Promote datapath and some networking fields of GKE to GA.

mmv1/third_party/terraform/resources/resource_container_cluster.go.erb

@@ -998,7 +998,6 @@ func resourceContainerCluster() *schema.Resource {
 							Computed:    true,
 							Description: `The external IP address of this cluster's master endpoint.`,
 						},
-<% unless version == 'ga' -%>
 						"master_global_access_config": {
 							Type:     schema.TypeList,
 							MaxItems: 1,
@@ -1015,7 +1014,6 @@ func resourceContainerCluster() *schema.Resource {
 								},
 							},
 						},
-<% end -%>
 					},
 				},
 			},
@@ -1116,15 +1114,13 @@ func resourceContainerCluster() *schema.Resource {
 				},
 			},
 
-<% unless version == 'ga' -%>
 			"tpu_ipv4_cidr_block": {
 				Computed:    true,
 				Type:        schema.TypeString,
 				Description: `The IP address range of the Cloud TPUs in this cluster, in CIDR notation (e.g. 1.2.3.4/29).`,
 			},
 
-
-
+<% unless version == 'ga' -%>
 			"cluster_telemetry": {
 				Type:     schema.TypeList,
 				Optional: true,
@@ -1140,6 +1136,7 @@ func resourceContainerCluster() *schema.Resource {
 					},
 				},
 			},
+<% end -%>
 
 			"default_snat_status": {
 				Type: schema.TypeList,
@@ -1166,7 +1163,7 @@ func resourceContainerCluster() *schema.Resource {
 				ValidateFunc:     validation.StringInSlice([]string{"DATAPATH_PROVIDER_UNSPECIFIED", "LEGACY_DATAPATH", "ADVANCED_DATAPATH"}, false),
 				DiffSuppressFunc: emptyOrDefaultStringSuppress("DATAPATH_PROVIDER_UNSPECIFIED"),
 			},
-<% end -%>
+
 			"enable_intranode_visibility": {
 			   Type: schema.TypeBool,
 			   Optional: true,
@@ -1336,13 +1333,13 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er
 		ReleaseChannel:          expandReleaseChannel(d.Get("release_channel")),
 <% unless version == 'ga' -%>
 		ClusterTelemetry: expandClusterTelemetry(d.Get("cluster_telemetry")),
+<% end -%>
 		EnableTpu:               d.Get("enable_tpu").(bool),
 		NetworkConfig: &containerBeta.NetworkConfig{
 			EnableIntraNodeVisibility: d.Get("enable_intranode_visibility").(bool),
 			DefaultSnatStatus:         expandDefaultSnatStatus(d.Get("default_snat_status")),
 		    DatapathProvider:          d.Get("datapath_provider").(string),
 	    },
-<% end -%>
 		MasterAuth:     expandMasterAuth(d.Get("master_auth")),
 <% unless version == 'ga' -%>
 		NotificationConfig: expandNotificationConfig(d.Get("notification_config")),
@@ -1677,6 +1674,7 @@ func resourceContainerClusterRead(d *schema.ResourceData, meta interface{}) erro
 	if err := d.Set("confidential_nodes", flattenConfidentialNodes(cluster.ConfidentialNodes)); err != nil {
 		return err
 	}
+<% end -%>
 	if err := d.Set("enable_tpu", cluster.EnableTpu); err != nil {
 		return fmt.Errorf("Error setting enable_tpu: %s", err)
 	}
@@ -1686,14 +1684,12 @@ func resourceContainerClusterRead(d *schema.ResourceData, meta interface{}) erro
 	if err := d.Set("datapath_provider", cluster.NetworkConfig.DatapathProvider); err != nil {
 		return fmt.Errorf("Error setting datapath_provider: %s", err)
 	}
-
 	if err := d.Set("default_snat_status", flattenDefaultSnatStatus(cluster.NetworkConfig.DefaultSnatStatus)); err != nil {
 		return err
 	}
 	if err := d.Set("enable_intranode_visibility", cluster.NetworkConfig.EnableIntraNodeVisibility); err != nil {
 		return fmt.Errorf("Error setting enable_intranode_visibility: %s", err)
 	}
-<% end -%>
 	if err := d.Set("authenticator_groups_config", flattenAuthenticatorGroupsConfig(cluster.AuthenticatorGroupsConfig)); err != nil {
 		return err
 	}
@@ -1942,7 +1938,6 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er
 		log.Printf("[INFO] GKE cluster %s Release Channel has been updated to %#v", d.Id(), req.Update.DesiredReleaseChannel)
 	}
 
-<% unless version == 'ga' -%>
 	if d.HasChange("enable_intranode_visibility") {
 		enabled := d.Get("enable_intranode_visibility").(bool)
 		req := &containerBeta.UpdateClusterRequest{
@@ -2011,7 +2006,6 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er
 		log.Printf("[INFO] GKE cluster %s Default SNAT status has been updated", d.Id())
 	}
 
