dcl upgrade (#5994) (#11635)

* dcl upgrade + proxy_config test

* run make serialize

* added more multicloud tests

* added forwarding_rule tests + doc and exclude service_directory_registrations from global_forwarding_rule

* fix tests

* run make serialize

* fix forwarding_rule test

* added EXCLUDE to beta file

* update test + hide beta example + exclude containeraws proxy_config

* upgrade dcl to 1.5.1

* added proxy_config test

* remove EXCLUDE tag

* fix test

* format

* remove require

Signed-off-by: Modular Magician <magic-modules@google.com>

.changelog/5994.txt

@@ -0,0 +1,21 @@
+```release-note: enhancement
+compute: added `service_directory_registrations` to `google_compute_forwarding_rule` resource
+```
+```release-note:enhancement
+containeraws: added `proxy_config` to `google_container_aws_node_pool` resource
+```
+```release-note:enhancement
+containerazure: added `proxy_config` to `google_container_azure_node_pool` resource
+```
+```release-note:enhancement
+containeraws: added `instance_placement` and `logging_config` to `google_container_aws_cluster` resource (beta)
+```
+```release-note:enhancement
+containeraws: added `image_type` and `instance_placement` to `google_container_aws_node_pool` resource (beta)
+```
+```release-note:enhancement
+containerazure: added `logging_config` to `google_container_azure_cluster` resource (beta)
+```
+```release-note:enhancement
+containerazure: added `image_type` to `google_container_azure_node_pool` resource (beta)
+```

go.mod

@@ -2,7 +2,7 @@ module github.com/hashicorp/terraform-provider-google
 require (
 	cloud.google.com/go/bigtable v1.13.0
 	cloud.google.com/go/iam v0.1.1 // indirect
-	github.com/GoogleCloudPlatform/declarative-resource-client-library v1.1.0
+	github.com/GoogleCloudPlatform/declarative-resource-client-library v1.5.1
 	github.com/apparentlymart/go-cidr v1.1.0
 	github.com/client9/misspell v0.3.4
 	github.com/davecgh/go-spew v1.1.1

go.sum

@@ -1543,3 +1543,9 @@ github.com/GoogleCloudPlatform/declarative-resource-client-library v0.0.0-202203
 github.com/GoogleCloudPlatform/declarative-resource-client-library v0.0.0-20220316014534-ac1c1c4fdb29/go.mod h1:UJoDYx6t3+xCOd+dZX8+NrEB+Y/eW1pQlvxh2Gt7y5E=
 github.com/GoogleCloudPlatform/declarative-resource-client-library v1.1.0 h1:6EDY4EUsCW/mTRzYJ8SEzL2V5JACYCiIswnbhpaAwaY=
 github.com/GoogleCloudPlatform/declarative-resource-client-library v1.1.0/go.mod h1:UJoDYx6t3+xCOd+dZX8+NrEB+Y/eW1pQlvxh2Gt7y5E=
+github.com/GoogleCloudPlatform/declarative-resource-client-library v1.4.1 h1:nqlJvanh1GLSkVNpw6e4ecXtMd8Vl7c/USkI9qTyVzI=
+github.com/GoogleCloudPlatform/declarative-resource-client-library v1.4.1/go.mod h1:UJoDYx6t3+xCOd+dZX8+NrEB+Y/eW1pQlvxh2Gt7y5E=
+github.com/GoogleCloudPlatform/declarative-resource-client-library v1.5.1 h1:WsauUAtzKxwcfR2SAN8K/yeHS6S4pGK6r/oJdKJaTgI=
+github.com/GoogleCloudPlatform/declarative-resource-client-library v1.5.1/go.mod h1:UJoDYx6t3+xCOd+dZX8+NrEB+Y/eW1pQlvxh2Gt7y5E=
+github.com/GoogleCloudPlatform/declarative-resource-client-library v1.5.1 h1:WsauUAtzKxwcfR2SAN8K/yeHS6S4pGK6r/oJdKJaTgI=
+github.com/GoogleCloudPlatform/declarative-resource-client-library v1.5.1/go.mod h1:UJoDYx6t3+xCOd+dZX8+NrEB+Y/eW1pQlvxh2Gt7y5E=

google/resource_container_aws_cluster.go

@@ -180,7 +180,7 @@ func ContainerAwsClusterAuthorizationSchema() *schema.Resource {
 			"admin_users": {
 				Type:        schema.TypeList,
 				Required:    true,
-				Description: "Users to perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole to the users. At most one user can be specified. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles",
+				Description: "Users to perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles",
 				Elem:        ContainerAwsClusterAuthorizationAdminUsersSchema(),
 			},
 		},

google/resource_container_aws_node_pool.go

@@ -212,6 +212,14 @@ func ContainerAwsNodePoolConfigSchema() *schema.Resource {
 				Elem:        &schema.Schema{Type: schema.TypeString},
 			},
 
+			"proxy_config": {
+				Type:        schema.TypeList,
+				Optional:    true,
+				Description: "Proxy configuration for outbound HTTP(S) traffic.",
+				MaxItems:    1,
+				Elem:        ContainerAwsNodePoolConfigProxyConfigSchema(),
+			},
+
 			"root_volume": {
 				Type:        schema.TypeList,
 				Computed:    true,
@@ -268,6 +276,24 @@ func ContainerAwsNodePoolConfigConfigEncryptionSchema() *schema.Resource {
 	}
 }
 
+func ContainerAwsNodePoolConfigProxyConfigSchema() *schema.Resource {
+	return &schema.Resource{
+		Schema: map[string]*schema.Schema{
+			"secret_arn": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "The ARN of the AWS Secret Manager secret that contains the HTTP(S) proxy configuration.",
+			},
+
+			"secret_version": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "The version string of the AWS Secret Manager secret that contains the HTTP(S) proxy configuration.",
+			},
+		},
+	}
+}
+
 func ContainerAwsNodePoolConfigRootVolumeSchema() *schema.Resource {
 	return &schema.Resource{
 		Schema: map[string]*schema.Schema{
@@ -664,6 +690,7 @@ func expandContainerAwsNodePoolConfig(o interface{}) *containeraws.NodePoolConfi
 		IamInstanceProfile: dcl.String(obj["iam_instance_profile"].(string)),
 		InstanceType:       dcl.StringOrNil(obj["instance_type"].(string)),
 		Labels:             checkStringMap(obj["labels"]),
+		ProxyConfig:        expandContainerAwsNodePoolConfigProxyConfig(obj["proxy_config"]),
 		RootVolume:         expandContainerAwsNodePoolConfigRootVolume(obj["root_volume"]),
 		SecurityGroupIds:   expandStringArray(obj["security_group_ids"]),
 		SshConfig:          expandContainerAwsNodePoolConfigSshConfig(obj["ssh_config"]),
@@ -681,6 +708,7 @@ func flattenContainerAwsNodePoolConfig(obj *containeraws.NodePoolConfig) interfa
 		"iam_instance_profile": obj.IamInstanceProfile,
 		"instance_type":        obj.InstanceType,
 		"labels":               obj.Labels,
+		"proxy_config":         flattenContainerAwsNodePoolConfigProxyConfig(obj.ProxyConfig),
 		"root_volume":          flattenContainerAwsNodePoolConfigRootVolume(obj.RootVolume),
 		"security_group_ids":   obj.SecurityGroupIds,
 		"ssh_config":           flattenContainerAwsNodePoolConfigSshConfig(obj.SshConfig),
@@ -718,6 +746,34 @@ func flattenContainerAwsNodePoolConfigConfigEncryption(obj *containeraws.NodePoo
 
 }
 
+func expandContainerAwsNodePoolConfigProxyConfig(o interface{}) *containeraws.NodePoolConfigProxyConfig {
+	if o == nil {
+		return containeraws.EmptyNodePoolConfigProxyConfig
+	}
+	objArr := o.([]interface{})
+	if len(objArr) == 0 || objArr[0] == nil {
+		return containeraws.EmptyNodePoolConfigProxyConfig
+	}
+	obj := objArr[0].(map[string]interface{})
+	return &containeraws.NodePoolConfigProxyConfig{
+		SecretArn:     dcl.String(obj["secret_arn"].(string)),
+		SecretVersion: dcl.String(obj["secret_version"].(string)),
+	}
+}
+
+func flattenContainerAwsNodePoolConfigProxyConfig(obj *containeraws.NodePoolConfigProxyConfig) interface{} {
+	if obj == nil || obj.Empty() {
+		return nil
+	}
+	transformed := map[string]interface{}{
+		"secret_arn":     obj.SecretArn,
+		"secret_version": obj.SecretVersion,
+	}
+
+	return []interface{}{transformed}
+
+}
+
 func expandContainerAwsNodePoolConfigRootVolume(o interface{}) *containeraws.NodePoolConfigRootVolume {
 	if o == nil {
 		return nil

google/resource_container_aws_node_pool_generated_test.go

@@ -187,6 +187,11 @@ resource "google_container_aws_node_pool" "primary" {
 
     security_group_ids = ["%{aws_sg}"]
 
