public/terraform-provider-google
0
0
Fork 0
mirror of https://github.com/letic/terraform-provider-google.git synced 2024-07-03 08:42:39 +00:00
Code Issues Projects Releases Wiki Activity
bf7626a5c6
terraform-provider-google/google/resource_container_cluster_test.go
David Asabina bf7626a5c6 Fix panic on empty list for authorized masters' cidr_blocks (#1904) 
* test empty authorized masters' cidr_blocks

When the `cidr_block` isn't simply blank but contains an empty list as in

```
master_authorized_networks_config {
  cidr_blocks = []
}
```

a panic occurs looking something like

```
goroutine 26 [running]:
github.com/terraform-providers/terraform-provider-google/google.expandMasterAuthorizedNetworksConfig(0x15a4f80, 0xc4202586e0, 0x21)
	/tmp/GOPATH/src/github.com/terraform-providers/terraform-provider-google/google/resource_container_cluster.go:1355 +0x4f2
github.com/terraform-providers/terraform-provider-google/google.resourceContainerClusterCreate(0xc420146a80, 0x16b1800, 0xc4200b8000, 0x0, 0x0)
	/tmp/GOPATH/src/github.com/terraform-providers/terraform-provider-google/google/resource_container_cluster.go:520 +0x2848
github.com/terraform-providers/terraform-provider-google/vendor/github.com/hashicorp/terraform/helper/schema.(*Resource).Apply(0xc420495490, 0xc420341310, 0xc4202582c0, 0x16b1800, 0xc4200b8000, 0x1, 0xc42024eae0, 0xc4201e3650)
	/tmp/GOPATH/src/github.com/terraform-providers/terraform-provider-google/vendor/github.com/hashicorp/terraform/helper/schema/resource.go:227 +0x364
github.com/terraform-providers/terraform-provider-google/vendor/github.com/hashicorp/terraform/helper/schema.(*Provider).Apply(0xc4204c6700, 0xc4203412c0, 0xc420341310, 0xc4202582c0, 0x14ee1441a000, 0x0, 0x18)
	/tmp/GOPATH/src/github.com/terraform-providers/terraform-provider-google/vendor/github.com/hashicorp/terraform/helper/schema/provider.go:283 +0xa4
github.com/terraform-providers/terraform-provider-google/vendor/github.com/hashicorp/terraform/plugin.(*ResourceProviderServer).Apply(0xc4202d7c40, 0xc42035de80, 0xc42025c160, 0x0, 0x0)
	/tmp/GOPATH/src/github.com/terraform-providers/terraform-provider-google/vendor/github.com/hashicorp/terraform/plugin/resource_provider.go:527 +0x57
reflect.Value.call(0xc4203feae0, 0xc42000e038, 0x13, 0x19e88a8, 0x4, 0xc42015ff20, 0x3, 0x3, 0xc420047ee8, 0xc4204c6798, ...)
	/usr/local/go/src/reflect/value.go:434 +0x905
reflect.Value.Call(0xc4203feae0, 0xc42000e038, 0x13, 0xc420047f20, 0x3, 0x3, 0xc400000001, 0x0, 0x0)
	/usr/local/go/src/reflect/value.go:302 +0xa4
net/rpc.(*service).call(0xc420418600, 0xc42007c140, 0xc42001e798, 0xc4200c4000, 0xc4202d6c40, 0x1557f80, 0xc42035de80, 0x16, 0x1557fc0, 0xc42025c160, ...)
	/usr/local/go/src/net/rpc/server.go:381 +0x142
created by net/rpc.(*Server).ServeCodec
	/usr/local/go/src/net/rpc/server.go:475 +0x36b
```

which we trigger by altering the first step to contain the HCL notation
for an empty list instead of simply an empty string.

In order to accomplish this, the tests had to be modified to accept an
emptyValue string as well which contains the content of the
`emptyValue` string when the cidrBlocks array is empty. This maintains
the old behavior of the original tests when `emptyValue` is an empty
string, while also facilating differing behavior for the new testcase by
setting `emptyValue` to whichever string we want to test instead. I
don't think this is very clean, but I guess it's pragmatic enough.

I'll hear if this is a thorn in the side to someone 😏.

* avoid panic on cidr_block type assertion

This is basically the fix. Since the value can be nil, we want to ensure
we handle a failure during the assertion since we know that asserting
`nil` conforms to `map[string]interface{}` will cause a run-time panic.

* flatten to config on empty list for cidr_blocks

since an empty list for cidrBlocks constitutes valid input, one should
return a map containing an empty list for the cidr_blocks field instead
of a nil value.

The nil value is only appropriate when the input Config is also nil.
2018-08-20 19:29:37 -07:00

2476 lines
71 KiB
Go
Raw Blame History

package google
import (
"bytes"
"fmt"
"testing"
"strconv"
"regexp"
"github.com/hashicorp/terraform/helper/acctest"
"github.com/hashicorp/terraform/helper/resource"
"github.com/hashicorp/terraform/terraform"
)
func TestAccContainerCluster_basic(t *testing.T) {
t.Parallel()
clusterName := fmt.Sprintf("cluster-test-%s", acctest.RandString(10))
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_basic(clusterName),
},
{
ResourceName: "google_container_cluster.primary",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
{
ResourceName: "google_container_cluster.primary",
ImportStateIdPrefix: fmt.Sprintf("%s/us-central1-a/", getTestProjectFromEnv()),
ImportState: true,
ImportStateVerify: true,
},
},
})
}
func TestAccContainerCluster_withTimeout(t *testing.T) {
t.Parallel()
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_withTimeout(),
},
{
ResourceName: "google_container_cluster.primary",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
},
})
}
func TestAccContainerCluster_withAddons(t *testing.T) {
t.Parallel()
clusterName := fmt.Sprintf("cluster-test-%s", acctest.RandString(10))
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_withAddons(clusterName),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("google_container_cluster.primary", "addons_config.0.http_load_balancing.0.disabled", "true"),
resource.TestCheckResourceAttr("google_container_cluster.primary", "addons_config.0.kubernetes_dashboard.0.disabled", "true"),
),
},
{
ResourceName: "google_container_cluster.primary",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
{
Config: testAccContainerCluster_updateAddons(clusterName),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("google_container_cluster.primary", "addons_config.0.horizontal_pod_autoscaling.0.disabled", "true"),
resource.TestCheckResourceAttr("google_container_cluster.primary", "addons_config.0.http_load_balancing.0.disabled", "false"),
resource.TestCheckResourceAttr("google_container_cluster.primary", "addons_config.0.kubernetes_dashboard.0.disabled", "true"),
),
},
{
ResourceName: "google_container_cluster.primary",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
},
})
}
func TestAccContainerCluster_withMasterAuthConfig(t *testing.T) {
t.Parallel()
clusterName := fmt.Sprintf("cluster-test-%s", acctest.RandString(10))
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_withMasterAuth(clusterName),
},
{
ResourceName: "google_container_cluster.with_master_auth",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
{
Config: testAccContainerCluster_updateMasterAuth(clusterName),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("google_container_cluster.with_master_auth", "master_auth.0.username", "mr.yoda.adoy.mr"),
resource.TestCheckResourceAttr("google_container_cluster.with_master_auth", "master_auth.0.password", "adoy.rm.123456789.mr.yoda"),
),
},
{
ResourceName: "google_container_cluster.with_master_auth",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
{
Config: testAccContainerCluster_disableMasterAuth(clusterName),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("google_container_cluster.with_master_auth", "master_auth.0.username", ""),
resource.TestCheckResourceAttr("google_container_cluster.with_master_auth", "master_auth.0.password", ""),
),
},
{
ResourceName: "google_container_cluster.with_master_auth",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
{
Config: testAccContainerCluster_updateMasterAuth(clusterName),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("google_container_cluster.with_master_auth", "master_auth.0.username", "mr.yoda.adoy.mr"),
resource.TestCheckResourceAttr("google_container_cluster.with_master_auth", "master_auth.0.password", "adoy.rm.123456789.mr.yoda"),
),
},
{
ResourceName: "google_container_cluster.with_master_auth",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
},
})
}
func TestAccContainerCluster_withMasterAuthConfig_NoCert(t *testing.T) {
t.Parallel()
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_withMasterAuthNoCert(),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("google_container_cluster.with_master_auth_no_cert", "master_auth.0.client_certificate", ""),
),
},
{
ResourceName: "google_container_cluster.with_master_auth_no_cert",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
},
})
}
func TestAccContainerCluster_withNetworkPolicyEnabled(t *testing.T) {
t.Parallel()
clusterName := fmt.Sprintf("cluster-test-%s", acctest.RandString(10))
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_withNetworkPolicyEnabled(clusterName),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("google_container_cluster.with_network_policy_enabled",
"network_policy.#", "1"),
),
},
{
ResourceName: "google_container_cluster.with_network_policy_enabled",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"remove_default_node_pool"},
},
{
Config: testAccContainerCluster_removeNetworkPolicy(clusterName),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckNoResourceAttr("google_container_cluster.with_network_policy_enabled",
"network_policy"),
),
},
{
ResourceName: "google_container_cluster.with_network_policy_enabled",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"remove_default_node_pool"},
},
{
Config: testAccContainerCluster_withNetworkPolicyDisabled(clusterName),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("google_container_cluster.with_network_policy_enabled",
"network_policy.0.enabled", "false"),
),
},
{
ResourceName: "google_container_cluster.with_network_policy_enabled",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"remove_default_node_pool"},
},
{
Config: testAccContainerCluster_withNetworkPolicyConfigDisabled(clusterName),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("google_container_cluster.with_network_policy_enabled",
"addons_config.0.network_policy_config.0.disabled", "true"),
),
},
{
ResourceName: "google_container_cluster.with_network_policy_enabled",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"remove_default_node_pool"},
},
{
Config: testAccContainerCluster_withNetworkPolicyConfigDisabled(clusterName),
PlanOnly: true,
ExpectNonEmptyPlan: false,
},
},
})
}
func TestAccContainerCluster_withMasterAuthorizedNetworksConfig(t *testing.T) {
t.Parallel()
clusterName := fmt.Sprintf("cluster-test-%s", acctest.RandString(10))
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_withMasterAuthorizedNetworksConfig(clusterName, []string{}, "cidr_blocks = []"),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("google_container_cluster.with_master_authorized_networks",
"master_authorized_networks_config.#", "1"),
resource.TestCheckResourceAttr("google_container_cluster.with_master_authorized_networks",
"master_authorized_networks_config.0.cidr_blocks.#", "0"),
),
},
{
Config: testAccContainerCluster_withMasterAuthorizedNetworksConfig(clusterName, []string{"8.8.8.8/32"}, ""),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("google_container_cluster.with_master_authorized_networks",
"master_authorized_networks_config.0.cidr_blocks.#", "1"),
),
},
{
ResourceName: "google_container_cluster.with_master_authorized_networks",
ImportState: true,
ImportStateVerify: true,
ImportStateIdPrefix: "us-central1-a/",
},
{
Config: testAccContainerCluster_withMasterAuthorizedNetworksConfig(clusterName, []string{"10.0.0.0/8", "8.8.8.8/32"}, ""),
},
{
ResourceName: "google_container_cluster.with_master_authorized_networks",
ImportState: true,
ImportStateVerify: true,
ImportStateIdPrefix: "us-central1-a/",
},
{
Config: testAccContainerCluster_withMasterAuthorizedNetworksConfig(clusterName, []string{}, ""),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckNoResourceAttr("google_container_cluster.with_master_authorized_networks",
"master_authorized_networks_config.0.cidr_blocks"),
),
},
{
ResourceName: "google_container_cluster.with_master_authorized_networks",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
},
})
}
func TestAccContainerCluster_regional(t *testing.T) {
t.Parallel()
clusterName := fmt.Sprintf("cluster-test-regional-%s", acctest.RandString(10))
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_regional(clusterName),
},
{
ResourceName: "google_container_cluster.regional",
ImportStateIdPrefix: "us-central1/",
ImportState: true,
ImportStateVerify: true,
},
},
})
}
func TestAccContainerCluster_regionalWithNodePool(t *testing.T) {
t.Parallel()
clusterName := fmt.Sprintf("cluster-test-regional-%s", acctest.RandString(10))
npName := fmt.Sprintf("tf-cluster-nodepool-test-%s", acctest.RandString(10))
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_regionalWithNodePool(clusterName, npName),
},
{
ResourceName: "google_container_cluster.regional",
ImportStateIdPrefix: "us-central1/",
ImportState: true,
ImportStateVerify: true,
},
},
})
}
func TestAccContainerCluster_withAdditionalZones(t *testing.T) {
t.Parallel()
clusterName := fmt.Sprintf("cluster-test-%s", acctest.RandString(10))
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_withAdditionalZones(clusterName),
},
{
ResourceName: "google_container_cluster.with_additional_zones",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
{
Config: testAccContainerCluster_updateAdditionalZones(clusterName),
},
{
ResourceName: "google_container_cluster.with_additional_zones",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
},
})
}
func TestAccContainerCluster_regionalWithAdditionalZones(t *testing.T) {
t.Parallel()
clusterName := fmt.Sprintf("cluster-test-%s", acctest.RandString(10))
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_regionalAdditionalZones(clusterName),
},
{
ResourceName: "google_container_cluster.with_additional_zones",
ImportStateIdPrefix: "us-central1/",
ImportState: true,
ImportStateVerify: true,
},
{
Config: testAccContainerCluster_regionalUpdateAdditionalZones(clusterName),
},
{
ResourceName: "google_container_cluster.with_additional_zones",
ImportStateIdPrefix: "us-central1/",
ImportState: true,
ImportStateVerify: true,
},
},
})
}
func TestAccContainerCluster_withKubernetesAlpha(t *testing.T) {
t.Parallel()
clusterName := fmt.Sprintf("cluster-test-%s", acctest.RandString(10))
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_withKubernetesAlpha(clusterName),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("google_container_cluster.with_kubernetes_alpha", "enable_kubernetes_alpha", "true"),
),
},
{
ResourceName: "google_container_cluster.with_kubernetes_alpha",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
},
})
}
func TestAccContainerCluster_withPrivateCluster(t *testing.T) {
t.Parallel()
clusterName := fmt.Sprintf("cluster-test-%s", acctest.RandString(10))
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_withPrivateCluster(clusterName),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("google_container_cluster.with_private_cluster", "private_cluster", "true"),
),
},
{
