Fix crash in containerattached when removing admin_groups or admin_us…

…ers. (GoogleCloudPlatform#9647) * Fix crash in containerattached when removing admin_groups or admin_users. * Format test file.
kapreus · Jan 2, 2024 · d026bc7 · d026bc7
1 parent cb21d75
commit d026bc7
Show file tree

Hide file tree

Showing 2 changed files with 132 additions and 17 deletions.
diff --git a/mmv1/templates/terraform/custom_flatten/containerattached_cluster_authorization_user.go.erb b/mmv1/templates/terraform/custom_flatten/containerattached_cluster_authorization_user.go.erb
@@ -36,23 +36,27 @@
 //    ],
 // }
 func flatten<%= prefix -%><%= titlelize_property(property) -%>(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
-    if v == nil {
-        return nil
-    }
+	if v == nil || len(v.(map[string]interface{})) == 0 {
+		return nil
+	}
 
-	orig := v.(map[string]interface{})["adminUsers"].([]interface{})
 	transformed := make(map[string][]string)
-	transformed["admin_users"] = make([]string, len(orig))
-	for i, u := range orig {
-		if u != nil {
-			transformed["admin_users"][i] = u.(map[string]interface{})["username"].(string)
+	if v.(map[string]interface{})["adminUsers"] != nil {
+		orig := v.(map[string]interface{})["adminUsers"].([]interface{})
+		transformed["admin_users"] = make([]string, len(orig))
+		for i, u := range orig {
+			if u != nil {
+				transformed["admin_users"][i] = u.(map[string]interface{})["username"].(string)
+			}
 		}
 	}
-	orig = v.(map[string]interface{})["adminGroups"].([]interface{})
-	transformed["admin_groups"] = make([]string, len(orig))
-	for i, u := range orig {
-		if u != nil {
-			transformed["admin_groups"][i] = u.(map[string]interface{})["group"].(string)
+	if v.(map[string]interface{})["adminGroups"] != nil {
+		orig := v.(map[string]interface{})["adminGroups"].([]interface{})
+		transformed["admin_groups"] = make([]string, len(orig))
+		for i, u := range orig {
+			if u != nil {
+				transformed["admin_groups"][i] = u.(map[string]interface{})["group"].(string)
+			}
 		}
 	}
 

diff --git a/...y/terraform/services/containerattached/resource_container_attached_cluster_update_test.go b/...y/terraform/services/containerattached/resource_container_attached_cluster_update_test.go
@@ -37,6 +37,24 @@ func TestAccContainerAttachedCluster_update(t *testing.T) {
 				ImportStateVerify:       true,
 				ImportStateVerifyIgnore: []string{"location", "annotations"},
 			},
+			{
+				Config: testAccContainerAttachedCluster_containerAttachedCluster_removeAuthorizationUsers(context),
+			},
+			{
+				ResourceName:            "google_container_attached_cluster.primary",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"location", "annotations"},
+			},
+			{
+				Config: testAccContainerAttachedCluster_containerAttachedCluster_removeAuthorizationGroups(context),
+			},
+			{
+				ResourceName:            "google_container_attached_cluster.primary",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"location", "annotations"},
+			},
 			{
 				Config: testAccContainerAttachedCluster_containerAttachedCluster_destroy(context),
 			},
@@ -155,9 +173,7 @@ resource "google_container_attached_cluster" "primary" {
 `, context)
 }
 
-// Duplicate of testAccContainerAttachedCluster_containerAttachedCluster_update without lifecycle.prevent_destroy set
-// so the test can clean up the resource after the update.
-func testAccContainerAttachedCluster_containerAttachedCluster_destroy(context map[string]interface{}) string {
+func testAccContainerAttachedCluster_containerAttachedCluster_removeAuthorizationUsers(context map[string]interface{}) string {
 	return acctest.Nprintf(`
 data "google_project" "project" {
 }
@@ -178,7 +194,6 @@ resource "google_container_attached_cluster" "primary" {
   label-two = "value-two"
   }
   authorization {
-    admin_users = [ "[email protected]", "[email protected]"]
     admin_groups = [ "[email protected]"]
   }
   oidc_config {
@@ -201,6 +216,102 @@ resource "google_container_attached_cluster" "primary" {
       namespace = "custom-ns"
     }
   }
+  lifecycle {
+    prevent_destroy = true
+  }
+}
+`, context)
+}
+
+func testAccContainerAttachedCluster_containerAttachedCluster_removeAuthorizationGroups(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+data "google_project" "project" {
+}
+
+data "google_container_attached_versions" "versions" {
+	location       = "us-west1"
+	project        = data.google_project.project.project_id
+}
+
+resource "google_container_attached_cluster" "primary" {
+  name     = "update%{random_suffix}"
+  project = data.google_project.project.project_id
+  location = "us-west1"
+  description = "Test cluster updated"
+  distribution = "aks"
+  annotations = {
+    label-one = "value-one"
+  label-two = "value-two"
+  }
+  oidc_config {
+      issuer_url = "https://oidc.issuer.url"
+      jwks = base64encode("{\"keys\":[{\"use\":\"sig\",\"kty\":\"RSA\",\"kid\":\"testid\",\"alg\":\"RS256\",\"n\":\"somedata\",\"e\":\"AQAB\"}]}")
+  }
+  platform_version = data.google_container_attached_versions.versions.valid_versions[0]
+  fleet {
+    project = "projects/${data.google_project.project.number}"
+  }
+  monitoring_config {
+    managed_prometheus_config {}
+  }
+  binary_authorization {
+    evaluation_mode = "DISABLED"
+  }
+  proxy_config {
+    kubernetes_secret {
+      name = "new-proxy-config"
+      namespace = "custom-ns"
+    }
+  }
+  lifecycle {
+    prevent_destroy = true
+  }
+}
+`, context)
+}
+
+// Duplicate of testAccContainerAttachedCluster_containerAttachedCluster_update without lifecycle.prevent_destroy set
+// so the test can clean up the resource after the update.
+func testAccContainerAttachedCluster_containerAttachedCluster_destroy(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+data "google_project" "project" {
+}
+
+data "google_container_attached_versions" "versions" {
+	location       = "us-west1"
+	project        = data.google_project.project.project_id
+}
+
+resource "google_container_attached_cluster" "primary" {
+  name     = "update%{random_suffix}"
+  project = data.google_project.project.project_id
+  location = "us-west1"
+  description = "Test cluster updated"
+  distribution = "aks"
+  annotations = {
+    label-one = "value-one"
+  label-two = "value-two"
+  }
+  oidc_config {
+      issuer_url = "https://oidc.issuer.url"
+      jwks = base64encode("{\"keys\":[{\"use\":\"sig\",\"kty\":\"RSA\",\"kid\":\"testid\",\"alg\":\"RS256\",\"n\":\"somedata\",\"e\":\"AQAB\"}]}")
+  }
+  platform_version = data.google_container_attached_versions.versions.valid_versions[0]
+  fleet {
+    project = "projects/${data.google_project.project.number}"
+  }
+  monitoring_config {
+    managed_prometheus_config {}
+  }
+  binary_authorization {
+    evaluation_mode = "DISABLED"
+  }
+  proxy_config {
+    kubernetes_secret {
+      name = "new-proxy-config"
+      namespace = "custom-ns"
+    }
+  }
 }
 `, context)
 }