Merge pull request terraform-google-modules#237 from sylvioneto/master

Make workload_identity_config dynamic

README.md

@@ -389,3 +389,4 @@ command.
 [terraform-provider-google]: https://github.com/terraform-providers/terraform-provider-google
 [3.0.0]: https://registry.terraform.io/modules/terraform-google-modules/kubernetes-engine/google/3.0.0
 [terraform-0.12-upgrade]: https://www.terraform.io/upgrade-guides/0-12.html
+

autogen/cluster.tf

@@ -182,8 +182,12 @@ resource "google_container_cluster" "primary" {
     }
   }
 
-  workload_identity_config {
-    identity_namespace = var.identity_namespace
+  dynamic "workload_identity_config" {
+    for_each = local.cluster_workload_identity_config
+
+    content {
+      identity_namespace = workload_identity_config.value.identity_namespace
+    }
   }
 {% endif %}
 }

autogen/main.tf

@@ -136,6 +136,9 @@ locals {
   cluster_pod_security_policy_enabled      = local.cluster_output_pod_security_policy_enabled
   cluster_intranode_visibility_enabled     = local.cluster_output_intranode_visbility_enabled
   cluster_vertical_pod_autoscaling_enabled = local.cluster_output_vertical_pod_autoscaling_enabled
+  cluster_workload_identity_config         = var.identity_namespace == "" ? [] : [{
+    identity_namespace = var.identity_namespace
+  }]
   # /BETA features
 {% endif %}
 }

autogen/variables.tf

@@ -378,9 +378,10 @@ variable "enable_intranode_visibility" {
 }
 
 variable "identity_namespace" {
-  type        = string
   description = "Workload Identity namespace"
+  type        = string
   default     = ""
 }
 
+
 {% endif %}

examples/deploy_service/main.tf

@@ -19,12 +19,12 @@ locals {
 }
 
 provider "google" {
-  version = "~> 2.9.0"
+  version = "~> 2.12.0"
   region  = var.region
 }
 
 provider "google-beta" {
-  version = "~> 2.9.0"
+  version = "~> 2.12.0"
   region  = var.region
 }
 

examples/disable_client_cert/main.tf

@@ -19,12 +19,12 @@ locals {
 }
 
 provider "google" {
-  version = "~> 2.9.0"
+  version = "~> 2.12.0"
   region  = var.region
 }
 
 provider "google-beta" {
-  version = "~> 2.9.0"
+  version = "~> 2.12.0"
   region  = var.region
 }
 

examples/node_pool/main.tf

@@ -19,12 +19,12 @@ locals {
 }
 
 provider "google" {
-  version = "~> 2.9.0"
+  version = "~> 2.12.0"
   region  = var.region
 }
 
 provider "google-beta" {
-  version = "~> 2.9.0"
+  version = "~> 2.12.0"
   region  = var.region
 }
 

examples/shared_vpc/main.tf

@@ -19,12 +19,12 @@ locals {
 }
 
 provider "google" {
-  version = "~> 2.9.0"
+  version = "~> 2.12.0"
   region  = var.region
 }
 
 provider "google-beta" {
-  version = "~> 2.9.0"
+  version = "~> 2.12.0"
   region  = var.region
 }
 

examples/simple_regional/main.tf

@@ -19,12 +19,12 @@ locals {
 }
 
 provider "google" {
-  version = "~> 2.9.0"
+  version = "~> 2.12.0"
   region  = var.region
 }
 
 provider "google-beta" {
-  version = "~> 2.9.0"
+  version = "~> 2.12.0"
   region  = var.region
 }
 

examples/simple_regional_beta/main.tf

@@ -19,13 +19,13 @@ locals {
 }
 
 provider "google" {
-  version     = "~> 2.9.0"
+  version     = "~> 2.12.0"
   credentials = file(var.credentials_path)
   region      = var.region
 }
 
 provider "google-beta" {
-  version     = "~> 2.9.0"
+  version     = "~> 2.12.0"
   credentials = file(var.credentials_path)
   region      = var.region
 }

examples/simple_regional_private/main.tf

@@ -19,7 +19,7 @@ locals {
 }
 
 provider "google-beta" {
-  version = "~> 2.9.0"
+  version = "~> 2.12.0"
   region  = var.region
 }
 

examples/simple_regional_private_beta/main.tf

@@ -19,7 +19,7 @@ locals {
 }
 
 provider "google-beta" {
-  version     = "~> 2.9.0"
+  version     = "~> 2.12.0"
   credentials = file(var.credentials_path)
   region      = var.region
 }

examples/simple_zonal/main.tf

@@ -19,12 +19,12 @@ locals {
 }
 
 provider "google" {
-  version = "~> 2.9.0"
+  version = "~> 2.12.0"
   region  = var.region
 }
 
