Use existing var grant_registry_access

README.md

@@ -132,7 +132,6 @@ Then perform the following commands on the root folder:
 | firewall\_inbound\_ports | List of TCP ports for admission/webhook controllers | `list(string)` | <pre>[<br>  "8443",<br>  "9443",<br>  "15017"<br>]</pre> | no |
 | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no |
 | gcloud\_upgrade | Whether to upgrade gcloud at runtime | `bool` | `false` | no |
-| grant\_artifact\_registry\_access | Grants created cluster-specific service account artifactregistry.reader role. | `bool` | `false` | no |
 | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer role. | `bool` | `false` | no |
 | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no |
 | http\_load\_balancing | Enable httpload balancer addon | `bool` | `true` | no |
@@ -165,7 +164,7 @@ Then perform the following commands on the root folder:
 | project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes |
 | region | The region to host the cluster in (optional if zonal cluster / required if regional) | `string` | `null` | no |
 | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | `bool` | `true` | no |
-| registry\_project\_id | Project holding the Google Container Registry. If empty, we use the cluster project. If grant\_registry\_access is true, storage.objectViewer role is assigned on this project. If grant\_artifact\_registry\_access is true, artifactregistry.reader role is assigned on this project. | `string` | `""` | no |
+| registry\_project\_id | Project holding the Google Container Registry. If empty, we use the cluster project. If grant\_registry\_access is true, storage.objectViewer role is assigned on this project. | `string` | `""` | no |
 | release\_channel | The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `UNSPECIFIED`. | `string` | `null` | no |
 | remove\_default\_node\_pool | Remove default node pool while setting up the cluster | `bool` | `false` | no |
 | resource\_usage\_export\_dataset\_id | The ID of a BigQuery Dataset for using BigQuery as the destination of resource usage export. | `string` | `""` | no |

autogen/main/sa.tf.tmpl

@@ -77,7 +77,7 @@ resource "google_project_iam_member" "cluster_service_account-gcr" {
 }
 
 resource "google_project_iam_member" "cluster_service_account-artifact-registry" {
-  count   = var.create_service_account && var.grant_artifact_registry_access ? 1 : 0
+  count   = var.create_service_account && var.grant_registry_access ? 1 : 0
   project = var.registry_project_id == "" ? var.project_id : var.registry_project_id
   role    = "roles/artifactregistry.reader"
   member  = "serviceAccount:${google_service_account.cluster_service_account[0].email}"

autogen/main/variables.tf.tmpl

@@ -333,15 +333,9 @@ variable "grant_registry_access" {
   default     = false
 }
 
-variable "grant_artifact_registry_access" {
-  type        = bool
-  description = "Grants created cluster-specific service account artifactregistry.reader role."
-  default     = false
-}
-
 variable "registry_project_id" {
   type        = string
-  description = "Project holding the Google Container Registry. If empty, we use the cluster project. If grant_registry_access is true, storage.objectViewer role is assigned on this project. If grant_artifact_registry_access is true, artifactregistry.reader role is assigned on this project."
+  description = "Project holding the Google Container Registry. If empty, we use the cluster project. If grant_registry_access is true, storage.objectViewer role is assigned on this project."
   default     = ""
 }
 

autogen/safer-cluster/variables.tf.tmpl

@@ -208,15 +208,9 @@ variable "grant_registry_access" {
   default     = true
 }
 
-variable "grant_artifact_registry_access" {
-  type        = bool
-  description = "Grants created cluster-specific service account artifactregistry.reader role."
-  default     = false
-}
-
 variable "registry_project_id" {
   type        = string
-  description = "Project holding the Google Container Registry. If empty, we use the cluster project. If grant_registry_access is true, storage.objectViewer role is assigned on this project. If grant_artifact_registry_access is true, artifactregistry.reader role is assigned on this project."
+  description = "Project holding the Google Container Registry. If empty, we use the cluster project. If grant_registry_access is true, storage.objectViewer role is assigned on this project."
   default     = ""
 }
 

