From 58a58c769f8b342660a4d383ada09489eb98cc57 Mon Sep 17 00:00:00 2001
From: The Magician <magic-modules@google.com>
Date: Tue, 16 Apr 2019 16:10:29 -0700
Subject: [PATCH] Use attr syntax on cluster-specific GKE fields. (#3448)

<!-- This change is generated by MagicModules. -->
Original Author: @rileykarson
---
 google/resource_container_cluster.go          | 13 ++---
 google/resource_container_cluster_test.go     | 48 ++++++++++++++++++-
 .../docs/r/container_cluster.html.markdown    |  3 +-
 3 files changed, 55 insertions(+), 9 deletions(-)

diff --git a/google/resource_container_cluster.go b/google/resource_container_cluster.go
index d3aeef8f..5933fe4b 100644
--- a/google/resource_container_cluster.go
+++ b/google/resource_container_cluster.go
@@ -493,11 +493,12 @@ func resourceContainerCluster() *schema.Resource {
 			},
 
 			"ip_allocation_policy": {
-				Type:     schema.TypeList,
-				Optional: true,
-				Computed: true,
-				ForceNew: true,
-				MaxItems: 1,
+				Type:       schema.TypeList,
+				MaxItems:   1,
+				ForceNew:   true,
+				Optional:   true,
+				Computed:   true,
+				ConfigMode: schema.SchemaConfigModeAttr,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"use_ip_aliases": {
@@ -575,8 +576,8 @@ func resourceContainerCluster() *schema.Resource {
 
 			"private_cluster_config": {
 				Type:             schema.TypeList,
-				Optional:         true,
 				MaxItems:         1,
+				Optional:         true,
 				Computed:         true,
 				DiffSuppressFunc: containerClusterPrivateClusterConfigSuppress,
 				Elem: &schema.Resource{
diff --git a/google/resource_container_cluster_test.go b/google/resource_container_cluster_test.go
index d53f79ab..e1c84fc0 100644
--- a/google/resource_container_cluster_test.go
+++ b/google/resource_container_cluster_test.go
@@ -274,7 +274,7 @@ func TestAccContainerCluster_withMasterAuthorizedNetworksConfig(t *testing.T) {
 		CheckDestroy: testAccCheckContainerClusterDestroy,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccContainerCluster_withMasterAuthorizedNetworksConfig(clusterName, []string{}, "cidr_blocks = []"),
+				Config: testAccContainerCluster_withMasterAuthorizedNetworksConfig(clusterName, []string{}, ""),
 				Check: resource.ComposeTestCheckFunc(
 					resource.TestCheckResourceAttr("google_container_cluster.with_master_authorized_networks",
 						"master_authorized_networks_config.#", "1"),
@@ -1164,6 +1164,39 @@ func TestAccContainerCluster_withIPAllocationPolicy_createSubnetwork(t *testing.
 	})
 }
 
+// This test will intentionally perform a recreate. Without attr syntax, there's
+// no way to go from allocation policy set -> unset without one.
+func TestAccContainerCluster_withIPAllocationPolicy_explicitEmpty(t *testing.T) {
+	t.Parallel()
+
+	cluster := fmt.Sprintf("cluster-test-%s", acctest.RandString(10))
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckContainerClusterDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccContainerCluster_withIPAllocationPolicy_createSubnetwork(cluster),
+			},
+			{
+				ResourceName:        "google_container_cluster.with_ip_allocation_policy",
+				ImportStateIdPrefix: "us-central1-a/",
+				ImportState:         true,
+				ImportStateVerify:   true,
+			},
+			{
+				Config: testAccContainerCluster_withIPAllocationPolicy_explicitEmpty(cluster),
+			},
+			{
+				ResourceName:        "google_container_cluster.with_ip_allocation_policy",
+				ImportStateIdPrefix: "us-central1-a/",
+				ImportState:         true,
+				ImportStateVerify:   true,
+			},
+		},
+	})
+}
+
 func TestAccContainerCluster_withResourceLabels(t *testing.T) {
 	t.Parallel()
 
@@ -2293,6 +2326,17 @@ resource "google_container_cluster" "with_ip_allocation_policy" {
 }`, cluster)
 }
 
+func testAccContainerCluster_withIPAllocationPolicy_explicitEmpty(cluster string) string {
+	return fmt.Sprintf(`
+resource "google_container_cluster" "with_ip_allocation_policy" {
+	name = "%s"
+	zone = "us-central1-a"
+
+	initial_node_count = 1
+	ip_allocation_policy = []
+}`, cluster)
+}
+
 func testAccContainerCluster_withPrivateClusterConfig(clusterName string) string {
 	return fmt.Sprintf(`
 resource "google_compute_network" "container_network" {
@@ -2331,7 +2375,7 @@ resource "google_container_cluster" "with_private_cluster" {
 		enable_private_nodes = true
 		master_ipv4_cidr_block = "10.42.0.0/28"
 	}
-	master_authorized_networks_config { cidr_blocks = [] }
+	master_authorized_networks_config { }
 	ip_allocation_policy {
 		cluster_secondary_range_name  = "${google_compute_subnetwork.container_subnetwork.secondary_ip_range.0.range_name}"
 		services_secondary_range_name = "${google_compute_subnetwork.container_subnetwork.secondary_ip_range.1.range_name}"
diff --git a/website/docs/r/container_cluster.html.markdown b/website/docs/r/container_cluster.html.markdown
index b27a3370..337a1395 100644
--- a/website/docs/r/container_cluster.html.markdown
+++ b/website/docs/r/container_cluster.html.markdown
@@ -212,7 +212,8 @@ deprecated in favour of `node_locations`.
 
 * `ip_allocation_policy` - (Optional) Configuration for cluster IP allocation. As of now, only pre-allocated subnetworks (custom type with secondary ranges) are supported.
     This will activate IP aliases. See the [official documentation](https://cloud.google.com/kubernetes-engine/docs/how-to/ip-aliases)
-    Structure is documented below.
+    Structure is documented below. This field is marked to use [Attribute as Block](/docs/configuration/attr-as-blocks.html)
+    in order to support explicit removal with `ip_allocation_policy = []`.
 
 * `logging_service` - (Optional) The logging service that the cluster should
     write logs to. Available options include `logging.googleapis.com`,