Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added new resource "Security Policy Rule" #10434

Merged
merged 13 commits into from
Apr 23, 2024
Merged

Added new resource "Security Policy Rule" #10434

merged 13 commits into from
Apr 23, 2024

Conversation

matheusaleixo-cit
Copy link
Contributor

@matheusaleixo-cit matheusaleixo-cit commented Apr 12, 2024
edited
Loading

Adds a new resource "google_compute_security_policy_rule", allowing an alternative to handling rules in the security policy resource itself. Functionally similar to regional security policy rules.

FIxes: hashicorp/terraform-provider-google#5622

Release Note Template for Downstream PRs (will be copied)

`google_compute_security_policy_rule`

@matheusaleixo-cit
- Added new resource "SecurityPolicyRule" & related examples & basic …
58e1c2c 
…tests;

- Added "patchRule" test to "SecurityPolicy";
- Added default value for "adaptive_protection_config > layer_7_ddos_defense_config > enable";
@modular-magician modular-magician added the awaiting-approval Pull requests that needs reviewer's approval to run presubmit tests label Apr 12, 2024
@matheusaleixo-cit matheusaleixo-cit marked this pull request as ready for review April 16, 2024 20:03
@github-actions github-actions bot requested a review from shuyama1 April 16, 2024 20:04
@github-actions GitHub Actions
Copy link

Hello! I am a robot. Tests will require approval from a repository maintainer to run.

@shuyama1, a repository maintainer, has been assigned to review your changes. If you have not received review feedback within 2 business days, please leave a comment on this PR asking them to take a look.

You can help make sure that review is quick by doing a self-review and by running impacted tests locally.

@modular-magician modular-magician removed the awaiting-approval Pull requests that needs reviewer's approval to run presubmit tests label Apr 17, 2024
@modular-magician
Copy link
Collaborator

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 2 files changed, 360 insertions(+))
google-beta provider: Diff ( 6 files changed, 2063 insertions(+), 2 deletions(-))
terraform-google-conversion: Diff ( 1 file changed, 360 insertions(+))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_compute_security_policy_rule (8 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_compute_security_policy_rule" "primary" {
  match = # value needed
  match {
    config = # value needed
    expr   = # value needed
    expr {
      description = # value needed
      location    = # value needed
      title       = # value needed
    }
  }
  network_match = # value needed
  network_match {
    dest_ip_ranges      = # value needed
    dest_ports          = # value needed
    ip_protocols        = # value needed
    src_asns            = # value needed
    src_ip_ranges       = # value needed
    src_ports           = # value needed
    src_region_codes    = # value needed
    user_defined_fields = # value needed
    user_defined_fields {
      name   = # value needed
      values = # value needed
    }
  }
  project = # value needed
}

@modular-magician
Copy link
Collaborator

Tests analytics

Total tests: 903
Passed tests: 826
Skipped tests: 72
Affected tests: 5

Click here to see the affected service packages
  • compute

Action taken

Found 5 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
TestAccComputeSecurityPolicyRule_basicUpdate|TestAccComputeSecurityPolicyRule_extendedUpdate|TestAccComputeSecurityPolicyRule_securityPolicyRuleBasicExample|TestAccComputeSecurityPolicyRule_securityPolicyRuleMultipleRulesExample|TestAccComputeSecurityPolicyRule_withRuleExpr

Get to know how VCR tests work

@modular-magician
Copy link
Collaborator

$\textcolor{green}{\textsf{Tests passed during RECORDING mode:}}$
TestAccComputeSecurityPolicyRule_basicUpdate[Debug log]
TestAccComputeSecurityPolicyRule_extendedUpdate[Debug log]
TestAccComputeSecurityPolicyRule_securityPolicyRuleBasicExample[Debug log]
TestAccComputeSecurityPolicyRule_securityPolicyRuleMultipleRulesExample[Debug log]
TestAccComputeSecurityPolicyRule_withRuleExpr[Debug log]

$\textcolor{green}{\textsf{No issues found for passed tests after REPLAYING rerun.}}$

$\textcolor{green}{\textsf{All tests passed!}}$
View the build log or the debug log for each test

