From 8f5a79d09379f1f55a5d23db864b6d2f816249d7 Mon Sep 17 00:00:00 2001 From: Will Yardley Date: Tue, 21 Jan 2025 10:18:10 -0800 Subject: [PATCH] container: fixed resourceManagerTags tests (#12728) Co-authored-by: Chenhao Ma --- .../resource_container_cluster_test.go.tmpl | 170 +++--------------- .../resource_container_node_pool_test.go.tmpl | 104 +---------- 2 files changed, 31 insertions(+), 243 deletions(-) diff --git a/mmv1/third_party/terraform/services/container/resource_container_cluster_test.go.tmpl b/mmv1/third_party/terraform/services/container/resource_container_cluster_test.go.tmpl index b0637490985c..a35bf489814b 100644 --- a/mmv1/third_party/terraform/services/container/resource_container_cluster_test.go.tmpl +++ b/mmv1/third_party/terraform/services/container/resource_container_cluster_test.go.tmpl @@ -15,6 +15,27 @@ import ( cloudkms "google.golang.org/api/cloudkms/v1" ) +func bootstrapGkeTagManagerServiceAgents(t *testing.T) { + acctest.BootstrapIamMembers(t, []acctest.IamMember{ + { + Member: "serviceAccount:service-{project_number}@container-engine-robot.iam.gserviceaccount.com", + Role: "roles/resourcemanager.tagAdmin", + }, + { + Member: "serviceAccount:service-{project_number}@container-engine-robot.iam.gserviceaccount.com", + Role: "roles/resourcemanager.tagHoldAdmin", + }, + { + Member: "serviceAccount:service-{project_number}@container-engine-robot.iam.gserviceaccount.com", + Role: "roles/resourcemanager.tagUser", + }, + { + Member: "serviceAccount:{project_number}@cloudservices.gserviceaccount.com", + Role: "roles/resourcemanager.tagUser", + }, + }) +} + func TestAccContainerCluster_basic(t *testing.T) { t.Parallel() @@ -68,11 +89,8 @@ func TestAccContainerCluster_resourceManagerTags(t *testing.T) { networkName := acctest.BootstrapSharedTestNetwork(t, "gke-cluster") subnetworkName := acctest.BootstrapSubnet(t, "gke-cluster", networkName) - - if acctest.BootstrapPSARole(t, "service-", "container-engine-robot", "roles/resourcemanager.tagHoldAdmin") { - t.Fatal("Stopping the test because a role was added to the policy.") - } - + + bootstrapGkeTagManagerServiceAgents(t) acctest.VcrTest(t, resource.TestCase{ PreCheck: func() { acctest.AccTestPreCheck(t) }, ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), @@ -3642,6 +3660,8 @@ func TestAccContainerCluster_withAutopilotResourceManagerTags(t *testing.T) { clusterNetName := fmt.Sprintf("tf-test-container-net-%s", randomSuffix) clusterSubnetName := fmt.Sprintf("tf-test-container-subnet-%s", randomSuffix) + bootstrapGkeTagManagerServiceAgents(t) + acctest.VcrTest(t, resource.TestCase{ PreCheck: func() { acctest.AccTestPreCheck(t) }, ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), @@ -3666,6 +3686,10 @@ func TestAccContainerCluster_withAutopilotResourceManagerTags(t *testing.T) { { Config: testAccContainerCluster_withAutopilotResourceManagerTagsUpdate1(pid, clusterName, clusterNetName, clusterSubnetName, randomSuffix), Check: resource.ComposeTestCheckFunc( + // Small sleep, to avoid case where cluster is ready but underlying GCE + // resources apparently aren't. + // b/390456348 + acctest.SleepInSecondsForTest(30), resource.TestCheckResourceAttrSet("google_container_cluster.with_autopilot", "node_pool_auto_config.0.resource_manager_tags.