fix: gcp_container_cluster for GKE 1.19+

Incorporating a fix for GKE 1.19+ (See #444).

Inlined:

Google has removed basic-auth method from within GKE starting version 1.19
This lead the output response of the backend API not to provide basic-auth
data (username and password) anymore.

The current implementation of gcp_container_cluster when generating the kubectl
config file, always set basic-auth data w/o checking if there actually are
available or explicitly provided even when the value are not set/provided
from gcp_container_cluster.

In addition, re-enabling some tests that #444 fixed.

Co-authored-by: Xavier Lamien <laxathom@lxtnow.net>

plugins/modules/gcp_container_cluster.py

@@ -259,6 +259,7 @@ options:
       username:
         description:
         - The username to use for HTTP basic authentication to the master endpoint.
+          (unsupported with GKE >= 1.19).
         required: false
         type: str
       password:
@@ -266,6 +267,7 @@ options:
         - The password to use for HTTP basic authentication to the master endpoint.
           Because the master endpoint is open to the Internet, you should create a
           strong password with a minimum of 16 characters.
+          (unsupported with GKE >= 1.19).
         required: false
         type: str
       client_certificate_config:
@@ -711,9 +713,6 @@ EXAMPLES = '''
   google.cloud.gcp_container_cluster:
     name: my-cluster
     initial_node_count: 2
-    master_auth:
-      username: cluster_admin
-      password: my-secret-password
     node_config:
       machine_type: n1-standard-4
       disk_size_gb: 500
@@ -930,6 +929,7 @@ masterAuth:
     username:
       description:
       - The username to use for HTTP basic authentication to the master endpoint.
+        (unsupported with GKE >= 1.19).
       returned: success
       type: str
     password:
@@ -937,6 +937,7 @@ masterAuth:
       - The password to use for HTTP basic authentication to the master endpoint.
         Because the master endpoint is open to the Internet, you should create a strong
         password with a minimum of 16 characters.
+        (unsupported with GKE >= 1.19).
       returned: success
       type: str
     clientCertificateConfig:
@@ -1857,6 +1858,29 @@ class Kubectl(object):
         if not context:
             context = self.module.params['name']
 
+        user = {
+            'name': context,
+            'user': {
+                'auth-provider': {
+                    'config': {
+                        'access-token': token,
+                        'cmd-args': 'config config-helper --format=json',
+                        'cmd-path': '/usr/lib64/google-cloud-sdk/bin/gcloud',
+                        'expiry-key': '{.credential.token_expiry}',
+                        'token-key': '{.credential.access_token}',
+                    },
+                    'name': 'gcp',
+                },
+            },
+        }
+
+        auth_keyword = self.fetch['masterAuth'].keys()
+        if 'username' in auth_keyword and 'password' in auth_keyword:
+            user['user']['auth-provider'].update({
+                'username': str(self.fetch['masterAuth']['username']),
+                'password': str(self.fetch['masterAuth']['password']),
+            })
+
         return {
             'apiVersion': 'v1',
             'clusters': [{'name': context, 'cluster': {'certificate-authority-data': str(self.fetch['masterAuth']['clusterCaCertificate'])}}],
@@ -1864,25 +1888,7 @@ class Kubectl(object):
             'current-context': context,
             'kind': 'Config',
             'preferences': {},
-            'users': [
+            'users': [user],
-                {
-                    'name': context,
-                    'user': {
-                        'auth-provider': {
-                            'config': {
-                                'access-token': token,
-                                'cmd-args': 'config config-helper --format=json',
-                                'cmd-path': '/usr/lib64/google-cloud-sdk/bin/gcloud',
-                                'expiry-key': '{.credential.token_expiry}',
-                                'token-key': '{.credential.access_token}',
-                            },
-                            'name': 'gcp',
-                        },
-                        'username': str(self.fetch['masterAuth']['username']),
-                        'password': str(self.fetch['masterAuth']['password']),
-                    },
-                }
-            ],
         }
 
     """

tests/integration/targets/gcp_container_cluster/aliases

@@ -1,2 +1 @@
 cloud/gcp
-unsupported

tests/integration/targets/gcp_container_cluster/tasks/autogen.yml

@@ -17,15 +17,12 @@
   google.cloud.gcp_container_cluster:
     name: my-cluster
     initial_node_count: 2
-    master_auth:
-      username: cluster_admin
-      password: my-secret-password
     node_config:
       machine_type: n1-standard-4
       disk_size_gb: 500
     location: us-central1-a
     project: "{{ gcp_project }}"
-    auth_kind: "{{ gcp_cred_kind }}"
+    auth_kind: "serviceaccount"
     service_account_file: "{{ gcp_cred_file }}"
     state: absent
 #----------------------------------------------------------
@@ -33,15 +30,12 @@
   google.cloud.gcp_container_cluster:
     name: my-cluster
     initial_node_count: 2
-    master_auth:
-      username: cluster_admin
-      password: my-secret-password
     node_config:
       machine_type: n1-standard-4
       disk_size_gb: 500
     location: us-central1-a
     project: "{{ gcp_project }}"
-    auth_kind: "{{ gcp_cred_kind }}"
+    auth_kind: "serviceaccount"
     service_account_file: "{{ gcp_cred_file }}"
     state: present
   register: result
@@ -53,7 +47,7 @@
   google.cloud.gcp_container_cluster_info:
       location: us-central1-a
       project: "{{ gcp_project }}"
-      auth_kind: "{{ gcp_cred_kind }}"
+      auth_kind: "serviceaccount"
       service_account_file: "{{ gcp_cred_file }}"
       scopes:
         - https://www.googleapis.com/auth/cloud-platform
@@ -67,15 +61,12 @@
   google.cloud.gcp_container_cluster:
     name: my-cluster
     initial_node_count: 2
-    master_auth:
-      username: cluster_admin
-      password: my-secret-password
     node_config:
       machine_type: n1-standard-4
       disk_size_gb: 500
     location: us-central1-a
     project: "{{ gcp_project }}"
-    auth_kind: "{{ gcp_cred_kind }}"
+    auth_kind: "serviceaccount"
     service_account_file: "{{ gcp_cred_file }}"
     state: present
   register: result
@@ -88,15 +79,12 @@
   google.cloud.gcp_container_cluster:
     name: my-cluster
     initial_node_count: 2
-    master_auth:
-      username: cluster_admin
-      password: my-secret-password
     node_config:
       machine_type: n1-standard-4
       disk_size_gb: 500
     location: us-central1-a
     project: "{{ gcp_project }}"
-    auth_kind: "{{ gcp_cred_kind }}"
+    auth_kind: "serviceaccount"
     service_account_file: "{{ gcp_cred_file }}"
     state: absent
   register: result
@@ -122,15 +110,12 @@
   google.cloud.gcp_container_cluster:
     name: my-cluster
     initial_node_count: 2
-    master_auth:
-      username: cluster_admin
-      password: my-secret-password
     node_config:
       machine_type: n1-standard-4
       disk_size_gb: 500
     location: us-central1-a
     project: "{{ gcp_project }}"
-    auth_kind: "{{ gcp_cred_kind }}"
+    auth_kind: "serviceaccount"
     service_account_file: "{{ gcp_cred_file }}"
     state: absent
   register: result

tests/integration/targets/gcp_container_node_pool/aliases

@@ -1,2 +1 @@
 cloud/gcp
-unsupported