fix: Invalid index for google_container_cluster.primary.private_cluster_config[0] (#2354)

yuval2313 · apeabody · web-flow · commit 552b3f46d861 · 2025-06-05T15:04:31.000-07:00
Co-authored-by: Andrew Peabody &lt;andrewpeabody@google.com&gt;
diff --git a/autogen/main/main.tf.tmpl b/autogen/main/main.tf.tmpl
@@ -147,7 +147,13 @@ locals {
 {% if private_cluster %}
   cluster_endpoint           = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.enable_private_endpoint || var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint
   cluster_peering_name       = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null
-  cluster_endpoint_for_nodes = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block
+  cluster_endpoint_for_nodes = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (
+    var.private_endpoint_subnetwork != null ?
+    data.google_compute_subnetwork.private_endpoint_subnetwork[0].ip_cidr_range :
+    var.master_ipv4_cidr_block != null ?
+    google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block :
+    local.cluster_subnet_cidr
+  ) : local.cluster_subnet_cidr
 {% else %}
   cluster_endpoint           = google_container_cluster.primary.endpoint
   cluster_endpoint_for_nodes = "${google_container_cluster.primary.endpoint}/32"
diff --git a/autogen/main/networks.tf.tmpl b/autogen/main/networks.tf.tmpl
@@ -24,3 +24,14 @@ data "google_compute_subnetwork" "gke_subnetwork" {
   region  = local.region
   project = local.network_project_id
 }
+
+{% if private_cluster %}
+data "google_compute_subnetwork" "private_endpoint_subnetwork" {
+  provider = google
+
+  count   = var.private_endpoint_subnetwork != null ? 1 : 0
+  name    = var.private_endpoint_subnetwork
+  region  = local.region
+  project = local.network_project_id
+}
+{% endif %}
diff --git a/modules/beta-autopilot-private-cluster/main.tf b/modules/beta-autopilot-private-cluster/main.tf
@@ -76,9 +76,15 @@ locals {
   cluster_output_regional_zones = google_container_cluster.primary.node_locations
   cluster_output_zones          = local.cluster_output_regional_zones
 
-  cluster_endpoint           = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.enable_private_endpoint || var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint
-  cluster_peering_name       = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null
-  cluster_endpoint_for_nodes = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block
+  cluster_endpoint     = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.enable_private_endpoint || var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint
+  cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null
+  cluster_endpoint_for_nodes = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (
+    var.private_endpoint_subnetwork != null ?
+    data.google_compute_subnetwork.private_endpoint_subnetwork[0].ip_cidr_range :
+    var.master_ipv4_cidr_block != null ?
+    google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block :
+    local.cluster_subnet_cidr
+  ) : local.cluster_subnet_cidr
 
   cluster_output_master_auth                        = concat(google_container_cluster.primary[*].master_auth, [])
   cluster_output_master_version                     = google_container_cluster.primary.master_version
diff --git a/modules/beta-autopilot-private-cluster/networks.tf b/modules/beta-autopilot-private-cluster/networks.tf
@@ -24,3 +24,12 @@ data "google_compute_subnetwork" "gke_subnetwork" {
   region  = local.region
   project = local.network_project_id
 }
+
+data "google_compute_subnetwork" "private_endpoint_subnetwork" {
+  provider = google
+
+  count   = var.private_endpoint_subnetwork != null ? 1 : 0
+  name    = var.private_endpoint_subnetwork
+  region  = local.region
+  project = local.network_project_id
+}
diff --git a/modules/beta-autopilot-public-cluster/networks.tf b/modules/beta-autopilot-public-cluster/networks.tf
@@ -24,3 +24,4 @@ data "google_compute_subnetwork" "gke_subnetwork" {
   region  = local.region
   project = local.network_project_id
 }
+
diff --git a/modules/beta-private-cluster-update-variant/main.tf b/modules/beta-private-cluster-update-variant/main.tf
@@ -122,9 +122,15 @@ locals {
   cluster_output_regional_zones = google_container_cluster.primary.node_locations
   cluster_output_zones          = local.cluster_output_regional_zones
 
-  cluster_endpoint           = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.enable_private_endpoint || var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint
-  cluster_peering_name       = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null
-  cluster_endpoint_for_nodes = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block
+  cluster_endpoint     = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.enable_private_endpoint || var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint
+  cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null
+  cluster_endpoint_for_nodes = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (
+    var.private_endpoint_subnetwork != null ?
+    data.google_compute_subnetwork.private_endpoint_subnetwork[0].ip_cidr_range :
+    var.master_ipv4_cidr_block != null ?
+    google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block :
+    local.cluster_subnet_cidr
+  ) : local.cluster_subnet_cidr
 
   cluster_output_master_auth                        = concat(google_container_cluster.primary[*].master_auth, [])
   cluster_output_master_version                     = google_container_cluster.primary.master_version
diff --git a/modules/beta-private-cluster-update-variant/networks.tf b/modules/beta-private-cluster-update-variant/networks.tf
@@ -24,3 +24,12 @@ data "google_compute_subnetwork" "gke_subnetwork" {
   region  = local.region
   project = local.network_project_id
 }
+
+data "google_compute_subnetwork" "private_endpoint_subnetwork" {
+  provider = google
+
+  count   = var.private_endpoint_subnetwork != null ? 1 : 0
+  name    = var.private_endpoint_subnetwork
+  region  = local.region
+  project = local.network_project_id
+}
diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf
@@ -122,9 +122,15 @@ locals {
   cluster_output_regional_zones = google_container_cluster.primary.node_locations
   cluster_output_zones          = local.cluster_output_regional_zones
 
-  cluster_endpoint           = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.enable_private_endpoint || var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint
-  cluster_peering_name       = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null
-  cluster_endpoint_for_nodes = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block
+  cluster_endpoint     = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.enable_private_endpoint || var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint
+  cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null
+  cluster_endpoint_for_nodes = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (
+    var.private_endpoint_subnetwork != null ?
+    data.google_compute_subnetwork.private_endpoint_subnetwork[0].ip_cidr_range :
+    var.master_ipv4_cidr_block != null ?
+    google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block :
+    local.cluster_subnet_cidr
+  ) : local.cluster_subnet_cidr
 
   cluster_output_master_auth                        = concat(google_container_cluster.primary[*].master_auth, [])
   cluster_output_master_version                     = google_container_cluster.primary.master_version
diff --git a/modules/beta-private-cluster/networks.tf b/modules/beta-private-cluster/networks.tf
@@ -24,3 +24,12 @@ data "google_compute_subnetwork" "gke_subnetwork" {
   region  = local.region
   project = local.network_project_id
 }
+
+data "google_compute_subnetwork" "private_endpoint_subnetwork" {
+  provider = google
+
+  count   = var.private_endpoint_subnetwork != null ? 1 : 0
+  name    = var.private_endpoint_subnetwork
+  region  = local.region
+  project = local.network_project_id
+}
diff --git a/modules/beta-public-cluster-update-variant/networks.tf b/modules/beta-public-cluster-update-variant/networks.tf
@@ -24,3 +24,4 @@ data "google_compute_subnetwork" "gke_subnetwork" {
   region  = local.region
   project = local.network_project_id
 }
+
diff --git a/modules/beta-public-cluster/networks.tf b/modules/beta-public-cluster/networks.tf
@@ -24,3 +24,4 @@ data "google_compute_subnetwork" "gke_subnetwork" {
   region  = local.region
   project = local.network_project_id
 }
+
diff --git a/modules/private-cluster-update-variant/main.tf b/modules/private-cluster-update-variant/main.tf
@@ -110,9 +110,15 @@ locals {
   cluster_output_regional_zones = google_container_cluster.primary.node_locations
   cluster_output_zones          = local.cluster_output_regional_zones
 
