[#15779] Add google_network_security_security_profile resource (#9800) (

#17029) * [#15779] Add google_network_security_security_profile resource * Add untested fields to examples and tests * Fix base path * Removing custom timeouts as they're not needed * Removing unused fields from yaml * Fixing test errors * Fixes per roaks3 comments --------- [upstream:32f5f3d1a45a03dd7d9789d418606a079922d423] Signed-off-by: Modular Magician <[email protected]>
hashicorp · Jan 17, 2024 · dc56dec · dc56dec
1 parent 1510da6
commit dc56dec
Show file tree

Hide file tree

Showing 3 changed files with 230 additions and 0 deletions.
diff --git a/.changelog/9800.txt b/.changelog/9800.txt
@@ -0,0 +1,3 @@
+```release-note:new-resource
+`google_network_security_security_profile`
+```
diff --git a/google/services/networksecurity/resource_network_security_security_profile_test.go b/google/services/networksecurity/resource_network_security_security_profile_test.go
@@ -0,0 +1,3 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+package networksecurity_test
diff --git a/website/docs/r/network_security_security_profile.html.markdown b/website/docs/r/network_security_security_profile.html.markdown
@@ -0,0 +1,224 @@
+---
+# ----------------------------------------------------------------------------
+#
+#     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
+#
+# ----------------------------------------------------------------------------
+#
+#     This file is automatically generated by Magic Modules and manual
+#     changes will be clobbered when the file is regenerated.
+#
+#     Please read more about how to change this file in
+#     .github/CONTRIBUTING.md.
+#
+# ----------------------------------------------------------------------------
+subcategory: "Network security"
+description: |-
+  A security profile defines the behavior associated to a profile type.
+---
+
+# google\_network\_security\_security\_profile
+
+A security profile defines the behavior associated to a profile type.
+
+~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider.
+See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources.
+
+To get more information about SecurityProfile, see:
+
+* [API documentation](https://cloud.google.com/firewall/docs/reference/network-security/rest/v1beta1/projects.locations.securityProfiles)
+* How-to Guides
+    * [Create and manage security profiles](https://cloud.google.com/firewall/docs/configure-security-profiles)
+
+## Example Usage - Network Security Security Profile Basic
+
+
+```hcl
+resource "google_network_security_security_profile" "default" {
+  provider    = google-beta
+  name        = "my-security-profile"
+  parent      = "organizations/123456789"
+  description = "my description"
+  type        = "THREAT_PREVENTION"
+
+  labels = {
+    foo = "bar"
+  }
+}
+```
+## Example Usage - Network Security Security Profile Overrides
+
+
+```hcl
+resource "google_network_security_security_profile" "default" {
+  provider    = google-beta
+  name        = "my-security-profile"
+  parent      = "organizations/123456789"
+  description = "my description"
+  type        = "THREAT_PREVENTION"
+
+  threat_prevention_profile {
+    severity_overrides {
+      action   = "ALLOW"
+      severity = "INFORMATIONAL"
+    }
+
+    severity_overrides {
+      action   = "DENY"
+      severity = "HIGH"
+    }
+
+    threat_overrides {
+      action    = "ALLOW"
+      threat_id = "280647"
+    }
+  }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+
+* `type` -
+  (Required)
+  The type of security profile.
+  Possible values are: `THREAT_PREVENTION`.
+
+* `name` -
+  (Required)
+  The name of the security profile resource.
+
+
+- - -
+
+
+* `description` -
+  (Optional)
+  An optional description of the security profile. The Max length is 512 characters.
+
+* `labels` -
+  (Optional)
+  A map of key/value label pairs to assign to the resource.
+
+  **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
+  Please refer to the field `effective_labels` for all of the labels present on the resource.
+
+* `threat_prevention_profile` -
+  (Optional)
+  The threat prevention configuration for the security profile.
+  Structure is [documented below](#nested_threat_prevention_profile).
+
+* `location` -
+  (Optional)
+  The location of the security profile.
+  The default value is `global`.
+
+* `parent` -
+  (Optional)
+  The name of the parent this security profile belongs to.
+  Format: organizations/{organization_id}.
+
+
+<a name="nested_threat_prevention_profile"></a>The `threat_prevention_profile` block supports:
+
+* `severity_overrides` -
+  (Optional)
+  The configuration for overriding threats actions by severity match.
+  Structure is [documented below](#nested_severity_overrides).
+
+* `threat_overrides` -
+  (Optional)
+  The configuration for overriding threats actions by threat id match.
+  If a threat is matched both by configuration provided in severity overrides
+  and threat overrides, the threat overrides action is applied.
+  Structure is [documented below](#nested_threat_overrides).
+
+
+<a name="nested_severity_overrides"></a>The `severity_overrides` block supports:
+
+* `action` -
+  (Required)
+  Threat action override.
+  Possible values are: `ALERT`, `ALLOW`, `DEFAULT_ACTION`, `DENY`.
+
+* `severity` -
+  (Required)
+  Severity level to match.
+  Possible values are: `CRITICAL`, `HIGH`, `INFORMATIONAL`, `LOW`, `MEDIUM`.
+
+<a name="nested_threat_overrides"></a>The `threat_overrides` block supports:
+
+* `action` -
+  (Required)
+  Threat action.
+  Possible values are: `ALERT`, `ALLOW`, `DEFAULT_ACTION`, `DENY`.
+
+* `threat_id` -
+  (Required)
+  Vendor-specific ID of a threat to override.
+
+* `type` -
+  (Output)
+  Type of threat.
+
+## Attributes Reference
+
+In addition to the arguments listed above, the following computed attributes are exported:
+
+* `id` - an identifier for the resource with format `{{parent}}/locations/{{location}}/securityProfiles/{{name}}`
+
+* `self_link` -
+  Server-defined URL of this resource.
+
+* `create_time` -
+  Time the security profile was created in UTC.
+
+* `update_time` -
+  Time the security profile was updated in UTC.
+
+* `etag` -
+  This checksum is computed by the server based on the value of other fields,
+  and may be sent on update and delete requests to ensure the client has an up-to-date
+  value before proceeding.
+
+* `terraform_labels` -
+  The combination of labels configured directly on the resource
+   and default labels configured on the provider.
+
+* `effective_labels` -
+  All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.
+
+
+## Timeouts
+
+This resource provides the following
+[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:
+
+- `create` - Default is 20 minutes.
+- `update` - Default is 20 minutes.
+- `delete` - Default is 20 minutes.
+
+## Import
+
+
+SecurityProfile can be imported using any of these accepted formats:
+
+* `{{parent}}/locations/{{location}}/securityProfiles/{{name}}`
+
+
+In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import SecurityProfile using one of the formats above. For example:
+
+```tf
+import {
+  id = "{{parent}}/locations/{{location}}/securityProfiles/{{name}}"
+  to = google_network_security_security_profile.default
+}
+```
+
+When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), SecurityProfile can be imported using one of the formats above. For example:
+
+```
+$ terraform import google_network_security_security_profile.default {{parent}}/locations/{{location}}/securityProfiles/{{name}}
+```