@modular-magician modular-magician added the awaiting-approval Pull requests that needs reviewer's approval to run presubmit tests label Apr 18, 2024
shuyama1
shuyama1 reviewed Apr 18, 2024
View reviewed changes
mmv1/templates/terraform/examples/security_policy_rule_basic.tf.erb Outdated
@@ -0,0 +1,23 @@
resource "google_compute_security_policy" "default" {
provider = google-beta
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm still in the middle of reviewing this PR. A quick suggestion is removing provider = google-beta in the examples as this resource + its examples are no longer marked as beta-only in the latest commit

@github-actions github-actions bot requested a review from shuyama1 April 18, 2024 19:07
@modular-magician modular-magician removed the awaiting-approval Pull requests that needs reviewer's approval to run presubmit tests label Apr 18, 2024
@modular-magician
Copy link
Collaborator

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 6 files changed, 2871 insertions(+), 2 deletions(-))
google-beta provider: Diff ( 6 files changed, 2871 insertions(+), 2 deletions(-))
terraform-google-conversion: Diff ( 1 file changed, 598 insertions(+))
Open in Cloud Shell: Diff ( 8 files changed, 254 insertions(+))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_compute_security_policy_rule (11 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_compute_security_policy_rule" "primary" {
  match {
    expr {
      description = # value needed
      location    = # value needed
      title       = # value needed
    }
  }
  network_match {
    dest_ip_ranges   = # value needed
    dest_ports       = # value needed
    ip_protocols     = # value needed
    src_asns         = # value needed
    src_ip_ranges    = # value needed
    src_ports        = # value needed
    src_region_codes = # value needed
    user_defined_fields {
      name   = # value needed
      values = # value needed
    }
  }
  preconfigured_waf_config {
    exclusion {
      request_cookie {
        value = # value needed
      }
    }
  }
  project = # value needed
}

@modular-magician
Copy link
Collaborator

Tests analytics

Total tests: 904
Passed tests: 831
Skipped tests: 72
Affected tests: 1

Click here to see the affected service packages
  • compute

Action taken

Found 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
TestAccComputeSecurityPolicyRule_withPreconfiguredWafConfig

Get to know how VCR tests work

@modular-magician
Copy link
Collaborator

$\textcolor{green}{\textsf{Tests passed during RECORDING mode:}}$
TestAccComputeSecurityPolicyRule_withPreconfiguredWafConfig[Debug log]

$\textcolor{green}{\textsf{No issues found for passed tests after REPLAYING rerun.}}$

$\textcolor{green}{\textsf{All tests passed!}}$
View the build log or the debug log for each test

@modular-magician modular-magician added awaiting-approval Pull requests that needs reviewer's approval to run presubmit tests and removed awaiting-approval Pull requests that needs reviewer's approval to run presubmit tests labels Apr 18, 2024
@modular-magician
Copy link
Collaborator

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 6 files changed, 2871 insertions(+), 2 deletions(-))
google-beta provider: Diff ( 6 files changed, 2871 insertions(+), 2 deletions(-))
terraform-google-conversion: Diff ( 1 file changed, 598 insertions(+))
Open in Cloud Shell: Diff ( 8 files changed, 254 insertions(+))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_compute_security_policy_rule (11 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_compute_security_policy_rule" "primary" {
  match {
    expr {
      description = # value needed
      location    = # value needed
      title       = # value needed
    }
  }
  network_match {
    dest_ip_ranges   = # value needed
    dest_ports       = # value needed
    ip_protocols     = # value needed
    src_asns         = # value needed
    src_ip_ranges    = # value needed
    src_ports        = # value needed
    src_region_codes = # value needed
    user_defined_fields {
      name   = # value needed
      values = # value needed
    }
  }
  preconfigured_waf_config {
    exclusion {
      request_cookie {
        value = # value needed
      }
    }
  }
  project = # value needed
}

@modular-magician
Copy link
Collaborator

Tests analytics

Total tests: 904
Passed tests: 832
Skipped tests: 72
Affected tests: 0

Click here to see the affected service packages
  • compute

$\textcolor{green}{\textsf{All tests passed!}}$
View the build log

matheusaleixo-cit
matheusaleixo-cit commented Apr 19, 2024
View reviewed changes
mmv1/templates/terraform/examples/security_policy_rule_default_rule.tf.erb
type = "CLOUD_ARMOR"
}

# A default rule is generated when creating the security_policy resource, import is needed to patch it
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The same issue exists in the regional security policy rule resource: hashicorp/terraform-provider-google#15687