ResourceName: "google_container_cluster.with_private_cluster",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
},
})
}
func TestAccContainerCluster_withLegacyAbac(t *testing.T) {
t.Parallel()
clusterName := fmt.Sprintf("cluster-test-%s", acctest.RandString(10))
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_withLegacyAbac(clusterName),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("google_container_cluster.with_legacy_abac", "enable_legacy_abac", "true"),
),
},
{
ResourceName: "google_container_cluster.with_legacy_abac",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
{
Config: testAccContainerCluster_updateLegacyAbac(clusterName),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("google_container_cluster.with_legacy_abac", "enable_legacy_abac", "false"),
),
},
{
ResourceName: "google_container_cluster.with_legacy_abac",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
},
})
}
/*
Since GKE disables legacy ABAC by default in Kubernetes version 1.8+, and the default Kubernetes
version for GKE is also 1.8+, this test will ensure that legacy ABAC is disabled by default to be
more consistent with default settings in the Cloud Console
*/
func TestAccContainerCluster_withDefaultLegacyAbac(t *testing.T) {
t.Parallel()
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_defaultLegacyAbac(acctest.RandString(10)),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("google_container_cluster.default_legacy_abac", "enable_legacy_abac", "false"),
),
},
{
ResourceName: "google_container_cluster.default_legacy_abac",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
},
})
}
func TestAccContainerCluster_withVersion(t *testing.T) {
t.Parallel()
clusterName := fmt.Sprintf("cluster-test-%s", acctest.RandString(10))
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_withVersion(clusterName),
},
{
ResourceName: "google_container_cluster.with_version",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"min_master_version"},
},
},
})
}
func TestAccContainerCluster_updateVersion(t *testing.T) {
t.Parallel()
clusterName := fmt.Sprintf("cluster-test-%s", acctest.RandString(10))
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_withLowerVersion(clusterName),
},
{
ResourceName: "google_container_cluster.with_version",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"min_master_version"},
},
{
Config: testAccContainerCluster_updateVersion(clusterName),
},
{
ResourceName: "google_container_cluster.with_version",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"min_master_version"},
},
},
})
}
func TestAccContainerCluster_withNodeConfig(t *testing.T) {
t.Parallel()
clusterName := fmt.Sprintf("cluster-test-%s", acctest.RandString(10))
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_withNodeConfig(clusterName),
},
{
ResourceName: "google_container_cluster.with_node_config",
ImportStateIdPrefix: "us-central1-f/",
ImportState: true,
ImportStateVerify: true,
},
{
Config: testAccContainerCluster_withNodeConfigUpdate(clusterName),
},
{
ResourceName: "google_container_cluster.with_node_config",
ImportStateIdPrefix: "us-central1-f/",
ImportState: true,
ImportStateVerify: true,
},
},
})
}
func TestAccContainerCluster_withNodeConfigScopeAlias(t *testing.T) {
t.Parallel()
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_withNodeConfigScopeAlias(),
},
{
ResourceName: "google_container_cluster.with_node_config_scope_alias",
ImportStateIdPrefix: "us-central1-f/",
ImportState: true,
ImportStateVerify: true,
},
},
})
}
func TestAccContainerCluster_withNodeConfigTaints(t *testing.T) {
t.Parallel()
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_withNodeConfigTaints(),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("google_container_cluster.with_node_config", "node_config.0.taint.#", "2"),
),
},
// Don't include an import step because beta features can't yet be imported.
// Once taints are in GA, consider merging this test with the _withNodeConfig test.
},
})
}
func TestAccContainerCluster_withWorkloadMetadataConfig(t *testing.T) {
t.Parallel()
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_withWorkloadMetadataConfig(),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("google_container_cluster.with_workload_metadata_config",
"node_config.0.workload_metadata_config.0.node_metadata", "SECURE"),
),
},
{
ResourceName: "google_container_cluster.with_workload_metadata_config",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"min_master_version"},
},
},
})
}
func TestAccContainerCluster_network(t *testing.T) {
t.Parallel()
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_networkRef(),
},
{
ResourceName: "google_container_cluster.with_net_ref_by_url",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
{
ResourceName: "google_container_cluster.with_net_ref_by_name",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
},
})
}
func TestAccContainerCluster_backend(t *testing.T) {
t.Parallel()
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_backendRef(),
},
{
ResourceName: "google_container_cluster.primary",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
},
})
}
func TestAccContainerCluster_withLogging(t *testing.T) {
t.Parallel()
clusterName := fmt.Sprintf("cluster-test-%s", acctest.RandString(10))
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_withLogging(clusterName),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("google_container_cluster.with_logging", "logging_service", "logging.googleapis.com"),
),
},
{
ResourceName: "google_container_cluster.with_logging",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
{
Config: testAccContainerCluster_updateLogging(clusterName),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("google_container_cluster.with_logging", "logging_service", "none"),
),
},
{
ResourceName: "google_container_cluster.with_logging",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
},
})
}
func TestAccContainerCluster_withMonitoring(t *testing.T) {
t.Parallel()
clusterName := fmt.Sprintf("cluster-test-%s", acctest.RandString(10))
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_withMonitoring(clusterName),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("google_container_cluster.with_monitoring", "monitoring_service", "monitoring.googleapis.com"),
),
},
{
ResourceName: "google_container_cluster.with_monitoring",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
{
Config: testAccContainerCluster_updateMonitoring(clusterName),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("google_container_cluster.with_monitoring", "monitoring_service", "none"),
),
},
{
ResourceName: "google_container_cluster.with_monitoring",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
},
})
}
func TestAccContainerCluster_withNodePoolBasic(t *testing.T) {
t.Parallel()
clusterName := fmt.Sprintf("tf-cluster-nodepool-test-%s", acctest.RandString(10))
npName := fmt.Sprintf("tf-cluster-nodepool-test-%s", acctest.RandString(10))
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_withNodePoolBasic(clusterName, npName),
},
{
ResourceName: "google_container_cluster.with_node_pool",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
},
})
}
func TestAccContainerCluster_withNodePoolResize(t *testing.T) {
t.Parallel()
clusterName := fmt.Sprintf("tf-cluster-nodepool-test-%s", acctest.RandString(10))
npName := fmt.Sprintf("tf-cluster-nodepool-test-%s", acctest.RandString(10))
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_withNodePoolAdditionalZones(clusterName, npName),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("google_container_cluster.with_node_pool", "node_pool.0.node_count", "2"),
),
},
{
ResourceName: "google_container_cluster.with_node_pool",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
{
Config: testAccContainerCluster_withNodePoolResize(clusterName, npName),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("google_container_cluster.with_node_pool", "node_pool.0.node_count", "3"),
),
},
{
ResourceName: "google_container_cluster.with_node_pool",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
},
})
}
func TestAccContainerCluster_withNodePoolAutoscaling(t *testing.T) {
t.Parallel()
clusterName := fmt.Sprintf("tf-cluster-nodepool-test-%s", acctest.RandString(10))
npName := fmt.Sprintf("tf-cluster-nodepool-test-%s", acctest.RandString(10))
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerNodePoolDestroy,
Steps: []resource.TestStep{
resource.TestStep{
Config: testAccContainerCluster_withNodePoolAutoscaling(clusterName, npName),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("google_container_cluster.with_node_pool", "node_pool.0.autoscaling.0.min_node_count", "1"),
resource.TestCheckResourceAttr("google_container_cluster.with_node_pool", "node_pool.0.autoscaling.0.max_node_count", "3"),
),
},
{
ResourceName: "google_container_cluster.with_node_pool",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
resource.TestStep{
Config: testAccContainerCluster_withNodePoolUpdateAutoscaling(clusterName, npName),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("google_container_cluster.with_node_pool", "node_pool.0.autoscaling.0.min_node_count", "1"),
resource.TestCheckResourceAttr("google_container_cluster.with_node_pool", "node_pool.0.autoscaling.0.max_node_count", "5"),
),
},
{
ResourceName: "google_container_cluster.with_node_pool",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
resource.TestStep{
Config: testAccContainerCluster_withNodePoolBasic(clusterName, npName),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckNoResourceAttr("google_container_cluster.with_node_pool", "node_pool.0.autoscaling.0.min_node_count"),
resource.TestCheckNoResourceAttr("google_container_cluster.with_node_pool", "node_pool.0.autoscaling.0.max_node_count"),
),
},
{
ResourceName: "google_container_cluster.with_node_pool",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
},
})
}
func TestAccContainerCluster_withNodePoolNamePrefix(t *testing.T) {
t.Parallel()
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_withNodePoolNamePrefix(),
},
{
ResourceName: "google_container_cluster.with_node_pool_name_prefix",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"node_pool.0.name_prefix"},
},
},
})
}
func TestAccContainerCluster_withNodePoolMultiple(t *testing.T) {
t.Parallel()
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_withNodePoolMultiple(),
},
{
ResourceName: "google_container_cluster.with_node_pool_multiple",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
},
})
}
func TestAccContainerCluster_withNodePoolConflictingNameFields(t *testing.T) {
t.Parallel()
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_withNodePoolConflictingNameFields(),
ExpectError: regexp.MustCompile("Cannot specify both name and name_prefix for a node_pool"),
},
},
})
}
func TestAccContainerCluster_withNodePoolNodeConfig(t *testing.T) {
t.Parallel()
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_withNodePoolNodeConfig(),
},
{
ResourceName: "google_container_cluster.with_node_pool_node_config",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
},
})
}
func TestAccContainerCluster_withDefaultNodePoolRemoved(t *testing.T) {
t.Parallel()
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_withDefaultNodePoolRemoved(),
Check: resource.TestCheckResourceAttr(
"google_container_cluster.with_default_node_pool_removed", "node_pool.#", "0"),
},
{
ResourceName: "google_container_cluster.with_default_node_pool_removed",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"remove_default_node_pool"},
},
},
})
}
func TestAccContainerCluster_withMaintenanceWindow(t *testing.T) {
t.Parallel()
clusterName := acctest.RandString(10)
resourceName := "google_container_cluster.with_maintenance_window"
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_withMaintenanceWindow(clusterName, "03:00"),
},
{
ResourceName: resourceName,
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
{
Config: testAccContainerCluster_withMaintenanceWindow(clusterName, ""),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckNoResourceAttr(resourceName,
"maintenance_policy.0.daily_maintenance_window.0.start_time"),
),
},
{
ResourceName: resourceName,
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
// maintenance_policy.# = 0 is equivalent to no maintenance policy at all,
// but will still cause an import diff
ImportStateVerifyIgnore: []string{"maintenance_policy.#"},
},
},
})
}
func TestAccContainerCluster_withIPAllocationPolicy(t *testing.T) {
t.Parallel()
cluster := fmt.Sprintf("cluster-test-%s", acctest.RandString(10))
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_withIPAllocationPolicy(
cluster,
map[string]string{
"pods": "10.1.0.0/16",
"services": "10.2.0.0/20",
},
map[string]string{
"cluster_secondary_range_name": "pods",
"services_secondary_range_name": "services",
},
),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("google_container_cluster.with_ip_allocation_policy",
"ip_allocation_policy.0.cluster_secondary_range_name", "pods"),
resource.TestCheckResourceAttr("google_container_cluster.with_ip_allocation_policy",
"ip_allocation_policy.0.services_secondary_range_name", "services"),
),
},
{
ResourceName: "google_container_cluster.with_ip_allocation_policy",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
{
Config: testAccContainerCluster_withIPAllocationPolicy(
cluster,
map[string]string{
"pods": "10.1.0.0/16",
"services": "10.2.0.0/20",
},
map[string]string{},
),
ExpectError: regexp.MustCompile("clusters using IP aliases must specify secondary ranges"),
},
{
Config: testAccContainerCluster_withIPAllocationPolicy(
cluster,
map[string]string{
"pods": "10.1.0.0/16",
},
map[string]string{
"cluster_secondary_range_name": "pods",
"services_secondary_range_name": "services",
},
),
ExpectError: regexp.MustCompile("secondary range \"services\" does not exist in network"),
},
},
})
}
func TestAccContainerCluster_withPodSecurityPolicy(t *testing.T) {
t.Parallel()
clusterName := fmt.Sprintf("cluster-test-%s", acctest.RandString(10))
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_withPodSecurityPolicy(clusterName, true),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("google_container_cluster.with_pod_security_policy",
"pod_security_policy_config.0.enabled", "true"),
),
},
{
ResourceName: "google_container_cluster.with_pod_security_policy",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
{
Config: testAccContainerCluster_withPodSecurityPolicy(clusterName, false),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttr("google_container_cluster.with_pod_security_policy",
"pod_security_policy_config.0.enabled", "false"),
),
},
{
ResourceName: "google_container_cluster.with_pod_security_policy",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
},
})
}
func TestAccContainerCluster_sharedVpc(t *testing.T) {
t.Parallel()
clusterName := fmt.Sprintf("cluster-test-%s", acctest.RandString(10))
org := getTestOrgFromEnv(t)
billingId := getTestBillingAccountFromEnv(t)
projectName := fmt.Sprintf("tf-xpntest-%s", acctest.RandString(10))
