diff --git a/.changelog/9426.txt b/.changelog/9426.txt
new file mode 100644
index 0000000000..9e88533fb7
--- /dev/null
+++ b/.changelog/9426.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+gkehub2: added `policycontroller` field to `fleet_default_member_config` under the `google_gke_hub_feature` resource. Users can now configure a default Policy Controller configuration for new memberships added to the fleet.
+```
diff --git a/google-beta/services/gkehub2/resource_gke_hub_feature.go b/google-beta/services/gkehub2/resource_gke_hub_feature.go
index 1d0cd8ee93..f37f0ecbab 100644
--- a/google-beta/services/gkehub2/resource_gke_hub_feature.go
+++ b/google-beta/services/gkehub2/resource_gke_hub_feature.go
@@ -199,6 +199,246 @@ func ResourceGKEHub2Feature() *schema.Resource {
},
},
},
+ "policycontroller": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: `Policy Controller spec`,
+ MaxItems: 1,
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "policy_controller_hub_config": {
+ Type: schema.TypeList,
+ Required: true,
+ Description: `Configuration of Policy Controller`,
+ MaxItems: 1,
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "install_spec": {
+ Type: schema.TypeString,
+ Required: true,
+ ValidateFunc: verify.ValidateEnum([]string{"INSTALL_SPEC_UNSPECIFIED", "INSTALL_SPEC_NOT_INSTALLED", "INSTALL_SPEC_ENABLED", "INSTALL_SPEC_SUSPENDED", "INSTALL_SPEC_DETACHED"}),
+ Description: `Configures the mode of the Policy Controller installation Possible values: ["INSTALL_SPEC_UNSPECIFIED", "INSTALL_SPEC_NOT_INSTALLED", "INSTALL_SPEC_ENABLED", "INSTALL_SPEC_SUSPENDED", "INSTALL_SPEC_DETACHED"]`,
+ },
+ "audit_interval_seconds": {
+ Type: schema.TypeInt,
+ Optional: true,
+ Description: `Interval for Policy Controller Audit scans (in seconds). When set to 0, this disables audit functionality altogether.`,
+ },
+ "constraint_violation_limit": {
+ Type: schema.TypeInt,
+ Optional: true,
+ Description: `The maximum number of audit violations to be stored in a constraint. If not set, the internal default of 20 will be used.`,
+ },
+ "deployment_configs": {
+ Type: schema.TypeSet,
+ Computed: true,
+ Optional: true,
+ Description: `Map of deployment configs to deployments ("admission", "audit", "mutation").`,
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "component": {
+ Type: schema.TypeString,
+ Required: true,
+ },
+ "container_resources": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: `Container resource requirements.`,
+ MaxItems: 1,
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "limits": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: `Limits describes the maximum amount of compute resources allowed for use by the running container.`,
+ MaxItems: 1,
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "cpu": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: `CPU requirement expressed in Kubernetes resource units.`,
+ },
+ "memory": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: `Memory requirement expressed in Kubernetes resource units.`,
+ },
+ },
+ },
+ },
+ "requests": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: `Requests describes the amount of compute resources reserved for the container by the kube-scheduler.`,
+ MaxItems: 1,
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "cpu": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: `CPU requirement expressed in Kubernetes resource units.`,
+ },
+ "memory": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: `Memory requirement expressed in Kubernetes resource units.`,
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ "pod_affinity": {
+ Type: schema.TypeString,
+ Computed: true,
+ Optional: true,
+ ValidateFunc: verify.ValidateEnum([]string{"AFFINITY_UNSPECIFIED", "NO_AFFINITY", "ANTI_AFFINITY", ""}),
+ Description: `Pod affinity configuration. Possible values: ["AFFINITY_UNSPECIFIED", "NO_AFFINITY", "ANTI_AFFINITY"]`,
+ },
+ "pod_toleration": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: `Pod tolerations of node taints.`,
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "effect": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: `Matches a taint effect.`,
+ },
+ "key": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: `Matches a taint key (not necessarily unique).`,
+ },
+ "operator": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: `Matches a taint operator.`,
+ },
+ "value": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: `Matches a taint value.`,
+ },
+ },
+ },
+ },
+ "replica_count": {
+ Type: schema.TypeInt,
+ Computed: true,
+ Optional: true,
+ Description: `Pod replica count.`,
+ },
+ },
+ },
+ },
+ "exemptable_namespaces": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: `The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.`,
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ },
+ },
+ "log_denies_enabled": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Description: `Logs all denies and dry run failures.`,
+ },
+ "monitoring": {
+ Type: schema.TypeList,
+ Computed: true,
+ Optional: true,
+ Description: `Monitoring specifies the configuration of monitoring Policy Controller.`,
+ MaxItems: 1,
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "backends": {
+ Type: schema.TypeList,
+ Computed: true,
+ Optional: true,
+ Description: `Specifies the list of backends Policy Controller will export to. An empty list would effectively disable metrics export. Possible values: ["MONITORING_BACKEND_UNSPECIFIED", "PROMETHEUS", "CLOUD_MONITORING"]`,
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ ValidateFunc: verify.ValidateEnum([]string{"MONITORING_BACKEND_UNSPECIFIED", "PROMETHEUS", "CLOUD_MONITORING"}),
+ },
+ },
+ },
+ },
+ },
+ "mutation_enabled": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Description: `Enables the ability to mutate resources using Policy Controller.`,
+ },
+ "policy_content": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: `Specifies the desired policy content on the cluster.`,
+ MaxItems: 1,
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "bundles": {
+ Type: schema.TypeSet,
+ Optional: true,
+ Description: `Configures which bundles to install and their corresponding install specs.`,
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "bundle": {
+ Type: schema.TypeString,
+ Required: true,
+ },
+ "exempted_namespaces": {
+ Type: schema.TypeList,
+ Optional: true,
+ Description: `The set of namespaces to be exempted from the bundle.`,
+ Elem: &schema.Schema{
+ Type: schema.TypeString,
+ },
+ },
+ },
+ },
+ },
+ "template_library": {
+ Type: schema.TypeList,
+ Computed: true,
+ Optional: true,
+ Description: `Configures the installation of the Template Library.`,
+ MaxItems: 1,
