From ffd9803916ffe48209138e7b2089fda7a3278a4c Mon Sep 17 00:00:00 2001
From: Arjun Dutta <duttaarjun78@gmail.com>
Date: Sun, 10 Aug 2025 23:52:15 +0530
Subject: [PATCH 1/2] fix: replace dynamic secret_manager_config block with
 static block

---
 autogen/main/cluster.tf.tmpl                           | 7 ++-----
 autogen/main/main.tf.tmpl                              | 2 +-
 cluster.tf                                             | 9 +++------
 main.tf                                                | 2 +-
 modules/beta-autopilot-private-cluster/cluster.tf      | 8 +++-----
 modules/beta-autopilot-private-cluster/main.tf         | 2 +-
 modules/beta-autopilot-public-cluster/cluster.tf       | 8 +++-----
 modules/beta-autopilot-public-cluster/main.tf          | 2 +-
 modules/beta-private-cluster-update-variant/cluster.tf | 8 +++-----
 modules/beta-private-cluster-update-variant/main.tf    | 2 +-
 modules/beta-private-cluster/cluster.tf                | 7 ++-----
 modules/beta-private-cluster/main.tf                   | 2 +-
 modules/beta-public-cluster-update-variant/cluster.tf  | 7 ++-----
 modules/beta-public-cluster-update-variant/main.tf     | 2 +-
 modules/beta-public-cluster/cluster.tf                 | 7 ++-----
 modules/beta-public-cluster/main.tf                    | 2 +-
 modules/gke-autopilot-cluster/main.tf                  | 7 ++-----
 modules/gke-autopilot-cluster/outputs.tf               | 2 +-
 modules/gke-standard-cluster/main.tf                   | 7 ++-----
 modules/gke-standard-cluster/outputs.tf                | 2 +-
 modules/private-cluster-update-variant/cluster.tf      | 7 ++-----
 modules/private-cluster-update-variant/main.tf         | 2 +-
 modules/private-cluster/cluster.tf                     | 8 +++-----
 modules/private-cluster/main.tf                        | 2 +-
 24 files changed, 41 insertions(+), 73 deletions(-)

diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl
index 0dd5a4aec2..6726f15f92 100644
--- a/autogen/main/cluster.tf.tmpl
+++ b/autogen/main/cluster.tf.tmpl
@@ -298,11 +298,8 @@ resource "google_container_cluster" "primary" {
     }
   }
 
-  dynamic "secret_manager_config" {
-    for_each = var.enable_secret_manager_addon ? [var.enable_secret_manager_addon] : []
-    content {
-      enabled = secret_manager_config.value
-    }
+  secret_manager_config {
+    enabled = var.enable_secret_manager_addon
   }
 
   dynamic "pod_autoscaling" {
diff --git a/autogen/main/main.tf.tmpl b/autogen/main/main.tf.tmpl
index ce3268200c..af1cd47474 100644
--- a/autogen/main/main.tf.tmpl
+++ b/autogen/main/main.tf.tmpl
@@ -172,7 +172,7 @@ locals {
   cluster_output_vertical_pod_autoscaling_enabled   = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling[0].enabled : false
   cluster_output_intranode_visbility_enabled        = google_container_cluster.primary.enable_intranode_visibility
   cluster_output_identity_service_enabled           = google_container_cluster.primary.identity_service_config != null && length(google_container_cluster.primary.identity_service_config) == 1 ? google_container_cluster.primary.identity_service_config[0].enabled : false
-  cluster_output_secret_manager_addon_enabled       = google_container_cluster.primary.secret_manager_config != null && length(google_container_cluster.primary.secret_manager_config) == 1 ? google_container_cluster.primary.secret_manager_config[0].enabled : false
+  cluster_output_secret_manager_addon_enabled       = google_container_cluster.primary.secret_manager_config[0].enabled
 
 {% if beta_cluster %}
   # BETA features
diff --git a/cluster.tf b/cluster.tf
index e9f0765be3..07f41a0162 100644
--- a/cluster.tf
+++ b/cluster.tf
@@ -227,7 +227,6 @@ resource "google_container_cluster" "primary" {
       total_egress_bandwidth_tier = var.total_egress_bandwidth_tier
     }
   }
-
   dynamic "rbac_binding_config" {
     for_each = var.rbac_binding_config.enable_insecure_binding_system_unauthenticated != null || var.rbac_binding_config.enable_insecure_binding_system_authenticated != null ? [var.rbac_binding_config] : []
     content {
@@ -236,11 +235,9 @@ resource "google_container_cluster" "primary" {
     }
   }
 
