Skip to content

Commit

Permalink
fix: resolve deprecation warning for binary authorization (#1332)
Browse files Browse the repository at this point in the history
enable_binary_authorization is now deprecated in favor of the
binary_authorization block. This preserves the module's interface, but
updates the underlying behavior

Fixes #1331
  • Loading branch information
wyardley authored Jul 26, 2022
1 parent 4bf0011 commit f8a5cca
Show file tree
Hide file tree
Showing 11 changed files with 81 additions and 25 deletions.
9 changes: 8 additions & 1 deletion autogen/main/cluster.tf.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -151,7 +151,14 @@ resource "google_container_cluster" "primary" {
{% if autopilot_cluster != true %}
default_max_pods_per_node = var.default_max_pods_per_node
enable_shielded_nodes = var.enable_shielded_nodes
enable_binary_authorization = var.enable_binary_authorization

dynamic "binary_authorization" {
for_each = var.enable_binary_authorization ? [var.enable_binary_authorization] : []
content {
evaluation_mode = "PROJECT_SINGLETON_POLICY_ENFORCE"
}
}

{% if beta_cluster %}
enable_intranode_visibility = var.enable_intranode_visibility
enable_kubernetes_alpha = var.enable_kubernetes_alpha
Expand Down
13 changes: 10 additions & 3 deletions cluster.tf
Original file line number Diff line number Diff line change
Expand Up @@ -76,9 +76,16 @@ resource "google_container_cluster" "primary" {
vertical_pod_autoscaling {
enabled = var.enable_vertical_pod_autoscaling
}
default_max_pods_per_node = var.default_max_pods_per_node
enable_shielded_nodes = var.enable_shielded_nodes
enable_binary_authorization = var.enable_binary_authorization
default_max_pods_per_node = var.default_max_pods_per_node
enable_shielded_nodes = var.enable_shielded_nodes

dynamic "binary_authorization" {
for_each = var.enable_binary_authorization ? [var.enable_binary_authorization] : []
content {
evaluation_mode = "PROJECT_SINGLETON_POLICY_ENFORCE"
}
}

dynamic "master_authorized_networks_config" {
for_each = local.master_authorized_networks_config
content {
Expand Down
13 changes: 10 additions & 3 deletions modules/beta-private-cluster-update-variant/cluster.tf
Original file line number Diff line number Diff line change
Expand Up @@ -116,9 +116,16 @@ resource "google_container_cluster" "primary" {
vertical_pod_autoscaling {
enabled = var.enable_vertical_pod_autoscaling
}
default_max_pods_per_node = var.default_max_pods_per_node
enable_shielded_nodes = var.enable_shielded_nodes
enable_binary_authorization = var.enable_binary_authorization
default_max_pods_per_node = var.default_max_pods_per_node
enable_shielded_nodes = var.enable_shielded_nodes

dynamic "binary_authorization" {
for_each = var.enable_binary_authorization ? [var.enable_binary_authorization] : []
content {
evaluation_mode = "PROJECT_SINGLETON_POLICY_ENFORCE"
}
}

enable_intranode_visibility = var.enable_intranode_visibility
enable_kubernetes_alpha = var.enable_kubernetes_alpha
enable_tpu = var.enable_tpu
Expand Down
13 changes: 10 additions & 3 deletions modules/beta-private-cluster/cluster.tf
Original file line number Diff line number Diff line change
Expand Up @@ -116,9 +116,16 @@ resource "google_container_cluster" "primary" {
vertical_pod_autoscaling {
enabled = var.enable_vertical_pod_autoscaling
}
default_max_pods_per_node = var.default_max_pods_per_node
enable_shielded_nodes = var.enable_shielded_nodes
enable_binary_authorization = var.enable_binary_authorization
default_max_pods_per_node = var.default_max_pods_per_node
enable_shielded_nodes = var.enable_shielded_nodes

dynamic "binary_authorization" {
for_each = var.enable_binary_authorization ? [var.enable_binary_authorization] : []
content {
evaluation_mode = "PROJECT_SINGLETON_POLICY_ENFORCE"
}
}

enable_intranode_visibility = var.enable_intranode_visibility
enable_kubernetes_alpha = var.enable_kubernetes_alpha
enable_tpu = var.enable_tpu
Expand Down
13 changes: 10 additions & 3 deletions modules/beta-public-cluster-update-variant/cluster.tf
Original file line number Diff line number Diff line change
Expand Up @@ -116,9 +116,16 @@ resource "google_container_cluster" "primary" {
vertical_pod_autoscaling {
enabled = var.enable_vertical_pod_autoscaling
}
default_max_pods_per_node = var.default_max_pods_per_node
enable_shielded_nodes = var.enable_shielded_nodes
enable_binary_authorization = var.enable_binary_authorization
default_max_pods_per_node = var.default_max_pods_per_node
enable_shielded_nodes = var.enable_shielded_nodes

dynamic "binary_authorization" {
for_each = var.enable_binary_authorization ? [var.enable_binary_authorization] : []
content {
evaluation_mode = "PROJECT_SINGLETON_POLICY_ENFORCE"
}
}

enable_intranode_visibility = var.enable_intranode_visibility
enable_kubernetes_alpha = var.enable_kubernetes_alpha
enable_tpu = var.enable_tpu
Expand Down
13 changes: 10 additions & 3 deletions modules/beta-public-cluster/cluster.tf
Original file line number Diff line number Diff line change
Expand Up @@ -116,9 +116,16 @@ resource "google_container_cluster" "primary" {
vertical_pod_autoscaling {
enabled = var.enable_vertical_pod_autoscaling
}
default_max_pods_per_node = var.default_max_pods_per_node
enable_shielded_nodes = var.enable_shielded_nodes
enable_binary_authorization = var.enable_binary_authorization
default_max_pods_per_node = var.default_max_pods_per_node
enable_shielded_nodes = var.enable_shielded_nodes

dynamic "binary_authorization" {
for_each = var.enable_binary_authorization ? [var.enable_binary_authorization] : []
content {
evaluation_mode = "PROJECT_SINGLETON_POLICY_ENFORCE"
}
}

enable_intranode_visibility = var.enable_intranode_visibility
enable_kubernetes_alpha = var.enable_kubernetes_alpha
enable_tpu = var.enable_tpu
Expand Down
13 changes: 10 additions & 3 deletions modules/private-cluster-update-variant/cluster.tf
Original file line number Diff line number Diff line change
Expand Up @@ -76,9 +76,16 @@ resource "google_container_cluster" "primary" {
vertical_pod_autoscaling {
enabled = var.enable_vertical_pod_autoscaling
}
default_max_pods_per_node = var.default_max_pods_per_node
enable_shielded_nodes = var.enable_shielded_nodes
enable_binary_authorization = var.enable_binary_authorization
default_max_pods_per_node = var.default_max_pods_per_node
enable_shielded_nodes = var.enable_shielded_nodes

dynamic "binary_authorization" {
for_each = var.enable_binary_authorization ? [var.enable_binary_authorization] : []
content {
evaluation_mode = "PROJECT_SINGLETON_POLICY_ENFORCE"
}
}

dynamic "master_authorized_networks_config" {
for_each = local.master_authorized_networks_config
content {
Expand Down
13 changes: 10 additions & 3 deletions modules/private-cluster/cluster.tf
Original file line number Diff line number Diff line change
Expand Up @@ -76,9 +76,16 @@ resource "google_container_cluster" "primary" {
vertical_pod_autoscaling {
enabled = var.enable_vertical_pod_autoscaling
}
default_max_pods_per_node = var.default_max_pods_per_node
enable_shielded_nodes = var.enable_shielded_nodes
enable_binary_authorization = var.enable_binary_authorization
default_max_pods_per_node = var.default_max_pods_per_node
enable_shielded_nodes = var.enable_shielded_nodes

dynamic "binary_authorization" {
for_each = var.enable_binary_authorization ? [var.enable_binary_authorization] : []
content {
evaluation_mode = "PROJECT_SINGLETON_POLICY_ENFORCE"
}
}

dynamic "master_authorized_networks_config" {
for_each = local.master_authorized_networks_config
content {
Expand Down
2 changes: 1 addition & 1 deletion test/integration/beta_cluster/controls/gcloud.rb
Original file line number Diff line number Diff line change
Expand Up @@ -81,7 +81,7 @@

it "has the expected binaryAuthorization config" do
expect(data['binaryAuthorization']).to eq({
"enabled" => true,
"evaluationMode" => "PROJECT_SINGLETON_POLICY_ENFORCE",
})
end

Expand Down
2 changes: 1 addition & 1 deletion test/integration/safer_cluster/controls/gcloud.rb
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@

it "has binary authorization" do
expect(data['binaryAuthorization']).to eq({
"enabled" => true,
"evaluationMode" => "PROJECT_SINGLETON_POLICY_ENFORCE",
})
end

Expand Down
2 changes: 1 addition & 1 deletion test/integration/simple_regional/controls/gcloud.rb
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@

it "has the expected binaryAuthorization config" do
expect(data['binaryAuthorization']).to eq({
"enabled" => true,
"evaluationMode" => "PROJECT_SINGLETON_POLICY_ENFORCE",
})
end
end
Expand Down

0 comments on commit f8a5cca

Please sign in to comment.