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "installation": {
+ Type: schema.TypeString,
+ Optional: true,
+ ValidateFunc: verify.ValidateEnum([]string{"INSTALATION_UNSPECIFIED", "NOT_INSTALLED", "ALL", ""}),
+ Description: `Configures the manner in which the template library is installed on the cluster. Possible values: ["INSTALATION_UNSPECIFIED", "NOT_INSTALLED", "ALL"]`,
+ },
+ },
+ },
+ },
+ },
+ },
+ },
+ "referential_rules_enabled": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Description: `Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.`,
+ },
+ },
+ },
+ },
+ "version": {
+ Type: schema.TypeString,
+ Computed: true,
+ Optional: true,
+ Description: `Configures the version of Policy Controller`,
+ },
+ },
+ },
+ },
},
},
},
@@ -872,6 +1112,8 @@ func flattenGKEHub2FeatureFleetDefaultMemberConfig(v interface{}, d *schema.Reso
flattenGKEHub2FeatureFleetDefaultMemberConfigMesh(original["mesh"], d, config)
transformed["configmanagement"] =
flattenGKEHub2FeatureFleetDefaultMemberConfigConfigmanagement(original["configmanagement"], d, config)
+ transformed["policycontroller"] =
+ flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontroller(original["policycontroller"], d, config)
return []interface{}{transformed}
}
func flattenGKEHub2FeatureFleetDefaultMemberConfigMesh(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
@@ -1031,6 +1273,315 @@ func flattenGKEHub2FeatureFleetDefaultMemberConfigConfigmanagementConfigSyncOciV
return v
}
+func flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontroller(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ if v == nil {
+ return nil
+ }
+ original := v.(map[string]interface{})
+ if len(original) == 0 {
+ return nil
+ }
+ transformed := make(map[string]interface{})
+ transformed["version"] =
+ flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerVersion(original["version"], d, config)
+ transformed["policy_controller_hub_config"] =
+ flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfig(original["policyControllerHubConfig"], d, config)
+ return []interface{}{transformed}
+}
+func flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerVersion(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ return v
+}
+
+func flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfig(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ if v == nil {
+ return nil
+ }
+ original := v.(map[string]interface{})
+ if len(original) == 0 {
+ return nil
+ }
+ transformed := make(map[string]interface{})
+ transformed["install_spec"] =
+ flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigInstallSpec(original["installSpec"], d, config)
+ transformed["audit_interval_seconds"] =
+ flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigAuditIntervalSeconds(original["auditIntervalSeconds"], d, config)
+ transformed["exemptable_namespaces"] =
+ flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigExemptableNamespaces(original["exemptableNamespaces"], d, config)
+ transformed["log_denies_enabled"] =
+ flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigLogDeniesEnabled(original["logDeniesEnabled"], d, config)
+ transformed["mutation_enabled"] =
+ flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigMutationEnabled(original["mutationEnabled"], d, config)
+ transformed["referential_rules_enabled"] =
+ flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigReferentialRulesEnabled(original["referentialRulesEnabled"], d, config)
+ transformed["monitoring"] =
+ flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigMonitoring(original["monitoring"], d, config)
+ transformed["constraint_violation_limit"] =
+ flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigConstraintViolationLimit(original["constraintViolationLimit"], d, config)
+ transformed["deployment_configs"] =
+ flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigs(original["deploymentConfigs"], d, config)
+ transformed["policy_content"] =
+ flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigPolicyContent(original["policyContent"], d, config)
+ return []interface{}{transformed}
+}
+func flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigInstallSpec(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ return v
+}
+
+func flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigAuditIntervalSeconds(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ // Handles the string fixed64 format
+ if strVal, ok := v.(string); ok {
+ if intVal, err := tpgresource.StringToFixed64(strVal); err == nil {
+ return intVal
+ }
+ }
+
+ // number values are represented as float64
+ if floatVal, ok := v.(float64); ok {
+ intVal := int(floatVal)
+ return intVal
+ }
+
+ return v // let terraform core handle it otherwise
+}
+
+func flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigExemptableNamespaces(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ return v
+}
+
+func flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigLogDeniesEnabled(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ return v
+}
+
+func flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigMutationEnabled(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ return v
+}
+
+func flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigReferentialRulesEnabled(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ return v
+}
+
+func flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigMonitoring(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ if v == nil {
+ return nil
+ }
+ original := v.(map[string]interface{})
+ if len(original) == 0 {
+ return nil
+ }
+ transformed := make(map[string]interface{})
+ transformed["backends"] =
+ flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigMonitoringBackends(original["backends"], d, config)
+ return []interface{}{transformed}
+}
+func flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigMonitoringBackends(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ return v
+}
+
+func flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigConstraintViolationLimit(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ // Handles the string fixed64 format
+ if strVal, ok := v.(string); ok {
+ if intVal, err := tpgresource.StringToFixed64(strVal); err == nil {
+ return intVal
+ }
+ }
+
+ // number values are represented as float64
+ if floatVal, ok := v.(float64); ok {
+ intVal := int(floatVal)
+ return intVal
+ }
+
+ return v // let terraform core handle it otherwise
+}
+
+func flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigs(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ if v == nil {
+ return v
+ }
+ l := v.(map[string]interface{})
+ transformed := make([]interface{}, 0, len(l))
+ for k, raw := range l {
