From 2e1cf05ec0ac6e4ea5ed561ed8cbcffa61999415 Mon Sep 17 00:00:00 2001 From: Ryan Moriarty Date: Tue, 12 Dec 2023 20:38:04 +0000 Subject: [PATCH 01/14] Only set enabled bool if evaluation mode is unspecified --- .../services/container/resource_container_cluster.go.erb | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb b/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb index 8b9fa8414480..5d2ebb0a916e 100644 --- a/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb +++ b/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb @@ -4856,8 +4856,13 @@ func expandBinaryAuthorization(configured interface{}) *container.BinaryAuthoriz } } config := l[0].(map[string]interface{}) + if config["evaluation_mode"] == "" { + return &container.BinaryAuthorization{ + Enabled: config["enabled"].(bool), + ForceSendFields: []string{"Enabled"}, + } + } return &container.BinaryAuthorization{ - Enabled: config["enabled"].(bool), EvaluationMode: config["evaluation_mode"].(string), } } From 9cbb549b3e6b67dd86524716da8bab186f87d6fa Mon Sep 17 00:00:00 2001 From: Ryan Moriarty Date: Tue, 12 Dec 2023 22:56:01 +0000 Subject: [PATCH 02/14] Only trigger one cluster update event if both both legacy and struct blocks have diffs. --- .../resource_container_cluster.go.erb | 65 +++++++++++-------- 1 file changed, 37 insertions(+), 28 deletions(-) diff --git a/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb b/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb index 5d2ebb0a916e..69645f39294c 100644 --- a/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb +++ b/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb @@ -2988,7 +2988,37 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er log.Printf("[INFO] GKE cluster %s's autopilot workload policy config allow_net_admin has been set to %v", d.Id(), allowed) } - if d.HasChange("enable_binary_authorization") { + if d.HasChange("binary_authorization") { + if d.HasChange("enable_binary_authorization") { + // Only consider enabled bool if evaluation mode is unspecified. + if d.Get("binary_authorization.0.evaluation_mode").(string) == "" { + enabled := d.Get("enable_binary_authorization").(bool) || d.Get("binary_authorization.0.enabled").(bool) + req := &container.UpdateClusterRequest{ + Update: &container.ClusterUpdate{ + DesiredBinaryAuthorization: &container.BinaryAuthorization{ + Enabled: enabled, + ForceSendFields: []string{"Enabled"}, + }, + }, + } + } + } + req := &container.UpdateClusterRequest{ + Update: &container.ClusterUpdate{ + DesiredBinaryAuthorization: expandBinaryAuthorization(d.Get("binary_authorization")), + }, + } + + updateF := updateFunc(req, "updating GKE binary authorization") + // Call update serially. + if err := transport_tpg.LockedCall(lockKey, updateF); err != nil { + return err + } + + log.Printf("[INFO] GKE cluster %s's binary authorization has been updated to %v", d.Id(), req.Update.DesiredBinaryAuthorization) + } + + if d.HasChange("enable_binary_authorization") && !d.HasChange("binary_authorization"){ enabled := d.Get("enable_binary_authorization").(bool) req := &container.UpdateClusterRequest{ Update: &container.ClusterUpdate{ @@ -3046,22 +3076,6 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er log.Printf("[INFO] GKE cluster %s's master global access config has been updated to %v", d.Id(), config) } - if d.HasChange("binary_authorization") { - req := &container.UpdateClusterRequest{ - Update: &container.ClusterUpdate{ - DesiredBinaryAuthorization: expandBinaryAuthorization(d.Get("binary_authorization")), - }, - } - - updateF := updateFunc(req, "updating GKE binary authorization") - // Call update serially. - if err := transport_tpg.LockedCall(lockKey, updateF); err != nil { - return err - } - - log.Printf("[INFO] GKE cluster %s's binary authorization has been updated to %v", d.Id(), req.Update.DesiredBinaryAuthorization) - } - if d.HasChange("enable_shielded_nodes") { enabled := d.Get("enable_shielded_nodes").(bool) req := &container.UpdateClusterRequest{ @@ -4856,13 +4870,8 @@ func expandBinaryAuthorization(configured interface{}) *container.BinaryAuthoriz } } config := l[0].(map[string]interface{}) - if config["evaluation_mode"] == "" { - return &container.BinaryAuthorization{ - Enabled: config["enabled"].