-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[#15779] Adds the google_network_security_security_profile_group reso…
…urce (#9802) * [#15779] Adds the new google_network_security_security_profile_group resource. * Removing unused fields from yaml * Fixing tests * Fixes * Fix test example * Edits per melinath recommendations * Make location immutable --------- Co-authored-by: Luca Prete <[email protected]>
- Loading branch information
Showing
3 changed files
with
219 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,95 @@ | ||
# Copyright 2024 Google Inc. | ||
# Licensed under the Apache License, Version 2.0 (the 'License'); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an 'AS IS' BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
--- !ruby/object:Api::Resource | ||
name: 'SecurityProfileGroup' | ||
base_url: '{{parent}}/locations/{{location}}securityProfileGroups' | ||
create_url: '{{parent}}/locations/{{location}}/securityProfileGroups?securityProfileGroupId={{name}}' | ||
self_link: '{{parent}}/locations/{{location}}/securityProfileGroups/{{name}}' | ||
min_version: beta | ||
update_verb: :PATCH | ||
update_mask: true | ||
description: | | ||
A security profile group defines a container for security profiles. | ||
references: | ||
!ruby/object:Api::Resource::ReferenceLinks | ||
api: 'https://cloud.google.com/firewall/docs/reference/network-security/rest/v1beta1/organizations.locations.securityProfileGroups' | ||
guides: | ||
'Security profile groups overview': 'https://cloud.google.com/firewall/docs/about-security-profile-groups' | ||
'Create and manage security profile groups': 'https://cloud.google.com/firewall/docs/configure-security-profile-groups' | ||
async: !ruby/object:Api::OpAsync | ||
operation: !ruby/object:Api::OpAsync::Operation | ||
base_url: '{{op_id}}' | ||
include_project: true | ||
import_format: ['{{%parent}}/locations/{{location}}/securityProfileGroups/{{name}}'] | ||
examples: | ||
- !ruby/object:Provider::Terraform::Examples | ||
name: 'network_security_security_profile_group_basic' | ||
primary_resource_id: 'default' | ||
min_version: beta | ||
test_env_vars: | ||
org_id: :ORG_ID | ||
vars: | ||
security_profile_group_name: 'sec-profile-group' | ||
security_profile_name: 'sec-profile' | ||
parameters: | ||
- !ruby/object:Api::Type::String | ||
name: 'name' | ||
required: true | ||
immutable: true | ||
url_param_only: true | ||
description: | | ||
The name of the security profile group resource. | ||
- !ruby/object:Api::Type::String | ||
name: 'location' | ||
default_value: 'global' | ||
immutable: true | ||
description: | | ||
The location of the security profile group. | ||
The default value is `global`. | ||
url_param_only: true | ||
- !ruby/object:Api::Type::String | ||
name: 'parent' | ||
description: | | ||
The name of the parent this security profile group belongs to. | ||
Format: organizations/{organization_id}. | ||
immutable: true | ||
url_param_only: true | ||
properties: | ||
- !ruby/object:Api::Type::Time | ||
name: 'createTime' | ||
description: Time the security profile group was created in UTC. | ||
output: true | ||
- !ruby/object:Api::Type::Time | ||
name: 'updateTime' | ||
description: Time the security profile group was updated in UTC. | ||
output: true | ||
- !ruby/object:Api::Type::String | ||
name: 'etag' | ||
output: true | ||
description: | | ||
This checksum is computed by the server based on the value of other fields, | ||
and may be sent on update and delete requests to ensure the client has an up-to-date | ||
value before proceeding. | ||
- !ruby/object:Api::Type::String | ||
name: 'description' | ||
description: | | ||
An optional description of the profile. The Max length is 512 characters. | ||
- !ruby/object:Api::Type::KeyValueLabels | ||
name: 'labels' | ||
description: | | ||
A map of key/value label pairs to assign to the resource. | ||
- !ruby/object:Api::Type::String | ||
name: 'threatPreventionProfile' | ||
description: | | ||
Reference to a SecurityProfile with the threat prevention configuration for the SecurityProfileGroup. |
19 changes: 19 additions & 0 deletions
19
mmv1/templates/terraform/examples/network_security_security_profile_group_basic.tf.erb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
resource "google_network_security_security_profile_group" "<%= ctx[:primary_resource_id] %>" { | ||
