update dcl version (#9370) (#6597)

[upstream:d275e40a18ef73fe7bee8419da55711f337d1e7b] Signed-off-by: Modular Magician <[email protected]>
hashicorp · Nov 2, 2023 · 77533b2 · 77533b2
1 parent 20885c6
commit 77533b2
Show file tree

Hide file tree

Showing 15 changed files with 801 additions and 106 deletions.
diff --git a/.changelog/9370.txt b/.changelog/9370.txt
@@ -0,0 +1,12 @@
+```release-note:enhancement
+assuredworkloads: added `enable_sovereign_controls`, `partner`, `partner_permissions`, `violation_notifications_enabled`, and several other output-only fields to `google_assured_workloads_workloads`
+```
+```release-note:enhancement
+containeraws: added `admin_groups` to `google_container_aws_cluster`
+```
+```release-note:enhancement
+containerazure: added `admin_groups` to `google_container_azure_cluster`
+```
+```release-note:enhancement
+gkehub: added `metrics_gcp_service_account_email` to `google_gke_hub_feature_membership`
+```
diff --git a/go.mod b/go.mod
@@ -3,7 +3,7 @@ go 1.19
 
 require (
 	cloud.google.com/go/bigtable v1.19.0
-	github.com/GoogleCloudPlatform/declarative-resource-client-library v1.52.0
+	github.com/GoogleCloudPlatform/declarative-resource-client-library v1.55.0
 	github.com/apparentlymart/go-cidr v1.1.0
 	github.com/davecgh/go-spew v1.1.1
 	github.com/dnaeon/go-vcr v1.0.1

diff --git a/go.sum b/go.sum
@@ -17,6 +17,8 @@ cloud.google.com/go/longrunning v0.5.1/go.mod h1:spvimkwdz6SPWKEt/XBij79E9fiTkHS
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/GoogleCloudPlatform/declarative-resource-client-library v1.52.0 h1:KswxXF4E5iWv2ggktqv265zOvwmXA3mgma3UQfYA4tU=
 github.com/GoogleCloudPlatform/declarative-resource-client-library v1.52.0/go.mod h1:pL2Qt5HT+x6xrTd806oMiM3awW6kNIXB/iiuClz6m6k=
+github.com/GoogleCloudPlatform/declarative-resource-client-library v1.55.0 h1:MTP0IDIztk36l8ubHkEcL6lWMG8Enqu9AP3E4MoBFg0=
+github.com/GoogleCloudPlatform/declarative-resource-client-library v1.55.0/go.mod h1:pL2Qt5HT+x6xrTd806oMiM3awW6kNIXB/iiuClz6m6k=
 github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
 github.com/Microsoft/go-winio v0.4.16 h1:FtSW/jqD+l4ba5iPBj9CODVtgfYAD8w2wS923g/cFDk=
 github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=

diff --git a/google-beta/services/assuredworkloads/resource_assured_workloads_workload.go b/google-beta/services/assuredworkloads/resource_assured_workloads_workload.go
diff --git a/google-beta/services/assuredworkloads/resource_assured_workloads_workload_generated_test.go b/google-beta/services/assuredworkloads/resource_assured_workloads_workload_generated_test.go
@@ -33,6 +33,42 @@ import (
 	transport_tpg "github.com/hashicorp/terraform-provider-google-beta/google-beta/transport"
 )
 
+func TestAccAssuredWorkloadsWorkload_SovereignControlsWorkload(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"billing_acct":  envvar.GetTestBillingAccountFromEnv(t),
+		"org_id":        envvar.GetTestOrgFromEnv(t),
+		"random_suffix": acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck: func() { acctest.AccTestPreCheck(t) },
+
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t),
+		CheckDestroy:             testAccCheckAssuredWorkloadsWorkloadDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAssuredWorkloadsWorkload_SovereignControlsWorkload(context),
+			},
+			{
+				ResourceName:            "google_assured_workloads_workload.primary",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"billing_account", "kms_settings", "resource_settings", "provisioned_resources_parent", "labels", "terraform_labels"},
+			},
+			{
+				Config: testAccAssuredWorkloadsWorkload_SovereignControlsWorkloadUpdate0(context),
+			},
+			{
+				ResourceName:            "google_assured_workloads_workload.primary",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"billing_account", "kms_settings", "resource_settings", "provisioned_resources_parent", "labels", "terraform_labels"},
+			},
+		},
+	})
+}
 func TestAccAssuredWorkloadsWorkload_BasicHandWritten(t *testing.T) {
 	t.Parallel()
 
