From 1fe68cbba8e26474a99ae1f52c7de162760adc95 Mon Sep 17 00:00:00 2001 From: The Magician Date: Tue, 24 Mar 2020 10:14:00 -0700 Subject: [PATCH] =?UTF-8?q?Access=20Context=20Manager:=20add=20support=20f?= =?UTF-8?q?or=20access=20level=20condition=E2=80=A6=20(#3291)=20(#5961)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Modular Magician --- .changelog/3291.txt | 3 +++ ...rce_access_context_manager_access_level.go | 26 +++++++++++++++++++ ...ccess_context_manager_access_level_test.go | 4 +++ ...context_manager_access_level.html.markdown | 11 ++++++++ ...xt_manager_service_perimeter.html.markdown | 7 ++++- 5 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 .changelog/3291.txt diff --git a/.changelog/3291.txt b/.changelog/3291.txt new file mode 100644 index 00000000000..2fb03d0ad75 --- /dev/null +++ b/.changelog/3291.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +accesscontextmanager: Added `regions` field to `google_access_context_manager_access_level` +``` diff --git a/google/resource_access_context_manager_access_level.go b/google/resource_access_context_manager_access_level.go index ad2789bac5f..bb36c097a74 100644 --- a/google/resource_access_context_manager_access_level.go +++ b/google/resource_access_context_manager_access_level.go @@ -185,6 +185,16 @@ Formats: 'user:{emailid}', 'serviceAccount:{emailid}'`, a NAND over its non-empty fields, each field must be false for the Condition overall to be satisfied. Defaults to false.`, }, + "regions": { + Type: schema.TypeList, + Optional: true, + Description: `The request must originate from one of the provided +countries/regions. +Format: A valid ISO 3166-1 alpha-2 code.`, + Elem: &schema.Schema{ + Type: schema.TypeString, + }, + }, "required_access_levels": { Type: schema.TypeList, Optional: true, @@ -500,6 +510,7 @@ func flattenAccessContextManagerAccessLevelBasicConditions(v interface{}, d *sch "members": flattenAccessContextManagerAccessLevelBasicConditionsMembers(original["members"], d, config), "negate": flattenAccessContextManagerAccessLevelBasicConditionsNegate(original["negate"], d, config), "device_policy": flattenAccessContextManagerAccessLevelBasicConditionsDevicePolicy(original["devicePolicy"], d, config), + "regions": flattenAccessContextManagerAccessLevelBasicConditionsRegions(original["regions"], d, config), }) } return transformed @@ -590,6 +601,10 @@ func flattenAccessContextManagerAccessLevelBasicConditionsDevicePolicyRequireCor return v } +func flattenAccessContextManagerAccessLevelBasicConditionsRegions(v interface{}, d *schema.ResourceData, config *Config) interface{} { + return v +} + func flattenAccessContextManagerAccessLevelName(v interface{}, d *schema.ResourceData, config *Config) interface{} { return v } @@ -677,6 +692,13 @@ func expandAccessContextManagerAccessLevelBasicConditions(v interface{}, d Terra transformed["devicePolicy"] = transformedDevicePolicy } + transformedRegions, err := expandAccessContextManagerAccessLevelBasicConditionsRegions(original["regions"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedRegions); val.IsValid() && !isEmptyValue(val) { + transformed["regions"] = transformedRegions + } + req = append(req, transformed) } return req, nil @@ -809,6 +831,10 @@ func expandAccessContextManagerAccessLevelBasicConditionsDevicePolicyRequireCorp return v, nil } +func expandAccessContextManagerAccessLevelBasicConditionsRegions(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) { + return v, nil +} + func expandAccessContextManagerAccessLevelParent(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) { return v, nil } diff --git a/google/resource_access_context_manager_access_level_test.go b/google/resource_access_context_manager_access_level_test.go index 1c0a54afd75..79dbaca3e0e 100644 --- a/google/resource_access_context_manager_access_level_test.go +++ b/google/resource_access_context_manager_access_level_test.go @@ -151,6 +151,10 @@ resource "google_access_context_manager_access_level" "test-access" { os_type = "DESKTOP_CHROME_OS" } } + regions = [ + "IT", + "US", + ] } } } diff --git a/website/docs/r/access_context_manager_access_level.html.markdown b/website/docs/r/access_context_manager_access_level.html.markdown index 3e3a9c0cfe3..a59e6b5da9a 100644 --- a/website/docs/r/access_context_manager_access_level.html.markdown +++ b/website/docs/r/access_context_manager_access_level.html.markdown @@ -49,6 +49,11 @@ resource "google_access_context_manager_access_level" "access-level" { os_type = "DESKTOP_CHROME_OS" } } + regions = [ + "CH", + "IT", + "US", + ] } } } @@ -152,6 +157,12 @@ The `conditions` block supports: the Condition to be true. If not specified, all devices are allowed. Structure is documented below. +* `regions` - + (Optional) + The request must originate from one of the provided + countries/regions. + Format: A valid ISO 3166-1 alpha-2 code. + The `device_policy` block supports: diff --git a/website/docs/r/access_context_manager_service_perimeter.html.markdown b/website/docs/r/access_context_manager_service_perimeter.html.markdown index 884d4f4805b..c1f6fa5cc93 100644 --- a/website/docs/r/access_context_manager_service_perimeter.html.markdown +++ b/website/docs/r/access_context_manager_service_perimeter.html.markdown @@ -66,7 +66,12 @@ resource "google_access_context_manager_access_level" "access-level" { os_type = "DESKTOP_CHROME_OS" } } - } + regions = [ + "CH", + "IT", + "US", + ] + } } }