feat(containerattached): Add security_posture_config (#11516)

hdp617 · entertvl · commit f63924543b7a · 2024-09-09T17:47:27.000+09:00
diff --git a/mmv1/products/containerattached/Cluster.yaml b/mmv1/products/containerattached/Cluster.yaml
@@ -355,3 +355,17 @@ properties:
             required: true
             description: |
               Namespace of the kubernetes secret containing the proxy config.
+  - !ruby/object:Api::Type::NestedObject
+    name: securityPostureConfig
+    description: |
+      Enable/Disable Security Posture API features for the cluster.
+    default_from_api: true
+    properties:
+      - !ruby/object:Api::Type::Enum
+        name: vulnerabilityMode
+        required: true
+        description: |
+          Sets the mode of the Kubernetes security posture API's workload vulnerability scanning.
+        values:
+          - :VULNERABILITY_DISABLED
+          - :VULNERABILITY_ENTERPRISE
diff --git a/mmv1/templates/terraform/examples/container_attached_cluster_full.tf.erb b/mmv1/templates/terraform/examples/container_attached_cluster_full.tf.erb
@@ -46,4 +46,7 @@ resource "google_container_attached_cluster" "primary" {
       namespace = "default"
     }
   }
+  security_posture_config {
+    vulnerability_mode = "VULNERABILITY_ENTERPRISE"
+  }
 }
diff --git a/mmv1/templates/terraform/pre_update/containerattached_update.go.erb b/mmv1/templates/terraform/pre_update/containerattached_update.go.erb
@@ -19,9 +19,12 @@ if d.HasChange("proxy_config") {
     newUpdateMask = append(newUpdateMask, "proxy_config.kubernetes_secret.name")
     newUpdateMask = append(newUpdateMask, "proxy_config.kubernetes_secret.namespace")
 }
+if d.HasChange("security_posture_config") {
+    newUpdateMask = append(newUpdateMask, "security_posture_config.vulnerability_mode")
+}
 // Pull out any other set fields from the generated mask.
 for _, mask := range updateMask {
-    if mask == "authorization" || mask == "loggingConfig" || mask == "monitoringConfig" || mask == "binaryAuthorization" || mask == "proxyConfig" {
+    if mask == "authorization" || mask == "loggingConfig" || mask == "monitoringConfig" || mask == "binaryAuthorization" || mask == "proxyConfig" || mask == "securityPostureConfig" {
         continue
     }
     newUpdateMask = append(newUpdateMask, mask)
diff --git a/mmv1/third_party/terraform/services/containerattached/resource_container_attached_cluster_update_test.go b/mmv1/third_party/terraform/services/containerattached/resource_container_attached_cluster_update_test.go
@@ -118,6 +118,9 @@ resource "google_container_attached_cluster" "primary" {
       namespace = "default"
     }
   }
+  security_posture_config {
+    vulnerability_mode = "VULNERABILITY_ENTERPRISE"
+  }
 }
 `, context)
 }
@@ -166,6 +169,9 @@ resource "google_container_attached_cluster" "primary" {
       namespace = "custom-ns"
     }
   }
+  security_posture_config {
+    vulnerability_mode = "VULNERABILITY_DISABLED"
+  }
   lifecycle {
     prevent_destroy = true
   }
@@ -312,6 +318,9 @@ resource "google_container_attached_cluster" "primary" {
       namespace = "custom-ns"
     }
   }
+  security_posture_config {
+    vulnerability_mode = "VULNERABILITY_DISABLED"
+  }
 }
 `, context)
 }

Original file line number	Diff line number	Diff line change
`@@ -46,4 +46,7 @@ resource "google_container_attached_cluster" "primary" {`
`46`	`46`	`namespace = "default"`
`47`	`47`	`}`
`48`	`48`	`}`
	`49`	`+ security_posture_config {`
	`50`	`+ vulnerability_mode = "VULNERABILITY_ENTERPRISE"`
	`51`	`+ }`
`49`	`52`	`}`
Original file line number	Diff line number	Diff line change
`@@ -19,9 +19,12 @@ if d.HasChange("proxy_config") {`
`19`	`19`	`newUpdateMask = append(newUpdateMask, "proxy_config.kubernetes_secret.name")`
`20`	`20`	`newUpdateMask = append(newUpdateMask, "proxy_config.kubernetes_secret.namespace")`
`21`	`21`	`}`
	`22`	`+if d.HasChange("security_posture_config") {`
	`23`	`+ newUpdateMask = append(newUpdateMask, "security_posture_config.vulnerability_mode")`
	`24`	`+}`
`22`	`25`	`// Pull out any other set fields from the generated mask.`
`23`	`26`	`for _, mask := range updateMask {`
`24`		`- if mask == "authorization" \|\| mask == "loggingConfig" \|\| mask == "monitoringConfig" \|\| mask == "binaryAuthorization" \|\| mask == "proxyConfig" {`
	`27`	`+ if mask == "authorization" \|\| mask == "loggingConfig" \|\| mask == "monitoringConfig" \|\| mask == "binaryAuthorization" \|\| mask == "proxyConfig" \|\| mask == "securityPostureConfig" {`
`25`	`28`	`continue`
`26`	`29`	`}`
`27`	`30`	`newUpdateMask = append(newUpdateMask, mask)`
Original file line number	Diff line number	Diff line change
`@@ -118,6 +118,9 @@ resource "google_container_attached_cluster" "primary" {`
`118`	`118`	`namespace = "default"`
`119`	`119`	`}`
`120`	`120`	`}`
	`121`	`+ security_posture_config {`
	`122`	`+ vulnerability_mode = "VULNERABILITY_ENTERPRISE"`
	`123`	`+ }`
`121`	`124`	`}`
`122`	`125`	`, context)
`123`	`126`	`}`
`@@ -166,6 +169,9 @@ resource "google_container_attached_cluster" "primary" {`
`166`	`169`	`namespace = "custom-ns"`
`167`	`170`	`}`
`168`	`171`	`}`
	`172`	`+ security_posture_config {`
	`173`	`+ vulnerability_mode = "VULNERABILITY_DISABLED"`
	`174`	`+ }`
`169`	`175`	`lifecycle {`
`170`	`176`	`prevent_destroy = true`
`171`	`177`	`}`
`@@ -312,6 +318,9 @@ resource "google_container_attached_cluster" "primary" {`
`312`	`318`	`namespace = "custom-ns"`
`313`	`319`	`}`
`314`	`320`	`}`
	`321`	`+ security_posture_config {`
	`322`	`+ vulnerability_mode = "VULNERABILITY_DISABLED"`
	`323`	`+ }`
`315`	`324`	`}`
`316`	`325`	`, context)
`317`	`326`	`}`