+    proxy_config {
+      secret_arn     = "arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF"
+      secret_version = "12345678-ABCD-EFGH-IJKL-987654321098"
+    }
+
     ssh_config {
       ec2_key_pair = "%{byo_prefix}-1p-dev-ssh"
     }
@@ -338,6 +343,11 @@ resource "google_container_aws_node_pool" "primary" {
 
     security_group_ids = ["%{aws_sg}"]
 
+    proxy_config {
+      secret_arn     = "arn:aws:secretsmanager:us-west-2:126285863215:secret:proxy_config20210824150329476300000001-ABCDEF"
+      secret_version = "12345678-ABCD-EFGH-IJKL-987654321098"
+    }
+
     ssh_config {
       ec2_key_pair = "%{byo_prefix}-1p-dev-ssh"
     }

google/resource_container_azure_cluster.go

@@ -195,7 +195,7 @@ func ContainerAzureClusterAuthorizationSchema() *schema.Resource {
 			"admin_users": {
 				Type:        schema.TypeList,
 				Required:    true,
-				Description: "Users that can perform operations as a cluster admin. A new ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the users. At most one user can be specified. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles",
+				Description: "Users that can perform operations as a cluster admin. A new ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles",
 				Elem:        ContainerAzureClusterAuthorizationAdminUsersSchema(),
 			},
 		},

google/resource_container_azure_cluster_generated_test.go

@@ -124,6 +124,11 @@ resource "google_container_azure_client" "basic" {
 
 func testAccContainerAzureCluster_BasicHandWrittenUpdate0(context map[string]interface{}) string {
 	return Nprintf(`
+data "google_container_azure_versions" "versions" {
+  project = "%{project_name}"
+  location = "us-west1"
+}
+
 resource "google_container_azure_cluster" "primary" {
   authorization {
     admin_users {
@@ -140,7 +145,7 @@ resource "google_container_azure_cluster" "primary" {
     }
 
     subnet_id = "/subscriptions/%{azure_sub}/resourceGroups/%{byo_prefix}-dev-byo/providers/Microsoft.Network/virtualNetworks/%{byo_prefix}-dev-vnet/subnets/default"
-    version   = "1.21.6-gke.1500"
+    version   = "${data.google_container_azure_versions.versions.valid_versions[0]}"
 
     database_encryption {
       key_id = "/subscriptions/%{azure_sub}/resourceGroups/%{byo_prefix}-dev-cluster/providers/Microsoft.KeyVault/vaults/%{byo_prefix}-dev-keyvault/keys/%{byo_prefix}-dev-key"

google/resource_container_azure_node_pool.go

@@ -202,6 +202,15 @@ func ContainerAzureNodePoolConfigSchema() *schema.Resource {
 				Elem:        ContainerAzureNodePoolConfigSshConfigSchema(),
 			},
 
+			"proxy_config": {
+				Type:        schema.TypeList,
+				Optional:    true,
+				ForceNew:    true,
+				Description: "Proxy configuration for outbound HTTP(S) traffic.",
+				MaxItems:    1,
+				Elem:        ContainerAzureNodePoolConfigProxyConfigSchema(),
+			},
+
 			"root_volume": {
 				Type:        schema.TypeList,
 				Computed:    true,
@@ -244,6 +253,26 @@ func ContainerAzureNodePoolConfigSshConfigSchema() *schema.Resource {
 	}
 }
 