modules/beta-private-cluster-update-variant/README.md

@@ -178,7 +178,6 @@ Then perform the following commands on the root folder:
 | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no |
 | gce\_pd\_csi\_driver | (Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `false` | no |
 | gcloud\_upgrade | Whether to upgrade gcloud at runtime | `bool` | `false` | no |
-| grant\_artifact\_registry\_access | Grants created cluster-specific service account artifactregistry.reader role. | `bool` | `false` | no |
 | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer role. | `bool` | `false` | no |
 | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no |
 | http\_load\_balancing | Enable httpload balancer addon | `bool` | `true` | no |
@@ -218,7 +217,7 @@ Then perform the following commands on the root folder:
 | project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes |
 | region | The region to host the cluster in (optional if zonal cluster / required if regional) | `string` | `null` | no |
 | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | `bool` | `true` | no |
-| registry\_project\_id | Project holding the Google Container Registry. If empty, we use the cluster project. If grant\_registry\_access is true, storage.objectViewer role is assigned on this project. If grant\_artifact\_registry\_access is true, artifactregistry.reader role is assigned on this project. | `string` | `""` | no |
+| registry\_project\_id | Project holding the Google Container Registry. If empty, we use the cluster project. If grant\_registry\_access is true, storage.objectViewer role is assigned on this project. | `string` | `""` | no |
 | release\_channel | The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `UNSPECIFIED`. | `string` | `null` | no |
 | remove\_default\_node\_pool | Remove default node pool while setting up the cluster | `bool` | `false` | no |
 | resource\_usage\_export\_dataset\_id | The ID of a BigQuery Dataset for using BigQuery as the destination of resource usage export. | `string` | `""` | no |

modules/beta-private-cluster-update-variant/sa.tf

@@ -77,7 +77,7 @@ resource "google_project_iam_member" "cluster_service_account-gcr" {
 }
 
 resource "google_project_iam_member" "cluster_service_account-artifact-registry" {
-  count   = var.create_service_account && var.grant_artifact_registry_access ? 1 : 0
+  count   = var.create_service_account && var.grant_registry_access ? 1 : 0
   project = var.registry_project_id == "" ? var.project_id : var.registry_project_id
   role    = "roles/artifactregistry.reader"
   member  = "serviceAccount:${google_service_account.cluster_service_account[0].email}"

modules/beta-private-cluster-update-variant/variables.tf

@@ -323,15 +323,9 @@ variable "grant_registry_access" {
   default     = false
 }
 
-variable "grant_artifact_registry_access" {
-  type        = bool
-  description = "Grants created cluster-specific service account artifactregistry.reader role."
-  default     = false
-}
-
 variable "registry_project_id" {
   type        = string
-  description = "Project holding the Google Container Registry. If empty, we use the cluster project. If grant_registry_access is true, storage.objectViewer role is assigned on this project. If grant_artifact_registry_access is true, artifactregistry.reader role is assigned on this project."
+  description = "Project holding the Google Container Registry. If empty, we use the cluster project. If grant_registry_access is true, storage.objectViewer role is assigned on this project."
   default     = ""
 }
 

modules/beta-private-cluster/README.md

@@ -156,7 +156,6 @@ Then perform the following commands on the root folder:
 | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no |
 | gce\_pd\_csi\_driver | (Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `false` | no |
 | gcloud\_upgrade | Whether to upgrade gcloud at runtime | `bool` | `false` | no |
-| grant\_artifact\_registry\_access | Grants created cluster-specific service account artifactregistry.reader role. | `bool` | `false` | no |
 | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer role. | `bool` | `false` | no |
 | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no |
 | http\_load\_balancing | Enable httpload balancer addon | `bool` | `true` | no |
@@ -196,7 +195,7 @@ Then perform the following commands on the root folder:
 | project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes |
 | region | The region to host the cluster in (optional if zonal cluster / required if regional) | `string` | `null` | no |
 | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | `bool` | `true` | no |
-| registry\_project\_id | Project holding the Google Container Registry. If empty, we use the cluster project. If grant\_registry\_access is true, storage.objectViewer role is assigned on this project. If grant\_artifact\_registry\_access is true, artifactregistry.reader role is assigned on this project. | `string` | `""` | no |
+| registry\_project\_id | Project holding the Google Container Registry. If empty, we use the cluster project. If grant\_registry\_access is true, storage.objectViewer role is assigned on this project. | `string` | `""` | no |
 | release\_channel | The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `UNSPECIFIED`. | `string` | `null` | no |
 | remove\_default\_node\_pool | Remove default node pool while setting up the cluster | `bool` | `false` | no |
 | resource\_usage\_export\_dataset\_id | The ID of a BigQuery Dataset for using BigQuery as the destination of resource usage export. | `string` | `""` | no |

