feat(container): update the API

#### container:v1beta1

The following keys were added:
- schemas.Cluster.properties.rbacBindingConfig.$ref
- schemas.Cluster.properties.rbacBindingConfig.description
- schemas.ClusterUpdate.properties.desiredRbacBindingConfig.$ref
- schemas.ClusterUpdate.properties.desiredRbacBindingConfig.description
- schemas.RBACBindingConfig.description
- schemas.RBACBindingConfig.id
- schemas.RBACBindingConfig.properties.enableInsecureBindingSystemAuthenticated.description
- schemas.RBACBindingConfig.properties.enableInsecureBindingSystemAuthenticated.type
- schemas.RBACBindingConfig.properties.enableInsecureBindingSystemUnauthenticated.description
- schemas.RBACBindingConfig.properties.enableInsecureBindingSystemUnauthenticated.type
- schemas.RBACBindingConfig.type

The following keys were changed:
- schemas.MasterAuth.properties.clientCertificate.description

#### container:v1

The following keys were added:
- schemas.Cluster.properties.rbacBindingConfig.$ref
- schemas.Cluster.properties.rbacBindingConfig.description
- schemas.Cluster.properties.secretManagerConfig.$ref
- schemas.Cluster.properties.secretManagerConfig.description
- schemas.ClusterUpdate.properties.desiredRbacBindingConfig.$ref
- schemas.ClusterUpdate.properties.desiredRbacBindingConfig.description
- schemas.ClusterUpdate.properties.desiredSecretManagerConfig.$ref
- schemas.ClusterUpdate.properties.desiredSecretManagerConfig.description
- schemas.NodeConfig.properties.storagePools.description
- schemas.NodeConfig.properties.storagePools.items.type
- schemas.NodeConfig.properties.storagePools.type
- schemas.RBACBindingConfig.description
- schemas.RBACBindingConfig.id
- schemas.RBACBindingConfig.properties.enableInsecureBindingSystemAuthenticated.description
- schemas.RBACBindingConfig.properties.enableInsecureBindingSystemAuthenticated.type
- schemas.RBACBindingConfig.properties.enableInsecureBindingSystemUnauthenticated.description
- schemas.RBACBindingConfig.properties.enableInsecureBindingSystemUnauthenticated.type
- schemas.RBACBindingConfig.type
- schemas.SecretManagerConfig.description
- schemas.SecretManagerConfig.id
- schemas.SecretManagerConfig.properties.enabled.description
- schemas.SecretManagerConfig.properties.enabled.type
- schemas.SecretManagerConfig.type
- schemas.UpdateNodePoolRequest.properties.storagePools.description
- schemas.UpdateNodePoolRequest.properties.storagePools.items.type
- schemas.UpdateNodePoolRequest.properties.storagePools.type

The following keys were changed:
- schemas.MasterAuth.properties.clientCertificate.description

Author: yoshi-automation

discovery/container-v1.json

@@ -2540,7 +2540,7 @@
       }
     }
   },
-  "revision": "20240722",
+  "revision": "20240806",
   "rootUrl": "https://container.googleapis.com/",
   "schemas": {
     "AcceleratorConfig": {
@@ -3369,6 +3369,10 @@
           "$ref": "PrivateClusterConfig",
           "description": "Configuration for private cluster."
         },
+        "rbacBindingConfig": {
+          "$ref": "RBACBindingConfig",
+          "description": "RBACBindingConfig allows user to restrict ClusterRoleBindings an RoleBindings that can be created."
+        },
         "releaseChannel": {
           "$ref": "ReleaseChannel",
           "description": "Release channel configuration. If left unspecified on cluster creation and a version is specified, the cluster is enrolled in the most mature release channel where the version is available (first checking STABLE, then REGULAR, and finally RAPID). Otherwise, if no release channel configuration and no version is specified, the cluster is enrolled in the REGULAR channel with its default version."
@@ -3394,6 +3398,10 @@
           "readOnly": true,
           "type": "boolean"
         },
+        "secretManagerConfig": {
+          "$ref": "SecretManagerConfig",
+          "description": "Secret CSI driver configuration."
+        },
         "securityPostureConfig": {
           "$ref": "SecurityPostureConfig",
           "description": "Enable/Disable Security Posture API features for the cluster."
@@ -3752,6 +3760,10 @@
           ],
           "type": "string"
         },
+        "desiredRbacBindingConfig": {
+          "$ref": "RBACBindingConfig",
+          "description": "RBACBindingConfig allows user to restrict ClusterRoleBindings an RoleBindings that can be created."
+        },
         "desiredReleaseChannel": {
           "$ref": "ReleaseChannel",
           "description": "The desired release channel configuration."
@@ -3760,6 +3772,10 @@
           "$ref": "ResourceUsageExportConfig",
           "description": "The desired configuration for exporting resource usage."
         },
+        "desiredSecretManagerConfig": {
+          "$ref": "SecretManagerConfig",
+          "description": "Enable/Disable Secret Manager Config."
+        },
         "desiredSecurityPostureConfig": {
           "$ref": "SecurityPostureConfig",
           "description": "Enable/Disable Security Posture API features for the cluster."
@@ -4952,7 +4968,7 @@
       "id": "MasterAuth",
       "properties": {
         "clientCertificate": {
-          "description": "Output only. Base64-encoded public certificate used by clients to authenticate to the cluster endpoint.",
+          "description": "Output only. Base64-encoded public certificate used by clients to authenticate to the cluster endpoint. Issued only if client_certificate_config is set.",
           "readOnly": true,
           "type": "string"
         },
@@ -5482,6 +5498,13 @@
           "description": "Spot flag for enabling Spot VM, which is a rebrand of the existing preemptible flag.",
           "type": "boolean"
         },
+        "storagePools": {
+          "description": "List of Storage Pools where boot disks are provisioned.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
         "tags": {
           "description": "The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls and are specified by the client during cluster or node pool creation. Each tag within the list must comply with RFC1035.",
           "items": {
@@ -6301,6 +6324,21 @@
       },
       "type": "object"
     },
+    "RBACBindingConfig": {
+      "description": "RBACBindingConfig allows user to restrict ClusterRoleBindings an RoleBindings that can be created.",
+      "id": "RBACBindingConfig",
+      "properties": {
+        "enableInsecureBindingSystemAuthenticated": {
+          "description": "Setting this to true will allow any ClusterRoleBinding and RoleBinding with subjects system:authenticated.",
+          "type": "boolean"
+        },
+        "enableInsecureBindingSystemUnauthenticated": {
+          "description": "Setting this to true will allow any ClusterRoleBinding and RoleBinding with subjets system:anonymous or system:unauthenticated.",
+          "type": "boolean"
+        }
+      },
+      "type": "object"
+    },
     "RangeInfo": {
       "description": "RangeInfo contains the range name and the range utilization by this cluster.",
       "id": "RangeInfo",
@@ -6621,6 +6659,17 @@
       "properties": {},
       "type": "object"
     },
+    "SecretManagerConfig": {
+      "description": "SecretManagerConfig is config for secret manager enablement.",
+      "id": "SecretManagerConfig",
+      "properties": {
+        "enabled": {
+          "description": "Enable/Disable Secret Manager Config.",
+          "type": "boolean"
+        }
+      },
+      "type": "object"
+    },
     "SecurityBulletinEvent": {
       "description": "SecurityBulletinEvent is a notification sent to customers when a security bulletin has been posted that they are vulnerable to.",
       "id": "SecurityBulletinEvent",
@@ -7581,6 +7630,13 @@
           "$ref": "ResourceManagerTags",
           "description": "Desired resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Existing tags will be replaced with new values."
         },
+        "storagePools": {
+          "description": "List of Storage Pools where boot disks are provisioned. Existing Storage Pools will be replaced with storage-pools.",
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
         "tags": {
           "$ref": "NetworkTags",
           "description": "The desired network tags to be applied to all nodes in the node pool. If this field is not present, the tags will not be changed. Otherwise, the existing network tags will be *replaced* with the provided tags."

