fix: resolve deprecation warning for binary authorization

enable_binary_authorization is now deprecated in favor of the
binary_authorization block. This preserves the module's interface, but
updates the underlying behavior

Fixes terraform-google-modules#1331

autogen/main/cluster.tf.tmpl

@@ -151,7 +151,14 @@ resource "google_container_cluster" "primary" {
   {% if autopilot_cluster != true %}
   default_max_pods_per_node = var.default_max_pods_per_node
   enable_shielded_nodes       = var.enable_shielded_nodes
-  enable_binary_authorization = var.enable_binary_authorization
+
+  dynamic "binary_authorization" {
+    for_each = var.enable_binary_authorization ? [var.enable_binary_authorization] : []
+    content {
+      evaluation_mode = "PROJECT_SINGLETON_POLICY_ENFORCE"
+    }
+  }
+
   {% if beta_cluster %}
   enable_intranode_visibility = var.enable_intranode_visibility
   enable_kubernetes_alpha     = var.enable_kubernetes_alpha

autogen/safer-cluster/main.tf.tmpl

@@ -148,7 +148,9 @@ module "gke" {
   database_encryption = var.database_encryption
 
   // We suggest to define policies about  which images can run on a cluster.
-  enable_binary_authorization = true
+  binary_authorization {
+    evaluation_mode = "PROJECT_SINGLETON_POLICY_ENFORCE"
+  }
 
   // Use of PodSecurityPolicy admission controller
   // https://cloud.google.com/kubernetes-engine/docs/how-to/pod-security-policies

cluster.tf

@@ -76,9 +76,16 @@ resource "google_container_cluster" "primary" {
   vertical_pod_autoscaling {
     enabled = var.enable_vertical_pod_autoscaling
   }
-  default_max_pods_per_node   = var.default_max_pods_per_node
-  enable_shielded_nodes       = var.enable_shielded_nodes
-  enable_binary_authorization = var.enable_binary_authorization
+  default_max_pods_per_node = var.default_max_pods_per_node
+  enable_shielded_nodes     = var.enable_shielded_nodes
+
+  dynamic "binary_authorization" {
+    for_each = var.enable_binary_authorization ? [var.enable_binary_authorization] : []
+    content {
+      evaluation_mode = "PROJECT_SINGLETON_POLICY_ENFORCE"
+    }
+  }
+
   dynamic "master_authorized_networks_config" {
     for_each = local.master_authorized_networks_config
     content {

modules/beta-private-cluster-update-variant/cluster.tf

@@ -116,9 +116,16 @@ resource "google_container_cluster" "primary" {
   vertical_pod_autoscaling {
     enabled = var.enable_vertical_pod_autoscaling
   }
-  default_max_pods_per_node   = var.default_max_pods_per_node
-  enable_shielded_nodes       = var.enable_shielded_nodes
-  enable_binary_authorization = var.enable_binary_authorization
+  default_max_pods_per_node = var.default_max_pods_per_node
+  enable_shielded_nodes     = var.enable_shielded_nodes
+
+  dynamic "binary_authorization" {
+    for_each = var.enable_binary_authorization ? [var.enable_binary_authorization] : []
+    content {
+      evaluation_mode = "PROJECT_SINGLETON_POLICY_ENFORCE"
+    }
+  }
+
   enable_intranode_visibility = var.enable_intranode_visibility
   enable_kubernetes_alpha     = var.enable_kubernetes_alpha
   enable_tpu                  = var.enable_tpu

modules/beta-private-cluster/cluster.tf

@@ -116,9 +116,16 @@ resource "google_container_cluster" "primary" {
   vertical_pod_autoscaling {
     enabled = var.enable_vertical_pod_autoscaling
   }
-  default_max_pods_per_node   = var.default_max_pods_per_node
-  enable_shielded_nodes       = var.enable_shielded_nodes
-  enable_binary_authorization = var.enable_binary_authorization
+  default_max_pods_per_node = var.default_max_pods_per_node
+  enable_shielded_nodes     = var.enable_shielded_nodes
+
+  dynamic "binary_authorization" {
+    for_each = var.enable_binary_authorization ? [var.enable_binary_authorization] : []
+    content {
+      evaluation_mode = "PROJECT_SINGLETON_POLICY_ENFORCE"
+    }
+  }
+
   enable_intranode_visibility = var.enable_intranode_visibility
   enable_kubernetes_alpha     = var.enable_kubernetes_alpha
   enable_tpu                  = var.enable_tpu

