From b81706d929db2da871c032a33f57bf3d958b018a Mon Sep 17 00:00:00 2001 From: The Magician Date: Thu, 19 Oct 2023 06:40:21 -0700 Subject: [PATCH] Add admin_groups field to the containerattached resource. (#9300) (#16307) * Add admin_groups field to the containerattached resource. * Fix whitespace --------- [upstream:2b8e116823807cf5e80bc989ce485f4a68ac9bbf] Signed-off-by: Modular Magician --- .changelog/9300.txt | 3 ++ .../resource_container_attached_cluster.go | 52 ++++++++++++++++++- ...ntainer_attached_cluster_generated_test.go | 1 + ..._container_attached_cluster_update_test.go | 3 ++ .../container_attached_cluster.html.markdown | 9 ++++ 5 files changed, 67 insertions(+), 1 deletion(-) create mode 100644 .changelog/9300.txt diff --git a/.changelog/9300.txt b/.changelog/9300.txt new file mode 100644 index 00000000000..75b4e16d3ab --- /dev/null +++ b/.changelog/9300.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +containerattached: added `admin_groups` field to `google_container_attached_cluster` resource +``` diff --git a/google/services/containerattached/resource_container_attached_cluster.go b/google/services/containerattached/resource_container_attached_cluster.go index bc4f70e5d39..f2a60f079f8 100644 --- a/google/services/containerattached/resource_container_attached_cluster.go +++ b/google/services/containerattached/resource_container_attached_cluster.go @@ -168,6 +168,19 @@ Please refer to the field 'effective_annotations' for all of the annotations pre MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ + "admin_groups": { + Type: schema.TypeList, + Optional: true, + Description: `Groups that can perform operations as a cluster admin. A managed +ClusterRoleBinding will be created to grant the 'cluster-admin' ClusterRole +to the groups. Up to ten admin groups can be provided. + +For more info on RBAC, see +https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles`, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, "admin_users": { Type: schema.TypeList, Optional: true, @@ -743,9 +756,12 @@ func resourceContainerAttachedClusterUpdate(d *schema.ResourceData, meta interfa } // The generated code sets the wrong masks for the following fields. newUpdateMask := []string{} - if d.HasChange("authorization") { + if d.HasChange("authorization.0.admin_users") { newUpdateMask = append(newUpdateMask, "authorization.admin_users") } + if d.HasChange("authorization.0.admin_groups") { + newUpdateMask = append(newUpdateMask, "authorization.admin_groups") + } if d.HasChange("logging_config") { newUpdateMask = append(newUpdateMask, "logging_config.component_config.enable_components") } @@ -1079,6 +1095,10 @@ func flattenContainerAttachedClusterErrorsMessage(v interface{}, d *schema.Resou // { username = "user1" }, // { username = "user2" } // ] +// admin_groups [ +// { group = "group1" }, +// { group = "group2" }, +// ] // } // // The custom flattener transforms input back into something like this: @@ -1088,6 +1108,10 @@ func flattenContainerAttachedClusterErrorsMessage(v interface{}, d *schema.Resou // "user1", // "user2" // ] +// admin_groups = [ +// "group1", +// "group2" +// ], // } func flattenContainerAttachedClusterAuthorization(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { if v == nil { @@ -1102,6 +1126,13 @@ func flattenContainerAttachedClusterAuthorization(v interface{}, d *schema.Resou transformed["admin_users"][i] = u.(map[string]interface{})["username"].(string) } } + orig = v.(map[string]interface{})["adminGroups"].([]interface{}) + transformed["admin_groups"] = make([]string, len(orig)) + for i, u := range orig { + if u != nil { + transformed["admin_groups"][i] = u.(map[string]interface{})["group"].