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_sharedVpc(org, billingId, projectName, clusterName),
},
{
ResourceName: "google_container_cluster.shared_vpc_cluster",
ImportStateIdPrefix: fmt.Sprintf("%s-service/us-central1-a/", projectName),
ImportState: true,
ImportStateVerify: true,
},
},
})
}
func TestAccContainerCluster_withResourceLabels(t *testing.T) {
t.Parallel()
clusterName := fmt.Sprintf("cluster-test-%s", acctest.RandString(10))
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_withResourceLabels(clusterName),
},
{
ResourceName: "google_container_cluster.with_resource_labels",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
},
})
}
func TestAccContainerCluster_withResourceLabelsUpdate(t *testing.T) {
t.Parallel()
clusterName := fmt.Sprintf("cluster-test-%s", acctest.RandString(10))
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_withoutResourceLabels(clusterName),
},
{
Config: testAccContainerCluster_withResourceLabels(clusterName),
},
{
ResourceName: "google_container_cluster.with_resource_labels",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
},
})
}
func TestAccContainerCluster_withBinaryAuthorization(t *testing.T) {
t.Parallel()
clusterName := fmt.Sprintf("cluster-test-%s", acctest.RandString(10))
resource.Test(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckContainerClusterDestroy,
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_withBinaryAuthorization(clusterName, true),
},
{
ResourceName: "google_container_cluster.with_binary_authorization",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
{
Config: testAccContainerCluster_withBinaryAuthorization(clusterName, false),
},
{
ResourceName: "google_container_cluster.with_binary_authorization",
ImportStateIdPrefix: "us-central1-a/",
ImportState: true,
ImportStateVerify: true,
},
},
})
}
func testAccCheckContainerClusterDestroy(s *terraform.State) error {
config := testAccProvider.Meta().(*Config)
for _, rs := range s.RootModule().Resources {
if rs.Type != "google_container_cluster" {
continue
}
attributes := rs.Primary.Attributes
_, err := config.clientContainer.Projects.Zones.Clusters.Get(
config.Project, attributes["zone"], attributes["name"]).Do()
if err == nil {
return fmt.Errorf("Cluster still exists")
}
}
return nil
}
func getResourceAttributes(n string, s *terraform.State) (map[string]string, error) {
rs, ok := s.RootModule().Resources[n]
if !ok {
return nil, fmt.Errorf("Not found: %s", n)
}
if rs.Primary.ID == "" {
return nil, fmt.Errorf("No ID is set")
}
return rs.Primary.Attributes, nil
}
func checkMatch(attributes map[string]string, attr string, gcp interface{}) string {
if gcpList, ok := gcp.([]string); ok {
return checkListMatch(attributes, attr, gcpList)
}
if gcpMap, ok := gcp.(map[string]string); ok {
return checkMapMatch(attributes, attr, gcpMap)
}
if gcpBool, ok := gcp.(bool); ok {
return checkBoolMatch(attributes, attr, gcpBool)
}
tf := attributes[attr]
if tf != gcp {
return matchError(attr, tf, gcp)
}
return ""
}
func checkListMatch(attributes map[string]string, attr string, gcpList []string) string {
num, err := strconv.Atoi(attributes[attr+".#"])
if err != nil {
return fmt.Sprintf("Error in number conversion for attribute %s: %s", attr, err)
}
if num != len(gcpList) {
return fmt.Sprintf("Cluster has mismatched %s size.\nTF Size: %d\nGCP Size: %d", attr, num, len(gcpList))
}
for i, gcp := range gcpList {
if tf := attributes[fmt.Sprintf("%s.%d", attr, i)]; tf != gcp {
return matchError(fmt.Sprintf("%s[%d]", attr, i), tf, gcp)
}
}
return ""
}
func checkMapMatch(attributes map[string]string, attr string, gcpMap map[string]string) string {
num, err := strconv.Atoi(attributes[attr+".%"])
if err != nil {
return fmt.Sprintf("Error in number conversion for attribute %s: %s", attr, err)
}
if num != len(gcpMap) {
return fmt.Sprintf("Cluster has mismatched %s size.\nTF Size: %d\nGCP Size: %d", attr, num, len(gcpMap))
}
for k, gcp := range gcpMap {
if tf := attributes[fmt.Sprintf("%s.%s", attr, k)]; tf != gcp {
return matchError(fmt.Sprintf("%s[%s]", attr, k), tf, gcp)
}
}
return ""
}
func checkBoolMatch(attributes map[string]string, attr string, gcpBool bool) string {
// Handle the case where an unset value defaults to false
var tf bool
var err error
if attributes[attr] == "" {
tf = false
} else {
tf, err = strconv.ParseBool(attributes[attr])
if err != nil {
return fmt.Sprintf("Error converting attribute %s to boolean: value is %s", attr, attributes[attr])
}
}
if tf != gcpBool {
return matchError(attr, tf, gcpBool)
}
return ""
}
func matchError(attr, tf interface{}, gcp interface{}) string {
return fmt.Sprintf("Cluster has mismatched %s.\nTF State: %+v\nGCP State: %+v", attr, tf, gcp)
}
func testAccContainerCluster_basic(name string) string {
return fmt.Sprintf(`
resource "google_container_cluster" "primary" {
name = "%s"
zone = "us-central1-a"
initial_node_count = 3
}`, name)
}
func testAccContainerCluster_withTimeout() string {
return fmt.Sprintf(`
resource "google_container_cluster" "primary" {
name = "cluster-test-%s"
zone = "us-central1-a"
initial_node_count = 3
timeouts {
create = "30m"
delete = "30m"
update = "30m"
}
}`, acctest.RandString(10))
}
func testAccContainerCluster_withAddons(clusterName string) string {
return fmt.Sprintf(`
resource "google_container_cluster" "primary" {
name = "%s"
zone = "us-central1-a"
initial_node_count = 3
addons_config {
http_load_balancing { disabled = true }
kubernetes_dashboard { disabled = true }
}
}`, clusterName)
}
func testAccContainerCluster_updateAddons(clusterName string) string {
return fmt.Sprintf(`
resource "google_container_cluster" "primary" {
name = "%s"
zone = "us-central1-a"
initial_node_count = 3
addons_config {
http_load_balancing { disabled = false }
kubernetes_dashboard { disabled = true }
horizontal_pod_autoscaling { disabled = true }
}
}`, clusterName)
}
func testAccContainerCluster_withMasterAuth(clusterName string) string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_master_auth" {
name = "%s"
zone = "us-central1-a"
initial_node_count = 3
master_auth {
username = "mr.yoda"
password = "adoy.rm.123456789"
}
}`, clusterName)
}
func testAccContainerCluster_updateMasterAuth(clusterName string) string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_master_auth" {
name = "%s"
zone = "us-central1-a"
initial_node_count = 3
master_auth {
username = "mr.yoda.adoy.mr"
password = "adoy.rm.123456789.mr.yoda"
}
}`, clusterName)
}
func testAccContainerCluster_disableMasterAuth(clusterName string) string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_master_auth" {
name = "%s"
zone = "us-central1-a"
initial_node_count = 3
master_auth {
username = ""
password = ""
}
}`, clusterName)
}
func testAccContainerCluster_updateMasterAuthNoCert() string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_master_auth" {
name = "cluster-test-%s"
zone = "us-central1-a"
initial_node_count = 3
master_auth {
username = "mr.yoda"
password = "adoy.rm.123456789"
client_certificate_config {
issue_client_certificate = false
}
}
}`, acctest.RandString(10))
}
func testAccContainerCluster_withMasterAuthNoCert() string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_master_auth_no_cert" {
name = "cluster-test-%s"
zone = "us-central1-a"
initial_node_count = 3
master_auth {
username = "mr.yoda"
password = "adoy.rm.123456789"
client_certificate_config {
issue_client_certificate = false
}
}
}`, acctest.RandString(10))
}