%"), ), }, @@ -11769,38 +11793,6 @@ data "google_project" "project" { project_id = "%[1]s" } -resource "google_project_iam_member" "tagHoldAdmin" { - project = "%[1]s" - role = "roles/resourcemanager.tagHoldAdmin" - member = "serviceAccount:service-${data.google_project.project.number}@container-engine-robot.iam.gserviceaccount.com" -} - -resource "google_project_iam_member" "tagUser1" { - project = "%[1]s" - role = "roles/resourcemanager.tagUser" - member = "serviceAccount:service-${data.google_project.project.number}@container-engine-robot.iam.gserviceaccount.com" - - depends_on = [google_project_iam_member.tagHoldAdmin] -} - -resource "google_project_iam_member" "tagUser2" { - project = "%[1]s" - role = "roles/resourcemanager.tagUser" - member = "serviceAccount:${data.google_project.project.number}@cloudservices.gserviceaccount.com" - - depends_on = [google_project_iam_member.tagHoldAdmin] -} - -resource "time_sleep" "wait_120_seconds" { - create_duration = "120s" - - depends_on = [ - google_project_iam_member.tagHoldAdmin, - google_project_iam_member.tagUser1, - google_project_iam_member.tagUser2, - ] -} - resource "google_tags_tag_key" "key1" { parent = data.google_project.project.id short_name = "foobarbaz-%[2]s" @@ -11855,8 +11847,6 @@ resource "google_container_cluster" "primary" { deletion_protection = false network = "%[4]s" subnetwork = "%[5]s" - - depends_on = [time_sleep.wait_120_seconds] } `, projectID, randomSuffix, clusterName, networkName, subnetworkName, tagResourceNumber) } @@ -11867,38 +11857,6 @@ data "google_project" "project" { project_id = "%[1]s" } -resource "google_project_iam_member" "tagHoldAdmin" { - project = "%[1]s" - role = "roles/resourcemanager.tagHoldAdmin" - member = "serviceAccount:service-${data.google_project.project.number}@container-engine-robot.iam.gserviceaccount.com" -} - -resource "google_project_iam_member" "tagUser1" { - project = "%[1]s" - role = "roles/resourcemanager.tagUser" - member = "serviceAccount:service-${data.google_project.project.number}@container-engine-robot.iam.gserviceaccount.com" - - depends_on = [google_project_iam_member.tagHoldAdmin] -} - -resource "google_project_iam_member" "tagUser2" { - project = "%[1]s" - role = "roles/resourcemanager.tagUser" - member = "serviceAccount:${data.google_project.project.number}@cloudservices.gserviceaccount.com" - - depends_on = [google_project_iam_member.tagHoldAdmin] -} - -resource "time_sleep" "wait_120_seconds" { - create_duration = "120s" - - depends_on = [ - google_project_iam_member.tagHoldAdmin, - google_project_iam_member.tagUser1, - google_project_iam_member.tagUser2, - ] -} - resource "google_tags_tag_key" "key1" { parent = "projects/%[1]s" short_name = "foobarbaz1-%[2]s" @@ -11993,8 +11951,6 @@ resource "google_container_cluster" "with_autopilot" { vertical_pod_autoscaling { enabled = true } - - depends_on = [time_sleep.wait_120_seconds] } `, projectID, randomSuffix, clusterName, networkName, subnetworkName) } @@ -12005,38 +11961,6 @@ data "google_project" "project" { project_id = "%[1]s" } -resource "google_project_iam_member" "tagHoldAdmin" { - project = "%[1]s" - role = "roles/resourcemanager.tagHoldAdmin" - member = "serviceAccount:service-${data.google_project.project.number}@container-engine-robot.iam.gserviceaccount.com" -} - -resource "google_project_iam_member" "tagUser1" { - project = "%[1]s" - role = "roles/resourcemanager.tagUser" - member = "serviceAccount:service-${data.google_project.project.number}@container-engine-robot.iam.gserviceaccount.com" - - depends_on = [google_project_iam_member.tagHoldAdmin] -} - -resource "google_project_iam_member" "tagUser2" { - project = "%[1]s" - role = "roles/resourcemanager.tagUser" - member = "serviceAccount:${data.google_project.project.number}@cloudservices.gserviceaccount.com" - - depends_on = [google_project_iam_member.tagHoldAdmin] -} - -resource "time_sleep" "wait_120_seconds" { - create_duration = "120s" - - depends_on = [ - google_project_iam_member.tagHoldAdmin, - google_project_iam_member.tagUser1, - google_project_iam_member.tagUser2, - ] -} - resource "google_tags_tag_key" "key1" { parent = "projects/%[1]s" short_name = "foobarbaz1-%[2]s" @@ -12132,8 +12056,6 @@ resource "google_container_cluster" "with_autopilot" { vertical_pod_autoscaling { enabled = true } - - depends_on = [time_sleep.wait_120_seconds] } `, projectID, randomSuffix, clusterName, networkName, subnetworkName) } @@ -12144,38 +12066,6 @@ data "google_project" "project" { project_id = "%[1]s" } -resource "google_project_iam_member" "tagHoldAdmin" { - project = "%[1]s" - role = "roles/resourcemanager.tagHoldAdmin" - member = "serviceAccount:service-${data.google_project.project.number}@container-engine-robot.iam.gserviceaccount.com" -} - -resource "google_project_iam_member" "tagUser1" { - project = "%[1]s" - role = "roles/resourcemanager.tagUser" - member = "serviceAccount:service-${data.google_project.project.number}@container-engine-robot.iam.gserviceaccount.com" - - depends_on = [google_project_iam_member.tagHoldAdmin] -} - -resource "google_project_iam_member" "tagUser2" { - project = "%[1]s" - role = "roles/resourcemanager.tagUser" - member = "serviceAccount:${data.google_project.project.number}@cloudservices.gserviceaccount.com" - - depends_on = [google_project_iam_member.tagHoldAdmin] -} - -resource "time_sleep" "wait_120_seconds" { - create_duration = "120s" - - depends_on = [ - google_project_iam_member.tagHoldAdmin, - google_project_iam_member.tagUser1, - google_project_iam_member.tagUser2, - ] -} - resource "google_tags_tag_key" "key1" { parent = "projects/%[1]s" short_name = "foobarbaz1-%[2]s" @@ -12264,8 +12154,6 @@ resource "google_container_cluster" "with_autopilot" { vertical_pod_autoscaling { enabled = true } - - depends_on = [time_sleep.wait_120_seconds] } `, projectID, randomSuffix, clusterName, networkName, subnetworkName) } diff --git a/mmv1/third_party/terraform/services/container/resource_container_node_pool_test.go.tmpl b/mmv1/third_party/terraform/services/container/resource_container_node_pool_test.go.tmpl index fe36360a2a68..44c65f750875 100644 --- a/mmv1/third_party/terraform/services/container/resource_container_node_pool_test.go.tmpl +++ b/mmv1/third_party/terraform/services/container/resource_container_node_pool_test.go.tmpl @@ -47,6 +47,8 @@ func TestAccContainerNodePool_resourceManagerTags(t *testing.T) { networkName := acctest.BootstrapSharedTestNetwork(t, "gke-cluster") subnetworkName := acctest.BootstrapSubnet(t, "gke-cluster", networkName) + bootstrapGkeTagManagerServiceAgents(t) + acctest.VcrTest(t, resource.TestCase{ PreCheck: func() { acctest.AccTestPreCheck(t) }, ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), @@ -4479,38 +4481,6 @@ data "google_project" "project" { project_id = "%[1]s" } -resource "google_project_iam_member" "tagHoldAdmin" { - project = "%[1]s" - role = "roles/resourcemanager.tagHoldAdmin" - member = "serviceAccount:service-${data.google_project.project.number}@container-engine-robot.iam.gserviceaccount.com" -} - -resource "google_project_iam_member" "tagUser1" { - project = "%[1]s" - role = "roles/resourcemanager.tagUser" - member = "serviceAccount:service-${data.google_project.project.number}@container-engine-robot.iam.gserviceaccount.com" - - depends_on = [google_project_iam_member.tagHoldAdmin] -} - -resource "google_project_iam_member" "tagUser2" { - project = "%[1]s" - role = "roles/resourcemanager.tagUser" - member = "serviceAccount:${data.google_project.project.number}@cloudservices.gserviceaccount.com" - - depends_on = [google_project_iam_member.tagHoldAdmin] -} - -resource "time_sleep" "wait_120_seconds" { - create_duration = "120s" - - depends_on = [ - google_project_iam_member.tagHoldAdmin, - google_project_iam_member.tagUser1, - google_project_iam_member.tagUser2, - ] -} - resource "google_tags_tag_key" "key1" { parent = "projects/%[1]s" short_name = "foobarbaz1-%[2]s" @@ -4568,8 +4538,6 @@ resource "google_container_cluster" "primary" { create = "30m" update = "40m" } - - depends_on = [time_sleep.wait_120_seconds] } # Separately Managed Node Pool @@ -4599,38 +4567,6 @@ data "google_project" "project" { project_id = "%[1]s" } -resource "google_project_iam_member" "tagHoldAdmin" { - project = "%[1]s" - role = "roles/resourcemanager.tagHoldAdmin" - member = "serviceAccount:service-${data.google_project.project.number}@container-engine-robot.iam.gserviceaccount.com" -} - -resource "google_project_iam_member" "tagUser1" { - project = "%[1]s" - role = "roles/resourcemanager.tagUser" - member = "serviceAccount:service-${data.google_project.project.number}@container-engine-robot.iam.gserviceaccount.com" - - depends_on = [google_project_iam_member.tagHoldAdmin] -} - -resource "google_project_iam_member" "tagUser2" { - project = "%[1]s" - role = "roles/resourcemanager.tagUser" - member = "serviceAccount:${data.google_project.project.number}@cloudservices.gserviceaccount.com" - - depends_on = [google_project_iam_member.tagHoldAdmin] -} - -resource "time_sleep" "wait_120_seconds" { - create_duration = "120s" - - depends_on = [ - google_project_iam_member.tagHoldAdmin, - google_project_iam_member.tagUser1, - google_project_iam_member.tagUser2, - ] -} - resource "google_tags_tag_key" "key1" { parent = "projects/%[1]s" short_name = "foobarbaz1-%[2]s" @@ -4688,8 +4624,6 @@ resource "google_container_cluster" "primary" { create = "30m" update = "40m" } - - depends_on = [time_sleep.wait_120_seconds] } # Separately Managed Node Pool @@ -4720,38 +4654,6 @@ data "google_project" "project" { project_id = "%[1]s" } -resource "google_project_iam_member" "tagHoldAdmin" { - project = "%[1]s" - role = "roles/resourcemanager.tagHoldAdmin" - member = "serviceAccount:service-${data.google_project.project.number}@container-engine-robot.iam.gserviceaccount.com" -} - -resource "google_project_iam_member" "tagUser1" { - project = "%[1]s" - role = "roles/resourcemanager.tagUser" - member = "serviceAccount:service-${data.google_project.project.number}@container-engine-robot.iam.gserviceaccount.com" - - depends_on = [google_project_iam_member.tagHoldAdmin] -} - -resource "google_project_iam_member" "tagUser2" { - project = "%[1]s" - role = "roles/resourcemanager.tagUser" - member = "serviceAccount:${data.google_project.project.number}@cloudservices.gserviceaccount.com" - - depends_on = [google_project_iam_member.tagHoldAdmin] -} - -resource "time_sleep" "wait_120_seconds" { - create_duration = "120s" - - depends_on = [ - google_project_iam_member.tagHoldAdmin, - google_project_iam_member.tagUser1, - google_project_iam_member.tagUser2, - ] -} - resource "google_tags_tag_key" "key1" { parent = "projects/%[1]s" short_name = "foobarbaz1-%[2]s" @@ -4809,8 +4711,6 @@ resource "google_container_cluster" "primary" { create = "30m" update = "40m" } - - depends_on = [time_sleep.wait_120_seconds] } # Separately Managed Node Pool