@@ -15,6 +15,27 @@ import (
1515 cloudkms "google.golang.org/api/cloudkms/v1"
1616)
1717
18+ func bootstrapGkeTagManagerServiceAgents(t *testing.T) {
19+ acctest.BootstrapIamMembers(t, []acctest.IamMember{
20+ {
21+ Member: "serviceAccount:service-{project_number}@container-engine-robot.iam.gserviceaccount.com",
22+ Role: "roles/resourcemanager.tagAdmin",
23+ },
24+ {
25+ Member: "serviceAccount:service-{project_number}@container-engine-robot.iam.gserviceaccount.com",
26+ Role: "roles/resourcemanager.tagHoldAdmin",
27+ },
28+ {
29+ Member: "serviceAccount:service-{project_number}@container-engine-robot.iam.gserviceaccount.com",
30+ Role: "roles/resourcemanager.tagUser",
31+ },
32+ {
33+ Member: "serviceAccount:{project_number}@cloudservices.gserviceaccount.com",
34+ Role: "roles/resourcemanager.tagUser",
35+ },
36+ })
37+ }
38+
1839func TestAccContainerCluster_basic(t *testing.T) {
1940 t.Parallel()
2041
@@ -68,11 +89,8 @@ func TestAccContainerCluster_resourceManagerTags(t *testing.T) {
6889
6990 networkName := acctest.BootstrapSharedTestNetwork(t, "gke-cluster")
7091 subnetworkName := acctest.BootstrapSubnet(t, "gke-cluster", networkName)
71-
72- if acctest.BootstrapPSARole(t, "service-", "container-engine-robot", "roles/resourcemanager.tagHoldAdmin") {
73- t.Fatal("Stopping the test because a role was added to the policy.")
74- }
75-
92+
93+ bootstrapGkeTagManagerServiceAgents(t)
7694 acctest.VcrTest(t, resource.TestCase{
7795 PreCheck: func() { acctest.AccTestPreCheck(t) },
7896 ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
@@ -3642,6 +3660,8 @@ func TestAccContainerCluster_withAutopilotResourceManagerTags(t *testing.T) {
36423660 clusterNetName := fmt.Sprintf("tf-test-container-net-%s", randomSuffix)
36433661 clusterSubnetName := fmt.Sprintf("tf-test-container-subnet-%s", randomSuffix)
36443662
3663+ bootstrapGkeTagManagerServiceAgents(t)
3664+
36453665 acctest.VcrTest(t, resource.TestCase{
36463666 PreCheck: func() { acctest.AccTestPreCheck(t) },
36473667 ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
@@ -3666,6 +3686,10 @@ func TestAccContainerCluster_withAutopilotResourceManagerTags(t *testing.T) {
36663686 {
36673687 Config: testAccContainerCluster_withAutopilotResourceManagerTagsUpdate1(pid, clusterName, clusterNetName, clusterSubnetName, randomSuffix),
36683688 Check: resource.ComposeTestCheckFunc(
3689+ // Small sleep, to avoid case where cluster is ready but underlying GCE
3690+ // resources apparently aren't.