-  dynamic "secret_manager_config" {
-    for_each = var.enable_secret_manager_addon ? [var.enable_secret_manager_addon] : []
-    content {
-      enabled = secret_manager_config.value
-    }
+
+  secret_manager_config {
+    enabled = var.enable_secret_manager_addon
   }
 
   dynamic "pod_autoscaling" {
diff --git a/main.tf b/main.tf
index acd49578db..e2e24bf07f 100644
--- a/main.tf
+++ b/main.tf
@@ -124,7 +124,7 @@ locals {
   cluster_output_vertical_pod_autoscaling_enabled   = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling[0].enabled : false
   cluster_output_intranode_visbility_enabled        = google_container_cluster.primary.enable_intranode_visibility
   cluster_output_identity_service_enabled           = google_container_cluster.primary.identity_service_config != null && length(google_container_cluster.primary.identity_service_config) == 1 ? google_container_cluster.primary.identity_service_config[0].enabled : false
-  cluster_output_secret_manager_addon_enabled       = google_container_cluster.primary.secret_manager_config != null && length(google_container_cluster.primary.secret_manager_config) == 1 ? google_container_cluster.primary.secret_manager_config[0].enabled : false
+  cluster_output_secret_manager_addon_enabled       = google_container_cluster.primary.secret_manager_config[0].enabled
 
   cluster_output_node_pools_names = concat(
     [for np in google_container_node_pool.pools : np.name], [""],
diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf
index 582d0c42d8..45921c1145 100644
--- a/modules/beta-autopilot-private-cluster/cluster.tf
+++ b/modules/beta-autopilot-private-cluster/cluster.tf
@@ -156,11 +156,9 @@ resource "google_container_cluster" "primary" {
     }
   }
 
-  dynamic "secret_manager_config" {
-    for_each = var.enable_secret_manager_addon ? [var.enable_secret_manager_addon] : []
-    content {
-      enabled = secret_manager_config.value
-    }
+
+  secret_manager_config {
+    enabled = var.enable_secret_manager_addon
   }
 
   dynamic "pod_autoscaling" {
diff --git a/modules/beta-autopilot-private-cluster/main.tf b/modules/beta-autopilot-private-cluster/main.tf
index 04b06a22e3..013dca685a 100644
--- a/modules/beta-autopilot-private-cluster/main.tf
+++ b/modules/beta-autopilot-private-cluster/main.tf
@@ -96,7 +96,7 @@ locals {
   cluster_output_vertical_pod_autoscaling_enabled   = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling[0].enabled : false
   cluster_output_intranode_visbility_enabled        = google_container_cluster.primary.enable_intranode_visibility
   cluster_output_identity_service_enabled           = google_container_cluster.primary.identity_service_config != null && length(google_container_cluster.primary.identity_service_config) == 1 ? google_container_cluster.primary.identity_service_config[0].enabled : false
-  cluster_output_secret_manager_addon_enabled       = google_container_cluster.primary.secret_manager_config != null && length(google_container_cluster.primary.secret_manager_config) == 1 ? google_container_cluster.primary.secret_manager_config[0].enabled : false
+  cluster_output_secret_manager_addon_enabled       = google_container_cluster.primary.secret_manager_config[0].enabled
 
   # BETA features
   cluster_output_istio_disabled              = google_container_cluster.primary.addons_config[0].istio_config != null && length(google_container_cluster.primary.addons_config[0].istio_config) == 1 ? google_container_cluster.primary.addons_config[0].istio_config[0].disabled : false
diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf
index 4b58fa1122..0e54900557 100644
--- a/modules/beta-autopilot-public-cluster/cluster.tf
+++ b/modules/beta-autopilot-public-cluster/cluster.tf
@@ -156,11 +156,9 @@ resource "google_container_cluster" "primary" {
     }
   }
 
-  dynamic "secret_manager_config" {
-    for_each = var.enable_secret_manager_addon ? [var.enable_secret_manager_addon] : []
-    content {
-      enabled = secret_manager_config.value
-    }
+
+  secret_manager_config {
+    enabled = var.enable_secret_manager_addon
   }
 
   dynamic "pod_autoscaling" {
diff --git a/modules/beta-autopilot-public-cluster/main.tf b/modules/beta-autopilot-public-cluster/main.tf
index a665591fd6..7cbab2e32e 100644
--- a/modules/beta-autopilot-public-cluster/main.tf
+++ b/modules/beta-autopilot-public-cluster/main.tf
@@ -89,7 +89,7 @@ locals {
   cluster_output_vertical_pod_autoscaling_enabled   = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling[0].enabled : false
   cluster_output_intranode_visbility_enabled        = google_container_cluster.primary.enable_intranode_visibility
   cluster_output_identity_service_enabled           = google_container_cluster.primary.identity_service_config != null && length(google_container_cluster.primary.identity_service_config) == 1 ? google_container_cluster.primary.identity_service_config[0].enabled : false
-  cluster_output_secret_manager_addon_enabled       = google_container_cluster.primary.secret_manager_config != null && length(google_container_cluster.primary.secret_manager_config) == 1 ? google_container_cluster.primary.secret_manager_config[0].enabled : false
+  cluster_output_secret_manager_addon_enabled       = google_container_cluster.primary.secret_manager_config[0].enabled
 
   # BETA features
   cluster_output_istio_disabled              = google_container_cluster.primary.addons_config[0].istio_config != null && length(google_container_cluster.primary.addons_config[0].istio_config) == 1 ? google_container_cluster.primary.addons_config[0].istio_config[0].disabled : false
diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf
index 010851c0cc..9e1db201fe 100644
--- a/modules/beta-private-cluster-update-variant/cluster.tf
+++ b/modules/beta-private-cluster-update-variant/cluster.tf
@@ -249,11 +249,9 @@ resource "google_container_cluster" "primary" {
     }
   }
 
-  dynamic "secret_manager_config" {
-    for_each = var.enable_secret_manager_addon ? [var.enable_secret_manager_addon] : []
-    content {
-      enabled = secret_manager_config.value
-    }
+
+  secret_manager_config {
+    enabled = var.enable_secret_manager_addon
   }
 
   dynamic "pod_autoscaling" {
diff --git a/modules/beta-private-cluster-update-variant/main.tf b/modules/beta-private-cluster-update-variant/main.tf
index 7e82e41d1e..112ff256a6 100644
--- a/modules/beta-private-cluster-update-variant/main.tf
+++ b/modules/beta-private-cluster-update-variant/main.tf
@@ -143,7 +143,7 @@ locals {
   cluster_output_vertical_pod_autoscaling_enabled   = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling[0].enabled : false
   cluster_output_intranode_visbility_enabled        = google_container_cluster.primary.enable_intranode_visibility
   cluster_output_identity_service_enabled           = google_container_cluster.primary.identity_service_config != null && length(google_container_cluster.primary.identity_service_config) == 1 ? google_container_cluster.primary.identity_service_config[0].enabled : false
-  cluster_output_secret_manager_addon_enabled       = google_container_cluster.primary.secret_manager_config != null && length(google_container_cluster.primary.secret_manager_config) == 1 ? google_container_cluster.primary.secret_manager_config[0].enabled : false
+  cluster_output_secret_manager_addon_enabled       = google_container_cluster.primary.secret_manager_config[0].enabled
 
   # BETA features
   cluster_output_istio_disabled              = google_container_cluster.primary.addons_config[0].istio_config != null && length(google_container_cluster.primary.addons_config[0].istio_config) == 1 ? google_container_cluster.primary.addons_config[0].istio_config[0].disabled : false
diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf
index 4a7c30bbbf..c84c8ffa1c 100644
--- a/modules/beta-private-cluster/cluster.tf
+++ b/modules/beta-private-cluster/cluster.tf
@@ -249,11 +249,8 @@ resource "google_container_cluster" "primary" {
     }
   }
 
