Moving database_encryption variable under beta module

marko7460 · marko7460 · commit 378aef7e9468 · 2019-06-24T08:16:51.000-07:00
diff --git a/README.md b/README.md
@@ -116,7 +116,6 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 |------|-------------|:----:|:-----:|:-----:|
 | basic\_auth\_password | The password to be used with Basic Authentication. | string | `""` | no |
 | basic\_auth\_username | The username to be used with Basic Authentication. An empty value will disable Basic Authentication, which is the recommended configuration. | string | `""` | no |
-| database\_encryption | Application-layer Secrets Encryption settings. Example:   database_encryption = [{     state = "ENCRYPTED",     key_name = "projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key"   }] | list | `<list>` | no |
 | description | The description of the cluster | string | `""` | no |
 | disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | string | `"true"` | no |
 | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | string | `"true"` | no |
@@ -197,7 +196,6 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
 - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x
 #### Terraform and Plugins
 - [Terraform](https://www.terraform.io/downloads.html) 0.11.x
-- [terraform-provider-google-beta](https://github.com/terraform-providers/terraform-provider-google-beta) v2.3, v2.6, v2.7
 - [terraform-provider-google](https://github.com/terraform-providers/terraform-provider-google) v2.3, v2.6, v2.7
 
 ### Configure a Service Account
diff --git a/autogen/README.md b/autogen/README.md
@@ -143,7 +143,9 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
 - [Terraform](https://www.terraform.io/downloads.html) 0.11.x
 {% if private_cluster or beta_cluster %}
 - [terraform-provider-google-beta](https://github.com/terraform-providers/terraform-provider-google-beta) v2.3, v2.6, v2.7
+{% else %}
 - [terraform-provider-google](https://github.com/terraform-providers/terraform-provider-google) v2.3, v2.6, v2.7
+{% endif %}
 
 ### Configure a Service Account
 In order to execute this module you must have a Service Account with the
diff --git a/autogen/cluster_regional.tf b/autogen/cluster_regional.tf
@@ -121,7 +121,9 @@ resource "google_container_cluster" "primary" {
   }
 {% endif %}
   remove_default_node_pool = "${var.remove_default_node_pool}"
+{% if beta_cluster %}
   database_encryption      = ["${var.database_encryption}"]
+{% endif %}
 }
 
 /******************************************
diff --git a/autogen/cluster_zonal.tf b/autogen/cluster_zonal.tf
@@ -121,7 +121,9 @@ resource "google_container_cluster" "zonal_primary" {
   }
 {% endif %}
   remove_default_node_pool = "${var.remove_default_node_pool}"
+{% if beta_cluster %}
   database_encryption      = ["${var.database_encryption}"]
+{% endif %}
 }
 
 /******************************************
diff --git a/autogen/variables.tf b/autogen/variables.tf
@@ -284,6 +284,21 @@ variable "cloudrun" {
   description = "(Beta) Enable CloudRun addon"
   default     = false
 }
+
+variable "database_encryption" {
+  description = <<EOF
+  Application-layer Secrets Encryption settings. Example:
+  database_encryption = [{
+    state = "ENCRYPTED",
+    key_name = "projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key"
+  }]
+  EOF
+  type        = "list"
+  default     = [{
+    state     = "DECRYPTED"
+    key_name  = ""
+  }]
+}
 {% endif %}
 
 variable "basic_auth_username" {
@@ -299,19 +314,4 @@ variable "basic_auth_password" {
 variable "issue_client_certificate" {
   description = "Issues a client certificate to authenticate to the cluster endpoint. To maximize the security of your cluster, leave this option disabled. Client certificates don't automatically rotate and aren't easily revocable. WARNING: changing this after cluster creation is destructive!"
   default     = "false"
-}
-
-variable "database_encryption" {
-  description = <<EOF
-  Application-layer Secrets Encryption settings. Example:
-  database_encryption = [{
-    state = "ENCRYPTED",
-    key_name = "projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key"
-  }]
-  EOF
-  type        = "list"
-  default     = [{
-    state     = "DECRYPTED"
-    key_name  = ""
-  }]
 }
diff --git a/cluster_regional.tf b/cluster_regional.tf
@@ -20,7 +20,7 @@
   Create regional cluster
  *****************************************/
 resource "google_container_cluster" "primary" {
-  provider    = "google-beta"
+  provider    = "google"
   count       = "${var.regional ? 1 : 0}"
   name        = "${var.name}"
   description = "${var.description}"
@@ -101,7 +101,6 @@ resource "google_container_cluster" "primary" {
     }
   }
   remove_default_node_pool = "${var.remove_default_node_pool}"
-  database_encryption      = ["${var.database_encryption}"]
 }
 
 /******************************************
diff --git a/cluster_zonal.tf b/cluster_zonal.tf
@@ -20,7 +20,7 @@
   Create zonal cluster
  *****************************************/
 resource "google_container_cluster" "zonal_primary" {
-  provider    = "google-beta"
+  provider    = "google"
   count       = "${var.regional ? 0 : 1}"
   name        = "${var.name}"
   description = "${var.description}"
@@ -101,7 +101,6 @@ resource "google_container_cluster" "zonal_primary" {
     }
   }
   remove_default_node_pool = "${var.remove_default_node_pool}"
-  database_encryption      = ["${var.database_encryption}"]
 }
 
 /******************************************
diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md
@@ -124,6 +124,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | basic\_auth\_password | The password to be used with Basic Authentication. | string | `""` | no |
 | basic\_auth\_username | The username to be used with Basic Authentication. An empty value will disable Basic Authentication, which is the recommended configuration. | string | `""` | no |
 | cloudrun | (Beta) Enable CloudRun addon | string | `"false"` | no |
+| database\_encryption | Application-layer Secrets Encryption settings. Example:   database_encryption = [{     state = "ENCRYPTED",     key_name = "projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key"   }] | list | `<list>` | no |
 | deploy\_using\_private\_endpoint | (Beta) A toggle for Terraform and kubectl to connect to the master's internal IP address during deployment. | string | `"false"` | no |
 | description | The description of the cluster | string | `""` | no |
 | disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | string | `"true"` | no |
diff --git a/modules/beta-private-cluster/cluster_regional.tf b/modules/beta-private-cluster/cluster_regional.tf
@@ -115,6 +115,7 @@ resource "google_container_cluster" "primary" {
     master_ipv4_cidr_block  = "${var.master_ipv4_cidr_block}"
   }
   remove_default_node_pool = "${var.remove_default_node_pool}"
+  database_encryption      = ["${var.database_encryption}"]
 }
 
 /******************************************
diff --git a/modules/beta-private-cluster/cluster_zonal.tf b/modules/beta-private-cluster/cluster_zonal.tf
@@ -115,6 +115,7 @@ resource "google_container_cluster" "zonal_primary" {
     master_ipv4_cidr_block  = "${var.master_ipv4_cidr_block}"
   }
   remove_default_node_pool = "${var.remove_default_node_pool}"
+  database_encryption      = ["${var.database_encryption}"]
 }
 
 /******************************************
diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf
@@ -280,6 +280,23 @@ variable "cloudrun" {
   default     = false
 }
 
+variable "database_encryption" {
+  description = <<EOF
+  Application-layer Secrets Encryption settings. Example:
+  database_encryption = [{
+    state = "ENCRYPTED",
+    key_name = "projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key"
+  }]
+  EOF
+
+  type = "list"
+
+  default = [{
+    state    = "DECRYPTED"
+    key_name = ""
+  }]
+}
+
 variable "basic_auth_username" {
   description = "The username to be used with Basic Authentication. An empty value will disable Basic Authentication, which is the recommended configuration."
   default     = ""
diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md
@@ -119,6 +119,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | basic\_auth\_password | The password to be used with Basic Authentication. | string | `""` | no |
 | basic\_auth\_username | The username to be used with Basic Authentication. An empty value will disable Basic Authentication, which is the recommended configuration. | string | `""` | no |
 | cloudrun | (Beta) Enable CloudRun addon | string | `"false"` | no |
+| database\_encryption | Application-layer Secrets Encryption settings. Example:   database_encryption = [{     state = "ENCRYPTED",     key_name = "projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key"   }] | list | `<list>` | no |
 | description | The description of the cluster | string | `""` | no |
 | disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | string | `"true"` | no |
 | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | string | `"true"` | no |
diff --git a/modules/beta-public-cluster/cluster_regional.tf b/modules/beta-public-cluster/cluster_regional.tf
@@ -108,6 +108,7 @@ resource "google_container_cluster" "primary" {
     }
   }
   remove_default_node_pool = "${var.remove_default_node_pool}"
+  database_encryption      = ["${var.database_encryption}"]
 }
 
 /******************************************
diff --git a/modules/beta-public-cluster/cluster_zonal.tf b/modules/beta-public-cluster/cluster_zonal.tf
@@ -108,6 +108,7 @@ resource "google_container_cluster" "zonal_primary" {
     }
   }
   remove_default_node_pool = "${var.remove_default_node_pool}"
+  database_encryption      = ["${var.database_encryption}"]
 }
 
 /******************************************
diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf
@@ -237,7 +237,6 @@ variable "service_account" {
   default     = "create"
 }
 
-
 variable "istio" {
   description = "(Beta) Enable Istio addon"
   default     = false
@@ -248,6 +247,23 @@ variable "cloudrun" {
   default     = false
 }
 
+variable "database_encryption" {
+  description = <<EOF
+  Application-layer Secrets Encryption settings. Example:
+  database_encryption = [{
+    state = "ENCRYPTED",
+    key_name = "projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key"
+  }]
+  EOF
+
+  type = "list"
+
+  default = [{
+    state    = "DECRYPTED"
+    key_name = ""
+  }]
+}
+
 variable "basic_auth_username" {
   description = "The username to be used with Basic Authentication. An empty value will disable Basic Authentication, which is the recommended configuration."
   default     = ""
diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md
@@ -121,7 +121,6 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 |------|-------------|:----:|:-----:|:-----:|
 | basic\_auth\_password | The password to be used with Basic Authentication. | string | `""` | no |
 | basic\_auth\_username | The username to be used with Basic Authentication. An empty value will disable Basic Authentication, which is the recommended configuration. | string | `""` | no |
-| database\_encryption | Application-layer Secrets Encryption settings. Example:   database_encryption = [{     state = "ENCRYPTED",     key_name = "projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key"   }] | list | `<list>` | no |
 | deploy\_using\_private\_endpoint | (Beta) A toggle for Terraform and kubectl to connect to the master's internal IP address during deployment. | string | `"false"` | no |
 | description | The description of the cluster | string | `""` | no |
 | disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | string | `"true"` | no |
@@ -210,7 +209,6 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
 #### Terraform and Plugins
 - [Terraform](https://www.terraform.io/downloads.html) 0.11.x
 - [terraform-provider-google-beta](https://github.com/terraform-providers/terraform-provider-google-beta) v2.3, v2.6, v2.7
-- [terraform-provider-google](https://github.com/terraform-providers/terraform-provider-google) v2.3, v2.6, v2.7
 
 ### Configure a Service Account
 In order to execute this module you must have a Service Account with the
diff --git a/modules/private-cluster/cluster_regional.tf b/modules/private-cluster/cluster_regional.tf
@@ -108,7 +108,6 @@ resource "google_container_cluster" "primary" {
     master_ipv4_cidr_block  = "${var.master_ipv4_cidr_block}"
   }
   remove_default_node_pool = "${var.remove_default_node_pool}"
-  database_encryption      = ["${var.database_encryption}"]
 }
 
 /******************************************
diff --git a/modules/private-cluster/cluster_zonal.tf b/modules/private-cluster/cluster_zonal.tf
@@ -108,7 +108,6 @@ resource "google_container_cluster" "zonal_primary" {
     master_ipv4_cidr_block  = "${var.master_ipv4_cidr_block}"
   }
   remove_default_node_pool = "${var.remove_default_node_pool}"
-  database_encryption      = ["${var.database_encryption}"]
 }
 
 /******************************************
diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf
@@ -284,20 +284,3 @@ variable "issue_client_certificate" {
   description = "Issues a client certificate to authenticate to the cluster endpoint. To maximize the security of your cluster, leave this option disabled. Client certificates don't automatically rotate and aren't easily revocable. WARNING: changing this after cluster creation is destructive!"
   default     = "false"
 }
-
-variable "database_encryption" {
-  description = <<EOF
-  Application-layer Secrets Encryption settings. Example:
-  database_encryption = [{
-    state = "ENCRYPTED",
-    key_name = "projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key"
-  }]
-  EOF
-
-  type = "list"
-
-  default = [{
-    state    = "DECRYPTED"
-    key_name = ""
-  }]
-}
diff --git a/variables.tf b/variables.tf
@@ -252,19 +252,4 @@ variable "basic_auth_password" {
 variable "issue_client_certificate" {
   description = "Issues a client certificate to authenticate to the cluster endpoint. To maximize the security of your cluster, leave this option disabled. Client certificates don't automatically rotate and aren't easily revocable. WARNING: changing this after cluster creation is destructive!"
   default     = "false"
-}
-
-variable "database_encryption" {
-  description = <<EOF
-  Application-layer Secrets Encryption settings. Example:
-  database_encryption = [{
-    state = "ENCRYPTED",
-    key_name = "projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key"
-  }]
-  EOF
-  type        = "list"
-  default     = [{
-    state     = "DECRYPTED"
-    key_name  = ""
-  }]
 }

Original file line number	Diff line number	Diff line change
`@@ -121,7 +121,9 @@ resource "google_container_cluster" "primary" {`
`121`	`121`	`}`
`122`	`122`	`{% endif %}`
`123`	`123`	`remove_default_node_pool = "${var.remove_default_node_pool}"`
	`124`	`+{% if beta_cluster %}`
`124`	`125`	`database_encryption = ["${var.database_encryption}"]`
	`126`	`+{% endif %}`
`125`	`127`	`}`
`126`	`128`
`127`	`129`	`/******************************************`
Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,7 @@`
`20`	`20`	`Create regional cluster`
`21`	`21`	`*****************************************/`
`22`	`22`	`resource "google_container_cluster" "primary" {`
`23`		`- provider = "google-beta"`
	`23`	`+ provider = "google"`
`24`	`24`	`count = "${var.regional ? 1 : 0}"`
`25`	`25`	`name = "${var.name}"`
`26`	`26`	`description = "${var.description}"`
`@@ -101,7 +101,6 @@ resource "google_container_cluster" "primary" {`
`101`	`101`	`}`
`102`	`102`	`}`
`103`	`103`	`remove_default_node_pool = "${var.remove_default_node_pool}"`
`104`		`- database_encryption = ["${var.database_encryption}"]`
`105`	`104`	`}`
`106`	`105`
`107`	`106`	`/******************************************`
Original file line number	Diff line number	Diff line change
`@@ -115,6 +115,7 @@ resource "google_container_cluster" "primary" {`
`115`	`115`	`master_ipv4_cidr_block = "${var.master_ipv4_cidr_block}"`
`116`	`116`	`}`
`117`	`117`	`remove_default_node_pool = "${var.remove_default_node_pool}"`
	`118`	`+ database_encryption = ["${var.database_encryption}"]`
`118`	`119`	`}`
`119`	`120`
`120`	`121`	`/******************************************`