fix subcategory (#6334) (#12200)

Co-authored-by: Edward Sun <[email protected]>
Signed-off-by: Modular Magician <[email protected]>

Co-authored-by: Edward Sun <[email protected]>

Author: modular-magician

.changelog/6334.txt

@@ -0,0 +1,4 @@
+```release-note:none
+OS Config: fixed the left navigation subcategory for `google_os_config_os_policy_assignment`
+
+```

google/config.go

@@ -66,7 +66,7 @@ type Formatter struct {
 // Borrowed logic from https://github.com/sirupsen/logrus/blob/master/json_formatter.go and https://github.com/t-tomalak/logrus-easy-formatter/blob/master/formatter.go
 func (f *Formatter) Format(entry *logrus.Entry) ([]byte, error) {
 	// Suppress logs if TF_LOG is not DEBUG or TRACE
-	// also suppress frequent transport spam
+	// Also suppress frequent transport spam
 	if !logging.IsDebugOrHigher() || strings.Contains(entry.Message, "transport is closing") {
 		return nil, nil
 	}

google/provider.go

@@ -1239,7 +1239,6 @@ func ResourceMapWithErrors() (map[string]*schema.Resource, error) {
 			// ####### START handwritten resources ###########
 			"google_app_engine_application":                resourceAppEngineApplication(),
 			"google_bigquery_table":                        resourceBigQueryTable(),
-			"google_bigquery_reservation_assignment":       resourceBigqueryReservationAssignment(),
 			"google_bigtable_gc_policy":                    resourceBigtableGCPolicy(),
 			"google_bigtable_instance":                     resourceBigtableInstance(),
 			"google_bigtable_table":                        resourceBigtableTable(),
@@ -1309,37 +1308,6 @@ func ResourceMapWithErrors() (map[string]*schema.Resource, error) {
 			"google_storage_transfer_job":                  resourceStorageTransferJob(),
 			// ####### END handwritten resources ###########
 		},
-		map[string]*schema.Resource{
-			// ####### START tpgtools resources ###########
-			"google_apikeys_key":                         resourceApikeysKey(),
-			"google_assured_workloads_workload":          resourceAssuredWorkloadsWorkload(),
-			"google_cloudbuild_worker_pool":              resourceCloudbuildWorkerPool(),
-			"google_clouddeploy_delivery_pipeline":       resourceClouddeployDeliveryPipeline(),
-			"google_clouddeploy_target":                  resourceClouddeployTarget(),
-			"google_compute_firewall_policy_association": resourceComputeFirewallPolicyAssociation(),
-			"google_compute_firewall_policy":             resourceComputeFirewallPolicy(),
-			"google_compute_firewall_policy_rule":        resourceComputeFirewallPolicyRule(),
-			"google_container_aws_cluster":               resourceContainerAwsCluster(),
-			"google_container_aws_node_pool":             resourceContainerAwsNodePool(),
-			"google_container_azure_client":              resourceContainerAzureClient(),
-			"google_container_azure_cluster":             resourceContainerAzureCluster(),
-			"google_container_azure_node_pool":           resourceContainerAzureNodePool(),
-			"google_dataplex_lake":                       resourceDataplexLake(),
-			"google_dataplex_zone":                       resourceDataplexZone(),
-			"google_dataproc_workflow_template":          resourceDataprocWorkflowTemplate(),
-			"google_eventarc_trigger":                    resourceEventarcTrigger(),
-			"google_firebaserules_release":               resourceFirebaserulesRelease(),
-			"google_firebaserules_ruleset":               resourceFirebaserulesRuleset(),
-			"google_logging_log_view":                    resourceLoggingLogView(),
-			"google_monitoring_monitored_project":        resourceMonitoringMonitoredProject(),
-			"google_network_connectivity_hub":            resourceNetworkConnectivityHub(),
-			"google_network_connectivity_spoke":          resourceNetworkConnectivitySpoke(),
-			"google_org_policy_policy":                   resourceOrgPolicyPolicy(),
-			"google_os_config_os_policy_assignment":      resourceOsConfigOsPolicyAssignment(),
-			"google_privateca_certificate_template":      resourcePrivatecaCertificateTemplate(),
-			"google_recaptcha_enterprise_key":            resourceRecaptchaEnterpriseKey(),
-			// ####### END tpgtools resources ###########
-		},
 		map[string]*schema.Resource{
 			// ####### START non-generated IAM resources ###########
 			"google_bigtable_instance_iam_binding":       ResourceIamBinding(IamBigtableInstanceSchema, NewBigtableInstanceUpdater, BigtableInstanceIdParseFunc),
@@ -1404,6 +1372,7 @@ func ResourceMapWithErrors() (map[string]*schema.Resource, error) {
 			"google_service_account_iam_policy":          ResourceIamPolicy(IamServiceAccountSchema, NewServiceAccountIamUpdater, ServiceAccountIdParseFunc),
 			// ####### END non-generated IAM resources ###########
 		},
+		dclResources,
 	)
 }
 