-  dynamic "secret_manager_config" {
-    for_each = var.enable_secret_manager_addon ? [var.enable_secret_manager_addon] : []
-    content {
-      enabled = secret_manager_config.value
-    }
+  secret_manager_config {
+    enabled = var.enable_secret_manager_addon
   }
 
   dynamic "pod_autoscaling" {
diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf
index 7e82e41d1e..112ff256a6 100644
--- a/modules/beta-private-cluster/main.tf
+++ b/modules/beta-private-cluster/main.tf
@@ -143,7 +143,7 @@ locals {
   cluster_output_vertical_pod_autoscaling_enabled   = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling[0].enabled : false
   cluster_output_intranode_visbility_enabled        = google_container_cluster.primary.enable_intranode_visibility
   cluster_output_identity_service_enabled           = google_container_cluster.primary.identity_service_config != null && length(google_container_cluster.primary.identity_service_config) == 1 ? google_container_cluster.primary.identity_service_config[0].enabled : false
-  cluster_output_secret_manager_addon_enabled       = google_container_cluster.primary.secret_manager_config != null && length(google_container_cluster.primary.secret_manager_config) == 1 ? google_container_cluster.primary.secret_manager_config[0].enabled : false
+  cluster_output_secret_manager_addon_enabled       = google_container_cluster.primary.secret_manager_config[0].enabled
 
   # BETA features
   cluster_output_istio_disabled              = google_container_cluster.primary.addons_config[0].istio_config != null && length(google_container_cluster.primary.addons_config[0].istio_config) == 1 ? google_container_cluster.primary.addons_config[0].istio_config[0].disabled : false
diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf
index 1a8912df2d..e345f9602d 100644
--- a/modules/beta-public-cluster-update-variant/cluster.tf
+++ b/modules/beta-public-cluster-update-variant/cluster.tf
@@ -249,11 +249,8 @@ resource "google_container_cluster" "primary" {
     }
   }
 
-  dynamic "secret_manager_config" {
-    for_each = var.enable_secret_manager_addon ? [var.enable_secret_manager_addon] : []
-    content {
-      enabled = secret_manager_config.value
-    }
+  secret_manager_config {
+    enabled = var.enable_secret_manager_addon
   }
 
   dynamic "pod_autoscaling" {
diff --git a/modules/beta-public-cluster-update-variant/main.tf b/modules/beta-public-cluster-update-variant/main.tf
index 015c44702c..4287e1ca21 100644
--- a/modules/beta-public-cluster-update-variant/main.tf
+++ b/modules/beta-public-cluster-update-variant/main.tf
@@ -136,7 +136,7 @@ locals {
   cluster_output_vertical_pod_autoscaling_enabled   = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling[0].enabled : false
   cluster_output_intranode_visbility_enabled        = google_container_cluster.primary.enable_intranode_visibility
   cluster_output_identity_service_enabled           = google_container_cluster.primary.identity_service_config != null && length(google_container_cluster.primary.identity_service_config) == 1 ? google_container_cluster.primary.identity_service_config[0].enabled : false
-  cluster_output_secret_manager_addon_enabled       = google_container_cluster.primary.secret_manager_config != null && length(google_container_cluster.primary.secret_manager_config) == 1 ? google_container_cluster.primary.secret_manager_config[0].enabled : false
+  cluster_output_secret_manager_addon_enabled       = google_container_cluster.primary.secret_manager_config[0].enabled
 
   # BETA features
   cluster_output_istio_disabled              = google_container_cluster.primary.addons_config[0].istio_config != null && length(google_container_cluster.primary.addons_config[0].istio_config) == 1 ? google_container_cluster.primary.addons_config[0].istio_config[0].disabled : false
diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf
index b95f83f356..2f3341ffa1 100644
--- a/modules/beta-public-cluster/cluster.tf
+++ b/modules/beta-public-cluster/cluster.tf
@@ -249,11 +249,8 @@ resource "google_container_cluster" "primary" {
     }
   }
 
-  dynamic "secret_manager_config" {
-    for_each = var.enable_secret_manager_addon ? [var.enable_secret_manager_addon] : []
-    content {
-      enabled = secret_manager_config.value
-    }
+  secret_manager_config {
+    enabled = var.enable_secret_manager_addon
   }
 
   dynamic "pod_autoscaling" {
diff --git a/modules/beta-public-cluster/main.tf b/modules/beta-public-cluster/main.tf
index 015c44702c..4287e1ca21 100644
--- a/modules/beta-public-cluster/main.tf
+++ b/modules/beta-public-cluster/main.tf
@@ -136,7 +136,7 @@ locals {
   cluster_output_vertical_pod_autoscaling_enabled   = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling[0].enabled : false
   cluster_output_intranode_visbility_enabled        = google_container_cluster.primary.enable_intranode_visibility
   cluster_output_identity_service_enabled           = google_container_cluster.primary.identity_service_config != null && length(google_container_cluster.primary.identity_service_config) == 1 ? google_container_cluster.primary.identity_service_config[0].enabled : false
-  cluster_output_secret_manager_addon_enabled       = google_container_cluster.primary.secret_manager_config != null && length(google_container_cluster.primary.secret_manager_config) == 1 ? google_container_cluster.primary.secret_manager_config[0].enabled : false
+  cluster_output_secret_manager_addon_enabled       = google_container_cluster.primary.secret_manager_config[0].enabled
 