+func ContainerAzureNodePoolConfigProxyConfigSchema() *schema.Resource {
+	return &schema.Resource{
+		Schema: map[string]*schema.Schema{
+			"resource_group_id": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "The ARM ID the of the resource group containing proxy keyvault. Resource group ids are formatted as `/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>`",
+			},
+
+			"secret_id": {
+				Type:        schema.TypeString,
+				Required:    true,
+				ForceNew:    true,
+				Description: "The URL the of the proxy setting secret with its version. Secret ids are formatted as `https:<key-vault-name>.vault.azure.net/secrets/<secret-name>/<secret-version>`.",
+			},
+		},
+	}
+}
+
 func ContainerAzureNodePoolConfigRootVolumeSchema() *schema.Resource {
 	return &schema.Resource{
 		Schema: map[string]*schema.Schema{
@@ -584,10 +613,11 @@ func expandContainerAzureNodePoolConfig(o interface{}) *containerazure.NodePoolC
 	}
 	obj := objArr[0].(map[string]interface{})
 	return &containerazure.NodePoolConfig{
-		SshConfig:  expandContainerAzureNodePoolConfigSshConfig(obj["ssh_config"]),
-		RootVolume: expandContainerAzureNodePoolConfigRootVolume(obj["root_volume"]),
-		Tags:       checkStringMap(obj["tags"]),
-		VmSize:     dcl.StringOrNil(obj["vm_size"].(string)),
+		SshConfig:   expandContainerAzureNodePoolConfigSshConfig(obj["ssh_config"]),
+		ProxyConfig: expandContainerAzureNodePoolConfigProxyConfig(obj["proxy_config"]),
+		RootVolume:  expandContainerAzureNodePoolConfigRootVolume(obj["root_volume"]),
+		Tags:        checkStringMap(obj["tags"]),
+		VmSize:      dcl.StringOrNil(obj["vm_size"].(string)),
 	}
 }
 
@@ -596,10 +626,11 @@ func flattenContainerAzureNodePoolConfig(obj *containerazure.NodePoolConfig) int
 		return nil
 	}
 	transformed := map[string]interface{}{
-		"ssh_config":  flattenContainerAzureNodePoolConfigSshConfig(obj.SshConfig),
-		"root_volume": flattenContainerAzureNodePoolConfigRootVolume(obj.RootVolume),
-		"tags":        obj.Tags,
-		"vm_size":     obj.VmSize,
+		"ssh_config":   flattenContainerAzureNodePoolConfigSshConfig(obj.SshConfig),
+		"proxy_config": flattenContainerAzureNodePoolConfigProxyConfig(obj.ProxyConfig),
+		"root_volume":  flattenContainerAzureNodePoolConfigRootVolume(obj.RootVolume),
+		"tags":         obj.Tags,
+		"vm_size":      obj.VmSize,
 	}
 
 	return []interface{}{transformed}
@@ -632,6 +663,34 @@ func flattenContainerAzureNodePoolConfigSshConfig(obj *containerazure.NodePoolCo
 
 }
 
+func expandContainerAzureNodePoolConfigProxyConfig(o interface{}) *containerazure.NodePoolConfigProxyConfig {
+	if o == nil {
+		return containerazure.EmptyNodePoolConfigProxyConfig
+	}
+	objArr := o.([]interface{})
+	if len(objArr) == 0 || objArr[0] == nil {
+		return containerazure.EmptyNodePoolConfigProxyConfig
+	}
+	obj := objArr[0].(map[string]interface{})
+	return &containerazure.NodePoolConfigProxyConfig{
+		ResourceGroupId: dcl.String(obj["resource_group_id"].(string)),
+		SecretId:        dcl.String(obj["secret_id"].(string)),
+	}
+}
+
+func flattenContainerAzureNodePoolConfigProxyConfig(obj *containerazure.NodePoolConfigProxyConfig) interface{} {
+	if obj == nil || obj.Empty() {
+		return nil
+	}
+	transformed := map[string]interface{}{
+		"resource_group_id": obj.ResourceGroupId,
+		"secret_id":         obj.SecretId,
+	}
+
+	return []interface{}{transformed}
+
+}
+
 func expandContainerAzureNodePoolConfigRootVolume(o interface{}) *containerazure.NodePoolConfigRootVolume {
 	if o == nil {
 		return nil

google/resource_container_azure_node_pool_generated_test.go

@@ -129,6 +129,11 @@ resource "google_container_azure_node_pool" "primary" {
       authorized_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers"
     }
 
