From 66411f57a74553e2dd3a2ed664deac5ca2a3cb07 Mon Sep 17 00:00:00 2001 From: Luca Prete Date: Thu, 11 Jan 2024 16:16:04 +0100 Subject: [PATCH 1/7] [#15779] Adds the new google_network_security_security_profile_group resource. --- .../networksecurity/SecurityProfileGroup.yaml | 121 ++++++++++++++++++ ...curity_security_profile_group_basic.tf.erb | 11 ++ ...ty_security_profile_group_operation.go.erb | 1 + ...ty_security_profile_group_operation.go.erb | 1 + ...ty_security_profile_group_operation.go.erb | 1 + ...ecurity_security_profile_group_test.go.erb | 95 ++++++++++++++ 6 files changed, 230 insertions(+) create mode 100644 mmv1/products/networksecurity/SecurityProfileGroup.yaml create mode 100644 mmv1/templates/terraform/examples/network_security_security_profile_group_basic.tf.erb create mode 100644 mmv1/templates/terraform/pre_create/network_security_security_profile_group_operation.go.erb create mode 100644 mmv1/templates/terraform/pre_delete/network_security_security_profile_group_operation.go.erb create mode 100644 mmv1/templates/terraform/pre_update/network_security_security_profile_group_operation.go.erb create mode 100644 mmv1/third_party/terraform/services/networksecurity/resource_network_security_security_profile_group_test.go.erb diff --git a/mmv1/products/networksecurity/SecurityProfileGroup.yaml b/mmv1/products/networksecurity/SecurityProfileGroup.yaml new file mode 100644 index 000000000000..e05361d482e7 --- /dev/null +++ b/mmv1/products/networksecurity/SecurityProfileGroup.yaml @@ -0,0 +1,121 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the 'License'); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an 'AS IS' BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'SecurityProfileGroup' +base_url: '{{parent}}/locations/{{location}}securityProfileGroups' +create_url: '{{parent}}/locations/{{location}}/securityProfileGroups?securityProfileGroupId={{name}}' +self_link: '{{parent}}/locations/{{location}}/securityProfileGroups/{{name}}' +min_version: beta +update_verb: :PATCH +update_mask: true +description: | + A security profile group defines a container for security profiles. +references: + !ruby/object:Api::Resource::ReferenceLinks + api: 'https://cloud.google.com/firewall/docs/reference/network-security/rest/v1beta1/organizations.locations.securityProfileGroups' + guides: + 'Security profile groups overview': 'https://cloud.google.com/firewall/docs/about-security-profile-groups' + 'Create and manage security profile groups': 'https://cloud.google.com/firewall/docs/configure-security-profile-groups' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + timeouts: !ruby/object:Api::Timeouts + insert_minutes: 30 + update_minutes: 30 + delete_minutes: 30 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' + include_project: true +autogen_async: true +import_format: ['{{%parent}}/locations/{{location}}/securityProfileGroups/{{name}}'] +examples: + - !ruby/object:Provider::Terraform::Examples + name: 'network_security_security_profile_group_basic' + primary_resource_id: 'default' + min_version: beta + vars: + resource_name: 'my-security-profile-group' + test_env_vars: + org_id: :ORG_ID +custom_code: + !ruby/object:Provider::Terraform::CustomCode # Calling custom operation that are different from other network security resources. + pre_create: templates/terraform/pre_create/network_security_security_profile_group_operation.go.erb + pre_update: templates/terraform/pre_update/network_security_security_profile_group_operation.go.erb + pre_delete: templates/terraform/pre_delete/network_security_security_profile_group_operation.go.erb +parameters: + - !ruby/object:Api::Type::String + name: 'name' + required: true + immutable: true + url_param_only: true + description: | + The