forked from GoogleCloudPlatform/magic-modules
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[#15779] Add google_network_security_firewall_endpoint_association re…
…source (GoogleCloudPlatform#9815) * [#15779] Add google_network_security_firewall_endpoint_association resource * Fixing tests * Fixes * Add test for update --------- Co-authored-by: Luca Prete <[email protected]>
- Loading branch information
Showing
3 changed files
with
297 additions
and
0 deletions.
There are no files selected for viewing
122 changes: 122 additions & 0 deletions
122
mmv1/products/networksecurity/FirewallEndpointAssociation.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,122 @@ | ||
# Copyright 2024 Google Inc. | ||
# Licensed under the Apache License, Version 2.0 (the 'License'); | ||
# you may not use this file except in compliance with the License. | ||
# You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an 'AS IS' BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
--- !ruby/object:Api::Resource | ||
name: 'FirewallEndpointAssociation' | ||
base_url: '{{parent}}/locations/{{location}}/firewallEndpointAssociations' | ||
create_url: '{{parent}}/locations/{{location}}/firewallEndpointAssociations?firewallEndpointId={{name}}' | ||
self_link: '{{parent}}/locations/{{location}}/firewallEndpointAssociations/{{name}}' | ||
min_version: beta | ||
update_verb: :PATCH | ||
update_mask: true | ||
description: | | ||
Firewall endpoint association links a firewall endpoint to a VPC network in | ||
the same zone. After you define this association, Cloud Firewall forwards the | ||
zonal workload traffic in your VPC network that requires layer 7 inspection to | ||
the attached firewall endpoint. | ||
references: | ||
!ruby/object:Api::Resource::ReferenceLinks | ||
api: 'https://cloud.google.com/firewall/docs/reference/network-security/rest/v1beta1/projects.locations.firewallEndpointAssociations#FirewallEndpointAssociation' | ||
guides: | ||
'Firewall endpoint overview': 'https://cloud.google.com/firewall/docs/about-firewall-endpoints' | ||
'Create and associate firewall endpoints': 'https://cloud.google.com/firewall/docs/configure-firewall-endpoints' | ||
async: !ruby/object:Api::OpAsync | ||
include_project: true | ||
operation: !ruby/object:Api::OpAsync::Operation | ||
base_url: '{{op_id}}' | ||
result: !ruby/object:Api::OpAsync::Result | ||
resource_inside_response: true | ||
import_format: [ | ||
'{{%parent}}/locations/{{location}}/firewallEndpointAssociations/{{name}}' | ||
] | ||
examples: | ||
- !ruby/object:Provider::Terraform::Examples | ||
name: 'network_security_firewall_endpoint_association_basic' | ||
primary_resource_id: 'default' | ||
# Handwritten test will take care of creates and updates. | ||
# Firewall endpoint association creation is subjet to firewall endpoint creation which is long and expensive. | ||
skip_test: true | ||
min_version: beta | ||
vars: | ||
resource_name_prefix: 'my-firewall-endpoint' | ||
test_env_vars: | ||
org_id: :ORG_ID | ||
project: :PROJECT_NAME | ||
parameters: | ||
- !ruby/object:Api::Type::String | ||
name: 'name' | ||
required: true | ||
immutable: true | ||
url_param_only: true | ||
description: | | ||
The name of the firewall endpoint association resource. | ||
- !ruby/object:Api::Type::String | ||
name: 'location' | ||
required: true | ||
immutable: true | ||
description: | | ||
The location (zone) of the firewall endpoint association. | ||
url_param_only: true | ||
- !ruby/object:Api::Type::String | ||
name: 'parent' | ||
description: | | ||
The name of the parent this firewall endpoint association belongs to. | ||
Format: projects/{project_id}. | ||
immutable: true | ||
url_param_only: true | ||
properties: | ||
- !ruby/object:Api::Type::String | ||