(bool), - ForceSendFields: []string{"Enabled"}, - } - } return &container.BinaryAuthorization{ + Enabled: config["enabled"].(bool), EvaluationMode: config["evaluation_mode"].(string), } } @@ -4957,6 +4966,11 @@ func expandPrivateClusterConfig(configured interface{}) *container.PrivateCluste return nil } config := l[0].(map[string]interface{}) + return &container.PrivateClusterConfig{ + EnablePrivateEndpoint: config["enable_private_endpoint"].(bool), + EnablePrivateNodes: config["enable_private_nodes"].(bool), + MasterIpv4CidrBlock: config["master_ipv4_cidr_block"].(string), + config := l[0].(map[string]interface{}) return &container.PrivateClusterConfig{ EnablePrivateEndpoint: config["enable_private_endpoint"].(bool), EnablePrivateNodes: config["enable_private_nodes"].(bool), @@ -6393,10 +6407,5 @@ func containerClusterEnableK8sBetaApisCustomizeDiffFunc(d tpgresource.TerraformR newAPIsSet := new.(*schema.Set) for _, oldAPI := range oldAPIsSet.List() { if !newAPIsSet.Contains(oldAPI) { - return d.ForceNew("enable_k8s_beta_apis.0.enabled_apis") - } - } - } - return nil } From 12b309326bb739fc03426bd0b0384d23537d70ed Mon Sep 17 00:00:00 2001 From: Ryan Moriarty Date: Tue, 12 Dec 2023 23:01:17 +0000 Subject: [PATCH 03/14] remove inadvertant modifications --- .../container/resource_container_cluster.go.erb | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb b/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb index 69645f39294c..30b98a4b9121 100644 --- a/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb +++ b/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb @@ -4966,11 +4966,6 @@ func expandPrivateClusterConfig(configured interface{}) *container.PrivateCluste return nil } config := l[0].(map[string]interface{}) - return &container.PrivateClusterConfig{ - EnablePrivateEndpoint: config["enable_private_endpoint"].(bool), - EnablePrivateNodes: config["enable_private_nodes"].(bool), - MasterIpv4CidrBlock: config["master_ipv4_cidr_block"].(string), - config := l[0].(map[string]interface{}) return &container.PrivateClusterConfig{ EnablePrivateEndpoint: config["enable_private_endpoint"].(bool), EnablePrivateNodes: config["enable_private_nodes"].(bool), @@ -6407,5 +6402,10 @@ func containerClusterEnableK8sBetaApisCustomizeDiffFunc(d tpgresource.TerraformR newAPIsSet := new.(*schema.Set) for _, oldAPI := range oldAPIsSet.List() { if !newAPIsSet.Contains(oldAPI) { + return d.ForceNew("enable_k8s_beta_apis.0.enabled_apis") + } + } + } + return nil } From de2042fedbd58f90ac38cf3a1cb61bbd0a660524 Mon Sep 17 00:00:00 2001 From: Ryan Moriarty Date: Tue, 12 Dec 2023 23:19:20 +0000 Subject: [PATCH 04/14] Pass legacy bool to expandBinaryAuthorization fn --- .../resource_container_cluster.go.erb | 44 +++---------------- 1 file changed, 5 insertions(+), 39 deletions(-) diff --git a/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb b/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb index 30b98a4b9121..c9b61bb8e4dd 100644 --- a/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb +++ b/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb @@ -2201,7 +2201,7 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er PodSecurityPolicyConfig: expandPodSecurityPolicyConfig(d.Get("pod_security_policy_config")), <% end -%> Autoscaling: expandClusterAutoscaling(d.Get("cluster_autoscaling"), d), - BinaryAuthorization: expandBinaryAuthorization(d.Get("binary_authorization")), + BinaryAuthorization: expandBinaryAuthorization(d.Get("binary_authorization"), false), Autopilot: &container.Autopilot{ Enabled: d.Get("enable_autopilot").(bool), WorkloadPolicyConfig: workloadPolicyConfig, @@ -2988,24 +2988,10 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er log.Printf("[INFO] GKE cluster %s's autopilot workload policy config allow_net_admin has been set to %v", d.Id(), allowed) } - if d.HasChange("binary_authorization") { - if d.HasChange("enable_binary_authorization") { - // Only consider enabled bool if evaluation mode is unspecified. - if d.Get("binary_authorization.0.evaluation_mode").(string) == "" { - enabled := d.Get("enable_binary_authorization").(bool) || d.Get("binary_authorization.0.enabled").