feat(v1beta1): Add preview support for monitoring a cluster's pods for compliance with a provided Binary Authorization platform policy via Binary Authorization Continuous Validation (#405)

* feat: Add preview support for monitoring a cluster's pods for compliance with a provided Binary Authorization platform policy via Binary Authorization Continuous Validation

PiperOrigin-RevId: 555745169

Source-Link: googleapis/googleapis@2edfcad

Source-Link: https://github.com/googleapis/googleapis-gen/commit/cf19791d82ebf56917bf6b704f274a4cc5d89546
Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiY2YxOTc5MWQ4MmViZjU2OTE3YmY2YjcwNGYyNzRhNGNjNWQ4OTU0NiJ9

* 🦉 Updates from OwlBot post-processor

See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md

---------

Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>

Author: gcf-owl-bot[bot]

google/cloud/container_v1beta1/types/cluster_service.py

@@ -2558,6 +2558,9 @@ class BinaryAuthorization(proto.Message):
             Mode of operation for binauthz policy
             evaluation. If unspecified, defaults to
             DISABLED.
+        policy_bindings (MutableSequence[google.cloud.container_v1beta1.types.BinaryAuthorization.PolicyBinding]):
+            Optional. Binauthz policies that apply to
+            this cluster.
     """
 
     class EvaluationMode(proto.Enum):
@@ -2573,10 +2576,39 @@ class EvaluationMode(proto.Enum):
                 BinaryAuthorization using the project's
                 singleton policy. This is equivalent to setting
                 the enabled boolean to true.
+            POLICY_BINDINGS (5):
+                Use Binary Authorization with the policies specified in
+                policy_bindings.
+            POLICY_BINDINGS_AND_PROJECT_SINGLETON_POLICY_ENFORCE (6):
+                Use Binary Authorization with the policies specified in
+                policy_bindings, and also with the project's singleton
+                policy in enforcement mode.
         """
         EVALUATION_MODE_UNSPECIFIED = 0
         DISABLED = 1
         PROJECT_SINGLETON_POLICY_ENFORCE = 2
+        POLICY_BINDINGS = 5
+        POLICY_BINDINGS_AND_PROJECT_SINGLETON_POLICY_ENFORCE = 6
+
+    class PolicyBinding(proto.Message):
+        r"""Binauthz policy that applies to this cluster.
+
+        .. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields
+
+        Attributes:
+            name (str):
+                The relative resource name of the binauthz platform policy
+                to audit. GKE platform policies have the following format:
+                ``projects/{project_number}/platforms/gke/policies/{policy_id}``.
+
+                This field is a member of `oneof`_ ``_name``.
+        """
+
+        name: str = proto.Field(
+            proto.STRING,
+            number=1,
+            optional=True,
+        )
 
     enabled: bool = proto.Field(
         proto.BOOL,
@@ -2587,6 +2619,11 @@ class EvaluationMode(proto.Enum):
         number=2,
         enum=EvaluationMode,
     )
+    policy_bindings: MutableSequence[PolicyBinding] = proto.RepeatedField(
+        proto.MESSAGE,
+        number=5,
+        message=PolicyBinding,
+    )
 
 
 class PodSecurityPolicyConfig(proto.Message):

samples/generated_samples/snippet_metadata_google.container.v1.json

@@ -8,7 +8,7 @@
     ],
     "language": "PYTHON",
     "name": "google-cloud-container",
-    "version": "2.29.0"
+    "version": "0.1.0"
   },
   "snippets": [
     {

samples/generated_samples/snippet_metadata_google.container.v1beta1.json

@@ -8,7 +8,7 @@
     ],
     "language": "PYTHON",
     "name": "google-cloud-container",
-    "version": "2.29.0"
+    "version": "0.1.0"
   },
   "snippets": [
     {