 provider "google-beta" {
-  version = "~> 2.9.0"
+  version = "~> 2.12.0"
   region  = var.region
 }
 

examples/simple_zonal_private/main.tf

@@ -19,7 +19,7 @@ locals {
 }
 
 provider "google-beta" {
-  version = "~> 2.9.0"
+  version = "~> 2.12.0"
   region  = var.region
 }
 

examples/stub_domains/main.tf

@@ -19,12 +19,12 @@ locals {
 }
 
 provider "google" {
-  version = "~> 2.9.0"
+  version = "~> 2.12.0"
   region  = var.region
 }
 
 provider "google-beta" {
-  version = "~> 2.9.0"
+  version = "~> 2.12.0"
   region  = var.region
 }
 

examples/stub_domains_private/main.tf

@@ -15,7 +15,7 @@
  */
 
 provider "google-beta" {
-  version = "~> 2.9.0"
+  version = "~> 2.12.0"
   region  = var.region
 }
 

examples/stub_domains_upstream_nameservers/main.tf

@@ -19,12 +19,12 @@ locals {
 }
 
 provider "google" {
-  version = "~> 2.9.0"
+  version = "~> 2.12.0"
   region  = var.region
 }
 
 provider "google-beta" {
-  version = "~> 2.9.0"
+  version = "~> 2.12.0"
   region  = var.region
 }
 

examples/upstream_nameservers/main.tf

@@ -19,12 +19,12 @@ locals {
 }
 
 provider "google" {
-  version = "~> 2.9.0"
+  version = "~> 2.12.0"
   region  = var.region
 }
 
 provider "google-beta" {
-  version = "~> 2.9.0"
+  version = "~> 2.12.0"
   region  = var.region
 }
 

examples/workload_metadata_config/main.tf

@@ -19,7 +19,7 @@ locals {
 }
 
 provider "google-beta" {
-  version = "~> 2.9.0"
+  version = "~> 2.12.0"
   region  = var.region
 }
 

modules/beta-private-cluster/cluster.tf

@@ -169,8 +169,12 @@ resource "google_container_cluster" "primary" {
     }
   }
 
-  workload_identity_config {
-    identity_namespace = var.identity_namespace
+  dynamic "workload_identity_config" {
+    for_each = local.cluster_workload_identity_config
+
+    content {
+      identity_namespace = workload_identity_config.value.identity_namespace
+    }
   }
 }
 

modules/beta-private-cluster/main.tf

@@ -123,6 +123,9 @@ locals {
   cluster_pod_security_policy_enabled      = local.cluster_output_pod_security_policy_enabled
   cluster_intranode_visibility_enabled     = local.cluster_output_intranode_visbility_enabled
   cluster_vertical_pod_autoscaling_enabled = local.cluster_output_vertical_pod_autoscaling_enabled
+  cluster_workload_identity_config = var.identity_namespace == "" ? [] : [{
+    identity_namespace = var.identity_namespace
+  }]
   # /BETA features
 }
 

modules/beta-private-cluster/variables.tf

@@ -375,8 +375,9 @@ variable "enable_vertical_pod_autoscaling" {
 }
 
 variable "identity_namespace" {
-  type        = string
   description = "Workload Identity namespace"
+  type        = string
   default     = ""
 }
 
+

modules/beta-public-cluster/cluster.tf

@@ -164,8 +164,12 @@ resource "google_container_cluster" "primary" {
     }
   }
 
-  workload_identity_config {
-    identity_namespace = var.identity_namespace
+  dynamic "workload_identity_config" {
+    for_each = local.cluster_workload_identity_config
+
+    content {
+      identity_namespace = workload_identity_config.value.identity_namespace
+    }
   }
 }
 

modules/beta-public-cluster/main.tf

@@ -123,6 +123,9 @@ locals {
   cluster_pod_security_policy_enabled      = local.cluster_output_pod_security_policy_enabled
   cluster_intranode_visibility_enabled     = local.cluster_output_intranode_visbility_enabled
   cluster_vertical_pod_autoscaling_enabled = local.cluster_output_vertical_pod_autoscaling_enabled
+  cluster_workload_identity_config = var.identity_namespace == "" ? [] : [{
+    identity_namespace = var.identity_namespace
+  }]
   # /BETA features
 }
 

modules/beta-public-cluster/variables.tf

@@ -351,8 +351,9 @@ variable "enable_vertical_pod_autoscaling" {
 }
 
 variable "identity_namespace" {
-  type        = string
   description = "Workload Identity namespace"
+  type        = string
   default     = ""
 }
 
+