Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add enterprise_config field to GKE cluster object #20534

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .changelog/12430.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:enhancement
container: added `enterprise_config` field to `google_container_cluster` resource
```
79 changes: 79 additions & 0 deletions google/services/container/resource_container_cluster.go
Original file line number Diff line number Diff line change
Expand Up @@ -2116,6 +2116,30 @@ func ResourceContainerCluster() *schema.Resource {
},
},
},
"enterprise_config": {
Type: schema.TypeList,
Optional: true,
MaxItems: 1,
Computed: true,
Description: `Defines the config needed to enable/disable GKE Enterprise`,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"cluster_tier": {
Type: schema.TypeString,
Computed: true,
Description: `Indicates the effective cluster tier. Available options include STANDARD and ENTERPRISE.`,
},
"desired_tier": {
Type: schema.TypeString,
Optional: true,
Computed: true,
ValidateFunc: validation.StringInSlice([]string{"STANDARD", "ENTERPRISE"}, false),
Description: `Indicates the desired cluster tier. Available options include STANDARD and ENTERPRISE.`,
DiffSuppressFunc: tpgresource.EmptyOrDefaultStringSuppress("CLUSTER_TIER_UNSPECIFIED"),
},
},
},
},
},
}
}
Expand Down Expand Up @@ -2420,6 +2444,10 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er
cluster.SecurityPostureConfig = expandSecurityPostureConfig(v)
}

if v, ok := d.GetOk("enterprise_config"); ok {
cluster.EnterpriseConfig = expandEnterpriseConfig(v)
}

needUpdateAfterCreate := false

// For now PSC based cluster don't support `enable_private_endpoint` on `create`, but only on `update` API call.
Expand Down Expand Up @@ -2950,6 +2978,10 @@ func resourceContainerClusterRead(d *schema.ResourceData, meta interface{}) erro
return err
}

if err := d.Set("enterprise_config", flattenEnterpriseConfig(cluster.EnterpriseConfig)); err != nil {
return err
}

return nil
}

Expand Down Expand Up @@ -4227,6 +4259,23 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er
log.Printf("[INFO] GKE cluster %s node pool auto config linux_node_config parameters have been updated", d.Id())
}

if d.HasChange("enterprise_config") && d.HasChange("enterprise_config.0.desired_tier") {
req := &container.UpdateClusterRequest{
Update: &container.ClusterUpdate{
DesiredEnterpriseConfig: &container.DesiredEnterpriseConfig{
DesiredTier: d.Get("enterprise_config.0.desired_tier").(string),
},
},
}
updateF := updateFunc(req, "updating GKE cluster Enterprise Config")
// Call update serially.
if err := transport_tpg.LockedCall(lockKey, updateF); err != nil {
return err
}

log.Printf("[INFO] GKE cluster %s Enterprise Config has been updated to %#v", d.Id(), req.Update.DesiredSecurityPostureConfig)
}

d.Partial(false)

if _, err := containerClusterAwaitRestingState(config, project, location, clusterName, userAgent, d.Timeout(schema.TimeoutUpdate)); err != nil {
Expand Down Expand Up @@ -4826,6 +4875,36 @@ func flattenSecurityPostureConfig(spc *container.SecurityPostureConfig) []map[st
return []map[string]interface{}{result}
}

func expandEnterpriseConfig(configured interface{}) *container.EnterpriseConfig {
l := configured.([]interface{})
if len(l) == 0 {
return nil
}

ec := &container.EnterpriseConfig{}
enterpriseConfig := l[0].(map[string]interface{})
if v, ok := enterpriseConfig["cluster_tier"]; ok {
ec.ClusterTier = v.(string)
}

if v, ok := enterpriseConfig["desired_tier"]; ok {
ec.DesiredTier = v.(string)
}
return ec
}

func flattenEnterpriseConfig(ec *container.EnterpriseConfig) []map[string]interface{} {
if ec == nil {
return nil
}
result := make(map[string]interface{})

result["cluster_tier"] = ec.ClusterTier
result["desired_tier"] = ec.DesiredTier

return []map[string]interface{}{result}
}

func flattenAdditionalPodRangesConfig(ipAllocationPolicy *container.IPAllocationPolicy) []map[string]interface{} {
if ipAllocationPolicy == nil {
return nil
Expand Down
83 changes: 83 additions & 0 deletions google/services/container/resource_container_cluster_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -11707,3 +11707,86 @@ resource "google_container_cluster" "primary" {
}
`, name, cgroupMode)
}

