Moving database_encryption variable under beta module

Author: marko7460

README.md

@@ -116,7 +116,6 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 |------|-------------|:----:|:-----:|:-----:|
 | basic\_auth\_password | The password to be used with Basic Authentication. | string | `""` | no |
 | basic\_auth\_username | The username to be used with Basic Authentication. An empty value will disable Basic Authentication, which is the recommended configuration. | string | `""` | no |
-| database\_encryption | Application-layer Secrets Encryption settings. Example:   database_encryption = [{     state = "ENCRYPTED",     key_name = "projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key"   }] | list | `<list>` | no |
 | description | The description of the cluster | string | `""` | no |
 | disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | string | `"true"` | no |
 | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | string | `"true"` | no |
@@ -197,7 +196,6 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
 - [kubectl](https://github.com/kubernetes/kubernetes/releases) 1.9.x
 #### Terraform and Plugins
 - [Terraform](https://www.terraform.io/downloads.html) 0.11.x
-- [terraform-provider-google-beta](https://github.com/terraform-providers/terraform-provider-google-beta) v2.3, v2.6, v2.7
 - [terraform-provider-google](https://github.com/terraform-providers/terraform-provider-google) v2.3, v2.6, v2.7
 
 ### Configure a Service Account

autogen/README.md

@@ -143,7 +143,9 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
 - [Terraform](https://www.terraform.io/downloads.html) 0.11.x
 {% if private_cluster or beta_cluster %}
 - [terraform-provider-google-beta](https://github.com/terraform-providers/terraform-provider-google-beta) v2.3, v2.6, v2.7
+{% else %}
 - [terraform-provider-google](https://github.com/terraform-providers/terraform-provider-google) v2.3, v2.6, v2.7
+{% endif %}
 
 ### Configure a Service Account
 In order to execute this module you must have a Service Account with the

autogen/cluster_regional.tf

@@ -121,7 +121,9 @@ resource "google_container_cluster" "primary" {
   }
 {% endif %}
   remove_default_node_pool = "${var.remove_default_node_pool}"
+{% if beta_cluster %}
   database_encryption      = ["${var.database_encryption}"]
+{% endif %}
 }
 
 /******************************************

autogen/cluster_zonal.tf

@@ -121,7 +121,9 @@ resource "google_container_cluster" "zonal_primary" {
   }
 {% endif %}
   remove_default_node_pool = "${var.remove_default_node_pool}"
+{% if beta_cluster %}
   database_encryption      = ["${var.database_encryption}"]
+{% endif %}
 }
 
 /******************************************

autogen/variables.tf

@@ -284,6 +284,21 @@ variable "cloudrun" {
   description = "(Beta) Enable CloudRun addon"
   default     = false
 }
+
+variable "database_encryption" {
+  description = <<EOF
+  Application-layer Secrets Encryption settings. Example:
+  database_encryption = [{
+    state = "ENCRYPTED",
+    key_name = "projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key"
+  }]
+  EOF
+  type        = "list"
+  default     = [{
+    state     = "DECRYPTED"
+    key_name  = ""
+  }]
+}
 {% endif %}
 
 variable "basic_auth_username" {
@@ -299,19 +314,4 @@ variable "basic_auth_password" {
 variable "issue_client_certificate" {
   description = "Issues a client certificate to authenticate to the cluster endpoint. To maximize the security of your cluster, leave this option disabled. Client certificates don't automatically rotate and aren't easily revocable. WARNING: changing this after cluster creation is destructive!"
   default     = "false"
-}
-
-variable "database_encryption" {
-  description = <<EOF
-  Application-layer Secrets Encryption settings. Example:
-  database_encryption = [{
-    state = "ENCRYPTED",
-    key_name = "projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key"
-  }]
-  EOF
-  type        = "list"
-  default     = [{
-    state     = "DECRYPTED"
-    key_name  = ""
-  }]
 }

cluster_regional.tf

@@ -20,7 +20,7 @@
   Create regional cluster
  *****************************************/
 resource "google_container_cluster" "primary" {
-  provider    = "google-beta"
+  provider    = "google"
   count       = "${var.regional ? 1 : 0}"
   name        = "${var.name}"
   description = "${var.description}"
@@ -101,7 +101,6 @@ resource "google_container_cluster" "primary" {
     }
   }
   remove_default_node_pool = "${var.remove_default_node_pool}"
-  database_encryption      = ["${var.database_encryption}"]
 }
 
 /******************************************

cluster_zonal.tf

@@ -20,7 +20,7 @@
   Create zonal cluster
  *****************************************/
 resource "google_container_cluster" "zonal_primary" {
-  provider    = "google-beta"
+  provider    = "google"
   count       = "${var.regional ? 0 : 1}"
   name        = "${var.name}"
   description = "${var.description}"
@@ -101,7 +101,6 @@ resource "google_container_cluster" "zonal_primary" {
     }
   }
   remove_default_node_pool = "${var.remove_default_node_pool}"
-  database_encryption      = ["${var.database_encryption}"]
 }
 
 /******************************************

modules/beta-private-cluster/README.md

@@ -124,6 +124,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | basic\_auth\_password | The password to be used with Basic Authentication. | string | `""` | no |
 | basic\_auth\_username | The username to be used with Basic Authentication. An empty value will disable Basic Authentication, which is the recommended configuration. | string | `""` | no |
 | cloudrun | (Beta) Enable CloudRun addon | string | `"false"` | no |
+| database\_encryption | Application-layer Secrets Encryption settings. Example:   database_encryption = [{     state = "ENCRYPTED",     key_name = "projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key"   }] | list | `<list>` | no |
 | deploy\_using\_private\_endpoint | (Beta) A toggle for Terraform and kubectl to connect to the master's internal IP address during deployment. | string | `"false"` | no |
 | description | The description of the cluster | string | `""` | no |
 | disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | string | `"true"` | no |

modules/beta-private-cluster/cluster_regional.tf

@@ -115,6 +115,7 @@ resource "google_container_cluster" "primary" {
     master_ipv4_cidr_block  = "${var.master_ipv4_cidr_block}"
   }
   remove_default_node_pool = "${var.remove_default_node_pool}"
+  database_encryption      = ["${var.database_encryption}"]
 }
 
 /******************************************

modules/beta-private-cluster/cluster_zonal.tf

@@ -115,6 +115,7 @@ resource "google_container_cluster" "zonal_primary" {
     master_ipv4_cidr_block  = "${var.master_ipv4_cidr_block}"
   }
   remove_default_node_pool = "${var.remove_default_node_pool}"
+  database_encryption      = ["${var.database_encryption}"]
 }
 
 /******************************************

modules/beta-private-cluster/variables.tf

@@ -280,6 +280,23 @@ variable "cloudrun" {
   default     = false
 }
 
+variable "database_encryption" {
+  description = <<EOF
+  Application-layer Secrets Encryption settings. Example:
+  database_encryption = [{
+    state = "ENCRYPTED",
+    key_name = "projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key"
+  }]
+  EOF
+
+  type = "list"
+
+  default = [{
+    state    = "DECRYPTED"
+    key_name = ""
+  }]
+}
+
 variable "basic_auth_username" {
   description = "The username to be used with Basic Authentication. An empty value will disable Basic Authentication, which is the recommended configuration."
   default     = ""

modules/beta-public-cluster/README.md

@@ -119,6 +119,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 | basic\_auth\_password | The password to be used with Basic Authentication. | string | `""` | no |
 | basic\_auth\_username | The username to be used with Basic Authentication. An empty value will disable Basic Authentication, which is the recommended configuration. | string | `""` | no |
 | cloudrun | (Beta) Enable CloudRun addon | string | `"false"` | no |
+| database\_encryption | Application-layer Secrets Encryption settings. Example:   database_encryption = [{     state = "ENCRYPTED",     key_name = "projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key"   }] | list | `<list>` | no |
 | description | The description of the cluster | string | `""` | no |
 | disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | string | `"true"` | no |
 | horizontal\_pod\_autoscaling | Enable horizontal pod autoscaling addon | string | `"true"` | no |

modules/beta-public-cluster/cluster_regional.tf

@@ -108,6 +108,7 @@ resource "google_container_cluster" "primary" {
     }
   }
   remove_default_node_pool = "${var.remove_default_node_pool}"
+  database_encryption      = ["${var.database_encryption}"]
 }
 
 /******************************************

modules/beta-public-cluster/cluster_zonal.tf

@@ -108,6 +108,7 @@ resource "google_container_cluster" "zonal_primary" {
     }
   }
   remove_default_node_pool = "${var.remove_default_node_pool}"
+  database_encryption      = ["${var.database_encryption}"]
 }
 
 /******************************************

modules/beta-public-cluster/variables.tf

@@ -237,7 +237,6 @@ variable "service_account" {
   default     = "create"
 }
 
-
 variable "istio" {
   description = "(Beta) Enable Istio addon"
   default     = false
@@ -248,6 +247,23 @@ variable "cloudrun" {
   default     = false
 }
 
+variable "database_encryption" {
+  description = <<EOF
+  Application-layer Secrets Encryption settings. Example:
+  database_encryption = [{
+    state = "ENCRYPTED",
+    key_name = "projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key"
+  }]
+  EOF
+
+  type = "list"
+
+  default = [{
+    state    = "DECRYPTED"
+    key_name = ""
+  }]
+}
+
 variable "basic_auth_username" {
   description = "The username to be used with Basic Authentication. An empty value will disable Basic Authentication, which is the recommended configuration."
   default     = ""

modules/private-cluster/README.md

@@ -121,7 +121,6 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 |------|-------------|:----:|:-----:|:-----:|
 | basic\_auth\_password | The password to be used with Basic Authentication. | string | `""` | no |
 | basic\_auth\_username | The username to be used with Basic Authentication. An empty value will disable Basic Authentication, which is the recommended configuration. | string | `""` | no |
-| database\_encryption | Application-layer Secrets Encryption settings. Example:   database_encryption = [{     state = "ENCRYPTED",     key_name = "projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key"   }] | list | `<list>` | no |
 | deploy\_using\_private\_endpoint | (Beta) A toggle for Terraform and kubectl to connect to the master's internal IP address during deployment. | string | `"false"` | no |
 | description | The description of the cluster | string | `""` | no |
 | disable\_legacy\_metadata\_endpoints | Disable the /0.1/ and /v1beta1/ metadata server endpoints on the node. Changing this value will cause all node pools to be recreated. | string | `"true"` | no |
@@ -210,7 +209,6 @@ The [project factory](https://github.com/terraform-google-modules/terraform-goog
 #### Terraform and Plugins
 - [Terraform](https://www.terraform.io/downloads.html) 0.11.x
 - [terraform-provider-google-beta](https://github.com/terraform-providers/terraform-provider-google-beta) v2.3, v2.6, v2.7
-- [terraform-provider-google](https://github.com/terraform-providers/terraform-provider-google) v2.3, v2.6, v2.7
 
 ### Configure a Service Account
 In order to execute this module you must have a Service Account with the

modules/private-cluster/cluster_regional.tf

@@ -108,7 +108,6 @@ resource "google_container_cluster" "primary" {
     master_ipv4_cidr_block  = "${var.master_ipv4_cidr_block}"
   }
   remove_default_node_pool = "${var.remove_default_node_pool}"
-  database_encryption      = ["${var.database_encryption}"]
 }
 
 /******************************************

modules/private-cluster/cluster_zonal.tf

@@ -108,7 +108,6 @@ resource "google_container_cluster" "zonal_primary" {
     master_ipv4_cidr_block  = "${var.master_ipv4_cidr_block}"
   }
   remove_default_node_pool = "${var.remove_default_node_pool}"
-  database_encryption      = ["${var.database_encryption}"]
 }
 
 /******************************************

modules/private-cluster/variables.tf

@@ -284,20 +284,3 @@ variable "issue_client_certificate" {
   description = "Issues a client certificate to authenticate to the cluster endpoint. To maximize the security of your cluster, leave this option disabled. Client certificates don't automatically rotate and aren't easily revocable. WARNING: changing this after cluster creation is destructive!"
   default     = "false"
 }
-
-variable "database_encryption" {
-  description = <<EOF
-  Application-layer Secrets Encryption settings. Example:
-  database_encryption = [{
-    state = "ENCRYPTED",
-    key_name = "projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key"
-  }]
-  EOF
-
-  type = "list"
-
-  default = [{
-    state    = "DECRYPTED"
-    key_name = ""
-  }]
-}

variables.tf

@@ -252,19 +252,4 @@ variable "basic_auth_password" {
 variable "issue_client_certificate" {
   description = "Issues a client certificate to authenticate to the cluster endpoint. To maximize the security of your cluster, leave this option disabled. Client certificates don't automatically rotate and aren't easily revocable. WARNING: changing this after cluster creation is destructive!"
   default     = "false"
-}
-
-variable "database_encryption" {
-  description = <<EOF
-  Application-layer Secrets Encryption settings. Example:
-  database_encryption = [{
-    state = "ENCRYPTED",
-    key_name = "projects/my-project/locations/global/keyRings/my-ring/cryptoKeys/my-key"
-  }]
-  EOF
-  type        = "list"
-  default     = [{
-    state     = "DECRYPTED"
-    key_name  = ""
-  }]
 }