-<% end -%>
 	if d.HasChange("maintenance_policy") {
 		req := &containerBeta.SetMaintenancePolicyRequest{
 			MaintenancePolicy: expandMaintenancePolicy(d, meta),
@@ -3178,16 +3172,11 @@ func expandPrivateClusterConfig(configured interface{}) *containerBeta.PrivateCl
 		EnablePrivateEndpoint:    config["enable_private_endpoint"].(bool),
 		EnablePrivateNodes:       config["enable_private_nodes"].(bool),
 		MasterIpv4CidrBlock:      config["master_ipv4_cidr_block"].(string),
-<% unless version == 'ga' -%>
 		MasterGlobalAccessConfig: expandPrivateClusterConfigMasterGlobalAccessConfig(config["master_global_access_config"]),
 		ForceSendFields:          []string{"EnablePrivateEndpoint", "EnablePrivateNodes", "MasterIpv4CidrBlock", "MasterGlobalAccessConfig"},
-<% else -%>
-		ForceSendFields:          []string{"EnablePrivateEndpoint", "EnablePrivateNodes", "MasterIpv4CidrBlock"},
-<% end -%>
 	}
 }
 
-<% unless version == 'ga' -%>
 func expandPrivateClusterConfigMasterGlobalAccessConfig(configured interface{}) *containerBeta.PrivateClusterMasterGlobalAccessConfig {
 	l := configured.([]interface{})
 	if len(l) == 0 {
@@ -3199,7 +3188,6 @@ func expandPrivateClusterConfigMasterGlobalAccessConfig(configured interface{})
 		ForceSendFields:       []string{"Enabled"},
 	}
 }
-<% end -%>
 
 func expandVerticalPodAutoscaling(configured interface{}) *containerBeta.VerticalPodAutoscaling {
 	l := configured.([]interface{})
@@ -3247,6 +3235,7 @@ func expandClusterTelemetry(configured interface{}) *containerBeta.ClusterTeleme
 	}
 }
 
+<% end -%>
 func expandDefaultSnatStatus(configured interface{}) *containerBeta.DefaultSnatStatus {
 	l := configured.([]interface{})
 	if len(l) == 0 || l[0] == nil {
@@ -3260,8 +3249,6 @@ func expandDefaultSnatStatus(configured interface{}) *containerBeta.DefaultSnatS
 
 }
 
-<% end -%>
-
 func expandWorkloadIdentityConfig(configured interface{}) *containerBeta.WorkloadIdentityConfig {
 	l := configured.([]interface{})
 	if len(l) == 0 || l[0] == nil {
@@ -3495,17 +3482,14 @@ func flattenPrivateClusterConfig(c *containerBeta.PrivateClusterConfig) []map[st
 			"enable_private_endpoint":     c.EnablePrivateEndpoint,
 			"enable_private_nodes":        c.EnablePrivateNodes,
 			"master_ipv4_cidr_block":      c.MasterIpv4CidrBlock,
-<% unless version == 'ga' -%>
 			"master_global_access_config": flattenPrivateClusterConfigMasterGlobalAccessConfig(c.MasterGlobalAccessConfig),
-<% end -%>
 			"peering_name":                c.PeeringName,
 			"private_endpoint":            c.PrivateEndpoint,
 			"public_endpoint":             c.PublicEndpoint,
 		},
 	}
 }
 
-<% unless version == 'ga' -%>
 // Like most GKE blocks, this is not returned from the API at all when false. This causes trouble
 // for users who've set enabled = false in config as they will get a permadiff. Always setting the
 // field resolves that. We can assume if it was not returned, it's false.
@@ -3516,7 +3500,6 @@ func flattenPrivateClusterConfigMasterGlobalAccessConfig(c *containerBeta.Privat
 		},
 	}
 }
-<% end -%>
 
 func flattenVerticalPodAutoscaling(c *containerBeta.VerticalPodAutoscaling) []map[string]interface{} {
 	if c == nil {
@@ -3556,6 +3539,8 @@ func flattenClusterTelemetry(c *containerBeta.ClusterTelemetry) []map[string]int
 	return result
 }
 
+<% end -%>
+
 func flattenDefaultSnatStatus(c *containerBeta.DefaultSnatStatus) []map[string]interface{} {
 	result := []map[string]interface{}{}
 	if c != nil {
@@ -3566,7 +3551,6 @@ func flattenDefaultSnatStatus(c *containerBeta.DefaultSnatStatus) []map[string]i
 	return result
 }
 
-<% end -%>
 func flattenWorkloadIdentityConfig(c *containerBeta.WorkloadIdentityConfig) []map[string]interface{} {
 	if c == nil {
 		return nil

mmv1/third_party/terraform/tests/resource_container_cluster_test.go.erb

@@ -784,7 +784,6 @@ func TestAccContainerCluster_withPrivateClusterConfigMissingCidrBlock(t *testing
 	})
 }
 
-<% unless version == 'ga' -%>
 func TestAccContainerCluster_withIntraNodeVisibility(t *testing.T) {
 	t.Parallel()
 
@@ -820,7 +819,6 @@ func TestAccContainerCluster_withIntraNodeVisibility(t *testing.T) {
 		},
 	})
 }
-<% end -%>
 
 func TestAccContainerCluster_withVersion(t *testing.T) {
 	t.Parallel()
@@ -1933,7 +1931,6 @@ func TestAccContainerCluster_withDatabaseEncryption(t *testing.T) {
 	})
 }
 
