2015-07-05 16:39:01 +00:00
package google
import (
"fmt"
"log"
"regexp"
2017-09-07 17:31:58 +00:00
"strings"
2017-06-28 08:22:31 +00:00
"time"
2015-07-05 16:39:01 +00:00
2018-03-23 00:22:44 +00:00
"github.com/hashicorp/errwrap"
2019-01-14 17:40:18 +00:00
version "github.com/hashicorp/go-version"
2017-10-12 18:21:33 +00:00
"github.com/hashicorp/terraform/helper/resource"
2015-07-05 16:39:01 +00:00
"github.com/hashicorp/terraform/helper/schema"
2017-08-18 00:51:58 +00:00
"github.com/hashicorp/terraform/helper/validation"
2018-03-07 01:44:05 +00:00
containerBeta "google.golang.org/api/container/v1beta1"
2015-07-05 16:39:01 +00:00
)
2017-03-07 05:14:32 +00:00
var (
2018-04-10 16:52:54 +00:00
instanceGroupManagerURL = regexp . MustCompile ( fmt . Sprintf ( "^https://www.googleapis.com/compute/v1/projects/(%s)/zones/([a-z0-9-]*)/instanceGroupManagers/([^/]*)" , ProjectRegex ) )
2018-03-07 01:44:05 +00:00
networkConfig = & schema . Resource {
2018-03-01 21:19:18 +00:00
Schema : map [ string ] * schema . Schema {
"cidr_blocks" : {
Type : schema . TypeSet ,
Optional : true ,
Elem : cidrBlockConfig ,
} ,
} ,
}
cidrBlockConfig = & schema . Resource {
Schema : map [ string ] * schema . Schema {
"cidr_block" : {
Type : schema . TypeString ,
Required : true ,
ValidateFunc : validation . CIDRNetwork ( 0 , 32 ) ,
} ,
"display_name" : {
Type : schema . TypeString ,
Optional : true ,
} ,
} ,
}
2018-09-05 16:52:06 +00:00
ipAllocationSubnetFields = [ ] string { "ip_allocation_policy.0.create_subnetwork" , "ip_allocation_policy.0.subnetwork_name" }
2019-03-01 05:19:29 +00:00
ipAllocationCidrBlockFields = [ ] string { "ip_allocation_policy.0.cluster_ipv4_cidr_block" , "ip_allocation_policy.0.services_ipv4_cidr_block" , "ip_allocation_policy.0.node_ipv4_cidr_block" }
2018-09-05 16:52:06 +00:00
ipAllocationRangeFields = [ ] string { "ip_allocation_policy.0.cluster_secondary_range_name" , "ip_allocation_policy.0.services_secondary_range_name" }
2017-03-07 05:14:32 +00:00
)
2015-07-05 16:39:01 +00:00
func resourceContainerCluster ( ) * schema . Resource {
return & schema . Resource {
Create : resourceContainerClusterCreate ,
Read : resourceContainerClusterRead ,
Update : resourceContainerClusterUpdate ,
Delete : resourceContainerClusterDelete ,
2017-06-28 08:22:31 +00:00
Timeouts : & schema . ResourceTimeout {
Create : schema . DefaultTimeout ( 30 * time . Minute ) ,
2019-01-11 18:44:52 +00:00
Update : schema . DefaultTimeout ( 30 * time . Minute ) ,
2018-07-26 17:22:39 +00:00
Delete : schema . DefaultTimeout ( 30 * time . Minute ) ,
2017-06-28 08:22:31 +00:00
} ,
2017-07-05 23:00:49 +00:00
SchemaVersion : 1 ,
MigrateState : resourceContainerClusterMigrateState ,
2017-09-07 17:31:58 +00:00
Importer : & schema . ResourceImporter {
State : resourceContainerClusterStateImporter ,
} ,
2015-07-05 16:39:01 +00:00
Schema : map [ string ] * schema . Schema {
2017-06-28 08:34:20 +00:00
"name" : {
2015-07-05 16:39:01 +00:00
Type : schema . TypeString ,
Required : true ,
ForceNew : true ,
ValidateFunc : func ( v interface { } , k string ) ( ws [ ] string , errors [ ] error ) {
value := v . ( string )
if len ( value ) > 40 {
errors = append ( errors , fmt . Errorf (
"%q cannot be longer than 40 characters" , k ) )
}
if ! regexp . MustCompile ( "^[a-z0-9-]+$" ) . MatchString ( value ) {
errors = append ( errors , fmt . Errorf (
"%q can only contain lowercase letters, numbers and hyphens" , k ) )
}
if ! regexp . MustCompile ( "^[a-z]" ) . MatchString ( value ) {
errors = append ( errors , fmt . Errorf (
"%q must start with a letter" , k ) )
}
if ! regexp . MustCompile ( "[a-z0-9]$" ) . MatchString ( value ) {
errors = append ( errors , fmt . Errorf (
"%q must end with a number or a letter" , k ) )
}
return
} ,
} ,
2019-03-13 16:32:46 +00:00
"location" : {
Type : schema . TypeString ,
Optional : true ,
Computed : true ,
ForceNew : true ,
ConflictsWith : [ ] string { "zone" , "region" } ,
} ,
2018-04-05 21:51:35 +00:00
"region" : {
Type : schema . TypeString ,
Optional : true ,
Computed : true ,
2018-05-09 19:55:28 +00:00
ForceNew : true ,
2019-03-13 16:32:46 +00:00
Deprecated : "Use location instead" ,
ConflictsWith : [ ] string { "zone" , "location" } ,
2018-04-05 21:51:35 +00:00
} ,
2017-06-28 08:34:20 +00:00
"zone" : {
2018-04-05 21:51:35 +00:00
Type : schema . TypeString ,
Optional : true ,
Computed : true ,
ForceNew : true ,
2019-03-13 16:32:46 +00:00
Deprecated : "Use location instead" ,
ConflictsWith : [ ] string { "region" , "location" } ,
2016-04-10 21:34:15 +00:00
} ,
2019-03-13 16:32:46 +00:00
"node_locations" : {
2017-07-05 23:00:49 +00:00
Type : schema . TypeSet ,
2017-01-04 06:14:39 +00:00
Optional : true ,
2017-02-07 01:21:34 +00:00
Computed : true ,
2017-01-04 06:14:39 +00:00
Elem : & schema . Schema { Type : schema . TypeString } ,
} ,
2019-03-13 16:32:46 +00:00
"additional_zones" : {
Type : schema . TypeSet ,
Optional : true ,
Computed : true ,
Deprecated : "Use node_locations instead" ,
Elem : & schema . Schema { Type : schema . TypeString } ,
} ,
2017-06-28 08:34:20 +00:00
"addons_config" : {
2016-03-25 23:29:56 +00:00
Type : schema . TypeList ,
Optional : true ,
2017-10-20 16:47:07 +00:00
Computed : true ,
2016-03-25 23:29:56 +00:00
MaxItems : 1 ,
Elem : & schema . Resource {
Schema : map [ string ] * schema . Schema {
2017-06-28 08:34:20 +00:00
"http_load_balancing" : {
2016-03-25 23:29:56 +00:00
Type : schema . TypeList ,
Optional : true ,
2017-10-20 16:47:07 +00:00
Computed : true ,
2016-03-25 23:29:56 +00:00
MaxItems : 1 ,
Elem : & schema . Resource {
Schema : map [ string ] * schema . Schema {
2017-06-28 08:34:20 +00:00
"disabled" : {
2016-03-25 23:29:56 +00:00
Type : schema . TypeBool ,
Optional : true ,
} ,
} ,
} ,
} ,
2017-06-28 08:34:20 +00:00
"horizontal_pod_autoscaling" : {
2016-03-25 23:29:56 +00:00
Type : schema . TypeList ,
Optional : true ,
2017-10-20 16:47:07 +00:00
Computed : true ,
2016-03-25 23:29:56 +00:00
MaxItems : 1 ,
Elem : & schema . Resource {
Schema : map [ string ] * schema . Schema {
2017-06-28 08:34:20 +00:00
"disabled" : {
2016-03-25 23:29:56 +00:00
Type : schema . TypeBool ,
Optional : true ,
} ,
} ,
} ,
} ,
2017-10-03 16:29:27 +00:00
"kubernetes_dashboard" : {
Type : schema . TypeList ,
Optional : true ,
2017-10-20 16:47:07 +00:00
Computed : true ,
2017-10-03 16:29:27 +00:00
MaxItems : 1 ,
Elem : & schema . Resource {
Schema : map [ string ] * schema . Schema {
"disabled" : {
Type : schema . TypeBool ,
Optional : true ,
} ,
} ,
} ,
} ,
2018-03-15 21:50:24 +00:00
"network_policy_config" : {
Type : schema . TypeList ,
Optional : true ,
Computed : true ,
MaxItems : 1 ,
Elem : & schema . Resource {
Schema : map [ string ] * schema . Schema {
"disabled" : {
Type : schema . TypeBool ,
Optional : true ,
} ,
} ,
} ,
} ,
2016-03-25 23:29:56 +00:00
} ,
} ,
} ,
2015-07-05 16:39:01 +00:00
2018-11-15 20:35:41 +00:00
"cluster_autoscaling" : {
Type : schema . TypeList ,
Computed : true ,
MaxItems : 1 ,
Removed : "This field is in beta. Use it in the the google-beta provider instead. See https://terraform.io/docs/providers/google/provider_versions.html for more details." ,
Elem : & schema . Resource {
Schema : map [ string ] * schema . Schema {
"enabled" : {
Type : schema . TypeBool ,
Required : true ,
} ,
"resource_limits" : {
Type : schema . TypeList ,
Optional : true ,
Elem : & schema . Resource {
Schema : map [ string ] * schema . Schema {
"resource_type" : {
Type : schema . TypeString ,
Required : true ,
} ,
"minimum" : {
Type : schema . TypeInt ,
Optional : true ,
} ,
"maximum" : {
Type : schema . TypeInt ,
Optional : true ,
} ,
} ,
} ,
} ,
} ,
} ,
} ,
2017-10-27 22:18:34 +00:00
"cluster_ipv4_cidr" : {
2017-11-02 17:38:20 +00:00
Type : schema . TypeString ,
Optional : true ,
Computed : true ,
ForceNew : true ,
2018-05-07 22:34:56 +00:00
ValidateFunc : orEmpty ( validateRFC1918Network ( 8 , 32 ) ) ,
2017-10-27 22:18:34 +00:00
} ,
"description" : {
2017-10-06 22:48:01 +00:00
Type : schema . TypeString ,
2017-10-27 22:18:34 +00:00
Optional : true ,
ForceNew : true ,
} ,
2018-08-17 00:51:03 +00:00
"enable_binary_authorization" : {
2018-11-05 16:22:41 +00:00
Removed : "This field is in beta. Use it in the the google-beta provider instead. See https://terraform.io/docs/providers/google/provider_versions.html for more details." ,
Computed : true ,
Type : schema . TypeBool ,
Optional : true ,
2018-08-17 00:51:03 +00:00
} ,
2017-10-31 23:38:18 +00:00
"enable_kubernetes_alpha" : {
Type : schema . TypeBool ,
Optional : true ,
ForceNew : true ,
Default : false ,
} ,
2018-10-01 16:41:54 +00:00
"enable_tpu" : {
2018-11-05 16:22:41 +00:00
Type : schema . TypeBool ,
Optional : true ,
ForceNew : true ,
Removed : "This field is in beta. Use it in the the google-beta provider instead. See https://terraform.io/docs/providers/google/provider_versions.html for more details." ,
Computed : true ,
2018-10-01 16:41:54 +00:00
} ,
2017-10-27 22:18:34 +00:00
"enable_legacy_abac" : {
Type : schema . TypeBool ,
Optional : true ,
2018-04-04 17:58:08 +00:00
Default : false ,
2017-10-27 22:18:34 +00:00
} ,
"initial_node_count" : {
Type : schema . TypeInt ,
Optional : true ,
ForceNew : true ,
} ,
"logging_service" : {
Type : schema . TypeString ,
Optional : true ,
Computed : true ,
2018-06-04 22:09:52 +00:00
ValidateFunc : validation . StringInSlice ( [ ] string { "logging.googleapis.com" , "logging.googleapis.com/kubernetes" , "none" } , false ) ,
2017-10-27 22:18:34 +00:00
} ,
2017-11-07 23:42:11 +00:00
"maintenance_policy" : {
Type : schema . TypeList ,
Optional : true ,
MaxItems : 1 ,
Elem : & schema . Resource {
