Skip to content

Commit

Permalink
Add support for network_firewall_policy_association and region_networ…
Browse files Browse the repository at this point in the history 
…k_firewall_policy_association (#6796) (#13013)

Co-authored-by: Riley Karson <rileykarson@google.com>
Co-authored-by: Ghaleb Al-habian <galhabian@google.com>
Signed-off-by: Modular Magician <magic-modules@google.com>

Signed-off-by: Modular Magician <magic-modules@google.com>
Co-authored-by: Riley Karson <rileykarson@google.com>
Co-authored-by: Ghaleb Al-habian <galhabian@google.com>
  • Loading branch information
@modular-magician @rileykarson
3 people committed Nov 11, 2022
1 parent f8ac976 commit 3d7592b
Show file tree
Hide file tree
Showing 8 changed files with 1,063 additions and 31 deletions.
6 changes: 6 additions & 0 deletions .changelog/6796.txt
View file
@@ -0,0 +1,6 @@
```release-note:new-resource
`google_compute_network_firewall_policy_association`
```
```release-note:new-resource
`google_compute_region_network_firewall_policy_association`
```
64 changes: 33 additions & 31 deletions google/provider_dcl_resources.go
View file
Expand Up @@ -20,35 +20,37 @@ import (
)

var dclResources = map[string]*schema.Resource{
"google_apikeys_key": resourceApikeysKey(),
"google_assured_workloads_workload": resourceAssuredWorkloadsWorkload(),
"google_bigquery_reservation_assignment": resourceBigqueryReservationAssignment(),
"google_cloudbuild_worker_pool": resourceCloudbuildWorkerPool(),
"google_clouddeploy_delivery_pipeline": resourceClouddeployDeliveryPipeline(),
"google_clouddeploy_target": resourceClouddeployTarget(),
"google_compute_firewall_policy": resourceComputeFirewallPolicy(),
"google_compute_firewall_policy_association": resourceComputeFirewallPolicyAssociation(),
"google_compute_firewall_policy_rule": resourceComputeFirewallPolicyRule(),
"google_compute_region_network_firewall_policy": resourceComputeRegionNetworkFirewallPolicy(),
"google_compute_network_firewall_policy": resourceComputeNetworkFirewallPolicy(),
"google_container_aws_cluster": resourceContainerAwsCluster(),
"google_container_aws_node_pool": resourceContainerAwsNodePool(),
"google_container_azure_client": resourceContainerAzureClient(),
"google_container_azure_cluster": resourceContainerAzureCluster(),
"google_container_azure_node_pool": resourceContainerAzureNodePool(),
"google_dataplex_asset": resourceDataplexAsset(),
"google_dataplex_lake": resourceDataplexLake(),
"google_dataplex_zone": resourceDataplexZone(),
"google_dataproc_workflow_template": resourceDataprocWorkflowTemplate(),
"google_eventarc_trigger": resourceEventarcTrigger(),
"google_firebaserules_release": resourceFirebaserulesRelease(),
"google_firebaserules_ruleset": resourceFirebaserulesRuleset(),
"google_logging_log_view": resourceLoggingLogView(),
"google_monitoring_monitored_project": resourceMonitoringMonitoredProject(),
"google_network_connectivity_hub": resourceNetworkConnectivityHub(),
"google_network_connectivity_spoke": resourceNetworkConnectivitySpoke(),
"google_org_policy_policy": resourceOrgPolicyPolicy(),
"google_os_config_os_policy_assignment": resourceOsConfigOsPolicyAssignment(),
"google_privateca_certificate_template": resourcePrivatecaCertificateTemplate(),
"google_recaptcha_enterprise_key": resourceRecaptchaEnterpriseKey(),
"google_apikeys_key": resourceApikeysKey(),
"google_assured_workloads_workload": resourceAssuredWorkloadsWorkload(),
"google_bigquery_reservation_assignment": resourceBigqueryReservationAssignment(),
"google_cloudbuild_worker_pool": resourceCloudbuildWorkerPool(),
"google_clouddeploy_delivery_pipeline": resourceClouddeployDeliveryPipeline(),
"google_clouddeploy_target": resourceClouddeployTarget(),
"google_compute_firewall_policy": resourceComputeFirewallPolicy(),
"google_compute_firewall_policy_association": resourceComputeFirewallPolicyAssociation(),
"google_compute_firewall_policy_rule": resourceComputeFirewallPolicyRule(),
"google_compute_region_network_firewall_policy": resourceComputeRegionNetworkFirewallPolicy(),
"google_compute_network_firewall_policy": resourceComputeNetworkFirewallPolicy(),
"google_compute_network_firewall_policy_association": resourceComputeNetworkFirewallPolicyAssociation(),
"google_compute_region_network_firewall_policy_association": resourceComputeRegionNetworkFirewallPolicyAssociation(),
"google_container_aws_cluster": resourceContainerAwsCluster(),
"google_container_aws_node_pool": resourceContainerAwsNodePool(),
"google_container_azure_client": resourceContainerAzureClient(),
"google_container_azure_cluster": resourceContainerAzureCluster(),
"google_container_azure_node_pool": resourceContainerAzureNodePool(),
"google_dataplex_asset": resourceDataplexAsset(),
"google_dataplex_lake": resourceDataplexLake(),
"google_dataplex_zone": resourceDataplexZone(),
"google_dataproc_workflow_template": resourceDataprocWorkflowTemplate(),
"google_eventarc_trigger": resourceEventarcTrigger(),
"google_firebaserules_release": resourceFirebaserulesRelease(),
"google_firebaserules_ruleset": resourceFirebaserulesRuleset(),
"google_logging_log_view": resourceLoggingLogView(),
"google_monitoring_monitored_project": resourceMonitoringMonitoredProject(),
"google_network_connectivity_hub": resourceNetworkConnectivityHub(),
"google_network_connectivity_spoke": resourceNetworkConnectivitySpoke(),
"google_org_policy_policy": resourceOrgPolicyPolicy(),
"google_os_config_os_policy_assignment": resourceOsConfigOsPolicyAssignment(),
"google_privateca_certificate_template": resourcePrivatecaCertificateTemplate(),
"google_recaptcha_enterprise_key": resourceRecaptchaEnterpriseKey(),
}
250 changes: 250 additions & 0 deletions google/resource_compute_network_firewall_policy_association.go
View file
@@ -0,0 +1,250 @@
// ----------------------------------------------------------------------------
//
// *** AUTO GENERATED CODE *** Type: DCL ***
//
// ----------------------------------------------------------------------------
//
// This file is managed by Magic Modules (https://github.com/GoogleCloudPlatform/magic-modules)
// and is based on the DCL (https://github.com/GoogleCloudPlatform/declarative-resource-client-library).
// Changes will need to be made to the DCL or Magic Modules instead of here.
//
// We are not currently able to accept contributions to this file. If changes
// are required, please file an issue at https://github.com/hashicorp/terraform-provider-google/issues/new/choose
//
// ----------------------------------------------------------------------------

