feat: add SecurityPostureConfig Enterprise vuln mode to allow customers to enable Advanced Vulnerability Scanning for their clusters

Google APIs · copybara-github · commit 304bf75b1988 · 2023-09-15T09:17:45.000-07:00
---
docs: deprecate ProtectConfig fields in alpha and beta, with SecurityPostureConfig as the intended replacement
PiperOrigin-RevId: 565696375
diff --git a/google/container/v1beta1/cluster_service.proto b/google/container/v1beta1/cluster_service.proto
@@ -832,6 +832,12 @@ message NodeConfig {
   // HostMaintenancePolicy contains the desired maintenance policy for the
   // Google Compute Engine hosts.
   HostMaintenancePolicy host_maintenance_policy = 44;
+
+  // Optional. Enable confidential storage on Hyperdisk.
+  // boot_disk_kms_key is required when enable_confidential_storage is true.
+  // This is only available for private preview.
+  bool enable_confidential_storage = 46
+      [(google.api.field_behavior) = OPTIONAL];
 }
 
 // Specifies options for controlling advanced machine features.
@@ -2185,8 +2191,9 @@ message Cluster {
   // in autopilot clusters and node auto-provisioning enabled clusters.
   NodePoolAutoConfig node_pool_auto_config = 136;
 
+  // Deprecated: Use SecurityPostureConfig instead.
   // Enable/Disable Protect API features for the cluster.
-  optional ProtectConfig protect_config = 137;
+  optional ProtectConfig protect_config = 137 [deprecated = true];
 
   // This checksum is computed by the server based on the value of cluster
   // fields, and may be sent on update requests to ensure the client has an
@@ -2282,6 +2289,10 @@ message SecurityPostureConfig {
 
     // Applies basic vulnerability scanning on the cluster.
     VULNERABILITY_BASIC = 2;
+
+    // Applies the Security Posture's vulnerability on cluster Enterprise level
+    // features.
+    VULNERABILITY_ENTERPRISE = 3;
   }
 
   // Sets which mode to use for Security Posture features.
@@ -2509,8 +2520,9 @@ message ClusterUpdate {
   // in autopilot clusters and node auto-provisioning enabled clusters.
   NetworkTags desired_node_pool_auto_config_network_tags = 110;
 
+  // Deprecated: Use DesiredSecurityPostureConfig instead.
   // Enable/Disable Protect API features for the cluster.
-  optional ProtectConfig desired_protect_config = 112;
+  optional ProtectConfig desired_protect_config = 112 [deprecated = true];
 
   // The desired config of Gateway API on this cluster.
   GatewayAPIConfig desired_gateway_api_config = 114;