Schema : map [ string ] * schema . Schema {
"daily_maintenance_window" : {
Type : schema . TypeList ,
Required : true ,
MaxItems : 1 ,
Elem : & schema . Resource {
Schema : map [ string ] * schema . Schema {
"start_time" : {
2017-11-13 19:30:26 +00:00
Type : schema . TypeString ,
Required : true ,
ValidateFunc : validateRFC3339Time ,
DiffSuppressFunc : rfc3339TimeDiffSuppress ,
2017-11-07 23:42:11 +00:00
} ,
"duration" : {
Type : schema . TypeString ,
Computed : true ,
} ,
} ,
} ,
} ,
} ,
} ,
} ,
2017-10-27 22:18:34 +00:00
"master_auth" : {
Type : schema . TypeList ,
Optional : true ,
MaxItems : 1 ,
2017-10-06 22:48:01 +00:00
Computed : true ,
2017-10-27 22:18:34 +00:00
Elem : & schema . Resource {
Schema : map [ string ] * schema . Schema {
"password" : {
Type : schema . TypeString ,
2018-11-13 21:20:47 +00:00
Optional : true ,
2017-10-27 22:18:34 +00:00
Sensitive : true ,
} ,
"username" : {
Type : schema . TypeString ,
2018-11-13 21:20:47 +00:00
Optional : true ,
2017-10-27 22:18:34 +00:00
} ,
2018-04-28 01:06:26 +00:00
"client_certificate_config" : {
Type : schema . TypeList ,
MaxItems : 1 ,
Optional : true ,
DiffSuppressFunc : masterAuthClientCertCfgSuppress ,
ForceNew : true ,
Elem : & schema . Resource {
Schema : map [ string ] * schema . Schema {
"issue_client_certificate" : {
Type : schema . TypeBool ,
Required : true ,
ForceNew : true ,
DiffSuppressFunc : masterAuthClientCertCfgSuppress ,
} ,
} ,
} ,
} ,
2017-10-27 22:18:34 +00:00
"client_certificate" : {
Type : schema . TypeString ,
Computed : true ,
} ,
"client_key" : {
Type : schema . TypeString ,
Computed : true ,
Sensitive : true ,
} ,
"cluster_ca_certificate" : {
Type : schema . TypeString ,
Computed : true ,
} ,
} ,
} ,
2017-10-06 22:48:01 +00:00
} ,
2017-11-02 17:38:20 +00:00
"master_authorized_networks_config" : {
Type : schema . TypeList ,
Optional : true ,
MaxItems : 1 ,
2018-03-01 21:19:18 +00:00
Elem : networkConfig ,
2017-11-02 17:38:20 +00:00
} ,
2017-10-12 18:21:33 +00:00
"min_master_version" : {
Type : schema . TypeString ,
Optional : true ,
} ,
2017-10-27 22:18:34 +00:00
"monitoring_service" : {
2018-06-04 22:09:52 +00:00
Type : schema . TypeString ,
Optional : true ,
Computed : true ,
ValidateFunc : validation . StringInSlice ( [ ] string { "monitoring.googleapis.com" , "monitoring.googleapis.com/kubernetes" , "none" } , false ) ,
2015-07-05 16:39:01 +00:00
} ,
2016-04-10 16:59:57 +00:00
2017-10-27 22:18:34 +00:00
"network" : {
2018-05-23 23:47:17 +00:00
Type : schema . TypeString ,
Optional : true ,
Default : "default" ,
ForceNew : true ,
DiffSuppressFunc : compareSelfLinkOrResourceName ,
2017-10-27 22:18:34 +00:00
} ,
2017-11-27 20:40:07 +00:00
"network_policy" : {
Type : schema . TypeList ,
Optional : true ,
Computed : true ,
MaxItems : 1 ,
Elem : & schema . Resource {
Schema : map [ string ] * schema . Schema {
"enabled" : {
Type : schema . TypeBool ,
Optional : true ,
Default : false ,
} ,
"provider" : {
2018-02-01 18:25:12 +00:00
Type : schema . TypeString ,
Default : "PROVIDER_UNSPECIFIED" ,
Optional : true ,
ValidateFunc : validation . StringInSlice ( [ ] string { "PROVIDER_UNSPECIFIED" , "CALICO" } , false ) ,
DiffSuppressFunc : emptyOrDefaultStringSuppress ( "PROVIDER_UNSPECIFIED" ) ,
2017-11-27 20:40:07 +00:00
} ,
} ,
} ,
} ,
2017-10-27 22:18:34 +00:00
"node_config" : schemaNodeConfig ,
2017-06-28 08:34:20 +00:00
"node_pool" : {
2017-04-12 19:57:53 +00:00
Type : schema . TypeList ,
Optional : true ,
Computed : true ,
ForceNew : true , // TODO(danawillow): Add ability to add/remove nodePools
Elem : & schema . Resource {
2017-10-04 00:09:34 +00:00
Schema : schemaNodePool ,
2017-04-12 19:57:53 +00:00
} ,
} ,
2017-10-27 22:18:34 +00:00
"node_version" : {
Type : schema . TypeString ,
Optional : true ,
Computed : true ,
} ,
2018-03-14 21:00:31 +00:00
"pod_security_policy_config" : {
2018-11-05 16:22:41 +00:00
// Remove return nil from expand when this is removed for good.
Removed : "This field is in beta. Use it in the the google-beta provider instead. See https://terraform.io/docs/providers/google/provider_versions.html for more details." ,
Type : schema . TypeList ,
Optional : true ,
MaxItems : 1 ,
2018-03-14 21:00:31 +00:00
Elem : & schema . Resource {
Schema : map [ string ] * schema . Schema {
"enabled" : {
Type : schema . TypeBool ,
Required : true ,
} ,
} ,
} ,
} ,
2017-06-28 08:34:20 +00:00
"project" : {
2016-04-10 16:59:57 +00:00
Type : schema . TypeString ,
Optional : true ,
2017-11-28 00:32:20 +00:00
Computed : true ,
2016-04-10 16:59:57 +00:00
ForceNew : true ,
} ,
2017-10-27 22:18:34 +00:00
"subnetwork" : {
2018-02-08 18:04:16 +00:00
Type : schema . TypeString ,
Optional : true ,
Computed : true ,
ForceNew : true ,
DiffSuppressFunc : compareSelfLinkOrResourceName ,
2017-10-27 22:18:34 +00:00
} ,
"endpoint" : {
Type : schema . TypeString ,
Computed : true ,
} ,
"instance_group_urls" : {
Type : schema . TypeList ,
Computed : true ,
Elem : & schema . Schema { Type : schema . TypeString } ,
} ,
"master_version" : {
Type : schema . TypeString ,
Computed : true ,
} ,
2017-11-27 23:15:03 +00:00
"ip_allocation_policy" : {
2019-04-16 23:10:29 +00:00
Type : schema . TypeList ,
MaxItems : 1 ,
ForceNew : true ,
Optional : true ,
Computed : true ,
ConfigMode : schema . SchemaConfigModeAttr ,
2017-11-27 23:15:03 +00:00
Elem : & schema . Resource {
Schema : map [ string ] * schema . Schema {
2019-03-04 22:08:40 +00:00
"use_ip_aliases" : {
Type : schema . TypeBool ,
Optional : true ,
Default : true ,
ForceNew : true ,
} ,
2018-09-05 16:52:06 +00:00
// GKE creates subnetwork automatically
"create_subnetwork" : {
Type : schema . TypeBool ,
Optional : true ,
ForceNew : true ,
2019-03-01 05:19:29 +00:00
ConflictsWith : ipAllocationRangeFields ,
2018-09-05 16:52:06 +00:00
} ,
2019-03-04 22:08:40 +00:00
2018-09-05 16:52:06 +00:00
"subnetwork_name" : {
Type : schema . TypeString ,
Optional : true ,
ForceNew : true ,
2019-03-01 05:19:29 +00:00
ConflictsWith : ipAllocationRangeFields ,
2018-09-05 16:52:06 +00:00
} ,
// GKE creates/deletes secondary ranges in VPC
"cluster_ipv4_cidr_block" : {
Type : schema . TypeString ,
Optional : true ,
Computed : true ,
ForceNew : true ,
2019-03-01 05:19:29 +00:00
ConflictsWith : ipAllocationRangeFields ,
2018-09-05 16:52:06 +00:00
DiffSuppressFunc : cidrOrSizeDiffSuppress ,
} ,
"services_ipv4_cidr_block" : {
Type : schema . TypeString ,
Optional : true ,
Computed : true ,
ForceNew : true ,
2019-03-01 05:19:29 +00:00
ConflictsWith : ipAllocationRangeFields ,
DiffSuppressFunc : cidrOrSizeDiffSuppress ,
} ,
"node_ipv4_cidr_block" : {
Type : schema . TypeString ,
Optional : true ,
2019-03-27 19:49:36 +00:00
Computed : true ,
2019-03-01 05:19:29 +00:00
ForceNew : true ,
ConflictsWith : ipAllocationRangeFields ,
2018-09-05 16:52:06 +00:00
DiffSuppressFunc : cidrOrSizeDiffSuppress ,
} ,
// User manages secondary ranges manually
2017-11-27 23:15:03 +00:00
"cluster_secondary_range_name" : {
2018-09-05 16:52:06 +00:00
Type : schema . TypeString ,
Optional : true ,
Computed : true ,
ForceNew : true ,
ConflictsWith : append ( ipAllocationSubnetFields , ipAllocationCidrBlockFields ... ) ,
2017-11-27 23:15:03 +00:00
} ,
"services_secondary_range_name" : {
2018-09-05 16:52:06 +00:00
Type : schema . TypeString ,
Optional : true ,
Computed : true ,
ForceNew : true ,
ConflictsWith : append ( ipAllocationSubnetFields , ipAllocationCidrBlockFields ... ) ,
2017-11-27 23:15:03 +00:00
} ,
} ,
} ,
} ,
2018-03-23 00:22:44 +00:00
"remove_default_node_pool" : {
2019-04-30 19:43:57 +00:00
Type : schema . TypeBool ,
Optional : true ,
2018-03-23 00:22:44 +00:00
} ,
2018-03-30 17:10:25 +00:00
2018-10-31 00:56:41 +00:00
"private_cluster_config" : {
2019-02-25 22:01:02 +00:00
Type : schema . TypeList ,
MaxItems : 1 ,
2019-04-16 23:10:29 +00:00
Optional : true ,
2019-02-25 22:01:02 +00:00
Computed : true ,
DiffSuppressFunc : containerClusterPrivateClusterConfigSuppress ,
2018-10-31 00:56:41 +00:00
Elem : & schema . Resource {
Schema : map [ string ] * schema . Schema {
"enable_private_endpoint" : {
2019-02-25 22:01:02 +00:00
Type : schema . TypeBool ,
Optional : true ,
ForceNew : true ,
DiffSuppressFunc : containerClusterPrivateClusterConfigSuppress ,
2018-10-31 00:56:41 +00:00
} ,
"enable_private_nodes" : {
2019-02-25 22:01:02 +00:00
Type : schema . TypeBool ,
Optional : true ,
ForceNew : true ,
DiffSuppressFunc : containerClusterPrivateClusterConfigSuppress ,
2018-10-31 00:56:41 +00:00
} ,
"master_ipv4_cidr_block" : {
Type : schema . TypeString ,
Optional : true ,
ForceNew : true ,
2019-02-25 22:01:02 +00:00
ValidateFunc : orEmpty ( validation . CIDRNetwork ( 28 , 28 ) ) ,
2018-10-31 00:56:41 +00:00
} ,
"private_endpoint" : {
Type : schema . TypeString ,
Computed : true ,
} ,
"public_endpoint" : {
Type : schema . TypeString ,
Computed : true ,
} ,
} ,
} ,
2018-03-30 17:10:25 +00:00
} ,
2018-06-15 10:10:25 +00:00
"resource_labels" : {
Type : schema . TypeMap ,
Optional : true ,
2018-08-14 23:53:39 +00:00
Elem : & schema . Schema { Type : schema . TypeString } ,
2018-06-15 10:10:25 +00:00
} ,
2015-07-05 16:39:01 +00:00
} ,
}
}
func resourceContainerClusterCreate ( d * schema . ResourceData , meta interface { } ) error {
config := meta . ( * Config )
2016-04-10 16:59:57 +00:00
project , err := getProject ( d , config )
if err != nil {
return err
}
2018-04-05 21:51:35 +00:00
location , err := getLocation ( d , config )
2017-12-06 22:30:04 +00:00
if err != nil {
return err
}
2018-04-05 21:51:35 +00:00
2019-04-26 22:31:16 +00:00
// When parsing a subnetwork by name, we expect region or zone to be set.