@@ -97,6 +133,61 @@ func TestAccAssuredWorkloadsWorkload_FullHandWritten(t *testing.T) {
 	})
 }
 
+func testAccAssuredWorkloadsWorkload_SovereignControlsWorkload(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_assured_workloads_workload" "primary" {
+  compliance_regime         = "EU_REGIONS_AND_SUPPORT"
+  display_name              = "tf-test-display%{random_suffix}"
+  location                  = "europe-west9"
+  organization              = "%{org_id}"
+  billing_account           = "billingAccounts/%{billing_acct}"
+  enable_sovereign_controls = true
+
+  kms_settings {
+    next_rotation_time = "9999-10-02T15:01:23Z"
+    rotation_period    = "10368000s"
+  }
+
+  resource_settings {
+    resource_type = "CONSUMER_FOLDER"
+  }
+
+  resource_settings {
+    resource_type = "ENCRYPTION_KEYS_PROJECT"
+  }
+
+  resource_settings {
+    resource_id   = "tf-test-ring%{random_suffix}"
+    resource_type = "KEYRING"
+  }
+
+  labels = {
+    label-one = "value-one"
+  }
+  provider                  = google-beta
+}
+
+`, context)
+}
+
+func testAccAssuredWorkloadsWorkload_SovereignControlsWorkloadUpdate0(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_assured_workloads_workload" "primary" {
+  compliance_regime = "EU_REGIONS_AND_SUPPORT"
+  display_name      = "updated-example"
+  location          = "europe-west9"
+  organization      = "%{org_id}"
+  billing_account   = "billingAccounts/%{billing_acct}"
+
+  labels = {
+    label-two = "value-two-eu-regions-and-support"
+  }
+  provider          = google-beta
+}
+
+`, context)
+}
+
 func testAccAssuredWorkloadsWorkload_BasicHandWritten(context map[string]interface{}) string {
 	return acctest.Nprintf(`
 resource "google_assured_workloads_workload" "primary" {
@@ -109,6 +200,11 @@ resource "google_assured_workloads_workload" "primary" {
   provisioned_resources_parent = google_folder.folder1.name
   organization = "%{org_id}"
   location = "us-central1"
+  resource_settings {
+    resource_type = "CONSUMER_FOLDER"
+    display_name = "folder-display-name"
+  }
+  violation_notifications_enabled = true
 }
 
 resource "google_folder" "folder1" {
@@ -130,6 +226,11 @@ resource "google_assured_workloads_workload" "primary" {
   provisioned_resources_parent = google_folder.folder1.name
   organization = "%{org_id}"
   location = "us-central1"
+  resource_settings {
+    resource_type = "CONSUMER_FOLDER"
+    display_name = "folder-display-name"
+  }
+  violation_notifications_enabled = true
 }
 
 resource "google_folder" "folder1" {
@@ -180,14 +281,18 @@ func testAccCheckAssuredWorkloadsWorkloadDestroyProducer(t *testing.T) func(s *t
 			}
 
 			obj := &assuredworkloads.Workload{
-				BillingAccount:             dcl.String(rs.Primary.Attributes["billing_account"]),
-				ComplianceRegime:           assuredworkloads.WorkloadComplianceRegimeEnumRef(rs.Primary.Attributes["compliance_regime"]),
-				DisplayName:                dcl.String(rs.Primary.Attributes["display_name"]),
-				Location:                   dcl.String(rs.Primary.Attributes["location"]),
-				Organization:               dcl.String(rs.Primary.Attributes["organization"]),
-				ProvisionedResourcesParent: dcl.String(rs.Primary.Attributes["provisioned_resources_parent"]),
-				CreateTime:                 dcl.StringOrNil(rs.Primary.Attributes["create_time"]),
-				Name:                       dcl.StringOrNil(rs.Primary.Attributes["name"]),
+				ComplianceRegime:              assuredworkloads.WorkloadComplianceRegimeEnumRef(rs.Primary.Attributes["compliance_regime"]),
+				DisplayName:                   dcl.String(rs.Primary.Attributes["display_name"]),
+				Location:                      dcl.String(rs.Primary.Attributes["location"]),
+				Organization:                  dcl.String(rs.Primary.Attributes["organization"]),
+				BillingAccount:                dcl.String(rs.Primary.Attributes["billing_account"]),
+				EnableSovereignControls:       dcl.Bool(rs.Primary.Attributes["enable_sovereign_controls"] == "true"),
+				Partner:                       assuredworkloads.WorkloadPartnerEnumRef(rs.Primary.Attributes["partner"]),
+				ProvisionedResourcesParent:    dcl.String(rs.Primary.Attributes["provisioned_resources_parent"]),
+				ViolationNotificationsEnabled: dcl.Bool(rs.Primary.Attributes["violation_notifications_enabled"] == "true"),
+				CreateTime:                    dcl.StringOrNil(rs.Primary.Attributes["create_time"]),
+				KajEnrollmentState:            assuredworkloads.WorkloadKajEnrollmentStateEnumRef(rs.Primary.Attributes["kaj_enrollment_state"]),
+				Name:                          dcl.StringOrNil(rs.Primary.Attributes["name"]),
 			}
 
