From d9750ffecffacfd9051f6d3575c820e9f564261c Mon Sep 17 00:00:00 2001
From: "gcf-owl-bot[bot]" <78513119+gcf-owl-bot[bot]@users.noreply.github.com>
Date: Mon, 18 Sep 2023 09:41:25 -0400
Subject: [PATCH] feat: add SecurityPostureConfig Enterprise vuln mode to allow
 customers to enable Advanced Vulnerability Scanning for their clusters (#413)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* feat: add SecurityPostureConfig Enterprise vuln mode to allow customers to enable Advanced Vulnerability Scanning for their clusters

---
docs: deprecate ProtectConfig fields in alpha and beta, with SecurityPostureConfig as the intended replacement
PiperOrigin-RevId: 565696375

Source-Link: https://github.com/googleapis/googleapis/commit/304bf75b1988679c6378713bc6bd7fc3a41fba66

Source-Link: https://github.com/googleapis/googleapis-gen/commit/e42f45129bcd95a48f9f4781b1e64cab2f6caa7b
Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiZTQyZjQ1MTI5YmNkOTVhNDhmOWY0NzgxYjFlNjRjYWIyZjZjYWE3YiJ9

* 🦉 Updates from OwlBot post-processor

See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md

---------

Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
---
 .../types/cluster_service.py                  | 23 +++++++++++++++----
 .../snippet_metadata_google.container.v1.json |  2 +-
 ...pet_metadata_google.container.v1beta1.json |  2 +-
 3 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/google/cloud/container_v1beta1/types/cluster_service.py b/google/cloud/container_v1beta1/types/cluster_service.py
index 64d3eafd..84c433af 100644
--- a/google/cloud/container_v1beta1/types/cluster_service.py
+++ b/google/cloud/container_v1beta1/types/cluster_service.py
@@ -696,6 +696,11 @@ class NodeConfig(proto.Message):
             HostMaintenancePolicy contains the desired
             maintenance policy for the Google Compute Engine
             hosts.
+        enable_confidential_storage (bool):
+            Optional. Enable confidential storage on Hyperdisk.
+            boot_disk_kms_key is required when
+            enable_confidential_storage is true. This is only available
+            for private preview.
     """
 
     machine_type: str = proto.Field(
@@ -866,6 +871,10 @@ class NodeConfig(proto.Message):
         number=44,
         message="HostMaintenancePolicy",
     )
+    enable_confidential_storage: bool = proto.Field(
+        proto.BOOL,
+        number=46,
+    )
 
 
 class AdvancedMachineFeatures(proto.Message):
@@ -3046,8 +3055,9 @@ class Cluster(proto.Message):
             clusters and node auto-provisioning enabled
             clusters.
         protect_config (google.cloud.container_v1beta1.types.ProtectConfig):
-            Enable/Disable Protect API features for the
-            cluster.
+            Deprecated: Use SecurityPostureConfig
+            instead. Enable/Disable Protect API features for
+            the cluster.
 
             This field is a member of `oneof`_ ``_protect_config``.
         etag (str):
@@ -3615,10 +3625,14 @@ class VulnerabilityMode(proto.Enum):
             VULNERABILITY_BASIC (2):
                 Applies basic vulnerability scanning on the
                 cluster.
+            VULNERABILITY_ENTERPRISE (3):
+                Applies the Security Posture's vulnerability
+                on cluster Enterprise level features.
         """
         VULNERABILITY_MODE_UNSPECIFIED = 0
         VULNERABILITY_DISABLED = 1
         VULNERABILITY_BASIC = 2
+        VULNERABILITY_ENTERPRISE = 3
 
     mode: Mode = proto.Field(
         proto.ENUM,
@@ -3895,8 +3909,9 @@ class ClusterUpdate(proto.Message):
             clusters and node auto-provisioning enabled
             clusters.
         desired_protect_config (google.cloud.container_v1beta1.types.ProtectConfig):
-            Enable/Disable Protect API features for the
-            cluster.
+            Deprecated: Use DesiredSecurityPostureConfig
+            instead. Enable/Disable Protect API features for
+            the cluster.
 
             This field is a member of `oneof`_ ``_desired_protect_config``.
         desired_gateway_api_config (google.cloud.container_v1beta1.types.GatewayAPIConfig):
diff --git a/samples/generated_samples/snippet_metadata_google.container.v1.json b/samples/generated_samples/snippet_metadata_google.container.v1.json
index 6c8f4aac..477de1ee 100644
--- a/samples/generated_samples/snippet_metadata_google.container.v1.json
+++ b/samples/generated_samples/snippet_metadata_google.container.v1.json
@@ -8,7 +8,7 @@
     ],
     "language": "PYTHON",
     "name": "google-cloud-container",
-    "version": "2.31.0"
+    "version": "0.1.0"
   },
   "snippets": [
     {
diff --git a/samples/generated_samples/snippet_metadata_google.container.v1beta1.json b/samples/generated_samples/snippet_metadata_google.container.v1beta1.json
index 40e8221e..afdb562b 100644
--- a/samples/generated_samples/snippet_metadata_google.container.v1beta1.json
+++ b/samples/generated_samples/snippet_metadata_google.container.v1beta1.json
@@ -8,7 +8,7 @@
     ],
     "language": "PYTHON",
     "name": "google-cloud-container",
-    "version": "2.31.0"
+    "version": "0.1.0"
   },
   "snippets": [
     {