updates

terraform-google-modules · Jun 26, 2019 · e6566ec · e6566ec
1 parent 70a4775
commit e6566ec
Show file tree

Hide file tree

Showing 13 changed files with 48 additions and 72 deletions.
diff --git a/autogen/main.tf b/autogen/main.tf
@@ -144,6 +144,7 @@ locals {
     regional = "${element(concat(google_container_cluster.primary.*.pod_security_policy_config.0.enabled, list("")), 0)}"
     zonal    = "${element(concat(google_container_cluster.zonal_primary.*.pod_security_policy_config.0.enabled, list("")), 0)}"
   }
+
   cluster_type_output_binary_authorization_enabled = {
     regional = "${element(concat(google_container_cluster.primary.*.enable_binary_authorization.0.enabled, list("")), 0)}"
     zonal    = "${element(concat(google_container_cluster.zonal_primary.*.enable_binary_authorization.0.enabled, list("")), 0)}"
@@ -185,10 +186,10 @@ locals {
   # BETA features
   cluster_istio_enabled    = "${local.cluster_type_output_istio_enabled[local.cluster_type] ? false : true}"
   cluster_cloudrun_enabled = "${local.cluster_type_output_cloudrun_enabled[local.cluster_type] ? false : true}"
-  # /BETA features
-{% endif %}
-{% if private_cluster %}
+
   cluster_pod_security_policy_enabled        = "${local.cluster_type_output_pod_security_policy_enabled[local.cluster_type] ? true : false}"
+  cluster_binary_authorization_enabled       = "${local.cluster_type_output_binary_authorization_enabled[local.cluster_type] ? true : false}"
+  # /BETA features
 {% endif %}
 }
 

diff --git a/autogen/outputs.tf b/autogen/outputs.tf
@@ -113,7 +113,6 @@ output "service_account" {
   value       = "${local.service_account}"
 }
 {% if beta_cluster %}
-
 output "istio_enabled" {
   description = "Whether Istio is enabled"
   value       = "${local.cluster_istio_enabled}"
@@ -129,14 +128,8 @@ output "pod_security_policy_enabled" {
   value       = "${local.cluster_pod_security_policy_enabled}"
 }
 
-output "pod_security_policy_enabled" {
-  description = "Whether pod security policy is enabled"
-  value       = "${local.cluster_pod_security_policy_enabled}"
-}
-
 output "enable_binary_authorization" {
   description = "Enable BinAuthZ Admission controller"
   value       = "${local.cluster_binary_authorization_enabled}"
 }
-
 {% endif %}
diff --git a/autogen/variables.tf b/autogen/variables.tf
@@ -86,22 +86,6 @@ variable "master_authorized_networks_config" {
   default = []
 }
 
-{% if beta_cluster %}
-variable "enable_binary_authorization" {
-  description = "Enable BinAuthZ Admission controller"
-  default     = false
-}
-
-variable "pod_security_policy_config" {
-  description = "enabled - Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created."
-
-  default     = [{
-    "enabled" = false
-  }]
-}
-{% endif %}
-
-
 variable "horizontal_pod_autoscaling" {
   description = "Enable horizontal pod autoscaling addon"
   default     = true
@@ -300,6 +284,19 @@ variable "database_encryption" {
     key_name  = ""
   }]
 }
+
+variable "enable_binary_authorization" {
+  description = "Enable BinAuthZ Admission controller"
+  default     = false
+}
+
+variable "pod_security_policy_config" {
+  description = "enabled - Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created."
+
+  default     = [{
+    "enabled" = false
+  }]
+}
 {% endif %}
 
 variable "basic_auth_username" {

diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md
@@ -194,7 +194,6 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | node\_pools\_names | List of node pools names |
 | node\_pools\_versions | List of node pools versions |
 | pod\_security\_policy\_enabled | Whether pod security policy is enabled |
-| pod\_security\_policy\_enabled | Whether pod security policy is enabled |
 | region | Cluster region |
 | service\_account | The service account to default running nodes as if not overridden in `node_pools`. |
 | type | Cluster type (regional / zonal) |

diff --git a/modules/beta-private-cluster/main.tf b/modules/beta-private-cluster/main.tf
@@ -176,8 +176,10 @@ locals {
   # BETA features
   cluster_istio_enabled    = "${local.cluster_type_output_istio_enabled[local.cluster_type] ? false : true}"
   cluster_cloudrun_enabled = "${local.cluster_type_output_cloudrun_enabled[local.cluster_type] ? false : true}"
+  cluster_pod_security_policy_enabled  = "${local.cluster_type_output_pod_security_policy_enabled[local.cluster_type] ? true : false}"
+  cluster_binary_authorization_enabled = "${local.cluster_type_output_binary_authorization_enabled[local.cluster_type] ? true : false}"
+
   # /BETA features
-  cluster_pod_security_policy_enabled = "${local.cluster_type_output_pod_security_policy_enabled[local.cluster_type] ? true : false}"
 }
 
 /******************************************

diff --git a/modules/beta-private-cluster/outputs.tf b/modules/beta-private-cluster/outputs.tf
@@ -112,7 +112,6 @@ output "service_account" {
   description = "The service account to default running nodes as if not overridden in `node_pools`."
   value       = "${local.service_account}"
 }
-
 output "istio_enabled" {
   description = "Whether Istio is enabled"
   value       = "${local.cluster_istio_enabled}"
@@ -128,13 +127,7 @@ output "pod_security_policy_enabled" {
   value       = "${local.cluster_pod_security_policy_enabled}"
 }
 
