diff --git a/mmv1/products/compute/go_FirewallPolicyWithRules.yaml b/mmv1/products/compute/go_FirewallPolicyWithRules.yaml new file mode 100644 index 000000000000..20877a838f5e --- /dev/null +++ b/mmv1/products/compute/go_FirewallPolicyWithRules.yaml @@ -0,0 +1,549 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'FirewallPolicyWithRules' +description: | + The Compute FirewallPolicy with rules resource. It declaratively manges all + rules in the firewall policy. +min_version: 'beta' +docs: +id_format: 'locations/global/firewallPolicies/{{policy_id}}' +base_url: 'locations/global/firewallPolicies?parentId={{parent}}' +self_link: 'locations/global/firewallPolicies/{{policy_id}}' +create_url: 'locations/global/firewallPolicies?parentId={{parent}}' +update_verb: 'PATCH' +import_format: + - 'locations/global/firewallPolicies/{{policy_id}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: + constants: 'templates/terraform/constants/go/resource_compute_firewall_policy_with_rules.go.tmpl' + encoder: 'templates/terraform/encoders/go/resource_compute_firewall_policy_with_rules.go.tmpl' + update_encoder: 'templates/terraform/update_encoder/go/resource_compute_firewall_policy_with_rules.go.tmpl' + decoder: 'templates/terraform/decoders/go/resource_compute_firewall_policy_with_rules.go.tmpl' + post_create: 'templates/terraform/post_create/go/resource_compute_firewall_policy_with_rules.go.tmpl' + post_delete: 'templates/terraform/post_delete/go/resource_compute_firewall_policy_with_rules.go.tmpl' + post_update: 'templates/terraform/post_update/go/resource_compute_firewall_policy_with_rules.go.tmpl' +examples: + - name: 'compute_firewall_policy_with_rules_full' + primary_resource_id: 'firewall-policy-with-rules' + vars: + policy_name: 'tf-fw-org-policy-with-rules' + address_group_name: 'tf-address-group' + security_profile_group_name: 'tf-security-profile-group' + security_profile_name: 'tf-security-profile' + test_env_vars: + org_id: 'ORG_ID' +parameters: + - name: 'parent' + type: String + description: | + The parent of this FirewallPolicy in the Cloud Resource Hierarchy. + Format: organizations/{organization_id} or folders/{folder_id} + min_version: 'beta' + required: true + immutable: true +properties: + - name: 'creationTimestamp' + type: String + description: Creation timestamp in RFC3339 text format. + min_version: 'beta' + output: true + - name: 'shortName' + type: String + description: A textual name of the security policy. + min_version: 'beta' + required: true + immutable: true + - name: 'policyId' + type: String + description: The unique identifier for the resource. This identifier is defined by the server. + api_name: id + min_version: 'beta' + output: true + - name: 'description' + type: String + description: An optional description of this resource. + min_version: 'beta' + - name: 'rule' + type: Array + description: A list of firewall policy rules. + api_name: rules + min_version: 'beta' + required: true + item_type: + type: NestedObject + properties: + - name: 'description' + type: String + description: | + A description of the rule. + min_version: 'beta' + - name: 'ruleName' + type: String + description: | + An optional name for the rule. This field is not a unique identifier + and can be updated. + min_version: 'beta' + - name: 'priority' + type: Integer + description: | + An integer indicating the priority of a rule in the list. The priority must be a value + between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the + highest priority and 2147483647 is the lowest priority. + min_version: 'beta' + required: true + - name: 'match' + type: NestedObject + description: + A match condition that incoming traffic is evaluated against. If it + evaluates to true, the corresponding 'action' is enforced. + min_version: 'beta' + required: true + properties: + - name: 'srcIpRanges' + type: Array + description: | + Source IP address range in CIDR format. Required for + INGRESS rules. + min_version: 'beta' + item_type: + type: String + - name: 'destIpRanges' + type: Array + description: | + Destination IP address range in CIDR format. Required for + EGRESS rules. + min_version: 'beta' + item_type: + type: String + - name: 'srcAddressGroups' + type: Array + description: | + Address groups which should be matched against the traffic source. + Maximum number of source address groups is 10. + min_version: 'beta' + item_type: + type: String + - name: 'destAddressGroups' + type: Array + description: | + Address groups which should be matched against the traffic destination. + Maximum number of destination address groups is 10. + min_version: 'beta' + item_type: + type: String + - name: 'srcFqdns' + type: Array + description: | + Fully Qualified Domain Name (FQDN) which should be matched against + traffic source. Maximum number of source fqdn allowed is 100. + min_version: 'beta' + item_type: + type: String + - name: 'destFqdns' + type: Array + description: | + Fully Qualified Domain Name (FQDN) which should be matched against + traffic destination. Maximum number of destination fqdn allowed is 100. + min_version: 'beta' + item_type: + type: String + - name: 'srcRegionCodes' + type: Array + description: | + Region codes whose IP addresses will be used to match for source + of traffic. Should be specified as 2 letter country code defined as per + ISO 3166 alpha-2 country codes. ex."US" + Maximum number of source region codes allowed is 5000. + min_version: 'beta' + item_type: + type: String + - name: 'destRegionCodes' + type: Array + description: | + Region codes whose IP addresses will be used to match for destination + of traffic. Should be specified as 2 letter country code defined as per + ISO 3166 alpha-2 country codes. ex."US" + Maximum number of destination region codes allowed is 5000. + min_version: 'beta' + item_type: + type: String + - name: 'srcThreatIntelligences' + type: Array + description: | + Names of Network Threat Intelligence lists. + The IPs in these lists will be matched against traffic source. + min_version: 'beta' + item_type: + type: String + - name: 'destThreatIntelligences' + type: Array + description: | + Names of Network Threat Intelligence lists. + The IPs in these lists will be matched against traffic destination. + min_version: 'beta' + item_type: + type: String + - name: 'layer4Config' + type: Array + description: | + Pairs of IP protocols and ports that the rule should match. + api_name: layer4Configs + min_version: 'beta' + required: true + item_type: + type: NestedObject + properties: + - name: 'ipProtocol' + type: String + description: | + The IP protocol to which this rule applies. The protocol + type is required when creating a firewall rule. + This value can either be one of the following well + known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), + or the IP protocol number. + min_version: 'beta' + required: true + - name: 'ports' + type: Array + description: | + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + min_version: 'beta' + item_type: + type: String + - name: 'action' + type: String + description: | + The Action to perform when the client connection triggers the rule. Can currently be either + "allow", "deny", "apply_security_profile_group" or "goto_next". + min_version: 'beta' + required: true + - name: 'direction' + type: Enum + description: | + The direction in which this rule applies. If unspecified an INGRESS rule is created. + min_version: 'beta' + enum_values: + - 'INGRESS' + - 'EGRESS' + - name: 'enableLogging' + type: Boolean + description: | + Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the + configured export destination in Stackdriver. + min_version: 'beta' + send_empty_value: true + - name: 'targetServiceAccounts' + type: Array + description: | + A list of service accounts indicating the sets of + instances that are applied with this rule. + min_version: 'beta' + item_type: + type: String + - name: 'securityProfileGroup' + type: String + description: | + A fully-qualified URL of a SecurityProfile resource instance. + Example: + https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group + Must be specified if action is 'apply_security_profile_group'. + min_version: 'beta' + - name: 'tlsInspect' + type: Boolean + description: | + Boolean flag indicating if the traffic should be TLS decrypted. + It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions. + min_version: 'beta' + - name: 'targetResources' + type: Array + description: | + A list of network resource URLs to which this rule applies. + This field allows you to control which network's VMs get + this rule. If this field is left blank, all VMs + within the organization will receive the rule. + min_version: 'beta' + item_type: + type: String + - name: 'disabled' + type: Boolean + description: | + Denotes whether the firewall policy rule is disabled. When set to true, + the firewall policy rule is not enforced and traffic behaves as if it