discovery/container-v1beta1.json

@@ -2565,7 +2565,7 @@
       }
     }
   },
-  "revision": "20240730",
+  "revision": "20240806",
   "rootUrl": "https://container.googleapis.com/",
   "schemas": {
     "AcceleratorConfig": {
@@ -3505,6 +3505,10 @@
           "deprecated": true,
           "description": "Deprecated: Use SecurityPostureConfig instead. Enable/Disable Protect API features for the cluster."
         },
+        "rbacBindingConfig": {
+          "$ref": "RBACBindingConfig",
+          "description": "RBACBindingConfig allows user to restrict ClusterRoleBindings an RoleBindings that can be created."
+        },
         "releaseChannel": {
           "$ref": "ReleaseChannel",
           "description": "Release channel configuration. If left unspecified on cluster creation and a version is specified, the cluster is enrolled in the most mature release channel where the version is available (first checking STABLE, then REGULAR, and finally RAPID). Otherwise, if no release channel configuration and no version is specified, the cluster is enrolled in the REGULAR channel with its default version."
@@ -3948,6 +3952,10 @@
           "deprecated": true,
           "description": "Deprecated: Use DesiredSecurityPostureConfig instead. Enable/Disable Protect API features for the cluster."
         },
+        "desiredRbacBindingConfig": {
+          "$ref": "RBACBindingConfig",
+          "description": "RBACBindingConfig allows user to restrict ClusterRoleBindings an RoleBindings that can be created."
+        },
         "desiredReleaseChannel": {
           "$ref": "ReleaseChannel",
           "description": "The desired release channel configuration."
@@ -5361,7 +5369,7 @@
       "id": "MasterAuth",
       "properties": {
         "clientCertificate": {
-          "description": "Output only. Base64-encoded public certificate used by clients to authenticate to the cluster endpoint.",
+          "description": "Output only. Base64-encoded public certificate used by clients to authenticate to the cluster endpoint. Issued only if client_certificate_config is set.",
           "readOnly": true,
           "type": "string"
         },
@@ -6829,6 +6837,21 @@
       },
       "type": "object"
     },
+    "RBACBindingConfig": {
+      "description": "RBACBindingConfig allows user to restrict ClusterRoleBindings an RoleBindings that can be created.",
+      "id": "RBACBindingConfig",
+      "properties": {
+        "enableInsecureBindingSystemAuthenticated": {
+          "description": "Setting this to true will allow any ClusterRoleBinding and RoleBinding with subjects system:authenticated.",
+          "type": "boolean"
+        },
+        "enableInsecureBindingSystemUnauthenticated": {
+          "description": "Setting this to true will allow any ClusterRoleBinding and RoleBinding with subjets system:anonymous or system:unauthenticated.",
+          "type": "boolean"
+        }
+      },
+      "type": "object"
+    },
     "RangeInfo": {
       "description": "RangeInfo contains the range name and the range utilization by this cluster.",
       "id": "RangeInfo",

src/apis/container/v1.ts

@@ -771,6 +771,10 @@ export namespace container_v1 {
      * Configuration for private cluster.
      */
     privateClusterConfig?: Schema$PrivateClusterConfig;
+    /**
+     * RBACBindingConfig allows user to restrict ClusterRoleBindings an RoleBindings that can be created.
+     */
+    rbacBindingConfig?: Schema$RBACBindingConfig;
     /**
      * Release channel configuration. If left unspecified on cluster creation and a version is specified, the cluster is enrolled in the most mature release channel where the version is available (first checking STABLE, then REGULAR, and finally RAPID). Otherwise, if no release channel configuration and no version is specified, the cluster is enrolled in the REGULAR channel with its default version.
      */
@@ -791,6 +795,10 @@ export namespace container_v1 {
      * Output only. Reserved for future use.
      */
     satisfiesPzs?: boolean | null;
+    /**
+     * Secret CSI driver configuration.
+     */
+    secretManagerConfig?: Schema$SecretManagerConfig;
     /**
      * Enable/Disable Security Posture API features for the cluster.
      */
@@ -1058,6 +1066,10 @@ export namespace container_v1 {
      * The desired state of IPv6 connectivity to Google Services.
      */
     desiredPrivateIpv6GoogleAccess?: string | null;
+    /**
+     * RBACBindingConfig allows user to restrict ClusterRoleBindings an RoleBindings that can be created.
+     */
+    desiredRbacBindingConfig?: Schema$RBACBindingConfig;
     /**
      * The desired release channel configuration.
      */
@@ -1066,6 +1078,10 @@ export namespace container_v1 {
      * The desired configuration for exporting resource usage.
      */
     desiredResourceUsageExportConfig?: Schema$ResourceUsageExportConfig;
+    /**
+     * Enable/Disable Secret Manager Config.
+     */
+    desiredSecretManagerConfig?: Schema$SecretManagerConfig;
     /**
      * Enable/Disable Security Posture API features for the cluster.
      */
@@ -1870,7 +1886,7 @@ export namespace container_v1 {
    */
   export interface Schema$MasterAuth {
     /**
-     * Output only. Base64-encoded public certificate used by clients to authenticate to the cluster endpoint.
+     * Output only. Base64-encoded public certificate used by clients to authenticate to the cluster endpoint. Issued only if client_certificate_config is set.
      */
     clientCertificate?: string | null;
     /**
@@ -2242,6 +2258,10 @@ export namespace container_v1 {
      * Spot flag for enabling Spot VM, which is a rebrand of the existing preemptible flag.
      */
     spot?: boolean | null;
+    /**
+     * List of Storage Pools where boot disks are provisioned.
+     */
+    storagePools?: string[] | null;
     /**
      * The list of instance tags applied to all nodes. Tags are used to identify valid sources or targets for network firewalls and are specified by the client during cluster or node pool creation. Each tag within the list must comply with RFC1035.
      */
@@ -2839,6 +2859,19 @@ export namespace container_v1 {
      */
     rayClusterMonitoringConfig?: Schema$RayClusterMonitoringConfig;
   }
+  /**
+   * RBACBindingConfig allows user to restrict ClusterRoleBindings an RoleBindings that can be created.
+   */
+  export interface Schema$RBACBindingConfig {
+    /**
+     * Setting this to true will allow any ClusterRoleBinding and RoleBinding with subjects system:authenticated.
+     */
+    enableInsecureBindingSystemAuthenticated?: boolean | null;
+    /**
+     * Setting this to true will allow any ClusterRoleBinding and RoleBinding with subjets system:anonymous or system:unauthenticated.
+     */
+    enableInsecureBindingSystemUnauthenticated?: boolean | null;
+  }
   /**
    * Represents an arbitrary window of time that recurs.
    */
@@ -3002,6 +3035,15 @@ export namespace container_v1 {
    * SecondaryBootDiskUpdateStrategy is a placeholder which will be extended in the future to define different options for updating secondary boot disks.
    */
   export interface Schema$SecondaryBootDiskUpdateStrategy {}
+  /**
+   * SecretManagerConfig is config for secret manager enablement.
+   */
+  export interface Schema$SecretManagerConfig {
+    /**
+     * Enable/Disable Secret Manager Config.
+     */
+    enabled?: boolean | null;
+  }
   /**
    * SecurityBulletinEvent is a notification sent to customers when a security bulletin has been posted that they are vulnerable to.
    */
@@ -3714,6 +3756,10 @@ export namespace container_v1 {
      * Desired resource manager tag keys and values to be attached to the nodes for managing Compute Engine firewalls using Network Firewall Policies. Existing tags will be replaced with new values.
      */
     resourceManagerTags?: Schema$ResourceManagerTags;
+    /**
+     * List of Storage Pools where boot disks are provisioned. Existing Storage Pools will be replaced with storage-pools.
+     */
+    storagePools?: string[] | null;
     /**
      * The desired network tags to be applied to all nodes in the node pool. If this field is not present, the tags will not be changed. Otherwise, the existing network tags will be *replaced* with the provided tags.
      */