func testAccContainerCluster_withNetworkPolicyEnabled(clusterName string) string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_network_policy_enabled" {
name = "%s"
zone = "us-central1-a"
initial_node_count = 1
remove_default_node_pool = true
network_policy {
enabled = true
provider = "CALICO"
}
addons_config {
network_policy_config {
disabled = false
}
}
}`, clusterName)
}
func testAccContainerCluster_removeNetworkPolicy(clusterName string) string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_network_policy_enabled" {
name = "%s"
zone = "us-central1-a"
initial_node_count = 1
remove_default_node_pool = true
}`, clusterName)
}
func testAccContainerCluster_withNetworkPolicyDisabled(clusterName string) string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_network_policy_enabled" {
name = "%s"
zone = "us-central1-a"
initial_node_count = 1
remove_default_node_pool = true
network_policy = {}
}`, clusterName)
}
func testAccContainerCluster_withNetworkPolicyConfigDisabled(clusterName string) string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_network_policy_enabled" {
name = "%s"
zone = "us-central1-a"
initial_node_count = 1
remove_default_node_pool = true
network_policy = {}
addons_config {
network_policy_config {
disabled = true
}
}
}`, clusterName)
}
func testAccContainerCluster_withMasterAuthorizedNetworksConfig(clusterName string, cidrs []string, emptyValue string) string {
cidrBlocks := emptyValue
if len(cidrs) > 0 {
var buf bytes.Buffer
buf.WriteString("cidr_blocks = [")
for _, c := range cidrs {
buf.WriteString(fmt.Sprintf(`
{
cidr_block = "%s"
display_name = "disp-%s"
},`, c, c))
}
buf.WriteString("]")
cidrBlocks = buf.String()
}
return fmt.Sprintf(`
resource "google_container_cluster" "with_master_authorized_networks" {
name = "%s"
zone = "us-central1-a"
initial_node_count = 1
master_authorized_networks_config {
%s
}
}`, clusterName, cidrBlocks)
}
func testAccContainerCluster_regional(clusterName string) string {
return fmt.Sprintf(`
resource "google_container_cluster" "regional" {
name = "%s"
region = "us-central1"
initial_node_count = 1
}`, clusterName)
}
func testAccContainerCluster_regionalWithNodePool(cluster, nodePool string) string {
return fmt.Sprintf(`
resource "google_container_cluster" "regional" {
name = "%s"
region = "us-central1"
node_pool {
name = "%s"
}
}`, cluster, nodePool)
}
func testAccContainerCluster_withAdditionalZones(clusterName string) string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_additional_zones" {
name = "%s"
zone = "us-central1-a"
initial_node_count = 1
additional_zones = [
"us-central1-b",
"us-central1-c"
]
}`, clusterName)
}
func testAccContainerCluster_updateAdditionalZones(clusterName string) string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_additional_zones" {
name = "%s"
zone = "us-central1-a"
initial_node_count = 1
additional_zones = [
"us-central1-f",
"us-central1-c",
]
}`, clusterName)
}
func testAccContainerCluster_regionalAdditionalZones(clusterName string) string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_additional_zones" {
name = "%s"
region = "us-central1"
initial_node_count = 1
additional_zones = [
"us-central1-f",
"us-central1-c",
]
}`, clusterName)
}
func testAccContainerCluster_regionalUpdateAdditionalZones(clusterName string) string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_additional_zones" {
name = "%s"
region = "us-central1"
initial_node_count = 1
additional_zones = [
"us-central1-f",
"us-central1-b",
]
}`, clusterName)
}
func testAccContainerCluster_withKubernetesAlpha(clusterName string) string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_kubernetes_alpha" {
name = "cluster-test-%s"
zone = "us-central1-a"
initial_node_count = 1
enable_kubernetes_alpha = true
}`, clusterName)
}
func testAccContainerCluster_defaultLegacyAbac(clusterName string) string {
return fmt.Sprintf(`
resource "google_container_cluster" "default_legacy_abac" {
name = "cluster-test-%s"
zone = "us-central1-a"
initial_node_count = 1
}`, clusterName)
}
func testAccContainerCluster_withLegacyAbac(clusterName string) string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_legacy_abac" {
name = "cluster-test-%s"
zone = "us-central1-a"
initial_node_count = 1
enable_legacy_abac = true
}`, clusterName)
}
func testAccContainerCluster_updateLegacyAbac(clusterName string) string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_legacy_abac" {
name = "cluster-test-%s"
zone = "us-central1-a"
initial_node_count = 1
enable_legacy_abac = false
}`, clusterName)
}
func testAccContainerCluster_withVersion(clusterName string) string {
return fmt.Sprintf(`
data "google_container_engine_versions" "central1a" {
zone = "us-central1-a"
}
resource "google_container_cluster" "with_version" {
name = "cluster-test-%s"
zone = "us-central1-a"
min_master_version = "${data.google_container_engine_versions.central1a.latest_master_version}"
initial_node_count = 1
}`, clusterName)
}
func testAccContainerCluster_withLowerVersion(clusterName string) string {
return fmt.Sprintf(`
data "google_container_engine_versions" "central1a" {
zone = "us-central1-a"
}
resource "google_container_cluster" "with_version" {
name = "cluster-test-%s"
zone = "us-central1-a"
min_master_version = "${data.google_container_engine_versions.central1a.valid_master_versions.2}"
initial_node_count = 1
}`, clusterName)
}
func testAccContainerCluster_updateVersion(clusterName string) string {
return fmt.Sprintf(`
data "google_container_engine_versions" "central1a" {
zone = "us-central1-a"
}
resource "google_container_cluster" "with_version" {
name = "cluster-test-%s"
zone = "us-central1-a"
min_master_version = "${data.google_container_engine_versions.central1a.valid_master_versions.1}"
node_version = "${data.google_container_engine_versions.central1a.valid_node_versions.1}"
initial_node_count = 1
}`, clusterName)
}
func testAccContainerCluster_withNodeConfig(clusterName string) string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_node_config" {
name = "%s"
zone = "us-central1-f"
initial_node_count = 1
node_config {
machine_type = "n1-standard-1"
disk_size_gb = 15
disk_type = "pd-ssd"
local_ssd_count = 1
oauth_scopes = [
"https://www.googleapis.com/auth/monitoring",
"https://www.googleapis.com/auth/compute",
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write"
]
service_account = "default"
metadata {
foo = "bar"
}
labels {
foo = "bar"
}
tags = ["foo", "bar"]
preemptible = true
min_cpu_platform = "Intel Broadwell"
// Updatable fields
image_type = "COS"
}
}`, clusterName)
}
func testAccContainerCluster_withNodeConfigUpdate(clusterName string) string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_node_config" {
name = "%s"
zone = "us-central1-f"
initial_node_count = 1
node_config {
machine_type = "n1-standard-1"
disk_size_gb = 15
disk_type = "pd-ssd"
local_ssd_count = 1
oauth_scopes = [
"https://www.googleapis.com/auth/monitoring",
"https://www.googleapis.com/auth/compute",
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write"
]
service_account = "default"
metadata {
foo = "bar"
}
labels {
foo = "bar"
}
tags = ["foo", "bar"]
preemptible = true
min_cpu_platform = "Intel Broadwell"
// Updatable fields
image_type = "UBUNTU"
}
}`, clusterName)
}
func testAccContainerCluster_withNodeConfigScopeAlias() string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_node_config_scope_alias" {
name = "cluster-test-%s"
zone = "us-central1-f"
initial_node_count = 1
node_config {
machine_type = "g1-small"
disk_size_gb = 15