did + not exist. If this is unspecified, the firewall policy rule will be + enabled. + min_version: 'beta' + - name: 'predefinedRules' + type: Array + description: A list of pre-define firewall policy rules. + min_version: 'beta' + output: true + item_type: + type: NestedObject + properties: + - name: 'description' + type: String + description: | + A description of the rule. + min_version: 'beta' + output: true + - name: 'ruleName' + type: String + description: | + An optional name for the rule. This field is not a unique identifier + and can be updated. + min_version: 'beta' + output: true + - name: 'priority' + type: Integer + description: | + An integer indicating the priority of a rule in the list. The priority must be a value + between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the + highest priority and 2147483647 is the lowest priority. + min_version: 'beta' + output: true + - name: 'match' + type: NestedObject + description: + A match condition that incoming traffic is evaluated against. If it + evaluates to true, the corresponding 'action' is enforced. + min_version: 'beta' + output: true + properties: + - name: 'srcIpRanges' + type: Array + description: | + Source IP address range in CIDR format. Required for + INGRESS rules. + min_version: 'beta' + output: true + item_type: + type: String + - name: 'destIpRanges' + type: Array + description: | + Destination IP address range in CIDR format. Required for + EGRESS rules. + min_version: 'beta' + output: true + item_type: + type: String + - name: 'srcAddressGroups' + type: Array + description: | + Address groups which should be matched against the traffic source. + Maximum number of source address groups is 10. + min_version: 'beta' + output: true + item_type: + type: String + - name: 'destAddressGroups' + type: Array + description: | + Address groups which should be matched against the traffic destination. + Maximum number of destination address groups is 10. + min_version: 'beta' + output: true + item_type: + type: String + - name: 'srcFqdns' + type: Array + description: | + Fully Qualified Domain Name (FQDN) which should be matched against + traffic source. Maximum number of source fqdn allowed is 100. + min_version: 'beta' + output: true + item_type: + type: String + - name: 'destFqdns' + type: Array + description: | + Fully Qualified Domain Name (FQDN) which should be matched against + traffic destination. Maximum number of destination fqdn allowed is 100. + min_version: 'beta' + output: true + item_type: + type: String + - name: 'srcRegionCodes' + type: Array + description: | + Region codes whose IP addresses will be used to match for source + of traffic. Should be specified as 2 letter country code defined as per + ISO 3166 alpha-2 country codes. ex."US" + Maximum number of source region codes allowed is 5000. + min_version: 'beta' + output: true + item_type: + type: String + - name: 'destRegionCodes' + type: Array + description: | + Region codes whose IP addresses will be used to match for destination + of traffic. Should be specified as 2 letter country code defined as per + ISO 3166 alpha-2 country codes. ex."US" + Maximum number of destination region codes allowed is 5000. + min_version: 'beta' + output: true + item_type: + type: String + - name: 'srcThreatIntelligences' + type: Array + description: | + Names of Network Threat Intelligence lists. + The IPs in these lists will be matched against traffic source. + min_version: 'beta' + output: true + item_type: + type: String + - name: 'destThreatIntelligences' + type: Array + description: | + Names of Network Threat Intelligence lists. + The IPs in these lists will be matched against traffic destination. + min_version: 'beta' + output: true + item_type: + type: String + - name: 'layer4Config' + type: Array + description: | + Pairs of IP protocols and ports that the rule should match. + api_name: layer4Configs + min_version: 'beta' + output: true + item_type: + type: NestedObject + properties: + - name: 'ipProtocol' + type: String + description: | + The IP protocol to which this rule applies. The protocol + type is required when creating a firewall rule. + This value can either be one of the following well + known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), + or the IP protocol number. + min_version: 'beta' + output: true + - name: 'ports' + type: Array + description: | + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + min_version: 'beta' + output: true + item_type: + type: String + - name: 'action' + type: String + description: | + The Action to perform when the client connection triggers the rule. Can currently be either + "allow", "deny", "apply_security_profile_group" or "goto_next". + min_version: 'beta' + output: true + - name: 'direction' + type: Enum + description: | + The direction in which this rule applies. If unspecified an INGRESS rule is created. + min_version: 'beta' + output: true + enum_values: + - 'INGRESS' + - 'EGRESS' + - name: 'enableLogging' + type: Boolean + description: | + Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the + configured export destination in Stackdriver. + min_version: 'beta' + output: true + - name: 'targetServiceAccounts' + type: Array + description: | + A list of service accounts indicating the sets of + instances that are applied with this rule. + min_version: 'beta' + output: true + item_type: + type: String + - name: 'securityProfileGroup' + type: String + description: | + A fully-qualified URL of a SecurityProfile resource instance. + Example: + https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group + Must be specified if action is 'apply_security_profile_group'. + min_version: 'beta' + output: true + - name: 'tlsInspect' + type: Boolean + description: | + Boolean flag indicating if the traffic should be TLS decrypted. + It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions. + min_version: 'beta' + output: true + - name: 'targetResources' + type: Array + description: | + A list of network resource URLs to which this rule applies. + This field allows you to control which network's VMs get + this rule. If this field is left blank, all VMs + within the organization will receive the rule. + min_version: 'beta' + output: true + item_type: + type: String + - name: 'disabled' + type: Boolean + description: | + Denotes whether the firewall policy rule is disabled. When set to true, + the firewall policy rule is not enforced and traffic behaves as if it did + not exist. If this is unspecified, the firewall policy rule will be + enabled. + min_version: 'beta' + output: true + - name: 'fingerprint' + type: Fingerprint + description: Fingerprint of the resource. This field is used internally during updates of this resource. + min_version: 'beta' + output: true + - name: 'selfLink' + type: String + description: Server-defined URL for the resource. + min_version: 'beta' + output: true + - name: 'selfLinkWithId' + type: String + description: Server-defined URL for this resource with the resource id. + min_version: 'beta' + output: true + - name: 'ruleTupleCount' + type: Integer + description: Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples. + min_version: 'beta' + output: true diff --git a/mmv1/products/compute/go_RegionUrlMap.yaml b/mmv1/products/compute/go_RegionUrlMap.yaml index 9483a040d8f8..80e63ab0db54 100644 --- a/mmv1/products/compute/go_RegionUrlMap.yaml +++ b/mmv1/products/compute/go_RegionUrlMap.yaml @@ -993,7 +993,7 @@ properties: - 'PERMANENT_REDIRECT' - 'SEE_OTHER' - 'TEMPORARY_REDIRECT' - skip_docs_values: true + exclude_docs_values: true - name: 'stripQuery' type: Boolean description: | @@ -1437,7 +1437,7 @@ properties: - 'PERMANENT_REDIRECT' - 'SEE_OTHER' - 'TEMPORARY_REDIRECT' - skip_docs_values: true + exclude_docs_values: true - name: 'stripQuery' type: Boolean description: | @@ -1504,7 +1504,7 @@ properties: - 'PERMANENT_REDIRECT' - 'SEE_OTHER' - 'TEMPORARY_REDIRECT' - skip_docs_values: true + exclude_docs_values: true - name: 'stripQuery' type: Boolean description: | @@ -1606,7 +1606,7 @@ properties: - 'PERMANENT_REDIRECT' - 'SEE_OTHER' - 'TEMPORARY_REDIRECT' - skip_docs_values: true + exclude_docs_values: true - name: 'stripQuery' type: Boolean description: | diff --git a/mmv1/products/compute/go_UrlMap.yaml b/mmv1/products/compute/go_UrlMap.yaml index 18bc7493dd0f..30ddaa909679 100644 --- a/mmv1/products/compute/go_UrlMap.yaml +++ b/mmv1/products/compute/go_UrlMap.yaml @@ -937,7 +937,7 @@ properties: - 'PERMANENT_REDIRECT' - 'SEE_OTHER' - 'TEMPORARY_REDIRECT' - skip_docs_values: true + exclude_docs_values: true - name: 'stripQuery' type: Boolean description: | @@ -1677,7 +1677,7 @@ properties: - 'PERMANENT_REDIRECT' - 'SEE_OTHER' - 'TEMPORARY_REDIRECT' - skip_docs_values: true + exclude_docs_values: true - name: 'stripQuery' type: Boolean description: | @@ -1743,7 +1743,7 @@ properties: - 'PERMANENT_REDIRECT' - 'SEE_OTHER' - 'TEMPORARY_REDIRECT' - skip_docs_values: true + exclude_docs_values: true - name: 'stripQuery' type: Boolean description: | @@ -2237,7 +2237,7 @@ properties: - 'PERMANENT_REDIRECT' - 'SEE_OTHER' - 'TEMPORARY_REDIRECT' - skip_docs_values: true + exclude_docs_values: true - name: 'stripQuery' type: Boolean description: | diff --git a/mmv1/products/databasemigrationservice/go_MigrationJob.yaml b/mmv1/products/databasemigrationservice/go_MigrationJob.yaml new file mode 100644 index 000000000000..9ee36ed33961 --- /dev/null +++ b/mmv1/products/databasemigrationservice/go_MigrationJob.yaml @@ -0,0 +1,287 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'MigrationJob' +description: 'A migration job definition.' +references: + guides: + 'Database Migration': 'https://cloud.google.com/database-migration/docs/' + api: 'https://cloud.google.com/database-migration/docs/reference/rest/v1/projects.locations.migrationJobs/create' +docs: +base_url: 'projects/{{project}}/locations/{{location}}/migrationJobs' +self_link: 'projects/{{project}}/locations/{{location}}/migrationJobs/{{migration_job_id}}' +create_url: 'projects/{{project}}/locations/{{location}}/migrationJobs?migrationJobId={{migration_job_id}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/locations/{{location}}/migrationJobs/{{migration_job_id}}' +timeouts: + insert_minutes: 60 + update_minutes: 60 + delete_minutes: 60 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + timeouts: + insert_minutes: 60 + update_minutes: 60 + delete_minutes: 60 + result: + path: 'response' + resource_inside_response: false + error: + path: 'error' + message: 'message' +custom_code: +examples: + - name: 'database_migration_service_migration_job_mysql_to_mysql' + primary_resource_id: 'mysqltomysql' + vars: + migration_id: 'my-migrationid' + source_csql: 'source-csql' + source_sqldb_cert: 'cert' + source_sqldb_user: 'username' + source_sqldb_pass: 'password' + source_cp: 'source-cp' + destination_csql: 'destination-csql' + destination_cp: 'destination-cp' + - name: 'database_migration_service_migration_job_postgres_to_postgres' + primary_resource_id: 'psqltopsql' + vars: + migration_id: 'my-migrationid' + source_csql: 'source-csql' + source_sqldb_cert: 'cert' + source_sqldb_user: 'username' + source_sqldb_pass: 'password' + source_cp: 'source-cp' + destination_csql: 'destination-csql' + destination_cp: 'destination-cp' + - name: 'database_migration_service_migration_job_postgres_to_alloydb' + primary_resource_id: 'psqltoalloydb' + vars: + migration_id: 'my-migrationid' + source_csql: 'source-csql' + source_sqldb_cert: 'cert' + source_sqldb_user: 'username' + source_sqldb_pass: 'password' + source_cp: 'source-cp' + destination_alloydb: 'destination-alloydb' + destination_cp: 'destination-cp' +parameters: + - name: 'migrationJobId' + type: String + description: | + The ID of the migration job. + url_param_only: true + required: true + immutable: true + - name: 'location' + type: String + description: | + The location where the migration job should reside. + url_param_only: true + immutable: true +properties: + - name: 'name' + type: String + description: | + The name of this migration job resource in the form of projects/{project}/locations/{location}/migrationJobs/{migrationJob}. + output: true + - name: 'displayName' + type: String + description: | + The migration job display name. + - name: 'createTime' + type: Time + description: | + Output only. The timestamp when the resource was created. A timestamp in RFC3339 UTC 'Zulu' format, accurate to nanoseconds. Example: '2014-10-02T15:01:23.045123456Z'. + output: true + - name: 'labels' + type: KeyValueLabels + description: | + The resource labels for migration job to use to annotate any related underlying resources such as Compute Engine VMs. + - name: 'state' + type: Enum + description: | + The current migration job state. + output: true + enum_values: + - 'DRAFT' + - 'NOT_STARTED' + - 'RUNNING' + - 'COMPLETED' + - 'STOPPED' + - 'FAILED' + - name: 'phase' + type: Enum + description: | + The current migration job phase. + output: true + enum_values: + - 'FULL_DUMP' + - 'CDC' + - 'PROMOTE_IN_PROGRESS' + - 'WAITING_FOR_SOURCE_WRITES_TO_STOP' + - 'PREPARING_THE_DUMP' + - 'READY_FOR_PROMOTE' + - name: 'error' + type: NestedObject + description: | + Output only. The error details in case of state FAILED. + output: true + properties: + - name: 'code' + type: Integer + description: | + The status code, which should be an enum value of google.rpc.Code. + output: true + - name: 'message' + type: String + description: | + Human readable message indicating details about the current status. + output: true + - name: 'details' + type: Array + description: | + A list of messages that carry the error details. + output: true + item_type: + type: KeyValuePairs + - name: 'type' + type: Enum + description: | + The type of the migration job. + required: true + immutable: true + enum_values: + - 'ONE_TIME' + - 'CONTINUOUS' + - name: 'source' + type: String + description: | + The name of the source connection profile resource in the form of projects/{project}/locations/{location}/connectionProfiles/{sourceConnectionProfile}. + required: true + immutable: true + - name: 'destination' + type: String + description: | + The name of the destination connection profile resource in the form of projects/{project}/locations/{location}/connectionProfiles/{destinationConnectionProfile}. + required: true + immutable: true + - name: 'dumpFlags' + type: NestedObject + description: | + The initial dump flags. + properties: + - name: 'dumpFlags' + type: Array + description: | + A list of dump flags + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + The name of the flag + - name: 'value' + type: String + description: | + The vale of the flag + - name: 'performanceConfig' + type: NestedObject + description: | + Data dump parallelism settings used by the migration. + properties: + - name: 'dumpParallelLevel' + type: Enum + description: | + Initial dump parallelism level. + enum_values: + - 'MIN' + - 'OPTIMAL' + - 'MAX' + - name: 'dumpPath' + type: String + description: | + The path to the dump file in Google Cloud Storage, + in the format: (gs://[BUCKET_NAME]/[OBJECT_NAME]). + This field and the "dump_flags" field are mutually exclusive. + - name: 'dumpType' + type: Enum + description: | + The type of the data dump. Supported for MySQL to CloudSQL for MySQL + migrations only. + enum_values: + - 'LOGICAL' + - 'PHYSICAL' + - name: 'staticIpConnectivity' + type: NestedObject + description: | + If set to an empty object (`{}`), the source database will allow incoming + connections from the public IP of the destination database. + You can retrieve the public IP of the Cloud SQL instance from the + Cloud SQL console or using Cloud SQL APIs. + send_empty_value: true + allow_empty_object: true + exactly_one_of: + - 'reverseSshConnectivity' + - 'vpcPeeringConnectivity' + properties: + [] + - name: 'reverseSshConnectivity' + type: NestedObject + description: | + The details of the VPC network that the source database is located in. + exactly_one_of: + - 'staticIpConnectivity' + - 'vpcPeeringConnectivity' + properties: + - name: 'vmIp' + type: String + description: | + The IP of the virtual machine (Compute Engine) used as the bastion server + for the SSH tunnel. + - name: 'vmPort' + type: Integer + description: | + The forwarding port of the virtual machine (Compute Engine) used as the + bastion server for the SSH tunnel. + - name: 'vm' + type: String + description: | + The name of the virtual machine (Compute Engine) used as the bastion server + for the SSH tunnel. + - name: 'vpc' + type: String + description: | + The name of the VPC to peer with the Cloud SQL private network. + - name: 'vpcPeeringConnectivity' + type: NestedObject + description: | + The details of the VPC network that the source database is located in. + exactly_one_of: + - 'staticIpConnectivity' + - 'reverseSshConnectivity' + properties: + - name: 'vpc' + type: String + description: | + The name of the VPC network to peer with the Cloud SQL private network. diff --git a/mmv1/products/discoveryengine/go_TargetSite.yaml b/mmv1/products/discoveryengine/go_TargetSite.yaml new file mode 100644 index 000000000000..2c6d1e96444e --- /dev/null +++ b/mmv1/products/discoveryengine/go_TargetSite.yaml @@ -0,0 +1,184 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'TargetSite' +description: | + TargetSite represents a URI pattern that the users want to confine their + search. +references: + guides: + api: 'https://cloud.google.com/generative-ai-app-builder/docs/reference/rest/v1/projects.locations.collections.dataStores.siteSearchEngine.targetSites' +docs: +base_url: 'projects/{{project}}/locations/{{location}}/collections/default_collection/dataStores/{{data_store_id}}/siteSearchEngine/targetSites' +self_link: '{{name}}' +create_url: 'projects/{{project}}/locations/{{location}}/collections/default_collection/dataStores/{{data_store_id}}/siteSearchEngine/targetSites' +delete_url: '{{name}}' +immutable: true +import_format: + - 'projects/{{project}}/locations/{{location}}/collections/default_collection/dataStores/{{data_store_id}}/siteSearchEngine/targetSites/{{target_site_id}}' +timeouts: + insert_minutes: 60 + update_minutes: 60 + delete_minutes: 60 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + timeouts: + insert_minutes: 60 + update_minutes: 60 + delete_minutes: 60 + result: + path: 'response' + resource_inside_response: false + error: + path: 'error' + message: 'message' +custom_code: + post_create: 'templates/terraform/post_create/go/set_computed_name.tmpl' + custom_import: 'templates/terraform/custom_import/go/discoveryengine_targetsite_set_id.go.tmpl' +examples: + - name: 'discoveryengine_targetsite_basic' + primary_resource_id: 'basic' + vars: + data_store_id: 'data-store-id' + ignore_read_extra: + - 'project' + - name: 'discoveryengine_targetsite_advanced' + primary_resource_id: 'advanced' + vars: + data_store_id: 'data-store-id' + ignore_read_extra: + - 'project' +parameters: + - name: 'location' + type: String + description: | + The geographic location where the data store should reside. The value can + only be one of "global", "us" and "eu". + url_param_only: true + required: true + immutable: true + - name: 'dataStoreId' + type: String + description: | + The unique id of the data store. + url_param_only: true + required: true + immutable: true + - name: 'targetSiteId' + type: String + description: | + The unique id of the target site. + + url_param_only: true + immutable: true + output: true +properties: + - name: 'name' + type: String + description: | + The unique full resource name of the target site. Values are of the format + `projects/{project}/locations/{location}/collections/{collection_id}/dataStores/{data_store_id}/siteSearchEngine/targetSites/{target_site_id}`. + This field must be a UTF-8 encoded string with a length limit of 1024 + characters. + output: true + - name: 'providedUriPattern' + type: String + description: | + The user provided URI pattern from which the `generated_uri_pattern` is + generated. + required: true + ignore_read: true + - name: 'type' + type: Enum + description: | + The possible target site types. + enum_values: + - 'INCLUDE' + - 'EXCLUDE' + - name: 'exactMatch' + type: Boolean + description: | + If set to false, a uri_pattern is generated to include all pages whose + address contains the provided_uri_pattern. If set to true, an uri_pattern + is generated to try to be an exact match of the provided_uri_pattern or + just the specific page if the provided_uri_pattern is a specific one. + provided_uri_pattern is always normalized to generate the URI pattern to + be used by the search engine. + default_value: false + - name: 'generatedUriPattern' + type: String + description: | + This is system-generated based on the `provided_uri_pattern`. + output: true + - name: 'rootDomainUri' + type: String + description: | + Root domain of the `provided_uri_pattern`. + output: true + - name: 'siteVerificationInfo' + type: NestedObject + description: | + Site ownership and validity verification status. + output: true + properties: + - name: 'siteVerificationState' + type: Enum + description: | + Site verification state indicating the ownership and validity. + enum_values: + - 'VERIFIED' + - 'UNVERIFIED' + - 'EXEMPTED' + - name: 'verifyTime' + type: Time + description: | + Latest site verification time. + - name: 'indexingStatus' + type: Enum + description: | + The indexing status. + output: true + enum_values: + - 'PENDING' + - 'FAILED' + - 'SUCCEEDED' + - 'DELETING' + - name: 'updateTime' + type: Time + description: | + The target site's last updated time. + output: true + - name: 'failureReason' + type: NestedObject + description: | + Site search indexing failure reasons. + output: true + properties: + - name: 'quotaFailure' + type: NestedObject + description: | + Site verification state indicating the ownership and validity. + properties: + - name: 'totalRequiredQuota' + type: Integer + description: | + This number is an estimation on how much total quota this project + needs to successfully complete indexing. diff --git a/mmv1/products/healthcare/go_FhirStore.yaml b/mmv1/products/healthcare/go_FhirStore.yaml index c4c622d904ff..09df23de954c 100644 --- a/mmv1/products/healthcare/go_FhirStore.yaml +++ b/mmv1/products/healthcare/go_FhirStore.yaml @@ -60,7 +60,7 @@ examples: dataset_name: 'example-dataset' fhir_store_name: 'example-fhir-store' pubsub_topic: 'fhir-notifications' - skip_docs: true + exclude_docs: true - name: 'healthcare_fhir_store_notification_configs' primary_resource_id: 'default' vars: diff --git a/mmv1/products/healthcare/go_Workspace.yaml b/mmv1/products/healthcare/go_Workspace.yaml new file mode 100644 index 000000000000..f4cabe215c7e --- /dev/null +++ b/mmv1/products/healthcare/go_Workspace.yaml @@ -0,0 +1,81 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Workspace' +description: | + A Data Mapper workspace is used to configure Data Mapper access, permissions and data sources for mapping clinical patient data to the FHIR standard. +references: + guides: + 'Create and manage Data Mapper workspaces ': 'https://cloud.google.com/healthcare-api/healthcare-data-engine/docs/manage-workspaces' + api: 'https://cloud.google.com/healthcare-api/healthcare-data-engine/docs/reference/rest/v1/projects.locations.datasets.dataMapperWorkspaces' +docs: +id_format: '{{dataset}}/dataMapperWorkspaces/{{name}}' +base_url: '{{dataset}}/dataMapperWorkspaces?workspaceId={{name}}' +self_link: '{{dataset}}/dataMapperWorkspaces/{{name}}' +create_url: '{{dataset}}/dataMapperWorkspaces?workspaceId={{name}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - '{{%dataset}}/dataMapperWorkspaces/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: +exclude_sweeper: true +examples: + - name: 'healthcare_workspace_basic' + primary_resource_id: 'default' + vars: + dataset_name: 'example-dataset' + workspace_name: 'example-dm-workspace' + source_project_id: 'example-data-source-project-id' +parameters: + - name: 'dataset' + type: ResourceRef + description: | + Identifies the dataset addressed by this request. Must be in the format + 'projects/{project}/locations/{location}/datasets/{dataset}' + url_param_only: true + required: true + immutable: true + resource: 'Dataset' + imports: 'selfLink' +properties: + - name: 'name' + type: String + description: | + The name of the workspace, in the format 'projects/{projectId}/locations/{location}/datasets/{datasetId}/dataMapperWorkspaces/{workspaceId}' + required: true + immutable: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + - name: 'settings' + type: NestedObject + description: | + Settings associated with this workspace. + required: true + properties: + - name: 'dataProjectIds' + type: Array + description: | + Project IDs for data projects hosted in a workspace. + required: true + item_type: + type: String + - name: 'labels' + type: KeyValueLabels + description: | + The user labels. An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" } + required: false diff --git a/mmv1/products/pubsub/go_Subscription.yaml b/mmv1/products/pubsub/go_Subscription.yaml index 936736f56d87..936faf85a089 100644 --- a/mmv1/products/pubsub/go_Subscription.yaml +++ b/mmv1/products/pubsub/go_Subscription.yaml @@ -361,7 +361,7 @@ properties: retain_acked_messages is true, then this also configures the retention of acknowledged messages, and thus configures how far back in time a subscriptions.seek can be done. Defaults to 7 days. Cannot be more - than 7 days (`"604800s"`) or less than 10 minutes (`"600s"`). + than 31 days (`"2678400s"`) or less than 10 minutes (`"600s"`). A duration in seconds with up to nine fractional digits, terminated by 's'. Example: `"600.5s"`. diff --git a/mmv1/products/secretmanager/go_product.yaml b/mmv1/products/secretmanager/go_product.yaml index a09927480852..b2bc19bc20b9 100644 --- a/mmv1/products/secretmanager/go_product.yaml +++ b/mmv1/products/secretmanager/go_product.yaml @@ -14,8 +14,8 @@ # Warning: This is a temporary file, and should not be edited directly --- name: 'SecretManager' -display_name: 'Secret Manager' legacy_name: 'secret_manager' +display_name: 'Secret Manager' versions: - name: 'ga' base_url: 'https://secretmanager.googleapis.com/v1/' diff --git a/mmv1/products/secretmanagerregional/RegionalSecret.yaml b/mmv1/products/secretmanagerregional/RegionalSecret.yaml index 27e551e2be99..766ad05ed435 100644 --- a/mmv1/products/secretmanagerregional/RegionalSecret.yaml +++ b/mmv1/products/secretmanagerregional/RegionalSecret.yaml @@ -171,8 +171,8 @@ properties: name: name required: true description: | - The resource name of the Pub/Sub topic that will be published to, in the following - format: projects/*/topics/*. For publication to succeed, the Secret Manager