From d7e2b84d2852c16748ed8803ea33e5f3513f9abe Mon Sep 17 00:00:00 2001 From: Luca Prete Date: Tue, 13 Feb 2024 20:43:15 +0100 Subject: [PATCH] [#15779] Adds the google_network_security_security_profile_group resource (#9802) * [#15779] Adds the new google_network_security_security_profile_group resource. * Removing unused fields from yaml * Fixing tests * Fixes * Fix test example * Edits per melinath recommendations * Make location immutable --------- Co-authored-by: Luca Prete --- .../networksecurity/SecurityProfileGroup.yaml | 95 ++++++++++++++++ ...curity_security_profile_group_basic.tf.erb | 19 ++++ ...ecurity_security_profile_group_test.go.erb | 105 ++++++++++++++++++ 3 files changed, 219 insertions(+) create mode 100644 mmv1/products/networksecurity/SecurityProfileGroup.yaml create mode 100644 mmv1/templates/terraform/examples/network_security_security_profile_group_basic.tf.erb create mode 100644 mmv1/third_party/terraform/services/networksecurity/resource_network_security_security_profile_group_test.go.erb diff --git a/mmv1/products/networksecurity/SecurityProfileGroup.yaml b/mmv1/products/networksecurity/SecurityProfileGroup.yaml new file mode 100644 index 000000000000..4878950fe263 --- /dev/null +++ b/mmv1/products/networksecurity/SecurityProfileGroup.yaml @@ -0,0 +1,95 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the 'License'); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an 'AS IS' BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Resource +name: 'SecurityProfileGroup' +base_url: '{{parent}}/locations/{{location}}securityProfileGroups' +create_url: '{{parent}}/locations/{{location}}/securityProfileGroups?securityProfileGroupId={{name}}' +self_link: '{{parent}}/locations/{{location}}/securityProfileGroups/{{name}}' +min_version: beta +update_verb: :PATCH +update_mask: true +description: | + A security profile group defines a container for security profiles. +references: + !ruby/object:Api::Resource::ReferenceLinks + api: 'https://cloud.google.com/firewall/docs/reference/network-security/rest/v1beta1/organizations.locations.securityProfileGroups' + guides: + 'Security profile groups overview': 'https://cloud.google.com/firewall/docs/about-security-profile-groups' + 'Create and manage security profile groups': 'https://cloud.google.com/firewall/docs/configure-security-profile-groups' +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + base_url: '{{op_id}}' + include_project: true +import_format: ['{{%parent}}/locations/{{location}}/securityProfileGroups/{{name}}'] +examples: + - !ruby/object:Provider::Terraform::Examples + name: 'network_security_security_profile_group_basic' + primary_resource_id: 'default' + min_version: beta + test_env_vars: + org_id: :ORG_ID + vars: + security_profile_group_name: 'sec-profile-group' + security_profile_name: 'sec-profile' +parameters: + - !ruby/object:Api::Type::String + name: 'name' + required: true + immutable: true + url_param_only: true + description: | + The name of the security profile group resource. + - !ruby/object:Api::Type::String + name: 'location' + default_value: 'global' + immutable: true + description: | + The location of the security profile group. + The default value is `global`. + url_param_only: true + - !ruby/object:Api::Type::String + name: 'parent' + description: | + The name of the parent this security profile group belongs to. + Format: organizations/{organization_id}. + immutable: true + url_param_only: true +properties: + - !ruby/object:Api::Type::Time + name: 'createTime' + description: Time the security profile group was created in UTC. + output: true + - !ruby/object:Api::Type::Time + name: 'updateTime' + description: Time the security profile group was updated in UTC. + output: true + - !ruby/object:Api::Type::String + name: 'etag' + output: true + description: | + This checksum is computed by the server based on the value of other fields, + and may be sent on update and delete requests to ensure the client has an up-to-date + value before proceeding. + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of the profile. The Max length is 512 characters. + - !ruby/object:Api::Type::KeyValueLabels + name: 'labels' + description: | + A map of key/value label pairs to assign to the resource. + - !ruby/object:Api::Type::String + name: 'threatPreventionProfile' + description: | + Reference to a SecurityProfile with the threat prevention