(bool) - req := &container.UpdateClusterRequest{ - Update: &container.ClusterUpdate{ - DesiredBinaryAuthorization: &container.BinaryAuthorization{ - Enabled: enabled, - ForceSendFields: []string{"Enabled"}, - }, - }, - } - } - } + if d.HasChange("binary_authorization") || d.HasChange("enable_binary_authorization") { req := &container.UpdateClusterRequest{ Update: &container.ClusterUpdate{ - DesiredBinaryAuthorization: expandBinaryAuthorization(d.Get("binary_authorization")), + DesiredBinaryAuthorization: expandBinaryAuthorization(d.Get("binary_authorization"), d.Get("enable_binary_authorization").(bool)), }, } @@ -3018,26 +3004,6 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er log.Printf("[INFO] GKE cluster %s's binary authorization has been updated to %v", d.Id(), req.Update.DesiredBinaryAuthorization) } - if d.HasChange("enable_binary_authorization") && !d.HasChange("binary_authorization"){ - enabled := d.Get("enable_binary_authorization").(bool) - req := &container.UpdateClusterRequest{ - Update: &container.ClusterUpdate{ - DesiredBinaryAuthorization: &container.BinaryAuthorization{ - Enabled: enabled, - ForceSendFields: []string{"Enabled"}, - }, - }, - } - - updateF := updateFunc(req, "updating GKE binary authorization") - // Call update serially. - if err := transport_tpg.LockedCall(lockKey, updateF); err != nil { - return err - } - - log.Printf("[INFO] GKE cluster %s's binary authorization has been updated to %v", d.Id(), enabled) - } - if d.HasChange("private_cluster_config.0.enable_private_endpoint") { enabled := d.Get("private_cluster_config.0.enable_private_endpoint").(bool) req := &container.UpdateClusterRequest{ @@ -4861,11 +4827,11 @@ func expandNotificationConfig(configured interface{}) *container.NotificationCon } } -func expandBinaryAuthorization(configured interface{}) *container.BinaryAuthorization { +func expandBinaryAuthorization(configured interface{}, legacy_enabled bool) *container.BinaryAuthorization { l := configured.([]interface{}) if len(l) == 0 || l[0] == nil { return &container.BinaryAuthorization{ - Enabled: false, + Enabled: legacy_enabled, ForceSendFields: []string{"Enabled"}, } } From 2e806b91533d89f0ec95f17ad2cc23becf91cd4c Mon Sep 17 00:00:00 2001 From: Ryan Moriarty Date: Tue, 12 Dec 2023 23:21:21 +0000 Subject: [PATCH 05/14] move fn for diff readability --- .../resource_container_cluster.go.erb | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb b/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb index c9b61bb8e4dd..0abf846798af 100644 --- a/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb +++ b/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb @@ -2988,22 +2988,6 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er log.Printf("[INFO] GKE cluster %s's autopilot workload policy config allow_net_admin has been set to %v", d.Id(), allowed) } - if d.HasChange("binary_authorization") || d.HasChange("enable_binary_authorization") { - req := &container.UpdateClusterRequest{ - Update: &container.ClusterUpdate{ - DesiredBinaryAuthorization: expandBinaryAuthorization(d.Get("binary_authorization"), d.Get("enable_binary_authorization").(bool)), - }, - } - - updateF := updateFunc(req, "updating GKE binary authorization") - // Call update serially. - if err := transport_tpg.LockedCall(lockKey, updateF); err != nil { - return err - } - - log.Printf("[INFO] GKE cluster %s's binary authorization has been updated to %v", d.Id(), req.Update.DesiredBinaryAuthorization) - } - if d.HasChange("private_cluster_config.0.enable_private_endpoint") { enabled := d.Get("private_cluster_config.0.enable_private_endpoint").(bool) req := &container.UpdateClusterRequest{ @@ -3042,6 +3026,22 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er log.Printf("[INFO] GKE cluster %s's master global access config has been updated to %v", d.Id(), config) } + if d.HasChange("binary_authorization") || d.HasChange("enable_binary_authorization") { + req := &container.UpdateClusterRequest{ + Update: &container.ClusterUpdate{ + DesiredBinaryAuthorization: expandBinaryAuthorization(d.Get("binary_authorization"), d.Get("enable_binary_authorization").(bool)), + }, + } + + updateF := updateFunc(req, "updating GKE binary authorization") + // Call update serially. + if err := transport_tpg.LockedCall(lockKey, updateF); err != nil { + return err + } + + log.Printf("[INFO] GKE cluster %s's binary authorization has been updated to %v", d.Id(), req.Update.DesiredBinaryAuthorization) + } + if d.HasChange("enable_shielded_nodes") { enabled := d.Get("enable_shielded_nodes").