From 9c2191eca6582f9f2be3fe941afdf26eb03d78e4 Mon Sep 17 00:00:00 2001 From: Will Yardley Date: Wed, 9 Oct 2024 08:38:59 -0700 Subject: [PATCH] fix: allow changing `enable_identity_service` value in place (#2132) --- README.md | 2 +- autogen/main/cluster.tf.tmpl | 2 +- autogen/main/variables.tf.tmpl | 2 +- cluster.tf | 2 +- modules/beta-private-cluster-update-variant/README.md | 2 +- modules/beta-private-cluster-update-variant/cluster.tf | 2 +- modules/beta-private-cluster-update-variant/variables.tf | 2 +- modules/beta-private-cluster/README.md | 2 +- modules/beta-private-cluster/cluster.tf | 2 +- modules/beta-private-cluster/variables.tf | 2 +- modules/beta-public-cluster-update-variant/README.md | 2 +- modules/beta-public-cluster-update-variant/cluster.tf | 2 +- modules/beta-public-cluster-update-variant/variables.tf | 2 +- modules/beta-public-cluster/README.md | 2 +- modules/beta-public-cluster/cluster.tf | 2 +- modules/beta-public-cluster/variables.tf | 2 +- modules/private-cluster-update-variant/README.md | 2 +- modules/private-cluster-update-variant/cluster.tf | 2 +- modules/private-cluster-update-variant/variables.tf | 2 +- modules/private-cluster/README.md | 2 +- modules/private-cluster/cluster.tf | 2 +- modules/private-cluster/variables.tf | 2 +- variables.tf | 2 +- 23 files changed, 23 insertions(+), 23 deletions(-) diff --git a/README.md b/README.md index 02d01fbf31..6520607820 100644 --- a/README.md +++ b/README.md @@ -166,7 +166,7 @@ Then perform the following commands on the root folder: | enable\_confidential\_nodes | An optional flag to enable confidential node config. | `bool` | `false` | no | | enable\_cost\_allocation | Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery | `bool` | `false` | no | | enable\_default\_node\_pools\_metadata | Whether to enable the default node pools metadata key-value pairs such as `cluster_name` and `node_pool` | `bool` | `true` | no | -| enable\_identity\_service | Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no | +| enable\_identity\_service | (Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no | | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no | | enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no | | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no | diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl index 8f8a25c51e..87683c6bda 100644 --- a/autogen/main/cluster.tf.tmpl +++ b/autogen/main/cluster.tf.tmpl @@ -219,7 +219,7 @@ resource "google_container_cluster" "primary" { {% if autopilot_cluster != true %} dynamic "identity_service_config" { - for_each = var.enable_identity_service ? [var.enable_identity_service] : [] + for_each = var.enable_identity_service !=null ? [var.enable_identity_service] : [] content { enabled = identity_service_config.value } diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl index 90f82987ab..8a0666a82d 100644 --- a/autogen/main/variables.tf.tmpl +++ b/autogen/main/variables.tf.tmpl @@ -960,7 +960,7 @@ variable "enable_gcfs" { {% if autopilot_cluster != true %} variable "enable_identity_service" { type = bool - description = "Enable the Identity Service component, which allows customers to use external identity providers with the K8S API." + description = "(Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API." default = false } {% endif %} diff --git a/cluster.tf b/cluster.tf index 74f4c733b2..bc3ff4bf47 100644 --- a/cluster.tf +++ b/cluster.tf @@ -174,7 +174,7 @@ resource "google_container_cluster" "primary" { } dynamic "identity_service_config" { - for_each = var.enable_identity_service ? [var.enable_identity_service] : [] + for_each = var.enable_identity_service != null ? [var.enable_identity_service] : [] content { enabled = identity_service_config.value } diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index a8e7996627..892f57c723 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -204,7 +204,7 @@ Then perform the following commands on the root folder: | enable\_default\_node\_pools\_metadata | Whether to enable the default node pools metadata key-value pairs such as `cluster_name` and `node_pool` | `bool` | `true` | no | | enable\_fqdn\_network\_policy | Enable FQDN Network Policies on the cluster | `bool` | `null` | no | | enable\_gcfs | (Beta) Enable image streaming on cluster level. | `bool` | `false` | no | -| enable\_identity\_service | Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no | +| enable\_identity\_service | (Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no | | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no | | enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no | | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no | diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf index 5b020c4b8b..74d7cca8db 100644 --- a/modules/beta-private-cluster-update-variant/cluster.tf +++ b/modules/beta-private-cluster-update-variant/cluster.tf @@ -181,7 +181,7 @@ resource "google_container_cluster" "primary" { } dynamic "identity_service_config" { - for_each = var.enable_identity_service ? [var.enable_identity_service] : [] + for_each = var.enable_identity_service != null ? [var.enable_identity_service] : [] content { enabled = identity_service_config.value } diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf index 19c405fe8d..195db8f643 100644 --- a/modules/beta-private-cluster-update-variant/variables.tf +++ b/modules/beta-private-cluster-update-variant/variables.tf @@ -910,7 +910,7 @@ variable "enable_gcfs" { variable "enable_identity_service" { type = bool - description = "Enable the Identity Service component, which allows customers to use external identity providers with the K8S API." + description = "(Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API." default = false } diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index 5d5ff6779a..9fb426c846 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -182,7 +182,7 @@ Then perform the following commands on the root folder: | enable\_default\_node\_pools\_metadata | Whether to enable the default node pools metadata key-value pairs such as `cluster_name` and `node_pool` | `bool` | `true` | no | | enable\_fqdn\_network\_policy | Enable FQDN Network Policies on the cluster | `bool` | `null` | no | | enable\_gcfs | (Beta) Enable image streaming on cluster level. | `bool` | `false` | no | -| enable\_identity\_service | Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no | +| enable\_identity\_service | (Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no | | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no | | enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no | | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no | diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf index 7bd4bf90cc..364aff70b8 100644 --- a/modules/beta-private-cluster/cluster.tf +++ b/modules/beta-private-cluster/cluster.tf @@ -181,7 +181,7 @@ resource "google_container_cluster" "primary" { } dynamic "identity_service_config" { - for_each = var.enable_identity_service ? [var.enable_identity_service] : [] + for_each = var.enable_identity_service != null ? [var.enable_identity_service] : [] content { enabled = identity_service_config.value } diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf index 19c405fe8d..195db8f643 100644 --- a/modules/beta-private-cluster/variables.tf +++ b/modules/beta-private-cluster/variables.tf @@ -910,7 +910,7 @@ variable "enable_gcfs" { variable "enable_identity_service" { type = bool - description = "Enable the Identity Service component, which allows customers to use external identity providers with the K8S API." + description = "(Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API." default = false } diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md index 777c5cfd37..1e52d6f676 100644 --- a/modules/beta-public-cluster-update-variant/README.md +++ b/modules/beta-public-cluster-update-variant/README.md @@ -197,7 +197,7 @@ Then perform the following commands on the root folder: | enable\_default\_node\_pools\_metadata | Whether to enable the default node pools metadata key-value pairs such as `cluster_name` and `node_pool` | `bool` | `true` | no | | enable\_fqdn\_network\_policy | Enable FQDN Network Policies on the cluster | `bool` | `null` | no | | enable\_gcfs | (Beta) Enable image streaming on cluster level. | `bool` | `false` | no | -| enable\_identity\_service | Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no | +| enable\_identity\_service | (Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no | | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no | | enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no | | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no | diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf index f4069a8183..3d30888ad6 100644 --- a/modules/beta-public-cluster-update-variant/cluster.tf +++ b/modules/beta-public-cluster-update-variant/cluster.tf @@ -181,7 +181,7 @@ resource "google_container_cluster" "primary" { } dynamic "identity_service_config" { - for_each = var.enable_identity_service ? [var.enable_identity_service] : [] + for_each = var.enable_identity_service != null ? [var.enable_identity_service] : [] content { enabled = identity_service_config.value } diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf index 64ff4d60c0..e926a9568c 100644 --- a/modules/beta-public-cluster-update-variant/variables.tf +++ b/modules/beta-public-cluster-update-variant/variables.tf @@ -874,7 +874,7 @@ variable "enable_gcfs" { variable "enable_identity_service" { type = bool - description = "Enable the Identity Service component, which allows customers to use external identity providers with the K8S API." + description = "(Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API." default = false } diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md index 4442628e76..b0700b78ea 100644 --- a/modules/beta-public-cluster/README.md +++ b/modules/beta-public-cluster/README.md @@ -175,7 +175,7 @@ Then perform the following commands on the root folder: | enable\_default\_node\_pools\_metadata | Whether to enable the default node pools metadata key-value pairs such as `cluster_name` and `node_pool` | `bool` | `true` | no | | enable\_fqdn\_network\_policy | Enable FQDN Network Policies on the cluster | `bool` | `null` | no | | enable\_gcfs | (Beta) Enable image streaming on cluster level. | `bool` | `false` | no | -| enable\_identity\_service | Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no | +| enable\_identity\_service | (Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no | | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no | | enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no | | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no | diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf index 4f5f017c50..3112ac56e8 100644 --- a/modules/beta-public-cluster/cluster.tf +++ b/modules/beta-public-cluster/cluster.tf @@ -181,7 +181,7 @@ resource "google_container_cluster" "primary" { } dynamic "identity_service_config" { - for_each = var.enable_identity_service ? [var.enable_identity_service] : [] + for_each = var.enable_identity_service != null ? [var.enable_identity_service] : [] content { enabled = identity_service_config.value } diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf index 64ff4d60c0..e926a9568c 100644 --- a/modules/beta-public-cluster/variables.tf +++ b/modules/beta-public-cluster/variables.tf @@ -874,7 +874,7 @@ variable "enable_gcfs" { variable "enable_identity_service" { type = bool - description = "Enable the Identity Service component, which allows customers to use external identity providers with the K8S API." + description = "(Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API." default = false } diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index 63b5bfcbaf..3fb72c548c 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -195,7 +195,7 @@ Then perform the following commands on the root folder: | enable\_confidential\_nodes | An optional flag to enable confidential node config. | `bool` | `false` | no | | enable\_cost\_allocation | Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery | `bool` | `false` | no | | enable\_default\_node\_pools\_metadata | Whether to enable the default node pools metadata key-value pairs such as `cluster_name` and `node_pool` | `bool` | `true` | no | -| enable\_identity\_service | Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no | +| enable\_identity\_service | (Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no | | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no | | enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no | | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no | diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf index 53220a99fd..5dc2ac967f 100644 --- a/modules/private-cluster-update-variant/cluster.tf +++ b/modules/private-cluster-update-variant/cluster.tf @@ -174,7 +174,7 @@ resource "google_container_cluster" "primary" { } dynamic "identity_service_config" { - for_each = var.enable_identity_service ? [var.enable_identity_service] : [] + for_each = var.enable_identity_service != null ? [var.enable_identity_service] : [] content { enabled = identity_service_config.value } diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf index 74a97127fe..728b64ad7d 100644 --- a/modules/private-cluster-update-variant/variables.tf +++ b/modules/private-cluster-update-variant/variables.tf @@ -827,7 +827,7 @@ variable "enable_l4_ilb_subsetting" { variable "enable_identity_service" { type = bool - description = "Enable the Identity Service component, which allows customers to use external identity providers with the K8S API." + description = "(Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API." default = false } diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index 8b6b6184d5..6b68e9bff5 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -173,7 +173,7 @@ Then perform the following commands on the root folder: | enable\_confidential\_nodes | An optional flag to enable confidential node config. | `bool` | `false` | no | | enable\_cost\_allocation | Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery | `bool` | `false` | no | | enable\_default\_node\_pools\_metadata | Whether to enable the default node pools metadata key-value pairs such as `cluster_name` and `node_pool` | `bool` | `true` | no | -| enable\_identity\_service | Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no | +| enable\_identity\_service | (Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no | | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no | | enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no | | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no | diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf index 551d94a2f9..ed33e87b2a 100644 --- a/modules/private-cluster/cluster.tf +++ b/modules/private-cluster/cluster.tf @@ -174,7 +174,7 @@ resource "google_container_cluster" "primary" { } dynamic "identity_service_config" { - for_each = var.enable_identity_service ? [var.enable_identity_service] : [] + for_each = var.enable_identity_service != null ? [var.enable_identity_service] : [] content { enabled = identity_service_config.value } diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf index 74a97127fe..728b64ad7d 100644 --- a/modules/private-cluster/variables.tf +++ b/modules/private-cluster/variables.tf @@ -827,7 +827,7 @@ variable "enable_l4_ilb_subsetting" { variable "enable_identity_service" { type = bool - description = "Enable the Identity Service component, which allows customers to use external identity providers with the K8S API." + description = "(Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API." default = false } diff --git a/variables.tf b/variables.tf index 5e802430ee..4e415d1aab 100644 --- a/variables.tf +++ b/variables.tf @@ -791,7 +791,7 @@ variable "enable_l4_ilb_subsetting" { variable "enable_identity_service" { type = bool - description = "Enable the Identity Service component, which allows customers to use external identity providers with the K8S API." + description = "(Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API." default = false }