From 24afffd73e7d4b55e435a8acc8412ff2344396e2 Mon Sep 17 00:00:00 2001 From: The Magician Date: Tue, 26 Sep 2023 17:52:22 -0400 Subject: [PATCH] Add deletion_protection to container cluster (#9013) (#16013) Signed-off-by: Modular Magician --- .changelog/9013.txt | 3 + ...nstance_group_named_port_generated_test.go | 4 +- ...rk_peering_routes_config_generated_test.go | 4 +- ...ta_source_google_container_cluster_test.go | 4 + .../container/resource_container_cluster.go | 24 +- .../resource_container_cluster_migrate.go | 3 + .../resource_container_cluster_migratev1.go | 1627 +++++++++++++++++ .../resource_container_cluster_test.go | 1134 +++++++----- .../resource_container_node_pool_test.go | 66 +- .../resource_dataproc_cluster_test.go | 1 + ...esource_dns_managed_zone_generated_test.go | 4 +- .../dns/resource_dns_managed_zone_test.go | 1 + ...urce_dns_response_policy_generated_test.go | 4 +- ...m_gke_backup_backup_plan_generated_test.go | 11 + ..._gke_backup_restore_plan_generated_test.go | 11 + ...e_gke_backup_backup_plan_generated_test.go | 22 +- .../resource_gke_backup_backup_plan_test.go | 2 + ..._gke_backup_restore_plan_generated_test.go | 36 +- .../iam_gke_hub_membership_generated_test.go | 20 +- ...esource_gke_hub_feature_membership_test.go | 11 + ...ource_gke_hub_membership_generated_test.go | 10 +- .../gkehub2/resource_gke_hub_feature_test.go | 4 + ...e_hub_membership_binding_generated_test.go | 8 +- ...esource_gke_hub_membership_binding_test.go | 2 + ...te_instance_group_named_port.html.markdown | 1 + ...etwork_peering_routes_config.html.markdown | 1 + .../docs/r/container_cluster.html.markdown | 8 + website/docs/r/dns_managed_zone.html.markdown | 1 + .../docs/r/dns_response_policy.html.markdown | 1 + .../r/gke_backup_backup_plan.html.markdown | 4 + .../r/gke_backup_restore_plan.html.markdown | 6 + .../docs/r/gke_hub_membership.html.markdown | 2 + .../gke_hub_membership_binding.html.markdown | 1 + ...membership_rbac_role_binding.html.markdown | 1 + 34 files changed, 2579 insertions(+), 463 deletions(-) create mode 100644 .changelog/9013.txt create mode 100644 google/services/container/resource_container_cluster_migratev1.go diff --git a/.changelog/9013.txt b/.changelog/9013.txt new file mode 100644 index 00000000000..23ef71f477a --- /dev/null +++ b/.changelog/9013.txt @@ -0,0 +1,3 @@ +```release-note:breaking-change +container: `google_container_cluster` now has `deletion_protection` enabled to `true` by default. When enabled, this field prevents Terraform from deleting the resource. +``` diff --git a/google/services/compute/resource_compute_instance_group_named_port_generated_test.go b/google/services/compute/resource_compute_instance_group_named_port_generated_test.go index 4443e96b476..9ce4d241dce 100644 --- a/google/services/compute/resource_compute_instance_group_named_port_generated_test.go +++ b/google/services/compute/resource_compute_instance_group_named_port_generated_test.go @@ -35,7 +35,8 @@ func TestAccComputeInstanceGroupNamedPort_instanceGroupNamedPortGkeExample(t *te t.Parallel() context := map[string]interface{}{ - "random_suffix": acctest.RandString(t, 10), + "deletion_protection": false, + "random_suffix": acctest.RandString(t, 10), } acctest.VcrTest(t, resource.TestCase{ @@ -98,6 +99,7 @@ resource "google_container_cluster" "my_cluster" { cluster_ipv4_cidr_block = "/19" services_ipv4_cidr_block = "/22" } + deletion_protection = "%{deletion_protection}" } `, context) } diff --git a/google/services/compute/resource_compute_network_peering_routes_config_generated_test.go b/google/services/compute/resource_compute_network_peering_routes_config_generated_test.go index cdfc5b18a7f..82ac6686f96 100644 --- a/google/services/compute/resource_compute_network_peering_routes_config_generated_test.go +++ b/google/services/compute/resource_compute_network_peering_routes_config_generated_test.go @@ -90,7 +90,8 @@ func TestAccComputeNetworkPeeringRoutesConfig_networkPeeringRoutesConfigGkeExamp t.Parallel() context := map[string]interface{}{ - "random_suffix": acctest.RandString(t, 10), + "deletion_protection": false, + "random_suffix": acctest.RandString(t, 10), } acctest.VcrTest(t, resource.TestCase{ @@ -163,6 +164,7 @@ resource "google_container_cluster" "private_cluster" { cluster_secondary_range_name = google_compute_subnetwork.container_subnetwork.secondary_ip_range[0].range_name services_secondary_range_name = google_compute_subnetwork.container_subnetwork.secondary_ip_range[1].range_name } + deletion_protection = "%{deletion_protection}" } `, context) } diff --git a/google/services/container/data_source_google_container_cluster_test.go b/google/services/container/data_source_google_container_cluster_test.go index 2ec530b4b5c..f5574761435 100644 --- a/google/services/container/data_source_google_container_cluster_test.go +++ b/google/services/container/data_source_google_container_cluster_test.go @@ -28,6 +28,7 @@ func TestAccContainerClusterDatasource_zonal(t *testing.T) { "enable_autopilot": {}, "enable_tpu": {}, "pod_security_policy_config.#": {}, + "deletion_protection": {}, }, ), ), @@ -54,6 +55,7 @@ func TestAccContainerClusterDatasource_regional(t *testing.T) { "enable_autopilot": {}, "enable_tpu": {}, "pod_security_policy_config.#": {}, + "deletion_protection": {}, }, ), ), @@ -68,6 +70,7 @@ resource "google_container_cluster" "kubes" { name = "tf-test-cluster-%s" location = "us-central1-a" initial_node_count = 1 + deletion_protection = false } data "google_container_cluster" "kubes" { @@ -83,6 +86,7 @@ resource "google_container_cluster" "kubes" { name = "tf-test-cluster-%s" location = "us-central1" initial_node_count = 1 + deletion_protection = false } data "google_container_cluster" "kubes" { diff --git a/google/services/container/resource_container_cluster.go b/google/services/container/resource_container_cluster.go index 867e968b6cf..cb78b13c70d 100644 --- a/google/services/container/resource_container_cluster.go +++ b/google/services/container/resource_container_cluster.go @@ -192,8 +192,15 @@ func ResourceContainerCluster() *schema.Resource { Delete: schema.DefaultTimeout(40 * time.Minute), }, - SchemaVersion: 1, + SchemaVersion: 2, MigrateState: resourceContainerClusterMigrateState, + StateUpgraders: []schema.StateUpgrader{ + { + Type: resourceContainerClusterResourceV1().CoreConfigSchema().ImpliedType(), + Upgrade: ResourceContainerClusterUpgradeV1, + Version: 1, + }, + }, Importer: &schema.ResourceImporter{ State: resourceContainerClusterStateImporter, @@ -249,6 +256,13 @@ func ResourceContainerCluster() *schema.Resource { Description: `The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.`, }, + "deletion_protection": { + Type: schema.TypeBool, + Optional: true, + Default: true, + Description: `Whether or not to allow Terraform to destroy the instance. Defaults to true. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the cluster will fail.`, + }, + "addons_config": { Type: schema.TypeList, Optional: true, @@ -3636,6 +3650,9 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er } func resourceContainerClusterDelete(d *schema.ResourceData, meta interface{}) error { + if d.Get("deletion_protection").(bool) { + return fmt.Errorf("Cannot destroy cluster because deletion_protection is set to true. Set it to false to proceed with instance deletion.") + } config := meta.(*transport_tpg.Config) userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent) if err != nil { @@ -5394,6 +5411,11 @@ func resourceContainerClusterStateImporter(d *schema.ResourceData, meta interfac if err := d.Set("location", location); err != nil { return nil, fmt.Errorf("Error setting location: %s", err) } + + if err := d.Set("deletion_protection", true); err != nil { + return nil, fmt.Errorf("Error setting deletion_protection: %s", err) + } + if _, err := containerClusterAwaitRestingState(config, project, location, clusterName, userAgent, d.Timeout(schema.TimeoutCreate)); err != nil { return nil, err } diff --git a/google/services/container/resource_container_cluster_migrate.go b/google/services/container/resource_container_cluster_migrate.go index eda75ba9a04..7166a1281e0 100644 --- a/google/services/container/resource_container_cluster_migrate.go +++ b/google/services/container/resource_container_cluster_migrate.go @@ -23,6 +23,9 @@ func resourceContainerClusterMigrateState( case 0: log.Println("[INFO] Found Container Cluster State v0; migrating to v1") return migrateClusterStateV0toV1(is) + case 1: + log.Println("[INFO] Found Container Cluster State v1 in legacy migration function; returning as non-op") + return is, nil default: return is, fmt.Errorf("Unexpected schema version: %d", v) } diff --git a/google/services/container/resource_container_cluster_migratev1.go b/google/services/container/resource_container_cluster_migratev1.go new file mode 100644 index 00000000000..915a71eec2f --- /dev/null +++ b/google/services/container/resource_container_cluster_migratev1.go @@ -0,0 +1,1627 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 +package container + +import ( + "context" + "fmt" + "log" + "regexp" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation" + "github.com/hashicorp/terraform-provider-google/google/tpgresource" + "github.com/hashicorp/terraform-provider-google/google/verify" +) + +func ResourceContainerClusterUpgradeV1(_ context.Context, rawState map[string]interface{}, meta interface{}) (map[string]interface{}, error) { + log.Printf("[DEBUG] Applying container cluster migration to schema version V2.") + + rawState["deletion_protection"] = true + return rawState, nil +} + +func resourceContainerClusterResourceV1() *schema.Resource { + return &schema.Resource{ + Schema: map[string]*schema.Schema{ + "name": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + Description: `The name of the cluster, unique within the project and location.`, + ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) { + value := v.(string) + + if len(value) > 40 { + errors = append(errors, fmt.Errorf( + "%q cannot be longer than 40 characters", k)) + } + if !regexp.MustCompile("^[a-z0-9-]+$").MatchString(value) { + errors = append(errors, fmt.Errorf( + "%q can only contain lowercase letters, numbers and hyphens", k)) + } + if !regexp.MustCompile("^[a-z]").MatchString(value) { + errors = append(errors, fmt.Errorf( + "%q must start with a letter", k)) + } + if !regexp.MustCompile("[a-z0-9]$").MatchString(value) { + errors = append(errors, fmt.Errorf( + "%q must end with a number or a letter", k)) + } + return + }, + }, + + "operation": { + Type: schema.TypeString, + Computed: true, + }, + + "location": { + Type: schema.TypeString, + Optional: true, + Computed: true, + ForceNew: true, + Description: `The location (region or zone) in which the cluster master will be created, as well as the default node location. If you specify a zone (such as us-central1-a), the cluster will be a zonal cluster with a single cluster master. If you specify a region (such as us-west1), the cluster will be a regional cluster with multiple masters spread across zones in the region, and with default node locations in those zones as well.`, + }, + + "node_locations": { + Type: schema.TypeSet, + Optional: true, + Computed: true, + Elem: &schema.Schema{Type: schema.TypeString}, + Description: `The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.`, + }, + + "addons_config": { + Type: schema.TypeList, + Optional: true, + Computed: true, + MaxItems: 1, + Description: `The configuration for addons supported by GKE.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "http_load_balancing": { + Type: schema.TypeList, + Optional: true, + Computed: true, + AtLeastOneOf: addonsConfigKeys, + MaxItems: 1, + Description: `The status of the HTTP (L7) load balancing controller addon, which makes it easy to set up HTTP load balancers for services in a cluster. It is enabled by default; set disabled = true to disable.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "disabled": { + Type: schema.TypeBool, + Required: true, + }, + }, + }, + }, + "horizontal_pod_autoscaling": { + Type: schema.TypeList, + Optional: true, + Computed: true, + AtLeastOneOf: addonsConfigKeys, + MaxItems: 1, + Description: `The status of the Horizontal Pod Autoscaling addon, which increases or decreases the number of replica pods a replication controller has based on the resource usage of the existing pods. It ensures that a Heapster pod is running in the cluster, which is also used by the Cloud Monitoring service. It is enabled by default; set disabled = true to disable.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "disabled": { + Type: schema.TypeBool, + Required: true, + }, + }, + }, + }, + "network_policy_config": { + Type: schema.TypeList, + Optional: true, + Computed: true, + AtLeastOneOf: addonsConfigKeys, + MaxItems: 1, + Description: `Whether we should enable the network policy addon for the master. This must be enabled in order to enable network policy for the nodes. To enable this, you must also define a network_policy block, otherwise nothing will happen. It can only be disabled if the nodes already do not have network policies enabled. Defaults to disabled; set disabled = false to enable.`, + ConflictsWith: []string{"enable_autopilot"}, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "disabled": { + Type: schema.TypeBool, + Required: true, + }, + }, + }, + }, + "gcp_filestore_csi_driver_config": { + Type: schema.TypeList, + Optional: true, + Computed: true, + AtLeastOneOf: addonsConfigKeys, + MaxItems: 1, + Description: `The status of the Filestore CSI driver addon, which allows the usage of filestore instance as volumes. Defaults to disabled; set enabled = true to enable.`, + ConflictsWith: []string{"enable_autopilot"}, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enabled": { + Type: schema.TypeBool, + Required: true, + }, + }, + }, + }, + "cloudrun_config": { + Type: schema.TypeList, + Optional: true, + Computed: true, + AtLeastOneOf: addonsConfigKeys, + MaxItems: 1, + Description: `The status of the CloudRun addon. It is disabled by default. Set disabled = false to enable.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "disabled": { + Type: schema.TypeBool, + Required: true, + }, + "load_balancer_type": { + Type: schema.TypeString, + ValidateFunc: validation.StringInSlice([]string{"LOAD_BALANCER_TYPE_INTERNAL"}, false), + Optional: true, + }, + }, + }, + }, + "dns_cache_config": { + Type: schema.TypeList, + Optional: true, + Computed: true, + AtLeastOneOf: addonsConfigKeys, + MaxItems: 1, + Description: `The status of the NodeLocal DNSCache addon. It is disabled by default. Set enabled = true to enable.`, + ConflictsWith: []string{"enable_autopilot"}, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enabled": { + Type: schema.TypeBool, + Required: true, + }, + }, + }, + }, + "gce_persistent_disk_csi_driver_config": { + Type: schema.TypeList, + Optional: true, + Computed: true, + AtLeastOneOf: addonsConfigKeys, + MaxItems: 1, + Description: `Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. Set enabled = true to enable. The Compute Engine persistent disk CSI Driver is enabled by default on newly created clusters for the following versions: Linux clusters: GKE version 1.18.10-gke.2100 or later, or 1.19.3-gke.2100 or later.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enabled": { + Type: schema.TypeBool, + Required: true, + }, + }, + }, + }, + "gke_backup_agent_config": { + Type: schema.TypeList, + Optional: true, + Computed: true, + AtLeastOneOf: addonsConfigKeys, + MaxItems: 1, + Description: `The status of the Backup for GKE Agent addon. It is disabled by default. Set enabled = true to enable.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enabled": { + Type: schema.TypeBool, + Required: true, + }, + }, + }, + }, + "gcs_fuse_csi_driver_config": { + Type: schema.TypeList, + Optional: true, + Computed: true, + AtLeastOneOf: addonsConfigKeys, + MaxItems: 1, + Description: `The status of the GCS Fuse CSI driver addon, which allows the usage of gcs bucket as volumes. Defaults to disabled; set enabled = true to enable.`, + ConflictsWith: []string{"enable_autopilot"}, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enabled": { + Type: schema.TypeBool, + Required: true, + }, + }, + }, + }, + "config_connector_config": { + Type: schema.TypeList, + Optional: true, + Computed: true, + AtLeastOneOf: addonsConfigKeys, + MaxItems: 1, + Description: `The of the Config Connector addon.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enabled": { + Type: schema.TypeBool, + Required: true, + }, + }, + }, + }, + }, + }, + }, + + "cluster_autoscaling": { + Type: schema.TypeList, + MaxItems: 1, + // This field is Optional + Computed because we automatically set the + // enabled value to false if the block is not returned in API responses. + Optional: true, + Computed: true, + Description: `Per-cluster configuration of Node Auto-Provisioning with Cluster Autoscaler to automatically adjust the size of the cluster and create/delete node pools based on the current needs of the cluster's workload. See the guide to using Node Auto-Provisioning for more details.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enabled": { + Type: schema.TypeBool, + Optional: true, + Computed: true, + ConflictsWith: []string{"enable_autopilot"}, + Description: `Whether node auto-provisioning is enabled. Resource limits for cpu and memory must be defined to enable node auto-provisioning.`, + }, + "resource_limits": { + Type: schema.TypeList, + Optional: true, + ConflictsWith: []string{"enable_autopilot"}, + DiffSuppressFunc: suppressDiffForAutopilot, + Description: `Global constraints for machine resources in the cluster. Configuring the cpu and memory types is required if node auto-provisioning is enabled. These limits will apply to node pool autoscaling in addition to node auto-provisioning.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "resource_type": { + Type: schema.TypeString, + Required: true, + Description: `The type of the resource. For example, cpu and memory. See the guide to using Node Auto-Provisioning for a list of types.`, + }, + "minimum": { + Type: schema.TypeInt, + Optional: true, + Description: `Minimum amount of the resource in the cluster.`, + }, + "maximum": { + Type: schema.TypeInt, + Optional: true, + Description: `Maximum amount of the resource in the cluster.`, + }, + }, + }, + }, + "auto_provisioning_defaults": { + Type: schema.TypeList, + MaxItems: 1, + Optional: true, + Computed: true, + Description: `Contains defaults for a node pool created by NAP.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "oauth_scopes": { + Type: schema.TypeList, + Optional: true, + Computed: true, + Elem: &schema.Schema{Type: schema.TypeString}, + DiffSuppressFunc: containerClusterAddedScopesSuppress, + Description: `Scopes that are used by NAP when creating node pools.`, + }, + "service_account": { + Type: schema.TypeString, + Optional: true, + Default: "default", + Description: `The Google Cloud Platform Service Account to be used by the node VMs.`, + }, + "disk_size": { + Type: schema.TypeInt, + Optional: true, + Default: 100, + Description: `Size of the disk attached to each node, specified in GB. The smallest allowed disk size is 10GB.`, + DiffSuppressFunc: suppressDiffForAutopilot, + ValidateFunc: validation.IntAtLeast(10), + }, + "disk_type": { + Type: schema.TypeString, + Optional: true, + Default: "pd-standard", + Description: `Type of the disk attached to each node.`, + DiffSuppressFunc: suppressDiffForAutopilot, + ValidateFunc: validation.StringInSlice([]string{"pd-standard", "pd-ssd", "pd-balanced"}, false), + }, + "image_type": { + Type: schema.TypeString, + Optional: true, + Default: "COS_CONTAINERD", + Description: `The default image type used by NAP once a new node pool is being created.`, + DiffSuppressFunc: suppressDiffForAutopilot, + ValidateFunc: validation.StringInSlice([]string{"COS_CONTAINERD", "COS", "UBUNTU_CONTAINERD", "UBUNTU"}, false), + }, + "min_cpu_platform": { + Type: schema.TypeString, + Optional: true, + DiffSuppressFunc: tpgresource.EmptyOrDefaultStringSuppress("automatic"), + Description: `Minimum CPU platform to be used by this instance. The instance may be scheduled on the specified or newer CPU platform. Applicable values are the friendly names of CPU platforms, such as Intel Haswell.`, + }, + "boot_disk_kms_key": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + Description: `The Customer Managed Encryption Key used to encrypt the boot disk attached to each node in the node pool.`, + }, + "shielded_instance_config": { + Type: schema.TypeList, + Optional: true, + Description: `Shielded Instance options.`, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enable_secure_boot": { + Type: schema.TypeBool, + Optional: true, + Default: false, + Description: `Defines whether the instance has Secure Boot enabled.`, + AtLeastOneOf: []string{ + "cluster_autoscaling.0.auto_provisioning_defaults.0.shielded_instance_config.0.enable_secure_boot", + "cluster_autoscaling.0.auto_provisioning_defaults.0.shielded_instance_config.0.enable_integrity_monitoring", + }, + }, + "enable_integrity_monitoring": { + Type: schema.TypeBool, + Optional: true, + Default: true, + Description: `Defines whether the instance has integrity monitoring enabled.`, + AtLeastOneOf: []string{ + "cluster_autoscaling.0.auto_provisioning_defaults.0.shielded_instance_config.0.enable_secure_boot", + "cluster_autoscaling.0.auto_provisioning_defaults.0.shielded_instance_config.0.enable_integrity_monitoring", + }, + }, + }, + }, + }, + "management": { + Type: schema.TypeList, + Optional: true, + Computed: true, + MaxItems: 1, + Description: `NodeManagement configuration for this NodePool.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "auto_upgrade": { + Type: schema.TypeBool, + Optional: true, + Computed: true, + Description: `Specifies whether node auto-upgrade is enabled for the node pool. If enabled, node auto-upgrade helps keep the nodes in your node pool up to date with the latest release version of Kubernetes.`, + }, + "auto_repair": { + Type: schema.TypeBool, + Optional: true, + Computed: true, + Description: `Specifies whether the node auto-repair is enabled for the node pool. If enabled, the nodes in this node pool will be monitored and, if they fail health checks too many times, an automatic repair action will be triggered.`, + }, + "upgrade_options": { + Type: schema.TypeList, + Computed: true, + Description: `Specifies the Auto Upgrade knobs for the node pool.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "auto_upgrade_start_time": { + Type: schema.TypeString, + Computed: true, + Description: `This field is set when upgrades are about to commence with the approximate start time for the upgrades, in RFC3339 text format.`, + }, + "description": { + Type: schema.TypeString, + Computed: true, + Description: `This field is set when upgrades are about to commence with the description of the upgrade.`, + }, + }, + }, + }, + }, + }, + }, + "upgrade_settings": { + Type: schema.TypeList, + Optional: true, + Description: `Specifies the upgrade settings for NAP created node pools`, + Computed: true, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "max_surge": { + Type: schema.TypeInt, + Optional: true, + Description: `The maximum number of nodes that can be created beyond the current size of the node pool during the upgrade process.`, + }, + "max_unavailable": { + Type: schema.TypeInt, + Optional: true, + Description: `The maximum number of nodes that can be simultaneously unavailable during the upgrade process.`, + }, + "strategy": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: `Update strategy of the node pool.`, + ValidateFunc: validation.StringInSlice([]string{"NODE_POOL_UPDATE_STRATEGY_UNSPECIFIED", "BLUE_GREEN", "SURGE"}, false), + }, + "blue_green_settings": { + Type: schema.TypeList, + Optional: true, + Computed: true, + MaxItems: 1, + Description: `Settings for blue-green upgrade strategy.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "node_pool_soak_duration": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: `Time needed after draining entire blue pool. After this period, blue pool will be cleaned up. + + A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`, + }, + "standard_rollout_policy": { + Type: schema.TypeList, + Optional: true, + Computed: true, + MaxItems: 1, + Description: `Standard policy for the blue-green upgrade.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "batch_percentage": { + Type: schema.TypeFloat, + Optional: true, + Computed: true, + ValidateFunc: validation.FloatBetween(0.0, 1.0), + ExactlyOneOf: []string{ + "cluster_autoscaling.0.auto_provisioning_defaults.0.upgrade_settings.0.blue_green_settings.0.standard_rollout_policy.0.batch_percentage", + "cluster_autoscaling.0.auto_provisioning_defaults.0.upgrade_settings.0.blue_green_settings.0.standard_rollout_policy.0.batch_node_count", + }, + Description: `Percentage of the bool pool nodes to drain in a batch. The range of this field should be (0.0, 1.0].`, + }, + "batch_node_count": { + Type: schema.TypeInt, + Optional: true, + Computed: true, + ExactlyOneOf: []string{ + "cluster_autoscaling.0.auto_provisioning_defaults.0.upgrade_settings.0.blue_green_settings.0.standard_rollout_policy.0.batch_percentage", + "cluster_autoscaling.0.auto_provisioning_defaults.0.upgrade_settings.0.blue_green_settings.0.standard_rollout_policy.0.batch_node_count", + }, + Description: `Number of blue nodes to drain in a batch.`, + }, + "batch_soak_duration": { + Type: schema.TypeString, + Optional: true, + Default: "0s", + Description: `Soak time after each batch gets drained. + + A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".`, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + + "cluster_ipv4_cidr": { + Type: schema.TypeString, + Optional: true, + Computed: true, + ForceNew: true, + ValidateFunc: verify.OrEmpty(verify.ValidateRFC1918Network(8, 32)), + ConflictsWith: []string{"ip_allocation_policy"}, + Description: `The IP address range of the Kubernetes pods in this cluster in CIDR notation (e.g. 10.96.0.0/14). Leave blank to have one automatically chosen or specify a /14 block in 10.0.0.0/8. This field will only work for routes-based clusters, where ip_allocation_policy is not defined.`, + }, + + "description": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + Description: ` Description of the cluster.`, + }, + + "binary_authorization": { + Type: schema.TypeList, + Optional: true, + DiffSuppressFunc: BinaryAuthorizationDiffSuppress, + MaxItems: 1, + Description: "Configuration options for the Binary Authorization feature.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enabled": { + Type: schema.TypeBool, + Optional: true, + Deprecated: "Deprecated in favor of evaluation_mode.", + Description: "Enable Binary Authorization for this cluster.", + ConflictsWith: []string{"enable_autopilot", "binary_authorization.0.evaluation_mode"}, + }, + "evaluation_mode": { + Type: schema.TypeString, + Optional: true, + ValidateFunc: validation.StringInSlice([]string{"DISABLED", "PROJECT_SINGLETON_POLICY_ENFORCE"}, false), + Description: "Mode of operation for Binary Authorization policy evaluation.", + ConflictsWith: []string{"binary_authorization.0.enabled"}, + }, + }, + }, + }, + + "enable_kubernetes_alpha": { + Type: schema.TypeBool, + Optional: true, + ForceNew: true, + Default: false, + Description: `Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days.`, + }, + + "enable_k8s_beta_apis": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + Description: `Configuration for Kubernetes Beta APIs.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enabled_apis": { + Type: schema.TypeSet, + Required: true, + Elem: &schema.Schema{Type: schema.TypeString}, + Description: `Enabled Kubernetes Beta APIs.`, + }, + }, + }, + }, + + "enable_tpu": { + Type: schema.TypeBool, + Optional: true, + ForceNew: true, + Description: `Whether to enable Cloud TPU resources in this cluster.`, + }, + + "enable_legacy_abac": { + Type: schema.TypeBool, + Optional: true, + Default: false, + Description: `Whether the ABAC authorizer is enabled for this cluster. When enabled, identities in the system, including service accounts, nodes, and controllers, will have statically granted permissions beyond those provided by the RBAC configuration or IAM. Defaults to false.`, + }, + + "enable_shielded_nodes": { + Type: schema.TypeBool, + Optional: true, + Default: true, + Description: `Enable Shielded Nodes features on all nodes in this cluster. Defaults to true.`, + ConflictsWith: []string{"enable_autopilot"}, + }, + + "enable_autopilot": { + Type: schema.TypeBool, + Optional: true, + ForceNew: true, + Description: `Enable Autopilot for this cluster.`, + // ConflictsWith: many fields, see https://cloud.google.com/kubernetes-engine/docs/concepts/autopilot-overview#comparison. The conflict is only set one-way, on other fields w/ this field. + }, + + "allow_net_admin": { + Type: schema.TypeBool, + Optional: true, + Description: `Enable NET_ADMIN for this cluster.`, + }, + + "authenticator_groups_config": { + Type: schema.TypeList, + Optional: true, + Computed: true, + MaxItems: 1, + Description: `Configuration for the Google Groups for GKE feature.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "security_group": { + Type: schema.TypeString, + Required: true, + Description: `The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format gke-security-groups@yourdomain.com.`, + }, + }, + }, + }, + + "initial_node_count": { + Type: schema.TypeInt, + Optional: true, + ForceNew: true, + Description: `The number of nodes to create in this cluster's default node pool. In regional or multi-zonal clusters, this is the number of nodes per zone. Must be set if node_pool is not set. If you're using google_container_node_pool objects with no default node pool, you'll need to set this to a value of at least 1, alongside setting remove_default_node_pool to true.`, + }, + + "logging_config": { + Type: schema.TypeList, + Optional: true, + Computed: true, + MaxItems: 1, + Description: `Logging configuration for the cluster.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enable_components": { + Type: schema.TypeList, + Required: true, + Description: `GKE components exposing logs. Valid values include SYSTEM_COMPONENTS, APISERVER, CONTROLLER_MANAGER, SCHEDULER, and WORKLOADS.`, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringInSlice([]string{"SYSTEM_COMPONENTS", "APISERVER", "CONTROLLER_MANAGER", "SCHEDULER", "WORKLOADS"}, false), + }, + }, + }, + }, + }, + + "logging_service": { + Type: schema.TypeString, + Optional: true, + Computed: true, + ValidateFunc: validation.StringInSlice([]string{"logging.googleapis.com", "logging.googleapis.com/kubernetes", "none"}, false), + Description: `The logging service that the cluster should write logs to. Available options include logging.googleapis.com(Legacy Stackdriver), logging.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Logging), and none. Defaults to logging.googleapis.com/kubernetes.`, + }, + + "maintenance_policy": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + Description: `The maintenance policy to use for the cluster.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "daily_maintenance_window": { + Type: schema.TypeList, + Optional: true, + ExactlyOneOf: []string{ + "maintenance_policy.0.daily_maintenance_window", + "maintenance_policy.0.recurring_window", + }, + MaxItems: 1, + Description: `Time window specified for daily maintenance operations. Specify start_time in RFC3339 format "HH:MM”, where HH : [00-23] and MM : [00-59] GMT.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "start_time": { + Type: schema.TypeString, + Required: true, + ValidateFunc: verify.ValidateRFC3339Time, + DiffSuppressFunc: tpgresource.Rfc3339TimeDiffSuppress, + }, + "duration": { + Type: schema.TypeString, + Computed: true, + }, + }, + }, + }, + "recurring_window": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + ExactlyOneOf: []string{ + "maintenance_policy.0.daily_maintenance_window", + "maintenance_policy.0.recurring_window", + }, + Description: `Time window for recurring maintenance operations.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "start_time": { + Type: schema.TypeString, + Required: true, + ValidateFunc: verify.ValidateRFC3339Date, + }, + "end_time": { + Type: schema.TypeString, + Required: true, + ValidateFunc: verify.ValidateRFC3339Date, + }, + "recurrence": { + Type: schema.TypeString, + Required: true, + DiffSuppressFunc: rfc5545RecurrenceDiffSuppress, + }, + }, + }, + }, + "maintenance_exclusion": { + Type: schema.TypeSet, + Optional: true, + MaxItems: 20, + Description: `Exceptions to maintenance window. Non-emergency maintenance should not occur in these windows.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "exclusion_name": { + Type: schema.TypeString, + Required: true, + }, + "start_time": { + Type: schema.TypeString, + Required: true, + ValidateFunc: verify.ValidateRFC3339Date, + }, + "end_time": { + Type: schema.TypeString, + Required: true, + ValidateFunc: verify.ValidateRFC3339Date, + }, + "exclusion_options": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + Description: `Maintenance exclusion related options.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "scope": { + Type: schema.TypeString, + Required: true, + ValidateFunc: validation.StringInSlice([]string{"NO_UPGRADES", "NO_MINOR_UPGRADES", "NO_MINOR_OR_NODE_UPGRADES"}, false), + Description: `The scope of automatic upgrades to restrict in the exclusion window.`, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + + "security_posture_config": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + Computed: true, + Description: `Defines the config needed to enable/disable features for the Security Posture API`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "mode": { + Type: schema.TypeString, + Optional: true, + Computed: true, + ValidateFunc: validation.StringInSlice([]string{"DISABLED", "BASIC", "MODE_UNSPECIFIED"}, false), + Description: `Sets the mode of the Kubernetes security posture API's off-cluster features. Available options include DISABLED and BASIC.`, + DiffSuppressFunc: tpgresource.EmptyOrDefaultStringSuppress("MODE_UNSPECIFIED"), + }, + "vulnerability_mode": { + Type: schema.TypeString, + Optional: true, + Computed: true, + ValidateFunc: validation.StringInSlice([]string{"VULNERABILITY_DISABLED", "VULNERABILITY_BASIC", "VULNERABILITY_MODE_UNSPECIFIED"}, false), + Description: `Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. Available options include VULNERABILITY_DISABLED and VULNERABILITY_BASIC.`, + DiffSuppressFunc: tpgresource.EmptyOrDefaultStringSuppress("VULNERABILITY_MODE_UNSPECIFIED"), + }, + }, + }, + }, + "monitoring_config": { + Type: schema.TypeList, + Optional: true, + Computed: true, + MaxItems: 1, + Description: `Monitoring configuration for the cluster.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enable_components": { + Type: schema.TypeList, + Optional: true, + Computed: true, + Description: `GKE components exposing metrics. Valid values include SYSTEM_COMPONENTS, APISERVER, SCHEDULER, CONTROLLER_MANAGER, STORAGE, HPA, POD, DAEMONSET, DEPLOYMENT and STATEFULSET.`, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, + "managed_prometheus": { + Type: schema.TypeList, + Optional: true, + Computed: true, + MaxItems: 1, + Description: `Configuration for Google Cloud Managed Services for Prometheus.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enabled": { + Type: schema.TypeBool, + Required: true, + Description: `Whether or not the managed collection is enabled.`, + }, + }, + }, + }, + "advanced_datapath_observability_config": { + Type: schema.TypeList, + Optional: true, + Computed: true, + MaxItems: 2, + Description: `Configuration of Advanced Datapath Observability features.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enable_metrics": { + Type: schema.TypeBool, + Required: true, + Description: `Whether or not the advanced datapath metrics are enabled.`, + }, + "relay_mode": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: `Mode used to make Relay available.`, + ValidateFunc: validation.StringInSlice([]string{"DISABLED", "INTERNAL_VPC_LB", "EXTERNAL_LB"}, false), + }, + }, + }, + }, + }, + }, + }, + + "notification_config": { + Type: schema.TypeList, + Optional: true, + Computed: true, + MaxItems: 1, + Description: `The notification config for sending cluster upgrade notifications`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "pubsub": { + Type: schema.TypeList, + Required: true, + MaxItems: 1, + Description: `Notification config for Cloud Pub/Sub`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enabled": { + Type: schema.TypeBool, + Required: true, + Description: `Whether or not the notification config is enabled`, + }, + "topic": { + Type: schema.TypeString, + Optional: true, + Description: `The pubsub topic to push upgrade notifications to. Must be in the same project as the cluster. Must be in the format: projects/{project}/topics/{topic}.`, + }, + "filter": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + Description: `Allows filtering to one or more specific event types. If event types are present, those and only those event types will be transmitted to the cluster. Other types will be skipped. If no filter is specified, or no event types are present, all event types will be sent`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "event_type": { + Type: schema.TypeList, + Required: true, + Description: `Can be used to filter what notifications are sent. Valid values include include UPGRADE_AVAILABLE_EVENT, UPGRADE_EVENT and SECURITY_BULLETIN_EVENT`, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: validation.StringInSlice([]string{"UPGRADE_AVAILABLE_EVENT", "UPGRADE_EVENT", "SECURITY_BULLETIN_EVENT"}, false), + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + + "confidential_nodes": { + Type: schema.TypeList, + Optional: true, + Computed: true, + ForceNew: true, + MaxItems: 1, + Description: `Configuration for the confidential nodes feature, which makes nodes run on confidential VMs. Warning: This configuration can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enabled": { + Type: schema.TypeBool, + Required: true, + ForceNew: true, + Description: `Whether Confidential Nodes feature is enabled for all nodes in this cluster.`, + }, + }, + }, + }, + + "master_auth": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + Computed: true, + Description: `The authentication information for accessing the Kubernetes master. Some values in this block are only returned by the API if your service account has permission to get credentials for your GKE cluster. If you see an unexpected diff unsetting your client cert, ensure you have the container.clusters.getCredentials permission.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "client_certificate_config": { + Type: schema.TypeList, + MaxItems: 1, + Required: true, + ForceNew: true, + Description: `Whether client certificate authorization is enabled for this cluster.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "issue_client_certificate": { + Type: schema.TypeBool, + Required: true, + ForceNew: true, + Description: `Whether client certificate authorization is enabled for this cluster.`, + }, + }, + }, + }, + + "client_certificate": { + Type: schema.TypeString, + Computed: true, + Description: `Base64 encoded public certificate used by clients to authenticate to the cluster endpoint.`, + }, + + "client_key": { + Type: schema.TypeString, + Computed: true, + Sensitive: true, + Description: `Base64 encoded private key used by clients to authenticate to the cluster endpoint.`, + }, + + "cluster_ca_certificate": { + Type: schema.TypeString, + Computed: true, + Description: `Base64 encoded public certificate that is the root of trust for the cluster.`, + }, + }, + }, + }, + + "master_authorized_networks_config": { + Type: schema.TypeList, + Optional: true, + Computed: true, + MaxItems: 1, + Elem: masterAuthorizedNetworksConfig, + Description: `The desired configuration options for master authorized networks. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists).`, + }, + + "min_master_version": { + Type: schema.TypeString, + Optional: true, + Description: `The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the current master version--use the read-only master_version field to obtain that. If unset, the cluster's version will be set by GKE to the version of the most recent official release (which is not necessarily the latest version).`, + }, + + "monitoring_service": { + Type: schema.TypeString, + Optional: true, + Computed: true, + ValidateFunc: validation.StringInSlice([]string{"monitoring.googleapis.com", "monitoring.googleapis.com/kubernetes", "none"}, false), + Description: `The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com(Legacy Stackdriver), monitoring.googleapis.com/kubernetes(Stackdriver Kubernetes Engine Monitoring), and none. Defaults to monitoring.googleapis.com/kubernetes.`, + }, + + "network": { + Type: schema.TypeString, + Optional: true, + Default: "default", + ForceNew: true, + DiffSuppressFunc: tpgresource.CompareSelfLinkOrResourceName, + Description: `The name or self_link of the Google Compute Engine network to which the cluster is connected. For Shared VPC, set this to the self link of the shared network.`, + }, + + "network_policy": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + Description: `Configuration options for the NetworkPolicy feature.`, + ConflictsWith: []string{"enable_autopilot"}, + DiffSuppressFunc: containerClusterNetworkPolicyDiffSuppress, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enabled": { + Type: schema.TypeBool, + Required: true, + Description: `Whether network policy is enabled on the cluster.`, + }, + "provider": { + Type: schema.TypeString, + Optional: true, + ValidateFunc: validation.StringInSlice([]string{"PROVIDER_UNSPECIFIED", "CALICO"}, false), + DiffSuppressFunc: tpgresource.EmptyOrDefaultStringSuppress("PROVIDER_UNSPECIFIED"), + Description: `The selected network policy provider.`, + }, + }, + }, + }, + + "node_config": clusterSchemaNodeConfig(), + + "node_pool": { + Type: schema.TypeList, + Optional: true, + Computed: true, + ForceNew: true, // TODO: Add ability to add/remove nodePools + Elem: &schema.Resource{ + Schema: schemaNodePool, + }, + Description: `List of node pools associated with this cluster. See google_container_node_pool for schema. Warning: node pools defined inside a cluster can't be changed (or added/removed) after cluster creation without deleting and recreating the entire cluster. Unless you absolutely need the ability to say "these are the only node pools associated with this cluster", use the google_container_node_pool resource instead of this property.`, + ConflictsWith: []string{"enable_autopilot"}, + }, + + "node_pool_defaults": clusterSchemaNodePoolDefaults(), + + "node_pool_auto_config": { + Type: schema.TypeList, + Optional: true, + Computed: true, + MaxItems: 1, + Description: `Node pool configs that apply to all auto-provisioned node pools in autopilot clusters and node auto-provisioning enabled clusters.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "network_tags": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + Description: `Collection of Compute Engine network tags that can be applied to a node's underlying VM instance.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "tags": { + Type: schema.TypeList, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + Description: `List of network tags applied to auto-provisioned node pools.`, + }, + }, + }, + }, + }, + }, + }, + + "node_version": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: `The Kubernetes version on the nodes. Must either be unset or set to the same value as min_master_version on create. Defaults to the default version set by GKE which is not necessarily the latest version. This only affects nodes in the default node pool. While a fuzzy version can be specified, it's recommended that you specify explicit versions as Terraform will see spurious diffs when fuzzy versions are used. See the google_container_engine_versions data source's version_prefix field to approximate fuzzy versions in a Terraform-compatible way. To update nodes in other node pools, use the version attribute on the node pool.`, + }, + + "project": { + Type: schema.TypeString, + Optional: true, + Computed: true, + ForceNew: true, + Description: `The ID of the project in which the resource belongs. If it is not provided, the provider project is used.`, + }, + + "subnetwork": { + Type: schema.TypeString, + Optional: true, + Computed: true, + ForceNew: true, + DiffSuppressFunc: tpgresource.CompareSelfLinkOrResourceName, + Description: `The name or self_link of the Google Compute Engine subnetwork in which the cluster's instances are launched.`, + }, + + "self_link": { + Type: schema.TypeString, + Computed: true, + Description: `Server-defined URL for the resource.`, + }, + + "endpoint": { + Type: schema.TypeString, + Computed: true, + Description: `The IP address of this cluster's Kubernetes master.`, + }, + + "master_version": { + Type: schema.TypeString, + Computed: true, + Description: `The current version of the master in the cluster. This may be different than the min_master_version set in the config if the master has been updated by GKE.`, + }, + + "services_ipv4_cidr": { + Type: schema.TypeString, + Computed: true, + Description: `The IP address range of the Kubernetes services in this cluster, in CIDR notation (e.g. 1.2.3.4/29). Service addresses are typically put in the last /16 from the container CIDR.`, + }, + + "ip_allocation_policy": { + Type: schema.TypeList, + MaxItems: 1, + ForceNew: true, + Computed: true, + Optional: true, + ConflictsWith: []string{"cluster_ipv4_cidr"}, + Description: `Configuration of cluster IP allocation for VPC-native clusters. Adding this block enables IP aliasing, making the cluster VPC-native instead of routes-based.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + // GKE creates/deletes secondary ranges in VPC + "cluster_ipv4_cidr_block": { + Type: schema.TypeString, + Optional: true, + Computed: true, + ForceNew: true, + ConflictsWith: ipAllocationRangeFields, + DiffSuppressFunc: tpgresource.CidrOrSizeDiffSuppress, + Description: `The IP address range for the cluster pod IPs. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.`, + }, + + "services_ipv4_cidr_block": { + Type: schema.TypeString, + Optional: true, + Computed: true, + ForceNew: true, + ConflictsWith: ipAllocationRangeFields, + DiffSuppressFunc: tpgresource.CidrOrSizeDiffSuppress, + Description: `The IP address range of the services IPs in this cluster. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) from the RFC-1918 private networks (e.g. 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) to pick a specific range to use.`, + }, + + // User manages secondary ranges manually + "cluster_secondary_range_name": { + Type: schema.TypeString, + Optional: true, + Computed: true, + ForceNew: true, + ConflictsWith: ipAllocationCidrBlockFields, + Description: `The name of the existing secondary range in the cluster's subnetwork to use for pod IP addresses. Alternatively, cluster_ipv4_cidr_block can be used to automatically create a GKE-managed one.`, + }, + + "services_secondary_range_name": { + Type: schema.TypeString, + Optional: true, + Computed: true, + ForceNew: true, + ConflictsWith: ipAllocationCidrBlockFields, + Description: `The name of the existing secondary range in the cluster's subnetwork to use for service ClusterIPs. Alternatively, services_ipv4_cidr_block can be used to automatically create a GKE-managed one.`, + }, + + "stack_type": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + Default: "IPV4", + ValidateFunc: validation.StringInSlice([]string{"IPV4", "IPV4_IPV6"}, false), + Description: `The IP Stack type of the cluster. Choose between IPV4 and IPV4_IPV6. Default type is IPV4 Only if not set`, + }, + "pod_cidr_overprovision_config": { + Type: schema.TypeList, + Optional: true, + Computed: true, + ForceNew: true, + MaxItems: 1, + Description: `Configuration for cluster level pod cidr overprovision. Default is disabled=false.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "disabled": { + Type: schema.TypeBool, + Required: true, + }, + }, + }, + }, + "additional_pod_ranges_config": { + Type: schema.TypeList, + MaxItems: 1, + Optional: true, + Description: `AdditionalPodRangesConfig is the configuration for additional pod secondary ranges supporting the ClusterUpdate message.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "pod_range_names": { + Type: schema.TypeSet, + MinItems: 1, + Required: true, + Elem: &schema.Schema{Type: schema.TypeString}, + Description: `Name for pod secondary ipv4 range which has the actual range defined ahead.`, + }, + }, + }, + }, + }, + }, + }, + + "networking_mode": { + Type: schema.TypeString, + Optional: true, + Computed: true, + ForceNew: true, + ValidateFunc: validation.StringInSlice([]string{"VPC_NATIVE", "ROUTES"}, false), + Description: `Determines whether alias IPs or routes will be used for pod IPs in the cluster.