-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat!: enabling vulnerability and audit modes for workloads #1749
feat!: enabling vulnerability and audit modes for workloads #1749
Conversation
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
variable "workload_vulnerability_mode" { | ||
description = "(beta) Vulnerability mode." | ||
type = string | ||
default = "" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are these new default values going to cause a replacement for existing clusters? Could we use null
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
workload_config_audit_mode
cannot be null
. This value is required. I got this message setting the value as null
.
The argument "protect_config.0.workload_config.0.audit_mode" is required, but no definition was found.
workload_vulnerability_mode
has the same behavior using an empty string or null value. I got a change in the tfstate only when DISABLED
or BASIC
is used.
~ protect_config {
~ workload_vulnerability_mode = "WORKLOAD_VULNERABILITY_MODE_UNSPECIFIED" -> "DISABLED"
}
and
~ protect_config {
~ workload_vulnerability_mode = "WORKLOAD_VULNERABILITY_MODE_UNSPECIFIED" -> "BASIC"
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@apeabody , what do you think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @mmorejon - Yeah, for simplicity, I recommend we just go with default = ""
and mark this as a breaking change.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done. I set back the default value to empty.
/gcbrun |
50b5e1b
to
415769f
Compare
Do you have any other suggestions? @apeabody |
Signed-off-by: Manuel Morejon <[email protected]>
Signed-off-by: Manuel Morejon <[email protected]>
Signed-off-by: Manuel Morejon <[email protected]>
Signed-off-by: Manuel Morejon <[email protected]>
415769f
to
86355a8
Compare
/gcbrun |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the contribution @mmorejon!
…m-google-modules#1749) Signed-off-by: Manuel Morejon <[email protected]>
Enable vulnerability and audit modes for workloads.