@modular-magician modular-magician added the awaiting-approval Pull requests that needs reviewer's approval to run presubmit tests label Apr 19, 2024
@matheusaleixo-cit
Copy link
Contributor Author

matheusaleixo-cit commented Apr 19, 2024
edited
Loading

I commented out the fields inside the "network_match" block, and "title", "description" and "network" in the "expr" block.
Those fields are presented in the API docs, but doesn't seen to be supported. The "expr" fields don't update the values in the resource at all when testing the patchRule endpoint, and "network_match" is only used for policies of type CLOUD_ARMOR_NETWORK, which the global security policy resource does not support.

shuyama1
shuyama1 reviewed Apr 19, 2024
View reviewed changes
mmv1/third_party/terraform/services/compute/resource_compute_security_policy_rule_test.go.erb Outdated
Comment on lines 27 to 39
{
ResourceName: "google_compute_security_policy_rule.policy_rule",
ImportState: true,
ImportStateVerify: true,
},
{
Config: testAccComputeSecurityPolicyRule_postBasicUpdate(context),
},
{
ResourceName: "google_compute_security_policy_rule.policy_rule",
ImportState: true,
ImportStateVerify: true,
},
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

only nit - we use tabs here for spacing (we only use spaces for indentation in the resource configs)

mmv1/third_party/terraform/services/compute/resource_compute_security_policy_rule_test.go.erb Outdated
Comment on lines 59 to 63
{
ResourceName: "google_compute_security_policy_rule.policy_rule",
ImportState: true,
ImportStateVerify: true,
},
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit - spacing

mmv1/third_party/terraform/services/compute/resource_compute_security_policy_rule_test.go.erb Outdated
Comment on lines 83 to 90
{
ResourceName: "google_compute_security_policy_rule.policy_rule",
ImportState: true,
ImportStateVerify: true,
},
{
Config: testAccComputeSecurityPolicyRule_extPosUpdateSamePriority(context),
ExpectError: regexp.MustCompile("Cannot have rules with the same priorities."),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit - spacing

mmv1/third_party/terraform/services/compute/resource_compute_security_policy_rule_test.go.erb Outdated
Comment on lines 92 to 104
{
ResourceName: "google_compute_security_policy_rule.policy_rule",
ImportState: true,
ImportStateVerify: true,
},
{
Config: testAccComputeSecurityPolicyRule_extPosUpdate(context),
},
{
ResourceName: "google_compute_security_policy_rule.policy_rule",
ImportState: true,
ImportStateVerify: true,
},
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit - spacing

mmv1/third_party/terraform/services/compute/resource_compute_security_policy_rule_test.go.erb Outdated
Comment on lines 124 to 139
{
ResourceName: "google_compute_security_policy_rule.policy_rule",
ImportState: true,
ImportStateVerify: true,
},
{
Config: testAccComputeSecurityPolicyRule_withPreconfiguredWafConfig_update(context),
},
{
ResourceName: "google_compute_security_policy_rule.policy_rule",
ImportState: true,
ImportStateVerify: true,
},
{
Config: testAccComputeSecurityPolicyRule_withPreconfiguredWafConfig_clear(context),
Check: resource.ComposeTestCheckFunc(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit - spacing

mmv1/third_party/terraform/services/compute/resource_compute_security_policy_rule_test.go.erb Outdated
Comment on lines 142 to 147
},
{
ResourceName: "google_compute_security_policy_rule.policy_rule",
ImportState: true,
ImportStateVerify: true,
},
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit - spacing

mmv1/products/compute/SecurityPolicyRule.yaml Outdated
description: |
BGP Autonomous System Number associated with the source IP address.
item_type: Api::Type::Integer
# These fields are used for security policies of the type CLOUD_ARMOR_NETWORK, this type is not supported by the global security policy resource.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the following fields won't be supported by the global security policy resource, I think we can just remove them.