`, + }, + + "remove_default_node_pool": { + Type: schema.TypeBool, + Optional: true, + Description: `If true, deletes the default node pool upon cluster creation. If you're using google_container_node_pool resources with no default node pool, this should be set to true, alongside setting initial_node_count to at least 1.`, + ConflictsWith: []string{"enable_autopilot"}, + }, + + "private_cluster_config": { + Type: schema.TypeList, + MaxItems: 1, + Optional: true, + Computed: true, + DiffSuppressFunc: containerClusterPrivateClusterConfigSuppress, + Description: `Configuration for private clusters, clusters with private nodes.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + // enable_private_endpoint is orthogonal to private_endpoint_subnetwork. + // User can create a private_cluster_config block without including + // either one of those two fields. Both fields are optional. + // At the same time, we use 'AtLeastOneOf' to prevent an empty block + // like 'private_cluster_config{}' + "enable_private_endpoint": { + Type: schema.TypeBool, + Optional: true, + AtLeastOneOf: privateClusterConfigKeys, + DiffSuppressFunc: containerClusterPrivateClusterConfigSuppress, + Description: `When true, the cluster's private endpoint is used as the cluster endpoint and access through the public endpoint is disabled. When false, either endpoint can be used.`, + }, + "enable_private_nodes": { + Type: schema.TypeBool, + Optional: true, + ForceNew: true, + AtLeastOneOf: privateClusterConfigKeys, + DiffSuppressFunc: containerClusterPrivateClusterConfigSuppress, + Description: `Enables the private cluster feature, creating a private endpoint on the cluster. In a private cluster, nodes only have RFC 1918 private addresses and communicate with the master's private endpoint via private networking.`, + }, + "master_ipv4_cidr_block": { + Type: schema.TypeString, + Computed: true, + Optional: true, + ForceNew: true, + AtLeastOneOf: privateClusterConfigKeys, + ValidateFunc: verify.OrEmpty(validation.IsCIDRNetwork(28, 28)), + Description: `The IP range in CIDR notation to use for the hosted master network. This range will be used for assigning private IP addresses to the cluster master(s) and the ILB VIP. This range must not overlap with any other ranges in use within the cluster's network, and it must be a /28 subnet. See Private Cluster Limitations for more details. This field only applies to private clusters, when enable_private_nodes is true.`, + }, + "peering_name": { + Type: schema.TypeString, + Computed: true, + Description: `The name of the peering between this cluster and the Google owned VPC.`, + }, + "private_endpoint": { + Type: schema.TypeString, + Computed: true, + Description: `The internal IP address of this cluster's master endpoint.`, + }, + "private_endpoint_subnetwork": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + AtLeastOneOf: privateClusterConfigKeys, + DiffSuppressFunc: tpgresource.CompareSelfLinkOrResourceName, + Description: `Subnetwork in cluster's network where master's endpoint will be provisioned.`, + }, + "public_endpoint": { + Type: schema.TypeString, + Computed: true, + Description: `The external IP address of this cluster's master endpoint.`, + }, + "master_global_access_config": { + Type: schema.TypeList, + MaxItems: 1, + Optional: true, + Computed: true, + AtLeastOneOf: privateClusterConfigKeys, + Description: "Controls cluster master global access settings.", + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enabled": { + Type: schema.TypeBool, + Required: true, + Description: `Whether the cluster master is accessible globally or not.`, + }, + }, + }, + }, + }, + }, + }, + + "resource_labels": { + Type: schema.TypeMap, + Optional: true, + Elem: &schema.Schema{Type: schema.TypeString}, + Description: `The GCE resource labels (a map of key/value pairs) to be applied to the cluster.`, + }, + + "label_fingerprint": { + Type: schema.TypeString, + Computed: true, + Description: `The fingerprint of the set of labels for this cluster.`, + }, + + "default_max_pods_per_node": { + Type: schema.TypeInt, + Optional: true, + ForceNew: true, + Computed: true, + Description: `The default maximum number of pods per node in this cluster. This doesn't work on "routes-based" clusters, clusters that don't have IP Aliasing enabled.`, + ConflictsWith: []string{"enable_autopilot"}, + }, + + "vertical_pod_autoscaling": { + Type: schema.TypeList, + MaxItems: 1, + Optional: true, + Computed: true, + Description: `Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enabled": { + Type: schema.TypeBool, + Required: true, + Description: `Enables vertical pod autoscaling.`, + }, + }, + }, + }, + "workload_identity_config": { + Type: schema.TypeList, + MaxItems: 1, + Optional: true, + // Computed is unsafe to remove- this API may return `"workloadIdentityConfig": {},` or omit the key entirely + // and both will be valid. Note that we don't handle the case where the API returns nothing & the user has defined + // workload_identity_config today. + Computed: true, + Description: `Configuration for the use of Kubernetes Service Accounts in GCP IAM policies.`, + ConflictsWith: []string{"enable_autopilot"}, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "workload_pool": { + Type: schema.TypeString, + Optional: true, + Description: "The workload pool to attach all Kubernetes service accounts to.", + }, + }, + }, + }, + + "service_external_ips_config": { + Type: schema.TypeList, + MaxItems: 1, + Optional: true, + Computed: true, + Description: `If set, and enabled=true, services with external ips field will not be blocked`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enabled": { + Type: schema.TypeBool, + Required: true, + Description: `When enabled, services with exterenal ips specified will be allowed.`, + }, + }, + }, + }, + + "mesh_certificates": { + Type: schema.TypeList, + MaxItems: 1, + Optional: true, + Computed: true, + Description: `If set, and enable_certificates=true, the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enable_certificates": { + Type: schema.TypeBool, + Required: true, + Description: `When enabled the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster.`, + }, + }, + }, + }, + + "database_encryption": { + Type: schema.TypeList, + MaxItems: 1, + Optional: true, + Computed: true, + Description: `Application-layer Secrets Encryption settings. The object format is {state = string, key_name = string}. Valid values of state are: "ENCRYPTED"; "DECRYPTED". key_name is the name of a CloudKMS key.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "state": { + Type: schema.TypeString, + Required: true, + ValidateFunc: validation.StringInSlice([]string{"ENCRYPTED", "DECRYPTED"}, false), + Description: `ENCRYPTED or DECRYPTED.`, + }, + "key_name": { + Type: schema.TypeString, + Optional: true, + Description: `The key to use to encrypt/decrypt secrets.`, + }, + }, + }, + }, + + "release_channel": { + Type: schema.TypeList, + Optional: true, + Computed: true, + MaxItems: 1, + Description: `Configuration options for the Release channel feature, which provide more control over automatic upgrades of your GKE clusters. Note that removing this field from your config will not unenroll it. Instead, use the "UNSPECIFIED" channel.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "channel": { + Type: schema.TypeString, + Required: true, + ValidateFunc: validation.StringInSlice([]string{"UNSPECIFIED", "RAPID", "REGULAR", "STABLE"}, false), + Description: `The selected release channel. Accepted values are: +* UNSPECIFIED: Not set. +* RAPID: Weekly upgrade cadence; Early testers and developers who requires new features. +* REGULAR: Multiple per month upgrade cadence; Production users who need features not yet offered in the Stable channel. +* STABLE: Every few months upgrade cadence; Production users who need stability above all else, and for whom frequent upgrades are too risky.`, + }, + }, + }, + }, + + "tpu_ipv4_cidr_block": { + Computed: true, + Type: schema.TypeString, + Description: `The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).`, + }, + + "default_snat_status": { + Type: schema.TypeList, + MaxItems: 1, + Optional: true, + Computed: true, + Description: `Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "disabled": { + Type: schema.TypeBool, + Required: true, + Description: `When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic.`, + }, + }, + }, + }, + + "datapath_provider": { + Type: schema.TypeString, + Optional: true, + ForceNew: true, + Computed: true, + Description: `The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation.`, + ValidateFunc: validation.StringInSlice([]string{"DATAPATH_PROVIDER_UNSPECIFIED", "LEGACY_DATAPATH", "ADVANCED_DATAPATH"}, false), + DiffSuppressFunc: tpgresource.EmptyOrDefaultStringSuppress("DATAPATH_PROVIDER_UNSPECIFIED"), + }, + + "enable_intranode_visibility": { + Type: schema.TypeBool, + Optional: true, + Computed: true, + Description: `Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.`, + ConflictsWith: []string{"enable_autopilot"}, + }, + "enable_l4_ilb_subsetting": { + Type: schema.TypeBool, + Optional: true, + Description: `Whether L4ILB Subsetting is enabled for this cluster.`, + Default: false, + }, + "private_ipv6_google_access": { + Type: schema.TypeString, + Optional: true, + Description: `The desired state of IPv6 connectivity to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4).`, + Computed: true, + }, + + "cost_management_config": { + Type: schema.TypeList, + MaxItems: 1, + Optional: true, + Computed: true, + Description: `Cost management configuration for the cluster.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enabled": { + Type: schema.TypeBool, + Required: true, + Description: `Whether to enable GKE cost allocation. When you enable GKE cost allocation, the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery. Defaults to false.`, + }, + }, + }, + }, + + "resource_usage_export_config": { + Type: schema.TypeList, + MaxItems: 1, + Optional: true, + Description: `Configuration for the ResourceUsageExportConfig feature.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enable_network_egress_metering": { + Type: schema.TypeBool, + Optional: true, + Default: false, + Description: `Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created in the cluster to meter network egress traffic.`, + }, + "enable_resource_consumption_metering": { + Type: schema.TypeBool, + Optional: true, + Default: true, + Description: `Whether to enable resource consumption metering on this cluster. When enabled, a table will be created in the resource export BigQuery dataset to store resource consumption data. The resulting table can be joined with the resource usage table or with BigQuery billing export. Defaults to true.`, + }, + "bigquery_destination": { + Type: schema.TypeList, + MaxItems: 1, + Required: true, + Description: `Parameters for using BigQuery as the destination of resource usage export.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "dataset_id": { + Type: schema.TypeString, + Required: true, + Description: `The ID of a BigQuery Dataset.`, + }, + }, + }, + }, + }, + }, + }, + "dns_config": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + ForceNew: true, + DiffSuppressFunc: suppressDiffForAutopilot, + Description: `Configuration for Cloud DNS for Kubernetes Engine.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "cluster_dns": { + Type: schema.TypeString, + Default: "PROVIDER_UNSPECIFIED", + ValidateFunc: validation.StringInSlice([]string{"PROVIDER_UNSPECIFIED", "PLATFORM_DEFAULT", "CLOUD_DNS"}, false), + Description: `Which in-cluster DNS provider should be used.`, + Optional: true, + }, + "cluster_dns_scope": { + Type: schema.TypeString, + Default: "DNS_SCOPE_UNSPECIFIED", + ValidateFunc: validation.StringInSlice([]string{"DNS_SCOPE_UNSPECIFIED", "CLUSTER_SCOPE", "VPC_SCOPE"}, false), + Description: `The scope of access to cluster DNS records.`, + Optional: true, + }, + "cluster_dns_domain": { + Type: schema.TypeString, + Description: `The suffix used for all cluster service records.`, + Optional: true, + }, + }, + }, + }, + "gateway_api_config": { + Type: schema.TypeList, + Optional: true, + Computed: true, + MaxItems: 1, + Description: `Configuration for GKE Gateway API controller.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "channel": { + Type: schema.TypeString, + Required: true, + ValidateFunc: validation.StringInSlice([]string{"CHANNEL_DISABLED", "CHANNEL_EXPERIMENTAL", "CHANNEL_STANDARD"}, false), + Description: `The Gateway API release channel to use for Gateway API.`, + }, + }, + }, + }, + }, + } +} diff --git a/google/services/container/resource_container_cluster_test.go b/google/services/container/resource_container_cluster_test.go index 5dd43d50ab8..ecaf4c5a027 100644 --- a/google/services/container/resource_container_cluster_test.go +++ b/google/services/container/resource_container_cluster_test.go @@ -31,21 +31,24 @@ func TestAccContainerCluster_basic(t *testing.T) { ), }, { - ResourceName: "google_container_cluster.primary", - ImportStateId: fmt.Sprintf("us-central1-a/%s", clusterName), - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.primary", + ImportStateId: fmt.Sprintf("us-central1-a/%s", clusterName), + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { - ResourceName: "google_container_cluster.primary", - ImportStateId: fmt.Sprintf("%s/us-central1-a/%s", envvar.GetTestProjectFromEnv(), clusterName), - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.primary", + ImportStateId: fmt.Sprintf("%s/us-central1-a/%s", envvar.GetTestProjectFromEnv(), clusterName), + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { - ResourceName: "google_container_cluster.primary", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.primary", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -64,9 +67,10 @@ func TestAccContainerCluster_networkingModeRoutes(t *testing.T) { Config: testAccContainerCluster_networkingModeRoutes(clusterName), }, { - ResourceName: "google_container_cluster.primary", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.primary", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -92,7 +96,7 @@ func TestAccContainerCluster_misc(t *testing.T) { ResourceName: "google_container_cluster.primary", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"remove_default_node_pool"}, + ImportStateVerifyIgnore: []string{"remove_default_node_pool", "deletion_protection"}, }, { Config: testAccContainerCluster_misc_update(clusterName), @@ -101,7 +105,7 @@ func TestAccContainerCluster_misc(t *testing.T) { ResourceName: "google_container_cluster.primary", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"remove_default_node_pool"}, + ImportStateVerifyIgnore: []string{"remove_default_node_pool", "deletion_protection"}, }, }, }) @@ -126,7 +130,7 @@ func TestAccContainerCluster_withAddons(t *testing.T) { ImportState: true, ImportStateVerify: true, // TODO: clean up this list in `4.0.0`, remove both `workload_identity_config` fields (same for below) - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, { Config: testAccContainerCluster_updateAddons(pid, clusterName), @@ -135,7 +139,7 @@ func TestAccContainerCluster_withAddons(t *testing.T) { ResourceName: "google_container_cluster.primary", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, // Issue with cloudrun_config addon: https://github.com/hashicorp/terraform-provider-google/issues/11943 // { @@ -145,12 +149,44 @@ func TestAccContainerCluster_withAddons(t *testing.T) { // ResourceName: "google_container_cluster.primary", // ImportState: true, // ImportStateVerify: true, - // ImportStateVerifyIgnore: []string{"min_master_version"}, + // ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, // }, }, }) } +func TestAccContainerCluster_withDeletionProtection(t *testing.T) { + t.Parallel() + clusterName := fmt.Sprintf("tf-test-cluster-%s", acctest.RandString(t, 10)) + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckContainerClusterDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccContainerCluster_withDeletionProtection(clusterName, "false"), + }, + { + ResourceName: "google_container_cluster.primary", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, + }, + { + Config: testAccContainerCluster_withDeletionProtection(clusterName, "true"), + }, + { + Config: testAccContainerCluster_withDeletionProtection(clusterName, "true"), + Destroy: true, + ExpectError: regexp.MustCompile("Cannot destroy cluster because deletion_protection is set to true. Set it to false to proceed with instance deletion."), + }, + { + Config: testAccContainerCluster_withDeletionProtection(clusterName, "false"), + }, + }, + }) +} + func TestAccContainerCluster_withNotificationConfig(t *testing.T) { t.Parallel() @@ -167,33 +203,37 @@ func TestAccContainerCluster_withNotificationConfig(t *testing.T) { Config: testAccContainerCluster_withNotificationConfig(clusterName, topic), }, { - ResourceName: "google_container_cluster.notification_config", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.notification_config", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_withNotificationConfig(clusterName, newTopic), }, { - ResourceName: "google_container_cluster.notification_config", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.notification_config", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_disableNotificationConfig(clusterName), }, { - ResourceName: "google_container_cluster.notification_config", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.notification_config", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_withNotificationConfig(clusterName, newTopic), }, { - ResourceName: "google_container_cluster.notification_config", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.notification_config", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -215,25 +255,28 @@ func TestAccContainerCluster_withFilteredNotificationConfig(t *testing.T) { Config: testAccContainerCluster_withFilteredNotificationConfig(clusterName, topic), }, { - ResourceName: "google_container_cluster.filtered_notification_config", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.filtered_notification_config", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_withFilteredNotificationConfigUpdate(clusterName, newTopic), }, { - ResourceName: "google_container_cluster.filtered_notification_config", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.filtered_notification_config", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_disableFilteredNotificationConfig(clusterName, newTopic), }, { - ResourceName: "google_container_cluster.filtered_notification_config", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.filtered_notification_config", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -254,25 +297,28 @@ func TestAccContainerCluster_withConfidentialNodes(t *testing.T) { Config: testAccContainerCluster_withConfidentialNodes(clusterName, npName), }, { - ResourceName: "google_container_cluster.confidential_nodes", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.confidential_nodes", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_disableConfidentialNodes(clusterName, npName), }, { - ResourceName: "google_container_cluster.confidential_nodes", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.confidential_nodes", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_withConfidentialNodes(clusterName, npName), }, { - ResourceName: "google_container_cluster.confidential_nodes", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.confidential_nodes", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -293,25 +339,28 @@ func TestAccContainerCluster_withILBSubsetting(t *testing.T) { Config: testAccContainerCluster_disableILBSubSetting(clusterName, npName), }, { - ResourceName: "google_container_cluster.confidential_nodes", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.confidential_nodes", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_withILBSubSetting(clusterName, npName), }, { - ResourceName: "google_container_cluster.confidential_nodes", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.confidential_nodes", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_disableILBSubSetting(clusterName, npName), }, { - ResourceName: "google_container_cluster.confidential_nodes", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.confidential_nodes", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -334,9 +383,10 @@ func TestAccContainerCluster_withMasterAuthConfig_NoCert(t *testing.T) { ), }, { - ResourceName: "google_container_cluster.with_master_auth_no_cert", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_master_auth_no_cert", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -359,9 +409,10 @@ func TestAccContainerCluster_withAuthenticatorGroupsConfig(t *testing.T) { ), }, { - ResourceName: "google_container_cluster.primary", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.primary", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_withAuthenticatorGroupsConfigUpdate(clusterName, orgDomain), @@ -371,9 +422,10 @@ func TestAccContainerCluster_withAuthenticatorGroupsConfig(t *testing.T) { ), }, { - ResourceName: "google_container_cluster.primary", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.primary", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_withAuthenticatorGroupsConfigUpdate2(clusterName), @@ -383,9 +435,10 @@ func TestAccContainerCluster_withAuthenticatorGroupsConfig(t *testing.T) { ), }, { - ResourceName: "google_container_cluster.primary", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.primary", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -412,7 +465,7 @@ func TestAccContainerCluster_withNetworkPolicyEnabled(t *testing.T) { ResourceName: "google_container_cluster.with_network_policy_enabled", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"remove_default_node_pool"}, + ImportStateVerifyIgnore: []string{"remove_default_node_pool", "deletion_protection"}, }, { Config: testAccContainerCluster_removeNetworkPolicy(clusterName), @@ -425,7 +478,7 @@ func TestAccContainerCluster_withNetworkPolicyEnabled(t *testing.T) { ResourceName: "google_container_cluster.with_network_policy_enabled", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"remove_default_node_pool"}, + ImportStateVerifyIgnore: []string{"remove_default_node_pool", "deletion_protection"}, }, { Config: testAccContainerCluster_withNetworkPolicyDisabled(clusterName), @@ -438,7 +491,7 @@ func TestAccContainerCluster_withNetworkPolicyEnabled(t *testing.T) { ResourceName: "google_container_cluster.with_network_policy_enabled", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"remove_default_node_pool"}, + ImportStateVerifyIgnore: []string{"remove_default_node_pool", "deletion_protection"}, }, { Config: testAccContainerCluster_withNetworkPolicyConfigDisabled(clusterName), @@ -451,7 +504,7 @@ func TestAccContainerCluster_withNetworkPolicyEnabled(t *testing.T) { ResourceName: "google_container_cluster.with_network_policy_enabled", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"remove_default_node_pool"}, + ImportStateVerifyIgnore: []string{"remove_default_node_pool", "deletion_protection"}, }, { Config: testAccContainerCluster_withNetworkPolicyConfigDisabled(clusterName), @@ -478,7 +531,7 @@ func TestAccContainerCluster_withReleaseChannelEnabled(t *testing.T) { ImportStateIdPrefix: "us-central1-a/", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, { Config: testAccContainerCluster_withReleaseChannelEnabled(clusterName, "UNSPECIFIED"), @@ -488,7 +541,7 @@ func TestAccContainerCluster_withReleaseChannelEnabled(t *testing.T) { ImportStateIdPrefix: "us-central1-a/", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, }, }) @@ -510,7 +563,7 @@ func TestAccContainerCluster_withReleaseChannelEnabledDefaultVersion(t *testing. ImportStateIdPrefix: "us-central1-a/", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, { Config: testAccContainerCluster_withReleaseChannelEnabled(clusterName, "REGULAR"), @@ -520,7 +573,7 @@ func TestAccContainerCluster_withReleaseChannelEnabledDefaultVersion(t *testing. ImportStateIdPrefix: "us-central1-a/", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, { Config: testAccContainerCluster_withReleaseChannelEnabled(clusterName, "UNSPECIFIED"), @@ -530,7 +583,7 @@ func TestAccContainerCluster_withReleaseChannelEnabledDefaultVersion(t *testing. ImportStateIdPrefix: "us-central1-a/", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, }, }) @@ -581,17 +634,19 @@ func