Service + The resource name of the Pub/Sub topic that will be published to, in the following format: + projects/*/topics/*. For publication to succeed, the Secret Manager Service Agent service account must have pubsub.publisher permissions on the topic. - !ruby/object:Api::Type::NestedObject name: rotation diff --git a/mmv1/products/secretmanagerregional/go_RegionalSecret.yaml b/mmv1/products/secretmanagerregional/go_RegionalSecret.yaml new file mode 100644 index 000000000000..86495df18f5e --- /dev/null +++ b/mmv1/products/secretmanagerregional/go_RegionalSecret.yaml @@ -0,0 +1,210 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'RegionalSecret' +description: | + A Regional Secret is a logical secret whose value and versions can be created and accessed within a region only. +references: + guides: + api: 'https://cloud.google.com/secret-manager/docs/reference/rest/v1/projects.secrets' +docs: +base_url: 'projects/{{project}}/locations/{{location}}/secrets' +self_link: 'projects/{{project}}/locations/{{location}}/secrets/{{secret_id}}' +create_url: 'projects/{{project}}/locations/{{location}}/secrets?secretId={{secret_id}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/locations/{{location}}/secrets/{{secret_id}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +iam_policy: + method_name_separator: ':' + allowed_iam_role: 'roles/secretmanager.secretAccessor' + parent_resource_attribute: 'secret_id' + iam_conditions_request_type: 'QUERY_PARAM_NESTED' + example_config_body: 'templates/terraform/iam/example_config_body/go/secret_manager_regional_secret.tf.tmpl' + import_format: + - 'projects/{{project}}/locations/{{location}}/secrets/{{secret_id}}' + - '{{secret_id}}' +custom_code: + pre_update: 'templates/terraform/pre_update/go/secret_manager_regional_secret.go.tmpl' +examples: + - name: 'regional_secret_config_basic' + primary_resource_id: 'regional-secret-basic' + primary_resource_name: 'fmt.Sprintf("tf-test-tf-reg-secret%s", context["random_suffix"])' + vars: + secret_id: 'tf-reg-secret' + - name: 'regional_secret_with_cmek' + primary_resource_id: 'regional-secret-with-cmek' + vars: + secret_id: 'tf-reg-secret' + kms_key_name: 'kms-key' + test_vars_overrides: + 'kms_key_name': 'acctest.BootstrapKMSKeyInLocation(t, "us-central1").CryptoKey.Name' + - name: 'regional_secret_with_rotation' + primary_resource_id: 'regional-secret-with-rotation' + vars: + secret_id: 'tf-reg-secret' + topic_id: 'tf-topic' + timestamp: '2045-11-30T00:00:00Z' + test_vars_overrides: + 'timestamp': '"2122-11-30T00:00:00Z"' + - name: 'regional_secret_with_ttl' + primary_resource_id: 'regional-secret-with-ttl' + vars: + secret_id: 'tf-reg-secret' + - name: 'regional_secret_with_expire_time' + primary_resource_id: 'regional-secret-with-expire-time' + vars: + secret_id: 'tf-reg-secret' + timestamp: '2055-11-30T00:00:00Z' + test_vars_overrides: + 'timestamp': '"2122-11-30T00:00:00Z"' + - name: 'regional_secret_with_version_destroy_ttl' + primary_resource_id: 'regional-secret-with-version-destroy-ttl' + vars: + secret_id: 'tf-reg-secret' +parameters: + - name: 'location' + type: String + description: | + The location of the regional secret. eg us-central1 + url_param_only: true + required: true + immutable: true + - name: 'secretId' + type: String + description: | + This must be unique within the project. + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + The resource name of the regional secret. Format: + `projects/{{project}}/locations/{{location}}/secrets/{{secret_id}}` + output: true + - name: 'createTime' + type: String + description: | + The time at which the regional secret was created. + output: true + - name: 'labels' + type: KeyValueLabels + description: | + The labels assigned to this regional secret. + + Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, + and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}_-]{0,62} + + Label values must be between 0 and 63 characters long, have a UTF-8 encoding of maximum 128 bytes, + and must conform to the following PCRE regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63} + + No more than 64 labels can be assigned to a given resource. + + An object containing a list of "key": value pairs. Example: + { "name": "wrench", "mass": "1.3kg", "count": "3" }. + - name: 'annotations' + type: KeyValueAnnotations + description: | + Custom metadata about the regional secret. + + Annotations are distinct from various forms of labels. Annotations exist to allow + client tools to store their own state information without requiring a database. + + Annotation keys must be between 1 and 63 characters long, have a UTF-8 encoding of + maximum 128 bytes, begin and end with an alphanumeric character ([a-z0-9A-Z]), and + may have dashes (-), underscores (_), dots (.), and alphanumerics in between these + symbols. + + The total size of annotation keys and values must be less than 16KiB. + + An object containing a list of "key": value pairs. Example: + { "name": "wrench", "mass": "1.3kg", "count": "3" }. + - name: 'customerManagedEncryption' + type: NestedObject + description: | + The customer-managed encryption configuration of the regional secret. + properties: + - name: 'kmsKeyName' + type: String + description: | + The resource name of the Cloud KMS CryptoKey used to encrypt secret payloads. + required: true + - name: 'topics' + type: Array + description: | + A list of up to 10 Pub/Sub topics to which messages are published when control plane + operations are called on the regional secret or its versions. + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + The resource name of the Pub/Sub topic that will be published to, in the following format: + projects/*/topics/*. For publication to succeed, the Secret Manager Service + Agent service account must have pubsub.publisher permissions on the topic. + required: true + - name: 'rotation' + type: NestedObject + description: | + The rotation time and period for a regional secret. At `next_rotation_time`, Secret Manager + will send a Pub/Sub notification to the topics configured on the Secret. `topics` must be + set to configure rotation. + required_with: + - 'topics' + properties: + - name: 'nextRotationTime' + type: String + description: | + Timestamp in UTC at which the Secret is scheduled to rotate. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine + fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + - name: 'rotationPeriod' + type: String + description: | + The Duration between rotation notifications. Must be in seconds and at least 3600s (1h) + and at most 3153600000s (100 years). If rotationPeriod is set, `next_rotation_time` must + be set. `next_rotation_time` will be advanced by this period when the service + automatically sends rotation notifications. + required_with: + - 'rotation.0.next_rotation_time' + - name: 'expireTime' + type: String + description: | + Timestamp in UTC when the regional secret is scheduled to expire. This is always provided on + output, regardless of what was sent on input. A timestamp in RFC3339 UTC "Zulu" format, with + nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and + "2014-10-02T15:01:23.045123456Z". Only one of `expire_time` or `ttl` can be provided. + default_from_api: true + - name: 'ttl' + type: String + description: | + The TTL for the regional secret. A duration in seconds with up to nine fractional digits, + terminated by 's'. Example: "3.5s". Only one of `ttl` or `expire_time` can be provided. + ignore_read: true + - name: 'versionDestroyTtl' + type: String + description: | + Secret Version TTL after destruction request. + This is a part of the delayed delete feature on Secret Version. + For secret with versionDestroyTtl>0, version destruction doesn't happen immediately + on calling destroy instead the version goes to a disabled state and + the actual destruction happens after this TTL expires. It must be atleast 24h. diff --git a/mmv1/products/secretmanagerregional/go_product.yaml b/mmv1/products/secretmanagerregional/go_product.yaml new file mode 100644 index 000000000000..fef25bb9387e --- /dev/null +++ b/mmv1/products/secretmanagerregional/go_product.yaml @@ -0,0 +1,25 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'SecretManagerRegional' +legacy_name: 'secret_manager' +display_name: 'Secret Manager' +versions: + - name: 'ga' + base_url: 'https://secretmanager.{{location}}.rep.googleapis.com/v1/' + - name: 'beta' + base_url: 'https://secretmanager.{{location}}.rep.