+ original := raw.(map[string]interface{})
+ transformed = append(transformed, map[string]interface{}{
+ "component": k,
+ "replica_count": flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsReplicaCount(original["replicaCount"], d, config),
+ "container_resources": flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsContainerResources(original["containerResources"], d, config),
+ "pod_affinity": flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsPodAffinity(original["podAffinity"], d, config),
+ "pod_toleration": flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsPodToleration(original["podTolerations"], d, config),
+ })
+ }
+ return transformed
+}
+func flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsReplicaCount(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ // Handles the string fixed64 format
+ if strVal, ok := v.(string); ok {
+ if intVal, err := tpgresource.StringToFixed64(strVal); err == nil {
+ return intVal
+ }
+ }
+
+ // number values are represented as float64
+ if floatVal, ok := v.(float64); ok {
+ intVal := int(floatVal)
+ return intVal
+ }
+
+ return v // let terraform core handle it otherwise
+}
+
+func flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsContainerResources(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ if v == nil {
+ return nil
+ }
+ original := v.(map[string]interface{})
+ if len(original) == 0 {
+ return nil
+ }
+ transformed := make(map[string]interface{})
+ transformed["limits"] =
+ flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsContainerResourcesLimits(original["limits"], d, config)
+ transformed["requests"] =
+ flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsContainerResourcesRequests(original["requests"], d, config)
+ return []interface{}{transformed}
+}
+func flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsContainerResourcesLimits(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ if v == nil {
+ return nil
+ }
+ original := v.(map[string]interface{})
+ if len(original) == 0 {
+ return nil
+ }
+ transformed := make(map[string]interface{})
+ transformed["memory"] =
+ flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsContainerResourcesLimitsMemory(original["memory"], d, config)
+ transformed["cpu"] =
+ flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsContainerResourcesLimitsCpu(original["cpu"], d, config)
+ return []interface{}{transformed}
+}
+func flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsContainerResourcesLimitsMemory(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ return v
+}
+
+func flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsContainerResourcesLimitsCpu(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ return v
+}
+
+func flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsContainerResourcesRequests(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ if v == nil {
+ return nil
+ }
+ original := v.(map[string]interface{})
+ if len(original) == 0 {
+ return nil
+ }
+ transformed := make(map[string]interface{})
+ transformed["memory"] =
+ flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsContainerResourcesRequestsMemory(original["memory"], d, config)
+ transformed["cpu"] =
+ flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsContainerResourcesRequestsCpu(original["cpu"], d, config)
+ return []interface{}{transformed}
+}
+func flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsContainerResourcesRequestsMemory(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ return v
+}
+
+func flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsContainerResourcesRequestsCpu(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ return v
+}
+
+func flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsPodAffinity(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ return v
+}
+
+func flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsPodToleration(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ if v == nil {
+ return v
+ }
+ l := v.([]interface{})
+ transformed := make([]interface{}, 0, len(l))
+ for _, raw := range l {
+ original := raw.(map[string]interface{})
+ if len(original) < 1 {
+ // Do not include empty json objects coming back from the api
+ continue
+ }
+ transformed = append(transformed, map[string]interface{}{
+ "key": flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsPodTolerationKey(original["key"], d, config),
+ "operator": flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsPodTolerationOperator(original["operator"], d, config),
+ "value": flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsPodTolerationValue(original["value"], d, config),
+ "effect": flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsPodTolerationEffect(original["effect"], d, config),
+ })
+ }
+ return transformed
+}
+func flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsPodTolerationKey(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ return v
+}
+
+func flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsPodTolerationOperator(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ return v
+}
+
+func flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsPodTolerationValue(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ return v
+}
+
+func flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsPodTolerationEffect(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ return v
+}
+
+func flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigPolicyContent(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ if v == nil {
+ return nil
+ }
+ original := v.(map[string]interface{})
+ if len(original) == 0 {
+ return nil
+ }
+ transformed := make(map[string]interface{})
+ transformed["template_library"] =
+ flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigPolicyContentTemplateLibrary(original["templateLibrary"], d, config)
+ transformed["bundles"] =
+ flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigPolicyContentBundles(original["bundles"], d, config)
+ return []interface{}{transformed}
+}
+func flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigPolicyContentTemplateLibrary(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ if v == nil {
+ return nil
+ }
+ original := v.(map[string]interface{})
+ if len(original) == 0 {
+ return nil
+ }
+ transformed := make(map[string]interface{})
+ transformed["installation"] =
+ flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigPolicyContentTemplateLibraryInstallation(original["installation"], d, config)
+ return []interface{}{transformed}
+}
+func flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigPolicyContentTemplateLibraryInstallation(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ return v
