Skip to content

add ip_endpoints_config field to google_container_cluster #13364

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Mar 20, 2025
Merged

add ip_endpoints_config field to google_container_cluster #13364

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 39 additions & 2 deletions mmv1/third_party/terraform/services/container/resource_container_cluster.go.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1765,7 +1765,7 @@ func ResourceContainerCluster() *schema.Resource {
MaxItems: 1,
Computed: true,
Optional: true,
Description: `Configuration for all of the cluster's control plane endpoints. Currently supports only DNS endpoint configuration, IP endpoint configuration is available in private_cluster_config.`,
Description: `Configuration for all of the cluster's control plane endpoints. Currently supports only DNS endpoint configuration and disable IP endpoint. Other IP endpoint configurations are available in private_cluster_config.`,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"dns_endpoint_config": {
Expand All @@ -1790,6 +1790,22 @@ func ResourceContainerCluster() *schema.Resource {
},
},
},
"ip_endpoints_config": {
Type: schema.TypeList,
MaxItems: 1,
Optional: true,
Computed: true,
Description: `IP endpoint configuration.`,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"enabled": {
Type: schema.TypeBool,
Optional: true,
Description: `Controls whether to allow direct IP access.`,
},
},
},
},
},
},
},
Expand Down Expand Up @@ -5588,10 +5604,19 @@ func expandControlPlaneEndpointsConfig(d *schema.ResourceData) *container.Contro
}

ip := &container.IPEndpointsConfig{
// There isn't yet a config field to disable IP endpoints, so this is hardcoded to be enabled for the time being.
Enabled: true,
ForceSendFields: []string{"Enabled"},
}
if v := d.Get("control_plane_endpoints_config.0.ip_endpoints_config.#"); v != 0 {
ip.Enabled = d.Get("control_plane_endpoints_config.0.ip_endpoints_config.0.enabled").(bool)

if !ip.Enabled {
return &container.ControlPlaneEndpointsConfig{
DnsEndpointConfig: dns,
IpEndpointsConfig: ip,
}
}
}
if v := d.Get("private_cluster_config.0.enable_private_endpoint"); v != nil {
ip.EnablePublicEndpoint = !v.(bool)
ip.ForceSendFields = append(ip.ForceSendFields, "EnablePublicEndpoint")
Expand Down Expand Up @@ -6305,6 +6330,7 @@ func flattenControlPlaneEndpointsConfig(c *container.ControlPlaneEndpointsConfig
return []map[string]interface{}{
{
"dns_endpoint_config": flattenDnsEndpointConfig(c.DnsEndpointConfig),
"ip_endpoints_config": flattenIpEndpointsConfig(c.IpEndpointsConfig),
},
}
}
Expand All @@ -6321,6 +6347,17 @@ func flattenDnsEndpointConfig(dns *container.DNSEndpointConfig) []map[string]int
}
}

func flattenIpEndpointsConfig(ip *container.IPEndpointsConfig) []map[string]interface{} {
if ip == nil {
return nil
}
return []map[string]interface{}{
{
"enabled": ip.Enabled,
},
}
}

// Most of PrivateClusterConfig has moved to ControlPlaneEndpointsConfig.
func flattenPrivateClusterConfig(cpec *container.ControlPlaneEndpointsConfig, pcc *container.PrivateClusterConfig, nc *container.NetworkConfig) []map[string]interface{} {
if cpec == nil && pcc == nil && nc == nil {
Expand Down
57 changes: 57 additions & 0 deletions mmv1/third_party/terraform/services/container/resource_container_cluster_test.go.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13323,3 +13323,60 @@ resource "google_container_cluster" "with_enterprise_config" {
}
`, projectID, clusterName, networkName, subnetworkName)
}

func TestAccContainerCluster_disableControlPlaneIP(t *testing.T) {
t.Parallel()

clusterName := fmt.Sprintf("tf-test-cluster-%s", acctest.RandString(t, 10))
networkName := acctest.BootstrapSharedTestNetwork(t, "gke-cluster")
subnetworkName := acctest.BootstrapSubnet(t, "gke-cluster", networkName)

acctest.VcrTest(t, resource.TestCase{
PreCheck: func() { acctest.AccTestPreCheck(t) },
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
CheckDestroy: testAccCheckContainerClusterDestroyProducer(t),
Steps: []resource.TestStep{
{
Config: testAccContainerCluster_basic(clusterName, networkName, subnetworkName),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If I'm understanding correctly, testAccContainerCluster_basic will have the new field as enabled true by default, and the update will disable?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Assuming yes according to the documentation

},
{
ResourceName: "google_container_cluster.primary",
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"deletion_protection"},
},
{
Config: testAccContainerCluster_ControlPlaneIPdisabled(clusterName, networkName, subnetworkName),
},
{
ResourceName: "google_container_cluster.primary",
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"deletion_protection"},
},
},
})
}

func testAccContainerCluster_ControlPlaneIPdisabled(clusterName, networkName, subnetworkName string) string {
return fmt.Sprintf(`
resource "google_container_cluster" "primary" {
name = "%s"
location = "us-central1-a"
initial_node_count = 1
network = "%s"
subnetwork = "%s"

deletion_protection = false

control_plane_endpoints_config {
ip_endpoints_config {
enabled = false
}
dns_endpoint_config {
allow_external_traffic = true
}
}
}
`, clusterName, networkName, subnetworkName)
}
5 changes: 5 additions & 0 deletions mmv1/third_party/terraform/website/docs/r/container_cluster.html.markdown
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1193,13 +1193,18 @@ notification_config {
<a name="nested_control_plane_endpoints_config"></a>The `control_plane_endpoints_config` block supports:

* `dns_endpoint_config` - (Optional) DNS endpoint configuration.
* `ip_endpoints_config` - (Optional) IP endpoint configuration.

The `control_plane_endpoints_config.dns_endpoint_config` block supports:

* `endpoint` - (Output) The cluster's DNS endpoint.

* `allow_external_traffic` - (Optional) Controls whether user traffic is allowed over this endpoint. Note that GCP-managed services may still use the endpoint even if this is false.

The `control_plane_endpoints_config.ip_endpoints_config` block supports:

* `enabled` - (Optional) Controls whether to allow direct IP access. Defaults to `true`.

<a name="nested_private_cluster_config"></a>The `private_cluster_config` block supports:

* `enable_private_nodes` (Optional) - Enables the private cluster feature,
Expand Down
Loading