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/securesourcemanager/go_Instance.yaml b/mmv1/products/securesourcemanager/go_Instance.yaml index e51b0e23130f..a6b690632e70 100644 --- a/mmv1/products/securesourcemanager/go_Instance.yaml +++ b/mmv1/products/securesourcemanager/go_Instance.yaml @@ -65,6 +65,9 @@ examples: primary_resource_name: 'fmt.Sprintf("tf-test-my-instance%s", context["random_suffix"])' vars: instance_id: 'my-instance' + prevent_destroy: 'true' + test_vars_overrides: + 'prevent_destroy': 'false' - name: 'secure_source_manager_instance_cmek' primary_resource_id: 'default' primary_resource_name: 'fmt.Sprintf("tf-test-my-instance%s", context["random_suffix"])' @@ -72,6 +75,9 @@ examples: instance_id: 'my-instance' keyring_name: 'my-keyring' key_name: 'my-key' + prevent_destroy: 'true' + test_vars_overrides: + 'prevent_destroy': 'false' - name: 'secure_source_manager_instance_private' primary_resource_id: 'default' primary_resource_name: 'fmt.Sprintf("tf-test-my-instance%s", context["random_suffix"])' @@ -79,6 +85,9 @@ examples: instance_id: 'my-instance' ca_pool_id: 'ca-pool' root_ca_id: 'root-ca' + prevent_destroy: 'true' + test_vars_overrides: + 'prevent_destroy': 'false' external_providers: ["time"] - name: 'secure_source_manager_instance_private_psc_backend' primary_resource_id: 'default' @@ -95,6 +104,9 @@ examples: instance_id: 'my-instance' ca_pool_id: 'ca-pool' root_ca_id: 'root-ca' + prevent_destroy: 'true' + test_vars_overrides: + 'prevent_destroy': 'false' external_providers: ["time"] - name: 'secure_source_manager_instance_private_psc_endpoint' primary_resource_id: 'default' @@ -108,6 +120,9 @@ examples: instance_id: 'my-instance' ca_pool_id: 'ca-pool' root_ca_id: 'root-ca' + prevent_destroy: 'true' + test_vars_overrides: + 'prevent_destroy': 'false' external_providers: ["time"] parameters: - name: 'location' diff --git a/mmv1/products/securesourcemanager/go_Repository.yaml b/mmv1/products/securesourcemanager/go_Repository.yaml index 3e07e7c5e300..5ce81e7f3ab7 100644 --- a/mmv1/products/securesourcemanager/go_Repository.yaml +++ b/mmv1/products/securesourcemanager/go_Repository.yaml @@ -59,12 +59,18 @@ examples: vars: repository_id: 'my-repository' instance_id: 'my-instance' + prevent_destroy: 'true' + test_vars_overrides: + 'prevent_destroy': 'false' - name: 'secure_source_manager_repository_initial_config' primary_resource_id: 'default' primary_resource_name: 'fmt.Sprintf("tf-test-my-repository%s", context["random_suffix"])' vars: repository_id: 'my-repository' instance_id: 'my-instance' + prevent_destroy: 'true' + test_vars_overrides: + 'prevent_destroy': 'false' parameters: - name: 'location' type: String diff --git a/mmv1/products/securitycenter/go_FolderSccBigQueryExport.yaml b/mmv1/products/securitycenter/go_FolderSccBigQueryExport.yaml new file mode 100644 index 000000000000..8d8f77d5fbf4 --- /dev/null +++ b/mmv1/products/securitycenter/go_FolderSccBigQueryExport.yaml @@ -0,0 +1,146 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'FolderSccBigQueryExport' +description: | + A Cloud Security Command Center (Cloud SCC) Big Query Export Config. + It represents exporting Security Command Center data, including assets, findings, and security marks + to a BigQuery instance. + + -> **Note:** In order to use Cloud SCC resources, your organization must be enrolled + in [SCC Standard/Premium](https://cloud.google.com/security-command-center/docs/quickstart-security-command-center). + Without doing so, you may run into errors during resource creation. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/security-command-center/docs/how-to-analyze-findings-in-big-query' + api: 'https://cloud.google.com/security-command-center/docs/reference/rest/v1/folders.bigQueryExports' +docs: +base_url: 'folders/{{folder}}/bigQueryExports' +self_link: 'folders/{{folder}}/bigQueryExports/{{big_query_export_id}}' +create_url: 'folders/{{folder}}/bigQueryExports?bigQueryExportId={{big_query_export_id}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'folders/{{folder}}/bigQueryExports/{{big_query_export_id}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: +examples: + - name: 'scc_folder_big_query_export_config_basic' + primary_resource_id: 'custom_big_query_export_config' + vars: + big_query_export_id: 'my-export' + dataset: 'my-dataset' + dataset_id: 'my_dataset_id' + name: 'my-export' + folder_display_name: 'folder-name' + test_env_vars: + org_id: 'ORG_ID' + project: 'PROJECT_NAME' + exclude_test: true +parameters: + - name: 'folder' + type: String + description: | + The folder where Cloud Security Command Center Big Query Export + Config lives in. + url_param_only: true + required: true + immutable: true + - name: 'bigQueryExportId' + type: String + description: | + This must be unique within the organization. + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + The resource name of this export, in the format + `projects/{{project}}/bigQueryExports/{{big_query_export_id}}`. + This field is provided in responses, and is ignored when provided in create requests. + output: true + - name: 'description' + type: String + description: | + The description of the export (max of 1024 characters). + required: true + validation: + function: 'validation.StringLenBetween(0, 1024)' + - name: 'dataset' + type: String + description: | + The dataset to write findings' updates to. + Its format is "projects/[projectId]/datasets/[bigquery_dataset_id]". + BigQuery Dataset unique ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). + required: true + - name: 'createTime' + type: String + description: | + The time at which the BigQuery export was created. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'updateTime' + type: String + description: | + The most recent time at which the BigQuery export was updated. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'mostRecentEditor' + type: String + description: | + Email address of the user who last edited the BigQuery export. + output: true + - name: 'principal' + type: String + description: | + The service account that needs permission to create table and upload data to the BigQuery dataset. + output: true + - name: 'filter' + type: String + description: | + Expression that defines the filter to apply across create/update + events of findings. The + expression is a list of zero or more restrictions combined via + logical operators AND and OR. Parentheses are supported, and OR + has higher precedence than AND. + + Restrictions have the form and may have + a - character in front of them to indicate negation. The fields + map to those defined in the corresponding resource. + + The supported operators are: + + * = for all value types. + * >, <, >=, <= for integer values. + * :, meaning substring matching, for strings. + + The supported value types are: + + * string literals in quotes. + * integer literals without quotes. + * boolean literals true and false without quotes. + + See + [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) + for information on how to write a filter. + required: true + send_empty_value: true diff --git a/mmv1/products/securitycenter/go_OrganizationSccBigQueryExport.yaml b/mmv1/products/securitycenter/go_OrganizationSccBigQueryExport.yaml new file mode 100644 index 000000000000..ed01cd712595 --- /dev/null +++ b/mmv1/products/securitycenter/go_OrganizationSccBigQueryExport.yaml @@ -0,0 +1,141 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'OrganizationSccBigQueryExport' +description: | + A Cloud Security Command Center (Cloud SCC) Big Query Export Config. + It represents exporting Security Command Center data, including assets, findings, and security marks + using gcloud scc bqexports + ~> **Note:** In order to use Cloud SCC resources, your organization must be enrolled + in [SCC Standard/Premium](https://cloud.google.com/security-command-center/docs/quickstart-security-command-center). + Without doing so, you may run into errors during resource creation. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/security-command-center/docs/how-to-analyze-findings-in-big-query' + api: 'https://cloud.google.com/security-command-center/docs/reference/rest/v1/organizations.bigQueryExports' +docs: +base_url: 'organizations/{{organization}}/bigQueryExports' +self_link: 'organizations/{{organization}}/bigQueryExports/{{big_query_export_id}}' +create_url: 'organizations/{{organization}}/bigQueryExports?bigQueryExportId={{big_query_export_id}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'organizations/{{organization}}/bigQueryExports/{{big_query_export_id}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: +examples: + - name: 'scc_organization_big_query_export_config_basic' + primary_resource_id: 'custom_big_query_export_config' + vars: + big_query_export_id: 'my-export' + dataset: 'my-dataset' + name: 'my-export' + test_env_vars: + org_id: 'ORG_ID' + project: 'PROJECT_NAME' + external_providers: ["random", "time"] + exclude_test: true +parameters: + - name: 'organization' + type: String + description: | + The organization whose Cloud Security Command Center the Big Query Export + Config lives in. + url_param_only: true + required: true + immutable: true + - name: 'bigQueryExportId' + type: String + description: | + This must be unique within the organization. + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + The resource name of this export, in the format + `organizations/{{organization}}/bigQueryExports/{{big_query_export_id}}`. + This field is provided in responses, and is ignored when provided in create requests. + output: true + - name: 'description' + type: String + description: | + The description of the notification config (max of 1024 characters). + validation: + function: 'validation.StringLenBetween(0, 1024)' + - name: 'dataset' + type: String + description: | + The dataset to write findings' updates to. + Its format is "projects/[projectId]/datasets/[bigquery_dataset_id]". + BigQuery Dataset unique ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). + - name: 'createTime' + type: String + description: | + The time at which the BigQuery export was created. This field is set by the server and will be ignored if provided on export on creation. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'updateTime' + type: String + description: | + The most recent time at which the BigQuery export was updated. This field is set by the server and will be ignored if provided on export creation or update. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'mostRecentEditor' + type: String + description: | + Email address of the user who last edited the BigQuery export. + This field is set by the server and will be ignored if provided on export creation or update. + output: true + - name: 'principal' + type: String + description: | + The service account that needs permission to create table and upload data to the BigQuery dataset. + output: true + - name: 'filter' + type: String + description: | + Expression that defines the filter to apply across create/update + events of findings. The + expression is a list of zero or more restrictions combined via + logical operators AND and OR. Parentheses are supported, and OR + has higher precedence than AND. + + Restrictions have the form and may have + a - character in front of them to indicate negation. The fields + map to those defined in the corresponding resource. + + The supported operators are: + + * = for all value types. + * \>, <, >=, <= for integer values. + * :, meaning substring matching, for strings. + + The supported value types are: + + * string literals in quotes. + * integer literals without quotes. + * boolean literals true and false without quotes. + + See + [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) + for information on how to write a filter. diff --git a/mmv1/products/securitycenter/go_ProjectSccBigQueryExport.yaml b/mmv1/products/securitycenter/go_ProjectSccBigQueryExport.yaml new file mode 100644 index 000000000000..0e48e4c6ab27 --- /dev/null +++ b/mmv1/products/securitycenter/go_ProjectSccBigQueryExport.yaml @@ -0,0 +1,136 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ProjectSccBigQueryExport' +description: | + A Cloud Security Command Center (Cloud SCC) Big Query Export Config. + It represents exporting Security Command Center data, including assets, findings, and security marks + using gcloud scc bqexports + ~> **Note:** In order to use Cloud SCC resources, your organization must be enrolled + in [SCC Standard/Premium](https://cloud.google.com/security-command-center/docs/quickstart-security-command-center). + Without doing so, you may run into errors during resource creation. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/security-command-center/docs/how-to-analyze-findings-in-big-query' + api: 'https://cloud.google.com/security-command-center/docs/reference/rest/v1/projects.bigQueryExports' +docs: +base_url: 'projects/{{project}}/bigQueryExports' +self_link: 'projects/{{project}}/bigQueryExports/{{big_query_export_id}}' +create_url: 'projects/{{project}}/bigQueryExports?bigQueryExportId={{big_query_export_id}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/bigQueryExports/{{big_query_export_id}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: +examples: + - name: 'scc_project_big_query_export_config_basic' + primary_resource_id: 'custom_big_query_export_config' + vars: + big_query_export_id: 'my-export' + dataset: 'my-dataset' + dataset_id: 'my_dataset_id' + name: 'my-export' + test_env_vars: + org_id: 'ORG_ID' + project: 'PROJECT_NAME' + ignore_read_extra: + - 'project' + external_providers: ["random", "time"] + exclude_test: true +parameters: + - name: 'bigQueryExportId' + type: String + description: | + This must be unique within the organization. + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + The resource name of this export, in the format + `projects/{{project}}/bigQueryExports/{{big_query_export_id}}`. + This field is provided in responses, and is ignored when provided in create requests. + output: true + - name: 'description' + type: String + description: | + The description of the notification config (max of 1024 characters). + validation: + function: 'validation.StringLenBetween(0, 1024)' + - name: 'dataset' + type: String + description: | + The dataset to write findings' updates to. + Its format is "projects/[projectId]/datasets/[bigquery_dataset_id]". + BigQuery Dataset unique ID must contain only letters (a-z, A-Z), numbers (0-9), or underscores (_). + - name: 'createTime' + type: String + description: | + The time at which the BigQuery export was created. This field is set by the server and will be ignored if provided on export on creation. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'updateTime' + type: String + description: | + The most recent time at which the BigQuery export was updated. This field is set by the server and will be ignored if provided on export creation or update. + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. + Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'mostRecentEditor' + type: String + description: | + Email address of the user who last edited the BigQuery export. + This field is set by the server and will be ignored if provided on export creation or update. + output: true + - name: 'principal' + type: String + description: | + The service account that needs permission to create table and upload data to the BigQuery dataset. + output: true + - name: 'filter' + type: String + description: | + Expression that defines the filter to apply across create/update + events of findings. The + expression is a list of zero or more restrictions combined via + logical operators AND and OR. Parentheses are supported, and OR + has higher precedence than AND. + + Restrictions have the form and may have + a - character in front of them to indicate negation. The fields + map to those defined in the corresponding resource. + + The supported operators are: + + * = for all value types. + * \>, <, >=, <= for integer values. + * :, meaning substring matching, for strings. + + The supported value types are: + + * string literals in quotes. + * integer literals without quotes. + * boolean literals true and false without quotes. + + See + [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) + for information on how to write a filter. diff --git a/mmv1/products/securitycenterv2/go_OrganizationSccBigQueryExport.yaml b/mmv1/products/securitycenterv2/go_OrganizationSccBigQueryExport.yaml index 374d9faef525..8c793974e2f4 100644 --- a/mmv1/products/securitycenterv2/go_OrganizationSccBigQueryExport.yaml +++ b/mmv1/products/securitycenterv2/go_OrganizationSccBigQueryExport.yaml @@ -50,7 +50,7 @@ examples: org_id: 'ORG_ID' project: 'PROJECT_NAME' external_providers: ["random", "time"] - skip_test: true + exclude_test: true parameters: - name: 'organization' type: String diff --git a/mmv1/products/siteverification/go_WebResource.yaml b/mmv1/products/siteverification/go_WebResource.yaml new file mode 100644 index 000000000000..7d0aeeb466b0 --- /dev/null +++ b/mmv1/products/siteverification/go_WebResource.yaml @@ -0,0 +1,107 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'WebResource' +description: | + A web resource is a website or domain with verified ownership. Once your + ownership is verified you will be able to manage your website in the + [Google Search Console](https://www.google.com/webmasters/tools/). + + ~> **Note:** The verification data (DNS `TXT` record, HTML file, `meta` tag, etc.) + must already exist before the web resource is created, and must be deleted before + the web resource is destroyed. The Google Site Verification API checks that the + verification data exists at creation time and does not exist at destruction time + and will fail if the required condition is not met. +references: + guides: + 'Getting Started': 'https://developers.google.com/site-verification/v1/getting_started' + api: 'https://developers.google.com/site-verification/v1' +docs: +id_format: 'webResource/{{web_resource_id}}' +base_url: 'webResource' +self_link: 'webResource/{{web_resource_id}}' +create_url: 'webResource?verificationMethod={{verification_method}}' +delete_url: 'webResource/{{web_resource_id}}' +immutable: true +timeouts: + insert_minutes: 60 + update_minutes: 