diff --git a/.changelog/11059.txt b/.changelog/11059.txt new file mode 100644 index 0000000000..2e1b28de1d --- /dev/null +++ b/.changelog/11059.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +networksecurity: added `purpose` field to `google_network_security_address_group` resource (beta only) +``` \ No newline at end of file diff --git a/google-beta/services/networksecurity/resource_network_security_address_group.go b/google-beta/services/networksecurity/resource_network_security_address_group.go index 256d1fffa2..367f59b506 100644 --- a/google-beta/services/networksecurity/resource_network_security_address_group.go +++ b/google-beta/services/networksecurity/resource_network_security_address_group.go @@ -107,6 +107,15 @@ Please refer to the field 'effective_labels' for all of the labels present on th ForceNew: true, Description: `The name of the parent this address group belongs to. Format: organizations/{organization_id} or projects/{project_id}.`, }, + "purpose": { + Type: schema.TypeList, + Optional: true, + Description: `List of supported purposes of the Address Group. Possible values: ["DEFAULT", "CLOUD_ARMOR"]`, + Elem: &schema.Schema{ + Type: schema.TypeString, + ValidateFunc: verify.ValidateEnum([]string{"DEFAULT", "CLOUD_ARMOR"}), + }, + }, "create_time": { Type: schema.TypeString, Computed: true, @@ -172,6 +181,12 @@ func resourceNetworkSecurityAddressGroupCreate(d *schema.ResourceData, meta inte } else if v, ok := d.GetOkExists("capacity"); !tpgresource.IsEmptyValue(reflect.ValueOf(capacityProp)) && (ok || !reflect.DeepEqual(v, capacityProp)) { obj["capacity"] = capacityProp } + purposeProp, err := expandNetworkSecurityAddressGroupPurpose(d.Get("purpose"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("purpose"); !tpgresource.IsEmptyValue(reflect.ValueOf(purposeProp)) && (ok || !reflect.DeepEqual(v, purposeProp)) { + obj["purpose"] = purposeProp + } labelsProp, err := expandNetworkSecurityAddressGroupEffectiveLabels(d.Get("effective_labels"), d, config) if err != nil { return err @@ -282,6 +297,9 @@ func resourceNetworkSecurityAddressGroupRead(d *schema.ResourceData, meta interf if err := d.Set("capacity", flattenNetworkSecurityAddressGroupCapacity(res["capacity"], d, config)); err != nil { return fmt.Errorf("Error reading AddressGroup: %s", err) } + if err := d.Set("purpose", flattenNetworkSecurityAddressGroupPurpose(res["purpose"], d, config)); err != nil { + return fmt.Errorf("Error reading AddressGroup: %s", err) + } if err := d.Set("terraform_labels", flattenNetworkSecurityAddressGroupTerraformLabels(res["labels"], d, config)); err != nil { return fmt.Errorf("Error reading AddressGroup: %s", err) } @@ -327,6 +345,12 @@ func resourceNetworkSecurityAddressGroupUpdate(d *schema.ResourceData, meta inte } else if v, ok := d.GetOkExists("capacity"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, capacityProp)) { obj["capacity"] = capacityProp } + purposeProp, err := expandNetworkSecurityAddressGroupPurpose(d.Get("purpose"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("purpose"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, purposeProp)) { + obj["purpose"] = purposeProp + } labelsProp, err := expandNetworkSecurityAddressGroupEffectiveLabels(d.Get("effective_labels"), d, config) if err != nil { return err @@ -359,6 +383,10 @@ func resourceNetworkSecurityAddressGroupUpdate(d *schema.ResourceData, meta inte updateMask = append(updateMask, "capacity") } + if d.HasChange("purpose") { + updateMask = append(updateMask, "purpose") + } + if d.HasChange("effective_labels") { updateMask = append(updateMask, "labels") } @@ -526,6 +554,10 @@ func flattenNetworkSecurityAddressGroupCapacity(v interface{}, d *schema.Resourc return v // let terraform core handle it otherwise } +func flattenNetworkSecurityAddressGroupPurpose(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { + return v +} + func flattenNetworkSecurityAddressGroupTerraformLabels(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { if v == nil { return v @@ -561,6 +593,10 @@ func expandNetworkSecurityAddressGroupCapacity(v interface{}, d tpgresource.Terr return v, nil } +func expandNetworkSecurityAddressGroupPurpose(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + return v, nil +} + func expandNetworkSecurityAddressGroupEffectiveLabels(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (map[string]string, error) { if v == nil { return map[string]string{}, nil diff --git a/google-beta/services/networksecurity/resource_network_security_address_group_generated_test.go b/google-beta/services/networksecurity/resource_network_security_address_group_generated_test.go index e41098d95d..30b28cd5de 100644 --- a/google-beta/services/networksecurity/resource_network_security_address_group_generated_test.go +++ b/google-beta/services/networksecurity/resource_network_security_address_group_generated_test.go @@ -149,6 +149,47 @@ resource "google_network_security_address_group" "default" { `, context) } +func TestAccNetworkSecurityAddressGroup_networkSecurityAddressGroupsCloudArmorExample(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "project": envvar.GetTestProjectFromEnv(), + "random_suffix": acctest.RandString(t, 10), + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t), + CheckDestroy: testAccCheckNetworkSecurityAddressGroupDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccNetworkSecurityAddressGroup_networkSecurityAddressGroupsCloudArmorExample(context), + }, + { + ResourceName: "google_network_security_address_group.default", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"labels", "location", "name", "parent", "terraform_labels"}, + }, + }, + }) +} + +func testAccNetworkSecurityAddressGroup_networkSecurityAddressGroupsCloudArmorExample(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_network_security_address_group" "default" { + provider = google-beta + name = "tf-test-my-address-groups%{random_suffix}" + parent = "projects/%{project}" + location = "global" + type = "IPV4" + capacity = "100" + purpose = ["CLOUD_ARMOR"] + items = ["208.80.154.224/32"] +} +`, context) +} + func testAccCheckNetworkSecurityAddressGroupDestroyProducer(t *testing.T) func(s *terraform.State) error { return func(s *terraform.State) error { for name, rs := range s.RootModule().Resources { diff --git a/website/docs/r/network_security_address_group.html.markdown b/website/docs/r/network_security_address_group.html.markdown index 36f04f5eba..ac1622551e 100644 --- a/website/docs/r/network_security_address_group.html.markdown +++ b/website/docs/r/network_security_address_group.html.markdown @@ -68,6 +68,21 @@ resource "google_network_security_address_group" "default" { items = ["208.80.154.224/32"] } ``` +## Example Usage - Network Security Address Groups Cloud Armor + + +```hcl +resource "google_network_security_address_group" "default" { + provider = google-beta + name = "my-address-groups" + parent = "projects/my-project-name" + location = "global" + type = "IPV4" + capacity = "100" + purpose = ["CLOUD_ARMOR"] + items = ["208.80.154.224/32"] +} +``` ## Argument Reference @@ -112,6 +127,11 @@ The following arguments are supported: (Optional) List of items. +* `purpose` - + (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html)) + List of supported purposes of the Address Group. + Each value may be one of: `DEFAULT`, `CLOUD_ARMOR`. + * `parent` - (Optional) The name of the parent this address group belongs to. Format: organizations/{organization_id} or projects/{project_id}.