TestAccContainerCluster_withMasterAuthorizedNetworksConfig(t *testing.T) { ), }, { - ResourceName: "google_container_cluster.with_master_authorized_networks", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_master_authorized_networks", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_withMasterAuthorizedNetworksConfig(clusterName, []string{"10.0.0.0/8", "8.8.8.8/32"}, ""), }, { - ResourceName: "google_container_cluster.with_master_authorized_networks", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_master_authorized_networks", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_withMasterAuthorizedNetworksConfig(clusterName, []string{}, ""), @@ -601,17 +656,19 @@ func TestAccContainerCluster_withMasterAuthorizedNetworksConfig(t *testing.T) { ), }, { - ResourceName: "google_container_cluster.with_master_authorized_networks", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_master_authorized_networks", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_removeMasterAuthorizedNetworksConfig(clusterName), }, { - ResourceName: "google_container_cluster.with_master_authorized_networks", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_master_authorized_networks", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -638,7 +695,7 @@ func TestAccContainerCluster_withGcpPublicCidrsAccessEnabledToggle(t *testing.T) ResourceName: "google_container_cluster.with_gcp_public_cidrs_access_enabled", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, { Config: testAccContainerCluster_withGcpPublicCidrsAccessEnabled(clusterName, "false"), @@ -651,7 +708,7 @@ func TestAccContainerCluster_withGcpPublicCidrsAccessEnabledToggle(t *testing.T) ResourceName: "google_container_cluster.with_gcp_public_cidrs_access_enabled", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, { Config: testAccContainerCluster_withGcpPublicCidrsAccessEnabled(clusterName, "true"), @@ -680,6 +737,7 @@ resource "google_container_cluster" "with_gcp_public_cidrs_access_enabled" { master_authorized_networks_config { gcp_public_cidrs_access_enabled = %s } + deletion_protection = false } `, clusterName, flag) } @@ -696,6 +754,7 @@ resource "google_container_cluster" "with_gcp_public_cidrs_access_enabled" { location = "us-central1-a" min_master_version = data.google_container_engine_versions.uscentral1a.release_channel_latest_version["STABLE"] initial_node_count = 1 + deletion_protection = false } `, clusterName) } @@ -714,9 +773,10 @@ func TestAccContainerCluster_regional(t *testing.T) { Config: testAccContainerCluster_regional(clusterName), }, { - ResourceName: "google_container_cluster.regional", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.regional", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -737,9 +797,10 @@ func TestAccContainerCluster_regionalWithNodePool(t *testing.T) { Config: testAccContainerCluster_regionalWithNodePool(clusterName, npName), }, { - ResourceName: "google_container_cluster.regional", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.regional", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -759,17 +820,19 @@ func TestAccContainerCluster_regionalWithNodeLocations(t *testing.T) { Config: testAccContainerCluster_regionalNodeLocations(clusterName), }, { - ResourceName: "google_container_cluster.with_node_locations", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_node_locations", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_regionalUpdateNodeLocations(clusterName), }, { - ResourceName: "google_container_cluster.with_node_locations", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_node_locations", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -790,17 +853,19 @@ func TestAccContainerCluster_withPrivateClusterConfigBasic(t *testing.T) { Config: testAccContainerCluster_withPrivateClusterConfig(containerNetName, clusterName, false), }, { - ResourceName: "google_container_cluster.with_private_cluster", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_private_cluster", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_withPrivateClusterConfig(containerNetName, clusterName, true), }, { - ResourceName: "google_container_cluster.with_private_cluster", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_private_cluster", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -840,9 +905,10 @@ func TestAccContainerCluster_withPrivateClusterConfigMissingCidrBlock_withAutopi Config: testAccContainerCluster_withPrivateClusterConfigMissingCidrBlock(containerNetName, clusterName, "us-central1", true), }, { - ResourceName: "google_container_cluster.with_private_cluster", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_private_cluster", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -862,17 +928,19 @@ func TestAccContainerCluster_withPrivateClusterConfigGlobalAccessEnabledOnly(t * Config: testAccContainerCluster_withPrivateClusterConfigGlobalAccessEnabledOnly(clusterName, true), }, { - ResourceName: "google_container_cluster.with_private_cluster", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_private_cluster", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_withPrivateClusterConfigGlobalAccessEnabledOnly(clusterName, false), }, { - ResourceName: "google_container_cluster.with_private_cluster", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_private_cluster", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -895,9 +963,10 @@ func TestAccContainerCluster_withIntraNodeVisibility(t *testing.T) { ), }, { - ResourceName: "google_container_cluster.with_intranode_visibility", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_intranode_visibility", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_updateIntraNodeVisibility(clusterName), @@ -906,9 +975,10 @@ func TestAccContainerCluster_withIntraNodeVisibility(t *testing.T) { ), }, { - ResourceName: "google_container_cluster.with_intranode_visibility", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_intranode_visibility", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -931,7 +1001,7 @@ func TestAccContainerCluster_withVersion(t *testing.T) { ResourceName: "google_container_cluster.with_version", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, }, }) @@ -954,7 +1024,7 @@ func TestAccContainerCluster_updateVersion(t *testing.T) { ResourceName: "google_container_cluster.with_version", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, { Config: testAccContainerCluster_updateVersion(clusterName), @@ -963,7 +1033,7 @@ func TestAccContainerCluster_updateVersion(t *testing.T) { ResourceName: "google_container_cluster.with_version", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, }, }) @@ -986,7 +1056,7 @@ func TestAccContainerCluster_withNodeConfig(t *testing.T) { ResourceName: "google_container_cluster.with_node_config", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"node_config.0.taint"}, + ImportStateVerifyIgnore: []string{"node_config.0.taint", "deletion_protection"}, }, { Config: testAccContainerCluster_withNodeConfigUpdate(clusterName), @@ -995,7 +1065,7 @@ func TestAccContainerCluster_withNodeConfig(t *testing.T) { ResourceName: "google_container_cluster.with_node_config", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"node_config.0.taint"}, + ImportStateVerifyIgnore: []string{"node_config.0.taint", "deletion_protection"}, }, }, }) @@ -1013,9 +1083,10 @@ func TestAccContainerCluster_withLoggingVariantInNodeConfig(t *testing.T) { Config: testAccContainerCluster_withLoggingVariantInNodeConfig(clusterName, "MAX_THROUGHPUT"), }, { - ResourceName: "google_container_cluster.with_logging_variant_in_node_config", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_logging_variant_in_node_config", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -1034,9 +1105,10 @@ func TestAccContainerCluster_withLoggingVariantInNodePool(t *testing.T) { Config: testAccContainerCluster_withLoggingVariantInNodePool(clusterName, nodePoolName, "MAX_THROUGHPUT"), }, { - ResourceName: "google_container_cluster.with_logging_variant_in_node_pool", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_logging_variant_in_node_pool", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -1054,25 +1126,28 @@ func TestAccContainerCluster_withLoggingVariantUpdates(t *testing.T) { Config: testAccContainerCluster_withLoggingVariantNodePoolDefault(clusterName, "DEFAULT"), }, { - ResourceName: "google_container_cluster.with_logging_variant_node_pool_default", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_logging_variant_node_pool_default", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_withLoggingVariantNodePoolDefault(clusterName, "MAX_THROUGHPUT"), }, { - ResourceName: "google_container_cluster.with_logging_variant_node_pool_default", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_logging_variant_node_pool_default", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_withLoggingVariantNodePoolDefault(clusterName, "DEFAULT"), }, { - ResourceName: "google_container_cluster.with_logging_variant_node_pool_default", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_logging_variant_node_pool_default", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -1092,9 +1167,10 @@ func TestAccContainerCluster_withNodeConfigScopeAlias(t *testing.T) { Config: testAccContainerCluster_withNodeConfigScopeAlias(clusterName), }, { - ResourceName: "google_container_cluster.with_node_config_scope_alias", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_node_config_scope_alias", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -1114,9 +1190,10 @@ func TestAccContainerCluster_withNodeConfigShieldedInstanceConfig(t *testing.T) Config: testAccContainerCluster_withNodeConfigShieldedInstanceConfig(clusterName), }, { - ResourceName: "google_container_cluster.with_node_config", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_node_config", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -1142,9 +1219,10 @@ func TestAccContainerCluster_withNodeConfigReservationAffinity(t *testing.T) { ), }, { - ResourceName: "google_container_cluster.with_node_config", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_node_config", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -1177,9 +1255,10 @@ func TestAccContainerCluster_withNodeConfigReservationAffinitySpecific(t *testin ), }, { - ResourceName: "google_container_cluster.with_node_config", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_node_config", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -1206,7 +1285,7 @@ func TestAccContainerCluster_withWorkloadMetadataConfig(t *testing.T) { ResourceName: "google_container_cluster.with_workload_metadata_config", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, }, }) @@ -1234,7 +1313,7 @@ func TestAccContainerCluster_withBootDiskKmsKey(t *testing.T) { ResourceName: "google_container_cluster.with_boot_disk_kms_key", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, }, }) @@ -1255,14 +1334,16 @@ func TestAccContainerCluster_network(t *testing.T) { Config: testAccContainerCluster_networkRef(clusterName, network), }, { - ResourceName: "google_container_cluster.with_net_ref_by_url", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_net_ref_by_url", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { - ResourceName: "google_container_cluster.with_net_ref_by_name", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_net_ref_by_name", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -1282,9 +1363,10 @@ func TestAccContainerCluster_backend(t *testing.T) { Config: testAccContainerCluster_backendRef(clusterName), }, { - ResourceName: "google_container_cluster.primary", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.primary", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -1305,9 +1387,10 @@ func TestAccContainerCluster_withNodePoolBasic(t *testing.T) { Config: testAccContainerCluster_withNodePoolBasic(clusterName, npName), }, { - ResourceName: "google_container_cluster.with_node_pool", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_node_pool", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -1331,7 +1414,7 @@ func TestAccContainerCluster_withNodePoolUpdateVersion(t *testing.T) { ResourceName: "google_container_cluster.with_node_pool", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, { Config: testAccContainerCluster_withNodePoolUpdateVersion(clusterName, npName), @@ -1340,7 +1423,7 @@ func TestAccContainerCluster_withNodePoolUpdateVersion(t *testing.T) { ResourceName: "google_container_cluster.with_node_pool", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, }, }) @@ -1363,9 +1446,10 @@ func TestAccContainerCluster_withNodePoolResize(t *testing.T) { ), }, { - ResourceName: "google_container_cluster.with_node_pool", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_node_pool", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_withNodePoolResize(clusterName, npName), @@ -1374,9 +1458,10 @@ func TestAccContainerCluster_withNodePoolResize(t *testing.T) { ), }, { - ResourceName: "google_container_cluster.with_node_pool", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_node_pool", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -1401,9 +1486,10 @@ func TestAccContainerCluster_withNodePoolAutoscaling(t *testing.T) { ), }, { - ResourceName: "google_container_cluster.with_node_pool", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_node_pool", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_withNodePoolUpdateAutoscaling(clusterName, npName), @@ -1413,9 +1499,10 @@ func TestAccContainerCluster_withNodePoolAutoscaling(t *testing.T) { ), }, { - ResourceName: "google_container_cluster.with_node_pool", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_node_pool", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_withNodePoolBasic(clusterName, npName), @@ -1425,9 +1512,10 @@ func TestAccContainerCluster_withNodePoolAutoscaling(t *testing.T) { ), }, { - ResourceName: "google_container_cluster.with_node_pool", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_node_pool", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -1458,7 +1546,7 @@ func TestAccContainerCluster_withNodePoolCIA(t *testing.T) { ResourceName: "google_container_cluster.with_node_pool", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, { Config: testAccContainerRegionalClusterUpdate_withNodePoolCIA(clusterName, npName), @@ -1474,7 +1562,7 @@ func TestAccContainerCluster_withNodePoolCIA(t *testing.T) { ResourceName: "google_container_cluster.with_node_pool", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, { Config: testAccContainerRegionalCluster_withNodePoolBasic(clusterName, npName), @@ -1489,7 +1577,7 @@ func TestAccContainerCluster_withNodePoolCIA(t *testing.T) { ResourceName: "google_container_cluster.with_node_pool", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, }, }) @@ -1515,7 +1603,7 @@ func TestAccContainerCluster_withNodePoolNamePrefix(t *testing.T) { ResourceName: "google_container_cluster.with_node_pool_name_prefix", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"node_pool.0.name_prefix"}, + ImportStateVerifyIgnore: []string{"node_pool.0.name_prefix", "deletion_protection"}, }, }, }) @@ -1536,9 +1624,10 @@ func TestAccContainerCluster_withNodePoolMultiple(t *testing.T) { Config: testAccContainerCluster_withNodePoolMultiple(clusterName, npNamePrefix), }, { - ResourceName: "google_container_cluster.with_node_pool_multiple", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_node_pool_multiple", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -1578,9 +1667,10 @@ func TestAccContainerCluster_withNodePoolNodeConfig(t *testing.T) { Config: testAccContainerCluster_withNodePoolNodeConfig(cluster, np), }, { - ResourceName: "google_container_cluster.with_node_pool_node_config", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_node_pool_node_config", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -1601,9 +1691,10 @@ func TestAccContainerCluster_withMaintenanceWindow(t *testing.T) { Config: testAccContainerCluster_withMaintenanceWindow(clusterName, "03:00"), }, { - ResourceName: resourceName, - ImportState: true, - ImportStateVerify: true, + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_withMaintenanceWindow(clusterName, ""), @@ -1618,7 +1709,7 @@ func TestAccContainerCluster_withMaintenanceWindow(t *testing.T) { ImportStateVerify: true, // maintenance_policy.# = 0 is equivalent to no maintenance policy at all, // but will still cause an import diff - ImportStateVerifyIgnore: []string{"maintenance_policy.#"}, + ImportStateVerifyIgnore: []string{"maintenance_policy.#", "deletion_protection"}, }, }, }) @@ -1642,10 +1733,11 @@ func TestAccContainerCluster_withRecurringMaintenanceWindow(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportStateIdPrefix: "us-central1-a/", - ImportState: true, - ImportStateVerify: true, + ResourceName: resourceName, + ImportStateIdPrefix: "us-central1-a/", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_withRecurringMaintenanceWindow(cluster, "", ""), @@ -1663,7 +1755,7 @@ func TestAccContainerCluster_withRecurringMaintenanceWindow(t *testing.T) { ImportStateVerify: true, // maintenance_policy.# = 0 is equivalent to no maintenance policy at all, // but will still cause an import diff - ImportStateVerifyIgnore: []string{"maintenance_policy.#"}, + ImportStateVerifyIgnore: []string{"maintenance_policy.#", "deletion_protection"}, }, }, }) @@ -1683,19 +1775,21 @@ func TestAccContainerCluster_withMaintenanceExclusionWindow(t *testing.T) { Config: testAccContainerCluster_withExclusion_RecurringMaintenanceWindow(cluster, "2019-01-01T00:00:00Z", "2019-01-02T00:00:00Z", "2019-05-01T00:00:00Z", "2019-05-02T00:00:00Z"), }, { - ResourceName: resourceName, - ImportStateIdPrefix: "us-central1-a/", - ImportState: true, - ImportStateVerify: true, + ResourceName: resourceName, + ImportStateIdPrefix: "us-central1-a/", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_withExclusion_DailyMaintenanceWindow(cluster, "2020-01-01T00:00:00Z", "2020-01-02T00:00:00Z"), }, { - ResourceName: resourceName, - ImportStateIdPrefix: "us-central1-a/", - ImportState: true, - ImportStateVerify: true, + ResourceName: resourceName, + ImportStateIdPrefix: "us-central1-a/", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -1722,10 +1816,11 @@ func TestAccContainerCluster_withMaintenanceExclusionOptions(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportStateIdPrefix: "us-central1-a/", - ImportState: true, - ImportStateVerify: true, + ResourceName: resourceName, + ImportStateIdPrefix: "us-central1-a/", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -1752,10 +1847,11 @@ func TestAccContainerCluster_deleteMaintenanceExclusionOptions(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportStateIdPrefix: "us-central1-a/", - ImportState: true, - ImportStateVerify: true, + ResourceName: resourceName, + ImportStateIdPrefix: "us-central1-a/", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_NoExclusionOptions_RecurringMaintenanceWindow( @@ -1768,10 +1864,11 @@ func TestAccContainerCluster_deleteMaintenanceExclusionOptions(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportStateIdPrefix: "us-central1-a/", - ImportState: true, - ImportStateVerify: true, + ResourceName: resourceName, + ImportStateIdPrefix: "us-central1-a/", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -1801,10 +1898,11 @@ func TestAccContainerCluster_updateMaintenanceExclusionOptions(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportStateIdPrefix: "us-central1-a/", - ImportState: true, - ImportStateVerify: true, + ResourceName: resourceName, + ImportStateIdPrefix: "us-central1-a/", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_withExclusionOptions_RecurringMaintenanceWindow( @@ -1817,10 +1915,11 @@ func TestAccContainerCluster_updateMaintenanceExclusionOptions(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportStateIdPrefix: "us-central1-a/", - ImportState: true, - ImportStateVerify: true, + ResourceName: resourceName, + ImportStateIdPrefix: "us-central1-a/", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_updateExclusionOptions_RecurringMaintenanceWindow( @@ -1833,10 +1932,11 @@ func TestAccContainerCluster_updateMaintenanceExclusionOptions(t *testing.T) { ), }, { - ResourceName: resourceName, - ImportStateIdPrefix: "us-central1-a/", - ImportState: true, - ImportStateVerify: true, + ResourceName: resourceName, + ImportStateIdPrefix: "us-central1-a/", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -1856,28 +1956,31 @@ func TestAccContainerCluster_deleteExclusionWindow(t *testing.T) { Config: testAccContainerCluster_withExclusion_DailyMaintenanceWindow(cluster, "2020-01-01T00:00:00Z", "2020-01-02T00:00:00Z"), }, { - ResourceName: resourceName, - ImportStateIdPrefix: "us-central1-a/", - ImportState: true, - ImportStateVerify: true, + ResourceName: resourceName, + ImportStateIdPrefix: "us-central1-a/", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_withExclusion_RecurringMaintenanceWindow(cluster, "2019-01-01T00:00:00Z", "2019-01-02T00:00:00Z", "2019-05-01T00:00:00Z", "2019-05-02T00:00:00Z"), }, { - ResourceName: resourceName, - ImportStateIdPrefix: "us-central1-a/", - ImportState: true, - ImportStateVerify: true, + ResourceName: resourceName, + ImportStateIdPrefix: "us-central1-a/", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_withExclusion_NoMaintenanceWindow(cluster, "2020-01-01T00:00:00Z", "2020-01-02T00:00:00Z"), }, { - ResourceName: resourceName, - ImportStateIdPrefix: "us-central1-a/", - ImportState: true, - ImportStateVerify: true, + ResourceName: resourceName, + ImportStateIdPrefix: "us-central1-a/", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -1897,9 +2000,10 @@ func TestAccContainerCluster_withIPAllocationPolicy_existingSecondaryRanges(t *t Config: testAccContainerCluster_withIPAllocationPolicy_existingSecondaryRanges(containerNetName, clusterName), }, { - ResourceName: "google_container_cluster.with_ip_allocation_policy", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_ip_allocation_policy", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -1919,9 +2023,10 @@ func TestAccContainerCluster_withIPAllocationPolicy_specificIPRanges(t *testing. Config: testAccContainerCluster_withIPAllocationPolicy_specificIPRanges(containerNetName, clusterName), }, { - ResourceName: "google_container_cluster.with_ip_allocation_policy", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_ip_allocation_policy", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -1941,9 +2046,10 @@ func TestAccContainerCluster_withIPAllocationPolicy_specificSizes(t *testing.T) Config: testAccContainerCluster_withIPAllocationPolicy_specificSizes(containerNetName, clusterName), }, { - ResourceName: "google_container_cluster.with_ip_allocation_policy", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_ip_allocation_policy", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -1971,7 +2077,7 @@ func TestAccContainerCluster_stackType_withDualStack(t *testing.T) { ResourceName: resourceName, ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, }, }) @@ -1999,7 +2105,7 @@ func TestAccContainerCluster_stackType_withSingleStack(t *testing.T) { ResourceName: resourceName, ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, }, }) @@ -2027,7 +2133,7 @@ func TestAccContainerCluster_with_PodCIDROverprovisionDisabled(t *testing.T) { ResourceName: resourceName, ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, }, }) @@ -2054,7 +2160,7 @@ func TestAccContainerCluster_nodeAutoprovisioning(t *testing.T) { ResourceName: "google_container_cluster.with_autoprovisioning", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, { Config: testAccContainerCluster_autoprovisioning(clusterName, false, false), @@ -2067,7 +2173,7 @@ func TestAccContainerCluster_nodeAutoprovisioning(t *testing.T) { ResourceName: "google_container_cluster.with_autoprovisioning", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, }, }) @@ -2095,7 +2201,7 @@ func TestAccContainerCluster_nodeAutoprovisioningDefaults(t *testing.T) { ResourceName: "google_container_cluster.with_autoprovisioning", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, { Config: testAccContainerCluster_autoprovisioningDefaults(clusterName, true), @@ -2109,7 +2215,7 @@ func TestAccContainerCluster_nodeAutoprovisioningDefaults(t *testing.T) { ResourceName: "google_container_cluster.with_autoprovisioning", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, { Config: testAccContainerCluster_autoprovisioningDefaultsMinCpuPlatform(clusterName, !includeMinCpuPlatform), @@ -2118,7 +2224,7 @@ func TestAccContainerCluster_nodeAutoprovisioningDefaults(t *testing.T) { ResourceName: "google_container_cluster.with_autoprovisioning", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, }, }) @@ -2138,9 +2244,10 @@ func TestAccContainerCluster_autoprovisioningDefaultsUpgradeSettings(t *testing. Config: testAccContainerCluster_autoprovisioningDefaultsUpgradeSettings(clusterName, 2, 1, "SURGE"), }, { - ResourceName: "google_container_cluster.with_autoprovisioning_upgrade_settings", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_autoprovisioning_upgrade_settings", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_autoprovisioningDefaultsUpgradeSettings(clusterName, 2, 1, "BLUE_GREEN"), @@ -2150,9 +2257,10 @@ func TestAccContainerCluster_autoprovisioningDefaultsUpgradeSettings(t *testing. Config: testAccContainerCluster_autoprovisioningDefaultsUpgradeSettingsWithBlueGreenStrategy(clusterName, "3.500s", "BLUE_GREEN"), }, { - ResourceName: "google_container_cluster.with_autoprovisioning_upgrade_settings", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_autoprovisioning_upgrade_settings", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -2179,7 +2287,7 @@ func TestAccContainerCluster_nodeAutoprovisioningNetworkTags(t *testing.T) { ResourceName: "google_container_cluster.with_autoprovisioning", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, }, }) @@ -2199,17 +2307,19 @@ func TestAccContainerCluster_withShieldedNodes(t *testing.T) { Config: testAccContainerCluster_withShieldedNodes(clusterName, true), }, { - ResourceName: "google_container_cluster.with_shielded_nodes", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_shielded_nodes", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_withShieldedNodes(clusterName, false), }, { - ResourceName: "google_container_cluster.with_shielded_nodes", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_shielded_nodes", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -2234,7 +2344,7 @@ func TestAccContainerCluster_withAutopilot(t *testing.T) { ResourceName: "google_container_cluster.with_autopilot", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, }, }) @@ -2269,7 +2379,7 @@ func TestAccContainerClusterCustomServiceAccount_withAutopilot(t *testing.T) { ResourceName: "google_container_cluster.with_autopilot", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, }, }) @@ -2314,7 +2424,7 @@ func TestAccContainerCluster_withAutopilotNetworkTags(t *testing.T) { ResourceName: "google_container_cluster.with_autopilot", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, }, }) @@ -2338,7 +2448,7 @@ func TestAccContainerCluster_withWorkloadIdentityConfig(t *testing.T) { ResourceName: "google_container_cluster.with_workload_identity_config", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"remove_default_node_pool"}, + ImportStateVerifyIgnore: []string{"remove_default_node_pool", "deletion_protection"}, }, { Config: testAccContainerCluster_updateWorkloadIdentityConfig(pid, clusterName, false), @@ -2347,7 +2457,7 @@ func TestAccContainerCluster_withWorkloadIdentityConfig(t *testing.T) { ResourceName: "google_container_cluster.with_workload_identity_config", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"remove_default_node_pool"}, + ImportStateVerifyIgnore: []string{"remove_default_node_pool", "deletion_protection"}, }, { Config: testAccContainerCluster_updateWorkloadIdentityConfig(pid, clusterName, true), @@ -2356,7 +2466,7 @@ func TestAccContainerCluster_withWorkloadIdentityConfig(t *testing.T) { ResourceName: "google_container_cluster.with_workload_identity_config", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"remove_default_node_pool"}, + ImportStateVerifyIgnore: []string{"remove_default_node_pool", "deletion_protection"}, }, }, }) @@ -2375,41 +2485,46 @@ func TestAccContainerCluster_withLoggingConfig(t *testing.T) { Config: testAccContainerCluster_basic(clusterName), }, { - ResourceName: "google_container_cluster.primary", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.primary", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_withLoggingConfigEnabled(clusterName), }, { - ResourceName: "google_container_cluster.primary", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.primary", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_withLoggingConfigDisabled(clusterName), }, { - ResourceName: "google_container_cluster.primary", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.primary", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_withLoggingConfigUpdated(clusterName), }, { - ResourceName: "google_container_cluster.primary", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.primary", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_basic(clusterName), }, { - ResourceName: "google_container_cluster.primary", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.primary", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -2431,7 +2546,7 @@ func TestAccContainerCluster_withMonitoringConfigAdvancedDatapathObservabilityCo ResourceName: "google_container_cluster.primary", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, { Config: testAccContainerCluster_withMonitoringConfigAdvancedDatapathObservabilityConfigDisabled(clusterName), @@ -2440,7 +2555,7 @@ func TestAccContainerCluster_withMonitoringConfigAdvancedDatapathObservabilityCo ResourceName: "google_container_cluster.primary", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, }, }) @@ -2462,7 +2577,7 @@ func TestAccContainerCluster_withMonitoringConfig(t *testing.T) { ResourceName: "google_container_cluster.primary", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, { Config: testAccContainerCluster_withMonitoringConfigEnabled(clusterName), @@ -2471,7 +2586,7 @@ func TestAccContainerCluster_withMonitoringConfig(t *testing.T) { ResourceName: "google_container_cluster.primary", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, { Config: testAccContainerCluster_withMonitoringConfigDisabled(clusterName), @@ -2480,7 +2595,7 @@ func TestAccContainerCluster_withMonitoringConfig(t *testing.T) { ResourceName: "google_container_cluster.primary", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, { Config: testAccContainerCluster_withMonitoringConfigUpdated(clusterName), @@ -2489,7 +2604,7 @@ func TestAccContainerCluster_withMonitoringConfig(t *testing.T) { ResourceName: "google_container_cluster.primary", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, { Config: testAccContainerCluster_withMonitoringConfigPrometheusUpdated(clusterName), @@ -2498,7 +2613,7 @@ func TestAccContainerCluster_withMonitoringConfig(t *testing.T) { ResourceName: "google_container_cluster.primary", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, // Back to basic settings to test setting Prometheus on its own { @@ -2508,7 +2623,7 @@ func TestAccContainerCluster_withMonitoringConfig(t *testing.T) { ResourceName: "google_container_cluster.primary", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, { Config: testAccContainerCluster_withMonitoringConfigPrometheusOnly(clusterName), @@ -2517,7 +2632,7 @@ func TestAccContainerCluster_withMonitoringConfig(t *testing.T) { ResourceName: "google_container_cluster.primary", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, { Config: testAccContainerCluster_withMonitoringConfigPrometheusOnly2(clusterName), @@ -2526,7 +2641,7 @@ func TestAccContainerCluster_withMonitoringConfig(t *testing.T) { ResourceName: "google_container_cluster.primary", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, { Config: testAccContainerCluster_basic(clusterName), @@ -2535,7 +2650,7 @@ func TestAccContainerCluster_withMonitoringConfig(t *testing.T) { ResourceName: "google_container_cluster.primary", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, }, }) @@ -2554,9 +2669,10 @@ func TestAccContainerCluster_withSoleTenantGroup(t *testing.T) { Config: testAccContainerCluster_withSoleTenantGroup(resourceName), }, { - ResourceName: "google_container_cluster.primary", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.primary", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -2580,7 +2696,7 @@ func TestAccContainerCluster_nodeAutoprovisioningDefaultsDiskSizeGb(t *testing.T ResourceName: "google_container_cluster.with_autoprovisioning", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, { Config: testAccContainerCluster_autoprovisioningDefaultsDiskSizeGb(clusterName, !includeDiskSizeGb), @@ -2589,7 +2705,7 @@ func TestAccContainerCluster_nodeAutoprovisioningDefaultsDiskSizeGb(t *testing.T ResourceName: "google_container_cluster.with_autoprovisioning", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, }, }) @@ -2613,7 +2729,7 @@ func TestAccContainerCluster_nodeAutoprovisioningDefaultsDiskType(t *testing.T) ResourceName: "google_container_cluster.with_autoprovisioning", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, { Config: testAccContainerCluster_autoprovisioningDefaultsDiskType(clusterName, !includeDiskType), @@ -2622,7 +2738,7 @@ func TestAccContainerCluster_nodeAutoprovisioningDefaultsDiskType(t *testing.T) ResourceName: "google_container_cluster.with_autoprovisioning", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, }, }) @@ -2646,7 +2762,7 @@ func TestAccContainerCluster_nodeAutoprovisioningDefaultsImageType(t *testing.T) ResourceName: "google_container_cluster.with_autoprovisioning", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, { Config: testAccContainerCluster_autoprovisioningDefaultsImageType(clusterName, !includeImageType), @@ -2655,7 +2771,7 @@ func TestAccContainerCluster_nodeAutoprovisioningDefaultsImageType(t *testing.T) ResourceName: "google_container_cluster.with_autoprovisioning", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, }, }) @@ -2685,6 +2801,7 @@ func TestAccContainerCluster_nodeAutoprovisioningDefaultsBootDiskKmsKey(t *testi ImportStateVerify: true, ImportStateVerifyIgnore: []string{ "min_master_version", + "deletion_protection", "node_pool", // cluster_autoscaling (node auto-provisioning) creates new node pools automatically }, }, @@ -2709,7 +2826,7 @@ func TestAccContainerCluster_nodeAutoprovisioningDefaultsShieldedInstance(t *tes ResourceName: "google_container_cluster.nap_shielded_instance", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, }, }) @@ -2732,7 +2849,7 @@ func TestAccContainerCluster_autoprovisioningDefaultsManagement(t *testing.T) { ResourceName: "google_container_cluster.with_autoprovisioning_management", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, { Config: testAccContainerCluster_autoprovisioningDefaultsManagement(clusterName, true, true), @@ -2741,7 +2858,7 @@ func TestAccContainerCluster_autoprovisioningDefaultsManagement(t *testing.T) { ResourceName: "google_container_cluster.with_autoprovisioning_management", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, }, }) @@ -2770,9 +2887,10 @@ func TestAccContainerCluster_errorCleanDanglingCluster(t *testing.T) { Config: initConfig, }, { - ResourceName: "google_container_cluster.cidr_error_preempt", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.cidr_error_preempt", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: overlapConfig, @@ -2819,17 +2937,19 @@ func TestAccContainerCluster_withExternalIpsConfig(t *testing.T) { Config: testAccContainerCluster_withExternalIpsConfig(pid, clusterName, true), }, { - ResourceName: "google_container_cluster.with_external_ips_config", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_external_ips_config", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_withExternalIpsConfig(pid, clusterName, false), }, { - ResourceName: "google_container_cluster.with_external_ips_config", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_external_ips_config", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -2853,7 +2973,7 @@ func TestAccContainerCluster_withMeshCertificatesConfig(t *testing.T) { ResourceName: "google_container_cluster.with_mesh_certificates_config", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"remove_default_node_pool"}, + ImportStateVerifyIgnore: []string{"remove_default_node_pool", "deletion_protection"}, }, { Config: testAccContainerCluster_updateMeshCertificatesConfig(pid, clusterName, true), @@ -2862,7 +2982,7 @@ func TestAccContainerCluster_withMeshCertificatesConfig(t *testing.T) { ResourceName: "google_container_cluster.with_mesh_certificates_config", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"remove_default_node_pool"}, + ImportStateVerifyIgnore: []string{"remove_default_node_pool", "deletion_protection"}, }, { Config: testAccContainerCluster_updateMeshCertificatesConfig(pid, clusterName, false), @@ -2871,7 +2991,7 @@ func TestAccContainerCluster_withMeshCertificatesConfig(t *testing.T) { ResourceName: "google_container_cluster.with_mesh_certificates_config", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"remove_default_node_pool"}, + ImportStateVerifyIgnore: []string{"remove_default_node_pool", "deletion_protection"}, }, }, }) @@ -2892,17 +3012,19 @@ func TestAccContainerCluster_withCostManagementConfig(t *testing.T) { Config: testAccContainerCluster_updateCostManagementConfig(pid, clusterName, true), }, { - ResourceName: "google_container_cluster.with_cost_management_config", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_cost_management_config", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_updateCostManagementConfig(pid, clusterName, false), }, { - ResourceName: "google_container_cluster.with_cost_management_config", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_cost_management_config", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -2930,17 +3052,19 @@ func TestAccContainerCluster_withDatabaseEncryption(t *testing.T) { Check: resource.TestCheckResourceAttrSet("data.google_kms_key_ring_iam_policy.test_key_ring_iam_policy", "policy_data"), }, { - ResourceName: "google_container_cluster.primary", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.primary", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_basic(clusterName), }, { - ResourceName: "google_container_cluster.primary", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.primary", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -2960,9 +3084,10 @@ func TestAccContainerCluster_withAdvancedDatapath(t *testing.T) { Config: testAccContainerCluster_withDatapathProvider(clusterName, "ADVANCED_DATAPATH"), }, { - ResourceName: "google_container_cluster.primary", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.primary", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -2984,25 +3109,28 @@ func TestAccContainerCluster_withResourceUsageExportConfig(t *testing.T) { Config: testAccContainerCluster_withResourceUsageExportConfig(clusterName, datesetId, "true"), }, { - ResourceName: "google_container_cluster.with_resource_usage_export_config", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_resource_usage_export_config", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_withResourceUsageExportConfig(clusterName, datesetId, "false"), }, { - ResourceName: "google_container_cluster.with_resource_usage_export_config", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_resource_usage_export_config", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_withResourceUsageExportConfigNoConfig(clusterName, datesetId), }, { - ResourceName: "google_container_cluster.with_resource_usage_export_config", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_resource_usage_export_config", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -3026,9 +3154,10 @@ func TestAccContainerCluster_withMasterAuthorizedNetworksDisabled(t *testing.T) ), }, { - ResourceName: "google_container_cluster.with_private_cluster", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_private_cluster", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -3049,9 +3178,10 @@ func TestAccContainerCluster_withEnableKubernetesAlpha(t *testing.T) { Config: testAccContainerCluster_withEnableKubernetesAlpha(clusterName, npName), }, { - ResourceName: "google_container_cluster.primary", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.primary", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -3074,7 +3204,7 @@ func TestAccContainerCluster_withEnableKubernetesBetaAPIs(t *testing.T) { ResourceName: "google_container_cluster.primary", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, }, }) @@ -3097,7 +3227,7 @@ func TestAccContainerCluster_withEnableKubernetesBetaAPIsOnExistingCluster(t *te ResourceName: "google_container_cluster.primary", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, { Config: testAccContainerCluster_withEnableKubernetesBetaAPIs(clusterName), @@ -3106,7 +3236,7 @@ func TestAccContainerCluster_withEnableKubernetesBetaAPIsOnExistingCluster(t *te ResourceName: "google_container_cluster.primary", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, }, }) @@ -3143,9 +3273,10 @@ func TestAccContainerCluster_withDNSConfig(t *testing.T) { Config: testAccContainerCluster_withDNSConfig(clusterName, "CLOUD_DNS", domainName, "VPC_SCOPE"), }, { - ResourceName: "google_container_cluster.with_dns_config", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_dns_config", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -3170,7 +3301,7 @@ func TestAccContainerCluster_withGatewayApiConfig(t *testing.T) { ResourceName: "google_container_cluster.primary", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, { Config: testAccContainerCluster_withGatewayApiConfig(clusterName, "CHANNEL_STANDARD"), @@ -3179,7 +3310,7 @@ func TestAccContainerCluster_withGatewayApiConfig(t *testing.T) { ResourceName: "google_container_cluster.primary", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, }, }) @@ -3199,25 +3330,28 @@ func TestAccContainerCluster_withSecurityPostureConfig(t *testing.T) { Config: testAccContainerCluster_SetSecurityPostureToStandard(clusterName), }, { - ResourceName: "google_container_cluster.with_security_posture_config", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_security_posture_config", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_SetWorkloadVulnerabilityToStandard(clusterName), }, { - ResourceName: "google_container_cluster.with_security_posture_config", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_security_posture_config", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_DisableALL(clusterName), }, { - ResourceName: "google_container_cluster.with_security_posture_config", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.with_security_posture_config", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -3232,6 +3366,7 @@ resource "google_container_cluster" "with_security_posture_config" { security_posture_config { mode = "BASIC" } + deletion_protection = false } `, resource_name) } @@ -3245,6 +3380,7 @@ resource "google_container_cluster" "with_security_posture_config" { security_posture_config { vulnerability_mode = "VULNERABILITY_BASIC" } + deletion_protection = false } `, resource_name) } @@ -3259,6 +3395,7 @@ resource "google_container_cluster" "with_security_posture_config" { mode = "DISABLED" vulnerability_mode = "VULNERABILITY_DISABLED" } + deletion_protection = false } `, resource_name) } @@ -3276,9 +3413,10 @@ func TestAccContainerCluster_autopilot_minimal(t *testing.T) { Config: testAccContainerCluster_autopilot_minimal(clusterName), }, { - ResourceName: "google_container_cluster.primary", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.primary", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -3300,7 +3438,7 @@ func TestAccContainerCluster_autopilot_net_admin(t *testing.T) { ResourceName: "google_container_cluster.primary", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, { Config: testAccContainerCluster_autopilot_net_admin(clusterName, false), @@ -3309,7 +3447,7 @@ func TestAccContainerCluster_autopilot_net_admin(t *testing.T) { ResourceName: "google_container_cluster.primary", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, { Config: testAccContainerCluster_autopilot_net_admin(clusterName, true), @@ -3318,7 +3456,7 @@ func TestAccContainerCluster_autopilot_net_admin(t *testing.T) { ResourceName: "google_container_cluster.primary", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, }, }) @@ -3337,9 +3475,10 @@ func TestAccContainerCluster_additional_pod_ranges_config_on_create(t *testing.T Config: testAccContainerCluster_additional_pod_ranges_config(clusterName, 1), }, { - ResourceName: "google_container_cluster.primary", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.primary", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -3358,41 +3497,46 @@ func TestAccContainerCluster_additional_pod_ranges_config_on_update(t *testing.T Config: testAccContainerCluster_additional_pod_ranges_config(clusterName, 0), }, { - ResourceName: "google_container_cluster.primary", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.primary", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_additional_pod_ranges_config(clusterName, 2), }, { - ResourceName: "google_container_cluster.primary", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.primary", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_additional_pod_ranges_config(clusterName, 0), }, { - ResourceName: "google_container_cluster.primary", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.primary", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_additional_pod_ranges_config(clusterName, 1), }, { - ResourceName: "google_container_cluster.primary", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.primary", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, { Config: testAccContainerCluster_additional_pod_ranges_config(clusterName, 0), }, { - ResourceName: "google_container_cluster.primary", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.primary", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -3449,6 +3593,7 @@ resource "google_container_cluster" "primary" { name = "%s" location = "us-central1-a" initial_node_count = 1 + deletion_protection = false } `, name) } @@ -3460,6 +3605,7 @@ resource "google_container_cluster" "primary" { location = "us-central1-a" initial_node_count = 1 networking_mode = "ROUTES" + deletion_protection = false } `, name) } @@ -3491,6 +3637,7 @@ resource "google_container_cluster" "primary" { binary_authorization { evaluation_mode = "PROJECT_SINGLETON_POLICY_ENFORCE" } +deletion_protection = false } `, name) } @@ -3523,6 +3670,7 @@ resource "google_container_cluster" "primary" { binary_authorization { evaluation_mode = "PROJECT_SINGLETON_POLICY_ENFORCE" } + deletion_protection = false } `, name) } @@ -3576,6 +3724,7 @@ resource "google_container_cluster" "primary" { enabled = false } } + deletion_protection = false } `, projectID, clusterName) } @@ -3630,6 +3779,7 @@ resource "google_container_cluster" "primary" { gcs_fuse_csi_driver_config { enabled = true } + deletion_protection = false } } `, projectID, clusterName) @@ -3668,6 +3818,7 @@ resource "google_container_cluster" "primary" { // load_balancer_type = "LOAD_BALANCER_TYPE_INTERNAL" // } // } +// deletion_protection = false // } // `, projectID, clusterName) // } @@ -3689,6 +3840,7 @@ resource "google_container_cluster" "notification_config" { topic = google_pubsub_topic.%s.id } } + deletion_protection = false } `, topic, topic, clusterName, topic) } @@ -3704,6 +3856,7 @@ resource "google_container_cluster" "notification_config" { enabled = false } } + deletion_protection = false } `, clusterName) } @@ -3729,6 +3882,7 @@ resource "google_container_cluster" "filtered_notification_config" { } } } + deletion_protection = false } `, topic, topic, clusterName, topic) } @@ -3754,6 +3908,7 @@ resource "google_container_cluster" "filtered_notification_config" { } } } + deletion_protection = false } `, topic, topic, clusterName, topic) } @@ -3776,6 +3931,7 @@ resource "google_container_cluster" "filtered_notification_config" { topic = google_pubsub_topic.%s.id } } + deletion_protection = false } `, topic, topic, clusterName, topic) } @@ -3800,6 +3956,7 @@ resource "google_container_cluster" "confidential_nodes" { confidential_nodes { enabled = true } + deletion_protection = false } `, clusterName, npName) } @@ -3824,6 +3981,7 @@ resource "google_container_cluster" "confidential_nodes" { confidential_nodes { enabled = false } + deletion_protection = false } `, clusterName, npName) } @@ -3846,6 +4004,7 @@ resource "google_container_cluster" "confidential_nodes" { } enable_l4_ilb_subsetting = true + deletion_protection = false } `, clusterName, npName) } @@ -3868,6 +4027,7 @@ resource "google_container_cluster" "confidential_nodes" { } enable_l4_ilb_subsetting = false + deletion_protection = false } `, clusterName, npName) } @@ -3890,10 +4050,23 @@ resource "google_container_cluster" "with_network_policy_enabled" { disabled = false } } + deletion_protection = false } `, clusterName) } +func testAccContainerCluster_withDeletionProtection(clusterName string, deletionProtection string) string { + return fmt.Sprintf(` +resource "google_container_cluster" "primary" { + name = "%s" + location = "us-central1-a" + initial_node_count = 1 + + deletion_protection = %s +} +`, clusterName, deletionProtection) +} + func testAccContainerCluster_withReleaseChannelEnabled(clusterName string, channel string) string { return fmt.Sprintf(` resource "google_container_cluster" "with_release_channel" { @@ -3904,6 +4077,7 @@ resource "google_container_cluster" "with_release_channel" { release_channel { channel = "%s" } + deletion_protection = false } `, clusterName, channel) } @@ -3920,6 +4094,7 @@ resource "google_container_cluster" "with_release_channel" { location = "us-central1-a" initial_node_count = 1 min_master_version = data.google_container_engine_versions.central1a.release_channel_default_version["%s"] + deletion_protection = false } `, clusterName, channel) } @@ -3931,6 +4106,7 @@ resource "google_container_cluster" "with_network_policy_enabled" { location = "us-central1-a" initial_node_count = 1 remove_default_node_pool = true + deletion_protection = false } `, clusterName) } @@ -3946,6 +4122,7 @@ resource "google_container_cluster" "with_network_policy_enabled" { network_policy { enabled = false } + deletion_protection = false } `, clusterName) } @@ -3967,6 +4144,7 @@ resource "google_container_cluster" "with_network_policy_enabled" { disabled = true } } + deletion_protection = false } `, clusterName) } @@ -3981,6 +4159,7 @@ resource "google_container_cluster" "primary" { authenticator_groups_config { security_group = "gke-security-groups@%s" } + deletion_protection = false } `, name, orgDomain) } @@ -3995,6 +4174,7 @@ resource "google_container_cluster" "primary" { authenticator_groups_config { security_group = "" } + deletion_protection = false } `, name) } @@ -4023,6 +4203,7 @@ resource "google_container_cluster" "with_master_authorized_networks" { master_authorized_networks_config { %s } + deletion_protection = false } `, clusterName, cidrBlocks) } @@ -4033,6 +4214,7 @@ resource "google_container_cluster" "with_master_authorized_networks" { name = "%s" location = "us-central1-a" initial_node_count = 1 + deletion_protection = false } `, clusterName) } @@ -4043,6 +4225,7 @@ resource "google_container_cluster" "regional" { name = "%s" location = "us-central1" initial_node_count = 1 + deletion_protection = false } `, clusterName) } @@ -4073,7 +4256,7 @@ func TestAccContainerCluster_withPrivateEndpointSubnetwork(t *testing.T) { ResourceName: "google_container_cluster.with_private_endpoint_subnetwork", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, }, }) @@ -4118,6 +4301,7 @@ resource "google_container_cluster" "with_private_endpoint_subnetwork" { private_cluster_config { private_endpoint_subnetwork = google_compute_subnetwork.container_subnetwork2.name } + deletion_protection = false } `, containerNetName, s1Name, s1Cidr, s2Name, s2Cidr, clusterName) } @@ -4142,7 +4326,7 @@ func TestAccContainerCluster_withPrivateClusterConfigPrivateEndpointSubnetwork(t ResourceName: "google_container_cluster.with_private_endpoint_subnetwork", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, }, }) @@ -4194,6 +4378,7 @@ resource "google_container_cluster" "with_private_endpoint_subnetwork" { cluster_secondary_range_name = google_compute_subnetwork.container_subnetwork.secondary_ip_range[0].range_name services_secondary_range_name = google_compute_subnetwork.container_subnetwork.secondary_ip_range[1].range_name } + deletion_protection = false } `, containerNetName, clusterName) } @@ -4215,7 +4400,7 @@ func TestAccContainerCluster_withEnablePrivateEndpointToggle(t *testing.T) { ResourceName: "google_container_cluster.with_enable_private_endpoint", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, { Config: testAccContainerCluster_withEnablePrivateEndpoint(clusterName, "false"), @@ -4224,7 +4409,7 @@ func TestAccContainerCluster_withEnablePrivateEndpointToggle(t *testing.T) { ResourceName: "google_container_cluster.with_enable_private_endpoint", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"min_master_version"}, + ImportStateVerifyIgnore: []string{"min_master_version", "deletion_protection"}, }, }, }) @@ -4278,6 +4463,7 @@ resource "google_container_cluster" "with_enable_private_endpoint" { private_cluster_config { enable_private_endpoint = %s } + deletion_protection = false } `, clusterName, flag) } @@ -4291,6 +4477,7 @@ resource "google_container_cluster" "regional" { node_pool { name = "%s" } + deletion_protection = false } `, cluster, nodePool) } @@ -4306,6 +4493,7 @@ resource "google_container_cluster" "with_node_locations" { "us-central1-f", "us-central1-c", ] + deletion_protection = false } `, clusterName) } @@ -4321,6 +4509,7 @@ resource "google_container_cluster" "with_node_locations" { "us-central1-f", "us-central1-b", ] + deletion_protection = false } `, clusterName) } @@ -4332,6 +4521,7 @@ resource "google_container_cluster" "with_intranode_visibility" { location = "us-central1-a" initial_node_count = 1 enable_intranode_visibility = true + deletion_protection = false } `, clusterName) } @@ -4344,6 +4534,7 @@ resource "google_container_cluster" "with_intranode_visibility" { initial_node_count = 1 enable_intranode_visibility = false private_ipv6_google_access = "PRIVATE_IPV6_GOOGLE_ACCESS_BIDIRECTIONAL" + deletion_protection = false } `, clusterName) } @@ -4359,6 +4550,7 @@ resource "google_container_cluster" "with_version" { location = "us-central1-a" min_master_version = data.google_container_engine_versions.central1a.latest_master_version initial_node_count = 1 + deletion_protection = false } `, clusterName) } @@ -4374,6 +4566,7 @@ resource "google_container_cluster" "with_version" { location = "us-central1-a" min_master_version = data.google_container_engine_versions.central1a.valid_master_versions[3] initial_node_count = 1 + deletion_protection = false } `, clusterName) } @@ -4389,6 +4582,7 @@ resource "google_container_cluster" "with_master_auth_no_cert" { issue_client_certificate = false } } + deletion_protection = false } `, clusterName) } @@ -4405,6 +4599,7 @@ resource "google_container_cluster" "with_version" { min_master_version = data.google_container_engine_versions.central1a.latest_master_version node_version = data.google_container_engine_versions.central1a.valid_node_versions[1] initial_node_count = 1 + deletion_protection = false } `, clusterName) } @@ -4454,6 +4649,7 @@ resource "google_container_cluster" "with_node_config" { // Updatable fields image_type = "COS_CONTAINERD" } + deletion_protection = false } `, clusterName) } @@ -4468,6 +4664,7 @@ resource "google_container_cluster" "with_logging_variant_in_node_config" { node_config { logging_variant = "%s" } + deletion_protection = false } `, clusterName, loggingVariant) } @@ -4485,6 +4682,7 @@ resource "google_container_cluster" "with_logging_variant_in_node_pool" { logging_variant = "%s" } } + deletion_protection = false } `, clusterName, nodePoolName, loggingVariant) } @@ -4501,6 +4699,7 @@ resource "google_container_cluster" "with_logging_variant_node_pool_default" { logging_variant = "%s" } } + deletion_protection = false } `, clusterName, loggingVariant) } @@ -4550,6 +4749,7 @@ resource "google_container_cluster" "with_node_config" { // Updatable fields image_type = "UBUNTU_CONTAINERD" } + deletion_protection = false } `, clusterName) } @@ -4566,6 +4766,7 @@ resource "google_container_cluster" "with_node_config_scope_alias" { disk_size_gb = 15 oauth_scopes = ["compute-rw", "storage-ro", "logging-write", "monitoring"] } + deletion_protection = false } `, clusterName) } @@ -4606,6 +4807,7 @@ resource "google_container_cluster" "with_node_config" { enable_integrity_monitoring = true } } + deletion_protection = false } `, clusterName) } @@ -4645,6 +4847,7 @@ resource "google_container_cluster" "with_node_config" { consume_reservation_type = "ANY_RESERVATION" } } + deletion_protection = false } `, clusterName) } @@ -4715,6 +4918,7 @@ resource "google_container_cluster" "with_node_config" { ] } } + deletion_protection = false depends_on = [google_project_service.container] } `, reservation, clusterName) @@ -4742,6 +4946,7 @@ resource "google_container_cluster" "with_workload_metadata_config" { mode = "GCE_METADATA" } } + deletion_protection = false } `, clusterName) } @@ -4764,6 +4969,7 @@ resource "google_container_cluster" "with_boot_disk_kms_key" { boot_disk_kms_key = "%s" } + deletion_protection = false } `, clusterName, kmsKeyName) } @@ -4781,6 +4987,7 @@ resource "google_container_cluster" "with_net_ref_by_url" { initial_node_count = 1 network = google_compute_network.container_network.self_link + deletion_protection = false } resource "google_container_cluster" "with_net_ref_by_name" { @@ -4789,6 +4996,7 @@ resource "google_container_cluster" "with_net_ref_by_name" { initial_node_count = 1 network = google_compute_network.container_network.name + deletion_protection = false } `, network, cluster, cluster) } @@ -4820,6 +5028,7 @@ resource "google_container_cluster" "with_autoprovisioning_management" { } } } + deletion_protection = false } `, clusterName, autoUpgrade, autoRepair) } @@ -4863,6 +5072,7 @@ resource "google_container_cluster" "primary" { "https://www.googleapis.com/auth/monitoring", ] } + deletion_protection = false } `, cluster, cluster, cluster) } @@ -4872,6 +5082,7 @@ func testAccContainerCluster_withNodePoolBasic(cluster, nodePool string) string resource "google_container_cluster" "with_node_pool" { name = "%s" location = "us-central1-a" + deletion_protection = false node_pool { name = "%s" @@ -4898,6 +5109,7 @@ resource "google_container_cluster" "with_node_pool" { initial_node_count = 2 version = data.google_container_engine_versions.central1a.valid_node_versions[2] } + deletion_protection = false } `, cluster, nodePool) } @@ -4919,6 +5131,7 @@ resource "google_container_cluster" "with_node_pool" { initial_node_count = 2 version = data.google_container_engine_versions.central1a.valid_node_versions[1] } + deletion_protection = false } `, cluster, nodePool) } @@ -4938,6 +5151,7 @@ resource "google_container_cluster" "with_node_pool" { name = "%s" node_count = 2 } + deletion_protection = false } `, cluster, nodePool) } @@ -4957,6 +5171,7 @@ resource "google_container_cluster" "with_node_pool" { name = "%s" node_count = 3 } + deletion_protection = false } `, cluster, nodePool) } @@ -4972,6 +5187,7 @@ resource "google_container_cluster" "with_autoprovisioning" { location = "us-central1-a" min_master_version = data.google_container_engine_versions.central1a.latest_master_version initial_node_count = 1 + deletion_protection = false `, cluster) if autoprovisioning { config += ` @@ -5016,6 +5232,7 @@ resource "google_container_cluster" "with_autoprovisioning" { location = "us-central1-a" min_master_version = data.google_container_engine_versions.central1a.latest_master_version initial_node_count = 1 + deletion_protection = false logging_service = "none" monitoring_service = "none" @@ -5084,6 +5301,7 @@ resource "google_container_cluster" "with_autoprovisioning" { %s } } + deletion_protection = false }`, cluster, minCpuPlatformCfg) } @@ -5129,6 +5347,7 @@ func testAccContainerCluster_autoprovisioningDefaultsUpgradeSettings(clusterName } } } + deletion_protection = false } `, clusterName, maxSurge, maxUnavailable, strategy, blueGreenSettings) } @@ -5166,6 +5385,7 @@ func testAccContainerCluster_autoprovisioningDefaultsUpgradeSettingsWithBlueGree } } } + deletion_protection = false } `, clusterName, strategy, duration, duration) } @@ -5199,6 +5419,7 @@ resource "google_container_cluster" "with_autoprovisioning" { %s } } + deletion_protection = false }`, cluster, DiskSizeGbCfg) } @@ -5231,6 +5452,7 @@ resource "google_container_cluster" "with_autoprovisioning" { %s } } + deletion_protection = false }`, cluster, DiskTypeCfg) } @@ -5263,6 +5485,7 @@ resource "google_container_cluster" "with_autoprovisioning" { %s } } + deletion_protection = false }`, cluster, imageTypeCfg) } @@ -5289,6 +5512,7 @@ resource "google_container_cluster" "nap_boot_disk_kms_key" { boot_disk_kms_key = "%s" } } + deletion_protection = false } `, clusterName, kmsKeyName) } @@ -5320,6 +5544,7 @@ resource "google_container_cluster" "nap_shielded_instance" { } } } + deletion_protection = false }`, cluster) } @@ -5337,6 +5562,7 @@ resource "google_container_cluster" "with_node_pool" { max_node_count = 3 } } + deletion_protection = false } `, cluster, np) } @@ -5355,6 +5581,7 @@ resource "google_container_cluster" "with_node_pool" { max_node_count = 5 } } + deletion_protection = false } `, cluster, np) } @@ -5379,6 +5606,7 @@ resource "google_container_cluster" "with_node_pool" { location_policy = "BALANCED" } } + deletion_protection = false } `, cluster, np) } @@ -5403,6 +5631,7 @@ resource "google_container_cluster" "with_node_pool" { location_policy = "ANY" } } + deletion_protection = false } `, cluster, np) } @@ -5422,6 +5651,7 @@ resource "google_container_cluster" "with_node_pool" { name = "%s" initial_node_count = 2 } + deletion_protection = false } `, cluster, nodePool) } @@ -5436,6 +5666,7 @@ resource "google_container_cluster" "with_node_pool_name_prefix" { name_prefix = "%s" node_count = 2 } + deletion_protection = false } `, cluster, npPrefix) } @@ -5455,6 +5686,7 @@ resource "google_container_cluster" "with_node_pool_multiple" { name = "%s-two" node_count = 3 } + deletion_protection = false } `, cluster, npPrefix, npPrefix) } @@ -5471,6 +5703,7 @@ resource "google_container_cluster" "with_node_pool_multiple" { name_prefix = "%s" node_count = 1 } + deletion_protection = false } `, cluster, npPrefix, npPrefix) } @@ -5505,6 +5738,7 @@ resource "google_container_cluster" "with_node_pool_node_config" { tags = ["foo", "bar"] } } + deletion_protection = false } `, cluster, np) } @@ -5526,6 +5760,7 @@ resource "google_container_cluster" "with_maintenance_window" { location = "us-central1-a" initial_node_count = 1 %s + deletion_protection = false } `, clusterName, maintenancePolicy) } @@ -5549,6 +5784,7 @@ resource "google_container_cluster" "with_recurring_maintenance_window" { location = "us-central1-a" initial_node_count = 1 %s + deletion_protection = false } `, clusterName, maintenancePolicy) @@ -5579,6 +5815,7 @@ resource "google_container_cluster" "with_maintenance_exclusion_window" { end_time = "%s" } } + deletion_protection = false } `, clusterName, w1startTime, w1endTime, w1startTime, w1endTime, w2startTime, w2endTime) } @@ -5614,6 +5851,7 @@ resource "google_container_cluster" "with_maintenance_exclusion_options" { } } } + deletion_protection = false } `, cclusterName, w1startTime, w1endTime, w1startTime, w1endTime, scope1, w2startTime, w2endTime, scope2) } @@ -5643,6 +5881,7 @@ resource "google_container_cluster" "with_maintenance_exclusion_options" { end_time = "%s" } } + deletion_protection = false } `, cclusterName, w1startTime, w1endTime, w1startTime, w1endTime, w2startTime, w2endTime) } @@ -5654,6 +5893,7 @@ resource "google_container_cluster" "with_maintenance_exclusion_options" { name = "%s" location = "us-central1-a" initial_node_count = 1 + deletion_protection = false maintenance_policy { recurring_window { @@ -5697,6 +5937,7 @@ resource "google_container_cluster" "with_maintenance_exclusion_window" { recurrence = "FREQ=DAILY" } } + deletion_protection = false } `, clusterName, w1startTime, w1endTime) } @@ -5719,6 +5960,7 @@ resource "google_container_cluster" "with_maintenance_exclusion_window" { end_time = "%s" } } + deletion_protection = false } `, clusterName, w1startTime, w1endTime) } @@ -5760,6 +6002,7 @@ resource "google_container_cluster" "with_ip_allocation_policy" { cluster_secondary_range_name = "pods" services_secondary_range_name = "services" } + deletion_protection = false } `, containerNetName, clusterName) } @@ -5792,6 +6035,7 @@ resource "google_container_cluster" "with_ip_allocation_policy" { cluster_ipv4_cidr_block = "10.0.0.0/16" services_ipv4_cidr_block = "10.1.0.0/16" } + deletion_protection = false } `, containerNetName, clusterName) } @@ -5824,6 +6068,7 @@ resource "google_container_cluster" "with_ip_allocation_policy" { cluster_ipv4_cidr_block = "/16" services_ipv4_cidr_block = "/22" } + deletion_protection = false } `, containerNetName, clusterName) } @@ -5861,6 +6106,7 @@ resource "google_container_cluster" "with_stack_type" { services_ipv4_cidr_block = "10.1.0.0/16" stack_type = "IPV4_IPV6" } + deletion_protection = false } `, containerNetName, clusterName) } @@ -5895,6 +6141,7 @@ resource "google_container_cluster" "with_stack_type" { services_ipv4_cidr_block = "10.1.0.0/16" stack_type = "IPV4" } + deletion_protection = false } `, containerNetName, clusterName) } @@ -5927,10 +6174,11 @@ resource "google_container_cluster" "with_pco_disabled" { ip_allocation_policy { cluster_ipv4_cidr_block = "10.1.0.0/16" services_ipv4_cidr_block = "10.2.0.0/16" - pod_cidr_overprovision_config { - disabled = true - } + pod_cidr_overprovision_config { + disabled = true + } } + deletion_protection = false } `, containerNetName, clusterName) } @@ -5959,6 +6207,7 @@ resource "google_container_cluster" "with_resource_usage_export_config" { dataset_id = google_bigquery_dataset.default.dataset_id } } + deletion_protection = false } `, datasetId, clusterName, enableMetering) } @@ -5975,6 +6224,7 @@ resource "google_container_cluster" "with_resource_usage_export_config" { name = "%s" location = "us-central1-a" initial_node_count = 1 + deletion_protection = false } `, datasetId, clusterName) } @@ -6026,6 +6276,7 @@ resource "google_container_cluster" "with_private_cluster" { cluster_secondary_range_name = google_compute_subnetwork.container_subnetwork.secondary_ip_range[0].range_name services_secondary_range_name = google_compute_subnetwork.container_subnetwork.secondary_ip_range[1].range_name } + deletion_protection = false } `, containerNetName, clusterName, location, autopilotEnabled) } @@ -6081,6 +6332,7 @@ resource "google_container_cluster" "with_private_cluster" { cluster_secondary_range_name = google_compute_subnetwork.container_subnetwork.secondary_ip_range[0].range_name services_secondary_range_name = google_compute_subnetwork.container_subnetwork.secondary_ip_range[1].range_name } + deletion_protection = false } `, containerNetName, clusterName, masterGlobalAccessEnabled) } @@ -6097,6 +6349,7 @@ resource "google_container_cluster" "with_private_cluster" { enabled = %t } } + deletion_protection = false } `, clusterName, masterGlobalAccessEnabled) } @@ -6109,6 +6362,7 @@ resource "google_container_cluster" "with_shielded_nodes" { initial_node_count = 1 enable_shielded_nodes = %v + deletion_protection = false } `, clusterName, enabled) } @@ -6128,6 +6382,7 @@ resource "google_container_cluster" "with_workload_identity_config" { workload_pool = "${data.google_project.project.project_id}.svc.id.goog" } remove_default_node_pool = true + deletion_protection = false } `, projectID, clusterName) @@ -6157,6 +6412,7 @@ resource "google_container_cluster" "with_workload_identity_config" { initial_node_count = 1 remove_default_node_pool = true %s + deletion_protection = false } `, projectID, clusterName, workloadIdentityConfig) } @@ -6188,6 +6444,7 @@ resource "google_container_cluster" "cidr_error_preempt" { cluster_ipv4_cidr_block = "10.0.0.0/16" services_ipv4_cidr_block = "10.1.0.0/16" } + deletion_protection = false } `, containerNetName, clusterName) } @@ -6210,6 +6467,7 @@ resource "google_container_cluster" "cidr_error_overlap" { cluster_ipv4_cidr_block = "10.0.0.0/16" services_ipv4_cidr_block = "10.1.0.0/16" } + deletion_protection = false } `, initConfig, secondCluster) } @@ -6220,6 +6478,7 @@ resource "google_container_cluster" "with_resource_labels" { name = "invalid-gke-cluster" location = "%s" initial_node_count = 1 + deletion_protection = false } `, location) } @@ -6237,6 +6496,7 @@ func testAccContainerCluster_withExternalIpsConfig(projectID string, clusterName service_external_ips_config { enabled = %v } + deletion_protection = false }`, projectID, clusterName, enabled) } @@ -6257,6 +6517,7 @@ func testAccContainerCluster_withMeshCertificatesConfigEnabled(projectID string, mesh_certificates { enable_certificates = true } + deletion_protection = false } `, projectID, clusterName) } @@ -6275,9 +6536,10 @@ func testAccContainerCluster_updateMeshCertificatesConfig(projectID string, clus workload_identity_config { workload_pool = "${data.google_project.project.project_id}.svc.id.goog" } - mesh_certificates { + mesh_certificates { enable_certificates = %v - } + } + deletion_protection = false }`, projectID, clusterName, enabled) } @@ -6294,6 +6556,7 @@ func testAccContainerCluster_updateCostManagementConfig(projectID string, cluste cost_management_config { enabled = %v } + deletion_protection = false }`, projectID, clusterName, enabled) } @@ -6330,6 +6593,7 @@ resource "google_container_cluster" "primary" { state = "ENCRYPTED" key_name = "%[2]s" } + deletion_protection = false } `, kmsData.KeyRing.Name, kmsData.CryptoKey.Name, clusterName) } @@ -6348,6 +6612,7 @@ resource "google_container_cluster" "primary" { release_channel { channel = "RAPID" } + deletion_protection = false } `, clusterName, datapathProvider) } @@ -6396,6 +6661,7 @@ resource "google_container_cluster" "with_private_cluster" { cluster_secondary_range_name = google_compute_subnetwork.container_subnetwork.secondary_ip_range[0].range_name services_secondary_range_name = google_compute_subnetwork.container_subnetwork.secondary_ip_range[1].range_name } + deletion_protection = false } `, containerNetName, clusterName) } @@ -6415,6 +6681,7 @@ resource "google_container_cluster" "primary" { auto_upgrade = false } } + deletion_protection = false } `, cluster, np) } @@ -6430,6 +6697,7 @@ resource "google_container_cluster" "primary" { location = "us-central1-a" min_master_version = data.google_container_engine_versions.central1a.release_channel_latest_version["STABLE"] initial_node_count = 1 + deletion_protection = false } `, clusterName) } @@ -6445,6 +6713,7 @@ resource "google_container_cluster" "primary" { location = "us-central1-a" min_master_version = data.google_container_engine_versions.uscentral1a.release_channel_latest_version["STABLE"] initial_node_count = 1 + deletion_protection = false # This feature has been available since GKE 1.27, and currently the only # supported Beta API is authentication.k8s.io/v1beta1/selfsubjectreviews. @@ -6484,6 +6753,7 @@ resource "google_container_cluster" "primary" { enable_private_nodes = false master_ipv4_cidr_block = "10.42.0.0/28" } + deletion_protection = false } `, name) } @@ -6549,6 +6819,7 @@ resource "google_container_cluster" "with_autopilot" { name = "%s" location = "%s" enable_autopilot = %v + deletion_protection = false min_master_version = "latest" release_channel { channel = "RAPID" @@ -6592,6 +6863,7 @@ resource "google_container_cluster" "with_dns_config" { cluster_dns_domain = "%s" cluster_dns_scope = "%s" } + deletion_protection = false } `, clusterName, clusterDns, clusterDnsDomain, clusterDnsScope) } @@ -6610,6 +6882,7 @@ resource "google_container_cluster" "primary" { gateway_api_config { channel = "%s" } + deletion_protection = false } `, clusterName, gatewayApiChannel) } @@ -6626,6 +6899,7 @@ resource "google_container_cluster" "primary" { monitoring_config { enable_components = [ "SYSTEM_COMPONENTS" ] } + deletion_protection = false } `, name) } @@ -6639,6 +6913,7 @@ resource "google_container_cluster" "primary" { logging_config { enable_components = [] } + deletion_protection = false } `, name) } @@ -6655,6 +6930,7 @@ resource "google_container_cluster" "primary" { monitoring_config { enable_components = [ "SYSTEM_COMPONENTS" ] } + deletion_protection = false } `, name) } @@ -6672,6 +6948,7 @@ resource "google_container_cluster" "primary" { monitoring_config { enable_components = [ "SYSTEM_COMPONENTS", "APISERVER", "CONTROLLER_MANAGER", "SCHEDULER" ] } + deletion_protection = false } `, name) } @@ -6685,6 +6962,7 @@ resource "google_container_cluster" "primary" { monitoring_config { enable_components = [] } + deletion_protection = false } `, name) } @@ -6698,6 +6976,7 @@ resource "google_container_cluster" "primary" { monitoring_config { enable_components = [ "SYSTEM_COMPONENTS", "APISERVER", "CONTROLLER_MANAGER" ] } + deletion_protection = false } `, name) } @@ -6714,6 +6993,7 @@ resource "google_container_cluster" "primary" { enabled = true } } + deletion_protection = false } `, name) } @@ -6730,6 +7010,7 @@ resource "google_container_cluster" "primary" { enabled = true } } + deletion_protection = false } `, name) } @@ -6745,6 +7026,7 @@ resource "google_container_cluster" "primary" { enabled = true } } + deletion_protection = false } `, name) } @@ -6794,6 +7076,7 @@ resource "google_container_cluster" "primary" { relay_mode = "INTERNAL_VPC_LB" } } + deletion_protection = false } `, name, name) } @@ -6843,6 +7126,7 @@ resource "google_container_cluster" "primary" { relay_mode = "DISABLED" } } + deletion_protection = false } `, name, name) } @@ -6874,6 +7158,7 @@ resource "google_container_cluster" "primary" { disk_type = "pd-ssd" node_group = google_compute_node_group.group.name } + deletion_protection = false } `, name, name, name) } @@ -6893,6 +7178,7 @@ resource "google_container_cluster" "primary" { timeouts { create = "40s" } + deletion_protection = false }`, cluster, project, project) } @@ -6907,6 +7193,7 @@ resource "google_container_cluster" "primary" { workload_identity_config { workload_pool = "%s.svc.id.goog" } + deletion_protection = false }`, cluster, project, project) } @@ -6916,6 +7203,7 @@ resource "google_container_cluster" "primary" { name = "%s" location = "us-central1" enable_autopilot = true + deletion_protection = false }`, name) } @@ -6927,6 +7215,7 @@ resource "google_container_cluster" "primary" { enable_autopilot = true allow_net_admin = %t min_master_version = 1.27 + deletion_protection = false }`, name, enabled) } @@ -6951,9 +7240,10 @@ func TestAccContainerCluster_customPlacementPolicy(t *testing.T) { ), }, { - ResourceName: "google_container_cluster.cluster", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.cluster", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -6987,6 +7277,7 @@ resource "google_container_cluster" "cluster" { policy_name = google_compute_resource_policy.policy.name } } + deletion_protection = false }`, policyName, cluster, np) } @@ -7066,6 +7357,7 @@ func testAccContainerCluster_additional_pod_ranges_config(name string, nameCount services_secondary_range_name = "gke-autopilot-services" %s } + deletion_protection = false } `, name, name, name, aprc) } diff --git a/google/services/container/resource_container_node_pool_test.go b/google/services/container/resource_container_node_pool_test.go index dd86c837698..c10ec141668 100644 --- a/google/services/container/resource_container_node_pool_test.go +++ b/google/services/container/resource_container_node_pool_test.go @@ -538,6 +538,7 @@ resource "google_container_cluster" "cluster" { cluster_secondary_range_name = google_compute_subnetwork.container_subnetwork.secondary_ip_range[0].range_name services_secondary_range_name = google_compute_subnetwork.container_subnetwork.secondary_ip_range[1].range_name } + deletion_protection = false } resource "google_container_node_pool" "with_enable_private_nodes" { @@ -1177,6 +1178,7 @@ resource "google_container_cluster" "cluster" { location = "us-central1-a" min_master_version = data.google_container_engine_versions.central1a.latest_master_version initial_node_count = 1 + deletion_protection = false } resource "google_container_node_pool" "np" { @@ -1231,6 +1233,7 @@ resource "google_container_cluster" "cluster" { location = "us-central1-a" min_master_version = data.google_container_engine_versions.central1a.latest_master_version initial_node_count = 1 + deletion_protection = false } resource "google_container_node_pool" "np" { @@ -1278,6 +1281,7 @@ resource "google_container_cluster" "cluster" { name = "%s" location = "us-central1-a" initial_node_count = 1 + deletion_protection = false } resource "google_container_node_pool" "np" { @@ -1326,6 +1330,7 @@ resource "google_container_cluster" "cluster" { name = "%s" location = "us-central1-a" initial_node_count = 1 + deletion_protection = false } resource "google_container_node_pool" "np" { @@ -1391,6 +1396,7 @@ resource "google_container_cluster" "cluster" { location = "us-central1-f" initial_node_count = 1 min_master_version = "1.25" + deletion_protection = false } resource "google_container_node_pool" "np" { @@ -1432,9 +1438,10 @@ func TestAccContainerNodePool_compactPlacement(t *testing.T) { Config: testAccContainerNodePool_compactPlacement(cluster, np, "COMPACT"), }, { - ResourceName: "google_container_cluster.cluster", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.cluster", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -1446,6 +1453,7 @@ resource "google_container_cluster" "cluster" { name = "%s" location = "us-central1-a" initial_node_count = 1 + deletion_protection = false } resource "google_container_node_pool" "np" { @@ -1499,6 +1507,7 @@ resource "google_container_cluster" "cluster" { name = "%s" location = "us-central1-a" initial_node_count = 1 + deletion_protection = false } resource "google_compute_resource_policy" "policy" { @@ -1541,9 +1550,10 @@ func TestAccContainerNodePool_threadsPerCore(t *testing.T) { Config: testAccContainerNodePool_threadsPerCore(cluster, np, 1), }, { - ResourceName: "google_container_cluster.cluster", - ImportState: true, - ImportStateVerify: true, + ResourceName: "google_container_cluster.cluster", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, }, }, }) @@ -1555,6 +1565,7 @@ resource "google_container_cluster" "cluster" { name = "%s" location = "us-central1-a" initial_node_count = 1 + deletion_protection = false node_config { machine_type = "c2-standard-4" @@ -1627,6 +1638,7 @@ resource "google_container_cluster" "cluster" { name = "%s" location = "us-central1-a" initial_node_count = 3 + deletion_protection = false } resource "google_container_node_pool" "np" { @@ -1645,6 +1657,7 @@ resource "google_container_cluster" "with_logging_variant" { name = "%s" location = "us-central1-a" initial_node_count = 1 + deletion_protection = false } resource "google_container_node_pool" "with_logging_variant" { @@ -1670,6 +1683,7 @@ resource "google_container_cluster" "cluster" { name = "%s" location = "us-central1-a" initial_node_count = 3 + deletion_protection = false } resource "google_container_node_pool" "np" { @@ -1726,6 +1740,7 @@ resource "google_container_cluster" "cluster" { master_authorized_networks_config { } + deletion_protection = false } resource "google_container_node_pool" "np" { @@ -1784,6 +1799,7 @@ resource "google_container_cluster" "cluster" { master_authorized_networks_config { } + deletion_protection = false } resource "google_container_node_pool" "np" { @@ -1802,6 +1818,7 @@ resource "google_container_cluster" "cluster" { name = "%s" location = "us-central1" initial_node_count = 3 + deletion_protection = false } resource "google_container_node_pool" "np" { @@ -1819,6 +1836,7 @@ resource "google_container_cluster" "cluster" { name = "%s" location = "us-central1-a" initial_node_count = 3 + deletion_protection = false } resource "google_container_node_pool" "np" { @@ -1836,6 +1854,7 @@ resource "google_container_cluster" "cluster" { name = "%s" location = "us-central1-a" initial_node_count = 3 + deletion_protection = false } resource "google_container_node_pool" "np" { @@ -1852,6 +1871,7 @@ resource "google_container_cluster" "cluster" { name = "%s" location = "us-central1" initial_node_count = 3 + deletion_protection = false } resource "google_container_node_pool" "np" { @@ -1874,6 +1894,7 @@ resource "google_container_cluster" "cluster" { location = "us-central1" initial_node_count = 3 min_master_version = "1.27" + deletion_protection = false } resource "google_container_node_pool" "np" { @@ -1897,6 +1918,7 @@ resource "google_container_cluster" "cluster" { location = "us-central1" initial_node_count = 3 min_master_version = "1.27" + deletion_protection = false } resource "google_container_node_pool" "np" { @@ -1925,6 +1947,7 @@ resource "google_container_cluster" "cluster" { location = "us-central1" initial_node_count = 3 min_master_version = "1.27" + deletion_protection = false } resource "google_container_node_pool" "np" { @@ -1943,6 +1966,7 @@ resource "google_container_cluster" "cluster" { name = "%s" location = "us-central1-a" initial_node_count = 3 + deletion_protection = false } resource "google_container_node_pool" "np" { @@ -1964,6 +1988,7 @@ resource "google_container_cluster" "cluster" { name = "%s" location = "us-central1-a" initial_node_count = 3 + deletion_protection = false } resource "google_container_node_pool" "np" { @@ -1990,6 +2015,7 @@ resource "google_container_cluster" "cluster" { "us-central1-b", "us-central1-c", ] + deletion_protection = false } resource "google_container_node_pool" "np" { @@ -2012,6 +2038,7 @@ resource "google_container_cluster" "cluster" { "us-central1-b", "us-central1-c", ] + deletion_protection = false } resource "google_container_node_pool" "np" { @@ -2032,6 +2059,7 @@ resource "google_container_cluster" "cluster" { release_channel { channel = "UNSPECIFIED" } + deletion_protection = false } resource "google_container_node_pool" "np_with_management" { @@ -2057,6 +2085,7 @@ resource "google_container_cluster" "cluster" { name = "%s" location = "us-central1-a" initial_node_count = 1 + deletion_protection = false } resource "google_container_node_pool" "np_with_node_config" { @@ -2111,6 +2140,7 @@ resource "google_container_cluster" "cluster" { name = "%s" location = "us-central1-a" initial_node_count = 1 + deletion_protection = false } resource "google_container_node_pool" "np_with_node_config" { @@ -2172,6 +2202,7 @@ resource "google_container_cluster" "cluster" { location = "us-central1-a" initial_node_count = 1 min_master_version = data.google_container_engine_versions.central1a.latest_master_version + deletion_protection = false } resource "google_container_node_pool" "with_reservation_affinity" { @@ -2204,6 +2235,7 @@ resource "google_container_cluster" "cluster" { location = "us-central1-a" initial_node_count = 1 min_master_version = data.google_container_engine_versions.central1a.latest_master_version + deletion_protection = false } resource "google_compute_reservation" "gce_reservation" { @@ -2254,6 +2286,7 @@ resource "google_container_cluster" "cluster" { location = "us-central1-a" initial_node_count = 1 min_master_version = data.google_container_engine_versions.central1a.latest_master_version + deletion_protection = false } resource "google_container_node_pool" "with_workload_metadata_config" { @@ -2295,6 +2328,7 @@ resource "google_container_cluster" "cluster" { workload_identity_config { workload_pool = "${data.google_project.project.project_id}.svc.id.goog" } + deletion_protection = false } resource "google_container_node_pool" "with_workload_metadata_config" { @@ -2327,6 +2361,7 @@ resource "google_container_cluster" "cluster" { location = "us-central1-a" initial_node_count = 1 min_master_version = data.google_container_engine_versions.central1a.latest_master_version + deletion_protection = false } # cpu_manager_policy & cpu_cfs_quota_period cannot be blank if cpu_cfs_quota is set to true @@ -2365,6 +2400,7 @@ resource "google_container_cluster" "cluster" { location = "us-central1-a" initial_node_count = 1 min_master_version = data.google_container_engine_versions.central1a.latest_master_version + deletion_protection = false } resource "google_container_node_pool" "with_linux_node_config" { @@ -2447,6 +2483,7 @@ resource "google_container_cluster" "cluster" { release_channel { channel = "RAPID" } + deletion_protection = false } resource "google_container_node_pool" "with_manual_pod_cidr" { @@ -2538,6 +2575,7 @@ resource "google_container_cluster" "cluster" { location = "us-central1" initial_node_count = 1 min_master_version = "${data.google_container_engine_versions.central1.latest_master_version}" + deletion_protection = false } resource "google_container_node_pool" "with_upgrade_settings" { @@ -2561,6 +2599,7 @@ resource "google_container_cluster" "cluster" { location = "us-central1-c" initial_node_count = 1 min_master_version = data.google_container_engine_versions.central1c.latest_master_version + deletion_protection = false } resource "google_container_node_pool" "np_with_gpu" { @@ -2610,6 +2649,7 @@ resource "google_container_cluster" "cluster" { name = "%s" location = "us-central1-a" initial_node_count = 1 + deletion_protection = false } resource "google_container_node_pool" "np_with_node_config_scope_alias" { @@ -2637,6 +2677,7 @@ resource "google_container_cluster" "cluster" { location = "us-central1-a" initial_node_count = 1 min_master_version = data.google_container_engine_versions.central1a.latest_master_version + deletion_protection = false } resource "google_container_node_pool" "np" { @@ -2661,6 +2702,7 @@ resource "google_container_cluster" "cluster" { location = "us-central1-a" initial_node_count = 1 min_master_version = data.google_container_engine_versions.central1a.latest_master_version + deletion_protection = false } resource "google_container_node_pool" "np" { @@ -2680,6 +2722,7 @@ resource "google_container_cluster" "cluster" { name = "%s" location = "us-central1-f" initial_node_count = 3 + deletion_protection = false } resource "google_container_node_pool" "np" { @@ -2705,6 +2748,7 @@ resource "google_container_cluster" "cluster" { name = "%s" location = "us-central1-f" initial_node_count = 3 + deletion_protection = false } resource "google_container_node_pool" "np" { @@ -2726,6 +2770,7 @@ resource "google_container_cluster" "cluster" { name = "%s" location = "us-central1-f" initial_node_count = 3 + deletion_protection = false } resource "google_container_node_pool" "np" { @@ -2751,6 +2796,7 @@ resource "google_container_cluster" "cluster" { name = "%s" location = "us-central1-f" initial_node_count = 3 + deletion_protection = false } resource "google_container_node_pool" "np" { @@ -2781,6 +2827,7 @@ resource "google_container_cluster" "cluster" { name = "%s" location = "us-central1-f" initial_node_count = 3 + deletion_protection = false } resource "google_container_node_pool" "np" { @@ -2816,6 +2863,7 @@ resource "google_container_cluster" "cluster" { name = "%s" location = "us-central1-a" initial_node_count = 1 + deletion_protection = false } resource "google_container_node_pool" "np" { @@ -2839,6 +2887,7 @@ resource "google_container_cluster" "cluster" { name = "%s" location = "us-central1-a" initial_node_count = 3 + deletion_protection = false } resource "google_container_node_pool" "np1" { @@ -2863,6 +2912,7 @@ resource "google_container_cluster" "cluster" { name = "%s" location = "us-central1-a" initial_node_count = 3 + deletion_protection = false } resource "google_container_node_pool" "np1" { @@ -2907,6 +2957,7 @@ resource "google_container_cluster" "cluster" { location = "us-central1-a" initial_node_count = 1 min_master_version = data.google_container_engine_versions.central1a.latest_master_version + deletion_protection = false } resource "google_container_node_pool" "with_sole_tenant_config" { @@ -2983,6 +3034,7 @@ resource "google_container_cluster" "cluster" { } machine_type = "n2-standard-2" } + deletion_protection = false } resource "google_container_node_pool" "np" { @@ -3012,6 +3064,7 @@ resource "google_container_cluster" "cluster" { } machine_type = "n2-standard-2" } + deletion_protection = false } resource "google_container_node_pool" "np" { @@ -3066,6 +3119,7 @@ resource "google_container_cluster" "cluster" { name = "%s" location = "us-central2-b" initial_node_count = 1 + deletion_protection = false } resource "google_container_node_pool" "regular_pool" { diff --git a/google/services/dataproc/resource_dataproc_cluster_test.go b/google/services/dataproc/resource_dataproc_cluster_test.go index 0f69cc9def5..9a44cebd6ff 100644 --- a/google/services/dataproc/resource_dataproc_cluster_test.go +++ b/google/services/dataproc/resource_dataproc_cluster_test.go @@ -1161,6 +1161,7 @@ resource "google_container_cluster" "primary" { workload_identity_config { workload_pool = "${data.google_project.project.project_id}.svc.id.goog" } + deletion_protection = false } resource "google_project_iam_binding" "workloadidentity" { diff --git a/google/services/dns/resource_dns_managed_zone_generated_test.go b/google/services/dns/resource_dns_managed_zone_generated_test.go index 9b07345968c..56c866e466d 100644 --- a/google/services/dns/resource_dns_managed_zone_generated_test.go +++ b/google/services/dns/resource_dns_managed_zone_generated_test.go @@ -418,7 +418,8 @@ func TestAccDNSManagedZone_dnsManagedZonePrivateGkeExample(t *testing.T) { t.Parallel() context := map[string]interface{}{ - "random_suffix": acctest.RandString(t, 10), + "deletion_protection": false, + "random_suffix": acctest.RandString(t, 10), } acctest.VcrTest(t, resource.TestCase{ @@ -507,6 +508,7 @@ resource "google_container_cluster" "cluster-1" { cluster_secondary_range_name = google_compute_subnetwork.subnetwork-1.secondary_ip_range[0].range_name services_secondary_range_name = google_compute_subnetwork.subnetwork-1.secondary_ip_range[1].range_name } + deletion_protection = "%{deletion_protection}" } `, context) } diff --git a/google/services/dns/resource_dns_managed_zone_test.go b/google/services/dns/resource_dns_managed_zone_test.go index 95154ee814f..4d2c6995818 100644 --- a/google/services/dns/resource_dns_managed_zone_test.go +++ b/google/services/dns/resource_dns_managed_zone_test.go @@ -420,6 +420,7 @@ resource "google_container_cluster" "cluster-1" { name = "tf-test-cluster-1-%s" location = "us-central1-c" initial_node_count = 1 + deletion_protection = false networking_mode = "VPC_NATIVE" default_snat_status { diff --git a/google/services/dns/resource_dns_response_policy_generated_test.go b/google/services/dns/resource_dns_response_policy_generated_test.go index 195f0748a96..1c97611ca93 100644 --- a/google/services/dns/resource_dns_response_policy_generated_test.go +++ b/google/services/dns/resource_dns_response_policy_generated_test.go @@ -34,7 +34,8 @@ func TestAccDNSResponsePolicy_dnsResponsePolicyBasicExample(t *testing.T) { t.Parallel() context := map[string]interface{}{ - "random_suffix": acctest.RandString(t, 10), + "deletion_protection": false, + "random_suffix": acctest.RandString(t, 10), } acctest.VcrTest(t, resource.TestCase{ @@ -110,6 +111,7 @@ resource "google_container_cluster" "cluster-1" { cluster_secondary_range_name = google_compute_subnetwork.subnetwork-1.secondary_ip_range[0].range_name services_secondary_range_name = google_compute_subnetwork.subnetwork-1.secondary_ip_range[1].range_name } + deletion_protection = "%{deletion_protection}" } resource "google_dns_response_policy" "example-response-policy" { diff --git a/google/services/gkebackup/iam_gke_backup_backup_plan_generated_test.go b/google/services/gkebackup/iam_gke_backup_backup_plan_generated_test.go index 17612e055bc..0cca7a57953 100644 --- a/google/services/gkebackup/iam_gke_backup_backup_plan_generated_test.go +++ b/google/services/gkebackup/iam_gke_backup_backup_plan_generated_test.go @@ -34,6 +34,8 @@ func TestAccGKEBackupBackupPlanIamBindingGenerated(t *testing.T) { "random_suffix": acctest.RandString(t, 10), "role": "roles/viewer", "project": envvar.GetTestProjectFromEnv(), + + "deletion_protection": false, } acctest.VcrTest(t, resource.TestCase{ @@ -70,6 +72,8 @@ func TestAccGKEBackupBackupPlanIamMemberGenerated(t *testing.T) { "random_suffix": acctest.RandString(t, 10), "role": "roles/viewer", "project": envvar.GetTestProjectFromEnv(), + + "deletion_protection": false, } acctest.VcrTest(t, resource.TestCase{ @@ -97,6 +101,8 @@ func TestAccGKEBackupBackupPlanIamPolicyGenerated(t *testing.T) { "random_suffix": acctest.RandString(t, 10), "role": "roles/viewer", "project": envvar.GetTestProjectFromEnv(), + + "deletion_protection": false, } acctest.VcrTest(t, resource.TestCase{ @@ -140,6 +146,7 @@ resource "google_container_cluster" "primary" { enabled = true } } + deletion_protection = "%{deletion_protection}" } resource "google_gke_backup_backup_plan" "basic" { @@ -177,6 +184,7 @@ resource "google_container_cluster" "primary" { enabled = true } } + deletion_protection = "%{deletion_protection}" } resource "google_gke_backup_backup_plan" "basic" { @@ -229,6 +237,7 @@ resource "google_container_cluster" "primary" { enabled = true } } + deletion_protection = "%{deletion_protection}" } resource "google_gke_backup_backup_plan" "basic" { @@ -268,6 +277,7 @@ resource "google_container_cluster" "primary" { enabled = true } } + deletion_protection = "%{deletion_protection}" } resource "google_gke_backup_backup_plan" "basic" { @@ -305,6 +315,7 @@ resource "google_container_cluster" "primary" { enabled = true } } + deletion_protection = "%{deletion_protection}" } resource "google_gke_backup_backup_plan" "basic" { diff --git a/google/services/gkebackup/iam_gke_backup_restore_plan_generated_test.go b/google/services/gkebackup/iam_gke_backup_restore_plan_generated_test.go index 34420b6e317..91e3e95a2fe 100644 --- a/google/services/gkebackup/iam_gke_backup_restore_plan_generated_test.go +++ b/google/services/gkebackup/iam_gke_backup_restore_plan_generated_test.go @@ -34,6 +34,8 @@ func TestAccGKEBackupRestorePlanIamBindingGenerated(t *testing.T) { "random_suffix": acctest.RandString(t, 10), "role": "roles/viewer", "project": envvar.GetTestProjectFromEnv(), + + "deletion_protection": false, } acctest.VcrTest(t, resource.TestCase{ @@ -70,6 +72,8 @@ func TestAccGKEBackupRestorePlanIamMemberGenerated(t *testing.T) { "random_suffix": acctest.RandString(t, 10), "role": "roles/viewer", "project": envvar.GetTestProjectFromEnv(), + + "deletion_protection": false, } acctest.VcrTest(t, resource.TestCase{ @@ -97,6 +101,8 @@ func TestAccGKEBackupRestorePlanIamPolicyGenerated(t *testing.T) { "random_suffix": acctest.RandString(t, 10), "role": "roles/viewer", "project": envvar.GetTestProjectFromEnv(), + + "deletion_protection": false, } acctest.VcrTest(t, resource.TestCase{ @@ -140,6 +146,7 @@ resource "google_container_cluster" "primary" { enabled = true } } + deletion_protection = "%{deletion_protection}" } resource "google_gke_backup_backup_plan" "basic" { @@ -193,6 +200,7 @@ resource "google_container_cluster" "primary" { enabled = true } } + deletion_protection = "%{deletion_protection}" } resource "google_gke_backup_backup_plan" "basic" { @@ -261,6 +269,7 @@ resource "google_container_cluster" "primary" { enabled = true } } + deletion_protection = "%{deletion_protection}" } resource "google_gke_backup_backup_plan" "basic" { @@ -316,6 +325,7 @@ resource "google_container_cluster" "primary" { enabled = true } } + deletion_protection = "%{deletion_protection}" } resource "google_gke_backup_backup_plan" "basic" { @@ -369,6 +379,7 @@ resource "google_container_cluster" "primary" { enabled = true } } + deletion_protection = "%{deletion_protection}" } resource "google_gke_backup_backup_plan" "basic" { diff --git a/google/services/gkebackup/resource_gke_backup_backup_plan_generated_test.go b/google/services/gkebackup/resource_gke_backup_backup_plan_generated_test.go index 2c14c13a71e..bb06c115688 100644 --- a/google/services/gkebackup/resource_gke_backup_backup_plan_generated_test.go +++ b/google/services/gkebackup/resource_gke_backup_backup_plan_generated_test.go @@ -35,8 +35,9 @@ func TestAccGKEBackupBackupPlan_gkebackupBackupplanBasicExample(t *testing.T) { t.Parallel() context := map[string]interface{}{ - "project": envvar.GetTestProjectFromEnv(), - "random_suffix": acctest.RandString(t, 10), + "project": envvar.GetTestProjectFromEnv(), + "deletion_protection": false, + "random_suffix": acctest.RandString(t, 10), } acctest.VcrTest(t, resource.TestCase{ @@ -71,6 +72,7 @@ resource "google_container_cluster" "primary" { enabled = true } } + deletion_protection = "%{deletion_protection}" } resource "google_gke_backup_backup_plan" "basic" { @@ -90,7 +92,8 @@ func TestAccGKEBackupBackupPlan_gkebackupBackupplanAutopilotExample(t *testing.T t.Parallel() context := map[string]interface{}{ - "random_suffix": acctest.RandString(t, 10), + "deletion_protection": false, + "random_suffix": acctest.RandString(t, 10), } acctest.VcrTest(t, resource.TestCase{ @@ -127,6 +130,7 @@ resource "google_container_cluster" "primary" { enabled = true } } + deletion_protection = "%{deletion_protection}" } resource "google_gke_backup_backup_plan" "autopilot" { @@ -146,8 +150,9 @@ func TestAccGKEBackupBackupPlan_gkebackupBackupplanCmekExample(t *testing.T) { t.Parallel() context := map[string]interface{}{ - "project": envvar.GetTestProjectFromEnv(), - "random_suffix": acctest.RandString(t, 10), + "project": envvar.GetTestProjectFromEnv(), + "deletion_protection": false, + "random_suffix": acctest.RandString(t, 10), } acctest.VcrTest(t, resource.TestCase{ @@ -182,6 +187,7 @@ resource "google_container_cluster" "primary" { enabled = true } } + deletion_protection = "%{deletion_protection}" } resource "google_gke_backup_backup_plan" "cmek" { @@ -216,8 +222,9 @@ func TestAccGKEBackupBackupPlan_gkebackupBackupplanFullExample(t *testing.T) { t.Parallel() context := map[string]interface{}{ - "project": envvar.GetTestProjectFromEnv(), - "random_suffix": acctest.RandString(t, 10), + "project": envvar.GetTestProjectFromEnv(), + "deletion_protection": false, + "random_suffix": acctest.RandString(t, 10), } acctest.VcrTest(t, resource.TestCase{ @@ -252,6 +259,7 @@ resource "google_container_cluster" "primary" { enabled = true } } + deletion_protection = "%{deletion_protection}" } resource "google_gke_backup_backup_plan" "full" { diff --git a/google/services/gkebackup/resource_gke_backup_backup_plan_test.go b/google/services/gkebackup/resource_gke_backup_backup_plan_test.go index ad23d69d9dd..61f1c51cf83 100644 --- a/google/services/gkebackup/resource_gke_backup_backup_plan_test.go +++ b/google/services/gkebackup/resource_gke_backup_backup_plan_test.go @@ -60,6 +60,7 @@ resource "google_container_cluster" "primary" { enabled = true } } + deletion_protection = false } resource "google_gke_backup_backup_plan" "backupplan" { @@ -92,6 +93,7 @@ resource "google_container_cluster" "primary" { enabled = true } } + deletion_protection = false } resource "google_gke_backup_backup_plan" "backupplan" { diff --git a/google/services/gkebackup/resource_gke_backup_restore_plan_generated_test.go b/google/services/gkebackup/resource_gke_backup_restore_plan_generated_test.go index bbc989ffe14..05484cbc096 100644 --- a/google/services/gkebackup/resource_gke_backup_restore_plan_generated_test.go +++ b/google/services/gkebackup/resource_gke_backup_restore_plan_generated_test.go @@ -35,8 +35,9 @@ func TestAccGKEBackupRestorePlan_gkebackupRestoreplanAllNamespacesExample(t *tes t.Parallel() context := map[string]interface{}{ - "project": envvar.GetTestProjectFromEnv(), - "random_suffix": acctest.RandString(t, 10), + "project": envvar.GetTestProjectFromEnv(), + "deletion_protection": false, + "random_suffix": acctest.RandString(t, 10), } acctest.VcrTest(t, resource.TestCase{ @@ -71,6 +72,7 @@ resource "google_container_cluster" "primary" { enabled = true } } + deletion_protection = "%{deletion_protection}" } resource "google_gke_backup_backup_plan" "basic" { @@ -106,8 +108,9 @@ func TestAccGKEBackupRestorePlan_gkebackupRestoreplanRollbackNamespaceExample(t t.Parallel() context := map[string]interface{}{ - "project": envvar.GetTestProjectFromEnv(), - "random_suffix": acctest.RandString(t, 10), + "project": envvar.GetTestProjectFromEnv(), + "deletion_protection": false, + "random_suffix": acctest.RandString(t, 10), } acctest.VcrTest(t, resource.TestCase{ @@ -142,6 +145,7 @@ resource "google_container_cluster" "primary" { enabled = true } } + deletion_protection = "%{deletion_protection}" } resource "google_gke_backup_backup_plan" "basic" { @@ -186,8 +190,9 @@ func TestAccGKEBackupRestorePlan_gkebackupRestoreplanProtectedApplicationExample t.Parallel() context := map[string]interface{}{ - "project": envvar.GetTestProjectFromEnv(), - "random_suffix": acctest.RandString(t, 10), + "project": envvar.GetTestProjectFromEnv(), + "deletion_protection": false, + "random_suffix": acctest.RandString(t, 10), } acctest.VcrTest(t, resource.TestCase{ @@ -222,6 +227,7 @@ resource "google_container_cluster" "primary" { enabled = true } } + deletion_protection = "%{deletion_protection}" } resource "google_gke_backup_backup_plan" "basic" { @@ -261,8 +267,9 @@ func TestAccGKEBackupRestorePlan_gkebackupRestoreplanAllClusterResourcesExample( t.Parallel() context := map[string]interface{}{ - "project": envvar.GetTestProjectFromEnv(), - "random_suffix": acctest.RandString(t, 10), + "project": envvar.GetTestProjectFromEnv(), + "deletion_protection": false, + "random_suffix": acctest.RandString(t, 10), } acctest.VcrTest(t, resource.TestCase{ @@ -297,6 +304,7 @@ resource "google_container_cluster" "primary" { enabled = true } } + deletion_protection = "%{deletion_protection}" } resource "google_gke_backup_backup_plan" "basic" { @@ -331,8 +339,9 @@ func TestAccGKEBackupRestorePlan_gkebackupRestoreplanRenameNamespaceExample(t *t t.Parallel() context := map[string]interface{}{ - "project": envvar.GetTestProjectFromEnv(), - "random_suffix": acctest.RandString(t, 10), + "project": envvar.GetTestProjectFromEnv(), + "deletion_protection": false, + "random_suffix": acctest.RandString(t, 10), } acctest.VcrTest(t, resource.TestCase{ @@ -367,6 +376,7 @@ resource "google_container_cluster" "primary" { enabled = true } } + deletion_protection = "%{deletion_protection}" } resource "google_gke_backup_backup_plan" "basic" { @@ -428,8 +438,9 @@ func TestAccGKEBackupRestorePlan_gkebackupRestoreplanSecondTransformationExample t.Parallel() context := map[string]interface{}{ - "project": envvar.GetTestProjectFromEnv(), - "random_suffix": acctest.RandString(t, 10), + "project": envvar.GetTestProjectFromEnv(), + "deletion_protection": false, + "random_suffix": acctest.RandString(t, 10), } acctest.VcrTest(t, resource.TestCase{ @@ -464,6 +475,7 @@ resource "google_container_cluster" "primary" { enabled = true } } + deletion_protection = "%{deletion_protection}" } resource "google_gke_backup_backup_plan" "basic" { diff --git a/google/services/gkehub/iam_gke_hub_membership_generated_test.go b/google/services/gkehub/iam_gke_hub_membership_generated_test.go index 325b8ecd0aa..67309cf4eb7 100644 --- a/google/services/gkehub/iam_gke_hub_membership_generated_test.go +++ b/google/services/gkehub/iam_gke_hub_membership_generated_test.go @@ -31,8 +31,9 @@ func TestAccGKEHubMembershipIamBindingGenerated(t *testing.T) { t.Parallel() context := map[string]interface{}{ - "random_suffix": acctest.RandString(t, 10), - "role": "roles/viewer", + "random_suffix": acctest.RandString(t, 10), + "role": "roles/viewer", + "deletion_protection": false, } acctest.VcrTest(t, resource.TestCase{ @@ -66,8 +67,9 @@ func TestAccGKEHubMembershipIamMemberGenerated(t *testing.T) { t.Parallel() context := map[string]interface{}{ - "random_suffix": acctest.RandString(t, 10), - "role": "roles/viewer", + "random_suffix": acctest.RandString(t, 10), + "role": "roles/viewer", + "deletion_protection": false, } acctest.VcrTest(t, resource.TestCase{ @@ -92,8 +94,9 @@ func TestAccGKEHubMembershipIamPolicyGenerated(t *testing.T) { t.Parallel() context := map[string]interface{}{ - "random_suffix": acctest.RandString(t, 10), - "role": "roles/viewer", + "random_suffix": acctest.RandString(t, 10), + "role": "roles/viewer", + "deletion_protection": false, } acctest.VcrTest(t, resource.TestCase{ @@ -129,6 +132,7 @@ resource "google_container_cluster" "primary" { name = "basiccluster%{random_suffix}" location = "us-central1-a" initial_node_count = 1 + deletion_protection = "%{deletion_protection}" } resource "google_gke_hub_membership" "membership" { @@ -159,6 +163,7 @@ resource "google_container_cluster" "primary" { name = "basiccluster%{random_suffix}" location = "us-central1-a" initial_node_count = 1 + deletion_protection = "%{deletion_protection}" } resource "google_gke_hub_membership" "membership" { @@ -203,6 +208,7 @@ resource "google_container_cluster" "primary" { name = "basiccluster%{random_suffix}" location = "us-central1-a" initial_node_count = 1 + deletion_protection = "%{deletion_protection}" } resource "google_gke_hub_membership" "membership" { @@ -235,6 +241,7 @@ resource "google_container_cluster" "primary" { name = "basiccluster%{random_suffix}" location = "us-central1-a" initial_node_count = 1 + deletion_protection = "%{deletion_protection}" } resource "google_gke_hub_membership" "membership" { @@ -265,6 +272,7 @@ resource "google_container_cluster" "primary" { name = "basiccluster%{random_suffix}" location = "us-central1-a" initial_node_count = 1 + deletion_protection = "%{deletion_protection}" } resource "google_gke_hub_membership" "membership" { diff --git a/google/services/gkehub/resource_gke_hub_feature_membership_test.go b/google/services/gkehub/resource_gke_hub_feature_membership_test.go index a73bcb6d6dc..33eacbf09b1 100644 --- a/google/services/gkehub/resource_gke_hub_feature_membership_test.go +++ b/google/services/gkehub/resource_gke_hub_feature_membership_test.go @@ -388,6 +388,7 @@ resource "google_container_cluster" "primary" { name = "tf-test-cl%{random_suffix}" location = "us-central1-a" initial_node_count = 1 + deletion_protection = false depends_on = [google_project_service.mci, google_project_service.container, google_project_service.container, google_project_service.gkehub] } @@ -450,6 +451,7 @@ resource "google_container_cluster" "primary" { name = "tf-test-cl%{random_suffix}" location = "us-central1-a" initial_node_count = 1 + deletion_protection = false depends_on = [google_project_service.mci, google_project_service.container, google_project_service.container, google_project_service.gkehub] } @@ -513,6 +515,7 @@ resource "google_container_cluster" "primary" { name = "tf-test-cl%{random_suffix}" location = "us-central1-a" initial_node_count = 1 + deletion_protection = false depends_on = [google_project_service.mci, google_project_service.container, google_project_service.container, google_project_service.gkehub, google_project_service.acm] } @@ -809,6 +812,7 @@ resource "google_container_cluster" "primary" { name = "tf-test-cl%{random_suffix}" location = "us-central1-a" initial_node_count = 1 + deletion_protection = false depends_on = [google_project_service.container, google_project_service.gkehub] } @@ -858,6 +862,7 @@ resource "google_container_cluster" "primary" { name = "tf-test-cl%{random_suffix}" location = "us-central1-a" initial_node_count = 1 + deletion_protection = false depends_on = [google_project_service.container, google_project_service.gkehub] } @@ -906,6 +911,7 @@ resource "google_container_cluster" "primary" { name = "tf-test-cl%{random_suffix}" location = "us-central1-a" initial_node_count = 1 + deletion_protection = false depends_on = [google_project_service.container, google_project_service.gkehub] } @@ -954,6 +960,7 @@ resource "google_container_cluster" "primary" { location = "us-central1-a" initial_node_count = 1 project = google_project.project.project_id + deletion_protection = false depends_on = [google_project_service.container, google_project_service.container, google_project_service.gkehub] } @@ -962,6 +969,7 @@ resource "google_container_cluster" "secondary" { location = "us-central1-a" initial_node_count = 1 project = google_project.project.project_id + deletion_protection = false depends_on = [google_project_service.container, google_project_service.container, google_project_service.gkehub] } @@ -970,6 +978,7 @@ resource "google_container_cluster" "tertiary" { location = "us-central1-a" initial_node_count = 1 project = google_project.project.project_id + deletion_protection = false depends_on = [google_project_service.container, google_project_service.container, google_project_service.gkehub] } @@ -979,6 +988,7 @@ resource "google_container_cluster" "quarternary" { location = "us-central1-a" initial_node_count = 1 project = google_project.project.project_id + deletion_protection = false depends_on = [google_project_service.container, google_project_service.container, google_project_service.gkehub] } @@ -1040,6 +1050,7 @@ resource "google_container_cluster" "container_acmoci" { initial_node_count = 1 network = google_compute_network.testnetwork.self_link project = google_project.project.project_id + deletion_protection = false depends_on = [google_project_service.container, google_project_service.container, google_project_service.gkehub] } diff --git a/google/services/gkehub/resource_gke_hub_membership_generated_test.go b/google/services/gkehub/resource_gke_hub_membership_generated_test.go index cfd72851968..7174bb05a87 100644 --- a/google/services/gkehub/resource_gke_hub_membership_generated_test.go +++ b/google/services/gkehub/resource_gke_hub_membership_generated_test.go @@ -35,7 +35,8 @@ func TestAccGKEHubMembership_gkehubMembershipBasicExample(t *testing.T) { t.Parallel() context := map[string]interface{}{ - "random_suffix": acctest.RandString(t, 10), + "deletion_protection": false, + "random_suffix": acctest.RandString(t, 10), } acctest.VcrTest(t, resource.TestCase{ @@ -62,6 +63,7 @@ resource "google_container_cluster" "primary" { name = "basiccluster%{random_suffix}" location = "us-central1-a" initial_node_count = 1 + deletion_protection = "%{deletion_protection}" } resource "google_gke_hub_membership" "membership" { @@ -83,8 +85,9 @@ func TestAccGKEHubMembership_gkehubMembershipIssuerExample(t *testing.T) { t.Parallel() context := map[string]interface{}{ - "project": envvar.GetTestProjectFromEnv(), - "random_suffix": acctest.RandString(t, 10), + "project": envvar.GetTestProjectFromEnv(), + "deletion_protection": false, + "random_suffix": acctest.RandString(t, 10), } acctest.VcrTest(t, resource.TestCase{ @@ -114,6 +117,7 @@ resource "google_container_cluster" "primary" { workload_identity_config { workload_pool = "%{project}.svc.id.goog" } + deletion_protection = "%{deletion_protection}" } resource "google_gke_hub_membership" "membership" { diff --git a/google/services/gkehub2/resource_gke_hub_feature_test.go b/google/services/gkehub2/resource_gke_hub_feature_test.go index 59675ec4237..341a529c213 100644 --- a/google/services/gkehub2/resource_gke_hub_feature_test.go +++ b/google/services/gkehub2/resource_gke_hub_feature_test.go @@ -187,6 +187,7 @@ resource "google_container_cluster" "primary" { location = "us-central1-a" initial_node_count = 1 project = google_project.project.project_id + deletion_protection = false depends_on = [google_project_service.mci, google_project_service.container, google_project_service.container, google_project_service.gkehub] } @@ -195,6 +196,7 @@ resource "google_container_cluster" "secondary" { location = "us-central1-a" initial_node_count = 1 project = google_project.project.project_id + deletion_protection = false depends_on = [google_project_service.mci, google_project_service.container, google_project_service.container, google_project_service.gkehub] } @@ -238,6 +240,7 @@ resource "google_container_cluster" "primary" { location = "us-central1-a" initial_node_count = 1 project = google_project.project.project_id + deletion_protection = false depends_on = [google_project_service.mci, google_project_service.container, google_project_service.container, google_project_service.gkehub] } @@ -246,6 +249,7 @@ resource "google_container_cluster" "secondary" { location = "us-central1-a" initial_node_count = 1 project = google_project.project.project_id + deletion_protection = false depends_on = [google_project_service.mci, google_project_service.container, google_project_service.container, google_project_service.gkehub] } diff --git a/google/services/gkehub2/resource_gke_hub_membership_binding_generated_test.go b/google/services/gkehub2/resource_gke_hub_membership_binding_generated_test.go index cb3c6bd0e55..17d28f27db9 100644 --- a/google/services/gkehub2/resource_gke_hub_membership_binding_generated_test.go +++ b/google/services/gkehub2/resource_gke_hub_membership_binding_generated_test.go @@ -35,9 +35,10 @@ func TestAccGKEHub2MembershipBinding_gkehubMembershipBindingBasicExample(t *test t.Parallel() context := map[string]interface{}{ - "project": envvar.GetTestProjectFromEnv(), - "location": envvar.GetTestRegionFromEnv(), - "random_suffix": acctest.RandString(t, 10), + "project": envvar.GetTestProjectFromEnv(), + "location": envvar.GetTestRegionFromEnv(), + "deletion_protection": false, + "random_suffix": acctest.RandString(t, 10), } acctest.VcrTest(t, resource.TestCase{ @@ -64,6 +65,7 @@ resource "google_container_cluster" "primary" { name = "basiccluster%{random_suffix}" location = "us-central1-a" initial_node_count = 1 + deletion_protection = "%{deletion_protection}" } resource "google_gke_hub_membership" "example" { diff --git a/google/services/gkehub2/resource_gke_hub_membership_binding_test.go b/google/services/gkehub2/resource_gke_hub_membership_binding_test.go index f88e35d4345..0c793635f79 100644 --- a/google/services/gkehub2/resource_gke_hub_membership_binding_test.go +++ b/google/services/gkehub2/resource_gke_hub_membership_binding_test.go @@ -52,6 +52,7 @@ resource "google_container_cluster" "primary" { name = "basiccluster%{random_suffix}" location = "us-central1-a" initial_node_count = 1 + deletion_protection = false } resource "google_gke_hub_membership" "example" { @@ -93,6 +94,7 @@ resource "google_container_cluster" "primary" { name = "basiccluster%{random_suffix}" location = "us-central1-a" initial_node_count = 1 + deletion_protection = false } resource "google_gke_hub_membership" "example" { diff --git a/website/docs/r/compute_instance_group_named_port.html.markdown b/website/docs/r/compute_instance_group_named_port.html.markdown index 124ad04738c..b1597c2945a 100644 --- a/website/docs/r/compute_instance_group_named_port.html.markdown +++ b/website/docs/r/compute_instance_group_named_port.html.markdown @@ -81,6 +81,7 @@ resource "google_container_cluster" "my_cluster" { cluster_ipv4_cidr_block = "/19" services_ipv4_cidr_block = "/22" } + deletion_protection = "true" } ``` diff --git a/website/docs/r/compute_network_peering_routes_config.html.markdown b/website/docs/r/compute_network_peering_routes_config.html.markdown index f305db2af28..f675a7fb198 100644 --- a/website/docs/r/compute_network_peering_routes_config.html.markdown +++ b/website/docs/r/compute_network_peering_routes_config.html.markdown @@ -134,6 +134,7 @@ resource "google_container_cluster" "private_cluster" { cluster_secondary_range_name = google_compute_subnetwork.container_subnetwork.secondary_ip_range[0].range_name services_secondary_range_name = google_compute_subnetwork.container_subnetwork.secondary_ip_range[1].range_name } + deletion_protection = "true" } ``` diff --git a/website/docs/r/container_cluster.html.markdown b/website/docs/r/container_cluster.html.markdown index 5a1c9688de2..f9d4b4cecbc 100644 --- a/website/docs/r/container_cluster.html.markdown +++ b/website/docs/r/container_cluster.html.markdown @@ -16,6 +16,10 @@ Manages a Google Kubernetes Engine (GKE) cluster. For more information see [the official documentation](https://cloud.google.com/container-engine/docs/clusters) and [the API reference](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters). +-> **Note**: On version 5.0.0+ of the provider, you must explicitly set `deletion_protection=false` +(and run `terraform apply` to write the field to state) in order to destroy a cluster. +It is recommended to not set this field (or set it to true) until you're ready to destroy. + ~> **Warning:** All arguments and attributes, including basic auth username and passwords as well as certificate outputs will be stored in the raw state as plaintext. [Read more about sensitive data in state](https://www.terraform.io/language/state/sensitive-data). @@ -118,6 +122,10 @@ locations. In contrast, in a regional cluster, cluster master nodes are present in multiple zones in the region. For that reason, regional clusters should be preferred. +* `deletion_protection` - (Optional) Whether or not to allow Terraform to destroy +the cluster. Unless this field is set to false in Terraform state, a +`terraform destroy` or `terraform apply` that would delete the cluster will fail. + * `addons_config` - (Optional) The configuration for addons supported by GKE. Structure is [documented below](#nested_addons_config). diff --git a/website/docs/r/dns_managed_zone.html.markdown b/website/docs/r/dns_managed_zone.html.markdown index bddd2143d3e..f26a4fb1aab 100644 --- a/website/docs/r/dns_managed_zone.html.markdown +++ b/website/docs/r/dns_managed_zone.html.markdown @@ -210,6 +210,7 @@ resource "google_container_cluster" "cluster-1" { cluster_secondary_range_name = google_compute_subnetwork.subnetwork-1.secondary_ip_range[0].range_name services_secondary_range_name = google_compute_subnetwork.subnetwork-1.secondary_ip_range[1].range_name } + deletion_protection = "true" } ```
diff --git a/website/docs/r/dns_response_policy.html.markdown b/website/docs/r/dns_response_policy.html.markdown index 0b622a1968a..8026caf46a3 100644 --- a/website/docs/r/dns_response_policy.html.markdown +++ b/website/docs/r/dns_response_policy.html.markdown @@ -88,6 +88,7 @@ resource "google_container_cluster" "cluster-1" { cluster_secondary_range_name = google_compute_subnetwork.subnetwork-1.secondary_ip_range[0].range_name services_secondary_range_name = google_compute_subnetwork.subnetwork-1.secondary_ip_range[1].range_name } + deletion_protection = "true" } resource "google_dns_response_policy" "example-response-policy" { diff --git a/website/docs/r/gke_backup_backup_plan.html.markdown b/website/docs/r/gke_backup_backup_plan.html.markdown index b3658ed13f1..23427275a5f 100644 --- a/website/docs/r/gke_backup_backup_plan.html.markdown +++ b/website/docs/r/gke_backup_backup_plan.html.markdown @@ -44,6 +44,7 @@ resource "google_container_cluster" "primary" { enabled = true } } + deletion_protection = "true" } resource "google_gke_backup_backup_plan" "basic" { @@ -80,6 +81,7 @@ resource "google_container_cluster" "primary" { enabled = true } } + deletion_protection = "true" } resource "google_gke_backup_backup_plan" "autopilot" { @@ -109,6 +111,7 @@ resource "google_container_cluster" "primary" { enabled = true } } + deletion_protection = "true" } resource "google_gke_backup_backup_plan" "cmek" { @@ -153,6 +156,7 @@ resource "google_container_cluster" "primary" { enabled = true } } + deletion_protection = "true" } resource "google_gke_backup_backup_plan" "full" { diff --git a/website/docs/r/gke_backup_restore_plan.html.markdown b/website/docs/r/gke_backup_restore_plan.html.markdown index 2ae4fa96241..e425466656f 100644 --- a/website/docs/r/gke_backup_restore_plan.html.markdown +++ b/website/docs/r/gke_backup_restore_plan.html.markdown @@ -44,6 +44,7 @@ resource "google_container_cluster" "primary" { enabled = true } } + deletion_protection = "" } resource "google_gke_backup_backup_plan" "basic" { @@ -89,6 +90,7 @@ resource "google_container_cluster" "primary" { enabled = true } } + deletion_protection = "" } resource "google_gke_backup_backup_plan" "basic" { @@ -143,6 +145,7 @@ resource "google_container_cluster" "primary" { enabled = true } } + deletion_protection = "" } resource "google_gke_backup_backup_plan" "basic" { @@ -192,6 +195,7 @@ resource "google_container_cluster" "primary" { enabled = true } } + deletion_protection = "" } resource "google_gke_backup_backup_plan" "basic" { @@ -236,6 +240,7 @@ resource "google_container_cluster" "primary" { enabled = true } } + deletion_protection = "" } resource "google_gke_backup_backup_plan" "basic" { @@ -307,6 +312,7 @@ resource "google_container_cluster" "primary" { enabled = true } } + deletion_protection = "" } resource "google_gke_backup_backup_plan" "basic" { diff --git a/website/docs/r/gke_hub_membership.html.markdown b/website/docs/r/gke_hub_membership.html.markdown index 1c53d401f77..29b0d2628ae 100644 --- a/website/docs/r/gke_hub_membership.html.markdown +++ b/website/docs/r/gke_hub_membership.html.markdown @@ -41,6 +41,7 @@ resource "google_container_cluster" "primary" { name = "basiccluster" location = "us-central1-a" initial_node_count = 1 + deletion_protection = "true" } resource "google_gke_hub_membership" "membership" { @@ -67,6 +68,7 @@ resource "google_container_cluster" "primary" { workload_identity_config { workload_pool = "my-project-name.svc.id.goog" } + deletion_protection = "true" } resource "google_gke_hub_membership" "membership" { diff --git a/website/docs/r/gke_hub_membership_binding.html.markdown b/website/docs/r/gke_hub_membership_binding.html.markdown index 4dbe0fd7f6d..399ffd661c6 100644 --- a/website/docs/r/gke_hub_membership_binding.html.markdown +++ b/website/docs/r/gke_hub_membership_binding.html.markdown @@ -36,6 +36,7 @@ resource "google_container_cluster" "primary" { name = "basiccluster" location = "us-central1-a" initial_node_count = 1 + deletion_protection = "true" } resource "google_gke_hub_membership" "example" { diff --git a/website/docs/r/gke_hub_membership_rbac_role_binding.html.markdown b/website/docs/r/gke_hub_membership_rbac_role_binding.html.markdown index 67a719ad7f6..649c7757117 100644 --- a/website/docs/r/gke_hub_membership_rbac_role_binding.html.markdown +++ b/website/docs/r/gke_hub_membership_rbac_role_binding.html.markdown @@ -39,6 +39,7 @@ resource "google_container_cluster" "primary" { name = "basiccluster" location = "us-central1-a" initial_node_count = 1 + deletion_protection = "true" } resource "google_gke_hub_membership" "membershiprbacrolebinding" {