+}
+
+func flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigPolicyContentBundles(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ if v == nil {
+ return v
+ }
+ l := v.(map[string]interface{})
+ transformed := make([]interface{}, 0, len(l))
+ for k, raw := range l {
+ original := raw.(map[string]interface{})
+ transformed = append(transformed, map[string]interface{}{
+ "bundle": k,
+ "exempted_namespaces": flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigPolicyContentBundlesExemptedNamespaces(original["exemptedNamespaces"], d, config),
+ })
+ }
+ return transformed
+}
+func flattenGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigPolicyContentBundlesExemptedNamespaces(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ return v
+}
+
func flattenGKEHub2FeatureState(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
if v == nil {
return nil
@@ -1267,6 +1818,13 @@ func expandGKEHub2FeatureFleetDefaultMemberConfig(v interface{}, d tpgresource.T
transformed["configmanagement"] = transformedConfigmanagement
}
+ transformedPolicycontroller, err := expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontroller(original["policycontroller"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedPolicycontroller); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["policycontroller"] = transformedPolicycontroller
+ }
+
return transformed, nil
}
@@ -1527,6 +2085,454 @@ func expandGKEHub2FeatureFleetDefaultMemberConfigConfigmanagementConfigSyncOciVe
return v, nil
}
+func expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontroller(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ l := v.([]interface{})
+ if len(l) == 0 || l[0] == nil {
+ return nil, nil
+ }
+ raw := l[0]
+ original := raw.(map[string]interface{})
+ transformed := make(map[string]interface{})
+
+ transformedVersion, err := expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerVersion(original["version"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedVersion); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["version"] = transformedVersion
+ }
+
+ transformedPolicyControllerHubConfig, err := expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfig(original["policy_controller_hub_config"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedPolicyControllerHubConfig); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["policyControllerHubConfig"] = transformedPolicyControllerHubConfig
+ }
+
+ return transformed, nil
+}
+
+func expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerVersion(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ return v, nil
+}
+
+func expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfig(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ l := v.([]interface{})
+ if len(l) == 0 || l[0] == nil {
+ return nil, nil
+ }
+ raw := l[0]
+ original := raw.(map[string]interface{})
+ transformed := make(map[string]interface{})
+
+ transformedInstallSpec, err := expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigInstallSpec(original["install_spec"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedInstallSpec); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["installSpec"] = transformedInstallSpec
+ }
+
+ transformedAuditIntervalSeconds, err := expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigAuditIntervalSeconds(original["audit_interval_seconds"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedAuditIntervalSeconds); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["auditIntervalSeconds"] = transformedAuditIntervalSeconds
+ }
+
+ transformedExemptableNamespaces, err := expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigExemptableNamespaces(original["exemptable_namespaces"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedExemptableNamespaces); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["exemptableNamespaces"] = transformedExemptableNamespaces
+ }
+
+ transformedLogDeniesEnabled, err := expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigLogDeniesEnabled(original["log_denies_enabled"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedLogDeniesEnabled); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["logDeniesEnabled"] = transformedLogDeniesEnabled
+ }
+
+ transformedMutationEnabled, err := expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigMutationEnabled(original["mutation_enabled"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedMutationEnabled); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["mutationEnabled"] = transformedMutationEnabled
+ }
+
+ transformedReferentialRulesEnabled, err := expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigReferentialRulesEnabled(original["referential_rules_enabled"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedReferentialRulesEnabled); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["referentialRulesEnabled"] = transformedReferentialRulesEnabled
+ }
+
+ transformedMonitoring, err := expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigMonitoring(original["monitoring"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedMonitoring); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["monitoring"] = transformedMonitoring
+ }
+
+ transformedConstraintViolationLimit, err := expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigConstraintViolationLimit(original["constraint_violation_limit"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedConstraintViolationLimit); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["constraintViolationLimit"] = transformedConstraintViolationLimit
+ }
+
+ transformedDeploymentConfigs, err := expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigs(original["deployment_configs"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedDeploymentConfigs); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["deploymentConfigs"] = transformedDeploymentConfigs
+ }
+
+ transformedPolicyContent, err := expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigPolicyContent(original["policy_content"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedPolicyContent); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["policyContent"] = transformedPolicyContent
+ }
+
+ return transformed, nil
+}
+
+func expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigInstallSpec(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ return v, nil
+}
+
+func expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigAuditIntervalSeconds(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ return v, nil
+}
+
+func expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigExemptableNamespaces(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ return v, nil
+}
+
