fix: allow changing enable_identity_service value in place (#2132)

wyardley · web-flow · commit 9c2191eca658 · 2024-10-09T08:38:59.000-07:00
diff --git a/README.md b/README.md
@@ -166,7 +166,7 @@ Then perform the following commands on the root folder:
 | enable\_confidential\_nodes | An optional flag to enable confidential node config. | `bool` | `false` | no |
 | enable\_cost\_allocation | Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery | `bool` | `false` | no |
 | enable\_default\_node\_pools\_metadata | Whether to enable the default node pools metadata key-value pairs such as `cluster_name` and `node_pool` | `bool` | `true` | no |
-| enable\_identity\_service | Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no |
+| enable\_identity\_service | (Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no |
 | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no |
 | enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no |
 | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no |
diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl
@@ -219,7 +219,7 @@ resource "google_container_cluster" "primary" {
   {% if autopilot_cluster != true %}
 
   dynamic "identity_service_config" {
-    for_each = var.enable_identity_service ? [var.enable_identity_service] : []
+    for_each = var.enable_identity_service !=null ? [var.enable_identity_service] : []
     content {
       enabled = identity_service_config.value
     }
diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl
@@ -960,7 +960,7 @@ variable "enable_gcfs" {
 {% if autopilot_cluster != true %}
 variable "enable_identity_service" {
   type        = bool
-  description = "Enable the Identity Service component, which allows customers to use external identity providers with the K8S API."
+  description = "(Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API."
   default     = false
 }
 {% endif %}
diff --git a/cluster.tf b/cluster.tf
@@ -174,7 +174,7 @@ resource "google_container_cluster" "primary" {
   }
 
   dynamic "identity_service_config" {
-    for_each = var.enable_identity_service ? [var.enable_identity_service] : []
+    for_each = var.enable_identity_service != null ? [var.enable_identity_service] : []
     content {
       enabled = identity_service_config.value
     }
diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md
@@ -204,7 +204,7 @@ Then perform the following commands on the root folder:
 | enable\_default\_node\_pools\_metadata | Whether to enable the default node pools metadata key-value pairs such as `cluster_name` and `node_pool` | `bool` | `true` | no |
 | enable\_fqdn\_network\_policy | Enable FQDN Network Policies on the cluster | `bool` | `null` | no |
 | enable\_gcfs | (Beta) Enable image streaming on cluster level. | `bool` | `false` | no |
-| enable\_identity\_service | Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no |
+| enable\_identity\_service | (Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no |
 | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no |
 | enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no |
 | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no |
diff --git a/modules/beta-private-cluster-update-variant/cluster.tf b/modules/beta-private-cluster-update-variant/cluster.tf
@@ -181,7 +181,7 @@ resource "google_container_cluster" "primary" {
   }
 
   dynamic "identity_service_config" {
-    for_each = var.enable_identity_service ? [var.enable_identity_service] : []
+    for_each = var.enable_identity_service != null ? [var.enable_identity_service] : []
     content {
       enabled = identity_service_config.value
     }
diff --git a/modules/beta-private-cluster-update-variant/variables.tf b/modules/beta-private-cluster-update-variant/variables.tf
@@ -910,7 +910,7 @@ variable "enable_gcfs" {
 
 variable "enable_identity_service" {
   type        = bool
-  description = "Enable the Identity Service component, which allows customers to use external identity providers with the K8S API."
+  description = "(Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API."
   default     = false
 }
 
diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md
@@ -182,7 +182,7 @@ Then perform the following commands on the root folder:
 | enable\_default\_node\_pools\_metadata | Whether to enable the default node pools metadata key-value pairs such as `cluster_name` and `node_pool` | `bool` | `true` | no |
 | enable\_fqdn\_network\_policy | Enable FQDN Network Policies on the cluster | `bool` | `null` | no |
 | enable\_gcfs | (Beta) Enable image streaming on cluster level. | `bool` | `false` | no |
-| enable\_identity\_service | Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no |
+| enable\_identity\_service | (Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no |
 | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no |
 | enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no |
 | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no |
diff --git a/modules/beta-private-cluster/cluster.tf b/modules/beta-private-cluster/cluster.tf
@@ -181,7 +181,7 @@ resource "google_container_cluster" "primary" {
   }
 
   dynamic "identity_service_config" {
-    for_each = var.enable_identity_service ? [var.enable_identity_service] : []
+    for_each = var.enable_identity_service != null ? [var.enable_identity_service] : []
     content {
       enabled = identity_service_config.value
     }
diff --git a/modules/beta-private-cluster/variables.tf b/modules/beta-private-cluster/variables.tf
@@ -910,7 +910,7 @@ variable "enable_gcfs" {
 
 variable "enable_identity_service" {
   type        = bool
-  description = "Enable the Identity Service component, which allows customers to use external identity providers with the K8S API."
+  description = "(Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API."
   default     = false
 }
 
diff --git a/modules/beta-public-cluster-update-variant/README.md b/modules/beta-public-cluster-update-variant/README.md
@@ -197,7 +197,7 @@ Then perform the following commands on the root folder:
 | enable\_default\_node\_pools\_metadata | Whether to enable the default node pools metadata key-value pairs such as `cluster_name` and `node_pool` | `bool` | `true` | no |
 | enable\_fqdn\_network\_policy | Enable FQDN Network Policies on the cluster | `bool` | `null` | no |
 | enable\_gcfs | (Beta) Enable image streaming on cluster level. | `bool` | `false` | no |
-| enable\_identity\_service | Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no |
+| enable\_identity\_service | (Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no |
 | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no |
 | enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no |
 | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no |
diff --git a/modules/beta-public-cluster-update-variant/cluster.tf b/modules/beta-public-cluster-update-variant/cluster.tf
@@ -181,7 +181,7 @@ resource "google_container_cluster" "primary" {
   }
 
   dynamic "identity_service_config" {
-    for_each = var.enable_identity_service ? [var.enable_identity_service] : []
+    for_each = var.enable_identity_service != null ? [var.enable_identity_service] : []
     content {
       enabled = identity_service_config.value
     }
diff --git a/modules/beta-public-cluster-update-variant/variables.tf b/modules/beta-public-cluster-update-variant/variables.tf
@@ -874,7 +874,7 @@ variable "enable_gcfs" {
 
 variable "enable_identity_service" {
   type        = bool
-  description = "Enable the Identity Service component, which allows customers to use external identity providers with the K8S API."
+  description = "(Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API."
   default     = false
 }
 
diff --git a/modules/beta-public-cluster/README.md b/modules/beta-public-cluster/README.md
@@ -175,7 +175,7 @@ Then perform the following commands on the root folder:
 | enable\_default\_node\_pools\_metadata | Whether to enable the default node pools metadata key-value pairs such as `cluster_name` and `node_pool` | `bool` | `true` | no |
 | enable\_fqdn\_network\_policy | Enable FQDN Network Policies on the cluster | `bool` | `null` | no |
 | enable\_gcfs | (Beta) Enable image streaming on cluster level. | `bool` | `false` | no |
-| enable\_identity\_service | Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no |
+| enable\_identity\_service | (Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no |
 | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no |
 | enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no |
 | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no |
diff --git a/modules/beta-public-cluster/cluster.tf b/modules/beta-public-cluster/cluster.tf
@@ -181,7 +181,7 @@ resource "google_container_cluster" "primary" {
   }
 
   dynamic "identity_service_config" {
-    for_each = var.enable_identity_service ? [var.enable_identity_service] : []
+    for_each = var.enable_identity_service != null ? [var.enable_identity_service] : []
     content {
       enabled = identity_service_config.value
     }
diff --git a/modules/beta-public-cluster/variables.tf b/modules/beta-public-cluster/variables.tf
@@ -874,7 +874,7 @@ variable "enable_gcfs" {
 
 variable "enable_identity_service" {
   type        = bool
-  description = "Enable the Identity Service component, which allows customers to use external identity providers with the K8S API."
+  description = "(Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API."
   default     = false
 }
 
diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md
@@ -195,7 +195,7 @@ Then perform the following commands on the root folder:
 | enable\_confidential\_nodes | An optional flag to enable confidential node config. | `bool` | `false` | no |
 | enable\_cost\_allocation | Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery | `bool` | `false` | no |
 | enable\_default\_node\_pools\_metadata | Whether to enable the default node pools metadata key-value pairs such as `cluster_name` and `node_pool` | `bool` | `true` | no |
-| enable\_identity\_service | Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no |
+| enable\_identity\_service | (Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no |
 | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no |
 | enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no |
 | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no |
diff --git a/modules/private-cluster-update-variant/cluster.tf b/modules/private-cluster-update-variant/cluster.tf
@@ -174,7 +174,7 @@ resource "google_container_cluster" "primary" {
   }
 
   dynamic "identity_service_config" {
-    for_each = var.enable_identity_service ? [var.enable_identity_service] : []
+    for_each = var.enable_identity_service != null ? [var.enable_identity_service] : []
     content {
       enabled = identity_service_config.value
     }
diff --git a/modules/private-cluster-update-variant/variables.tf b/modules/private-cluster-update-variant/variables.tf
@@ -827,7 +827,7 @@ variable "enable_l4_ilb_subsetting" {
 
 variable "enable_identity_service" {
   type        = bool
-  description = "Enable the Identity Service component, which allows customers to use external identity providers with the K8S API."
+  description = "(Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API."
   default     = false
 }
 
diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md
@@ -173,7 +173,7 @@ Then perform the following commands on the root folder:
 | enable\_confidential\_nodes | An optional flag to enable confidential node config. | `bool` | `false` | no |
 | enable\_cost\_allocation | Enables Cost Allocation Feature and the cluster name and namespace of your GKE workloads appear in the labels field of the billing export to BigQuery | `bool` | `false` | no |
 | enable\_default\_node\_pools\_metadata | Whether to enable the default node pools metadata key-value pairs such as `cluster_name` and `node_pool` | `bool` | `true` | no |
-| enable\_identity\_service | Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no |
+| enable\_identity\_service | (Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API. | `bool` | `false` | no |
 | enable\_intranode\_visibility | Whether Intra-node visibility is enabled for this cluster. This makes same node pod to pod traffic visible for VPC network | `bool` | `false` | no |
 | enable\_kubernetes\_alpha | Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. | `bool` | `false` | no |
 | enable\_l4\_ilb\_subsetting | Enable L4 ILB Subsetting on the cluster | `bool` | `false` | no |
diff --git a/modules/private-cluster/cluster.tf b/modules/private-cluster/cluster.tf
@@ -174,7 +174,7 @@ resource "google_container_cluster" "primary" {
   }
 
   dynamic "identity_service_config" {
-    for_each = var.enable_identity_service ? [var.enable_identity_service] : []
+    for_each = var.enable_identity_service != null ? [var.enable_identity_service] : []
     content {
       enabled = identity_service_config.value
     }
diff --git a/modules/private-cluster/variables.tf b/modules/private-cluster/variables.tf
@@ -827,7 +827,7 @@ variable "enable_l4_ilb_subsetting" {
 
 variable "enable_identity_service" {
   type        = bool
-  description = "Enable the Identity Service component, which allows customers to use external identity providers with the K8S API."
+  description = "(Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API."
   default     = false
 }
 
diff --git a/variables.tf b/variables.tf
@@ -791,7 +791,7 @@ variable "enable_l4_ilb_subsetting" {
 
 variable "enable_identity_service" {
   type        = bool
-  description = "Enable the Identity Service component, which allows customers to use external identity providers with the K8S API."
+  description = "(Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API."
   default     = false
 }
 

