add shared vpc support for gke

hashicorp · May 23, 2018 · f06595b · f06595b
1 parent 2fdfa70
commit f06595b
Show file tree

Hide file tree

Showing 3 changed files with 103 additions and 11 deletions.
diff --git a/google/resource_container_cluster.go b/google/resource_container_cluster.go
@@ -328,11 +328,11 @@ func resourceContainerCluster() *schema.Resource {
 			},
 
 			"network": {
-				Type:      schema.TypeString,
-				Optional:  true,
-				Default:   "default",
-				ForceNew:  true,
-				StateFunc: StoreResourceName,
+				Type:             schema.TypeString,
+				Optional:         true,
+				Default:          "default",
+				ForceNew:         true,
+				DiffSuppressFunc: compareSelfLinkOrResourceName,
 			},
 
 			"network_policy": {
@@ -566,15 +566,19 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er
 		if err != nil {
 			return err
 		}
-		cluster.Network = network.Name
+		cluster.Network = network.RelativeLink()
 	}
 
 	if v, ok := d.GetOk("network_policy"); ok && len(v.([]interface{})) > 0 {
 		cluster.NetworkPolicy = expandNetworkPolicy(v)
 	}
 
 	if v, ok := d.GetOk("subnetwork"); ok {
-		cluster.Subnetwork = v.(string)
+		subnetwork, err := ParseSubnetworkFieldValue(v.(string), d, config)
+		if err != nil {
+			return err
+		}
+		cluster.Subnetwork = subnetwork.RelativeLink()
 	}
 
 	if v, ok := d.GetOk("addons_config"); ok {
@@ -747,8 +751,8 @@ func resourceContainerClusterRead(d *schema.ResourceData, meta interface{}) erro
 	d.Set("enable_legacy_abac", cluster.LegacyAbac.Enabled)
 	d.Set("logging_service", cluster.LoggingService)
 	d.Set("monitoring_service", cluster.MonitoringService)
-	d.Set("network", cluster.Network)
-	d.Set("subnetwork", cluster.Subnetwork)
+	d.Set("network", cluster.NetworkConfig.Network)
+	d.Set("subnetwork", cluster.NetworkConfig.Subnetwork)
 	if err := d.Set("node_config", flattenNodeConfig(cluster.NodeConfig)); err != nil {
 		return err
 	}

diff --git a/google/resource_container_cluster_test.go b/google/resource_container_cluster_test.go
@@ -1134,6 +1134,32 @@ func TestAccContainerCluster_withPodSecurityPolicy(t *testing.T) {
 	})
 }
 
+func TestAccContainerCluster_sharedVpc(t *testing.T) {
+	t.Parallel()
+
+	clusterName := fmt.Sprintf("cluster-test-%s", acctest.RandString(10))
+	org := getTestOrgFromEnv(t)
+	billingId := getTestBillingAccountFromEnv(t)
+	projectName := acctest.RandomWithPrefix("tf-xpntest-")
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckContainerClusterDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccContainerCluster_sharedVpc(org, billingId, projectName, clusterName),
+			},
+			{
+				ResourceName:        "google_container_cluster.shared_vpc_cluster",
+				ImportStateIdPrefix: "us-central1-a/",
+				ImportState:         true,
+				ImportStateVerify:   true,
+			},
+		},
+	})
+}
+
 func testAccCheckContainerClusterDestroy(s *terraform.State) error {
 	config := testAccProvider.Meta().(*Config)
 
@@ -2099,3 +2125,64 @@ resource "google_container_cluster" "with_private_cluster" {
 	}
 }`, clusterName, clusterName)
 }
+
+func testAccContainerCluster_sharedVpc(org, billingId, projectName, name string) string {
+	return fmt.Sprintf(`
+resource "google_project" "host_project" {
+	name            = "Test Project XPN Host"
+	project_id      = "%s-host"
+	org_id          = "%s"
+	billing_account = "%s"
+}
+
+resource "google_project_service" "host_project" {
+	project = "${google_project.host_project.project_id}"
+	service = "container.googleapis.com"
+}
+
+resource "google_compute_shared_vpc_host_project" "host_project" {
+	project = "${google_project_service.host_project.project}"
+}
+
+resource "google_project" "service_project" {
+	name            = "Test Project XPN Service"
+	project_id      = "%s-service"
+	org_id          = "%s"
+	billing_account = "%s"
+}
+
+resource "google_project_service" "service_project" {
+	project = "${google_project.service_project.project_id}"
+	service = "container.googleapis.com"
+}
+
+resource "google_compute_shared_vpc_service_project" "service_project" {
+	host_project    = "${google_compute_shared_vpc_host_project.host_project.project}"
+	service_project = "${google_project_service.service_project.project}"
+}
+
+resource "google_compute_network" "shared-network" {
+	name    = "test-%s"
+	project = "${google_compute_shared_vpc_host_project.host_project.project}"
+
+	auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "shared-subnetwork" {
+	name          = "test-%s"
+	ip_cidr_range = "10.0.0.0/16"
+	region        = "us-central1"
+	network       = "${google_compute_network.shared-network.self_link}"
+	project       = "${google_compute_shared_vpc_host_project.host_project.project}"
+}
+
+resource "google_container_cluster" "shared_vpc_cluster" {
+	name               = "%s"
+	zone               = "us-central1-a"
+	initial_node_count = 1
+	project            = "${google_compute_shared_vpc_service_project.service_project.service_project}"
+
+	network    = "${google_compute_network.shared-network.self_link}"
+	subnetwork = "${google_compute_subnetwork.shared-subnetwork.self_link}"
+}`, projectName, org, billingId, projectName, org, billingId, acctest.RandString(10), acctest.RandString(10), name)
+}
diff --git a/website/docs/r/container_cluster.html.markdown b/website/docs/r/container_cluster.html.markdown
@@ -141,7 +141,8 @@ output "cluster_ca_certificate" {
     `monitoring.googleapis.com`
 
 * `network` - (Optional) The name or self_link of the Google Compute Engine
-    network to which the cluster is connected.
+    network to which the cluster is connected. For Shared VPC, set this to the self link of the
+    shared network.
 
 * `network_policy` - (Optional) Configuration options for the
     [NetworkPolicy](https://kubernetes.io/docs/concepts/services-networking/networkpolicies/)
@@ -171,7 +172,7 @@ output "cluster_ca_certificate" {
 
 * `remove_default_node_pool` - (Optional) If true, deletes the default node pool upon cluster creation.
 
-* `subnetwork` - (Optional) The name of the Google Compute Engine subnetwork in
+* `subnetwork` - (Optional) The name or self_link of the Google Compute Engine subnetwork in
     which the cluster's instances are launched.
 
 The `addons_config` block supports: