Expose google_container_cluster attributes from GKE resource in the Composer resource

jdpribula commented 2 years ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

In the google_container_cluster resource you can reference the master_auth attributes among others to get auth credentials to the cluster. In the google_composer_environment resource all of the GKE attributes are not available.

This means that in order to auth to the cluster we have to give a user or service account container admin access to the Composer GKE cluster in order to get this auth credential.

New or Affected Resource(s)

google_composer_environment

Potential Terraform Configuration

Expose the attribute.

google_composer_environment.composer.gke_id
google_composer_environment.composer.gke_self_link
google_composer_environment.composer.gke_endpoint
google_composer_environment.composer.gke_label_fingerprint
google_composer_environment.composer.gke_maintenance_policy.0.daily_maintenance_window.0.duration
google_composer_environment.composer.gke_master_auth.0.client_certificate
google_composer_environment.composer.gke_master_auth.0.client_key
google_composer_environment.composer.gke_master_auth.0.cluster_ca_certificate
google_composer_environment.composer.gke_master_version
google_composer_environment.composer.gke_tpu_ipv4_cidr_block
google_composer_environment.composer.gke_services_ipv4_cidr

References

0000

upodroid commented 2 years ago

Hello

The google_composer_environment has a field called config.0.gke_cluster that you can pass to the google_container_cluster datasource to lookup the GKE cluster using the GKE API.

data "google_container_cluster" "my_cluster" {
  name     = google_composer_environment.composer.config.0.gke_cluster
  location = "europe-west6"
}

https://cloud.google.com/composer/docs/reference/rest/v1beta1/projects.locations.environments#environmentconfig

rileykarson commented 2 years ago

We're able to support these properties if they are exposed in the underlying API, however we don't feel it's appropriate to surface them in the provider without that being done. The managing API (i.e. composer) may decide to change the scope of management on the underlying API (i.e. GKE) at any time, and if Terraform attempts to manage the resource they'll encounter a conflict.

Workaround like using a datasource are possible as well, as an implementation detail of this managed service relationship, although are suboptimal compared to the API surfacing the fields directly in the management resource.

hashicorp / terraform-provider-google