+    proxy_config {
+      resource_group_id = "/subscriptions/%{azure_sub}/resourceGroups/%{byo_prefix}-dev-cluster"
+      secret_id         = "https://%{byo_prefix}-dev-keyvault.vault.azure.net/secrets/%{byo_prefix}-dev-secret/%{azure_config_secret}"
+    }
+
     root_volume {
       size_gib = 32
     }
@@ -226,6 +231,11 @@ resource "google_container_azure_node_pool" "primary" {
       authorized_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC8yaayO6lnb2v+SedxUMa2c8vtIEzCzBjM3EJJsv8Vm9zUDWR7dXWKoNGARUb2mNGXASvI6mFIDXTIlkQ0poDEPpMaXR0g2cb5xT8jAAJq7fqXL3+0rcJhY/uigQ+MrT6s+ub0BFVbsmGHNrMQttXX9gtmwkeAEvj3mra9e5pkNf90qlKnZz6U0SVArxVsLx07vHPHDIYrl0OPG4zUREF52igbBPiNrHJFDQJT/4YlDMJmo/QT/A1D6n9ocemvZSzhRx15/Arjowhr+VVKSbaxzPtEfY0oIg2SrqJnnr/l3Du5qIefwh5VmCZe4xopPUaDDoOIEFriZ88sB+3zz8ib8sk8zJJQCgeP78tQvXCgS+4e5W3TUg9mxjB6KjXTyHIVhDZqhqde0OI3Fy1UuVzRUwnBaLjBnAwP5EoFQGRmDYk/rEYe7HTmovLeEBUDQocBQKT4Ripm/xJkkWY7B07K/tfo56dGUCkvyIVXKBInCh+dLK7gZapnd4UWkY0xBYcwo1geMLRq58iFTLA2j/JmpmHXp7m0l7jJii7d44uD3tTIFYThn7NlOnvhLim/YcBK07GMGIN7XwrrKZKmxXaspw6KBWVhzuw1UPxctxshYEaMLfFg/bwOw8HvMPr9VtrElpSB7oiOh91PDIPdPBgHCi7N2QgQ5l/ZDBHieSpNrQ== thomasrodgers"
     }
 
+    proxy_config {
+      resource_group_id = "/subscriptions/%{azure_sub}/resourceGroups/%{byo_prefix}-dev-cluster"
+      secret_id         = "https://%{byo_prefix}-dev-keyvault.vault.azure.net/secrets/%{byo_prefix}-dev-secret/%{azure_config_secret}"
+    }
+
     root_volume {
       size_gib = 32
     }
@@ -245,7 +255,7 @@ resource "google_container_azure_node_pool" "primary" {
 
   name      = "tf-test-node-pool-name%{random_suffix}"
   subnet_id = "/subscriptions/%{azure_sub}/resourceGroups/%{byo_prefix}-dev-byo/providers/Microsoft.Network/virtualNetworks/%{byo_prefix}-dev-vnet/subnets/default"
-  version   = "1.21.6-gke.1500"
+  version   = "${data.google_container_azure_versions.versions.valid_versions[0]}"
 
   annotations = {
     annotation-two = "value-two"

google/resource_eventarc_trigger.go

@@ -246,7 +246,7 @@ func EventarcTriggerMatchingCriteriaSchema() *schema.Resource {
 			"value": {
 				Type:        schema.TypeString,
 				Required:    true,
-				Description: "Required. The value for the attribute.",
+				Description: "Required. The value for the attribute. See https://cloud.google.com/eventarc/docs/creating-triggers#trigger-gcloud for available values.",
 			},
 
 			"operator": {

website/docs/r/compute_forwarding_rule.html.markdown

@@ -1161,6 +1161,12 @@ The following arguments are supported:
   specified, it is assumed to be PREMIUM.
   Possible values are `PREMIUM` and `STANDARD`.
 
+* `service_directory_registrations` -
+  (Optional)
+  Service Directory resources to register this forwarding rule with. Currently,
+  only supports a single Service Directory resource.
+  Structure is [documented below](#nested_service_directory_registrations).
+
 * `service_label` -
   (Optional)
   An optional prefix to the service name for this Forwarding Rule.
@@ -1183,6 +1189,16 @@ The following arguments are supported:
     If it is not provided, the provider project is used.
 
 
+<a name="nested_service_directory_registrations"></a>The `service_directory_registrations` block supports:
+
+* `namespace` -
+  (Optional)
+  Service Directory namespace to register the forwarding rule under.
+
+* `service` -
+  (Optional)
+  Service Directory service to register the forwarding rule under.
+
 ## Attributes Reference
 
 In addition to the arguments listed above, the following computed attributes are exported: