mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-10-02 00:31:04 +00:00
Add issue_client_certificate to cluster (#1396)
This commit is contained in:
parent
5a1fe4f0be
commit
ac64624adc
@ -59,6 +59,7 @@ func testAccDataSourceGoogleContainerClusterCheck(dataSourceName string, resourc
|
|||||||
"master_auth",
|
"master_auth",
|
||||||
"master_auth.0.password",
|
"master_auth.0.password",
|
||||||
"master_auth.0.username",
|
"master_auth.0.username",
|
||||||
|
"master_auth.0.client_certificate_config.0.issue_client_certificate",
|
||||||
"master_auth.0.client_certificate",
|
"master_auth.0.client_certificate",
|
||||||
"master_auth.0.client_key",
|
"master_auth.0.client_key",
|
||||||
"master_auth.0.cluster_ca_certificate",
|
"master_auth.0.cluster_ca_certificate",
|
||||||
|
@ -282,6 +282,24 @@ func resourceContainerCluster() *schema.Resource {
|
|||||||
ForceNew: true,
|
ForceNew: true,
|
||||||
},
|
},
|
||||||
|
|
||||||
|
"client_certificate_config": {
|
||||||
|
Type: schema.TypeList,
|
||||||
|
MaxItems: 1,
|
||||||
|
Optional: true,
|
||||||
|
DiffSuppressFunc: masterAuthClientCertCfgSuppress,
|
||||||
|
ForceNew: true,
|
||||||
|
Elem: &schema.Resource{
|
||||||
|
Schema: map[string]*schema.Schema{
|
||||||
|
"issue_client_certificate": {
|
||||||
|
Type: schema.TypeBool,
|
||||||
|
Required: true,
|
||||||
|
ForceNew: true,
|
||||||
|
DiffSuppressFunc: masterAuthClientCertCfgSuppress,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
|
||||||
"client_certificate": {
|
"client_certificate": {
|
||||||
Type: schema.TypeString,
|
Type: schema.TypeString,
|
||||||
Computed: true,
|
Computed: true,
|
||||||
@ -490,6 +508,15 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er
|
|||||||
Password: masterAuth["password"].(string),
|
Password: masterAuth["password"].(string),
|
||||||
Username: masterAuth["username"].(string),
|
Username: masterAuth["username"].(string),
|
||||||
}
|
}
|
||||||
|
if certConfigV, ok := masterAuth["client_certificate_config"]; ok {
|
||||||
|
certConfigs := certConfigV.([]interface{})
|
||||||
|
if len(certConfigs) > 0 {
|
||||||
|
certConfig := certConfigs[0].(map[string]interface{})
|
||||||
|
cluster.MasterAuth.ClientCertificateConfig = &containerBeta.ClientCertificateConfig{
|
||||||
|
IssueClientCertificate: certConfig["issue_client_certificate"].(bool),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if v, ok := d.GetOk("master_authorized_networks_config"); ok {
|
if v, ok := d.GetOk("master_authorized_networks_config"); ok {
|
||||||
@ -747,6 +774,11 @@ func resourceContainerClusterRead(d *schema.ResourceData, meta interface{}) erro
|
|||||||
"cluster_ca_certificate": cluster.MasterAuth.ClusterCaCertificate,
|
"cluster_ca_certificate": cluster.MasterAuth.ClusterCaCertificate,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
if len(cluster.MasterAuth.ClientCertificate) == 0 {
|
||||||
|
masterAuth[0]["client_certificate_config"] = []map[string]interface{}{
|
||||||
|
{"issue_client_certificate": false},
|
||||||
|
}
|
||||||
|
}
|
||||||
d.Set("master_auth", masterAuth)
|
d.Set("master_auth", masterAuth)
|
||||||
|
|
||||||
if cluster.MasterAuthorizedNetworksConfig != nil {
|
if cluster.MasterAuthorizedNetworksConfig != nil {
|
||||||
@ -1629,3 +1661,27 @@ func extractNodePoolInformationFromCluster(d *schema.ResourceData, config *Confi
|
|||||||
cluster: d.Get("name").(string),
|
cluster: d.Get("name").(string),
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// We want to suppress diffs for empty or default client certificate configs, i.e:
|
||||||
|
// [{ "issue_client_certificate": true}] --> []
|
||||||
|
// [] -> [{ "issue_client_certificate": true}]
|
||||||
|
func masterAuthClientCertCfgSuppress(k, old, new string, r *schema.ResourceData) bool {
|
||||||
|
var clientConfig map[string]interface{}
|
||||||
|
if v, ok := r.GetOk("master_auth"); ok {
|
||||||
|
masterAuths := v.([]interface{})
|
||||||
|
masterAuth := masterAuths[0].(map[string]interface{})
|
||||||
|
cfgs := masterAuth["client_certificate_config"].([]interface{})
|
||||||
|
if len(cfgs) > 0 {
|
||||||
|
clientConfig = cfgs[0].(map[string]interface{})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if strings.HasSuffix(k, "client_certificate_config.#") && old == "0" && new == "1" {
|
||||||
|
// nil --> { "issue_client_certificate": true }
|
||||||
|
if issueCert, ok := clientConfig["issue_client_certificate"]; ok {
|
||||||
|
return issueCert.(bool)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return strings.HasSuffix(k, ".issue_client_certificate") && old == "" && new == "true"
|
||||||
|
}
|
||||||
|
@ -104,7 +104,7 @@ func TestAccContainerCluster_withAddons(t *testing.T) {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestAccContainerCluster_withMasterAuth(t *testing.T) {
|
func TestAccContainerCluster_withMasterAuthConfig(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
resource.Test(t, resource.TestCase{
|
resource.Test(t, resource.TestCase{
|
||||||
@ -115,7 +115,7 @@ func TestAccContainerCluster_withMasterAuth(t *testing.T) {
|
|||||||
{
|
{
|
||||||
Config: testAccContainerCluster_withMasterAuth(),
|
Config: testAccContainerCluster_withMasterAuth(),
|
||||||
},
|
},
|
||||||
resource.TestStep{
|
{
|
||||||
ResourceName: "google_container_cluster.with_master_auth",
|
ResourceName: "google_container_cluster.with_master_auth",
|
||||||
ImportStateIdPrefix: "us-central1-a/",
|
ImportStateIdPrefix: "us-central1-a/",
|
||||||
ImportState: true,
|
ImportState: true,
|
||||||
@ -125,6 +125,30 @@ func TestAccContainerCluster_withMasterAuth(t *testing.T) {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestAccContainerCluster_withMasterAuthConfig_NoCert(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
resource.Test(t, resource.TestCase{
|
||||||
|
PreCheck: func() { testAccPreCheck(t) },
|
||||||
|
Providers: testAccProviders,
|
||||||
|
CheckDestroy: testAccCheckContainerClusterDestroy,
|
||||||
|
Steps: []resource.TestStep{
|
||||||
|
{
|
||||||
|
Config: testAccContainerCluster_withMasterAuthNoCert(),
|
||||||
|
Check: resource.ComposeTestCheckFunc(
|
||||||
|
resource.TestCheckResourceAttr("google_container_cluster.with_master_auth_no_cert", "master_auth.0.client_certificate", ""),
|
||||||
|
),
|
||||||
|
},
|
||||||
|
{
|
||||||
|
ResourceName: "google_container_cluster.with_master_auth_no_cert",
|
||||||
|
ImportStateIdPrefix: "us-central1-a/",
|
||||||
|
ImportState: true,
|
||||||
|
ImportStateVerify: true,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
func TestAccContainerCluster_withNetworkPolicyEnabled(t *testing.T) {
|
func TestAccContainerCluster_withNetworkPolicyEnabled(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
@ -1300,6 +1324,40 @@ resource "google_container_cluster" "with_master_auth" {
|
|||||||
}`, acctest.RandString(10))
|
}`, acctest.RandString(10))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func testAccContainerCluster_updateMasterAuthNoCert() string {
|
||||||
|
return fmt.Sprintf(`
|
||||||
|
resource "google_container_cluster" "with_master_auth" {
|
||||||
|
name = "cluster-test-%s"
|
||||||
|
zone = "us-central1-a"
|
||||||
|
initial_node_count = 3
|
||||||
|
|
||||||
|
master_auth {
|
||||||
|
username = "mr.yoda"
|
||||||
|
password = "adoy.rm.123456789"
|
||||||
|
client_certificate_config {
|
||||||
|
issue_client_certificate = false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}`, acctest.RandString(10))
|
||||||
|
}
|
||||||
|
|
||||||
|
func testAccContainerCluster_withMasterAuthNoCert() string {
|
||||||
|
return fmt.Sprintf(`
|
||||||
|
resource "google_container_cluster" "with_master_auth_no_cert" {
|
||||||
|
name = "cluster-test-%s"
|
||||||
|
zone = "us-central1-a"
|
||||||
|
initial_node_count = 3
|
||||||
|
|
||||||
|
master_auth {
|
||||||
|
username = "mr.yoda"
|
||||||
|
password = "adoy.rm.123456789"
|
||||||
|
client_certificate_config {
|
||||||
|
issue_client_certificate = false
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}`, acctest.RandString(10))
|
||||||
|
}
|
||||||
|
|
||||||
func testAccContainerCluster_withNetworkPolicyEnabled(clusterName string) string {
|
func testAccContainerCluster_withNetworkPolicyEnabled(clusterName string) string {
|
||||||
return fmt.Sprintf(`
|
return fmt.Sprintf(`
|
||||||
resource "google_container_cluster" "with_network_policy_enabled" {
|
resource "google_container_cluster" "with_network_policy_enabled" {
|
||||||
|
Loading…
Reference in New Issue
Block a user