google/provider_dcl_resources.go

@@ -0,0 +1,51 @@
+// ----------------------------------------------------------------------------
+//
+//     ***     AUTO GENERATED CODE    ***    Type: DCL     ***
+//
+// ----------------------------------------------------------------------------
+//
+//     This file is managed by Magic Modules (https://github.com/GoogleCloudPlatform/magic-modules)
+//     and is based on the DCL (https://github.com/GoogleCloudPlatform/declarative-resource-client-library).
+//     Changes will need to be made to the DCL or Magic Modules instead of here.
+//
+//     We are not currently able to accept contributions to this file. If changes
+//     are required, please file an issue at https://github.com/hashicorp/terraform-provider-google/issues/new/choose
+//
+// ----------------------------------------------------------------------------
+
+package google
+
+import (
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+var dclResources = map[string]*schema.Resource{
+	"google_apikeys_key":                         resourceApikeysKey(),
+	"google_assured_workloads_workload":          resourceAssuredWorkloadsWorkload(),
+	"google_bigquery_reservation_assignment":     resourceBigqueryReservationAssignment(),
+	"google_cloudbuild_worker_pool":              resourceCloudbuildWorkerPool(),
+	"google_clouddeploy_delivery_pipeline":       resourceClouddeployDeliveryPipeline(),
+	"google_clouddeploy_target":                  resourceClouddeployTarget(),
+	"google_compute_firewall_policy":             resourceComputeFirewallPolicy(),
+	"google_compute_firewall_policy_association": resourceComputeFirewallPolicyAssociation(),
+	"google_compute_firewall_policy_rule":        resourceComputeFirewallPolicyRule(),
+	"google_container_aws_cluster":               resourceContainerAwsCluster(),
+	"google_container_aws_node_pool":             resourceContainerAwsNodePool(),
+	"google_container_azure_client":              resourceContainerAzureClient(),
+	"google_container_azure_cluster":             resourceContainerAzureCluster(),
+	"google_container_azure_node_pool":           resourceContainerAzureNodePool(),
+	"google_dataplex_lake":                       resourceDataplexLake(),
+	"google_dataplex_zone":                       resourceDataplexZone(),
+	"google_dataproc_workflow_template":          resourceDataprocWorkflowTemplate(),
+	"google_eventarc_trigger":                    resourceEventarcTrigger(),
+	"google_firebaserules_release":               resourceFirebaserulesRelease(),
+	"google_firebaserules_ruleset":               resourceFirebaserulesRuleset(),
+	"google_logging_log_view":                    resourceLoggingLogView(),
+	"google_monitoring_monitored_project":        resourceMonitoringMonitoredProject(),
+	"google_network_connectivity_hub":            resourceNetworkConnectivityHub(),
+	"google_network_connectivity_spoke":          resourceNetworkConnectivitySpoke(),
+	"google_org_policy_policy":                   resourceOrgPolicyPolicy(),
+	"google_os_config_os_policy_assignment":      resourceOsConfigOsPolicyAssignment(),
+	"google_privateca_certificate_template":      resourcePrivatecaCertificateTemplate(),
+	"google_recaptcha_enterprise_key":            resourceRecaptchaEnterpriseKey(),
+}

google/resource_container_cluster.go

@@ -1070,6 +1070,23 @@ func resourceContainerCluster() *schema.Resource {
 				},
 			},
 
+			"mesh_certificates": {
+				Type:        schema.TypeList,
+				MaxItems:    1,
+				Optional:    true,
+				Computed:    true,
+				Description: `If set, and enable_certificates=true, the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster.`,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"enable_certificates": {
+							Type:        schema.TypeBool,
+							Required:    true,
+							Description: `When enabled the GKE Workload Identity Certificates controller and node agent will be deployed in the cluster.`,
+						},
+					},
+				},
+			},
+
 			"database_encryption": {
 				Type:        schema.TypeList,
 				MaxItems:    1,
@@ -1438,6 +1455,10 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er
 		cluster.VerticalPodAutoscaling = expandVerticalPodAutoscaling(v)
 	}
 
+	if v, ok := d.GetOk("mesh_certificates"); ok {
+		cluster.MeshCertificates = expandMeshCertificates(v)
+	}
+
 	if v, ok := d.GetOk("database_encryption"); ok {
 		cluster.DatabaseEncryption = expandDatabaseEncryption(v)
 	}
@@ -1770,6 +1791,10 @@ func resourceContainerClusterRead(d *schema.ResourceData, meta interface{}) erro
 		return err
 	}
 
+	if err := d.Set("mesh_certificates", flattenMeshCertificates(cluster.MeshCertificates)); err != nil {
+		return err
+	}
+
 	if err := d.Set("database_encryption", flattenDatabaseEncryption(cluster.DatabaseEncryption)); err != nil {
 		return err
 	}
@@ -2414,6 +2439,33 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er
 		}
 	}
 
