mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-07-05 17:52:38 +00:00
Updates container_cluster to set enable_legacy_abac to false by default (#1281)
* Updates the default GKE legacy ABAC setting to false * Updates docs for container_cluster * Update test comments * Format fix * Adds ImportState test step to default legacy ABAC test
This commit is contained in:
parent
f8efd6376b
commit
b8adcc28fe
|
@ -206,7 +206,7 @@ func resourceContainerCluster() *schema.Resource {
|
|||
"enable_legacy_abac": {
|
||||
Type: schema.TypeBool,
|
||||
Optional: true,
|
||||
Default: true,
|
||||
Default: false,
|
||||
},
|
||||
|
||||
"initial_node_count": {
|
||||
|
|
|
@ -374,6 +374,35 @@ func TestAccContainerCluster_withLegacyAbac(t *testing.T) {
|
|||
})
|
||||
}
|
||||
|
||||
/*
|
||||
Since GKE disables legacy ABAC by default in Kubernetes version 1.8+, and the default Kubernetes
|
||||
version for GKE is also 1.8+, this test will ensure that legacy ABAC is disabled by default to be
|
||||
more consistent with default settings in the Cloud Console
|
||||
*/
|
||||
func TestAccContainerCluster_withDefaultLegacyAbac(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
resource.Test(t, resource.TestCase{
|
||||
PreCheck: func() { testAccPreCheck(t) },
|
||||
Providers: testAccProviders,
|
||||
CheckDestroy: testAccCheckContainerClusterDestroy,
|
||||
Steps: []resource.TestStep{
|
||||
{
|
||||
Config: testAccContainerCluster_defaultLegacyAbac(acctest.RandString(10)),
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
resource.TestCheckResourceAttr("google_container_cluster.default_legacy_abac", "enable_legacy_abac", "false"),
|
||||
),
|
||||
},
|
||||
{
|
||||
ResourceName: "google_container_cluster.default_legacy_abac",
|
||||
ImportStateIdPrefix: "us-central1-a/",
|
||||
ImportState: true,
|
||||
ImportStateVerify: true,
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func TestAccContainerCluster_withVersion(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
|
@ -1320,6 +1349,15 @@ resource "google_container_cluster" "with_kubernetes_alpha" {
|
|||
}`, clusterName)
|
||||
}
|
||||
|
||||
func testAccContainerCluster_defaultLegacyAbac(clusterName string) string {
|
||||
return fmt.Sprintf(`
|
||||
resource "google_container_cluster" "default_legacy_abac" {
|
||||
name = "cluster-test-%s"
|
||||
zone = "us-central1-a"
|
||||
initial_node_count = 1
|
||||
}`, clusterName)
|
||||
}
|
||||
|
||||
func testAccContainerCluster_withLegacyAbac(clusterName string) string {
|
||||
return fmt.Sprintf(`
|
||||
resource "google_container_cluster" "with_legacy_abac" {
|
||||
|
|
|
@ -94,7 +94,7 @@ output "cluster_ca_certificate" {
|
|||
* `enable_legacy_abac` - (Optional) Whether the ABAC authorizer is enabled for this cluster.
|
||||
When enabled, identities in the system, including service accounts, nodes, and controllers,
|
||||
will have statically granted permissions beyond those provided by the RBAC configuration or IAM.
|
||||
Defaults to `true`
|
||||
Defaults to `false`
|
||||
|
||||
* `initial_node_count` - (Optional) The number of nodes to create in this
|
||||
cluster (not including the Kubernetes master). Must be set if `node_pool` is not set.
|
||||
|
|
Loading…
Reference in New Issue
Block a user