Allow passing node service_account when autopilot enabled #6733
Conversation
|
Hello! I am a robot who works on Magic Modules PRs. I've detected that you're a community contributor. @shuyama1, a repository maintainer, has been assigned to assist you and help review your changes. ❓ First time contributing? Click here for more detailsYour assigned reviewer will help review your code by:
You can help make sure that review is quick by running local tests and ensuring they're passing in between each push you make to your PR's branch. Also, try to leave a comment with each push you make, as pushes generally don't generate emails. If your reviewer doesn't get back to you within a week after your most recent change, please feel free to leave a comment on the issue asking them to take a look! In the absence of a dedicated review dashboard most maintainers manage their pending reviews through email, and those will sometimes get lost in their inbox. |
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are. Terraform GA: Diff ( 1 file changed, 14 insertions(+), 7 deletions(-)) |
Tests analyticsTotal tests: Action takenTriggering VCR tests in RECORDING mode for the tests that failed during VCR. Click here to see the failed testsTestAccFirebaserulesRelease_BasicRelease |
|
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are. Terraform GA: Diff ( 1 file changed, 14 insertions(+), 7 deletions(-)) |
Tests analyticsTotal tests: All tests passed in REPLAYING mode |
|
Accidentally caught the vendor dir with my amend alias - whoops.
Yes, oauth_scopes may be passed though we recommend only using |
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are. Terraform GA: Diff ( 3 files changed, 121 insertions(+), 39 deletions(-)) |
Tests analyticsTotal tests: Action takenTriggering VCR tests in RECORDING mode for the tests that failed during VCR. Click here to see the failed testsTestAccContainerClusterCustomServiceAccount_withAutopilot|TestAccContainerCluster_nodeAutoprovisioning |
|
Tests failed during RECORDING mode: Please fix these to complete your PR |
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are. Terraform GA: Diff ( 3 files changed, 121 insertions(+), 39 deletions(-)) |
Tests analyticsTotal tests: Action takenTriggering VCR tests in RECORDING mode for the tests that failed during VCR. Click here to see the failed testsTestAccContainerClusterCustomServiceAccount_withAutopilot|TestAccContainerCluster_nodeAutoprovisioning|TestAccComputeForwardingRule_update |
|
Tests passed during RECORDING mode: Tests failed during RECORDING mode: Please fix these to complete your PR |
JeremyOT
force-pushed
the
napsa
branch
2 times, most recently
from
3750ed9
to
3fda6af
Compare
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are. Terraform GA: Diff ( 3 files changed, 127 insertions(+), 39 deletions(-)) |
Tests analyticsTotal tests: Action takenTriggering VCR tests in RECORDING mode for the tests that failed during VCR. Click here to see the failed testsTestAccFirebaserulesRelease_BasicRelease|TestAccContainerCluster_nodeAutoprovisioning|TestAccContainerClusterCustomServiceAccount_withAutopilot |
|
Tests passed during RECORDING mode: Tests failed during RECORDING mode: Please fix these to complete your PR |
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are. Terraform GA: Diff ( 3 files changed, 124 insertions(+), 39 deletions(-)) |
Tests analyticsTotal tests: Action takenTriggering VCR tests in RECORDING mode for the tests that failed during VCR. Click here to see the failed testsTestAccFirebaserulesRelease_BasicRelease|TestAccContainerCluster_nodeAutoprovisioning|TestAccContainerClusterCustomServiceAccount_withAutopilot |
|
Tests passed during RECORDING mode: Tests failed during RECORDING mode: Please fix these to complete your PR |
Tests analyticsTotal tests: Action takenTriggering VCR tests in RECORDING mode for the tests that failed during VCR. Click here to see the failed testsTestAccContainerCluster_nodeAutoprovisioning |
|
Tests failed during RECORDING mode: Please fix these to complete your PR |
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are. Terraform GA: Diff ( 3 files changed, 122 insertions(+), 38 deletions(-)) |
Tests analyticsTotal tests: Action takenTriggering VCR tests in RECORDING mode for the tests that failed during VCR. Click here to see the failed testsTestAccFirebaserulesRelease_BasicRelease|TestAccContainerClusterCustomServiceAccount_withAutopilot |
|
Tests passed during RECORDING mode: Tests failed during RECORDING mode: Please fix these to complete your PR |
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are. Terraform GA: Diff ( 3 files changed, 122 insertions(+), 38 deletions(-)) |
Tests analyticsTotal tests: Action takenTriggering VCR tests in RECORDING mode for the tests that failed during VCR. Click here to see the failed testsTestAccFirebaserulesRelease_BasicRelease |
|
@shuyama1 it looks like this one is good to go |
| Elem: &schema.Resource{ | ||
| Schema: map[string]*schema.Schema{ | ||
| "enabled": { | ||
| Type: schema.TypeBool, | ||
| Required: true, | ||
| Type: schema.TypeBool, |
There was a problem hiding this comment.
