From dc56dec6d391fe09e9ebb37bc2d43cc39e29b3c4 Mon Sep 17 00:00:00 2001 From: The Magician Date: Wed, 17 Jan 2024 10:09:56 -0800 Subject: [PATCH] [#15779] Add google_network_security_security_profile resource (#9800) (#17029) * [#15779] Add google_network_security_security_profile resource * Add untested fields to examples and tests * Fix base path * Removing custom timeouts as they're not needed * Removing unused fields from yaml * Fixing test errors * Fixes per roaks3 comments --------- [upstream:32f5f3d1a45a03dd7d9789d418606a079922d423] Signed-off-by: Modular Magician --- .changelog/9800.txt | 3 + ..._network_security_security_profile_test.go | 3 + ...rk_security_security_profile.html.markdown | 224 ++++++++++++++++++ 3 files changed, 230 insertions(+) create mode 100644 .changelog/9800.txt create mode 100644 google/services/networksecurity/resource_network_security_security_profile_test.go create mode 100644 website/docs/r/network_security_security_profile.html.markdown diff --git a/.changelog/9800.txt b/.changelog/9800.txt new file mode 100644 index 00000000000..6a1fae6b391 --- /dev/null +++ b/.changelog/9800.txt @@ -0,0 +1,3 @@ +```release-note:new-resource +`google_network_security_security_profile` +``` diff --git a/google/services/networksecurity/resource_network_security_security_profile_test.go b/google/services/networksecurity/resource_network_security_security_profile_test.go new file mode 100644 index 00000000000..8380ac5af78 --- /dev/null +++ b/google/services/networksecurity/resource_network_security_security_profile_test.go @@ -0,0 +1,3 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 +package networksecurity_test diff --git a/website/docs/r/network_security_security_profile.html.markdown b/website/docs/r/network_security_security_profile.html.markdown new file mode 100644 index 00000000000..850f86c4277 --- /dev/null +++ b/website/docs/r/network_security_security_profile.html.markdown @@ -0,0 +1,224 @@ +--- +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in +# .github/CONTRIBUTING.md. +# +# ---------------------------------------------------------------------------- +subcategory: "Network security" +description: |- + A security profile defines the behavior associated to a profile type. +--- + +# google\_network\_security\_security\_profile + +A security profile defines the behavior associated to a profile type. + +~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider. +See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources. + +To get more information about SecurityProfile, see: + +* [API documentation](https://cloud.google.com/firewall/docs/reference/network-security/rest/v1beta1/projects.locations.securityProfiles) +* How-to Guides + * [Create and manage security profiles](https://cloud.google.com/firewall/docs/configure-security-profiles) + +## Example Usage - Network Security Security Profile Basic + + +```hcl +resource "google_network_security_security_profile" "default" { + provider = google-beta + name = "my-security-profile" + parent = "organizations/123456789" + description = "my description" + type = "THREAT_PREVENTION" + + labels = { + foo = "bar" + } +} +``` +## Example Usage - Network Security Security Profile Overrides + + +```hcl +resource "google_network_security_security_profile" "default" { + provider = google-beta + name = "my-security-profile" + parent = "organizations/123456789" + description = "my description" + type = "THREAT_PREVENTION" + + threat_prevention_profile { + severity_overrides { + action = "ALLOW" + severity = "INFORMATIONAL" + } + + severity_overrides { + action = "DENY" + severity = "HIGH" + } + + threat_overrides { + action = "ALLOW" + threat_id = "280647" + } + } +} +``` + +## Argument Reference + +The following arguments are supported: + + +* `type` - + (Required) + The type of security profile. + Possible values are: `THREAT_PREVENTION`. + +* `name` - + (Required) + The name of the security profile resource. + + +- - - + + +* `description` - + (Optional) + An optional description of the security profile. The Max length is 512 characters. + +* `labels` - + (Optional) + A map of key/value label pairs to assign to the resource. + + **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. + Please refer to the field `effective_labels` for all of the labels present on the resource. + +* `threat_prevention_profile` - + (Optional) + The threat prevention configuration for the security profile. + Structure is [documented below](#nested_threat_prevention_profile). + +* `location` - + (Optional) + The location of the security profile. + The default value is `global`. + +* `parent` - + (Optional) + The name of the parent this security profile belongs to. + Format: organizations/{organization_id}. + + +The `threat_prevention_profile` block supports: + +* `severity_overrides` - + (Optional) + The configuration for overriding threats actions by severity match. + Structure is [documented below](#nested_severity_overrides). + +* `threat_overrides` - + (Optional) + The configuration for overriding threats actions by threat id match. + If a threat is matched both by configuration provided in severity overrides + and threat overrides, the threat overrides action is applied. + Structure is [documented below](#nested_threat_overrides). + + +The `severity_overrides` block supports: + +* `action` - + (Required) + Threat action override. + Possible values are: `ALERT`, `ALLOW`, `DEFAULT_ACTION`, `DENY`. + +* `severity` - + (Required) + Severity level to match. + Possible values are: `CRITICAL`, `HIGH`, `INFORMATIONAL`, `LOW`, `MEDIUM`. + +The `threat_overrides` block supports: + +* `action` - + (Required) + Threat action. + Possible values are: `ALERT`, `ALLOW`, `DEFAULT_ACTION`, `DENY`. + +* `threat_id` - + (Required) + Vendor-specific ID of a threat to override. + +* `type` - + (Output) + Type of threat. + +## Attributes Reference + +In addition to the arguments listed above, the following computed attributes are exported: + +* `id` - an identifier for the resource with format `{{parent}}/locations/{{location}}/securityProfiles/{{name}}` + +* `self_link` - + Server-defined URL of this resource. + +* `create_time` - + Time the security profile was created in UTC. + +* `update_time` - + Time the security profile was updated in UTC. + +* `etag` - + This checksum is computed by the server based on the value of other fields, + and may be sent on update and delete requests to ensure the client has an up-to-date + value before proceeding. + +* `terraform_labels` - + The combination of labels configured directly on the resource + and default labels configured on the provider. + +* `effective_labels` - + All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services. + + +## Timeouts + +This resource provides the following +[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options: + +- `create` - Default is 20 minutes. +- `update` - Default is 20 minutes. +- `delete` - Default is 20 minutes. + +## Import + + +SecurityProfile can be imported using any of these accepted formats: + +* `{{parent}}/locations/{{location}}/securityProfiles/{{name}}` + + +In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import SecurityProfile using one of the formats above. For example: + +```tf +import { + id = "{{parent}}/locations/{{location}}/securityProfiles/{{name}}" + to = google_network_security_security_profile.default +} +``` + +When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), SecurityProfile can be imported using one of the formats above. For example: + +``` +$ terraform import google_network_security_security_profile.default {{parent}}/locations/{{location}}/securityProfiles/{{name}} +```