add auto_provisioning_defaults to google_container_cluster.cluster_autoscaling
#2747
Conversation
|
Hi! I'm the modular magician, I work on Magic Modules. Pull request statusesNo diff detected in Ansible. New Pull RequestsI built this PR into one or more new PRs on other repositories, and when those are closed, this PR will also be merged and closed. |
third_party/terraform/resources/resource_container_cluster.go.erb
Outdated
Show resolved
Hide resolved
|
|
||
| defaultScopes := []string{ | ||
| "https://www.googleapis.com/auth/logging.write", | ||
| "https://www.googleapis.com/auth/monitoring", |
There was a problem hiding this comment.
Was it your experience that monitoring was a default sometimes, and other times it was monitoring.write? Did the default change based on logging_service and monitoring_service values?
There was a problem hiding this comment.
Good catch, yes, it did change. When monitoring_service was none the default was monitoring.write and when it is not none the default is monitoring.
There was a problem hiding this comment.
Talked in Slack- let's only suppress monitoring.write. While monitoring and logging.write are conditionally enabled based on GKE Stackdriver Monitoring being enabled, I think it's a valid behaviour for Terraform to show a diff in that case- the user's config isn't the real state.
third_party/terraform/resources/resource_container_cluster.go.erb
Outdated
Show resolved
Hide resolved
| @@ -2840,6 +2879,35 @@ func cidrOrSizeDiffSuppress(k, old, new string, d *schema.ResourceData) bool { | |||
| return strings.HasPrefix(new, "/") && strings.HasSuffix(old, new) | |||
| } | |||
|
|
|||
| // We want to suppress diffs for the default auto provisioning defaults | |||
There was a problem hiding this comment.
"Defaults" is somewhat overloaded, since https://cloud.google.com/kubernetes-engine/docs/how-to/node-auto-provisioning#identity actually refers to a different set of scopes as defaults. Can we refer to this as suppressing scopes that are automatically added by GKE?
Additionally, I wonder if we can apply the same DSF to node_config fields because I believe they have the same behaviour.
|
Hi! I'm the modular magician, I work on Magic Modules. Pull request statusesterraform-provider-google-beta already has an open PR. New Pull RequestsI didn't open any new pull requests because of this PR. |
| @@ -2840,6 +2879,34 @@ func cidrOrSizeDiffSuppress(k, old, new string, d *schema.ResourceData) bool { | |||
| return strings.HasPrefix(new, "/") && strings.HasSuffix(old, new) | |||
| } | |||
|
|
|||
| // We want to suppress diffs for the scopes automatically added by GKE | |||
There was a problem hiding this comment.
| // We want to suppress diffs for the scopes automatically added by GKE | |
| // Suppress unremovable default scope values from GCP. | |
| // If the default service account would not otherwise have it, the `monitoring.write` scope | |
| // is added to a GKE cluster's scopes regardless of what the user provided. | |
| // monitoring.write is inherited from monitoring (rw) and cloud-platform, so it won't always | |
| // be present. | |
| // Enabling Stackdriver features through logging_service and monitoring_service may enable | |
| // monitoring or logging.write. We've chosen not to suppress in those cases because they're | |
| // removable by disabling those features. |
| @@ -2642,6 +2644,12 @@ resource "google_container_cluster" "with_autoprovisioning" { | |||
| resource_type = "memory" | |||
| maximum = 2048 | |||
| } | |||
| auto_provisioning_defaults { | |||
There was a problem hiding this comment.
What happens if I include cluster_autoscaling without auto_provisioning_defaults or auto_provisioning_defaults without oauth_scopes? Will I get a diff?
There was a problem hiding this comment.
Also, can you include an _updated config including monitoring.write and check that there are no changes in plan? (I think that's one of the options we have for a test step)
There was a problem hiding this comment.
I am adding O+C to auto_provisioning_defaults which should get rid of the diff if auto_provisioning_defaults is not included in a cluster_autoscaling block.
| @@ -372,6 +375,14 @@ for a list of types. | |||
|
|
|||
| * `maximum` - (Optional) Maximum amount of the resource in the cluster. | |||
|
|
|||
| The `auto_provisioning_defaults` block supports: | |||
|
|
|||
| * `oauth_scopes` - (Optional) Scopes that are used by NAP when creating node pools. | |||
There was a problem hiding this comment.
Can you note that monitoring.write will always be enabled regardless of user input, and add an infobox ( with ->) to say that GKE may enable monitoring or logging.write based on logging_service and monitoring_service values?
|
Hi! I'm the modular magician, I work on Magic Modules. Pull request statusesterraform-provider-google-beta already has an open PR. New Pull RequestsI didn't open any new pull requests because of this PR. |
|
Hi! I'm the modular magician, I work on Magic Modules. Pull request statusesterraform-provider-google-beta already has an open PR. New Pull RequestsI didn't open any new pull requests because of this PR. |
1 similar comment
|
Hi! I'm the modular magician, I work on Magic Modules. Pull request statusesterraform-provider-google-beta already has an open PR. New Pull RequestsI didn't open any new pull requests because of this PR. |
|
Hi! I'm the modular magician, I work on Magic Modules. Pull request statusesterraform-provider-google-beta already has an open PR. New Pull RequestsI didn't open any new pull requests because of this PR. |
Tracked submodules are build/terraform-beta build/terraform-mapper build/terraform build/ansible build/inspec.
modular-magician
force-pushed
the
megan_autoprovisiondefaults
branch
from
14ce2c3 to
96ee7fb
Compare
Fixes hashicorp/terraform-provider-google#4061
Release Note Template for Downstream PRs (will be copied)