Add support for auto ipam configuration (#15035)

printchard · web-flow · commit 8425614fd16c · 2025-09-17T20:54:10.000Z
diff --git a/mmv1/third_party/terraform/services/container/resource_container_cluster.go.tmpl b/mmv1/third_party/terraform/services/container/resource_container_cluster.go.tmpl
@@ -1858,6 +1858,22 @@ func ResourceContainerCluster() *schema.Resource {
 							},
 
 						},
+						"auto_ipam_config": {
+							Type: schema.TypeList,
+							MaxItems: 1,
+							Optional: true,
+							Computed: true,
+							Description: `AutoIpamConfig contains all information related to Auto IPAM.`,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"enabled": {
+										Type: schema.TypeBool,
+										Required: true,
+										Description: `The flag that enables Auto IPAM on this cluster.`,
+									},
+								},
+							},
+						},
 					},
 				},
 			},
@@ -4312,6 +4328,21 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er
 		log.Printf("[INFO] GKE cluster %s's AdditionalIpRangesConfig has been updated", d.Id())
 	}
 
+	if d.HasChange("ip_allocation_policy.0.auto_ipam_config") {
+		req := &container.UpdateClusterRequest{
+			Update: &container.ClusterUpdate{
+				DesiredAutoIpamConfig: &container.AutoIpamConfig{Enabled: d.Get("ip_allocation_policy.0.auto_ipam_config.0.enabled").(bool)},
+			},
+		}
+
+		updateF := updateFunc(req, "updating AutoIpamConfig")
+		if err := transport_tpg.LockedCall(lockKey, updateF); err != nil {
+			return err
+		}
+
+		log.Printf("[INFO] GKE cluster %s's AutoIpamConfig has been updated", d.Id())
+	}
+
 	if n, ok := d.GetOk("node_pool.#"); ok {
 		for i := 0; i < n.(int); i++ {
 			nodePoolInfo, err := extractNodePoolInformationFromCluster(d, config, clusterName)
@@ -5562,9 +5593,21 @@ func expandIPAllocationPolicy(configured interface{}, d *schema.ResourceData, ne
 		UseRoutes:              networkingMode == "ROUTES",
 		StackType:              stackType,
 		PodCidrOverprovisionConfig: expandPodCidrOverprovisionConfig(config["pod_cidr_overprovision_config"]),
+		AutoIpamConfig: expandAutoIpamConfig(config["auto_ipam_config"]),
 	}, additionalIpRangesConfigs, nil
 }
 
+func expandAutoIpamConfig(configured interface{}) *container.AutoIpamConfig {
+	l, ok := configured.([]interface{})
+	if !ok || len(l) == 0 || l[0] == nil {
+		return nil
+	}
+	
+	return &container.AutoIpamConfig{
+		Enabled: l[0].(map[string]interface{})["enabled"].(bool),
+	}
+}
+
 func expandMaintenancePolicy(d *schema.ResourceData, meta interface{}) *container.MaintenancePolicy {
 	config := meta.(*transport_tpg.Config)
 	// We have to perform a full Get() as part of this, to get the fingerprint.  We can't do this
@@ -7227,10 +7270,23 @@ func flattenIPAllocationPolicy(c *container.Cluster, d *schema.ResourceData, con
 			"pod_cidr_overprovision_config": flattenPodCidrOverprovisionConfig(p.PodCidrOverprovisionConfig),
 			"additional_pod_ranges_config":  flattenAdditionalPodRangesConfig(c.IpAllocationPolicy),
 			"additional_ip_ranges_config":   flattenAdditionalIpRangesConfigs(p.AdditionalIpRangesConfigs),
+			"auto_ipam_config":              flattenAutoIpamConfig(p.AutoIpamConfig),
 		},
 	}, nil
 }
 
+func flattenAutoIpamConfig(aic *container.AutoIpamConfig) []map[string]interface{} {
+	if aic == nil {
+		return nil
+	}
+
+	return []map[string]interface{}{
+		{
+			"enabled": aic.Enabled,
+		},
+	}
+}
+
 func flattenMaintenancePolicy(mp *container.MaintenancePolicy) []map[string]interface{} {
 	if mp == nil || mp.Window == nil {
 		return nil
diff --git a/mmv1/third_party/terraform/services/container/resource_container_cluster_meta.yaml.tmpl b/mmv1/third_party/terraform/services/container/resource_container_cluster_meta.yaml.tmpl
@@ -162,6 +162,7 @@ fields:
   - field: 'ip_allocation_policy.additional_pod_ranges_config.pod_range_names'
   - field: 'ip_allocation_policy.additional_ip_ranges_config.subnetwork'
   - field: 'ip_allocation_policy.additional_ip_ranges_config.pod_ipv4_range_names'
+  - field: 'ip_allocation_policy.auto_ipam_config.enabled'
   - field: 'ip_allocation_policy.cluster_ipv4_cidr_block'
   - field: 'ip_allocation_policy.cluster_secondary_range_name'
   - field: 'ip_allocation_policy.pod_cidr_overprovision_config.disabled'
diff --git a/mmv1/third_party/terraform/services/container/resource_container_cluster_test.go.tmpl b/mmv1/third_party/terraform/services/container/resource_container_cluster_test.go.tmpl
@@ -14565,6 +14565,118 @@ func TestAccContainerCluster_additional_ip_ranges_config_on_update(t *testing.T)
 	})
 }
 
