From 394bcd69db37ebca2b951d1d523f5689991b2ea3 Mon Sep 17 00:00:00 2001 From: Ty Larrabee Date: Wed, 17 Jul 2019 00:06:46 +0000 Subject: [PATCH] Require master_ipv4_cidr_block if enable_private_nodes is true Signed-off-by: Modular Magician --- google/resource_container_cluster.go | 20 +++++++ google/resource_container_cluster_test.go | 63 +++++++++++++++++++++++ 2 files changed, 83 insertions(+) diff --git a/google/resource_container_cluster.go b/google/resource_container_cluster.go index 14c095e043b..b179ac7de63 100644 --- a/google/resource_container_cluster.go +++ b/google/resource_container_cluster.go @@ -58,6 +58,7 @@ func resourceContainerCluster() *schema.Resource { CustomizeDiff: customdiff.All( resourceContainerClusterIpAllocationCustomizeDiff, resourceNodeConfigEmptyGuestAccelerator, + containerClusterPrivateClusterConfigCustomDiff, ), Timeouts: &schema.ResourceTimeout{ @@ -2096,3 +2097,22 @@ func containerClusterPrivateClusterConfigSuppress(k, old, new string, d *schema. } return false } + +func containerClusterPrivateClusterConfigCustomDiff(d *schema.ResourceDiff, meta interface{}) error { + pcc, ok := d.GetOk("private_cluster_config") + if !ok { + return nil + } + pccList := pcc.([]interface{}) + if len(pccList) == 0 { + return nil + } + config := pccList[0].(map[string]interface{}) + if config["enable_private_nodes"].(bool) == true { + block := config["master_ipv4_cidr_block"] + if block == nil || block == "" { + return fmt.Errorf("master_ipv4_cidr_block must be set if enable_private_nodes == true") + } + } + return nil +} diff --git a/google/resource_container_cluster_test.go b/google/resource_container_cluster_test.go index 4e7d520d4a7..62375e6f828 100644 --- a/google/resource_container_cluster_test.go +++ b/google/resource_container_cluster_test.go @@ -496,6 +496,24 @@ func TestAccContainerCluster_withPrivateClusterConfig(t *testing.T) { }) } +func TestAccContainerCluster_withPrivateClusterConfigMissingCidrBlock(t *testing.T) { + t.Parallel() + + clusterName := fmt.Sprintf("cluster-test-%s", acctest.RandString(10)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckContainerClusterDestroy, + Steps: []resource.TestStep{ + { + Config: testAccContainerCluster_withPrivateClusterConfigMissingCidrBlock(clusterName), + ExpectError: regexp.MustCompile("master_ipv4_cidr_block must be set if enable_private_nodes == true"), + }, + }, + }) +} + func TestAccContainerCluster_withVersion(t *testing.T) { t.Parallel() @@ -2046,6 +2064,51 @@ resource "google_container_cluster" "with_ip_allocation_policy" { }`, cluster) } +func testAccContainerCluster_withPrivateClusterConfigMissingCidrBlock(clusterName string) string { + return fmt.Sprintf(` +resource "google_compute_network" "container_network" { + name = "container-net-%s" + auto_create_subnetworks = false +} + +resource "google_compute_subnetwork" "container_subnetwork" { + name = "${google_compute_network.container_network.name}" + network = "${google_compute_network.container_network.name}" + ip_cidr_range = "10.0.36.0/24" + region = "us-central1" + private_ip_google_access = true + + secondary_ip_range { + range_name = "pod" + ip_cidr_range = "10.0.0.0/19" + } + + secondary_ip_range { + range_name = "svc" + ip_cidr_range = "10.0.32.0/22" + } +} + +resource "google_container_cluster" "with_private_cluster" { + name = "cluster-test-%s" + zone = "us-central1-a" + initial_node_count = 1 + + network = "${google_compute_network.container_network.name}" + subnetwork = "${google_compute_subnetwork.container_subnetwork.name}" + + private_cluster_config { + enable_private_endpoint = true + enable_private_nodes = true + } + master_authorized_networks_config { } + ip_allocation_policy { + cluster_secondary_range_name = "${google_compute_subnetwork.container_subnetwork.secondary_ip_range.0.range_name}" + services_secondary_range_name = "${google_compute_subnetwork.container_subnetwork.secondary_ip_range.1.range_name}" + } +}`, clusterName, clusterName) +} + func testAccContainerCluster_withPrivateClusterConfig(clusterName string) string { return fmt.Sprintf(` resource "google_compute_network" "container_network" {