diff --git a/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb b/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb index 58ea973c8eda..56418198ff6d 100644 --- a/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb +++ b/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb @@ -2384,12 +2384,29 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er cluster.SecurityPostureConfig = expandSecurityPostureConfig(v) } + needUpdateAfterCreate := false + // For now PSC based cluster don't support `enable_private_endpoint` on `create`, but only on `update` API call. // If cluster is PSC based and enable_private_endpoint is set to true we will ignore it on `create` call and update cluster right after creation. enablePrivateEndpointPSCCluster := isEnablePrivateEndpointPSCCluster(cluster) if enablePrivateEndpointPSCCluster { cluster.PrivateClusterConfig.EnablePrivateEndpoint = false - } + needUpdateAfterCreate = true + } + + enablePDCSI := isEnablePDCSI(cluster); + if !enablePDCSI { + // GcePersistentDiskCsiDriver cannot be disabled at cluster create, only on cluster update. Ignore on create then update after creation. + // If pdcsi is disabled, the config should be defined. But we will be paranoid and double-check. + needUpdateAfterCreate = true + if cluster.AddonsConfig == nil { + cluster.AddonsConfig = &container.AddonsConfig{} + } + if cluster.AddonsConfig.GcePersistentDiskCsiDriverConfig == nil { + cluster.AddonsConfig.GcePersistentDiskCsiDriverConfig = &container.GcePersistentDiskCsiDriverConfig{} + } + cluster.AddonsConfig.GcePersistentDiskCsiDriverConfig.Enabled = true + } req := &container.CreateClusterRequest{ Cluster: cluster, @@ -2475,14 +2492,22 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er } } - if enablePrivateEndpointPSCCluster { + if needUpdateAfterCreate { name := containerClusterFullName(project, location, clusterName) - req := &container.UpdateClusterRequest{ - Update: &container.ClusterUpdate{ - DesiredEnablePrivateEndpoint: true, - ForceSendFields: []string{"DesiredEnablePrivateEndpoint"}, - }, - } + update := &container.ClusterUpdate{} + if enablePrivateEndpointPSCCluster { + update.DesiredEnablePrivateEndpoint = true + update.ForceSendFields = append(update.ForceSendFields, "DesiredEnablePrivateEndpoint"); + } + if !enablePDCSI { + update.DesiredAddonsConfig = &container.AddonsConfig{ + GcePersistentDiskCsiDriverConfig: &container.GcePersistentDiskCsiDriverConfig{ + Enabled: false, + }, + } + update.ForceSendFields = append(update.ForceSendFields, "DesiredAddonsConfig.GcePersistentDiskCsiDriverConfig.Enabled"); + } + req := &container.UpdateClusterRequest{Update: update} err = transport_tpg.Retry(transport_tpg.RetryOptions{ RetryFunc: func() error { @@ -2495,15 +2520,16 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er }, }) if err != nil { - return errwrap.Wrapf("Error updating enable private endpoint: {{err}}", err) + return errwrap.Wrapf(fmt.Sprintf("Error updating cluster for %v: {{err}}", update.ForceSendFields), err) } err = ContainerOperationWait(config, op, project, location, "updating enable private endpoint", userAgent, d.Timeout(schema.TimeoutCreate)) if err != nil { - return errwrap.Wrapf("Error while waiting to enable private endpoint: {{err}}", err) + return errwrap.Wrapf(fmt.Sprintf("Error while waiting on cluster update for %v: {{err}}", update.ForceSendFields), err) } } + // The update for additional pod ranges has to be done after all other updates. if names, ok := d.GetOk("ip_allocation_policy.0.additional_pod_ranges_config.0.pod_range_names"); ok { name := containerClusterFullName(project, location, clusterName) additionalPodRangesConfig := &container.AdditionalPodRangesConfig{ @@ -4935,6 +4961,13 @@ func isEnablePrivateEndpointPSCCluster(cluster *container.Cluster) bool { return false } +func isEnablePDCSI(cluster *container.Cluster) bool { + if cluster.AddonsConfig == nil || cluster.AddonsConfig.GcePersistentDiskCsiDriverConfig == nil { + return true; // PDCSI is enabled by default. + } + return cluster.AddonsConfig.GcePersistentDiskCsiDriverConfig.Enabled +} + func expandPrivateClusterConfig(configured interface{}) *container.PrivateClusterConfig { l := configured.([]interface{}) if len(l) == 0 { diff --git a/mmv1/third_party/terraform/services/container/resource_container_cluster_test.go.erb b/mmv1/third_party/terraform/services/container/resource_container_cluster_test.go.erb index 8bb072c5bcae..fb5f262d1c74 100644 --- a/mmv1/third_party/terraform/services/container/resource_container_cluster_test.go.erb +++ b/mmv1/third_party/terraform/services/container/resource_container_cluster_test.go.erb @@ -127,7 +127,6 @@ func TestAccContainerCluster_misc(t *testing.T) { } func TestAccContainerCluster_withAddons(t *testing.T) { - t.Skipf("Skipping test %s due to https://github.com/hashicorp/terraform-provider-google/issues/16114", t.Name()) t.Parallel() clusterName := fmt.Sprintf("tf-test-cluster-%s", acctest.RandString(t, 10)) @@ -4744,12 +4743,12 @@ resource "google_container_cluster" "primary" { gce_persistent_disk_csi_driver_config { enabled = true } - gke_backup_agent_config { - enabled = true - } - config_connector_config { - enabled = true - } + gke_backup_agent_config { + enabled = true + } + config_connector_config { + enabled = true + } gcs_fuse_csi_driver_config { enabled = true } @@ -4762,6 +4761,7 @@ resource "google_container_cluster" "primary" { enabled = true } <% end -%> + } deletion_protection = false network = "%s" subnetwork = "%s"