// Users may have set location to either value, so set that value.
if isZone ( location ) {
d . Set ( "zone" , location )
} else {
d . Set ( "region" , location )
}
2015-07-05 16:39:01 +00:00
clusterName := d . Get ( "name" ) . ( string )
2018-03-07 01:44:05 +00:00
cluster := & containerBeta . Cluster {
2018-09-25 18:42:37 +00:00
Name : clusterName ,
InitialNodeCount : int64 ( d . Get ( "initial_node_count" ) . ( int ) ) ,
MaintenancePolicy : expandMaintenancePolicy ( d . Get ( "maintenance_policy" ) ) ,
MasterAuthorizedNetworksConfig : expandMasterAuthorizedNetworksConfig ( d . Get ( "master_authorized_networks_config" ) ) ,
InitialClusterVersion : d . Get ( "min_master_version" ) . ( string ) ,
ClusterIpv4Cidr : d . Get ( "cluster_ipv4_cidr" ) . ( string ) ,
Description : d . Get ( "description" ) . ( string ) ,
LegacyAbac : & containerBeta . LegacyAbac {
Enabled : d . Get ( "enable_legacy_abac" ) . ( bool ) ,
ForceSendFields : [ ] string { "Enabled" } ,
} ,
LoggingService : d . Get ( "logging_service" ) . ( string ) ,
MonitoringService : d . Get ( "monitoring_service" ) . ( string ) ,
NetworkPolicy : expandNetworkPolicy ( d . Get ( "network_policy" ) ) ,
AddonsConfig : expandClusterAddonsConfig ( d . Get ( "addons_config" ) ) ,
EnableKubernetesAlpha : d . Get ( "enable_kubernetes_alpha" ) . ( bool ) ,
IpAllocationPolicy : expandIPAllocationPolicy ( d . Get ( "ip_allocation_policy" ) ) ,
PodSecurityPolicyConfig : expandPodSecurityPolicyConfig ( d . Get ( "pod_security_policy_config" ) ) ,
2018-11-05 16:22:41 +00:00
MasterAuth : expandMasterAuth ( d . Get ( "master_auth" ) ) ,
ResourceLabels : expandStringMap ( d , "resource_labels" ) ,
2016-12-18 13:50:46 +00:00
}
2017-10-12 18:21:33 +00:00
// Only allow setting node_version on create if it's set to the equivalent master version,
// since `InitialClusterVersion` only accepts valid master-style versions.
if v , ok := d . GetOk ( "node_version" ) ; ok {
// ignore -gke.X suffix for now. if it becomes a problem later, we can fix it.
mv := strings . Split ( cluster . InitialClusterVersion , "-" ) [ 0 ]
nv := strings . Split ( v . ( string ) , "-" ) [ 0 ]
if mv != nv {
return fmt . Errorf ( "node_version and min_master_version must be set to equivalent values on create" )
}
2017-10-06 22:48:01 +00:00
}
2019-03-13 16:32:46 +00:00
if v , ok := d . GetOk ( "node_locations" ) ; ok {
2018-04-05 21:51:35 +00:00
locationsSet := v . ( * schema . Set )
if locationsSet . Contains ( location ) {
2019-03-13 16:32:46 +00:00
return fmt . Errorf ( "when using a multi-zonal cluster, additional_zones should not contain the original 'zone'" )
}
// GKE requires a full list of node locations
// but when using a multi-zonal cluster our schema only asks for the
// additional zones, so append the cluster location if it's a zone
if isZone ( location ) {
locationsSet . Add ( location )
}
cluster . Locations = convertStringSet ( locationsSet )
} else if v , ok := d . GetOk ( "additional_zones" ) ; ok {
locationsSet := v . ( * schema . Set )
if locationsSet . Contains ( location ) {
return fmt . Errorf ( "when using a multi-zonal cluster, additional_zones should not contain the original 'zone'" )
2018-04-05 21:51:35 +00:00
}
2019-03-13 16:32:46 +00:00
// GKE requires a full list of node locations
// but when using a multi-zonal cluster our schema only asks for the
// additional zones, so append the cluster location if it's a zone
2018-04-05 21:51:35 +00:00
if isZone ( location ) {
locationsSet . Add ( location )
2017-01-04 06:14:39 +00:00
}
2018-04-05 21:51:35 +00:00
cluster . Locations = convertStringSet ( locationsSet )
2017-01-04 06:14:39 +00:00
}
2017-11-29 18:54:10 +00:00
if v , ok := d . GetOk ( "network" ) ; ok {
network , err := ParseNetworkFieldValue ( v . ( string ) , d , config )
2016-09-03 09:51:20 +00:00
if err != nil {
return err
}
2018-05-23 23:47:17 +00:00
cluster . Network = network . RelativeLink ( )
2015-07-05 16:39:01 +00:00
}
2016-03-25 23:29:56 +00:00
if v , ok := d . GetOk ( "subnetwork" ) ; ok {
2018-05-23 23:47:17 +00:00
subnetwork , err := ParseSubnetworkFieldValue ( v . ( string ) , d , config )
if err != nil {
return err
}
cluster . Subnetwork = subnetwork . RelativeLink ( )
2016-03-25 23:29:56 +00:00
}
2017-04-12 19:57:53 +00:00
nodePoolsCount := d . Get ( "node_pool.#" ) . ( int )
if nodePoolsCount > 0 {
2018-03-07 01:44:05 +00:00
nodePools := make ( [ ] * containerBeta . NodePool , 0 , nodePoolsCount )
2017-04-12 19:57:53 +00:00
for i := 0 ; i < nodePoolsCount ; i ++ {
2017-10-04 00:09:34 +00:00
prefix := fmt . Sprintf ( "node_pool.%d." , i )
nodePool , err := expandNodePool ( d , prefix )
2017-08-04 22:34:02 +00:00
if err != nil {
return err
2017-04-12 19:57:53 +00:00
}
nodePools = append ( nodePools , nodePool )
}
cluster . NodePools = nodePools
2018-01-08 23:54:45 +00:00
} else {
// Node Configs have default values that are set in the expand function,
// but can only be set if node pools are unspecified.
cluster . NodeConfig = expandNodeConfig ( [ ] interface { } { } )
}
if v , ok := d . GetOk ( "node_config" ) ; ok {
cluster . NodeConfig = expandNodeConfig ( v )
2017-04-12 19:57:53 +00:00
}
2018-10-31 00:56:41 +00:00
if v , ok := d . GetOk ( "private_cluster_config" ) ; ok {
cluster . PrivateClusterConfig = expandPrivateClusterConfig ( v )
}
2018-03-07 01:44:05 +00:00
req := & containerBeta . CreateClusterRequest {
2015-07-05 16:39:01 +00:00
Cluster : cluster ,
}
2018-04-05 21:51:35 +00:00
mutexKV . Lock ( containerClusterMutexKey ( project , location , clusterName ) )
defer mutexKV . Unlock ( containerClusterMutexKey ( project , location , clusterName ) )
2018-03-07 01:44:05 +00:00
2018-05-09 18:24:40 +00:00
parent := fmt . Sprintf ( "projects/%s/locations/%s" , project , location )
2018-12-27 01:42:37 +00:00
var op * containerBeta . Operation
2018-10-29 20:17:51 +00:00
err = retry ( func ( ) error {
op , err = config . clientContainerBeta . Projects . Locations . Clusters . Create ( parent , req ) . Do ( )
return err
} )
2018-04-05 21:51:35 +00:00
if err != nil {
return err
2015-07-05 16:39:01 +00:00
}
2018-03-07 19:06:00 +00:00
d . SetId ( clusterName )
2015-07-05 16:39:01 +00:00
// Wait until it's created
2018-09-25 18:42:37 +00:00
timeoutInMinutes := int ( d . Timeout ( schema . TimeoutCreate ) . Minutes ( ) )
2018-12-27 01:42:37 +00:00
waitErr := containerOperationWait ( config , op , project , location , "creating GKE cluster" , timeoutInMinutes )
2017-03-06 22:59:24 +00:00
if waitErr != nil {
2019-04-08 23:37:49 +00:00
// Try a GET on the cluster so we can see the state in debug logs. This will help classify error states.
_ , getErr := config . clientContainerBeta . Projects . Locations . Clusters . Get ( containerClusterFullName ( project , location , clusterName ) ) . Do ( )
if getErr != nil {
// Make errcheck happy
log . Printf ( "[WARN] Cluster %s was created in an error state and not found" , clusterName )
}
2019-02-14 18:29:34 +00:00
if deleteErr := cleanFailedContainerCluster ( d , meta ) ; deleteErr != nil {
log . Printf ( "[WARN] Unable to clean up cluster from failed creation: %s" , deleteErr )
} else {
log . Printf ( "[WARN] Verified failed creation of cluster %s was cleaned up" , d . Id ( ) )
}
2017-03-06 22:59:24 +00:00
// The resource didn't actually create
d . SetId ( "" )
return waitErr
2015-07-05 16:39:01 +00:00
}
log . Printf ( "[INFO] GKE cluster %s has been created" , clusterName )
2018-03-23 00:22:44 +00:00
if d . Get ( "remove_default_node_pool" ) . ( bool ) {
2018-05-09 18:24:40 +00:00
parent := fmt . Sprintf ( "%s/nodePools/%s" , containerClusterFullName ( project , location , clusterName ) , "default-pool" )
op , err = config . clientContainerBeta . Projects . Locations . Clusters . NodePools . Delete ( parent ) . Do ( )
2018-03-23 00:22:44 +00:00
if err != nil {
return errwrap . Wrapf ( "Error deleting default node pool: {{err}}" , err )
}
2018-12-27 01:42:37 +00:00
err = containerOperationWait ( config , op , project , location , "removing default node pool" , timeoutInMinutes )
2018-03-23 00:22:44 +00:00
if err != nil {
return errwrap . Wrapf ( "Error deleting default node pool: {{err}}" , err )
}
}
2015-07-05 16:39:01 +00:00
return resourceContainerClusterRead ( d , meta )
}
func resourceContainerClusterRead ( d * schema . ResourceData , meta interface { } ) error {
config := meta . ( * Config )
2016-04-10 16:59:57 +00:00
project , err := getProject ( d , config )
if err != nil {
return err
}
2018-04-05 21:51:35 +00:00
location , err := getLocation ( d , config )
2017-12-06 22:30:04 +00:00
if err != nil {
return err
}
2015-07-05 16:39:01 +00:00
2018-03-07 01:44:05 +00:00
cluster := & containerBeta . Cluster { }
2017-10-12 18:21:33 +00:00
err = resource . Retry ( 2 * time . Minute , func ( ) * resource . RetryError {
2018-05-09 18:24:40 +00:00
name := containerClusterFullName ( project , location , d . Get ( "name" ) . ( string ) )
cluster , err = config . clientContainerBeta . Projects . Locations . Clusters . Get ( name ) . Do ( )
2018-04-05 21:51:35 +00:00
if err != nil {
return resource . NonRetryableError ( err )
2017-10-12 18:21:33 +00:00
}
if cluster . Status != "RUNNING" {
return resource . RetryableError ( fmt . Errorf ( "Cluster %q has status %q with message %q" , d . Get ( "name" ) , cluster . Status , cluster . StatusMessage ) )
}
return nil
} )
2015-07-05 16:39:01 +00:00
if err != nil {
2017-05-09 23:00:47 +00:00
return handleNotFoundError ( err , d , fmt . Sprintf ( "Container Cluster %q" , d . Get ( "name" ) . ( string ) ) )
2015-07-05 16:39:01 +00:00
}
d . Set ( "name" , cluster . Name )
2018-06-22 17:35:46 +00:00
if err := d . Set ( "network_policy" , flattenNetworkPolicy ( cluster . NetworkPolicy ) ) ; err != nil {
return err
}
2019-03-13 16:32:46 +00:00
d . Set ( "location" , cluster . Location )
if isZone ( cluster . Location ) {
d . Set ( "zone" , cluster . Location )
} else {
d . Set ( "region" , cluster . Location )
}
2017-02-03 01:37:03 +00:00
2018-04-05 21:51:35 +00:00
locations := schema . NewSet ( schema . HashString , convertStringArrToInterface ( cluster . Locations ) )
locations . Remove ( cluster . Zone ) // Remove the original zone since we only store additional zones
2019-03-13 16:32:46 +00:00
d . Set ( "node_locations" , locations )
2017-02-08 03:21:00 +00:00
d . Set ( "additional_zones" , locations )
2017-02-07 01:21:34 +00:00