(string) + } + } return []interface{}{transformed} } @@ -1284,6 +1315,10 @@ type attachedClusterUser struct { Username string `json:"username"` } +type attachedClusterGroup struct { + Group string `json:"group"` +} + // The custom expander transforms input into something like this: // // authorization { @@ -1291,6 +1326,10 @@ type attachedClusterUser struct { // { username = "user1" }, // { username = "user2" } // ] +// admin_groups [ +// { group = "group1" }, +// { group = "group2" }, +// ] // } // // The custom flattener transforms input back into something like this: @@ -1300,6 +1339,10 @@ type attachedClusterUser struct { // "user1", // "user2" // ] +// admin_groups = [ +// "group1", +// "group2" +// ], // } func expandContainerAttachedClusterAuthorization(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { l := v.([]interface{}) @@ -1315,6 +1358,13 @@ func expandContainerAttachedClusterAuthorization(v interface{}, d tpgresource.Te transformed["admin_users"][i] = attachedClusterUser{Username: u.(string)} } } + orig = raw.(map[string]interface{})["admin_groups"].([]interface{}) + transformed["admin_groups"] = make([]interface{}, len(orig)) + for i, u := range orig { + if u != nil { + transformed["admin_groups"][i] = attachedClusterGroup{Group: u.(string)} + } + } return transformed, nil } diff --git a/google/services/containerattached/resource_container_attached_cluster_generated_test.go b/google/services/containerattached/resource_container_attached_cluster_generated_test.go index 0bb8f68d758..24672217cdd 100644 --- a/google/services/containerattached/resource_container_attached_cluster_generated_test.go +++ b/google/services/containerattached/resource_container_attached_cluster_generated_test.go @@ -128,6 +128,7 @@ resource "google_container_attached_cluster" "primary" { } authorization { admin_users = [ "user1@example.com", "user2@example.com"] + admin_groups = [ "group1@example.com", "group2@example.com"] } oidc_config { issuer_url = "https://oidc.issuer.url" diff --git a/google/services/containerattached/resource_container_attached_cluster_update_test.go b/google/services/containerattached/resource_container_attached_cluster_update_test.go index 3b6b06e55ca..f25a694b24d 100644 --- a/google/services/containerattached/resource_container_attached_cluster_update_test.go +++ b/google/services/containerattached/resource_container_attached_cluster_update_test.go @@ -73,6 +73,7 @@ resource "google_container_attached_cluster" "primary" { } authorization { admin_users = [ "user1@example.com", "user2@example.com"] + admin_groups = [ "group1@example.com", "group2@example.com"] } oidc_config { issuer_url = "https://oidc.issuer.url" @@ -121,6 +122,7 @@ resource "google_container_attached_cluster" "primary" { } authorization { admin_users = [ "user2@example.com", "user3@example.com"] + admin_groups = [ "group3@example.com"] } oidc_config { issuer_url = "https://oidc.issuer.url" @@ -167,6 +169,7 @@ resource "google_container_attached_cluster" "primary" { } authorization { admin_users = [ "user2@example.com", "user3@example.com"] + admin_groups = [ "group3@example.com"] } oidc_config { issuer_url = "https://oidc.issuer.url" diff --git a/website/docs/r/container_attached_cluster.html.markdown b/website/docs/r/container_attached_cluster.html.markdown index 8bacb74b118..82e05eb4d92 100644 --- a/website/docs/r/container_attached_cluster.html.markdown +++ b/website/docs/r/container_attached_cluster.html.markdown @@ -89,6 +89,7 @@ resource "google_container_attached_cluster" "primary" { } authorization { admin_users = [ "user1@example.com", "user2@example.com"] + admin_groups = [ "group1@example.com", "group2@example.com"] } oidc_config { issuer_url = "https://oidc.issuer.url" @@ -281,6 +282,14 @@ The following arguments are supported: For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles +* `admin_groups` - + (Optional) + Groups that can perform operations as a cluster admin. A managed + ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole + to the groups. Up to ten admin groups can be provided. + For more info on RBAC, see + https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles + The `monitoring_config` block supports: * `managed_prometheus_config` -