Add support for Beyondcorp AppConnector resource (GoogleCloudPlatform…

…#6801)

* Add support for Beyondcorp AppConnector resource

* Disabling IAM policy until policy bindings are fixed

* Adding support for Beyondcorp AppGateway resource

* 1. Addressing PR comments
2. Setting appGateway resoruce to be non updatable.
3. Added a test to verify update/patch ot app connector

mmv1/products/beyondcorp/api.yaml

@@ -0,0 +1,215 @@
+# Copyright 2022 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+--- !ruby/object:Api::Product
+name: Beyondcorp
+display_name: Google BeyondCorp
+versions:
+  - !ruby/object:Api::Product::Version
+    name: ga
+    base_url: https://beyondcorp.googleapis.com/v1/
+scopes:
+  - https://www.googleapis.com/auth/cloud-platform
+apis_required:
+  - !ruby/object:Api::Product::ApiReference
+    name: Beyondcorp API
+    url: https://console.cloud.google.com/apis/library/beyondcorp.googleapis.com/
+objects:
+  - !ruby/object:Api::Resource
+    name: 'AppConnector'
+    description: |
+      A BeyondCorp AppConnector resource represents an application facing component deployed proximal to 
+      and with direct access to the application instances. It is used to establish connectivity between the 
+      remote enterprise environment and GCP. It initiates connections to the applications and can proxy the 
+      data from users over the connection.
+    references: !ruby/object:Api::Resource::ReferenceLinks
+      guides:
+        'Official Documentation': 'https://cloud.google.com/beyondcorp-enterprise/docs/enable-app-connector'
+      api: 'https://cloud.google.com/beyondcorp/docs/reference/rest#rest-resource:-v1.projects.locations.appconnectors'
+    base_url: projects/{{project}}/locations/{{region}}/appConnectors
+    self_link: projects/{{project}}/locations/{{region}}/appConnectors/{{name}}
+    create_url: projects/{{project}}/locations/{{region}}/appConnectors?app_connector_id={{name}}
+    update_verb: :PATCH
+    update_mask: true
+    async: !ruby/object:Api::OpAsync
+      operation: !ruby/object:Api::OpAsync::Operation
+        path: 'name'
+        base_url: '{{op_id}}'
+        wait_ms: 1000
+      result: !ruby/object:Api::OpAsync::Result
+        path: 'response'
+        resource_inside_response: true
+      status: !ruby/object:Api::OpAsync::Status
+        path: 'done'
+        complete: true
+        allowed:
+          - true
+          - false
+      error: !ruby/object:Api::OpAsync::Error
+        path: 'error'
+        message: 'message'
+    properties:
+      - !ruby/object:Api::Type::String
+        name: 'name'
+        required: true
+        input: true
+        description: |
+          ID of the AppConnector.
+        url_param_only: true
+      - !ruby/object:Api::Type::String
+        name: 'region'
+        description: |
+          The region of the AppConnector.
+        input: true
+        url_param_only: true
+      - !ruby/object:Api::Type::String
+        name: 'displayName'
+        description: |
+          An arbitrary user-provided name for the AppConnector.
+      - !ruby/object:Api::Type::KeyValuePairs
+        name: 'labels'
+        description: |
+          Resource labels to represent user provided metadata.
+      - !ruby/object:Api::Type::NestedObject
+        name: 'principalInfo'
+        description: |
+          Principal information about the Identity of the AppConnector.
+        required: true
+        properties:
+          - !ruby/object:Api::Type::NestedObject
+            name: 'serviceAccount'
+            description: |
+              ServiceAccount represents a GCP service account.
+            required: true
+            properties:
+              - !ruby/object:Api::Type::String
+                name: 'email'
+                description: |
+                  Email address of the service account.
+                required: true
+      - !ruby/object:Api::Type::Enum
+        name: 'state'
+        output: true
+        description: |
+           Represents the different states of a AppConnector.
+        values:
+          - :STATE_UNSPECIFIED
+          - :CREATING
+          - :CREATED
+          - :UPDATING
+          - :DELETING
+          - :DOWN
+  - !ruby/object:Api::Resource
+    name: 'AppGateway'
+    description: |
+      A BeyondCorp AppGateway resource represents a BeyondCorp protected AppGateway to a remote application. It creates 
+      all the necessary GCP components needed for creating a BeyondCorp protected AppGateway. Multiple connectors can be 
+      authorised for a single AppGateway.
+    references: !ruby/object:Api::Resource::ReferenceLinks
+      guides:
+        'Official Documentation': 'https://cloud.google.com/beyondcorp-enterprise/docs/enable-app-connector'
+      api: 'https://cloud.google.com/beyondcorp/docs/reference/rest#rest-resource:-v1.projects.locations.appgateways'
+    base_url: projects/{{project}}/locations/{{region}}/appGateways
+    self_link: projects/{{project}}/locations/{{region}}/appGateways/{{name}}
+    create_url: projects/{{project}}/locations/{{region}}/appGateways?app_gateway_id={{name}}
+    # This resources is not updatable
+    input: true
+    async: !ruby/object:Api::OpAsync
+      operation: !ruby/object:Api::OpAsync::Operation
+        path: 'name'
+        base_url: '{{op_id}}'
+        wait_ms: 1000
+        timeouts: !ruby/object:Api::Timeouts
+          insert_minutes: 20
+          delete_minutes: 20
+      result: !ruby/object:Api::OpAsync::Result
+        path: 'response'
+        resource_inside_response: true
+      status: !ruby/object:Api::OpAsync::Status
+        path: 'done'
+        complete: true
+        allowed:
+          - true
+          - false
+      error: !ruby/object:Api::OpAsync::Error
+        path: 'error'
+        message: 'message'
+    properties:
+      - !ruby/object:Api::Type::String
+        name: 'name'
+        required: true
+        input: true
+        description: |
+          ID of the AppGateway.
+        url_param_only: true
+      - !ruby/object:Api::Type::String
+        name: 'region'
+        description: |
+          The region of the AppGateway.
+        input: true
+        url_param_only: true
+      - !ruby/object:Api::Type::Enum
+        name: 'type'
+        description: |
+          The type of network connectivity used by the AppGateway.
+        values:
+          - :TYPE_UNSPECIFIED
+          - :TCP_PROXY
+        default_value: :TYPE_UNSPECIFIED
+      - !ruby/object:Api::Type::Enum
+        name: 'hostType'
+        description: |
+          The type of hosting used by the AppGateway.
+        values:
+          - :HOST_TYPE_UNSPECIFIED
+          - :GCP_REGIONAL_MIG
+        default_value: :HOST_TYPE_UNSPECIFIED
+      - !ruby/object:Api::Type::String
+        name: 'displayName'
+        description: |
+          An arbitrary user-provided name for the AppGateway.
+      - !ruby/object:Api::Type::KeyValuePairs
+        name: 'labels'
+        description: |
+          Resource labels to represent user provided metadata.
+      - !ruby/object:Api::Type::Enum
+        name: 'state'
+        output: true
+        description: |
+          Represents the different states of a AppGateway.
+        values:
+          - :STATE_UNSPECIFIED
+          - :CREATING
+          - :CREATED
+          - :UPDATING
+          - :DELETING
+          - :DOWN
+      - !ruby/object:Api::Type::String
+        name: 'uri'
+        output: true
+        description: |
+          Server-defined URI for this resource.
+      - !ruby/object:Api::Type::NestedObject
+        name: 'allocatedConnections'
+        description: |
+          A list of connections allocated for the Gateway.
+        output: true
+        properties:
+          - !ruby/object:Api::Type::String
+            name: 'pscUri'
+            description: |
+              The PSC uri of an allocated connection.
+          - !ruby/object:Api::Type::Integer
+            name: 'ingressPort'
+            description: |
+              The ingress port of an allocated connection.