Original file line number	Diff line number	Diff line change
`@@ -219,7 +219,7 @@ resource "google_container_cluster" "primary" {`
`219`	`219`	`{% if autopilot_cluster != true %}`
`220`	`220`
`221`	`221`	`dynamic "identity_service_config" {`
`222`		`- for_each = var.enable_identity_service ? [var.enable_identity_service] : []`
	`222`	`+ for_each = var.enable_identity_service !=null ? [var.enable_identity_service] : []`
`223`	`223`	`content {`
`224`	`224`	`enabled = identity_service_config.value`
`225`	`225`	`}`
Original file line number	Diff line number	Diff line change
`@@ -960,7 +960,7 @@ variable "enable_gcfs" {`
`960`	`960`	`{% if autopilot_cluster != true %}`
`961`	`961`	`variable "enable_identity_service" {`
`962`	`962`	`type = bool`
`963`		`- description = "Enable the Identity Service component, which allows customers to use external identity providers with the K8S API."`
	`963`	`+ description = "(Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API."`
`964`	`964`	`default = false`
`965`	`965`	`}`
`966`	`966`	`{% endif %}`
Original file line number	Diff line number	Diff line change
`@@ -174,7 +174,7 @@ resource "google_container_cluster" "primary" {`
`174`	`174`	`}`
`175`	`175`
`176`	`176`	`dynamic "identity_service_config" {`
`177`		`- for_each = var.enable_identity_service ? [var.enable_identity_service] : []`
	`177`	`+ for_each = var.enable_identity_service != null ? [var.enable_identity_service] : []`
`178`	`178`	`content {`
`179`	`179`	`enabled = identity_service_config.value`
`180`	`180`	`}`
Original file line number	Diff line number	Diff line change
`@@ -181,7 +181,7 @@ resource "google_container_cluster" "primary" {`
`181`	`181`	`}`
`182`	`182`
`183`	`183`	`dynamic "identity_service_config" {`
`184`		`- for_each = var.enable_identity_service ? [var.enable_identity_service] : []`
	`184`	`+ for_each = var.enable_identity_service != null ? [var.enable_identity_service] : []`
`185`	`185`	`content {`
`186`	`186`	`enabled = identity_service_config.value`
`187`	`187`	`}`
Original file line number	Diff line number	Diff line change
`@@ -910,7 +910,7 @@ variable "enable_gcfs" {`
`910`	`910`
`911`	`911`	`variable "enable_identity_service" {`
`912`	`912`	`type = bool`
`913`		`- description = "Enable the Identity Service component, which allows customers to use external identity providers with the K8S API."`
	`913`	`+ description = "(Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API."`
`914`	`914`	`default = false`
`915`	`915`	`}`
`916`	`916`
Original file line number	Diff line number	Diff line change
`@@ -874,7 +874,7 @@ variable "enable_gcfs" {`
`874`	`874`
`875`	`875`	`variable "enable_identity_service" {`
`876`	`876`	`type = bool`
`877`		`- description = "Enable the Identity Service component, which allows customers to use external identity providers with the K8S API."`
	`877`	`+ description = "(Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API."`
`878`	`878`	`default = false`
`879`	`879`	`}`
`880`	`880`
Original file line number	Diff line number	Diff line change
`@@ -827,7 +827,7 @@ variable "enable_l4_ilb_subsetting" {`
`827`	`827`
`828`	`828`	`variable "enable_identity_service" {`
`829`	`829`	`type = bool`
`830`		`- description = "Enable the Identity Service component, which allows customers to use external identity providers with the K8S API."`
	`830`	`+ description = "(Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API."`
`831`	`831`	`default = false`
`832`	`832`	`}`
`833`	`833`
Original file line number	Diff line number	Diff line change
`@@ -791,7 +791,7 @@ variable "enable_l4_ilb_subsetting" {`
`791`	`791`
`792`	`792`	`variable "enable_identity_service" {`
`793`	`793`	`type = bool`
`794`		`- description = "Enable the Identity Service component, which allows customers to use external identity providers with the K8S API."`
	`794`	`+ description = "(Optional) Enable the Identity Service component, which allows customers to use external identity providers with the K8S API."`
`795`	`795`	`default = false`
`796`	`796`	`}`
`797`	`797`