2015-07-05 16:39:01 +00:00
|
|
|
package google
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"fmt"
|
|
|
|
|
"log"
|
|
|
|
|
"regexp"
|
2017-09-07 17:31:58 +00:00
|
|
|
"strings"
|
2017-06-28 08:22:31 +00:00
|
|
|
"time"
|
2015-07-05 16:39:01 +00:00
|
|
|
|
2018-03-23 00:22:44 +00:00
|
|
|
"github.com/hashicorp/errwrap"
|
2017-11-21 17:34:32 +00:00
|
|
|
"github.com/hashicorp/go-version"
|
2017-10-12 18:21:33 +00:00
|
|
|
"github.com/hashicorp/terraform/helper/resource"
|
2015-07-05 16:39:01 +00:00
|
|
|
"github.com/hashicorp/terraform/helper/schema"
|
2017-08-18 00:51:58 +00:00
|
|
|
"github.com/hashicorp/terraform/helper/validation"
|
2018-03-07 01:44:05 +00:00
|
|
|
containerBeta "google.golang.org/api/container/v1beta1"
|
2015-07-05 16:39:01 +00:00
|
|
|
)
|
|
|
|
|
|
2017-03-07 05:14:32 +00:00
|
|
|
var (
|
2018-04-10 16:52:54 +00:00
|
|
|
instanceGroupManagerURL = regexp.MustCompile(fmt.Sprintf("^https://www.googleapis.com/compute/v1/projects/(%s)/zones/([a-z0-9-]*)/instanceGroupManagers/([^/]*)", ProjectRegex))
|
|
|
|
|
|
2018-03-07 01:44:05 +00:00
|
|
|
networkConfig = &schema.Resource{
|
2018-03-01 21:19:18 +00:00
|
|
|
Schema: map[string]*schema.Schema{
|
|
|
|
|
"cidr_blocks": {
|
|
|
|
|
Type: schema.TypeSet,
|
|
|
|
|
Optional: true,
|
|
|
|
|
Computed: true,
|
2018-07-05 20:10:17 +00:00
|
|
|
MaxItems: 20,
|
2018-03-01 21:19:18 +00:00
|
|
|
Elem: cidrBlockConfig,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
cidrBlockConfig = &schema.Resource{
|
|
|
|
|
Schema: map[string]*schema.Schema{
|
|
|
|
|
"cidr_block": {
|
|
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Required: true,
|
|
|
|
|
ValidateFunc: validation.CIDRNetwork(0, 32),
|
|
|
|
|
},
|
|
|
|
|
"display_name": {
|
|
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Optional: true,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}
|
2018-09-05 16:52:06 +00:00
|
|
|
|
|
|
|
|
ipAllocationSubnetFields = []string{"ip_allocation_policy.0.create_subnetwork", "ip_allocation_policy.0.subnetwork_name"}
|
|
|
|
|
ipAllocationCidrBlockFields = []string{"ip_allocation_policy.0.cluster_ipv4_cidr_block", "ip_allocation_policy.0.services_ipv4_cidr_block"}
|
|
|
|
|
ipAllocationRangeFields = []string{"ip_allocation_policy.0.cluster_secondary_range_name", "ip_allocation_policy.0.services_secondary_range_name"}
|
2017-03-07 05:14:32 +00:00
|
|
|
)
|
|
|
|
|
|
2015-07-05 16:39:01 +00:00
|
|
|
func resourceContainerCluster() *schema.Resource {
|
|
|
|
|
return &schema.Resource{
|
|
|
|
|
Create: resourceContainerClusterCreate,
|
|
|
|
|
Read: resourceContainerClusterRead,
|
|
|
|
|
Update: resourceContainerClusterUpdate,
|
|
|
|
|
Delete: resourceContainerClusterDelete,
|
|
|
|
|
|
2017-06-28 08:22:31 +00:00
|
|
|
Timeouts: &schema.ResourceTimeout{
|
|
|
|
|
Create: schema.DefaultTimeout(30 * time.Minute),
|
|
|
|
|
Update: schema.DefaultTimeout(10 * time.Minute),
|
2018-07-26 17:22:39 +00:00
|
|
|
Delete: schema.DefaultTimeout(30 * time.Minute),
|
2017-06-28 08:22:31 +00:00
|
|
|
},
|
|
|
|
|
|
2017-07-05 23:00:49 +00:00
|
|
|
SchemaVersion: 1,
|
|
|
|
|
MigrateState: resourceContainerClusterMigrateState,
|
|
|
|
|
|
2017-09-07 17:31:58 +00:00
|
|
|
Importer: &schema.ResourceImporter{
|
|
|
|
|
State: resourceContainerClusterStateImporter,
|
|
|
|
|
},
|
|
|
|
|
|
2015-07-05 16:39:01 +00:00
|
|
|
Schema: map[string]*schema.Schema{
|
2017-06-28 08:34:20 +00:00
|
|
|
"name": {
|
2015-07-05 16:39:01 +00:00
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Required: true,
|
|
|
|
|
ForceNew: true,
|
|
|
|
|
ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
|
|
|
|
|
value := v.(string)
|
|
|
|
|
|
|
|
|
|
if len(value) > 40 {
|
|
|
|
|
errors = append(errors, fmt.Errorf(
|
|
|
|
|
"%q cannot be longer than 40 characters", k))
|
|
|
|
|
}
|
|
|
|
|
if !regexp.MustCompile("^[a-z0-9-]+$").MatchString(value) {
|
|
|
|
|
errors = append(errors, fmt.Errorf(
|
|
|
|
|
"%q can only contain lowercase letters, numbers and hyphens", k))
|
|
|
|
|
}
|
|
|
|
|
if !regexp.MustCompile("^[a-z]").MatchString(value) {
|
|
|
|
|
errors = append(errors, fmt.Errorf(
|
|
|
|
|
"%q must start with a letter", k))
|
|
|
|
|
}
|
|
|
|
|
if !regexp.MustCompile("[a-z0-9]$").MatchString(value) {
|
|
|
|
|
errors = append(errors, fmt.Errorf(
|
|
|
|
|
"%q must end with a number or a letter", k))
|
|
|
|
|
}
|
|
|
|
|
return
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
|
2018-04-05 21:51:35 +00:00
|
|
|
"region": {
|
|
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Optional: true,
|
|
|
|
|
Computed: true,
|
2018-05-09 19:55:28 +00:00
|
|
|
ForceNew: true,
|
2018-04-05 21:51:35 +00:00
|
|
|
ConflictsWith: []string{"zone"},
|
|
|
|
|
},
|
|
|
|
|
|
2017-06-28 08:34:20 +00:00
|
|
|
"zone": {
|
2018-04-05 21:51:35 +00:00
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Optional: true,
|
|
|
|
|
Computed: true,
|
|
|
|
|
ForceNew: true,
|
|
|
|
|
ConflictsWith: []string{"region"},
|
2016-04-10 21:34:15 +00:00
|
|
|
},
|
|
|
|
|
|
2017-06-28 08:34:20 +00:00
|
|
|
"additional_zones": {
|
2017-07-05 23:00:49 +00:00
|
|
|
Type: schema.TypeSet,
|
2017-01-04 06:14:39 +00:00
|
|
|
Optional: true,
|
2017-02-07 01:21:34 +00:00
|
|
|
Computed: true,
|
2017-01-04 06:14:39 +00:00
|
|
|
Elem: &schema.Schema{Type: schema.TypeString},
|
|
|
|
|
},
|
|
|
|
|
|
2017-06-28 08:34:20 +00:00
|
|
|
"addons_config": {
|
2016-03-25 23:29:56 +00:00
|
|
|
Type: schema.TypeList,
|
|
|
|
|
Optional: true,
|
2017-10-20 16:47:07 +00:00
|
|
|
Computed: true,
|
2016-03-25 23:29:56 +00:00
|
|
|
MaxItems: 1,
|
|
|
|
|
Elem: &schema.Resource{
|
|
|
|
|
Schema: map[string]*schema.Schema{
|
2017-06-28 08:34:20 +00:00
|
|
|
"http_load_balancing": {
|
2016-03-25 23:29:56 +00:00
|
|
|
Type: schema.TypeList,
|
|
|
|
|
Optional: true,
|
2017-10-20 16:47:07 +00:00
|
|
|
Computed: true,
|
2016-03-25 23:29:56 +00:00
|
|
|
MaxItems: 1,
|
|
|
|
|
Elem: &schema.Resource{
|
|
|
|
|
Schema: map[string]*schema.Schema{
|
2017-06-28 08:34:20 +00:00
|
|
|
"disabled": {
|
2016-03-25 23:29:56 +00:00
|
|
|
Type: schema.TypeBool,
|
|
|
|
|
Optional: true,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
2017-06-28 08:34:20 +00:00
|
|
|
"horizontal_pod_autoscaling": {
|
2016-03-25 23:29:56 +00:00
|
|
|
Type: schema.TypeList,
|
|
|
|
|
Optional: true,
|
2017-10-20 16:47:07 +00:00
|
|
|
Computed: true,
|
2016-03-25 23:29:56 +00:00
|
|
|
MaxItems: 1,
|
|
|
|
|
Elem: &schema.Resource{
|
|
|
|
|
Schema: map[string]*schema.Schema{
|
2017-06-28 08:34:20 +00:00
|
|
|
"disabled": {
|
2016-03-25 23:29:56 +00:00
|
|
|
Type: schema.TypeBool,
|
|
|
|
|
Optional: true,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
2017-10-03 16:29:27 +00:00
|
|
|
"kubernetes_dashboard": {
|
|
|
|
|
Type: schema.TypeList,
|
|
|
|
|
Optional: true,
|
2017-10-20 16:47:07 +00:00
|
|
|
Computed: true,
|
2017-10-03 16:29:27 +00:00
|
|
|
MaxItems: 1,
|
|
|
|
|
Elem: &schema.Resource{
|
|
|
|
|
Schema: map[string]*schema.Schema{
|
|
|
|
|
"disabled": {
|
|
|
|
|
Type: schema.TypeBool,
|
|
|
|
|
Optional: true,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
2018-03-15 21:50:24 +00:00
|
|
|
"network_policy_config": {
|
|
|
|
|
Type: schema.TypeList,
|
|
|
|
|
Optional: true,
|
|
|
|
|
Computed: true,
|
|
|
|
|
MaxItems: 1,
|
|
|
|
|
Elem: &schema.Resource{
|
|
|
|
|
Schema: map[string]*schema.Schema{
|
|
|
|
|
"disabled": {
|
|
|
|
|
Type: schema.TypeBool,
|
|
|
|
|
Optional: true,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
2016-03-25 23:29:56 +00:00
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
2015-07-05 16:39:01 +00:00
|
|
|
|
2017-10-27 22:18:34 +00:00
|
|
|
"cluster_ipv4_cidr": {
|
2017-11-02 17:38:20 +00:00
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Optional: true,
|
|
|
|
|
Computed: true,
|
|
|
|
|
ForceNew: true,
|
2018-05-07 22:34:56 +00:00
|
|
|
ValidateFunc: orEmpty(validateRFC1918Network(8, 32)),
|
2017-10-27 22:18:34 +00:00
|
|
|
},
|
|
|
|
|
|
|
|
|
|
"description": {
|
2017-10-06 22:48:01 +00:00
|
|
|
Type: schema.TypeString,
|
2017-10-27 22:18:34 +00:00
|
|
|
Optional: true,
|
|
|
|
|
ForceNew: true,
|
|
|
|
|
},
|
|
|
|
|
|
2018-08-17 00:51:03 +00:00
|
|
|
"enable_binary_authorization": {
|
|
|
|
|
Type: schema.TypeBool,
|
|
|
|
|
Optional: true,
|
|
|
|
|
Default: false,
|
|
|
|
|
},
|
|
|
|
|
|
2017-10-31 23:38:18 +00:00
|
|
|
"enable_kubernetes_alpha": {
|
|
|
|
|
Type: schema.TypeBool,
|
|
|
|
|
Optional: true,
|
|
|
|
|
ForceNew: true,
|
|
|
|
|
Default: false,
|
|
|
|
|
},
|
|
|
|
|
|
2017-10-27 22:18:34 +00:00
|
|
|
"enable_legacy_abac": {
|
|
|
|
|
Type: schema.TypeBool,
|
|
|
|
|
Optional: true,
|
2018-04-04 17:58:08 +00:00
|
|
|
Default: false,
|
2017-10-27 22:18:34 +00:00
|
|
|
},
|
|
|
|
|
|
|
|
|
|
"initial_node_count": {
|
|
|
|
|
Type: schema.TypeInt,
|
|
|
|
|
Optional: true,
|
|
|
|
|
ForceNew: true,
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
"logging_service": {
|
|
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Optional: true,
|
|
|
|
|
Computed: true,
|
2018-06-04 22:09:52 +00:00
|
|
|
ValidateFunc: validation.StringInSlice([]string{"logging.googleapis.com", "logging.googleapis.com/kubernetes", "none"}, false),
|
2017-10-27 22:18:34 +00:00
|
|
|
},
|
|
|
|
|
|
2017-11-07 23:42:11 +00:00
|
|
|
"maintenance_policy": {
|
|
|
|
|
Type: schema.TypeList,
|
|
|
|
|
Optional: true,
|
|
|
|
|
MaxItems: 1,
|
|
|
|
|
Elem: &schema.Resource{
|
|
|
|
|
Schema: map[string]*schema.Schema{
|
|
|
|
|
"daily_maintenance_window": {
|
|
|
|
|
Type: schema.TypeList,
|
|
|
|
|
Required: true,
|
|
|
|
|
MaxItems: 1,
|
|
|
|
|
Elem: &schema.Resource{
|
|
|
|
|
Schema: map[string]*schema.Schema{
|
|
|
|
|
"start_time": {
|
2017-11-13 19:30:26 +00:00
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Required: true,
|
|
|
|
|
ValidateFunc: validateRFC3339Time,
|
|
|
|
|
DiffSuppressFunc: rfc3339TimeDiffSuppress,
|
2017-11-07 23:42:11 +00:00
|
|
|
},
|
|
|
|
|
"duration": {
|
|
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Computed: true,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
|
2017-10-27 22:18:34 +00:00
|
|
|
"master_auth": {
|
|
|
|
|
Type: schema.TypeList,
|
|
|
|
|
Optional: true,
|
|
|
|
|
MaxItems: 1,
|
2017-10-06 22:48:01 +00:00
|
|
|
Computed: true,
|
2017-10-27 22:18:34 +00:00
|
|
|
Elem: &schema.Resource{
|
|
|
|
|
Schema: map[string]*schema.Schema{
|
|
|
|
|
"password": {
|
|
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Required: true,
|
|
|
|
|
Sensitive: true,
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
"username": {
|
|
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Required: true,
|
|
|
|
|
},
|
|
|
|
|
|
2018-04-28 01:06:26 +00:00
|
|
|
"client_certificate_config": {
|
|
|
|
|
Type: schema.TypeList,
|
|
|
|
|
MaxItems: 1,
|
|
|
|
|
Optional: true,
|
|
|
|
|
DiffSuppressFunc: masterAuthClientCertCfgSuppress,
|
|
|
|
|
ForceNew: true,
|
|
|
|
|
Elem: &schema.Resource{
|
|
|
|
|
Schema: map[string]*schema.Schema{
|
|
|
|
|
"issue_client_certificate": {
|
|
|
|
|
Type: schema.TypeBool,
|
|
|
|
|
Required: true,
