Remove PSP dependencies

Co-authored-by: Diogo <[email protected]>

docs/data-sources/cluster.md

@@ -48,7 +48,6 @@ The following attributes are exported:
 * `cluster_template_id` - (Computed) Cluster template ID (string)
 * `cluster_template_questions` - (Computed) Cluster template questions (list)
 * `cluster_template_revision_id` - (Computed) Cluster template revision ID (string)
-* `default_pod_security_policy_template_id` - (Optional/Computed) [Default pod security policy template id](https://rancher.com/docs/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/#pod-security-policy-support) (string)
 * `enable_network_policy` - (Computed) Enable project network isolation. Default `false` (bool)
 * `enable_cluster_istio` - (Computed) Enable built-in cluster istio. Default `false` (bool)
 * `fleet_workspace_name` - (Computed) Fleet workspace name (string)

docs/data-sources/cluster_v2.md

@@ -35,7 +35,6 @@ The following attributes are exported:
 * `agent_env_vars` - (Computed) Optional Agent Env Vars for Rancher agent (list)
 * `rke_config` - (Computed) The RKE configuration for `k3s` and `rke2` Clusters v2. (list maxitems:1)
 * `cloud_credential_secret_name` - (Computed) Cluster V2 cloud credential secret name (string)
-* `default_pod_security_policy_template_name` - (Computed) Cluster V2 default pod security policy template name (string)
 * `default_pod_security_admission_configuration_template_name` - (Computed) Cluster V2 default pod security admission configuration template name (string)
 * `default_cluster_role_for_project_members` - (Computed) Cluster V2 default cluster role for project members (string)
 * `enable_network_policy` - (Computed) Enable k8s network policy at Cluster V2 (bool)

docs/data-sources/project.md

@@ -36,7 +36,6 @@ resource "kubernetes_namespace" "my_namespace" {
 
  * `id` - (Computed) Cluster-wide unique ID of the Rancher 2 project (string)
  * `container_resource_limit` - (Computed) Default containers resource limits on project (List maxitem:1)
- * `pod_security_policy_template_id` - (Computed) Default Pod Security Policy ID for the project (string)
  * `resource_quota` - (Computed) Resource quota for project. Rancher v2.1.x or higher (list maxitems:1)
  * `uuid` - (Computed) UUID of the project as stored by Rancher 2 (string)
  * `description` - (Computed) The project's description (string)

docs/resources/cluster.md

@@ -605,7 +605,6 @@ The following arguments are supported:
 * `cluster_template_id` - (Optional) Cluster template ID. For Rancher v2.3.x and above (string)
 * `cluster_template_questions` - (Optional/Computed) Cluster template questions. For Rancher v2.3.x and above (list)
 * `cluster_template_revision_id` - (Optional) Cluster template revision ID. For Rancher v2.3.x and above (string)
-* `default_pod_security_policy_template_id` - (Optional/Computed) [Default pod security policy template id](https://rancher.com/docs/rancher/v2.x/en/cluster-provisioning/rke-clusters/options/#pod-security-policy-support) (string)
 * `default_pod_security_admission_configuration_template_name` - (Optional/Computed) The name of the pre-defined pod security admission configuration template to be applied to the cluster. Rancher admins (or those with the right permissions) can create, manage, and edit those templates. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates). The argument is available in Rancher v2.7.2 and above (string)
 * `desired_agent_image` - (Optional/Computed) Desired agent image. For Rancher v2.3.x and above (string)
 * `desired_auth_image` - (Optional/Computed) Desired auth image. For Rancher v2.3.x and above (string)

docs/resources/cluster_template.md

@@ -122,7 +122,6 @@ resource "rancher2_cluster_template" "foo" {
 
 * `cluster_auth_endpoint` - (Optional/Computed) Local cluster auth endpoint (list maxitems: 1)
 * `default_cluster_role_for_project_members` - (Optional/Computed) Default cluster role for project members (string)
-* `default_pod_security_policy_template_id` - (Optional/Computed) Default pod security policy template ID (string)
 * `desired_agent_image` - (Optional/Computed) Desired agent image (string)
 * `desired_auth_image` - (Optional/Computed) Desired auth image (string)
 * `docker_root_dir` - (Optional/Computed) Desired auth image (string)

docs/resources/cluster_v2.md

@@ -849,7 +849,6 @@ The following arguments are supported:
 * `rke_config` - (Optional/computed, list, max length: 1) The RKE configuration for the cluster.
 * `local_auth_endpoint` - (Optional, list, max length: 1) Local auth endpoint configures the Authorized Cluster Endpoint (ACE) which can be used to directly access the Kubernetes API server, without requiring communication through Rancher. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/kubernetes-clusters-in-rancher-setup/register-existing-clusters#authorized-cluster-endpoint-support-for-rke2-and-k3s-clusters).
 * `cloud_credential_secret_name` - (Optional, string) Cloud credential secret name is the secret to be used when a cloud credential secret name is not specified at the machine pool level. 
-* `default_pod_security_policy_template_name` - (Optional, string) Default pod security policy template name specifies the default PSP for the cluster. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/create-pod-security-policies).
 * `default_pod_security_admission_configuration_template_name` - (Optional, string) The name of the pre-defined pod security admission configuration template to be applied to the cluster. Rancher admins (or those with the right permissions) can create, manage, and edit those templates. For more information, please refer to [Rancher Documentation](https://ranchermanager.docs.rancher.com/how-to-guides/new-user-guides/authentication-permissions-and-global-configuration/psa-config-templates). The argument is available in Rancher v2.7.2 and above.
 * `default_cluster_role_for_project_members` - (Optional, string) Default cluster role for project members.
 * `enable_network_policy` - (Optional, bool, default: false) Enable k8s network policy on the cluster.

docs/resources/project.md

@@ -68,7 +68,6 @@ The following arguments are supported:
 * `cluster_id` - (Required) The cluster id where create project (string)
 * `container_resource_limit` - (Optional) Default containers resource limits on project (List maxitem:1)
 * `description` - (Optional) A project description (string)
-* `pod_security_policy_template_id` - (Optional) Default Pod Security Policy ID for the project (string)
 * `resource_quota` - (Optional) Resource quota for project. Rancher v2.1.x or higher (list maxitems:1)
 * `wait_for_cluster` - (Optional) Wait for cluster becomes active. Default `false` (bool)
 * `annotations` - (Optional/Computed) Annotations for Node Pool object (map)

rancher2/0_provider_upgrade_test.go

@@ -128,7 +128,6 @@ provider "rancher2" {
 ` + testAccRancher2NodeTemplateOpennebulaConfig + `
 ` + testAccRancher2NodeTemplateOpenstack + `
 ` + testAccRancher2NodeTemplateVsphere + `
-` + testAccCheckRancher2PodSecurityPolicyTemplate + `
 ` + testAccRancher2ProjectRoleTemplateBinding + `
 ` + testAccRancher2Project + `
 ` + testAccRancher2Registry + `
@@ -170,7 +169,6 @@ provider "rancher2" {
 ` + testAccRancher2NodeTemplateOpennebulaConfig + `
 ` + testAccRancher2NodeTemplateOpenstack + `
 ` + testAccRancher2NodeTemplateVsphere + `
-` + testAccCheckRancher2PodSecurityPolicyTemplate + `
 ` + testAccRancher2ProjectRoleTemplateBinding + `
 ` + testAccRancher2Project + `
 ` + testAccRancher2Registry + `
@@ -216,7 +214,6 @@ provider "rancher2" {
 ` + testAccRancher2NodeTemplateOpennebulaConfig + `
 ` + testAccRancher2NodeTemplateOpenstack + `
 ` + testAccRancher2NodeTemplateVsphere + `
-` + testAccCheckRancher2PodSecurityPolicyTemplate + `
 ` + testAccRancher2ProjectRoleTemplateBinding + `
 ` + testAccRancher2Project + `
 ` + testAccRancher2Registry + `
@@ -266,7 +263,6 @@ provider "rancher2" {
 ` + testAccRancher2NodeTemplateOpennebulaConfig + `
 ` + testAccRancher2NodeTemplateOpenstack + `
 ` + testAccRancher2NodeTemplateVsphere + `
-` + testAccCheckRancher2PodSecurityPolicyTemplate + `
 ` + testAccRancher2ProjectRoleTemplateBinding + `
 ` + testAccRancher2Project + `
 ` + testAccRancher2Registry + `

rancher2/data_source_rancher2_cluster.go

@@ -171,11 +171,6 @@ func dataSourceRancher2Cluster() *schema.Resource {
 				Computed:    true,
 				Description: "Cluster template revision ID",
 			},
-			"default_pod_security_policy_template_id": {
-				Type:        schema.TypeString,
-				Computed:    true,
-				Description: "Default pod security policy template ID",
-			},
 			"default_pod_security_admission_configuration_template_name": {
 				Type:        schema.TypeString,
 				Optional:    true,

