diff --git a/.changelog/9557.txt b/.changelog/9557.txt new file mode 100644 index 00000000000..4d61d2a507f --- /dev/null +++ b/.changelog/9557.txt @@ -0,0 +1,3 @@ +```release-note:bug +container: fixed a bug where disable PDCSI addon `gce_persistent_disk_csi_driver_config ` during creation will result in permadiff in `google_container_cluster` resource +``` diff --git a/google/services/container/resource_container_cluster.go b/google/services/container/resource_container_cluster.go index 535b333d067..5f16db06033 100644 --- a/google/services/container/resource_container_cluster.go +++ b/google/services/container/resource_container_cluster.go @@ -2161,11 +2161,28 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er cluster.SecurityPostureConfig = expandSecurityPostureConfig(v) } + needUpdateAfterCreate := false + // For now PSC based cluster don't support `enable_private_endpoint` on `create`, but only on `update` API call. // If cluster is PSC based and enable_private_endpoint is set to true we will ignore it on `create` call and update cluster right after creation. enablePrivateEndpointPSCCluster := isEnablePrivateEndpointPSCCluster(cluster) if enablePrivateEndpointPSCCluster { cluster.PrivateClusterConfig.EnablePrivateEndpoint = false + needUpdateAfterCreate = true + } + + enablePDCSI := isEnablePDCSI(cluster) + if !enablePDCSI { + // GcePersistentDiskCsiDriver cannot be disabled at cluster create, only on cluster update. Ignore on create then update after creation. + // If pdcsi is disabled, the config should be defined. But we will be paranoid and double-check. + needUpdateAfterCreate = true + if cluster.AddonsConfig == nil { + cluster.AddonsConfig = &container.AddonsConfig{} + } + if cluster.AddonsConfig.GcePersistentDiskCsiDriverConfig == nil { + cluster.AddonsConfig.GcePersistentDiskCsiDriverConfig = &container.GcePersistentDiskCsiDriverConfig{} + } + cluster.AddonsConfig.GcePersistentDiskCsiDriverConfig.Enabled = true } req := &container.CreateClusterRequest{ @@ -2252,14 +2269,22 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er } } - if enablePrivateEndpointPSCCluster { + if needUpdateAfterCreate { name := containerClusterFullName(project, location, clusterName) - req := &container.UpdateClusterRequest{ - Update: &container.ClusterUpdate{ - DesiredEnablePrivateEndpoint: true, - ForceSendFields: []string{"DesiredEnablePrivateEndpoint"}, - }, + update := &container.ClusterUpdate{} + if enablePrivateEndpointPSCCluster { + update.DesiredEnablePrivateEndpoint = true + update.ForceSendFields = append(update.ForceSendFields, "DesiredEnablePrivateEndpoint") + } + if !enablePDCSI { + update.DesiredAddonsConfig = &container.AddonsConfig{ + GcePersistentDiskCsiDriverConfig: &container.GcePersistentDiskCsiDriverConfig{ + Enabled: false, + }, + } + update.ForceSendFields = append(update.ForceSendFields, "DesiredAddonsConfig.GcePersistentDiskCsiDriverConfig.Enabled") } + req := &container.UpdateClusterRequest{Update: update} err = transport_tpg.Retry(transport_tpg.RetryOptions{ RetryFunc: func() error { @@ -2272,12 +2297,12 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er }, }) if err != nil { - return errwrap.Wrapf("Error updating enable private endpoint: {{err}}", err) + return errwrap.Wrapf(fmt.Sprintf("Error updating cluster for %v: {{err}}", update.ForceSendFields), err) } err = ContainerOperationWait(config, op, project, location, "updating enable private endpoint", userAgent, d.Timeout(schema.TimeoutCreate)) if err != nil { - return errwrap.Wrapf("Error while waiting to enable private endpoint: {{err}}", err) + return errwrap.Wrapf(fmt.Sprintf("Error while waiting on cluster update for %v: {{err}}", update.ForceSendFields), err) } } @@ -4511,6 +4536,13 @@ func isEnablePrivateEndpointPSCCluster(cluster *container.Cluster) bool { return false } +func isEnablePDCSI(cluster *container.Cluster) bool { + if cluster.AddonsConfig == nil || cluster.AddonsConfig.GcePersistentDiskCsiDriverConfig == nil { + return true // PDCSI is enabled by default. + } + return cluster.AddonsConfig.GcePersistentDiskCsiDriverConfig.Enabled +} + func expandPrivateClusterConfig(configured interface{}) *container.PrivateClusterConfig { l := configured.([]interface{}) if len(l) == 0 { diff --git a/google/services/container/resource_container_cluster_test.go b/google/services/container/resource_container_cluster_test.go index 6ae65e3c8ef..2a71a5f77e1 100644 --- a/google/services/container/resource_container_cluster_test.go +++ b/google/services/container/resource_container_cluster_test.go @@ -128,7 +128,6 @@ func TestAccContainerCluster_misc(t *testing.T) { } func TestAccContainerCluster_withAddons(t *testing.T) { - t.Skipf("Skipping test %s due to https://github.com/hashicorp/terraform-provider-google/issues/16114", t.Name()) t.Parallel() clusterName := fmt.Sprintf("tf-test-cluster-%s", acctest.RandString(t, 10)) @@ -4184,6 +4183,7 @@ resource "google_container_cluster" "primary" { gcs_fuse_csi_driver_config { enabled = true } + } deletion_protection = false network = "%s" subnetwork = "%s"