2015-07-05 16:39:01 +00:00
d . Set ( "endpoint" , cluster . Endpoint )
2018-06-22 17:35:46 +00:00
if err := d . Set ( "maintenance_policy" , flattenMaintenancePolicy ( cluster . MaintenancePolicy ) ) ; err != nil {
return err
}
if err := d . Set ( "master_auth" , flattenMasterAuth ( cluster . MasterAuth ) ) ; err != nil {
return err
}
if err := d . Set ( "master_authorized_networks_config" , flattenMasterAuthorizedNetworksConfig ( cluster . MasterAuthorizedNetworksConfig ) ) ; err != nil {
return err
}
2015-07-05 16:39:01 +00:00
d . Set ( "initial_node_count" , cluster . InitialNodeCount )
2017-10-06 22:48:01 +00:00
d . Set ( "master_version" , cluster . CurrentMasterVersion )
2015-07-05 16:39:01 +00:00
d . Set ( "node_version" , cluster . CurrentNodeVersion )
d . Set ( "cluster_ipv4_cidr" , cluster . ClusterIpv4Cidr )
d . Set ( "description" , cluster . Description )
2017-10-31 23:38:18 +00:00
d . Set ( "enable_kubernetes_alpha" , cluster . EnableKubernetesAlpha )
2017-07-31 18:09:05 +00:00
d . Set ( "enable_legacy_abac" , cluster . LegacyAbac . Enabled )
2015-07-05 16:39:01 +00:00
d . Set ( "logging_service" , cluster . LoggingService )
d . Set ( "monitoring_service" , cluster . MonitoringService )
2018-05-23 23:47:17 +00:00
d . Set ( "network" , cluster . NetworkConfig . Network )
d . Set ( "subnetwork" , cluster . NetworkConfig . Subnetwork )
2018-11-19 21:32:51 +00:00
if err := d . Set ( "cluster_autoscaling" , nil ) ; err != nil {
return err
}
2018-03-15 20:28:30 +00:00
if err := d . Set ( "node_config" , flattenNodeConfig ( cluster . NodeConfig ) ) ; err != nil {
return err
}
2017-11-28 00:32:20 +00:00
d . Set ( "project" , project )
2018-06-22 17:35:46 +00:00
if err := d . Set ( "addons_config" , flattenClusterAddonsConfig ( cluster . AddonsConfig ) ) ; err != nil {
2018-08-17 00:51:03 +00:00
return err
2018-06-22 17:35:46 +00:00
}
2017-08-18 00:51:58 +00:00
nps , err := flattenClusterNodePools ( d , config , cluster . NodePools )
if err != nil {
return err
}
2018-06-22 17:35:46 +00:00
if err := d . Set ( "node_pool" , nps ) ; err != nil {
return err
}
2017-03-07 05:14:32 +00:00
2019-05-20 21:31:38 +00:00
if err := d . Set ( "ip_allocation_policy" , flattenIPAllocationPolicy ( cluster , d , config ) ) ; err != nil {
2018-06-20 23:45:49 +00:00
return err
2017-11-27 23:15:03 +00:00
}
2018-10-31 00:56:41 +00:00
if err := d . Set ( "private_cluster_config" , flattenPrivateClusterConfig ( cluster . PrivateClusterConfig ) ) ; err != nil {
return err
}
2018-06-22 17:35:46 +00:00
igUrls , err := getInstanceGroupUrlsFromManagerUrls ( config , cluster . InstanceGroupUrls )
if err != nil {
return err
}
if err := d . Set ( "instance_group_urls" , igUrls ) ; err != nil {
2017-03-22 23:33:11 +00:00
return err
2017-03-07 05:14:32 +00:00
}
2015-07-05 16:39:01 +00:00
2018-06-15 10:10:25 +00:00
d . Set ( "resource_labels" , cluster . ResourceLabels )
2015-07-05 16:39:01 +00:00
return nil
}
func resourceContainerClusterUpdate ( d * schema . ResourceData , meta interface { } ) error {
config := meta . ( * Config )
2016-04-10 16:59:57 +00:00
project , err := getProject ( d , config )
if err != nil {
return err
}
2018-04-05 21:51:35 +00:00
location , err := getLocation ( d , config )
2017-12-06 22:30:04 +00:00
if err != nil {
return err
}
2018-04-05 21:51:35 +00:00
2015-07-05 16:39:01 +00:00
clusterName := d . Get ( "name" ) . ( string )
2017-06-28 08:22:31 +00:00
timeoutInMinutes := int ( d . Timeout ( schema . TimeoutUpdate ) . Minutes ( ) )
2015-07-05 16:39:01 +00:00
2017-07-05 23:00:49 +00:00
d . Partial ( true )
2018-04-05 21:51:35 +00:00
lockKey := containerClusterMutexKey ( project , location , clusterName )
2018-05-09 18:24:40 +00:00
updateFunc := func ( req * containerBeta . UpdateClusterRequest , updateDescription string ) func ( ) error {
2018-04-05 21:51:35 +00:00
return func ( ) error {
2018-05-09 18:24:40 +00:00
name := containerClusterFullName ( project , location , clusterName )
op , err := config . clientContainerBeta . Projects . Locations . Clusters . Update ( name , req ) . Do ( )
2018-04-05 21:51:35 +00:00
if err != nil {
return err
}
// Wait until it's updated
2018-12-27 01:42:37 +00:00
return containerOperationWait ( config , op , project , location , updateDescription , timeoutInMinutes )
2018-04-05 21:51:35 +00:00
}
}
2018-02-05 17:45:53 +00:00
2018-03-23 18:27:37 +00:00
// The ClusterUpdate object that we use for most of these updates only allows updating one field at a time,
// so we have to make separate calls for each field that we want to update. The order here is fairly arbitrary-
// if the order of updating fields does matter, it is called out explicitly.
2017-11-02 17:38:20 +00:00
if d . HasChange ( "master_authorized_networks_config" ) {
c := d . Get ( "master_authorized_networks_config" )
2018-05-09 18:24:40 +00:00
req := & containerBeta . UpdateClusterRequest {
Update : & containerBeta . ClusterUpdate {
DesiredMasterAuthorizedNetworksConfig : expandMasterAuthorizedNetworksConfig ( c ) ,
2017-11-02 17:38:20 +00:00
} ,
}
2018-04-05 21:51:35 +00:00
updateF := updateFunc ( req , "updating GKE cluster master authorized networks" )
2018-02-05 17:45:53 +00:00
if err := lockedCall ( lockKey , updateF ) ; err != nil {
return err
2017-11-02 17:38:20 +00:00
}
log . Printf ( "[INFO] GKE cluster %s master authorized networks config has been updated" , d . Id ( ) )
d . SetPartial ( "master_authorized_networks_config" )
}
2017-10-20 16:47:07 +00:00
if d . HasChange ( "addons_config" ) {
if ac , ok := d . GetOk ( "addons_config" ) ; ok {
2018-05-09 18:24:40 +00:00
req := & containerBeta . UpdateClusterRequest {
Update : & containerBeta . ClusterUpdate {
DesiredAddonsConfig : expandClusterAddonsConfig ( ac ) ,
2017-10-20 16:47:07 +00:00
} ,
}
2018-02-05 17:45:53 +00:00
2018-04-05 21:51:35 +00:00
updateF := updateFunc ( req , "updating GKE cluster addons" )
2018-02-05 17:45:53 +00:00
// Call update serially.
if err := lockedCall ( lockKey , updateF ) ; err != nil {
return err
2017-10-20 16:47:07 +00:00
}
log . Printf ( "[INFO] GKE cluster %s addons have been updated" , d . Id ( ) )
d . SetPartial ( "addons_config" )
}
}
2017-12-27 20:29:14 +00:00
if d . HasChange ( "maintenance_policy" ) {
2018-05-09 18:24:40 +00:00
var req * containerBeta . SetMaintenancePolicyRequest
2017-12-27 20:29:14 +00:00
if mp , ok := d . GetOk ( "maintenance_policy" ) ; ok {
2018-05-09 18:24:40 +00:00
req = & containerBeta . SetMaintenancePolicyRequest {
MaintenancePolicy : expandMaintenancePolicy ( mp ) ,
2017-12-27 20:29:14 +00:00
}
} else {
2018-05-09 18:24:40 +00:00
req = & containerBeta . SetMaintenancePolicyRequest {
2017-12-27 20:29:14 +00:00
NullFields : [ ] string { "MaintenancePolicy" } ,
}
}
2018-02-05 17:45:53 +00:00
updateF := func ( ) error {
2018-05-09 18:24:40 +00:00
name := containerClusterFullName ( project , location , clusterName )
op , err := config . clientContainerBeta . Projects . Locations . Clusters . SetMaintenancePolicy ( name , req ) . Do ( )
2018-04-05 21:51:35 +00:00
2018-02-05 17:45:53 +00:00
if err != nil {
return err
}
// Wait until it's updated
2018-12-27 01:42:37 +00:00
return containerOperationWait ( config , op , project , location , "updating GKE cluster maintenance policy" , timeoutInMinutes )
2017-12-27 20:29:14 +00:00
}
2018-02-05 17:45:53 +00:00
// Call update serially.
if err := lockedCall ( lockKey , updateF ) ; err != nil {
return err
2017-12-27 20:29:14 +00:00
}
log . Printf ( "[INFO] GKE cluster %s maintenance policy has been updated" , d . Id ( ) )
d . SetPartial ( "maintenance_policy" )
}
2019-03-13 16:32:46 +00:00
// we can only ever see a change to one of additional_zones and node_locations; because
// thy conflict with each other and are each computed, Terraform will suppress the diff
// on one of them even when migrating from one to the other.
2017-07-05 23:00:49 +00:00
if d . HasChange ( "additional_zones" ) {
2018-04-19 00:29:07 +00:00
azSetOldI , azSetNewI := d . GetChange ( "additional_zones" )
azSetNew := azSetNewI . ( * schema . Set )
azSetOld := azSetOldI . ( * schema . Set )
if azSetNew . Contains ( location ) {
2018-04-05 21:51:35 +00:00
return fmt . Errorf ( "additional_zones should not contain the original 'zone'" )
2017-07-05 23:00:49 +00:00
}
2018-04-19 00:29:07 +00:00
// Since we can't add & remove zones in the same request, first add all the
// zones, then remove the ones we aren't using anymore.
azSet := azSetOld . Union ( azSetNew )
2018-04-19 21:17:38 +00:00
if isZone ( location ) {
azSet . Add ( location )
}
2018-04-19 00:29:07 +00:00
2018-05-09 18:24:40 +00:00
req := & containerBeta . UpdateClusterRequest {
Update : & containerBeta . ClusterUpdate {
2018-04-05 21:51:35 +00:00
DesiredLocations : convertStringSet ( azSet ) ,
2017-07-05 23:00:49 +00:00
} ,
}
2018-02-05 17:45:53 +00:00
2019-03-13 16:32:46 +00:00
updateF := updateFunc ( req , "updating GKE cluster node locations" )
2018-02-05 17:45:53 +00:00
// Call update serially.
if err := lockedCall ( lockKey , updateF ) ; err != nil {
return err
2017-07-05 23:00:49 +00:00
}
2017-06-28 08:22:31 +00:00
2018-04-19 21:17:38 +00:00
if isZone ( location ) {
azSetNew . Add ( location )
}
2018-04-19 00:29:07 +00:00
if ! azSet . Equal ( azSetNew ) {
2018-05-09 18:24:40 +00:00
req = & containerBeta . UpdateClusterRequest {
Update : & containerBeta . ClusterUpdate {
2018-04-19 00:29:07 +00:00
DesiredLocations : convertStringSet ( azSetNew ) ,
} ,
}
2019-03-13 16:32:46 +00:00
updateF := updateFunc ( req , "updating GKE cluster node locations" )
2018-04-19 00:29:07 +00:00
// Call update serially.
if err := lockedCall ( lockKey , updateF ) ; err != nil {
return err
}
}
2019-03-13 16:32:46 +00:00
log . Printf ( "[INFO] GKE cluster %s node locations have been updated to %v" , d . Id ( ) , azSet . List ( ) )
2017-07-31 18:09:05 +00:00
d . SetPartial ( "additional_zones" )
2019-03-13 16:32:46 +00:00
} else if d . HasChange ( "node_locations" ) {
azSetOldI , azSetNewI := d . GetChange ( "node_locations" )
azSetNew := azSetNewI . ( * schema . Set )
azSetOld := azSetOldI . ( * schema . Set )
if azSetNew . Contains ( location ) {
return fmt . Errorf ( "for multi-zonal clusters, node_locations should not contain the primary 'zone'" )
}
// Since we can't add & remove zones in the same request, first add all the
// zones, then remove the ones we aren't using anymore.