|
|
|
|
|
ForceNew: true,
|
|
|
|
|
DiffSuppressFunc: masterAuthClientCertCfgSuppress,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
|
2017-10-27 22:18:34 +00:00
|
|
|
"client_certificate": {
|
|
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Computed: true,
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
"client_key": {
|
|
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Computed: true,
|
|
|
|
|
Sensitive: true,
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
"cluster_ca_certificate": {
|
|
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Computed: true,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
2017-10-06 22:48:01 +00:00
|
|
|
},
|
|
|
|
|
|
2017-11-02 17:38:20 +00:00
|
|
|
"master_authorized_networks_config": {
|
|
|
|
|
Type: schema.TypeList,
|
|
|
|
|
Optional: true,
|
|
|
|
|
MaxItems: 1,
|
2018-03-01 21:19:18 +00:00
|
|
|
Elem: networkConfig,
|
2017-11-02 17:38:20 +00:00
|
|
|
},
|
|
|
|
|
|
2017-10-12 18:21:33 +00:00
|
|
|
"min_master_version": {
|
|
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Optional: true,
|
|
|
|
|
},
|
|
|
|
|
|
2017-10-27 22:18:34 +00:00
|
|
|
"monitoring_service": {
|
2018-06-04 22:09:52 +00:00
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Optional: true,
|
|
|
|
|
Computed: true,
|
|
|
|
|
ValidateFunc: validation.StringInSlice([]string{"monitoring.googleapis.com", "monitoring.googleapis.com/kubernetes", "none"}, false),
|
2015-07-05 16:39:01 +00:00
|
|
|
},
|
2016-04-10 16:59:57 +00:00
|
|
|
|
2017-10-27 22:18:34 +00:00
|
|
|
"network": {
|
2018-05-23 23:47:17 +00:00
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Optional: true,
|
|
|
|
|
Default: "default",
|
|
|
|
|
ForceNew: true,
|
|
|
|
|
DiffSuppressFunc: compareSelfLinkOrResourceName,
|
2017-10-27 22:18:34 +00:00
|
|
|
},
|
|
|
|
|
|
2017-11-27 20:40:07 +00:00
|
|
|
"network_policy": {
|
|
|
|
|
Type: schema.TypeList,
|
|
|
|
|
Optional: true,
|
|
|
|
|
Computed: true,
|
|
|
|
|
MaxItems: 1,
|
|
|
|
|
Elem: &schema.Resource{
|
|
|
|
|
Schema: map[string]*schema.Schema{
|
|
|
|
|
"enabled": {
|
|
|
|
|
Type: schema.TypeBool,
|
|
|
|
|
Optional: true,
|
|
|
|
|
Default: false,
|
|
|
|
|
},
|
|
|
|
|
"provider": {
|
2018-02-01 18:25:12 +00:00
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Default: "PROVIDER_UNSPECIFIED",
|
|
|
|
|
Optional: true,
|
|
|
|
|
ValidateFunc: validation.StringInSlice([]string{"PROVIDER_UNSPECIFIED", "CALICO"}, false),
|
|
|
|
|
DiffSuppressFunc: emptyOrDefaultStringSuppress("PROVIDER_UNSPECIFIED"),
|
2017-11-27 20:40:07 +00:00
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
|
2017-10-27 22:18:34 +00:00
|
|
|
"node_config": schemaNodeConfig,
|
|
|
|
|
|
2017-06-28 08:34:20 +00:00
|
|
|
"node_pool": {
|
2017-04-12 19:57:53 +00:00
|
|
|
Type: schema.TypeList,
|
|
|
|
|
Optional: true,
|
|
|
|
|
Computed: true,
|
|
|
|
|
ForceNew: true, // TODO(danawillow): Add ability to add/remove nodePools
|
|
|
|
|
Elem: &schema.Resource{
|
2017-10-04 00:09:34 +00:00
|
|
|
Schema: schemaNodePool,
|
2017-04-12 19:57:53 +00:00
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
|
2017-10-27 22:18:34 +00:00
|
|
|
"node_version": {
|
|
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Optional: true,
|
|
|
|
|
Computed: true,
|
|
|
|
|
},
|
|
|
|
|
|
2018-03-14 21:00:31 +00:00
|
|
|
"pod_security_policy_config": {
|
|
|
|
|
Type: schema.TypeList,
|
|
|
|
|
Optional: true,
|
|
|
|
|
MaxItems: 1,
|
|
|
|
|
Elem: &schema.Resource{
|
|
|
|
|
Schema: map[string]*schema.Schema{
|
|
|
|
|
"enabled": {
|
|
|
|
|
Type: schema.TypeBool,
|
|
|
|
|
Required: true,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
2018-06-19 23:37:10 +00:00
|
|
|
DiffSuppressFunc: podSecurityPolicyCfgSuppress,
|
2018-03-14 21:00:31 +00:00
|
|
|
},
|
|
|
|
|
|
2017-06-28 08:34:20 +00:00
|
|
|
"project": {
|
2016-04-10 16:59:57 +00:00
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Optional: true,
|
2017-11-28 00:32:20 +00:00
|
|
|
Computed: true,
|
2016-04-10 16:59:57 +00:00
|
|
|
ForceNew: true,
|
|
|
|
|
},
|
2017-10-27 22:18:34 +00:00
|
|
|
|
|
|
|
|
"subnetwork": {
|
2018-02-08 18:04:16 +00:00
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Optional: true,
|
|
|
|
|
Computed: true,
|
|
|
|
|
ForceNew: true,
|
|
|
|
|
DiffSuppressFunc: compareSelfLinkOrResourceName,
|
2017-10-27 22:18:34 +00:00
|
|
|
},
|
|
|
|
|
|
|
|
|
|
"endpoint": {
|
|
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Computed: true,
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
"instance_group_urls": {
|
|
|
|
|
Type: schema.TypeList,
|
|
|
|
|
Computed: true,
|
|
|
|
|
Elem: &schema.Schema{Type: schema.TypeString},
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
"master_version": {
|
|
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Computed: true,
|
|
|
|
|
},
|
2017-11-27 23:15:03 +00:00
|
|
|
|
|
|
|
|
"ip_allocation_policy": {
|
|
|
|
|
Type: schema.TypeList,
|
|
|
|
|
Optional: true,
|
|
|
|
|
ForceNew: true,
|
|
|
|
|
MaxItems: 1,
|
|
|
|
|
Elem: &schema.Resource{
|
|
|
|
|
Schema: map[string]*schema.Schema{
|
2018-09-05 16:52:06 +00:00
|
|
|
// GKE creates subnetwork automatically
|
|
|
|
|
"create_subnetwork": {
|
|
|
|
|
Type: schema.TypeBool,
|
|
|
|
|
Optional: true,
|
|
|
|
|
ForceNew: true,
|
|
|
|
|
ConflictsWith: append(ipAllocationCidrBlockFields, ipAllocationRangeFields...),
|
|
|
|
|
},
|
|
|
|
|
"subnetwork_name": {
|
|
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Optional: true,
|
|
|
|
|
ForceNew: true,
|
|
|
|
|
ConflictsWith: append(ipAllocationCidrBlockFields, ipAllocationRangeFields...),
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
// GKE creates/deletes secondary ranges in VPC
|
|
|
|
|
"cluster_ipv4_cidr_block": {
|
|
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Optional: true,
|
|
|
|
|
Computed: true,
|
|
|
|
|
ForceNew: true,
|
|
|
|
|
ConflictsWith: append(ipAllocationSubnetFields, ipAllocationRangeFields...),
|
|
|
|
|
DiffSuppressFunc: cidrOrSizeDiffSuppress,
|
|
|
|
|
},
|
|
|
|
|
"services_ipv4_cidr_block": {
|
|
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Optional: true,
|
|
|
|
|
Computed: true,
|
|
|
|
|
ForceNew: true,
|
|
|
|
|
ConflictsWith: append(ipAllocationSubnetFields, ipAllocationRangeFields...),
|
|
|
|
|
DiffSuppressFunc: cidrOrSizeDiffSuppress,
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
// User manages secondary ranges manually
|
2017-11-27 23:15:03 +00:00
|
|
|
"cluster_secondary_range_name": {
|
2018-09-05 16:52:06 +00:00
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Optional: true,
|
|
|
|
|
Computed: true,
|
|
|
|
|
ForceNew: true,
|
|
|
|
|
ConflictsWith: append(ipAllocationSubnetFields, ipAllocationCidrBlockFields...),
|
2017-11-27 23:15:03 +00:00
|
|
|
},
|
|
|
|
|
"services_secondary_range_name": {
|
2018-09-05 16:52:06 +00:00
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Optional: true,
|
|
|
|
|
Computed: true,
|
|
|
|
|
ForceNew: true,
|
|
|
|
|
ConflictsWith: append(ipAllocationSubnetFields, ipAllocationCidrBlockFields...),
|
2017-11-27 23:15:03 +00:00
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
2018-03-23 00:22:44 +00:00
|
|
|
|
|
|
|
|
"remove_default_node_pool": {
|
|
|
|
|
Type: schema.TypeBool,
|
|
|
|
|
Optional: true,
|
|
|
|
|
},
|
2018-03-30 17:10:25 +00:00
|
|
|
|
|
|
|
|
"private_cluster": {
|
|
|
|
|
Type: schema.TypeBool,
|
|
|
|
|
Optional: true,
|
|
|
|
|
ForceNew: true,
|
|
|
|
|
Default: false,
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
"master_ipv4_cidr_block": {
|
|
|
|
|
Type: schema.TypeString,
|
|
|
|
|
Optional: true,
|
|
|
|
|
ForceNew: true,
|
|
|
|
|
ValidateFunc: validation.CIDRNetwork(28, 28),
|
|
|
|
|
},
|
2018-06-15 10:10:25 +00:00
|
|
|
|
|
|
|
|
"resource_labels": {
|
|
|
|
|
Type: schema.TypeMap,
|
|
|
|
|
Optional: true,
|
2018-08-14 23:53:39 +00:00
|
|
|
Elem: &schema.Schema{Type: schema.TypeString},
|
2018-06-15 10:10:25 +00:00
|
|
|
},
|
2015-07-05 16:39:01 +00:00
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-05 16:52:06 +00:00
|
|
|
func cidrOrSizeDiffSuppress(k, old, new string, d *schema.ResourceData) bool {
|
|
|
|
|
// If the user specified a size and the API returned a full cidr block, suppress.
|
|
|
|
|
return strings.HasPrefix(new, "/") && strings.HasSuffix(old, new)
|
|
|
|
|
}
|
|
|
|
|
|
2015-07-05 16:39:01 +00:00
|
|
|
func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) error {
|
|
|
|
|
config := meta.(*Config)
|
|
|
|
|
|
2016-04-10 16:59:57 +00:00
|
|
|
project, err := getProject(d, config)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2018-04-05 21:51:35 +00:00
|
|
|
location, err := getLocation(d, config)
|
2017-12-06 22:30:04 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2018-04-05 21:51:35 +00:00
|
|
|
|
2015-07-05 16:39:01 +00:00
|
|
|
clusterName := d.Get("name").(string)
|
|
|
|
|
|
2018-03-07 01:44:05 +00:00
|
|
|
cluster := &containerBeta.Cluster{
|
2017-05-31 19:43:31 +00:00
|
|
|
Name: clusterName,
|
|
|
|
|
InitialNodeCount: int64(d.Get("initial_node_count").(int)),
|
2015-07-05 16:39:01 +00:00
|
|
|
}
|
|
|
|
|
|
2017-06-28 08:22:31 +00:00
|
|
|
timeoutInMinutes := int(d.Timeout(schema.TimeoutCreate).Minutes())
|
|
|
|
|
|
2017-11-07 23:42:11 +00:00
|
|
|
if v, ok := d.GetOk("maintenance_policy"); ok {
|
2017-12-27 20:29:14 +00:00
|
|
|
cluster.MaintenancePolicy = expandMaintenancePolicy(v)
|
2017-11-07 23:42:11 +00:00
|
|
|
}
|
|
|
|
|
|
2017-05-31 19:43:31 +00:00
|
|
|
if v, ok := d.GetOk("master_auth"); ok {
|
|
|
|
|
masterAuths := v.([]interface{})
|
|
|
|
|
masterAuth := masterAuths[0].(map[string]interface{})
|
2018-03-07 01:44:05 +00:00
|
|
|
cluster.MasterAuth = &containerBeta.MasterAuth{
|
2015-07-05 16:39:01 +00:00
|
|
|
Password: masterAuth["password"].(string),
|
|
|
|
|
Username: masterAuth["username"].(string),
|
2017-05-31 19:43:31 +00:00
|
|
|
}
|
2018-04-28 01:06:26 +00:00
|
|
|
if certConfigV, ok := masterAuth["client_certificate_config"]; ok {
|
|
|
|
|
certConfigs := certConfigV.([]interface{})
|
|
|
|
|
if len(certConfigs) > 0 {
|
|
|
|
|
certConfig := certConfigs[0].(map[string]interface{})
|
|
|
|
|
cluster.MasterAuth.ClientCertificateConfig = &containerBeta.ClientCertificateConfig{
|
|
|
|
|
IssueClientCertificate: certConfig["issue_client_certificate"].(bool),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-07-05 16:39:01 +00:00
|
|
|
}
|
|
|
|
|
|
2017-11-02 17:38:20 +00:00
|
|
|
if v, ok := d.GetOk("master_authorized_networks_config"); ok {
|
|
|
|
|
cluster.MasterAuthorizedNetworksConfig = expandMasterAuthorizedNetworksConfig(v)
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-12 18:21:33 +00:00
|
|
|
if v, ok := d.GetOk("min_master_version"); ok {
|
2016-12-18 13:50:46 +00:00
|
|
|
cluster.InitialClusterVersion = v.(string)
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-12 18:21:33 +00:00
|
|
|
// Only allow setting node_version on create if it's set to the equivalent master version,
|
|
|
|
|
// since `InitialClusterVersion` only accepts valid master-style versions.