   # BETA features
   cluster_output_istio_disabled              = google_container_cluster.primary.addons_config[0].istio_config != null && length(google_container_cluster.primary.addons_config[0].istio_config) == 1 ? google_container_cluster.primary.addons_config[0].istio_config[0].disabled : false
diff --git a/modules/gke-autopilot-cluster/main.tf b/modules/gke-autopilot-cluster/main.tf
index 2bf81b05bf..c468270b21 100644
--- a/modules/gke-autopilot-cluster/main.tf
+++ b/modules/gke-autopilot-cluster/main.tf
@@ -160,11 +160,8 @@ resource "google_container_cluster" "main" {
     }
   }
 
-  dynamic "secret_manager_config" {
-    for_each = var.secret_manager_config != null ? [var.secret_manager_config] : []
-    content {
-      enabled = secret_manager_config.value.enabled
-    }
+  secret_manager_config {
+    enabled = var.secret_manager_config != null ? var.secret_manager_config.enabled : false
   }
 
   dynamic "pod_autoscaling" {
diff --git a/modules/gke-autopilot-cluster/outputs.tf b/modules/gke-autopilot-cluster/outputs.tf
index 4229fdc334..a9eb189bce 100644
--- a/modules/gke-autopilot-cluster/outputs.tf
+++ b/modules/gke-autopilot-cluster/outputs.tf
@@ -125,5 +125,5 @@ output "intranode_visibility_enabled" {
 
 output "secret_manager_addon_enabled" {
   description = "Whether Secret Manager add-on is enabled"
-  value       = google_container_cluster.main.secret_manager_config != null && length(google_container_cluster.main.secret_manager_config) == 1 ? google_container_cluster.main.secret_manager_config[0].enabled : false
+  value       = google_container_cluster.main.secret_manager_config[0].enabled
 }
diff --git a/modules/gke-standard-cluster/main.tf b/modules/gke-standard-cluster/main.tf
index 30905debf7..1e3cd16528 100644
--- a/modules/gke-standard-cluster/main.tf
+++ b/modules/gke-standard-cluster/main.tf
@@ -1051,11 +1051,8 @@ resource "google_container_cluster" "main" {
     }
   }
 
-  dynamic "secret_manager_config" {
-    for_each = var.secret_manager_config != null ? [var.secret_manager_config] : []
-    content {
-      enabled = secret_manager_config.value.enabled
-    }
+  secret_manager_config {
+    enabled = var.secret_manager_config != null ? var.secret_manager_config.enabled : false
   }
 
   dynamic "authenticator_groups_config" {
diff --git a/modules/gke-standard-cluster/outputs.tf b/modules/gke-standard-cluster/outputs.tf
index b443f53439..8fc15a73ae 100644
--- a/modules/gke-standard-cluster/outputs.tf
+++ b/modules/gke-standard-cluster/outputs.tf
@@ -140,5 +140,5 @@ output "intranode_visibility_enabled" {
 
 output "secret_manager_addon_enabled" {
   description = "Whether Secret Manager add-on is enabled"
-  value       = google_container_cluster.main.secret_manager_config != null && length(google_container_cluster.main.secret_manager_config) == 1 ? google_container_cluster.main.secret_manager_config[0].enabled : false
+  value       = google_container_cluster.main.secret_manager_config[0].enabled
 }
diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf
index 8700f849e0..6cf3540a82 100644
--- a/modules/private-cluster-update-variant/cluster.tf
+++ b/modules/private-cluster-update-variant/cluster.tf
@@ -236,11 +236,8 @@ resource "google_container_cluster" "primary" {
     }
   }
 