-output "pod_security_policy_enabled" {
-  description = "Whether pod security policy is enabled"
-  value       = "${local.cluster_pod_security_policy_enabled}"
-}
-
 output "enable_binary_authorization" {
   description = "Enable BinAuthZ Admission controller"
   value       = "${local.cluster_binary_authorization_enabled}"
 }
-
diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf
@@ -86,19 +86,6 @@ variable "master_authorized_networks_config" {
   default = []
 }
 
-variable "enable_binary_authorization" {
-  description = "Enable BinAuthZ Admission controller"
-  default     = false
-}
-
-variable "pod_security_policy_config" {
-  description = "enabled - Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created."
-
-  default = [{
-    "enabled" = false
-  }]
-}
-
 variable "horizontal_pod_autoscaling" {
   description = "Enable horizontal pod autoscaling addon"
   default     = true
@@ -297,6 +284,19 @@ variable "database_encryption" {
   }]
 }
 
+variable "enable_binary_authorization" {
+  description = "Enable BinAuthZ Admission controller"
+  default     = false
+}
+
+variable "pod_security_policy_config" {
+  description = "enabled - Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created."
+
+  default = [{
+    "enabled" = false
+  }]
+}
+
 variable "basic_auth_username" {
   description = "The username to be used with Basic Authentication. An empty value will disable Basic Authentication, which is the recommended configuration."
   default     = ""

diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md
@@ -185,7 +185,6 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | node\_pools\_names | List of node pools names |
 | node\_pools\_versions | List of node pools versions |
 | pod\_security\_policy\_enabled | Whether pod security policy is enabled |
-| pod\_security\_policy\_enabled | Whether pod security policy is enabled |
 | region | Cluster region |
 | service\_account | The service account to default running nodes as if not overridden in `node_pools`. |
 | type | Cluster type (regional / zonal) |

diff --git a/modules/beta-public-cluster/main.tf b/modules/beta-public-cluster/main.tf
@@ -167,6 +167,8 @@ locals {
   # BETA features
   cluster_istio_enabled    = "${local.cluster_type_output_istio_enabled[local.cluster_type] ? false : true}"
   cluster_cloudrun_enabled = "${local.cluster_type_output_cloudrun_enabled[local.cluster_type] ? false : true}"
+  cluster_pod_security_policy_enabled  = "${local.cluster_type_output_pod_security_policy_enabled[local.cluster_type] ? true : false}"
+  cluster_binary_authorization_enabled = "${local.cluster_type_output_binary_authorization_enabled[local.cluster_type] ? true : false}"
 
   # /BETA features
 }

diff --git a/modules/beta-public-cluster/outputs.tf b/modules/beta-public-cluster/outputs.tf
@@ -112,7 +112,6 @@ output "service_account" {
   description = "The service account to default running nodes as if not overridden in `node_pools`."
   value       = "${local.service_account}"
 }
-
 output "istio_enabled" {
   description = "Whether Istio is enabled"
   value       = "${local.cluster_istio_enabled}"
@@ -128,13 +127,7 @@ output "pod_security_policy_enabled" {
   value       = "${local.cluster_pod_security_policy_enabled}"
 }
 
-output "pod_security_policy_enabled" {
-  description = "Whether pod security policy is enabled"
-  value       = "${local.cluster_pod_security_policy_enabled}"
-}
-
 output "enable_binary_authorization" {
   description = "Enable BinAuthZ Admission controller"
   value       = "${local.cluster_binary_authorization_enabled}"
 }
-
diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf
@@ -86,19 +86,6 @@ variable "master_authorized_networks_config" {
   default = []
 }
 
-variable "enable_binary_authorization" {
-  description = "Enable BinAuthZ Admission controller"
-  default     = false
-}
-
-variable "pod_security_policy_config" {
-  description = "enabled - Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created."
-
-  default = [{
-    "enabled" = false
-  }]
-}
-
 variable "horizontal_pod_autoscaling" {
   description = "Enable horizontal pod autoscaling addon"
   default     = true
@@ -277,6 +264,19 @@ variable "database_encryption" {
   }]
 }
 
+variable "enable_binary_authorization" {
+  description = "Enable BinAuthZ Admission controller"
+  default     = false
+}
+
+variable "pod_security_policy_config" {
+  description = "enabled - Enable the PodSecurityPolicy controller for this cluster. If enabled, pods must be valid under a PodSecurityPolicy to be created."
+
+  default = [{
+    "enabled" = false
+  }]
+}
+
 variable "basic_auth_username" {
   description = "The username to be used with Basic Authentication. An empty value will disable Basic Authentication, which is the recommended configuration."
   default     = ""

diff --git a/modules/private-cluster/main.tf b/modules/private-cluster/main.tf
@@ -153,7 +153,6 @@ locals {
   cluster_http_load_balancing_enabled        = "${local.cluster_type_output_http_load_balancing_enabled[local.cluster_type] ? false : true}"
   cluster_horizontal_pod_autoscaling_enabled = "${local.cluster_type_output_horizontal_pod_autoscaling_enabled[local.cluster_type] ? false : true}"
   cluster_kubernetes_dashboard_enabled       = "${local.cluster_type_output_kubernetes_dashboard_enabled[local.cluster_type] ? false : true}"
-  cluster_pod_security_policy_enabled        = "${local.cluster_type_output_pod_security_policy_enabled[local.cluster_type] ? true : false}"
 }
 
 /******************************************

diff --git a/variables.tf b/variables.tf
@@ -86,8 +86,6 @@ variable "master_authorized_networks_config" {
   default = []
 }
 
-
-
 variable "horizontal_pod_autoscaling" {
   description = "Enable horizontal pod autoscaling addon"
   default     = true