fix: gcp_container_cluster for GKE 1.19+

Incorporating a fix for GKE 1.19+ (See #444). Inlined: Google has removed basic-auth method from within GKE starting version 1.19 This lead the output response of the backend API not to provide basic-auth data (username and password) anymore. The current implementation of gcp_container_cluster when generating the kubectl config file, always set basic-auth data w/o checking if there actually are available or explicitly provided even when the value are not set/provided from gcp_container_cluster. In addition, re-enabling some tests that #444 fixed. Co-authored-by: Xavier Lamien <laxathom@lxtnow.net>
2025-04-05 10:20:26 -07:00 · 2022-11-19 23:11:29 +00:00 · 2022-11-19 23:11:29 +00:00 · d3a7287c37
commit d3a7287c37
parent dc67fb3e17
4 changed files with 36 additions and 47 deletions
--- a/plugins/modules/gcp_container_cluster.py
+++ b/plugins/modules/gcp_container_cluster.py
@ -259,6 +259,7 @@ options:
      username:
        description:
        - The username to use for HTTP basic authentication to the master endpoint.
+          (unsupported with GKE >= 1.19).
        required: false
        type: str
      password:
@ -266,6 +267,7 @@ options:
        - The password to use for HTTP basic authentication to the master endpoint.
          Because the master endpoint is open to the Internet, you should create a
          strong password with a minimum of 16 characters.
+          (unsupported with GKE >= 1.19).
        required: false
        type: str
      client_certificate_config:
@ -711,9 +713,6 @@ EXAMPLES = '''
  google.cloud.gcp_container_cluster:
    name: my-cluster
    initial_node_count: 2
-    master_auth:
-      username: cluster_admin
-      password: my-secret-password
    node_config:
      machine_type: n1-standard-4
      disk_size_gb: 500
@ -930,6 +929,7 @@ masterAuth:
    username:
      description:
      - The username to use for HTTP basic authentication to the master endpoint.
+        (unsupported with GKE >= 1.19).
      returned: success
      type: str
    password:
@ -937,6 +937,7 @@ masterAuth:
      - The password to use for HTTP basic authentication to the master endpoint.
        Because the master endpoint is open to the Internet, you should create a strong
        password with a minimum of 16 characters.
+        (unsupported with GKE >= 1.19).
      returned: success
      type: str
    clientCertificateConfig:
@ -1857,6 +1858,29 @@ class Kubectl(object):
        if not context:
            context = self.module.params['name']

+        user = {
+            'name': context,
+            'user': {
+                'auth-provider': {
+                    'config': {
+                        'access-token': token,
+                        'cmd-args': 'config config-helper --format=json',
+                        'cmd-path': '/usr/lib64/google-cloud-sdk/bin/gcloud',
+                        'expiry-key': '{.credential.token_expiry}',
+                        'token-key': '{.credential.access_token}',
+                    },
+                    'name': 'gcp',
+                },
+            },
+        }
+
+        auth_keyword = self.fetch['masterAuth'].keys()
+        if 'username' in auth_keyword and 'password' in auth_keyword:
+            user['user']['auth-provider'].update({
+                'username': str(self.fetch['masterAuth']['username']),
+                'password': str(self.fetch['masterAuth']['password']),
+            })
+
        return {
            'apiVersion': 'v1',
            'clusters': [{'name': context, 'cluster': {'certificate-authority-data': str(self.fetch['masterAuth']['clusterCaCertificate'])}}],
@ -1864,25 +1888,7 @@ class Kubectl(object):
            'current-context': context,
            'kind': 'Config',
            'preferences': {},
-            'users': [
-                {
-                    'name': context,
-                    'user': {
-                        'auth-provider': {
-                            'config': {
-                                'access-token': token,
-                                'cmd-args': 'config config-helper --format=json',
-                                'cmd-path': '/usr/lib64/google-cloud-sdk/bin/gcloud',
-                                'expiry-key': '{.credential.token_expiry}',
-                                'token-key': '{.credential.access_token}',
-                            },
-                            'name': 'gcp',
-                        },
-                        'username': str(self.fetch['masterAuth']['username']),
-                        'password': str(self.fetch['masterAuth']['password']),
-                    },
-                }
-            ],
+            'users': [user],
        }