name: 'firewallEndpoint' | ||
required: true | ||
description: | | ||
The URL of the firewall endpoint that is being associated. | ||
- !ruby/object:Api::Type::String | ||
name: 'network' | ||
required: true | ||
description: | | ||
The URL of the network that is being associated. | ||
- !ruby/object:Api::Type::String | ||
name: 'tlsInspectionPolicy' | ||
description: | | ||
The URL of the TlsInspectionPolicy that is being associated. | ||
- !ruby/object:Api::Type::KeyValueLabels | ||
name: 'labels' | ||
description: | | ||
A map of key/value label pairs to assign to the resource. | ||
- !ruby/object:Api::Type::String | ||
name: 'selfLink' | ||
description: | | ||
Server-defined URL of this resource. | ||
output: true | ||
- !ruby/object:Api::Type::Time | ||
name: 'createTime' | ||
description: Time the firewall endpoint was created in UTC. | ||
output: true | ||
- !ruby/object:Api::Type::Time | ||
name: 'updateTime' | ||
description: Time the firewall endpoint was updated in UTC. | ||
output: true | ||
- !ruby/object:Api::Type::Boolean | ||
name: 'reconciling' | ||
description: | | ||
Whether reconciling is in progress, recommended per https://google.aip.dev/128. | ||
output: true | ||
- !ruby/object:Api::Type::Enum | ||
name: 'state' | ||
description: The current state of the endpoint. | ||
output: true | ||
values: | ||
- :ACTIVE | ||
- :CREATING | ||
- :DELETING | ||
- :INACTIVE |
21 changes: 21 additions & 0 deletions
21
.../templates/terraform/examples/network_security_firewall_endpoint_association_basic.tf.erb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
resource "google_network_security_firewall_endpoint" "<%= ctx[:primary_resource_id] %>" { | ||
provider = google-beta | ||
name = "<%= ctx[:vars]['resource_name_prefix'] %>" | ||
parent = "organizations/<%= ctx[:test_env_vars]['org_id'] %>" | ||
location = "us-central1-a" | ||
|
||
labels = { | ||
foo = "bar" | ||
} | ||
} | ||
|
||
resource "google_network_security_firewall_endpoint_association" "<%= ctx[:primary_resource_id] %>_association" { | ||
provider = google-beta | ||
name = "<%= ctx[:vars]['resource_name_prefix'] %>-association" | ||
parent = "projects/<%= ctx[:test_env_vars]['project'] %>" | ||
location = "us-central1-a" | ||
|
||
labels = { | ||
foo = "bar" | ||
} | ||
} |
154 changes: 154 additions & 0 deletions
154
...vices/networksecurity/resource_network_security_firewall_endpoint_association_test.go.erb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,154 @@ | ||
<% autogen_exception -%> | ||
package networksecurity_test | ||
<% unless version == 'ga' -%> | ||
|
||
import ( | ||
"fmt" | ||
"strings" | ||
"testing" | ||
|
||
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" | ||
"github.com/hashicorp/terraform-plugin-sdk/v2/terraform" | ||
|
||
"github.com/hashicorp/terraform-provider-google/google/acctest" | ||
"github.com/hashicorp/terraform-provider-google/google/envvar" | ||
transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport" | ||
"github.com/hashicorp/terraform-provider-google/google/tpgresource" | ||
) | ||
|
||
func TestAccNetworkSecurityFirewallEndpointAssociations_basic(t *testing.T) { | ||
acctest.SkipIfVcr(t) | ||
t.Parallel() | ||
|
||
orgId := envvar.GetTestOrgFromEnv(t) | ||
randomSuffix := acctest.RandString(t, 10) | ||
|
||
acctest.VcrTest(t, resource.TestCase{ | ||
PreCheck: func() { acctest.AccTestPreCheck(t) }, | ||
ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t), | ||
CheckDestroy: testAccCheckNetworkSecurityFirewallEndpointDestroyProducer(t), | ||
Steps: []resource.TestStep{ | ||
{ | ||
Config: testAccNetworkSecurityFirewallEndpointAssociation_basic(randomSuffix, orgId, ), | ||
}, | ||
{ | ||
ResourceName: "google_network_security_firewall_endpoint_association.foobar", | ||
