feat: [cloudbuild] Add PrivateServiceConnect option to WorkerPool (#5770

)

* feat: Add PrivateServiceConnect option to WorkerPool

PiperOrigin-RevId: 690046730

Source-Link: googleapis/googleapis@48d30c4

Source-Link: googleapis/googleapis-gen@2e1af9f
Copy-Tag: eyJwIjoicGFja2FnZXMvZ29vZ2xlLWRldnRvb2xzLWNsb3VkYnVpbGQvLk93bEJvdC55YW1sIiwiaCI6IjJlMWFmOWYyMDRjYzJmMTNmMDdiY2ExZjUzZWQyZTIxNTFhOWM0OGQifQ==

* 🦉 Updates from OwlBot post-processor

See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md

---------

Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
Co-authored-by: sofisl <[email protected]>

packages/google-devtools-cloudbuild/protos/google/devtools/cloudbuild/v1/cloudbuild.proto

@@ -67,6 +67,10 @@ option (google.api.resource_definition) = {
   type: "pubsub.googleapis.com/Topic"
   pattern: "projects/{project}/topics/{topic}"
 };
+option (google.api.resource_definition) = {
+  type: "compute.googleapis.com/NetworkAttachment"
+  pattern: "projects/{project}/regions/{region}/networkAttachments/{networkattachment}"
+};
 option (google.api.resource_definition) = {
   type: "cloudbuild.googleapis.com/Repository"
   pattern: "projects/{project}/locations/{location}/connections/{connection}/repositories/{repository}"
@@ -2583,11 +2587,54 @@ message PrivatePoolV1Config {
         [(google.api.field_behavior) = IMMUTABLE];
   }
 
+  // Defines the Private Service Connect network configuration for the pool.
+  message PrivateServiceConnect {
+    // Required. Immutable. The network attachment that the worker network
+    // interface is peered to. Must be in the format
+    // `projects/{project}/regions/{region}/networkAttachments/{networkAttachment}`.
+    // The region of network attachment must be the same as the worker pool.
+    // See [Network
+    // Attachments](https://cloud.google.com/vpc/docs/about-network-attachments)
+    string network_attachment = 1 [
+      (google.api.field_behavior) = IMMUTABLE,
+      (google.api.field_behavior) = REQUIRED,
+      (google.api.resource_reference) = {
+        type: "compute.googleapis.com/NetworkAttachment"
+      }
+    ];
+
+    // Required. Immutable. Disable public IP on the primary network interface.
+    //
+    // If true, workers are created without any public address, which prevents
+    // network egress to public IPs unless a network proxy is configured.
+    // If false, workers are created with a public address which allows for
+    // public internet egress. The public address only applies to traffic
+    // through the primary network interface.
+    // If `route_all_traffic` is set to true, all traffic will go through the
+    // non-primary network interface, this boolean has no effect.
+    bool public_ip_address_disabled = 2 [
+      (google.api.field_behavior) = REQUIRED,
+      (google.api.field_behavior) = IMMUTABLE
+    ];
+
+    // Immutable. Route all traffic through PSC interface. Enable this if you
+    // want full control of traffic in the private pool. Configure Cloud NAT for
+    // the subnet of network attachment if you need to access public Internet.
+    //
+    // If false, Only route private IPs, e.g. 10.0.0.0/8, 172.16.0.0/12, and
+    // 192.168.0.0/16 through PSC interface.
+    bool route_all_traffic = 3 [(google.api.field_behavior) = IMMUTABLE];
+  }
+
   // Machine configuration for the workers in the pool.
   WorkerConfig worker_config = 1;
 
   // Network configuration for the pool.
   NetworkConfig network_config = 2;
+
+  // Immutable. Private Service Connect(PSC) Network configuration for the pool.
+  PrivateServiceConnect private_service_connect = 5
+      [(google.api.field_behavior) = IMMUTABLE];
 }
 
 // Request to create a new `WorkerPool`.