hashicorp · modular-magician · Sep 25, 2023 · Sep 25, 2023
diff --git a/.changelog/9055.txt b/.changelog/9055.txt
@@ -0,0 +1,9 @@
+```release-note:breaking-change
+firebase: made `google_firebase_rules.release` immutable
+```
+```release-note:enhancement
+containeraws: added `binary_authorization` to `google_container_aws_cluster`
+```
+```release-note:enhancement
+containeraws: added `update_settings` to `google_container_aws_node_pool`
+```
diff --git a/go.mod b/go.mod
@@ -3,7 +3,7 @@ go 1.19
 
 require (
 	cloud.google.com/go/bigtable v1.19.0
-	github.com/GoogleCloudPlatform/declarative-resource-client-library v1.51.0
+	github.com/GoogleCloudPlatform/declarative-resource-client-library v1.52.0
 	github.com/apparentlymart/go-cidr v1.1.0
 	github.com/davecgh/go-spew v1.1.1
 	github.com/dnaeon/go-vcr v1.0.1

diff --git a/go.sum b/go.sum
@@ -17,6 +17,8 @@ cloud.google.com/go/longrunning v0.5.1/go.mod h1:spvimkwdz6SPWKEt/XBij79E9fiTkHS
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/GoogleCloudPlatform/declarative-resource-client-library v1.51.0 h1:YhWTPhOf6gVpA9mSfnLOuL8Y6j8W5pzmHE7flXjTke4=
 github.com/GoogleCloudPlatform/declarative-resource-client-library v1.51.0/go.mod h1:pL2Qt5HT+x6xrTd806oMiM3awW6kNIXB/iiuClz6m6k=
+github.com/GoogleCloudPlatform/declarative-resource-client-library v1.52.0 h1:KswxXF4E5iWv2ggktqv265zOvwmXA3mgma3UQfYA4tU=
+github.com/GoogleCloudPlatform/declarative-resource-client-library v1.52.0/go.mod h1:pL2Qt5HT+x6xrTd806oMiM3awW6kNIXB/iiuClz6m6k=
 github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
 github.com/Microsoft/go-winio v0.4.16 h1:FtSW/jqD+l4ba5iPBj9CODVtgfYAD8w2wS923g/cFDk=
 github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=
@@ -428,5 +430,3 @@ gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 rsc.io/binaryregexp v0.2.0 h1:HfqmD5MEmC0zvwBuF187nq9mdnXjXsSivRiXN7SmRkE=
-github.com/GoogleCloudPlatform/declarative-resource-client-library v1.51.0 h1:YhWTPhOf6gVpA9mSfnLOuL8Y6j8W5pzmHE7flXjTke4=
-github.com/GoogleCloudPlatform/declarative-resource-client-library v1.51.0/go.mod h1:pL2Qt5HT+x6xrTd806oMiM3awW6kNIXB/iiuClz6m6k=
diff --git a/google/services/containeraws/resource_container_aws_cluster.go b/google/services/containeraws/resource_container_aws_cluster.go
@@ -111,6 +111,15 @@ func ResourceContainerAwsCluster() *schema.Resource {
 				Elem:        ContainerAwsClusterNetworkingSchema(),
 			},
 
+			"binary_authorization": {
+				Type:        schema.TypeList,
+				Computed:    true,
+				Optional:    true,
+				Description: "Configuration options for the Binary Authorization feature.",
+				MaxItems:    1,
+				Elem:        ContainerAwsClusterBinaryAuthorizationSchema(),
+			},
+
 			"description": {
 				Type:        schema.TypeString,
 				Optional:    true,
@@ -540,6 +549,19 @@ func ContainerAwsClusterNetworkingSchema() *schema.Resource {
 	}
 }
 
+func ContainerAwsClusterBinaryAuthorizationSchema() *schema.Resource {
+	return &schema.Resource{
+		Schema: map[string]*schema.Schema{
+			"evaluation_mode": {
+				Type:        schema.TypeString,
+				Computed:    true,
+				Optional:    true,
+				Description: "Mode of operation for Binary Authorization policy evaluation. Possible values: DISABLED, PROJECT_SINGLETON_POLICY_ENFORCE",
+			},
+		},
+	}
+}
+
 func ContainerAwsClusterWorkloadIdentityConfigSchema() *schema.Resource {
 	return &schema.Resource{
 		Schema: map[string]*schema.Schema{
@@ -572,16 +594,17 @@ func resourceContainerAwsClusterCreate(d *schema.ResourceData, meta interface{})
 	}
 
 	obj := &containeraws.Cluster{
-		Authorization: expandContainerAwsClusterAuthorization(d.Get("authorization")),
-		AwsRegion:     dcl.String(d.Get("aws_region").(string)),
-		ControlPlane:  expandContainerAwsClusterControlPlane(d.Get("control_plane")),
-		Fleet:         expandContainerAwsClusterFleet(d.Get("fleet")),
-		Location:      dcl.String(d.Get("location").(string)),
-		Name:          dcl.String(d.Get("name").(string)),
-		Networking:    expandContainerAwsClusterNetworking(d.Get("networking")),
-		Description:   dcl.String(d.Get("description").(string)),
-		Annotations:   tpgresource.CheckStringMap(d.Get("effective_annotations")),
-		Project:       dcl.String(project),
+		Authorization:       expandContainerAwsClusterAuthorization(d.Get("authorization")),
+		AwsRegion:           dcl.String(d.Get("aws_region").(string)),
+		ControlPlane:        expandContainerAwsClusterControlPlane(d.Get("control_plane")),
+		Fleet:               expandContainerAwsClusterFleet(d.Get("fleet")),
+		Location:            dcl.String(d.Get("location").(string)),
+		Name:                dcl.String(d.Get("name").(string)),
+		Networking:          expandContainerAwsClusterNetworking(d.Get("networking")),
+		BinaryAuthorization: expandContainerAwsClusterBinaryAuthorization(d.Get("binary_authorization")),
+		Description:         dcl.String(d.Get("description").(string)),
+		Annotations:         tpgresource.CheckStringMap(d.Get("effective_annotations")),
+		Project:             dcl.String(project),
 	}
 
 	id, err := obj.ID()
@@ -629,16 +652,17 @@ func resourceContainerAwsClusterRead(d *schema.ResourceData, meta interface{}) e
 	}
 
 	obj := &containeraws.Cluster{
-		Authorization: expandContainerAwsClusterAuthorization(d.Get("authorization")),
-		AwsRegion:     dcl.String(d.Get("aws_region").(string)),
-		ControlPlane:  expandContainerAwsClusterControlPlane(d.Get("control_plane")),
-		Fleet:         expandContainerAwsClusterFleet(d.Get("fleet")),
-		Location:      dcl.String(d.Get("location").(string)),
-		Name:          dcl.String(d.Get("name").(string)),
-		Networking:    expandContainerAwsClusterNetworking(d.Get("networking")),
-		Description:   dcl.String(d.Get("description").(string)),
-		Annotations:   tpgresource.CheckStringMap(d.Get("effective_annotations")),
-		Project:       dcl.String(project),
+		Authorization:       expandContainerAwsClusterAuthorization(d.Get("authorization")),
+		AwsRegion:           dcl.String(d.Get("aws_region").(string)),
+		ControlPlane:        expandContainerAwsClusterControlPlane(d.Get("control_plane")),
+		Fleet:               expandContainerAwsClusterFleet(d.Get("fleet")),
+		Location:            dcl.String(d.Get("location").(string)),
+		Name:                dcl.String(d.Get("name").(string)),
+		Networking:          expandContainerAwsClusterNetworking(d.Get("networking")),
+		BinaryAuthorization: expandContainerAwsClusterBinaryAuthorization(d.Get("binary_authorization")),
+		Description:         dcl.String(d.Get("description").(string)),
+		Annotations:         tpgresource.CheckStringMap(d.Get("effective_annotations")),
+		Project:             dcl.String(project),
 	}
 