modules/beta-private-cluster/sa.tf

@@ -77,7 +77,7 @@ resource "google_project_iam_member" "cluster_service_account-gcr" {
 }
 
 resource "google_project_iam_member" "cluster_service_account-artifact-registry" {
-  count   = var.create_service_account && var.grant_artifact_registry_access ? 1 : 0
+  count   = var.create_service_account && var.grant_registry_access ? 1 : 0
   project = var.registry_project_id == "" ? var.project_id : var.registry_project_id
   role    = "roles/artifactregistry.reader"
   member  = "serviceAccount:${google_service_account.cluster_service_account[0].email}"

modules/beta-private-cluster/variables.tf

@@ -323,15 +323,9 @@ variable "grant_registry_access" {
   default     = false
 }
 
-variable "grant_artifact_registry_access" {
-  type        = bool
-  description = "Grants created cluster-specific service account artifactregistry.reader role."
-  default     = false
-}
-
 variable "registry_project_id" {
   type        = string
-  description = "Project holding the Google Container Registry. If empty, we use the cluster project. If grant_registry_access is true, storage.objectViewer role is assigned on this project. If grant_artifact_registry_access is true, artifactregistry.reader role is assigned on this project."
+  description = "Project holding the Google Container Registry. If empty, we use the cluster project. If grant_registry_access is true, storage.objectViewer role is assigned on this project."
   default     = ""
 }
 

modules/beta-public-cluster-update-variant/README.md

@@ -169,7 +169,6 @@ Then perform the following commands on the root folder:
 | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no |
 | gce\_pd\_csi\_driver | (Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `false` | no |
 | gcloud\_upgrade | Whether to upgrade gcloud at runtime | `bool` | `false` | no |
-| grant\_artifact\_registry\_access | Grants created cluster-specific service account artifactregistry.reader role. | `bool` | `false` | no |
 | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer role. | `bool` | `false` | no |
 | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no |
 | http\_load\_balancing | Enable httpload balancer addon | `bool` | `true` | no |
@@ -207,7 +206,7 @@ Then perform the following commands on the root folder:
 | project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes |
 | region | The region to host the cluster in (optional if zonal cluster / required if regional) | `string` | `null` | no |
 | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | `bool` | `true` | no |
-| registry\_project\_id | Project holding the Google Container Registry. If empty, we use the cluster project. If grant\_registry\_access is true, storage.objectViewer role is assigned on this project. If grant\_artifact\_registry\_access is true, artifactregistry.reader role is assigned on this project. | `string` | `""` | no |
+| registry\_project\_id | Project holding the Google Container Registry. If empty, we use the cluster project. If grant\_registry\_access is true, storage.objectViewer role is assigned on this project. | `string` | `""` | no |
 | release\_channel | The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `UNSPECIFIED`. | `string` | `null` | no |
 | remove\_default\_node\_pool | Remove default node pool while setting up the cluster | `bool` | `false` | no |
 | resource\_usage\_export\_dataset\_id | The ID of a BigQuery Dataset for using BigQuery as the destination of resource usage export. | `string` | `""` | no |

modules/beta-public-cluster-update-variant/sa.tf

@@ -77,7 +77,7 @@ resource "google_project_iam_member" "cluster_service_account-gcr" {
 }
 
 resource "google_project_iam_member" "cluster_service_account-artifact-registry" {
-  count   = var.create_service_account && var.grant_artifact_registry_access ? 1 : 0
+  count   = var.create_service_account && var.grant_registry_access ? 1 : 0
   project = var.registry_project_id == "" ? var.project_id : var.registry_project_id
   role    = "roles/artifactregistry.reader"
   member  = "serviceAccount:${google_service_account.cluster_service_account[0].email}"

modules/beta-public-cluster-update-variant/variables.tf

@@ -323,15 +323,9 @@ variable "grant_registry_access" {
   default     = false
 }
 
