Skip to content

Commit

Permalink
[#15779] Adds the google_network_security_security_profile_group reso…
Browse files Browse the repository at this point in the history
…urce (GoogleCloudPlatform#9802)

* [#15779] Adds the new google_network_security_security_profile_group resource.

* Removing unused fields from yaml

* Fixing tests

* Fixes

* Fix test example

* Edits per melinath recommendations

* Make location immutable

---------

Co-authored-by: Luca Prete <[email protected]>
  • Loading branch information
2 people authored and pengq-google committed May 21, 2024
1 parent c23b0fe commit d7e2b84
Show file tree
Hide file tree
Showing 3 changed files with 219 additions and 0 deletions.
95 changes: 95 additions & 0 deletions mmv1/products/networksecurity/SecurityProfileGroup.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
# Copyright 2024 Google Inc.
# Licensed under the Apache License, Version 2.0 (the 'License');
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an 'AS IS' BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

--- !ruby/object:Api::Resource
name: 'SecurityProfileGroup'
base_url: '{{parent}}/locations/{{location}}securityProfileGroups'
create_url: '{{parent}}/locations/{{location}}/securityProfileGroups?securityProfileGroupId={{name}}'
self_link: '{{parent}}/locations/{{location}}/securityProfileGroups/{{name}}'
min_version: beta
update_verb: :PATCH
update_mask: true
description: |
A security profile group defines a container for security profiles.
references:
!ruby/object:Api::Resource::ReferenceLinks
api: 'https://cloud.google.com/firewall/docs/reference/network-security/rest/v1beta1/organizations.locations.securityProfileGroups'
guides:
'Security profile groups overview': 'https://cloud.google.com/firewall/docs/about-security-profile-groups'
'Create and manage security profile groups': 'https://cloud.google.com/firewall/docs/configure-security-profile-groups'
async: !ruby/object:Api::OpAsync
operation: !ruby/object:Api::OpAsync::Operation
base_url: '{{op_id}}'
include_project: true
import_format: ['{{%parent}}/locations/{{location}}/securityProfileGroups/{{name}}']
examples:
- !ruby/object:Provider::Terraform::Examples
name: 'network_security_security_profile_group_basic'
primary_resource_id: 'default'
min_version: beta
test_env_vars:
org_id: :ORG_ID
vars:
security_profile_group_name: 'sec-profile-group'
security_profile_name: 'sec-profile'
parameters:
- !ruby/object:Api::Type::String
name: 'name'
required: true
immutable: true
url_param_only: true
description: |
The name of the security profile group resource.
- !ruby/object:Api::Type::String
name: 'location'
default_value: 'global'
immutable: true
description: |
The location of the security profile group.
The default value is `global`.
url_param_only: true
- !ruby/object:Api::Type::String
name: 'parent'
description: |
The name of the parent this security profile group belongs to.
Format: organizations/{organization_id}.
immutable: true
url_param_only: true
properties:
- !ruby/object:Api::Type::Time
name: 'createTime'
description: Time the security profile group was created in UTC.
output: true
- !ruby/object:Api::Type::Time
name: 'updateTime'
description: Time the security profile group was updated in UTC.
output: true
- !ruby/object:Api::Type::String
name: 'etag'
output: true
description: |
This checksum is computed by the server based on the value of other fields,
and may be sent on update and delete requests to ensure the client has an up-to-date
value before proceeding.
- !ruby/object:Api::Type::String
name: 'description'
description: |
An optional description of the profile. The Max length is 512 characters.
- !ruby/object:Api::Type::KeyValueLabels
name: 'labels'
description: |
A map of key/value label pairs to assign to the resource.
- !ruby/object:Api::Type::String
name: 'threatPreventionProfile'
description: |
Reference to a SecurityProfile with the threat prevention configuration for the SecurityProfileGroup.
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
resource "google_network_security_security_profile_group" "<%= ctx[:primary_resource_id] %>" {
provider = google-beta
name = "<%= ctx[:vars]['security_profile_group_name'] %>"
parent = "organizations/<%= ctx[:test_env_vars]['org_id'] %>"
description = "my description"
threat_prevention_profile = google_network_security_security_profile.security_profile.id

labels = {
foo = "bar"
}
}

resource "google_network_security_security_profile" "security_profile" {
provider = google-beta
name = "<%= ctx[:vars]['security_profile_name'] %>"
type = "THREAT_PREVENTION"
parent = "organizations/<%= ctx[:test_env_vars]['org_id'] %>"
location = "global"
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,105 @@
<% autogen_exception -%>
package networksecurity_test
<% unless version == 'ga' -%>

import (
"fmt"
"testing"

"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
"github.com/hashicorp/terraform-provider-google/google/acctest"
"github.com/hashicorp/terraform-provider-google/google/envvar"
)

func TestAccNetworkSecuritySecurityProfileGroups_update(t *testing.T) {
t.Parallel()

orgId := envvar.GetTestOrgFromEnv(t)
randomSuffix := acctest.RandString(t, 10)

acctest.VcrTest(t, resource.TestCase{
PreCheck: func() { acctest.AccTestPreCheck(t) },
ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t),
CheckDestroy: testAccCheckNetworkSecuritySecurityProfileGroupDestroyProducer(t),
Steps: []resource.TestStep{
{
Config: testAccNetworkSecuritySecurityProfileGroups_basic(orgId, randomSuffix),
},
{
ResourceName: "google_network_security_security_profile_group.foobar",
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"labels", "terraform_labels"},
},
{
Config: testAccNetworkSecuritySecurityProfileGroups_update(orgId, randomSuffix),
},
{
ResourceName: "google_network_security_security_profile_group.foobar",
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"labels", "terraform_labels"},
},
},
})
}

func testAccNetworkSecuritySecurityProfileGroups_basic(orgId string, randomSuffix string) string {
return fmt.Sprintf(`
resource "google_network_security_security_profile" "foobar" {
provider = google-beta
name = "tf-test-my-security-profile%s"
type = "THREAT_PREVENTION"
parent = "organizations/%s"
location = "global"
}

resource "google_network_security_security_profile_group" "foobar" {
provider = google-beta
name = "tf-test-my-security-profile-group%s"
parent = "organizations/%s"
location = "global"
description = "My security profile group."
threat_prevention_profile = google_network_security_security_profile.foobar.id

labels = {
foo = "bar"
}
}
`, randomSuffix, orgId, randomSuffix, orgId)
}

func testAccNetworkSecuritySecurityProfileGroups_update(orgId string, randomSuffix string) string {
return fmt.Sprintf(`
resource "google_network_security_security_profile" "foobar" {
provider = google-beta
name = "tf-test-my-security-profile%s"
type = "THREAT_PREVENTION"
parent = "organizations/%s"
location = "global"
}

resource "google_network_security_security_profile" "foobar_updated" {
provider = google-beta
name = "tf-test-my-security-profile-updated%s"
type = "THREAT_PREVENTION"
parent = "organizations/%s"
location = "global"
}

resource "google_network_security_security_profile_group" "foobar" {
provider = google-beta
name = "tf-test-my-security-profile-group%s"
parent = "organizations/%s"
location = "global"
description = "My security profile group. Update"
threat_prevention_profile = google_network_security_security_profile.foobar_updated.id

labels = {
foo = "foo"
}
}
`, randomSuffix, orgId, randomSuffix, orgId, randomSuffix, orgId)
}

<% end -%>

0 comments on commit d7e2b84

Please sign in to comment.