diff --git a/mmv1/products/compute/FirewallPolicyAssociation.yaml b/mmv1/products/compute/FirewallPolicyAssociation.yaml new file mode 100644 index 000000000000..eef602a814bf --- /dev/null +++ b/mmv1/products/compute/FirewallPolicyAssociation.yaml @@ -0,0 +1,83 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +name: 'FirewallPolicyAssociation' +api_resource_type_kind: FirewallPolicy +kind: 'compute#firewallPolicyAssociation' +description: | + Allows associating hierarchical firewall policies with the target where they are applied. This allows creating policies and rules in a different location than they are applied. + For more information on applying hierarchical firewall policies see the [official documentation](https://cloud.google.com/firewall/docs/firewall-policies#managing_hierarchical_firewall_policy_resources) +references: + guides: + api: 'https://cloud.google.com/compute/docs/reference/rest/v1/firewallPolicies/addAssociation' +docs: +id_format: 'locations/global/firewallPolicies/{{firewall_policy}}/associations/{{name}}' +base_url: 'locations/global/firewallPolicies/{{firewall_policy}}' +self_link: 'locations/global/firewallPolicies/{{firewall_policy}}/getAssociation?name={{name}}' +create_url: 'locations/global/firewallPolicies/{{firewall_policy}}/addAssociation' +delete_url: 'locations/global/firewallPolicies/{{firewall_policy}}/removeAssociation?name={{name}}' +delete_verb: 'POST' +immutable: true +import_format: + - 'locations/global/firewallPolicies/{{firewall_policy}}/associations/{{name}}' + - '{{firewall_policy}}/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: + pre_read: 'templates/terraform/pre_read/compute_firewall_policy_association.go.tmpl' + post_create: 'templates/terraform/post_create/compute_firewall_policy_association_operation.go.tmpl' + post_delete: 'templates/terraform/post_delete/compute_firewall_policy_association_operation.go.tmpl' +custom_diff: + - 'tpgresource.DefaultProviderProject' +examples: + - name: 'firewall_policy_association' + primary_resource_id: 'default' + vars: + policy_name: 'my-policy' + association_name: 'my-association' + folder_name: 'my-folder' + test_env_vars: + org_id: 'ORG_ID' + exclude_test: true +parameters: + - name: 'firewallPolicy' + type: ResourceRef + description: | + The firewall policy of the resource. + ignore_read: true + required: true + immutable: true + diff_suppress_func: 'tpgresource.CompareResourceNames' + custom_expand: 'templates/terraform/custom_expand/compute_firewall_policy_association.go.tmpl' + resource: 'FirewallPolicy' + imports: 'name' +properties: + - name: 'name' + type: String + description: | + The name for an association. + required: true + - name: 'attachmentTarget' + type: String + description: | + The target that the firewall policy is attached to. + required: true + diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName' + - name: 'shortName' + type: String + description: | + The short name of the firewall policy of the association. + output: true diff --git a/mmv1/templates/terraform/custom_expand/compute_firewall_policy_association.go.tmpl b/mmv1/templates/terraform/custom_expand/compute_firewall_policy_association.go.tmpl new file mode 100644 index 000000000000..7b3a6e343f90 --- /dev/null +++ b/mmv1/templates/terraform/custom_expand/compute_firewall_policy_association.go.tmpl @@ -0,0 +1,7 @@ +func expand{{$.GetPrefix}}{{$.TitlelizeProperty}}(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + firewallPolicyId := tpgresource.GetResourceNameFromSelfLink(v.(string)) + if err := d.Set("firewall_policy", firewallPolicyId); err != nil { + return nil, fmt.Errorf("Error setting firewall_policy: %s", err) + } + return firewallPolicyId, nil +} \ No newline at end of file diff --git a/mmv1/templates/terraform/examples/firewall_policy_association.tf.tmpl b/mmv1/templates/terraform/examples/firewall_policy_association.tf.tmpl new file mode 100644 index 000000000000..5ae7625e741c --- /dev/null +++ b/mmv1/templates/terraform/examples/firewall_policy_association.tf.tmpl @@ -0,0 +1,17 @@ +resource "google_folder" "folder" { + display_name = "{{index $.Vars "folder_name"}}" + parent = "organizations/{{index $.TestEnvVars "org_id"}}" + deletion_protection = false +} + +resource "google_compute_firewall_policy" "policy" { + parent = "organizations/{{index $.TestEnvVars "org_id"}}" + short_name = "{{index $.Vars "policy_name"}}" + description = "Example Resource" +} + +resource "google_compute_firewall_policy_association" "{{$.PrimaryResourceId}}" { + firewall_policy = google_compute_firewall_policy.policy.id + attachment_target = google_folder.folder.name + name = "{{index $.Vars "association_name"}}" +} \ No newline at end of file diff --git a/mmv1/templates/terraform/post_create/compute_firewall_policy_association_operation.go.tmpl b/mmv1/templates/terraform/post_create/compute_firewall_policy_association_operation.go.tmpl new file mode 100644 index 000000000000..0953b637e026 --- /dev/null +++ b/mmv1/templates/terraform/post_create/compute_firewall_policy_association_operation.go.tmpl @@ -0,0 +1,11 @@ +parent := d.Get("firewall_policy").(string) +var opRes map[string]interface{} +err = ComputeOrgOperationWaitTimeWithResponse( + config, res, &opRes, parent, "Creating FirewallPolicyAssociation", userAgent, + d.Timeout(schema.TimeoutCreate)) + +if err != nil { + // The resource didn't actually create + d.SetId("") + return fmt.Errorf("Error waiting to create FirewallPolicyAssociation: %s", err) +} \ No newline at end of file diff --git a/mmv1/templates/terraform/post_delete/compute_firewall_policy_association_operation.go.tmpl b/mmv1/templates/terraform/post_delete/compute_firewall_policy_association_operation.go.tmpl new file mode 100644 index 000000000000..45ef4fbfe655 --- /dev/null +++ b/mmv1/templates/terraform/post_delete/compute_firewall_policy_association_operation.go.tmpl @@ -0,0 +1,11 @@ +parent := d.Get("firewall_policy").(string) +var opRes map[string]interface{} +err = ComputeOrgOperationWaitTimeWithResponse( + config, res, &opRes, parent, "Deleting FirewallPolicyAssociation", userAgent, + d.Timeout(schema.TimeoutCreate)) + +if err != nil { + // The resource didn't actually create + d.SetId("") + return fmt.Errorf("Error waiting to delete FirewallPolicyAssociation: %s", err) +} \ No newline at end of file diff --git a/mmv1/templates/terraform/pre_read/compute_firewall_policy_association.go.tmpl b/mmv1/templates/terraform/pre_read/compute_firewall_policy_association.go.tmpl new file mode 100644 index 000000000000..a3ae32690dc1 --- /dev/null +++ b/mmv1/templates/terraform/pre_read/compute_firewall_policy_association.go.tmpl @@ -0,0 +1,5 @@ +expandComputeFirewallPolicyAssociationFirewallPolicy(d.Get("firewall_policy"), d, config) +url, err = tpgresource.ReplaceVars(d, config, "{{"{{"}}ComputeBasePath{{"}}"}}locations/global/firewallPolicies/{{"{{"}}firewall_policy{{"}}"}}/getAssociation?name={{"{{"}}name{{"}}"}}") +if err != nil { + return err +} \ No newline at end of file diff --git a/mmv1/third_party/terraform/services/compute/resource_compute_firewall_policy_association_test.go b/mmv1/third_party/terraform/services/compute/resource_compute_firewall_policy_association_test.go index 12e8f78881a7..5845c149221f 100644 --- a/mmv1/third_party/terraform/services/compute/resource_compute_firewall_policy_association_test.go +++ b/mmv1/third_party/terraform/services/compute/resource_compute_firewall_policy_association_test.go @@ -62,3 +62,53 @@ resource "google_compute_firewall_policy_association" "default" { } `, context) } + +func TestAccComputeFirewallPolicyAssociation_organization(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": acctest.RandString(t, 10), + "org_name": fmt.Sprintf("organizations/%s", envvar.GetTestOrgFromEnv(t)), + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + ExternalProviders: map[string]resource.ExternalProvider{ + "time": {}, + }, + Steps: []resource.TestStep{ + { + Config: testAccComputeFirewallPolicyAssociation_organization(context), + }, + { + ResourceName: "google_compute_firewall_policy_association.default", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"firewall_policy"}, + }, + }, + }) +} + +func testAccComputeFirewallPolicyAssociation_organization(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_folder" "folder" { + display_name = "tf-test-my-folder-%{random_suffix}" + parent = "%{org_name}" + deletion_protection = false +} + +resource "google_compute_firewall_policy" "policy" { + parent = "%{org_name}" + short_name = "tf-test-my-policy-%{random_suffix}" + description = "Example Resource" +} + +resource "google_compute_firewall_policy_association" "default" { + firewall_policy = google_compute_firewall_policy.policy.id + attachment_target = google_folder.folder.name + name = "tf-test-my-association-%{random_suffix}" +} +`, context) +} diff --git a/mmv1/third_party/terraform/website/docs/r/compute_firewall_policy_association.html.markdown b/mmv1/third_party/terraform/website/docs/r/compute_firewall_policy_association.html.markdown deleted file mode 100644 index cfe4cc3fdcd9..000000000000 --- a/mmv1/third_party/terraform/website/docs/r/compute_firewall_policy_association.html.markdown +++ /dev/null @@ -1,107 +0,0 @@ ---- -# ---------------------------------------------------------------------------- -# -# *** AUTO GENERATED CODE *** Type: DCL *** -# -# ---------------------------------------------------------------------------- -# -# This file is managed by Magic Modules (https:#github.com/GoogleCloudPlatform/magic-modules) -# and is based on the DCL (https:#github.com/GoogleCloudPlatform/declarative-resource-client-library). -# Changes will need to be made to the DCL or Magic Modules instead of here. -# -# We are not currently able to accept contributions to this file. If changes -# are required, please file an issue at https:#github.com/hashicorp/terraform-provider-google/issues/new/choose -# -# ---------------------------------------------------------------------------- -subcategory: "Compute Engine" -description: |- - Applies a hierarchical firewall policy to a target resource ---- - -# google_compute_firewall_policy_association - -Allows associating hierarchical firewall policies with the target where they are applied. This allows creating policies and rules in a different location than they are applied. - -For more information on applying hierarchical firewall policies see the [official documentation](https://cloud.google.com/vpc/docs/firewall-policies#managing_hierarchical_firewall_policy_resources) - -## Example Usage - -```hcl -resource "google_compute_firewall_policy" "default" { - parent = "organizations/12345" - short_name = "my-policy" - description = "Example Resource" -} - -resource "google_compute_firewall_policy_association" "default" { - firewall_policy = google_compute_firewall_policy.default.id - attachment_target = google_folder.folder.name - name = "my-association" -} -``` - - -## Argument Reference - -The following arguments are supported: - -* `attachment_target` - - (Required) - The target that the firewall policy is attached to. - -* `firewall_policy` - - (Required) - The firewall policy ID of the association. - -* `name` - - (Required) - The name for an association. - - - -- - - - - - -## Attributes Reference - -In addition to the arguments listed above, the following computed attributes are exported: - -* `id` - an identifier for the resource with format `locations/global/firewallPolicies/{{firewall_policy}}/associations/{{name}}` - -* `short_name` - - The short name of the firewall policy of the association. - -## Timeouts - -This resource provides the following -[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options: configuration options: - -- `create` - Default is 20 minutes. -- `delete` - Default is 20 minutes. - -## Import - -FirewallPolicyAssociation can be imported using any of these accepted formats: - -* `locations/global/firewallPolicies/{{firewall_policy}}/associations/{{name}}` -* `{{firewall_policy}}/{{name}}` - -In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import FirewallPolicyAssociation using one of the formats above. For example: - -```tf -import { - id = "locations/global/firewallPolicies/{{firewall_policy}}/associations/{{name}}" - to = google_compute_firewall_policy_association.default -} -``` - -When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), FirewallPolicyAssociation can be imported using one of the formats above. For example: - -``` -$ terraform import google_compute_firewall_policy_association.default locations/global/firewallPolicies/{{firewall_policy}}/associations/{{name}} -$ terraform import google_compute_firewall_policy_association.default {{firewall_policy}}/{{name}} -``` - - - diff --git a/tpgtools/overrides/compute/beta/firewall_policy_association.yaml b/tpgtools/overrides/compute/beta/firewall_policy_association.yaml deleted file mode 100644 index af851d79a0c9..000000000000 --- a/tpgtools/overrides/compute/beta/firewall_policy_association.yaml +++ /dev/null @@ -1,4 +0,0 @@ -- type: CUSTOMIZE_DIFF - details: - functions: - - tpgresource.DefaultProviderProject diff --git a/tpgtools/overrides/compute/firewall_policy_association.yaml b/tpgtools/overrides/compute/firewall_policy_association.yaml deleted file mode 100644 index af851d79a0c9..000000000000 --- a/tpgtools/overrides/compute/firewall_policy_association.yaml +++ /dev/null @@ -1,4 +0,0 @@ -- type: CUSTOMIZE_DIFF - details: - functions: - - tpgresource.DefaultProviderProject