Share settings for sole-tenant node groups.

[idyczko]

This PR introduces support for cross-project sharing of Node Groups.
This PR resolves Issue 13281.

If this PR is for Terraform, I acknowledge that I have:

• Searched through the issue tracker for an open issue that this either resolves or contributes to, commented on it to claim it, and written "fixes {url}" or "part of {url}" in this PR description. If there were no relevant open issues, I opened one and commented that I would like to work on it (not necessary for very small changes).
• Generated Terraform, and ran make test and make lint to ensure it passes unit and linter tests.
• Ensured that all new fields I added that can be set by a user appear in at least one example (for generated resources) or third_party test (for handwritten resources or update tests).
• Ran relevant acceptance tests (If the acceptance tests do not yet pass or you are unable to run them, please let your reviewer know).
• Read the Release Notes Guide before writing my release note below.

Note on acceptance tests
I ran the acceptance tests locally with my own projects instead of automatically created projects due to some limitations in my organisation.

Release Note Template for Downstream PRs (will be copied)

compute: added `share_settings` field to the `google_compute_node_group` resource.

[modular-magician]

Hello! I am a robot who works on Magic Modules PRs.

I've detected that you're a community contributor. @zli82016, a repository maintainer, has been assigned to assist you and help review your changes.

❓ First time contributing? Click here for more details

---

Your assigned reviewer will help review your code by:

• Ensuring it's backwards compatible, covers common error cases, etc.
• Summarizing the change into a user-facing changelog note.
• Passes tests, either our "VCR" suite, a set of presubmit tests, or with manual test runs.

You can help make sure that review is quick by running local tests and ensuring they're passing in between each push you make to your PR's branch. Also, try to leave a comment with each push you make, as pushes generally don't generate emails.

If your reviewer doesn't get back to you within a week after your most recent change, please feel free to leave a comment on the issue asking them to take a look! In the absence of a dedicated review dashboard most maintainers manage their pending reviews through email, and those will sometimes get lost in their inbox.

---

[idyczko]

I wasn't sure what the TF policy is regarding resource validations. For instance, we duplicate some resource validations from the GCE REST API on the gcloud side but not others - please advise how to decide if a resource validation should be duplicated on the TF side.

[zli82016]

Added @c2thorn as the secondary reviewer.

[zli82016]

/gcbrun

[zli82016]

I wasn't sure what the TF policy is regarding resource validations. For instance, we duplicate some resource validations from the GCE REST API on the gcloud side but not others - please advise how to decide if a resource validation should be duplicated on the TF side.

Generally we leave the validation to API side. Service teams can change validation rules sometimes. We only validate things on the Terraform side that are simple and we think are unlikely to change. The cost to fix the validation code in Terraform provider is high.

[idyczko]

@zli82016 please let me know when I'm supposed to take any action here. I'm having trouble interpreting the results of the failed generate-diffs check. I'm getting
"You do not have sufficient permissions to view this page" on the GCP build page.

[zli82016]

@zli82016 please let me know when I'm supposed to take any action here. I'm having trouble interpreting the results of the failed generate-diffs check. I'm getting "You do not have sufficient permissions to view this page" on the GCP build page.

@idyczko , I will check with the team what permission you need. Also, can you check my comments? Especially for the file [mmv1/templates/terraform/examples/node_group_share_settings.tf.erb]

This is the doc to add resources, set up environment and run tests, if you need. https://googlecloudplatform.github.io/magic-modules/

[zli82016]

@idyczko , can you open this page https://pantheon.corp.google.com/cloud-build/builds/e8f13117-bee8-4059-8256-6ba814cb48ad?project=graphite-docker-images&mods=monitoring_api_prod ?

The generate-diffs failed because that :test_env_vars are used in file node_group_share_settings.tf.erb but not defined in terraform.yaml file.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

Terraform GA: Diff ( 3 files changed, 268 insertions(+))
Terraform Beta: Diff ( 3 files changed, 268 insertions(+))
TF Validator: Diff ( 3 files changed, 70 insertions(+), 3 deletions(-))

[modular-magician]

Tests analytics

Total tests: 2407
Passed tests 2153
Skipped tests: 251
Failed tests: 3

Action taken

Triggering VCR tests in RECORDING mode for the tests that failed during VCR. Click here to see the failed tests

TestAccFirebaserulesRelease_BasicRelease|TestAccContainerCluster_withInvalidGatewayApiConfigChannel|TestAccComputeNodeGroup_nodeGroupShareSettingsExample

[modular-magician]

Tests passed during RECORDING mode:
TestAccFirebaserulesRelease_BasicRelease[Debug log]
TestAccContainerCluster_withInvalidGatewayApiConfigChannel[Debug log]

Tests failed during RECORDING mode:
TestAccComputeNodeGroup_nodeGroupShareSettingsExample[Error message] [Debug log]