3691+ // b/390456348
3692+ acctest.SleepInSecondsForTest(30),
36693693 resource.TestCheckResourceAttrSet("google_container_cluster.with_autopilot", "node_pool_auto_config.0.resource_manager_tags.%"),
36703694 ),
36713695 },
@@ -11769,38 +11793,6 @@ data "google_project" "project" {
1176911793 project_id = "%[1]s"
1177011794}
1177111795
11772- resource "google_project_iam_member" "tagHoldAdmin" {
11773- project = "%[1]s"
11774- role = "roles/resourcemanager.tagHoldAdmin"
11775- member = "serviceAccount:service-${data.google_project.project.number}@container-engine-robot.iam.gserviceaccount.com"
11776- }
11777-
11778- resource "google_project_iam_member" "tagUser1" {
11779- project = "%[1]s"
11780- role = "roles/resourcemanager.tagUser"
11781- member = "serviceAccount:service-${data.google_project.project.number}@container-engine-robot.iam.gserviceaccount.com"
11782-
11783- depends_on = [google_project_iam_member.tagHoldAdmin]
11784- }
11785-
11786- resource "google_project_iam_member" "tagUser2" {
11787- project = "%[1]s"
11788- role = "roles/resourcemanager.tagUser"
11789- member = "serviceAccount:${data.google_project.project.number}@cloudservices.gserviceaccount.com"
11790-
11791- depends_on = [google_project_iam_member.tagHoldAdmin]
11792- }
11793-
11794- resource "time_sleep" "wait_120_seconds" {
11795- create_duration = "120s"
11796-
11797- depends_on = [
11798- google_project_iam_member.tagHoldAdmin,
11799- google_project_iam_member.tagUser1,
11800- google_project_iam_member.tagUser2,
11801- ]
11802- }
11803-
1180411796resource "google_tags_tag_key" "key1" {
1180511797 parent = data.google_project.project.id
1180611798 short_name = "foobarbaz-%[2]s"
@@ -11855,8 +11847,6 @@ resource "google_container_cluster" "primary" {
1185511847 deletion_protection = false
1185611848 network = "%[4]s"
1185711849 subnetwork = "%[5]s"
11858-
11859- depends_on = [time_sleep.wait_120_seconds]
1186011850}
1186111851`, projectID, randomSuffix, clusterName, networkName, subnetworkName, tagResourceNumber)
1186211852}
@@ -11867,38 +11857,6 @@ data "google_project" "project" {
1186711857 project_id = "%[1]s"
1186811858}
1186911859
11870- resource "google_project_iam_member" "tagHoldAdmin" {
11871- project = "%[1]s"
11872- role = "roles/resourcemanager.tagHoldAdmin"
11873- member = "serviceAccount:service-${data.google_project.project.number}@container-engine-robot.iam.gserviceaccount.com"
11874- }
11875-
11876- resource "google_project_iam_member" "tagUser1" {
11877- project = "%[1]s"
11878- role = "roles/resourcemanager.tagUser"
11879- member = "serviceAccount:service-${data.google_project.project.number}@container-engine-robot.iam.gserviceaccount.com"
11880-
11881- depends_on = [google_project_iam_member.tagHoldAdmin]
11882- }
11883-
11884- resource "google_project_iam_member" "tagUser2" {
11885- project = "%[1]s"
11886- role = "roles/resourcemanager.tagUser"
11887- member = "serviceAccount:${data.google_project.project.number}@cloudservices.gserviceaccount.com"
11888-
11889- depends_on = [google_project_iam_member.tagHoldAdmin]
11890- }
11891-
11892- resource "time_sleep" "wait_120_seconds" {
11893- create_duration = "120s"
11894-
11895- depends_on = [
11896- google_project_iam_member.tagHoldAdmin,
11897- google_project_iam_member.tagUser1,
11898- google_project_iam_member.tagUser2,
11899- ]
11900- }
11901-
1190211860resource "google_tags_tag_key" "key1" {
1190311861 parent = "projects/%[1]s"
1190411862 short_name = "foobarbaz1-%[2]s"
@@ -11993,8 +11951,6 @@ resource "google_container_cluster" "with_autopilot" {
1199311951 vertical_pod_autoscaling {
1199411952 enabled = true
1199511953 }
11996-
11997- depends_on = [time_sleep.wait_120_seconds]
