mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-07-09 11:38:29 +00:00
Add update support for pod security policy (#1195)
* move setid calls back * Revert "move setid calls back" This reverts commit 0c7b2dbf92aff33dac8c5beb95568c2bc86dd7de. * add update support for pod security policy * update test * add comment about updates
This commit is contained in:
parent
b645ecf0cc
commit
685842410e
|
@ -359,13 +359,11 @@ func resourceContainerCluster() *schema.Resource {
|
||||||
Type: schema.TypeList,
|
Type: schema.TypeList,
|
||||||
Optional: true,
|
Optional: true,
|
||||||
MaxItems: 1,
|
MaxItems: 1,
|
||||||
ForceNew: true,
|
|
||||||
Elem: &schema.Resource{
|
Elem: &schema.Resource{
|
||||||
Schema: map[string]*schema.Schema{
|
Schema: map[string]*schema.Schema{
|
||||||
"enabled": {
|
"enabled": {
|
||||||
Type: schema.TypeBool,
|
Type: schema.TypeBool,
|
||||||
Required: true,
|
Required: true,
|
||||||
ForceNew: true,
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -785,6 +783,10 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er
|
||||||
|
|
||||||
lockKey := containerClusterMutexKey(project, zoneName, clusterName)
|
lockKey := containerClusterMutexKey(project, zoneName, clusterName)
|
||||||
|
|
||||||
|
// The ClusterUpdate object that we use for most of these updates only allows updating one field at a time,
|
||||||
|
// so we have to make separate calls for each field that we want to update. The order here is fairly arbitrary-
|
||||||
|
// if the order of updating fields does matter, it is called out explicitly.
|
||||||
|
|
||||||
if d.HasChange("master_authorized_networks_config") {
|
if d.HasChange("master_authorized_networks_config") {
|
||||||
c := d.Get("master_authorized_networks_config")
|
c := d.Get("master_authorized_networks_config")
|
||||||
conf := &container.MasterAuthorizedNetworksConfig{}
|
conf := &container.MasterAuthorizedNetworksConfig{}
|
||||||
|
@ -1125,6 +1127,31 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er
|
||||||
d.SetPartial("logging_service")
|
d.SetPartial("logging_service")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if d.HasChange("pod_security_policy_config") {
|
||||||
|
c := d.Get("pod_security_policy_config")
|
||||||
|
req := &containerBeta.UpdateClusterRequest{
|
||||||
|
Update: &containerBeta.ClusterUpdate{
|
||||||
|
DesiredPodSecurityPolicyConfig: expandPodSecurityPolicyConfig(c),
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
updateF := func() error {
|
||||||
|
op, err := config.clientContainerBeta.Projects.Zones.Clusters.Update(
|
||||||
|
project, zoneName, clusterName, req).Do()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
// Wait until it's updated
|
||||||
|
return containerSharedOperationWait(config, op, project, zoneName, "updating GKE cluster pod security policy config", timeoutInMinutes, 2)
|
||||||
|
}
|
||||||
|
if err := lockedCall(lockKey, updateF); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
log.Printf("[INFO] GKE cluster %s pod security policy config has been updated", d.Id())
|
||||||
|
|
||||||
|
d.SetPartial("pod_security_policy_config")
|
||||||
|
}
|
||||||
|
|
||||||
if d.HasChange("remove_default_node_pool") && d.Get("remove_default_node_pool").(bool) {
|
if d.HasChange("remove_default_node_pool") && d.Get("remove_default_node_pool").(bool) {
|
||||||
op, err := config.clientContainer.Projects.Zones.Clusters.NodePools.Delete(project, zoneName, clusterName, "default-pool").Do()
|
op, err := config.clientContainer.Projects.Zones.Clusters.NodePools.Delete(project, zoneName, clusterName, "default-pool").Do()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
@ -941,6 +941,21 @@ func TestAccContainerCluster_withPodSecurityPolicy(t *testing.T) {
|
||||||
// Import always uses the v1 API, so beta features don't get imported.
|
// Import always uses the v1 API, so beta features don't get imported.
|
||||||
ImportStateVerifyIgnore: []string{"pod_security_policy_config.#", "pod_security_policy_config.0.enabled"},
|
ImportStateVerifyIgnore: []string{"pod_security_policy_config.#", "pod_security_policy_config.0.enabled"},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
Config: testAccContainerCluster_withPodSecurityPolicy(clusterName, false),
|
||||||
|
Check: resource.ComposeTestCheckFunc(
|
||||||
|
resource.TestCheckResourceAttr("google_container_cluster.with_pod_security_policy",
|
||||||
|
"pod_security_policy_config.0.enabled", "false"),
|
||||||
|
),
|
||||||
|
},
|
||||||
|
{
|
||||||
|
ResourceName: "google_container_cluster.with_pod_security_policy",
|
||||||
|
ImportStateIdPrefix: "us-central1-a/",
|
||||||
|
ImportState: true,
|
||||||
|
ImportStateVerify: true,
|
||||||
|
// Import always uses the v1 API, so beta features don't get imported.
|
||||||
|
ImportStateVerifyIgnore: []string{"pod_security_policy_config.#", "pod_security_policy_config.0.enabled"},
|
||||||
|
},
|
||||||
},
|
},
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user