mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-10-04 17:51:11 +00:00
Updates container_cluster to set enable_legacy_abac to false by default (#1281)
* Updates the default GKE legacy ABAC setting to false * Updates docs for container_cluster * Update test comments * Format fix * Adds ImportState test step to default legacy ABAC test
This commit is contained in:
parent
f8efd6376b
commit
b8adcc28fe
@ -206,7 +206,7 @@ func resourceContainerCluster() *schema.Resource {
|
|||||||
"enable_legacy_abac": {
|
"enable_legacy_abac": {
|
||||||
Type: schema.TypeBool,
|
Type: schema.TypeBool,
|
||||||
Optional: true,
|
Optional: true,
|
||||||
Default: true,
|
Default: false,
|
||||||
},
|
},
|
||||||
|
|
||||||
"initial_node_count": {
|
"initial_node_count": {
|
||||||
|
@ -374,6 +374,35 @@ func TestAccContainerCluster_withLegacyAbac(t *testing.T) {
|
|||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
Since GKE disables legacy ABAC by default in Kubernetes version 1.8+, and the default Kubernetes
|
||||||
|
version for GKE is also 1.8+, this test will ensure that legacy ABAC is disabled by default to be
|
||||||
|
more consistent with default settings in the Cloud Console
|
||||||
|
*/
|
||||||
|
func TestAccContainerCluster_withDefaultLegacyAbac(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
resource.Test(t, resource.TestCase{
|
||||||
|
PreCheck: func() { testAccPreCheck(t) },
|
||||||
|
Providers: testAccProviders,
|
||||||
|
CheckDestroy: testAccCheckContainerClusterDestroy,
|
||||||
|
Steps: []resource.TestStep{
|
||||||
|
{
|
||||||
|
Config: testAccContainerCluster_defaultLegacyAbac(acctest.RandString(10)),
|
||||||
|
Check: resource.ComposeTestCheckFunc(
|
||||||
|
resource.TestCheckResourceAttr("google_container_cluster.default_legacy_abac", "enable_legacy_abac", "false"),
|
||||||
|
),
|
||||||
|
},
|
||||||
|
{
|
||||||
|
ResourceName: "google_container_cluster.default_legacy_abac",
|
||||||
|
ImportStateIdPrefix: "us-central1-a/",
|
||||||
|
ImportState: true,
|
||||||
|
ImportStateVerify: true,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
func TestAccContainerCluster_withVersion(t *testing.T) {
|
func TestAccContainerCluster_withVersion(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
@ -1320,6 +1349,15 @@ resource "google_container_cluster" "with_kubernetes_alpha" {
|
|||||||
}`, clusterName)
|
}`, clusterName)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func testAccContainerCluster_defaultLegacyAbac(clusterName string) string {
|
||||||
|
return fmt.Sprintf(`
|
||||||
|
resource "google_container_cluster" "default_legacy_abac" {
|
||||||
|
name = "cluster-test-%s"
|
||||||
|
zone = "us-central1-a"
|
||||||
|
initial_node_count = 1
|
||||||
|
}`, clusterName)
|
||||||
|
}
|
||||||
|
|
||||||
func testAccContainerCluster_withLegacyAbac(clusterName string) string {
|
func testAccContainerCluster_withLegacyAbac(clusterName string) string {
|
||||||
return fmt.Sprintf(`
|
return fmt.Sprintf(`
|
||||||
resource "google_container_cluster" "with_legacy_abac" {
|
resource "google_container_cluster" "with_legacy_abac" {
|
||||||
|
@ -94,7 +94,7 @@ output "cluster_ca_certificate" {
|
|||||||
* `enable_legacy_abac` - (Optional) Whether the ABAC authorizer is enabled for this cluster.
|
* `enable_legacy_abac` - (Optional) Whether the ABAC authorizer is enabled for this cluster.
|
||||||
When enabled, identities in the system, including service accounts, nodes, and controllers,
|
When enabled, identities in the system, including service accounts, nodes, and controllers,
|
||||||
will have statically granted permissions beyond those provided by the RBAC configuration or IAM.
|
will have statically granted permissions beyond those provided by the RBAC configuration or IAM.
|
||||||
Defaults to `true`
|
Defaults to `false`
|
||||||
|
|
||||||
* `initial_node_count` - (Optional) The number of nodes to create in this
|
* `initial_node_count` - (Optional) The number of nodes to create in this
|
||||||
cluster (not including the Kubernetes master). Must be set if `node_pool` is not set.
|
cluster (not including the Kubernetes master). Must be set if `node_pool` is not set.
|
||||||
|
Loading…
Reference in New Issue
Block a user