+func expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigLogDeniesEnabled(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ return v, nil
+}
+
+func expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigMutationEnabled(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ return v, nil
+}
+
+func expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigReferentialRulesEnabled(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ return v, nil
+}
+
+func expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigMonitoring(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ l := v.([]interface{})
+ if len(l) == 0 || l[0] == nil {
+ return nil, nil
+ }
+ raw := l[0]
+ original := raw.(map[string]interface{})
+ transformed := make(map[string]interface{})
+
+ transformedBackends, err := expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigMonitoringBackends(original["backends"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedBackends); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["backends"] = transformedBackends
+ }
+
+ return transformed, nil
+}
+
+func expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigMonitoringBackends(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ return v, nil
+}
+
+func expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigConstraintViolationLimit(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ return v, nil
+}
+
+func expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigs(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (map[string]interface{}, error) {
+ if v == nil {
+ return map[string]interface{}{}, nil
+ }
+ m := make(map[string]interface{})
+ for _, raw := range v.(*schema.Set).List() {
+ original := raw.(map[string]interface{})
+ transformed := make(map[string]interface{})
+
+ transformedReplicaCount, err := expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsReplicaCount(original["replica_count"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedReplicaCount); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["replicaCount"] = transformedReplicaCount
+ }
+
+ transformedContainerResources, err := expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsContainerResources(original["container_resources"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedContainerResources); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["containerResources"] = transformedContainerResources
+ }
+
+ transformedPodAffinity, err := expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsPodAffinity(original["pod_affinity"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedPodAffinity); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["podAffinity"] = transformedPodAffinity
+ }
+
+ transformedPodToleration, err := expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsPodToleration(original["pod_toleration"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedPodToleration); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["podTolerations"] = transformedPodToleration
+ }
+
+ transformedComponent, err := tpgresource.ExpandString(original["component"], d, config)
+ if err != nil {
+ return nil, err
+ }
+ m[transformedComponent] = transformed
+ }
+ return m, nil
+}
+
+func expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsReplicaCount(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ return v, nil
+}
+
+func expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsContainerResources(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ l := v.([]interface{})
+ if len(l) == 0 || l[0] == nil {
+ return nil, nil
+ }
+ raw := l[0]
+ original := raw.(map[string]interface{})
+ transformed := make(map[string]interface{})
+
+ transformedLimits, err := expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsContainerResourcesLimits(original["limits"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedLimits); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["limits"] = transformedLimits
+ }
+
+ transformedRequests, err := expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsContainerResourcesRequests(original["requests"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedRequests); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["requests"] = transformedRequests
+ }
+
+ return transformed, nil
+}
+
+func expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsContainerResourcesLimits(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ l := v.([]interface{})
+ if len(l) == 0 || l[0] == nil {
+ return nil, nil
+ }
+ raw := l[0]
+ original := raw.(map[string]interface{})
+ transformed := make(map[string]interface{})
+
+ transformedMemory, err := expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsContainerResourcesLimitsMemory(original["memory"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedMemory); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["memory"] = transformedMemory
+ }
+
+ transformedCpu, err := expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsContainerResourcesLimitsCpu(original["cpu"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedCpu); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["cpu"] = transformedCpu
+ }
+
+ return transformed, nil
+}
+
+func expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsContainerResourcesLimitsMemory(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ return v, nil
+}
+
+func expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsContainerResourcesLimitsCpu(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ return v, nil
+}
+
+func expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsContainerResourcesRequests(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ l := v.([]interface{})
+ if len(l) == 0 || l[0] == nil {
+ return nil, nil
+ }
+ raw := l[0]
+ original := raw.(map[string]interface{})
+ transformed := make(map[string]interface{})
+
+ transformedMemory, err := expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsContainerResourcesRequestsMemory(original["memory"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedMemory); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["memory"] = transformedMemory
+ }
+
+ transformedCpu, err := expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsContainerResourcesRequestsCpu(original["cpu"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedCpu); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["cpu"] = transformedCpu
+ }
+
+ return transformed, nil
+}
+
+func expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsContainerResourcesRequestsMemory(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ return v, nil
+}
+
+func expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsContainerResourcesRequestsCpu(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ return v, nil
