From e1d4b0d1cafa0631a6bd69c43c847b7a10780b37 Mon Sep 17 00:00:00 2001
From: kubasieron <89135874+kubasieron@users.noreply.github.com>
Date: Tue, 5 Oct 2021 19:28:15 +0000
Subject: [PATCH] Composer enable_ip_masq_agent flag support (beta) (#9698)
 (#5277)

---
 .../resources/resource_composer_environment.go.erb   | 12 ++++++++++++
 .../tests/resource_composer_environment_test.go.erb  |  7 ++++---
 .../docs/r/composer_environment.html.markdown        |  7 +++++++
 3 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/mmv1/third_party/terraform/resources/resource_composer_environment.go.erb b/mmv1/third_party/terraform/resources/resource_composer_environment.go.erb
index 64348d3a60b2..b6b3d2296bd5 100644
--- a/mmv1/third_party/terraform/resources/resource_composer_environment.go.erb
+++ b/mmv1/third_party/terraform/resources/resource_composer_environment.go.erb
@@ -209,6 +209,13 @@ func resourceComposerEnvironment() *schema.Resource {
 										ValidateFunc:     validation.IntBetween(8, 110),
 										Description:      `The maximum pods per node in the GKE cluster allocated during environment creation. Lowering this value reduces IP address consumption by the Cloud Composer Kubernetes cluster. This value can only be set during environment creation, and only if the environment is VPC-Native. The range of possible values is 8-110, and the default is 32.`,
 									},
+									"enable_ip_masq_agent": {
+										Type:             schema.TypeBool,
+										Computed:         true,
+										Optional:         true,
+										ForceNew:         true,
+										Description:      `Deploys 'ip-masq-agent' daemon set in the GKE cluster and defines nonMasqueradeCIDRs equals to pod IP range so IP masquerading is used for all destination addresses, except between pods traffic. See: https://cloud.google.com/kubernetes-engine/docs/how-to/ip-masquerade-agent`,
+									},
 <% end -%>
 									"tags": {
 										Type:     schema.TypeSet,
@@ -1019,6 +1026,7 @@ func flattenComposerEnvironmentConfigNodeConfig(nodeCfg *composer.NodeConfig) in
 	transformed["oauth_scopes"] = flattenComposerEnvironmentConfigNodeConfigOauthScopes(nodeCfg.OauthScopes)
 <% unless version == "ga" -%>
 	transformed["max_pods_per_node"] = nodeCfg.MaxPodsPerNode
+	transformed["enable_ip_masq_agent"] = nodeCfg.EnableIpMasqAgent
 <% end -%>
 	transformed["tags"] = flattenComposerEnvironmentConfigNodeConfigTags(nodeCfg.Tags)
 	transformed["ip_allocation_policy"] = flattenComposerEnvironmentConfigNodeConfigIPAllocationPolicy(nodeCfg.IpAllocationPolicy)
@@ -1313,6 +1321,10 @@ func expandComposerEnvironmentConfigNodeConfig(v interface{}, d *schema.Resource
 	if transformedMaxPodsPerNode, ok := original["max_pods_per_node"]; ok {
 		transformed.MaxPodsPerNode = int64(transformedMaxPodsPerNode.(int))
 	}
+
+	if transformedEnableIpMasqAgent, ok := original["enable_ip_masq_agent"]; ok {
+		transformed.EnableIpMasqAgent = transformedEnableIpMasqAgent.(bool)
+	}
 <% end -%>
 
 	var nodeConfigZone string
diff --git a/mmv1/third_party/terraform/tests/resource_composer_environment_test.go.erb b/mmv1/third_party/terraform/tests/resource_composer_environment_test.go.erb
index ade7d5e85a69..20fcfecbed56 100644
--- a/mmv1/third_party/terraform/tests/resource_composer_environment_test.go.erb
+++ b/mmv1/third_party/terraform/tests/resource_composer_environment_test.go.erb
@@ -1011,16 +1011,17 @@ func testAccComposerEnvironment_nodeCfg(environment, network, subnetwork, servic
 	return fmt.Sprintf(`
 resource "google_composer_environment" "test" {
 	name   = "%s"
-	region = "us-central1"
+	region = "us-east1"  # later should be changed to us-central1, when ip_masq_agent feature is accessible globally
 	config {
 		node_config {
 			network    = google_compute_network.test.self_link
 			subnetwork = google_compute_subnetwork.test.self_link
-			zone       = "us-central1-a"
+			zone       = "us-east1-b"   # later should be changed to us-central1-a, when ip_masq_agent feature is accessible globally
 
 			service_account = google_service_account.test.name
 <% unless version == "ga" -%>
 			max_pods_per_node = 33
+			enable_ip_masq_agent = true
 <% end -%>
 			ip_allocation_policy {
 				use_ip_aliases          = true
@@ -1039,7 +1040,7 @@ resource "google_compute_network" "test" {
 resource "google_compute_subnetwork" "test" {
 	name          = "%s"
 	ip_cidr_range = "10.2.0.0/16"
-	region        = "us-central1"
+	region        = "us-east1"  # later should be changed to us-central1, when ip_masq_agent feature is accessible globally
 	network       = google_compute_network.test.self_link
 }
 
diff --git a/mmv1/third_party/terraform/website/docs/r/composer_environment.html.markdown b/mmv1/third_party/terraform/website/docs/r/composer_environment.html.markdown
index 2723a548d327..32798b772cbc 100644
--- a/mmv1/third_party/terraform/website/docs/r/composer_environment.html.markdown
+++ b/mmv1/third_party/terraform/website/docs/r/composer_environment.html.markdown
@@ -259,6 +259,13 @@ The `node_config` block supports:
   The range of possible values is 8-110, and the default is 32.
   Cannot be updated.
 
+* `enable_ip_masq_agent` -
+  (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
+  Deploys 'ip-masq-agent' daemon set in the GKE cluster and defines
+  nonMasqueradeCIDRs equals to pod IP range so IP masquerading is used for
+  all destination addresses, except between pods traffic.
+  See the [documentation](https://cloud.google.com/kubernetes-engine/docs/how-to/ip-masquerade-agent).
+
 The `software_config` block supports:
 
 * `airflow_config_overrides` -