diff --git a/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb b/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb index 8b9fa8414480..d73fb6bf1d99 100644 --- a/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb +++ b/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb @@ -2381,11 +2381,28 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er cluster.SecurityPostureConfig = expandSecurityPostureConfig(v) } + needUpdateAfterCreate := false + // For now PSC based cluster don't support `enable_private_endpoint` on `create`, but only on `update` API call. // If cluster is PSC based and enable_private_endpoint is set to true we will ignore it on `create` call and update cluster right after creation. enablePrivateEndpointPSCCluster := isEnablePrivateEndpointPSCCluster(cluster) if enablePrivateEndpointPSCCluster { cluster.PrivateClusterConfig.EnablePrivateEndpoint = false + needUpdateAfterCreate = true + } + + enablePDCSI := isEnablePDCSI(cluster); + if !enablePDCSI { + // GcePersistentDiskCsiDriver cannot be disabled at cluster create, only on cluster update. Ignore on create then update after creation. + // If pdcsi is disabled, the config should be defined. But we will be paranoid and double-check. + needUpdateAfterCreate = true + if cluster.AddonsConfig == nil { + cluster.AddonsConfig = &container.AddonsConfig{} + } + if cluster.AddonsConfig.GcePersistentDiskCsiDriverConfig == nil { + cluster.AddonsConfig.GcePersistentDiskCsiDriverConfig = &container.GcePersistentDiskCsiDriverConfig{} + } + cluster.AddonsConfig.GcePersistentDiskCsiDriverConfig.Enabled = true } req := &container.CreateClusterRequest{ @@ -2472,14 +2489,22 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er } } - if enablePrivateEndpointPSCCluster { + if needUpdateAfterCreate { name := containerClusterFullName(project, location, clusterName) - req := &container.UpdateClusterRequest{ - Update: &container.ClusterUpdate{ - DesiredEnablePrivateEndpoint: true, - ForceSendFields: []string{"DesiredEnablePrivateEndpoint"}, - }, + update := &container.ClusterUpdate{} + if enablePrivateEndpointPSCCluster { + update.DesiredEnablePrivateEndpoint = true + update.ForceSendFields = append(update.ForceSendFields, "DesiredEnablePrivateEndpoint"); + } + if !enablePDCSI { + update.DesiredAddonsConfig = &container.AddonsConfig{ + GcePersistentDiskCsiDriverConfig: &container.GcePersistentDiskCsiDriverConfig{ + Enabled: false, + }, + } + update.ForceSendFields = append(update.ForceSendFields, "DesiredAddonsConfig.GcePersistentDiskCsiDriverConfig.Enabled"); } + req := &container.UpdateClusterRequest{Update: update} err = transport_tpg.Retry(transport_tpg.RetryOptions{ RetryFunc: func() error { @@ -2492,12 +2517,12 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er }, }) if err != nil { - return errwrap.Wrapf("Error updating enable private endpoint: {{err}}", err) + return errwrap.Wrapf(fmt.Sprintf("Error updating cluster for %v: {{err}}", update.ForceSendFields), err) } err = ContainerOperationWait(config, op, project, location, "updating enable private endpoint", userAgent, d.Timeout(schema.TimeoutCreate)) if err != nil { - return errwrap.Wrapf("Error while waiting to enable private endpoint: {{err}}", err) + return errwrap.Wrapf(fmt.Sprintf("Error while waiting on cluster update for %v: {{err}}", update.ForceSendFields), err) } } @@ -4946,6 +4971,13 @@ func isEnablePrivateEndpointPSCCluster(cluster *container.Cluster) bool { return false } +func isEnablePDCSI(cluster *container.Cluster) bool { + if cluster.AddonsConfig == nil || cluster.AddonsConfig.GcePersistentDiskCsiDriverConfig == nil { + return true; // PDCSI is enabled by default. + } + return cluster.AddonsConfig.GcePersistentDiskCsiDriverConfig.Enabled +} + func expandPrivateClusterConfig(configured interface{}) *container.PrivateClusterConfig { l := configured.([]interface{}) if len(l) == 0 { diff --git a/mmv1/third_party/terraform/services/container/resource_container_cluster_test.go.erb b/mmv1/third_party/terraform/services/container/resource_container_cluster_test.go.erb index 2428c885beef..34f0aa301a43 100644 --- a/mmv1/third_party/terraform/services/container/resource_container_cluster_test.go.erb +++ b/mmv1/third_party/terraform/services/container/resource_container_cluster_test.go.erb @@ -127,7 +127,6 @@ func TestAccContainerCluster_misc(t *testing.T) { } func TestAccContainerCluster_withAddons(t *testing.T) { - t.Skipf("Skipping test %s due to https://github.com/hashicorp/terraform-provider-google/issues/16114", t.Name()) t.Parallel() clusterName := fmt.Sprintf("tf-test-cluster-%s", acctest.RandString(t, 10)) @@ -4803,6 +4802,7 @@ resource "google_container_cluster" "primary" { enabled = true } <% end -%> + } deletion_protection = false network = "%s" subnetwork = "%s"