From 8b3c8d303f00dc62c538ca066cf86b76bdcfb9ab Mon Sep 17 00:00:00 2001 From: Hank Freund Date: Wed, 20 Dec 2023 11:52:08 -0800 Subject: [PATCH] Fix crash in containerattached when removing admin_groups or admin_users. (#9647) * Fix crash in containerattached when removing admin_groups or admin_users. * Format test file. --- ...attached_cluster_authorization_user.go.erb | 30 +++-- ..._container_attached_cluster_update_test.go | 119 +++++++++++++++++- 2 files changed, 132 insertions(+), 17 deletions(-) diff --git a/mmv1/templates/terraform/custom_flatten/containerattached_cluster_authorization_user.go.erb b/mmv1/templates/terraform/custom_flatten/containerattached_cluster_authorization_user.go.erb index 9c796dcc2fd7..149cd64b2b7c 100644 --- a/mmv1/templates/terraform/custom_flatten/containerattached_cluster_authorization_user.go.erb +++ b/mmv1/templates/terraform/custom_flatten/containerattached_cluster_authorization_user.go.erb @@ -36,23 +36,27 @@ // ], // } func flatten<%= prefix -%><%= titlelize_property(property) -%>(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { - if v == nil { - return nil - } + if v == nil || len(v.(map[string]interface{})) == 0 { + return nil + } - orig := v.(map[string]interface{})["adminUsers"].([]interface{}) transformed := make(map[string][]string) - transformed["admin_users"] = make([]string, len(orig)) - for i, u := range orig { - if u != nil { - transformed["admin_users"][i] = u.(map[string]interface{})["username"].(string) + if v.(map[string]interface{})["adminUsers"] != nil { + orig := v.(map[string]interface{})["adminUsers"].([]interface{}) + transformed["admin_users"] = make([]string, len(orig)) + for i, u := range orig { + if u != nil { + transformed["admin_users"][i] = u.(map[string]interface{})["username"].(string) + } } } - orig = v.(map[string]interface{})["adminGroups"].([]interface{}) - transformed["admin_groups"] = make([]string, len(orig)) - for i, u := range orig { - if u != nil { - transformed["admin_groups"][i] = u.(map[string]interface{})["group"].(string) + if v.(map[string]interface{})["adminGroups"] != nil { + orig := v.(map[string]interface{})["adminGroups"].([]interface{}) + transformed["admin_groups"] = make([]string, len(orig)) + for i, u := range orig { + if u != nil { + transformed["admin_groups"][i] = u.(map[string]interface{})["group"].(string) + } } } diff --git a/mmv1/third_party/terraform/services/containerattached/resource_container_attached_cluster_update_test.go b/mmv1/third_party/terraform/services/containerattached/resource_container_attached_cluster_update_test.go index 0e6ee766a3f8..ad10e4f05a1e 100644 --- a/mmv1/third_party/terraform/services/containerattached/resource_container_attached_cluster_update_test.go +++ b/mmv1/third_party/terraform/services/containerattached/resource_container_attached_cluster_update_test.go @@ -37,6 +37,24 @@ func TestAccContainerAttachedCluster_update(t *testing.T) { ImportStateVerify: true, ImportStateVerifyIgnore: []string{"location", "annotations"}, }, + { + Config: testAccContainerAttachedCluster_containerAttachedCluster_removeAuthorizationUsers(context), + }, + { + ResourceName: "google_container_attached_cluster.primary", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"location", "annotations"}, + }, + { + Config: testAccContainerAttachedCluster_containerAttachedCluster_removeAuthorizationGroups(context), + }, + { + ResourceName: "google_container_attached_cluster.primary", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"location", "annotations"}, + }, { Config: testAccContainerAttachedCluster_containerAttachedCluster_destroy(context), }, @@ -155,9 +173,7 @@ resource "google_container_attached_cluster" "primary" { `, context) } -// Duplicate of testAccContainerAttachedCluster_containerAttachedCluster_update without lifecycle.prevent_destroy set -// so the test can clean up the resource after the update. -func testAccContainerAttachedCluster_containerAttachedCluster_destroy(context map[string]interface{}) string { +func testAccContainerAttachedCluster_containerAttachedCluster_removeAuthorizationUsers(context map[string]interface{}) string { return acctest.Nprintf(` data "google_project" "project" { } @@ -178,7 +194,6 @@ resource "google_container_attached_cluster" "primary" { label-two = "value-two" } authorization { - admin_users = [ "user2@example.com", "user3@example.com"] admin_groups = [ "group3@example.com"] } oidc_config { @@ -201,6 +216,102 @@ resource "google_container_attached_cluster" "primary" { namespace = "custom-ns" } } + lifecycle { + prevent_destroy = true + } +} +`, context) +} + +func testAccContainerAttachedCluster_containerAttachedCluster_removeAuthorizationGroups(context map[string]interface{}) string { + return acctest.Nprintf(` +data "google_project" "project" { +} + +data "google_container_attached_versions" "versions" { + location = "us-west1" + project = data.google_project.project.project_id +} + +resource "google_container_attached_cluster" "primary" { + name = "update%{random_suffix}" + project = data.google_project.project.project_id + location = "us-west1" + description = "Test cluster updated" + distribution = "aks" + annotations = { + label-one = "value-one" + label-two = "value-two" + } + oidc_config { + issuer_url = "https://oidc.issuer.url" + jwks = base64encode("{\"keys\":[{\"use\":\"sig\",\"kty\":\"RSA\",\"kid\":\"testid\",\"alg\":\"RS256\",\"n\":\"somedata\",\"e\":\"AQAB\"}]}") + } + platform_version = data.google_container_attached_versions.versions.valid_versions[0] + fleet { + project = "projects/${data.google_project.project.number}" + } + monitoring_config { + managed_prometheus_config {} + } + binary_authorization { + evaluation_mode = "DISABLED" + } + proxy_config { + kubernetes_secret { + name = "new-proxy-config" + namespace = "custom-ns" + } + } + lifecycle { + prevent_destroy = true + } +} +`, context) +} + +// Duplicate of testAccContainerAttachedCluster_containerAttachedCluster_update without lifecycle.prevent_destroy set +// so the test can clean up the resource after the update. +func testAccContainerAttachedCluster_containerAttachedCluster_destroy(context map[string]interface{}) string { + return acctest.Nprintf(` +data "google_project" "project" { +} + +data "google_container_attached_versions" "versions" { + location = "us-west1" + project = data.google_project.project.project_id +} + +resource "google_container_attached_cluster" "primary" { + name = "update%{random_suffix}" + project = data.google_project.project.project_id + location = "us-west1" + description = "Test cluster updated" + distribution = "aks" + annotations = { + label-one = "value-one" + label-two = "value-two" + } + oidc_config { + issuer_url = "https://oidc.issuer.url" + jwks = base64encode("{\"keys\":[{\"use\":\"sig\",\"kty\":\"RSA\",\"kid\":\"testid\",\"alg\":\"RS256\",\"n\":\"somedata\",\"e\":\"AQAB\"}]}") + } + platform_version = data.google_container_attached_versions.versions.valid_versions[0] + fleet { + project = "projects/${data.google_project.project.number}" + } + monitoring_config { + managed_prometheus_config {} + } + binary_authorization { + evaluation_mode = "DISABLED" + } + proxy_config { + kubernetes_secret { + name = "new-proxy-config" + namespace = "custom-ns" + } + } } `, context) }