From a3b9045d64638786fcf24d7d0b25ae4bfce9cf9e Mon Sep 17 00:00:00 2001
From: Zhenhua Li <zhenhuali@google.com>
Date: Thu, 8 Dec 2022 13:18:49 -0800
Subject: [PATCH] Added updating  master_global_access_config in
 google_container_cluster

---
 .../resource_container_cluster.go.erb         | 22 ++++++++++++++++++-
 .../resource_container_cluster_test.go.erb    | 18 ++++++++++-----
 2 files changed, 34 insertions(+), 6 deletions(-)

diff --git a/mmv1/third_party/terraform/resources/resource_container_cluster.go.erb b/mmv1/third_party/terraform/resources/resource_container_cluster.go.erb
index 68a564b3a285..c9a6744bec72 100644
--- a/mmv1/third_party/terraform/resources/resource_container_cluster.go.erb
+++ b/mmv1/third_party/terraform/resources/resource_container_cluster.go.erb
@@ -2523,7 +2523,27 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er
 		log.Printf("[INFO] GKE cluster %s's enable private endpoint has been updated to %v", d.Id(), enabled)
 	}
 
-        if d.HasChange("binary_authorization") {
+	if d.HasChange("private_cluster_config") && d.HasChange("private_cluster_config.0.master_global_access_config") {
+		config := d.Get("private_cluster_config.0.master_global_access_config")
+		req := &container.UpdateClusterRequest{
+			Update: &container.ClusterUpdate{
+				DesiredPrivateClusterConfig: &container.PrivateClusterConfig{
+					MasterGlobalAccessConfig: expandPrivateClusterConfigMasterGlobalAccessConfig(config),
+					ForceSendFields:          []string{"MasterGlobalAccessConfig"},
+				},
+			},
+		}
+
+		updateF := updateFunc(req, "updating master global access config")
+		// Call update serially.
+		if err := lockedCall(lockKey, updateF); err != nil {
+			return err
+		}
+
+		log.Printf("[INFO] GKE cluster %s's master global access config has been updated to %v", d.Id(), config)
+	}
+
+    if d.HasChange("binary_authorization") {
 		req := &container.UpdateClusterRequest{
 			Update: &container.ClusterUpdate{
 				DesiredBinaryAuthorization: expandBinaryAuthorization(d.Get("binary_authorization"), d.Get("enable_binary_authorization").(bool)),
diff --git a/mmv1/third_party/terraform/tests/resource_container_cluster_test.go.erb b/mmv1/third_party/terraform/tests/resource_container_cluster_test.go.erb
index 2478a90e9047..3c6f3440295d 100644
--- a/mmv1/third_party/terraform/tests/resource_container_cluster_test.go.erb
+++ b/mmv1/third_party/terraform/tests/resource_container_cluster_test.go.erb
@@ -890,7 +890,7 @@ func TestAccContainerCluster_withTpu(t *testing.T) {
 }
 <% end -%>
 
-func TestAccContainerCluster_withPrivateClusterConfig(t *testing.T) {
+func TestAccContainerCluster_withPrivateClusterConfigBasic(t *testing.T) {
 	t.Parallel()
 
 	clusterName := fmt.Sprintf("tf-test-cluster-%s", randString(t, 10))
@@ -902,7 +902,15 @@ func TestAccContainerCluster_withPrivateClusterConfig(t *testing.T) {
 		CheckDestroy: testAccCheckContainerClusterDestroyProducer(t),
 		Steps: []resource.TestStep{
 			{
-				Config: testAccContainerCluster_withPrivateClusterConfig(containerNetName, clusterName),
+				Config: testAccContainerCluster_withPrivateClusterConfig(containerNetName, clusterName, false),
+			},
+			{
+				ResourceName:		 "google_container_cluster.with_private_cluster",
+				ImportState:		 true,
+				ImportStateVerify:	 true,
+			},
+			{
+				Config: testAccContainerCluster_withPrivateClusterConfig(containerNetName, clusterName, true),
 			},
 			{
 				ResourceName:		 "google_container_cluster.with_private_cluster",
@@ -6112,7 +6120,7 @@ resource "google_container_cluster" "with_private_cluster" {
 `, containerNetName, clusterName, location, autopilotEnabled)
 }
 
-func testAccContainerCluster_withPrivateClusterConfig(containerNetName string, clusterName string) string {
+func testAccContainerCluster_withPrivateClusterConfig(containerNetName string, clusterName string, masterGlobalAccessEnabled bool) string {
 	return fmt.Sprintf(`
 resource "google_compute_network" "container_network" {
   name                    = "%s"
@@ -6154,7 +6162,7 @@ resource "google_container_cluster" "with_private_cluster" {
     enable_private_nodes    = true
     master_ipv4_cidr_block  = "10.42.0.0/28"
     master_global_access_config {
-      enabled = true
+      enabled = %t
 	}
   }
   master_authorized_networks_config {
@@ -6164,7 +6172,7 @@ resource "google_container_cluster" "with_private_cluster" {
     services_secondary_range_name = google_compute_subnetwork.container_subnetwork.secondary_ip_range[1].range_name
   }
 }
-`, containerNetName, clusterName)
+`, containerNetName, clusterName, masterGlobalAccessEnabled)
 }
 
 func testAccContainerCluster_withShieldedNodes(clusterName string, enabled bool) string {