Add support for WorkloadALTSConfig in google_container_cluster (Beta) (…

…#9638) (#16816) * Add support for WorkloadALTSConfig in google_container_cluster * Fix issues * Make enable_alts within workload_alts_config required and force-send in JSON * Update documentation * Make acceptance test network & subnet names unique * Remove extra test config * Fix spacing [upstream:fffe4b1616a1095d5d95c51f0519a5484c49c216] Signed-off-by: Modular Magician <[email protected]>
hashicorp · Dec 15, 2023 · d4f084a · d4f084a
1 parent aa90655
commit d4f084a
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 0 deletions.
diff --git a/.changelog/9638.txt b/.changelog/9638.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+container: added `workload_alts_config` field to `google_container_cluster` resource (beta)
+```
diff --git a/website/docs/r/container_cluster.html.markdown b/website/docs/r/container_cluster.html.markdown
@@ -381,6 +381,9 @@ Enable/Disable Security Posture API features for the cluster. Structure is [docu
 * `fleet` - (Optional)
 Fleet configuration for the cluster. Structure is [documented below](#nested_fleet).
 
+* `workload_alts_config` - (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
+  Configuration for [direct-path (via ALTS) with workload identity.](https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#workloadaltsconfig). Structure is [documented below](#nested_workload_alts_config).
+
 <a name="nested_default_snat_status"></a>The `default_snat_status` block supports
 
 *  `disabled` - (Required) Whether the cluster disables default in-node sNAT rules. In-node sNAT rules will be disabled when defaultSnatStatus is disabled.When disabled is set to false, default IP masquerade rules will be applied to the nodes to prevent sNAT on cluster internal traffic
@@ -1295,6 +1298,9 @@ linux_node_config {
 
 * `project` - (Optional) The name of the Fleet host project where this cluster will be registered.
 
+<a name="nested_workload_alts_config"></a>The `workload_alts_config` block supports:
+
+* `enable_alts` - (Required) Whether the alts handshaker should be enabled or not for direct-path. Requires Workload Identity ([workloadPool]((#nested_workload_identity_config)) must be non-empty).
 
 ## Attributes Reference