mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-10-01 16:21:06 +00:00
Add issue_client_certificate to cluster (#1396)
This commit is contained in:
parent
5a1fe4f0be
commit
ac64624adc
@ -59,6 +59,7 @@ func testAccDataSourceGoogleContainerClusterCheck(dataSourceName string, resourc
|
||||
"master_auth",
|
||||
"master_auth.0.password",
|
||||
"master_auth.0.username",
|
||||
"master_auth.0.client_certificate_config.0.issue_client_certificate",
|
||||
"master_auth.0.client_certificate",
|
||||
"master_auth.0.client_key",
|
||||
"master_auth.0.cluster_ca_certificate",
|
||||
|
@ -282,6 +282,24 @@ func resourceContainerCluster() *schema.Resource {
|
||||
ForceNew: true,
|
||||
},
|
||||
|
||||
"client_certificate_config": {
|
||||
Type: schema.TypeList,
|
||||
MaxItems: 1,
|
||||
Optional: true,
|
||||
DiffSuppressFunc: masterAuthClientCertCfgSuppress,
|
||||
ForceNew: true,
|
||||
Elem: &schema.Resource{
|
||||
Schema: map[string]*schema.Schema{
|
||||
"issue_client_certificate": {
|
||||
Type: schema.TypeBool,
|
||||
Required: true,
|
||||
ForceNew: true,
|
||||
DiffSuppressFunc: masterAuthClientCertCfgSuppress,
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
|
||||
"client_certificate": {
|
||||
Type: schema.TypeString,
|
||||
Computed: true,
|
||||
@ -490,6 +508,15 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er
|
||||
Password: masterAuth["password"].(string),
|
||||
Username: masterAuth["username"].(string),
|
||||
}
|
||||
if certConfigV, ok := masterAuth["client_certificate_config"]; ok {
|
||||
certConfigs := certConfigV.([]interface{})
|
||||
if len(certConfigs) > 0 {
|
||||
certConfig := certConfigs[0].(map[string]interface{})
|
||||
cluster.MasterAuth.ClientCertificateConfig = &containerBeta.ClientCertificateConfig{
|
||||
IssueClientCertificate: certConfig["issue_client_certificate"].(bool),
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if v, ok := d.GetOk("master_authorized_networks_config"); ok {
|
||||
@ -747,6 +774,11 @@ func resourceContainerClusterRead(d *schema.ResourceData, meta interface{}) erro
|
||||
"cluster_ca_certificate": cluster.MasterAuth.ClusterCaCertificate,
|
||||
},
|
||||
}
|
||||
if len(cluster.MasterAuth.ClientCertificate) == 0 {
|
||||
masterAuth[0]["client_certificate_config"] = []map[string]interface{}{
|
||||
{"issue_client_certificate": false},
|
||||
}
|
||||
}
|
||||
d.Set("master_auth", masterAuth)
|
||||
|
||||
if cluster.MasterAuthorizedNetworksConfig != nil {
|
||||
@ -1629,3 +1661,27 @@ func extractNodePoolInformationFromCluster(d *schema.ResourceData, config *Confi
|
||||
cluster: d.Get("name").(string),
|
||||
}, nil
|
||||
}
|
||||
|
||||
// We want to suppress diffs for empty or default client certificate configs, i.e:
|
||||
// [{ "issue_client_certificate": true}] --> []
|
||||
// [] -> [{ "issue_client_certificate": true}]
|
||||
func masterAuthClientCertCfgSuppress(k, old, new string, r *schema.ResourceData) bool {
|
||||
var clientConfig map[string]interface{}
|
||||
if v, ok := r.GetOk("master_auth"); ok {
|
||||
masterAuths := v.([]interface{})
|
||||
masterAuth := masterAuths[0].(map[string]interface{})
|
||||
cfgs := masterAuth["client_certificate_config"].([]interface{})
|
||||
if len(cfgs) > 0 {
|
||||
clientConfig = cfgs[0].(map[string]interface{})
|
||||
}
|
||||
}
|
||||
|
||||
if strings.HasSuffix(k, "client_certificate_config.#") && old == "0" && new == "1" {