-<% unless version == 'ga' -%>
 func TestAccContainerCluster_withAdvancedDatapath(t *testing.T) {
 	t.Parallel()
 
@@ -1955,7 +1952,6 @@ func TestAccContainerCluster_withAdvancedDatapath(t *testing.T) {
 		},
 	})
 }
-<% end -%>
 
 func TestAccContainerCluster_withResourceUsageExportConfig(t *testing.T) {
 	t.Parallel()
@@ -2892,6 +2888,7 @@ resource "google_container_cluster" "with_tpu" {
 `, containerNetName, clusterName)
 }
 
+<% end -%>
 func testAccContainerCluster_withIntraNodeVisibility(clusterName string) string {
 	return fmt.Sprintf(`
 resource "google_container_cluster" "with_intranode_visibility" {
@@ -2914,8 +2911,6 @@ resource "google_container_cluster" "with_intranode_visibility" {
 `, clusterName)
 }
 
-<% end -%>
-
 func testAccContainerCluster_withVersion(clusterName string) string {
 	return fmt.Sprintf(`
 data "google_container_engine_versions" "central1a" {
@@ -4026,22 +4021,20 @@ resource "google_container_cluster" "with_private_cluster" {
 
 <% unless version == 'ga' -%>
   networking_mode = "VPC_NATIVE"
+<% end -%>
   default_snat_status {
     disabled = true
   }
-<% end -%>
   network    = google_compute_network.container_network.name
   subnetwork = google_compute_subnetwork.container_subnetwork.name
 
   private_cluster_config {
     enable_private_endpoint = true
     enable_private_nodes    = true
     master_ipv4_cidr_block  = "10.42.0.0/28"
-<% unless version == 'ga' -%>
     master_global_access_config {
       enabled = true
 	}
-<% end -%>
   }
   master_authorized_networks_config {
   }
@@ -4388,7 +4381,6 @@ resource "google_container_cluster" "primary" {
 `, kmsData.KeyRing.Name, kmsData.CryptoKey.Name, clusterName)
 }
 
-<% unless version == 'ga' -%>
 func testAccContainerCluster_withDatapathProvider(clusterName, datapathProvider string) string {
 	return fmt.Sprintf(`
 resource "google_container_cluster" "primary" {
@@ -4406,7 +4398,6 @@ resource "google_container_cluster" "primary" {
 }
 `, clusterName, datapathProvider)
 }
-<% end -%>
 
 func testAccContainerCluster_withMasterAuthorizedNetworksDisabled(containerNetName string, clusterName string) string {
 	return fmt.Sprintf(`

mmv1/third_party/terraform/website/docs/r/container_cluster.html.markdown

@@ -149,7 +149,7 @@ for more information.
     this cluster. Note that when this option is enabled, the cluster cannot be upgraded
     and will be automatically deleted after 30 days.
 
-* `enable_tpu` - (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html)) Whether to enable Cloud TPU resources in this cluster.
+* `enable_tpu` - (Optional) Whether to enable Cloud TPU resources in this cluster.
     See the [official documentation](https://cloud.google.com/tpu/docs/kubernetes-engine-setup).
 
 * `enable_legacy_abac` - (Optional) Whether the ABAC authorizer is enabled for this cluster.
@@ -298,10 +298,13 @@ subnetwork in which the cluster's instances are launched.
     [Google IAM Service Account](https://cloud.google.com/iam/docs/service-accounts#user-managed_service_accounts).
     Structure is documented below.
 
-* `enable_intranode_visibility` - (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
+* `enable_intranode_visibility` - (Optional)
     Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network.
 
-* `default_snat_status` - (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
+* `datapath_provider` - (Optional)
+    The desired datapath provider for this cluster. By default, uses the IPTables-based kube-proxy implementation.
+
+* `default_snat_status` - (Optional)
   [GKE SNAT](https://cloud.google.com/kubernetes-engine/docs/how-to/ip-masquerade-agent#how_ipmasq_works) DefaultSnatStatus contains the desired state of whether default sNAT should be disabled on the cluster, [API doc](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#networkconfig).
 
 The `default_snat_status` block supports
@@ -711,7 +714,7 @@ subnet. See [Private Cluster Limitations](https://cloud.google.com/kubernetes-en
 for more details. This field only applies to private clusters, when
 `enable_private_nodes` is `true`.
 
-* `master_global_access_config` (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html)) - Controls cluster master global
+* `master_global_access_config` (Optional) - Controls cluster master global
 access settings. If unset, Terraform will no longer manage this field and will
 not modify the previously-set value. Structure is documented below.
 
@@ -863,7 +866,7 @@ exported:
     be different than the `min_master_version` set in the config if the master
     has been updated by GKE.
 
-* `tpu_ipv4_cidr_block` - ([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html)) The IP address range of the Cloud TPUs in this cluster, in
+* `tpu_ipv4_cidr_block` - The IP address range of the Cloud TPUs in this cluster, in
     [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing)
     notation (e.g. `1.2.3.4/29`).