rancher2/data_source_rancher2_cluster_v2.go

@@ -46,11 +46,6 @@ func dataSourceRancher2ClusterV2() *schema.Resource {
 				Computed:    true,
 				Description: "Cluster V2 cloud credential secret name",
 			},
-			"default_pod_security_policy_template_name": {
-				Type:        schema.TypeString,
-				Computed:    true,
-				Description: "Cluster V2 default pod security policy template name",
-			},
 			"default_pod_security_admission_configuration_template_name": {
 				Type:        schema.TypeString,
 				Computed:    true,

rancher2/data_source_rancher2_project.go

@@ -37,10 +37,6 @@ func dataSourceRancher2Project() *schema.Resource {
 				Type:        schema.TypeString,
 				Computed:    true,
 			},
-			"pod_security_policy_template_id": {
-				Type:     schema.TypeString,
-				Computed: true,
-			},
 			"resource_quota": {
 				Type:     schema.TypeList,
 				MaxItems: 1,
@@ -143,8 +139,6 @@ func dataSourceRancher2ProjectRead(d *schema.ResourceData, meta interface{}) err
 		}
 	}
 
-	d.Set("pod_security_policy_template_id", project.PodSecurityPolicyTemplateName)
-
 	if project.ResourceQuota != nil && project.NamespaceDefaultResourceQuota != nil {
 		resourceQuota := flattenProjectResourceQuota(project.ResourceQuota, project.NamespaceDefaultResourceQuota)
 		err := d.Set("resource_quota", resourceQuota)

rancher2/provider.go

@@ -144,7 +144,6 @@ func Provider() terraform.ResourceProvider {
 			"rancher2_node_pool":                                     resourceRancher2NodePool(),
 			"rancher2_node_template":                                 resourceRancher2NodeTemplate(),
 			"rancher2_pod_security_admission_configuration_template": resourceRancher2PodSecurityAdmissionConfigurationTemplate(),
-			"rancher2_pod_security_policy_template":                  resourceRancher2PodSecurityPolicyTemplate(),
 			"rancher2_project":                                       resourceRancher2Project(),
 			"rancher2_project_role_template_binding":                 resourceRancher2ProjectRoleTemplateBinding(),
 			"rancher2_registry":                                      resourceRancher2Registry(),
@@ -179,7 +178,6 @@ func Provider() terraform.ResourceProvider {
 			"rancher2_node_pool":                                     dataSourceRancher2NodePool(),
 			"rancher2_node_template":                                 dataSourceRancher2NodeTemplate(),
 			"rancher2_pod_security_admission_configuration_template": dataSourceRancher2PodSecurityAdmissionConfigurationTemplate(),
-			"rancher2_pod_security_policy_template":                  dataSourceRancher2PodSecurityPolicyTemplate(),
 			"rancher2_principal":                                     dataSourceRancher2Principal(),
 			"rancher2_project":                                       dataSourceRancher2Project(),
 			"rancher2_project_role_template_binding":                 dataSourceRancher2ProjectRoleTemplateBinding(),

rancher2/resource_rancher2_cluster.go

@@ -263,7 +263,6 @@ func resourceRancher2ClusterUpdate(d *schema.ResourceData, meta interface{}) err
 		"clusterAgentDeploymentCustomization": clusterAgentDeploymentCustomization,
 		"fleetAgentDeploymentCustomization":   fleetAgentDeploymentCustomization,
 		"description":                         d.Get("description").(string),
-		"defaultPodSecurityPolicyTemplateId":  d.Get("default_pod_security_policy_template_id").(string),
 		"defaultPodSecurityAdmissionConfigurationTemplateName": d.Get("default_pod_security_admission_configuration_template_name").(string),
 		"desiredAgentImage":        d.Get("desired_agent_image").(string),
 		"desiredAuthImage":         d.Get("desired_auth_image").(string),

rancher2/resource_rancher2_pod_security_admission_configuration_template.go

@@ -149,14 +149,6 @@ func resourceRancher2PodSecurityAdmissionConfigurationTemplateDelete(d *schema.R
 // a Rancher PodSecurityAdmissionConfiguration Template
 func podSecurityAdmissionConfigurationTemplateStateRefreshFunc(client *managementClient.Client, pspID string) resource.StateRefreshFunc {
 	return func() (interface{}, string, error) {
-		obj, err := client.PodSecurityPolicyTemplate.ByID(pspID)
-		if err != nil {
-			if IsNotFound(err) || IsForbidden(err) {
-				return obj, "removed", nil
-			}
-			return nil, "", err
-		}
-
-		return obj, "active", nil
+		return nil, "active", nil
 	}
 }