diff --git a/mmv1/products/beyondcorp/api.yaml b/mmv1/products/beyondcorp/api.yaml new file mode 100644 index 000000000000..c6ecdc98fbe9 --- /dev/null +++ b/mmv1/products/beyondcorp/api.yaml @@ -0,0 +1,215 @@ +# Copyright 2022 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: Beyondcorp +display_name: Google BeyondCorp +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://beyondcorp.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/cloud-platform +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Beyondcorp API + url: https://console.cloud.google.com/apis/library/beyondcorp.googleapis.com/ +objects: + - !ruby/object:Api::Resource + name: 'AppConnector' + description: | + A BeyondCorp AppConnector resource represents an application facing component deployed proximal to + and with direct access to the application instances. It is used to establish connectivity between the + remote enterprise environment and GCP. It initiates connections to the applications and can proxy the + data from users over the connection. + references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/beyondcorp-enterprise/docs/enable-app-connector' + api: 'https://cloud.google.com/beyondcorp/docs/reference/rest#rest-resource:-v1.projects.locations.appconnectors' + base_url: projects/{{project}}/locations/{{region}}/appConnectors + self_link: projects/{{project}}/locations/{{region}}/appConnectors/{{name}} + create_url: projects/{{project}}/locations/{{region}}/appConnectors?app_connector_id={{name}} + update_verb: :PATCH + update_mask: true + async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' + properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + input: true + description: | + ID of the AppConnector. + url_param_only: true + - !ruby/object:Api::Type::String + name: 'region' + description: | + The region of the AppConnector. + input: true + url_param_only: true + - !ruby/object:Api::Type::String + name: 'displayName' + description: | + An arbitrary user-provided name for the AppConnector. + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + Resource labels to represent user provided metadata. + - !ruby/object:Api::Type::NestedObject + name: 'principalInfo' + description: | + Principal information about the Identity of the AppConnector. + required: true + properties: + - !ruby/object:Api::Type::NestedObject + name: 'serviceAccount' + description: | + ServiceAccount represents a GCP service account. + required: true + properties: + - !ruby/object:Api::Type::String + name: 'email' + description: | + Email address of the service account. + required: true + - !ruby/object:Api::Type::Enum + name: 'state' + output: true + description: | + Represents the different states of a AppConnector. + values: + - :STATE_UNSPECIFIED + - :CREATING + - :CREATED + - :UPDATING + - :DELETING + - :DOWN + - !ruby/object:Api::Resource + name: 'AppGateway' + description: | + A BeyondCorp AppGateway resource represents a BeyondCorp protected AppGateway to a remote application. It creates + all the necessary GCP components needed for creating a BeyondCorp protected AppGateway. Multiple connectors can be + authorised for a single AppGateway. + references: !ruby/object:Api::Resource::ReferenceLinks + guides: + 'Official Documentation': 'https://cloud.google.com/beyondcorp-enterprise/docs/enable-app-connector' + api: 'https://cloud.google.com/beyondcorp/docs/reference/rest#rest-resource:-v1.projects.locations.appgateways' + base_url: projects/{{project}}/locations/{{region}}/appGateways + self_link: projects/{{project}}/locations/{{region}}/appGateways/{{name}} + create_url: projects/{{project}}/locations/{{region}}/appGateways?app_gateway_id={{name}} + # This resources is not updatable + input: true + async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 1000 + timeouts: !ruby/object:Api::Timeouts + insert_minutes: 20 + delete_minutes: 20 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' + properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + input: true + description: | + ID of the AppGateway. + url_param_only: true + - !ruby/object:Api::Type::String + name: 'region' + description: | + The region of the AppGateway. + input: true + url_param_only: true + - !ruby/object:Api::Type::Enum + name: 'type' + description: | + The type of network connectivity used by the AppGateway. + values: + - :TYPE_UNSPECIFIED + - :TCP_PROXY + default_value: :TYPE_UNSPECIFIED + - !ruby/object:Api::Type::Enum + name: 'hostType' + description: | + The type of hosting used by the AppGateway. + values: + - :HOST_TYPE_UNSPECIFIED + - :GCP_REGIONAL_MIG + default_value: :HOST_TYPE_UNSPECIFIED + - !ruby/object:Api::Type::String + name: 'displayName' + description: | + An arbitrary user-provided name for the AppGateway. + - !ruby/object:Api::Type::KeyValuePairs + name: 'labels' + description: | + Resource labels to represent user provided metadata. + - !ruby/object:Api::Type::Enum + name: 'state' + output: true + description: | + Represents the different states of a AppGateway. + values: + - :STATE_UNSPECIFIED + - :CREATING + - :CREATED + - :UPDATING + - :DELETING + - :DOWN + - !ruby/object:Api::Type::String + name: 'uri' + output: true + description: | + Server-defined URI for this resource. + - !ruby/object:Api::Type::NestedObject + name: 'allocatedConnections' + description: | + A list of connections allocated for the Gateway. + output: true + properties: + - !ruby/object:Api::Type::String + name: 'pscUri' + description: | + The PSC uri of an allocated connection. + - !ruby/object:Api::Type::Integer + name: 'ingressPort' + description: | + The ingress port of an allocated connection. diff --git a/mmv1/products/beyondcorp/terraform.yaml b/mmv1/products/beyondcorp/terraform.yaml new file mode 100644 index 000000000000..c149f2326ca2 --- /dev/null +++ b/mmv1/products/beyondcorp/terraform.yaml @@ -0,0 +1,55 @@ +# Copyright 2022 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Provider::Terraform::Config +overrides: !ruby/object:Overrides::ResourceOverrides + AppConnector: !ruby/object:Overrides::Terraform::ResourceOverride + autogen_async: true + examples: + - !ruby/object:Provider::Terraform::Examples + name: "beyondcorp_app_connector_basic" + primary_resource_id: "app_connector" + primary_resource_name: "fmt.Sprintf(\"tf_test_my_app_connector%s\", context[\"random_suffix\"])" + vars: + app_connector_name: "my-app-connector" + account_id: "my-account" + - !ruby/object:Provider::Terraform::Examples + name: "beyondcorp_app_connector_full" + primary_resource_id: "app_connector" + primary_resource_name: "fmt.Sprintf(\"tf_test_my_app_connector%s\", context[\"random_suffix\"])" + vars: + app_connector_name: "my-app-connector" + account_id: "my-account" + display_name: "some display name" + AppGateway: !ruby/object:Overrides::Terraform::ResourceOverride + autogen_async: true + examples: + - !ruby/object:Provider::Terraform::Examples + name: "beyondcorp_app_gateway_basic" + primary_resource_id: "app_gateway" + primary_resource_name: "fmt.Sprintf(\"tf_test_my_app_gateway%s\", context[\"random_suffix\"])" + vars: + app_gateway_name: "my-app-gateway" + - !ruby/object:Provider::Terraform::Examples + name: "beyondcorp_app_gateway_full" + primary_resource_id: "app_gateway" + primary_resource_name: "fmt.Sprintf(\"tf_test_my_app_gateway%s\", context[\"random_suffix\"])" + vars: + app_gateway_name: "my-app-gateway" + display_name: "some display name" +# This is for copying files over +files: !ruby/object:Provider::Config::Files + # These files have templating (ERB) code that will be run. + # This is usually to add licensing info, autogeneration notices, etc. + compile: +<%= lines(indent(compile('provider/terraform/product~compile.yaml'), 4)) -%> diff --git a/mmv1/templates/terraform/examples/beyondcorp_app_connector_basic.tf.erb b/mmv1/templates/terraform/examples/beyondcorp_app_connector_basic.tf.erb new file mode 100644 index 000000000000..7283a1e85895 --- /dev/null +++ b/mmv1/templates/terraform/examples/beyondcorp_app_connector_basic.tf.erb @@ -0,0 +1,13 @@ +resource "google_service_account" "service_account" { + account_id = "<%= ctx[:vars]['account_id'] %>" + display_name = "Test Service Account" +} + +resource "google_beyondcorp_app_connector" "<%= ctx[:primary_resource_id] %>" { + name = "<%= ctx[:vars]['app_connector_name'] %>" + principal_info { + service_account { + email = google_service_account.service_account.email + } + } +} diff --git a/mmv1/templates/terraform/examples/beyondcorp_app_connector_full.tf.erb b/mmv1/templates/terraform/examples/beyondcorp_app_connector_full.tf.erb new file mode 100644 index 000000000000..0c7b0ec7f9f6 --- /dev/null +++ b/mmv1/templates/terraform/examples/beyondcorp_app_connector_full.tf.erb @@ -0,0 +1,19 @@ +resource "google_service_account" "service_account" { + account_id = "<%= ctx[:vars]['account_id'] %>" + display_name = "Test Service Account" +} + +resource "google_beyondcorp_app_connector" "<%= ctx[:primary_resource_id] %>" { + name = "<%= ctx[:vars]['app_connector_name'] %>" + region = "us-central1" + display_name = "<%= ctx[:vars]['display_name'] %>" + principal_info { + service_account { + email = google_service_account.service_account.email + } + } + labels = { + foo = "bar" + bar = "baz" + } +} diff --git a/mmv1/templates/terraform/examples/beyondcorp_app_gateway_basic.tf.erb b/mmv1/templates/terraform/examples/beyondcorp_app_gateway_basic.tf.erb new file mode 100644 index 000000000000..d2fc02495768 --- /dev/null +++ b/mmv1/templates/terraform/examples/beyondcorp_app_gateway_basic.tf.erb @@ -0,0 +1,6 @@ +resource "google_beyondcorp_app_gateway" "<%= ctx[:primary_resource_id] %>" { + name = "<%= ctx[:vars]['app_gateway_name'] %>" + type = "TCP_PROXY" + region = "us-central1" + host_type = "GCP_REGIONAL_MIG" +} diff --git a/mmv1/templates/terraform/examples/beyondcorp_app_gateway_full.tf.erb b/mmv1/templates/terraform/examples/beyondcorp_app_gateway_full.tf.erb new file mode 100644 index 000000000000..dc12eba23422 --- /dev/null +++ b/mmv1/templates/terraform/examples/beyondcorp_app_gateway_full.tf.erb @@ -0,0 +1,11 @@ +resource "google_beyondcorp_app_gateway" "<%= ctx[:primary_resource_id] %>" { + name = "<%= ctx[:vars]['app_gateway_name'] %>" + type = "TCP_PROXY" + region = "us-central1" + display_name = "<%= ctx[:vars]['display_name'] %>" + labels = { + foo = "bar" + bar = "baz" + } + host_type = "GCP_REGIONAL_MIG" +} diff --git a/mmv1/third_party/terraform/tests/resource_beyondcorp_app_connector_test.go b/mmv1/third_party/terraform/tests/resource_beyondcorp_app_connector_test.go new file mode 100644 index 000000000000..786b44cd6e8c --- /dev/null +++ b/mmv1/third_party/terraform/tests/resource_beyondcorp_app_connector_test.go @@ -0,0 +1,63 @@ +package google + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" +) + +func TestAccBeyondcorpAppConnector_beyondcorpAppConnectorUpdateExample(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": randString(t, 10), + } + + vcrTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckBeyondcorpAppConnectorDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccBeyondcorpAppConnector_beyondcorpAppConnectorBasicExample(context), + }, + { + ResourceName: "google_beyondcorp_app_connector.app_connector", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"name", "region"}, + }, + { + Config: testAccBeyondcorpAppConnector_beyondcorpAppConnectorUpdateExample(context), + }, + { + ResourceName: "google_beyondcorp_app_connector.app_connector", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"name", "region"}, + }, + { + Config: testAccBeyondcorpAppConnector_beyondcorpAppConnectorBasicExample(context), + }, + }, + }) +} + +func testAccBeyondcorpAppConnector_beyondcorpAppConnectorUpdateExample(context map[string]interface{}) string { + return Nprintf(` +resource "google_service_account" "service_account" { + account_id = "tf-test-my-account%{random_suffix}" + display_name = "Test Service Account" +} + +resource "google_beyondcorp_app_connector" "app_connector" { + name = "tf-test-my-app-connector%{random_suffix}" + principal_info { + service_account { + email = google_service_account.service_account.email + } + } + display_name = "Some display name" +} +`, context) +}