update dcl version

.changelog/9370.txt

@@ -0,0 +1,12 @@
+```release-note:enhancement
+assuredworkloads: added `enable_sovereign_controls`, `partner`, `partner_permissions`, `violation_notifications_enabled`, and several other output-only fields to `google_assured_workloads_workloads`
+```
+```release-note:enhancement
+containeraws: added `admin_groups` to `google_container_aws_cluster`
+```
+```release-note:enhancement
+containerazure: added `admin_groups` to `google_container_azure_cluster`
+```
+```release-note:enhancement
+gkehub: added `metrics_gcp_service_account_email` to `google_gke_hub_feature_membership`
+```

go.mod

@@ -3,7 +3,7 @@ go 1.19
 
 require (
 	cloud.google.com/go/bigtable v1.19.0
-	github.com/GoogleCloudPlatform/declarative-resource-client-library v1.52.0
+	github.com/GoogleCloudPlatform/declarative-resource-client-library v1.55.0
 	github.com/apparentlymart/go-cidr v1.1.0
 	github.com/davecgh/go-spew v1.1.1
 	github.com/dnaeon/go-vcr v1.0.1

go.sum

@@ -17,6 +17,8 @@ cloud.google.com/go/longrunning v0.5.1/go.mod h1:spvimkwdz6SPWKEt/XBij79E9fiTkHS
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/GoogleCloudPlatform/declarative-resource-client-library v1.52.0 h1:KswxXF4E5iWv2ggktqv265zOvwmXA3mgma3UQfYA4tU=
 github.com/GoogleCloudPlatform/declarative-resource-client-library v1.52.0/go.mod h1:pL2Qt5HT+x6xrTd806oMiM3awW6kNIXB/iiuClz6m6k=
+github.com/GoogleCloudPlatform/declarative-resource-client-library v1.55.0 h1:MTP0IDIztk36l8ubHkEcL6lWMG8Enqu9AP3E4MoBFg0=
+github.com/GoogleCloudPlatform/declarative-resource-client-library v1.55.0/go.mod h1:pL2Qt5HT+x6xrTd806oMiM3awW6kNIXB/iiuClz6m6k=
 github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
 github.com/Microsoft/go-winio v0.4.16 h1:FtSW/jqD+l4ba5iPBj9CODVtgfYAD8w2wS923g/cFDk=
 github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=

google/services/assuredworkloads/resource_assured_workloads_workload_generated_test.go

@@ -109,6 +109,11 @@ resource "google_assured_workloads_workload" "primary" {
   provisioned_resources_parent = google_folder.folder1.name
   organization = "%{org_id}"
   location = "us-central1"
+  resource_settings {
+    resource_type = "CONSUMER_FOLDER"
+    display_name = "folder-display-name"
+  }
+  violation_notifications_enabled = true
 }
 
 resource "google_folder" "folder1" {
@@ -130,6 +135,11 @@ resource "google_assured_workloads_workload" "primary" {
   provisioned_resources_parent = google_folder.folder1.name
   organization = "%{org_id}"
   location = "us-central1"
+  resource_settings {
+    resource_type = "CONSUMER_FOLDER"
+    display_name = "folder-display-name"
+  }
+  violation_notifications_enabled = true
 }
 
 resource "google_folder" "folder1" {
@@ -180,14 +190,18 @@ func testAccCheckAssuredWorkloadsWorkloadDestroyProducer(t *testing.T) func(s *t
 			}
 
 			obj := &assuredworkloads.Workload{
-				BillingAccount:             dcl.String(rs.Primary.Attributes["billing_account"]),
-				ComplianceRegime:           assuredworkloads.WorkloadComplianceRegimeEnumRef(rs.Primary.Attributes["compliance_regime"]),
-				DisplayName:                dcl.String(rs.Primary.Attributes["display_name"]),
-				Location:                   dcl.String(rs.Primary.Attributes["location"]),
-				Organization:               dcl.String(rs.Primary.Attributes["organization"]),
-				ProvisionedResourcesParent: dcl.String(rs.Primary.Attributes["provisioned_resources_parent"]),
-				CreateTime:                 dcl.StringOrNil(rs.Primary.Attributes["create_time"]),
-				Name:                       dcl.StringOrNil(rs.Primary.Attributes["name"]),
+				ComplianceRegime:              assuredworkloads.WorkloadComplianceRegimeEnumRef(rs.Primary.Attributes["compliance_regime"]),
+				DisplayName:                   dcl.String(rs.Primary.Attributes["display_name"]),
+				Location:                      dcl.String(rs.Primary.Attributes["location"]),
+				Organization:                  dcl.String(rs.Primary.Attributes["organization"]),
+				BillingAccount:                dcl.String(rs.Primary.Attributes["billing_account"]),
+				EnableSovereignControls:       dcl.Bool(rs.Primary.Attributes["enable_sovereign_controls"] == "true"),
+				Partner:                       assuredworkloads.WorkloadPartnerEnumRef(rs.Primary.Attributes["partner"]),
+				ProvisionedResourcesParent:    dcl.String(rs.Primary.Attributes["provisioned_resources_parent"]),
+				ViolationNotificationsEnabled: dcl.Bool(rs.Primary.Attributes["violation_notifications_enabled"] == "true"),
+				CreateTime:                    dcl.StringOrNil(rs.Primary.Attributes["create_time"]),
+				KajEnrollmentState:            assuredworkloads.WorkloadKajEnrollmentStateEnumRef(rs.Primary.Attributes["kaj_enrollment_state"]),
+				Name:                          dcl.StringOrNil(rs.Primary.Attributes["name"]),
 			}
 
 			client := transport_tpg.NewDCLAssuredWorkloadsClient(config, config.UserAgent, billingProject, 0)

google/services/containeraws/resource_container_aws_cluster.go

@@ -209,6 +209,13 @@ func ContainerAwsClusterAuthorizationSchema() *schema.Resource {
 				Description: "Users to perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles",
 				Elem:        ContainerAwsClusterAuthorizationAdminUsersSchema(),
 			},
+
+			"admin_groups": {
+				Type:        schema.TypeList,
+				Optional:    true,
+				Description: "Groups of users that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole to the groups. Up to ten admin groups can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles",
+				Elem:        ContainerAwsClusterAuthorizationAdminGroupsSchema(),
+			},
 		},
 	}
 }
@@ -225,6 +232,18 @@ func ContainerAwsClusterAuthorizationAdminUsersSchema() *schema.Resource {
 	}
 }
 
+func ContainerAwsClusterAuthorizationAdminGroupsSchema() *schema.Resource {
+	return &schema.Resource{
+		Schema: map[string]*schema.Schema{
+			"group": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "The name of the group, e.g. `my-group@domain.com`.",
+			},
+		},
+	}
+}
+
 func ContainerAwsClusterControlPlaneSchema() *schema.Resource {
 	return &schema.Resource{
 		Schema: map[string]*schema.Schema{
@@ -407,7 +426,7 @@ func ContainerAwsClusterControlPlaneMainVolumeSchema() *schema.Resource {
 				Computed:    true,
 				Optional:    true,
 				ForceNew:    true,
-				Description: "Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3.",
+				Description: "Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. If volume type is gp3 and throughput is not specified, the throughput will defaults to 125.",
 			},
 
 			"volume_type": {
@@ -467,7 +486,7 @@ func ContainerAwsClusterControlPlaneRootVolumeSchema() *schema.Resource {
 				Type:        schema.TypeInt,
 				Computed:    true,
 				Optional:    true,
-				Description: "Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3.",
+				Description: "Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. If volume type is gp3 and throughput is not specified, the throughput will defaults to 125.",
 			},
 
 			"volume_type": {
@@ -880,7 +899,8 @@ func expandContainerAwsClusterAuthorization(o interface{}) *containeraws.Cluster
 	}
 	obj := objArr[0].(map[string]interface{})
 	return &containeraws.ClusterAuthorization{
-		AdminUsers: expandContainerAwsClusterAuthorizationAdminUsersArray(obj["admin_users"]),
+		AdminUsers:  expandContainerAwsClusterAuthorizationAdminUsersArray(obj["admin_users"]),
+		AdminGroups: expandContainerAwsClusterAuthorizationAdminGroupsArray(obj["admin_groups"]),
 	}
 }
 
@@ -889,7 +909,8 @@ func flattenContainerAwsClusterAuthorization(obj *containeraws.ClusterAuthorizat
 		return nil
 	}
 	transformed := map[string]interface{}{
-		"admin_users": flattenContainerAwsClusterAuthorizationAdminUsersArray(obj.AdminUsers),
+		"admin_users":  flattenContainerAwsClusterAuthorizationAdminUsersArray(obj.AdminUsers),
+		"admin_groups": flattenContainerAwsClusterAuthorizationAdminGroupsArray(obj.AdminGroups),
 	}
 
 	return []interface{}{transformed}
@@ -949,6 +970,61 @@ func flattenContainerAwsClusterAuthorizationAdminUsers(obj *containeraws.Cluster
 
 	return transformed
 
+}
+func expandContainerAwsClusterAuthorizationAdminGroupsArray(o interface{}) []containeraws.ClusterAuthorizationAdminGroups {
+	if o == nil {
+		return make([]containeraws.ClusterAuthorizationAdminGroups, 0)
+	}
+
+	objs := o.([]interface{})
+	if len(objs) == 0 || objs[0] == nil {
+		return make([]containeraws.ClusterAuthorizationAdminGroups, 0)
+	}
+
+	items := make([]containeraws.ClusterAuthorizationAdminGroups, 0, len(objs))
+	for _, item := range objs {
+		i := expandContainerAwsClusterAuthorizationAdminGroups(item)
+		items = append(items, *i)
+	}
+
+	return items
+}
+
+func expandContainerAwsClusterAuthorizationAdminGroups(o interface{}) *containeraws.ClusterAuthorizationAdminGroups {
+	if o == nil {
+		return containeraws.EmptyClusterAuthorizationAdminGroups
+	}
+
+	obj := o.(map[string]interface{})
+	return &containeraws.ClusterAuthorizationAdminGroups{
+		Group: dcl.String(obj["group"].(string)),
+	}
+}
+
+func flattenContainerAwsClusterAuthorizationAdminGroupsArray(objs []containeraws.ClusterAuthorizationAdminGroups) []interface{} {
+	if objs == nil {
+		return nil
+	}
+
+	items := []interface{}{}
+	for _, item := range objs {
+		i := flattenContainerAwsClusterAuthorizationAdminGroups(&item)
+		items = append(items, i)
+	}
+
+	return items
+}
+
+func flattenContainerAwsClusterAuthorizationAdminGroups(obj *containeraws.ClusterAuthorizationAdminGroups) interface{} {
+	if obj == nil || obj.Empty() {
+		return nil
+	}
+	transformed := map[string]interface{}{
+		"group": obj.Group,
+	}
+
+	return transformed
+
 }
 
 func expandContainerAwsClusterControlPlane(o interface{}) *containeraws.ClusterControlPlane {

google/services/containeraws/resource_container_aws_cluster_generated_test.go

@@ -134,6 +134,9 @@ resource "google_container_aws_cluster" "primary" {
     admin_users {
       username = "%{service_acct}"
     }
+    admin_groups {
+      group = "group@domain.com"
+    }
   }
 
   aws_region = "%{aws_region}"
@@ -224,6 +227,9 @@ resource "google_container_aws_cluster" "primary" {
     admin_users {
       username = "%{service_acct}"
     }
+    admin_groups {
+      group = "group@domain.com"
+    }
   }
 
   aws_region = "%{aws_region}"

google/services/containeraws/resource_container_aws_node_pool.go

@@ -370,7 +370,7 @@ func ContainerAwsNodePoolConfigRootVolumeSchema() *schema.Resource {
 				Type:        schema.TypeInt,
 				Computed:    true,
 				Optional:    true,
-				Description: "Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3.",
+				Description: "Optional. The throughput to provision for the volume, in MiB/s. Only valid if the volume type is GP3. If volume type is gp3 and throughput is not specified, the throughput will defaults to 125.",
 			},
 
 			"volume_type": {

google/services/containerazure/resource_container_azure_cluster.go

@@ -227,6 +227,13 @@ func ContainerAzureClusterAuthorizationSchema() *schema.Resource {
 				Description: "Users that can perform operations as a cluster admin. A new ClusterRoleBinding will be created to grant the cluster-admin ClusterRole to the users. Up to ten admin users can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles",
 				Elem:        ContainerAzureClusterAuthorizationAdminUsersSchema(),
 			},
+
+			"admin_groups": {
+				Type:        schema.TypeList,
+				Optional:    true,
+				Description: "Groups of users that can perform operations as a cluster admin. A managed ClusterRoleBinding will be created to grant the `cluster-admin` ClusterRole to the groups. Up to ten admin groups can be provided. For more info on RBAC, see https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles",
+				Elem:        ContainerAzureClusterAuthorizationAdminGroupsSchema(),
+			},
 		},
 	}
 }
@@ -243,6 +250,18 @@ func ContainerAzureClusterAuthorizationAdminUsersSchema() *schema.Resource {
 	}
 }
 
+func ContainerAzureClusterAuthorizationAdminGroupsSchema() *schema.Resource {
+	return &schema.Resource{
+		Schema: map[string]*schema.Schema{
+			"group": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "The name of the group, e.g. `my-group@domain.com`.",
+			},
+		},
+	}
+}
+
 func ContainerAzureClusterControlPlaneSchema() *schema.Resource {
 	return &schema.Resource{
 		Schema: map[string]*schema.Schema{
@@ -824,7 +843,8 @@ func expandContainerAzureClusterAuthorization(o interface{}) *containerazure.Clu
 	}
 	obj := objArr[0].(map[string]interface{})
 	return &containerazure.ClusterAuthorization{
-		AdminUsers: expandContainerAzureClusterAuthorizationAdminUsersArray(obj["admin_users"]),
+		AdminUsers:  expandContainerAzureClusterAuthorizationAdminUsersArray(obj["admin_users"]),
+		AdminGroups: expandContainerAzureClusterAuthorizationAdminGroupsArray(obj["admin_groups"]),
 	}
 }
 
@@ -833,7 +853,8 @@ func flattenContainerAzureClusterAuthorization(obj *containerazure.ClusterAuthor
 		return nil
 	}
 	transformed := map[string]interface{}{
-		"admin_users": flattenContainerAzureClusterAuthorizationAdminUsersArray(obj.AdminUsers),
+		"admin_users":  flattenContainerAzureClusterAuthorizationAdminUsersArray(obj.AdminUsers),
+		"admin_groups": flattenContainerAzureClusterAuthorizationAdminGroupsArray(obj.AdminGroups),
 	}
 
 	return []interface{}{transformed}
@@ -893,6 +914,61 @@ func flattenContainerAzureClusterAuthorizationAdminUsers(obj *containerazure.Clu
 
 	return transformed
 
+}
+func expandContainerAzureClusterAuthorizationAdminGroupsArray(o interface{}) []containerazure.ClusterAuthorizationAdminGroups {
+	if o == nil {
+		return make([]containerazure.ClusterAuthorizationAdminGroups, 0)
+	}
+
+	objs := o.([]interface{})
+	if len(objs) == 0 || objs[0] == nil {
+		return make([]containerazure.ClusterAuthorizationAdminGroups, 0)
+	}
+
+	items := make([]containerazure.ClusterAuthorizationAdminGroups, 0, len(objs))
+	for _, item := range objs {
+		i := expandContainerAzureClusterAuthorizationAdminGroups(item)
+		items = append(items, *i)
+	}
+
+	return items
+}
+
+func expandContainerAzureClusterAuthorizationAdminGroups(o interface{}) *containerazure.ClusterAuthorizationAdminGroups {
+	if o == nil {
+		return containerazure.EmptyClusterAuthorizationAdminGroups
+	}
+
+	obj := o.(map[string]interface{})
+	return &containerazure.ClusterAuthorizationAdminGroups{
+		Group: dcl.String(obj["group"].(string)),
+	}
+}
+
+func flattenContainerAzureClusterAuthorizationAdminGroupsArray(objs []containerazure.ClusterAuthorizationAdminGroups) []interface{} {
+	if objs == nil {
+		return nil
+	}
+
+	items := []interface{}{}
+	for _, item := range objs {
+		i := flattenContainerAzureClusterAuthorizationAdminGroups(&item)
+		items = append(items, i)
+	}
+
+	return items
+}
+
+func flattenContainerAzureClusterAuthorizationAdminGroups(obj *containerazure.ClusterAuthorizationAdminGroups) interface{} {
+	if obj == nil || obj.Empty() {
+		return nil
+	}
+	transformed := map[string]interface{}{
+		"group": obj.Group,
+	}
+
+	return transformed
+
 }
 
 func expandContainerAzureClusterControlPlane(o interface{}) *containerazure.ClusterControlPlane {

google/services/containerazure/resource_container_azure_cluster_generated_test.go

@@ -86,6 +86,9 @@ resource "google_container_azure_cluster" "primary" {
     admin_users {
       username = "mmv2@google.com"
     }
+    admin_groups {
+      group = "group@domain.com"
+    }
   }
 
   azure_region = "westus2"
@@ -141,6 +144,9 @@ resource "google_container_azure_cluster" "primary" {
     admin_users {
       username = "mmv2@google.com"
     }
+    admin_groups {
+      group = "group@domain.com"
+    }
   }
 
   azure_region = "westus2"