azSet := azSetOld . Union ( azSetNew )
if isZone ( location ) {
azSet . Add ( location )
}
req := & containerBeta . UpdateClusterRequest {
Update : & containerBeta . ClusterUpdate {
DesiredLocations : convertStringSet ( azSet ) ,
} ,
}
updateF := updateFunc ( req , "updating GKE cluster node locations" )
// Call update serially.
if err := lockedCall ( lockKey , updateF ) ; err != nil {
return err
}
if isZone ( location ) {
azSetNew . Add ( location )
}
if ! azSet . Equal ( azSetNew ) {
req = & containerBeta . UpdateClusterRequest {
Update : & containerBeta . ClusterUpdate {
DesiredLocations : convertStringSet ( azSetNew ) ,
} ,
}
updateF := updateFunc ( req , "updating GKE cluster node locations" )
// Call update serially.
if err := lockedCall ( lockKey , updateF ) ; err != nil {
return err
}
}
log . Printf ( "[INFO] GKE cluster %s node locations have been updated to %v" , d . Id ( ) , azSet . List ( ) )
d . SetPartial ( "node_locations" )
2017-07-31 18:09:05 +00:00
}
if d . HasChange ( "enable_legacy_abac" ) {
enabled := d . Get ( "enable_legacy_abac" ) . ( bool )
2018-05-09 18:24:40 +00:00
req := & containerBeta . SetLegacyAbacRequest {
2017-07-31 18:09:05 +00:00
Enabled : enabled ,
ForceSendFields : [ ] string { "Enabled" } ,
}
2018-02-05 17:45:53 +00:00
updateF := func ( ) error {
2018-04-05 21:51:35 +00:00
log . Println ( "[DEBUG] updating enable_legacy_abac" )
2018-05-09 18:24:40 +00:00
name := containerClusterFullName ( project , location , clusterName )
op , err := config . clientContainerBeta . Projects . Locations . Clusters . SetLegacyAbac ( name , req ) . Do ( )
2018-02-05 17:45:53 +00:00
if err != nil {
return err
}
// Wait until it's updated
2018-12-27 01:42:37 +00:00
err = containerOperationWait ( config , op , project , location , "updating GKE legacy ABAC" , timeoutInMinutes )
2018-04-05 21:51:35 +00:00
log . Println ( "[DEBUG] done updating enable_legacy_abac" )
2017-07-31 18:09:05 +00:00
return err
}
2018-02-05 17:45:53 +00:00
// Call update serially.
if err := lockedCall ( lockKey , updateF ) ; err != nil {
return err
2017-07-31 18:09:05 +00:00
}
log . Printf ( "[INFO] GKE cluster %s legacy ABAC has been updated to %v" , d . Id ( ) , enabled )
d . SetPartial ( "enable_legacy_abac" )
2015-07-05 16:39:01 +00:00
}
2017-10-20 16:46:21 +00:00
if d . HasChange ( "monitoring_service" ) {
desiredMonitoringService := d . Get ( "monitoring_service" ) . ( string )
2018-05-09 18:24:40 +00:00
req := & containerBeta . UpdateClusterRequest {
Update : & containerBeta . ClusterUpdate {
2017-10-20 16:46:21 +00:00
DesiredMonitoringService : desiredMonitoringService ,
} ,
}
2018-04-05 21:51:35 +00:00
updateF := updateFunc ( req , "updating GKE cluster monitoring service" )
2018-02-05 17:45:53 +00:00
// Call update serially.
if err := lockedCall ( lockKey , updateF ) ; err != nil {
return err
2017-10-20 16:46:21 +00:00
}
log . Printf ( "[INFO] Monitoring service for GKE cluster %s has been updated to %s" , d . Id ( ) ,
desiredMonitoringService )
d . SetPartial ( "monitoring_service" )
}
2018-12-11 22:12:07 +00:00
if d . HasChange ( "logging_service" ) {
logging := d . Get ( "logging_service" ) . ( string )
req := & containerBeta . SetLoggingServiceRequest {
LoggingService : logging ,
}
updateF := func ( ) error {
name := containerClusterFullName ( project , location , clusterName )
op , err := config . clientContainerBeta . Projects . Locations . Clusters . SetLogging ( name , req ) . Do ( )
if err != nil {
return err
}
// Wait until it's updated
2018-12-27 01:42:37 +00:00
return containerOperationWait ( config , op , project , location , "updating GKE logging service" , timeoutInMinutes )
2018-12-11 22:12:07 +00:00
}
// Call update serially.
if err := lockedCall ( lockKey , updateF ) ; err != nil {
return err
}
log . Printf ( "[INFO] GKE cluster %s: logging service has been updated to %s" , d . Id ( ) ,
logging )
d . SetPartial ( "logging_service" )
}
2017-11-27 20:40:07 +00:00
if d . HasChange ( "network_policy" ) {
2018-03-07 01:44:05 +00:00
np := d . Get ( "network_policy" )
2018-05-09 18:24:40 +00:00
req := & containerBeta . SetNetworkPolicyRequest {
NetworkPolicy : expandNetworkPolicy ( np ) ,
2017-11-27 20:40:07 +00:00
}
2018-02-05 17:45:53 +00:00
updateF := func ( ) error {
2018-04-05 21:51:35 +00:00
log . Println ( "[DEBUG] updating network_policy" )
2018-05-09 18:24:40 +00:00
name := containerClusterFullName ( project , location , clusterName )
op , err := config . clientContainerBeta . Projects . Locations . Clusters . SetNetworkPolicy ( name , req ) . Do ( )
2018-02-05 17:45:53 +00:00
if err != nil {
return err
}
// Wait until it's updated
2018-12-27 01:42:37 +00:00
err = containerOperationWait ( config , op , project , location , "updating GKE cluster network policy" , timeoutInMinutes )
2018-04-05 21:51:35 +00:00
log . Println ( "[DEBUG] done updating network_policy" )
2017-11-27 20:40:07 +00:00
return err
}
2018-02-05 17:45:53 +00:00
// Call update serially.
if err := lockedCall ( lockKey , updateF ) ; err != nil {
return err
2017-11-27 20:40:07 +00:00
}
2018-02-05 17:45:53 +00:00
2017-11-27 20:40:07 +00:00
log . Printf ( "[INFO] Network policy for GKE cluster %s has been updated" , d . Id ( ) )
d . SetPartial ( "network_policy" )
}
2017-08-18 00:51:58 +00:00
if n , ok := d . GetOk ( "node_pool.#" ) ; ok {
for i := 0 ; i < n . ( int ) ; i ++ {
#1300 Supporting regional clusters for node pools (#1320)
This PR also switched us to using the beta API in all cases, and that had a side effect which is worth noting, note included here for posterity.
=====
The problem is, we add a GPU, and as per the docs, GKE adds a taint to
the node pool saying "don't schedule here unless you tolerate GPUs",
which is pretty sensible.
Terraform doesn't know about that, because it didn't ask for the taint
to be added. So after apply, on refresh, it sees the state of the world
(1 taint) and the state of the config (0 taints) and wants to set the
world equal to the config. This introduces a diff, which makes the test
fail - tests fail if there's a diff after they run.
Taints are a beta feature, though. :) And since the config doesn't
contain any taints, terraform didn't see any beta features in that node
pool ... so it used to send the request to the v1 API. And since the v1
API didn't return anything about taints (since they're a beta feature),
terraform happily checked the state of the world (0 taints I know about)
vs the config (0 taints), and all was well.
This PR makes every node pool refresh request hit the beta API. So now
terraform finds out about the taints (which were always there) and the
test fails (which it always should have done).
The solution is probably to write a little bit of code which suppresses
the report of the diff of any taint with value 'nvidia.com/gpu', but
only if GPUs are enabled. I think that's something that can be done.
2018-04-25 00:55:21 +00:00
nodePoolInfo , err := extractNodePoolInformationFromCluster ( d , config , clusterName )
if err != nil {
return err
}
if err := nodePoolUpdate ( d , meta , nodePoolInfo , fmt . Sprintf ( "node_pool.%d." , i ) , timeoutInMinutes ) ; err != nil {
2017-10-04 00:09:34 +00:00
return err
2017-08-18 00:51:58 +00:00
}
}
d . SetPartial ( "node_pool" )
}
2019-01-18 17:59:11 +00:00
// The master must be updated before the nodes
if d . HasChange ( "min_master_version" ) {
desiredMasterVersion := d . Get ( "min_master_version" ) . ( string )
currentMasterVersion := d . Get ( "master_version" ) . ( string )
des , err := version . NewVersion ( desiredMasterVersion )
if err != nil {
return err
}
cur , err := version . NewVersion ( currentMasterVersion )
if err != nil {
return err
}
// Only upgrade the master if the current version is lower than the desired version
if cur . LessThan ( des ) {
req := & containerBeta . UpdateClusterRequest {
Update : & containerBeta . ClusterUpdate {
DesiredMasterVersion : desiredMasterVersion ,
} ,
}
updateF := updateFunc ( req , "updating GKE master version" )
// Call update serially.
if err := lockedCall ( lockKey , updateF ) ; err != nil {
return err
}
log . Printf ( "[INFO] GKE cluster %s: master has been updated to %s" , d . Id ( ) , desiredMasterVersion )
}
d . SetPartial ( "min_master_version" )
}
// It's not super important that this come after updating the node pools, but it still seems like a better
// idea than doing it before.
if d . HasChange ( "node_version" ) {
foundDefault := false
if n , ok := d . GetOk ( "node_pool.#" ) ; ok {
for i := 0 ; i < n . ( int ) ; i ++ {
key := fmt . Sprintf ( "node_pool.%d." , i )
if d . Get ( key + "name" ) . ( string ) == "default-pool" {
desiredNodeVersion := d . Get ( "node_version" ) . ( string )
req := & containerBeta . UpdateClusterRequest {
Update : & containerBeta . ClusterUpdate {
DesiredNodeVersion : desiredNodeVersion ,
DesiredNodePoolId : "default-pool" ,
} ,
}
updateF := updateFunc ( req , "updating GKE default node pool node version" )
// Call update serially.
if err := lockedCall ( lockKey , updateF ) ; err != nil {
return err
}
log . Printf ( "[INFO] GKE cluster %s: default node pool has been updated to %s" , d . Id ( ) ,
desiredNodeVersion )
foundDefault = true
}
}
}
if ! foundDefault {
return fmt . Errorf ( "node_version was updated but default-pool was not found. To update the version for a non-default pool, use the version attribute on that pool." )
}
d . SetPartial ( "node_version" )
}
2018-08-07 21:07:28 +00:00
if d . HasChange ( "node_config" ) {
if d . HasChange ( "node_config.0.image_type" ) {
it := d . Get ( "node_config.0.image_type" ) . ( string )
req := & containerBeta . UpdateClusterRequest {
Update : & containerBeta . ClusterUpdate {
DesiredImageType : it ,
} ,
}
updateF := func ( ) error {
name := containerClusterFullName ( project , location , clusterName )
op , err := config . clientContainerBeta . Projects . Locations . Clusters . Update ( name , req ) . Do ( )
if err != nil {
return err
}
// Wait until it's updated
2018-12-27 01:42:37 +00:00
return containerOperationWait ( config , op , project , location , "updating GKE image type" , timeoutInMinutes )
2018-08-07 21:07:28 +00:00
}
// Call update serially.
if err := lockedCall ( lockKey , updateF ) ; err != nil {
return err
}
log . Printf ( "[INFO] GKE cluster %s: image type has been updated to %s" , d . Id ( ) , it )
}
d . SetPartial ( "node_config" )
}
2018-08-15 19:50:17 +00:00
if d . HasChange ( "master_auth" ) {
var req * containerBeta . SetMasterAuthRequest
if ma , ok := d . GetOk ( "master_auth" ) ; ok {
req = & containerBeta . SetMasterAuthRequest {
Action : "SET_USERNAME" ,
Update : expandMasterAuth ( ma ) ,
}
} else {
req = & containerBeta . SetMasterAuthRequest {
Action : "SET_USERNAME" ,
Update : & containerBeta . MasterAuth {
Username : "admin" ,
} ,
}
}
updateF := func ( ) error {
name := containerClusterFullName ( project , location , clusterName )
op , err := config . clientContainerBeta . Projects . Locations . Clusters . SetMasterAuth ( name , req ) . Do ( )
if err != nil {
return err
}
// Wait until it's updated
2018-12-27 01:42:37 +00:00
return containerOperationWait ( config , op , project , location , "updating master auth" , timeoutInMinutes )
2018-08-15 19:50:17 +00:00
}
// Call update serially.