-  cluster_endpoint           = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.enable_private_endpoint || var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint
-  cluster_peering_name       = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null
-  cluster_endpoint_for_nodes = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block
+  cluster_endpoint     = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.enable_private_endpoint || var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint
+  cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null
+  cluster_endpoint_for_nodes = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (
+    var.private_endpoint_subnetwork != null ?
+    data.google_compute_subnetwork.private_endpoint_subnetwork[0].ip_cidr_range :
+    var.master_ipv4_cidr_block != null ?
+    google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block :
+    local.cluster_subnet_cidr
+  ) : local.cluster_subnet_cidr
 
   cluster_output_master_auth                        = concat(google_container_cluster.primary[*].master_auth, [])
   cluster_output_master_version                     = google_container_cluster.primary.master_version
diff --git a/modules/private-cluster-update-variant/networks.tf b/modules/private-cluster-update-variant/networks.tf
@@ -24,3 +24,12 @@ data "google_compute_subnetwork" "gke_subnetwork" {
   region  = local.region
   project = local.network_project_id
 }
+
+data "google_compute_subnetwork" "private_endpoint_subnetwork" {
+  provider = google
+
+  count   = var.private_endpoint_subnetwork != null ? 1 : 0
+  name    = var.private_endpoint_subnetwork
+  region  = local.region
+  project = local.network_project_id
+}
diff --git a/modules/private-cluster/main.tf b/modules/private-cluster/main.tf
@@ -110,9 +110,15 @@ locals {
   cluster_output_regional_zones = google_container_cluster.primary.node_locations
   cluster_output_zones          = local.cluster_output_regional_zones
 
-  cluster_endpoint           = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.enable_private_endpoint || var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint
-  cluster_peering_name       = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null
-  cluster_endpoint_for_nodes = google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block
+  cluster_endpoint     = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (var.enable_private_endpoint || var.deploy_using_private_endpoint ? google_container_cluster.primary.private_cluster_config[0].private_endpoint : google_container_cluster.primary.private_cluster_config[0].public_endpoint) : google_container_cluster.primary.endpoint
+  cluster_peering_name = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? google_container_cluster.primary.private_cluster_config[0].peering_name : null
+  cluster_endpoint_for_nodes = (var.enable_private_nodes && length(google_container_cluster.primary.private_cluster_config) > 0) ? (
+    var.private_endpoint_subnetwork != null ?
+    data.google_compute_subnetwork.private_endpoint_subnetwork[0].ip_cidr_range :
+    var.master_ipv4_cidr_block != null ?
+    google_container_cluster.primary.private_cluster_config[0].master_ipv4_cidr_block :
+    local.cluster_subnet_cidr
+  ) : local.cluster_subnet_cidr
 
   cluster_output_master_auth                        = concat(google_container_cluster.primary[*].master_auth, [])
   cluster_output_master_version                     = google_container_cluster.primary.master_version
diff --git a/modules/private-cluster/networks.tf b/modules/private-cluster/networks.tf
@@ -24,3 +24,12 @@ data "google_compute_subnetwork" "gke_subnetwork" {
   region  = local.region
   project = local.network_project_id
 }
+
+data "google_compute_subnetwork" "private_endpoint_subnetwork" {
+  provider = google
+
+  count   = var.private_endpoint_subnetwork != null ? 1 : 0
+  name    = var.private_endpoint_subnetwork
+  region  = local.region
+  project = local.network_project_id
+}
diff --git a/networks.tf b/networks.tf
@@ -24,3 +24,4 @@ data "google_compute_subnetwork" "gke_subnetwork" {
   region  = local.region
   project = local.network_project_id
 }
+

Original file line number	Diff line number	Diff line change
`@@ -24,3 +24,4 @@ data "google_compute_subnetwork" "gke_subnetwork" {`
`24`	`24`	`region = local.region`
`25`	`25`	`project = local.network_project_id`
`26`	`26`	`}`
	`27`	`+`