oauth_scopes = [ "compute-rw", "storage-ro", "logging-write", "monitoring" ]
}
}`, acctest.RandString(10))
}
func testAccContainerCluster_withNodeConfigTaints() string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_node_config" {
name = "cluster-test-%s"
zone = "us-central1-f"
initial_node_count = 1
node_config {
taint {
key = "taint_key"
value = "taint_value"
effect = "PREFER_NO_SCHEDULE"
}
taint {
key = "taint_key2"
value = "taint_value2"
effect = "NO_EXECUTE"
}
}
}`, acctest.RandString(10))
}
func testAccContainerCluster_withWorkloadMetadataConfig() string {
return fmt.Sprintf(`
data "google_container_engine_versions" "central1a" {
zone = "us-central1-a"
}
resource "google_container_cluster" "with_workload_metadata_config" {
name = "cluster-test-%s"
zone = "us-central1-a"
initial_node_count = 1
min_master_version = "${data.google_container_engine_versions.central1a.latest_master_version}"
node_version = "${data.google_container_engine_versions.central1a.latest_node_version}"
node_config {
oauth_scopes = [
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring"
]
workload_metadata_config {
node_metadata = "SECURE"
}
}
}
`, acctest.RandString(10))
}
func testAccContainerCluster_networkRef() string {
return fmt.Sprintf(`
resource "google_compute_network" "container_network" {
name = "container-net-%s"
auto_create_subnetworks = true
}
resource "google_container_cluster" "with_net_ref_by_url" {
name = "cluster-test-%s"
zone = "us-central1-a"
initial_node_count = 1
network = "${google_compute_network.container_network.self_link}"
}
resource "google_container_cluster" "with_net_ref_by_name" {
name = "cluster-test-%s"
zone = "us-central1-a"
initial_node_count = 1
network = "${google_compute_network.container_network.name}"
}`, acctest.RandString(10), acctest.RandString(10), acctest.RandString(10))
}
func testAccContainerCluster_backendRef() string {
return fmt.Sprintf(`
resource "google_compute_backend_service" "my-backend-service" {
name = "terraform-test-%s"
port_name = "http"
protocol = "HTTP"
backend {
group = "${element(google_container_cluster.primary.instance_group_urls, 1)}"
}
health_checks = ["${google_compute_http_health_check.default.self_link}"]
}
resource "google_compute_http_health_check" "default" {
name = "terraform-test-%s"
request_path = "/"
check_interval_sec = 1
timeout_sec = 1
}
resource "google_container_cluster" "primary" {
name = "terraform-test-%s"
zone = "us-central1-a"
initial_node_count = 3
additional_zones = [
"us-central1-b",
"us-central1-c",
]
node_config {
oauth_scopes = [
"https://www.googleapis.com/auth/compute",
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring",
]
}
}
`, acctest.RandString(10), acctest.RandString(10), acctest.RandString(10))
}
func testAccContainerCluster_withLogging(clusterName string) string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_logging" {
name = "cluster-test-%s"
zone = "us-central1-a"
initial_node_count = 1
logging_service = "logging.googleapis.com"
}`, clusterName)
}
func testAccContainerCluster_updateLogging(clusterName string) string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_logging" {
name = "cluster-test-%s"
zone = "us-central1-a"
initial_node_count = 1
logging_service = "none"
}`, clusterName)
}
func testAccContainerCluster_withMonitoring(clusterName string) string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_monitoring" {
name = "cluster-test-%s"
zone = "us-central1-a"
initial_node_count = 1
monitoring_service = "monitoring.googleapis.com"
}`, clusterName)
}
func testAccContainerCluster_updateMonitoring(clusterName string) string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_monitoring" {
name = "cluster-test-%s"
zone = "us-central1-a"
initial_node_count = 1
monitoring_service = "none"
}`, clusterName)
}
func testAccContainerCluster_withNodePoolBasic(cluster, nodePool string) string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_node_pool" {
name = "%s"
zone = "us-central1-a"
node_pool {
name = "%s"
initial_node_count = 2
}
}`, cluster, nodePool)
}
func testAccContainerCluster_withNodePoolAdditionalZones(cluster, nodePool string) string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_node_pool" {
name = "%s"
zone = "us-central1-a"
additional_zones = [
"us-central1-b",
"us-central1-c"
]
node_pool {
name = "%s"
node_count = 2
}
}`, cluster, nodePool)
}
func testAccContainerCluster_withNodePoolResize(cluster, nodePool string) string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_node_pool" {
name = "%s"
zone = "us-central1-a"
additional_zones = [
"us-central1-b",
"us-central1-c"
]
node_pool {
name = "%s"
node_count = 3
}
}`, cluster, nodePool)
}
func testAccContainerCluster_withNodePoolAutoscaling(cluster, np string) string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_node_pool" {
name = "%s"
zone = "us-central1-a"
node_pool {
name = "%s"
initial_node_count = 2
autoscaling {
min_node_count = 1
max_node_count = 3
}
}
}`, cluster, np)
}
func testAccContainerCluster_withNodePoolUpdateAutoscaling(cluster, np string) string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_node_pool" {
name = "%s"
zone = "us-central1-a"
node_pool {
name = "%s"
initial_node_count = 2
autoscaling {
min_node_count = 1
max_node_count = 5
}
}
}`, cluster, np)
}
func testAccContainerCluster_withNodePoolNamePrefix() string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_node_pool_name_prefix" {
name = "tf-cluster-nodepool-test-%s"
zone = "us-central1-a"
node_pool {
name_prefix = "tf-np-test"
node_count = 2
}
}`, acctest.RandString(10))
}
func testAccContainerCluster_withNodePoolMultiple() string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_node_pool_multiple" {
name = "tf-cluster-nodepool-test-%s"
zone = "us-central1-a"
node_pool {
name = "tf-cluster-nodepool-test-%s"
node_count = 2
}
node_pool {
name = "tf-cluster-nodepool-test-%s"
node_count = 3
}
}`, acctest.RandString(10), acctest.RandString(10), acctest.RandString(10))
}
func testAccContainerCluster_withNodePoolConflictingNameFields() string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_node_pool_multiple" {
name = "tf-cluster-nodepool-test-%s"
zone = "us-central1-a"
node_pool {
# ERROR: name and name_prefix cannot be both specified
name = "tf-cluster-nodepool-test-%s"
name_prefix = "tf-cluster-nodepool-test-"
node_count = 1
}
}`, acctest.RandString(10), acctest.RandString(10))
}
func testAccContainerCluster_withNodePoolNodeConfig() string {
testId := acctest.RandString(10)
return fmt.Sprintf(`
resource "google_container_cluster" "with_node_pool_node_config" {
name = "tf-cluster-nodepool-test-%s"
zone = "us-central1-a"
node_pool {
name = "tf-cluster-nodepool-test-%s"
node_count = 2
node_config {
machine_type = "n1-standard-1"
disk_size_gb = 15
local_ssd_count = 1
oauth_scopes = [
"https://www.googleapis.com/auth/compute",
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring"
]
service_account = "default"
metadata {
foo = "bar"
}
image_type = "COS"
labels {
foo = "bar"
}
tags = ["foo", "bar"]
}
}
}
`, testId, testId)
}
func testAccContainerCluster_withDefaultNodePoolRemoved() string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_default_node_pool_removed" {
name = "cluster-test-%s"
zone = "us-central1-a"
initial_node_count = 1
remove_default_node_pool = true
}
`, acctest.RandString(10))
}
func testAccContainerCluster_withMaintenanceWindow(clusterName string, startTime string) string {
maintenancePolicy := ""
if len(startTime) > 0 {
maintenancePolicy = fmt.Sprintf(`
maintenance_policy {
