Allow setting both enable_autopilot and workload_identity_config in g…

…oogle_container_cluster resource (#10691)
GoogleCloudPlatform · May 16, 2024 · 432c55f · 432c55f
1 parent 78d1b3d
commit 432c55f
Show file tree

Hide file tree

Showing 2 changed files with 130 additions and 34 deletions.
diff --git a/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb b/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb
@@ -1784,7 +1784,6 @@ func ResourceContainerCluster() *schema.Resource {
 				// workload_identity_config today.
 				Computed: true,
 				Description: `Configuration for the use of Kubernetes Service Accounts in GCP IAM policies.`,
-				ConflictsWith: []string{"enable_autopilot"},
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"workload_pool": {

diff --git a/mmv1/third_party/terraform/services/container/resource_container_cluster_test.go.erb b/mmv1/third_party/terraform/services/container/resource_container_cluster_test.go.erb
@@ -3148,6 +3148,30 @@ func TestAccContainerCluster_withWorkloadIdentityConfig(t *testing.T) {
 	})
 }
 
+func TestAccContainerCluster_withWorkloadIdentityConfigAutopilot(t *testing.T) {
+	t.Parallel()
+
+	clusterName := fmt.Sprintf("tf-test-cluster-%s", acctest.RandString(t, 10))
+	pid := envvar.GetTestProjectFromEnv()
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckContainerClusterDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccContainerCluster_withWorkloadIdentityConfigEnabledAutopilot(pid, clusterName),
+			},
+			{
+				ResourceName:            "google_container_cluster.with_workload_identity_config",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"remove_default_node_pool", "deletion_protection"},
+			},
+		},
+	})
+}
+
 func TestAccContainerCluster_withIdentityServiceConfig(t *testing.T) {
 	t.Parallel()
 
@@ -4648,6 +4672,34 @@ func TestAccContainerCluster_withWorkloadALTSConfig(t *testing.T) {
 		},
 	})
 }
+
+func TestAccContainerCluster_withWorkloadALTSConfigAutopilot(t *testing.T) {
+	t.Parallel()
+
+	clusterName := fmt.Sprintf("tf-test-cluster-%s", acctest.RandString(t, 10))
+	pid := envvar.GetTestProjectFromEnv()
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t),
+		CheckDestroy:             testAccCheckContainerClusterDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccContainerCluster_withWorkloadALTSConfigAutopilot(pid, clusterName, true),
+			},
+			{
+				ResourceName:            "google_container_cluster.with_workload_alts_config",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"deletion_protection"},
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(
+						"google_container_cluster.with_workload_alts_config", "workload_identity_config.workload_pool", fmt.Sprintf("%s.svc.id.goog", pid)),
+					resource.TestCheckResourceAttr(
+						"google_container_cluster.with_workload_alts_config", "workload_alts_config.enable_alts", "true")),
+			},
+		},
+	})
+}
 <% end -%>
 
 func testAccContainerCluster_withFleetConfig(name, projectID, networkName, subnetworkName string) string {
@@ -8221,6 +8273,27 @@ resource "google_container_cluster" "with_workload_identity_config" {
 `, projectID, clusterName, networkName, subnetworkName)
 }
 
+func testAccContainerCluster_withWorkloadIdentityConfigEnabledAutopilot(projectID string, clusterName string) string {
+	return fmt.Sprintf(`
+data "google_project" "project" {
+  project_id = "%s"
+}
+
+resource "google_container_cluster" "with_workload_identity_config" {
+  name               = "%s"
+  location           = "us-central1"
+  initial_node_count = 1
+
+  workload_identity_config {
+    workload_pool = "${data.google_project.project.project_id}.svc.id.goog"
+  }
+  enable_autopilot = true
+  deletion_protection = false
+}
+`, projectID, clusterName)
+}
+
+
 func testAccContainerCluster_updateWorkloadIdentityConfig(projectID, clusterName, networkName, subnetworkName string, enable bool) string {
 	workloadIdentityConfig := ""
 	if enable {
@@ -9997,41 +10070,65 @@ resource "google_container_cluster" "without_confidential_boot_disk" {
 
 <% unless version == 'ga' -%>
 func testAccContainerCluster_withWorkloadALTSConfig(projectID, name, networkName, subnetworkName string, enable bool) string {
-	return fmt.Sprintf(`
-	data "google_project" "project" {
-		provider = google-beta
-		project_id = "%s"
-	}
-	resource "google_compute_network" "network" {
-		provider                 = google-beta
-		name                     = "%s"
-		auto_create_subnetworks  = false
-		enable_ula_internal_ipv6 = true
-	}
-	resource "google_compute_subnetwork" "subnet" {
-		provider         = google-beta
-		name             = "%s"
-		network          = google_compute_network.network.id
-		ip_cidr_range    = "9.12.22.0/24"
-		region           = "us-central1"
-	}
-	resource "google_container_cluster" "with_workload_alts_config" {
-		provider = google-beta
-		name               = "%s"
-		location           = "us-central1-a"
-		initial_node_count = 1
-		network         = google_compute_network.network.name
-		subnetwork      = google_compute_subnetwork.subnet.name
-		workload_alts_config {
-			enable_alts = %v
-		}
-		workload_identity_config {
-			workload_pool = "${data.google_project.project.project_id}.svc.id.goog"
-		}
-		deletion_protection = false
-	}
+  return fmt.Sprintf(`
+  data "google_project" "project" {
+    provider = google-beta
+    project_id = "%s"
+  }
+  resource "google_compute_network" "network" {
+    provider                 = google-beta
+    name                     = "%s"
+    auto_create_subnetworks  = false
+    enable_ula_internal_ipv6 = true
+  }
+  resource "google_compute_subnetwork" "subnet" {
+    provider         = google-beta
+    name             = "%s"
+    network          = google_compute_network.network.id
+    ip_cidr_range    = "9.12.22.0/24"
+    region           = "us-central1"
+  }
+  resource "google_container_cluster" "with_workload_alts_config" {
+    provider = google-beta
+    name               = "%s"
+    location           = "us-central1-a"
+    initial_node_count = 1
+    network         = google_compute_network.network.name
+    subnetwork      = google_compute_subnetwork.subnet.name
+    workload_alts_config {
+      enable_alts = %v
+    }
+    workload_identity_config {
+      workload_pool = "${data.google_project.project.project_id}.svc.id.goog"
+    }
+    deletion_protection = false
+  }
 `, projectID, networkName, subnetworkName, name, enable)
 }
+
+func testAccContainerCluster_withWorkloadALTSConfigAutopilot(projectID, name string, enable bool) string {
+  return fmt.Sprintf(`
+  data "google_project" "project" {
+    provider = google-beta
+    project_id = "%s"
+  }
+  resource "google_container_cluster" "with_workload_alts_config" {
+    provider = google-beta
+    name               = "%s"
+    location           = "us-central1"
+    initial_node_count = 1
+    workload_alts_config {
+      enable_alts = %v
+    }
+    workload_identity_config {
+      workload_pool = "${data.google_project.project.project_id}.svc.id.goog"
+    }
+    enable_autopilot = true
+    deletion_protection = false
+  }
+`, projectID, name, enable)
+}
+
 <% end -%>
 
 func testAccContainerCluster_resourceManagerTags(projectID, clusterName, networkName, subnetworkName, randomSuffix string) string {