+}
+
+func expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsPodAffinity(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ return v, nil
+}
+
+func expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsPodToleration(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ l := v.([]interface{})
+ req := make([]interface{}, 0, len(l))
+ for _, raw := range l {
+ if raw == nil {
+ continue
+ }
+ original := raw.(map[string]interface{})
+ transformed := make(map[string]interface{})
+
+ transformedKey, err := expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsPodTolerationKey(original["key"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedKey); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["key"] = transformedKey
+ }
+
+ transformedOperator, err := expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsPodTolerationOperator(original["operator"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedOperator); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["operator"] = transformedOperator
+ }
+
+ transformedValue, err := expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsPodTolerationValue(original["value"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedValue); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["value"] = transformedValue
+ }
+
+ transformedEffect, err := expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsPodTolerationEffect(original["effect"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedEffect); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["effect"] = transformedEffect
+ }
+
+ req = append(req, transformed)
+ }
+ return req, nil
+}
+
+func expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsPodTolerationKey(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ return v, nil
+}
+
+func expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsPodTolerationOperator(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ return v, nil
+}
+
+func expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsPodTolerationValue(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ return v, nil
+}
+
+func expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigDeploymentConfigsPodTolerationEffect(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ return v, nil
+}
+
+func expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigPolicyContent(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ l := v.([]interface{})
+ if len(l) == 0 || l[0] == nil {
+ return nil, nil
+ }
+ raw := l[0]
+ original := raw.(map[string]interface{})
+ transformed := make(map[string]interface{})
+
+ transformedTemplateLibrary, err := expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigPolicyContentTemplateLibrary(original["template_library"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedTemplateLibrary); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["templateLibrary"] = transformedTemplateLibrary
+ }
+
+ transformedBundles, err := expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigPolicyContentBundles(original["bundles"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedBundles); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["bundles"] = transformedBundles
+ }
+
+ return transformed, nil
+}
+
+func expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigPolicyContentTemplateLibrary(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ l := v.([]interface{})
+ if len(l) == 0 || l[0] == nil {
+ return nil, nil
+ }
+ raw := l[0]
+ original := raw.(map[string]interface{})
+ transformed := make(map[string]interface{})
+
+ transformedInstallation, err := expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigPolicyContentTemplateLibraryInstallation(original["installation"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedInstallation); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["installation"] = transformedInstallation
+ }
+
+ return transformed, nil
+}
+
+func expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigPolicyContentTemplateLibraryInstallation(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ return v, nil
+}
+
+func expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigPolicyContentBundles(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (map[string]interface{}, error) {
+ if v == nil {
+ return map[string]interface{}{}, nil
+ }
+ m := make(map[string]interface{})
+ for _, raw := range v.(*schema.Set).List() {
+ original := raw.(map[string]interface{})
+ transformed := make(map[string]interface{})
+
+ transformedExemptedNamespaces, err := expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigPolicyContentBundlesExemptedNamespaces(original["exempted_namespaces"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedExemptedNamespaces); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["exemptedNamespaces"] = transformedExemptedNamespaces
+ }
+
+ transformedBundle, err := tpgresource.ExpandString(original["bundle"], d, config)
+ if err != nil {
+ return nil, err
+ }
+ m[transformedBundle] = transformed
+ }
+ return m, nil
+}
+
+func expandGKEHub2FeatureFleetDefaultMemberConfigPolicycontrollerPolicyControllerHubConfigPolicyContentBundlesExemptedNamespaces(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ return v, nil
+}
+
func expandGKEHub2FeatureEffectiveLabels(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (map[string]string, error) {
if v == nil {
return map[string]string{}, nil
diff --git a/google-beta/services/gkehub2/resource_gke_hub_feature_test.go b/google-beta/services/gkehub2/resource_gke_hub_feature_test.go
index e1e74f7920..9574d2ef99 100644
--- a/google-beta/services/gkehub2/resource_gke_hub_feature_test.go
+++ b/google-beta/services/gkehub2/resource_gke_hub_feature_test.go
@@ -503,6 +503,169 @@ resource "google_gke_hub_feature" "feature" {
`, context)
}
+func TestAccGKEHubFeature_FleetDefaultMemberConfigPolicyController(t *testing.T) {
+ // VCR fails to handle batched project services
+ acctest.SkipIfVcr(t)
+ t.Parallel()
+
+ context := map[string]interface{}{
+ "random_suffix": acctest.RandString(t, 10),
+ "org_id": envvar.GetTestOrgFromEnv(t),
+ "billing_account": envvar.GetTestBillingAccountFromEnv(t),
+ }
+
+ acctest.VcrTest(t, resource.TestCase{
+ PreCheck: func() { acctest.AccTestPreCheck(t) },
+ ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+ CheckDestroy: testAccCheckGKEHubFeatureDestroyProducer(t),
+ Steps: []resource.TestStep{
+ {
+ Config: testAccGKEHubFeature_FleetDefaultMemberConfigPolicyController(context),
+ },
+ {
+ ResourceName: "google_gke_hub_feature.feature",
+ ImportState: true,
+ ImportStateVerify: true,
+ ImportStateVerifyIgnore: []string{"project", "update_time"},