mmv1/products/beyondcorp/terraform.yaml

@@ -0,0 +1,55 @@
+# Copyright 2022 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+--- !ruby/object:Provider::Terraform::Config
+overrides: !ruby/object:Overrides::ResourceOverrides
+  AppConnector: !ruby/object:Overrides::Terraform::ResourceOverride
+    autogen_async: true
+    examples:
+      - !ruby/object:Provider::Terraform::Examples
+        name: "beyondcorp_app_connector_basic"
+        primary_resource_id: "app_connector"
+        primary_resource_name: "fmt.Sprintf(\"tf_test_my_app_connector%s\", context[\"random_suffix\"])"
+        vars:
+          app_connector_name: "my-app-connector"
+          account_id: "my-account"
+      - !ruby/object:Provider::Terraform::Examples
+        name: "beyondcorp_app_connector_full"
+        primary_resource_id: "app_connector"
+        primary_resource_name: "fmt.Sprintf(\"tf_test_my_app_connector%s\", context[\"random_suffix\"])"
+        vars:
+          app_connector_name: "my-app-connector"
+          account_id: "my-account"
+          display_name: "some display name"
+  AppGateway: !ruby/object:Overrides::Terraform::ResourceOverride
+    autogen_async: true
+    examples:
+      - !ruby/object:Provider::Terraform::Examples
+        name: "beyondcorp_app_gateway_basic"
+        primary_resource_id: "app_gateway"
+        primary_resource_name: "fmt.Sprintf(\"tf_test_my_app_gateway%s\", context[\"random_suffix\"])"
+        vars:
+          app_gateway_name: "my-app-gateway"
+      - !ruby/object:Provider::Terraform::Examples
+        name: "beyondcorp_app_gateway_full"
+        primary_resource_id: "app_gateway"
+        primary_resource_name: "fmt.Sprintf(\"tf_test_my_app_gateway%s\", context[\"random_suffix\"])"
+        vars:
+          app_gateway_name: "my-app-gateway"
+          display_name: "some display name"
+# This is for copying files over
+files: !ruby/object:Provider::Config::Files
+  # These files have templating (ERB) code that will be run.
+  # This is usually to add licensing info, autogeneration notices, etc.
+  compile:
+<%= lines(indent(compile('provider/terraform/product~compile.yaml'), 4)) -%>