-variable "grant_artifact_registry_access" {
-  type        = bool
-  description = "Grants created cluster-specific service account artifactregistry.reader role."
-  default     = false
-}
-
 variable "registry_project_id" {
   type        = string
-  description = "Project holding the Google Container Registry. If empty, we use the cluster project. If grant_registry_access is true, storage.objectViewer role is assigned on this project. If grant_artifact_registry_access is true, artifactregistry.reader role is assigned on this project."
+  description = "Project holding the Google Container Registry. If empty, we use the cluster project. If grant_registry_access is true, storage.objectViewer role is assigned on this project."
   default     = ""
 }
 

modules/beta-public-cluster/README.md

@@ -147,7 +147,6 @@ Then perform the following commands on the root folder:
 | firewall\_priority | Priority rule for firewall rules | `number` | `1000` | no |
 | gce\_pd\_csi\_driver | (Beta) Whether this cluster should enable the Google Compute Engine Persistent Disk Container Storage Interface (CSI) Driver. | `bool` | `false` | no |
 | gcloud\_upgrade | Whether to upgrade gcloud at runtime | `bool` | `false` | no |
-| grant\_artifact\_registry\_access | Grants created cluster-specific service account artifactregistry.reader role. | `bool` | `false` | no |
 | grant\_registry\_access | Grants created cluster-specific service account storage.objectViewer role. | `bool` | `false` | no |
 | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | `bool` | `true` | no |
 | http\_load\_balancing | Enable httpload balancer addon | `bool` | `true` | no |
@@ -185,7 +184,7 @@ Then perform the following commands on the root folder:
 | project\_id | The project ID to host the cluster in (required) | `string` | n/a | yes |
 | region | The region to host the cluster in (optional if zonal cluster / required if regional) | `string` | `null` | no |
 | regional | Whether is a regional cluster (zonal cluster if set false. WARNING: changing this after cluster creation is destructive!) | `bool` | `true` | no |
-| registry\_project\_id | Project holding the Google Container Registry. If empty, we use the cluster project. If grant\_registry\_access is true, storage.objectViewer role is assigned on this project. If grant\_artifact\_registry\_access is true, artifactregistry.reader role is assigned on this project. | `string` | `""` | no |
+| registry\_project\_id | Project holding the Google Container Registry. If empty, we use the cluster project. If grant\_registry\_access is true, storage.objectViewer role is assigned on this project. | `string` | `""` | no |
 | release\_channel | The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `UNSPECIFIED`. | `string` | `null` | no |
 | remove\_default\_node\_pool | Remove default node pool while setting up the cluster | `bool` | `false` | no |
 | resource\_usage\_export\_dataset\_id | The ID of a BigQuery Dataset for using BigQuery as the destination of resource usage export. | `string` | `""` | no |

modules/beta-public-cluster/sa.tf

@@ -77,7 +77,7 @@ resource "google_project_iam_member" "cluster_service_account-gcr" {
 }
 
 resource "google_project_iam_member" "cluster_service_account-artifact-registry" {
-  count   = var.create_service_account && var.grant_artifact_registry_access ? 1 : 0
+  count   = var.create_service_account && var.grant_registry_access ? 1 : 0
   project = var.registry_project_id == "" ? var.project_id : var.registry_project_id
   role    = "roles/artifactregistry.reader"
   member  = "serviceAccount:${google_service_account.cluster_service_account[0].email}"

modules/beta-public-cluster/variables.tf

@@ -323,15 +323,9 @@ variable "grant_registry_access" {
   default     = false
 }
 
-variable "grant_artifact_registry_access" {
-  type        = bool
-  description = "Grants created cluster-specific service account artifactregistry.reader role."
-  default     = false
-}
-
 variable "registry_project_id" {
   type        = string
-  description = "Project holding the Google Container Registry. If empty, we use the cluster project. If grant_registry_access is true, storage.objectViewer role is assigned on this project. If grant_artifact_registry_access is true, artifactregistry.reader role is assigned on this project."
+  description = "Project holding the Google Container Registry. If empty, we use the cluster project. If grant_registry_access is true, storage.objectViewer role is assigned on this project."
   default     = ""
 }