terraform-google-modules
diff --git a/‎README.md
Lines changed: 1 addition & 1 deletion b/‎README.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎autogen/cluster.tf.tmpl
Lines changed: 1 addition & 1 deletion b/‎autogen/cluster.tf.tmpl
Lines changed: 1 addition & 1 deletion
diff --git a/‎autogen/main.tf.tmpl
Lines changed: 4 additions & 0 deletions b/‎autogen/main.tf.tmpl
Lines changed: 4 additions & 0 deletions
diff --git a/‎autogen/outputs.tf.tmpl
Lines changed: 1 addition & 1 deletion b/‎autogen/outputs.tf.tmpl
Lines changed: 1 addition & 1 deletion
diff --git a/‎autogen/variables.tf.tmpl
Lines changed: 3 additions & 3 deletions b/‎autogen/variables.tf.tmpl
Lines changed: 3 additions & 3 deletions
diff --git a/‎cluster.tf
Lines changed: 1 addition & 1 deletion b/‎cluster.tf
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/upgrading_to_v6.0.md
Lines changed: 37 additions & 0 deletions b/‎docs/upgrading_to_v6.0.md
Lines changed: 37 additions & 0 deletions
diff --git a/‎examples/node_pool_update_variant/main.tf
Lines changed: 3 additions & 7 deletions b/‎examples/node_pool_update_variant/main.tf
Lines changed: 3 additions & 7 deletions
diff --git a/‎examples/node_pool_update_variant_beta/main.tf
Lines changed: 3 additions & 7 deletions b/‎examples/node_pool_update_variant_beta/main.tf
Lines changed: 3 additions & 7 deletions
diff --git a/‎examples/private_zonal_with_networking/main.tf
Lines changed: 3 additions & 7 deletions b/‎examples/private_zonal_with_networking/main.tf
Lines changed: 3 additions & 7 deletions
diff --git a/‎examples/regional_private_node_pool_oauth_scopes/main.tf
Lines changed: 3 additions & 7 deletions b/‎examples/regional_private_node_pool_oauth_scopes/main.tf
Lines changed: 3 additions & 7 deletions
diff --git a/‎examples/safer_cluster/main.tf
Lines changed: 5 additions & 7 deletions b/‎examples/safer_cluster/main.tf
Lines changed: 5 additions & 7 deletions
diff --git a/‎examples/simple_regional_private/main.tf
Lines changed: 3 additions & 7 deletions b/‎examples/simple_regional_private/main.tf
Lines changed: 3 additions & 7 deletions
diff --git a/‎examples/simple_regional_private_beta/main.tf
Lines changed: 3 additions & 7 deletions b/‎examples/simple_regional_private_beta/main.tf
Lines changed: 3 additions & 7 deletions
diff --git a/‎examples/simple_zonal_private/main.tf
Lines changed: 3 additions & 7 deletions b/‎examples/simple_zonal_private/main.tf
Lines changed: 3 additions & 7 deletions
diff --git a/‎examples/stub_domains_private/main.tf
Lines changed: 3 additions & 7 deletions b/‎examples/stub_domains_private/main.tf
Lines changed: 3 additions & 7 deletions
diff --git a/‎examples/workload_metadata_config/main.tf
Lines changed: 3 additions & 7 deletions b/‎examples/workload_metadata_config/main.tf
Lines changed: 3 additions & 7 deletions
diff --git a/‎main.tf
Lines changed: 4 additions & 0 deletions b/‎main.tf
Lines changed: 4 additions & 0 deletions
diff --git a/‎modules/beta-private-cluster-update-variant/README.md
Lines changed: 1 addition & 1 deletion b/‎modules/beta-private-cluster-update-variant/README.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎modules/beta-private-cluster-update-variant/cluster.tf
Lines changed: 1 addition & 1 deletion b/‎modules/beta-private-cluster-update-variant/cluster.tf
Lines changed: 1 addition & 1 deletion
diff --git a/‎modules/beta-private-cluster-update-variant/main.tf
Lines changed: 4 additions & 0 deletions b/‎modules/beta-private-cluster-update-variant/main.tf
Lines changed: 4 additions & 0 deletions
diff --git a/‎modules/beta-private-cluster-update-variant/outputs.tf
Lines changed: 1 addition & 1 deletion b/‎modules/beta-private-cluster-update-variant/outputs.tf
Lines changed: 1 addition & 1 deletion
diff --git a/‎modules/beta-private-cluster-update-variant/variables.tf
Lines changed: 3 additions & 3 deletions b/‎modules/beta-private-cluster-update-variant/variables.tf
Lines changed: 3 additions & 3 deletions
diff --git a/‎modules/beta-private-cluster/README.md
Lines changed: 1 addition & 1 deletion b/‎modules/beta-private-cluster/README.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎modules/beta-private-cluster/cluster.tf
Lines changed: 1 addition & 1 deletion b/‎modules/beta-private-cluster/cluster.tf
Lines changed: 1 addition & 1 deletion
diff --git a/‎modules/beta-private-cluster/main.tf
Lines changed: 4 additions & 0 deletions b/‎modules/beta-private-cluster/main.tf
Lines changed: 4 additions & 0 deletions
diff --git a/‎modules/beta-private-cluster/outputs.tf
Lines changed: 1 addition & 1 deletion b/‎modules/beta-private-cluster/outputs.tf
Lines changed: 1 addition & 1 deletion
diff --git a/‎modules/beta-private-cluster/variables.tf
Lines changed: 3 additions & 3 deletions b/‎modules/beta-private-cluster/variables.tf
Lines changed: 3 additions & 3 deletions
@@ -149,7 +149,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | string | `"latest"` | no |
 | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | string | `"logging.googleapis.com"` | no |
 | maintenance\_start\_time | Time window specified for daily maintenance operations in RFC3339 format | string | `"05:00"` | no |
-| master\_authorized\_networks\_config | The desired configuration options for master authorized networks. The object format is {cidr_blocks = list(object({cidr_block = string, display_name = string}))}. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). | object | `<list>` | no |
+| master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | object | `<list>` | no |
 | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | string | `"monitoring.googleapis.com"` | no |
 | name | The name of the cluster (required) | string | n/a | yes |
 | network | The VPC network to host the cluster in (required) | string | n/a | yes |
 
@@ -101,7 +101,7 @@ resource "google_container_cluster" "primary" {
   }
 {% endif %}
   dynamic "master_authorized_networks_config" {
-    for_each = var.master_authorized_networks_config
+    for_each = local.master_authorized_networks_config
     content {
       dynamic "cidr_blocks" {
         for_each = master_authorized_networks_config.value.cidr_blocks
 
@@ -127,6 +127,10 @@ locals {
   # /BETA features
   {% endif %}
 
+  master_authorized_networks_config = length(var.master_authorized_networks) == 0 ? [] : [{
+    cidr_blocks : var.master_authorized_networks
+  }]
+
   cluster_output_node_pools_names    = concat(google_container_node_pool.pools.*.name, [""])
   cluster_output_node_pools_versions = concat(google_container_node_pool.pools.*.version, [""])
 
 
@@ -75,7 +75,7 @@ output "monitoring_service" {
 
 output "master_authorized_networks_config" {
   description = "Networks from which access to master is permitted"
-  value       = var.master_authorized_networks_config
+  value       = google_container_cluster.primary.master_authorized_networks_config
 }
 
 output "master_version" {
 
@@ -78,9 +78,9 @@ variable "node_version" {
   default     = ""
 }
 
-variable "master_authorized_networks_config" {
-  type        = list(object({ cidr_blocks = list(object({ cidr_block = string, display_name = string })) }))
-  description = "The desired configuration options for master authorized networks. The object format is {cidr_blocks = list(object({cidr_block = string, display_name = string}))}. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists)."
+variable "master_authorized_networks" {
+  type        = list(object({ cidr_block = string, display_name = string }))
+  description = "List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists)."
   default     = []
 }
 
 
@@ -49,7 +49,7 @@ resource "google_container_cluster" "primary" {
   monitoring_service = var.monitoring_service
 
   dynamic "master_authorized_networks_config" {
-    for_each = var.master_authorized_networks_config
+    for_each = local.master_authorized_networks_config
     content {
       dynamic "cidr_blocks" {
         for_each = master_authorized_networks_config.value.cidr_blocks
 
@@ -0,0 +1,37 @@
+# Upgrading to v6.0
+
+The v6.0 release of *kubernetes-engine* is a backwards incompatible
+release.
+
+## Dropped support
+Due to changes in GKE, the module has dropped support for setting the `kubernetes_dashboard` variable.
+
+Additionally, support for Google provider versions older than v2.18 has been removed.
+
+## Migration Instructions
+
+### Master Authorized Networks
+Previously, setting up master authorized networks required setting a nested config within `master_authorized_networks_config`.
+Now, to set up master authorized networks you can simply pass a list of authorized networks.
+
+```diff
+ module "kubernetes_engine_private_cluster" {
+   source  = "terraform-google-modules/kubernetes-engine/google"
+-  version = "~> 5.0"
++  version = "~> 6.0"
+
+-  master_authorized_networks_config = [
++  master_authorized_networks = [
+     {
+-      cidr_blocks = [
+-        {
+-          cidr_block   = data.google_compute_subnetwork.subnetwork.ip_cidr_range
+-          display_name = "VPC"
+-        },
+-      ]
++      cidr_block   = data.google_compute_subnetwork.subnetwork.ip_cidr_range
++      display_name = "VPC"
+     },
+   ]
+ }
+```
@@ -46,14 +46,10 @@ module "gke" {
   enable_private_nodes    = true
   master_ipv4_cidr_block  = "172.16.0.0/28"
 
-  master_authorized_networks_config = [
+  master_authorized_networks = [
     {
-      cidr_blocks = [
-        {
-          cidr_block   = data.google_compute_subnetwork.subnetwork.ip_cidr_range
-          display_name = "VPC"
-        },
-      ]
+      cidr_block   = data.google_compute_subnetwork.subnetwork.ip_cidr_range
+      display_name = "VPC"
     },
   ]
 
 
@@ -47,14 +47,10 @@ module "gke" {
   enable_private_nodes    = true
   master_ipv4_cidr_block  = "172.16.0.0/28"
 
-  master_authorized_networks_config = [
+  master_authorized_networks = [
     {
-      cidr_blocks = [
-        {
-          cidr_block   = data.google_compute_subnetwork.subnetwork.ip_cidr_range
-          display_name = "VPC"
-        },
-      ]
+      cidr_block   = data.google_compute_subnetwork.subnetwork.ip_cidr_range
+      display_name = "VPC"
     },
   ]
 
 
@@ -71,14 +71,10 @@ module "gke" {
   enable_private_nodes    = true
   master_ipv4_cidr_block  = "172.16.0.0/28"
 
-  master_authorized_networks_config = [
+  master_authorized_networks = [
     {
-      cidr_blocks = [
-        {
-          cidr_block   = data.google_compute_subnetwork.subnetwork.ip_cidr_range
-          display_name = "VPC"
-        },
-      ]
+      cidr_block   = data.google_compute_subnetwork.subnetwork.ip_cidr_range
+      display_name = "VPC"
     },
   ]
 }
 
@@ -33,14 +33,10 @@ module "gke" {
   remove_default_node_pool          = true
   disable_legacy_metadata_endpoints = true
 
-  master_authorized_networks_config = [
+  master_authorized_networks = [
     {
-      cidr_blocks = [
-        {
-          cidr_block   = module.gke-network.subnets_ips[0]
-          display_name = "VPC"
-        },
-      ]
+      cidr_block   = module.gke-network.subnets_ips[0]
+      display_name = "VPC"
     },
   ]
 
 
@@ -49,16 +49,14 @@ module "gke" {
   ip_range_services              = local.svc_range_name
   compute_engine_service_account = var.compute_engine_service_account
   master_ipv4_cidr_block         = "172.16.0.0/28"
-  master_authorized_networks_config = [
+
+  master_authorized_networks = [
     {
-      cidr_blocks = [
-        {
-          cidr_block   = "10.60.0.0/17"
-          display_name = "VPC"
-        },
-      ]
+      cidr_block   = "10.60.0.0/17"
+      display_name = "VPC"
     },
   ]
+
   istio    = true
   cloudrun = true
 }
 
@@ -45,14 +45,10 @@ module "gke" {
   enable_private_nodes    = true
   master_ipv4_cidr_block  = "172.16.0.0/28"
 
-  master_authorized_networks_config = [
+  master_authorized_networks = [
     {
-      cidr_blocks = [
-        {
-          cidr_block   = data.google_compute_subnetwork.subnetwork.ip_cidr_range
-          display_name = "VPC"
-        },
-      ]
+      cidr_block   = data.google_compute_subnetwork.subnetwork.ip_cidr_range
+      display_name = "VPC"
     },
   ]
 }
 
@@ -44,14 +44,10 @@ module "gke" {
   enable_private_nodes    = true
   master_ipv4_cidr_block  = "172.16.0.0/28"
 
-  master_authorized_networks_config = [
+  master_authorized_networks = [
     {
-      cidr_blocks = [
-        {
-          cidr_block   = data.google_compute_subnetwork.subnetwork.ip_cidr_range
-          display_name = "VPC"
-        },
-      ]
+      cidr_block   = data.google_compute_subnetwork.subnetwork.ip_cidr_range
+      display_name = "VPC"
     },
   ]
 
 
@@ -46,14 +46,10 @@ module "gke" {
   enable_private_nodes    = true
   master_ipv4_cidr_block  = "172.16.0.0/28"
 
-  master_authorized_networks_config = [
+  master_authorized_networks = [
     {
-      cidr_blocks = [
-        {
-          cidr_block   = data.google_compute_subnetwork.subnetwork.ip_cidr_range
-          display_name = "VPC"
-        },
-      ]
+      cidr_block   = data.google_compute_subnetwork.subnetwork.ip_cidr_range
+      display_name = "VPC"
     },
   ]
 }
 
@@ -40,14 +40,10 @@ module "gke" {
   enable_private_endpoint       = false
   enable_private_nodes          = true
 
-  master_authorized_networks_config = [
+  master_authorized_networks = [
     {
-      cidr_blocks = [
-        {
-          cidr_block   = data.google_compute_subnetwork.subnetwork.ip_cidr_range
-          display_name = "VPC"
-        },
-      ]
+      cidr_block   = data.google_compute_subnetwork.subnetwork.ip_cidr_range
+      display_name = "VPC"
     },
   ]
 
 
@@ -48,14 +48,10 @@ module "gke" {
   master_ipv4_cidr_block  = "172.16.0.0/28"
   node_metadata           = "SECURE"
 
-  master_authorized_networks_config = [
+  master_authorized_networks = [
     {
-      cidr_blocks = [
-        {
-          cidr_block   = data.google_compute_subnetwork.subnetwork.ip_cidr_range
-          display_name = "VPC"
-        },
-      ]
+      cidr_block   = data.google_compute_subnetwork.subnetwork.ip_cidr_range
+      display_name = "VPC"
     },
   ]
 }
 
@@ -82,6 +82,10 @@ locals {
   cluster_output_horizontal_pod_autoscaling_enabled = google_container_cluster.primary.addons_config.0.horizontal_pod_autoscaling.0.disabled
 
 
+  master_authorized_networks_config = length(var.master_authorized_networks) == 0 ? [] : [{
+    cidr_blocks : var.master_authorized_networks
+  }]
+
   cluster_output_node_pools_names    = concat(google_container_node_pool.pools.*.name, [""])
   cluster_output_node_pools_versions = concat(google_container_node_pool.pools.*.version, [""])
 
 
@@ -171,7 +171,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | string | `"latest"` | no |
 | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | string | `"logging.googleapis.com"` | no |
 | maintenance\_start\_time | Time window specified for daily maintenance operations in RFC3339 format | string | `"05:00"` | no |
-| master\_authorized\_networks\_config | The desired configuration options for master authorized networks. The object format is {cidr_blocks = list(object({cidr_block = string, display_name = string}))}. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). | object | `<list>` | no |
+| master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | object | `<list>` | no |
 | master\_ipv4\_cidr\_block | (Beta) The IP range in CIDR notation to use for the hosted master network | string | `"10.0.0.0/28"` | no |
 | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | string | `"monitoring.googleapis.com"` | no |
 | name | The name of the cluster (required) | string | n/a | yes |
 
@@ -93,7 +93,7 @@ resource "google_container_cluster" "primary" {
     }
   }
   dynamic "master_authorized_networks_config" {
-    for_each = var.master_authorized_networks_config
+    for_each = local.master_authorized_networks_config
     content {
       dynamic "cidr_blocks" {
         for_each = master_authorized_networks_config.value.cidr_blocks
 
@@ -113,6 +113,10 @@ locals {
 
   # /BETA features
 
+  master_authorized_networks_config = length(var.master_authorized_networks) == 0 ? [] : [{
+    cidr_blocks : var.master_authorized_networks
+  }]
+
   cluster_output_node_pools_names    = concat(google_container_node_pool.pools.*.name, [""])
   cluster_output_node_pools_versions = concat(google_container_node_pool.pools.*.version, [""])
 
 
@@ -75,7 +75,7 @@ output "monitoring_service" {
 
 output "master_authorized_networks_config" {
   description = "Networks from which access to master is permitted"
-  value       = var.master_authorized_networks_config
+  value       = google_container_cluster.primary.master_authorized_networks_config
 }
 
 output "master_version" {
 
@@ -78,9 +78,9 @@ variable "node_version" {
   default     = ""
 }
 
-variable "master_authorized_networks_config" {
-  type        = list(object({ cidr_blocks = list(object({ cidr_block = string, display_name = string })) }))
-  description = "The desired configuration options for master authorized networks. The object format is {cidr_blocks = list(object({cidr_block = string, display_name = string}))}. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists)."
+variable "master_authorized_networks" {
+  type        = list(object({ cidr_block = string, display_name = string }))
+  description = "List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists)."
   default     = []
 }
 
 
@@ -171,7 +171,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | kubernetes\_version | The Kubernetes version of the masters. If set to 'latest' it will pull latest available version in the selected region. | string | `"latest"` | no |
 | logging\_service | The logging service that the cluster should write logs to. Available options include logging.googleapis.com, logging.googleapis.com/kubernetes (beta), and none | string | `"logging.googleapis.com"` | no |
 | maintenance\_start\_time | Time window specified for daily maintenance operations in RFC3339 format | string | `"05:00"` | no |
-| master\_authorized\_networks\_config | The desired configuration options for master authorized networks. The object format is {cidr_blocks = list(object({cidr_block = string, display_name = string}))}. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists). | object | `<list>` | no |
+| master\_authorized\_networks | List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists). | object | `<list>` | no |
 | master\_ipv4\_cidr\_block | (Beta) The IP range in CIDR notation to use for the hosted master network | string | `"10.0.0.0/28"` | no |
 | monitoring\_service | The monitoring service that the cluster should write metrics to. Automatically send metrics from pods in the cluster to the Google Cloud Monitoring API. VM metrics will be collected by Google Compute Engine regardless of this setting Available options include monitoring.googleapis.com, monitoring.googleapis.com/kubernetes (beta) and none | string | `"monitoring.googleapis.com"` | no |
 | name | The name of the cluster (required) | string | n/a | yes |
 
@@ -93,7 +93,7 @@ resource "google_container_cluster" "primary" {
     }
   }
   dynamic "master_authorized_networks_config" {
-    for_each = var.master_authorized_networks_config
+    for_each = local.master_authorized_networks_config
     content {
       dynamic "cidr_blocks" {
         for_each = master_authorized_networks_config.value.cidr_blocks
 
@@ -113,6 +113,10 @@ locals {
 
   # /BETA features
 
+  master_authorized_networks_config = length(var.master_authorized_networks) == 0 ? [] : [{
+    cidr_blocks : var.master_authorized_networks
+  }]
+
   cluster_output_node_pools_names    = concat(google_container_node_pool.pools.*.name, [""])
   cluster_output_node_pools_versions = concat(google_container_node_pool.pools.*.version, [""])
 
 
@@ -75,7 +75,7 @@ output "monitoring_service" {
 
 output "master_authorized_networks_config" {
   description = "Networks from which access to master is permitted"
-  value       = var.master_authorized_networks_config
+  value       = google_container_cluster.primary.master_authorized_networks_config
 }
 
 output "master_version" {
 
@@ -78,9 +78,9 @@ variable "node_version" {
   default     = ""
 }
 
-variable "master_authorized_networks_config" {
-  type        = list(object({ cidr_blocks = list(object({ cidr_block = string, display_name = string })) }))
-  description = "The desired configuration options for master authorized networks. The object format is {cidr_blocks = list(object({cidr_block = string, display_name = string}))}. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists)."
+variable "master_authorized_networks" {
+  type        = list(object({ cidr_block = string, display_name = string }))
+  description = "List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists)."
   default     = []
 }
Original file line number	Diff line number	Diff line change
`@@ -101,7 +101,7 @@ resource "google_container_cluster" "primary" {`
`101`	`101`	`}`
`102`	`102`	`{% endif %}`
`103`	`103`	`dynamic "master_authorized_networks_config" {`
`104`		`- for_each = var.master_authorized_networks_config`
	`104`	`+ for_each = local.master_authorized_networks_config`
`105`	`105`	`content {`
`106`	`106`	`dynamic "cidr_blocks" {`
`107`	`107`	`for_each = master_authorized_networks_config.value.cidr_blocks`
Original file line number	Diff line number	Diff line change
`@@ -75,7 +75,7 @@ output "monitoring_service" {`
`75`	`75`
`76`	`76`	`output "master_authorized_networks_config" {`
`77`	`77`	`description = "Networks from which access to master is permitted"`
`78`		`- value = var.master_authorized_networks_config`
	`78`	`+ value = google_container_cluster.primary.master_authorized_networks_config`
`79`	`79`	`}`
`80`	`80`
`81`	`81`	`output "master_version" {`
Original file line number	Diff line number	Diff line change
`@@ -78,9 +78,9 @@ variable "node_version" {`
`78`	`78`	`default = ""`
`79`	`79`	`}`
`80`	`80`
`81`		`-variable "master_authorized_networks_config" {`
`82`		`- type = list(object({ cidr_blocks = list(object({ cidr_block = string, display_name = string })) }))`
`83`		`- description = "The desired configuration options for master authorized networks. The object format is {cidr_blocks = list(object({cidr_block = string, display_name = string}))}. Omit the nested cidr_blocks attribute to disallow external access (except the cluster node IPs, which GKE automatically whitelists)."`
	`81`	`+variable "master_authorized_networks" {`
	`82`	`+ type = list(object({ cidr_block = string, display_name = string }))`
	`83`	`+ description = "List of master authorized networks. If none are provided, disallow external access (except the cluster node IPs, which GKE automatically whitelists)."`
`84`	`84`	`default = []`
`85`	`85`	`}`
`86`	`86`
Original file line number	Diff line number	Diff line change
`@@ -71,14 +71,10 @@ module "gke" {`
`71`	`71`	`enable_private_nodes = true`
`72`	`72`	`master_ipv4_cidr_block = "172.16.0.0/28"`
`73`	`73`
`74`		`- master_authorized_networks_config = [`
	`74`	`+ master_authorized_networks = [`
`75`	`75`	`{`
`76`		`- cidr_blocks = [`
`77`		`- {`
`78`		`- cidr_block = data.google_compute_subnetwork.subnetwork.ip_cidr_range`
`79`		`- display_name = "VPC"`
`80`		`- },`
`81`		`- ]`
	`76`	`+ cidr_block = data.google_compute_subnetwork.subnetwork.ip_cidr_range`
	`77`	`+ display_name = "VPC"`
`82`	`78`	`},`
`83`	`79`	`]`
`84`	`80`	`}`
Original file line number	Diff line number	Diff line change
`@@ -45,14 +45,10 @@ module "gke" {`
`45`	`45`	`enable_private_nodes = true`
`46`	`46`	`master_ipv4_cidr_block = "172.16.0.0/28"`
`47`	`47`
`48`		`- master_authorized_networks_config = [`
	`48`	`+ master_authorized_networks = [`
`49`	`49`	`{`
`50`		`- cidr_blocks = [`
`51`		`- {`
`52`		`- cidr_block = data.google_compute_subnetwork.subnetwork.ip_cidr_range`
`53`		`- display_name = "VPC"`
`54`		`- },`
`55`		`- ]`
	`50`	`+ cidr_block = data.google_compute_subnetwork.subnetwork.ip_cidr_range`
	`51`	`+ display_name = "VPC"`
`56`	`52`	`},`
`57`	`53`	`]`
`58`	`54`	`}`
Original file line number	Diff line number	Diff line change
`@@ -46,14 +46,10 @@ module "gke" {`
`46`	`46`	`enable_private_nodes = true`
`47`	`47`	`master_ipv4_cidr_block = "172.16.0.0/28"`
`48`	`48`
`49`		`- master_authorized_networks_config = [`
	`49`	`+ master_authorized_networks = [`
`50`	`50`	`{`
`51`		`- cidr_blocks = [`
`52`		`- {`
`53`		`- cidr_block = data.google_compute_subnetwork.subnetwork.ip_cidr_range`
`54`		`- display_name = "VPC"`
`55`		`- },`
`56`		`- ]`
	`51`	`+ cidr_block = data.google_compute_subnetwork.subnetwork.ip_cidr_range`
	`52`	`+ display_name = "VPC"`
`57`	`53`	`},`
`58`	`54`	`]`
`59`	`55`	`}`
Original file line number	Diff line number	Diff line change
`@@ -48,14 +48,10 @@ module "gke" {`
`48`	`48`	`master_ipv4_cidr_block = "172.16.0.0/28"`
`49`	`49`	`node_metadata = "SECURE"`
`50`	`50`
`51`		`- master_authorized_networks_config = [`
	`51`	`+ master_authorized_networks = [`
`52`	`52`	`{`
`53`		`- cidr_blocks = [`
`54`		`- {`
`55`		`- cidr_block = data.google_compute_subnetwork.subnetwork.ip_cidr_range`
`56`		`- display_name = "VPC"`
`57`		`- },`
`58`		`- ]`
	`53`	`+ cidr_block = data.google_compute_subnetwork.subnetwork.ip_cidr_range`
	`54`	`+ display_name = "VPC"`
`59`	`55`	`},`
`60`	`56`	`]`
`61`	`57`	`}`
Original file line number	Diff line number	Diff line change
`@@ -93,7 +93,7 @@ resource "google_container_cluster" "primary" {`
`93`	`93`	`}`
`94`	`94`	`}`
`95`	`95`	`dynamic "master_authorized_networks_config" {`
`96`		`- for_each = var.master_authorized_networks_config`
	`96`	`+ for_each = local.master_authorized_networks_config`
`97`	`97`	`content {`
`98`	`98`	`dynamic "cidr_blocks" {`
`99`	`99`	`for_each = master_authorized_networks_config.value.cidr_blocks`