Skip to content

Commit

Permalink
Add deletion_protection to container cluster (#9013) (#16013)
Browse files Browse the repository at this point in the history
Signed-off-by: Modular Magician <[email protected]>
  • Loading branch information
modular-magician authored Sep 26, 2023
1 parent 3a0de60 commit 24afffd
Show file tree
Hide file tree
Showing 34 changed files with 2,579 additions and 463 deletions.
3 changes: 3 additions & 0 deletions .changelog/9013.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:breaking-change
container: `google_container_cluster` now has `deletion_protection` enabled to `true` by default. When enabled, this field prevents Terraform from deleting the resource.
```
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,8 @@ func TestAccComputeInstanceGroupNamedPort_instanceGroupNamedPortGkeExample(t *te
t.Parallel()

context := map[string]interface{}{
"random_suffix": acctest.RandString(t, 10),
"deletion_protection": false,
"random_suffix": acctest.RandString(t, 10),
}

acctest.VcrTest(t, resource.TestCase{
Expand Down Expand Up @@ -98,6 +99,7 @@ resource "google_container_cluster" "my_cluster" {
cluster_ipv4_cidr_block = "/19"
services_ipv4_cidr_block = "/22"
}
deletion_protection = "%{deletion_protection}"
}
`, context)
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,8 @@ func TestAccComputeNetworkPeeringRoutesConfig_networkPeeringRoutesConfigGkeExamp
t.Parallel()

context := map[string]interface{}{
"random_suffix": acctest.RandString(t, 10),
"deletion_protection": false,
"random_suffix": acctest.RandString(t, 10),
}

acctest.VcrTest(t, resource.TestCase{
Expand Down Expand Up @@ -163,6 +164,7 @@ resource "google_container_cluster" "private_cluster" {
cluster_secondary_range_name = google_compute_subnetwork.container_subnetwork.secondary_ip_range[0].range_name
services_secondary_range_name = google_compute_subnetwork.container_subnetwork.secondary_ip_range[1].range_name
}
deletion_protection = "%{deletion_protection}"
}
`, context)
}
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ func TestAccContainerClusterDatasource_zonal(t *testing.T) {
"enable_autopilot": {},
"enable_tpu": {},
"pod_security_policy_config.#": {},
"deletion_protection": {},
},
),
),
Expand All @@ -54,6 +55,7 @@ func TestAccContainerClusterDatasource_regional(t *testing.T) {
"enable_autopilot": {},
"enable_tpu": {},
"pod_security_policy_config.#": {},
"deletion_protection": {},
},
),
),
Expand All @@ -68,6 +70,7 @@ resource "google_container_cluster" "kubes" {
name = "tf-test-cluster-%s"
location = "us-central1-a"
initial_node_count = 1
deletion_protection = false
}
data "google_container_cluster" "kubes" {
Expand All @@ -83,6 +86,7 @@ resource "google_container_cluster" "kubes" {
name = "tf-test-cluster-%s"
location = "us-central1"
initial_node_count = 1
deletion_protection = false
}
data "google_container_cluster" "kubes" {
Expand Down
24 changes: 23 additions & 1 deletion google/services/container/resource_container_cluster.go
Original file line number Diff line number Diff line change
Expand Up @@ -192,8 +192,15 @@ func ResourceContainerCluster() *schema.Resource {
Delete: schema.DefaultTimeout(40 * time.Minute),
},

SchemaVersion: 1,
SchemaVersion: 2,
MigrateState: resourceContainerClusterMigrateState,
StateUpgraders: []schema.StateUpgrader{
{
Type: resourceContainerClusterResourceV1().CoreConfigSchema().ImpliedType(),
Upgrade: ResourceContainerClusterUpgradeV1,
Version: 1,
},
},

Importer: &schema.ResourceImporter{
State: resourceContainerClusterStateImporter,
Expand Down Expand Up @@ -249,6 +256,13 @@ func ResourceContainerCluster() *schema.Resource {
Description: `The list of zones in which the cluster's nodes are located. Nodes must be in the region of their regional cluster or in the same region as their cluster's zone for zonal clusters. If this is specified for a zonal cluster, omit the cluster's zone.`,
},

"deletion_protection": {
Type: schema.TypeBool,
Optional: true,
Default: true,
Description: `Whether or not to allow Terraform to destroy the instance. Defaults to true. Unless this field is set to false in Terraform state, a terraform destroy or terraform apply that would delete the cluster will fail.`,
},

"addons_config": {
Type: schema.TypeList,
Optional: true,
Expand Down Expand Up @@ -3636,6 +3650,9 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er
}

func resourceContainerClusterDelete(d *schema.ResourceData, meta interface{}) error {
if d.Get("deletion_protection").(bool) {
return fmt.Errorf("Cannot destroy cluster because deletion_protection is set to true. Set it to false to proceed with instance deletion.")
}
config := meta.(*transport_tpg.Config)
userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent)
if err != nil {
Expand Down Expand Up @@ -5394,6 +5411,11 @@ func resourceContainerClusterStateImporter(d *schema.ResourceData, meta interfac
if err := d.Set("location", location); err != nil {
return nil, fmt.Errorf("Error setting location: %s", err)
}

if err := d.Set("deletion_protection", true); err != nil {
return nil, fmt.Errorf("Error setting deletion_protection: %s", err)
}

if _, err := containerClusterAwaitRestingState(config, project, location, clusterName, userAgent, d.Timeout(schema.TimeoutCreate)); err != nil {
return nil, err
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,9 @@ func resourceContainerClusterMigrateState(
case 0:
log.Println("[INFO] Found Container Cluster State v0; migrating to v1")
return migrateClusterStateV0toV1(is)
case 1:
log.Println("[INFO] Found Container Cluster State v1 in legacy migration function; returning as non-op")
return is, nil
default:
return is, fmt.Errorf("Unexpected schema version: %d", v)
}
Expand Down
Loading

0 comments on commit 24afffd

Please sign in to comment.