mmv1/templates/terraform/examples/beyondcorp_app_connector_basic.tf.erb

@@ -0,0 +1,13 @@
+resource "google_service_account" "service_account" {
+  account_id   = "<%= ctx[:vars]['account_id'] %>"
+  display_name = "Test Service Account"
+}
+
+resource "google_beyondcorp_app_connector" "<%= ctx[:primary_resource_id] %>" {
+  name = "<%= ctx[:vars]['app_connector_name'] %>"
+  principal_info {
+    service_account {
+     email = google_service_account.service_account.email
+    }
+  }
+}

mmv1/templates/terraform/examples/beyondcorp_app_connector_full.tf.erb

@@ -0,0 +1,19 @@
+resource "google_service_account" "service_account" {
+  account_id   = "<%= ctx[:vars]['account_id'] %>"
+  display_name = "Test Service Account"
+}
+
+resource "google_beyondcorp_app_connector" "<%= ctx[:primary_resource_id] %>" {
+  name = "<%= ctx[:vars]['app_connector_name'] %>"
+  region = "us-central1"
+  display_name = "<%= ctx[:vars]['display_name'] %>"
+  principal_info {
+    service_account {
+     email = google_service_account.service_account.email
+    }
+  }
+  labels = {
+    foo = "bar"
+    bar = "baz"
+  }
+}

mmv1/templates/terraform/examples/beyondcorp_app_gateway_basic.tf.erb

@@ -0,0 +1,6 @@
+resource "google_beyondcorp_app_gateway" "<%= ctx[:primary_resource_id] %>" {
+  name = "<%= ctx[:vars]['app_gateway_name'] %>"
+  type = "TCP_PROXY"
+  region = "us-central1"
+  host_type = "GCP_REGIONAL_MIG"
+}

mmv1/templates/terraform/examples/beyondcorp_app_gateway_full.tf.erb

@@ -0,0 +1,11 @@
+resource "google_beyondcorp_app_gateway" "<%= ctx[:primary_resource_id] %>" {
+  name = "<%= ctx[:vars]['app_gateway_name'] %>"
+  type = "TCP_PROXY"
+  region = "us-central1"
+  display_name = "<%= ctx[:vars]['display_name'] %>"
+  labels = {
+    foo = "bar"
+    bar = "baz"
+  }
+  host_type = "GCP_REGIONAL_MIG"
+}

mmv1/third_party/terraform/tests/resource_beyondcorp_app_connector_test.go

@@ -0,0 +1,63 @@
+package google
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccBeyondcorpAppConnector_beyondcorpAppConnectorUpdateExample(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": randString(t, 10),
+	}
+
+	vcrTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckBeyondcorpAppConnectorDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccBeyondcorpAppConnector_beyondcorpAppConnectorBasicExample(context),
+			},
+			{
+				ResourceName:            "google_beyondcorp_app_connector.app_connector",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"name", "region"},
+			},
+			{
+				Config: testAccBeyondcorpAppConnector_beyondcorpAppConnectorUpdateExample(context),
+			},
+			{
+				ResourceName:            "google_beyondcorp_app_connector.app_connector",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"name", "region"},
+			},
+			{
+				Config: testAccBeyondcorpAppConnector_beyondcorpAppConnectorBasicExample(context),
+			},
+		},
+	})
+}
+
+func testAccBeyondcorpAppConnector_beyondcorpAppConnectorUpdateExample(context map[string]interface{}) string {
+	return Nprintf(`
+resource "google_service_account" "service_account" {
+  account_id   = "tf-test-my-account%{random_suffix}"
+  display_name = "Test Service Account"
+}
+
+resource "google_beyondcorp_app_connector" "app_connector" {
+  name = "tf-test-my-app-connector%{random_suffix}"
+  principal_info {
+    service_account {
+     email = google_service_account.service_account.email
+    }
+  }
+  display_name = "Some display name"
+}
+`, context)
+}