|
|
|
|
|
if v, ok := d.GetOk("node_version"); ok {
|
|
|
|
|
// ignore -gke.X suffix for now. if it becomes a problem later, we can fix it.
|
|
|
|
|
mv := strings.Split(cluster.InitialClusterVersion, "-")[0]
|
|
|
|
|
nv := strings.Split(v.(string), "-")[0]
|
|
|
|
|
if mv != nv {
|
|
|
|
|
return fmt.Errorf("node_version and min_master_version must be set to equivalent values on create")
|
|
|
|
|
}
|
2017-10-06 22:48:01 +00:00
|
|
|
}
|
|
|
|
|
|
2017-01-04 06:14:39 +00:00
|
|
|
if v, ok := d.GetOk("additional_zones"); ok {
|
2018-04-05 21:51:35 +00:00
|
|
|
locationsSet := v.(*schema.Set)
|
|
|
|
|
if locationsSet.Contains(location) {
|
|
|
|
|
return fmt.Errorf("additional_zones should not contain the original 'zone'")
|
|
|
|
|
}
|
|
|
|
|
if isZone(location) {
|
|
|
|
|
// GKE requires a full list of locations (including the original zone),
|
|
|
|
|
// but our schema only asks for additional zones, so append the original.
|
|
|
|
|
locationsSet.Add(location)
|
2017-01-04 06:14:39 +00:00
|
|
|
}
|
2018-04-05 21:51:35 +00:00
|
|
|
cluster.Locations = convertStringSet(locationsSet)
|
2017-01-04 06:14:39 +00:00
|
|
|
}
|
|
|
|
|
|
2015-07-05 16:39:01 +00:00
|
|
|
if v, ok := d.GetOk("cluster_ipv4_cidr"); ok {
|
|
|
|
|
cluster.ClusterIpv4Cidr = v.(string)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if v, ok := d.GetOk("description"); ok {
|
|
|
|
|
cluster.Description = v.(string)
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-07 01:44:05 +00:00
|
|
|
cluster.LegacyAbac = &containerBeta.LegacyAbac{
|
2017-07-31 18:09:05 +00:00
|
|
|
Enabled: d.Get("enable_legacy_abac").(bool),
|
|
|
|
|
ForceSendFields: []string{"Enabled"},
|
|
|
|
|
}
|
|
|
|
|
|
2015-07-05 16:39:01 +00:00
|
|
|
if v, ok := d.GetOk("logging_service"); ok {
|
|
|
|
|
cluster.LoggingService = v.(string)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if v, ok := d.GetOk("monitoring_service"); ok {
|
|
|
|
|
cluster.MonitoringService = v.(string)
|
|
|
|
|
}
|
|
|
|
|
|
2017-11-29 18:54:10 +00:00
|
|
|
if v, ok := d.GetOk("network"); ok {
|
|
|
|
|
network, err := ParseNetworkFieldValue(v.(string), d, config)
|
2016-09-03 09:51:20 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2018-05-23 23:47:17 +00:00
|
|
|
cluster.Network = network.RelativeLink()
|
2015-07-05 16:39:01 +00:00
|
|
|
}
|
|
|
|
|
|
2017-11-27 20:40:07 +00:00
|
|
|
if v, ok := d.GetOk("network_policy"); ok && len(v.([]interface{})) > 0 {
|
|
|
|
|
cluster.NetworkPolicy = expandNetworkPolicy(v)
|
|
|
|
|
}
|
|
|
|
|
|
2016-03-25 23:29:56 +00:00
|
|
|
if v, ok := d.GetOk("subnetwork"); ok {
|
2018-05-23 23:47:17 +00:00
|
|
|
subnetwork, err := ParseSubnetworkFieldValue(v.(string), d, config)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
cluster.Subnetwork = subnetwork.RelativeLink()
|
2016-03-25 23:29:56 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if v, ok := d.GetOk("addons_config"); ok {
|
2017-10-20 16:47:07 +00:00
|
|
|
cluster.AddonsConfig = expandClusterAddonsConfig(v)
|
2016-03-25 23:29:56 +00:00
|
|
|
}
|
2017-10-20 16:47:07 +00:00
|
|
|
|
2017-10-31 23:38:18 +00:00
|
|
|
if v, ok := d.GetOk("enable_kubernetes_alpha"); ok {
|
|
|
|
|
cluster.EnableKubernetesAlpha = v.(bool)
|
|
|
|
|
}
|
|
|
|
|
|
2017-04-12 19:57:53 +00:00
|
|
|
nodePoolsCount := d.Get("node_pool.#").(int)
|
|
|
|
|
if nodePoolsCount > 0 {
|
2018-03-07 01:44:05 +00:00
|
|
|
nodePools := make([]*containerBeta.NodePool, 0, nodePoolsCount)
|
2017-04-12 19:57:53 +00:00
|
|
|
for i := 0; i < nodePoolsCount; i++ {
|
2017-10-04 00:09:34 +00:00
|
|
|
prefix := fmt.Sprintf("node_pool.%d.", i)
|
|
|
|
|
nodePool, err := expandNodePool(d, prefix)
|
2017-08-04 22:34:02 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
2017-04-12 19:57:53 +00:00
|
|
|
}
|
|
|
|
|
nodePools = append(nodePools, nodePool)
|
|
|
|
|
}
|
|
|
|
|
cluster.NodePools = nodePools
|
2018-01-08 23:54:45 +00:00
|
|
|
} else {
|
|
|
|
|
// Node Configs have default values that are set in the expand function,
|
|
|
|
|
// but can only be set if node pools are unspecified.
|
|
|
|
|
cluster.NodeConfig = expandNodeConfig([]interface{}{})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if v, ok := d.GetOk("node_config"); ok {
|
|
|
|
|
cluster.NodeConfig = expandNodeConfig(v)
|
2017-04-12 19:57:53 +00:00
|
|
|
}
|
|
|
|
|
|
2017-11-27 23:15:03 +00:00
|
|
|
if v, ok := d.GetOk("ip_allocation_policy"); ok {
|
|
|
|
|
cluster.IpAllocationPolicy, err = expandIPAllocationPolicy(v)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-14 21:00:31 +00:00
|
|
|
if v, ok := d.GetOk("pod_security_policy_config"); ok {
|
|
|
|
|
cluster.PodSecurityPolicyConfig = expandPodSecurityPolicyConfig(v)
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-30 17:10:25 +00:00
|
|
|
if v, ok := d.GetOk("master_ipv4_cidr_block"); ok {
|
|
|
|
|
cluster.MasterIpv4CidrBlock = v.(string)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if v, ok := d.GetOk("private_cluster"); ok {
|
|
|
|
|
if cluster.PrivateCluster = v.(bool); cluster.PrivateCluster {
|
|
|
|
|
if cluster.MasterIpv4CidrBlock == "" {
|
|
|
|
|
return fmt.Errorf("master_ipv4_cidr_block is mandatory when private_cluster=true")
|
|
|
|
|
}
|
|
|
|
|
if cluster.IpAllocationPolicy == nil {
|
|
|
|
|
return fmt.Errorf("ip_allocation_policy is mandatory when private_cluster=true")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-06-15 10:10:25 +00:00
|
|
|
if v, ok := d.GetOk("resource_labels"); ok {
|
2018-06-15 10:39:08 +00:00
|
|
|
m := make(map[string]string)
|
|
|
|
|
for k, val := range v.(map[string]interface{}) {
|
|
|
|
|
m[k] = val.(string)
|
|
|
|
|
}
|
|
|
|
|
cluster.ResourceLabels = m
|
2018-06-15 10:10:25 +00:00
|
|
|
}
|
|
|
|
|
|
2018-08-17 00:51:03 +00:00
|
|
|
cluster.BinaryAuthorization = &containerBeta.BinaryAuthorization{
|
|
|
|
|
Enabled: d.Get("enable_binary_authorization").(bool),
|
|
|
|
|
ForceSendFields: []string{"Enabled"},
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-07 01:44:05 +00:00
|
|
|
req := &containerBeta.CreateClusterRequest{
|
2015-07-05 16:39:01 +00:00
|
|
|
Cluster: cluster,
|
|
|
|
|
}
|
|
|
|
|
|
2018-04-05 21:51:35 +00:00
|
|
|
mutexKV.Lock(containerClusterMutexKey(project, location, clusterName))
|
|
|
|
|
defer mutexKV.Unlock(containerClusterMutexKey(project, location, clusterName))
|
2018-03-07 01:44:05 +00:00
|
|
|
|
2018-05-09 18:24:40 +00:00
|
|
|
parent := fmt.Sprintf("projects/%s/locations/%s", project, location)
|
|
|
|
|
op, err := config.clientContainerBeta.Projects.Locations.Clusters.Create(parent, req).Do()
|
2018-04-05 21:51:35 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
2015-07-05 16:39:01 +00:00
|
|
|
}
|
|
|
|
|
|
2018-03-07 19:06:00 +00:00
|
|
|
d.SetId(clusterName)
|
|
|
|
|
|
2015-07-05 16:39:01 +00:00
|
|
|
// Wait until it's created
|
2018-04-05 21:51:35 +00:00
|
|
|
waitErr := containerSharedOperationWait(config, op, project, location, "creating GKE cluster", timeoutInMinutes, 3)
|
2017-03-06 22:59:24 +00:00
|
|
|
if waitErr != nil {
|
|
|
|
|
// The resource didn't actually create
|
|
|
|
|
d.SetId("")
|
|
|
|
|
return waitErr
|
2015-07-05 16:39:01 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
log.Printf("[INFO] GKE cluster %s has been created", clusterName)
|
|
|
|
|
|
2018-03-23 00:22:44 +00:00
|
|
|
if d.Get("remove_default_node_pool").(bool) {
|
2018-05-09 18:24:40 +00:00
|
|
|
parent := fmt.Sprintf("%s/nodePools/%s", containerClusterFullName(project, location, clusterName), "default-pool")
|
|
|
|
|
op, err = config.clientContainerBeta.Projects.Locations.Clusters.NodePools.Delete(parent).Do()
|
2018-03-23 00:22:44 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return errwrap.Wrapf("Error deleting default node pool: {{err}}", err)
|
|
|
|
|
}
|
2018-04-05 21:51:35 +00:00
|
|
|
err = containerSharedOperationWait(config, op, project, location, "removing default node pool", timeoutInMinutes, 3)
|
2018-03-23 00:22:44 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return errwrap.Wrapf("Error deleting default node pool: {{err}}", err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-07-05 16:39:01 +00:00
|
|
|
return resourceContainerClusterRead(d, meta)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func resourceContainerClusterRead(d *schema.ResourceData, meta interface{}) error {
|
|
|
|
|
config := meta.(*Config)
|
|
|
|
|
|
2016-04-10 16:59:57 +00:00
|
|
|
project, err := getProject(d, config)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2018-04-05 21:51:35 +00:00
|
|
|
location, err := getLocation(d, config)
|
2017-12-06 22:30:04 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2015-07-05 16:39:01 +00:00
|
|
|
|
2018-03-07 01:44:05 +00:00
|
|
|
cluster := &containerBeta.Cluster{}
|
2017-10-12 18:21:33 +00:00
|
|
|
err = resource.Retry(2*time.Minute, func() *resource.RetryError {
|
2018-05-09 18:24:40 +00:00
|
|
|
name := containerClusterFullName(project, location, d.Get("name").(string))
|
|
|
|
|
cluster, err = config.clientContainerBeta.Projects.Locations.Clusters.Get(name).Do()
|
2018-04-05 21:51:35 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return resource.NonRetryableError(err)
|
2017-10-12 18:21:33 +00:00
|
|
|
}
|
|
|
|
|
if cluster.Status != "RUNNING" {
|
|
|
|
|
return resource.RetryableError(fmt.Errorf("Cluster %q has status %q with message %q", d.Get("name"), cluster.Status, cluster.StatusMessage))
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
})
|
2015-07-05 16:39:01 +00:00
|
|
|
if err != nil {
|
2017-05-09 23:00:47 +00:00
|
|
|
return handleNotFoundError(err, d, fmt.Sprintf("Container Cluster %q", d.Get("name").(string)))
|
2015-07-05 16:39:01 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
d.Set("name", cluster.Name)
|
2018-06-22 17:35:46 +00:00
|
|
|
if err := d.Set("network_policy", flattenNetworkPolicy(cluster.NetworkPolicy)); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2015-07-05 16:39:01 +00:00
|
|
|
d.Set("zone", cluster.Zone)
|
2017-02-03 01:37:03 +00:00
|
|
|
|
2018-04-05 21:51:35 +00:00
|
|
|
locations := schema.NewSet(schema.HashString, convertStringArrToInterface(cluster.Locations))
|
|
|
|
|
