feat: Add GKE CustomNodeInit support

[zicongmei]

Adds support for GKE custom node initialization scripts configuration in LinuxNodeConfig. This includes:

• Adding custom_node_init schema to linux_node_config block.
• Implementing expander and flattener helpers for CustomNodeInit and InitScript.
• Adding TestAccContainerNodePool_withCustomNodeInit integration test template.

This supports both GCS URI (with specific generation) and GCP Secret Manager secret URI configurations.

TAG=agy
CONV=753c21e2-16d4-4cc3-9aef-bf8b374d142c

Release Note Template for Downstream PRs (will be copied)

See Write release notes for guidance.

container: added `custom_node_init` configuration block to `node_config` (supporting Cloud Storage and Secret Manager) for both `google_container_cluster` and `google_container_node_pool` resources.

[github-actions]

Googlers: For automatic test runs see go/terraform-auto-test-runs.

@trodge, a repository maintainer, has been assigned to review your changes. If you have not received review feedback within 2 business days, please leave a comment on this PR asking them to take a look.

You can help make sure that review is quick by doing a self-review and by running impacted tests locally.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes for commit 46d0291:

Diff report

Your PR generated the following diffs in downstream repositories:

Repository	Diff Link	Changes
google provider	View Diff	2 files changed, 185 insertions(+)
google-beta provider	View Diff	2 files changed, 185 insertions(+)
terraform-google-conversion	View Diff	1 file changed, 3 insertions(+)

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_container_cluster (553 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_container_cluster" "primary" {
  node_config {
    linux_node_config {
      custom_node_init {
        init_script {
          gcp_secret_manager_secret_uri = # value needed
          gcs_generation                = # value needed
          gcs_uri                       = # value needed
        }
      }
    }
  }
  node_pool {
    node_config {
      linux_node_config {
        custom_node_init {
          init_script {
            gcp_secret_manager_secret_uri = # value needed
            gcs_generation                = # value needed
            gcs_uri                       = # value needed
          }
        }
      }
    }
  }
}

Resource: google_container_node_pool (122 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_container_node_pool" "primary" {
  node_config {
    linux_node_config {
      custom_node_init {
        init_script {
          gcp_secret_manager_secret_uri = # value needed
          gcs_generation                = # value needed
        }
      }
    }
  }
}

Missing doc report (experimental)

The following resources have fields missing in documents.

• google_container_cluster
  • Expected Document Path: /website/docs/r/container_cluster.html.markdown
  • Fields: [node_config.linux_node_config.custom_node_init node_config.linux_node_config.custom_node_init.init_script node_config.linux_node_config.custom_node_init.init_script.gcp_secret_manager_secret_uri node_config.linux_node_config.custom_node_init.init_script.gcs_generation node_config.linux_node_config.custom_node_init.init_script.gcs_uri node_pool.node_config.linux_node_config.custom_node_init node_pool.node_config.linux_node_config.custom_node_init.init_script node_pool.node_config.linux_node_config.custom_node_init.init_script.gcp_secret_manager_secret_uri node_pool.node_config.linux_node_config.custom_node_init.init_script.gcs_generation node_pool.node_config.linux_node_config.custom_node_init.init_script.gcs_uri]
• google_container_node_pool
  • Expected Document Path: /website/docs/r/container_node_pool.html.markdown
  • Fields: [node_config.linux_node_config.custom_node_init node_config.linux_node_config.custom_node_init.init_script node_config.linux_node_config.custom_node_init.init_script.gcp_secret_manager_secret_uri node_config.linux_node_config.custom_node_init.init_script.gcs_generation node_config.linux_node_config.custom_node_init.init_script.gcs_uri]

Test report

Analytics

Total Tests	Passed	Skipped	Affected
294	275	16	3

Affected Service Packages

• container

Learn how VCR tests work

---

Step 1: Replaying Mode

Action taken

Found 3 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit.

Click here to see the affected tests

• TestAccContainerCluster_withLoggingConfig
• TestAccContainerNodePool_withCustomNodeInit
• TestAccContainerNodePool_withHostMaintenancePolicy

View the replaying VCR build log

---

Step 2: Recording Mode

Recording Mode	Replaying Rerun	Test Name
❌ Error · Log	-	TestAccContainerCluster_withLoggingConfig
❌ Error · Log	-	TestAccContainerNodePool_withCustomNodeInit
❌ Error · Log	-	TestAccContainerNodePool_withHostMaintenancePolicy

Caution

Issues requiring attention before PR completion

🔴 Initial Recording Failed: Some tests failed during the recording step. See the table above for details.

Please address these issues to complete your PR. If you believe these detections are incorrect or unrelated to your change, please raise the concern with your reviewer.

View the recording VCR build log or the debug logs folder for detailed results.

@zicongmei, @trodge VCR tests complete for 46d0291!