-  dynamic "secret_manager_config" {
-    for_each = var.enable_secret_manager_addon ? [var.enable_secret_manager_addon] : []
-    content {
-      enabled = secret_manager_config.value
-    }
+  secret_manager_config {
+    enabled = var.enable_secret_manager_addon
   }
 
   dynamic "pod_autoscaling" {
diff --git a/modules/private-cluster-update-variant/main.tf b/modules/private-cluster-update-variant/main.tf
index b311f148c0..0d946ab54b 100644
--- a/modules/private-cluster-update-variant/main.tf
+++ b/modules/private-cluster-update-variant/main.tf
@@ -131,7 +131,7 @@ locals {
   cluster_output_vertical_pod_autoscaling_enabled   = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling[0].enabled : false
   cluster_output_intranode_visbility_enabled        = google_container_cluster.primary.enable_intranode_visibility
   cluster_output_identity_service_enabled           = google_container_cluster.primary.identity_service_config != null && length(google_container_cluster.primary.identity_service_config) == 1 ? google_container_cluster.primary.identity_service_config[0].enabled : false
-  cluster_output_secret_manager_addon_enabled       = google_container_cluster.primary.secret_manager_config != null && length(google_container_cluster.primary.secret_manager_config) == 1 ? google_container_cluster.primary.secret_manager_config[0].enabled : false
+  cluster_output_secret_manager_addon_enabled       = google_container_cluster.primary.secret_manager_config[0].enabled
 
   cluster_output_node_pools_names = concat(
     [for np in google_container_node_pool.pools : np.name], [""],
diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf
index d48a2f9836..d813baaadb 100644
--- a/modules/private-cluster/cluster.tf
+++ b/modules/private-cluster/cluster.tf
@@ -236,11 +236,9 @@ resource "google_container_cluster" "primary" {
     }
   }
 
-  dynamic "secret_manager_config" {
-    for_each = var.enable_secret_manager_addon ? [var.enable_secret_manager_addon] : []
-    content {
-      enabled = secret_manager_config.value
-    }
+
+  secret_manager_config {
+    enabled = var.enable_secret_manager_addon
   }
 
   dynamic "pod_autoscaling" {
diff --git a/modules/private-cluster/main.tf b/modules/private-cluster/main.tf
index b311f148c0..0d946ab54b 100644
--- a/modules/private-cluster/main.tf
+++ b/modules/private-cluster/main.tf
@@ -131,7 +131,7 @@ locals {
   cluster_output_vertical_pod_autoscaling_enabled   = google_container_cluster.primary.vertical_pod_autoscaling != null && length(google_container_cluster.primary.vertical_pod_autoscaling) == 1 ? google_container_cluster.primary.vertical_pod_autoscaling[0].enabled : false
   cluster_output_intranode_visbility_enabled        = google_container_cluster.primary.enable_intranode_visibility
   cluster_output_identity_service_enabled           = google_container_cluster.primary.identity_service_config != null && length(google_container_cluster.primary.identity_service_config) == 1 ? google_container_cluster.primary.identity_service_config[0].enabled : false
-  cluster_output_secret_manager_addon_enabled       = google_container_cluster.primary.secret_manager_config != null && length(google_container_cluster.primary.secret_manager_config) == 1 ? google_container_cluster.primary.secret_manager_config[0].enabled : false
+  cluster_output_secret_manager_addon_enabled       = google_container_cluster.primary.secret_manager_config[0].enabled
 
   cluster_output_node_pools_names = concat(
     [for np in google_container_node_pool.pools : np.name], [""],

From 0e0d01bec6ca328004e1a069e9f2d64f4c35a14c Mon Sep 17 00:00:00 2001
From: Arjun Dutta <duttaarjun78@gmail.com>
Date: Sat, 15 Nov 2025 01:17:14 +0530
Subject: [PATCH 2/2] chore: fix whitespace formatting with make build

---
 cluster.tf                                             | 2 +-
 modules/beta-autopilot-private-cluster/cluster.tf      | 1 -
 modules/beta-autopilot-public-cluster/cluster.tf       | 1 -
 modules/beta-private-cluster-update-variant/cluster.tf | 1 -
 modules/gke-node-pool/metadata.display.yaml            | 2 +-
 modules/gke-node-pool/metadata.yaml                    | 2 +-
 modules/gke-standard-cluster/metadata.yaml             | 2 +-
 modules/private-cluster/cluster.tf                     | 1 -
 8 files changed, 4 insertions(+), 8 deletions(-)

diff --git a/cluster.tf b/cluster.tf
index 07f41a0162..e2f2a27569 100644
--- a/cluster.tf
+++ b/cluster.tf
@@ -227,6 +227,7 @@ resource "google_container_cluster" "primary" {
       total_egress_bandwidth_tier = var.total_egress_bandwidth_tier
     }
   }
+
   dynamic "rbac_binding_config" {
     for_each = var.rbac_binding_config.enable_insecure_binding_system_unauthenticated != null || var.rbac_binding_config.enable_insecure_binding_system_authenticated != null ? [var.rbac_binding_config] : []
     content {
@@ -235,7 +236,6 @@ resource "google_container_cluster" "primary" {
     }
   }
 