(bool) req := &container.UpdateClusterRequest{ From 2eacf688fe8a56727c25ed600269add76b83e4f9 Mon Sep 17 00:00:00 2001 From: Ryan Moriarty Date: Wed, 13 Dec 2023 17:17:55 +0000 Subject: [PATCH 06/14] reformat --- .../services/container/resource_container_cluster.go.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb b/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb index 0abf846798af..85ee490ae892 100644 --- a/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb +++ b/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb @@ -3026,7 +3026,7 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er log.Printf("[INFO] GKE cluster %s's master global access config has been updated to %v", d.Id(), config) } - if d.HasChange("binary_authorization") || d.HasChange("enable_binary_authorization") { + if d.HasChange("binary_authorization") || d.HasChange("enable_binary_authorization") { req := &container.UpdateClusterRequest{ Update: &container.ClusterUpdate{ DesiredBinaryAuthorization: expandBinaryAuthorization(d.Get("binary_authorization"), d.Get("enable_binary_authorization").(bool)), @@ -4837,7 +4837,7 @@ func expandBinaryAuthorization(configured interface{}, legacy_enabled bool) *con } config := l[0].(map[string]interface{}) return &container.BinaryAuthorization{ - Enabled: config["enabled"].(bool), + Enabled: config["enabled"].(bool), EvaluationMode: config["evaluation_mode"].(string), } } From abf40336b551ecc89c9b209ac4addf671ac55976 Mon Sep 17 00:00:00 2001 From: Ryan Moriarty Date: Wed, 13 Dec 2023 17:21:50 +0000 Subject: [PATCH 07/14] reformat --- .../services/container/resource_container_cluster.go.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb b/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb index 85ee490ae892..721698f25541 100644 --- a/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb +++ b/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb @@ -3026,7 +3026,7 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er log.Printf("[INFO] GKE cluster %s's master global access config has been updated to %v", d.Id(), config) } - if d.HasChange("binary_authorization") || d.HasChange("enable_binary_authorization") { + if d.HasChange("binary_authorization") || d.HasChange("enable_binary_authorization") { req := &container.UpdateClusterRequest{ Update: &container.ClusterUpdate{ DesiredBinaryAuthorization: expandBinaryAuthorization(d.Get("binary_authorization"), d.Get("enable_binary_authorization").(bool)), @@ -4837,7 +4837,7 @@ func expandBinaryAuthorization(configured interface{}, legacy_enabled bool) *con } config := l[0].(map[string]interface{}) return &container.BinaryAuthorization{ - Enabled: config["enabled"].(bool), + Enabled: config["enabled"].(bool), EvaluationMode: config["evaluation_mode"].(string), } } From 338a6859e92320f8959530f8664a9bc0c55d8298 Mon Sep 17 00:00:00 2001 From: Ryan Moriarty Date: Wed, 13 Dec 2023 21:34:23 +0000 Subject: [PATCH 08/14] Only get enable_binary_authorization if its been changed --- .../container/resource_container_cluster.go.erb | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb b/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb index 721698f25541..a86287d097a9 100644 --- a/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb +++ b/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb @@ -3026,11 +3026,16 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er log.Printf("[INFO] GKE cluster %s's master global access config has been updated to %v", d.Id(), config) } - if d.HasChange("binary_authorization") || d.HasChange("enable_binary_authorization") { - req := &container.UpdateClusterRequest{ - Update: &container.ClusterUpdate{ + if d.HasChange("binary_authorization") { + req := &container.UpdateClusterRequest{} + if d.HasChange("enable_binary_authorization") { + req.Update = &container.ClusterUpdate{ DesiredBinaryAuthorization: expandBinaryAuthorization(d.Get("binary_authorization"), d.Get("enable_binary_authorization").