I understand that making this optional will simplify user experience, but allowing empty block cluster_autoscaling{ } to be specified usually causes more problem in Terraform. Therefore I would recommend that we keep this field as required.
There was a problem hiding this comment.
I'm happy to make that change, but we're seeing a lot of friction with terraform's client side validation. It keeps causing unnecessary delays in support for new features. Especially when those features are ~support for existing fields (like this one).
| enableAutopilot := false | ||
| if v, ok := d.GetOk("enable_autopilot"); ok && v == true { | ||
| enableAutopilot = true | ||
| } | ||
| if !ok || l == nil || len(l) == 0 || l[0] == nil { | ||
| if v, ok := d.GetOk("enable_autopilot"); ok && v == true { | ||
| if enableAutopilot { |
There was a problem hiding this comment.
I am trying to understand the change here. Does this new change cover any cases that the previous code does not cover?
There was a problem hiding this comment.
It's not a logical change, however it makes additional autopilot conditionals simpler in the future
| @@ -78,6 +78,13 @@ var ( | |||
| forceNewClusterNodeConfigFields = []string{ | |||
| "workload_metadata_config", | |||
| } | |||
|
|
|||
| suppressDiffForAutopilot = schema.SchemaDiffSuppressFunc(func(k, oldValue, newValue string, d *schema.ResourceData) bool { | |||
There was a problem hiding this comment.
Just want to confirm if my understanding is correct. This DSF is added to prevent premadiff for some fields that return computed values when enable_autopilot == true. If so, do you think making the field optional + computed will solve the problem? Plus, I've seen some fields have default values. Does the API return different values. If they are fixed default values, having them set from the Terraform side should not cause any permadiffs.
There was a problem hiding this comment.
The problem is that these fields have default values, which conflicts with optional/computed. We can't remove the default values, but they will be ignored for Autopilot and the result is a permadiff
There was a problem hiding this comment.
Ah, like for autopilot, the API will not return those values?
There was a problem hiding this comment.
It returns different values, or no values for different fields. The intent here is essentially the field is optional + computed only when enable_autopilot == true
There was a problem hiding this comment.
Got it! Thanks! Then it sounds like that optional + computed make more sense for such fields than having default values on Terraform side.
For cases other than enable_autopilot == true, do these fields have the same server side defaults (plus the API also return these values) as the Terraform side ones. If so, I guess it would be relatively safe to change default values to optional + computed.
There was a problem hiding this comment.
We don't have the same defaults when Autopilot is enabled, and these may change over time as these values are implementation details for Autopilot, whereas they matter directly in GKE Standard.
This is another side effect of the dual purpose cluster APIs, but when Autopilot is enabled we cannot make any assumptions about server side values as their future changes are not considered breaking
There was a problem hiding this comment.
Discussed offline - The fields are required when Autopilot is not enabled. So changing to optional + computed will not work. DSF may be the best way to handle perma-diffs in this case.
Removes the conflict between cluster_autoscaling and autopilot making it possible to supply a service_account: `cluster_autoscaling.auto_provisioning_defaults.service_account` This change also makes `cluster_autoscaling.enabled` optional to simplify passing args when autopilot is enabled. As a result it is now possible to pass false when creating autopilot clusters but this will be caught by server side validaton. fixes hashicorp/terraform-provider-google#9505
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are. Terraform GA: Diff ( 3 files changed, 122 insertions(+), 38 deletions(-)) |
Tests analyticsTotal tests: Action takenTriggering VCR tests in RECORDING mode for the tests that failed during VCR. Click here to see the failed testsTestAccContainerClusterCustomServiceAccount_withAutopilot|TestAccComputeForwardingRule_update |
Removes the conflict between cluster_autoscaling and autopilot making it possible to supply a service_account:
cluster_autoscaling.auto_provisioning_defaults.service_accountThis change also makes
cluster_autoscaling.enabledoptional to simplify passing args when autopilot is enabled.As a result it is now possible to pass false when creating autopilot clusters but this will be caught by server side validaton.
fixes hashicorp/terraform-provider-google#9505
If this PR is for Terraform, I acknowledge that I have:
make testandmake lintto ensure it passes unit and linter tests.Release Note Template for Downstream PRs (will be copied)