Add support for NetowrkSecurityAddressGroup

config/crds/resources/apiextensions.k8s.io_v1_customresourcedefinition_networksecurityaddressgroups.networksecurity.cnrm.cloud.google.com.yaml

@@ -0,0 +1,215 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cnrm.cloud.google.com/version: 0.0.0-dev
+  creationTimestamp: null
+  labels:
+    cnrm.cloud.google.com/managed-by-kcc: "true"
+    cnrm.cloud.google.com/stability-level: stable
+    cnrm.cloud.google.com/system: "true"
+    cnrm.cloud.google.com/tf2crd: "true"
+  name: networksecurityaddressgroups.networksecurity.cnrm.cloud.google.com
+spec:
+  group: networksecurity.cnrm.cloud.google.com
+  names:
+    categories:
+    - gcp
+    kind: NetworkSecurityAddressGroup
+    plural: networksecurityaddressgroups
+    shortNames:
+    - gcpnetworksecurityaddressgroup
+    - gcpnetworksecurityaddressgroups
+    singular: networksecurityaddressgroup
+  preserveUnknownFields: false
+  scope: Namespaced
+  versions:
+  - additionalPrinterColumns:
+    - jsonPath: .metadata.creationTimestamp
+      name: Age
+      type: date
+    - description: When 'True', the most recent reconcile of the resource succeeded
+      jsonPath: .status.conditions[?(@.type=='Ready')].status
+      name: Ready
+      type: string
+    - description: The reason for the value in 'Ready'
+      jsonPath: .status.conditions[?(@.type=='Ready')].reason
+      name: Status
+      type: string
+    - description: The last transition time for the value in 'Status'
+      jsonPath: .status.conditions[?(@.type=='Ready')].lastTransitionTime
+      name: Status Age
+      type: date
+    name: v1beta1
+    schema:
+      openAPIV3Schema:
+        properties:
+          apiVersion:
+            description: 'apiVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              capacity:
+                description: Capacity of the Address Group.
+                type: integer
+              description:
+                description: Free-text description of the resource.
+                type: string
+              items:
+                description: List of items.
+                items:
+                  type: string
+                type: array
+              location:
+                description: |-
+                  The location of the gateway security policy.
+                  The default value is 'global'.
+                type: string
+              parent:
+                description: |-
+                  Only external field is supported to configure the reference
+                  as an organizationRef
+
+                  The name of the parent this address group belongs to.
+                  Format: organizations/{organization_id} or projects/{project_id}
+                oneOf:
+                - required:
+                  - organizationRef
+                - required:
+                  - projectRef
+                properties:
+                  organizationRef:
+                    oneOf:
+                    - not:
+                        required:
+                        - external
+                      required:
+                      - name
+                    - not:
+                        anyOf:
+                        - required:
+                          - name
+                        - required:
+                          - namespace
+                      required:
+                      - external
+                    properties:
+                      external:
+                        description: 'Allowed value: string of the format `organizations/{{value}}`,
+                          where {{value}} is the `number` field of an `Organization`
+                          resource.'
+                        type: string
+                      name:
+                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                        type: string
+                      namespace:
+                        description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                        type: string
+                    type: object
+                  projectRef:
+                    oneOf:
+                    - not:
+                        required:
+                        - external
+                      required:
+                      - name
+                    - not:
+                        anyOf:
+                        - required:
+                          - name
+                        - required:
+                          - namespace
+                      required:
+                      - external
+                    properties:
+                      external:
+                        description: 'Allowed value: string of the format `projects/{{value}}`,
+                          where {{value}} is the `name` field of a `Project` resource.'
+                        type: string
+                      name:
+                        description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
+                        type: string
+                      namespace:
+                        description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
+                        type: string
+                    type: object
+                type: object
+              type:
+                description: 'The type of the Address Group. Possible values are "IPV4"
+                  or "IPV6". Possible values: ["IPV4", "IPV6"].'
+                type: string
+            required:
+            - capacity
+            - location
+            - type
+            type: object
+          status:
+            properties:
+              conditions:
+                description: Conditions represent the latest available observation
+                  of the resource's current state.
+                items:
+                  properties:
+                    lastTransitionTime:
+                      description: Last time the condition transitioned from one status
+                        to another.
+                      type: string
+                    message:
+                      description: Human-readable message indicating details about
+                        last transition.
+                      type: string
+                    reason:
+                      description: Unique, one-word, CamelCase reason for the condition's
+                        last transition.
+                      type: string
+                    status:
+                      description: Status is the status of the condition. Can be True,
+                        False, Unknown.
+                      type: string
+                    type:
+                      description: Type is the type of the condition.
+                      type: string
+                  type: object
+                type: array
+              createTime:
+                description: |-
+                  The timestamp when the resource was created.
+                  A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits.
+                  Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
+                type: string
+              observedGeneration:
+                description: ObservedGeneration is the generation of the resource
+                  that was most recently observed by the Config Connector controller.
+                  If this is equal to metadata.generation, then that means that the
+                  current reported status reflects the most recent desired state of
+                  the resource.
+                type: integer
+              updateTime:
+                description: |-
+                  The timestamp when the resource was updated.
+                  A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits.
+                  Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
+                type: string
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

config/samples/resources/networksecurityaddressgroup/organization-addressgroup/networksecurity_v1beta1_addressgroup.yaml

@@ -0,0 +1,31 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: networksecurity.cnrm.cloud.google.com/v1beta1
+kind: NetworkSecurityAddressGroup
+metadata:
+  labels:
+    label-one: "value-one"
+  name: addressgroup-sample
+spec:
+  parent:
+    projectRef:
+      # Replace "${ORG_ID?}" with the numeric ID for your organization
+      external: "organizations/${ORG_ID?}"
+  location: global
+  type: IPV4
+  capacity: 100
+  items:
+    - "208.80.154.224/32"
+    - "10.0.0.0/8"

config/samples/resources/networksecurityaddressgroup/project-addressgroup/networksecurity_v1beta1_addressgroup.yaml

@@ -0,0 +1,31 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: networksecurity.cnrm.cloud.google.com/v1beta1
+kind: NetworkSecurityAddressGroup
+metadata:
+  labels:
+    label-one: "value-one"
+  name: addressgroup-sample
+spec:
+  parent:
+    projectRef:
+      # Replace ${PROJECT_ID?} with your project ID
+      external: "projects/${PROJECT_ID?}"
+  location: global
+  type: IPV4
+  capacity: 100
+  items:
+    - "208.80.154.224/32"
+    - "10.0.0.0/8"

config/servicemappings/networksecurity.yaml

@@ -0,0 +1,57 @@
+# Copyright 2022 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: core.cnrm.cloud.google.com/v1alpha1
+kind: ServiceMapping
+metadata:
+  name: networksecurity.cnrm.cloud.google.com
+  namespace: cnrm-system
+spec:
+  name: NetworkSecurity
+  version: v1beta1
+  serviceHostName: "networksecurity.googleapis.com"
+  resources:
+    - name: google_network_security_address_group
+      kind: NetworkSecurityAddressGroup
+      metadataMapping:
+        name: name
+        labels: labels
+      idTemplate: "[projects/{{project?}}|organizations/{{organization?}}]/locations/{{location}}/addressGroups/{{name}}"
+      idTemplateCanBeUsedToMatchResourceName: true
+      resourceAvailableInAssetInventory: false
+      resourceReferences:
+        - tfField: parent
+          description: |-
+            Only external field is supported to configure the reference
+            as an organizationRef
+
+            The name of the parent this address group belongs to.
+            Format: organizations/{organization_id} or projects/{project_id}
+          types:
+            - key: projectRef
+              parent: true
+              valueTemplate: projects/{{value}}
+              targetField: "name"
+              gvk:
+                kind: Project
+                version: v1beta1
+                group: resourcemanager.cnrm.cloud.google.com
+            - key: organizationRef
+              parent: true
+              valueTemplate: organizations/{{value}}
+              targetField: "number"
+              gvk:
+                kind: Organization
+                version: v1beta1
+                group: resourcemanager.cnrm.cloud.google.com

config/tests/samples/create/samples_test.go

@@ -225,6 +225,8 @@ var testDisabledList = map[string]bool{
 	"edgecontainercluster-remote-control-plane": true,
 	"edgecontainernodepool":                     true,
 	"edgecontainervpnconnection":                true,
+	// Creates an org-level resource
+	"organization-addressgroup": true,
 }
 
 func TestAll(t *testing.T) {