|
||||
// nil --> { "issue_client_certificate": true }
|
||||
if issueCert, ok := clientConfig["issue_client_certificate"]; ok {
|
||||
return issueCert.(bool)
|
||||
}
|
||||
}
|
||||
|
||||
return strings.HasSuffix(k, ".issue_client_certificate") && old == "" && new == "true"
|
||||
}
|
||||
|
@ -104,7 +104,7 @@ func TestAccContainerCluster_withAddons(t *testing.T) {
|
||||
})
|
||||
}
|
||||
|
||||
func TestAccContainerCluster_withMasterAuth(t *testing.T) {
|
||||
func TestAccContainerCluster_withMasterAuthConfig(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
resource.Test(t, resource.TestCase{
|
||||
@ -115,7 +115,7 @@ func TestAccContainerCluster_withMasterAuth(t *testing.T) {
|
||||
{
|
||||
Config: testAccContainerCluster_withMasterAuth(),
|
||||
},
|
||||
resource.TestStep{
|
||||
{
|
||||
ResourceName: "google_container_cluster.with_master_auth",
|
||||
ImportStateIdPrefix: "us-central1-a/",
|
||||
ImportState: true,
|
||||
@ -125,6 +125,30 @@ func TestAccContainerCluster_withMasterAuth(t *testing.T) {
|
||||
})
|
||||
}
|
||||
|
||||
func TestAccContainerCluster_withMasterAuthConfig_NoCert(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
resource.Test(t, resource.TestCase{
|
||||
PreCheck: func() { testAccPreCheck(t) },
|
||||
Providers: testAccProviders,
|
||||
CheckDestroy: testAccCheckContainerClusterDestroy,
|
||||
Steps: []resource.TestStep{
|
||||
{
|
||||
Config: testAccContainerCluster_withMasterAuthNoCert(),
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
resource.TestCheckResourceAttr("google_container_cluster.with_master_auth_no_cert", "master_auth.0.client_certificate", ""),
|
||||
),
|
||||
},
|
||||
{
|
||||
ResourceName: "google_container_cluster.with_master_auth_no_cert",
|
||||
ImportStateIdPrefix: "us-central1-a/",
|
||||
ImportState: true,
|
||||
ImportStateVerify: true,
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func TestAccContainerCluster_withNetworkPolicyEnabled(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
@ -1300,6 +1324,40 @@ resource "google_container_cluster" "with_master_auth" {
|
||||
}`, acctest.RandString(10))
|
||||
}
|
||||
|
||||
func testAccContainerCluster_updateMasterAuthNoCert() string {
|
||||
return fmt.Sprintf(`
|
||||
resource "google_container_cluster" "with_master_auth" {
|
||||
name = "cluster-test-%s"
|
||||
zone = "us-central1-a"
|
||||
initial_node_count = 3
|
||||
|
||||
master_auth {
|
||||
username = "mr.yoda"
|
||||
password = "adoy.rm.123456789"
|
||||
client_certificate_config {
|
||||
issue_client_certificate = false
|
||||
}
|
||||
}
|
||||
}`, acctest.RandString(10))
|
||||
}
|
||||
|
||||
func testAccContainerCluster_withMasterAuthNoCert() string {
|
||||
return fmt.Sprintf(`
|
||||
resource "google_container_cluster" "with_master_auth_no_cert" {
|
||||
name = "cluster-test-%s"
|
||||
zone = "us-central1-a"
|
||||
initial_node_count = 3
|
||||
|
||||
master_auth {
|
||||
username = "mr.yoda"
|
||||
password = "adoy.rm.123456789"
|
||||
client_certificate_config {
|
||||
issue_client_certificate = false
|
||||
}
|
||||
}
|
||||
}`, acctest.RandString(10))
|
||||
}
|
||||
|
||||
func testAccContainerCluster_withNetworkPolicyEnabled(clusterName string) string {
|
||||
return fmt.Sprintf(`
|
||||
resource "google_container_cluster" "with_network_policy_enabled" {
|
||||
|
Loading…
Reference in New Issue
Block a user