Add admin_groups field to the containerattached resource. (#9300)

* Add admin_groups field to the containerattached  resource.

* Fix whitespace

---------

Co-authored-by: Sarah French <15078782+SarahFrench@users.noreply.github.com>

mmv1/products/containerattached/Cluster.yaml

@@ -293,6 +293,16 @@ properties:
           ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole
           to the users. Up to ten admin users can be provided.
 
+          For more info on RBAC, see
+          https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
+        item_type: Api::Type::String
+      - !ruby/object:Api::Type::Array
+        name: adminGroups
+        description: |
+          Groups that can perform operations as a cluster admin. A managed
+          ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole
+          to the groups. Up to ten admin groups can be provided.
+
           For more info on RBAC, see
           https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
         item_type: Api::Type::String

mmv1/templates/terraform/custom_expand/containerattached_cluster_authorization_user.go.erb

@@ -17,26 +17,38 @@ type attachedClusterUser struct {
     Username string     `json:"username"`
 }
 
+type attachedClusterGroup struct {
+		Group string				`json:"group"`
+}
+
 // The custom expander transforms input into something like this:
 // authorization {
 //    admin_users [
 //      { username = "user1" },
 //      { username = "user2" }
 //    ]
+//    admin_groups [
+//      { group = "group1" },
+//      { group = "group2" },
+//    ]
 // }
 // The custom flattener transforms input back into something like this:
 // authorization {
 //    admin_users = [
 //      "user1",
 //      "user2"
 //    ]
+//    admin_groups = [
+//      "group1",
+//      "group2"
+//    ],
 // }
 func expand<%= prefix -%><%= titlelize_property(property) -%>(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
-  	l := v.([]interface{})
+	l := v.([]interface{})
 	if len(l) == 0 || l[0] == nil {
 		return nil, nil
 	}
-  	raw := l[0]
+	raw := l[0]
 	orig := raw.(map[string]interface{})["admin_users"].([]interface{})
 	transformed := make(map[string][]interface{})
 	transformed["admin_users"] = make([]interface{}, len(orig))
@@ -45,5 +57,12 @@ func expand<%= prefix -%><%= titlelize_property(property) -%>(v interface{}, d t
 			transformed["admin_users"][i] = attachedClusterUser{ Username: u.(string) }
 		}
 	}
+	orig = raw.(map[string]interface{})["admin_groups"].([]interface{})
+	transformed["admin_groups"] = make([]interface{}, len(orig))
+	for i, u := range orig {
+		if u != nil {
+			transformed["admin_groups"][i] = attachedClusterGroup{ Group: u.(string) }
+		}
+	}
 	return transformed, nil
 }

mmv1/templates/terraform/custom_flatten/containerattached_cluster_authorization_user.go.erb

@@ -19,13 +19,21 @@
 //      { username = "user1" },
 //      { username = "user2" }
 //    ]
+//    admin_groups [
+//      { group = "group1" },
+//      { group = "group2" },
+//    ]
 // }
 // The custom flattener transforms input back into something like this:
 // authorization {
 //    admin_users = [
 //      "user1",
 //      "user2"
 //    ]
+//    admin_groups = [
+//      "group1",
+//      "group2"
+//    ],
 // }
 func flatten<%= prefix -%><%= titlelize_property(property) -%>(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
     if v == nil {
@@ -40,6 +48,13 @@ func flatten<%= prefix -%><%= titlelize_property(property) -%>(v interface{}, d
 			transformed["admin_users"][i] = u.(map[string]interface{})["username"].(string)
 		}
 	}
+	orig = v.(map[string]interface{})["adminGroups"].([]interface{})
+	transformed["admin_groups"] = make([]string, len(orig))
+	for i, u := range orig {
+		if u != nil {
+			transformed["admin_groups"][i] = u.(map[string]interface{})["group"].(string)
+		}
+	}
 
 	return []interface{}{transformed}
 }

mmv1/templates/terraform/examples/container_attached_cluster_full.tf.erb

@@ -17,6 +17,7 @@ resource "google_container_attached_cluster" "primary" {
   }
   authorization {
     admin_users = [ "user1@example.com", "user2@example.com"]
+    admin_groups = [ "group1@example.com", "group2@example.com"]
   }
   oidc_config {
       issuer_url = "https://oidc.issuer.url"

mmv1/templates/terraform/pre_update/containerattached_update.go.erb

@@ -1,8 +1,11 @@
 // The generated code sets the wrong masks for the following fields.
 newUpdateMask := []string{}
-if d.HasChange("authorization") {
+if d.HasChange("authorization.0.admin_users") {
     newUpdateMask = append(newUpdateMask, "authorization.admin_users")
 }
+if d.HasChange("authorization.0.admin_groups") {
+    newUpdateMask = append(newUpdateMask, "authorization.admin_groups")
+}
 if d.HasChange("logging_config") {
     newUpdateMask = append(newUpdateMask, "logging_config.component_config.enable_components")
 }

mmv1/third_party/terraform/services/containerattached/resource_container_attached_cluster_update_test.go

@@ -71,6 +71,7 @@ resource "google_container_attached_cluster" "primary" {
   }
   authorization {
     admin_users = [ "user1@example.com", "user2@example.com"]
+    admin_groups = [ "group1@example.com", "group2@example.com"]
   }
   oidc_config {
       issuer_url = "https://oidc.issuer.url"
@@ -119,6 +120,7 @@ resource "google_container_attached_cluster" "primary" {
   }
   authorization {
     admin_users = [ "user2@example.com", "user3@example.com"]
+    admin_groups = [ "group3@example.com"]
   }
   oidc_config {
       issuer_url = "https://oidc.issuer.url"
@@ -165,6 +167,7 @@ resource "google_container_attached_cluster" "primary" {
   }
   authorization {
     admin_users = [ "user2@example.com", "user3@example.com"]
+    admin_groups = [ "group3@example.com"]
   }
   oidc_config {
       issuer_url = "https://oidc.issuer.url"