Merge pull request #3 from mineiros-io/soerenmartius/rbac

Bump provider and add support for authenticator_groups_config

Author: soerenmartius

CHANGELOG.md

@@ -7,12 +7,22 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.0.2]
+
+### Added
+
+- Add support for `authenticator_groups_config`
+
+## Changed
+
+- BREAKING: Upgrade provider to `~4.16` to add support for `authenticator_groups_config`
+
 ## [0.0.1]
 
 ### Added
 
 - Add support for `google_container_cluster` with autopilot enabled
 
-[unreleased]: https://github.com/mineiros-io/terraform-google-gke-autopilot-cluster/compare/v0.0.1...HEAD
-<!-- [0.0.2]: https://github.com/mineiros-io/terraform-google-gke-autopilot-cluster/compare/v0.0.1...v0.0.2 -->
+[unreleased]: https://github.com/mineiros-io/terraform-google-gke-autopilot-cluster/compare/v0.0.2...HEAD
+[0.0.2]: https://github.com/mineiros-io/terraform-google-gke-autopilot-cluster/compare/v0.0.1...v0.0.2
 [0.0.1]: https://github.com/mineiros-io/terraform-google-gke-autopilot-cluster/releases/tag/v0.0.1

README.md

@@ -115,6 +115,13 @@ See [variables.tf] and [examples/] for details and use-cases.
   The ID of the project in which the resource belongs.
   If it is not set, the provider project is used.
 
+- [**`rbac_security_identity_group`**](#var-rbac_security_identity_group): *(Optional `string`)*<a name="var-rbac_security_identity_group"></a>
+
+  The name of the RBAC security identity group for use with Google
+  security groups in Kubernetes RBAC. Group name must be in format
+  `gke-security-groups@yourdomain.com`.
+  For details please see https://cloud.google.com/kubernetes-engine/docs/how-to/google-groups-rbac
+
 - [**`min_master_version`**](#var-min_master_version): *(Optional `string`)*<a name="var-min_master_version"></a>
 
   The minimum version of the Kubernetes master.

README.tfdoc.hcl

@@ -154,6 +154,16 @@ section {
         END
       }
 
+      variable "rbac_security_identity_group" {
+        type        = string
+        description = <<-END
+          The name of the RBAC security identity group for use with Google
+          security groups in Kubernetes RBAC. Group name must be in format
+          `gke-security-groups@yourdomain.com`.
+          For details please see https://cloud.google.com/kubernetes-engine/docs/how-to/google-groups-rbac
+        END
+      }
+
       variable "min_master_version" {
         type        = string
         description = <<-END

main.tf

@@ -35,6 +35,14 @@ resource "google_container_cluster" "cluster" {
 
   cluster_ipv4_cidr = var.cluster_ipv4_cidr
 
+  dynamic "authenticator_groups_config" {
+    for_each = var.rbac_security_identity_group != null ? [1] : []
+
+    content {
+      security_group = var.rbac_security_identity_group
+    }
+  }
+
   dynamic "release_channel" {
     for_each = var.release_channel != null ? [1] : []
 

test/unit-minimal/main.tf

@@ -19,7 +19,7 @@ terraform {
   required_providers {
     google = {
       source  = "hashicorp/google"
-      version = "4.10.0"
+      version = "4.16.0"
     }
   }
 }

versions.tf

@@ -6,6 +6,6 @@ terraform {
   required_version = ">= 0.14.7, < 2.0"
 
   required_providers {
-    google = "~> 4.10.0"
+    google = "~> 4.16.0"
   }
 }