diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 0dd5a4aec2..6726f15f92 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -298,11 +298,8 @@ resource "google_container_cluster" "primary" { } } - dynamic "secret_manager_config" { - for_each = var.enable_secret_manager_addon ? [var.enable_secret_manager_addon] : [] - content { - enabled = secret_manager_config.value - } + secret_manager_config { + enabled = var.enable_secret_manager_addon } dynamic "pod_autoscaling" { diff --git a/autogen/main/main.tf.tmpl b/autogen/main/main.tf.tmpl index ce3268200c..af1cd47474 100644 --- a/autogen/main/main.tf.tmpl +++ b/autogen/main/main.tf.tmpl @@ -172,7 +172,7 @@ locals { cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling[0].enabled : false cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility cluster_output_identity_service_enabled = google_container_cluster.primary.identity_service_config != null && length(google_container_cluster.primary.identity_service_config) == 1 ? google_container_cluster.primary.identity_service_config[0].enabled : false - cluster_output_secret_manager_addon_enabled = google_container_cluster.primary.secret_manager_config != null && length(google_container_cluster.primary.secret_manager_config) == 1 ? google_container_cluster.primary.secret_manager_config[0].enabled : false + cluster_output_secret_manager_addon_enabled = google_container_cluster.primary.secret_manager_config[0].enabled {% if beta_cluster %} # BETA features diff --git a/cluster.tf b/cluster.tf index e9f0765be3..07f41a0162 100644 --- a/cluster.tf +++ b/cluster.tf @@ -227,7 +227,6 @@ resource "google_container_cluster" "primary" { total_egress_bandwidth_tier = var.total_egress_bandwidth_tier } } - dynamic "rbac_binding_config" { for_each = var.rbac_binding_config.enable_insecure_binding_system_unauthenticated != null || var.rbac_binding_config.enable_insecure_binding_system_authenticated != null ? [var.rbac_binding_config] : [] content { @@ -236,11 +235,9 @@ resource "google_container_cluster" "primary" { } } - dynamic "secret_manager_config" { - for_each = var.enable_secret_manager_addon ? [var.enable_secret_manager_addon] : [] - content { - enabled = secret_manager_config.value - } + + secret_manager_config { + enabled = var.enable_secret_manager_addon } dynamic "pod_autoscaling" { diff --git a/main.tf b/main.tf index acd49578db..e2e24bf07f 100644 --- a/main.tf +++ b/main.tf @@ -124,7 +124,7 @@ locals { cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling[0].enabled : false cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility cluster_output_identity_service_enabled = google_container_cluster.primary.identity_service_config != null && length(google_container_cluster.primary.identity_service_config) == 1 ? google_container_cluster.primary.identity_service_config[0].enabled : false - cluster_output_secret_manager_addon_enabled = google_container_cluster.primary.secret_manager_config != null && length(google_container_cluster.primary.secret_manager_config) == 1 ? google_container_cluster.primary.secret_manager_config[0].enabled : false + cluster_output_secret_manager_addon_enabled = google_container_cluster.primary.secret_manager_config[0].enabled cluster_output_node_pools_names = concat( [for np in google_container_node_pool.pools : np.name], [""], diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf index 582d0c42d8..70aeb0411b 100644 --- a/modules/beta-autopilot-private-cluster/cluster.tf +++ b/modules/beta-autopilot-private-cluster/cluster.tf @@ -156,11 +156,9 @@ resource "google_container_cluster" "primary" { } } - dynamic "secret_manager_config" { - for_each = var.enable_secret_manager_addon ? [var.enable_secret_manager_addon] : [] - content { - enabled = secret_manager_config.value - } + +secret_manager_config { + enabled = var.enable_secret_manager_addon } dynamic "pod_autoscaling" { diff --git a/modules/beta-autopilot-private-cluster/main.tf b/modules/beta-autopilot-private-cluster/main.tf index 04b06a22e3..013dca685a 100644 --- a/modules/beta-autopilot-private-cluster/main.tf +++ b/modules/beta-autopilot-private-cluster/main.tf @@ -96,7 +96,7 @@ locals { cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling[0].enabled : false cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility cluster_output_identity_service_enabled = google_container_cluster.primary.identity_service_config != null && length(google_container_cluster.primary.identity_service_config) == 1 ? google_container_cluster.primary.identity_service_config[0].enabled : false - cluster_output_secret_manager_addon_enabled = google_container_cluster.primary.secret_manager_config != null && length(google_container_cluster.primary.secret_manager_config) == 1 ? google_container_cluster.primary.secret_manager_config[0].enabled : false + cluster_output_secret_manager_addon_enabled = google_container_cluster.primary.secret_manager_config[0].enabled # BETA features cluster_output_istio_disabled = google_container_cluster.primary.addons_config[0].istio_config != null && length(google_container_cluster.primary.addons_config[0].istio_config) == 1 ? google_container_cluster.primary.addons_config[0].istio_config[0].disabled : false diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf index 4b58fa1122..c9972a1370 100644 --- a/modules/beta-autopilot-public-cluster/cluster.tf +++ b/modules/beta-autopilot-public-cluster/cluster.tf @@ -156,11 +156,9 @@ resource "google_container_cluster" "primary" { } } - dynamic "secret_manager_config" { - for_each = var.enable_secret_manager_addon ? [var.enable_secret_manager_addon] : [] - content { - enabled = secret_manager_config.value - } + +secret_manager_config { + enabled = var.enable_secret_manager_addon } dynamic "pod_autoscaling" { diff --git a/modules/beta-autopilot-public-cluster/main.tf b/modules/beta-autopilot-public-cluster/main.tf index a665591fd6..7cbab2e32e 100644 --- a/modules/beta-autopilot-public-cluster/main.tf +++ b/modules/beta-autopilot-public-cluster/main.tf @@ -89,7 +89,7 @@ locals { cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling[0].enabled : false cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility cluster_output_identity_service_enabled = google_container_cluster.primary.identity_service_config != null && length(google_container_cluster.primary.identity_service_config) == 1 ? google_container_cluster.primary.identity_service_config[0].enabled : false - cluster_output_secret_manager_addon_enabled = google_container_cluster.primary.secret_manager_config != null && length(google_container_cluster.primary.secret_manager_config) == 1 ? google_container_cluster.primary.secret_manager_config[0].enabled : false + cluster_output_secret_manager_addon_enabled = google_container_cluster.primary.secret_manager_config[0].enabled # BETA features cluster_output_istio_disabled = google_container_cluster.primary.addons_config[0].istio_config != null && length(google_container_cluster.primary.addons_config[0].istio_config) == 1 ? google_container_cluster.primary.addons_config[0].istio_config[0].disabled : false diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 010851c0cc..9e1db201fe 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -249,11 +249,9 @@ resource "google_container_cluster" "primary" { } } - dynamic "secret_manager_config" { - for_each = var.enable_secret_manager_addon ? [var.enable_secret_manager_addon] : [] - content { - enabled = secret_manager_config.value - } + + secret_manager_config { + enabled = var.enable_secret_manager_addon } dynamic "pod_autoscaling" { diff --git a/modules/beta-private-cluster-update-variant/main.tf b/modules/beta-private-cluster-update-variant/main.tf index 7e82e41d1e..112ff256a6 100644 --- a/modules/beta-private-cluster-update-variant/main.tf +++ b/modules/beta-private-cluster-update-variant/main.tf @@ -143,7 +143,7 @@ locals { cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling[0].enabled : false cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility cluster_output_identity_service_enabled = google_container_cluster.primary.identity_service_config != null && length(google_container_cluster.primary.identity_service_config) == 1 ? google_container_cluster.primary.identity_service_config[0].enabled : false - cluster_output_secret_manager_addon_enabled = google_container_cluster.primary.secret_manager_config != null && length(google_container_cluster.primary.secret_manager_config) == 1 ? google_container_cluster.primary.secret_manager_config[0].enabled : false + cluster_output_secret_manager_addon_enabled = google_container_cluster.primary.secret_manager_config[0].enabled # BETA features cluster_output_istio_disabled = google_container_cluster.primary.addons_config[0].istio_config != null && length(google_container_cluster.primary.addons_config[0].istio_config) == 1 ? google_container_cluster.primary.addons_config[0].istio_config[0].disabled : false diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 4a7c30bbbf..c84c8ffa1c 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -249,11 +249,8 @@ resource "google_container_cluster" "primary" { } } - dynamic "secret_manager_config" { - for_each = var.enable_secret_manager_addon ? [var.enable_secret_manager_addon] : [] - content { - enabled = secret_manager_config.value - } + secret_manager_config { + enabled = var.enable_secret_manager_addon } dynamic "pod_autoscaling" { diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf index 7e82e41d1e..112ff256a6 100644 --- a/modules/beta-private-cluster/main.tf +++ b/modules/beta-private-cluster/main.tf @@ -143,7 +143,7 @@ locals { cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling[0].enabled : false cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility cluster_output_identity_service_enabled = google_container_cluster.primary.identity_service_config != null && length(google_container_cluster.primary.identity_service_config) == 1 ? google_container_cluster.primary.identity_service_config[0].enabled : false - cluster_output_secret_manager_addon_enabled = google_container_cluster.primary.secret_manager_config != null && length(google_container_cluster.primary.secret_manager_config) == 1 ? google_container_cluster.primary.secret_manager_config[0].enabled : false + cluster_output_secret_manager_addon_enabled = google_container_cluster.primary.secret_manager_config[0].enabled # BETA features cluster_output_istio_disabled = google_container_cluster.primary.addons_config[0].istio_config != null && length(google_container_cluster.primary.addons_config[0].istio_config) == 1 ? google_container_cluster.primary.addons_config[0].istio_config[0].disabled : false diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index 1a8912df2d..e345f9602d 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -249,11 +249,8 @@ resource "google_container_cluster" "primary" { } } - dynamic "secret_manager_config" { - for_each = var.enable_secret_manager_addon ? [var.enable_secret_manager_addon] : [] - content { - enabled = secret_manager_config.value - } + secret_manager_config { + enabled = var.enable_secret_manager_addon } dynamic "pod_autoscaling" { diff --git a/modules/beta-public-cluster-update-variant/main.tf b/modules/beta-public-cluster-update-variant/main.tf index 015c44702c..4287e1ca21 100644 --- a/modules/beta-public-cluster-update-variant/main.tf +++ b/modules/beta-public-cluster-update-variant/main.tf @@ -136,7 +136,7 @@ locals { cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling[0].enabled : false cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility cluster_output_identity_service_enabled = google_container_cluster.primary.identity_service_config != null && length(google_container_cluster.primary.identity_service_config) == 1 ? google_container_cluster.primary.identity_service_config[0].enabled : false - cluster_output_secret_manager_addon_enabled = google_container_cluster.primary.secret_manager_config != null && length(google_container_cluster.primary.secret_manager_config) == 1 ? google_container_cluster.primary.secret_manager_config[0].enabled : false + cluster_output_secret_manager_addon_enabled = google_container_cluster.primary.secret_manager_config[0].enabled # BETA features cluster_output_istio_disabled = google_container_cluster.primary.addons_config[0].istio_config != null && length(google_container_cluster.primary.addons_config[0].istio_config) == 1 ? google_container_cluster.primary.addons_config[0].istio_config[0].disabled : false diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index b95f83f356..2f3341ffa1 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -249,11 +249,8 @@ resource "google_container_cluster" "primary" { } } - dynamic "secret_manager_config" { - for_each = var.enable_secret_manager_addon ? [var.enable_secret_manager_addon] : [] - content { - enabled = secret_manager_config.value - } + secret_manager_config { + enabled = var.enable_secret_manager_addon } dynamic "pod_autoscaling" { diff --git a/modules/beta-public-cluster/main.tf b/modules/beta-public-cluster/main.tf index 015c44702c..4287e1ca21 100644 --- a/modules/beta-public-cluster/main.tf +++ b/modules/beta-public-cluster/main.tf @@ -136,7 +136,7 @@ locals { cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling[0].enabled : false cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility cluster_output_identity_service_enabled = google_container_cluster.primary.identity_service_config != null && length(google_container_cluster.primary.identity_service_config) == 1 ? google_container_cluster.primary.identity_service_config[0].enabled : false - cluster_output_secret_manager_addon_enabled = google_container_cluster.primary.secret_manager_config != null && length(google_container_cluster.primary.secret_manager_config) == 1 ? google_container_cluster.primary.secret_manager_config[0].enabled : false + cluster_output_secret_manager_addon_enabled = google_container_cluster.primary.secret_manager_config[0].enabled # BETA features cluster_output_istio_disabled = google_container_cluster.primary.addons_config[0].istio_config != null && length(google_container_cluster.primary.addons_config[0].istio_config) == 1 ? google_container_cluster.primary.addons_config[0].istio_config[0].disabled : false diff --git a/modules/gke-autopilot-cluster/main.tf b/modules/gke-autopilot-cluster/main.tf index 2bf81b05bf..c468270b21 100644 --- a/modules/gke-autopilot-cluster/main.tf +++ b/modules/gke-autopilot-cluster/main.tf @@ -160,11 +160,8 @@ resource "google_container_cluster" "main" { } } - dynamic "secret_manager_config" { - for_each = var.secret_manager_config != null ? [var.secret_manager_config] : [] - content { - enabled = secret_manager_config.value.enabled - } + secret_manager_config { + enabled = var.secret_manager_config != null ? var.secret_manager_config.enabled : false } dynamic "pod_autoscaling" { diff --git a/modules/gke-autopilot-cluster/outputs.tf b/modules/gke-autopilot-cluster/outputs.tf index 4229fdc334..a9eb189bce 100644 --- a/modules/gke-autopilot-cluster/outputs.tf +++ b/modules/gke-autopilot-cluster/outputs.tf @@ -125,5 +125,5 @@ output "intranode_visibility_enabled" { output "secret_manager_addon_enabled" { description = "Whether Secret Manager add-on is enabled" - value = google_container_cluster.main.secret_manager_config != null && length(google_container_cluster.main.secret_manager_config) == 1 ? google_container_cluster.main.secret_manager_config[0].enabled : false + value = google_container_cluster.main.secret_manager_config[0].enabled } diff --git a/modules/gke-standard-cluster/main.tf b/modules/gke-standard-cluster/main.tf index 30905debf7..1e3cd16528 100644 --- a/modules/gke-standard-cluster/main.tf +++ b/modules/gke-standard-cluster/main.tf @@ -1051,11 +1051,8 @@ resource "google_container_cluster" "main" { } } - dynamic "secret_manager_config" { - for_each = var.secret_manager_config != null ? [var.secret_manager_config] : [] - content { - enabled = secret_manager_config.value.enabled - } + secret_manager_config { + enabled = var.secret_manager_config != null ? var.secret_manager_config.enabled : false } dynamic "authenticator_groups_config" { diff --git a/modules/gke-standard-cluster/outputs.tf b/modules/gke-standard-cluster/outputs.tf index b443f53439..8fc15a73ae 100644 --- a/modules/gke-standard-cluster/outputs.tf +++ b/modules/gke-standard-cluster/outputs.tf @@ -140,5 +140,5 @@ output "intranode_visibility_enabled" { output "secret_manager_addon_enabled" { description = "Whether Secret Manager add-on is enabled" - value = google_container_cluster.main.secret_manager_config != null && length(google_container_cluster.main.secret_manager_config) == 1 ? google_container_cluster.main.secret_manager_config[0].enabled : false + value = google_container_cluster.main.secret_manager_config[0].enabled } diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index 8700f849e0..6cf3540a82 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -236,11 +236,8 @@ resource "google_container_cluster" "primary" { } } - dynamic "secret_manager_config" { - for_each = var.enable_secret_manager_addon ? [var.enable_secret_manager_addon] : [] - content { - enabled = secret_manager_config.value - } + secret_manager_config { + enabled = var.enable_secret_manager_addon } dynamic "pod_autoscaling" { diff --git a/modules/private-cluster-update-variant/main.tf b/modules/private-cluster-update-variant/main.tf index b311f148c0..0d946ab54b 100644 --- a/modules/private-cluster-update-variant/main.tf +++ b/modules/private-cluster-update-variant/main.tf @@ -131,7 +131,7 @@ locals { cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling[0].enabled : false cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility cluster_output_identity_service_enabled = google_container_cluster.primary.identity_service_config != null && length(google_container_cluster.primary.identity_service_config) == 1 ? google_container_cluster.primary.identity_service_config[0].enabled : false - cluster_output_secret_manager_addon_enabled = google_container_cluster.primary.secret_manager_config != null && length(google_container_cluster.primary.secret_manager_config) == 1 ? google_container_cluster.primary.secret_manager_config[0].enabled : false + cluster_output_secret_manager_addon_enabled = google_container_cluster.primary.secret_manager_config[0].enabled cluster_output_node_pools_names = concat( [for np in google_container_node_pool.pools : np.name], [""], diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index d48a2f9836..524d8155cf 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -236,11 +236,9 @@ resource "google_container_cluster" "primary" { } } - dynamic "secret_manager_config" { - for_each = var.enable_secret_manager_addon ? [var.enable_secret_manager_addon] : [] - content { - enabled = secret_manager_config.value - } + +secret_manager_config { + enabled = var.enable_secret_manager_addon } dynamic "pod_autoscaling" { diff --git a/modules/private-cluster/main.tf b/modules/private-cluster/main.tf index b311f148c0..0d946ab54b 100644 --- a/modules/private-cluster/main.tf +++ b/modules/private-cluster/main.tf @@ -131,7 +131,7 @@ locals { cluster_output_vertical_pod_autoscaling_enabled = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling[0].enabled : false cluster_output_intranode_visbility_enabled = google_container_cluster.primary.enable_intranode_visibility cluster_output_identity_service_enabled = google_container_cluster.primary.identity_service_config != null && length(google_container_cluster.primary.identity_service_config) == 1 ? google_container_cluster.primary.identity_service_config[0].enabled : false - cluster_output_secret_manager_addon_enabled = google_container_cluster.primary.secret_manager_config != null && length(google_container_cluster.primary.secret_manager_config) == 1 ? google_container_cluster.primary.secret_manager_config[0].enabled : false + cluster_output_secret_manager_addon_enabled = google_container_cluster.primary.secret_manager_config[0].enabled cluster_output_node_pools_names = concat( [for np in google_container_node_pool.pools : np.name], [""],