Add support for PrivateRegistryAccessConfig

[vivzbansal]

This PR adds support for PrivateRegistryAccessConfig. See the public docs:

• https://cloud.google.com/kubernetes-engine/docs/how-to/access-private-registries-private-certificates
• https://cloud.google.com/kubernetes-engine/docs/how-to/customize-containerd-configuration

Release Note Template for Downstream PRs (will be copied)

container: added `containerd_config` field and subfields to `google_container_cluster` and `google_container_node_pool` resources, to allow those resources to access private image registries.

PS: This PR is the clone of the work authored by @mmiranda96 in this PR: #10450. Thanks Mike!

[github-actions]

Hello! I am a robot. Tests will require approval from a repository maintainer to run.

@SarahFrench, a repository maintainer, has been assigned to review your changes. If you have not received review feedback within 2 business days, please leave a comment on this PR asking them to take a look.

You can help make sure that review is quick by doing a self-review and by running impacted tests locally.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 5 files changed, 483 insertions(+), 1 deletion(-))
google-beta provider: Diff ( 5 files changed, 484 insertions(+), 2 deletions(-))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_container_cluster (355 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_container_cluster" "primary" {
  node_config {
    containerd_config {
      private_registry_access_config {
        certificate_authority_domain_config {
          fqdns = # value needed
          gcp_secret_manager_certificate_config {
            secret_uri = # value needed
          }
        }
        enabled = # value needed
      }
    }
  }
  node_pool {
    node_config {
      containerd_config {
        private_registry_access_config {
          certificate_authority_domain_config {
            fqdns = # value needed
            gcp_secret_manager_certificate_config {
              secret_uri = # value needed
            }
          }
          enabled = # value needed
        }
      }
    }
  }
}

[modular-magician]

Tests analytics

Total tests: 194
Passed tests: 182
Skipped tests: 10
Affected tests: 2

Click here to see the affected service packages

• container

Action taken

Found 2 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

TestAccContainerCluster_privateRegistry|TestAccContainerNodePool_privateRegistry

Get to know how VCR tests work

[modular-magician]

$\textcolor{green}{\textsf{Tests passed during RECORDING mode:}}$
TestAccContainerCluster_privateRegistry[Debug log]
TestAccContainerNodePool_privateRegistry[Debug log]

$\textcolor{green}{\textsf{No issues found for passed tests after REPLAYING rerun.}}$

---

$\textcolor{green}{\textsf{All tests passed!}}$
View the build log or the debug log for each test

[SarahFrench]

Hi, thanks for your PR!

Could you please add additional tests that cover the fields mentioned in this message? Your new tests cover fields nested under node_pool_defaults but that message indicates they can also be set under node_config and node_pool top level fields too.

Also, do you have any API documentation you could share about these new API fields? Thanks!

[vivzbansal]

Hi, thanks for your PR!

Could you please add additional tests that cover the fields mentioned in this message? Your new tests cover fields nested under node_pool_defaults but that message indicates they can also be set under node_config and node_pool top level fields too.

Also, do you have any API documentation you could share about these new API fields? Thanks!

Added acceptance tests.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 5 files changed, 594 insertions(+), 1 deletion(-))
google-beta provider: Diff ( 5 files changed, 595 insertions(+), 2 deletions(-))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_container_cluster (356 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_container_cluster" "primary" {
  node_config {
    containerd_config {
      private_registry_access_config {
        certificate_authority_domain_config {
          fqdns = # value needed
          gcp_secret_manager_certificate_config {
            secret_uri = # value needed
          }
        }
        enabled = # value needed
      }
    }
  }
  node_pool {
    node_config {
      containerd_config {
        private_registry_access_config {
          certificate_authority_domain_config {
            fqdns = # value needed
            gcp_secret_manager_certificate_config {
              secret_uri = # value needed
            }
          }
          enabled = # value needed
        }
      }
    }
  }
}

[modular-magician]

Tests analytics

Total tests: 195
Passed tests: 185
Skipped tests: 10
Affected tests: 0

Click here to see the affected service packages

• container

$\textcolor{green}{\textsf{All tests passed!}}$ View the [build log](https://storage.cloud.google.com/ci-vcr-logs/beta/refs/heads/auto-pr-10591/artifacts/e18d255d-e027-4342-928a-45bf88d610ef/build-log/replaying_test.log)

[SarahFrench]

As well as our thread on provisioning the secret that's referenced in the acceptance tests, please follow the guidance in this automated message: #10591 (comment)

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 5 files changed, 583 insertions(+), 1 deletion(-))
google-beta provider: Diff ( 5 files changed, 584 insertions(+), 2 deletions(-))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_container_cluster (357 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_container_cluster" "primary" {
  node_config {
    containerd_config {
      private_registry_access_config {
        certificate_authority_domain_config {
          fqdns = # value needed
          gcp_secret_manager_certificate_config {
            secret_uri = # value needed
          }
        }
        enabled = # value needed
      }
    }
  }
}

[modular-magician]

Tests analytics

Total tests: 195
Passed tests: 183
Skipped tests: 10
Affected tests: 2

Click here to see the affected service packages

• container

Action taken

Found 2 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

TestAccContainerCluster_privateRegistry|TestAccContainerNodePool_privateRegistry

Get to know how VCR tests work

[modular-magician]

$\textcolor{green}{\textsf{Tests passed during RECORDING mode:}}$
TestAccContainerNodePool_privateRegistry[Debug log]

$\textcolor{green}{\textsf{No issues found for passed tests after REPLAYING rerun.}}$

---

$\textcolor{red}{\textsf{Tests failed during RECORDING mode:}}$
TestAccContainerCluster_privateRegistry[Error message] [Debug log]

$\textcolor{red}{\textsf{Please fix these to complete your PR.}}$
View the build log or the debug log for each test

[SarahFrench]

Left some comments about the config for the added secrets - we need to make sure the names are unique, which is done by passing in a random string to the config. Here's an example:

magic-modules/mmv1/third_party/terraform/services/accesscontextmanager/resource_access_context_manager_service_perimeter_ingress_policy_test.go

Line 23 in 8ad7f68

policyTitle := acctest.RandString(t, 10)

[vivzbansal]

Left some comments about the config for the added secrets - we need to make sure the names are unique, which is done by passing in a random string to the config. Here's an example:

magic-modules/mmv1/third_party/terraform/services/accesscontextmanager/resource_access_context_manager_service_perimeter_ingress_policy_test.go

Line 23 in 8ad7f68

policyTitle := acctest.RandString(t, 10)

Thanks for the detailed review of this PR. Added random string to the secret name/ID.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 5 files changed, 650 insertions(+), 1 deletion(-))
google-beta provider: Diff ( 5 files changed, 651 insertions(+), 2 deletions(-))

[modular-magician]

Tests analytics

Total tests: 195
Passed tests: 183
Skipped tests: 10
Affected tests: 2

Click here to see the affected service packages

• container

Action taken

Found 2 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

TestAccContainerCluster_privateRegistry|TestAccContainerNodePool_privateRegistry

Get to know how VCR tests work

[modular-magician]

$\textcolor{green}{\textsf{Tests passed during RECORDING mode:}}$
TestAccContainerCluster_privateRegistry[Debug log]
TestAccContainerNodePool_privateRegistry[Debug log]

$\textcolor{green}{\textsf{No issues found for passed tests after REPLAYING rerun.}}$

---

$\textcolor{green}{\textsf{All tests passed!}}$
View the build log or the debug log for each test

[SarahFrench]

Thanks for making the changes I asked, merging now 🚀