-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] Add container cluster network policy addon #630
Merged
Merged
Changes from 12 commits
Commits
Show all changes
15 commits
Select commit
Hold shift + click to select a range
d1ccbb8
replalce TypeList by TypeSet
f0e705f
Add network policy
1fb2e80
test improvement
55492f0
correct test
63e38be
Add cluster network polocy enabled
22758f7
Replalce network_policy addons by global network_policy enabled
ca4e019
Update node_config.go
fa8eb30
Update resource_container_cluster.go
730005b
clean
ec664d4
clean
89e014a
Correct PR
571dd8d
COrrect PR
93e7e07
pr
b0c787e
fix test to use same name
danawillow de10560
add more documentation
danawillow File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -107,6 +107,38 @@ func TestAccContainerCluster_withMasterAuth(t *testing.T) { | |
}) | ||
} | ||
|
||
func TestAccContainerCluster_withNetworkPolicyEnabled(t *testing.T) { | ||
t.Parallel() | ||
|
||
clusterName := fmt.Sprintf("cluster-test-%s", acctest.RandString(10)) | ||
|
||
resource.Test(t, resource.TestCase{ | ||
PreCheck: func() { testAccPreCheck(t) }, | ||
Providers: testAccProviders, | ||
CheckDestroy: testAccCheckContainerClusterDestroy, | ||
Steps: []resource.TestStep{ | ||
{ | ||
Config: testAccContainerCluster_withNetworkPolicyEnabled(clusterName), | ||
Check: resource.ComposeTestCheckFunc( | ||
testAccCheckContainerCluster( | ||
"google_container_cluster.with_network_policy_enabled"), | ||
resource.TestCheckResourceAttr("google_container_cluster.with_network_policy_enabled", | ||
"network_policy.#", "1"), | ||
), | ||
}, | ||
{ | ||
Config: testAccContainerCluster_removeNetworkPolicy(clusterName), | ||
Check: resource.ComposeTestCheckFunc( | ||
testAccCheckContainerCluster( | ||
"google_container_cluster.with_network_policy_enabled"), | ||
resource.TestCheckNoResourceAttr("google_container_cluster.with_network_policy_enabled", | ||
"network_policy"), | ||
), | ||
}, | ||
}, | ||
}) | ||
} | ||
|
||
func TestAccContainerCluster_withMasterAuthorizedNetworksConfig(t *testing.T) { | ||
t.Parallel() | ||
|
||
|
@@ -659,6 +691,12 @@ func testAccCheckContainerCluster(n string) resource.TestCheckFunc { | |
{"node_version", cluster.CurrentNodeVersion}, | ||
} | ||
|
||
if cluster.NetworkPolicy != nil { | ||
clusterTests = append(clusterTests, | ||
clusterTestField{"network_policy.0.enabled", cluster.NetworkPolicy.Enabled}, | ||
clusterTestField{"network_policy.0.provider", cluster.NetworkPolicy.Provider}, | ||
) | ||
} | ||
// Remove Zone from additional_zones since that's what the resource writes in state | ||
additionalZones := []string{} | ||
for _, location := range cluster.Locations { | ||
|
@@ -911,7 +949,7 @@ resource "google_container_cluster" "primary" { | |
|
||
var testAccContainerCluster_withMasterAuth = fmt.Sprintf(` | ||
resource "google_container_cluster" "with_master_auth" { | ||
name = "cluster-test-%s" | ||
name = "%s" | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think you changed the wrong test here |
||
zone = "us-central1-a" | ||
initial_node_count = 3 | ||
|
||
|
@@ -921,6 +959,34 @@ resource "google_container_cluster" "with_master_auth" { | |
} | ||
}`, acctest.RandString(10)) | ||
|
||
func testAccContainerCluster_withNetworkPolicyEnabled(clusterName string) string { | ||
return fmt.Sprintf(` | ||
resource "google_container_cluster" "with_network_policy_enabled" { | ||
name = "%s" | ||
zone = "us-central1-a" | ||
initial_node_count = 1 | ||
|
||
network_policy { | ||
enabled = true | ||
provider = "CALICO" | ||
} | ||
}`, clusterName) | ||
} | ||
|
||
func testAccContainerCluster_removeNetworkPolicy(clusterName string) string { | ||
return fmt.Sprintf(` | ||
resource "google_container_cluster" "with_network_policy_enabled" { | ||
name = "cluster-test-%s" | ||
zone = "us-central1-a" | ||
initial_node_count = 1 | ||
|
||
// remove network_policy is equal than enabled=false | ||
//network_policy { | ||
// enabled = "false" | ||
//} | ||
}`, clusterName) | ||
} | ||
|
||
func testAccContainerCluster_withMasterAuthorizedNetworksConfig(clusterName string, cidrs []string) string { | ||
|
||
cidrBlocks := "" | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm confused why you've decided to allow adding/removing the network policy but not changing the values within it. Was that intentional? If so, can you add a comment explaining why?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sorry @danawillow i don't understand exactly what do you say about 'changing the value".
if you do not put network_policy block, it's the same than disable it.
if you put network_policy block, you can choice to enable or diable it.