Skip to content

Commit

Permalink
Migrate google_compute_firewall_policy_association resource from DCL …
Browse files Browse the repository at this point in the history
…to MMv1 (#12466)

Co-authored-by: Zhenhua Li <zhenhuali@google.com>
  • Loading branch information
Samir-Cit and zli82016 authored Dec 18, 2024
1 parent 0eaffcc commit 613bdae
Show file tree
Hide file tree
Showing 10 changed files with 184 additions and 115 deletions.
83 changes: 83 additions & 0 deletions mmv1/products/compute/FirewallPolicyAssociation.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
# Copyright 2024 Google Inc.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

---
name: 'FirewallPolicyAssociation'
api_resource_type_kind: FirewallPolicy
kind: 'compute#firewallPolicyAssociation'
description: |
Allows associating hierarchical firewall policies with the target where they are applied. This allows creating policies and rules in a different location than they are applied.
For more information on applying hierarchical firewall policies see the [official documentation](https://cloud.google.com/firewall/docs/firewall-policies#managing_hierarchical_firewall_policy_resources)
references:
guides:
api: 'https://cloud.google.com/compute/docs/reference/rest/v1/firewallPolicies/addAssociation'
docs:
id_format: 'locations/global/firewallPolicies/{{firewall_policy}}/associations/{{name}}'
base_url: 'locations/global/firewallPolicies/{{firewall_policy}}'
self_link: 'locations/global/firewallPolicies/{{firewall_policy}}/getAssociation?name={{name}}'
create_url: 'locations/global/firewallPolicies/{{firewall_policy}}/addAssociation'
delete_url: 'locations/global/firewallPolicies/{{firewall_policy}}/removeAssociation?name={{name}}'
delete_verb: 'POST'
immutable: true
import_format:
- 'locations/global/firewallPolicies/{{firewall_policy}}/associations/{{name}}'
- '{{firewall_policy}}/{{name}}'
timeouts:
insert_minutes: 20
update_minutes: 20
delete_minutes: 20
custom_code:
pre_read: 'templates/terraform/pre_read/compute_firewall_policy_association.go.tmpl'
post_create: 'templates/terraform/post_create/compute_firewall_policy_association_operation.go.tmpl'
post_delete: 'templates/terraform/post_delete/compute_firewall_policy_association_operation.go.tmpl'
custom_diff:
- 'tpgresource.DefaultProviderProject'
examples:
- name: 'firewall_policy_association'
primary_resource_id: 'default'
vars:
policy_name: 'my-policy'
association_name: 'my-association'
folder_name: 'my-folder'
test_env_vars:
org_id: 'ORG_ID'
exclude_test: true
parameters:
- name: 'firewallPolicy'
type: ResourceRef
description: |
The firewall policy of the resource.
ignore_read: true
required: true
immutable: true
diff_suppress_func: 'tpgresource.CompareResourceNames'
custom_expand: 'templates/terraform/custom_expand/compute_firewall_policy_association.go.tmpl'
resource: 'FirewallPolicy'
imports: 'name'
properties:
- name: 'name'
type: String
description: |
The name for an association.
required: true
- name: 'attachmentTarget'
type: String
description: |
The target that the firewall policy is attached to.
required: true
diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName'
- name: 'shortName'
type: String
description: |
The short name of the firewall policy of the association.
output: true
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
func expand{{$.GetPrefix}}{{$.TitlelizeProperty}}(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
firewallPolicyId := tpgresource.GetResourceNameFromSelfLink(v.(string))
if err := d.Set("firewall_policy", firewallPolicyId); err != nil {
return nil, fmt.Errorf("Error setting firewall_policy: %s", err)
}
return firewallPolicyId, nil
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
resource "google_folder" "folder" {
display_name = "{{index $.Vars "folder_name"}}"
parent = "organizations/{{index $.TestEnvVars "org_id"}}"
deletion_protection = false
}

resource "google_compute_firewall_policy" "policy" {
parent = "organizations/{{index $.TestEnvVars "org_id"}}"
short_name = "{{index $.Vars "policy_name"}}"
description = "Example Resource"
}

resource "google_compute_firewall_policy_association" "{{$.PrimaryResourceId}}" {
firewall_policy = google_compute_firewall_policy.policy.id
attachment_target = google_folder.folder.name
name = "{{index $.Vars "association_name"}}"
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
parent := d.Get("firewall_policy").(string)
var opRes map[string]interface{}
err = ComputeOrgOperationWaitTimeWithResponse(
config, res, &opRes, parent, "Creating FirewallPolicyAssociation", userAgent,
d.Timeout(schema.TimeoutCreate))

if err != nil {
// The resource didn't actually create
d.SetId("")
return fmt.Errorf("Error waiting to create FirewallPolicyAssociation: %s", err)
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
parent := d.Get("firewall_policy").(string)
var opRes map[string]interface{}
err = ComputeOrgOperationWaitTimeWithResponse(
config, res, &opRes, parent, "Deleting FirewallPolicyAssociation", userAgent,
d.Timeout(schema.TimeoutCreate))

if err != nil {
// The resource didn't actually create
d.SetId("")
return fmt.Errorf("Error waiting to delete FirewallPolicyAssociation: %s", err)
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
expandComputeFirewallPolicyAssociationFirewallPolicy(d.Get("firewall_policy"), d, config)
url, err = tpgresource.ReplaceVars(d, config, "{{"{{"}}ComputeBasePath{{"}}"}}locations/global/firewallPolicies/{{"{{"}}firewall_policy{{"}}"}}/getAssociation?name={{"{{"}}name{{"}}"}}")
if err != nil {
return err
}
Original file line number Diff line number Diff line change
Expand Up @@ -62,3 +62,53 @@ resource "google_compute_firewall_policy_association" "default" {
}
`, context)
}

func TestAccComputeFirewallPolicyAssociation_organization(t *testing.T) {
t.Parallel()

context := map[string]interface{}{
"random_suffix": acctest.RandString(t, 10),
"org_name": fmt.Sprintf("organizations/%s", envvar.GetTestOrgFromEnv(t)),
}

acctest.VcrTest(t, resource.TestCase{
PreCheck: func() { acctest.AccTestPreCheck(t) },
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
ExternalProviders: map[string]resource.ExternalProvider{
"time": {},
},
Steps: []resource.TestStep{
{
Config: testAccComputeFirewallPolicyAssociation_organization(context),
},
{
ResourceName: "google_compute_firewall_policy_association.default",
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"firewall_policy"},
},
},
})
}

func testAccComputeFirewallPolicyAssociation_organization(context map[string]interface{}) string {
return acctest.Nprintf(`
resource "google_folder" "folder" {
display_name = "tf-test-my-folder-%{random_suffix}"
parent = "%{org_name}"
deletion_protection = false
}
resource "google_compute_firewall_policy" "policy" {
parent = "%{org_name}"
short_name = "tf-test-my-policy-%{random_suffix}"
description = "Example Resource"
}
resource "google_compute_firewall_policy_association" "default" {
firewall_policy = google_compute_firewall_policy.policy.id
attachment_target = google_folder.folder.name
name = "tf-test-my-association-%{random_suffix}"
}
`, context)
}

This file was deleted.

This file was deleted.

4 changes: 0 additions & 4 deletions tpgtools/overrides/compute/firewall_policy_association.yaml

This file was deleted.

0 comments on commit 613bdae

Please sign in to comment.