provider = google-beta | ||
name = "<%= ctx[:vars]['security_profile_group_name'] %>" | ||
parent = "organizations/<%= ctx[:test_env_vars]['org_id'] %>" | ||
description = "my description" | ||
threat_prevention_profile = google_network_security_security_profile.security_profile.id | ||
|
||
labels = { | ||
foo = "bar" | ||
} | ||
} | ||
|
||
resource "google_network_security_security_profile" "security_profile" { | ||
provider = google-beta | ||
name = "<%= ctx[:vars]['security_profile_name'] %>" | ||
type = "THREAT_PREVENTION" | ||
parent = "organizations/<%= ctx[:test_env_vars]['org_id'] %>" | ||
location = "global" | ||
} |
105 changes: 105 additions & 0 deletions
105
...orm/services/networksecurity/resource_network_security_security_profile_group_test.go.erb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,105 @@ | ||
<% autogen_exception -%> | ||
package networksecurity_test | ||
<% unless version == 'ga' -%> | ||
|
||
import ( | ||
"fmt" | ||
"testing" | ||
|
||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" | ||
"github.com/hashicorp/terraform-provider-google/google/acctest" | ||
"github.com/hashicorp/terraform-provider-google/google/envvar" | ||
) | ||
|
||
func TestAccNetworkSecuritySecurityProfileGroups_update(t *testing.T) { | ||
t.Parallel() | ||
|
||
orgId := envvar.GetTestOrgFromEnv(t) | ||
randomSuffix := acctest.RandString(t, 10) | ||
|
||
acctest.VcrTest(t, resource.TestCase{ | ||
PreCheck: func() { acctest.AccTestPreCheck(t) }, | ||
ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t), | ||
CheckDestroy: testAccCheckNetworkSecuritySecurityProfileGroupDestroyProducer(t), | ||
Steps: []resource.TestStep{ | ||
{ | ||
Config: testAccNetworkSecuritySecurityProfileGroups_basic(orgId, randomSuffix), | ||
}, | ||
{ | ||
ResourceName: "google_network_security_security_profile_group.foobar", | ||
ImportState: true, | ||
ImportStateVerify: true, | ||
ImportStateVerifyIgnore: []string{"labels", "terraform_labels"}, | ||
}, | ||
{ | ||
Config: testAccNetworkSecuritySecurityProfileGroups_update(orgId, randomSuffix), | ||
}, | ||
{ | ||
ResourceName: "google_network_security_security_profile_group.foobar", | ||
ImportState: true, | ||
ImportStateVerify: true, | ||
ImportStateVerifyIgnore: []string{"labels", "terraform_labels"}, | ||
}, | ||
}, | ||
}) | ||
} | ||
|
||
func testAccNetworkSecuritySecurityProfileGroups_basic(orgId string, randomSuffix string) string { | ||
return fmt.Sprintf(` | ||
resource "google_network_security_security_profile" "foobar" { | ||
provider = google-beta | ||
name = "tf-test-my-security-profile%s" | ||
type = "THREAT_PREVENTION" | ||
parent = "organizations/%s" | ||
location = "global" | ||
} | ||
|
||
resource "google_network_security_security_profile_group" "foobar" { | ||
provider = google-beta | ||
name = "tf-test-my-security-profile-group%s" | ||
parent = "organizations/%s" | ||
location = "global" | ||
description = "My security profile group." | ||
threat_prevention_profile = google_network_security_security_profile.foobar.id | ||
|
||
labels = { | ||
foo = "bar" | ||
} | ||
} | ||
`, randomSuffix, orgId, randomSuffix, orgId) | ||
} | ||
|
||
func testAccNetworkSecuritySecurityProfileGroups_update(orgId string, randomSuffix string) string { | ||
return fmt.Sprintf(` | ||
resource "google_network_security_security_profile" "foobar" { | ||
provider = google-beta | ||
name = "tf-test-my-security-profile%s" | ||
type = "THREAT_PREVENTION" | ||
parent = "organizations/%s" | ||
location = "global" | ||
} | ||
|
||
resource "google_network_security_security_profile" "foobar_updated" { | ||
provider = google-beta | ||
name = "tf-test-my-security-profile-updated%s" | ||
type = "THREAT_PREVENTION" | ||
parent = "organizations/%s" | ||
location = "global" | ||
} | ||
|
||
resource "google_network_security_security_profile_group" "foobar" { | ||
provider = google-beta | ||
name = "tf-test-my-security-profile-group%s" | ||
parent = "organizations/%s" | ||
location = "global" | ||
description = "My security profile group. Update" | ||
threat_prevention_profile = google_network_security_security_profile.foobar_updated.id | ||
|
||
labels = { | ||
foo = "foo" | ||
} | ||
} | ||
`, randomSuffix, orgId, randomSuffix, orgId, randomSuffix, orgId) | ||
} | ||
|
||
<% end -%> |