From 95b8437fc46772ebb83264a8cbdd983c8d222dfd Mon Sep 17 00:00:00 2001 From: The Magician Date: Mon, 9 Dec 2024 11:46:35 -0800 Subject: [PATCH] Add Intercept Deployment resource to Network Security. (#12521) (#8876) [upstream:a88f911620b211096e0b33d7a4a70cec11920c6a] Signed-off-by: Modular Magician --- .changelog/12521.txt | 3 + .../provider/provider_mmv1_resources.go | 5 +- ...e_network_security_intercept_deployment.go | 559 ++++++++++++++++++ ...y_intercept_deployment_generated_meta.yaml | 5 + ...ity_intercept_deployment_generated_test.go | 182 ++++++ ...k_security_intercept_deployment_sweeper.go | 143 +++++ ...ecurity_intercept_deployment.html.markdown | 215 +++++++ 7 files changed, 1110 insertions(+), 2 deletions(-) create mode 100644 .changelog/12521.txt create mode 100644 google-beta/services/networksecurity/resource_network_security_intercept_deployment.go create mode 100644 google-beta/services/networksecurity/resource_network_security_intercept_deployment_generated_meta.yaml create mode 100644 google-beta/services/networksecurity/resource_network_security_intercept_deployment_generated_test.go create mode 100644 google-beta/services/networksecurity/resource_network_security_intercept_deployment_sweeper.go create mode 100644 website/docs/r/network_security_intercept_deployment.html.markdown diff --git a/.changelog/12521.txt b/.changelog/12521.txt new file mode 100644 index 0000000000..6b589003de --- /dev/null +++ b/.changelog/12521.txt @@ -0,0 +1,3 @@ +```release-note:new-resource +`google_network_security_intercept_deployment` +``` \ No newline at end of file diff --git a/google-beta/provider/provider_mmv1_resources.go b/google-beta/provider/provider_mmv1_resources.go index 27b6b767ab..7a672784ff 100644 --- a/google-beta/provider/provider_mmv1_resources.go +++ b/google-beta/provider/provider_mmv1_resources.go @@ -509,9 +509,9 @@ var handwrittenIAMDatasources = map[string]*schema.Resource{ } // Resources -// Generated resources: 567 +// Generated resources: 568 // Generated IAM resources: 294 -// Total generated resources: 861 +// Total generated resources: 862 var generatedResources = map[string]*schema.Resource{ "google_folder_access_approval_settings": accessapproval.ResourceAccessApprovalFolderSettings(), "google_organization_access_approval_settings": accessapproval.ResourceAccessApprovalOrganizationSettings(), @@ -1143,6 +1143,7 @@ var generatedResources = map[string]*schema.Resource{ "google_network_security_firewall_endpoint_association": networksecurity.ResourceNetworkSecurityFirewallEndpointAssociation(), "google_network_security_gateway_security_policy": networksecurity.ResourceNetworkSecurityGatewaySecurityPolicy(), "google_network_security_gateway_security_policy_rule": networksecurity.ResourceNetworkSecurityGatewaySecurityPolicyRule(), + "google_network_security_intercept_deployment": networksecurity.ResourceNetworkSecurityInterceptDeployment(), "google_network_security_intercept_deployment_group": networksecurity.ResourceNetworkSecurityInterceptDeploymentGroup(), "google_network_security_mirroring_deployment": networksecurity.ResourceNetworkSecurityMirroringDeployment(), "google_network_security_mirroring_deployment_group": networksecurity.ResourceNetworkSecurityMirroringDeploymentGroup(), diff --git a/google-beta/services/networksecurity/resource_network_security_intercept_deployment.go b/google-beta/services/networksecurity/resource_network_security_intercept_deployment.go new file mode 100644 index 0000000000..1e54c0766a --- /dev/null +++ b/google-beta/services/networksecurity/resource_network_security_intercept_deployment.go @@ -0,0 +1,559 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package networksecurity + +import ( + "fmt" + "log" + "net/http" + "reflect" + "strings" + "time" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + + "github.com/hashicorp/terraform-provider-google-beta/google-beta/tpgresource" + transport_tpg "github.com/hashicorp/terraform-provider-google-beta/google-beta/transport" +) + +func ResourceNetworkSecurityInterceptDeployment() *schema.Resource { + return &schema.Resource{ + Create: resourceNetworkSecurityInterceptDeploymentCreate, + Read: resourceNetworkSecurityInterceptDeploymentRead, + Update: resourceNetworkSecurityInterceptDeploymentUpdate, + Delete: resourceNetworkSecurityInterceptDeploymentDelete, + + Importer: &schema.ResourceImporter{ + State: resourceNetworkSecurityInterceptDeploymentImport, + }, + + Timeouts: &schema.ResourceTimeout{ + Create: schema.DefaultTimeout(20 * time.Minute), + Update: schema.DefaultTimeout(20 * time.Minute), + Delete: schema.DefaultTimeout(20 * time.Minute), + }, + + CustomizeDiff: customdiff.All( + tpgresource.SetLabelsDiff, + tpgresource.DefaultProviderProject, + ), + + Schema: map[string]*schema.Schema{ + "forwarding_rule": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + Description: `Immutable. The regional load balancer which the intercepted traffic should be forwarded +to. Format is: +projects/{project}/regions/{region}/forwardingRules/{forwardingRule}`, + }, + "intercept_deployment_group": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + Description: `Immutable. The Intercept Deployment Group that this resource is part of. Format is: +'projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup}'`, + }, + "intercept_deployment_id": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + Description: `Id of the requesting object +If auto-generating Id server-side, remove this field and +intercept_deployment_id from the method_signature of Create RPC`, + }, + "location": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + Description: `Resource ID segment making up resource 'name'. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type 'networksecurity.googleapis.com/InterceptDeployment'.`, + }, + "labels": { + Type: schema.TypeMap, + Optional: true, + Description: `Optional. Labels as key value pairs + +**Note**: This field is non-authoritative, and will only manage the labels present in your configuration. +Please refer to the field 'effective_labels' for all of the labels present on the resource.`, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "create_time": { + Type: schema.TypeString, + Computed: true, + Description: `Create time stamp`, + }, + "effective_labels": { + Type: schema.TypeMap, + Computed: true, + Description: `All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.`, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "name": { + Type: schema.TypeString, + Computed: true, + Description: `Identifier. The name of the InterceptDeployment.`, + }, + "reconciling": { + Type: schema.TypeBool, + Computed: true, + Description: `Whether reconciling is in progress, recommended per +https://google.aip.dev/128.`, + }, + "state": { + Type: schema.TypeString, + Computed: true, + Description: `Current state of the deployment. + Possible values: + STATE_UNSPECIFIED +ACTIVE +CREATING +DELETING +OUT_OF_SYNC +DELETE_FAILED`, + }, + "terraform_labels": { + Type: schema.TypeMap, + Computed: true, + Description: `The combination of labels configured directly on the resource + and default labels configured on the provider.`, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + "update_time": { + Type: schema.TypeString, + Computed: true, + Description: `Update time stamp`, + }, + "project": { + Type: schema.TypeString, + Optional: true, + Computed: true, + ForceNew: true, + }, + }, + UseJSONNumber: true, + } +} + +func resourceNetworkSecurityInterceptDeploymentCreate(d *schema.ResourceData, meta interface{}) error { + config := meta.(*transport_tpg.Config) + userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent) + if err != nil { + return err + } + + obj := make(map[string]interface{}) + forwardingRuleProp, err := expandNetworkSecurityInterceptDeploymentForwardingRule(d.Get("forwarding_rule"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("forwarding_rule"); !tpgresource.IsEmptyValue(reflect.ValueOf(forwardingRuleProp)) && (ok || !reflect.DeepEqual(v, forwardingRuleProp)) { + obj["forwardingRule"] = forwardingRuleProp + } + interceptDeploymentGroupProp, err := expandNetworkSecurityInterceptDeploymentInterceptDeploymentGroup(d.Get("intercept_deployment_group"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("intercept_deployment_group"); !tpgresource.IsEmptyValue(reflect.ValueOf(interceptDeploymentGroupProp)) && (ok || !reflect.DeepEqual(v, interceptDeploymentGroupProp)) { + obj["interceptDeploymentGroup"] = interceptDeploymentGroupProp + } + labelsProp, err := expandNetworkSecurityInterceptDeploymentEffectiveLabels(d.Get("effective_labels"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("effective_labels"); !tpgresource.IsEmptyValue(reflect.ValueOf(labelsProp)) && (ok || !reflect.DeepEqual(v, labelsProp)) { + obj["labels"] = labelsProp + } + + url, err := tpgresource.ReplaceVars(d, config, "{{NetworkSecurityBasePath}}projects/{{project}}/locations/{{location}}/interceptDeployments?interceptDeploymentId={{intercept_deployment_id}}") + if err != nil { + return err + } + + log.Printf("[DEBUG] Creating new InterceptDeployment: %#v", obj) + billingProject := "" + + project, err := tpgresource.GetProject(d, config) + if err != nil { + return fmt.Errorf("Error fetching project for InterceptDeployment: %s", err) + } + billingProject = project + + // err == nil indicates that the billing_project value was found + if bp, err := tpgresource.GetBillingProject(d, config); err == nil { + billingProject = bp + } + + headers := make(http.Header) + res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{ + Config: config, + Method: "POST", + Project: billingProject, + RawURL: url, + UserAgent: userAgent, + Body: obj, + Timeout: d.Timeout(schema.TimeoutCreate), + Headers: headers, + }) + if err != nil { + return fmt.Errorf("Error creating InterceptDeployment: %s", err) + } + + // Store the ID now + id, err := tpgresource.ReplaceVars(d, config, "projects/{{project}}/locations/{{location}}/interceptDeployments/{{intercept_deployment_id}}") + if err != nil { + return fmt.Errorf("Error constructing id: %s", err) + } + d.SetId(id) + + // Use the resource in the operation response to populate + // identity fields and d.Id() before read + var opRes map[string]interface{} + err = NetworkSecurityOperationWaitTimeWithResponse( + config, res, &opRes, project, "Creating InterceptDeployment", userAgent, + d.Timeout(schema.TimeoutCreate)) + if err != nil { + // The resource didn't actually create + d.SetId("") + + return fmt.Errorf("Error waiting to create InterceptDeployment: %s", err) + } + + if err := d.Set("name", flattenNetworkSecurityInterceptDeploymentName(opRes["name"], d, config)); err != nil { + return err + } + + // This may have caused the ID to update - update it if so. + id, err = tpgresource.ReplaceVars(d, config, "projects/{{project}}/locations/{{location}}/interceptDeployments/{{intercept_deployment_id}}") + if err != nil { + return fmt.Errorf("Error constructing id: %s", err) + } + d.SetId(id) + + log.Printf("[DEBUG] Finished creating InterceptDeployment %q: %#v", d.Id(), res) + + return resourceNetworkSecurityInterceptDeploymentRead(d, meta) +} + +func resourceNetworkSecurityInterceptDeploymentRead(d *schema.ResourceData, meta interface{}) error { + config := meta.(*transport_tpg.Config) + userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent) + if err != nil { + return err + } + + url, err := tpgresource.ReplaceVars(d, config, "{{NetworkSecurityBasePath}}projects/{{project}}/locations/{{location}}/interceptDeployments/{{intercept_deployment_id}}") + if err != nil { + return err + } + + billingProject := "" + + project, err := tpgresource.GetProject(d, config) + if err != nil { + return fmt.Errorf("Error fetching project for InterceptDeployment: %s", err) + } + billingProject = project + + // err == nil indicates that the billing_project value was found + if bp, err := tpgresource.GetBillingProject(d, config); err == nil { + billingProject = bp + } + + headers := make(http.Header) + res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{ + Config: config, + Method: "GET", + Project: billingProject, + RawURL: url, + UserAgent: userAgent, + Headers: headers, + }) + if err != nil { + return transport_tpg.HandleNotFoundError(err, d, fmt.Sprintf("NetworkSecurityInterceptDeployment %q", d.Id())) + } + + if err := d.Set("project", project); err != nil { + return fmt.Errorf("Error reading InterceptDeployment: %s", err) + } + + if err := d.Set("name", flattenNetworkSecurityInterceptDeploymentName(res["name"], d, config)); err != nil { + return fmt.Errorf("Error reading InterceptDeployment: %s", err) + } + if err := d.Set("create_time", flattenNetworkSecurityInterceptDeploymentCreateTime(res["createTime"], d, config)); err != nil { + return fmt.Errorf("Error reading InterceptDeployment: %s", err) + } + if err := d.Set("update_time", flattenNetworkSecurityInterceptDeploymentUpdateTime(res["updateTime"], d, config)); err != nil { + return fmt.Errorf("Error reading InterceptDeployment: %s", err) + } + if err := d.Set("labels", flattenNetworkSecurityInterceptDeploymentLabels(res["labels"], d, config)); err != nil { + return fmt.Errorf("Error reading InterceptDeployment: %s", err) + } + if err := d.Set("forwarding_rule", flattenNetworkSecurityInterceptDeploymentForwardingRule(res["forwardingRule"], d, config)); err != nil { + return fmt.Errorf("Error reading InterceptDeployment: %s", err) + } + if err := d.Set("intercept_deployment_group", flattenNetworkSecurityInterceptDeploymentInterceptDeploymentGroup(res["interceptDeploymentGroup"], d, config)); err != nil { + return fmt.Errorf("Error reading InterceptDeployment: %s", err) + } + if err := d.Set("state", flattenNetworkSecurityInterceptDeploymentState(res["state"], d, config)); err != nil { + return fmt.Errorf("Error reading InterceptDeployment: %s", err) + } + if err := d.Set("reconciling", flattenNetworkSecurityInterceptDeploymentReconciling(res["reconciling"], d, config)); err != nil { + return fmt.Errorf("Error reading InterceptDeployment: %s", err) + } + if err := d.Set("terraform_labels", flattenNetworkSecurityInterceptDeploymentTerraformLabels(res["labels"], d, config)); err != nil { + return fmt.Errorf("Error reading InterceptDeployment: %s", err) + } + if err := d.Set("effective_labels", flattenNetworkSecurityInterceptDeploymentEffectiveLabels(res["labels"], d, config)); err != nil { + return fmt.Errorf("Error reading InterceptDeployment: %s", err) + } + + return nil +} + +func resourceNetworkSecurityInterceptDeploymentUpdate(d *schema.ResourceData, meta interface{}) error { + config := meta.(*transport_tpg.Config) + userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent) + if err != nil { + return err + } + + billingProject := "" + + project, err := tpgresource.GetProject(d, config) + if err != nil { + return fmt.Errorf("Error fetching project for InterceptDeployment: %s", err) + } + billingProject = project + + obj := make(map[string]interface{}) + labelsProp, err := expandNetworkSecurityInterceptDeploymentEffectiveLabels(d.Get("effective_labels"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("effective_labels"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, labelsProp)) { + obj["labels"] = labelsProp + } + + url, err := tpgresource.ReplaceVars(d, config, "{{NetworkSecurityBasePath}}projects/{{project}}/locations/{{location}}/interceptDeployments/{{intercept_deployment_id}}") + if err != nil { + return err + } + + log.Printf("[DEBUG] Updating InterceptDeployment %q: %#v", d.Id(), obj) + headers := make(http.Header) + updateMask := []string{} + + if d.HasChange("effective_labels") { + updateMask = append(updateMask, "labels") + } + // updateMask is a URL parameter but not present in the schema, so ReplaceVars + // won't set it + url, err = transport_tpg.AddQueryParams(url, map[string]string{"updateMask": strings.Join(updateMask, ",")}) + if err != nil { + return err + } + + // err == nil indicates that the billing_project value was found + if bp, err := tpgresource.GetBillingProject(d, config); err == nil { + billingProject = bp + } + + // if updateMask is empty we are not updating anything so skip the post + if len(updateMask) > 0 { + res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{ + Config: config, + Method: "PATCH", + Project: billingProject, + RawURL: url, + UserAgent: userAgent, + Body: obj, + Timeout: d.Timeout(schema.TimeoutUpdate), + Headers: headers, + }) + + if err != nil { + return fmt.Errorf("Error updating InterceptDeployment %q: %s", d.Id(), err) + } else { + log.Printf("[DEBUG] Finished updating InterceptDeployment %q: %#v", d.Id(), res) + } + + err = NetworkSecurityOperationWaitTime( + config, res, project, "Updating InterceptDeployment", userAgent, + d.Timeout(schema.TimeoutUpdate)) + + if err != nil { + return err + } + } + + return resourceNetworkSecurityInterceptDeploymentRead(d, meta) +} + +func resourceNetworkSecurityInterceptDeploymentDelete(d *schema.ResourceData, meta interface{}) error { + config := meta.(*transport_tpg.Config) + userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent) + if err != nil { + return err + } + + billingProject := "" + + project, err := tpgresource.GetProject(d, config) + if err != nil { + return fmt.Errorf("Error fetching project for InterceptDeployment: %s", err) + } + billingProject = project + + url, err := tpgresource.ReplaceVars(d, config, "{{NetworkSecurityBasePath}}projects/{{project}}/locations/{{location}}/interceptDeployments/{{intercept_deployment_id}}") + if err != nil { + return err + } + + var obj map[string]interface{} + + // err == nil indicates that the billing_project value was found + if bp, err := tpgresource.GetBillingProject(d, config); err == nil { + billingProject = bp + } + + headers := make(http.Header) + + log.Printf("[DEBUG] Deleting InterceptDeployment %q", d.Id()) + res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{ + Config: config, + Method: "DELETE", + Project: billingProject, + RawURL: url, + UserAgent: userAgent, + Body: obj, + Timeout: d.Timeout(schema.TimeoutDelete), + Headers: headers, + }) + if err != nil { + return transport_tpg.HandleNotFoundError(err, d, "InterceptDeployment") + } + + err = NetworkSecurityOperationWaitTime( + config, res, project, "Deleting InterceptDeployment", userAgent, + d.Timeout(schema.TimeoutDelete)) + + if err != nil { + return err + } + + log.Printf("[DEBUG] Finished deleting InterceptDeployment %q: %#v", d.Id(), res) + return nil +} + +func resourceNetworkSecurityInterceptDeploymentImport(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { + config := meta.(*transport_tpg.Config) + if err := tpgresource.ParseImportId([]string{ + "^projects/(?P[^/]+)/locations/(?P[^/]+)/interceptDeployments/(?P[^/]+)$", + "^(?P[^/]+)/(?P[^/]+)/(?P[^/]+)$", + "^(?P[^/]+)/(?P[^/]+)$", + }, d, config); err != nil { + return nil, err + } + + // Replace import id for the resource id + id, err := tpgresource.ReplaceVars(d, config, "projects/{{project}}/locations/{{location}}/interceptDeployments/{{intercept_deployment_id}}") + if err != nil { + return nil, fmt.Errorf("Error constructing id: %s", err) + } + d.SetId(id) + + return []*schema.ResourceData{d}, nil +} + +func flattenNetworkSecurityInterceptDeploymentName(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { + return v +} + +func flattenNetworkSecurityInterceptDeploymentCreateTime(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { + return v +} + +func flattenNetworkSecurityInterceptDeploymentUpdateTime(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { + return v +} + +func flattenNetworkSecurityInterceptDeploymentLabels(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { + if v == nil { + return v + } + + transformed := make(map[string]interface{}) + if l, ok := d.GetOkExists("labels"); ok { + for k := range l.(map[string]interface{}) { + transformed[k] = v.(map[string]interface{})[k] + } + } + + return transformed +} + +func flattenNetworkSecurityInterceptDeploymentForwardingRule(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { + return v +} + +func flattenNetworkSecurityInterceptDeploymentInterceptDeploymentGroup(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { + return v +} + +func flattenNetworkSecurityInterceptDeploymentState(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { + return v +} + +func flattenNetworkSecurityInterceptDeploymentReconciling(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { + return v +} + +func flattenNetworkSecurityInterceptDeploymentTerraformLabels(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { + if v == nil { + return v + } + + transformed := make(map[string]interface{}) + if l, ok := d.GetOkExists("terraform_labels"); ok { + for k := range l.(map[string]interface{}) { + transformed[k] = v.(map[string]interface{})[k] + } + } + + return transformed +} + +func flattenNetworkSecurityInterceptDeploymentEffectiveLabels(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { + return v +} + +func expandNetworkSecurityInterceptDeploymentForwardingRule(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + return v, nil +} + +func expandNetworkSecurityInterceptDeploymentInterceptDeploymentGroup(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + return v, nil +} + +func expandNetworkSecurityInterceptDeploymentEffectiveLabels(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (map[string]string, error) { + if v == nil { + return map[string]string{}, nil + } + m := make(map[string]string) + for k, val := range v.(map[string]interface{}) { + m[k] = val.(string) + } + return m, nil +} diff --git a/google-beta/services/networksecurity/resource_network_security_intercept_deployment_generated_meta.yaml b/google-beta/services/networksecurity/resource_network_security_intercept_deployment_generated_meta.yaml new file mode 100644 index 0000000000..fa73515890 --- /dev/null +++ b/google-beta/services/networksecurity/resource_network_security_intercept_deployment_generated_meta.yaml @@ -0,0 +1,5 @@ +resource: 'google_network_security_intercept_deployment' +generation_type: 'mmv1' +api_service_name: 'networksecurity.googleapis.com' +api_version: 'v1beta1' +api_resource_type_kind: 'InterceptDeployment' diff --git a/google-beta/services/networksecurity/resource_network_security_intercept_deployment_generated_test.go b/google-beta/services/networksecurity/resource_network_security_intercept_deployment_generated_test.go new file mode 100644 index 0000000000..1a127d9b24 --- /dev/null +++ b/google-beta/services/networksecurity/resource_network_security_intercept_deployment_generated_test.go @@ -0,0 +1,182 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 +package networksecurity_test + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-testing/helper/resource" + "github.com/hashicorp/terraform-plugin-testing/plancheck" + + "github.com/hashicorp/terraform-provider-google-beta/google-beta/acctest" +) + +func TestAccNetworkSecurityInterceptDeployment_update(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": acctest.RandString(t, 10), + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t), + Steps: []resource.TestStep{ + { + Config: testAccNetworkSecurityInterceptDeployment_basic(context), + }, + { + ResourceName: "google_network_security_intercept_deployment.default", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"labels", "terraform_labels"}, + }, + { + Config: testAccNetworkSecurityInterceptDeployment_update(context), + ConfigPlanChecks: resource.ConfigPlanChecks{ + PreApply: []plancheck.PlanCheck{ + plancheck.ExpectResourceAction("google_network_security_intercept_deployment.default", plancheck.ResourceActionUpdate), + }, + }, + }, + { + ResourceName: "google_network_security_intercept_deployment.default", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"update_time", "labels", "terraform_labels"}, + }, + }, + }) +} + +func testAccNetworkSecurityInterceptDeployment_basic(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_compute_network" "network" { + provider = google-beta + name = "tf-test-example-network%{random_suffix}" + auto_create_subnetworks = false +} + +resource "google_compute_subnetwork" "subnetwork" { + provider = google-beta + name = "tf-test-example-subnet%{random_suffix}" + region = "us-central1" + ip_cidr_range = "10.1.0.0/16" + network = google_compute_network.network.name +} + +resource "google_compute_region_health_check" "health_check" { + provider = google-beta + name = "tf-test-example-hc%{random_suffix}" + region = "us-central1" + http_health_check { + port = 80 + } +} + +resource "google_compute_region_backend_service" "backend_service" { + provider = google-beta + name = "tf-test-example-bs%{random_suffix}" + region = "us-central1" + health_checks = [google_compute_region_health_check.health_check.id] + protocol = "UDP" + load_balancing_scheme = "INTERNAL" +} + +resource "google_compute_forwarding_rule" "forwarding_rule" { + provider = google-beta + name = "tf-test-example-fwr%{random_suffix}" + region = "us-central1" + network = google_compute_network.network.name + subnetwork = google_compute_subnetwork.subnetwork.name + backend_service = google_compute_region_backend_service.backend_service.id + load_balancing_scheme = "INTERNAL" + ports = [6081] + ip_protocol = "UDP" +} + +resource "google_network_security_intercept_deployment_group" "deployment_group" { + provider = google-beta + intercept_deployment_group_id = "tf-test-example-dg%{random_suffix}" + location = "global" + network = google_compute_network.network.id +} + +resource "google_network_security_intercept_deployment" "default" { + provider = google-beta + intercept_deployment_id = "tf-test-example-deployment%{random_suffix}" + location = "us-central1-a" + forwarding_rule = google_compute_forwarding_rule.forwarding_rule.id + intercept_deployment_group = google_network_security_intercept_deployment_group.deployment_group.id + labels = { + foo = "bar" + } +} +`, context) +} + +func testAccNetworkSecurityInterceptDeployment_update(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_compute_network" "network" { + provider = google-beta + name = "tf-test-example-network%{random_suffix}" + auto_create_subnetworks = false +} + +resource "google_compute_subnetwork" "subnetwork" { + provider = google-beta + name = "tf-test-example-subnet%{random_suffix}" + region = "us-central1" + ip_cidr_range = "10.1.0.0/16" + network = google_compute_network.network.name +} + +resource "google_compute_region_health_check" "health_check" { + provider = google-beta + name = "tf-test-example-hc%{random_suffix}" + region = "us-central1" + http_health_check { + port = 80 + } +} + +resource "google_compute_region_backend_service" "backend_service" { + provider = google-beta + name = "tf-test-example-bs%{random_suffix}" + region = "us-central1" + health_checks = [google_compute_region_health_check.health_check.id] + protocol = "UDP" + load_balancing_scheme = "INTERNAL" +} + +resource "google_compute_forwarding_rule" "forwarding_rule" { + provider = google-beta + name = "tf-test-example-fwr%{random_suffix}" + region = "us-central1" + network = google_compute_network.network.name + subnetwork = google_compute_subnetwork.subnetwork.name + backend_service = google_compute_region_backend_service.backend_service.id + load_balancing_scheme = "INTERNAL" + ports = [6081] + ip_protocol = "UDP" +} + +resource "google_network_security_intercept_deployment_group" "deployment_group" { + provider = google-beta + intercept_deployment_group_id = "tf-test-example-dg%{random_suffix}" + location = "global" + network = google_compute_network.network.id +} + +resource "google_network_security_intercept_deployment" "default" { + provider = google-beta + intercept_deployment_id = "tf-test-example-deployment%{random_suffix}" + location = "us-central1-a" + forwarding_rule = google_compute_forwarding_rule.forwarding_rule.id + intercept_deployment_group = google_network_security_intercept_deployment_group.deployment_group.id + labels = { + foo = "goo" + } +} +`, context) +} diff --git a/google-beta/services/networksecurity/resource_network_security_intercept_deployment_sweeper.go b/google-beta/services/networksecurity/resource_network_security_intercept_deployment_sweeper.go new file mode 100644 index 0000000000..7d1daaf110 --- /dev/null +++ b/google-beta/services/networksecurity/resource_network_security_intercept_deployment_sweeper.go @@ -0,0 +1,143 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package networksecurity + +import ( + "context" + "log" + "strings" + "testing" + + "github.com/hashicorp/terraform-provider-google-beta/google-beta/envvar" + "github.com/hashicorp/terraform-provider-google-beta/google-beta/sweeper" + "github.com/hashicorp/terraform-provider-google-beta/google-beta/tpgresource" + transport_tpg "github.com/hashicorp/terraform-provider-google-beta/google-beta/transport" +) + +func init() { + sweeper.AddTestSweepers("NetworkSecurityInterceptDeployment", testSweepNetworkSecurityInterceptDeployment) +} + +// At the time of writing, the CI only passes us-central1 as the region +func testSweepNetworkSecurityInterceptDeployment(region string) error { + resourceName := "NetworkSecurityInterceptDeployment" + log.Printf("[INFO][SWEEPER_LOG] Starting sweeper for %s", resourceName) + + config, err := sweeper.SharedConfigForRegion(region) + if err != nil { + log.Printf("[INFO][SWEEPER_LOG] error getting shared config for region: %s", err) + return err + } + + err = config.LoadAndValidate(context.Background()) + if err != nil { + log.Printf("[INFO][SWEEPER_LOG] error loading: %s", err) + return err + } + + t := &testing.T{} + billingId := envvar.GetTestBillingAccountFromEnv(t) + + // Setup variables to replace in list template + d := &tpgresource.ResourceDataMock{ + FieldsInSchema: map[string]interface{}{ + "project": config.Project, + "region": region, + "location": region, + "zone": "-", + "billing_account": billingId, + }, + } + + listTemplate := strings.Split("https://networksecurity.googleapis.com/v1beta1/projects/{{project}}/locations/{{location}}/interceptDeployments", "?")[0] + listUrl, err := tpgresource.ReplaceVars(d, config, listTemplate) + if err != nil { + log.Printf("[INFO][SWEEPER_LOG] error preparing sweeper list url: %s", err) + return nil + } + + res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{ + Config: config, + Method: "GET", + Project: config.Project, + RawURL: listUrl, + UserAgent: config.UserAgent, + }) + if err != nil { + log.Printf("[INFO][SWEEPER_LOG] Error in response from request %s: %s", listUrl, err) + return nil + } + + resourceList, ok := res["interceptDeployments"] + if !ok { + log.Printf("[INFO][SWEEPER_LOG] Nothing found in response.") + return nil + } + + rl := resourceList.([]interface{}) + + log.Printf("[INFO][SWEEPER_LOG] Found %d items in %s list response.", len(rl), resourceName) + // Keep count of items that aren't sweepable for logging. + nonPrefixCount := 0 + for _, ri := range rl { + obj := ri.(map[string]interface{}) + var name string + // Id detected in the delete URL, attempt to use id. + if obj["id"] != nil { + name = tpgresource.GetResourceNameFromSelfLink(obj["id"].(string)) + } else if obj["name"] != nil { + name = tpgresource.GetResourceNameFromSelfLink(obj["name"].(string)) + } else { + log.Printf("[INFO][SWEEPER_LOG] %s resource name and id were nil", resourceName) + return nil + } + // Skip resources that shouldn't be sweeped + if !sweeper.IsSweepableTestResource(name) { + nonPrefixCount++ + continue + } + + deleteTemplate := "https://networksecurity.googleapis.com/v1beta1/projects/{{project}}/locations/{{location}}/interceptDeployments/{{intercept_deployment_id}}" + deleteUrl, err := tpgresource.ReplaceVars(d, config, deleteTemplate) + if err != nil { + log.Printf("[INFO][SWEEPER_LOG] error preparing delete url: %s", err) + return nil + } + deleteUrl = deleteUrl + name + + // Don't wait on operations as we may have a lot to delete + _, err = transport_tpg.SendRequest(transport_tpg.SendRequestOptions{ + Config: config, + Method: "DELETE", + Project: config.Project, + RawURL: deleteUrl, + UserAgent: config.UserAgent, + }) + if err != nil { + log.Printf("[INFO][SWEEPER_LOG] Error deleting for url %s : %s", deleteUrl, err) + } else { + log.Printf("[INFO][SWEEPER_LOG] Sent delete request for %s resource: %s", resourceName, name) + } + } + + if nonPrefixCount > 0 { + log.Printf("[INFO][SWEEPER_LOG] %d items were non-sweepable and skipped.", nonPrefixCount) + } + + return nil +} diff --git a/website/docs/r/network_security_intercept_deployment.html.markdown b/website/docs/r/network_security_intercept_deployment.html.markdown new file mode 100644 index 0000000000..23775eebf3 --- /dev/null +++ b/website/docs/r/network_security_intercept_deployment.html.markdown @@ -0,0 +1,215 @@ +--- +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in +# .github/CONTRIBUTING.md. +# +# ---------------------------------------------------------------------------- +subcategory: "Network security" +description: |- + InterceptDeployment represents the collectors within a Zone and is associated with a deployment group. +--- + +# google_network_security_intercept_deployment + +InterceptDeployment represents the collectors within a Zone and is associated with a deployment group. + +~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider. +See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources. + + +
+ + Open in Cloud Shell + +