src/apis/container/v1beta1.ts

@@ -849,6 +849,10 @@ export namespace container_v1beta1 {
      * Deprecated: Use SecurityPostureConfig instead. Enable/Disable Protect API features for the cluster.
      */
     protectConfig?: Schema$ProtectConfig;
+    /**
+     * RBACBindingConfig allows user to restrict ClusterRoleBindings an RoleBindings that can be created.
+     */
+    rbacBindingConfig?: Schema$RBACBindingConfig;
     /**
      * Release channel configuration. If left unspecified on cluster creation and a version is specified, the cluster is enrolled in the most mature release channel where the version is available (first checking STABLE, then REGULAR, and finally RAPID). Otherwise, if no release channel configuration and no version is specified, the cluster is enrolled in the REGULAR channel with its default version.
      */
@@ -1181,6 +1185,10 @@ export namespace container_v1beta1 {
      * Deprecated: Use DesiredSecurityPostureConfig instead. Enable/Disable Protect API features for the cluster.
      */
     desiredProtectConfig?: Schema$ProtectConfig;
+    /**
+     * RBACBindingConfig allows user to restrict ClusterRoleBindings an RoleBindings that can be created.
+     */
+    desiredRbacBindingConfig?: Schema$RBACBindingConfig;
     /**
      * The desired release channel configuration.
      */
@@ -2134,7 +2142,7 @@ export namespace container_v1beta1 {
    */
   export interface Schema$MasterAuth {
     /**
-     * Output only. Base64-encoded public certificate used by clients to authenticate to the cluster endpoint.
+     * Output only. Base64-encoded public certificate used by clients to authenticate to the cluster endpoint. Issued only if client_certificate_config is set.
      */
     clientCertificate?: string | null;
     /**
@@ -3171,6 +3179,19 @@ export namespace container_v1beta1 {
      */
     rayClusterMonitoringConfig?: Schema$RayClusterMonitoringConfig;
   }
+  /**
+   * RBACBindingConfig allows user to restrict ClusterRoleBindings an RoleBindings that can be created.
+   */
+  export interface Schema$RBACBindingConfig {
+    /**
+     * Setting this to true will allow any ClusterRoleBinding and RoleBinding with subjects system:authenticated.
+     */
+    enableInsecureBindingSystemAuthenticated?: boolean | null;
+    /**
+     * Setting this to true will allow any ClusterRoleBinding and RoleBinding with subjets system:anonymous or system:unauthenticated.
+     */
+    enableInsecureBindingSystemUnauthenticated?: boolean | null;
+  }
   /**
    * Represents an arbitrary window of time that recurs.
    */