locations.Remove(cluster.Zone) // Remove the original zone since we only store additional zones
|
2017-02-08 03:21:00 +00:00
|
|
|
d.Set("additional_zones", locations)
|
2017-02-07 01:21:34 +00:00
|
|
|
|
2015-07-05 16:39:01 +00:00
|
|
|
d.Set("endpoint", cluster.Endpoint)
|
2018-06-22 17:35:46 +00:00
|
|
|
if err := d.Set("maintenance_policy", flattenMaintenancePolicy(cluster.MaintenancePolicy)); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
if err := d.Set("master_auth", flattenMasterAuth(cluster.MasterAuth)); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
if err := d.Set("master_authorized_networks_config", flattenMasterAuthorizedNetworksConfig(cluster.MasterAuthorizedNetworksConfig)); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2015-07-05 16:39:01 +00:00
|
|
|
d.Set("initial_node_count", cluster.InitialNodeCount)
|
2017-10-06 22:48:01 +00:00
|
|
|
d.Set("master_version", cluster.CurrentMasterVersion)
|
2015-07-05 16:39:01 +00:00
|
|
|
d.Set("node_version", cluster.CurrentNodeVersion)
|
|
|
|
|
d.Set("cluster_ipv4_cidr", cluster.ClusterIpv4Cidr)
|
|
|
|
|
d.Set("description", cluster.Description)
|
2017-10-31 23:38:18 +00:00
|
|
|
d.Set("enable_kubernetes_alpha", cluster.EnableKubernetesAlpha)
|
2017-07-31 18:09:05 +00:00
|
|
|
d.Set("enable_legacy_abac", cluster.LegacyAbac.Enabled)
|
2015-07-05 16:39:01 +00:00
|
|
|
d.Set("logging_service", cluster.LoggingService)
|
|
|
|
|
d.Set("monitoring_service", cluster.MonitoringService)
|
2018-05-23 23:47:17 +00:00
|
|
|
d.Set("network", cluster.NetworkConfig.Network)
|
|
|
|
|
d.Set("subnetwork", cluster.NetworkConfig.Subnetwork)
|
2018-08-22 19:47:43 +00:00
|
|
|
d.Set("enable_binary_authorization", cluster.BinaryAuthorization != nil && cluster.BinaryAuthorization.Enabled)
|
2018-03-15 20:28:30 +00:00
|
|
|
if err := d.Set("node_config", flattenNodeConfig(cluster.NodeConfig)); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2017-11-28 00:32:20 +00:00
|
|
|
d.Set("project", project)
|
2018-06-22 17:35:46 +00:00
|
|
|
if err := d.Set("addons_config", flattenClusterAddonsConfig(cluster.AddonsConfig)); err != nil {
|
2018-08-17 00:51:03 +00:00
|
|
|
return err
|
2018-06-22 17:35:46 +00:00
|
|
|
}
|
2017-08-18 00:51:58 +00:00
|
|
|
nps, err := flattenClusterNodePools(d, config, cluster.NodePools)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2018-06-22 17:35:46 +00:00
|
|
|
if err := d.Set("node_pool", nps); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2017-03-07 05:14:32 +00:00
|
|
|
|
2018-06-20 23:45:49 +00:00
|
|
|
if err := d.Set("ip_allocation_policy", flattenIPAllocationPolicy(cluster.IpAllocationPolicy)); err != nil {
|
|
|
|
|
return err
|
2017-11-27 23:15:03 +00:00
|
|
|
}
|
|
|
|
|
|
2018-06-22 17:35:46 +00:00
|
|
|
igUrls, err := getInstanceGroupUrlsFromManagerUrls(config, cluster.InstanceGroupUrls)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
if err := d.Set("instance_group_urls", igUrls); err != nil {
|
2017-03-22 23:33:11 +00:00
|
|
|
return err
|
2017-03-07 05:14:32 +00:00
|
|
|
}
|
2015-07-05 16:39:01 +00:00
|
|
|
|
2018-06-20 23:45:49 +00:00
|
|
|
if err := d.Set("pod_security_policy_config", flattenPodSecurityPolicyConfig(cluster.PodSecurityPolicyConfig)); err != nil {
|
|
|
|
|
return err
|
2018-03-14 21:00:31 +00:00
|
|
|
}
|
|
|
|
|
|
2018-03-30 17:10:25 +00:00
|
|
|
d.Set("private_cluster", cluster.PrivateCluster)
|
|
|
|
|
d.Set("master_ipv4_cidr_block", cluster.MasterIpv4CidrBlock)
|
2018-06-15 10:10:25 +00:00
|
|
|
d.Set("resource_labels", cluster.ResourceLabels)
|
2018-03-30 17:10:25 +00:00
|
|
|
|
2015-07-05 16:39:01 +00:00
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) error {
|
|
|
|
|
config := meta.(*Config)
|
|
|
|
|
|
2016-04-10 16:59:57 +00:00
|
|
|
project, err := getProject(d, config)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2018-04-05 21:51:35 +00:00
|
|
|
location, err := getLocation(d, config)
|
2017-12-06 22:30:04 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2018-04-05 21:51:35 +00:00
|
|
|
|
2015-07-05 16:39:01 +00:00
|
|
|
clusterName := d.Get("name").(string)
|
2017-06-28 08:22:31 +00:00
|
|
|
timeoutInMinutes := int(d.Timeout(schema.TimeoutUpdate).Minutes())
|
2015-07-05 16:39:01 +00:00
|
|
|
|
2017-07-05 23:00:49 +00:00
|
|
|
d.Partial(true)
|
|
|
|
|
|
2018-04-05 21:51:35 +00:00
|
|
|
lockKey := containerClusterMutexKey(project, location, clusterName)
|
|
|
|
|
|
2018-05-09 18:24:40 +00:00
|
|
|
updateFunc := func(req *containerBeta.UpdateClusterRequest, updateDescription string) func() error {
|
2018-04-05 21:51:35 +00:00
|
|
|
return func() error {
|
2018-05-09 18:24:40 +00:00
|
|
|
name := containerClusterFullName(project, location, clusterName)
|
|
|
|
|
op, err := config.clientContainerBeta.Projects.Locations.Clusters.Update(name, req).Do()
|
2018-04-05 21:51:35 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
// Wait until it's updated
|
|
|
|
|
return containerSharedOperationWait(config, op, project, location, updateDescription, timeoutInMinutes, 2)
|
|
|
|
|
}
|
|
|
|
|
}
|
2018-02-05 17:45:53 +00:00
|
|
|
|
2018-03-23 18:27:37 +00:00
|
|
|
// The ClusterUpdate object that we use for most of these updates only allows updating one field at a time,
|
|
|
|
|
// so we have to make separate calls for each field that we want to update. The order here is fairly arbitrary-
|
|
|
|
|
// if the order of updating fields does matter, it is called out explicitly.
|
2017-11-02 17:38:20 +00:00
|
|
|
if d.HasChange("master_authorized_networks_config") {
|
|
|
|
|
c := d.Get("master_authorized_networks_config")
|
2018-05-09 18:24:40 +00:00
|
|
|
req := &containerBeta.UpdateClusterRequest{
|
|
|
|
|
Update: &containerBeta.ClusterUpdate{
|
|
|
|
|
DesiredMasterAuthorizedNetworksConfig: expandMasterAuthorizedNetworksConfig(c),
|
2017-11-02 17:38:20 +00:00
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
2018-04-05 21:51:35 +00:00
|
|
|
updateF := updateFunc(req, "updating GKE cluster master authorized networks")
|
2018-02-05 17:45:53 +00:00
|
|
|
if err := lockedCall(lockKey, updateF); err != nil {
|
|
|
|
|
return err
|
2017-11-02 17:38:20 +00:00
|
|
|
}
|
|
|
|
|
log.Printf("[INFO] GKE cluster %s master authorized networks config has been updated", d.Id())
|
|
|
|
|
|
|
|
|
|
d.SetPartial("master_authorized_networks_config")
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-06 22:48:01 +00:00
|
|
|
// The master must be updated before the nodes
|
2017-10-12 18:21:33 +00:00
|
|
|
if d.HasChange("min_master_version") {
|
|
|
|
|
desiredMasterVersion := d.Get("min_master_version").(string)
|
|
|
|
|
currentMasterVersion := d.Get("master_version").(string)
|
|
|
|
|
des, err := version.NewVersion(desiredMasterVersion)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
2017-07-05 23:00:49 +00:00
|
|
|
}
|
2017-10-12 18:21:33 +00:00
|
|
|
cur, err := version.NewVersion(currentMasterVersion)
|
2017-07-05 23:00:49 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-12 18:21:33 +00:00
|
|
|
// Only upgrade the master if the current version is lower than the desired version
|
|
|
|
|
if cur.LessThan(des) {
|
2018-05-09 18:24:40 +00:00
|
|
|
req := &containerBeta.UpdateClusterRequest{
|
|
|
|
|
Update: &containerBeta.ClusterUpdate{
|
2017-10-12 18:21:33 +00:00
|
|
|
DesiredMasterVersion: desiredMasterVersion,
|
|
|
|
|
},
|
|
|
|
|
}
|
2017-08-08 18:31:12 +00:00
|
|
|
|
2018-04-05 21:51:35 +00:00
|
|
|
updateF := updateFunc(req, "updating GKE master version")
|
2018-02-05 17:45:53 +00:00
|
|
|
// Call update serially.
|
|
|
|
|
if err := lockedCall(lockKey, updateF); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
log.Printf("[INFO] GKE cluster %s: master has been updated to %s", d.Id(), desiredMasterVersion)
|
2017-10-12 18:21:33 +00:00
|
|
|
}
|
|
|
|
|
d.SetPartial("min_master_version")
|
2017-10-06 22:48:01 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if d.HasChange("node_version") {
|
|
|
|
|
desiredNodeVersion := d.Get("node_version").(string)
|
2018-05-09 18:24:40 +00:00
|
|
|
req := &containerBeta.UpdateClusterRequest{
|
|
|
|
|
Update: &containerBeta.ClusterUpdate{
|
2017-08-08 18:31:12 +00:00
|
|
|
DesiredNodeVersion: desiredNodeVersion,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
2018-04-05 21:51:35 +00:00
|
|
|
updateF := updateFunc(req, "updating GKE node version")
|
2018-02-05 17:45:53 +00:00
|
|
|
// Call update serially.
|
|
|
|
|
if err := lockedCall(lockKey, updateF); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2017-08-08 18:31:12 +00:00
|
|
|
log.Printf("[INFO] GKE cluster %s: nodes have been updated to %s", d.Id(),
|
2017-07-05 23:00:49 +00:00
|
|
|
desiredNodeVersion)
|
|
|
|
|
|
|
|
|
|
d.SetPartial("node_version")
|
2015-07-05 16:39:01 +00:00
|
|
|
}
|
|
|
|
|
|
2017-10-20 16:47:07 +00:00
|
|
|
if d.HasChange("addons_config") {
|
|
|
|
|
if ac, ok := d.GetOk("addons_config"); ok {
|
2018-05-09 18:24:40 +00:00
|
|
|
req := &containerBeta.UpdateClusterRequest{
|
|
|
|
|
Update: &containerBeta.ClusterUpdate{
|
|
|
|
|
DesiredAddonsConfig: expandClusterAddonsConfig(ac),
|
2017-10-20 16:47:07 +00:00
|
|
|
},
|
|
|
|
|
}
|
2018-02-05 17:45:53 +00:00
|
|
|
|
2018-04-05 21:51:35 +00:00
|
|
|
updateF := updateFunc(req, "updating GKE cluster addons")
|
2018-02-05 17:45:53 +00:00
|
|
|
// Call update serially.
|
|
|
|
|
if err := lockedCall(lockKey, updateF); err != nil {
|
|
|
|
|
return err
|
2017-10-20 16:47:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
log.Printf("[INFO] GKE cluster %s addons have been updated", d.Id())
|
|
|
|
|
|
|
|
|
|
d.SetPartial("addons_config")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-17 00:51:03 +00:00
|
|
|
if d.HasChange("enable_binary_authorization") {
|
|
|
|
|
enabled := d.Get("enable_binary_authorization").(bool)
|
|
|
|
|
req := &containerBeta.UpdateClusterRequest{
|
|
|
|
|
Update: &containerBeta.ClusterUpdate{
|
|
|
|
|
DesiredBinaryAuthorization: &containerBeta.BinaryAuthorization{
|
|
|
|
|
Enabled: enabled,
|
|
|
|
|
ForceSendFields: []string{"Enabled"},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
updateF := updateFunc(req, "updating GKE binary authorization")
|
|
|
|
|
// Call update serially.