-
   secret_manager_config {
     enabled = var.enable_secret_manager_addon
   }
diff --git a/modules/beta-autopilot-private-cluster/cluster.tf b/modules/beta-autopilot-private-cluster/cluster.tf
index 45921c1145..555889e6e6 100644
--- a/modules/beta-autopilot-private-cluster/cluster.tf
+++ b/modules/beta-autopilot-private-cluster/cluster.tf
@@ -156,7 +156,6 @@ resource "google_container_cluster" "primary" {
     }
   }
 
-
   secret_manager_config {
     enabled = var.enable_secret_manager_addon
   }
diff --git a/modules/beta-autopilot-public-cluster/cluster.tf b/modules/beta-autopilot-public-cluster/cluster.tf
index 0e54900557..9797a9c4bd 100644
--- a/modules/beta-autopilot-public-cluster/cluster.tf
+++ b/modules/beta-autopilot-public-cluster/cluster.tf
@@ -156,7 +156,6 @@ resource "google_container_cluster" "primary" {
     }
   }
 
-
   secret_manager_config {
     enabled = var.enable_secret_manager_addon
   }
diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf
index 9e1db201fe..2575114a15 100644
--- a/modules/beta-private-cluster-update-variant/cluster.tf
+++ b/modules/beta-private-cluster-update-variant/cluster.tf
@@ -249,7 +249,6 @@ resource "google_container_cluster" "primary" {
     }
   }
 
-
   secret_manager_config {
     enabled = var.enable_secret_manager_addon
   }
diff --git a/modules/gke-node-pool/metadata.display.yaml b/modules/gke-node-pool/metadata.display.yaml
index 59c891c4e5..ea5c642218 100644
--- a/modules/gke-node-pool/metadata.display.yaml
+++ b/modules/gke-node-pool/metadata.display.yaml
@@ -62,9 +62,9 @@ spec:
         name:
           name: name
           title: Name
-          level: 1
           regexValidation: ^[a-z]([a-z0-9-]{0,38}[a-z0-9])?$
           validation: Node pool name must start with a lowercase letter followed by up to 39 lowercase letters, numbers, or hyphens and cannot end with a hyphen.
+          level: 1
         name_prefix:
           name: name_prefix
           title: Name Prefix
diff --git a/modules/gke-node-pool/metadata.yaml b/modules/gke-node-pool/metadata.yaml
index d3eb447e55..ff88147a87 100644
--- a/modules/gke-node-pool/metadata.yaml
+++ b/modules/gke-node-pool/metadata.yaml
@@ -409,9 +409,9 @@ spec:
     roles:
       - level: Project
         roles:
-          - roles/compute.admin
           - roles/container.admin
           - roles/iam.serviceAccountUser
+          - roles/compute.admin
     services:
       - compute.googleapis.com
       - container.googleapis.com
diff --git a/modules/gke-standard-cluster/metadata.yaml b/modules/gke-standard-cluster/metadata.yaml
index cec7a89427..706da2c494 100644
--- a/modules/gke-standard-cluster/metadata.yaml
+++ b/modules/gke-standard-cluster/metadata.yaml
@@ -1013,9 +1013,9 @@ spec:
     roles:
       - level: Project
         roles:
-          - roles/compute.admin
           - roles/container.admin
           - roles/iam.serviceAccountUser
+          - roles/compute.admin
     services:
       - compute.googleapis.com
       - container.googleapis.com
diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf
index d813baaadb..d48d060175 100644
--- a/modules/private-cluster/cluster.tf
+++ b/modules/private-cluster/cluster.tf
@@ -236,7 +236,6 @@ resource "google_container_cluster" "primary" {
     }
   }
 
-
   secret_manager_config {
     enabled = var.enable_secret_manager_addon
   }