mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-10-03 01:01:06 +00:00
Add update support for pod security policy (#1195)
* move setid calls back * Revert "move setid calls back" This reverts commit 0c7b2dbf92aff33dac8c5beb95568c2bc86dd7de. * add update support for pod security policy * update test * add comment about updates
This commit is contained in:
parent
b645ecf0cc
commit
685842410e
@ -359,13 +359,11 @@ func resourceContainerCluster() *schema.Resource {
|
||||
Type: schema.TypeList,
|
||||
Optional: true,
|
||||
MaxItems: 1,
|
||||
ForceNew: true,
|
||||
Elem: &schema.Resource{
|
||||
Schema: map[string]*schema.Schema{
|
||||
"enabled": {
|
||||
Type: schema.TypeBool,
|
||||
Required: true,
|
||||
ForceNew: true,
|
||||
},
|
||||
},
|
||||
},
|
||||
@ -785,6 +783,10 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er
|
||||
|
||||
lockKey := containerClusterMutexKey(project, zoneName, clusterName)
|
||||
|
||||
// The ClusterUpdate object that we use for most of these updates only allows updating one field at a time,
|
||||
// so we have to make separate calls for each field that we want to update. The order here is fairly arbitrary-
|
||||
// if the order of updating fields does matter, it is called out explicitly.
|
||||
|
||||
if d.HasChange("master_authorized_networks_config") {
|
||||
c := d.Get("master_authorized_networks_config")
|
||||
conf := &container.MasterAuthorizedNetworksConfig{}
|
||||
@ -1125,6 +1127,31 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er
|
||||
d.SetPartial("logging_service")
|
||||
}
|
||||
|
||||
if d.HasChange("pod_security_policy_config") {
|
||||
c := d.Get("pod_security_policy_config")
|
||||
req := &containerBeta.UpdateClusterRequest{
|
||||
Update: &containerBeta.ClusterUpdate{
|
||||
DesiredPodSecurityPolicyConfig: expandPodSecurityPolicyConfig(c),
|
||||
},
|
||||
}
|
||||
|
||||
updateF := func() error {
|
||||
op, err := config.clientContainerBeta.Projects.Zones.Clusters.Update(
|
||||
project, zoneName, clusterName, req).Do()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
// Wait until it's updated
|
||||
return containerSharedOperationWait(config, op, project, zoneName, "updating GKE cluster pod security policy config", timeoutInMinutes, 2)
|
||||
}
|
||||
if err := lockedCall(lockKey, updateF); err != nil {
|
||||
return err
|
||||
}
|
||||
log.Printf("[INFO] GKE cluster %s pod security policy config has been updated", d.Id())
|
||||
|
||||
d.SetPartial("pod_security_policy_config")
|
||||
}
|
||||
|
||||
if d.HasChange("remove_default_node_pool") && d.Get("remove_default_node_pool").(bool) {
|
||||
op, err := config.clientContainer.Projects.Zones.Clusters.NodePools.Delete(project, zoneName, clusterName, "default-pool").Do()
|
||||
if err != nil {
|
||||
|
@ -941,6 +941,21 @@ func TestAccContainerCluster_withPodSecurityPolicy(t *testing.T) {
|
||||
// Import always uses the v1 API, so beta features don't get imported.
|
||||
ImportStateVerifyIgnore: []string{"pod_security_policy_config.#", "pod_security_policy_config.0.enabled"},
|
||||
},
|
||||
{
|
||||
Config: testAccContainerCluster_withPodSecurityPolicy(clusterName, false),
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
resource.TestCheckResourceAttr("google_container_cluster.with_pod_security_policy",
|
||||
"pod_security_policy_config.0.enabled", "false"),
|
||||
),
|
||||
},
|
||||
{
|
||||
ResourceName: "google_container_cluster.with_pod_security_policy",
|
||||
ImportStateIdPrefix: "us-central1-a/",
|
||||
ImportState: true,
|
||||
ImportStateVerify: true,
|
||||
// Import always uses the v1 API, so beta features don't get imported.
|
||||
ImportStateVerifyIgnore: []string{"pod_security_policy_config.#", "pod_security_policy_config.0.enabled"},
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user