(bool)), }, + } else { + req.Update = &container.ClusterUpdate{ + DesiredBinaryAuthorization: expandBinaryAuthorization(d.Get("binary_authorization"), false), + }, } updateF := updateFunc(req, "updating GKE binary authorization") From 823c25fbd66fa5ebc5299abb063945b915d56ece Mon Sep 17 00:00:00 2001 From: Ryan Moriarty Date: Wed, 13 Dec 2023 21:53:41 +0000 Subject: [PATCH 09/14] remove commas --- .../services/container/resource_container_cluster.go.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb b/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb index a86287d097a9..bce55f3cace0 100644 --- a/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb +++ b/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb @@ -3031,11 +3031,11 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er if d.HasChange("enable_binary_authorization") { req.Update = &container.ClusterUpdate{ DesiredBinaryAuthorization: expandBinaryAuthorization(d.Get("binary_authorization"), d.Get("enable_binary_authorization").(bool)), - }, + } } else { req.Update = &container.ClusterUpdate{ DesiredBinaryAuthorization: expandBinaryAuthorization(d.Get("binary_authorization"), false), - }, + } } updateF := updateFunc(req, "updating GKE binary authorization") From 0d3ec8442942a02d0a740888a8a146716efe5a44 Mon Sep 17 00:00:00 2001 From: Ryan Moriarty Date: Wed, 13 Dec 2023 23:59:40 +0000 Subject: [PATCH 10/14] fix logic --- .../services/container/resource_container_cluster.go.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb b/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb index bce55f3cace0..fe7e15e3bc10 100644 --- a/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb +++ b/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb @@ -3026,7 +3026,7 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er log.Printf("[INFO] GKE cluster %s's master global access config has been updated to %v", d.Id(), config) } - if d.HasChange("binary_authorization") { + if d.HasChange("binary_authorization") || d.HasChange("enable_binary_authorization") { req := &container.UpdateClusterRequest{} if d.HasChange("enable_binary_authorization") { req.Update = &container.ClusterUpdate{ From e956c8a6525a0047d409ace68b245b4ef785a9be Mon Sep 17 00:00:00 2001 From: Ryan Moriarty Date: Mon, 18 Dec 2023 17:32:32 +0000 Subject: [PATCH 11/14] Remove enable_binary_authorization condition --- .../resource_container_cluster.go.erb | 21 +++++++------------ 1 file changed, 8 insertions(+), 13 deletions(-) diff --git a/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb b/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb index fe7e15e3bc10..1db576a59880 100644 --- a/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb +++ b/mmv1/third_party/terraform/services/container/resource_container_cluster.go.erb @@ -2201,7 +2201,7 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er PodSecurityPolicyConfig: expandPodSecurityPolicyConfig(d.Get("pod_security_policy_config")), <% end -%> Autoscaling: expandClusterAutoscaling(d.Get("cluster_autoscaling"), d), - BinaryAuthorization: expandBinaryAuthorization(d.Get("binary_authorization"), false), + BinaryAuthorization: expandBinaryAuthorization(d.Get("binary_authorization")), Autopilot: &container.Autopilot{ Enabled: d.Get("enable_autopilot").(bool), WorkloadPolicyConfig: workloadPolicyConfig, @@ -3026,16 +3026,11 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er log.Printf("[INFO] GKE cluster %s's master global access config has been updated to %v", d.Id(), config) } - if d.HasChange("binary_authorization") || d.HasChange("enable_binary_authorization") { - req := &container.UpdateClusterRequest{} - if d.HasChange("enable_binary_authorization") { - req.Update = &container.ClusterUpdate{ - DesiredBinaryAuthorization: expandBinaryAuthorization(d.Get("binary_authorization"), d.Get("enable_binary_authorization").(bool)), - } - } else { - req.Update = &container.ClusterUpdate{ - DesiredBinaryAuthorization: expandBinaryAuthorization(d.Get("binary_authorization"), false), - } + if d.HasChange("binary_authorization") { + req := &container.UpdateClusterRequest{ + Update: &container.ClusterUpdate{ + DesiredBinaryAuthorization: expandBinaryAuthorization(d.Get("binary_authorization")), + }, } updateF := updateFunc(req, "updating GKE binary authorization") @@ -4832,11 +4827,11 @@ func expandNotificationConfig(configured interface{}) *container.NotificationCon } } -func expandBinaryAuthorization(configured interface{}, legacy_enabled bool) *container.BinaryAuthorization { +func expandBinaryAuthorization(configured interface{}) *container.BinaryAuthorization { l := configured.