Added new profile type "URL_FILTERING" for SecurityProfile (#13342) (#24583)

modular-magician · web-flow · commit 732d1c6c8d73 · 2025-10-03T09:32:06.000-07:00
[upstream:571484033a581bd2b8289ba6b8da527012f4db95]

Signed-off-by: Modular Magician &lt;magic-modules@google.com&gt;
diff --git a/.changelog/13342.txt b/.changelog/13342.txt
@@ -0,0 +1,9 @@
+```release-note:enhancement
+networksecurity: added `URL_FILTERING` option to enum field `type` for `google_network_security_security_profile` resource
+```
+```release-note:enhancement
+networksecurity: added `url_filtering_profile` field  to `google_network_security_security_profile` resource (beta)
+```
+```release-note:enhancement
+networksecurity: added `url_filtering_profile` field  to `google_network_security_security_profile_group` resource (beta)
+```
diff --git a/google/services/networksecurity/resource_network_security_security_profile.go b/google/services/networksecurity/resource_network_security_security_profile.go
@@ -67,8 +67,8 @@ func ResourceNetworkSecuritySecurityProfile() *schema.Resource {
 				Type:         schema.TypeString,
 				Required:     true,
 				ForceNew:     true,
-				ValidateFunc: verify.ValidateEnum([]string{"THREAT_PREVENTION", "CUSTOM_MIRRORING", "CUSTOM_INTERCEPT"}),
-				Description:  `The type of security profile. Possible values: ["THREAT_PREVENTION", "CUSTOM_MIRRORING", "CUSTOM_INTERCEPT"]`,
+				ValidateFunc: verify.ValidateEnum([]string{"THREAT_PREVENTION", "URL_FILTERING", "CUSTOM_MIRRORING", "CUSTOM_INTERCEPT"}),
+				Description:  `The type of security profile. Possible values: ["THREAT_PREVENTION", "URL_FILTERING", "CUSTOM_MIRRORING", "CUSTOM_INTERCEPT"]`,
 			},
 			"custom_intercept_profile": {
 				Type:     schema.TypeList,
diff --git a/google/services/networksecurity/resource_network_security_security_profile_test.go b/google/services/networksecurity/resource_network_security_security_profile_test.go
@@ -8,7 +8,7 @@
 //
 //	This code is generated by Magic Modules using the following:
 //
-//	Source file: https://github.com/GoogleCloudPlatform/magic-modules/tree/main/mmv1/third_party/terraform/services/networksecurity/resource_network_security_security_profile_test.go
+//	Source file: https://github.com/GoogleCloudPlatform/magic-modules/tree/main/mmv1/third_party/terraform/services/networksecurity/resource_network_security_security_profile_test.go.tmpl
 //
 //	DO NOT EDIT this file directly. Any changes made to this file will be
 //	overwritten during the next generation cycle.
diff --git a/website/docs/r/network_security_security_profile.html.markdown b/website/docs/r/network_security_security_profile.html.markdown
@@ -150,6 +150,35 @@ resource "google_network_security_security_profile" "default" {
   }
 }
 ```
+## Example Usage - Network Security Security Profile Url Filtering
+
+
+```hcl
+resource "google_network_security_security_profile" "default" {
+  provider    = google-beta
+  name        = "my-security-profile"
+  parent      = "organizations/123456789"
+  description = "my description"
+  type        = "URL_FILTERING"
+
+  url_filtering_profile {
+    url_filters {
+      priority = 1
+      filtering_action   = "ALLOW"
+      urls = ["*example.com", "*about.example.com", "*help.example.com"]
+    }
+    url_filters {
+      priority = 2
+      filtering_action   = "DENY"
+      urls = ["*restricted.example.com"]
+    }
+  }
+
+  labels = {
+    foo = "bar"
+  }
+}
+```
 
 ## Argument Reference
 
@@ -159,7 +188,7 @@ The following arguments are supported:
 * `type` -
   (Required)
   The type of security profile.
-  Possible values are: `THREAT_PREVENTION`, `CUSTOM_MIRRORING`, `CUSTOM_INTERCEPT`.
+  Possible values are: `THREAT_PREVENTION`, `URL_FILTERING`, `CUSTOM_MIRRORING`, `CUSTOM_INTERCEPT`.
 
 * `name` -
   (Required)
@@ -182,6 +211,11 @@ The following arguments are supported:
   The threat prevention configuration for the security profile.
   Structure is [documented below](#nested_threat_prevention_profile).
 
+* `url_filtering_profile` -
+  (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
+  The url filtering configuration for the security profile.
+  Structure is [documented below](#nested_url_filtering_profile).
+
 * `custom_mirroring_profile` -
   (Optional)
   The configuration for defining the Mirroring Endpoint Group used to
@@ -265,6 +299,34 @@ The following arguments are supported:
   Threat action override. For some threat types, only a subset of actions applies.
   Possible values are: `ALERT`, `ALLOW`, `DEFAULT_ACTION`, `DENY`.
 
+<a name="nested_url_filtering_profile"></a>The `url_filtering_profile` block supports:
+
+* `url_filters` -
+  (Optional)
+  The configuration for action to take based on domain name match.
+  A domain name would be checked for matching filters through the list in order of highest to lowest priority,
+  and the first filter that a domain name matches with is the one whose actions gets applied.
+  Structure is [documented below](#nested_url_filtering_profile_url_filters).
+
+
+<a name="nested_url_filtering_profile_url_filters"></a>The `url_filters` block supports:
+
+* `filtering_action` -
+  (Required)
+  The action to take when the filter is applied.
+  Possible values are: `ALLOW`, `DENY`.
+
+* `urls` -
+  (Optional)
+  A list of domain matcher strings that a domain name gets compared with to determine if the filter is applicable.
+  A domain name must match with at least one of the strings in the list for a filter to be applicable.
+
+* `priority` -
+  (Required)
+  The priority of the filter within the URL filtering profile.
+  Must be an integer from 0 and 2147483647, inclusive. Lower integers indicate higher priorities.
+  The priority of a filter must be unique within a URL filtering profile.
+
 <a name="nested_custom_mirroring_profile"></a>The `custom_mirroring_profile` block supports:
 
 * `mirroring_endpoint_group` -
diff --git a/website/docs/r/network_security_security_profile_group.html.markdown b/website/docs/r/network_security_security_profile_group.html.markdown
@@ -141,6 +141,38 @@ resource "google_network_security_security_profile_group" "default" {
   custom_intercept_profile = google_network_security_security_profile.default.id
 }
 ```
+## Example Usage - Network Security Security Profile Group Url Filtering
+
+
+```hcl
+resource "google_network_security_security_profile_group" "default" {
+  provider                  = google-beta
+  name                      = "sec-profile-group"
+  parent                    = "organizations/123456789"
+  description               = "my description"
+  url_filtering_profile     = google_network_security_security_profile.security_profile.id
+
+  labels = {
+    foo = "bar"
+  }
+}
+
+resource "google_network_security_security_profile" "security_profile" {
+  provider    = google-beta
+  name        = "sec-profile"
+  location    = "global"
+  type        = "URL_FILTERING"
+
+  url_filtering_profile {
+    url_filters {
+      priority = 1
+      filtering_action   = "ALLOW"
+      urls = ["*example.com", "*about.example.com", "*help.example.com"]
+    }
+  }
+  parent = "organizations/123456789"
+}
+```
 
 ## Argument Reference
 
@@ -167,6 +199,10 @@ The following arguments are supported:
   (Optional)
   Reference to a SecurityProfile with the threat prevention configuration for the SecurityProfileGroup.
 
+* `url_filtering_profile` -
+  (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
+  Reference to a SecurityProfile with the URL filtering configuration for the SecurityProfileGroup.
+
 * `custom_mirroring_profile` -
   (Optional)
   Reference to a SecurityProfile with the custom mirroring configuration for the SecurityProfileGroup.
