Add support for legacyAbac to google_container_cluster (#261)

* revendor container api

* Add support for legacyAbac to `google_container_cluster`

* change to single enabled field

google/resource_container_cluster.go

@@ -138,6 +138,12 @@ func resourceContainerCluster() *schema.Resource {
 				ForceNew: true,
 			},
 
+			"enable_legacy_abac": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Default:  true,
+			},
+
 			"endpoint": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -315,6 +321,11 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er
 		cluster.Description = v.(string)
 	}
 
+	cluster.LegacyAbac = &container.LegacyAbac{
+		Enabled:         d.Get("enable_legacy_abac").(bool),
+		ForceSendFields: []string{"Enabled"},
+	}
+
 	if v, ok := d.GetOk("logging_service"); ok {
 		cluster.LoggingService = v.(string)
 	}
@@ -513,6 +524,7 @@ func resourceContainerClusterRead(d *schema.ResourceData, meta interface{}) erro
 	d.Set("node_version", cluster.CurrentNodeVersion)
 	d.Set("cluster_ipv4_cidr", cluster.ClusterIpv4Cidr)
 	d.Set("description", cluster.Description)
+	d.Set("enable_legacy_abac", cluster.LegacyAbac.Enabled)
 	d.Set("logging_service", cluster.LoggingService)
 	d.Set("monitoring_service", cluster.MonitoringService)
 	d.Set("network", d.Get("network").(string))
@@ -595,6 +607,30 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er
 
 		log.Printf("[INFO] GKE cluster %s locations have been updated to %v", d.Id(),
 			locations)
+
+		d.SetPartial("additional_zones")
+	}
+
+	if d.HasChange("enable_legacy_abac") {
+		enabled := d.Get("enable_legacy_abac").(bool)
+		req := &container.SetLegacyAbacRequest{
+			Enabled:         enabled,
+			ForceSendFields: []string{"Enabled"},
+		}
+		op, err := config.clientContainer.Projects.Zones.Clusters.LegacyAbac(project, zoneName, clusterName, req).Do()
+		if err != nil {
+			return err
+		}
+
+		// Wait until it's updated
+		waitErr := containerOperationWait(config, op, project, zoneName, "updating GKE legacy ABAC", timeoutInMinutes, 2)
+		if waitErr != nil {
+			return waitErr
+		}
+
+		log.Printf("[INFO] GKE cluster %s legacy ABAC has been updated to %v", d.Id(), enabled)
+
+		d.SetPartial("enable_legacy_abac")
 	}
 
 	d.Partial(false)

google/resource_container_cluster_test.go

@@ -91,6 +91,34 @@ func TestAccContainerCluster_withAdditionalZones(t *testing.T) {
 	})
 }
 
+func TestAccContainerCluster_withLegacyAbac(t *testing.T) {
+	clusterName := fmt.Sprintf("cluster-test-%s", acctest.RandString(10))
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckContainerClusterDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccContainerCluster_withLegacyAbac(clusterName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckContainerCluster(
+						"google_container_cluster.with_legacy_abac"),
+					resource.TestCheckResourceAttr("google_container_cluster.with_legacy_abac", "enable_legacy_abac", "true"),
+				),
+			},
+			{
+				Config: testAccContainerCluster_updateLegacyAbac(clusterName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckContainerCluster(
+						"google_container_cluster.with_legacy_abac"),
+					resource.TestCheckResourceAttr("google_container_cluster.with_legacy_abac", "enable_legacy_abac", "false"),
+				),
+			},
+		},
+	})
+}
+
 func TestAccContainerCluster_withVersion(t *testing.T) {
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
@@ -289,6 +317,7 @@ func testAccCheckContainerCluster(n string) resource.TestCheckFunc {
 			{"zone", cluster.Zone},
 			{"cluster_ipv4_cidr", cluster.ClusterIpv4Cidr},
 			{"description", cluster.Description},
+			{"enable_legacy_abac", strconv.FormatBool(cluster.LegacyAbac.Enabled)},
 			{"endpoint", cluster.Endpoint},
 			{"instance_group_urls", igUrls},
 			{"logging_service", cluster.LoggingService},
@@ -520,6 +549,28 @@ resource "google_container_cluster" "with_additional_zones" {
 }`, clusterName)
 }
 
+func testAccContainerCluster_withLegacyAbac(clusterName string) string {
+	return fmt.Sprintf(`
+resource "google_container_cluster" "with_legacy_abac" {
+	name = "cluster-test-%s"
+	zone = "us-central1-a"
+	initial_node_count = 1
+
+	enable_legacy_abac = true
+}`, clusterName)
+}
+
+func testAccContainerCluster_updateLegacyAbac(clusterName string) string {
+	return fmt.Sprintf(`
+resource "google_container_cluster" "with_legacy_abac" {
+	name = "cluster-test-%s"
+	zone = "us-central1-a"
+	initial_node_count = 1
+
+	enable_legacy_abac = false
+}`, clusterName)
+}
+
 var testAccContainerCluster_withVersion = fmt.Sprintf(`
 data "google_container_engine_versions" "central1a" {
 	zone = "us-central1-a"