From 1fd7184c5be51d183908499d3cb2392b551031a4 Mon Sep 17 00:00:00 2001
From: Andrew Peabody <andrewpeabody@google.com>
Date: Wed, 7 Sep 2022 11:30:00 -0700
Subject: [PATCH] feat: add enable_referential_rules variable (#1394)

---
 modules/acm/README.md    | 1 +
 modules/acm/feature.tf   | 2 +-
 modules/acm/variables.tf | 6 ++++++
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/modules/acm/README.md b/modules/acm/README.md
index 590848552..769bcf97b 100644
--- a/modules/acm/README.md
+++ b/modules/acm/README.md
@@ -72,6 +72,7 @@ data "google_client_config" "default" {}
 | enable\_fleet\_registration | Whether to create a new membership. | `bool` | `true` | no |
 | enable\_log\_denies | Whether to enable logging of all denies and dryrun failures for ACM Policy Controller. | `bool` | `false` | no |
 | enable\_policy\_controller | Whether to enable the ACM Policy Controller on the cluster | `bool` | `true` | no |
+| enable\_referential\_rules | Enables referential constraints which reference another object in it definition and are therefore eventually consistent. | `bool` | `true` | no |
 | hierarchy\_controller | Configurations for Hierarchy Controller. See [Hierarchy Controller docs](https://cloud.google.com/anthos-config-management/docs/how-to/installing-hierarchy-controller) for more details | `map(any)` | `null` | no |
 | install\_template\_library | Whether to install the default Policy Controller template library | `bool` | `true` | no |
 | location | GCP location used to reach cluster. | `string` | n/a | yes |
diff --git a/modules/acm/feature.tf b/modules/acm/feature.tf
index 4af03b07b..bd928551d 100644
--- a/modules/acm/feature.tf
+++ b/modules/acm/feature.tf
@@ -55,7 +55,7 @@ resource "google_gke_hub_feature_membership" "main" {
 
       content {
         enabled                    = true
-        referential_rules_enabled  = true
+        referential_rules_enabled  = var.enable_referential_rules
         template_library_installed = var.install_template_library
         log_denies_enabled         = var.enable_log_denies
       }
diff --git a/modules/acm/variables.tf b/modules/acm/variables.tf
index 6c576bb64..c225a45a7 100644
--- a/modules/acm/variables.tf
+++ b/modules/acm/variables.tf
@@ -127,3 +127,9 @@ variable "hierarchy_controller" {
   type        = map(any)
   default     = null
 }
+
+variable "enable_referential_rules" {
+  description = "Enables referential constraints which reference another object in it definition and are therefore eventually consistent."
+  type        = bool
+  default     = true
+}