name of the security profile group resource. + - !ruby/object:Api::Type::String + name: 'location' + default_value: 'global' + description: | + The location of the security profile group. + The default value is `global`. + url_param_only: true + - !ruby/object:Api::Type::String + name: 'parent' + description: | + The name of the parent this security profile group belongs to. + Format: organizations/{organization_id}. + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::String + name: 'selfLink' + description: | + Server-defined URL of this resource. + output: true + - !ruby/object:Api::Type::Time + name: 'createTime' + description: Time the security profile group was created in UTC. + output: true + - !ruby/object:Api::Type::Time + name: 'updateTime' + description: Time the security profile group was updated in UTC. + output: true + - !ruby/object:Api::Type::String + name: 'etag' + output: true + description: | + This checksum is computed by the server based on the value of other fields, + and may be sent on update and delete requests to ensure the client has an up-to-date + value before proceeding. + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of the profile. The Max length is 512 characters. + - !ruby/object:Api::Type::KeyValueLabels + name: 'labels' + description: | + A map of key/value label pairs to assign to the resource. + - !ruby/object:Api::Type::String + name: 'threatPreventionProfile' + description: | + Reference to a SecurityProfile with the threat prevention configuration for the SecurityProfileGroup. diff --git a/mmv1/templates/terraform/examples/network_security_security_profile_group_basic.tf.erb b/mmv1/templates/terraform/examples/network_security_security_profile_group_basic.tf.erb new file mode 100644 index 000000000000..ccbf6dd5c841 --- /dev/null +++ b/mmv1/templates/terraform/examples/network_security_security_profile_group_basic.tf.erb @@ -0,0 +1,11 @@ +resource "google_network_security_security_profile_group" "<%= ctx[:primary_resource_id] %>" { + provider = google-beta + name = "<%= ctx[:vars]['resource_name'] %>" + parent = "organizations/<%= ctx[:test_env_vars]['org_id'] %>" + description = "my description" + threat_prevention_profile = "my-security-profile" + + labels = { + foo = "bar" + } +} diff --git a/mmv1/templates/terraform/pre_create/network_security_security_profile_group_operation.go.erb b/mmv1/templates/terraform/pre_create/network_security_security_profile_group_operation.go.erb new file mode 100644 index 000000000000..2d51157b9cf2 --- /dev/null +++ b/mmv1/templates/terraform/pre_create/network_security_security_profile_group_operation.go.erb @@ -0,0 +1 @@ +project = "" diff --git a/mmv1/templates/terraform/pre_delete/network_security_security_profile_group_operation.go.erb b/mmv1/templates/terraform/pre_delete/network_security_security_profile_group_operation.go.erb new file mode 100644 index 000000000000..2d51157b9cf2 --- /dev/null +++ b/mmv1/templates/terraform/pre_delete/network_security_security_profile_group_operation.go.erb @@ -0,0 +1 @@ +project = "" diff --git a/mmv1/templates/terraform/pre_update/network_security_security_profile_group_operation.go.erb b/mmv1/templates/terraform/pre_update/network_security_security_profile_group_operation.go.erb new file mode 100644 index 000000000000..2d51157b9cf2 --- /dev/null +++ b/mmv1/templates/terraform/pre_update/network_security_security_profile_group_operation.go.erb @@ -0,0 +1 @@ +project = "" diff --git a/mmv1/third_party/terraform/services/networksecurity/resource_network_security_security_profile_group_test.go.erb b/mmv1/third_party/terraform/services/networksecurity/resource_network_security_security_profile_group_test.go.erb new file mode 100644 index 000000000000..1a2e87ecfb82 --- /dev/null +++ b/mmv1/third_party/terraform/services/networksecurity/resource_network_security_security_profile_group_test.go.erb @@ -0,0 +1,95 @@ +<% autogen_exception -%> +package networksecurity_test +<% unless version == 'ga' -%> + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-provider-google/google/acctest" + "github.com/hashicorp/terraform-provider-google/google/envvar" +) + +func TestAccNetworkSecuritySecurityProfileGroups_update(t *testing.T) { + t.Parallel() + + orgId := envvar.GetTestOrgFromEnv(t) + randomSuffix := acctest.RandString(t, 10) + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t), + CheckDestroy: testAccCheckNetworkSecuritySecurityProfileGroupDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccNetworkSecuritySecurityProfileGroups_basic(orgId, randomSuffix), + }, + { + ResourceName: "google_network_security_security_profile_group.foobar", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"labels", "terraform_labels"}, + }, + { + Config: testAccNetworkSecuritySecurityProfileGroups_update(orgId, randomSuffix), + }, + { + ResourceName: "google_network_security_security_profile_group.foobar", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"labels", "terraform_labels"}, + }, + }, + }) +} + +func testAccNetworkSecuritySecurityProfileGroups_basic(orgId string, randomSuffix string) string { + return fmt.Sprintf(` +resource "google_network_security_security_profile" "foobar" { + provider = google-beta + name = "tf-test-my-security-profile%s" + parent = "organizations/%s" + location = "global" +} + +resource "google_network_security_security_profile_group" "foobar" { + provider = google-beta + name = "tf-test-my-security-profile-group%s" + parent = "organizations/%s" + location = "global" + description = "My security profile group." + threat_prevention_profile = google_network_security_security_profile.foobar.id + + labels = { + foo = "bar" + } +} +`, randomSuffix, orgId, randomSuffix, orgId) +} + +func testAccNetworkSecuritySecurityProfileGroups_update(orgId string, randomSuffix string) string { + return fmt.Sprintf(` +resource "google_network_security_security_profile" "foobar_updated" { + provider = google-beta + name = "tf-test-my-security-profile-updated%s" + parent = "organizations/%s" + location = "global" +} + +resource "google_network_security_security_profile_group" "foobar" { + provider = google-beta + name = "tf-test-my-security-profile-group%s" + parent = "organizations/%s" + location = "global" + description = "My security profile group. Update" + threat_prevention_profile = google_network_security_security_profile.foobar_updated.id + + labels = { + foo = "foo" + } +} +`, randomSuffix, orgId, randomSuffix, orgId) +} + +<% end -%> From 39107ba53547c3fb881e955cef2ccf190205b29a Mon Sep 17 00:00:00 2001 From: Luca Prete Date: Fri, 12 Jan 2024 18:32:30 +0100 Subject: [PATCH 2/7] Removing unused fields from yaml --- .../networksecurity/SecurityProfileGroup.yaml | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/mmv1/products/networksecurity/SecurityProfileGroup.yaml b/mmv1/products/networksecurity/SecurityProfileGroup.yaml index e05361d482e7..dbf843123209 100644 --- a/mmv1/products/networksecurity/SecurityProfileGroup.yaml +++ b/mmv1/products/networksecurity/SecurityProfileGroup.yaml @@ -29,26 +29,7 @@ references: 'Create and manage security profile groups': 'https://cloud.google.com/firewall/docs/configure-security-profile-groups' async: !ruby/object:Api::OpAsync operation: !ruby/object:Api::OpAsync::Operation - path: 'name' base_url: '{{op_id}}' - wait_ms: 1000 - timeouts: !ruby/object:Api::Timeouts - insert_minutes: 30 - update_minutes: 30 - delete_minutes: 30 - result: !ruby/object:Api::OpAsync::Result - path: 'response' - status: !ruby/object:Api::OpAsync::Status - path: 'done' - complete: true - allowed: - - true - - false - error: !ruby/object:Api::OpAsync::Error - path: 'error' - message: 'message' - include_project: true -autogen_async: true import_format: ['{{%parent}}/locations/{{location}}/securityProfileGroups/{{name}}'] examples: - !ruby/object:Provider::Terraform::Examples From 30bdd3fd8602e3c15cf71b7bd8b857405f3da541 Mon Sep 17 00:00:00 2001 From: Luca Prete Date: Sat, 13 Jan 2024 11:09:30 +0100 Subject: [PATCH 3/7] Fixing tests --- mmv1/products/networksecurity/SecurityProfileGroup.yaml | 6 +----- ...network_security_security_profile_group_operation.go.erb | 1 - ...network_security_security_profile_group_operation.go.erb | 1 - ...network_security_security_profile_group_operation.go.erb | 1 - 4 files changed, 1 insertion(+), 8 deletions(-) delete mode 100644 mmv1/templates/terraform/pre_create/network_security_security_profile_group_operation.go.erb delete mode 100644 mmv1/templates/terraform/pre_delete/network_security_security_profile_group_operation.go.erb delete mode 100644 mmv1/templates/terraform/pre_update/network_security_security_profile_group_operation.go.erb diff --git a/mmv1/products/networksecurity/SecurityProfileGroup.yaml b/mmv1/products/networksecurity/SecurityProfileGroup.yaml index dbf843123209..17c503c5672e 100644 --- a/mmv1/products/networksecurity/SecurityProfileGroup.yaml +++ b/mmv1/products/networksecurity/SecurityProfileGroup.yaml @@ -30,6 +30,7 @@ references: async: !ruby/object:Api::OpAsync operation: !ruby/object:Api::OpAsync::Operation base_url: '{{op_id}}' + include_project: true import_format: ['{{%parent}}/locations/{{location}}/securityProfileGroups/{{name}}'] examples: - !ruby/object:Provider::Terraform::Examples @@ -40,11 +41,6 @@ examples: resource_name: 'my-security-profile-group' test_env_vars: org_id: :ORG_ID -custom_code: - !ruby/object:Provider::Terraform::CustomCode # Calling custom operation that are different from other network security resources. - pre_create: templates/terraform/pre_create/network_security_security_profile_group_operation.go.erb - pre_update: templates/terraform/pre_update/network_security_security_profile_group_operation.go.erb - pre_delete: templates/terraform/pre_delete/network_security_security_profile_group_operation.go.erb parameters: - !ruby/object:Api::Type::String name: 'name' diff --git a/mmv1/templates/terraform/pre_create/network_security_security_profile_group_operation.go.erb b/mmv1/templates/terraform/pre_create/network_security_security_profile_group_operation.go.erb deleted file mode 100644 index 2d51157b9cf2..000000000000 --- a/mmv1/templates/terraform/pre_create/network_security_security_profile_group_operation.go.erb +++ /dev/null @@ -1 +0,0 @@ -project = "" diff --git a/mmv1/templates/terraform/pre_delete/network_security_security_profile_group_operation.go.erb b/mmv1/templates/terraform/pre_delete/network_security_security_profile_group_operation.go.erb deleted file mode 100644 index 2d51157b9cf2..000000000000 --- a/mmv1/templates/terraform/pre_delete/network_security_security_profile_group_operation.go.erb +++ /dev/null @@ -1 +0,0 @@ -project = "" diff --git a/mmv1/templates/terraform/pre_update/network_security_security_profile_group_operation.go.erb b/mmv1/templates/terraform/pre_update/network_security_security_profile_group_operation.go.erb deleted file mode 100644 index 2d51157b9cf2..000000000000 --- a/mmv1/templates/terraform/pre_update/network_security_security_profile_group_operation.go.erb +++ /dev/null @@ -1 +0,0 @@ -project = "" From e3632b2eeb7b051fc32c5aee4dabb517e0fd9ae5 Mon Sep 17 00:00:00 2001 From: Luca Prete Date: Mon, 5 Feb 2024 17:40:43 +0100 Subject: [PATCH 4/7] Fixes --- ...ecurity_security_profile_group_test.go.erb | 24 +++++++++++++------ 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/mmv1/third_party/terraform/services/networksecurity/resource_network_security_security_profile_group_test.go.erb b/mmv1/third_party/terraform/services/networksecurity/resource_network_security_security_profile_group_test.go.erb index 1a2e87ecfb82..8e56deb5351d 100644 --- a/mmv1/third_party/terraform/services/networksecurity/resource_network_security_security_profile_group_test.go.erb +++ b/mmv1/third_party/terraform/services/networksecurity/resource_network_security_security_profile_group_test.go.erb @@ -47,16 +47,17 @@ func TestAccNetworkSecuritySecurityProfileGroups_update(t *testing.T) { func testAccNetworkSecuritySecurityProfileGroups_basic(orgId string, randomSuffix string) string { return fmt.Sprintf(` resource "google_network_security_security_profile" "foobar" { - provider = google-beta + provider = google-beta name = "tf-test-my-security-profile%s" - parent = "organizations/%s" + type = "THREAT_PREVENTION" + parent = "organizations/%s" location = "global" } resource "google_network_security_security_profile_group" "foobar" { provider = google-beta name = "tf-test-my-security-profile-group%s" - parent = "organizations/%s" + parent = "organizations/%s" location = "global" description = "My security profile group." threat_prevention_profile = google_network_security_security_profile.foobar.id @@ -70,10 +71,19 @@ resource "google_network_security_security_profile_group" "foobar" { func testAccNetworkSecuritySecurityProfileGroups_update(orgId string, randomSuffix string) string { return fmt.Sprintf(` +resource "google_network_security_security_profile" "foobar" { + provider = google-beta + name = "tf-test-my-security-profile%s" + type = "THREAT_PREVENTION" + parent = "organizations/%s" + location = "global" +} + resource "google_network_security_security_profile" "foobar_updated" { - provider = google-beta + provider = google-beta name = "tf-test-my-security-profile-updated%s" - parent = "organizations/%s" + type = "THREAT_PREVENTION" + parent = "organizations/%s" location = "global" } @@ -87,9 +97,9 @@ resource "google_network_security_security_profile_group" "foobar" { labels = { foo = "foo" - } + } } -`, randomSuffix, orgId, randomSuffix, orgId) +`, randomSuffix, orgId, randomSuffix, orgId, randomSuffix, orgId) } <% end -%> From 21bc3a12122038fe67f5e342bac916998d24ddea Mon Sep 17 00:00:00 2001 From: Luca Prete Date: Mon, 5 Feb 2024 21:12:26 +0100 Subject: [PATCH 5/7] Fix test example --- .../networksecurity/SecurityProfileGroup.yaml | 2 -- ...work_security_security_profile_group_basic.tf.erb | 12 ++++++++++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/mmv1/products/networksecurity/SecurityProfileGroup.yaml b/mmv1/products/networksecurity/SecurityProfileGroup.yaml index 17c503c5672e..78835a3dbffe 100644 --- a/mmv1/products/networksecurity/SecurityProfileGroup.yaml +++ b/mmv1/products/networksecurity/SecurityProfileGroup.yaml @@ -37,8 +37,6 @@ examples: name: 'network_security_security_profile_group_basic' primary_resource_id: 'default' min_version: beta - vars: - resource_name: 'my-security-profile-group' test_env_vars: org_id: :ORG_ID parameters: diff --git a/mmv1/templates/terraform/examples/network_security_security_profile_group_basic.tf.erb b/mmv1/templates/terraform/examples/network_security_security_profile_group_basic.tf.erb index ccbf6dd5c841..ffdf97d020fc 100644 --- a/mmv1/templates/terraform/examples/network_security_security_profile_group_basic.tf.erb +++ b/mmv1/templates/terraform/examples/network_security_security_profile_group_basic.tf.erb @@ -1,11 +1,19 @@ resource "google_network_security_security_profile_group" "<%= ctx[:primary_resource_id] %>" { provider = google-beta - name = "<%= ctx[:vars]['resource_name'] %>" + name = "my-security-profile-group" parent = "organizations/<%= ctx[:test_env_vars]['org_id'] %>" description = "my description" - threat_prevention_profile = "my-security-profile" + threat_prevention_profile = google_network_security_security_profile.security_profile.id labels = { foo = "bar" } } + +resource "google_network_security_security_profile" "security_profile" { + provider = google-beta + name = "my-security-profile" + type = "THREAT_PREVENTION" + parent = "organizations/<%= ctx[:test_env_vars]['org_id'] %>" + location = "global" +} From 0ea31baefbc7b9be5307ac1ab7b94506042e5d08 Mon Sep 17 00:00:00 2001 From: Luca Prete Date: Fri, 9 Feb 2024 14:20:10 +0100 Subject: [PATCH 6/7] Edits per melinath recommendations --- mmv1/products/networksecurity/SecurityProfileGroup.yaml | 8 +++----- .../network_security_security_profile_group_basic.tf.erb | 4 ++-- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/mmv1/products/networksecurity/SecurityProfileGroup.yaml b/mmv1/products/networksecurity/SecurityProfileGroup.yaml index 78835a3dbffe..8cced584b64a 100644 --- a/mmv1/products/networksecurity/SecurityProfileGroup.yaml +++ b/mmv1/products/networksecurity/SecurityProfileGroup.yaml @@ -39,6 +39,9 @@ examples: min_version: beta test_env_vars: org_id: :ORG_ID + vars: + security_profile_group_name: 'sec-profile-group' + security_profile_name: 'sec-profile' parameters: - !ruby/object:Api::Type::String name: 'name' @@ -62,11 +65,6 @@ parameters: immutable: true url_param_only: true properties: - - !ruby/object:Api::Type::String - name: 'selfLink' - description: | - Server-defined URL of this resource. - output: true - !ruby/object:Api::Type::Time name: 'createTime' description: Time the security profile group was created in UTC. diff --git a/mmv1/templates/terraform/examples/network_security_security_profile_group_basic.tf.erb b/mmv1/templates/terraform/examples/network_security_security_profile_group_basic.tf.erb index ffdf97d020fc..bfbca6c2c107 100644 --- a/mmv1/templates/terraform/examples/network_security_security_profile_group_basic.tf.erb +++ b/mmv1/templates/terraform/examples/network_security_security_profile_group_basic.tf.erb @@ -1,6 +1,6 @@ resource "google_network_security_security_profile_group" "<%= ctx[:primary_resource_id] %>" { provider = google-beta - name = "my-security-profile-group" + name = "<%= ctx[:vars]['security_profile_group_name'] %>" parent = "organizations/<%= ctx[:test_env_vars]['org_id'] %>" description = "my description" threat_prevention_profile = google_network_security_security_profile.security_profile.id @@ -12,7 +12,7 @@ resource "google_network_security_security_profile_group" "<%= ctx[:primary_reso resource "google_network_security_security_profile" "security_profile" { provider = google-beta - name = "my-security-profile" + name = "<%= ctx[:vars]['security_profile_name'] %>" type = "THREAT_PREVENTION" parent = "organizations/<%= ctx[:test_env_vars]['org_id'] %>" location = "global" From 8c45962ca2a94a655a870fc84dfc92fe8cbf81ea Mon Sep 17 00:00:00 2001 From: Luca Prete Date: Tue, 13 Feb 2024 15:19:35 +0100 Subject: [PATCH 7/7] Make location immutable --- mmv1/products/networksecurity/SecurityProfileGroup.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/mmv1/products/networksecurity/SecurityProfileGroup.yaml b/mmv1/products/networksecurity/SecurityProfileGroup.yaml index 8cced584b64a..4878950fe263 100644 --- a/mmv1/products/networksecurity/SecurityProfileGroup.yaml +++ b/mmv1/products/networksecurity/SecurityProfileGroup.yaml @@ -53,6 +53,7 @@ parameters: - !ruby/object:Api::Type::String name: 'location' default_value: 'global' + immutable: true description: | The location of the security profile group. The default value is `global`.