From a5ef92165addd3b106614c04a2389c3b52d57376 Mon Sep 17 00:00:00 2001 From: Max Portocarrero CI&T <105444618+maxi-cit@users.noreply.github.com> Date: Tue, 4 Jun 2024 12:47:20 -0500 Subject: [PATCH] add datasource to google_compute_security_policy resource (#10780) --- .../provider/provider_mmv1_resources.go.erb | 1 + .../data_source_compute_secutity_policy.go | 69 ++++++++++++++++++ ...ata_source_compute_secutity_policy_test.go | 73 +++++++++++++++++++ .../d/compute_security_policy.html.markdown | 40 ++++++++++ 4 files changed, 183 insertions(+) create mode 100644 mmv1/third_party/terraform/services/compute/data_source_compute_secutity_policy.go create mode 100644 mmv1/third_party/terraform/services/compute/data_source_compute_secutity_policy_test.go create mode 100644 mmv1/third_party/terraform/website/docs/d/compute_security_policy.html.markdown diff --git a/mmv1/third_party/terraform/provider/provider_mmv1_resources.go.erb b/mmv1/third_party/terraform/provider/provider_mmv1_resources.go.erb index 852aac90345e..b915b63e8e73 100644 --- a/mmv1/third_party/terraform/provider/provider_mmv1_resources.go.erb +++ b/mmv1/third_party/terraform/provider/provider_mmv1_resources.go.erb @@ -95,6 +95,7 @@ var handwrittenDatasources = map[string]*schema.Resource{ "google_compute_router": compute.DataSourceGoogleComputeRouter(), "google_compute_router_nat": compute.DataSourceGoogleComputeRouterNat(), "google_compute_router_status": compute.DataSourceGoogleComputeRouterStatus(), + "google_compute_security_policy": compute.DataSourceGoogleComputeSecurityPolicy(), "google_compute_snapshot": compute.DataSourceGoogleComputeSnapshot(), "google_compute_ssl_certificate": compute.DataSourceGoogleComputeSslCertificate(), "google_compute_ssl_policy": compute.DataSourceGoogleComputeSslPolicy(), diff --git a/mmv1/third_party/terraform/services/compute/data_source_compute_secutity_policy.go b/mmv1/third_party/terraform/services/compute/data_source_compute_secutity_policy.go new file mode 100644 index 000000000000..d0cba3c3287b --- /dev/null +++ b/mmv1/third_party/terraform/services/compute/data_source_compute_secutity_policy.go @@ -0,0 +1,69 @@ +package compute + +import ( + "errors" + "fmt" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-provider-google/google/tpgresource" + transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport" +) + +func DataSourceGoogleComputeSecurityPolicy() *schema.Resource { + // Generate datasource schema from resource + dsSchema := tpgresource.DatasourceSchemaFromResourceSchema(ResourceComputeSecurityPolicy().Schema) + + // Set 'Optional' schema elements + tpgresource.AddOptionalFieldsToSchema(dsSchema, "name") + tpgresource.AddOptionalFieldsToSchema(dsSchema, "project") + tpgresource.AddOptionalFieldsToSchema(dsSchema, "self_link") + + return &schema.Resource{ + Read: dataSourceComputSecurityPolicyRead, + Schema: dsSchema, + } +} + +func dataSourceComputSecurityPolicyRead(d *schema.ResourceData, meta interface{}) error { + config := meta.(*transport_tpg.Config) + id := "" + + if name, ok := d.GetOk("name"); ok { + project, err := tpgresource.GetProject(d, config) + if err != nil { + return err + } + + id = fmt.Sprintf("projects/%s/global/securityPolicies/%s", project, name.(string)) + d.SetId(id) + } else if selfLink, ok := d.GetOk("self_link"); ok { + parsed, err := tpgresource.ParseSecurityPolicyFieldValue(selfLink.