1199811954}
1199911955`, projectID, randomSuffix, clusterName, networkName, subnetworkName)
1200011956}
@@ -12005,38 +11961,6 @@ data "google_project" "project" {
1200511961 project_id = "%[1]s"
1200611962}
1200711963
12008- resource "google_project_iam_member" "tagHoldAdmin" {
12009- project = "%[1]s"
12010- role = "roles/resourcemanager.tagHoldAdmin"
12011- member = "serviceAccount:service-${data.google_project.project.number}@container-engine-robot.iam.gserviceaccount.com"
12012- }
12013-
12014- resource "google_project_iam_member" "tagUser1" {
12015- project = "%[1]s"
12016- role = "roles/resourcemanager.tagUser"
12017- member = "serviceAccount:service-${data.google_project.project.number}@container-engine-robot.iam.gserviceaccount.com"
12018-
12019- depends_on = [google_project_iam_member.tagHoldAdmin]
12020- }
12021-
12022- resource "google_project_iam_member" "tagUser2" {
12023- project = "%[1]s"
12024- role = "roles/resourcemanager.tagUser"
12025- member = "serviceAccount:${data.google_project.project.number}@cloudservices.gserviceaccount.com"
12026-
12027- depends_on = [google_project_iam_member.tagHoldAdmin]
12028- }
12029-
12030- resource "time_sleep" "wait_120_seconds" {
12031- create_duration = "120s"
12032-
12033- depends_on = [
12034- google_project_iam_member.tagHoldAdmin,
12035- google_project_iam_member.tagUser1,
12036- google_project_iam_member.tagUser2,
12037- ]
12038- }
12039-
1204011964resource "google_tags_tag_key" "key1" {
1204111965 parent = "projects/%[1]s"
1204211966 short_name = "foobarbaz1-%[2]s"
@@ -12132,8 +12056,6 @@ resource "google_container_cluster" "with_autopilot" {
1213212056 vertical_pod_autoscaling {
1213312057 enabled = true
1213412058 }
12135-
12136- depends_on = [time_sleep.wait_120_seconds]
1213712059}
1213812060`, projectID, randomSuffix, clusterName, networkName, subnetworkName)
1213912061}
@@ -12144,38 +12066,6 @@ data "google_project" "project" {
1214412066 project_id = "%[1]s"
1214512067}
1214612068
12147- resource "google_project_iam_member" "tagHoldAdmin" {
12148- project = "%[1]s"
12149- role = "roles/resourcemanager.tagHoldAdmin"
12150- member = "serviceAccount:service-${data.google_project.project.number}@container-engine-robot.iam.gserviceaccount.com"
12151- }
12152-
12153- resource "google_project_iam_member" "tagUser1" {
12154- project = "%[1]s"
12155- role = "roles/resourcemanager.tagUser"
12156- member = "serviceAccount:service-${data.google_project.project.number}@container-engine-robot.iam.gserviceaccount.com"
12157-
12158- depends_on = [google_project_iam_member.tagHoldAdmin]
12159- }
12160-
12161- resource "google_project_iam_member" "tagUser2" {
12162- project = "%[1]s"
12163- role = "roles/resourcemanager.tagUser"
12164- member = "serviceAccount:${data.google_project.project.number}@cloudservices.gserviceaccount.com"
12165-
12166- depends_on = [google_project_iam_member.tagHoldAdmin]
12167- }
12168-
12169- resource "time_sleep" "wait_120_seconds" {
12170- create_duration = "120s"
12171-
12172- depends_on = [
12173- google_project_iam_member.tagHoldAdmin,
12174- google_project_iam_member.tagUser1,
12175- google_project_iam_member.tagUser2,
12176- ]
12177- }
12178-
1217912069resource "google_tags_tag_key" "key1" {
1218012070 parent = "projects/%[1]s"
1218112071 short_name = "foobarbaz1-%[2]s"
@@ -12264,8 +12154,6 @@ resource "google_container_cluster" "with_autopilot" {
1226412154 vertical_pod_autoscaling {
1226512155 enabled = true
1226612156 }
12267-
12268- depends_on = [time_sleep.wait_120_seconds]
1226912157}
1227012158`, projectID, randomSuffix, clusterName, networkName, subnetworkName)
1227112159}
0 commit comments