+ },
+ {
+ Config: testAccGKEHubFeature_FleetDefaultMemberConfigPolicyControllerUpdate(context),
+ },
+ {
+ ResourceName: "google_gke_hub_feature.feature",
+ ImportState: true,
+ ImportStateVerify: true,
+ },
+ {
+ Config: testAccGKEHubFeature_FleetDefaultMemberConfigPolicyControllerUpdateSetEmpty(context),
+ },
+ {
+ ResourceName: "google_gke_hub_feature.feature",
+ ImportState: true,
+ ImportStateVerify: true,
+ },
+ },
+ })
+}
+
+func testAccGKEHubFeature_FleetDefaultMemberConfigPolicyController(context map[string]interface{}) string {
+ return gkeHubFeatureProjectSetupForGA(context) + acctest.Nprintf(`
+resource "google_gke_hub_feature" "feature" {
+ name = "policycontroller"
+ location = "global"
+ fleet_default_member_config {
+ policycontroller {
+ policy_controller_hub_config {
+ install_spec = "INSTALL_SPEC_ENABLED"
+ exemptable_namespaces = ["foo"]
+ policy_content {
+ bundles {
+ bundle = "policy-essentials-v2022"
+ exempted_namespaces = ["foo", "bar"]
+ }
+ }
+ audit_interval_seconds = 30
+ referential_rules_enabled = true
+ }
+ }
+ }
+ depends_on = [google_project_service.anthos, google_project_service.gkehub, google_project_service.poco]
+ project = google_project.project.project_id
+}
+`, context)
+}
+
+func testAccGKEHubFeature_FleetDefaultMemberConfigPolicyControllerUpdate(context map[string]interface{}) string {
+ return gkeHubFeatureProjectSetupForGA(context) + acctest.Nprintf(`
+resource "google_gke_hub_feature" "feature" {
+ name = "policycontroller"
+ location = "global"
+ fleet_default_member_config {
+ policycontroller {
+ policy_controller_hub_config {
+ install_spec = "INSTALL_SPEC_SUSPENDED"
+ policy_content {
+ bundles {
+ bundle = "pci-dss-v3.2.1"
+ exempted_namespaces = ["baz", "bar"]
+ }
+ bundles {
+ bundle = "nist-sp-800-190"
+ exempted_namespaces = []
+ }
+ template_library {
+ installation = "ALL"
+ }
+ }
+ constraint_violation_limit = 50
+ referential_rules_enabled = true
+ log_denies_enabled = true
+ mutation_enabled = true
+ deployment_configs {
+ component = "admission"
+ replica_count = 2
+ pod_affinity = "ANTI_AFFINITY"
+ }
+ deployment_configs {
+ component = "audit"
+ container_resources {
+ limits {
+ memory = "1Gi"
+ cpu = "1.5"
+ }
+ requests {
+ memory = "500Mi"
+ cpu = "150m"
+ }
+ }
+ pod_toleration {
+ key = "key1"
+ operator = "Equal"
+ value = "value1"
+ effect = "NoSchedule"
+ }
+ }
+ monitoring {
+ backends = [
+ "PROMETHEUS"
+ ]
+ }
+ }
+ }
+ }
+ depends_on = [google_project_service.anthos, google_project_service.gkehub, google_project_service.poco]
+ project = google_project.project.project_id
+}
+`, context)
+}
+
+func testAccGKEHubFeature_FleetDefaultMemberConfigPolicyControllerUpdateSetEmpty(context map[string]interface{}) string {
+ return gkeHubFeatureProjectSetupForGA(context) + acctest.Nprintf(`
+resource "google_gke_hub_feature" "feature" {
+ name = "policycontroller"
+ location = "global"
+ fleet_default_member_config {
+ policycontroller {
+ policy_controller_hub_config {
+ install_spec = "INSTALL_SPEC_ENABLED"
+ policy_content {}
+ constraint_violation_limit = 50
+ referential_rules_enabled = true
+ log_denies_enabled = true
+ mutation_enabled = true
+ deployment_configs {
+ component = "admission"
+ }
+ monitoring {}
+ }
+ }
+ }
+ depends_on = [google_project_service.anthos, google_project_service.gkehub, google_project_service.poco]
+ project = google_project.project.project_id
+}
+`, context)
+}
+
func TestAccGKEHubFeature_gkehubFeatureMcsd(t *testing.T) {
// VCR fails to handle batched project services
acctest.SkipIfVcr(t)
@@ -594,6 +757,11 @@ resource "google_project_service" "acm" {
service = "anthosconfigmanagement.googleapis.com"
}
+resource "google_project_service" "poco" {
+ project = google_project.project.project_id
+ service = "anthospolicycontroller.googleapis.com"
+}
+
resource "google_project_service" "mcsd" {
project = google_project.project.project_id
service = "multiclusterservicediscovery.googleapis.com"
diff --git a/website/docs/r/gke_hub_feature.html.markdown b/website/docs/r/gke_hub_feature.html.markdown
index 89bd68e5e3..85cb9c9801 100644
--- a/website/docs/r/gke_hub_feature.html.markdown
+++ b/website/docs/r/gke_hub_feature.html.markdown
@@ -168,6 +168,121 @@ resource "google_gke_hub_feature" "feature" {
}
}
```
+## Example Usage - Enable Fleet Default Member Config Policycontroller
+
+
+```hcl
+resource "google_gke_hub_feature" "feature" {
+ name = "policycontroller"
+ location = "global"
+ fleet_default_member_config {
+ policycontroller {
+ policy_controller_hub_config {
+ install_spec = "INSTALL_SPEC_ENABLED"
+ exemptable_namespaces = ["foo"]
+ policy_content {
+ bundles {
+ bundle = "policy-essentials-v2022"
+ exempted_namespaces = ["foo", "bar"]
+ }
+ template_library {
+ installation = "ALL"
+ }
+ }
+ audit_interval_seconds = 30
+ referential_rules_enabled = true
+ }
+ }
+ }
+}
+```
+## Example Usage - Enable Fleet Default Member Config Policycontroller Update
+
+
+```hcl
+resource "google_gke_hub_feature" "feature" {
+ name = "policycontroller"
+ location = "global"
+ fleet_default_member_config {
+ policycontroller {
+ policy_controller_hub_config {
+ install_spec = "INSTALL_SPEC_SUSPENDED"
+ policy_content {
+ bundles {
+ bundle = "pci-dss-v3.2.1"
+ exempted_namespaces = ["baz", "bar"]
+ }
+ bundles {
+ bundle = "nist-sp-800-190"
+ exempted_namespaces = []
+ }
+ template_library {
+ installation = "ALL"
+ }
+ }
+ constraint_violation_limit = 50
+ referential_rules_enabled = true
+ log_denies_enabled = true
+ mutation_enabled = true
+ deployment_configs {
+ component = "admission"
+ replica_count = 2
+ pod_affinity = "ANTI_AFFINITY"
+ }
+ deployment_configs {
+ component = "audit"
+ container_resources {
+ limits {
+ memory = "1Gi"
+ cpu = "1.5"
+ }
+ requests {
+ memory = "500Mi"
+ cpu = "150m"
+ }
+ }
+ pod_toleration {
+ key = "key1"
+ operator = "Equal"
+ value = "value1"
+ effect = "NoSchedule"
+ }
+ }
+ monitoring {
+ backends = [
+ "PROMETHEUS"
+ ]
+ }
+ }
+ }
+ }
+}
+```
+## Example Usage - Enable Fleet Default Member Config Policycontroller Set Empty
+
+
+```hcl
+resource "google_gke_hub_feature" "feature" {
+ name = "policycontroller"
+ location = "global"
+ fleet_default_member_config {
+ policycontroller {
+ policy_controller_hub_config {
+ install_spec = "INSTALL_SPEC_ENABLED"
+ policy_content {}
+ constraint_violation_limit = 50
+ referential_rules_enabled = true
+ log_denies_enabled = true
+ mutation_enabled = true
+ deployment_configs {
+ component = "admission"
+ }
+ monitoring {}
+ }
+ }
+ }
+}
+```
## Argument Reference
@@ -272,6 +387,11 @@ The following arguments are supported:
Config Management spec
Structure is [documented below](#nested_configmanagement).
