Add authenticator_security_group

Author: Dev25

autogen/cluster.tf

@@ -185,6 +185,13 @@ resource "google_container_cluster" "primary" {
   workload_identity_config {
     identity_namespace = var.identity_namespace
   }
+
+  dynamic "authenticator_groups_config" {
+    for_each = local.cluster_authenticator_security_group
+    content {
+      security_group = authenticator_groups_config.value.security_group
+    }
+  }
 {% endif %}
 }
 

autogen/main.tf

@@ -71,6 +71,10 @@ locals {
     node_metadata = var.node_metadata
   }]
 
+  cluster_authenticator_security_group = var.authenticator_security_group == "" ? [] : [{
+    security_group = var.authenticator_security_group
+  }]
+
 {% endif %}
 
   cluster_output_name           = google_container_cluster.primary.name

autogen/variables.tf

@@ -383,4 +383,10 @@ variable "identity_namespace" {
   default     = ""
 }
 
+variable "authenticator_security_group" {
+  type        = string
+  description = "The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format [email protected]"
+  default     = ""
+}
+
 {% endif %}

modules/beta-private-cluster/README.md

@@ -136,6 +136,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
+| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format [email protected] | string | `""` | no |
 | basic\_auth\_password | The password to be used with Basic Authentication. | string | `""` | no |
 | basic\_auth\_username | The username to be used with Basic Authentication. An empty value will disable Basic Authentication, which is the recommended configuration. | string | `""` | no |
 | cloudrun | (Beta) Enable CloudRun addon | string | `"false"` | no |

modules/beta-private-cluster/cluster.tf

@@ -172,6 +172,13 @@ resource "google_container_cluster" "primary" {
   workload_identity_config {
     identity_namespace = var.identity_namespace
   }
+
+  dynamic "authenticator_groups_config" {
+    for_each = local.cluster_authenticator_security_group
+    content {
+      security_group = authenticator_groups_config.value.security_group
+    }
+  }
 }
 
 /******************************************

modules/beta-private-cluster/main.tf

@@ -66,6 +66,10 @@ locals {
     node_metadata = var.node_metadata
   }]
 
+  cluster_authenticator_security_group = var.authenticator_security_group == "" ? [] : [{
+    security_group = var.authenticator_security_group
+  }]
+
 
   cluster_output_name           = google_container_cluster.primary.name
   cluster_output_location       = google_container_cluster.primary.location

modules/beta-private-cluster/variables.tf

@@ -380,3 +380,9 @@ variable "identity_namespace" {
   default     = ""
 }
 
+variable "authenticator_security_group" {
+  type        = string
+  description = "The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format [email protected]"
+  default     = ""
+}
+

modules/beta-public-cluster/README.md

@@ -131,6 +131,7 @@ In either case, upgrading to module version `v1.0.0` will trigger a recreation o
 
 | Name | Description | Type | Default | Required |
 |------|-------------|:----:|:-----:|:-----:|
+| authenticator\_security\_group | The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format [email protected] | string | `""` | no |
 | basic\_auth\_password | The password to be used with Basic Authentication. | string | `""` | no |
 | basic\_auth\_username | The username to be used with Basic Authentication. An empty value will disable Basic Authentication, which is the recommended configuration. | string | `""` | no |
 | cloudrun | (Beta) Enable CloudRun addon | string | `"false"` | no |

modules/beta-public-cluster/cluster.tf

@@ -167,6 +167,13 @@ resource "google_container_cluster" "primary" {
   workload_identity_config {
     identity_namespace = var.identity_namespace
   }
+
+  dynamic "authenticator_groups_config" {
+    for_each = local.cluster_authenticator_security_group
+    content {
+      security_group = authenticator_groups_config.value.security_group
+    }
+  }
 }
 
 /******************************************

modules/beta-public-cluster/main.tf

@@ -66,6 +66,10 @@ locals {
     node_metadata = var.node_metadata
   }]
 
+  cluster_authenticator_security_group = var.authenticator_security_group == "" ? [] : [{
+    security_group = var.authenticator_security_group
+  }]
+
 
   cluster_output_name           = google_container_cluster.primary.name
   cluster_output_location       = google_container_cluster.primary.location

modules/beta-public-cluster/variables.tf

@@ -356,3 +356,9 @@ variable "identity_namespace" {
   default     = ""
 }
 
+variable "authenticator_security_group" {
+  type        = string
+  description = "The name of the RBAC security group for use with Google security groups in Kubernetes RBAC. Group name must be in format [email protected]"
+  default     = ""
+}
+