if err := lockedCall ( lockKey , updateF ) ; err != nil {
return err
}
log . Printf ( "[INFO] GKE cluster %s: master auth has been updated" , d . Id ( ) )
d . SetPartial ( "master_auth" )
}
2018-06-15 10:10:25 +00:00
if d . HasChange ( "resource_labels" ) {
2018-07-13 21:14:00 +00:00
resourceLabels := d . Get ( "resource_labels" ) . ( map [ string ] interface { } )
2018-06-15 10:10:25 +00:00
req := & containerBeta . SetLabelsRequest {
2018-07-13 21:14:00 +00:00
ResourceLabels : convertStringMap ( resourceLabels ) ,
2018-06-15 10:10:25 +00:00
}
updateF := func ( ) error {
name := containerClusterFullName ( project , location , clusterName )
op , err := config . clientContainerBeta . Projects . Locations . Clusters . SetResourceLabels ( name , req ) . Do ( )
if err != nil {
return err
}
// Wait until it's updated
2018-12-27 01:42:37 +00:00
return containerOperationWait ( config , op , project , location , "updating GKE resource labels" , timeoutInMinutes )
2018-06-15 10:10:25 +00:00
}
// Call update serially.
if err := lockedCall ( lockKey , updateF ) ; err != nil {
return err
}
d . SetPartial ( "resource_labels" )
}
2018-03-23 00:22:44 +00:00
if d . HasChange ( "remove_default_node_pool" ) && d . Get ( "remove_default_node_pool" ) . ( bool ) {
2018-05-09 18:24:40 +00:00
name := fmt . Sprintf ( "%s/nodePools/%s" , containerClusterFullName ( project , location , clusterName ) , "default-pool" )
op , err := config . clientContainerBeta . Projects . Locations . Clusters . NodePools . Delete ( name ) . Do ( )
2018-03-23 00:22:44 +00:00
if err != nil {
2019-02-28 21:08:55 +00:00
if ! isGoogleApiErrorWithCode ( err , 404 ) {
return errwrap . Wrapf ( "Error deleting default node pool: {{err}}" , err )
}
log . Printf ( "[WARN] Container cluster %q default node pool already removed, no change" , d . Id ( ) )
} else {
err = containerOperationWait ( config , op , project , location , "removing default node pool" , timeoutInMinutes )
if err != nil {
return errwrap . Wrapf ( "Error deleting default node pool: {{err}}" , err )
}
2018-03-23 00:22:44 +00:00
}
}
2017-07-05 23:00:49 +00:00
d . Partial ( false )
2015-07-05 16:39:01 +00:00
return resourceContainerClusterRead ( d , meta )
}
func resourceContainerClusterDelete ( d * schema . ResourceData , meta interface { } ) error {
config := meta . ( * Config )
2016-04-10 16:59:57 +00:00
project , err := getProject ( d , config )
if err != nil {
return err
}
2019-02-14 18:29:34 +00:00
location , err := getLocation ( d , config )
if err != nil {
return err
2017-12-06 22:30:04 +00:00
}
2018-04-05 21:51:35 +00:00
2015-07-05 16:39:01 +00:00
clusterName := d . Get ( "name" ) . ( string )
2017-06-28 08:22:31 +00:00
timeoutInMinutes := int ( d . Timeout ( schema . TimeoutDelete ) . Minutes ( ) )
2015-07-05 16:39:01 +00:00
log . Printf ( "[DEBUG] Deleting GKE cluster %s" , d . Get ( "name" ) . ( string ) )
2018-04-05 21:51:35 +00:00
mutexKV . Lock ( containerClusterMutexKey ( project , location , clusterName ) )
defer mutexKV . Unlock ( containerClusterMutexKey ( project , location , clusterName ) )
2018-12-27 01:42:37 +00:00
var op * containerBeta . Operation
#1300 Supporting regional clusters for node pools (#1320)
This PR also switched us to using the beta API in all cases, and that had a side effect which is worth noting, note included here for posterity.
=====
The problem is, we add a GPU, and as per the docs, GKE adds a taint to
the node pool saying "don't schedule here unless you tolerate GPUs",
which is pretty sensible.
Terraform doesn't know about that, because it didn't ask for the taint
to be added. So after apply, on refresh, it sees the state of the world
(1 taint) and the state of the config (0 taints) and wants to set the
world equal to the config. This introduces a diff, which makes the test
fail - tests fail if there's a diff after they run.
Taints are a beta feature, though. :) And since the config doesn't
contain any taints, terraform didn't see any beta features in that node
pool ... so it used to send the request to the v1 API. And since the v1
API didn't return anything about taints (since they're a beta feature),
terraform happily checked the state of the world (0 taints I know about)
vs the config (0 taints), and all was well.
This PR makes every node pool refresh request hit the beta API. So now
terraform finds out about the taints (which were always there) and the
test fails (which it always should have done).
The solution is probably to write a little bit of code which suppresses
the report of the diff of any taint with value 'nvidia.com/gpu', but
only if GPUs are enabled. I think that's something that can be done.
2018-04-25 00:55:21 +00:00
var count = 0
err = resource . Retry ( 30 * time . Second , func ( ) * resource . RetryError {
count ++
2018-04-05 21:51:35 +00:00
name := containerClusterFullName ( project , location , clusterName )
op , err = config . clientContainerBeta . Projects . Locations . Clusters . Delete ( name ) . Do ( )
#1300 Supporting regional clusters for node pools (#1320)
This PR also switched us to using the beta API in all cases, and that had a side effect which is worth noting, note included here for posterity.
=====
The problem is, we add a GPU, and as per the docs, GKE adds a taint to
the node pool saying "don't schedule here unless you tolerate GPUs",
which is pretty sensible.
Terraform doesn't know about that, because it didn't ask for the taint
to be added. So after apply, on refresh, it sees the state of the world
(1 taint) and the state of the config (0 taints) and wants to set the
world equal to the config. This introduces a diff, which makes the test
fail - tests fail if there's a diff after they run.
Taints are a beta feature, though. :) And since the config doesn't
contain any taints, terraform didn't see any beta features in that node
pool ... so it used to send the request to the v1 API. And since the v1
API didn't return anything about taints (since they're a beta feature),
terraform happily checked the state of the world (0 taints I know about)
vs the config (0 taints), and all was well.
This PR makes every node pool refresh request hit the beta API. So now
terraform finds out about the taints (which were always there) and the
test fails (which it always should have done).
The solution is probably to write a little bit of code which suppresses
the report of the diff of any taint with value 'nvidia.com/gpu', but
only if GPUs are enabled. I think that's something that can be done.
2018-04-25 00:55:21 +00:00
if err != nil {
log . Printf ( "[WARNING] Cluster is still not ready to delete, retrying %s" , clusterName )
return resource . RetryableError ( err )
}
if count == 15 {
return resource . NonRetryableError ( fmt . Errorf ( "Error retrying to delete cluster %s" , clusterName ) )
}
return nil
} )
2015-07-05 16:39:01 +00:00
if err != nil {
#1300 Supporting regional clusters for node pools (#1320)
This PR also switched us to using the beta API in all cases, and that had a side effect which is worth noting, note included here for posterity.
=====
The problem is, we add a GPU, and as per the docs, GKE adds a taint to
the node pool saying "don't schedule here unless you tolerate GPUs",
which is pretty sensible.
Terraform doesn't know about that, because it didn't ask for the taint
to be added. So after apply, on refresh, it sees the state of the world
(1 taint) and the state of the config (0 taints) and wants to set the
world equal to the config. This introduces a diff, which makes the test
fail - tests fail if there's a diff after they run.
Taints are a beta feature, though. :) And since the config doesn't
contain any taints, terraform didn't see any beta features in that node
pool ... so it used to send the request to the v1 API. And since the v1
API didn't return anything about taints (since they're a beta feature),
terraform happily checked the state of the world (0 taints I know about)
vs the config (0 taints), and all was well.
This PR makes every node pool refresh request hit the beta API. So now
terraform finds out about the taints (which were always there) and the
test fails (which it always should have done).
The solution is probably to write a little bit of code which suppresses
the report of the diff of any taint with value 'nvidia.com/gpu', but
only if GPUs are enabled. I think that's something that can be done.
2018-04-25 00:55:21 +00:00
return fmt . Errorf ( "Error deleting Cluster: %s" , err )
2015-07-05 16:39:01 +00:00
}
// Wait until it's deleted
2018-12-27 01:42:37 +00:00
waitErr := containerOperationWait ( config , op , project , location , "deleting GKE cluster" , timeoutInMinutes )
2017-03-06 22:59:24 +00:00
if waitErr != nil {
return waitErr
2015-07-05 16:39:01 +00:00
}
log . Printf ( "[INFO] GKE cluster %s has been deleted" , d . Id ( ) )
d . SetId ( "" )
2019-02-14 18:29:34 +00:00
return nil
}
// cleanFailedContainerCluster deletes clusters that failed but were
// created in an error state. Similar to resourceContainerClusterDelete
// but implemented in separate function as it doesn't try to lock already
// locked cluster state, does different error handling, and doesn't do retries.
func cleanFailedContainerCluster ( d * schema . ResourceData , meta interface { } ) error {
config := meta . ( * Config )
project , err := getProject ( d , config )
if err != nil {
return err
}
location , err := getLocation ( d , config )
if err != nil {
return err
}
clusterName := d . Get ( "name" ) . ( string )
fullName := containerClusterFullName ( project , location , clusterName )
log . Printf ( "[DEBUG] Cleaning up failed GKE cluster %s" , d . Get ( "name" ) . ( string ) )
op , err := config . clientContainerBeta . Projects . Locations . Clusters . Delete ( fullName ) . Do ( )
if err != nil {
return handleNotFoundError ( err , d , fmt . Sprintf ( "Container Cluster %q" , d . Get ( "name" ) . ( string ) ) )
}
// Wait until it's deleted
timeoutInMinutes := int ( d . Timeout ( schema . TimeoutDelete ) . Minutes ( ) )
waitErr := containerOperationWait ( config , op , project , location , "deleting GKE cluster" , timeoutInMinutes )
if waitErr != nil {
return waitErr
}
log . Printf ( "[INFO] GKE cluster %s has been deleted" , d . Id ( ) )
d . SetId ( "" )
2015-07-05 16:39:01 +00:00
return nil
}
2017-03-22 23:33:11 +00:00
// container engine's API currently mistakenly returns the instance group manager's
// URL instead of the instance group's URL in its responses. This shim detects that
// error, and corrects it, by fetching the instance group manager URL and retrieving
// the instance group manager, then using that to look up the instance group URL, which
// is then substituted.
//
// This should be removed when the API response is fixed.
