Add istio and cloudrun to container cluster. (hashicorp#280)

luis-silva · Dec 26, 2018 · 59c85c3 · 59c85c3
1 parent 09df2a6
commit 59c85c3
Show file tree

Hide file tree

Showing 3 changed files with 190 additions and 0 deletions.
diff --git a/google-beta/resource_container_cluster.go b/google-beta/resource_container_cluster.go
@@ -182,6 +182,42 @@ func resourceContainerCluster() *schema.Resource {
 								},
 							},
 						},
+						"istio_config": {
+							Type:     schema.TypeList,
+							Optional: true,
+							Computed: true,
+							MaxItems: 1,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"disabled": {
+										Type:     schema.TypeBool,
+										Default:  false,
+										Optional: true,
+									},
+									"auth": {
+										Type:         schema.TypeString,
+										Optional:     true,
+										ValidateFunc: validation.StringInSlice([]string{"AUTH_MUTUAL_TLS"}, false),
+									},
+								},
+							},
+						},
+						"cloudrun_config": {
+							Type:     schema.TypeList,
+							Optional: true,
+							Computed: true,
+							ForceNew: true,
+							MaxItems: 1,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"disabled": {
+										Type:     schema.TypeBool,
+										Default:  false,
+										Optional: true,
+									},
+								},
+							},
+						},
 					},
 				},
 			},
@@ -1475,6 +1511,23 @@ func expandClusterAddonsConfig(configured interface{}) *containerBeta.AddonsConf
 		}
 	}
 
+	if v, ok := config["istio_config"]; ok && len(v.([]interface{})) > 0 {
+		addon := v.([]interface{})[0].(map[string]interface{})
+		ac.IstioConfig = &containerBeta.IstioConfig{
+			Disabled:        addon["disabled"].(bool),
+			Auth:            addon["auth"].(string),
+			ForceSendFields: []string{"Disabled"},
+		}
+	}
+
+	if v, ok := config["cloudrun_config"]; ok && len(v.([]interface{})) > 0 {
+		addon := v.([]interface{})[0].(map[string]interface{})
+		ac.CloudRunConfig = &containerBeta.CloudRunConfig{
+			Disabled:        addon["disabled"].(bool),
+			ForceSendFields: []string{"Disabled"},
+		}
+	}
+
 	return ac
 }
 
@@ -1717,6 +1770,22 @@ func flattenClusterAddonsConfig(c *containerBeta.AddonsConfig) []map[string]inte
 		}
 	}
 
+	if c.IstioConfig != nil {
+		result["istio_config"] = []map[string]interface{}{
+			{
+				"disabled": c.IstioConfig.Disabled,
+				"auth":     c.IstioConfig.Auth,
+			},
+		}
+	}
+
+	if c.CloudRunConfig != nil {
+		result["cloudrun_config"] = []map[string]interface{}{
+			{
+				"disabled": c.CloudRunConfig.Disabled,
+			},
+		}
+	}
 	return []map[string]interface{}{result}
 }
 

diff --git a/google-beta/resource_container_cluster_test.go b/google-beta/resource_container_cluster_test.go
@@ -188,6 +188,68 @@ func TestAccContainerCluster_withMasterAuthConfig_NoCert(t *testing.T) {
 	})
 }
 
