContainerCluster_withMasterAuth(t *testing.T) { }) } +func TestAccContainerCluster_withNetworkPolicyEnabled(t *testing.T) { + t.Parallel() + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckContainerClusterDestroy, + Steps: []resource.TestStep{ + { + Config: testAccContainerCluster_withNetworkPolicyEnabled, + Check: resource.ComposeTestCheckFunc( + testAccCheckContainerCluster( + "google_container_cluster.with_network_policy_enabled"), + resource.TestCheckResourceAttr("google_container_cluster.with_network_policy_enabled", + "network_policy.#", "1"), + ), + }, + { + Config: testAccContainerCluster_updateNetworkPolicyEnabled, + Check: resource.ComposeTestCheckFunc( + testAccCheckContainerCluster( + "google_container_cluster.with_network_policy_enabled"), + resource.TestCheckNoResourceAttr("google_container_cluster.with_network_policy_enabled", + "network_policy"), + ), + }, + }, + }) +} + func TestAccContainerCluster_withMasterAuthorizedNetworksConfig(t *testing.T) { t.Parallel() @@ -686,6 +716,16 @@ func testAccCheckContainerCluster(n string) resource.TestCheckFunc { {"node_version", cluster.CurrentNodeVersion}, } + if cluster.NetworkPolicy != nil { + clusterTests = append(clusterTests, + clusterTestField{"network_policy.0.enabled", cluster.NetworkPolicy.Enabled}, + clusterTestField{"network_policy.0.provider", cluster.NetworkPolicy.Provider}, + ) + } else { + clusterTests = append(clusterTests, + clusterTestField{"network_policy.#", "1"}, + ) + } // Remove Zone from additional_zones since that's what the resource writes in state additionalZones := []string{} for _, location := range cluster.Locations { @@ -955,6 +995,29 @@ resource "google_container_cluster" "with_master_auth" { } }`, acctest.RandString(10)) +var testAccContainerCluster_withNetworkPolicyEnabled = fmt.Sprintf(` + resource "google_container_cluster" "with_network_policy_enabled" { + name = "cluster-test-%s" + zone = "us-central1-a" + initial_node_count = 1 + + network_policy { + enabled = true + provider = "CALICO" + } + }`, acctest.RandString(10)) + +var testAccContainerCluster_updateNetworkPolicyEnabled = fmt.Sprintf(` + resource "google_container_cluster" "with_network_policy_enabled" { + name = "cluster-test-%s" + zone = "us-central1-a" + initial_node_count = 1 + + // commented to disable it + //network_policy { + //} + }`, acctest.RandString(10)) + func testAccContainerCluster_withMasterAuthorizedNetworksConfig(clusterName string, cidrs []string) string { cidrBlocks := "" From 22758f7059d481718e8813e0f64f913df47a3e4e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GLON?= Date: Mon, 20 Nov 2017 11:51:44 +0100 Subject: [PATCH 06/15] Replalce network_policy addons by global network_policy enabled --- google/resource_container_cluster.go | 30 ------------------- google/resource_container_cluster_test.go | 14 ++------- .../docs/r/container_cluster.html.markdown | 6 ++-- 3 files changed, 6 insertions(+), 44 deletions(-) diff --git a/google/resource_container_cluster.go b/google/resource_container_cluster.go index 1c5d31d769e..78f1b1bc91b 100644 --- a/google/resource_container_cluster.go +++ b/google/resource_container_cluster.go @@ -128,22 +128,6 @@ func resourceContainerCluster() *schema.Resource { }, }, }, - "network_policy": { - Type: schema.TypeList, - Optional: true, - ForceNew: true, - MaxItems: 1, - Elem: &schema.Resource{ - Schema: map[string]*schema.Schema{ - "disabled": { - Type: schema.TypeBool, - Default: true, - Optional: true, - ForceNew: true, - }, - }, - }, - }, }, }, }, @@ -935,13 +919,6 @@ func expandClusterAddonsConfig(configured interface{}) *container.AddonsConfig { } } - if v, ok := config["network_policy"]; ok && len(v.([]interface{})) > 0 { - addon := v.([]interface{})[0].(map[string]interface{}) - ac.NetworkPolicyConfig = &container.NetworkPolicyConfig{ - Disabled: addon["disabled"].