+* `policycontroller` -
+ (Optional)
+ Policy Controller spec
+ Structure is [documented below](#nested_policycontroller).
+
The `mesh` block supports:
@@ -365,6 +485,175 @@ The following arguments are supported:
(Optional)
Version of ACM installed
+The `policycontroller` block supports:
+
+* `version` -
+ (Optional)
+ Configures the version of Policy Controller
+
+* `policy_controller_hub_config` -
+ (Required)
+ Configuration of Policy Controller
+ Structure is [documented below](#nested_policy_controller_hub_config).
+
+
+The `policy_controller_hub_config` block supports:
+
+* `install_spec` -
+ (Required)
+ Configures the mode of the Policy Controller installation
+ Possible values are: `INSTALL_SPEC_UNSPECIFIED`, `INSTALL_SPEC_NOT_INSTALLED`, `INSTALL_SPEC_ENABLED`, `INSTALL_SPEC_SUSPENDED`, `INSTALL_SPEC_DETACHED`.
+
+* `audit_interval_seconds` -
+ (Optional)
+ Interval for Policy Controller Audit scans (in seconds). When set to 0, this disables audit functionality altogether.
+
+* `exemptable_namespaces` -
+ (Optional)
+ The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.
+
+* `log_denies_enabled` -
+ (Optional)
+ Logs all denies and dry run failures.
+
+* `mutation_enabled` -
+ (Optional)
+ Enables the ability to mutate resources using Policy Controller.
+
+* `referential_rules_enabled` -
+ (Optional)
+ Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.
+
+* `monitoring` -
+ (Optional)
+ Monitoring specifies the configuration of monitoring Policy Controller.
+ Structure is [documented below](#nested_monitoring).
+
+* `constraint_violation_limit` -
+ (Optional)
+ The maximum number of audit violations to be stored in a constraint. If not set, the internal default of 20 will be used.
+
+* `deployment_configs` -
+ (Optional)
+ Map of deployment configs to deployments ("admission", "audit", "mutation").
+ Structure is [documented below](#nested_deployment_configs).
+
+* `policy_content` -
+ (Optional)
+ Specifies the desired policy content on the cluster.
+ Structure is [documented below](#nested_policy_content).
+
+
+The `monitoring` block supports:
+
+* `backends` -
+ (Optional)
+ Specifies the list of backends Policy Controller will export to. An empty list would effectively disable metrics export.
+ Each value may be one of: `MONITORING_BACKEND_UNSPECIFIED`, `PROMETHEUS`, `CLOUD_MONITORING`.
+
+The `deployment_configs` block supports:
+
+* `component` - (Required) The identifier for this object. Format specified above.
+
+* `replica_count` -
+ (Optional)
+ Pod replica count.
+
+* `container_resources` -
+ (Optional)
+ Container resource requirements.
+ Structure is [documented below](#nested_container_resources).
+
+* `pod_affinity` -
+ (Optional)
+ Pod affinity configuration.
+ Possible values are: `AFFINITY_UNSPECIFIED`, `NO_AFFINITY`, `ANTI_AFFINITY`.
+
+* `pod_toleration` -
+ (Optional)
+ Pod tolerations of node taints.
+ Structure is [documented below](#nested_pod_toleration).
+
+
+The `container_resources` block supports:
+
+* `limits` -
+ (Optional)
+ Limits describes the maximum amount of compute resources allowed for use by the running container.
+ Structure is [documented below](#nested_limits).
+
+* `requests` -
+ (Optional)
+ Requests describes the amount of compute resources reserved for the container by the kube-scheduler.
+ Structure is [documented below](#nested_requests).
+
+
+The `limits` block supports:
+
+* `memory` -
+ (Optional)
+ Memory requirement expressed in Kubernetes resource units.
+
+* `cpu` -
+ (Optional)
+ CPU requirement expressed in Kubernetes resource units.
+
+The `requests` block supports:
+
+* `memory` -
+ (Optional)
+ Memory requirement expressed in Kubernetes resource units.
+
+* `cpu` -
+ (Optional)
+ CPU requirement expressed in Kubernetes resource units.
+
+The `pod_toleration` block supports:
+
+* `key` -
+ (Optional)
+ Matches a taint key (not necessarily unique).
+
+* `operator` -
+ (Optional)
+ Matches a taint operator.
+
+* `value` -
+ (Optional)
+ Matches a taint value.
+
+* `effect` -
+ (Optional)
+ Matches a taint effect.
+
+The `policy_content` block supports:
+
+* `template_library` -
+ (Optional)
+ Configures the installation of the Template Library.
+ Structure is [documented below](#nested_template_library).
+
+* `bundles` -
+ (Optional)
+ Configures which bundles to install and their corresponding install specs.
+ Structure is [documented below](#nested_bundles).
+
+
+The `template_library` block supports:
+
+* `installation` -
+ (Optional)
+ Configures the manner in which the template library is installed on the cluster.
+ Possible values are: `INSTALATION_UNSPECIFIED`, `NOT_INSTALLED`, `ALL`.
+
+The `bundles` block supports:
+
+* `bundle` - (Required) The identifier for this object. Format specified above.
+
+* `exempted_namespaces` -
+ (Optional)
+ The set of namespaces to be exempted from the bundle.
+
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported: