public/terraform-provider-google
0
0
Fork 0
mirror of https://github.com/letic/terraform-provider-google.git synced 2024-10-01 16:21:06 +00:00
Code Issues Projects Releases Wiki Activity

Add issue_client_certificate to cluster (#1396)

Browse Source
This commit is contained in:
emily 2018-04-27 18:06:26 -07:00 committed by GitHub
parent 5a1fe4f0be
commit ac64624adc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 117 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
google/data_source_google_container_cluster_test.go
View File

@ -59,6 +59,7 @@ func testAccDataSourceGoogleContainerClusterCheck(dataSourceName string, resourc
"master_auth",
"master_auth.0.password",
"master_auth.0.username",
"master_auth.0.client_certificate_config.0.issue_client_certificate",
"master_auth.0.client_certificate",
"master_auth.0.client_key",
"master_auth.0.cluster_ca_certificate",

56
google/resource_container_cluster.go
View File

@ -282,6 +282,24 @@ func resourceContainerCluster() *schema.Resource {
ForceNew: true,
},
"client_certificate_config": {
Type: schema.TypeList,
MaxItems: 1,
Optional: true,
DiffSuppressFunc: masterAuthClientCertCfgSuppress,
ForceNew: true,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"issue_client_certificate": {
Type: schema.TypeBool,
Required: true,
ForceNew: true,
DiffSuppressFunc: masterAuthClientCertCfgSuppress,
},
},
},
},
"client_certificate": {
Type: schema.TypeString,
Computed: true,
@ -490,6 +508,15 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er
Password: masterAuth["password"].(string),
Username: masterAuth["username"].(string),
}
if certConfigV, ok := masterAuth["client_certificate_config"]; ok {
certConfigs := certConfigV.([]interface{})
if len(certConfigs) > 0 {
certConfig := certConfigs[0].(map[string]interface{})
cluster.MasterAuth.ClientCertificateConfig = &containerBeta.ClientCertificateConfig{
IssueClientCertificate: certConfig["issue_client_certificate"].(bool),
}
}
}
}
if v, ok := d.GetOk("master_authorized_networks_config"); ok {
@ -747,6 +774,11 @@ func resourceContainerClusterRead(d *schema.ResourceData, meta interface{}) erro
"cluster_ca_certificate": cluster.MasterAuth.ClusterCaCertificate,
},
}
if len(cluster.MasterAuth.ClientCertificate) == 0 {
masterAuth[0]["client_certificate_config"] = []map[string]interface{}{
{"issue_client_certificate": false},
}
}
d.Set("master_auth", masterAuth)
if cluster.MasterAuthorizedNetworksConfig != nil {
@ -1629,3 +1661,27 @@ func extractNodePoolInformationFromCluster(d *schema.ResourceData, config *Confi
cluster: d.Get("name").(string),
}, nil
}
// We want to suppress diffs for empty or default client certificate configs, i.e:
// [{ "issue_client_certificate": true}] --> []
// [] -> [{ "issue_client_certificate": true}]
func masterAuthClientCertCfgSuppress(k, old, new string, r *schema.ResourceData) bool {
var clientConfig map[string]interface{}
if v, ok := r.GetOk("master_auth"); ok {
masterAuths := v.([]interface{})
masterAuth := masterAuths[0].(map[string]interface{})
cfgs := masterAuth["client_certificate_config"].([]interface{})
if len(cfgs) > 0 {
clientConfig = cfgs[0].(map[string]interface{})
}
}
if strings.HasSuffix(k, "client_certificate_config.#") && old == "0" && new == "1" {
// nil --> { "issue_client_certificate": true }
if issueCert, ok := clientConfig["issue_client_certificate"]; ok {
return issueCert.(bool)
}
}
return strings.HasSuffix(k, ".issue_client_certificate") && old == "" && new == "true"
}

62
google/resource_container_cluster_test.go
View File

@ -104,7 +104,7 @@ func TestAccContainerCluster_withAddons(t *testing.T) {
})
}
func TestAccContainerCluster_withMasterAuth(t *testing.T) {
func TestAccContainerCluster_withMasterAuthConfig(t *testing.T) {
t.Parallel()
resource.Test(t, resource.TestCase{
@ -115,7 +115,7 @@ func TestAccContainerCluster_withMasterAuth(t *testing.T) {
{
Config: testAccContainerCluster_withMasterAuth(),
},
resource.TestStep{
{
ResourceName: "google_container_cluster.with_master_auth",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
@ -125,6 +125,30 @@ func TestAccContainerCluster_withMasterAuth(t *testing.T) {
})
}
func TestAccContainerCluster_withMasterAuthConfig_NoCert(t *testing.T) {
t.Parallel()
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_withMasterAuthNoCert(),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("google_container_cluster.with_master_auth_no_cert", "master_auth.0.client_certificate", ""),
),
},
{
ResourceName: "google_container_cluster.with_master_auth_no_cert",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
},
})
}
func TestAccContainerCluster_withNetworkPolicyEnabled(t *testing.T) {
t.Parallel()
@ -1300,6 +1324,40 @@ resource "google_container_cluster" "with_master_auth" {
}`, acctest.RandString(10))
}
func testAccContainerCluster_updateMasterAuthNoCert() string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_master_auth" {
name = "cluster-test-%s"
zone = "us-central1-a"
initial_node_count = 3
master_auth {
username = "mr.yoda"
password = "adoy.rm.123456789"
client_certificate_config {
issue_client_certificate = false
}
}
}`, acctest.RandString(10))
}
func testAccContainerCluster_withMasterAuthNoCert() string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_master_auth_no_cert" {
name = "cluster-test-%s"
zone = "us-central1-a"
initial_node_count = 3
master_auth {
username = "mr.yoda"
password = "adoy.rm.123456789"
client_certificate_config {
issue_client_certificate = false
}
}
}`, acctest.RandString(10))
}
func testAccContainerCluster_withNetworkPolicyEnabled(clusterName string) string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_network_policy_enabled" {