|
|
|
|
|
if err := lockedCall(lockKey, updateF); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
log.Printf("[INFO] GKE cluster %s's binary authorization has been updated to %v", d.Id(), enabled)
|
|
|
|
|
|
|
|
|
|
d.SetPartial("enable_binary_authorization")
|
|
|
|
|
}
|
|
|
|
|
|
2017-12-27 20:29:14 +00:00
|
|
|
if d.HasChange("maintenance_policy") {
|
2018-05-09 18:24:40 +00:00
|
|
|
var req *containerBeta.SetMaintenancePolicyRequest
|
2017-12-27 20:29:14 +00:00
|
|
|
if mp, ok := d.GetOk("maintenance_policy"); ok {
|
2018-05-09 18:24:40 +00:00
|
|
|
req = &containerBeta.SetMaintenancePolicyRequest{
|
|
|
|
|
MaintenancePolicy: expandMaintenancePolicy(mp),
|
2017-12-27 20:29:14 +00:00
|
|
|
}
|
|
|
|
|
} else {
|
2018-05-09 18:24:40 +00:00
|
|
|
req = &containerBeta.SetMaintenancePolicyRequest{
|
2017-12-27 20:29:14 +00:00
|
|
|
NullFields: []string{"MaintenancePolicy"},
|
|
|
|
|
}
|
|
|
|
|
}
|
2018-02-05 17:45:53 +00:00
|
|
|
|
|
|
|
|
updateF := func() error {
|
2018-05-09 18:24:40 +00:00
|
|
|
name := containerClusterFullName(project, location, clusterName)
|
|
|
|
|
op, err := config.clientContainerBeta.Projects.Locations.Clusters.SetMaintenancePolicy(name, req).Do()
|
2018-04-05 21:51:35 +00:00
|
|
|
|
2018-02-05 17:45:53 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Wait until it's updated
|
2018-04-05 21:51:35 +00:00
|
|
|
return containerSharedOperationWait(config, op, project, location, "updating GKE cluster maintenance policy", timeoutInMinutes, 2)
|
2017-12-27 20:29:14 +00:00
|
|
|
}
|
|
|
|
|
|
2018-02-05 17:45:53 +00:00
|
|
|
// Call update serially.
|
|
|
|
|
if err := lockedCall(lockKey, updateF); err != nil {
|
|
|
|
|
return err
|
2017-12-27 20:29:14 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
log.Printf("[INFO] GKE cluster %s maintenance policy has been updated", d.Id())
|
|
|
|
|
|
|
|
|
|
d.SetPartial("maintenance_policy")
|
|
|
|
|
}
|
|
|
|
|
|
2017-07-05 23:00:49 +00:00
|
|
|
if d.HasChange("additional_zones") {
|
2018-04-19 00:29:07 +00:00
|
|
|
azSetOldI, azSetNewI := d.GetChange("additional_zones")
|
|
|
|
|
azSetNew := azSetNewI.(*schema.Set)
|
|
|
|
|
azSetOld := azSetOldI.(*schema.Set)
|
|
|
|
|
if azSetNew.Contains(location) {
|
2018-04-05 21:51:35 +00:00
|
|
|
return fmt.Errorf("additional_zones should not contain the original 'zone'")
|
2017-07-05 23:00:49 +00:00
|
|
|
}
|
2018-04-19 00:29:07 +00:00
|
|
|
// Since we can't add & remove zones in the same request, first add all the
|
|
|
|
|
// zones, then remove the ones we aren't using anymore.
|
|
|
|
|
azSet := azSetOld.Union(azSetNew)
|
2018-04-19 21:17:38 +00:00
|
|
|
|
|
|
|
|
if isZone(location) {
|
|
|
|
|
azSet.Add(location)
|
|
|
|
|
}
|
2018-04-19 00:29:07 +00:00
|
|
|
|
2018-05-09 18:24:40 +00:00
|
|
|
req := &containerBeta.UpdateClusterRequest{
|
|
|
|
|
Update: &containerBeta.ClusterUpdate{
|
2018-04-05 21:51:35 +00:00
|
|
|
DesiredLocations: convertStringSet(azSet),
|
2017-07-05 23:00:49 +00:00
|
|
|
},
|
|
|
|
|
}
|
2018-02-05 17:45:53 +00:00
|
|
|
|
2018-04-05 21:51:35 +00:00
|
|
|
updateF := updateFunc(req, "updating GKE cluster locations")
|
2018-02-05 17:45:53 +00:00
|
|
|
// Call update serially.
|
|
|
|
|
if err := lockedCall(lockKey, updateF); err != nil {
|
|
|
|
|
return err
|
2017-07-05 23:00:49 +00:00
|
|
|
}
|
2017-06-28 08:22:31 +00:00
|
|
|
|
2018-04-19 21:17:38 +00:00
|
|
|
if isZone(location) {
|
|
|
|
|
azSetNew.Add(location)
|
|
|
|
|
}
|
2018-04-19 00:29:07 +00:00
|
|
|
if !azSet.Equal(azSetNew) {
|
2018-05-09 18:24:40 +00:00
|
|
|
req = &containerBeta.UpdateClusterRequest{
|
|
|
|
|
Update: &containerBeta.ClusterUpdate{
|
2018-04-19 00:29:07 +00:00
|
|
|
DesiredLocations: convertStringSet(azSetNew),
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
updateF := updateFunc(req, "updating GKE cluster locations")
|
|
|
|
|
// Call update serially.
|
|
|
|
|
if err := lockedCall(lockKey, updateF); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-04-05 21:51:35 +00:00
|
|
|
log.Printf("[INFO] GKE cluster %s locations have been updated to %v", d.Id(), azSet.List())
|
2017-07-31 18:09:05 +00:00
|
|
|
|
|
|
|
|
d.SetPartial("additional_zones")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if d.HasChange("enable_legacy_abac") {
|
|
|
|
|
enabled := d.Get("enable_legacy_abac").(bool)
|
2018-05-09 18:24:40 +00:00
|
|
|
req := &containerBeta.SetLegacyAbacRequest{
|
2017-07-31 18:09:05 +00:00
|
|
|
Enabled: enabled,
|
|
|
|
|
ForceSendFields: []string{"Enabled"},
|
|
|
|
|
}
|
2018-02-05 17:45:53 +00:00
|
|
|
|
|
|
|
|
updateF := func() error {
|
2018-04-05 21:51:35 +00:00
|
|
|
log.Println("[DEBUG] updating enable_legacy_abac")
|
2018-05-09 18:24:40 +00:00
|
|
|
name := containerClusterFullName(project, location, clusterName)
|
|
|
|
|
op, err := config.clientContainerBeta.Projects.Locations.Clusters.SetLegacyAbac(name, req).Do()
|
2018-02-05 17:45:53 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Wait until it's updated
|
2018-04-05 21:51:35 +00:00
|
|
|
err = containerSharedOperationWait(config, op, project, location, "updating GKE legacy ABAC", timeoutInMinutes, 2)
|
|
|
|
|
log.Println("[DEBUG] done updating enable_legacy_abac")
|
2017-07-31 18:09:05 +00:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2018-02-05 17:45:53 +00:00
|
|
|
// Call update serially.
|
|
|
|
|
if err := lockedCall(lockKey, updateF); err != nil {
|
|
|
|
|
return err
|
2017-07-31 18:09:05 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
log.Printf("[INFO] GKE cluster %s legacy ABAC has been updated to %v", d.Id(), enabled)
|
|
|
|
|
|
|
|
|
|
d.SetPartial("enable_legacy_abac")
|
2015-07-05 16:39:01 +00:00
|
|
|
}
|
|
|
|
|
|
2017-10-20 16:46:21 +00:00
|
|
|
if d.HasChange("monitoring_service") {
|
|
|
|
|
desiredMonitoringService := d.Get("monitoring_service").(string)
|
|
|
|
|
|
2018-05-09 18:24:40 +00:00
|
|
|
req := &containerBeta.UpdateClusterRequest{
|
|
|
|
|
Update: &containerBeta.ClusterUpdate{
|
2017-10-20 16:46:21 +00:00
|
|
|
DesiredMonitoringService: desiredMonitoringService,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
2018-04-05 21:51:35 +00:00
|
|
|
updateF := updateFunc(req, "updating GKE cluster monitoring service")
|
2018-02-05 17:45:53 +00:00
|
|
|
// Call update serially.
|
|
|
|
|
if err := lockedCall(lockKey, updateF); err != nil {
|
|
|
|
|
return err
|
2017-10-20 16:46:21 +00:00
|
|
|
}
|
|
|
|
|
log.Printf("[INFO] Monitoring service for GKE cluster %s has been updated to %s", d.Id(),
|
|
|
|
|
desiredMonitoringService)
|
|
|
|
|
|
|
|
|
|
d.SetPartial("monitoring_service")
|
|
|
|
|
}
|
|
|
|
|
|
2017-11-27 20:40:07 +00:00
|
|
|
if d.HasChange("network_policy") {
|
2018-03-07 01:44:05 +00:00
|
|
|
np := d.Get("network_policy")
|
2018-05-09 18:24:40 +00:00
|
|
|
req := &containerBeta.SetNetworkPolicyRequest{
|
|
|
|
|
NetworkPolicy: expandNetworkPolicy(np),
|
2017-11-27 20:40:07 +00:00
|
|
|
}
|
2018-02-05 17:45:53 +00:00
|
|
|
|
|
|
|
|
updateF := func() error {
|
2018-04-05 21:51:35 +00:00
|
|
|
log.Println("[DEBUG] updating network_policy")
|
2018-05-09 18:24:40 +00:00
|
|
|
name := containerClusterFullName(project, location, clusterName)
|
|
|
|
|
op, err := config.clientContainerBeta.Projects.Locations.Clusters.SetNetworkPolicy(name, req).Do()
|
2018-02-05 17:45:53 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Wait until it's updated
|
2018-04-05 21:51:35 +00:00
|
|
|
err = containerSharedOperationWait(config, op, project, location, "updating GKE cluster network policy", timeoutInMinutes, 2)
|
|
|
|
|
log.Println("[DEBUG] done updating network_policy")
|
2017-11-27 20:40:07 +00:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2018-02-05 17:45:53 +00:00
|
|
|
// Call update serially.
|
|
|
|
|
if err := lockedCall(lockKey, updateF); err != nil {
|
|
|
|
|
return err
|
2017-11-27 20:40:07 +00:00
|
|
|
}
|
2018-02-05 17:45:53 +00:00
|
|
|
|
2017-11-27 20:40:07 +00:00
|
|
|
log.Printf("[INFO] Network policy for GKE cluster %s has been updated", d.Id())
|
|
|
|
|
|
|
|
|
|
d.SetPartial("network_policy")
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
2017-08-18 00:51:58 +00:00
|
|
|
if n, ok := d.GetOk("node_pool.#"); ok {
|
|
|
|
|
for i := 0; i < n.(int); i++ {
|
#1300 Supporting regional clusters for node pools (#1320)
This PR also switched us to using the beta API in all cases, and that had a side effect which is worth noting, note included here for posterity.
=====
The problem is, we add a GPU, and as per the docs, GKE adds a taint to
the node pool saying "don't schedule here unless you tolerate GPUs",
which is pretty sensible.
Terraform doesn't know about that, because it didn't ask for the taint
to be added. So after apply, on refresh, it sees the state of the world
(1 taint) and the state of the config (0 taints) and wants to set the
world equal to the config. This introduces a diff, which makes the test
fail - tests fail if there's a diff after they run.
Taints are a beta feature, though. :) And since the config doesn't
contain any taints, terraform didn't see any beta features in that node
pool ... so it used to send the request to the v1 API. And since the v1
API didn't return anything about taints (since they're a beta feature),
terraform happily checked the state of the world (0 taints I know about)
vs the config (0 taints), and all was well.
This PR makes every node pool refresh request hit the beta API. So now
terraform finds out about the taints (which were always there) and the
test fails (which it always should have done).
The solution is probably to write a little bit of code which suppresses
the report of the diff of any taint with value 'nvidia.com/gpu', but
only if GPUs are enabled. I think that's something that can be done.
2018-04-25 00:55:21 +00:00
|
|
|
nodePoolInfo, err := extractNodePoolInformationFromCluster(d, config, clusterName)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := nodePoolUpdate(d, meta, nodePoolInfo, fmt.Sprintf("node_pool.%d.", i), timeoutInMinutes); err != nil {
|
2017-10-04 00:09:34 +00:00
|
|
|
return err
|
2017-08-18 00:51:58 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
d.SetPartial("node_pool")
|
|
|
|
|
}
|
|
|
|
|
|
2017-08-18 22:29:51 +00:00
|
|
|
if d.HasChange("logging_service") {
|
|
|
|
|
logging := d.Get("logging_service").(string)
|
|
|
|
|
|
2018-05-09 18:24:40 +00:00
|
|
|
req := &containerBeta.SetLoggingServiceRequest{
|
2017-08-18 22:29:51 +00:00
|
|
|
LoggingService: logging,
|
|
|
|
|
}
|
2018-02-05 17:45:53 +00:00
|
|
|
updateF := func() error {
|
2018-05-09 18:24:40 +00:00
|
|
|
name := containerClusterFullName(project, location, clusterName)
|
|
|
|
|
op, err := config.clientContainerBeta.Projects.Locations.Clusters.SetLogging(name, req).Do()
|
2018-02-05 17:45:53 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Wait until it's updated
|
2018-04-05 21:51:35 +00:00
|
|
|
return containerSharedOperationWait(config, op, project, location, "updating GKE logging service", timeoutInMinutes, 2)
|
2017-08-18 22:29:51 +00:00
|
|
|
}
|
|
|
|
|
|
2018-02-05 17:45:53 +00:00
|
|
|
// Call update serially.
|
|
|
|
|
if err := lockedCall(lockKey, updateF); err != nil {
|
|
|
|
|
return err
|
2017-08-18 22:29:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
log.Printf("[INFO] GKE cluster %s: logging service has been updated to %s", d.Id(),
|
|
|
|
|
logging)
|
|
|
|
|
d.SetPartial("logging_service")
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-07 21:07:28 +00:00
|
|
|
if d.HasChange("node_config") {
|
|
|
|
|
if d.HasChange("node_config.0.image_type") {
|
|
|
|
|
it := d.Get("node_config.0.image_type").(string)
|
|
|
|
|
req := &containerBeta.UpdateClusterRequest{
|
|
|
|
|
Update: &containerBeta.ClusterUpdate{
|
|
|
|
|
DesiredImageType: it,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
updateF := func() error {
|
|
|
|
|
name := containerClusterFullName(project, location, clusterName)
|
|
|
|
|
op, err := config.clientContainerBeta.Projects.Locations.Clusters.Update(name, req).Do()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Wait until it's updated
|
|
|
|
|
return containerSharedOperationWait(config, op, project, location, "updating GKE image type", timeoutInMinutes, 2)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Call update serially.