(string), d, config) + if err != nil { + return err + } + + if err := d.Set("name", parsed.Name); err != nil { + return fmt.Errorf("Error setting name: %s", err) + } + + if err := d.Set("project", parsed.Project); err != nil { + return fmt.Errorf("Error setting project: %s", err) + } + + id = fmt.Sprintf("projects/%s/global/securityPolicies/%s", parsed.Project, parsed.Name) + d.SetId(id) + } else { + return errors.New("Must provide either `self_link` or `name`") + } + + err := resourceComputeSecurityPolicyRead(d, meta) + if err != nil { + return err + } + + if d.Id() == "" { + return fmt.Errorf("%s not found", id) + } + + return nil +} diff --git a/mmv1/third_party/terraform/services/compute/data_source_compute_secutity_policy_test.go b/mmv1/third_party/terraform/services/compute/data_source_compute_secutity_policy_test.go new file mode 100644 index 000000000000..761fef6ae86d --- /dev/null +++ b/mmv1/third_party/terraform/services/compute/data_source_compute_secutity_policy_test.go @@ -0,0 +1,73 @@ +package compute_test + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-provider-google/google/acctest" +) + +func TestAccDataSourceComputeSecurityPolicy_basic(t *testing.T) { + t.Parallel() + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckComputeSecurityPolicyDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccDataSourceComputeSecurityPolicy_basic(acctest.RandString(t, 10)), + Check: resource.ComposeTestCheckFunc( + acctest.CheckDataSourceStateMatchesResourceState("data.google_compute_security_policy.sp1", "google_compute_security_policy.policy"), + acctest.CheckDataSourceStateMatchesResourceState("data.google_compute_security_policy.sp2", "google_compute_security_policy.policy"), + ), + }, + }, + }) +} + +func testAccDataSourceComputeSecurityPolicy_basic(suffix string) string { + return fmt.Sprintf(` +resource "google_compute_security_policy" "policy" { + name = "my-policy-%s" + + rule { + action = "deny(403)" + priority = "1000" + description = "Deny access to IPs in 9.9.9.0/24" + + match { + versioned_expr = "SRC_IPS_V1" + + config { + src_ip_ranges = ["9.9.9.0/24"] + } + } + } + + rule { + action = "allow" + priority = "2147483647" + description = "default rule" + + match { + versioned_expr = "SRC_IPS_V1" + + config { + src_ip_ranges = ["*"] + } + } + } +} + +data "google_compute_security_policy" "sp1" { + name = google_compute_security_policy.policy.name + project = google_compute_security_policy.policy.project +} + +data "google_compute_security_policy" "sp2" { + self_link = google_compute_security_policy.policy.self_link +} +`, suffix) +} diff --git a/mmv1/third_party/terraform/website/docs/d/compute_security_policy.html.markdown b/mmv1/third_party/terraform/website/docs/d/compute_security_policy.html.markdown new file mode 100644 index 000000000000..f5b201ea4059 --- /dev/null +++ b/mmv1/third_party/terraform/website/docs/d/compute_security_policy.html.markdown @@ -0,0 +1,40 @@ +--- +subcategory: "Compute Engine" +description: |- + Get information about a Google Compute Security Policy. +--- + +# google_compute_security_policy + +To get more information about Google Compute Security Policy, see: + +* [API documentation](https://cloud.google.com/compute/docs/reference/rest/beta/securityPolicies) +* How-to Guides + * [Official Documentation](https://cloud.google.com/armor/docs/configure-security-policies) + +## Example Usage + +```hcl +data "google_compute_security_policy" "sp1" { + name = "my-policy" + project = "my-project" +} + +data "google_compute_security_policy" "sp2" { + self_link = "https://www.googleapis.com/compute/v1/projects/my-project/global/securityPolicies/my-policy" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - (Optional) The name of the security policy. Provide either this or a `self_link`. + +* `project` - (Optional) The project in which the resource belongs. If it is not provided, the provider project is used. + +* `self_link` - (Optional) The self_link of the security policy. Provide either this or a `name` + +## Attributes Reference + +See [google_compute_security_policy](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_security_policy) resource for details of the available attributes.