+	if d.HasChange("mesh_certificates") {
+		c := d.Get("mesh_certificates")
+		req := &container.UpdateClusterRequest{
+			Update: &container.ClusterUpdate{
+				DesiredMeshCertificates: expandMeshCertificates(c),
+			},
+		}
+
+		updateF := func() error {
+			name := containerClusterFullName(project, location, clusterName)
+			clusterUpdateCall := config.NewContainerClient(userAgent).Projects.Locations.Clusters.Update(name, req)
+			if config.UserProjectOverride {
+				clusterUpdateCall.Header().Add("X-Goog-User-Project", project)
+			}
+			op, err := clusterUpdateCall.Do()
+			if err != nil {
+				return err
+			}
+			// Wait until it's updated
+			return containerOperationWait(config, op, project, location, "updating GKE cluster mesh certificates config", userAgent, d.Timeout(schema.TimeoutUpdate))
+		}
+		if err := lockedCall(lockKey, updateF); err != nil {
+			return err
+		}
+		log.Printf("[INFO] GKE cluster %s mesh certificates config has been updated", d.Id())
+	}
+
 	if d.HasChange("database_encryption") {
 		c := d.Get("database_encryption")
 		req := &container.UpdateClusterRequest{
@@ -3165,6 +3217,18 @@ func expandVerticalPodAutoscaling(configured interface{}) *container.VerticalPod
 	}
 }
 
+func expandMeshCertificates(configured interface{}) *container.MeshCertificates {
+	l := configured.([]interface{})
+	if len(l) == 0 {
+		return nil
+	}
+	config := l[0].(map[string]interface{})
+	return &container.MeshCertificates{
+		EnableCertificates: config["enable_certificates"].(bool),
+		ForceSendFields:    []string{"EnableCertificates"},
+	}
+}
+
 func expandDatabaseEncryption(configured interface{}) *container.DatabaseEncryption {
 	l := configured.([]interface{})
 	if len(l) == 0 {
@@ -3708,6 +3772,17 @@ func flattenResourceUsageExportConfig(c *container.ResourceUsageExportConfig) []
 	}
 }
 
+func flattenMeshCertificates(c *container.MeshCertificates) []map[string]interface{} {
+	if c == nil {
+		return nil
+	}
+	return []map[string]interface{}{
+		{
+			"enable_certificates": c.EnableCertificates,
+		},
+	}
+}
+
 func flattenDatabaseEncryption(c *container.DatabaseEncryption) []map[string]interface{} {
 	if c == nil {
 		return nil

google/resource_container_cluster_test.go

@@ -1955,6 +1955,48 @@ func TestAccContainerCluster_errorNoClusterCreated(t *testing.T) {
 	})
 }
 
+func TestAccContainerCluster_withMeshCertificatesConfig(t *testing.T) {
+	t.Parallel()
+
+	clusterName := fmt.Sprintf("tf-test-cluster-%s", randString(t, 10))
+	pid := getTestProjectFromEnv()
+
+	vcrTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckContainerClusterDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccContainerCluster_withMeshCertificatesConfigEnabled(pid, clusterName),
+			},
+			{
+				ResourceName:            "google_container_cluster.with_mesh_certificates_config",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"remove_default_node_pool"},
+			},
+			{
+				Config: testAccContainerCluster_updateMeshCertificatesConfig(pid, clusterName, true),
+			},
+			{
+				ResourceName:            "google_container_cluster.with_mesh_certificates_config",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"remove_default_node_pool"},
+			},
+			{
+				Config: testAccContainerCluster_updateMeshCertificatesConfig(pid, clusterName, false),
+			},
+			{
+				ResourceName:            "google_container_cluster.with_mesh_certificates_config",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"remove_default_node_pool"},
+			},
+		},
+	})
+}
+
 func TestAccContainerCluster_withDatabaseEncryption(t *testing.T) {
 	t.Parallel()
 
@@ -4139,6 +4181,47 @@ resource "google_container_cluster" "with_resource_labels" {
 `, location)
 }
 
+func testAccContainerCluster_withMeshCertificatesConfigEnabled(projectID string, clusterName string) string {
+	return fmt.Sprintf(`
+	data "google_project" "project" {
+		project_id = "%s"
+	}
+
+	resource "google_container_cluster" "with_mesh_certificates_config" {
+	name               = "%s"
+	location           = "us-central1-a"
+	initial_node_count = 1
+	remove_default_node_pool = true
+	workload_identity_config {
+		workload_pool = "${data.google_project.project.project_id}.svc.id.goog"
+	}
+	mesh_certificates {
+		enable_certificates = true
+	}
+	}
+`, projectID, clusterName)
+}
+
+func testAccContainerCluster_updateMeshCertificatesConfig(projectID string, clusterName string, enabled bool) string {
+	return fmt.Sprintf(`
+	data "google_project" "project" {
+  		project_id = "%s"
+	}
+
+	resource "google_container_cluster" "with_mesh_certificates_config" {
+		name               = "%s"
+		location           = "us-central1-a"
+		initial_node_count = 1
+		remove_default_node_pool = true
+		workload_identity_config {
+			workload_pool = "${data.google_project.project.project_id}.svc.id.goog"
+			}
+			mesh_certificates {
+			enable_certificates = %v
+			}
+	}`, projectID, clusterName, enabled)
+}
+
 func testAccContainerCluster_withDatabaseEncryption(clusterName string, kmsData bootstrappedKMS) string {
 	return fmt.Sprintf(`
 data "google_project" "project" {