(bool), - ForceSendFields: []string{"Disabled"}, - } - } return ac } @@ -1013,13 +990,6 @@ func flattenClusterAddonsConfig(c *container.AddonsConfig) []map[string]interfac } } - if c.NetworkPolicyConfig != nil { - result["network_policy"] = []map[string]interface{}{ - { - "disabled": c.NetworkPolicyConfig.Disabled, - }, - } - } return []map[string]interface{}{result} } diff --git a/google/resource_container_cluster_test.go b/google/resource_container_cluster_test.go index 4fd05e37197..5d87f240b61 100644 --- a/google/resource_container_cluster_test.go +++ b/google/resource_container_cluster_test.go @@ -72,7 +72,6 @@ func TestAccContainerCluster_withAddons(t *testing.T) { "google_container_cluster.primary"), resource.TestCheckResourceAttr("google_container_cluster.primary", "addons_config.0.http_load_balancing.0.disabled", "true"), resource.TestCheckResourceAttr("google_container_cluster.primary", "addons_config.0.kubernetes_dashboard.0.disabled", "true"), - resource.TestCheckResourceAttr("google_container_cluster.primary", "addons_config.0.network_policy.0.disabled", "true"), ), }, { @@ -83,7 +82,6 @@ func TestAccContainerCluster_withAddons(t *testing.T) { resource.TestCheckResourceAttr("google_container_cluster.primary", "addons_config.0.horizontal_pod_autoscaling.0.disabled", "true"), resource.TestCheckResourceAttr("google_container_cluster.primary", "addons_config.0.http_load_balancing.0.disabled", "false"), resource.TestCheckResourceAttr("google_container_cluster.primary", "addons_config.0.kubernetes_dashboard.0.disabled", "true"), - resource.TestCheckResourceAttr("google_container_cluster.primary", "addons_config.0.network_policy.0.disabled", "false"), ), }, }, @@ -748,14 +746,9 @@ func testAccCheckContainerCluster(n string) resource.TestCheckFunc { if cluster.AddonsConfig != nil && cluster.AddonsConfig.KubernetesDashboard != nil { kubernetesDashboardDisabled = cluster.AddonsConfig.KubernetesDashboard.Disabled } - networkPolicyDisabled := false - if cluster.AddonsConfig != nil && cluster.AddonsConfig.NetworkPolicyConfig != nil { - networkPolicyDisabled = cluster.AddonsConfig.NetworkPolicyConfig.Disabled - } clusterTests = append(clusterTests, clusterTestField{"addons_config.0.http_load_balancing.0.disabled", httpLoadBalancingDisabled}) clusterTests = append(clusterTests, clusterTestField{"addons_config.0.horizontal_pod_autoscaling.0.disabled", horizontalPodAutoscalingDisabled}) clusterTests = append(clusterTests, clusterTestField{"addons_config.0.kubernetes_dashboard.0.disabled", kubernetesDashboardDisabled}) - clusterTests = append(clusterTests, clusterTestField{"addons_config.0.network_policy.0.disabled", networkPolicyDisabled}) for i, np := range cluster.NodePools { prefix := fmt.Sprintf("node_pool.%d.", i) @@ -962,7 +955,6 @@ resource "google_container_cluster" "primary" { addons_config { http_load_balancing { disabled = true } kubernetes_dashboard { disabled = true } - network_policy { disabled = true } } }`, clusterName) } @@ -978,7 +970,6 @@ resource "google_container_cluster" "primary" { http_load_balancing { disabled = false } kubernetes_dashboard { disabled = true } horizontal_pod_autoscaling { disabled = true } - network_policy { disabled = false } } }`, clusterName) } @@ -1004,7 +995,7 @@ var testAccContainerCluster_withNetworkPolicyEnabled = fmt.Sprintf(` network_policy { enabled = true provider = "CALICO" - } + } }`, acctest.RandString(10)) var testAccContainerCluster_updateNetworkPolicyEnabled = fmt.Sprintf(` @@ -1013,8 +1004,9 @@ var testAccContainerCluster_updateNetworkPolicyEnabled = fmt.Sprintf(` zone = "us-central1-a" initial_node_count = 1 - // commented to disable it + // remove network_policy is equal than enabled=false //network_policy { + // enabled = "false" //} }`, acctest.RandString(10)) diff --git a/website/docs/r/container_cluster.html.markdown b/website/docs/r/container_cluster.html.markdown index 6ce3e239b89..c98673ca824 100644 --- a/website/docs/r/container_cluster.html.markdown +++ b/website/docs/r/container_cluster.html.markdown @@ -123,6 +123,9 @@ output "cluster_ca_certificate" { * `network` - (Optional) The name or self_link of the Google Compute Engine network to which the cluster is connected. +* `network_policy` - (Optional) The status of the Network Policy. + It is disable by default; set `enabled = true` to enable. + * `node_config` - (Optional) Parameters used in creating the cluster's nodes. Structure is documented below. @@ -154,9 +157,6 @@ The `addons_config` block supports: add-on, which controls whether the Kubernetes Dashboard is enabled for this cluster. It is enabled by default; set `disabled = true` to disable. -* `network_policy` - (Optional) The status of the Network Policy - add-on. It is disable by default; set `disabled = false` to enable. - This example `addons_config` disables two addons: ``` From ca4e0190e7e471a9adb90e46957ac2c58be0b447 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GLON?= Date: Mon, 20 Nov 2017 12:03:46 +0100 Subject: [PATCH 07/15] Update node_config.go --- google/node_config.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/google/node_config.go b/google/node_config.go index a5ba8dde644..f31e13c515b 100644 --- a/google/node_config.go +++ b/google/node_config.go @@ -3,7 +3,7 @@ package google import ( "github.com/hashicorp/terraform/helper/schema" "github.com/hashicorp/terraform/helper/validation" - container "google.golang.org/api/container/v1" + "google.golang.org/api/container/v1" ) var schemaNodeConfig = &schema.Schema{ From fa8eb307c92260168c54eb26114b4bf5b7baecfd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GLON?= Date: Mon, 20 Nov 2017 12:04:45 +0100 Subject: [PATCH 08/15] Update resource_container_cluster.go --- google/resource_container_cluster.go | 1 - 1 file changed, 1 deletion(-) diff --git a/google/resource_container_cluster.go b/google/resource_container_cluster.go index 78f1b1bc91b..35c5fb4aaf3 100644 --- a/google/resource_container_cluster.go +++ b/google/resource_container_cluster.go @@ -918,7 +918,6 @@ func expandClusterAddonsConfig(configured interface{}) *container.AddonsConfig { ForceSendFields: []string{"Disabled"}, } } - return ac } From 730005b5571ef8f05ae2b1f66931a40226cb71bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GLON?= Date: Mon, 20 Nov 2017 12:06:52 +0100 Subject: [PATCH 09/15] clean --- google/resource_container_cluster_test.go | 59 ----------------------- 1 file changed, 59 deletions(-) diff --git a/google/resource_container_cluster_test.go b/google/resource_container_cluster_test.go index 5d87f240b61..661e4fee916 100644 --- a/google/resource_container_cluster_test.go +++ b/google/resource_container_cluster_test.go @@ -323,31 +323,6 @@ func TestAccContainerCluster_withNodeConfig(t *testing.T) { }) } -func TestAccContainerCluster_withNodeConfigNotSorted(t *testing.T) { - // Make an update with non sorted oauth_scopes - resource.Test(t, resource.TestCase{ - PreCheck: func() { testAccPreCheck(t) }, - Providers: testAccProviders, - CheckDestroy: testAccCheckContainerClusterDestroy, - Steps: []resource.TestStep{ - { - Config: testAccContainerCluster_withNodeConfigNotsorted, - Check: resource.ComposeTestCheckFunc( - testAccCheckContainerCluster( - "google_container_cluster.with_node_config_not_sorted"), - ), - }, - { - Config: testAccContainerCluster_withNodeConfigNotsorted, - Check: resource.ComposeTestCheckFunc( - testAccCheckContainerCluster( - "google_container_cluster.with_node_config_not_sorted"), - ), - }, - }, - }) -} - func TestAccContainerCluster_withNodeConfigScopeAlias(t *testing.T) { t.Parallel() @@ -1166,40 +1141,6 @@ resource "google_container_cluster" "with_version" { }`, clusterName) } -var testAccContainerCluster_withNodeConfigNotsorted = fmt.Sprintf(` -resource "google_container_cluster" "with_node_config_not_sorted" { - name = "cluster-test-%s" - zone = "us-central1-f" - initial_node_count = 1 - - master_auth { - username = "mr.yoda" - password = "adoy.rm" - } - - node_config { - machine_type = "n1-standard-1" - disk_size_gb = 15 - local_ssd_count = 1 - oauth_scopes = [ - "https://www.googleapis.com/auth/compute", - "https://www.googleapis.com/auth/devstorage.read_only", - "https://www.googleapis.com/auth/logging.write", - "monitoring" - ] - service_account = "default" - metadata { - foo = "bar" - } - image_type = "COS" - labels { - foo = "bar" - } - tags = ["foo", "bar"] - preemptible = true - } -}`, acctest.RandString(10)) - var testAccContainerCluster_withNodeConfig = fmt.Sprintf(` resource "google_container_cluster" "with_node_config" { name = "cluster-test-%s" From ec664d496aee26295bb18fc82bbc3649d681b089 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GLON?= Date: Mon, 20 Nov 2017 12:10:12 +0100 Subject: [PATCH 10/15] clean --- google/resource_container_cluster.go | 1 - 1 file changed, 1 deletion(-) diff --git a/google/resource_container_cluster.go b/google/resource_container_cluster.go index 35c5fb4aaf3..a24fde6279c 100644 --- a/google/resource_container_cluster.go +++ b/google/resource_container_cluster.go @@ -988,7 +988,6 @@ func flattenClusterAddonsConfig(c *container.AddonsConfig) []map[string]interfac }, } } - return []map[string]interface{}{result} } From 89e014ab5bcabdde8ca06492c458896a511f163c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GLON?= Date: Tue, 21 Nov 2017 16:02:18 +0100 Subject: [PATCH 11/15] Correct PR --- google/resource_container_cluster.go | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/google/resource_container_cluster.go b/google/resource_container_cluster.go index a24fde6279c..fc6bc49fbae 100644 --- a/google/resource_container_cluster.go +++ b/google/resource_container_cluster.go @@ -264,7 +264,6 @@ func resourceContainerCluster() *schema.Resource { Type: schema.TypeList, Optional: true, Computed: true, - ForceNew: true, MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ @@ -272,7 +271,7 @@ func resourceContainerCluster() *schema.Resource { Type: schema.TypeBool, ForceNew: true, Optional: true, - Default: true, + Default: false, }, "provider": { Type: schema.TypeString, @@ -956,13 +955,14 @@ func expandNetworkPolicy(configured interface{}) *container.NetworkPolicy { } func flattenNetworkPolicy(c *container.NetworkPolicy) []map[string]interface{} { - if c == nil { - c = &container.NetworkPolicy{} + result := []map[string]interface{}{} + if c != nil { + result = append(result, map[string]interface{}{ + "enabled": c.Enabled, + "provider": c.Provider, + }) } - result := make(map[string]interface{}) - result["enabled"] = c.Enabled - result["provider"] = c.Provider - return []map[string]interface{}{result} + return result } func flattenClusterAddonsConfig(c *container.AddonsConfig) []map[string]interface{} { From 571dd8d3bc8a608935557e89c94187e8312843da Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GLON?= Date: Tue, 21 Nov 2017 16:02:29 +0100 Subject: [PATCH 12/15] COrrect PR --- google/resource_container_cluster_test.go | 64 ++++++++++++----------- 1 file changed, 33 insertions(+), 31 deletions(-) diff --git a/google/resource_container_cluster_test.go b/google/resource_container_cluster_test.go index 661e4fee916..a1268562a4b 100644 --- a/google/resource_container_cluster_test.go +++ b/google/resource_container_cluster_test.go @@ -110,13 +110,15 @@ func TestAccContainerCluster_withMasterAuth(t *testing.T) { func TestAccContainerCluster_withNetworkPolicyEnabled(t *testing.T) { t.Parallel() + clusterName := fmt.Sprintf("cluster-test-%s", acctest.RandString(10)) + resource.Test(t, resource.TestCase{ PreCheck: func() { testAccPreCheck(t) }, Providers: testAccProviders, CheckDestroy: testAccCheckContainerClusterDestroy, Steps: []resource.TestStep{ { - Config: testAccContainerCluster_withNetworkPolicyEnabled, + Config: testAccContainerCluster_withNetworkPolicyEnabled(clusterName), Check: resource.ComposeTestCheckFunc( testAccCheckContainerCluster( "google_container_cluster.with_network_policy_enabled"), @@ -125,7 +127,7 @@ func TestAccContainerCluster_withNetworkPolicyEnabled(t *testing.T) { ), }, { - Config: testAccContainerCluster_updateNetworkPolicyEnabled, + Config: testAccContainerCluster_removeNetworkPolicy(clusterName), Check: resource.ComposeTestCheckFunc( testAccCheckContainerCluster( "google_container_cluster.with_network_policy_enabled"), @@ -694,11 +696,7 @@ func testAccCheckContainerCluster(n string) resource.TestCheckFunc { clusterTestField{"network_policy.0.enabled", cluster.NetworkPolicy.Enabled}, clusterTestField{"network_policy.0.provider", cluster.NetworkPolicy.Provider}, ) - } else { - clusterTests = append(clusterTests, - clusterTestField{"network_policy.#", "1"}, - ) - } + } // Remove Zone from additional_zones since that's what the resource writes in state additionalZones := []string{} for _, location := range cluster.Locations { @@ -951,7 +949,7 @@ resource "google_container_cluster" "primary" { var testAccContainerCluster_withMasterAuth = fmt.Sprintf(` resource "google_container_cluster" "with_master_auth" { - name = "cluster-test-%s" + name = "%s" zone = "us-central1-a" initial_node_count = 3 @@ -961,29 +959,33 @@ resource "google_container_cluster" "with_master_auth" { } }`, acctest.RandString(10)) -var testAccContainerCluster_withNetworkPolicyEnabled = fmt.Sprintf(` - resource "google_container_cluster" "with_network_policy_enabled" { - name = "cluster-test-%s" - zone = "us-central1-a" - initial_node_count = 1 - - network_policy { - enabled = true - provider = "CALICO" - } - }`, acctest.RandString(10)) - -var testAccContainerCluster_updateNetworkPolicyEnabled = fmt.Sprintf(` - resource "google_container_cluster" "with_network_policy_enabled" { - name = "cluster-test-%s" - zone = "us-central1-a" - initial_node_count = 1 - - // remove network_policy is equal than enabled=false - //network_policy { - // enabled = "false" - //} - }`, acctest.RandString(10)) +func testAccContainerCluster_withNetworkPolicyEnabled(clusterName string) string { + return fmt.Sprintf(` +resource "google_container_cluster" "with_network_policy_enabled" { + name = "%s" + zone = "us-central1-a" + initial_node_count = 1 + + network_policy { + enabled = true + provider = "CALICO" + } +}`, clusterName) +} + +func testAccContainerCluster_removeNetworkPolicy(clusterName string) string { + return fmt.Sprintf(` +resource "google_container_cluster" "with_network_policy_enabled" { + name = "cluster-test-%s" + zone = "us-central1-a" + initial_node_count = 1 + + // remove network_policy is equal than enabled=false + //network_policy { + // enabled = "false" + //} +}`, clusterName) +} func testAccContainerCluster_withMasterAuthorizedNetworksConfig(clusterName string, cidrs []string) string { From 93e7e07d31816760050f0ea9a4421c2a13feb5f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GLON?