func TestAccContainerCluster_withEnterpriseConfig(t *testing.T) {
t.Parallel()

clusterName := fmt.Sprintf("tf-test-cluster-%s", acctest.RandString(t, 10))
networkName := acctest.BootstrapSharedTestNetwork(t, "gke-cluster")
subnetworkName := acctest.BootstrapSubnet(t, "gke-cluster", networkName)
pid := envvar.GetTestProjectFromEnv()

acctest.VcrTest(t, resource.TestCase{
PreCheck: func() { acctest.AccTestPreCheck(t) },
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
CheckDestroy: testAccCheckContainerClusterDestroyProducer(t),
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_updateEnterpriseConfig(pid, clusterName, networkName, subnetworkName, "STANDARD"),
},
{
ResourceName: "google_container_cluster.with_enterprise_config",
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"deletion_protection"},
},
{
Config: testAccContainerCluster_updateEnterpriseConfig(pid, clusterName, networkName, subnetworkName, "ENTERPRISE"),
},
{
ResourceName: "google_container_cluster.with_enterprise_config",
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"deletion_protection"},
},
{
Config: testAccContainerCluster_removeEnterpriseConfig(pid, clusterName, networkName, subnetworkName),
},
{
ResourceName: "google_container_cluster.with_enterprise_config",
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"deletion_protection"},
},
},
})
}

func testAccContainerCluster_updateEnterpriseConfig(projectID, clusterName, networkName, subnetworkName string, desiredTier string) string {
return fmt.Sprintf(`
data "google_project" "project" {
project_id = "%s"
}

resource "google_container_cluster" "with_enterprise_config" {
name = "%s"
location = "us-central1-a"
initial_node_count = 1
enterprise_config {
desired_tier = "%s"
}
network = "%s"
subnetwork = "%s"

deletion_protection = false
}
`, projectID, clusterName, desiredTier, networkName, subnetworkName)
}

func testAccContainerCluster_removeEnterpriseConfig(projectID, clusterName, networkName, subnetworkName string) string {
return fmt.Sprintf(`
data "google_project" "project" {
project_id = "%s"
}

resource "google_container_cluster" "with_enterprise_config" {
name = "%s"
location = "us-central1-a"
initial_node_count = 1
network = "%s"
subnetwork = "%s"

deletion_protection = false
}
`, projectID, clusterName, networkName, subnetworkName)
}
11 changes: 11 additions & 0 deletions website/docs/r/container_cluster.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -405,6 +405,10 @@ Fleet configuration for the cluster. Structure is [documented below](#nested_fle
* `workload_alts_config` - (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
Configuration for [direct-path (via ALTS) with workload identity.](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#workloadaltsconfig). Structure is [documented below](#nested_workload_alts_config).

* `enterprise_config` - (Optional)
Configuration for [Enterprise edition].(https://cloud.google.com/kubernetes-engine/enterprise/docs/concepts/gke-editions). Structure is [documented below](#nested_enterprise_config).


<a name="nested_default_snat_status"></a>The `default_snat_status` block supports

* `disabled` - (Required) Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
Expand Down Expand Up @@ -1433,6 +1437,11 @@ linux_node_config {

* `enable_alts` - (Required) Whether the alts handshaker should be enabled or not for direct-path. Requires Workload Identity ([workloadPool]((#nested_workload_identity_config)) must be non-empty).

<a name="nested_enterprise_config"></a>The `enterprise_config` block supports:

* `desired_tier` - (Optional) Sets the tier of the cluster. Available options include `STANDARD` and `ENTERPRISE`.


## Attributes Reference

In addition to the arguments listed above, the following computed attributes are
Expand Down Expand Up @@ -1482,6 +1491,8 @@ exported:

* `fleet.0.membership_location` - The location of the fleet membership, extracted from `fleet.0.membership`. You can use this field to configure `membership_location` under [google_gkehub_feature_membership](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/gke_hub_feature_membership).

* `enterprise_config.0.cluster_tier` - The effective tier of the cluster.

## Timeouts

This resource provides the following
Expand Down
Loading