Please fix these to complete your PR
View the build log or the debug log for each test

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

Terraform GA: Diff ( 3 files changed, 266 insertions(+))
Terraform Beta: Diff ( 3 files changed, 266 insertions(+))
TF Validator: Diff ( 3 files changed, 70 insertions(+), 3 deletions(-))

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

Terraform GA: Diff ( 3 files changed, 264 insertions(+))
Terraform Beta: Diff ( 3 files changed, 264 insertions(+))
TF Validator: Diff ( 3 files changed, 70 insertions(+), 3 deletions(-))

[modular-magician]

Tests analytics

Total tests: 2409
Passed tests 2155
Skipped tests: 251
Failed tests: 3

Action taken

Triggering VCR tests in RECORDING mode for the tests that failed during VCR. Click here to see the failed tests

TestAccFirebaserulesRelease_BasicRelease|TestAccRegionInstanceGroupManager_stateful|TestAccComputeNodeGroup_nodeGroupShareSettingsExample

[modular-magician]

Tests passed during RECORDING mode:
TestAccFirebaserulesRelease_BasicRelease[Debug log]

Tests failed during RECORDING mode:
TestAccRegionInstanceGroupManager_stateful[Error message] [Debug log]
TestAccComputeNodeGroup_nodeGroupShareSettingsExample[Error message] [Debug log]

Please fix these to complete your PR
View the build log or the debug log for each test

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

Terraform GA: Diff ( 3 files changed, 260 insertions(+))
Terraform Beta: Diff ( 3 files changed, 260 insertions(+))
TF Validator: Diff ( 3 files changed, 70 insertions(+), 3 deletions(-))

[modular-magician]

Tests analytics

Total tests: 2409
Passed tests 2156
Skipped tests: 251
Failed tests: 2

Action taken

Triggering VCR tests in RECORDING mode for the tests that failed during VCR. Click here to see the failed tests

TestAccFirebaserulesRelease_BasicRelease|TestAccComputeNodeGroup_nodeGroupShareSettingsExample

[modular-magician]

Tests passed during RECORDING mode:
TestAccFirebaserulesRelease_BasicRelease[Debug log]

Tests failed during RECORDING mode:
TestAccComputeNodeGroup_nodeGroupShareSettingsExample[Error message] [Debug log]

Please fix these to complete your PR
View the build log or the debug log for each test

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

Terraform GA: Diff ( 3 files changed, 264 insertions(+))
Terraform Beta: Diff ( 3 files changed, 264 insertions(+))
TF Validator: Diff ( 3 files changed, 70 insertions(+), 3 deletions(-))

[modular-magician]

Tests analytics

Total tests: 2409
Passed tests 2157
Skipped tests: 251
Failed tests: 1

Action taken

Triggering VCR tests in RECORDING mode for the tests that failed during VCR. Click here to see the failed tests

TestAccComputeNodeGroup_nodeGroupShareSettingsExample

[modular-magician]

Tests passed during RECORDING mode:
TestAccComputeNodeGroup_nodeGroupShareSettingsExample[Debug log]

All tests passed
View the build log or the debug log for each test

[zli82016]

LGTM. Please wait for the review from @c2thorn .

[c2thorn]

This seems to be implemented correctly in terms of the API, but I cannot understand the design. The project_id is the only relevant information being passed here, why is it duplicated in both the key and value within a map? Am I missing something? Do you know if the API is setting up to have other values within the projectConfig nested object?

We rarely deviate from the API, but it seems like a frivolous user experience to have to set the project id twice. We could relatively simply implement custom code to take a list of project id's from the user and supply the API with the map in the correct format. From my perspective, this could prevent user error. More context would help me understand however

[idyczko]

To be honest, I cannot defend this decision, but I don't think it's been designed while working on this particular feature. The semantics of sharing node groups across projects was derived from how reservations are shared (take a look at the shareSettings field of the Reservation resource). Is there anything we can do with that at this point?

Also, I've stumbled upon some custom code that seems to be responsible for shareSettings modifications when updating the Reservation resource:
mmv1/templates/terraform/update_encoder/reservation.go.erb
Could you let me know if that is something we need for the NodeGroup resource as well?

[zli82016]

We don't need to add update_encoder for shareSettings in the resource NodeGroup. The resource NodeGroup has property input: true. That means that a new resource is created no matter what field has changed (from the code, node_template is an exception).

https://github.com/GoogleCloudPlatform/magic-modules/blob/main/mmv1/products/compute/api.yaml#L8794

Waiting for @c2thorn 's opinions.

[c2thorn]

@idyczko thank you for pointing out the shareSettings field in Reservation. Considering that we've already gone forward with it there, we may as well keep consistent here.

@zli82016 is correct that a custom update encoder should not be needed since the resource cannot be updated in place at all. If this is no longer true, we can modify this in a separate PR.

[zli82016]

LGTM