daily_maintenance_window {
start_time = "%s"
}
}`, startTime)
}
return fmt.Sprintf(`
resource "google_container_cluster" "with_maintenance_window" {
name = "cluster-test-%s"
zone = "us-central1-a"
initial_node_count = 1
%s
}`, clusterName, maintenancePolicy)
}
func testAccContainerCluster_withIPAllocationPolicy(cluster string, ranges, policy map[string]string) string {
var secondaryRanges bytes.Buffer
for rangeName, cidr := range ranges {
secondaryRanges.WriteString(fmt.Sprintf(`
secondary_ip_range {
range_name = "%s"
ip_cidr_range = "%s"
}`, rangeName, cidr))
}
var ipAllocationPolicy bytes.Buffer
for key, value := range policy {
ipAllocationPolicy.WriteString(fmt.Sprintf(`
%s = "%s"`, key, value))
}
return fmt.Sprintf(`
resource "google_compute_network" "container_network" {
name = "container-net-%s"
auto_create_subnetworks = false
}
resource "google_compute_subnetwork" "container_subnetwork" {
name = "${google_compute_network.container_network.name}"
network = "${google_compute_network.container_network.name}"
ip_cidr_range = "10.0.0.0/24"
region = "us-central1"
%s
}
resource "google_container_cluster" "with_ip_allocation_policy" {
name = "%s"
zone = "us-central1-a"
network = "${google_compute_network.container_network.name}"
subnetwork = "${google_compute_subnetwork.container_subnetwork.name}"
initial_node_count = 1
ip_allocation_policy {
%s
}
}`, acctest.RandString(10), secondaryRanges.String(), cluster, ipAllocationPolicy.String())
}
func testAccContainerCluster_withPodSecurityPolicy(clusterName string, enabled bool) string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_pod_security_policy" {
name = "cluster-test-%s"
zone = "us-central1-a"
initial_node_count = 1
pod_security_policy_config {
enabled = %v
}
}`, clusterName, enabled)
}
func testAccContainerCluster_withPrivateCluster(clusterName string) string {
return fmt.Sprintf(`
resource "google_compute_network" "container_network" {
name = "container-net-%s"
auto_create_subnetworks = false
}
resource "google_compute_subnetwork" "container_subnetwork" {
name = "${google_compute_network.container_network.name}"
network = "${google_compute_network.container_network.name}"
ip_cidr_range = "10.0.36.0/24"
region = "us-central1"
private_ip_google_access = true
secondary_ip_range {
range_name = "pod"
ip_cidr_range = "10.0.0.0/19"
}
secondary_ip_range {
range_name = "svc"
ip_cidr_range = "10.0.32.0/22"
}
}
resource "google_container_cluster" "with_private_cluster" {
name = "cluster-test-%s"
zone = "us-central1-a"
initial_node_count = 1
network = "${google_compute_network.container_network.name}"
subnetwork = "${google_compute_subnetwork.container_subnetwork.name}"
private_cluster = true
master_ipv4_cidr_block = "10.42.0.0/28"
ip_allocation_policy {
cluster_secondary_range_name = "${google_compute_subnetwork.container_subnetwork.secondary_ip_range.0.range_name}"
services_secondary_range_name = "${google_compute_subnetwork.container_subnetwork.secondary_ip_range.1.range_name}"
}
}`, clusterName, clusterName)
}
func testAccContainerCluster_sharedVpc(org, billingId, projectName, name string) string {
return fmt.Sprintf(`
resource "google_project" "host_project" {
name = "Test Project XPN Host"
project_id = "%s-host"
org_id = "%s"
billing_account = "%s"
}
resource "google_project_service" "host_project" {
project = "${google_project.host_project.project_id}"
service = "container.googleapis.com"
}
resource "google_compute_shared_vpc_host_project" "host_project" {
project = "${google_project_service.host_project.project}"
}
resource "google_project" "service_project" {
name = "Test Project XPN Service"
project_id = "%s-service"
org_id = "%s"
billing_account = "%s"
}
resource "google_project_service" "service_project" {
project = "${google_project.service_project.project_id}"
service = "container.googleapis.com"
}
resource "google_compute_shared_vpc_service_project" "service_project" {
host_project = "${google_compute_shared_vpc_host_project.host_project.project}"
service_project = "${google_project_service.service_project.project}"
}
resource "google_project_iam_member" "host_service_agent" {
project = "${google_project_service.host_project.project}"
role = "roles/container.hostServiceAgentUser"
member = "serviceAccount:service-${google_project.service_project.number}@container-engine-robot.iam.gserviceaccount.com"
depends_on = ["google_project_service.service_project"]
}
resource "google_compute_subnetwork_iam_member" "service_network_cloud_services" {
project = "${google_compute_shared_vpc_host_project.host_project.project}"
subnetwork = "${google_compute_subnetwork.shared_subnetwork.name}"
role = "roles/compute.networkUser"
member = "serviceAccount:${google_project.service_project.number}@cloudservices.gserviceaccount.com"
}
resource "google_compute_subnetwork_iam_member" "service_network_gke_user" {
project = "${google_compute_shared_vpc_host_project.host_project.project}"
subnetwork = "${google_compute_subnetwork.shared_subnetwork.name}"
role = "roles/compute.networkUser"
member = "serviceAccount:service-${google_project.service_project.number}@container-engine-robot.iam.gserviceaccount.com"
}
resource "google_compute_network" "shared_network" {
name = "test-%s"
project = "${google_compute_shared_vpc_host_project.host_project.project}"
auto_create_subnetworks = false
}
resource "google_compute_subnetwork" "shared_subnetwork" {
name = "test-%s"
ip_cidr_range = "10.0.0.0/16"
region = "us-central1"
network = "${google_compute_network.shared_network.self_link}"
project = "${google_compute_shared_vpc_host_project.host_project.project}"
secondary_ip_range {
range_name = "pods"
ip_cidr_range = "10.1.0.0/16"
}
secondary_ip_range {
range_name = "services"
ip_cidr_range = "10.2.0.0/20"
}
}
resource "google_container_cluster" "shared_vpc_cluster" {
name = "%s"
zone = "us-central1-a"
initial_node_count = 1
project = "${google_compute_shared_vpc_service_project.service_project.service_project}"
network = "${google_compute_network.shared_network.self_link}"
subnetwork = "${google_compute_subnetwork.shared_subnetwork.self_link}"
ip_allocation_policy {
cluster_secondary_range_name = "${google_compute_subnetwork.shared_subnetwork.secondary_ip_range.0.range_name}"
services_secondary_range_name = "${google_compute_subnetwork.shared_subnetwork.secondary_ip_range.1.range_name}"
}
depends_on = [
"google_project_iam_member.host_service_agent",
"google_compute_subnetwork_iam_member.service_network_cloud_services",
"google_compute_subnetwork_iam_member.service_network_gke_user"
]
}`, projectName, org, billingId, projectName, org, billingId, acctest.RandString(10), acctest.RandString(10), name)
}
func testAccContainerCluster_withoutResourceLabels(clusterName string) string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_resource_labels" {
name = "%s"
zone = "us-central1-a"
initial_node_count = 1
}
`, clusterName)
}
func testAccContainerCluster_withResourceLabels(clusterName string) string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_resource_labels" {
name = "%s"
zone = "us-central1-a"
initial_node_count = 1
resource_labels {
created-by = "terraform"
}
}
`, clusterName)
}
func testAccContainerCluster_withBinaryAuthorization(clusterName string, enabled bool) string {
return fmt.Sprintf(`
resource "google_container_cluster" "with_binary_authorization" {
name = "%s"
zone = "us-central1-a"
initial_node_count = 1
enable_binary_authorization = %v
}
`, clusterName, enabled)
}
Reference in New Issue View Git Blame Copy Permalink