+## Example Usage - Network Security Intercept Deployment Basic + + +```hcl +resource "google_compute_network" "network" { + provider = google-beta + name = "example-network" + auto_create_subnetworks = false +} + +resource "google_compute_subnetwork" "subnetwork" { + provider = google-beta + name = "example-subnet" + region = "us-central1" + ip_cidr_range = "10.1.0.0/16" + network = google_compute_network.network.name +} + +resource "google_compute_region_health_check" "health_check" { + provider = google-beta + name = "example-hc" + region = "us-central1" + http_health_check { + port = 80 + } +} + +resource "google_compute_region_backend_service" "backend_service" { + provider = google-beta + name = "example-bs" + region = "us-central1" + health_checks = [google_compute_region_health_check.health_check.id] + protocol = "UDP" + load_balancing_scheme = "INTERNAL" +} + +resource "google_compute_forwarding_rule" "forwarding_rule" { + provider = google-beta + name = "example-fwr" + region = "us-central1" + network = google_compute_network.network.name + subnetwork = google_compute_subnetwork.subnetwork.name + backend_service = google_compute_region_backend_service.backend_service.id + load_balancing_scheme = "INTERNAL" + ports = [6081] + ip_protocol = "UDP" +} + +resource "google_network_security_intercept_deployment_group" "deployment_group" { + provider = google-beta + intercept_deployment_group_id = "example-dg" + location = "global" + network = google_compute_network.network.id +} + +resource "google_network_security_intercept_deployment" "default" { + provider = google-beta + intercept_deployment_id = "example-deployment" + location = "us-central1-a" + forwarding_rule = google_compute_forwarding_rule.forwarding_rule.id + intercept_deployment_group = google_network_security_intercept_deployment_group.deployment_group.id + labels = { + foo = "bar" + } +} +``` + +## Argument Reference + +The following arguments are supported: + + +* `forwarding_rule` - + (Required) + Immutable. The regional load balancer which the intercepted traffic should be forwarded + to. Format is: + projects/{project}/regions/{region}/forwardingRules/{forwardingRule} + +* `intercept_deployment_group` - + (Required) + Immutable. The Intercept Deployment Group that this resource is part of. Format is: + `projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup}` + +* `location` - + (Required) + Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeployment`. + +* `intercept_deployment_id` - + (Required) + Id of the requesting object + If auto-generating Id server-side, remove this field and + intercept_deployment_id from the method_signature of Create RPC + + +- - - + + +* `labels` - + (Optional) + Optional. Labels as key value pairs + **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field `effective_labels` for all of the labels present on the resource. + +* `project` - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + + +## Attributes Reference + +In addition to the arguments listed above, the following computed attributes are exported: + +* `id` - an identifier for the resource with format `projects/{{project}}/locations/{{location}}/interceptDeployments/{{intercept_deployment_id}}` + +* `name` - + Identifier. The name of the InterceptDeployment. + +* `create_time` - + Create time stamp + +* `update_time` - + Update time stamp + +* `state` - + Current state of the deployment. + Possible values: + STATE_UNSPECIFIED + ACTIVE + CREATING + DELETING + OUT_OF_SYNC + DELETE_FAILED + +* `reconciling` - + Whether reconciling is in progress, recommended per + https://google.aip.dev/128. + +* `terraform_labels` - + The combination of labels configured directly on the resource + and default labels configured on the provider. + +* `effective_labels` - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + + +## Timeouts + +This resource provides the following +[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options: + +- `create` - Default is 20 minutes. +- `update` - Default is 20 minutes. +- `delete` - Default is 20 minutes. + +## Import + + +InterceptDeployment can be imported using any of these accepted formats: + +* `projects/{{project}}/locations/{{location}}/interceptDeployments/{{intercept_deployment_id}}` +* `{{project}}/{{location}}/{{intercept_deployment_id}}` +* `{{location}}/{{intercept_deployment_id}}` + + +In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import InterceptDeployment using one of the formats above. For example: + +```tf +import { + id = "projects/{{project}}/locations/{{location}}/interceptDeployments/{{intercept_deployment_id}}" + to = google_network_security_intercept_deployment.default +} +``` + +When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), InterceptDeployment can be imported using one of the formats above. For example: + +``` +$ terraform import google_network_security_intercept_deployment.default projects/{{project}}/locations/{{location}}/interceptDeployments/{{intercept_deployment_id}} +$ terraform import google_network_security_intercept_deployment.default {{project}}/{{location}}/{{intercept_deployment_id}} +$ terraform import google_network_security_intercept_deployment.default {{location}}/{{intercept_deployment_id}} +``` + +## User Project Overrides + +This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).