func getInstanceGroupUrlsFromManagerUrls ( config * Config , igmUrls [ ] string ) ( [ ] string , error ) {
instanceGroupURLs := make ( [ ] string , 0 , len ( igmUrls ) )
for _ , u := range igmUrls {
if ! instanceGroupManagerURL . MatchString ( u ) {
instanceGroupURLs = append ( instanceGroupURLs , u )
continue
}
matches := instanceGroupManagerURL . FindStringSubmatch ( u )
instanceGroupManager , err := config . clientCompute . InstanceGroupManagers . Get ( matches [ 1 ] , matches [ 2 ] , matches [ 3 ] ) . Do ( )
if err != nil {
return nil , fmt . Errorf ( "Error reading instance group manager returned as an instance group URL: %s" , err )
}
instanceGroupURLs = append ( instanceGroupURLs , instanceGroupManager . InstanceGroup )
}
return instanceGroupURLs , nil
}
2018-03-07 01:44:05 +00:00
func expandClusterAddonsConfig ( configured interface { } ) * containerBeta . AddonsConfig {
2018-09-25 18:42:37 +00:00
l := configured . ( [ ] interface { } )
2018-10-11 16:37:31 +00:00
if len ( l ) == 0 || l [ 0 ] == nil {
2018-09-25 18:42:37 +00:00
return nil
}
2018-10-11 16:37:31 +00:00
2018-09-25 18:42:37 +00:00
config := l [ 0 ] . ( map [ string ] interface { } )
2018-03-07 01:44:05 +00:00
ac := & containerBeta . AddonsConfig { }
2017-10-20 16:47:07 +00:00
if v , ok := config [ "http_load_balancing" ] ; ok && len ( v . ( [ ] interface { } ) ) > 0 {
addon := v . ( [ ] interface { } ) [ 0 ] . ( map [ string ] interface { } )
2018-03-07 01:44:05 +00:00
ac . HttpLoadBalancing = & containerBeta . HttpLoadBalancing {
2017-10-20 16:47:07 +00:00
Disabled : addon [ "disabled" ] . ( bool ) ,
ForceSendFields : [ ] string { "Disabled" } ,
}
}
if v , ok := config [ "horizontal_pod_autoscaling" ] ; ok && len ( v . ( [ ] interface { } ) ) > 0 {
addon := v . ( [ ] interface { } ) [ 0 ] . ( map [ string ] interface { } )
2018-03-07 01:44:05 +00:00
ac . HorizontalPodAutoscaling = & containerBeta . HorizontalPodAutoscaling {
2017-10-20 16:47:07 +00:00
Disabled : addon [ "disabled" ] . ( bool ) ,
ForceSendFields : [ ] string { "Disabled" } ,
}
}
if v , ok := config [ "kubernetes_dashboard" ] ; ok && len ( v . ( [ ] interface { } ) ) > 0 {
addon := v . ( [ ] interface { } ) [ 0 ] . ( map [ string ] interface { } )
2018-03-07 01:44:05 +00:00
ac . KubernetesDashboard = & containerBeta . KubernetesDashboard {
2017-10-20 16:47:07 +00:00
Disabled : addon [ "disabled" ] . ( bool ) ,
ForceSendFields : [ ] string { "Disabled" } ,
}
}
2018-03-15 21:50:24 +00:00
if v , ok := config [ "network_policy_config" ] ; ok && len ( v . ( [ ] interface { } ) ) > 0 {
addon := v . ( [ ] interface { } ) [ 0 ] . ( map [ string ] interface { } )
ac . NetworkPolicyConfig = & containerBeta . NetworkPolicyConfig {
Disabled : addon [ "disabled" ] . ( bool ) ,
ForceSendFields : [ ] string { "Disabled" } ,
}
}
2017-10-20 16:47:07 +00:00
return ac
}
2018-09-25 18:42:37 +00:00
func expandIPAllocationPolicy ( configured interface { } ) * containerBeta . IPAllocationPolicy {
2018-02-09 21:55:38 +00:00
l := configured . ( [ ] interface { } )
2018-10-11 16:37:31 +00:00
if len ( l ) == 0 || l [ 0 ] == nil {
2018-09-25 18:42:37 +00:00
return nil
2017-11-27 23:15:03 +00:00
}
2018-10-11 16:37:31 +00:00
2018-09-05 16:52:06 +00:00
config := l [ 0 ] . ( map [ string ] interface { } )
return & containerBeta . IPAllocationPolicy {
2019-03-04 22:08:40 +00:00
UseIpAliases : config [ "use_ip_aliases" ] . ( bool ) ,
2018-09-05 16:52:06 +00:00
CreateSubnetwork : config [ "create_subnetwork" ] . ( bool ) ,
SubnetworkName : config [ "subnetwork_name" ] . ( string ) ,
2017-11-27 23:15:03 +00:00
2018-09-05 16:52:06 +00:00
ClusterIpv4CidrBlock : config [ "cluster_ipv4_cidr_block" ] . ( string ) ,
ServicesIpv4CidrBlock : config [ "services_ipv4_cidr_block" ] . ( string ) ,
2019-03-01 05:19:29 +00:00
NodeIpv4CidrBlock : config [ "node_ipv4_cidr_block" ] . ( string ) ,
2018-09-05 16:52:06 +00:00
ClusterSecondaryRangeName : config [ "cluster_secondary_range_name" ] . ( string ) ,
ServicesSecondaryRangeName : config [ "services_secondary_range_name" ] . ( string ) ,
2019-03-04 22:08:40 +00:00
ForceSendFields : [ ] string { "UseIpAliases" } ,
2018-09-25 18:42:37 +00:00
}
2017-11-27 23:15:03 +00:00
}
2018-03-07 01:44:05 +00:00
func expandMaintenancePolicy ( configured interface { } ) * containerBeta . MaintenancePolicy {
2018-09-25 18:42:37 +00:00
l := configured . ( [ ] interface { } )
2018-10-11 16:37:31 +00:00
if len ( l ) == 0 || l [ 0 ] == nil {
2018-09-25 18:42:37 +00:00
return nil
}
2018-10-11 16:37:31 +00:00
2018-09-25 18:42:37 +00:00
maintenancePolicy := l [ 0 ] . ( map [ string ] interface { } )
dailyMaintenanceWindow := maintenancePolicy [ "daily_maintenance_window" ] . ( [ ] interface { } ) [ 0 ] . ( map [ string ] interface { } )
startTime := dailyMaintenanceWindow [ "start_time" ] . ( string )
return & containerBeta . MaintenancePolicy {
Window : & containerBeta . MaintenanceWindow {
2018-03-07 01:44:05 +00:00
DailyMaintenanceWindow : & containerBeta . DailyMaintenanceWindow {
2017-12-27 20:29:14 +00:00
StartTime : startTime ,
} ,
2018-09-25 18:42:37 +00:00
} ,
2017-12-27 20:29:14 +00:00
}
2018-08-15 19:50:17 +00:00
}
func expandMasterAuth ( configured interface { } ) * containerBeta . MasterAuth {
2018-09-25 18:42:37 +00:00
l := configured . ( [ ] interface { } )
2018-10-11 16:37:31 +00:00
if len ( l ) == 0 || l [ 0 ] == nil {
2018-09-25 18:42:37 +00:00
return nil
}
2018-10-11 16:37:31 +00:00
2018-09-25 18:42:37 +00:00
masterAuth := l [ 0 ] . ( map [ string ] interface { } )
result := & containerBeta . MasterAuth {
Username : masterAuth [ "username" ] . ( string ) ,
Password : masterAuth [ "password" ] . ( string ) ,
}
if _ , ok := masterAuth [ "client_certificate_config" ] ; ok {
if len ( masterAuth [ "client_certificate_config" ] . ( [ ] interface { } ) ) > 0 {
clientCertificateConfig := masterAuth [ "client_certificate_config" ] . ( [ ] interface { } ) [ 0 ] . ( map [ string ] interface { } )
if _ , ok := clientCertificateConfig [ "issue_client_certificate" ] ; ok {
result . ClientCertificateConfig = & containerBeta . ClientCertificateConfig {
IssueClientCertificate : clientCertificateConfig [ "issue_client_certificate" ] . ( bool ) ,
2018-08-15 19:50:17 +00:00
}
}
}
}
2017-12-27 20:29:14 +00:00
return result
}
2018-03-07 01:44:05 +00:00
func expandMasterAuthorizedNetworksConfig ( configured interface { } ) * containerBeta . MasterAuthorizedNetworksConfig {
2018-09-25 18:42:37 +00:00
l := configured . ( [ ] interface { } )
if len ( l ) == 0 {
return nil
}
result := & containerBeta . MasterAuthorizedNetworksConfig {
Enabled : true ,
}
if config , ok := l [ 0 ] . ( map [ string ] interface { } ) ; ok {
if _ , ok := config [ "cidr_blocks" ] ; ok {
cidrBlocks := config [ "cidr_blocks" ] . ( * schema . Set ) . List ( )
result . CidrBlocks = make ( [ ] * containerBeta . CidrBlock , 0 )
for _ , v := range cidrBlocks {
cidrBlock := v . ( map [ string ] interface { } )
result . CidrBlocks = append ( result . CidrBlocks , & containerBeta . CidrBlock {
CidrBlock : cidrBlock [ "cidr_block" ] . ( string ) ,
DisplayName : cidrBlock [ "display_name" ] . ( string ) ,
} )
2017-11-02 17:38:20 +00:00
}
}
}
return result
}
2018-03-07 01:44:05 +00:00
func expandNetworkPolicy ( configured interface { } ) * containerBeta . NetworkPolicy {
2018-09-25 18:42:37 +00:00
l := configured . ( [ ] interface { } )
if len ( l ) == 0 {
return nil
}
2018-03-07 01:44:05 +00:00
result := & containerBeta . NetworkPolicy { }
2018-09-25 18:42:37 +00:00
config := l [ 0 ] . ( map [ string ] interface { } )
if enabled , ok := config [ "enabled" ] ; ok && enabled . ( bool ) {
result . Enabled = true
if provider , ok := config [ "provider" ] ; ok {
result . Provider = provider . ( string )
2017-11-27 20:40:07 +00:00
}
}
return result
}
2018-10-31 00:56:41 +00:00
func expandPrivateClusterConfig ( configured interface { } ) * containerBeta . PrivateClusterConfig {
l := configured . ( [ ] interface { } )
if len ( l ) == 0 {
return nil
}
config := l [ 0 ] . ( map [ string ] interface { } )
return & containerBeta . PrivateClusterConfig {
EnablePrivateEndpoint : config [ "enable_private_endpoint" ] . ( bool ) ,
EnablePrivateNodes : config [ "enable_private_nodes" ] . ( bool ) ,
MasterIpv4CidrBlock : config [ "master_ipv4_cidr_block" ] . ( string ) ,
ForceSendFields : [ ] string { "EnablePrivateEndpoint" , "EnablePrivateNodes" , "MasterIpv4CidrBlock" } ,
}
}
2018-03-14 21:00:31 +00:00
func expandPodSecurityPolicyConfig ( configured interface { } ) * containerBeta . PodSecurityPolicyConfig {
2018-11-05 16:22:41 +00:00
// Removing lists is hard - the element count (#) will have a diff from nil -> computed
// If we set this to empty on Read, it will be stable.
return nil
2018-03-14 21:00:31 +00:00
}
2018-03-07 01:44:05 +00:00
func flattenNetworkPolicy ( c * containerBeta . NetworkPolicy ) [ ] map [ string ] interface { } {
2017-11-27 20:40:07 +00:00
result := [ ] map [ string ] interface { } { }
if c != nil {
result = append ( result , map [ string ] interface { } {
"enabled" : c . Enabled ,
"provider" : c . Provider ,
} )
2018-04-20 18:39:20 +00:00
} else {
// Explicitly set the network policy to the default.
result = append ( result , map [ string ] interface { } {
"enabled" : false ,
"provider" : "PROVIDER_UNSPECIFIED" ,
} )
2017-11-27 20:40:07 +00:00
}
return result
}
2018-03-07 01:44:05 +00:00
func flattenClusterAddonsConfig ( c * containerBeta . AddonsConfig ) [ ] map [ string ] interface { } {
2017-10-20 16:47:07 +00:00
result := make ( map [ string ] interface { } )
2018-06-20 23:45:49 +00:00
if c == nil {
return nil
}
2017-10-20 16:47:07 +00:00
if c . HorizontalPodAutoscaling != nil {
result [ "horizontal_pod_autoscaling" ] = [ ] map [ string ] interface { } {
{
"disabled" : c . HorizontalPodAutoscaling . Disabled ,
} ,
}
}
if c . HttpLoadBalancing != nil {
result [ "http_load_balancing" ] = [ ] map [ string ] interface { } {
{
"disabled" : c . HttpLoadBalancing . Disabled ,
} ,
}
}
if c . KubernetesDashboard != nil {
result [ "kubernetes_dashboard" ] = [ ] map [ string ] interface { } {
{
"disabled" : c . KubernetesDashboard . Disabled ,
} ,
}
}
2018-03-15 21:50:24 +00:00
if c . NetworkPolicyConfig != nil {
result [ "network_policy_config" ] = [ ] map [ string ] interface { } {
{
"disabled" : c . NetworkPolicyConfig . Disabled ,
} ,
}
}
2017-10-20 16:47:07 +00:00
return [ ] map [ string ] interface { } { result }
}
2018-03-07 01:44:05 +00:00
func flattenClusterNodePools ( d * schema . ResourceData , config * Config , c [ ] * containerBeta . NodePool ) ( [ ] map [ string ] interface { } , error ) {
2017-08-18 00:51:58 +00:00
nodePools := make ( [ ] map [ string ] interface { } , 0 , len ( c ) )
2017-04-12 19:57:53 +00:00
for i , np := range c {
2017-10-04 00:09:34 +00:00
nodePool , err := flattenNodePool ( d , config , np , fmt . Sprintf ( "node_pool.%d." , i ) )
if err != nil {
return nil , err
2017-04-12 19:57:53 +00:00
}
nodePools = append ( nodePools , nodePool )
}
2017-08-18 00:51:58 +00:00
return nodePools , nil
2017-04-12 19:57:53 +00:00
}
2017-08-04 22:34:02 +00:00
2018-10-31 00:56:41 +00:00
func flattenPrivateClusterConfig ( c * containerBeta . PrivateClusterConfig ) [ ] map [ string ] interface { } {
if c == nil {
return nil
}
return [ ] map [ string ] interface { } {
{
"enable_private_endpoint" : c . EnablePrivateEndpoint ,
"enable_private_nodes" : c . EnablePrivateNodes ,
"master_ipv4_cidr_block" : c . MasterIpv4CidrBlock ,
"private_endpoint" : c . PrivateEndpoint ,
"public_endpoint" : c . PublicEndpoint ,
} ,
}
}
2019-05-20 21:31:38 +00:00
func flattenIPAllocationPolicy ( c * containerBeta . Cluster , d * schema . ResourceData , config * Config ) [ ] map [ string ] interface { } {
if c == nil || c . IpAllocationPolicy == nil {
2018-06-20 23:45:49 +00:00
return nil
}
2019-05-20 21:31:38 +00:00
nodeCidrBlock := ""
if c . Subnetwork != "" {
subnetwork , err := ParseSubnetworkFieldValue ( c . Subnetwork , d , config )
2019-03-01 05:19:29 +00:00
if err == nil {
sn , err := config . clientCompute . Subnetworks . Get ( subnetwork . Project , subnetwork . Region , subnetwork . Name ) . Do ( )
if err == nil {
2019-05-20 21:31:38 +00:00
nodeCidrBlock = sn . IpCidrRange
2019-03-01 05:19:29 +00:00
}
} else {
log . Printf ( "[WARN] Unable to parse subnetwork name, got error while trying to get new subnetwork: %s" , err )
}
}
2019-05-20 21:31:38 +00:00
p := c . IpAllocationPolicy
2017-11-27 23:15:03 +00:00
return [ ] map [ string ] interface { } {
{
2019-05-20 21:31:38 +00:00
"use_ip_aliases" : p . UseIpAliases ,
2019-03-04 22:08:40 +00:00
2019-05-20 21:31:38 +00:00
"create_subnetwork" : p . CreateSubnetwork ,
"subnetwork_name" : p . SubnetworkName ,
2018-09-05 16:52:06 +00:00
2019-05-20 21:31:38 +00:00
"cluster_ipv4_cidr_block" : p . ClusterIpv4CidrBlock ,
"services_ipv4_cidr_block" : p . ServicesIpv4CidrBlock ,
"node_ipv4_cidr_block" : nodeCidrBlock ,
2018-09-05 16:52:06 +00:00
2019-05-20 21:31:38 +00:00
"cluster_secondary_range_name" : p . ClusterSecondaryRangeName ,
"services_secondary_range_name" : p . ServicesSecondaryRangeName ,
2017-11-27 23:15:03 +00:00
} ,
}
}
2018-03-07 01:44:05 +00:00
func flattenMaintenancePolicy ( mp * containerBeta . MaintenancePolicy ) [ ] map [ string ] interface { } {
2018-06-20 23:45:49 +00:00
if mp == nil {
return nil
}
2017-12-27 20:29:14 +00:00
return [ ] map [ string ] interface { } {
{
"daily_maintenance_window" : [ ] map [ string ] interface { } {
{
"start_time" : mp . Window . DailyMaintenanceWindow . StartTime ,
"duration" : mp . Window . DailyMaintenanceWindow . Duration ,
} ,
} ,
} ,
}
}
2018-06-20 23:45:49 +00:00
func flattenMasterAuth ( ma * containerBeta . MasterAuth ) [ ] map [ string ] interface { } {
if ma == nil {
return nil
}
masterAuth := [ ] map [ string ] interface { } {
{
"username" : ma . Username ,
"password" : ma . Password ,
"client_certificate" : ma . ClientCertificate ,
"client_key" : ma . ClientKey ,
"cluster_ca_certificate" : ma . ClusterCaCertificate ,
} ,
}
if len ( ma . ClientCertificate ) == 0 {
masterAuth [ 0 ] [ "client_certificate_config" ] = [ ] map [ string ] interface { } {
{ "issue_client_certificate" : false } ,
}
}
return masterAuth
}
2018-03-07 01:44:05 +00:00
func flattenMasterAuthorizedNetworksConfig ( c * containerBeta . MasterAuthorizedNetworksConfig ) [ ] map [ string ] interface { } {
2018-06-20 23:45:49 +00:00
if c == nil {
return nil
}
2017-11-02 17:38:20 +00:00
result := make ( map [ string ] interface { } )
2018-03-30 17:10:25 +00:00
if c . Enabled {
2018-03-01 21:19:18 +00:00
cidrBlocks := make ( [ ] interface { } , 0 , len ( c . CidrBlocks ) )
2017-11-02 17:38:20 +00:00
for _ , v := range c . CidrBlocks {
cidrBlocks = append ( cidrBlocks , map [ string ] interface { } {
"cidr_block" : v . CidrBlock ,
"display_name" : v . DisplayName ,
} )
}
2018-03-01 21:19:18 +00:00
result [ "cidr_blocks" ] = schema . NewSet ( schema . HashResource ( cidrBlockConfig ) , cidrBlocks )
2017-11-02 17:38:20 +00:00
}
return [ ] map [ string ] interface { } { result }
}
2017-09-07 17:31:58 +00:00
func resourceContainerClusterStateImporter ( d * schema . ResourceData , meta interface { } ) ( [ ] * schema . ResourceData , error ) {
2019-02-28 21:08:55 +00:00
config := meta . ( * Config )
2017-09-07 17:31:58 +00:00
2019-02-28 21:08:55 +00:00
parts := strings . Split ( d . Id ( ) , "/" )
var project , location , clusterName string
2018-04-03 20:39:28 +00:00
switch len ( parts ) {
case 2 :
2019-02-28 21:08:55 +00:00
location = parts [ 0 ]
clusterName = parts [ 1 ]
2018-04-03 20:39:28 +00:00
case 3 :
2019-02-28 21:08:55 +00:00
project = parts [ 0 ]
location = parts [ 1 ]
clusterName = parts [ 2 ]
2018-04-03 20:39:28 +00:00
default :
2019-03-13 16:32:46 +00:00
return nil , fmt . Errorf ( "Invalid container cluster specifier. Expecting {location}/{name} or {project}/{location}/{name}" )
2018-04-03 20:39:28 +00:00
}
2017-09-07 17:31:58 +00:00
2019-03-05 02:03:58 +00:00
if len ( project ) == 0 {
2019-02-28 21:08:55 +00:00
var err error
project , err = getProject ( d , config )
if err != nil {
return nil , err
}
}
2019-03-05 02:03:58 +00:00
d . Set ( "project" , project )
2019-02-28 21:08:55 +00:00
2019-03-13 16:32:46 +00:00
d . Set ( "location" , location )
2019-02-28 21:08:55 +00:00
if isZone ( location ) {
d . Set ( "zone" , location )
} else {
d . Set ( "region" , location )
}
d . Set ( "name" , clusterName )
d . SetId ( clusterName )
2017-09-07 17:31:58 +00:00
return [ ] * schema . ResourceData { d } , nil
}
2018-01-09 17:39:04 +00:00
2018-04-05 21:51:35 +00:00
func containerClusterMutexKey ( project , location , clusterName string ) string {
return fmt . Sprintf ( "google-container-cluster/%s/%s/%s" , project , location , clusterName )
}
func containerClusterFullName ( project , location , cluster string ) string {
return fmt . Sprintf ( "projects/%s/locations/%s/clusters/%s" , project , location , cluster )
}
#1300 Supporting regional clusters for node pools (#1320)
This PR also switched us to using the beta API in all cases, and that had a side effect which is worth noting, note included here for posterity.
=====
The problem is, we add a GPU, and as per the docs, GKE adds a taint to
the node pool saying "don't schedule here unless you tolerate GPUs",
which is pretty sensible.
Terraform doesn't know about that, because it didn't ask for the taint
to be added. So after apply, on refresh, it sees the state of the world
(1 taint) and the state of the config (0 taints) and wants to set the
world equal to the config. This introduces a diff, which makes the test
fail - tests fail if there's a diff after they run.
Taints are a beta feature, though. :) And since the config doesn't
contain any taints, terraform didn't see any beta features in that node
pool ... so it used to send the request to the v1 API. And since the v1
API didn't return anything about taints (since they're a beta feature),
terraform happily checked the state of the world (0 taints I know about)
vs the config (0 taints), and all was well.
This PR makes every node pool refresh request hit the beta API. So now
terraform finds out about the taints (which were always there) and the
test fails (which it always should have done).
The solution is probably to write a little bit of code which suppresses
the report of the diff of any taint with value 'nvidia.com/gpu', but
only if GPUs are enabled. I think that's something that can be done.
2018-04-25 00:55:21 +00:00
func extractNodePoolInformationFromCluster ( d * schema . ResourceData , config * Config , clusterName string ) ( * NodePoolInformation , error ) {
project , err := getProject ( d , config )
if err != nil {
return nil , err
}
location , err := getLocation ( d , config )
if err != nil {
return nil , err
2018-04-05 21:51:35 +00:00
}
#1300 Supporting regional clusters for node pools (#1320)
This PR also switched us to using the beta API in all cases, and that had a side effect which is worth noting, note included here for posterity.
=====
The problem is, we add a GPU, and as per the docs, GKE adds a taint to
the node pool saying "don't schedule here unless you tolerate GPUs",
which is pretty sensible.
Terraform doesn't know about that, because it didn't ask for the taint
to be added. So after apply, on refresh, it sees the state of the world
(1 taint) and the state of the config (0 taints) and wants to set the
world equal to the config. This introduces a diff, which makes the test
fail - tests fail if there's a diff after they run.
Taints are a beta feature, though. :) And since the config doesn't
contain any taints, terraform didn't see any beta features in that node
pool ... so it used to send the request to the v1 API. And since the v1
API didn't return anything about taints (since they're a beta feature),
terraform happily checked the state of the world (0 taints I know about)
vs the config (0 taints), and all was well.
This PR makes every node pool refresh request hit the beta API. So now
terraform finds out about the taints (which were always there) and the
test fails (which it always should have done).
The solution is probably to write a little bit of code which suppresses
the report of the diff of any taint with value 'nvidia.com/gpu', but
only if GPUs are enabled. I think that's something that can be done.
2018-04-25 00:55:21 +00:00
return & NodePoolInformation {
project : project ,
location : location ,
cluster : d . Get ( "name" ) . ( string ) ,
} , nil
2018-01-09 17:39:04 +00:00
}
2018-04-28 01:06:26 +00:00
2019-02-28 21:08:55 +00:00
func cidrOrSizeDiffSuppress ( k , old , new string , d * schema . ResourceData ) bool {
// If the user specified a size and the API returned a full cidr block, suppress.
return strings . HasPrefix ( new , "/" ) && strings . HasSuffix ( old , new )
}
2018-04-28 01:06:26 +00:00
// We want to suppress diffs for empty or default client certificate configs, i.e:
// [{ "issue_client_certificate": true}] --> []
// [] -> [{ "issue_client_certificate": true}]
func masterAuthClientCertCfgSuppress ( k , old , new string , r * schema . ResourceData ) bool {
var clientConfig map [ string ] interface { }
if v , ok := r . GetOk ( "master_auth" ) ; ok {
masterAuths := v . ( [ ] interface { } )
masterAuth := masterAuths [ 0 ] . ( map [ string ] interface { } )
cfgs := masterAuth [ "client_certificate_config" ] . ( [ ] interface { } )
if len ( cfgs ) > 0 {
clientConfig = cfgs [ 0 ] . ( map [ string ] interface { } )
}
}
if strings . HasSuffix ( k , "client_certificate_config.#" ) && old == "0" && new == "1" {
// nil --> { "issue_client_certificate": true }
if issueCert , ok := clientConfig [ "issue_client_certificate" ] ; ok {
return issueCert . ( bool )
}
}
return strings . HasSuffix ( k , ".issue_client_certificate" ) && old == "" && new == "true"
}
2019-02-25 22:01:02 +00:00
// We want to suppress diffs for empty/disabled private cluster config.
func containerClusterPrivateClusterConfigSuppress ( k , old , new string , d * schema . ResourceData ) bool {
o , n := d . GetChange ( "private_cluster_config.0.enable_private_endpoint" )
suppressEndpoint := ! o . ( bool ) && ! n . ( bool )
o , n = d . GetChange ( "private_cluster_config.0.enable_private_nodes" )
suppressNodes := ! o . ( bool ) && ! n . ( bool )
if k == "private_cluster_config.0.enable_private_endpoint" {
return suppressEndpoint
} else if k == "private_cluster_config.0.enable_private_nodes" {
return suppressNodes
} else if k == "private_cluster_config.#" {
return suppressEndpoint && suppressNodes
}
return false
}
