hashicorp · modular-magician · Sep 25, 2023 · Sep 25, 2023
diff --git a/.changelog/9055.txt b/.changelog/9055.txt
@@ -0,0 +1,9 @@
+```release-note:breaking-change
+firebase: made `google_firebase_rules.release` immutable
+```
+```release-note:enhancement
+containeraws: added `binary_authorization` to `google_container_aws_cluster`
+```
+```release-note:enhancement
+containeraws: added `update_settings` to `google_container_aws_node_pool`
+```
diff --git a/go.mod b/go.mod
@@ -3,7 +3,7 @@ go 1.19
 
 require (
 	cloud.google.com/go/bigtable v1.19.0
-	github.com/GoogleCloudPlatform/declarative-resource-client-library v1.51.0
+	github.com/GoogleCloudPlatform/declarative-resource-client-library v1.52.0
 	github.com/apparentlymart/go-cidr v1.1.0
 	github.com/davecgh/go-spew v1.1.1
 	github.com/dnaeon/go-vcr v1.0.1

diff --git a/go.sum b/go.sum
@@ -17,6 +17,8 @@ cloud.google.com/go/longrunning v0.5.1/go.mod h1:spvimkwdz6SPWKEt/XBij79E9fiTkHS
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/GoogleCloudPlatform/declarative-resource-client-library v1.51.0 h1:YhWTPhOf6gVpA9mSfnLOuL8Y6j8W5pzmHE7flXjTke4=
 github.com/GoogleCloudPlatform/declarative-resource-client-library v1.51.0/go.mod h1:pL2Qt5HT+x6xrTd806oMiM3awW6kNIXB/iiuClz6m6k=
+github.com/GoogleCloudPlatform/declarative-resource-client-library v1.52.0 h1:KswxXF4E5iWv2ggktqv265zOvwmXA3mgma3UQfYA4tU=
+github.com/GoogleCloudPlatform/declarative-resource-client-library v1.52.0/go.mod h1:pL2Qt5HT+x6xrTd806oMiM3awW6kNIXB/iiuClz6m6k=
 github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
 github.com/Microsoft/go-winio v0.4.16 h1:FtSW/jqD+l4ba5iPBj9CODVtgfYAD8w2wS923g/cFDk=
 github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
@@ -428,5 +430,3 @@ gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 rsc.io/binaryregexp v0.2.0 h1:HfqmD5MEmC0zvwBuF187nq9mdnXjXsSivRiXN7SmRkE=
-github.com/GoogleCloudPlatform/declarative-resource-client-library v1.51.0 h1:YhWTPhOf6gVpA9mSfnLOuL8Y6j8W5pzmHE7flXjTke4=
-github.com/GoogleCloudPlatform/declarative-resource-client-library v1.51.0/go.mod h1:pL2Qt5HT+x6xrTd806oMiM3awW6kNIXB/iiuClz6m6k=
diff --git a/google-beta/services/containeraws/resource_container_aws_cluster.go b/google-beta/services/containeraws/resource_container_aws_cluster.go
@@ -111,6 +111,15 @@ func ResourceContainerAwsCluster() *schema.Resource {
 				Elem:        ContainerAwsClusterNetworkingSchema(),
 			},
 
+			"binary_authorization": {
+				Type:        schema.TypeList,
+				Computed:    true,
+				Optional:    true,
+				Description: "Configuration options for the Binary Authorization feature.",
+				MaxItems:    1,
+				Elem:        ContainerAwsClusterBinaryAuthorizationSchema(),
+			},
+
 			"description": {
 				Type:        schema.TypeString,
 				Optional:    true,
@@ -574,6 +583,19 @@ func ContainerAwsClusterNetworkingSchema() *schema.Resource {
 	}
 }
 
+func ContainerAwsClusterBinaryAuthorizationSchema() *schema.Resource {
+	return &schema.Resource{
+		Schema: map[string]*schema.Schema{
+			"evaluation_mode": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Optional:    true,
+				Description: "Mode of operation for Binary Authorization policy evaluation. Possible values: DISABLED, PROJECT_SINGLETON_POLICY_ENFORCE",
+			},
+		},
+	}
+}
+
 func ContainerAwsClusterLoggingConfigSchema() *schema.Resource {
 	return &schema.Resource{
 		Schema: map[string]*schema.Schema{
@@ -636,17 +658,18 @@ func resourceContainerAwsClusterCreate(d *schema.ResourceData, meta interface{})
 	}
 