configuration for the SecurityProfileGroup. diff --git a/mmv1/templates/terraform/examples/network_security_security_profile_group_basic.tf.erb b/mmv1/templates/terraform/examples/network_security_security_profile_group_basic.tf.erb new file mode 100644 index 000000000000..bfbca6c2c107 --- /dev/null +++ b/mmv1/templates/terraform/examples/network_security_security_profile_group_basic.tf.erb @@ -0,0 +1,19 @@ +resource "google_network_security_security_profile_group" "<%= ctx[:primary_resource_id] %>" { + provider = google-beta + name = "<%= ctx[:vars]['security_profile_group_name'] %>" + parent = "organizations/<%= ctx[:test_env_vars]['org_id'] %>" + description = "my description" + threat_prevention_profile = google_network_security_security_profile.security_profile.id + + labels = { + foo = "bar" + } +} + +resource "google_network_security_security_profile" "security_profile" { + provider = google-beta + name = "<%= ctx[:vars]['security_profile_name'] %>" + type = "THREAT_PREVENTION" + parent = "organizations/<%= ctx[:test_env_vars]['org_id'] %>" + location = "global" +} diff --git a/mmv1/third_party/terraform/services/networksecurity/resource_network_security_security_profile_group_test.go.erb b/mmv1/third_party/terraform/services/networksecurity/resource_network_security_security_profile_group_test.go.erb new file mode 100644 index 000000000000..8e56deb5351d --- /dev/null +++ b/mmv1/third_party/terraform/services/networksecurity/resource_network_security_security_profile_group_test.go.erb @@ -0,0 +1,105 @@ +<% autogen_exception -%> +package networksecurity_test +<% unless version == 'ga' -%> + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-provider-google/google/acctest" + "github.com/hashicorp/terraform-provider-google/google/envvar" +) + +func TestAccNetworkSecuritySecurityProfileGroups_update(t *testing.T) { + t.Parallel() + + orgId := envvar.GetTestOrgFromEnv(t) + randomSuffix := acctest.RandString(t, 10) + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t), + CheckDestroy: testAccCheckNetworkSecuritySecurityProfileGroupDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccNetworkSecuritySecurityProfileGroups_basic(orgId, randomSuffix), + }, + { + ResourceName: "google_network_security_security_profile_group.foobar", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"labels", "terraform_labels"}, + }, + { + Config: testAccNetworkSecuritySecurityProfileGroups_update(orgId, randomSuffix), + }, + { + ResourceName: "google_network_security_security_profile_group.foobar", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"labels", "terraform_labels"}, + }, + }, + }) +} + +func testAccNetworkSecuritySecurityProfileGroups_basic(orgId string, randomSuffix string) string { + return fmt.Sprintf(` +resource "google_network_security_security_profile" "foobar" { + provider = google-beta + name = "tf-test-my-security-profile%s" + type = "THREAT_PREVENTION" + parent = "organizations/%s" + location = "global" +} + +resource "google_network_security_security_profile_group" "foobar" { + provider = google-beta + name = "tf-test-my-security-profile-group%s" + parent = "organizations/%s" + location = "global" + description = "My security profile group." + threat_prevention_profile = google_network_security_security_profile.foobar.id + + labels = { + foo = "bar" + } +} +`, randomSuffix, orgId, randomSuffix, orgId) +} + +func testAccNetworkSecuritySecurityProfileGroups_update(orgId string, randomSuffix string) string { + return fmt.Sprintf(` +resource "google_network_security_security_profile" "foobar" { + provider = google-beta + name = "tf-test-my-security-profile%s" + type = "THREAT_PREVENTION" + parent = "organizations/%s" + location = "global" +} + +resource "google_network_security_security_profile" "foobar_updated" { + provider = google-beta + name = "tf-test-my-security-profile-updated%s" + type = "THREAT_PREVENTION" + parent = "organizations/%s" + location = "global" +} + +resource "google_network_security_security_profile_group" "foobar" { + provider = google-beta + name = "tf-test-my-security-profile-group%s" + parent = "organizations/%s" + location = "global" + description = "My security profile group. Update" + threat_prevention_profile = google_network_security_security_profile.foobar_updated.id + + labels = { + foo = "foo" + } +} +`, randomSuffix, orgId, randomSuffix, orgId, randomSuffix, orgId) +} + +<% end -%>