feat: expose secret manager rotation config

[ggprod]

Potential implementation for #2528

[gemini-code-assist]

Summary of Changes

Hello @ggprod, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the configuration capabilities for the Secret Manager add-on in GKE clusters. By transitioning from a simple boolean flag to a structured object, users gain fine-grained control over the add-on's behavior, most notably the ability to configure secret rotation directly through the cluster's Terraform variables. This change improves the flexibility and security posture of secret management within the GKE environment.

Highlights

• Refactored Secret Manager Add-on Configuration: The previous boolean variable enable_secret_manager_addon has been replaced with a more flexible secret_manager_addon object, allowing for more granular control over the add-on's settings.
• Exposed Secret Rotation Settings: The new secret_manager_addon object now includes an optional rotation_config block, enabling users to configure secret rotation intervals directly within the cluster's Terraform variables.
• Updated Terraform Configurations Across Modules: All relevant cluster.tf and variables.tf files, including their templated versions, across various GKE cluster modules have been updated to adopt the new object-based configuration for the Secret Manager add-on.
• Documentation and Metadata Synchronization: Associated README.md, metadata.yaml, and metadata.display.yaml files have been adjusted to accurately document and display the new secret_manager_addon variable and its structure.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request exposes the rotation configuration for the Secret Manager add-on by replacing the enable_secret_manager_addon boolean variable with a more flexible secret_manager_addon object. This is a great improvement for configurability.

My main feedback is to make the rotation_interval attribute within the rotation_config object optional. According to the provider documentation, this attribute is not required. Making it optional in the variable definition will improve the module's usability. I've added specific suggestions to all affected files (variables.tf, metadata.yaml, and README.md files).

[apeabody]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces a new feature to configure the Secret Manager add-on's rotation settings. The changes are consistently applied across all relevant modules. My review includes suggestions to improve code robustness by handling empty string inputs for rotation_interval and to enhance code style consistency by applying standard Terraform formatting to variable blocks and YAML files. These changes will improve the maintainability and reliability of the module.

[apeabody]

Thanks for the contribution @ggprod!

From the linter (there are several):

terraform_validate ./examples/simple_regional_private
╷
│ Error: Unsupported argument
│ 
│   on main.tf line 50, in module "gke":
│   50:   enable_secret_manager_addon = true
│ 
│ An argument named "enable_secret_manager_addon" is not expected here.
╵

[ggprod]

Thanks for the contribution @ggprod!

From the linter (there are several):

terraform_validate ./examples/simple_regional_private
╷
│ Error: Unsupported argument
│ 
│   on main.tf line 50, in module "gke":
│   50:   enable_secret_manager_addon = true
│ 
│ An argument named "enable_secret_manager_addon" is not expected here.
╵

OK, I believe I updated accordingly

[apeabody]

/gcbrun

[ggprod]

For Gemini's formatting comments it is autogenerated code.. the code in the autogen folder seems correct. Also running make docker_test_lint doesn't seem to fix it. Should I be fixing those manually?

Should I fix according to the rotation_config.value.rotation_interval != "" recommendation also?

[apeabody]

Thanks @ggprod!