feat: [container] add SecurityPostureConfig Enterprise vuln mode to a…

…llow customers to enable Advanced Vulnerability Scanning for their clusters (#4666) * feat: add SecurityPostureConfig Enterprise vuln mode to allow customers to enable Advanced Vulnerability Scanning for their clusters --- docs: deprecate ProtectConfig fields in alpha and beta, with SecurityPostureConfig as the intended replacement PiperOrigin-RevId: 565696375 Source-Link: googleapis/googleapis@304bf75 Source-Link: googleapis/googleapis-gen@e42f451 Copy-Tag: eyJwIjoicGFja2FnZXMvZ29vZ2xlLWNvbnRhaW5lci8uT3dsQm90LnlhbWwiLCJoIjoiZTQyZjQ1MTI5YmNkOTVhNDhmOWY0NzgxYjFlNjRjYWIyZjZjYWE3YiJ9 * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md --------- Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
googleapis · Sep 19, 2023 · 9876892 · 9876892
1 parent 240a69f
commit 9876892
Show file tree

Hide file tree

Showing 4 changed files with 63 additions and 4 deletions.
diff --git a/packages/google-container/protos/google/container/v1beta1/cluster_service.proto b/packages/google-container/protos/google/container/v1beta1/cluster_service.proto
@@ -832,6 +832,12 @@ message NodeConfig {
   // HostMaintenancePolicy contains the desired maintenance policy for the
   // Google Compute Engine hosts.
   HostMaintenancePolicy host_maintenance_policy = 44;
+
+  // Optional. Enable confidential storage on Hyperdisk.
+  // boot_disk_kms_key is required when enable_confidential_storage is true.
+  // This is only available for private preview.
+  bool enable_confidential_storage = 46
+      [(google.api.field_behavior) = OPTIONAL];
 }
 
 // Specifies options for controlling advanced machine features.
@@ -2185,8 +2191,9 @@ message Cluster {
   // in autopilot clusters and node auto-provisioning enabled clusters.
   NodePoolAutoConfig node_pool_auto_config = 136;
 
+  // Deprecated: Use SecurityPostureConfig instead.
   // Enable/Disable Protect API features for the cluster.
-  optional ProtectConfig protect_config = 137;
+  optional ProtectConfig protect_config = 137 [deprecated = true];
 
   // This checksum is computed by the server based on the value of cluster
   // fields, and may be sent on update requests to ensure the client has an
@@ -2282,6 +2289,10 @@ message SecurityPostureConfig {
 
     // Applies basic vulnerability scanning on the cluster.
     VULNERABILITY_BASIC = 2;
+
+    // Applies the Security Posture's vulnerability on cluster Enterprise level
+    // features.
+    VULNERABILITY_ENTERPRISE = 3;
   }
 
   // Sets which mode to use for Security Posture features.
@@ -2509,8 +2520,9 @@ message ClusterUpdate {
   // in autopilot clusters and node auto-provisioning enabled clusters.
   NetworkTags desired_node_pool_auto_config_network_tags = 110;
 
+  // Deprecated: Use DesiredSecurityPostureConfig instead.
   // Enable/Disable Protect API features for the cluster.
-  optional ProtectConfig desired_protect_config = 112;
+  optional ProtectConfig desired_protect_config = 112 [deprecated = true];
 
   // The desired config of Gateway API on this cluster.
   GatewayAPIConfig desired_gateway_api_config = 114;

diff --git a/packages/google-container/protos/protos.d.ts b/packages/google-container/protos/protos.d.ts
diff --git a/packages/google-container/protos/protos.js b/packages/google-container/protos/protos.js
diff --git a/packages/google-container/protos/protos.json b/packages/google-container/protos/protos.json