([]interface{}) if len(l) == 0 || l[0] == nil { return &container.BinaryAuthorization{ - Enabled: legacy_enabled, + Enabled: false, ForceSendFields: []string{"Enabled"}, } } From d7d0d8040210c28aaae960f2e1ee809d51d2a395 Mon Sep 17 00:00:00 2001 From: Ryan Moriarty Date: Mon, 18 Dec 2023 17:42:49 +0000 Subject: [PATCH 12/14] Add upgrade path docs --- .../docs/guides/version_5_upgrade.html.markdown | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/mmv1/third_party/terraform/website/docs/guides/version_5_upgrade.html.markdown b/mmv1/third_party/terraform/website/docs/guides/version_5_upgrade.html.markdown index d82b2bf62e7d..336efcee9326 100644 --- a/mmv1/third_party/terraform/website/docs/guides/version_5_upgrade.html.markdown +++ b/mmv1/third_party/terraform/website/docs/guides/version_5_upgrade.html.markdown @@ -636,7 +636,15 @@ resource "google_container_cluster" "primary" { ### `enable_binary_authorization` is now removed -`enable_binary_authorization` has been removed in favor of `binary_authorization.enabled`. +`enable_binary_authorization` has been removed in favor of `binary_authorization.evaluation_mode`. +To enable Binary Authorization set evaluation mode to "PROJECT_SINGLETON_POLICY_ENFORCE", +as shown in the example below, to disable it set evaluation mode to "DISABLED". + +``` + binary_authorization { + evaluation_mode = "PROJECT_SINGLETON_POLICY_ENFORCE" + } +``` ### Default value of `network_policy.provider` is now removed From a0bd234042701fa3fb78ed177015f4a08456be93 Mon Sep 17 00:00:00 2001 From: Ryan Moriarty Date: Mon, 18 Dec 2023 17:44:21 +0000 Subject: [PATCH 13/14] Add comma --- .../website/docs/guides/version_5_upgrade.html.markdown | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mmv1/third_party/terraform/website/docs/guides/version_5_upgrade.html.markdown b/mmv1/third_party/terraform/website/docs/guides/version_5_upgrade.html.markdown index 336efcee9326..9321988326bb 100644 --- a/mmv1/third_party/terraform/website/docs/guides/version_5_upgrade.html.markdown +++ b/mmv1/third_party/terraform/website/docs/guides/version_5_upgrade.html.markdown @@ -637,8 +637,8 @@ resource "google_container_cluster" "primary" { ### `enable_binary_authorization` is now removed `enable_binary_authorization` has been removed in favor of `binary_authorization.evaluation_mode`. -To enable Binary Authorization set evaluation mode to "PROJECT_SINGLETON_POLICY_ENFORCE", -as shown in the example below, to disable it set evaluation mode to "DISABLED". +To enable Binary Authorization set evaluation mode to "PROJECT_SINGLETON_POLICY_ENFORCE" +as shown in the example below, to disable it, set evaluation mode to "DISABLED". ``` binary_authorization { From ff5ebb86ed078f0399e6d1d695d6a321bc3e9a07 Mon Sep 17 00:00:00 2001 From: "Stephen Lewis (Burrows)" Date: Mon, 18 Dec 2023 11:38:35 -0800 Subject: [PATCH 14/14] Update mmv1/third_party/terraform/website/docs/guides/version_5_upgrade.html.markdown --- .../website/docs/guides/version_5_upgrade.html.markdown | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mmv1/third_party/terraform/website/docs/guides/version_5_upgrade.html.markdown b/mmv1/third_party/terraform/website/docs/guides/version_5_upgrade.html.markdown index 9321988326bb..6a559e63c05f 100644 --- a/mmv1/third_party/terraform/website/docs/guides/version_5_upgrade.html.markdown +++ b/mmv1/third_party/terraform/website/docs/guides/version_5_upgrade.html.markdown @@ -637,8 +637,8 @@ resource "google_container_cluster" "primary" { ### `enable_binary_authorization` is now removed `enable_binary_authorization` has been removed in favor of `binary_authorization.evaluation_mode`. -To enable Binary Authorization set evaluation mode to "PROJECT_SINGLETON_POLICY_ENFORCE" -as shown in the example below, to disable it, set evaluation mode to "DISABLED". +To enable Binary Authorization, set evaluation mode to "PROJECT_SINGLETON_POLICY_ENFORCE" +as shown in the example below. To disable it, set evaluation mode to "DISABLED". ``` binary_authorization {