hashicorp · modular-magician · Jul 2, 2024 · Jul 2, 2024
@@ -0,0 +1,3 @@
+```release-note:enhancement
+networksecurity: added `purpose` field to `google_network_security_address_group` resource (beta only)
+```
@@ -107,6 +107,15 @@ Please refer to the field 'effective_labels' for all of the labels present on th
 				ForceNew:    true,
 				Description: `The name of the parent this address group belongs to. Format: organizations/{organization_id} or projects/{project_id}.`,
 			},
+			"purpose": {
+				Type:        schema.TypeList,
+				Optional:    true,
+				Description: `List of supported purposes of the Address Group. Possible values: ["DEFAULT", "CLOUD_ARMOR"]`,
+				Elem: &schema.Schema{
+					Type:         schema.TypeString,
+					ValidateFunc: verify.ValidateEnum([]string{"DEFAULT", "CLOUD_ARMOR"}),
+				},
+			},
 			"create_time": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -172,6 +181,12 @@ func resourceNetworkSecurityAddressGroupCreate(d *schema.ResourceData, meta inte
 	} else if v, ok := d.GetOkExists("capacity"); !tpgresource.IsEmptyValue(reflect.ValueOf(capacityProp)) && (ok || !reflect.DeepEqual(v, capacityProp)) {
 		obj["capacity"] = capacityProp
 	}
+	purposeProp, err := expandNetworkSecurityAddressGroupPurpose(d.Get("purpose"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("purpose"); !tpgresource.IsEmptyValue(reflect.ValueOf(purposeProp)) && (ok || !reflect.DeepEqual(v, purposeProp)) {
+		obj["purpose"] = purposeProp
+	}
 	labelsProp, err := expandNetworkSecurityAddressGroupEffectiveLabels(d.Get("effective_labels"), d, config)
 	if err != nil {
 		return err
@@ -282,6 +297,9 @@ func resourceNetworkSecurityAddressGroupRead(d *schema.ResourceData, meta interf
 	if err := d.Set("capacity", flattenNetworkSecurityAddressGroupCapacity(res["capacity"], d, config)); err != nil {
 		return fmt.Errorf("Error reading AddressGroup: %s", err)
 	}
+	if err := d.Set("purpose", flattenNetworkSecurityAddressGroupPurpose(res["purpose"], d, config)); err != nil {
+		return fmt.Errorf("Error reading AddressGroup: %s", err)
+	}
 	if err := d.Set("terraform_labels", flattenNetworkSecurityAddressGroupTerraformLabels(res["labels"], d, config)); err != nil {
 		return fmt.Errorf("Error reading AddressGroup: %s", err)
 	}
@@ -327,6 +345,12 @@ func resourceNetworkSecurityAddressGroupUpdate(d *schema.ResourceData, meta inte
 	} else if v, ok := d.GetOkExists("capacity"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, capacityProp)) {
 		obj["capacity"] = capacityProp
 	}
+	purposeProp, err := expandNetworkSecurityAddressGroupPurpose(d.Get("purpose"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("purpose"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, purposeProp)) {
+		obj["purpose"] = purposeProp
+	}
 	labelsProp, err := expandNetworkSecurityAddressGroupEffectiveLabels(d.Get("effective_labels"), d, config)
 	if err != nil {
 		return err
@@ -359,6 +383,10 @@ func resourceNetworkSecurityAddressGroupUpdate(d *schema.ResourceData, meta inte
 		updateMask = append(updateMask, "capacity")
 	}
 
+	if d.HasChange("purpose") {
+		updateMask = append(updateMask, "purpose")
+	}
+
 	if d.HasChange("effective_labels") {
 		updateMask = append(updateMask, "labels")
 	}
@@ -526,6 +554,10 @@ func flattenNetworkSecurityAddressGroupCapacity(v interface{}, d *schema.Resourc
 	return v // let terraform core handle it otherwise
 }
 
+func flattenNetworkSecurityAddressGroupPurpose(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
 func flattenNetworkSecurityAddressGroupTerraformLabels(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
 	if v == nil {
 		return v
@@ -561,6 +593,10 @@ func expandNetworkSecurityAddressGroupCapacity(v interface{}, d tpgresource.Terr
 	return v, nil
 }
 
+func expandNetworkSecurityAddressGroupPurpose(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandNetworkSecurityAddressGroupEffectiveLabels(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (map[string]string, error) {
 	if v == nil {
 		return map[string]string{}, nil

@@ -149,6 +149,47 @@ resource "google_network_security_address_group" "default" {
 `, context)
 }
 
+func TestAccNetworkSecurityAddressGroup_networkSecurityAddressGroupsCloudArmorExample(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"project":       envvar.GetTestProjectFromEnv(),
+		"random_suffix": acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t),
+		CheckDestroy:             testAccCheckNetworkSecurityAddressGroupDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccNetworkSecurityAddressGroup_networkSecurityAddressGroupsCloudArmorExample(context),
+			},
+			{
+				ResourceName:            "google_network_security_address_group.default",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"labels", "location", "name", "parent", "terraform_labels"},
+			},
+		},
+	})
+}
+
+func testAccNetworkSecurityAddressGroup_networkSecurityAddressGroupsCloudArmorExample(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_network_security_address_group" "default" {
+  provider    = google-beta
+  name        = "tf-test-my-address-groups%{random_suffix}"
+  parent      = "projects/%{project}"
+  location    = "global"
+  type        = "IPV4"
+  capacity    = "100"
+  purpose     = ["CLOUD_ARMOR"]
+  items       = ["208.80.154.224/32"]
+}
+`, context)
+}
+
 func testAccCheckNetworkSecurityAddressGroupDestroyProducer(t *testing.T) func(s *terraform.State) error {
 	return func(s *terraform.State) error {
 		for name, rs := range s.RootModule().Resources {

@@ -68,6 +68,21 @@ resource "google_network_security_address_group" "default" {
   items       = ["208.80.154.224/32"]
 }
 ```
+## Example Usage - Network Security Address Groups Cloud Armor
+
+
+```hcl
+resource "google_network_security_address_group" "default" {
+  provider    = google-beta
+  name        = "my-address-groups"
+  parent      = "projects/my-project-name"
+  location    = "global"
+  type        = "IPV4"
+  capacity    = "100"
+  purpose     = ["CLOUD_ARMOR"]
+  items       = ["208.80.154.224/32"]
+}
+```
 
 ## Argument Reference
 
@@ -112,6 +127,11 @@ The following arguments are supported:
   (Optional)
   List of items.
 
+* `purpose` -
+  (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
+  List of supported purposes of the Address Group.
+  Each value may be one of: `DEFAULT`, `CLOUD_ARMOR`.
+
 * `parent` -
   (Optional)
   The name of the parent this address group belongs to. Format: organizations/{organization_id} or projects/{project_id}.