feat: add secret manager add-on config

legal90 · jayanta-dutta · legal90 · commit c67500609b18 · 2024-06-14T11:36:35.000+02:00
Co-authored-by: Jayanta Dutta &lt;jayanta.dutta@billhop.com&gt;
diff --git a/autogen/main/cluster.tf.tmpl b/autogen/main/cluster.tf.tmpl
@@ -221,6 +221,13 @@ resource "google_container_cluster" "primary" {
   {% if beta_cluster %}
   enable_intranode_visibility = var.enable_intranode_visibility
 
+  dynamic "secret_manager_config" {
+    for_each = var.enable_secret_manager_addon ? [var.enable_secret_manager_addon] : []
+    content {
+      enabled = secret_manager_config.value
+    }
+  }
+
   dynamic "pod_security_policy_config" {
     for_each = var.enable_pod_security_policy ? [var.enable_pod_security_policy] : []
     content {
diff --git a/autogen/main/main.tf.tmpl b/autogen/main/main.tf.tmpl
@@ -168,6 +168,7 @@ locals {
   cluster_output_istio_disabled                   = google_container_cluster.primary.addons_config[0].istio_config != null && length(google_container_cluster.primary.addons_config[0].istio_config) == 1 ? google_container_cluster.primary.addons_config[0].istio_config[0].disabled : false
   cluster_output_pod_security_policy_enabled      = google_container_cluster.primary.pod_security_policy_config != null && length(google_container_cluster.primary.pod_security_policy_config) == 1 ? google_container_cluster.primary.pod_security_policy_config[0].enabled : false
   cluster_output_intranode_visbility_enabled      = google_container_cluster.primary.enable_intranode_visibility
+  cluster_output_secret_manager_addon_enabled     = google_container_cluster.primary.secret_manager_config != null && length(google_container_cluster.primary.secret_manager_config) == 1 ? google_container_cluster.primary.secret_manager_config[0].enabled : false
 
   # /BETA features
   {% endif %}
@@ -237,6 +238,7 @@ locals {
   {% endif %}
   cluster_pod_security_policy_enabled      = local.cluster_output_pod_security_policy_enabled
   cluster_intranode_visibility_enabled     = local.cluster_output_intranode_visbility_enabled
+  cluster_secret_manager_addon_enabled     = local.cluster_output_secret_manager_addon_enabled
 
   # /BETA features
 {% endif %}
diff --git a/autogen/main/outputs.tf.tmpl b/autogen/main/outputs.tf.tmpl
@@ -233,6 +233,11 @@ output "identity_service_enabled" {
   description = "Whether Identity Service is enabled"
   value       = local.cluster_pod_security_policy_enabled
 }
+
+output "secret_manager_addon_enabled" {
+  description = "Whether Secret Manager add-on is enabled"
+  value       = local.cluster_secret_manager_addon_enabled
+}
 {% endif %}
 
 output "fleet_membership" {
diff --git a/autogen/main/variables.tf.tmpl b/autogen/main/variables.tf.tmpl
@@ -855,6 +855,12 @@ variable "enable_pod_security_policy" {
   default     = false
 }
 
+variable "enable_secret_manager_addon" {
+  description = "(Beta) Enable the Secret Manager add-on for this cluster"
+  type        = bool
+  default     = false
+}
+
 variable "sandbox_enabled" {
   type        = bool
   description = "(Beta) Enable GKE Sandbox (Do not forget to set `image_type` = `COS_CONTAINERD` to use it)."