 	userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent)
@@ -684,6 +708,9 @@ func resourceContainerAwsClusterRead(d *schema.ResourceData, meta interface{}) e
 	if err = d.Set("networking", flattenContainerAwsClusterNetworking(res.Networking)); err != nil {
 		return fmt.Errorf("error setting networking in state: %s", err)
 	}
+	if err = d.Set("binary_authorization", flattenContainerAwsClusterBinaryAuthorization(res.BinaryAuthorization)); err != nil {
+		return fmt.Errorf("error setting binary_authorization in state: %s", err)
+	}
 	if err = d.Set("description", res.Description); err != nil {
 		return fmt.Errorf("error setting description in state: %s", err)
 	}
@@ -731,16 +758,17 @@ func resourceContainerAwsClusterUpdate(d *schema.ResourceData, meta interface{})
 	}
 
 	obj := &containeraws.Cluster{
-		Authorization: expandContainerAwsClusterAuthorization(d.Get("authorization")),
-		AwsRegion:     dcl.String(d.Get("aws_region").(string)),
-		ControlPlane:  expandContainerAwsClusterControlPlane(d.Get("control_plane")),
-		Fleet:         expandContainerAwsClusterFleet(d.Get("fleet")),
-		Location:      dcl.String(d.Get("location").(string)),
-		Name:          dcl.String(d.Get("name").(string)),
-		Networking:    expandContainerAwsClusterNetworking(d.Get("networking")),
-		Description:   dcl.String(d.Get("description").(string)),
-		Annotations:   tpgresource.CheckStringMap(d.Get("effective_annotations")),
-		Project:       dcl.String(project),
+		Authorization:       expandContainerAwsClusterAuthorization(d.Get("authorization")),
+		AwsRegion:           dcl.String(d.Get("aws_region").(string)),
+		ControlPlane:        expandContainerAwsClusterControlPlane(d.Get("control_plane")),
+		Fleet:               expandContainerAwsClusterFleet(d.Get("fleet")),
+		Location:            dcl.String(d.Get("location").(string)),
+		Name:                dcl.String(d.Get("name").(string)),
+		Networking:          expandContainerAwsClusterNetworking(d.Get("networking")),
+		BinaryAuthorization: expandContainerAwsClusterBinaryAuthorization(d.Get("binary_authorization")),
+		Description:         dcl.String(d.Get("description").(string)),
+		Annotations:         tpgresource.CheckStringMap(d.Get("effective_annotations")),
+		Project:             dcl.String(project),
 	}
 	directive := tpgdclresource.UpdateDirective
 	userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent)
@@ -783,16 +811,17 @@ func resourceContainerAwsClusterDelete(d *schema.ResourceData, meta interface{})
 	}
 
 	obj := &containeraws.Cluster{
-		Authorization: expandContainerAwsClusterAuthorization(d.Get("authorization")),
-		AwsRegion:     dcl.String(d.Get("aws_region").(string)),
-		ControlPlane:  expandContainerAwsClusterControlPlane(d.Get("control_plane")),
-		Fleet:         expandContainerAwsClusterFleet(d.Get("fleet")),
-		Location:      dcl.String(d.Get("location").(string)),
-		Name:          dcl.String(d.Get("name").(string)),
-		Networking:    expandContainerAwsClusterNetworking(d.Get("networking")),
-		Description:   dcl.String(d.Get("description").(string)),
-		Annotations:   tpgresource.CheckStringMap(d.Get("effective_annotations")),
-		Project:       dcl.String(project),
+		Authorization:       expandContainerAwsClusterAuthorization(d.Get("authorization")),
+		AwsRegion:           dcl.String(d.Get("aws_region").(string)),
+		ControlPlane:        expandContainerAwsClusterControlPlane(d.Get("control_plane")),
+		Fleet:               expandContainerAwsClusterFleet(d.Get("fleet")),
+		Location:            dcl.String(d.Get("location").(string)),
+		Name:                dcl.String(d.Get("name").(string)),
+		Networking:          expandContainerAwsClusterNetworking(d.Get("networking")),
+		BinaryAuthorization: expandContainerAwsClusterBinaryAuthorization(d.Get("binary_authorization")),
+		Description:         dcl.String(d.Get("description").(string)),
+		Annotations:         tpgresource.CheckStringMap(d.Get("effective_annotations")),
+		Project:             dcl.String(project),
 	}
 
 	log.Printf("[DEBUG] Deleting Cluster %q", d.Id())
@@ -1233,6 +1262,32 @@ func flattenContainerAwsClusterNetworking(obj *containeraws.ClusterNetworking) i
 
 }
 
+func expandContainerAwsClusterBinaryAuthorization(o interface{}) *containeraws.ClusterBinaryAuthorization {
+	if o == nil {
+		return nil
+	}
+	objArr := o.([]interface{})
+	if len(objArr) == 0 || objArr[0] == nil {
+		return nil
+	}
+	obj := objArr[0].(map[string]interface{})
+	return &containeraws.ClusterBinaryAuthorization{
+		EvaluationMode: containeraws.ClusterBinaryAuthorizationEvaluationModeEnumRef(obj["evaluation_mode"].(string)),
+	}
+}
+
+func flattenContainerAwsClusterBinaryAuthorization(obj *containeraws.ClusterBinaryAuthorization) interface{} {
+	if obj == nil || obj.Empty() {
+		return nil
+	}
+	transformed := map[string]interface{}{
+		"evaluation_mode": obj.EvaluationMode,
+	}
+
+	return []interface{}{transformed}
+
+}
+
 func flattenContainerAwsClusterWorkloadIdentityConfig(obj *containeraws.ClusterWorkloadIdentityConfig) interface{} {
 	if obj == nil || obj.Empty() {
 		return nil

diff --git a/google/services/firebaserules/resource_firebaserules_release.go b/google/services/firebaserules/resource_firebaserules_release.go
@@ -39,7 +39,6 @@ func ResourceFirebaserulesRelease() *schema.Resource {
 	return &schema.Resource{
 		Create: resourceFirebaserulesReleaseCreate,
 		Read:   resourceFirebaserulesReleaseRead,
-		Update: resourceFirebaserulesReleaseUpdate,
 		Delete: resourceFirebaserulesReleaseDelete,
 
 		Importer: &schema.ResourceImporter{
@@ -48,7 +47,6 @@ func ResourceFirebaserulesRelease() *schema.Resource {
 
 		Timeouts: &schema.ResourceTimeout{
 			Create: schema.DefaultTimeout(20 * time.Minute),
-			Update: schema.DefaultTimeout(20 * time.Minute),
 			Delete: schema.DefaultTimeout(20 * time.Minute),
 		},
 		CustomizeDiff: customdiff.All(
@@ -66,6 +64,7 @@ func ResourceFirebaserulesRelease() *schema.Resource {
 			"ruleset_name": {
 				Type:             schema.TypeString,
 				Required:         true,
+				ForceNew:         true,
 				DiffSuppressFunc: tpgresource.CompareSelfLinkOrResourceName,
 				Description:      "Name of the `Ruleset` referred to by this `Release`. The `Ruleset` must exist for the `Release` to be created.",
 			},
@@ -206,50 +205,6 @@ func resourceFirebaserulesReleaseRead(d *schema.ResourceData, meta interface{})
 
 	return nil
 }
-func resourceFirebaserulesReleaseUpdate(d *schema.ResourceData, meta interface{}) error {
-	config := meta.(*transport_tpg.Config)
-	project, err := tpgresource.GetProject(d, config)
-	if err != nil {
-		return err
-	}
-
-	obj := &firebaserules.Release{
-		Name:        dcl.String(d.Get("name").(string)),
-		RulesetName: dcl.String(d.Get("ruleset_name").(string)),
-		Project:     dcl.String(project),
-	}
-	directive := tpgdclresource.UpdateDirective
-	userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent)
-	if err != nil {
-		return err
-	}
-
-	billingProject := ""
-	// err == nil indicates that the billing_project value was found
-	if bp, err := tpgresource.GetBillingProject(d, config); err == nil {
-		billingProject = bp
-	}
-	client := transport_tpg.NewDCLFirebaserulesClient(config, userAgent, billingProject, d.Timeout(schema.TimeoutUpdate))
-	if bp, err := tpgresource.ReplaceVars(d, config, client.Config.BasePath); err != nil {
-		d.SetId("")
-		return fmt.Errorf("Could not format %q: %w", client.Config.BasePath, err)
-	} else {
-		client.Config.BasePath = bp
-	}
-	res, err := client.ApplyRelease(context.Background(), obj, directive...)
-
-	if _, ok := err.(dcl.DiffAfterApplyError); ok {
-		log.Printf("[DEBUG] Diff after apply returned from the DCL: %s", err)
-	} else if err != nil {
-		// The resource didn't actually create
-		d.SetId("")
-		return fmt.Errorf("Error updating Release: %s", err)
-	}
-
-	log.Printf("[DEBUG] Finished creating Release %q: %#v", d.Id(), res)
-
-	return resourceFirebaserulesReleaseRead(d, meta)
-}
 
 func resourceFirebaserulesReleaseDelete(d *schema.ResourceData, meta interface{}) error {
 	config := meta.(*transport_tpg.Config)

diff --git a/google/services/firebaserules/resource_firebaserules_release_generated_test.go b/google/services/firebaserules/resource_firebaserules_release_generated_test.go
@@ -54,14 +54,6 @@ func TestAccFirebaserulesRelease_FirestoreReleaseHandWritten(t *testing.T) {
 				ImportState:       true,
 				ImportStateVerify: true,
 			},
-			{
-				Config: testAccFirebaserulesRelease_FirestoreReleaseHandWrittenUpdate0(context),
-			},
-			{
-				ResourceName:      "google_firebaserules_release.primary",
-				ImportState:       true,
-				ImportStateVerify: true,
-			},
 		},
 	})
 }
@@ -94,34 +86,6 @@ resource "google_firebaserules_ruleset" "firestore" {
 `, context)
 }
 
-func testAccFirebaserulesRelease_FirestoreReleaseHandWrittenUpdate0(context map[string]interface{}) string {
-	return acctest.Nprintf(`
-resource "google_firebaserules_release" "primary" {
-  name         = "cloud.firestore"
-  ruleset_name = "projects/%{project_name}/rulesets/${google_firebaserules_ruleset.firestore.name}"
-  project      = "%{project_name}"
-
-  lifecycle {
-    replace_triggered_by = [
-      google_firebaserules_ruleset.firestore
-    ]
-  }
-}
-
-resource "google_firebaserules_ruleset" "firestore" {
-  source {
-    files {
-      content = "service cloud.firestore {match /databases/{database}/documents { match /{document=**} { allow read, write: if request.auth != null; } } }"
-      name    = "firestore.rules"
-    }
-  }
-
-  project = "%{project_name}"
-}
-
-`, context)
-}
-
 func testAccCheckFirebaserulesReleaseDestroyProducer(t *testing.T) func(s *terraform.State) error {
 	return func(s *terraform.State) error {
 		for name, rs := range s.RootModule().Resources {

diff --git a/google/tpgdclresource/tpgtools_utils.go b/google/tpgdclresource/tpgtools_utils.go
@@ -3,6 +3,7 @@
 package tpgdclresource
 
 import (
+	"context"
 	"fmt"
 	"log"
 
@@ -26,3 +27,24 @@ func HandleNotFoundDCLError(err error, d *schema.ResourceData, resourceName stri
 	return errwrap.Wrapf(
 		fmt.Sprintf("Error when reading or editing %s: {{err}}", resourceName), err)
 }
+
+func ResourceContainerAwsNodePoolCustomizeDiffFunc(_ context.Context, diff *schema.ResourceDiff, meta interface{}) error {
+	count := diff.Get("update_settings.#").(int)
+	if count < 1 {
+		return nil
+	}
+
+	oMaxSurge, nMaxSurge := diff.GetChange("update_settings.0.surge_settings.0.max_surge")
+	oMaxUnavailable, nMaxUnavailable := diff.GetChange("update_settings.0.surge_settings.0.max_unavailable")
+
+	// Server default of maxSurge = 1 and maxUnavailable = 0 is not returned
+	// Clear the diff if trying to resolve these specific values
+	if oMaxSurge == 0 && nMaxSurge == 1 && oMaxUnavailable == 0 && nMaxUnavailable == 0 {
+		err := diff.Clear("update_settings")
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}