From 95fe1e7d0a34a208e761fa3556f7e97d500bb958 Mon Sep 17 00:00:00 2001 From: Mike Laramie Date: Tue, 4 Jun 2024 16:13:26 +0000 Subject: [PATCH] Fix: Added ENTERPRISE to allowed values for security_posture_config --- .../container/resource_container_cluster.go | 4 +-- .../resource_container_cluster_migratev1.go | 4 +-- .../resource_container_cluster_test.go | 25 +++++++++++++++++++ .../docs/r/container_cluster.html.markdown | 2 +- 4 files changed, 30 insertions(+), 5 deletions(-) diff --git a/google/services/container/resource_container_cluster.go b/google/services/container/resource_container_cluster.go index 986131da7ec..17e1d8d70a1 100644 --- a/google/services/container/resource_container_cluster.go +++ b/google/services/container/resource_container_cluster.go @@ -1021,8 +1021,8 @@ func ResourceContainerCluster() *schema.Resource { Type: schema.TypeString, Optional: true, Computed: true, - ValidateFunc: validation.StringInSlice([]string{"DISABLED", "BASIC", "MODE_UNSPECIFIED"}, false), - Description: `Sets the mode of the Kubernetes security posture API's off-cluster features. Available options include DISABLED and BASIC.`, + ValidateFunc: validation.StringInSlice([]string{"DISABLED", "BASIC", "ENTERPRISE", "MODE_UNSPECIFIED"}, false), + Description: `Sets the mode of the Kubernetes security posture API's off-cluster features. Available options include DISABLED, BASIC, and ENTERPRISE.`, DiffSuppressFunc: tpgresource.EmptyOrDefaultStringSuppress("MODE_UNSPECIFIED"), }, "vulnerability_mode": { diff --git a/google/services/container/resource_container_cluster_migratev1.go b/google/services/container/resource_container_cluster_migratev1.go index 6160ce228ab..9fa9a3dcfac 100644 --- a/google/services/container/resource_container_cluster_migratev1.go +++ b/google/services/container/resource_container_cluster_migratev1.go @@ -794,8 +794,8 @@ func resourceContainerClusterResourceV1() *schema.Resource { Type: schema.TypeString, Optional: true, Computed: true, - ValidateFunc: validation.StringInSlice([]string{"DISABLED", "BASIC", "MODE_UNSPECIFIED"}, false), - Description: `Sets the mode of the Kubernetes security posture API's off-cluster features. Available options include DISABLED and BASIC.`, + ValidateFunc: validation.StringInSlice([]string{"DISABLED", "BASIC", "ENTERPRISE", "MODE_UNSPECIFIED"}, false), + Description: `Sets the mode of the Kubernetes security posture API's off-cluster features. Available options include DISABLED, BASIC, and ENTERPRISE.`, DiffSuppressFunc: tpgresource.EmptyOrDefaultStringSuppress("MODE_UNSPECIFIED"), }, "vulnerability_mode": { diff --git a/google/services/container/resource_container_cluster_test.go b/google/services/container/resource_container_cluster_test.go index c46d22ecf4d..fd6aaeb3010 100644 --- a/google/services/container/resource_container_cluster_test.go +++ b/google/services/container/resource_container_cluster_test.go @@ -3922,6 +3922,15 @@ func TestAccContainerCluster_withSecurityPostureConfig(t *testing.T) { ImportStateVerify: true, ImportStateVerifyIgnore: []string{"deletion_protection"}, }, + { + Config: testAccContainerCluster_SetSecurityPostureToEnterprise(clusterName, networkName, subnetworkName), + }, + { + ResourceName: "google_container_cluster.with_security_posture_config", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, + }, { Config: testAccContainerCluster_SetWorkloadVulnerabilityToStandard(clusterName, networkName, subnetworkName), }, @@ -4053,6 +4062,22 @@ resource "google_container_cluster" "with_security_posture_config" { `, resource_name, networkName, subnetworkName) } +func testAccContainerCluster_SetSecurityPostureToEnterprise(resource_name, networkName, subnetworkName string) string { + return fmt.Sprintf(` +resource "google_container_cluster" "with_security_posture_config" { + name = "%s" + location = "us-central1-a" + initial_node_count = 1 + security_posture_config { + mode = "ENTERPRISE" + } + deletion_protection = false + network = "%s" + subnetwork = "%s" +} +`, resource_name, networkName, subnetworkName) +} + func testAccContainerCluster_SetWorkloadVulnerabilityToStandard(resource_name, networkName, subnetworkName string) string { return fmt.Sprintf(` resource "google_container_cluster" "with_security_posture_config" { diff --git a/website/docs/r/container_cluster.html.markdown b/website/docs/r/container_cluster.html.markdown index 94443c5c1d4..6fcc94ccc7d 100644 --- a/website/docs/r/container_cluster.html.markdown +++ b/website/docs/r/container_cluster.html.markdown @@ -1335,7 +1335,7 @@ linux_node_config { The `security_posture_config` block supports: -* `mode` - (Optional) Sets the mode of the Kubernetes security posture API's off-cluster features. Available options include `DISABLED` and `BASIC`. +* `mode` - (Optional) Sets the mode of the Kubernetes security posture API's off-cluster features. Available options include `DISABLED`, `BASIC`, and `ENTERPRISE`. * `vulnerability_mode` - (Optional) Sets the mode of the Kubernetes security posture API's workload vulnerability scanning. Available options include `VULNERABILITY_DISABLED`, `VULNERABILITY_BASIC` and `VULNERABILITY_ENTERPRISE`.