 	obj := &containeraws.Cluster{
-		Authorization: expandContainerAwsClusterAuthorization(d.Get("authorization")),
-		AwsRegion:     dcl.String(d.Get("aws_region").(string)),
-		ControlPlane:  expandContainerAwsClusterControlPlane(d.Get("control_plane")),
-		Fleet:         expandContainerAwsClusterFleet(d.Get("fleet")),
-		Location:      dcl.String(d.Get("location").(string)),
-		Name:          dcl.String(d.Get("name").(string)),
-		Networking:    expandContainerAwsClusterNetworking(d.Get("networking")),
-		Description:   dcl.String(d.Get("description").(string)),
-		Annotations:   tpgresource.CheckStringMap(d.Get("effective_annotations")),
-		LoggingConfig: expandContainerAwsClusterLoggingConfig(d.Get("logging_config")),
-		Project:       dcl.String(project),
+		Authorization:       expandContainerAwsClusterAuthorization(d.Get("authorization")),
+		AwsRegion:           dcl.String(d.Get("aws_region").(string)),
+		ControlPlane:        expandContainerAwsClusterControlPlane(d.Get("control_plane")),
+		Fleet:               expandContainerAwsClusterFleet(d.Get("fleet")),
+		Location:            dcl.String(d.Get("location").(string)),
+		Name:                dcl.String(d.Get("name").(string)),
+		Networking:          expandContainerAwsClusterNetworking(d.Get("networking")),
+		BinaryAuthorization: expandContainerAwsClusterBinaryAuthorization(d.Get("binary_authorization")),
+		Description:         dcl.String(d.Get("description").(string)),
+		Annotations:         tpgresource.CheckStringMap(d.Get("effective_annotations")),
+		LoggingConfig:       expandContainerAwsClusterLoggingConfig(d.Get("logging_config")),
+		Project:             dcl.String(project),
 	}
 
 	id, err := obj.ID()
@@ -694,17 +717,18 @@ func resourceContainerAwsClusterRead(d *schema.ResourceData, meta interface{}) e
 	}
 
 	obj := &containeraws.Cluster{
-		Authorization: expandContainerAwsClusterAuthorization(d.Get("authorization")),
-		AwsRegion:     dcl.String(d.Get("aws_region").(string)),
-		ControlPlane:  expandContainerAwsClusterControlPlane(d.Get("control_plane")),
-		Fleet:         expandContainerAwsClusterFleet(d.Get("fleet")),
-		Location:      dcl.String(d.Get("location").(string)),
-		Name:          dcl.String(d.Get("name").(string)),
-		Networking:    expandContainerAwsClusterNetworking(d.Get("networking")),
-		Description:   dcl.String(d.Get("description").(string)),
-		Annotations:   tpgresource.CheckStringMap(d.Get("effective_annotations")),
-		LoggingConfig: expandContainerAwsClusterLoggingConfig(d.Get("logging_config")),
-		Project:       dcl.String(project),
+		Authorization:       expandContainerAwsClusterAuthorization(d.Get("authorization")),
+		AwsRegion:           dcl.String(d.Get("aws_region").(string)),
+		ControlPlane:        expandContainerAwsClusterControlPlane(d.Get("control_plane")),
+		Fleet:               expandContainerAwsClusterFleet(d.Get("fleet")),
+		Location:            dcl.String(d.Get("location").(string)),
+		Name:                dcl.String(d.Get("name").(string)),
+		Networking:          expandContainerAwsClusterNetworking(d.Get("networking")),
+		BinaryAuthorization: expandContainerAwsClusterBinaryAuthorization(d.Get("binary_authorization")),
+		Description:         dcl.String(d.Get("description").(string)),
+		Annotations:         tpgresource.CheckStringMap(d.Get("effective_annotations")),
+		LoggingConfig:       expandContainerAwsClusterLoggingConfig(d.Get("logging_config")),
+		Project:             dcl.String(project),
 	}
 
 	userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent)
@@ -750,6 +774,9 @@ func resourceContainerAwsClusterRead(d *schema.ResourceData, meta interface{}) e
 	if err = d.Set("networking", flattenContainerAwsClusterNetworking(res.Networking)); err != nil {
 		return fmt.Errorf("error setting networking in state: %s", err)
 	}
+	if err = d.Set("binary_authorization", flattenContainerAwsClusterBinaryAuthorization(res.BinaryAuthorization)); err != nil {
+		return fmt.Errorf("error setting binary_authorization in state: %s", err)
+	}
 	if err = d.Set("description", res.Description); err != nil {
 		return fmt.Errorf("error setting description in state: %s", err)
 	}
@@ -800,17 +827,18 @@ func resourceContainerAwsClusterUpdate(d *schema.ResourceData, meta interface{})
 	}
 
 	obj := &containeraws.Cluster{
-		Authorization: expandContainerAwsClusterAuthorization(d.Get("authorization")),
-		AwsRegion:     dcl.String(d.Get("aws_region").(string)),
-		ControlPlane:  expandContainerAwsClusterControlPlane(d.Get("control_plane")),
-		Fleet:         expandContainerAwsClusterFleet(d.Get("fleet")),
-		Location:      dcl.String(d.Get("location").(string)),
-		Name:          dcl.String(d.Get("name").(string)),
-		Networking:    expandContainerAwsClusterNetworking(d.Get("networking")),
-		Description:   dcl.String(d.Get("description").(string)),
-		Annotations:   tpgresource.CheckStringMap(d.Get("effective_annotations")),
-		LoggingConfig: expandContainerAwsClusterLoggingConfig(d.Get("logging_config")),
-		Project:       dcl.String(project),
+		Authorization:       expandContainerAwsClusterAuthorization(d.Get("authorization")),
+		AwsRegion:           dcl.String(d.Get("aws_region").(string)),
+		ControlPlane:        expandContainerAwsClusterControlPlane(d.Get("control_plane")),
+		Fleet:               expandContainerAwsClusterFleet(d.Get("fleet")),
+		Location:            dcl.String(d.Get("location").(string)),
+		Name:                dcl.String(d.Get("name").(string)),
+		Networking:          expandContainerAwsClusterNetworking(d.Get("networking")),
+		BinaryAuthorization: expandContainerAwsClusterBinaryAuthorization(d.Get("binary_authorization")),
+		Description:         dcl.String(d.Get("description").(string)),
+		Annotations:         tpgresource.CheckStringMap(d.Get("effective_annotations")),
+		LoggingConfig:       expandContainerAwsClusterLoggingConfig(d.Get("logging_config")),
+		Project:             dcl.String(project),
 	}
 	directive := tpgdclresource.UpdateDirective
 	userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent)
@@ -853,17 +881,18 @@ func resourceContainerAwsClusterDelete(d *schema.ResourceData, meta interface{})
 	}
 
 	obj := &containeraws.Cluster{
-		Authorization: expandContainerAwsClusterAuthorization(d.Get("authorization")),
-		AwsRegion:     dcl.String(d.Get("aws_region").(string)),
-		ControlPlane:  expandContainerAwsClusterControlPlane(d.Get("control_plane")),
-		Fleet:         expandContainerAwsClusterFleet(d.Get("fleet")),
-		Location:      dcl.String(d.Get("location").(string)),
-		Name:          dcl.String(d.Get("name").(string)),
-		Networking:    expandContainerAwsClusterNetworking(d.Get("networking")),
-		Description:   dcl.String(d.Get("description").(string)),
-		Annotations:   tpgresource.CheckStringMap(d.Get("effective_annotations")),
-		LoggingConfig: expandContainerAwsClusterLoggingConfig(d.Get("logging_config")),
-		Project:       dcl.String(project),
+		Authorization:       expandContainerAwsClusterAuthorization(d.Get("authorization")),
+		AwsRegion:           dcl.String(d.Get("aws_region").(string)),
+		ControlPlane:        expandContainerAwsClusterControlPlane(d.Get("control_plane")),
+		Fleet:               expandContainerAwsClusterFleet(d.Get("fleet")),
+		Location:            dcl.String(d.Get("location").(string)),
+		Name:                dcl.String(d.Get("name").(string)),
+		Networking:          expandContainerAwsClusterNetworking(d.Get("networking")),
+		BinaryAuthorization: expandContainerAwsClusterBinaryAuthorization(d.Get("binary_authorization")),
+		Description:         dcl.String(d.Get("description").(string)),
+		Annotations:         tpgresource.CheckStringMap(d.Get("effective_annotations")),
+		LoggingConfig:       expandContainerAwsClusterLoggingConfig(d.Get("logging_config")),
+		Project:             dcl.String(project),
 	}
 
 	log.Printf("[DEBUG] Deleting Cluster %q", d.Id())
@@ -1332,6 +1361,32 @@ func flattenContainerAwsClusterNetworking(obj *containeraws.ClusterNetworking) i
 
 }
 
+func expandContainerAwsClusterBinaryAuthorization(o interface{}) *containeraws.ClusterBinaryAuthorization {
+	if o == nil {
+		return nil
+	}
+	objArr := o.([]interface{})
+	if len(objArr) == 0 || objArr[0] == nil {
+		return nil
+	}
+	obj := objArr[0].(map[string]interface{})
+	return &containeraws.ClusterBinaryAuthorization{
+		EvaluationMode: containeraws.ClusterBinaryAuthorizationEvaluationModeEnumRef(obj["evaluation_mode"].(string)),
+	}
+}
+
+func flattenContainerAwsClusterBinaryAuthorization(obj *containeraws.ClusterBinaryAuthorization) interface{} {
+	if obj == nil || obj.Empty() {
+		return nil
+	}
+	transformed := map[string]interface{}{
+		"evaluation_mode": obj.EvaluationMode,
+	}
+
+	return []interface{}{transformed}
+
+}
+
 func expandContainerAwsClusterLoggingConfig(o interface{}) *containeraws.ClusterLoggingConfig {
 	if o == nil {
 		return nil

diff --git a/google-beta/services/containeraws/resource_container_aws_cluster_generated_test.go b/google-beta/services/containeraws/resource_container_aws_cluster_generated_test.go
@@ -898,6 +898,10 @@ resource "google_container_aws_cluster" "primary" {
 
   aws_region = "%{aws_region}"
 
+  binary_authorization {
+    evaluation_mode = "PROJECT_SINGLETON_POLICY_ENFORCE"
+  }
+
   control_plane {
     aws_services_authentication {
       role_arn          = "arn:aws:iam::%{aws_acct_id}:role/%{byo_prefix}-1p-dev-oneplatform"