feat: add confidential nodes example

[arthurlapertosa]

No description provided.

[arthurlapertosa]

cc @erlanderlo

[apeabody]

Thanks for the contribution @arthurlapertosa!

A few initial notes to get the tests ready.

[apeabody]

Hi @arthurlapertosa - Checking if you are still working on this PR. Thanks!

[apeabody]

Hi @arthurlapertosa - Looks like we are getting a perma-drift during the new test:

Step #88 - "verify test-confidential-safer-cluster": TestConfidentialSaferCluster 2025-02-10T19:23:45Z command.go:185: Terraform used the selected providers to generate the following execution
Step #88 - "verify test-confidential-safer-cluster": TestConfidentialSaferCluster 2025-02-10T19:23:45Z command.go:185: plan. Resource actions are indicated with the following symbols:
Step #88 - "verify test-confidential-safer-cluster": TestConfidentialSaferCluster 2025-02-10T19:23:45Z command.go:185:   ~ update in-place
Step #88 - "verify test-confidential-safer-cluster": TestConfidentialSaferCluster 2025-02-10T19:23:45Z command.go:185: 
Step #88 - "verify test-confidential-safer-cluster": TestConfidentialSaferCluster 2025-02-10T19:23:45Z command.go:185: Terraform will perform the following actions:
Step #88 - "verify test-confidential-safer-cluster": TestConfidentialSaferCluster 2025-02-10T19:23:45Z command.go:185: 
Step #88 - "verify test-confidential-safer-cluster": TestConfidentialSaferCluster 2025-02-10T19:23:45Z command.go:185:   # module.example.module.gcp-network.module.subnets.google_compute_subnetwork.subnetwork["us-central1/confidential-safer-subnet"] will be updated in-place
Step #88 - "verify test-confidential-safer-cluster": TestConfidentialSaferCluster 2025-02-10T19:23:45Z command.go:185:   ~ resource "google_compute_subnetwork" "subnetwork" {
Step #88 - "verify test-confidential-safer-cluster": TestConfidentialSaferCluster 2025-02-10T19:23:45Z command.go:185:         id                         = "projects/ci-gke-3c5ba238-672b/regions/us-central1/subnetworks/confidential-safer-subnet"
Step #88 - "verify test-confidential-safer-cluster": TestConfidentialSaferCluster 2025-02-10T19:23:45Z command.go:185:         name                       = "confidential-safer-subnet"
Step #88 - "verify test-confidential-safer-cluster": TestConfidentialSaferCluster 2025-02-10T19:23:45Z command.go:185:       ~ private_ip_google_access   = true -> false
Step #88 - "verify test-confidential-safer-cluster": TestConfidentialSaferCluster 2025-02-10T19:23:45Z command.go:185:         # (18 unchanged attributes hidden)
Step #88 - "verify test-confidential-safer-cluster": TestConfidentialSaferCluster 2025-02-10T19:23:45Z command.go:185: 
Step #88 - "verify test-confidential-safer-cluster": TestConfidentialSaferCluster 2025-02-10T19:23:45Z command.go:185:         # (2 unchanged blocks hidden)
Step #88 - "verify test-confidential-safer-cluster": TestConfidentialSaferCluster 2025-02-10T19:23:45Z command.go:185:     }
Step #88 - "verify test-confidential-safer-cluster": TestConfidentialSaferCluster 2025-02-10T19:23:45Z command.go:185: 
Step #88 - "verify test-confidential-safer-cluster": TestConfidentialSaferCluster 2025-02-10T19:23:45Z command.go:185: Plan: 0 to add, 1 to change, 0 to destroy.

Perhaps add subnet_private_access = true to your new test subnet.

[arthurlapertosa]

@apeabody Thanks for the help!!
Looks like TestPrivateZonalWithNetworking is failing now? The output is too large, it's kinda difficult to know exactly what is going on...

[apeabody]

Hmm - Looks like a new resourceLabels was automatically added to the cluster, once confirmed, we'll need to adjust the test:

Step #76 - "verify private-zonal-with-networking":         	            	Diff:
Step #76 - "verify private-zonal-with-networking":         	            	--- Expected
Step #76 - "verify private-zonal-with-networking":         	            	+++ Actual
Step #76 - "verify private-zonal-with-networking":         	            	@@ -1,2 +1,2 @@
Step #76 - "verify private-zonal-with-networking":         	            	-(map[string]interface {}) (len=15) {
Step #76 - "verify private-zonal-with-networking":         	            	+(map[string]interface {}) (len=16) {
Step #76 - "verify private-zonal-with-networking":         	            	  (string) (len=10) "diskSizeGb": (float64) 100,
Step #76 - "verify private-zonal-with-networking":         	            	@@ -26,2 +26,5 @@
Step #76 - "verify private-zonal-with-networking":         	            	  },
Step #76 - "verify private-zonal-with-networking":         	            	+ (string) (len=14) "resourceLabels": (map[string]interface {}) (len=1) {
Step #76 - "verify private-zonal-with-networking":         	            	+  (string) (len=37) "goog-gke-node-pool-provisioning-model": (string) (len=9) "on-demand"
Step #76 - "verify private-zonal-with-networking":         	            	+ },
Step #76 - "verify private-zonal-with-networking":         	            	  (string) (len=14) "serviceAccount": (string) (len=15) "SERVICE_ACCOUNT",
Step #76 - "verify private-zonal-with-networking":         	Test:       	TestPrivateZonalWithNetworking

[apeabody]

Thanks @arthurlapertosa!

[apeabody]

Leave as feat as it makes minor changes to safer_cluster modules.