@modular-magician modular-magician removed the awaiting-approval Pull requests that needs reviewer's approval to run presubmit tests label Apr 19, 2024
@modular-magician
Copy link
Collaborator

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 6 files changed, 2403 insertions(+), 2 deletions(-))
google-beta provider: Diff ( 6 files changed, 2403 insertions(+), 2 deletions(-))
terraform-google-conversion: Diff ( 1 file changed, 426 insertions(+))
Open in Cloud Shell: Diff ( 8 files changed, 254 insertions(+))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_compute_security_policy_rule (11 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_compute_security_policy_rule" "primary" {
  project = # value needed
}

@modular-magician
Copy link
Collaborator

Tests analytics

Total tests: 904
Passed tests: 831
Skipped tests: 72
Affected tests: 1

Click here to see the affected service packages
  • compute

Action taken

Found 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
TestAccComputeSecurityPolicyRule_withPreconfiguredWafConfig

Get to know how VCR tests work

@modular-magician
Copy link
Collaborator

$\textcolor{green}{\textsf{Tests passed during RECORDING mode:}}$
TestAccComputeSecurityPolicyRule_withPreconfiguredWafConfig[Debug log]

$\textcolor{green}{\textsf{No issues found for passed tests after REPLAYING rerun.}}$

$\textcolor{green}{\textsf{All tests passed!}}$
View the build log or the debug log for each test

@github-actions github-actions bot requested a review from shuyama1 April 22, 2024 12:39
@modular-magician modular-magician added awaiting-approval Pull requests that needs reviewer's approval to run presubmit tests and removed awaiting-approval Pull requests that needs reviewer's approval to run presubmit tests labels Apr 22, 2024
@modular-magician
Copy link
Collaborator

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 6 files changed, 2403 insertions(+), 2 deletions(-))
google-beta provider: Diff ( 6 files changed, 2403 insertions(+), 2 deletions(-))
terraform-google-conversion: Diff ( 1 file changed, 426 insertions(+))
Open in Cloud Shell: Diff ( 8 files changed, 254 insertions(+))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_compute_security_policy_rule (11 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_compute_security_policy_rule" "primary" {
  project = # value needed
}

@modular-magician
Copy link
Collaborator

Tests analytics

Total tests: 904
Passed tests: 832
Skipped tests: 72
Affected tests: 0

Click here to see the affected service packages
  • compute

$\textcolor{green}{\textsf{All tests passed!}}$
View the build log

shuyama1
shuyama1 approved these changes Apr 23, 2024
View reviewed changes
Copy link
Member

@shuyama1 shuyama1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@shuyama1 shuyama1 merged commit 9059b44 into GoogleCloudPlatform:main Apr 23, 2024
14 checks passed
This was referenced Apr 23, 2024
Merged
Merged
Merged
Merged
@matheusaleixo-cit matheusaleixo-cit deleted the add-new-resource-for-rules-to-compute-security-policy branch April 25, 2024 18:53
balanaguharsha pushed a commit to balanaguharsha/magic-modules that referenced this pull request May 2, 2024
@matheusaleixo-cit @balanaguharsha
Added new resource "Security Policy Rule" (GoogleCloudPlatform#10434)
dd487c0
balanaguharsha pushed a commit to balanaguharsha/magic-modules that referenced this pull request May 2, 2024
@matheusaleixo-cit @balanaguharsha
Added new resource "Security Policy Rule" (GoogleCloudPlatform#10434)
db91a3c
BBBmau pushed a commit to BBBmau/magic-modules that referenced this pull request May 8, 2024
@matheusaleixo-cit @BBBmau
Added new resource "Security Policy Rule" (GoogleCloudPlatform#10434)
f8740be
pawelJas pushed a commit to pawelJas/magic-modules that referenced this pull request May 16, 2024
@matheusaleixo-cit @pawelJas
Added new resource "Security Policy Rule" (GoogleCloudPlatform#10434)
4f25195
pengq-google pushed a commit to pengq-google/magic-modules that referenced this pull request May 21, 2024
@matheusaleixo-cit @pengq-google
Added new resource "Security Policy Rule" (GoogleCloudPlatform#10434)
77f3355
Cheriit pushed a commit to Cheriit/magic-modules that referenced this pull request Jun 4, 2024
@matheusaleixo-cit @Cheriit
Added new resource "Security Policy Rule" (GoogleCloudPlatform#10434)
1928399
pcostell pushed a commit to pcostell/magic-modules that referenced this pull request Jul 16, 2024
@matheusaleixo-cit @pcostell
Added new resource "Security Policy Rule" (GoogleCloudPlatform#10434)
af982f3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shuyama1 shuyama1 shuyama1 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add support to add rules to a google_compute_security_policy
3 participants
@matheusaleixo-cit @modular-magician @shuyama1