From 4e6d1a68ad043df41ca817491b669e107c416ebd Mon Sep 17 00:00:00 2001 From: Modular Magician Date: Mon, 30 Mar 2020 16:32:18 +0000 Subject: [PATCH] ACM: service perimeter's vpc_accessible_services (#3318) Signed-off-by: Modular Magician --- ...ccess_context_manager_service_perimeter.md | 6 +++ .../property/serviceperimeter_status.rb | 4 ++ ...erimeter_status_vpc_accessible_services.rb | 37 +++++++++++++++++++ ...ccess_context_manager_service_perimeter.rb | 1 + 4 files changed, 48 insertions(+) create mode 100644 libraries/google/accesscontextmanager/property/serviceperimeter_status_vpc_accessible_services.rb diff --git a/docs/resources/google_access_context_manager_service_perimeter.md b/docs/resources/google_access_context_manager_service_perimeter.md index c87aba6ef..dd8496103 100644 --- a/docs/resources/google_access_context_manager_service_perimeter.md +++ b/docs/resources/google_access_context_manager_service_perimeter.md @@ -42,6 +42,12 @@ Properties that can be accessed from the `google_access_context_manager_service_ * `restricted_services`: GCP services that are subject to the Service Perimeter restrictions. Must contain a list of services. For example, if `storage.googleapis.com` is specified, access to the storage buckets inside the perimeter must meet the perimeter's access restrictions. + * `vpc_accessible_services`: Specifies how APIs are allowed to communicate within the Service Perimeter. + + * `enable_restriction`: Whether to restrict API calls within the Service Perimeter to the list of APIs specified in 'allowedServices'. + + * `allowed_services`: The list of APIs usable within the Service Perimeter. Must be empty unless `enableRestriction` is True. + * `parent`: The AccessPolicy this ServicePerimeter lives in. Format: accessPolicies/{policy_id} * `name`: Resource name for the ServicePerimeter. The short_name component must begin with a letter and only include alphanumeric and '_'. Format: accessPolicies/{policy_id}/servicePerimeters/{short_name} diff --git a/libraries/google/accesscontextmanager/property/serviceperimeter_status.rb b/libraries/google/accesscontextmanager/property/serviceperimeter_status.rb index 0b964b0b9..68f156de7 100644 --- a/libraries/google/accesscontextmanager/property/serviceperimeter_status.rb +++ b/libraries/google/accesscontextmanager/property/serviceperimeter_status.rb @@ -13,6 +13,7 @@ # CONTRIBUTING.md located at the root of this package. # # ---------------------------------------------------------------------------- +require 'google/accesscontextmanager/property/serviceperimeter_status_vpc_accessible_services' module GoogleInSpec module AccessContextManager module Property @@ -23,12 +24,15 @@ class ServicePerimeterStatus attr_reader :restricted_services + attr_reader :vpc_accessible_services + def initialize(args = nil, parent_identifier = nil) return if args.nil? @parent_identifier = parent_identifier @resources = args['resources'] @access_levels = args['accessLevels'] @restricted_services = args['restrictedServices'] + @vpc_accessible_services = GoogleInSpec::AccessContextManager::Property::ServicePerimeterStatusVPCAccessibleServices.new(args['vpcAccessibleServices'], to_s) end def to_s diff --git a/libraries/google/accesscontextmanager/property/serviceperimeter_status_vpc_accessible_services.rb b/libraries/google/accesscontextmanager/property/serviceperimeter_status_vpc_accessible_services.rb new file mode 100644 index 000000000..739ea306b --- /dev/null +++ b/libraries/google/accesscontextmanager/property/serviceperimeter_status_vpc_accessible_services.rb @@ -0,0 +1,37 @@ +# frozen_string_literal: false + +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in README.md and +# CONTRIBUTING.md located at the root of this package. +# +# ---------------------------------------------------------------------------- +module GoogleInSpec + module AccessContextManager + module Property + class ServicePerimeterStatusVPCAccessibleServices + attr_reader :enable_restriction + + attr_reader :allowed_services + + def initialize(args = nil, parent_identifier = nil) + return if args.nil? + @parent_identifier = parent_identifier + @enable_restriction = args['enableRestriction'] + @allowed_services = args['allowedServices'] + end + + def to_s + "#{@parent_identifier} ServicePerimeterStatusVPCAccessibleServices" + end + end + end + end +end diff --git a/libraries/google_access_context_manager_service_perimeter.rb b/libraries/google_access_context_manager_service_perimeter.rb index 041a32cbc..5b5d8b43c 100644 --- a/libraries/google_access_context_manager_service_perimeter.rb +++ b/libraries/google_access_context_manager_service_perimeter.rb @@ -15,6 +15,7 @@ # ---------------------------------------------------------------------------- require 'gcp_backend' require 'google/accesscontextmanager/property/serviceperimeter_status' +require 'google/accesscontextmanager/property/serviceperimeter_status_vpc_accessible_services' # A provider to manage Access Context Manager resources. class AccessContextManagerServicePerimeter < GcpResourceBase