ImportState: true, | ||
ImportStateVerify: true, | ||
ImportStateVerifyIgnore: []string{"labels", "terraform_labels"}, | ||
}, | ||
{ | ||
Config: testAccNetworkSecurityFirewallEndpointAssociation_update(randomSuffix, orgId, ), | ||
}, | ||
{ | ||
ResourceName: "google_network_security_firewall_endpoint_association.foobar", | ||
ImportState: true, | ||
ImportStateVerify: true, | ||
ImportStateVerifyIgnore: []string{"labels", "terraform_labels"}, | ||
}, | ||
}, | ||
}) | ||
} | ||
|
||
func testAccNetworkSecurityFirewallEndpointAssociation_basic(randomSuffix string, orgId string) string { | ||
return fmt.Sprintf(` | ||
resource "google_compute_network" "foobar" { | ||
provider = google-beta | ||
name = "tf-test-my-vpc%s" | ||
auto_create_subnetworks = false | ||
} | ||
|
||
resource "google_network_security_firewall_endpoint" "foobar" { | ||
provider = google-beta | ||
name = "tf-test-my-firewall-endpoint%s" | ||
parent = "organizations/%s" | ||
location = "us-central1-a" | ||
} | ||
|
||
# TODO: add tlsInspectionPolicy once resource is ready | ||
resource "google_network_security_firewall_endpoint_association" "foobar" { | ||
provider = google-beta | ||
name = "tf-test-my-firewall-endpoint%s" | ||
parent = "organizations/%s" | ||
location = "us-central1-a" | ||
firewall_endpoint = google_network_security_firewall_endpoint.foobar.id | ||
network = google_compute_network.foobar.id | ||
|
||
labels = { | ||
foo = "bar" | ||
} | ||
} | ||
`, randomSuffix, randomSuffix, orgId, randomSuffix, orgId) | ||
} | ||
|
||
func testAccNetworkSecurityFirewallEndpointAssociation_update(randomSuffix string, orgId string) string { | ||
return fmt.Sprintf(` | ||
resource "google_compute_network" "foobar" { | ||
provider = google-beta | ||
name = "tf-test-my-vpc%s" | ||
auto_create_subnetworks = false | ||
} | ||
|
||
resource "google_network_security_firewall_endpoint" "foobar" { | ||
provider = google-beta | ||
name = "tf-test-my-firewall-endpoint%s" | ||
parent = "organizations/%s" | ||
location = "us-central1-a" | ||
} | ||
|
||
# TODO: add tlsInspectionPolicy once resource is ready | ||
resource "google_network_security_firewall_endpoint_association" "foobar" { | ||
provider = google-beta | ||
name = "tf-test-my-firewall-endpoint%s" | ||
parent = "organizations/%s" | ||
location = "us-central1-a" | ||
firewall_endpoint = google_network_security_firewall_endpoint.foobar.id | ||
network = google_compute_network.foobar.id | ||
|
||
labels = { | ||
foo = "bar-updated" | ||
} | ||
} | ||
`, randomSuffix, randomSuffix, orgId, randomSuffix, orgId) | ||
} | ||
|
||
func testAccCheckNetworkSecurityFirewallEndpointAssociationDestroyProducer(t *testing.T) func(s *terraform.State) error { | ||
return func(s *terraform.State) error { | ||
for name, rs := range s.RootModule().Resources { | ||
if rs.Type != "google_network_security_firewall_endpoint_association" { | ||
continue | ||
} | ||
if strings.HasPrefix(name, "data.") { | ||
continue | ||
} | ||
|
||
config := acctest.GoogleProviderConfig(t) | ||
|
||
url, err := tpgresource.ReplaceVarsForTest(config, rs, "{{NetworkSecurityBasePath}}{{parent}}/locations/{{location}}/firewallEndpointAssociations/{{name}}") | ||
if err != nil { | ||
return err | ||
} | ||
|
||
billingProject := "" | ||
|
||
if config.BillingProject != "" { | ||
billingProject = config.BillingProject | ||
} | ||
|
||
_, err = transport_tpg.SendRequest(transport_tpg.SendRequestOptions{ | ||
Config: config, | ||
Method: "GET", | ||
Project: billingProject, | ||
RawURL: url, | ||
UserAgent: config.UserAgent, | ||
}) | ||
if err == nil { | ||
return fmt.Errorf("NetworkSecurityFirewallEndpointAssociation still exists at %s", url) | ||
} | ||
} | ||
|
||
return nil | ||
} | ||
} | ||
|
||
<% end -%> |