Access Context Manager: add support for access level condition… (#3291)…

… (#5961) Signed-off-by: Modular Magician <[email protected]>
hashicorp · Mar 24, 2020 · 1fe68cb · 1fe68cb
1 parent 651089b
commit 1fe68cb
Show file tree

Hide file tree

Showing 5 changed files with 50 additions and 1 deletion.
diff --git a/.changelog/3291.txt b/.changelog/3291.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+accesscontextmanager: Added `regions` field to `google_access_context_manager_access_level`
+```
diff --git a/google/resource_access_context_manager_access_level.go b/google/resource_access_context_manager_access_level.go
@@ -185,6 +185,16 @@ Formats: 'user:{emailid}', 'serviceAccount:{emailid}'`,
 a NAND over its non-empty fields, each field must be false for
 the Condition overall to be satisfied. Defaults to false.`,
 									},
+									"regions": {
+										Type:     schema.TypeList,
+										Optional: true,
+										Description: `The request must originate from one of the provided
+countries/regions.
+Format: A valid ISO 3166-1 alpha-2 code.`,
+										Elem: &schema.Schema{
+											Type: schema.TypeString,
+										},
+									},
 									"required_access_levels": {
 										Type:     schema.TypeList,
 										Optional: true,
@@ -500,6 +510,7 @@ func flattenAccessContextManagerAccessLevelBasicConditions(v interface{}, d *sch
 			"members":                flattenAccessContextManagerAccessLevelBasicConditionsMembers(original["members"], d, config),
 			"negate":                 flattenAccessContextManagerAccessLevelBasicConditionsNegate(original["negate"], d, config),
 			"device_policy":          flattenAccessContextManagerAccessLevelBasicConditionsDevicePolicy(original["devicePolicy"], d, config),
+			"regions":                flattenAccessContextManagerAccessLevelBasicConditionsRegions(original["regions"], d, config),
 		})
 	}
 	return transformed
@@ -590,6 +601,10 @@ func flattenAccessContextManagerAccessLevelBasicConditionsDevicePolicyRequireCor
 	return v
 }
 
+func flattenAccessContextManagerAccessLevelBasicConditionsRegions(v interface{}, d *schema.ResourceData, config *Config) interface{} {
+	return v
+}
+
 func flattenAccessContextManagerAccessLevelName(v interface{}, d *schema.ResourceData, config *Config) interface{} {
 	return v
 }
@@ -677,6 +692,13 @@ func expandAccessContextManagerAccessLevelBasicConditions(v interface{}, d Terra
 			transformed["devicePolicy"] = transformedDevicePolicy
 		}
 
+		transformedRegions, err := expandAccessContextManagerAccessLevelBasicConditionsRegions(original["regions"], d, config)
+		if err != nil {
+			return nil, err
+		} else if val := reflect.ValueOf(transformedRegions); val.IsValid() && !isEmptyValue(val) {
+			transformed["regions"] = transformedRegions
+		}
+
 		req = append(req, transformed)
 	}
 	return req, nil
@@ -809,6 +831,10 @@ func expandAccessContextManagerAccessLevelBasicConditionsDevicePolicyRequireCorp
 	return v, nil
 }
 
+func expandAccessContextManagerAccessLevelBasicConditionsRegions(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandAccessContextManagerAccessLevelParent(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
 	return v, nil
 }

diff --git a/google/resource_access_context_manager_access_level_test.go b/google/resource_access_context_manager_access_level_test.go
@@ -151,6 +151,10 @@ resource "google_access_context_manager_access_level" "test-access" {
           os_type = "DESKTOP_CHROME_OS"
         }
       }
+      regions = [
+        "IT",
+        "US",
+      ]
     }
   }
 }

diff --git a/website/docs/r/access_context_manager_access_level.html.markdown b/website/docs/r/access_context_manager_access_level.html.markdown
@@ -49,6 +49,11 @@ resource "google_access_context_manager_access_level" "access-level" {
           os_type = "DESKTOP_CHROME_OS"
         }
       }
+      regions = [
+	"CH",
+	"IT",
+	"US",
+      ]
     }
   }
 }
@@ -152,6 +157,12 @@ The `conditions` block supports:
   the Condition to be true. If not specified, all devices are
   allowed.  Structure is documented below.
 
+* `regions` -
+  (Optional)
+  The request must originate from one of the provided
+  countries/regions.
+  Format: A valid ISO 3166-1 alpha-2 code.
+
 
 The `device_policy` block supports:
 

diff --git a/website/docs/r/access_context_manager_service_perimeter.html.markdown b/website/docs/r/access_context_manager_service_perimeter.html.markdown
@@ -66,7 +66,12 @@ resource "google_access_context_manager_access_level" "access-level" {
           os_type = "DESKTOP_CHROME_OS"
         }
       }
-    }
+      regions = [
+	"CH",
+	"IT",
+	"US",
+      ]
+  }
   }
 }
-Original file line number
+Diff line change
@@ Expand Up @@
               os_type = "DESKTOP_CHROME_OS"
             }
           }
+          regions = [
+            "IT",
+            "US",
+          ]
         }
       }
     }
@@ Expand Down @@