diff --git a/.changelog/9514.txt b/.changelog/9514.txt new file mode 100644 index 00000000000..db5c97dc9fa --- /dev/null +++ b/.changelog/9514.txt @@ -0,0 +1,6 @@ +```release-note:new-resource +`google_vmwareengine_network_policy` +``` +```release-note:new-datasource +`google_vmwareengine_network_policy` +``` diff --git a/google/provider/provider_mmv1_resources.go b/google/provider/provider_mmv1_resources.go index f2c0562f066..494731f57ed 100644 --- a/google/provider/provider_mmv1_resources.go +++ b/google/provider/provider_mmv1_resources.go @@ -260,6 +260,7 @@ var handwrittenDatasources = map[string]*schema.Resource{ "google_vertex_ai_index": vertexai.DataSourceVertexAIIndex(), "google_vmwareengine_network": vmwareengine.DataSourceVmwareengineNetwork(), "google_vmwareengine_network_peering": vmwareengine.DataSourceVmwareengineNetworkPeering(), + "google_vmwareengine_network_policy": vmwareengine.DataSourceVmwareengineNetworkPolicy(), "google_vmwareengine_private_cloud": vmwareengine.DataSourceVmwareenginePrivateCloud(), // ####### END handwritten datasources ########### @@ -361,9 +362,9 @@ var handwrittenIAMDatasources = map[string]*schema.Resource{ } // Resources -// Generated resources: 345 +// Generated resources: 346 // Generated IAM resources: 216 -// Total generated resources: 561 +// Total generated resources: 562 var generatedResources = map[string]*schema.Resource{ "google_folder_access_approval_settings": accessapproval.ResourceAccessApprovalFolderSettings(), "google_organization_access_approval_settings": accessapproval.ResourceAccessApprovalOrganizationSettings(), @@ -905,6 +906,7 @@ var generatedResources = map[string]*schema.Resource{ "google_vertex_ai_tensorboard": vertexai.ResourceVertexAITensorboard(), "google_vmwareengine_network": vmwareengine.ResourceVmwareengineNetwork(), "google_vmwareengine_network_peering": vmwareengine.ResourceVmwareengineNetworkPeering(), + "google_vmwareengine_network_policy": vmwareengine.ResourceVmwareengineNetworkPolicy(), "google_vmwareengine_private_cloud": vmwareengine.ResourceVmwareenginePrivateCloud(), "google_vpc_access_connector": vpcaccess.ResourceVPCAccessConnector(), "google_workflows_workflow": workflows.ResourceWorkflowsWorkflow(), diff --git a/google/services/vmwareengine/data_source_google_vmwareengine_network_policy.go b/google/services/vmwareengine/data_source_google_vmwareengine_network_policy.go new file mode 100644 index 00000000000..2ae030d1e4b --- /dev/null +++ b/google/services/vmwareengine/data_source_google_vmwareengine_network_policy.go @@ -0,0 +1,42 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 +package vmwareengine + +import ( + "fmt" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + "github.com/hashicorp/terraform-provider-google/google/tpgresource" + transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport" +) + +func DataSourceVmwareengineNetworkPolicy() *schema.Resource { + + dsSchema := tpgresource.DatasourceSchemaFromResourceSchema(ResourceVmwareengineNetworkPolicy().Schema) + tpgresource.AddRequiredFieldsToSchema(dsSchema, "location", "name") + tpgresource.AddOptionalFieldsToSchema(dsSchema, "project") + return &schema.Resource{ + Read: dataSourceVmwareengineNetworkPolicyRead, + Schema: dsSchema, + } +} + +func dataSourceVmwareengineNetworkPolicyRead(d *schema.ResourceData, meta interface{}) error { + config := meta.(*transport_tpg.Config) + + // Store the ID now + id, err := tpgresource.ReplaceVars(d, config, "projects/{{project}}/locations/{{location}}/networkPolicies/{{name}}") + if err != nil { + return fmt.Errorf("Error constructing id: %s", err) + } + d.SetId(id) + err = resourceVmwareengineNetworkPolicyRead(d, meta) + if err != nil { + return err + } + + if d.Id() == "" { + return fmt.Errorf("%s not found", id) + } + return nil +} diff --git a/google/services/vmwareengine/data_source_google_vmwareengine_network_policy_test.go b/google/services/vmwareengine/data_source_google_vmwareengine_network_policy_test.go new file mode 100644 index 00000000000..ffa9ede0c33 --- /dev/null +++ b/google/services/vmwareengine/data_source_google_vmwareengine_network_policy_test.go @@ -0,0 +1,67 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 +package vmwareengine_test + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-provider-google/google/acctest" + "github.com/hashicorp/terraform-provider-google/google/envvar" +) + +func TestAccDataSourceVmwareengineNetworkPolicy_basic(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "region": envvar.GetTestRegionFromEnv(), + "random_suffix": acctest.RandString(t, 10), + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckVmwareengineNetworkPolicyDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccVmwareengineNetworkPolicy_ds(context), + Check: resource.ComposeTestCheckFunc( + acctest.CheckDataSourceStateMatchesResourceStateWithIgnores("data.google_vmwareengine_network_policy.ds", "google_vmwareengine_network_policy.vmw-engine-network-policy", map[string]struct{}{}), + ), + }, + }, + }) +} + +func testAccVmwareengineNetworkPolicy_ds(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_vmwareengine_network" "network-policy-ds-nw" { + name = "tf-test-sample-nw%{random_suffix}" + location = "global" + type = "STANDARD" + description = "VMwareEngine standard network sample" +} + +resource "google_vmwareengine_network_policy" "vmw-engine-network-policy" { + location = "%{region}" + name = "tf-test-sample-network-policy%{random_suffix}" + internet_access { + enabled = true + } + external_ip { + enabled = true + } + edge_services_cidr = "192.168.30.0/26" + vmware_engine_network = google_vmwareengine_network.network-policy-ds-nw.id +} + +data "google_vmwareengine_network_policy" "ds" { + name = google_vmwareengine_network_policy.vmw-engine-network-policy.name + location = "%{region}" + depends_on = [ + google_vmwareengine_network_policy.vmw-engine-network-policy, + ] +} + +`, context) +} diff --git a/google/services/vmwareengine/resource_vmwareengine_network_policy.go b/google/services/vmwareengine/resource_vmwareengine_network_policy.go new file mode 100644 index 00000000000..4fdaaccf64a --- /dev/null +++ b/google/services/vmwareengine/resource_vmwareengine_network_policy.go @@ -0,0 +1,637 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package vmwareengine + +import ( + "fmt" + "log" + "reflect" + "time" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" + + "github.com/hashicorp/terraform-provider-google/google/tpgresource" + transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport" +) + +func ResourceVmwareengineNetworkPolicy() *schema.Resource { + return &schema.Resource{ + Create: resourceVmwareengineNetworkPolicyCreate, + Read: resourceVmwareengineNetworkPolicyRead, + Update: resourceVmwareengineNetworkPolicyUpdate, + Delete: resourceVmwareengineNetworkPolicyDelete, + + Importer: &schema.ResourceImporter{ + State: resourceVmwareengineNetworkPolicyImport, + }, + + Timeouts: &schema.ResourceTimeout{ + Create: schema.DefaultTimeout(60 * time.Minute), + Update: schema.DefaultTimeout(60 * time.Minute), + Delete: schema.DefaultTimeout(60 * time.Minute), + }, + + CustomizeDiff: customdiff.All( + tpgresource.DefaultProviderProject, + ), + + Schema: map[string]*schema.Schema{ + "edge_services_cidr": { + Type: schema.TypeString, + Required: true, + Description: `IP address range in CIDR notation used to create internet access and external IP access. +An RFC 1918 CIDR block, with a "/26" prefix, is required. The range cannot overlap with any +prefixes either in the consumer VPC network or in use by the private clouds attached to that VPC network.`, + }, + "location": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + Description: `The resource name of the location (region) to create the new network policy in. +Resource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names. +For example: projects/my-project/locations/us-central1`, + }, + "name": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + Description: `The ID of the Network Policy.`, + }, + "vmware_engine_network": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + Description: `The relative resource name of the VMware Engine network. Specify the name in the following form: +projects/{project}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId} where {project} +can either be a project number or a project ID.`, + }, + "description": { + Type: schema.TypeString, + Optional: true, + Description: `User-provided description for this network policy.`, + }, + "external_ip": { + Type: schema.TypeList, + Computed: true, + Optional: true, + Description: `Network service that allows External IP addresses to be assigned to VMware workloads. +This service can only be enabled when internetAccess is also enabled.`, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enabled": { + Type: schema.TypeBool, + Optional: true, + Description: `True if the service is enabled; false otherwise.`, + }, + "state": { + Type: schema.TypeString, + Computed: true, + Description: `State of the service. New values may be added to this enum when appropriate.`, + }, + }, + }, + }, + "internet_access": { + Type: schema.TypeList, + Computed: true, + Optional: true, + Description: `Network service that allows VMware workloads to access the internet.`, + MaxItems: 1, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "enabled": { + Type: schema.TypeBool, + Optional: true, + Description: `True if the service is enabled; false otherwise.`, + }, + "state": { + Type: schema.TypeString, + Computed: true, + Description: `State of the service. New values may be added to this enum when appropriate.`, + }, + }, + }, + }, + "create_time": { + Type: schema.TypeString, + Computed: true, + Description: `Creation time of this resource. +A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and +up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".`, + }, + "uid": { + Type: schema.TypeString, + Computed: true, + Description: `System-generated unique identifier for the resource.`, + }, + "update_time": { + Type: schema.TypeString, + Computed: true, + Description: `Last updated time of this resource. +A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine +fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".`, + }, + "vmware_engine_network_canonical": { + Type: schema.TypeString, + Computed: true, + Description: `The canonical name of the VMware Engine network in the form: +projects/{project_number}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId}`, + }, + "project": { + Type: schema.TypeString, + Optional: true, + Computed: true, + ForceNew: true, + }, + }, + UseJSONNumber: true, + } +} + +func resourceVmwareengineNetworkPolicyCreate(d *schema.ResourceData, meta interface{}) error { + config := meta.(*transport_tpg.Config) + userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent) + if err != nil { + return err + } + + obj := make(map[string]interface{}) + edgeServicesCidrProp, err := expandVmwareengineNetworkPolicyEdgeServicesCidr(d.Get("edge_services_cidr"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("edge_services_cidr"); !tpgresource.IsEmptyValue(reflect.ValueOf(edgeServicesCidrProp)) && (ok || !reflect.DeepEqual(v, edgeServicesCidrProp)) { + obj["edgeServicesCidr"] = edgeServicesCidrProp + } + descriptionProp, err := expandVmwareengineNetworkPolicyDescription(d.Get("description"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("description"); !tpgresource.IsEmptyValue(reflect.ValueOf(descriptionProp)) && (ok || !reflect.DeepEqual(v, descriptionProp)) { + obj["description"] = descriptionProp + } + vmwareEngineNetworkProp, err := expandVmwareengineNetworkPolicyVmwareEngineNetwork(d.Get("vmware_engine_network"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("vmware_engine_network"); !tpgresource.IsEmptyValue(reflect.ValueOf(vmwareEngineNetworkProp)) && (ok || !reflect.DeepEqual(v, vmwareEngineNetworkProp)) { + obj["vmwareEngineNetwork"] = vmwareEngineNetworkProp + } + internetAccessProp, err := expandVmwareengineNetworkPolicyInternetAccess(d.Get("internet_access"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("internet_access"); !tpgresource.IsEmptyValue(reflect.ValueOf(internetAccessProp)) && (ok || !reflect.DeepEqual(v, internetAccessProp)) { + obj["internetAccess"] = internetAccessProp + } + externalIpProp, err := expandVmwareengineNetworkPolicyExternalIp(d.Get("external_ip"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("external_ip"); !tpgresource.IsEmptyValue(reflect.ValueOf(externalIpProp)) && (ok || !reflect.DeepEqual(v, externalIpProp)) { + obj["externalIp"] = externalIpProp + } + + url, err := tpgresource.ReplaceVars(d, config, "{{VmwareengineBasePath}}projects/{{project}}/locations/{{location}}/networkPolicies?networkPolicyId={{name}}") + if err != nil { + return err + } + + log.Printf("[DEBUG] Creating new NetworkPolicy: %#v", obj) + billingProject := "" + + project, err := tpgresource.GetProject(d, config) + if err != nil { + return fmt.Errorf("Error fetching project for NetworkPolicy: %s", err) + } + billingProject = project + + // err == nil indicates that the billing_project value was found + if bp, err := tpgresource.GetBillingProject(d, config); err == nil { + billingProject = bp + } + + res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{ + Config: config, + Method: "POST", + Project: billingProject, + RawURL: url, + UserAgent: userAgent, + Body: obj, + Timeout: d.Timeout(schema.TimeoutCreate), + }) + if err != nil { + return fmt.Errorf("Error creating NetworkPolicy: %s", err) + } + + // Store the ID now + id, err := tpgresource.ReplaceVars(d, config, "projects/{{project}}/locations/{{location}}/networkPolicies/{{name}}") + if err != nil { + return fmt.Errorf("Error constructing id: %s", err) + } + d.SetId(id) + + err = VmwareengineOperationWaitTime( + config, res, project, "Creating NetworkPolicy", userAgent, + d.Timeout(schema.TimeoutCreate)) + + if err != nil { + // The resource didn't actually create + d.SetId("") + return fmt.Errorf("Error waiting to create NetworkPolicy: %s", err) + } + + log.Printf("[DEBUG] Finished creating NetworkPolicy %q: %#v", d.Id(), res) + + return resourceVmwareengineNetworkPolicyRead(d, meta) +} + +func resourceVmwareengineNetworkPolicyRead(d *schema.ResourceData, meta interface{}) error { + config := meta.(*transport_tpg.Config) + userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent) + if err != nil { + return err + } + + url, err := tpgresource.ReplaceVars(d, config, "{{VmwareengineBasePath}}projects/{{project}}/locations/{{location}}/networkPolicies/{{name}}") + if err != nil { + return err + } + + billingProject := "" + + project, err := tpgresource.GetProject(d, config) + if err != nil { + return fmt.Errorf("Error fetching project for NetworkPolicy: %s", err) + } + billingProject = project + + // err == nil indicates that the billing_project value was found + if bp, err := tpgresource.GetBillingProject(d, config); err == nil { + billingProject = bp + } + + res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{ + Config: config, + Method: "GET", + Project: billingProject, + RawURL: url, + UserAgent: userAgent, + }) + if err != nil { + return transport_tpg.HandleNotFoundError(err, d, fmt.Sprintf("VmwareengineNetworkPolicy %q", d.Id())) + } + + if err := d.Set("project", project); err != nil { + return fmt.Errorf("Error reading NetworkPolicy: %s", err) + } + + if err := d.Set("create_time", flattenVmwareengineNetworkPolicyCreateTime(res["createTime"], d, config)); err != nil { + return fmt.Errorf("Error reading NetworkPolicy: %s", err) + } + if err := d.Set("update_time", flattenVmwareengineNetworkPolicyUpdateTime(res["updateTime"], d, config)); err != nil { + return fmt.Errorf("Error reading NetworkPolicy: %s", err) + } + if err := d.Set("uid", flattenVmwareengineNetworkPolicyUid(res["uid"], d, config)); err != nil { + return fmt.Errorf("Error reading NetworkPolicy: %s", err) + } + if err := d.Set("vmware_engine_network_canonical", flattenVmwareengineNetworkPolicyVmwareEngineNetworkCanonical(res["vmwareEngineNetworkCanonical"], d, config)); err != nil { + return fmt.Errorf("Error reading NetworkPolicy: %s", err) + } + if err := d.Set("edge_services_cidr", flattenVmwareengineNetworkPolicyEdgeServicesCidr(res["edgeServicesCidr"], d, config)); err != nil { + return fmt.Errorf("Error reading NetworkPolicy: %s", err) + } + if err := d.Set("description", flattenVmwareengineNetworkPolicyDescription(res["description"], d, config)); err != nil { + return fmt.Errorf("Error reading NetworkPolicy: %s", err) + } + if err := d.Set("vmware_engine_network", flattenVmwareengineNetworkPolicyVmwareEngineNetwork(res["vmwareEngineNetwork"], d, config)); err != nil { + return fmt.Errorf("Error reading NetworkPolicy: %s", err) + } + if err := d.Set("internet_access", flattenVmwareengineNetworkPolicyInternetAccess(res["internetAccess"], d, config)); err != nil { + return fmt.Errorf("Error reading NetworkPolicy: %s", err) + } + if err := d.Set("external_ip", flattenVmwareengineNetworkPolicyExternalIp(res["externalIp"], d, config)); err != nil { + return fmt.Errorf("Error reading NetworkPolicy: %s", err) + } + + return nil +} + +func resourceVmwareengineNetworkPolicyUpdate(d *schema.ResourceData, meta interface{}) error { + config := meta.(*transport_tpg.Config) + userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent) + if err != nil { + return err + } + + billingProject := "" + + project, err := tpgresource.GetProject(d, config) + if err != nil { + return fmt.Errorf("Error fetching project for NetworkPolicy: %s", err) + } + billingProject = project + + obj := make(map[string]interface{}) + edgeServicesCidrProp, err := expandVmwareengineNetworkPolicyEdgeServicesCidr(d.Get("edge_services_cidr"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("edge_services_cidr"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, edgeServicesCidrProp)) { + obj["edgeServicesCidr"] = edgeServicesCidrProp + } + descriptionProp, err := expandVmwareengineNetworkPolicyDescription(d.Get("description"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("description"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, descriptionProp)) { + obj["description"] = descriptionProp + } + internetAccessProp, err := expandVmwareengineNetworkPolicyInternetAccess(d.Get("internet_access"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("internet_access"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, internetAccessProp)) { + obj["internetAccess"] = internetAccessProp + } + externalIpProp, err := expandVmwareengineNetworkPolicyExternalIp(d.Get("external_ip"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("external_ip"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, externalIpProp)) { + obj["externalIp"] = externalIpProp + } + + url, err := tpgresource.ReplaceVars(d, config, "{{VmwareengineBasePath}}projects/{{project}}/locations/{{location}}/networkPolicies/{{name}}") + if err != nil { + return err + } + + log.Printf("[DEBUG] Updating NetworkPolicy %q: %#v", d.Id(), obj) + + // err == nil indicates that the billing_project value was found + if bp, err := tpgresource.GetBillingProject(d, config); err == nil { + billingProject = bp + } + + res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{ + Config: config, + Method: "PATCH", + Project: billingProject, + RawURL: url, + UserAgent: userAgent, + Body: obj, + Timeout: d.Timeout(schema.TimeoutUpdate), + }) + + if err != nil { + return fmt.Errorf("Error updating NetworkPolicy %q: %s", d.Id(), err) + } else { + log.Printf("[DEBUG] Finished updating NetworkPolicy %q: %#v", d.Id(), res) + } + + err = VmwareengineOperationWaitTime( + config, res, project, "Updating NetworkPolicy", userAgent, + d.Timeout(schema.TimeoutUpdate)) + + if err != nil { + return err + } + + return resourceVmwareengineNetworkPolicyRead(d, meta) +} + +func resourceVmwareengineNetworkPolicyDelete(d *schema.ResourceData, meta interface{}) error { + config := meta.(*transport_tpg.Config) + userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent) + if err != nil { + return err + } + + billingProject := "" + + project, err := tpgresource.GetProject(d, config) + if err != nil { + return fmt.Errorf("Error fetching project for NetworkPolicy: %s", err) + } + billingProject = project + + url, err := tpgresource.ReplaceVars(d, config, "{{VmwareengineBasePath}}projects/{{project}}/locations/{{location}}/networkPolicies/{{name}}") + if err != nil { + return err + } + + var obj map[string]interface{} + log.Printf("[DEBUG] Deleting NetworkPolicy %q", d.Id()) + + // err == nil indicates that the billing_project value was found + if bp, err := tpgresource.GetBillingProject(d, config); err == nil { + billingProject = bp + } + + res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{ + Config: config, + Method: "DELETE", + Project: billingProject, + RawURL: url, + UserAgent: userAgent, + Body: obj, + Timeout: d.Timeout(schema.TimeoutDelete), + }) + if err != nil { + return transport_tpg.HandleNotFoundError(err, d, "NetworkPolicy") + } + + err = VmwareengineOperationWaitTime( + config, res, project, "Deleting NetworkPolicy", userAgent, + d.Timeout(schema.TimeoutDelete)) + + if err != nil { + return err + } + + log.Printf("[DEBUG] Finished deleting NetworkPolicy %q: %#v", d.Id(), res) + return nil +} + +func resourceVmwareengineNetworkPolicyImport(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { + config := meta.(*transport_tpg.Config) + if err := tpgresource.ParseImportId([]string{ + "^projects/(?P[^/]+)/locations/(?P[^/]+)/networkPolicies/(?P[^/]+)$", + "^(?P[^/]+)/(?P[^/]+)/(?P[^/]+)$", + "^(?P[^/]+)/(?P[^/]+)$", + }, d, config); err != nil { + return nil, err + } + + // Replace import id for the resource id + id, err := tpgresource.ReplaceVars(d, config, "projects/{{project}}/locations/{{location}}/networkPolicies/{{name}}") + if err != nil { + return nil, fmt.Errorf("Error constructing id: %s", err) + } + d.SetId(id) + + return []*schema.ResourceData{d}, nil +} + +func flattenVmwareengineNetworkPolicyCreateTime(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { + return v +} + +func flattenVmwareengineNetworkPolicyUpdateTime(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { + return v +} + +func flattenVmwareengineNetworkPolicyUid(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { + return v +} + +func flattenVmwareengineNetworkPolicyVmwareEngineNetworkCanonical(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { + return v +} + +func flattenVmwareengineNetworkPolicyEdgeServicesCidr(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { + return v +} + +func flattenVmwareengineNetworkPolicyDescription(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { + return v +} + +func flattenVmwareengineNetworkPolicyVmwareEngineNetwork(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { + return v +} + +func flattenVmwareengineNetworkPolicyInternetAccess(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { + if v == nil { + return nil + } + original := v.(map[string]interface{}) + if len(original) == 0 { + return nil + } + transformed := make(map[string]interface{}) + transformed["enabled"] = + flattenVmwareengineNetworkPolicyInternetAccessEnabled(original["enabled"], d, config) + transformed["state"] = + flattenVmwareengineNetworkPolicyInternetAccessState(original["state"], d, config) + return []interface{}{transformed} +} +func flattenVmwareengineNetworkPolicyInternetAccessEnabled(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { + return v +} + +func flattenVmwareengineNetworkPolicyInternetAccessState(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { + return v +} + +func flattenVmwareengineNetworkPolicyExternalIp(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { + if v == nil { + return nil + } + original := v.(map[string]interface{}) + if len(original) == 0 { + return nil + } + transformed := make(map[string]interface{}) + transformed["enabled"] = + flattenVmwareengineNetworkPolicyExternalIpEnabled(original["enabled"], d, config) + transformed["state"] = + flattenVmwareengineNetworkPolicyExternalIpState(original["state"], d, config) + return []interface{}{transformed} +} +func flattenVmwareengineNetworkPolicyExternalIpEnabled(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { + return v +} + +func flattenVmwareengineNetworkPolicyExternalIpState(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { + return v +} + +func expandVmwareengineNetworkPolicyEdgeServicesCidr(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + return v, nil +} + +func expandVmwareengineNetworkPolicyDescription(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + return v, nil +} + +func expandVmwareengineNetworkPolicyVmwareEngineNetwork(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + return v, nil +} + +func expandVmwareengineNetworkPolicyInternetAccess(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil, nil + } + raw := l[0] + original := raw.(map[string]interface{}) + transformed := make(map[string]interface{}) + + transformedEnabled, err := expandVmwareengineNetworkPolicyInternetAccessEnabled(original["enabled"], d, config) + if err != nil { + return nil, err + } else { + transformed["enabled"] = transformedEnabled + } + + transformedState, err := expandVmwareengineNetworkPolicyInternetAccessState(original["state"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedState); val.IsValid() && !tpgresource.IsEmptyValue(val) { + transformed["state"] = transformedState + } + + return transformed, nil +} + +func expandVmwareengineNetworkPolicyInternetAccessEnabled(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + return v, nil +} + +func expandVmwareengineNetworkPolicyInternetAccessState(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + return v, nil +} + +func expandVmwareengineNetworkPolicyExternalIp(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil, nil + } + raw := l[0] + original := raw.(map[string]interface{}) + transformed := make(map[string]interface{}) + + transformedEnabled, err := expandVmwareengineNetworkPolicyExternalIpEnabled(original["enabled"], d, config) + if err != nil { + return nil, err + } else { + transformed["enabled"] = transformedEnabled + } + + transformedState, err := expandVmwareengineNetworkPolicyExternalIpState(original["state"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedState); val.IsValid() && !tpgresource.IsEmptyValue(val) { + transformed["state"] = transformedState + } + + return transformed, nil +} + +func expandVmwareengineNetworkPolicyExternalIpEnabled(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + return v, nil +} + +func expandVmwareengineNetworkPolicyExternalIpState(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + return v, nil +} diff --git a/google/services/vmwareengine/resource_vmwareengine_network_policy_generated_test.go b/google/services/vmwareengine/resource_vmwareengine_network_policy_generated_test.go new file mode 100644 index 00000000000..3c8120871e2 --- /dev/null +++ b/google/services/vmwareengine/resource_vmwareengine_network_policy_generated_test.go @@ -0,0 +1,166 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package vmwareengine_test + +import ( + "fmt" + "strings" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" + + "github.com/hashicorp/terraform-provider-google/google/acctest" + "github.com/hashicorp/terraform-provider-google/google/envvar" + "github.com/hashicorp/terraform-provider-google/google/tpgresource" + transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport" +) + +func TestAccVmwareengineNetworkPolicy_vmwareEngineNetworkPolicyBasicExample(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "region": envvar.GetTestRegionFromEnv(), + "random_suffix": acctest.RandString(t, 10), + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckVmwareengineNetworkPolicyDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccVmwareengineNetworkPolicy_vmwareEngineNetworkPolicyBasicExample(context), + }, + { + ResourceName: "google_vmwareengine_network_policy.vmw-engine-network-policy", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"location", "name"}, + }, + }, + }) +} + +func testAccVmwareengineNetworkPolicy_vmwareEngineNetworkPolicyBasicExample(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_vmwareengine_network" "network-policy-nw" { + name = "standard-nw" + location = "global" + type = "STANDARD" + description = "VMwareEngine standard network sample" +} + +resource "google_vmwareengine_network_policy" "vmw-engine-network-policy" { + location = "%{region}" + name = "tf-test-sample-network-policy%{random_suffix}" + edge_services_cidr = "192.168.30.0/26" + vmware_engine_network = google_vmwareengine_network.network-policy-nw.id +} +`, context) +} + +func TestAccVmwareengineNetworkPolicy_vmwareEngineNetworkPolicyFullExample(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "region": envvar.GetTestRegionFromEnv(), + "random_suffix": acctest.RandString(t, 10), + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckVmwareengineNetworkPolicyDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccVmwareengineNetworkPolicy_vmwareEngineNetworkPolicyFullExample(context), + }, + { + ResourceName: "google_vmwareengine_network_policy.vmw-engine-network-policy", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"location", "name"}, + }, + }, + }) +} + +func testAccVmwareengineNetworkPolicy_vmwareEngineNetworkPolicyFullExample(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_vmwareengine_network" "network-policy-nw" { + name = "standard-full-nw" + location = "global" + type = "STANDARD" + description = "VMwareEngine standard network sample" +} + +resource "google_vmwareengine_network_policy" "vmw-engine-network-policy" { + location = "%{region}" + name = "tf-test-sample-network-policy-full%{random_suffix}" + edge_services_cidr = "192.168.30.0/26" + vmware_engine_network = google_vmwareengine_network.network-policy-nw.id + description = "Sample Network Policy" + internet_access { + enabled = true + } + external_ip { + enabled = true + } +} +`, context) +} + +func testAccCheckVmwareengineNetworkPolicyDestroyProducer(t *testing.T) func(s *terraform.State) error { + return func(s *terraform.State) error { + for name, rs := range s.RootModule().Resources { + if rs.Type != "google_vmwareengine_network_policy" { + continue + } + if strings.HasPrefix(name, "data.") { + continue + } + + config := acctest.GoogleProviderConfig(t) + + url, err := tpgresource.ReplaceVarsForTest(config, rs, "{{VmwareengineBasePath}}projects/{{project}}/locations/{{location}}/networkPolicies/{{name}}") + if err != nil { + return err + } + + billingProject := "" + + if config.BillingProject != "" { + billingProject = config.BillingProject + } + + _, err = transport_tpg.SendRequest(transport_tpg.SendRequestOptions{ + Config: config, + Method: "GET", + Project: billingProject, + RawURL: url, + UserAgent: config.UserAgent, + }) + if err == nil { + return fmt.Errorf("VmwareengineNetworkPolicy still exists at %s", url) + } + } + + return nil + } +} diff --git a/google/services/vmwareengine/resource_vmwareengine_network_policy_sweeper.go b/google/services/vmwareengine/resource_vmwareengine_network_policy_sweeper.go new file mode 100644 index 00000000000..5220619ce9e --- /dev/null +++ b/google/services/vmwareengine/resource_vmwareengine_network_policy_sweeper.go @@ -0,0 +1,139 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** Type: MMv1 *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package vmwareengine + +import ( + "context" + "log" + "strings" + "testing" + + "github.com/hashicorp/terraform-provider-google/google/envvar" + "github.com/hashicorp/terraform-provider-google/google/sweeper" + "github.com/hashicorp/terraform-provider-google/google/tpgresource" + transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport" +) + +func init() { + sweeper.AddTestSweepers("VmwareengineNetworkPolicy", testSweepVmwareengineNetworkPolicy) +} + +// At the time of writing, the CI only passes us-central1 as the region +func testSweepVmwareengineNetworkPolicy(region string) error { + resourceName := "VmwareengineNetworkPolicy" + log.Printf("[INFO][SWEEPER_LOG] Starting sweeper for %s", resourceName) + + config, err := sweeper.SharedConfigForRegion(region) + if err != nil { + log.Printf("[INFO][SWEEPER_LOG] error getting shared config for region: %s", err) + return err + } + + err = config.LoadAndValidate(context.Background()) + if err != nil { + log.Printf("[INFO][SWEEPER_LOG] error loading: %s", err) + return err + } + + t := &testing.T{} + billingId := envvar.GetTestBillingAccountFromEnv(t) + + // Setup variables to replace in list template + d := &tpgresource.ResourceDataMock{ + FieldsInSchema: map[string]interface{}{ + "project": config.Project, + "region": region, + "location": region, + "zone": "-", + "billing_account": billingId, + }, + } + + listTemplate := strings.Split("https://vmwareengine.googleapis.com/v1/projects/{{project}}/locations/{{location}}/networkPolicies", "?")[0] + listUrl, err := tpgresource.ReplaceVars(d, config, listTemplate) + if err != nil { + log.Printf("[INFO][SWEEPER_LOG] error preparing sweeper list url: %s", err) + return nil + } + + res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{ + Config: config, + Method: "GET", + Project: config.Project, + RawURL: listUrl, + UserAgent: config.UserAgent, + }) + if err != nil { + log.Printf("[INFO][SWEEPER_LOG] Error in response from request %s: %s", listUrl, err) + return nil + } + + resourceList, ok := res["networkPolicies"] + if !ok { + log.Printf("[INFO][SWEEPER_LOG] Nothing found in response.") + return nil + } + + rl := resourceList.([]interface{}) + + log.Printf("[INFO][SWEEPER_LOG] Found %d items in %s list response.", len(rl), resourceName) + // Keep count of items that aren't sweepable for logging. + nonPrefixCount := 0 + for _, ri := range rl { + obj := ri.(map[string]interface{}) + if obj["name"] == nil { + log.Printf("[INFO][SWEEPER_LOG] %s resource name was nil", resourceName) + return nil + } + + name := tpgresource.GetResourceNameFromSelfLink(obj["name"].(string)) + // Skip resources that shouldn't be sweeped + if !sweeper.IsSweepableTestResource(name) { + nonPrefixCount++ + continue + } + + deleteTemplate := "https://vmwareengine.googleapis.com/v1/projects/{{project}}/locations/{{location}}/networkPolicies/{{name}}" + deleteUrl, err := tpgresource.ReplaceVars(d, config, deleteTemplate) + if err != nil { + log.Printf("[INFO][SWEEPER_LOG] error preparing delete url: %s", err) + return nil + } + deleteUrl = deleteUrl + name + + // Don't wait on operations as we may have a lot to delete + _, err = transport_tpg.SendRequest(transport_tpg.SendRequestOptions{ + Config: config, + Method: "DELETE", + Project: config.Project, + RawURL: deleteUrl, + UserAgent: config.UserAgent, + }) + if err != nil { + log.Printf("[INFO][SWEEPER_LOG] Error deleting for url %s : %s", deleteUrl, err) + } else { + log.Printf("[INFO][SWEEPER_LOG] Sent delete request for %s resource: %s", resourceName, name) + } + } + + if nonPrefixCount > 0 { + log.Printf("[INFO][SWEEPER_LOG] %d items were non-sweepable and skipped.", nonPrefixCount) + } + + return nil +} diff --git a/google/services/vmwareengine/resource_vmwareengine_network_policy_test.go b/google/services/vmwareengine/resource_vmwareengine_network_policy_test.go new file mode 100644 index 00000000000..3c3c8b194a2 --- /dev/null +++ b/google/services/vmwareengine/resource_vmwareengine_network_policy_test.go @@ -0,0 +1,80 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 +package vmwareengine_test + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + + "github.com/hashicorp/terraform-provider-google/google/acctest" + "github.com/hashicorp/terraform-provider-google/google/envvar" +) + +func TestAccVmwareengineNetworkPolicy_update(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "region": envvar.GetTestRegionFromEnv(), + "random_suffix": acctest.RandString(t, 10), + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckVmwareengineNetworkPolicyDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccVmwareengineNetworkPolicy_config(context, "description1", "192.168.0.0/26", false, false), + }, + { + ResourceName: "google_vmwareengine_network_policy.vmw-engine-network-policy", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"location", "name"}, + }, + { + Config: testAccVmwareengineNetworkPolicy_config(context, "description2", "192.168.1.0/26", true, true), + }, + { + ResourceName: "google_vmwareengine_network_policy.vmw-engine-network-policy", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"location", "name"}, + }, + }, + }) +} + +func testAccVmwareengineNetworkPolicy_config(context map[string]interface{}, description string, edgeServicesCidr string, internetAccess bool, externalIp bool) string { + context["internet_access"] = internetAccess + context["external_ip"] = externalIp + context["edge_services_cidr"] = edgeServicesCidr + context["description"] = description + + return acctest.Nprintf(` +resource "google_vmwareengine_network" "network-policy-nw" { + name = "tf-test-sample-nw%{random_suffix}" + location = "global" + type = "STANDARD" + description = "VMwareEngine standard network sample" +} + +resource "google_vmwareengine_network_policy" "vmw-engine-network-policy" { + location = "%{region}" + name = "tf-test-sample-network-policy%{random_suffix}" + description = "%{description}" + + internet_access { + enabled = "%{internet_access}" + } + + external_ip { + enabled = "%{external_ip}" + } + + edge_services_cidr = "%{edge_services_cidr}" + vmware_engine_network = google_vmwareengine_network.network-policy-nw.id +} +`, context) +} diff --git a/website/docs/d/vmwareengine_network_policy.html.markdown b/website/docs/d/vmwareengine_network_policy.html.markdown new file mode 100644 index 00000000000..3a7c74b3116 --- /dev/null +++ b/website/docs/d/vmwareengine_network_policy.html.markdown @@ -0,0 +1,32 @@ +--- +subcategory: "Cloud VMware Engine" +description: |- + Get information about a network policy. +--- + +# google\_vmwareengine\_network_policy + +Use this data source to get details about a network policy resource. + +To get more information about network policy, see: +* [API documentation](https://cloud.google.com/vmware-engine/docs/reference/rest/v1/projects.locations.networkPolicies) + +## Example Usage + +```hcl +data "google_vmwareengine_network_policy" "my_network_policy" { + name = "my-network-policy" + location = "us-central1" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - (Required) Name of the resource. +* `location` - (Required) Location of the resource. + +## Attributes Reference + +See [google_vmwareengine_network_policy](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/vmwareengine_network_policy#attributes-reference) resource for details of all the available attributes. \ No newline at end of file diff --git a/website/docs/r/vmwareengine_network_policy.html.markdown b/website/docs/r/vmwareengine_network_policy.html.markdown new file mode 100644 index 00000000000..928991c584a --- /dev/null +++ b/website/docs/r/vmwareengine_network_policy.html.markdown @@ -0,0 +1,205 @@ +--- +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** Type: MMv1 *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in +# .github/CONTRIBUTING.md. +# +# ---------------------------------------------------------------------------- +subcategory: "Cloud VMware Engine" +description: |- + Represents a network policy resource. +--- + +# google\_vmwareengine\_network\_policy + +Represents a network policy resource. Network policies are regional resources. + + +To get more information about NetworkPolicy, see: + +* [API documentation](https://cloud.google.com/vmware-engine/docs/reference/rest/v1/projects.locations.networkPolicies) + +## Example Usage - Vmware Engine Network Policy Basic + + +```hcl +resource "google_vmwareengine_network" "network-policy-nw" { + name = "standard-nw" + location = "global" + type = "STANDARD" + description = "VMwareEngine standard network sample" +} + +resource "google_vmwareengine_network_policy" "vmw-engine-network-policy" { + location = "us-west1" + name = "sample-network-policy" + edge_services_cidr = "192.168.30.0/26" + vmware_engine_network = google_vmwareengine_network.network-policy-nw.id +} +``` +## Example Usage - Vmware Engine Network Policy Full + + +```hcl +resource "google_vmwareengine_network" "network-policy-nw" { + name = "standard-full-nw" + location = "global" + type = "STANDARD" + description = "VMwareEngine standard network sample" +} + +resource "google_vmwareengine_network_policy" "vmw-engine-network-policy" { + location = "us-west1" + name = "sample-network-policy-full" + edge_services_cidr = "192.168.30.0/26" + vmware_engine_network = google_vmwareengine_network.network-policy-nw.id + description = "Sample Network Policy" + internet_access { + enabled = true + } + external_ip { + enabled = true + } +} +``` + +## Argument Reference + +The following arguments are supported: + + +* `edge_services_cidr` - + (Required) + IP address range in CIDR notation used to create internet access and external IP access. + An RFC 1918 CIDR block, with a "/26" prefix, is required. The range cannot overlap with any + prefixes either in the consumer VPC network or in use by the private clouds attached to that VPC network. + +* `vmware_engine_network` - + (Required) + The relative resource name of the VMware Engine network. Specify the name in the following form: + projects/{project}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId} where {project} + can either be a project number or a project ID. + +* `location` - + (Required) + The resource name of the location (region) to create the new network policy in. + Resource names are schemeless URIs that follow the conventions in https://cloud.google.com/apis/design/resource_names. + For example: projects/my-project/locations/us-central1 + +* `name` - + (Required) + The ID of the Network Policy. + + +- - - + + +* `description` - + (Optional) + User-provided description for this network policy. + +* `internet_access` - + (Optional) + Network service that allows VMware workloads to access the internet. + Structure is [documented below](#nested_internet_access). + +* `external_ip` - + (Optional) + Network service that allows External IP addresses to be assigned to VMware workloads. + This service can only be enabled when internetAccess is also enabled. + Structure is [documented below](#nested_external_ip). + +* `project` - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + + +The `internet_access` block supports: + +* `enabled` - + (Optional) + True if the service is enabled; false otherwise. + +* `state` - + (Output) + State of the service. New values may be added to this enum when appropriate. + +The `external_ip` block supports: + +* `enabled` - + (Optional) + True if the service is enabled; false otherwise. + +* `state` - + (Output) + State of the service. New values may be added to this enum when appropriate. + +## Attributes Reference + +In addition to the arguments listed above, the following computed attributes are exported: + +* `id` - an identifier for the resource with format `projects/{{project}}/locations/{{location}}/networkPolicies/{{name}}` + +* `create_time` - + Creation time of this resource. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and + up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + +* `update_time` - + Last updated time of this resource. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine + fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + +* `uid` - + System-generated unique identifier for the resource. + +* `vmware_engine_network_canonical` - + The canonical name of the VMware Engine network in the form: + projects/{project_number}/locations/{location}/vmwareEngineNetworks/{vmwareEngineNetworkId} + + +## Timeouts + +This resource provides the following +[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options: + +- `create` - Default is 60 minutes. +- `update` - Default is 60 minutes. +- `delete` - Default is 60 minutes. + +## Import + + +NetworkPolicy can be imported using any of these accepted formats: + +* `projects/{{project}}/locations/{{location}}/networkPolicies/{{name}}` +* `{{project}}/{{location}}/{{name}}` +* `{{location}}/{{name}}` + + +In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import NetworkPolicy using one of the formats above. For example: + +```tf +import { + id = "projects/{{project}}/locations/{{location}}/networkPolicies/{{name}}" + to = google_vmwareengine_network_policy.default +} +``` + +When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), NetworkPolicy can be imported using one of the formats above. For example: + +``` +$ terraform import google_vmwareengine_network_policy.default projects/{{project}}/locations/{{location}}/networkPolicies/{{name}} +$ terraform import google_vmwareengine_network_policy.default {{project}}/{{location}}/{{name}} +$ terraform import google_vmwareengine_network_policy.default {{location}}/{{name}} +``` + +## User Project Overrides + +This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).