|
|
|
|
|
if err := lockedCall(lockKey, updateF); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
log.Printf("[INFO] GKE cluster %s: image type has been updated to %s", d.Id(), it)
|
|
|
|
|
}
|
|
|
|
|
d.SetPartial("node_config")
|
|
|
|
|
}
|
|
|
|
|
|
2018-08-15 19:50:17 +00:00
|
|
|
if d.HasChange("master_auth") {
|
|
|
|
|
var req *containerBeta.SetMasterAuthRequest
|
|
|
|
|
if ma, ok := d.GetOk("master_auth"); ok {
|
|
|
|
|
req = &containerBeta.SetMasterAuthRequest{
|
|
|
|
|
Action: "SET_USERNAME",
|
|
|
|
|
Update: expandMasterAuth(ma),
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
req = &containerBeta.SetMasterAuthRequest{
|
|
|
|
|
Action: "SET_USERNAME",
|
|
|
|
|
Update: &containerBeta.MasterAuth{
|
|
|
|
|
Username: "admin",
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
updateF := func() error {
|
|
|
|
|
name := containerClusterFullName(project, location, clusterName)
|
|
|
|
|
op, err := config.clientContainerBeta.Projects.Locations.Clusters.SetMasterAuth(name, req).Do()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Wait until it's updated
|
|
|
|
|
return containerSharedOperationWait(config, op, project, location, "updating master auth", timeoutInMinutes, 2)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Call update serially.
|
|
|
|
|
if err := lockedCall(lockKey, updateF); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
log.Printf("[INFO] GKE cluster %s: master auth has been updated", d.Id())
|
|
|
|
|
d.SetPartial("master_auth")
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-23 18:27:37 +00:00
|
|
|
if d.HasChange("pod_security_policy_config") {
|
|
|
|
|
c := d.Get("pod_security_policy_config")
|
|
|
|
|
req := &containerBeta.UpdateClusterRequest{
|
|
|
|
|
Update: &containerBeta.ClusterUpdate{
|
|
|
|
|
DesiredPodSecurityPolicyConfig: expandPodSecurityPolicyConfig(c),
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
updateF := func() error {
|
2018-08-16 20:57:41 +00:00
|
|
|
name := containerClusterFullName(project, location, clusterName)
|
|
|
|
|
op, err := config.clientContainerBeta.Projects.Locations.Clusters.Update(name, req).Do()
|
2018-03-23 18:27:37 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
// Wait until it's updated
|
2018-04-05 21:51:35 +00:00
|
|
|
return containerSharedOperationWait(config, op, project, location, "updating GKE cluster pod security policy config", timeoutInMinutes, 2)
|
2018-03-23 18:27:37 +00:00
|
|
|
}
|
|
|
|
|
if err := lockedCall(lockKey, updateF); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
log.Printf("[INFO] GKE cluster %s pod security policy config has been updated", d.Id())
|
|
|
|
|
|
|
|
|
|
d.SetPartial("pod_security_policy_config")
|
|
|
|
|
}
|
|
|
|
|
|
2018-06-15 10:10:25 +00:00
|
|
|
if d.HasChange("resource_labels") {
|
2018-07-13 21:14:00 +00:00
|
|
|
resourceLabels := d.Get("resource_labels").(map[string]interface{})
|
2018-06-15 10:10:25 +00:00
|
|
|
req := &containerBeta.SetLabelsRequest{
|
2018-07-13 21:14:00 +00:00
|
|
|
ResourceLabels: convertStringMap(resourceLabels),
|
2018-06-15 10:10:25 +00:00
|
|
|
}
|
|
|
|
|
updateF := func() error {
|
|
|
|
|
name := containerClusterFullName(project, location, clusterName)
|
|
|
|
|
op, err := config.clientContainerBeta.Projects.Locations.Clusters.SetResourceLabels(name, req).Do()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Wait until it's updated
|
|
|
|
|
return containerSharedOperationWait(config, op, project, location, "updating GKE resource labels", timeoutInMinutes, 2)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Call update serially.
|
|
|
|
|
if err := lockedCall(lockKey, updateF); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
d.SetPartial("resource_labels")
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-23 00:22:44 +00:00
|
|
|
if d.HasChange("remove_default_node_pool") && d.Get("remove_default_node_pool").(bool) {
|
2018-05-09 18:24:40 +00:00
|
|
|
name := fmt.Sprintf("%s/nodePools/%s", containerClusterFullName(project, location, clusterName), "default-pool")
|
|
|
|
|
op, err := config.clientContainerBeta.Projects.Locations.Clusters.NodePools.Delete(name).Do()
|
2018-03-23 00:22:44 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return errwrap.Wrapf("Error deleting default node pool: {{err}}", err)
|
|
|
|
|
}
|
2018-04-05 21:51:35 +00:00
|
|
|
err = containerSharedOperationWait(config, op, project, location, "removing default node pool", timeoutInMinutes, 3)
|
2018-03-23 00:22:44 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return errwrap.Wrapf("Error deleting default node pool: {{err}}", err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-07-05 23:00:49 +00:00
|
|
|
d.Partial(false)
|
2015-07-05 16:39:01 +00:00
|
|
|
|
|
|
|
|
return resourceContainerClusterRead(d, meta)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func resourceContainerClusterDelete(d *schema.ResourceData, meta interface{}) error {
|
|
|
|
|
config := meta.(*Config)
|
|
|
|
|
|
2016-04-10 16:59:57 +00:00
|
|
|
project, err := getProject(d, config)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2018-04-05 21:51:35 +00:00
|
|
|
var location string
|
|
|
|
|
locations := []string{}
|
|
|
|
|
if regionName, isRegionalCluster := d.GetOk("region"); !isRegionalCluster {
|
|
|
|
|
location, err = getZone(d, config)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
locations = append(locations, location)
|
|
|
|
|
} else {
|
|
|
|
|
location = regionName.(string)
|
2017-12-06 22:30:04 +00:00
|
|
|
}
|
2018-04-05 21:51:35 +00:00
|
|
|
|
2015-07-05 16:39:01 +00:00
|
|
|
clusterName := d.Get("name").(string)
|
2017-06-28 08:22:31 +00:00
|
|
|
timeoutInMinutes := int(d.Timeout(schema.TimeoutDelete).Minutes())
|
2015-07-05 16:39:01 +00:00
|
|
|
|
|
|
|
|
log.Printf("[DEBUG] Deleting GKE cluster %s", d.Get("name").(string))
|
2018-04-05 21:51:35 +00:00
|
|
|
mutexKV.Lock(containerClusterMutexKey(project, location, clusterName))
|
|
|
|
|
defer mutexKV.Unlock(containerClusterMutexKey(project, location, clusterName))
|
|
|
|
|
|
|
|
|
|
var op interface{}
|
#1300 Supporting regional clusters for node pools (#1320)
This PR also switched us to using the beta API in all cases, and that had a side effect which is worth noting, note included here for posterity.
=====
The problem is, we add a GPU, and as per the docs, GKE adds a taint to
the node pool saying "don't schedule here unless you tolerate GPUs",
which is pretty sensible.
Terraform doesn't know about that, because it didn't ask for the taint
to be added. So after apply, on refresh, it sees the state of the world
(1 taint) and the state of the config (0 taints) and wants to set the
world equal to the config. This introduces a diff, which makes the test
fail - tests fail if there's a diff after they run.
Taints are a beta feature, though. :) And since the config doesn't
contain any taints, terraform didn't see any beta features in that node
pool ... so it used to send the request to the v1 API. And since the v1
API didn't return anything about taints (since they're a beta feature),
terraform happily checked the state of the world (0 taints I know about)
vs the config (0 taints), and all was well.
This PR makes every node pool refresh request hit the beta API. So now
terraform finds out about the taints (which were always there) and the
test fails (which it always should have done).
The solution is probably to write a little bit of code which suppresses
the report of the diff of any taint with value 'nvidia.com/gpu', but
only if GPUs are enabled. I think that's something that can be done.
2018-04-25 00:55:21 +00:00
|
|
|
var count = 0
|
|
|
|
|
err = resource.Retry(30*time.Second, func() *resource.RetryError {
|
|
|
|
|
count++
|
|
|
|
|
|
2018-04-05 21:51:35 +00:00
|
|
|
name := containerClusterFullName(project, location, clusterName)
|
|
|
|
|
op, err = config.clientContainerBeta.Projects.Locations.Clusters.Delete(name).Do()
|
#1300 Supporting regional clusters for node pools (#1320)
This PR also switched us to using the beta API in all cases, and that had a side effect which is worth noting, note included here for posterity.
=====
The problem is, we add a GPU, and as per the docs, GKE adds a taint to
the node pool saying "don't schedule here unless you tolerate GPUs",
which is pretty sensible.
Terraform doesn't know about that, because it didn't ask for the taint
to be added. So after apply, on refresh, it sees the state of the world
(1 taint) and the state of the config (0 taints) and wants to set the
world equal to the config. This introduces a diff, which makes the test
fail - tests fail if there's a diff after they run.
Taints are a beta feature, though. :) And since the config doesn't
contain any taints, terraform didn't see any beta features in that node
pool ... so it used to send the request to the v1 API. And since the v1
API didn't return anything about taints (since they're a beta feature),
terraform happily checked the state of the world (0 taints I know about)
vs the config (0 taints), and all was well.
This PR makes every node pool refresh request hit the beta API. So now
terraform finds out about the taints (which were always there) and the
test fails (which it always should have done).
The solution is probably to write a little bit of code which suppresses
the report of the diff of any taint with value 'nvidia.com/gpu', but
only if GPUs are enabled. I think that's something that can be done.
2018-04-25 00:55:21 +00:00
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Printf("[WARNING] Cluster is still not ready to delete, retrying %s", clusterName)
|
|
|
|
|
return resource.RetryableError(err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if count == 15 {
|
|
|
|
|
return resource.NonRetryableError(fmt.Errorf("Error retrying to delete cluster %s", clusterName))
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
})
|
|
|
|
|
|
2015-07-05 16:39:01 +00:00
|
|
|
if err != nil {
|
#1300 Supporting regional clusters for node pools (#1320)
This PR also switched us to using the beta API in all cases, and that had a side effect which is worth noting, note included here for posterity.
=====
The problem is, we add a GPU, and as per the docs, GKE adds a taint to
the node pool saying "don't schedule here unless you tolerate GPUs",
which is pretty sensible.
Terraform doesn't know about that, because it didn't ask for the taint
to be added. So after apply, on refresh, it sees the state of the world
(1 taint) and the state of the config (0 taints) and wants to set the
world equal to the config. This introduces a diff, which makes the test
fail - tests fail if there's a diff after they run.
Taints are a beta feature, though. :) And since the config doesn't
contain any taints, terraform didn't see any beta features in that node
pool ... so it used to send the request to the v1 API. And since the v1
API didn't return anything about taints (since they're a beta feature),
terraform happily checked the state of the world (0 taints I know about)
vs the config (0 taints), and all was well.
This PR makes every node pool refresh request hit the beta API. So now
terraform finds out about the taints (which were always there) and the
test fails (which it always should have done).
The solution is probably to write a little bit of code which suppresses
the report of the diff of any taint with value 'nvidia.com/gpu', but
only if GPUs are enabled. I think that's something that can be done.
2018-04-25 00:55:21 +00:00
|
|
|
return fmt.Errorf("Error deleting Cluster: %s", err)
|
2015-07-05 16:39:01 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Wait until it's deleted
|
2018-04-05 21:51:35 +00:00
|
|
|
waitErr := containerSharedOperationWait(config, op, project, location, "deleting GKE cluster", timeoutInMinutes, 3)
|
2017-03-06 22:59:24 +00:00
|
|
|
if waitErr != nil {
|
|
|
|
|
return waitErr
|
2015-07-05 16:39:01 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
log.Printf("[INFO] GKE cluster %s has been deleted", d.Id())
|
|
|
|
|
|
|
|
|
|
d.SetId("")
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2017-03-22 23:33:11 +00:00
|
|
|
// container engine's API currently mistakenly returns the instance group manager's
|
|
|
|
|
// URL instead of the instance group's URL in its responses. This shim detects that
|
|
|
|
|
// error, and corrects it, by fetching the instance group manager URL and retrieving
|
|
|
|
|
// the instance group manager, then using that to look up the instance group URL, which
|
|
|
|
|
// is then substituted.
|
|
|
|
|
//
|
|
|
|
|
// This should be removed when the API response is fixed.
