Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

container: fixed resourceManagerTags tests #12728

Merged
merged 10 commits into from
Jan 21, 2025
Merged

container: fixed resourceManagerTags tests #12728

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
63e2ad6
Remove the tagHoldAdmin since we already have bootstrap it. Also add …
MaChenhao Nov 20, 2024
4802cdc
Fix the linebreaking for or operator.
MaChenhao Nov 21, 2024
121a2d1
Additional test fixes
wyardley Jan 10, 2025
3966075
Move additional permissions to bootstrap and add sleep
wyardley Jan 15, 2025
ea185d3
Switch to `BootstrapPSARoles()`
wyardley Jan 16, 2025
1eea015
update test to use acctest changes
wyardley Jan 16, 2025
6d87be2
back to 30s sleep - 15 wasn't long enough
wyardley Jan 16, 2025
8f2b627
add comment
wyardley Jan 16, 2025
4ce3ddf
Fix TestAccContainerNodePool_resourceManagerTags
wyardley Jan 17, 2025
ecc4b37
Switch to changes from #12796
wyardley Jan 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
170 changes: 29 additions & 141 deletions mmv1/third_party/terraform/services/container/resource_container_cluster_test.go.tmpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,27 @@ import (
cloudkms "google.golang.org/api/cloudkms/v1"
)

func bootstrapGkeTagManagerServiceAgents(t *testing.T) {
acctest.BootstrapIamMembers(t, []acctest.IamMember{
{
Member: "serviceAccount:service-{project_number}@container-engine-robot.iam.gserviceaccount.com",
Role: "roles/resourcemanager.tagAdmin",
},
{
Member: "serviceAccount:service-{project_number}@container-engine-robot.iam.gserviceaccount.com",
Role: "roles/resourcemanager.tagHoldAdmin",
},
{
Member: "serviceAccount:service-{project_number}@container-engine-robot.iam.gserviceaccount.com",
Role: "roles/resourcemanager.tagUser",
},
{
Member: "serviceAccount:{project_number}@cloudservices.gserviceaccount.com",
Role: "roles/resourcemanager.tagUser",
},
})
}

func TestAccContainerCluster_basic(t *testing.T) {
t.Parallel()

Expand Down Expand Up @@ -68,11 +89,8 @@ func TestAccContainerCluster_resourceManagerTags(t *testing.T) {

networkName := acctest.BootstrapSharedTestNetwork(t, "gke-cluster")
subnetworkName := acctest.BootstrapSubnet(t, "gke-cluster", networkName)

if acctest.BootstrapPSARole(t, "service-", "container-engine-robot", "roles/resourcemanager.tagHoldAdmin") {
t.Fatal("Stopping the test because a role was added to the policy.")
}


bootstrapGkeTagManagerServiceAgents(t)
acctest.VcrTest(t, resource.TestCase{
PreCheck: func() { acctest.AccTestPreCheck(t) },
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
Expand Down Expand Up @@ -3642,6 +3660,8 @@ func TestAccContainerCluster_withAutopilotResourceManagerTags(t *testing.T) {
clusterNetName := fmt.Sprintf("tf-test-container-net-%s", randomSuffix)
clusterSubnetName := fmt.Sprintf("tf-test-container-subnet-%s", randomSuffix)

bootstrapGkeTagManagerServiceAgents(t)

acctest.VcrTest(t, resource.TestCase{
PreCheck: func() { acctest.AccTestPreCheck(t) },
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
Expand All @@ -3666,6 +3686,10 @@ func TestAccContainerCluster_withAutopilotResourceManagerTags(t *testing.T) {
{
Config: testAccContainerCluster_withAutopilotResourceManagerTagsUpdate1(pid, clusterName, clusterNetName, clusterSubnetName, randomSuffix),
Check: resource.ComposeTestCheckFunc(
// Small sleep, to avoid case where cluster is ready but underlying GCE
// resources apparently aren't.
// b/390456348
acctest.SleepInSecondsForTest(30),
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Other possibility is that I ran into some sort of shorter term problem while I was testing this and that it's not actually necessary. But this did reliably seem to get rid of the issue I mentioned in the PR comments.

See notes and linked issue about whether this is really needed in the case of VCR, though.

resource.TestCheckResourceAttrSet("google_container_cluster.with_autopilot", "node_pool_auto_config.0.resource_manager_tags.%"),
),
},
Expand Down Expand Up @@ -11769,38 +11793,6 @@ data "google_project" "project" {
project_id = "%[1]s"
}

resource "google_project_iam_member" "tagHoldAdmin" {
project = "%[1]s"
role = "roles/resourcemanager.tagHoldAdmin"
member = "serviceAccount:service-${data.google_project.project.number}@container-engine-robot.iam.gserviceaccount.com"
}

resource "google_project_iam_member" "tagUser1" {
project = "%[1]s"
role = "roles/resourcemanager.tagUser"
member = "serviceAccount:service-${data.google_project.project.number}@container-engine-robot.iam.gserviceaccount.com"

depends_on = [google_project_iam_member.tagHoldAdmin]
}

resource "google_project_iam_member" "tagUser2" {
project = "%[1]s"
role = "roles/resourcemanager.tagUser"
member = "serviceAccount:${data.google_project.project.number}@cloudservices.gserviceaccount.com"

depends_on = [google_project_iam_member.tagHoldAdmin]
}

resource "time_sleep" "wait_120_seconds" {
create_duration = "120s"

depends_on = [
google_project_iam_member.tagHoldAdmin,
google_project_iam_member.tagUser1,
google_project_iam_member.tagUser2,
]
}

resource "google_tags_tag_key" "key1" {
parent = data.google_project.project.id
short_name = "foobarbaz-%[2]s"
Expand Down Expand Up @@ -11855,8 +11847,6 @@ resource "google_container_cluster" "primary" {
deletion_protection = false
network = "%[4]s"
subnetwork = "%[5]s"

depends_on = [time_sleep.wait_120_seconds]
}
`, projectID, randomSuffix, clusterName, networkName, subnetworkName, tagResourceNumber)
}
Expand All @@ -11867,38 +11857,6 @@ data "google_project" "project" {
project_id = "%[1]s"
}

resource "google_project_iam_member" "tagHoldAdmin" {
project = "%[1]s"
role = "roles/resourcemanager.tagHoldAdmin"
member = "serviceAccount:service-${data.google_project.project.number}@container-engine-robot.iam.gserviceaccount.com"
}

resource "google_project_iam_member" "tagUser1" {
project = "%[1]s"
role = "roles/resourcemanager.tagUser"
member = "serviceAccount:service-${data.google_project.project.number}@container-engine-robot.iam.gserviceaccount.com"

depends_on = [google_project_iam_member.tagHoldAdmin]
}

resource "google_project_iam_member" "tagUser2" {
project = "%[1]s"
role = "roles/resourcemanager.tagUser"
member = "serviceAccount:${data.google_project.project.number}@cloudservices.gserviceaccount.com"

depends_on = [google_project_iam_member.tagHoldAdmin]
}

resource "time_sleep" "wait_120_seconds" {
create_duration = "120s"

depends_on = [
google_project_iam_member.tagHoldAdmin,
google_project_iam_member.tagUser1,
google_project_iam_member.tagUser2,
]
}

resource "google_tags_tag_key" "key1" {
parent = "projects/%[1]s"
short_name = "foobarbaz1-%[2]s"
Expand Down Expand Up @@ -11993,8 +11951,6 @@ resource "google_container_cluster" "with_autopilot" {
vertical_pod_autoscaling {
enabled = true
}

depends_on = [time_sleep.wait_120_seconds]
}
`, projectID, randomSuffix, clusterName, networkName, subnetworkName)
}
Expand All @@ -12005,38 +11961,6 @@ data "google_project" "project" {
project_id = "%[1]s"
}

resource "google_project_iam_member" "tagHoldAdmin" {
project = "%[1]s"
role = "roles/resourcemanager.tagHoldAdmin"
member = "serviceAccount:service-${data.google_project.project.number}@container-engine-robot.iam.gserviceaccount.com"
}

resource "google_project_iam_member" "tagUser1" {
project = "%[1]s"
role = "roles/resourcemanager.tagUser"
member = "serviceAccount:service-${data.google_project.project.number}@container-engine-robot.iam.gserviceaccount.com"

depends_on = [google_project_iam_member.tagHoldAdmin]
}

resource "google_project_iam_member" "tagUser2" {
project = "%[1]s"
role = "roles/resourcemanager.tagUser"
member = "serviceAccount:${data.google_project.project.number}@cloudservices.gserviceaccount.com"

depends_on = [google_project_iam_member.tagHoldAdmin]
}

resource "time_sleep" "wait_120_seconds" {
create_duration = "120s"

depends_on = [
google_project_iam_member.tagHoldAdmin,
google_project_iam_member.tagUser1,
google_project_iam_member.tagUser2,
]
}

resource "google_tags_tag_key" "key1" {
parent = "projects/%[1]s"
short_name = "foobarbaz1-%[2]s"
Expand Down Expand Up @@ -12132,8 +12056,6 @@ resource "google_container_cluster" "with_autopilot" {
vertical_pod_autoscaling {
enabled = true
}

depends_on = [time_sleep.wait_120_seconds]
}
`, projectID, randomSuffix, clusterName, networkName, subnetworkName)
}
Expand All @@ -12144,38 +12066,6 @@ data "google_project" "project" {
project_id = "%[1]s"
}

resource "google_project_iam_member" "tagHoldAdmin" {
project = "%[1]s"
role = "roles/resourcemanager.tagHoldAdmin"
member = "serviceAccount:service-${data.google_project.project.number}@container-engine-robot.iam.gserviceaccount.com"
}

resource "google_project_iam_member" "tagUser1" {
project = "%[1]s"
role = "roles/resourcemanager.tagUser"
member = "serviceAccount:service-${data.google_project.project.number}@container-engine-robot.iam.gserviceaccount.com"

depends_on = [google_project_iam_member.tagHoldAdmin]
}

resource "google_project_iam_member" "tagUser2" {
project = "%[1]s"
role = "roles/resourcemanager.tagUser"
member = "serviceAccount:${data.google_project.project.number}@cloudservices.gserviceaccount.com"

depends_on = [google_project_iam_member.tagHoldAdmin]
}

resource "time_sleep" "wait_120_seconds" {
create_duration = "120s"

depends_on = [
google_project_iam_member.tagHoldAdmin,
google_project_iam_member.tagUser1,
google_project_iam_member.tagUser2,
]
}

resource "google_tags_tag_key" "key1" {
parent = "projects/%[1]s"
short_name = "foobarbaz1-%[2]s"
Expand Down Expand Up @@ -12264,8 +12154,6 @@ resource "google_container_cluster" "with_autopilot" {
vertical_pod_autoscaling {
enabled = true
}

depends_on = [time_sleep.wait_120_seconds]
}
`, projectID, randomSuffix, clusterName, networkName, subnetworkName)
}
Expand Down
Loading
Loading