Fix nodeConfigDefaults on cluster create. (#12664)

[upstream:462421d9d258748a5b6d6091254062fc248fd7f6] Signed-off-by: Modular Magician <magic-modules@google.com>
hashicorp · Jan 16, 2025 · 0ae8e43 · 0ae8e43
1 parent b4001b5
commit 0ae8e43
Show file tree

Hide file tree

Showing 3 changed files with 76 additions and 3 deletions.
diff --git a/.changelog/12664.txt b/.changelog/12664.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+container: fixed propagation of `node_pool_defaults.node_config_defaults.insecure_kubelet_readonly_port_enabled` in node config.
+```
diff --git a/google-beta/services/container/node_config.go b/google-beta/services/container/node_config.go
@@ -860,6 +860,7 @@ func expandNodeConfigDefaults(configured interface{}) *container.NodeConfigDefau
 	if v, ok := config["insecure_kubelet_readonly_port_enabled"]; ok {
 		nodeConfigDefaults.NodeKubeletConfig = &container.NodeKubeletConfig{
 			InsecureKubeletReadonlyPortEnabled: expandInsecureKubeletReadonlyPortEnabled(v),
+			ForceSendFields:                    []string{"InsecureKubeletReadonlyPortEnabled"},
 		}
 	}
 	if variant, ok := config["logging_variant"]; ok {

diff --git a/google-beta/services/container/resource_container_cluster_test.go b/google-beta/services/container/resource_container_cluster_test.go
@@ -3563,7 +3563,10 @@ func TestAccContainerCluster_withAutopilotKubeletConfig(t *testing.T) {
 	})
 }
 
-func TestAccContainerCluster_withAutopilot_withNodePoolDefaults(t *testing.T) {
+// func TestAccContainerCluster_withAutopilot_withNodePoolDefaults(t *testing.T) {
+// nodePoolDefaults is not allowed on GKE Autopilot clusters, error from GKE is:
+// `Setting node_pool_defaults.node_config_defaults.node_kubelet_config is not allowed on GKE Autopilot clusters.`
+func TestAccContainerCluster_withAutopilot_withNodePoolAutoConfig(t *testing.T) {
 	t.Parallel()
 
 	randomSuffix := acctest.RandString(t, 10)
@@ -3577,7 +3580,33 @@ func TestAccContainerCluster_withAutopilot_withNodePoolDefaults(t *testing.T) {
 		CheckDestroy:             testAccCheckContainerClusterDestroyProducer(t),
 		Steps: []resource.TestStep{
 			{
-				Config: testAccContainerCluster_withAutopilot_withNodePoolDefaults(clusterName, networkName, subnetworkName),
+				Config: testAccContainerCluster_withAutopilot_withNodePoolAutoConfig(clusterName, networkName, subnetworkName, "FALSE"),
+			},
+			{
+				ResourceName:            "google_container_cluster.primary",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"deletion_protection"},
+			},
+		},
+	})
+}
+
+func TestAccContainerCluster_withStandard_withNodePoolDefaults(t *testing.T) {
+	t.Parallel()
+
+	randomSuffix := acctest.RandString(t, 10)
+	clusterName := fmt.Sprintf("tf-test-cluster-%s", randomSuffix)
+	networkName := acctest.BootstrapSharedTestNetwork(t, "gke-cluster")
+	subnetworkName := acctest.BootstrapSubnet(t, "gke-cluster", networkName)
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckContainerClusterDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccContainerCluster_withStandard_withNodePoolDefaults(clusterName, networkName, subnetworkName, "FALSE"),
 			},
 			{
 				ResourceName:            "google_container_cluster.primary",
@@ -11430,16 +11459,56 @@ resource "google_container_cluster" "primary" {
   location         = "us-central1"
   enable_autopilot = true
 
+	node_pool_defaults {
+    node_kubelet_config {
+    }
+  }
+
+  deletion_protection = false
+  network             = "%s"
+  subnetwork          = "%s"
+}
+`, name, networkName, subnetworkName)
+}
+
+func testAccContainerCluster_withAutopilot_withNodePoolAutoConfig(name, networkName, subnetworkName string, insecureKubeletReadonlyPortEnabled string) string {
+	return fmt.Sprintf(`
+resource "google_container_cluster" "primary" {
+  name             = "%s"
+  location         = "us-central1"
+  enable_autopilot = true
+
+	node_pool_auto_config {
+    node_kubelet_config {
+      insecure_kubelet_readonly_port_enabled = "%s"
+    }
+  }
+
+  deletion_protection = false
+  network             = "%s"
+  subnetwork          = "%s"
+}
+`, name, insecureKubeletReadonlyPortEnabled, networkName, subnetworkName)
+}
+
+func testAccContainerCluster_withStandard_withNodePoolDefaults(name, networkName, subnetworkName string, insecureKubeletReadonlyPortEnabled string) string {
+	return fmt.Sprintf(`
+resource "google_container_cluster" "primary" {
+  name             = "%s"
+  location         = "us-central1-a"
+	initial_node_count = 1
+
   node_pool_defaults {
     node_config_defaults {
+      insecure_kubelet_readonly_port_enabled = "%s"
     }
   }
 
   deletion_protection = false
   network             = "%s"
   subnetwork          = "%s"
 }
-`, name, networkName, subnetworkName)
+`, name, insecureKubeletReadonlyPortEnabled, networkName, subnetworkName)
 }
 
 func testAccContainerCluster_resourceManagerTags(projectID, clusterName, networkName, subnetworkName, randomSuffix string, tagResourceNumber int) string {