= Date: Wed, 22 Nov 2017 09:50:59 +0100 Subject: [PATCH 13/15] pr --- google/resource_container_cluster.go | 2 -- google/resource_container_cluster_test.go | 4 ++-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/google/resource_container_cluster.go b/google/resource_container_cluster.go index fc6bc49fbae..902f5faba6d 100644 --- a/google/resource_container_cluster.go +++ b/google/resource_container_cluster.go @@ -269,13 +269,11 @@ func resourceContainerCluster() *schema.Resource { Schema: map[string]*schema.Schema{ "enabled": { Type: schema.TypeBool, - ForceNew: true, Optional: true, Default: false, }, "provider": { Type: schema.TypeString, - ForceNew: true, Default: "PROVIDER_UNSPECIFIED", Optional: true, ValidateFunc: validation.StringInSlice([]string{"PROVIDER_UNSPECIFIED", "CALICO"}, false), diff --git a/google/resource_container_cluster_test.go b/google/resource_container_cluster_test.go index a1268562a4b..fa40b2956eb 100644 --- a/google/resource_container_cluster_test.go +++ b/google/resource_container_cluster_test.go @@ -696,7 +696,7 @@ func testAccCheckContainerCluster(n string) resource.TestCheckFunc { clusterTestField{"network_policy.0.enabled", cluster.NetworkPolicy.Enabled}, clusterTestField{"network_policy.0.provider", cluster.NetworkPolicy.Provider}, ) - } + } // Remove Zone from additional_zones since that's what the resource writes in state additionalZones := []string{} for _, location := range cluster.Locations { @@ -949,7 +949,7 @@ resource "google_container_cluster" "primary" { var testAccContainerCluster_withMasterAuth = fmt.Sprintf(` resource "google_container_cluster" "with_master_auth" { - name = "%s" + name = "cluster-test-%s" zone = "us-central1-a" initial_node_count = 3 From b0c787ec77b9289581e9e4539eabc5ada1de70d4 Mon Sep 17 00:00:00 2001 From: Dana Hoffman Date: Mon, 27 Nov 2017 12:33:02 -0800 Subject: [PATCH 14/15] fix test to use same name --- google/resource_container_cluster_test.go | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/google/resource_container_cluster_test.go b/google/resource_container_cluster_test.go index fa40b2956eb..f38102ba384 100644 --- a/google/resource_container_cluster_test.go +++ b/google/resource_container_cluster_test.go @@ -976,14 +976,9 @@ resource "google_container_cluster" "with_network_policy_enabled" { func testAccContainerCluster_removeNetworkPolicy(clusterName string) string { return fmt.Sprintf(` resource "google_container_cluster" "with_network_policy_enabled" { - name = "cluster-test-%s" + name = "%s" zone = "us-central1-a" initial_node_count = 1 - - // remove network_policy is equal than enabled=false - //network_policy { - // enabled = "false" - //} }`, clusterName) } From de1056026a6431738c7300ecb7fc6c83cd344aff Mon Sep 17 00:00:00 2001 From: Dana Hoffman Date: Mon, 27 Nov 2017 12:35:38 -0800 Subject: [PATCH 15/15] add more documentation --- website/docs/r/container_cluster.html.markdown | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/website/docs/r/container_cluster.html.markdown b/website/docs/r/container_cluster.html.markdown index c98673ca824..d4599966f8c 100644 --- a/website/docs/r/container_cluster.html.markdown +++ b/website/docs/r/container_cluster.html.markdown @@ -123,8 +123,9 @@ output "cluster_ca_certificate" { * `network` - (Optional) The name or self_link of the Google Compute Engine network to which the cluster is connected. -* `network_policy` - (Optional) The status of the Network Policy. - It is disable by default; set `enabled = true` to enable. +* `network_policy` - (Optional) Configuration options for the + [NetworkPolicy](https://kubernetes.io/docs/concepts/services-networking/networkpolicies/) + feature. Structure is documented below. * `node_config` - (Optional) Parameters used in creating the cluster's nodes. Structure is documented below. @@ -190,6 +191,12 @@ The `master_authorized_networks_config.cidr_blocks` block supports: * `display_name` - (Optional) Field for users to identify CIDR blocks. +The `network_policy` block supports: + +* `provider` - (Optional) The selected network policy provider. Defaults to PROVIDER_UNSPECIFIED. + +* `enabled` - (Optional) Whether network policy is enabled on the cluster. Defaults to false. + The `node_config` block supports: * `disk_size_gb` - (Optional) Size of the disk attached to each node, specified