 			client := transport_tpg.NewDCLAssuredWorkloadsClient(config, config.UserAgent, billingProject, 0)

diff --git a/google-beta/services/containeraws/resource_container_aws_cluster.go b/google-beta/services/containeraws/resource_container_aws_cluster.go
@@ -218,6 +218,13 @@ func ContainerAwsClusterAuthorizationSchema() *schema.Resource {
 				Description: "Users to perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles",
 				Elem:        ContainerAwsClusterAuthorizationAdminUsersSchema(),
 			},
+
+			"admin_groups": {
+				Type:        schema.TypeList,
+				Optional:    true,
+				Description: "Groups of users that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole to the groups. Up to ten admin groups can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles",
+				Elem:        ContainerAwsClusterAuthorizationAdminGroupsSchema(),
+			},
 		},
 	}
 }
@@ -234,6 +241,18 @@ func ContainerAwsClusterAuthorizationAdminUsersSchema() *schema.Resource {
 	}
 }
 
+func ContainerAwsClusterAuthorizationAdminGroupsSchema() *schema.Resource {
+	return &schema.Resource{
+		Schema: map[string]*schema.Schema{
+			"group": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "The name of the group, e.g. `[email protected]`.",
+			},
+		},
+	}
+}
+
 func ContainerAwsClusterControlPlaneSchema() *schema.Resource {
 	return &schema.Resource{
 		Schema: map[string]*schema.Schema{
@@ -441,7 +460,7 @@ func ContainerAwsClusterControlPlaneMainVolumeSchema() *schema.Resource {
 				Computed:    true,
 				Optional:    true,
 				ForceNew:    true,
-				Description: "Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3.",
+				Description: "Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. If volume type is gp3 and throughput is not specified, the throughput will defaults to 125.",
 			},
 
 			"volume_type": {
@@ -501,7 +520,7 @@ func ContainerAwsClusterControlPlaneRootVolumeSchema() *schema.Resource {
 				Type:        schema.TypeInt,
 				Computed:    true,
 				Optional:    true,
-				Description: "Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3.",
+				Description: "Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. If volume type is gp3 and throughput is not specified, the throughput will defaults to 125.",
 			},
 
 			"volume_type": {
@@ -951,7 +970,8 @@ func expandContainerAwsClusterAuthorization(o interface{}) *containeraws.Cluster
 	}
 	obj := objArr[0].(map[string]interface{})
 	return &containeraws.ClusterAuthorization{
-		AdminUsers: expandContainerAwsClusterAuthorizationAdminUsersArray(obj["admin_users"]),
+		AdminUsers:  expandContainerAwsClusterAuthorizationAdminUsersArray(obj["admin_users"]),
+		AdminGroups: expandContainerAwsClusterAuthorizationAdminGroupsArray(obj["admin_groups"]),
 	}
 }
 
@@ -960,7 +980,8 @@ func flattenContainerAwsClusterAuthorization(obj *containeraws.ClusterAuthorizat
 		return nil
 	}
 	transformed := map[string]interface{}{
-		"admin_users": flattenContainerAwsClusterAuthorizationAdminUsersArray(obj.AdminUsers),
+		"admin_users":  flattenContainerAwsClusterAuthorizationAdminUsersArray(obj.AdminUsers),
+		"admin_groups": flattenContainerAwsClusterAuthorizationAdminGroupsArray(obj.AdminGroups),
 	}
 
 	return []interface{}{transformed}
@@ -1020,6 +1041,61 @@ func flattenContainerAwsClusterAuthorizationAdminUsers(obj *containeraws.Cluster
 
 	return transformed
 
+}
+func expandContainerAwsClusterAuthorizationAdminGroupsArray(o interface{}) []containeraws.ClusterAuthorizationAdminGroups {
+	if o == nil {
+		return make([]containeraws.ClusterAuthorizationAdminGroups, 0)
+	}
+
+	objs := o.([]interface{})
+	if len(objs) == 0 || objs[0] == nil {
+		return make([]containeraws.ClusterAuthorizationAdminGroups, 0)
+	}
+
+	items := make([]containeraws.ClusterAuthorizationAdminGroups, 0, len(objs))
+	for _, item := range objs {
+		i := expandContainerAwsClusterAuthorizationAdminGroups(item)
+		items = append(items, *i)
+	}
+
+	return items
+}
+
+func expandContainerAwsClusterAuthorizationAdminGroups(o interface{}) *containeraws.ClusterAuthorizationAdminGroups {
+	if o == nil {
+		return containeraws.EmptyClusterAuthorizationAdminGroups
+	}
+
+	obj := o.(map[string]interface{})
+	return &containeraws.ClusterAuthorizationAdminGroups{
+		Group: dcl.String(obj["group"].(string)),
+	}
+}
+
+func flattenContainerAwsClusterAuthorizationAdminGroupsArray(objs []containeraws.ClusterAuthorizationAdminGroups) []interface{} {
+	if objs == nil {
+		return nil
+	}
+
+	items := []interface{}{}
+	for _, item := range objs {
+		i := flattenContainerAwsClusterAuthorizationAdminGroups(&item)
+		items = append(items, i)
+	}
+
+	return items
+}
+
+func flattenContainerAwsClusterAuthorizationAdminGroups(obj *containeraws.ClusterAuthorizationAdminGroups) interface{} {
+	if obj == nil || obj.Empty() {
+		return nil
+	}
+	transformed := map[string]interface{}{
+		"group": obj.Group,
+	}
+
+	return transformed
+
 }
 
 func expandContainerAwsClusterControlPlane(o interface{}) *containeraws.ClusterControlPlane {

diff --git a/google-beta/services/containeraws/resource_container_aws_cluster_generated_test.go b/google-beta/services/containeraws/resource_container_aws_cluster_generated_test.go
@@ -224,6 +224,9 @@ resource "google_container_aws_cluster" "primary" {
     admin_users {
       username = "%{service_acct}"
     }
+    admin_groups {
+      group = "[email protected]"
+    }
   }
 
   aws_region = "%{aws_region}"
@@ -314,6 +317,9 @@ resource "google_container_aws_cluster" "primary" {
     admin_users {
       username = "%{service_acct}"
     }
+    admin_groups {
+      group = "[email protected]"
+    }
   }
 
   aws_region = "%{aws_region}"

diff --git a/google-beta/services/containeraws/resource_container_aws_node_pool.go b/google-beta/services/containeraws/resource_container_aws_node_pool.go
@@ -146,7 +146,6 @@ func ResourceContainerAwsNodePool() *schema.Resource {
 				Type:        schema.TypeList,
 				Computed:    true,
 				Optional:    true,
-				ForceNew:    true,
 				Description: "Optional. Update settings control the speed and disruption of the node pool update.",
 				MaxItems:    1,
 				Elem:        ContainerAwsNodePoolUpdateSettingsSchema(),
@@ -423,7 +422,7 @@ func ContainerAwsNodePoolConfigRootVolumeSchema() *schema.Resource {
 				Type:        schema.TypeInt,
 				Computed:    true,
 				Optional:    true,
-				Description: "Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3.",
+				Description: "Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. If volume type is gp3 and throughput is not specified, the throughput will defaults to 125.",
 			},
 
 			"volume_type": {
@@ -524,7 +523,6 @@ func ContainerAwsNodePoolUpdateSettingsSchema() *schema.Resource {
 				Type:        schema.TypeList,
 				Computed:    true,
 				Optional:    true,
-				ForceNew:    true,
 				Description: "Optional. Settings for surge update.",
 				MaxItems:    1,
 				Elem:        ContainerAwsNodePoolUpdateSettingsSurgeSettingsSchema(),
@@ -540,15 +538,13 @@ func ContainerAwsNodePoolUpdateSettingsSurgeSettingsSchema() *schema.Resource {
 				Type:        schema.TypeInt,
 				Computed:    true,
 				Optional:    true,
-				ForceNew:    true,
 				Description: "Optional. The maximum number of nodes that can be created beyond the current size of the node pool during the update process.",
 			},
 
 			"max_unavailable": {
 				Type:        schema.TypeInt,
 				Computed:    true,
 				Optional:    true,
-				ForceNew:    true,
 				Description: "Optional. The maximum number of nodes that can be simultaneously unavailable during the update process. A node is considered unavailable if its status is not Ready.",
 			},
 		},