terraform-google-modules
diff --git a/‎modules/gke-autopilot-cluster/README.md‎
Lines changed: 3 additions & 3 deletions b/‎modules/gke-autopilot-cluster/README.md‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎modules/gke-autopilot-cluster/metadata.display.yaml‎
Lines changed: 0 additions & 4 deletions b/‎modules/gke-autopilot-cluster/metadata.display.yaml‎
Lines changed: 0 additions & 4 deletions
diff --git a/‎modules/gke-autopilot-cluster/metadata.yaml‎
Lines changed: 8 additions & 6 deletions b/‎modules/gke-autopilot-cluster/metadata.yaml‎
Lines changed: 8 additions & 6 deletions
diff --git a/‎modules/gke-autopilot-cluster/variables.tf‎
Lines changed: 6 additions & 8 deletions b/‎modules/gke-autopilot-cluster/variables.tf‎
Lines changed: 6 additions & 8 deletions
@@ -41,7 +41,7 @@ For a module with a complete configuration of a Google Cloud Platform Kubernetes
 | logging\_config | The GKE components exposing logs. Supported values include: SYSTEM\_COMPONENTS, APISERVER, CONTROLLER\_MANAGER, SCHEDULER, and WORKLOADS. | <pre>object({<br>    enable_components = optional(list(string))<br>  })</pre> | `null` | no |
 | maintenance\_policy | The maintenance policy to use for the cluster. | <pre>object({<br>    daily_maintenance_window = optional(object({<br>      start_time = optional(string)<br>    }))<br>    recurring_window = optional(object({<br>      start_time = optional(string)<br>      end_time   = optional(string)<br>      recurrence = optional(string)<br>    }))<br>    maintenance_exclusion = optional(list(object({<br>      exclusion_name = optional(string)<br>      start_time     = optional(string)<br>      end_time       = optional(string)<br>      exclusion_options = optional(object({<br>        scope = optional(string)<br>      }))<br>    })))<br>  })</pre> | <pre>{<br>  "daily_maintenance_window": {<br>    "start_time": "05:00"<br>  }<br>}</pre> | no |
 | master\_auth | The authentication information for accessing the Kubernetes master. | <pre>object({<br>    client_certificate_config = optional(object({<br>      issue_client_certificate = optional(bool)<br>    }))<br>  })</pre> | `null` | no |
-| master\_authorized\_networks\_config | The desired configuration options for master authorized networks. | <pre>object({<br>    cidr_blocks = optional(list(object({<br>      display_name = optional(string)<br>      cidr_block   = optional(string)<br>    })))<br>    gcp_public_cidrs_access_enabled      = optional(bool)<br>    private_endpoint_enforcement_enabled = optional(bool)<br>  })</pre> | `null` | no |
+| master\_authorized\_networks\_config | The desired configuration options for master authorized networks. | <pre>object({<br>    cidr_blocks = list(object({<br>      display_name = string<br>      cidr_block   = string<br>    }))<br>    gcp_public_cidrs_access_enabled      = optional(bool)<br>    private_endpoint_enforcement_enabled = optional(bool)<br>  })</pre> | n/a | yes |
 | mesh\_certificates | Configuration for the provisioning of managed mesh certificates. | <pre>object({<br>    enable_certificates = optional(bool)<br>  })</pre> | `null` | no |
 | min\_master\_version | The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the master version--use the read-only master\_version field to obtain a current version. If unset, the server's default version will be used. | `string` | `null` | no |
 | monitoring\_config | (Optional) The GKE components exposing metrics. Supported values include: SYSTEM\_COMPONENTS, APISERVER, SCHEDULER, CONTROLLER\_MANAGER, STORAGE, HPA, POD, DAEMONSET, DEPLOYMENT, STATEFULSET, KUBELET, CADVISOR, DCGM and JOBSET. | <pre>object({<br>    enable_components = optional(list(string))<br>  })</pre> | `null` | no |
@@ -54,7 +54,7 @@ For a module with a complete configuration of a Google Cloud Platform Kubernetes
 | pod\_security\_policy\_config | Configuration for the [PodSecurityPolicy](https://cloud.google.com/kubernetes-engine/docs/how-to/pod-security-policies) feature. | <pre>object({<br>    enabled = bool<br>  })</pre> | `null` | no |
 | private\_cluster\_config | Configuration for private clusters, clusters with private nodes. | <pre>object({<br>    enable_private_nodes        = optional(bool)<br>    enable_private_endpoint     = optional(bool)<br>    master_ipv4_cidr_block      = optional(string)<br>    private_endpoint_subnetwork = optional(string)<br>    master_global_access_config = optional(object({<br>      enabled = optional(bool)<br>    }))<br>  })</pre> | <pre>{<br>  "enable_private_endpoint": true,<br>  "enable_private_nodes": true,<br>  "master_global_access_config": {<br>    "enabled": true<br>  }<br>}</pre> | no |
 | private\_ipv6\_google\_access | The desired state of IPv6 access to Google Services. By default, no private IPv6 access to or from Google Services (all access will be via IPv4). | `string` | `null` | no |
-| project\_id | The ID of the project in which the resource belongs. If it is not provided, the provider project is used. | `string` | n/a | yes |
+| project\_id | The ID of the project in which the resource belongs. | `string` | n/a | yes |
 | protect\_config | Enable/Disable Protect API features for the cluster. | <pre>object({<br>    workload_config = object({<br>      audit_mode = string<br>    })<br>    workload_vulnerability_mode = optional(string)<br>  })</pre> | `null` | no |
 | release\_channel | The release channel of this cluster. Accepted values are `UNSPECIFIED`, `RAPID`, `REGULAR` and `STABLE`. Defaults to `REGULAR`. | <pre>object({<br>    channel = optional(string)<br>  })</pre> | <pre>{<br>  "channel": "REGULAR"<br>}</pre> | no |
 | resource\_labels | The GCE resource labels (a map of key/value pairs) to be applied to the cluster. Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field 'effective\_labels' for all of the labels present on the resource. | `map(string)` | `null` | no |
@@ -66,7 +66,7 @@ For a module with a complete configuration of a Google Cloud Platform Kubernetes
 | timeouts | Timeout for cluster operations. | <pre>object({<br>    create = optional(string)<br>    update = optional(string)<br>    delete = optional(string)<br>  })</pre> | <pre>{<br>  "create": "45m",<br>  "delete": "45m",<br>  "update": "45m"<br>}</pre> | no |
 | vertical\_pod\_autoscaling | Vertical Pod Autoscaling automatically adjusts the resources of pods controlled by it. | <pre>object({<br>    enabled = optional(bool)<br>  })</pre> | <pre>{<br>  "enabled": true<br>}</pre> | no |
 | workload\_alts\_config | Workload ALTS configuration for the cluster. Whether the alts handshaker should be enabled or not for direct-path. Requires Workload Identity (workloadPool) must be non-empty | <pre>object({<br>    enable_alts = bool<br>  })</pre> | `null` | no |
-| workload\_identity\_config | Configuration for the use of Kubernetes Service Accounts in GCP IAM policies. | <pre>object({<br>    workload_pool = optional(string)<br>  })</pre> | `null` | no |
+| workload\_identity\_config | Configuration for the use of Kubernetes Service Accounts in GCP IAM policies. | <pre>object({<br>    workload_pool = string<br>  })</pre> | n/a | yes |
 
 ## Outputs
 
 
@@ -256,10 +256,6 @@ spec:
         master_authorized_networks_config:
           name: master_authorized_networks_config
           title: Master Authorized Networks Config
-          altDefaults:
-            - type: ALTERNATE_TYPE_DC
-              value:
-                private_endpoint_enforcement_enabled: true
         mesh_certificates:
           name: mesh_certificates
           title: Mesh Certificates
 
@@ -135,7 +135,7 @@ spec:
         varType: string
         defaultValue: ""
       - name: project_id
-        description: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
+        description: The ID of the project in which the resource belongs.
         varType: string
         required: true
       - name: location
@@ -277,13 +277,14 @@ spec:
         description: The desired configuration options for master authorized networks.
         varType: |-
           object({
-              cidr_blocks = optional(list(object({
-                display_name = optional(string)
-                cidr_block   = optional(string)
-              })))
+              cidr_blocks = list(object({
+                display_name = string
+                cidr_block   = string
+              }))
               gcp_public_cidrs_access_enabled      = optional(bool)
               private_endpoint_enforcement_enabled = optional(bool)
             })
+        required: true
       - name: min_master_version
         description: The minimum version of the master. GKE will auto-update the master to new versions, so this does not guarantee the master version--use the read-only master_version field to obtain a current version. If unset, the server's default version will be used.
         varType: string
@@ -426,8 +427,9 @@ spec:
         description: Configuration for the use of Kubernetes Service Accounts in GCP IAM policies.
         varType: |-
           object({
-              workload_pool = optional(string)
+              workload_pool = string
             })
+        required: true
       - name: identity_service_config
         description: Whether to enable the Identity Service component. It is disabled by default. Set enabled=true to enable.
         varType: |-
 
@@ -27,7 +27,7 @@ variable "description" {
 }
 
 variable "project_id" {
-  description = "The ID of the project in which the resource belongs. If it is not provided, the provider project is used."
+  description = "The ID of the project in which the resource belongs."
   type        = string
 }
 
@@ -203,14 +203,13 @@ variable "master_auth" {
 variable "master_authorized_networks_config" {
   description = "The desired configuration options for master authorized networks."
   type = object({
-    cidr_blocks = optional(list(object({
-      display_name = optional(string)
-      cidr_block   = optional(string)
-    })))
+    cidr_blocks = list(object({
+      display_name = string
+      cidr_block   = string
+    }))
     gcp_public_cidrs_access_enabled      = optional(bool)
     private_endpoint_enforcement_enabled = optional(bool)
   })
-  default = null
 }
 
 variable "min_master_version" {
@@ -394,9 +393,8 @@ variable "resource_usage_export_config" {
 variable "workload_identity_config" {
   description = "Configuration for the use of Kubernetes Service Accounts in GCP IAM policies."
   type = object({
-    workload_pool = optional(string)
+    workload_pool = string
   })
-  default = null
 }
 
 variable "identity_service_config" {