|
|
|
|
|
func getInstanceGroupUrlsFromManagerUrls(config *Config, igmUrls []string) ([]string, error) {
|
|
|
|
|
instanceGroupURLs := make([]string, 0, len(igmUrls))
|
|
|
|
|
for _, u := range igmUrls {
|
|
|
|
|
if !instanceGroupManagerURL.MatchString(u) {
|
|
|
|
|
instanceGroupURLs = append(instanceGroupURLs, u)
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
matches := instanceGroupManagerURL.FindStringSubmatch(u)
|
|
|
|
|
instanceGroupManager, err := config.clientCompute.InstanceGroupManagers.Get(matches[1], matches[2], matches[3]).Do()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("Error reading instance group manager returned as an instance group URL: %s", err)
|
|
|
|
|
}
|
|
|
|
|
instanceGroupURLs = append(instanceGroupURLs, instanceGroupManager.InstanceGroup)
|
|
|
|
|
}
|
|
|
|
|
return instanceGroupURLs, nil
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-07 01:44:05 +00:00
|
|
|
func expandClusterAddonsConfig(configured interface{}) *containerBeta.AddonsConfig {
|
2017-10-20 16:47:07 +00:00
|
|
|
config := configured.([]interface{})[0].(map[string]interface{})
|
2018-03-07 01:44:05 +00:00
|
|
|
ac := &containerBeta.AddonsConfig{}
|
2017-10-20 16:47:07 +00:00
|
|
|
|
|
|
|
|
if v, ok := config["http_load_balancing"]; ok && len(v.([]interface{})) > 0 {
|
|
|
|
|
addon := v.([]interface{})[0].(map[string]interface{})
|
2018-03-07 01:44:05 +00:00
|
|
|
ac.HttpLoadBalancing = &containerBeta.HttpLoadBalancing{
|
2017-10-20 16:47:07 +00:00
|
|
|
Disabled: addon["disabled"].(bool),
|
|
|
|
|
ForceSendFields: []string{"Disabled"},
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if v, ok := config["horizontal_pod_autoscaling"]; ok && len(v.([]interface{})) > 0 {
|
|
|
|
|
addon := v.([]interface{})[0].(map[string]interface{})
|
2018-03-07 01:44:05 +00:00
|
|
|
ac.HorizontalPodAutoscaling = &containerBeta.HorizontalPodAutoscaling{
|
2017-10-20 16:47:07 +00:00
|
|
|
Disabled: addon["disabled"].(bool),
|
|
|
|
|
ForceSendFields: []string{"Disabled"},
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if v, ok := config["kubernetes_dashboard"]; ok && len(v.([]interface{})) > 0 {
|
|
|
|
|
addon := v.([]interface{})[0].(map[string]interface{})
|
2018-03-07 01:44:05 +00:00
|
|
|
ac.KubernetesDashboard = &containerBeta.KubernetesDashboard{
|
2017-10-20 16:47:07 +00:00
|
|
|
Disabled: addon["disabled"].(bool),
|
|
|
|
|
ForceSendFields: []string{"Disabled"},
|
|
|
|
|
}
|
|
|
|
|
}
|
2018-03-15 21:50:24 +00:00
|
|
|
|
|
|
|
|
if v, ok := config["network_policy_config"]; ok && len(v.([]interface{})) > 0 {
|
|
|
|
|
addon := v.([]interface{})[0].(map[string]interface{})
|
|
|
|
|
ac.NetworkPolicyConfig = &containerBeta.NetworkPolicyConfig{
|
|
|
|
|
Disabled: addon["disabled"].(bool),
|
|
|
|
|
ForceSendFields: []string{"Disabled"},
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-20 16:47:07 +00:00
|
|
|
return ac
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-07 01:44:05 +00:00
|
|
|
func expandIPAllocationPolicy(configured interface{}) (*containerBeta.IPAllocationPolicy, error) {
|
2018-02-09 21:55:38 +00:00
|
|
|
l := configured.([]interface{})
|
2018-09-05 16:52:06 +00:00
|
|
|
if len(l) == 0 {
|
|
|
|
|
return &containerBeta.IPAllocationPolicy{}, nil
|
2017-11-27 23:15:03 +00:00
|
|
|
}
|
2018-09-05 16:52:06 +00:00
|
|
|
config := l[0].(map[string]interface{})
|
|
|
|
|
|
|
|
|
|
return &containerBeta.IPAllocationPolicy{
|
|
|
|
|
UseIpAliases: true,
|
|
|
|
|
|
|
|
|
|
CreateSubnetwork: config["create_subnetwork"].(bool),
|
|
|
|
|
SubnetworkName: config["subnetwork_name"].(string),
|
2017-11-27 23:15:03 +00:00
|
|
|
|
2018-09-05 16:52:06 +00:00
|
|
|
ClusterIpv4CidrBlock: config["cluster_ipv4_cidr_block"].(string),
|
|
|
|
|
ServicesIpv4CidrBlock: config["services_ipv4_cidr_block"].(string),
|
|
|
|
|
|
|
|
|
|
ClusterSecondaryRangeName: config["cluster_secondary_range_name"].(string),
|
|
|
|
|
ServicesSecondaryRangeName: config["services_secondary_range_name"].(string),
|
|
|
|
|
}, nil
|
2017-11-27 23:15:03 +00:00
|
|
|
}
|
|
|
|
|
|
2018-03-07 01:44:05 +00:00
|
|
|
func expandMaintenancePolicy(configured interface{}) *containerBeta.MaintenancePolicy {
|
|
|
|
|
result := &containerBeta.MaintenancePolicy{}
|
2017-12-27 20:29:14 +00:00
|
|
|
if len(configured.([]interface{})) > 0 {
|
|
|
|
|
maintenancePolicy := configured.([]interface{})[0].(map[string]interface{})
|
|
|
|
|
dailyMaintenanceWindow := maintenancePolicy["daily_maintenance_window"].([]interface{})[0].(map[string]interface{})
|
|
|
|
|
startTime := dailyMaintenanceWindow["start_time"].(string)
|
2018-03-07 01:44:05 +00:00
|
|
|
result.Window = &containerBeta.MaintenanceWindow{
|
|
|
|
|
DailyMaintenanceWindow: &containerBeta.DailyMaintenanceWindow{
|
2017-12-27 20:29:14 +00:00
|
|
|
StartTime: startTime,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
}
|
2018-08-15 19:50:17 +00:00
|
|
|
return result
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func expandMasterAuth(configured interface{}) *containerBeta.MasterAuth {
|
|
|
|
|
result := &containerBeta.MasterAuth{}
|
|
|
|
|
if len(configured.([]interface{})) > 0 {
|
|
|
|
|
masterAuth := configured.([]interface{})[0].(map[string]interface{})
|
|
|
|
|
result.Username = masterAuth["username"].(string)
|
|
|
|
|
result.Password = masterAuth["password"].(string)
|
|
|
|
|
if _, ok := masterAuth["client_certificate_config"]; ok {
|
|
|
|
|
if len(masterAuth["client_certificate_config"].([]interface{})) > 0 {
|
|
|
|
|
clientCertificateConfig := masterAuth["client_certificate_config"].([]interface{})[0].(map[string]interface{})
|
|
|
|
|
if _, ok := clientCertificateConfig["issue_client_certificate"]; ok {
|
|
|
|
|
result.ClientCertificateConfig = &containerBeta.ClientCertificateConfig{
|
|
|
|
|
IssueClientCertificate: clientCertificateConfig["issue_client_certificate"].(bool),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2017-12-27 20:29:14 +00:00
|
|
|
return result
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-07 01:44:05 +00:00
|
|
|
func expandMasterAuthorizedNetworksConfig(configured interface{}) *containerBeta.MasterAuthorizedNetworksConfig {
|
|
|
|
|
result := &containerBeta.MasterAuthorizedNetworksConfig{}
|
2017-11-02 17:38:20 +00:00
|
|
|
if len(configured.([]interface{})) > 0 {
|
|
|
|
|
result.Enabled = true
|
Fix panic on empty list for authorized masters' `cidr_blocks` (#1904)
* test empty authorized masters' cidr_blocks
When the `cidr_block` isn't simply blank but contains an empty list as in
```
master_authorized_networks_config {
cidr_blocks = []
}
```
a panic occurs looking something like
```
goroutine 26 [running]:
github.com/terraform-providers/terraform-provider-google/google.expandMasterAuthorizedNetworksConfig(0x15a4f80, 0xc4202586e0, 0x21)
/tmp/GOPATH/src/github.com/terraform-providers/terraform-provider-google/google/resource_container_cluster.go:1355 +0x4f2
github.com/terraform-providers/terraform-provider-google/google.resourceContainerClusterCreate(0xc420146a80, 0x16b1800, 0xc4200b8000, 0x0, 0x0)
/tmp/GOPATH/src/github.com/terraform-providers/terraform-provider-google/google/resource_container_cluster.go:520 +0x2848
github.com/terraform-providers/terraform-provider-google/vendor/github.com/hashicorp/terraform/helper/schema.(*Resource).Apply(0xc420495490, 0xc420341310, 0xc4202582c0, 0x16b1800, 0xc4200b8000, 0x1, 0xc42024eae0, 0xc4201e3650)
/tmp/GOPATH/src/github.com/terraform-providers/terraform-provider-google/vendor/github.com/hashicorp/terraform/helper/schema/resource.go:227 +0x364
github.com/terraform-providers/terraform-provider-google/vendor/github.com/hashicorp/terraform/helper/schema.(*Provider).Apply(0xc4204c6700, 0xc4203412c0, 0xc420341310, 0xc4202582c0, 0x14ee1441a000, 0x0, 0x18)
/tmp/GOPATH/src/github.com/terraform-providers/terraform-provider-google/vendor/github.com/hashicorp/terraform/helper/schema/provider.go:283 +0xa4
github.com/terraform-providers/terraform-provider-google/vendor/github.com/hashicorp/terraform/plugin.(*ResourceProviderServer).Apply(0xc4202d7c40, 0xc42035de80, 0xc42025c160, 0x0, 0x0)
/tmp/GOPATH/src/github.com/terraform-providers/terraform-provider-google/vendor/github.com/hashicorp/terraform/plugin/resource_provider.go:527 +0x57
reflect.Value.call(0xc4203feae0, 0xc42000e038, 0x13, 0x19e88a8, 0x4, 0xc42015ff20, 0x3, 0x3, 0xc420047ee8, 0xc4204c6798, ...)
/usr/local/go/src/reflect/value.go:434 +0x905
reflect.Value.Call(0xc4203feae0, 0xc42000e038, 0x13, 0xc420047f20, 0x3, 0x3, 0xc400000001, 0x0, 0x0)
/usr/local/go/src/reflect/value.go:302 +0xa4
net/rpc.(*service).call(0xc420418600, 0xc42007c140, 0xc42001e798, 0xc4200c4000, 0xc4202d6c40, 0x1557f80, 0xc42035de80, 0x16, 0x1557fc0, 0xc42025c160, ...)
/usr/local/go/src/net/rpc/server.go:381 +0x142
created by net/rpc.(*Server).ServeCodec
/usr/local/go/src/net/rpc/server.go:475 +0x36b
```
which we trigger by altering the first step to contain the HCL notation
for an empty list instead of simply an empty string.
In order to accomplish this, the tests had to be modified to accept an
emptyValue string as well which contains the content of the
`emptyValue` string when the cidrBlocks array is empty. This maintains
the old behavior of the original tests when `emptyValue` is an empty
string, while also facilating differing behavior for the new testcase by
setting `emptyValue` to whichever string we want to test instead. I
don't think this is very clean, but I guess it's pragmatic enough.
I'll hear if this is a thorn in the side to someone :smirk:.
* avoid panic on cidr_block type assertion
This is basically the fix. Since the value can be nil, we want to ensure
we handle a failure during the assertion since we know that asserting
`nil` conforms to `map[string]interface{}` will cause a run-time panic.
* flatten to config on empty list for cidr_blocks
since an empty list for cidrBlocks constitutes valid input, one should
return a map containing an empty list for the cidr_blocks field instead
of a nil value.
The nil value is only appropriate when the input Config is also nil.
2018-08-21 02:29:37 +00:00
|
|
|
if config, ok := configured.([]interface{})[0].(map[string]interface{}); ok {
|
|
|
|
|
if _, ok := config["cidr_blocks"]; ok {
|
|
|
|
|
cidrBlocks := config["cidr_blocks"].(*schema.Set).List()
|
|
|
|
|
result.CidrBlocks = make([]*containerBeta.CidrBlock, 0)
|
|
|
|
|
for _, v := range cidrBlocks {
|
|
|
|
|
cidrBlock := v.(map[string]interface{})
|
|
|
|
|
result.CidrBlocks = append(result.CidrBlocks, &containerBeta.CidrBlock{
|
|
|
|
|
CidrBlock: cidrBlock["cidr_block"].(string),
|
|
|
|
|
DisplayName: cidrBlock["display_name"].(string),
|
|
|
|
|
})
|
|
|
|
|
}
|
2017-11-02 17:38:20 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return result
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-07 01:44:05 +00:00
|
|
|
func expandNetworkPolicy(configured interface{}) *containerBeta.NetworkPolicy {
|
|
|
|
|
result := &containerBeta.NetworkPolicy{}
|
2017-11-27 20:40:07 +00:00
|
|
|
if configured != nil && len(configured.([]interface{})) > 0 {
|
|
|
|
|
config := configured.([]interface{})[0].(map[string]interface{})
|
|
|
|
|
if enabled, ok := config["enabled"]; ok && enabled.(bool) {
|
|
|
|
|
result.Enabled = true
|
|
|
|
|
if provider, ok := config["provider"]; ok {
|
|
|
|
|
result.Provider = provider.(string)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return result
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-14 21:00:31 +00:00
|
|
|
func expandPodSecurityPolicyConfig(configured interface{}) *containerBeta.PodSecurityPolicyConfig {
|
|
|
|
|
result := &containerBeta.PodSecurityPolicyConfig{}
|
|
|
|
|
if len(configured.([]interface{})) > 0 {
|
|
|
|
|
config := configured.([]interface{})[0].(map[string]interface{})
|
|
|
|
|
result.Enabled = config["enabled"].(bool)
|
|
|
|
|
result.ForceSendFields = []string{"Enabled"}
|
|
|
|
|
}
|
|
|
|
|
return result
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-07 01:44:05 +00:00
|
|
|
func flattenNetworkPolicy(c *containerBeta.NetworkPolicy) []map[string]interface{} {
|
2017-11-27 20:40:07 +00:00
|
|
|
result := []map[string]interface{}{}
|
|
|
|
|
if c != nil {
|
|
|
|
|
result = append(result, map[string]interface{}{
|
|
|
|
|
"enabled": c.Enabled,
|
|
|
|
|
"provider": c.Provider,
|
|
|
|
|
})
|
2018-04-20 18:39:20 +00:00
|
|
|
} else {
|
|
|
|
|
// Explicitly set the network policy to the default.
