From 254eab14101338b39ea50efa0fb58abd6bd1a313 Mon Sep 17 00:00:00 2001
From: Sandeep Sukhani <sandeep.d.sukhani@gmail.com>
Date: Fri, 19 Jul 2019 16:04:04 +0530
Subject: [PATCH] Added tests for updating workload identity config

---
 .../resource_container_cluster_test.go        | 73 +++++++++++++++++++
 1 file changed, 73 insertions(+)

diff --git a/google-beta/resource_container_cluster_test.go b/google-beta/resource_container_cluster_test.go
index 41108d24f45..889f2cf8e53 100644
--- a/google-beta/resource_container_cluster_test.go
+++ b/google-beta/resource_container_cluster_test.go
@@ -1682,6 +1682,33 @@ func TestAccContainerCluster_withWorkloadIdentityConfig(t *testing.T) {
 				ImportState:         true,
 				ImportStateVerify:   true,
 			},
+			{
+				Config: testAccContainerCluster_updateWorkloadMetadataConfig(pid, clusterName, "SECURE"),
+			},
+			{
+				ResourceName:        "google_container_cluster.with_workload_identity_config",
+				ImportStateIdPrefix: "us-central1-a/",
+				ImportState:         true,
+				ImportStateVerify:   true,
+			},
+			{
+				Config: testAccContainerCluster_updateWorkloadIdentityConfig(pid, clusterName, false),
+			},
+			{
+				ResourceName:        "google_container_cluster.with_workload_identity_config",
+				ImportStateIdPrefix: "us-central1-a/",
+				ImportState:         true,
+				ImportStateVerify:   true,
+			},
+			{
+				Config: testAccContainerCluster_updateWorkloadIdentityConfig(pid, clusterName, true),
+			},
+			{
+				ResourceName:        "google_container_cluster.with_workload_identity_config",
+				ImportStateIdPrefix: "us-central1-a/",
+				ImportState:         true,
+				ImportStateVerify:   true,
+			},
 		},
 	})
 
@@ -2695,6 +2722,30 @@ resource "google_container_cluster" "with_workload_metadata_config" {
 `, acctest.RandString(10))
 }
 
+func testAccContainerCluster_updateWorkloadMetadataConfig(projectID string, clusterName string, workloadMetadataConfig string) string {
+	return fmt.Sprintf(`
+data "google_project" "project" {
+	project_id = "%s"
+}
+
+resource "google_container_cluster" "with_workload_identity_config" {
+	name = "%s"
+	zone = "us-central1-a"
+	initial_node_count = 1
+
+  node_config {
+		oauth_scopes = [
+			"https://www.googleapis.com/auth/logging.write",
+			"https://www.googleapis.com/auth/monitoring"
+		]
+
+		workload_metadata_config {
+			node_metadata = "%s"
+		}
+  }
+}`, projectID, clusterName, workloadMetadataConfig)
+}
+
 func testAccContainerCluster_withSandboxConfig() string {
 	return fmt.Sprintf(`
 data "google_container_engine_versions" "central1a" {
@@ -3488,6 +3539,28 @@ resource "google_container_cluster" "with_workload_identity_config" {
 `, projectID, clusterName)
 }
 
+func testAccContainerCluster_updateWorkloadIdentityConfig(projectID string, clusterName string, enable bool) string {
+	workloadIdentityConfig := ""
+	if enable {
+		workloadIdentityConfig = `
+			workload_identity_config {
+			identity_namespace = "${data.google_project.project.project_id}.svc.id.goog"
+		}`
+	}
+	return fmt.Sprintf(`
+data "google_project" "project" {
+	project_id = "%s"
+}
+
+resource "google_container_cluster" "with_workload_identity_config" {
+	name = "%s"
+	zone = "us-central1-a"
+	initial_node_count = 1
+
+	%s
+}`, projectID, clusterName, workloadIdentityConfig)
+}
+
 func testAccContainerCluster_withResourceLabels(clusterName string) string {
 	return fmt.Sprintf(`
 resource "google_container_cluster" "with_resource_labels" {