Fixes boolean fields in the ShieldedInstanceConfig struct for dataproc clusters (GoogleCloudPlatform#12671)

satyakommula96 · anoopkverma-google · commit 60608555bd39 · 2025-01-31T12:17:53.000+05:30
diff --git a/mmv1/third_party/terraform/services/dataproc/resource_dataproc_cluster.go b/mmv1/third_party/terraform/services/dataproc/resource_dataproc_cluster.go
@@ -2241,6 +2241,7 @@ func expandGceClusterConfig(d *schema.ResourceData, config *transport_tpg.Config
 	if v, ok := d.GetOk("cluster_config.0.gce_cluster_config.0.shielded_instance_config"); ok {
 		cfgSic := v.([]interface{})[0].(map[string]interface{})
 		conf.ShieldedInstanceConfig = &dataproc.ShieldedInstanceConfig{}
+		conf.ShieldedInstanceConfig.ForceSendFields = []string{"EnableIntegrityMonitoring", "EnableSecureBoot", "EnableVtpm"}
 		if v, ok := cfgSic["enable_integrity_monitoring"]; ok {
 			conf.ShieldedInstanceConfig.EnableIntegrityMonitoring = v.(bool)
 		}
diff --git a/mmv1/third_party/terraform/services/dataproc/resource_dataproc_cluster_test.go.tmpl b/mmv1/third_party/terraform/services/dataproc/resource_dataproc_cluster_test.go.tmpl
@@ -254,6 +254,31 @@ func TestAccDataprocCluster_withInternalIpOnlyTrueAndShieldedConfig(t *testing.T
 	})
 }
 
+func TestAccDataprocCluster_withShieldedConfig(t *testing.T) {
+	t.Parallel()
+
+	var cluster dataproc.Cluster
+	rnd := acctest.RandString(t, 10)
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckDataprocClusterDestroy(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataprocCluster_withShieldedConfig(rnd),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckDataprocClusterExists(t, "google_dataproc_cluster.basic", &cluster),
+
+					// Testing behavior for Dataproc to use only internal IP addresses
+					resource.TestCheckResourceAttr("google_dataproc_cluster.basic", "cluster_config.0.gce_cluster_config.0.shielded_instance_config.0.enable_integrity_monitoring", "false"),
+					resource.TestCheckResourceAttr("google_dataproc_cluster.basic", "cluster_config.0.gce_cluster_config.0.shielded_instance_config.0.enable_secure_boot", "false"),
+					resource.TestCheckResourceAttr("google_dataproc_cluster.basic", "cluster_config.0.gce_cluster_config.0.shielded_instance_config.0.enable_vtpm", "false"),
+				),
+			},
+		},
+	})
+}
+
 func TestAccDataprocCluster_withConfidentialCompute(t *testing.T) {
     t.Parallel()
 
@@ -1581,6 +1606,25 @@ resource "google_dataproc_cluster" "basic" {
 `, rnd, rnd, rnd, rnd)
 }
 
+func testAccDataprocCluster_withShieldedConfig(rnd string) string {
+	return fmt.Sprintf(`
+resource "google_dataproc_cluster" "basic" {
+  name   = "tf-test-dproc-%s"
+  region = "us-central1"
+
+  cluster_config {
+    gce_cluster_config {
+      shielded_instance_config {
+        enable_integrity_monitoring = false
+        enable_secure_boot          = false
+        enable_vtpm                 = false
+      }
+    }
+  }
+}
+`, rnd)
+}
+
 func testAccDataprocCluster_withConfidentialCompute(rnd, subnetworkName string, imageUri string) string {
     return fmt.Sprintf(`
 resource "google_dataproc_cluster" "confidential" {

Original file line number	Diff line number	Diff line change
`@@ -2241,6 +2241,7 @@ func expandGceClusterConfig(d schema.ResourceData, config transport_tpg.Config`
`2241`	`2241`	`if v, ok := d.GetOk("cluster_config.0.gce_cluster_config.0.shielded_instance_config"); ok {`
`2242`	`2242`	`cfgSic := v.([]interface{})[0].(map[string]interface{})`
`2243`	`2243`	`conf.ShieldedInstanceConfig = &dataproc.ShieldedInstanceConfig{}`
	`2244`	`+ conf.ShieldedInstanceConfig.ForceSendFields = []string{"EnableIntegrityMonitoring", "EnableSecureBoot", "EnableVtpm"}`
`2244`	`2245`	`if v, ok := cfgSic["enable_integrity_monitoring"]; ok {`
`2245`	`2246`	`conf.ShieldedInstanceConfig.EnableIntegrityMonitoring = v.(bool)`
`2246`	`2247`	`}`