|
|
|
|
|
result = append(result, map[string]interface{}{
|
|
|
|
|
"enabled": false,
|
|
|
|
|
"provider": "PROVIDER_UNSPECIFIED",
|
|
|
|
|
})
|
2017-11-27 20:40:07 +00:00
|
|
|
}
|
|
|
|
|
return result
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-07 01:44:05 +00:00
|
|
|
func flattenClusterAddonsConfig(c *containerBeta.AddonsConfig) []map[string]interface{} {
|
2017-10-20 16:47:07 +00:00
|
|
|
result := make(map[string]interface{})
|
2018-06-20 23:45:49 +00:00
|
|
|
if c == nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2017-10-20 16:47:07 +00:00
|
|
|
if c.HorizontalPodAutoscaling != nil {
|
|
|
|
|
result["horizontal_pod_autoscaling"] = []map[string]interface{}{
|
|
|
|
|
{
|
|
|
|
|
"disabled": c.HorizontalPodAutoscaling.Disabled,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if c.HttpLoadBalancing != nil {
|
|
|
|
|
result["http_load_balancing"] = []map[string]interface{}{
|
|
|
|
|
{
|
|
|
|
|
"disabled": c.HttpLoadBalancing.Disabled,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if c.KubernetesDashboard != nil {
|
|
|
|
|
result["kubernetes_dashboard"] = []map[string]interface{}{
|
|
|
|
|
{
|
|
|
|
|
"disabled": c.KubernetesDashboard.Disabled,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
}
|
2018-03-15 21:50:24 +00:00
|
|
|
if c.NetworkPolicyConfig != nil {
|
|
|
|
|
result["network_policy_config"] = []map[string]interface{}{
|
|
|
|
|
{
|
|
|
|
|
"disabled": c.NetworkPolicyConfig.Disabled,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-20 16:47:07 +00:00
|
|
|
return []map[string]interface{}{result}
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-07 01:44:05 +00:00
|
|
|
func flattenClusterNodePools(d *schema.ResourceData, config *Config, c []*containerBeta.NodePool) ([]map[string]interface{}, error) {
|
2017-08-18 00:51:58 +00:00
|
|
|
nodePools := make([]map[string]interface{}, 0, len(c))
|
2017-04-12 19:57:53 +00:00
|
|
|
|
|
|
|
|
for i, np := range c {
|
2017-10-04 00:09:34 +00:00
|
|
|
nodePool, err := flattenNodePool(d, config, np, fmt.Sprintf("node_pool.%d.", i))
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
2017-04-12 19:57:53 +00:00
|
|
|
}
|
|
|
|
|
nodePools = append(nodePools, nodePool)
|
|
|
|
|
}
|
|
|
|
|
|
2017-08-18 00:51:58 +00:00
|
|
|
return nodePools, nil
|
2017-04-12 19:57:53 +00:00
|
|
|
}
|
2017-08-04 22:34:02 +00:00
|
|
|
|
2018-03-07 01:44:05 +00:00
|
|
|
func flattenIPAllocationPolicy(c *containerBeta.IPAllocationPolicy) []map[string]interface{} {
|
2018-06-20 23:45:49 +00:00
|
|
|
if c == nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2017-11-27 23:15:03 +00:00
|
|
|
return []map[string]interface{}{
|
|
|
|
|
{
|
2018-09-05 16:52:06 +00:00
|
|
|
"create_subnetwork": c.CreateSubnetwork,
|
|
|
|
|
"subnetwork_name": c.SubnetworkName,
|
|
|
|
|
|
|
|
|
|
"cluster_ipv4_cidr_block": c.ClusterIpv4CidrBlock,
|
|
|
|
|
"services_ipv4_cidr_block": c.ServicesIpv4CidrBlock,
|
|
|
|
|
|
2017-11-27 23:15:03 +00:00
|
|
|
"cluster_secondary_range_name": c.ClusterSecondaryRangeName,
|
|
|
|
|
"services_secondary_range_name": c.ServicesSecondaryRangeName,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-07 01:44:05 +00:00
|
|
|
func flattenMaintenancePolicy(mp *containerBeta.MaintenancePolicy) []map[string]interface{} {
|
2018-06-20 23:45:49 +00:00
|
|
|
if mp == nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2017-12-27 20:29:14 +00:00
|
|
|
return []map[string]interface{}{
|
|
|
|
|
{
|
|
|
|
|
"daily_maintenance_window": []map[string]interface{}{
|
|
|
|
|
{
|
|
|
|
|
"start_time": mp.Window.DailyMaintenanceWindow.StartTime,
|
|
|
|
|
"duration": mp.Window.DailyMaintenanceWindow.Duration,
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-06-20 23:45:49 +00:00
|
|
|
func flattenMasterAuth(ma *containerBeta.MasterAuth) []map[string]interface{} {
|
|
|
|
|
if ma == nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
masterAuth := []map[string]interface{}{
|
|
|
|
|
{
|
|
|
|
|
"username": ma.Username,
|
|
|
|
|
"password": ma.Password,
|
|
|
|
|
"client_certificate": ma.ClientCertificate,
|
|
|
|
|
"client_key": ma.ClientKey,
|
|
|
|
|
"cluster_ca_certificate": ma.ClusterCaCertificate,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
if len(ma.ClientCertificate) == 0 {
|
|
|
|
|
masterAuth[0]["client_certificate_config"] = []map[string]interface{}{
|
|
|
|
|
{"issue_client_certificate": false},
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return masterAuth
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-07 01:44:05 +00:00
|
|
|
func flattenMasterAuthorizedNetworksConfig(c *containerBeta.MasterAuthorizedNetworksConfig) []map[string]interface{} {
|
2018-06-20 23:45:49 +00:00
|
|
|
if c == nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2017-11-02 17:38:20 +00:00
|
|
|
result := make(map[string]interface{})
|
2018-03-30 17:10:25 +00:00
|
|
|
if c.Enabled {
|
2018-03-01 21:19:18 +00:00
|
|
|
cidrBlocks := make([]interface{}, 0, len(c.CidrBlocks))
|
2017-11-02 17:38:20 +00:00
|
|
|
for _, v := range c.CidrBlocks {
|
|
|
|
|
cidrBlocks = append(cidrBlocks, map[string]interface{}{
|
|
|
|
|
"cidr_block": v.CidrBlock,
|
|
|
|
|
"display_name": v.DisplayName,
|
|
|
|
|
})
|
|
|
|
|
}
|
2018-03-01 21:19:18 +00:00
|
|
|
result["cidr_blocks"] = schema.NewSet(schema.HashResource(cidrBlockConfig), cidrBlocks)
|
2017-11-02 17:38:20 +00:00
|
|
|
}
|
|
|
|
|
return []map[string]interface{}{result}
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-14 21:00:31 +00:00
|
|
|
func flattenPodSecurityPolicyConfig(c *containerBeta.PodSecurityPolicyConfig) []map[string]interface{} {
|
2018-06-20 23:45:49 +00:00
|
|
|
if c == nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2018-03-14 21:00:31 +00:00
|
|
|
return []map[string]interface{}{
|
|
|
|
|
{
|
|
|
|
|
"enabled": c.Enabled,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-07 17:31:58 +00:00
|
|
|
func resourceContainerClusterStateImporter(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
|
|
|
|
|
parts := strings.Split(d.Id(), "/")
|
|
|
|
|
|
2018-04-03 20:39:28 +00:00
|
|
|
switch len(parts) {
|
|
|
|
|
case 2:
|
2018-04-05 21:51:35 +00:00
|
|
|
if loc := parts[0]; isZone(loc) {
|
|
|
|
|
d.Set("zone", loc)
|
|
|
|
|
} else {
|
|
|
|
|
d.Set("region", loc)
|
|
|
|
|
}
|
2018-04-03 20:39:28 +00:00
|
|
|
d.Set("name", parts[1])
|
|
|
|
|
case 3:
|
|
|
|
|
d.Set("project", parts[0])
|
2018-04-05 21:51:35 +00:00
|
|
|
if loc := parts[1]; isZone(loc) {
|
|
|
|
|
d.Set("zone", loc)
|
|
|
|
|
} else {
|
|
|
|
|
d.Set("region", loc)
|
|
|
|
|
}
|
2018-04-03 20:39:28 +00:00
|
|
|
d.Set("name", parts[2])
|
|
|
|
|
default:
|
|
|
|
|
return nil, fmt.Errorf("Invalid container cluster specifier. Expecting {zone}/{name} or {project}/{zone}/{name}")
|
|
|
|
|
}
|
2017-09-07 17:31:58 +00:00
|
|
|
|
2018-04-03 20:39:28 +00:00
|
|
|
d.SetId(parts[len(parts)-1])
|
2017-09-07 17:31:58 +00:00
|
|
|
return []*schema.ResourceData{d}, nil
|
|
|
|
|
}
|
2018-01-09 17:39:04 +00:00
|
|
|
|
2018-04-05 21:51:35 +00:00
|
|
|
func containerClusterMutexKey(project, location, clusterName string) string {
|
|
|
|
|
return fmt.Sprintf("google-container-cluster/%s/%s/%s", project, location, clusterName)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func containerClusterFullName(project, location, cluster string) string {
|
|
|
|
|
return fmt.Sprintf("projects/%s/locations/%s/clusters/%s", project, location, cluster)
|
|
|
|
|
}
|
|
|
|
|
|
#1300 Supporting regional clusters for node pools (#1320)
This PR also switched us to using the beta API in all cases, and that had a side effect which is worth noting, note included here for posterity.
=====
The problem is, we add a GPU, and as per the docs, GKE adds a taint to
the node pool saying "don't schedule here unless you tolerate GPUs",
which is pretty sensible.
Terraform doesn't know about that, because it didn't ask for the taint
to be added. So after apply, on refresh, it sees the state of the world
(1 taint) and the state of the config (0 taints) and wants to set the
world equal to the config. This introduces a diff, which makes the test
fail - tests fail if there's a diff after they run.
Taints are a beta feature, though. :) And since the config doesn't
contain any taints, terraform didn't see any beta features in that node
pool ... so it used to send the request to the v1 API. And since the v1
API didn't return anything about taints (since they're a beta feature),
terraform happily checked the state of the world (0 taints I know about)
vs the config (0 taints), and all was well.
This PR makes every node pool refresh request hit the beta API. So now
terraform finds out about the taints (which were always there) and the
test fails (which it always should have done).
The solution is probably to write a little bit of code which suppresses
the report of the diff of any taint with value 'nvidia.com/gpu', but
only if GPUs are enabled. I think that's something that can be done.
2018-04-25 00:55:21 +00:00
|
|
|
func extractNodePoolInformationFromCluster(d *schema.ResourceData, config *Config, clusterName string) (*NodePoolInformation, error) {
|
|
|
|
|
project, err := getProject(d, config)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
location, err := getLocation(d, config)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
2018-04-05 21:51:35 +00:00
|
|
|
}
|
|
|
|
|
|
#1300 Supporting regional clusters for node pools (#1320)
This PR also switched us to using the beta API in all cases, and that had a side effect which is worth noting, note included here for posterity.
=====
The problem is, we add a GPU, and as per the docs, GKE adds a taint to
the node pool saying "don't schedule here unless you tolerate GPUs",
which is pretty sensible.
Terraform doesn't know about that, because it didn't ask for the taint
to be added. So after apply, on refresh, it sees the state of the world
(1 taint) and the state of the config (0 taints) and wants to set the
world equal to the config. This introduces a diff, which makes the test
fail - tests fail if there's a diff after they run.
Taints are a beta feature, though. :) And since the config doesn't
contain any taints, terraform didn't see any beta features in that node
pool ... so it used to send the request to the v1 API. And since the v1
API didn't return anything about taints (since they're a beta feature),
terraform happily checked the state of the world (0 taints I know about)
vs the config (0 taints), and all was well.
This PR makes every node pool refresh request hit the beta API. So now
terraform finds out about the taints (which were always there) and the
test fails (which it always should have done).
The solution is probably to write a little bit of code which suppresses
the report of the diff of any taint with value 'nvidia.com/gpu', but
only if GPUs are enabled. I think that's something that can be done.
2018-04-25 00:55:21 +00:00
|
|
|
return &NodePoolInformation{
|
|
|
|
|
project: project,
|
|
|
|
|
location: location,
|
|
|
|
|
cluster: d.Get("name").(string),
|
|
|
|
|
}, nil
|
2018-01-09 17:39:04 +00:00
|
|
|
}
|
2018-04-28 01:06:26 +00:00
|
|
|
|
|
|
|
|
// We want to suppress diffs for empty or default client certificate configs, i.e:
|
|
|
|
|
// [{ "issue_client_certificate": true}] --> []
|
|
|
|
|
// [] -> [{ "issue_client_certificate": true}]
|
|
|
|
|
func masterAuthClientCertCfgSuppress(k, old, new string, r *schema.ResourceData) bool {
|
|
|
|
|
var clientConfig map[string]interface{}
|
|
|
|
|
if v, ok := r.GetOk("master_auth"); ok {
|
|
|
|
|
masterAuths := v.([]interface{})
|
|
|
|
|
masterAuth := masterAuths[0].(map[string]interface{})
|
|
|
|
|
cfgs := masterAuth["client_certificate_config"].([]interface{})
|
|
|
|
|
if len(cfgs) > 0 {
|
|
|
|
|
clientConfig = cfgs[0].(map[string]interface{})
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if strings.HasSuffix(k, "client_certificate_config.#") && old == "0" && new == "1" {
|
|
|
|
|
// nil --> { "issue_client_certificate": true }
|
|
|
|
|
if issueCert, ok := clientConfig["issue_client_certificate"]; ok {
|
|
|
|
|
return issueCert.(bool)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return strings.HasSuffix(k, ".issue_client_certificate") && old == "" && new == "true"
|
|
|
|
|
}
|
2018-06-19 23:37:10 +00:00
|
|
|
|
|
|
|
|
func podSecurityPolicyCfgSuppress(k, old, new string, r *schema.ResourceData) bool {
|
|
|
|
|
if k == "pod_security_policy_config.#" && old == "1" && new == "0" {
|
|
|
|
|
if v, ok := r.GetOk("pod_security_policy_config"); ok {
|
|
|
|
|
cfgList := v.([]interface{})
|
|
|
|
|
if len(cfgList) > 0 {
|
|
|
|
|
d := cfgList[0].(map[string]interface{})
|
|
|
|
|
// Suppress if old value was {enabled == false}
|
|
|
|
|
return !d["enabled"].(bool)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false
|
|
|
|
|
}
|