Skip to content

Commit

Permalink
Cluster authenticator groups ga
Browse files Browse the repository at this point in the history
Signed-off-by: Modular Magician <[email protected]>
  • Loading branch information
slevenick authored and modular-magician committed Nov 22, 2019
1 parent 5be364d commit dbbc396
Show file tree
Hide file tree
Showing 3 changed files with 94 additions and 1 deletion.
49 changes: 49 additions & 0 deletions google/resource_container_cluster.go
Original file line number Diff line number Diff line change
Expand Up @@ -290,6 +290,23 @@ func resourceContainerCluster() *schema.Resource {
Default: false,
},

"authenticator_groups_config": {
Type: schema.TypeList,
Optional: true,
Computed: true,
ForceNew: true,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"security_group": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
},
},
},

"initial_node_count": {
Type: schema.TypeInt,
Optional: true,
Expand Down Expand Up @@ -817,6 +834,10 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er
cluster.NodeConfig = expandNodeConfig(v)
}

if v, ok := d.GetOk("authenticator_groups_config"); ok {
cluster.AuthenticatorGroupsConfig = expandAuthenticatorGroupsConfig(v)
}

if v, ok := d.GetOk("private_cluster_config"); ok {
cluster.PrivateClusterConfig = expandPrivateClusterConfig(v)
}
Expand Down Expand Up @@ -948,6 +969,9 @@ func resourceContainerClusterRead(d *schema.ResourceData, meta interface{}) erro
if err := d.Set("cluster_autoscaling", nil); err != nil {
return err
}
if err := d.Set("authenticator_groups_config", flattenAuthenticatorGroupsConfig(cluster.AuthenticatorGroupsConfig)); err != nil {
return err
}
if cluster.DefaultMaxPodsConstraint != nil {
d.Set("default_max_pods_per_node", cluster.DefaultMaxPodsConstraint.MaxPodsPerNode)
}
Expand Down Expand Up @@ -1667,6 +1691,20 @@ func expandMaintenancePolicy(d *schema.ResourceData, meta interface{}) *containe
return nil
}

func expandAuthenticatorGroupsConfig(configured interface{}) *containerBeta.AuthenticatorGroupsConfig {
l := configured.([]interface{})
if len(l) == 0 {
return nil
}
result := &containerBeta.AuthenticatorGroupsConfig{}
config := l[0].(map[string]interface{})
if securityGroup, ok := config["security_group"]; ok {
result.Enabled = true
result.SecurityGroup = securityGroup.(string)
}
return result
}

func expandMasterAuth(configured interface{}) *containerBeta.MasterAuth {
l := configured.([]interface{})
if len(l) == 0 || l[0] == nil {
Expand Down Expand Up @@ -1825,6 +1863,17 @@ func flattenClusterNodePools(d *schema.ResourceData, config *Config, c []*contai
return nodePools, nil
}

func flattenAuthenticatorGroupsConfig(c *containerBeta.AuthenticatorGroupsConfig) []map[string]interface{} {
if c == nil {
return nil
}
return []map[string]interface{}{
{
"security_group": c.SecurityGroup,
},
}
}

func flattenPrivateClusterConfig(c *containerBeta.PrivateClusterConfig) []map[string]interface{} {
if c == nil {
return nil
Expand Down
44 changes: 44 additions & 0 deletions google/resource_container_cluster_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1390,6 +1390,50 @@ resource "google_container_cluster" "with_network_policy_enabled" {
`, clusterName)
}

func testAccContainerCluster_withAuthenticatorGroupsConfig(clusterName string) string {
return fmt.Sprintf(`
resource "google_compute_network" "container_network" {
name = "container-net-%s"
auto_create_subnetworks = false
}
resource "google_compute_subnetwork" "container_subnetwork" {
name = google_compute_network.container_network.name
network = google_compute_network.container_network.name
ip_cidr_range = "10.0.36.0/24"
region = "us-central1"
private_ip_google_access = true
secondary_ip_range {
range_name = "pod"
ip_cidr_range = "10.0.0.0/19"
}
secondary_ip_range {
range_name = "svc"
ip_cidr_range = "10.0.32.0/22"
}
}
resource "google_container_cluster" "with_authenticator_groups" {
name = "%s"
location = "us-central1-a"
initial_node_count = 1
network = google_compute_network.container_network.name
subnetwork = google_compute_subnetwork.container_subnetwork.name
authenticator_groups_config {
security_group = "[email protected]"
}
ip_allocation_policy {
cluster_secondary_range_name = google_compute_subnetwork.container_subnetwork.secondary_ip_range[0].range_name
services_secondary_range_name = google_compute_subnetwork.container_subnetwork.secondary_ip_range[1].range_name
}
}
`, clusterName, clusterName)
}

func testAccContainerCluster_withMasterAuthorizedNetworksConfig(clusterName string, cidrs []string, emptyValue string) string {

cidrBlocks := emptyValue
Expand Down
2 changes: 1 addition & 1 deletion website/docs/r/container_cluster.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -258,7 +258,7 @@ region are guaranteed to support the same version.
[PodSecurityPolicy](https://cloud.google.com/kubernetes-engine/docs/how-to/pod-security-policies) feature.
Structure is documented below.

* `authenticator_groups_config` - (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html)) Configuration for the
* `authenticator_groups_config` - (Optional) Configuration for the
[Google Groups for GKE](https://cloud.google.com/kubernetes-engine/docs/how-to/role-based-access-control#groups-setup-gsuite) feature.
Structure is documented below.

Expand Down

0 comments on commit dbbc396

Please sign in to comment.