package google

import (
"context"
"fmt"
"log"
"time"

"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"

dcl "github.com/GoogleCloudPlatform/declarative-resource-client-library/dcl"
compute "github.com/GoogleCloudPlatform/declarative-resource-client-library/services/google/compute"
)

func resourceComputeNetworkFirewallPolicyAssociation() *schema.Resource {
return &schema.Resource{
Create: resourceComputeNetworkFirewallPolicyAssociationCreate,
Read: resourceComputeNetworkFirewallPolicyAssociationRead,
Delete: resourceComputeNetworkFirewallPolicyAssociationDelete,

Importer: &schema.ResourceImporter{
State: resourceComputeNetworkFirewallPolicyAssociationImport,
},

Timeouts: &schema.ResourceTimeout{
Create: schema.DefaultTimeout(20 * time.Minute),
Delete: schema.DefaultTimeout(20 * time.Minute),
},

Schema: map[string]*schema.Schema{
"attachment_target": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
DiffSuppressFunc: compareSelfLinkOrResourceName,
Description: "The target that the firewall policy is attached to.",
},

"firewall_policy": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
DiffSuppressFunc: compareSelfLinkOrResourceName,
Description: "The firewall policy ID of the association.",
},

"name": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
Description: "The name for an association.",
},

"project": {
Type: schema.TypeString,
Computed: true,
Optional: true,
ForceNew: true,
DiffSuppressFunc: compareSelfLinkOrResourceName,
Description: "The project for the resource",
},

"short_name": {
Type: schema.TypeString,
Computed: true,
Description: "The short name of the firewall policy of the association.",
},
},
}
}

func resourceComputeNetworkFirewallPolicyAssociationCreate(d *schema.ResourceData, meta interface{}) error {
config := meta.(*Config)
project, err := getProject(d, config)
if err != nil {
return err
}

obj := &compute.NetworkFirewallPolicyAssociation{
AttachmentTarget: dcl.String(d.Get("attachment_target").(string)),
FirewallPolicy: dcl.String(d.Get("firewall_policy").(string)),
Name: dcl.String(d.Get("name").(string)),
Project: dcl.String(project),
}

id, err := replaceVarsForId(d, config, "projects/{{project}}/global/firewallPolicies/{{firewall_policy}}/associations/{{name}}")
if err != nil {
return fmt.Errorf("error constructing id: %s", err)
}
d.SetId(id)
directive := CreateDirective
userAgent, err := generateUserAgentString(d, config.userAgent)
if err != nil {
return err
}
billingProject := project
// err == nil indicates that the billing_project value was found
if bp, err := getBillingProject(d, config); err == nil {
billingProject = bp
}
client := NewDCLComputeClient(config, userAgent, billingProject, d.Timeout(schema.TimeoutCreate))
if bp, err := replaceVars(d, config, client.Config.BasePath); err != nil {
d.SetId("")
return fmt.Errorf("Could not format %q: %w", client.Config.BasePath, err)
} else {
client.Config.BasePath = bp
}
res, err := client.ApplyNetworkFirewallPolicyAssociation(context.Background(), obj, directive...)

if _, ok := err.(dcl.DiffAfterApplyError); ok {
log.Printf("[DEBUG] Diff after apply returned from the DCL: %s", err)
} else if err != nil {
// The resource didn't actually create
d.SetId("")
return fmt.Errorf("Error creating NetworkFirewallPolicyAssociation: %s", err)
}

log.Printf("[DEBUG] Finished creating NetworkFirewallPolicyAssociation %q: %#v", d.Id(), res)

return resourceComputeNetworkFirewallPolicyAssociationRead(d, meta)
}

func resourceComputeNetworkFirewallPolicyAssociationRead(d *schema.ResourceData, meta interface{}) error {
config := meta.(*Config)
project, err := getProject(d, config)
if err != nil {
return err
}

obj := &compute.NetworkFirewallPolicyAssociation{
AttachmentTarget: dcl.String(d.Get("attachment_target").(string)),
FirewallPolicy: dcl.String(d.Get("firewall_policy").(string)),
Name: dcl.String(d.Get("name").(string)),
Project: dcl.String(project),
}

userAgent, err := generateUserAgentString(d, config.userAgent)
if err != nil {
return err
}
billingProject := project
// err == nil indicates that the billing_project value was found
if bp, err := getBillingProject(d, config); err == nil {
billingProject = bp
}
client := NewDCLComputeClient(config, userAgent, billingProject, d.Timeout(schema.TimeoutRead))
if bp, err := replaceVars(d, config, client.Config.BasePath); err != nil {
d.SetId("")
return fmt.Errorf("Could not format %q: %w", client.Config.BasePath, err)
} else {
client.Config.BasePath = bp
}
res, err := client.GetNetworkFirewallPolicyAssociation(context.Background(), obj)
if err != nil {
resourceName := fmt.Sprintf("ComputeNetworkFirewallPolicyAssociation %q", d.Id())
return handleNotFoundDCLError(err, d, resourceName)
}

if err = d.Set("attachment_target", res.AttachmentTarget); err != nil {
return fmt.Errorf("error setting attachment_target in state: %s", err)
}
if err = d.Set("firewall_policy", res.FirewallPolicy); err != nil {
return fmt.Errorf("error setting firewall_policy in state: %s", err)
}
if err = d.Set("name", res.Name); err != nil {
return fmt.Errorf("error setting name in state: %s", err)
}
if err = d.Set("project", res.Project); err != nil {
return fmt.Errorf("error setting project in state: %s", err)
}
if err = d.Set("short_name", res.ShortName); err != nil {
return fmt.Errorf("error setting short_name in state: %s", err)
}

return nil
}

func resourceComputeNetworkFirewallPolicyAssociationDelete(d *schema.ResourceData, meta interface{}) error {
config := meta.(*Config)
project, err := getProject(d, config)
if err != nil {
return err
}

obj := &compute.NetworkFirewallPolicyAssociation{
AttachmentTarget: dcl.String(d.Get("attachment_target").(string)),
FirewallPolicy: dcl.String(d.Get("firewall_policy").(string)),
Name: dcl.String(d.Get("name").(string)),
Project: dcl.String(project),
}

log.Printf("[DEBUG] Deleting NetworkFirewallPolicyAssociation %q", d.Id())
userAgent, err := generateUserAgentString(d, config.userAgent)
if err != nil {
return err
}
billingProject := project
// err == nil indicates that the billing_project value was found
if bp, err := getBillingProject(d, config); err == nil {
billingProject = bp
}
client := NewDCLComputeClient(config, userAgent, billingProject, d.Timeout(schema.TimeoutDelete))
if bp, err := replaceVars(d, config, client.Config.BasePath); err != nil {
d.SetId("")
return fmt.Errorf("Could not format %q: %w", client.Config.BasePath, err)
} else {
client.Config.BasePath = bp
}
if err := client.DeleteNetworkFirewallPolicyAssociation(context.Background(), obj); err != nil {
return fmt.Errorf("Error deleting NetworkFirewallPolicyAssociation: %s", err)
}

log.Printf("[DEBUG] Finished deleting NetworkFirewallPolicyAssociation %q", d.Id())
return nil
}

func resourceComputeNetworkFirewallPolicyAssociationImport(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
config := meta.(*Config)

if err := parseImportId([]string{
"projects/(?P<project>[^/]+)/global/firewallPolicies/(?P<firewall_policy>[^/]+)/associations/(?P<name>[^/]+)",
"(?P<project>[^/]+)/(?P<firewall_policy>[^/]+)/(?P<name>[^/]+)",
}, d, config); err != nil {
return nil, err
}

// Replace import id for the resource id
id, err := replaceVarsForId(d, config, "projects/{{project}}/global/firewallPolicies/{{firewall_policy}}/associations/{{name}}")
if err != nil {
return nil, fmt.Errorf("Error constructing id: %s", err)
}
d.SetId(id)

return []*schema.ResourceData{d}, nil
}

0 comments on commit 3d7592b

Please sign in to comment.