Add confidential nodes support to node pools

[rnicoll]

This adds support for the "confidential_nodes" configuration at the node pool level, where previously they were only available at cluster level.

As part of this, code required for the confidential nodes configuration is migrated from the cluster file to the node_config.go.erb file.

fixes {https://github.com/hashicorp/terraform-provider-google/issues/13127}

If this PR is for Terraform, I acknowledge that I have:

• Searched through the issue tracker for an open issue that this either resolves or contributes to, commented on it to claim it, and written "fixes {url}" or "part of {url}" in this PR description. If there were no relevant open issues, I opened one and commented that I would like to work on it (not necessary for very small changes).
• Ensured that all new fields I added that can be set by a user appear in at least one example (for generated resources) or third_party test (for handwritten resources or update tests).
• Generated Terraform providers, and ran make test and make lint in the generated providers to ensure it passes unit and linter tests.
• Ran relevant acceptance tests using my own Google Cloud project and credentials (If the acceptance tests do not yet pass or you are unable to run them, please let your reviewer know).
• Read Write release notes before writing my release note below.

Release Note Template for Downstream PRs (will be copied)

container: added `node_config.confidential_compute` field to `google_container_node_pool` resource

[modular-magician]

Oops! It looks like you're using an unknown release-note type in your changelog entries:

• REPLACEME

Please only use the types listed in https://github.com/GoogleCloudPlatform/magic-modules/blob/master/.ci/RELEASE_NOTES_GUIDE.md.

[modular-magician]

Hello! I am a robot. It looks like you are a: Community Contributor Googler Core Contributor. Tests will run automatically.

@ScottSuarez, a repository maintainer, has been assigned to review your changes. If you have not received review feedback within 2 business days, please leave a comment on this PR asking them to take a look.

You can help make sure that review is quick by doing a self-review and by running impacted tests locally.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

Terraform GA: Diff ( 2 files changed, 44 insertions(+), 21 deletions(-))
Terraform Beta: Diff ( 2 files changed, 45 insertions(+), 21 deletions(-))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_container_cluster (229 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_container_cluster" "primary" {
  node_config {
    confidential_nodes {
      enabled = # value needed
    }
  }
  node_pool {
    node_config {
      confidential_nodes {
        enabled = # value needed
      }
    }
  }
}

Resource: google_container_node_pool (51 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_container_node_pool" "primary" {
  node_config {
    confidential_nodes {
      enabled = # value needed
    }
  }
}

[ScottSuarez]

Hi, I notice this PR is in draft, let me know when it's ready for review.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

Terraform GA: Diff ( 2 files changed, 44 insertions(+), 21 deletions(-))
Terraform Beta: Diff ( 3 files changed, 142 insertions(+), 21 deletions(-))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_container_cluster (232 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_container_cluster" "primary" {
  node_config {
    confidential_nodes {
      enabled = # value needed
    }
  }
  node_pool {
    node_config {
      confidential_nodes {
        enabled = # value needed
      }
    }
  }
}

[rnicoll]

Thanks Scott, will do! It should be ready for review this week or early next.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

Terraform GA: Diff ( 2 files changed, 44 insertions(+), 21 deletions(-))
Terraform Beta: Diff ( 3 files changed, 142 insertions(+), 21 deletions(-))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_container_cluster (232 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_container_cluster" "primary" {
  node_config {
    confidential_nodes {
      enabled = # value needed
    }
  }
  node_pool {
    node_config {
      confidential_nodes {
        enabled = # value needed
      }
    }
  }
}

[rnicoll]

@ScottSuarez this is ready for review now

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

Terraform GA: Diff ( 3 files changed, 141 insertions(+), 21 deletions(-))
Terraform Beta: Diff ( 3 files changed, 142 insertions(+), 21 deletions(-))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_container_cluster (232 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_container_cluster" "primary" {
  node_config {
    confidential_nodes {
      enabled = # value needed
    }
  }
  node_pool {
    node_config {
      confidential_nodes {
        enabled = # value needed
      }
    }
  }
}

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

Terraform GA: Diff ( 3 files changed, 141 insertions(+), 21 deletions(-))
Terraform Beta: Diff ( 3 files changed, 142 insertions(+), 21 deletions(-))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_container_cluster (232 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_container_cluster" "primary" {
  node_pool {
    node_config {
      confidential_nodes {
        enabled = # value needed
      }
    }
  }
}

[rnicoll]

Unclear why this continues to show as lacking an acceptance test, but if I've missed something do let me know.

[modular-magician]

Tests analytics

Total tests: 2988
Passed tests 2688
Skipped tests: 296
Affected tests: 4

Action taken

Found 4 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

TestAccBigtableAppProfile_bigtableAppProfileSingleclusterExample|TestAccBigtableAppProfile_bigtableAppProfileAnyclusterExample|TestAccContainerNodePool_withConfidentialNodes|TestAccDataprocClusterIamPolicy

Get to know how VCR tests work

[modular-magician]

$\textcolor{green}{\textsf{Tests passed during RECORDING mode:}}$
TestAccBigtableAppProfile_bigtableAppProfileSingleclusterExample[Debug log]
TestAccBigtableAppProfile_bigtableAppProfileAnyclusterExample[Debug log]
TestAccContainerNodePool_withConfidentialNodes[Debug log]
TestAccDataprocClusterIamPolicy[Debug log]

Rerun these tests in REPLAYING mode to catch issues

$\textcolor{green}{\textsf{No issues found for passed tests after REPLAYING rerun.}}$

---

$\textcolor{green}{\textsf{All tests passed!}}$
View the build log or the debug log for each test

[rnicoll]

@ScottSuarez Quick nudge on this. Although if there's something I've missed which is causing the Modular Magician to think there isn't an acceptance test, do let me know. I have presumed it's the tool, not me, but was wondering if I've missed something subtle.

[ScottSuarez]

Ah thanks for the nudge ! This looks good at a glance. Let me see

[ScottSuarez]

Oh ! one follow up change @rnicoll. We'll need to add this to the documentation for this resource

https://github.com/GoogleCloudPlatform/magic-modules/blob/main/mmv1/third_party/terraform/website/docs/r/container_cluster.html.markdown

https://github.com/GoogleCloudPlatform/magic-modules/blob/main/mmv1/third_party/terraform/website/docs/r/container_node_pool.html.markdown

[ScottSuarez]

Tag me on the change and I can review