feat(v1beta1): Add preview support for monitoring a cluster's pods fo…

…r compliance with a provided Binary Authorization platform policy via Binary Authorization Continuous Validation (#405)

* feat: Add preview support for monitoring a cluster's pods for compliance with a provided Binary Authorization platform policy via Binary Authorization Continuous Validation

PiperOrigin-RevId: 555745169

Source-Link: googleapis/googleapis@2edfcad

Source-Link: googleapis/googleapis-gen@cf19791
Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiY2YxOTc5MWQ4MmViZjU2OTE3YmY2YjcwNGYyNzRhNGNjNWQ4OTU0NiJ9

* 🦉 Updates from OwlBot post-processor

See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md

---------

Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>

packages/google-cloud-container/google/cloud/container_v1beta1/types/cluster_service.py

@@ -2558,6 +2558,9 @@ class BinaryAuthorization(proto.Message):
  Mode of operation for binauthz policy
  evaluation. If unspecified, defaults to
  DISABLED.
+ policy_bindings (MutableSequence[google.cloud.container_v1beta1.types.BinaryAuthorization.PolicyBinding]):
+ Optional. Binauthz policies that apply to
+ this cluster.
  """
 
  class EvaluationMode(proto.Enum):
@@ -2573,10 +2576,39 @@ class EvaluationMode(proto.Enum):
  BinaryAuthorization using the project's
  singleton policy. This is equivalent to setting
  the enabled boolean to true.
+ POLICY_BINDINGS (5):
+ Use Binary Authorization with the policies specified in
+ policy_bindings.
+ POLICY_BINDINGS_AND_PROJECT_SINGLETON_POLICY_ENFORCE (6):
+ Use Binary Authorization with the policies specified in
+ policy_bindings, and also with the project's singleton
+ policy in enforcement mode.
  """
  EVALUATION_MODE_UNSPECIFIED = 0
  DISABLED = 1
  PROJECT_SINGLETON_POLICY_ENFORCE = 2
+ POLICY_BINDINGS = 5
+ POLICY_BINDINGS_AND_PROJECT_SINGLETON_POLICY_ENFORCE = 6
+
+ class PolicyBinding(proto.Message):
+ r"""Binauthz policy that applies to this cluster.
+
+ .. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields
+
+ Attributes:
+ name (str):
+ The relative resource name of the binauthz platform policy
+ to audit. GKE platform policies have the following format:
+ ``projects/{project_number}/platforms/gke/policies/{policy_id}``.
+
+ This field is a member of `oneof`_ ``_name``.
+ """
+
+ name: str = proto.Field(
+ proto.STRING,
+ number=1,
+ optional=True,
+ )
 
  enabled: bool = proto.Field(
  proto.BOOL,
@@ -2587,6 +2619,11 @@ class EvaluationMode(proto.Enum):
  number=2,
  enum=EvaluationMode,
  )
+ policy_bindings: MutableSequence[PolicyBinding] = proto.RepeatedField(
+ proto.MESSAGE,
+ number=5,
+ message=PolicyBinding,
+ )
 
 
 class PodSecurityPolicyConfig(proto.Message):

packages/google-cloud-container/samples/generated_samples/snippet_metadata_google.container.v1.json

@@ -8,7 +8,7 @@
  ],
  "language": "PYTHON",
  "name": "google-cloud-container",
- "version": "2.29.0"
+ "version": "0.1.0"
  },
  "snippets": [
  {

packages/google-cloud-container/samples/generated_samples/snippet_metadata_google.container.v1beta1.json

@@ -8,7 +8,7 @@
  ],
  "language": "PYTHON",
  "name": "google-cloud-container",
- "version": "2.29.0"
+ "version": "0.1.0"
  },
  "snippets": [
  {