+func TestAccContainerCluster_withIstioEnabled(t *testing.T) {
+	t.Parallel()
+
+	clusterName := fmt.Sprintf("cluster-test-%s", acctest.RandString(10))
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckContainerClusterDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccContainerCluster_withIstioEnabled(clusterName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("google_container_cluster.with_istio_enabled", "addons_config.0.istio_config.0.disabled", "false"),
+				),
+			},
+			{
+				ResourceName:        "google_container_cluster.with_istio_enabled",
+				ImportStateIdPrefix: "us-central1-a/",
+				ImportState:         true,
+				ImportStateVerify:   true,
+			},
+			{
+				Config: testAccContainerCluster_withIstioAuthEnabled(clusterName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("google_container_cluster.with_istio_enabled", "addons_config.0.istio_config.0.auth", "AUTH_MUTUAL_TLS"),
+				),
+			},
+			{
+				ResourceName:        "google_container_cluster.with_istio_enabled",
+				ImportStateIdPrefix: "us-central1-a/",
+				ImportState:         true,
+				ImportStateVerify:   true,
+			},
+		},
+	})
+}
+
+func TestAccContainerCluster_withCloudRunEnabled(t *testing.T) {
+	t.Parallel()
+
+	clusterName := fmt.Sprintf("cluster-test-%s", acctest.RandString(10))
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckContainerClusterDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccContainerCluster_withCloudRunEnabled(clusterName),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("google_container_cluster.with_cloudrun_enabled", "addons_config.0.cloudrun_config.0.disabled", "false"),
+				),
+			},
+			{
+				ResourceName:        "google_container_cluster.with_cloudrun_enabled",
+				ImportStateIdPrefix: "us-central1-a/",
+				ImportState:         true,
+				ImportStateVerify:   true,
+			},
+		},
+	})
+}
+
 func TestAccContainerCluster_withNetworkPolicyEnabled(t *testing.T) {
 	t.Parallel()
 
@@ -1670,6 +1732,55 @@ resource "google_container_cluster" "with_network_policy_enabled" {
 }`, clusterName)
 }
 
+func testAccContainerCluster_withIstioEnabled(clusterName string) string {
+	return fmt.Sprintf(`
+resource "google_container_cluster" "with_istio_enabled" {
+	name = "%s"
+	zone = "us-central1-a"
+	initial_node_count = 1
+
+	addons_config {
+		istio_config {
+			disabled = false
+		}
+	}
+}`, clusterName)
+}
+
+func testAccContainerCluster_withIstioAuthEnabled(clusterName string) string {
+	return fmt.Sprintf(`
+resource "google_container_cluster" "with_istio_enabled" {
+	name = "%s"
+	zone = "us-central1-a"
+	initial_node_count = 1
+
+	addons_config {
+		istio_config {
+			disabled = false
+			auth = "AUTH_MUTUAL_TLS"
+		}
+	}
+}`, clusterName)
+}
+
+func testAccContainerCluster_withCloudRunEnabled(clusterName string) string {
+	return fmt.Sprintf(`
+resource "google_container_cluster" "with_cloudrun_enabled" {
+	name = "%s"
+	zone = "us-central1-a"
+	initial_node_count = 1
+
+	addons_config {
+		istio_config {
+			disabled = false
+		}
+		cloudrun_config {
+			disabled = false
+		}
+	}
+}`, clusterName)
+}
+
 func testAccContainerCluster_withMasterAuthorizedNetworksConfig(clusterName string, cidrs []string, emptyValue string) string {
 
 	cidrBlocks := emptyValue

diff --git a/website/docs/r/container_cluster.html.markdown b/website/docs/r/container_cluster.html.markdown
@@ -213,6 +213,11 @@ The `addons_config` block supports:
     for the master.  This must be enabled in order to enable network policy for the nodes.
     It can only be disabled if the nodes already do not have network policies enabled.
     Set `disabled = true` to disable.
+* `istio_config` - (Optional, [Beta](https://terraform.io/docs/providers/google/provider_versions.html)).
+    Structure is documented below.
+* `cloudrun_config` - (Optional, [Beta](https://terraform.io/docs/providers/google/provider_versions.html)).
+    The status of the CloudRun addon. It requires `istio_config` enabled. It is disabled by default.
+    Set `disabled = false` to enable. This addon can only be enabled at cluster creation time.
 
 This example `addons_config` disables two addons:
 
@@ -227,6 +232,11 @@ addons_config {
 }
 ```
 
+The `istio_config` block supports:
+* `disabled` - (Optional) The status of the Istio addon, which makes it easy to set up Istio for services in a
+    cluster. It is disabled by default. Set `disabled = false` to enable.
+* `auth` - (Optional) The authentication type between services in Istio. Available options include `AUTH_MUTUAL_TLS`.
+
 The `cluster_autoscaling` block supports:
 * `enabled` - (Required) Whether cluster autoscaling (also called autoprovisioning) is
     enabled.  To set this to true, make sure your config meets the rest of the