    """
--- a/tests/integration/targets/gcp_container_cluster/aliases
+++ b/tests/integration/targets/gcp_container_cluster/aliases
@ -1,2 +1 @@
 cloud/gcp
-unsupported
--- a/tests/integration/targets/gcp_container_cluster/tasks/autogen.yml
+++ b/tests/integration/targets/gcp_container_cluster/tasks/autogen.yml
@ -17,15 +17,12 @@
  google.cloud.gcp_container_cluster:
    name: my-cluster
    initial_node_count: 2
-    master_auth:
-      username: cluster_admin
-      password: my-secret-password
    node_config:
      machine_type: n1-standard-4
      disk_size_gb: 500
    location: us-central1-a
    project: "{{ gcp_project }}"
-    auth_kind: "{{ gcp_cred_kind }}"
+    auth_kind: "serviceaccount"
    service_account_file: "{{ gcp_cred_file }}"
    state: absent
 #----------------------------------------------------------
@ -33,15 +30,12 @@
  google.cloud.gcp_container_cluster:
    name: my-cluster
    initial_node_count: 2
-    master_auth:
-      username: cluster_admin
-      password: my-secret-password
    node_config:
      machine_type: n1-standard-4
      disk_size_gb: 500
    location: us-central1-a
    project: "{{ gcp_project }}"
-    auth_kind: "{{ gcp_cred_kind }}"
+    auth_kind: "serviceaccount"
    service_account_file: "{{ gcp_cred_file }}"
    state: present
  register: result
@ -53,7 +47,7 @@
  google.cloud.gcp_container_cluster_info:
      location: us-central1-a
      project: "{{ gcp_project }}"
-      auth_kind: "{{ gcp_cred_kind }}"
+      auth_kind: "serviceaccount"
      service_account_file: "{{ gcp_cred_file }}"
      scopes:
        - https://www.googleapis.com/auth/cloud-platform
@ -67,15 +61,12 @@
  google.cloud.gcp_container_cluster:
    name: my-cluster
    initial_node_count: 2
-    master_auth:
-      username: cluster_admin
-      password: my-secret-password
    node_config:
      machine_type: n1-standard-4
      disk_size_gb: 500
    location: us-central1-a
    project: "{{ gcp_project }}"
-    auth_kind: "{{ gcp_cred_kind }}"
+    auth_kind: "serviceaccount"
    service_account_file: "{{ gcp_cred_file }}"
    state: present
  register: result
@ -88,15 +79,12 @@
  google.cloud.gcp_container_cluster:
    name: my-cluster
    initial_node_count: 2
-    master_auth:
-      username: cluster_admin
-      password: my-secret-password
    node_config:
      machine_type: n1-standard-4
      disk_size_gb: 500
    location: us-central1-a
    project: "{{ gcp_project }}"
-    auth_kind: "{{ gcp_cred_kind }}"
+    auth_kind: "serviceaccount"
    service_account_file: "{{ gcp_cred_file }}"
    state: absent
  register: result
@ -122,15 +110,12 @@
  google.cloud.gcp_container_cluster:
    name: my-cluster
    initial_node_count: 2
-    master_auth:
-      username: cluster_admin
-      password: my-secret-password
    node_config:
      machine_type: n1-standard-4
      disk_size_gb: 500
    location: us-central1-a
    project: "{{ gcp_project }}"
-    auth_kind: "{{ gcp_cred_kind }}"
+    auth_kind: "serviceaccount"
    service_account_file: "{{ gcp_cred_file }}"
    state: absent
  register: result
--- a/tests/integration/targets/gcp_container_node_pool/aliases
+++ b/tests/integration/targets/gcp_container_node_pool/aliases
@ -1,2 +1 @@
 cloud/gcp
-unsupported