modules/beta-public-cluster-update-variant/cluster.tf

@@ -116,9 +116,16 @@ resource "google_container_cluster" "primary" {
   vertical_pod_autoscaling {
     enabled = var.enable_vertical_pod_autoscaling
   }
-  default_max_pods_per_node   = var.default_max_pods_per_node
-  enable_shielded_nodes       = var.enable_shielded_nodes
-  enable_binary_authorization = var.enable_binary_authorization
+  default_max_pods_per_node = var.default_max_pods_per_node
+  enable_shielded_nodes     = var.enable_shielded_nodes
+
+  dynamic "binary_authorization" {
+    for_each = var.enable_binary_authorization ? [var.enable_binary_authorization] : []
+    content {
+      evaluation_mode = "PROJECT_SINGLETON_POLICY_ENFORCE"
+    }
+  }
+
   enable_intranode_visibility = var.enable_intranode_visibility
   enable_kubernetes_alpha     = var.enable_kubernetes_alpha
   enable_tpu                  = var.enable_tpu

modules/beta-public-cluster/cluster.tf

@@ -116,9 +116,16 @@ resource "google_container_cluster" "primary" {
   vertical_pod_autoscaling {
     enabled = var.enable_vertical_pod_autoscaling
   }
-  default_max_pods_per_node   = var.default_max_pods_per_node
-  enable_shielded_nodes       = var.enable_shielded_nodes
-  enable_binary_authorization = var.enable_binary_authorization
+  default_max_pods_per_node = var.default_max_pods_per_node
+  enable_shielded_nodes     = var.enable_shielded_nodes
+
+  dynamic "binary_authorization" {
+    for_each = var.enable_binary_authorization ? [var.enable_binary_authorization] : []
+    content {
+      evaluation_mode = "PROJECT_SINGLETON_POLICY_ENFORCE"
+    }
+  }
+
   enable_intranode_visibility = var.enable_intranode_visibility
   enable_kubernetes_alpha     = var.enable_kubernetes_alpha
   enable_tpu                  = var.enable_tpu

modules/private-cluster-update-variant/cluster.tf

@@ -76,9 +76,16 @@ resource "google_container_cluster" "primary" {
   vertical_pod_autoscaling {
     enabled = var.enable_vertical_pod_autoscaling
   }
-  default_max_pods_per_node   = var.default_max_pods_per_node
-  enable_shielded_nodes       = var.enable_shielded_nodes
-  enable_binary_authorization = var.enable_binary_authorization
+  default_max_pods_per_node = var.default_max_pods_per_node
+  enable_shielded_nodes     = var.enable_shielded_nodes
+
+  dynamic "binary_authorization" {
+    for_each = var.enable_binary_authorization ? [var.enable_binary_authorization] : []
+    content {
+      evaluation_mode = "PROJECT_SINGLETON_POLICY_ENFORCE"
+    }
+  }
+
   dynamic "master_authorized_networks_config" {
     for_each = local.master_authorized_networks_config
     content {

modules/private-cluster/cluster.tf

@@ -76,9 +76,16 @@ resource "google_container_cluster" "primary" {
   vertical_pod_autoscaling {
     enabled = var.enable_vertical_pod_autoscaling
   }
-  default_max_pods_per_node   = var.default_max_pods_per_node
-  enable_shielded_nodes       = var.enable_shielded_nodes
-  enable_binary_authorization = var.enable_binary_authorization
+  default_max_pods_per_node = var.default_max_pods_per_node
+  enable_shielded_nodes     = var.enable_shielded_nodes
+
+  dynamic "binary_authorization" {
+    for_each = var.enable_binary_authorization ? [var.enable_binary_authorization] : []
+    content {
+      evaluation_mode = "PROJECT_SINGLETON_POLICY_ENFORCE"
+    }
+  }
+
   dynamic "master_authorized_networks_config" {
     for_each = local.master_authorized_networks_config
     content {

modules/safer-cluster-update-variant/main.tf

@@ -144,7 +144,9 @@ module "gke" {
   database_encryption = var.database_encryption
 
   // We suggest to define policies about  which images can run on a cluster.
-  enable_binary_authorization = true
+  binary_authorization {
+    evaluation_mode = "PROJECT_SINGLETON_POLICY_ENFORCE"
+  }
 
   // Use of PodSecurityPolicy admission controller
   // https://cloud.google.com/kubernetes-engine/docs/how-to/pod-security-policies

modules/safer-cluster/main.tf

@@ -144,7 +144,9 @@ module "gke" {
   database_encryption = var.database_encryption
 
   // We suggest to define policies about  which images can run on a cluster.
-  enable_binary_authorization = true
+  binary_authorization {
+    evaluation_mode = "PROJECT_SINGLETON_POLICY_ENFORCE"
+  }
 
   // Use of PodSecurityPolicy admission controller
   // https://cloud.google.com/kubernetes-engine/docs/how-to/pod-security-policies