+func TestAccContainerCluster_auto_ipam_config_enabled(t *testing.T) {
+	t.Parallel()
+
+	clusterName := fmt.Sprintf("tf-test-cluster-%s", acctest.RandString(t, 10))
+	networkName := acctest.BootstrapSharedTestNetwork(t, "gke-cluster")
+	subnetworkName := acctest.BootstrapSubnet(t, "gke-cluster", networkName)
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck: func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy: testAccCheckContainerClusterDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccContainerCluster_auto_ipam_config_enabled(clusterName, networkName, subnetworkName, true),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("google_container_cluster.primary", "ip_allocation_policy.0.auto_ipam_config.0.enabled", "true"),
+				),
+			},
+			{
+				ResourceName: "google_container_cluster.primary",
+				ImportState: true,
+				ImportStateVerify: true,
+				ImportStateVerifyIgnore: []string{"deletion_protection"},
+			},
+			{
+				Config: testAccContainerCluster_auto_ipam_config_enabled(clusterName, networkName, subnetworkName, false),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("google_container_cluster.primary", "ip_allocation_policy.0.auto_ipam_config.0.enabled", "false"),
+				),
+			},
+			{
+				ResourceName: "google_container_cluster.primary",
+				ImportState: true,
+				ImportStateVerify: true,
+				ImportStateVerifyIgnore: []string{"deletion_protection"},
+			},
+			{
+				Config: testAccContainerCluster_auto_ipam_config_enabled(clusterName, networkName, subnetworkName, true),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("google_container_cluster.primary", "ip_allocation_policy.0.auto_ipam_config.0.enabled", "true"),
+				),
+			},
+			{
+				ResourceName: "google_container_cluster.primary",
+				ImportState: true,
+				ImportStateVerify: true,
+				ImportStateVerifyIgnore: []string{"deletion_protection"},
+			},
+		},
+	})
+}
+
+func testAccContainerCluster_auto_ipam_config_enabled(clusterName, networkName, subnetworkName string, enabled bool) string {
+	return fmt.Sprintf(`
+resource "google_container_cluster" "primary" {
+  name               = "%s"
+  location           = "us-central1-a"
+  initial_node_count = 1
+  network            = "%s"
+  subnetwork         = "%s"
+
+  deletion_protection = false
+
+  ip_allocation_policy {
+    auto_ipam_config {
+      enabled = %t
+    }
+  }
+}
+`, clusterName, networkName, subnetworkName, enabled)
+}
+
+func TestAccContainerCluster_auto_ipam_config_none(t *testing.T) {
+	t.Parallel()
+
+	clusterName := fmt.Sprintf("tf-test-cluster-%s", acctest.RandString(t, 10))
+	networkName := acctest.BootstrapSharedTestNetwork(t, "gke-cluster")
+	subnetworkName := acctest.BootstrapSubnet(t, "gke-cluster", networkName)
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckContainerClusterDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccContainerCluster_auto_ipam_config_none(clusterName, networkName, subnetworkName),
+			},
+			{
+				ResourceName:            "google_container_cluster.primary",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"deletion_protection"},
+			},
+		},
+	})
+}
+
+func testAccContainerCluster_auto_ipam_config_none(clusterName, networkName, subnetworkName string) string {
+	return fmt.Sprintf(`
+resource "google_container_cluster" "primary" {
+  name               = "%s"
+  location           = "us-central1-a"
+  initial_node_count = 1
+
+  network            = "%s"
+  subnetwork         = "%s"
+
+  deletion_protection = false
+}
+`, clusterName, networkName, subnetworkName)
+}
+
 func TestAccContainerCluster_withAnonymousAuthenticationConfig(t *testing.T) {
 	t.Parallel()
 
diff --git a/mmv1/third_party/terraform/website/docs/r/container_cluster.html.markdown b/mmv1/third_party/terraform/website/docs/r/container_cluster.html.markdown
@@ -829,6 +829,12 @@ secondary Pod IP address assignment to node pools isn't needed. Structure is [do
 * `additional_ip_ranges_config` - (Optional) The configuration for individual additional subnetworks attached to the cluster.
 Structure is [documented below](#nested_additional_ip_ranges_config).
 
+* `auto_ipam_config` - (Optional) All the information related to Auto IPAM. Structure is [documented below](#nested_auto_ipam_config)
+
+<a name="nested_auto_ipam_config"></a>The auto ipam config supports:
+
+* `enabled` - (Required) The flag that enables Auto IPAM on this cluster.
+
 
 <a name="nested_additional_pod_ranges_config"></a>The `additional_pod_ranges_config` block supports:
 