20 + delete_minutes: 20 +identity: + - web_resource_id +custom_code: +error_retry_predicates: + + - 'transport_tpg.IsSiteVerificationRetryableError' +supports_indirect_user_project_override: true +examples: + - name: 'site_verification_domain_record' + primary_resource_id: 'example' + vars: + managed_zone: 'example.com' + domain: 'www.example.com' + dns_name: 'www.example.com.' + exclude_test: true +parameters: + - name: 'verification_method' + type: Enum + description: | + The verification method for the Site Verification system to use to verify + this site or domain. + url_param_only: true + required: true + immutable: true + enum_values: + - 'ANALYTICS' + - 'DNS_CNAME' + - 'DNS_TXT' + - 'FILE' + - 'META' + - 'TAG_MANAGER' +properties: + - name: 'web_resource_id' + type: String + description: | + The string used to identify this web resource. + api_name: id + output: true + - name: 'site' + type: NestedObject + description: | + Container for the address and type of a site for which a verification token will be verified. + required: true + properties: + - name: 'type' + type: Enum + description: | + The type of resource to be verified. + required: true + enum_values: + - 'INET_DOMAIN' + - 'SITE' + - name: 'identifier' + type: String + description: | + The site identifier. If the type is set to SITE, the identifier is a URL. If the type is + set to INET_DOMAIN, the identifier is a domain name. + required: true + - name: 'owners' + type: Array + description: | + The email addresses of all direct, verified owners of this exact property. Indirect owners — + for example verified owners of the containing domain—are not included in this list. + output: true + item_type: + type: String diff --git a/mmv1/products/siteverification/go_product.yaml b/mmv1/products/siteverification/go_product.yaml index e95ef3c8ac01..7d91c1ba3733 100644 --- a/mmv1/products/siteverification/go_product.yaml +++ b/mmv1/products/siteverification/go_product.yaml @@ -10,6 +10,8 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly --- name: 'SiteVerification' display_name: 'Site Verification' diff --git a/mmv1/products/vertexai/go_IndexEndpointDeployedIndex.yaml b/mmv1/products/vertexai/go_IndexEndpointDeployedIndex.yaml index ce5f5e091574..6dfd2652e01f 100644 --- a/mmv1/products/vertexai/go_IndexEndpointDeployedIndex.yaml +++ b/mmv1/products/vertexai/go_IndexEndpointDeployedIndex.yaml @@ -221,7 +221,6 @@ properties: type: NestedObject description: | The minimum number of replicas this DeployedModel will be always deployed on. - # This field (and its nested fields) is not updatable via the mutateDeployedIndex method in the API, which is the only update method usable by this 'fine-grained' resource. This is why the field is marked as immutable despite the API docs not marking the field as immutable. required: true immutable: true properties: @@ -248,14 +247,12 @@ properties: type: Boolean description: | If true, private endpoint's access logs are sent to Cloud Logging. - # This field is not updatable via the mutateDeployedIndex method in the API, which is the only update method usable by this 'fine-grained' resource. This is why the field is marked as immutable despite the API docs not marking the field as immutable. immutable: true default_value: false - name: 'deployedIndexAuthConfig' type: NestedObject description: | If set, the authentication is enabled for the private endpoint. - # This field (and its nested fields) is not updatable via the mutateDeployedIndex method in the API, which is the only update method usable by this 'fine-grained' resource. This is why the field is marked as immutable despite the API docs not marking the field as immutable. immutable: true properties: - name: 'authProvider' @@ -284,7 +281,6 @@ properties: The value should be the name of the address (https://cloud.google.com/compute/docs/reference/rest/v1/addresses) Example: ['vertex-ai-ip-range']. For more information about subnets and network IP ranges, please see https://cloud.google.com/vpc/docs/subnets#manually_created_subnet_ip_ranges. - # This field is not updatable via the mutateDeployedIndex method in the API, which is the only update method usable by this 'fine-grained' resource. This is why the field is marked as immutable despite the API docs not marking the field as immutable. immutable: true item_type: type: String @@ -294,6 +290,5 @@ properties: The deployment group can be no longer than 64 characters (eg: 'test', 'prod'). If not set, we will use the 'default' deployment group. Creating deployment_groups with reserved_ip_ranges is a recommended practice when the peered network has multiple peering ranges. This creates your deployments from predictable IP spaces for easier traffic administration. Also, one deployment_group (except 'default') can only be used with the same reserved_ip_ranges which means if the deployment_group has been used with reserved_ip_ranges: [a, b, c], using it with [a, b] or [d, e] is disallowed. [See the official documentation here](https://cloud.google.com/vertex-ai/docs/reference/rest/v1/projects.locations.indexEndpoints#DeployedIndex.FIELDS.deployment_group). Note: we only support up to 5 deployment groups (not including 'default'). - # This field is not updatable via the mutateDeployedIndex method in the API, which is the only update method usable by this 'fine-grained' resource. This is why the field is marked as immutable despite the API docs not marking the field as immutable. immutable: true default_value: "default" diff --git a/mmv1/templates/terraform/constants/go/resource_compute_firewall_policy_with_rules.go.tmpl b/mmv1/templates/terraform/constants/go/resource_compute_firewall_policy_with_rules.go.tmpl new file mode 100644 index 000000000000..43f7fd30e2c3 --- /dev/null +++ b/mmv1/templates/terraform/constants/go/resource_compute_firewall_policy_with_rules.go.tmpl @@ -0,0 +1,51 @@ +func firewallPolicyWithRulesConvertPriorityToInt(v interface {}) (int64, error) { + if strVal, ok := v.(string); ok { + if intVal, err := tpgresource.StringToFixed64(strVal); err == nil { + return intVal, nil + } + } + + if intVal, ok := v.(int64); ok { + return intVal, nil + } + + if floatVal, ok := v.(float64); ok { + intVal := int64(floatVal) + return intVal, nil + } + + return 0, fmt.Errorf("Incorrect rule priority: %s. Priority must be a number", v) +} + +func firewallPolicyWithRulesIsPredefinedRule(rule map[string]interface{}) (bool, error) { + // Priorities from 2147483548 to 2147483647 are reserved and cannot be modified by the user. + const ReservedPriorityStart = 2147483548 + + priority := rule["priority"] + priorityInt, err := firewallPolicyWithRulesConvertPriorityToInt(priority) + + if err != nil { + return false, err + } + + return priorityInt >= ReservedPriorityStart, nil +} + +func firewallPolicyWithRulesSplitPredefinedRules(allRules []interface{}) ([]interface{}, []interface{}, error) { + predefinedRules := make([]interface{}, 0) + rules := make([]interface{}, 0) + for _, rule := range allRules { + isPredefined, err := firewallPolicyWithRulesIsPredefinedRule(rule.(map[string]interface{})) + if err != nil { + return nil, nil, err + } + + if isPredefined { + predefinedRules = append(predefinedRules, rule) + } else { + rules = append(rules, rule) + } + } + return rules, predefinedRules, nil +} + diff --git a/mmv1/templates/terraform/custom_import/go/discoveryengine_targetsite_set_id.go.tmpl b/mmv1/templates/terraform/custom_import/go/discoveryengine_targetsite_set_id.go.tmpl new file mode 100644 index 000000000000..cb84fa6f09b1 --- /dev/null +++ b/mmv1/templates/terraform/custom_import/go/discoveryengine_targetsite_set_id.go.tmpl @@ -0,0 +1,20 @@ +config := meta.(*transport_tpg.Config) +if err := tpgresource.ParseImportId([]string{ + "^projects/(?P[^/]+)/locations/(?P[^/]+)/collections/default_collection/dataStores/(?P[^/]+)/siteSearchEngine/targetSites/(?P[^/]+)$", +}, d, config); err != nil { + return nil, err +} + +// Set name based on the components +if err := d.Set("name", "projects/{{"{{"}}project{{"}}"}}/locations/{{"{{"}}location{{"}}"}}/collections/default_collection/dataStores/{{"{{"}}data_store_id{{"}}"}}/siteSearchEngine/targetSites/{{"{{"}}target_site_id{{"}}"}}"); err != nil { + return nil, fmt.Errorf("Error setting name: %s", err) +} + +// Replace import id for the resource id +id, err := tpgresource.ReplaceVars(d, config, d.Get("name").(string)) +if err != nil { + return nil, fmt.Errorf("Error constructing id: %s", err) +} +d.SetId(id) + +return []*schema.ResourceData{d}, nil \ No newline at end of file diff --git a/mmv1/templates/terraform/decoders/go/resource_compute_firewall_policy_with_rules.go.tmpl b/mmv1/templates/terraform/decoders/go/resource_compute_firewall_policy_with_rules.go.tmpl new file mode 100644 index 000000000000..6d09c0cac422 --- /dev/null +++ b/mmv1/templates/terraform/decoders/go/resource_compute_firewall_policy_with_rules.go.tmpl @@ -0,0 +1,16 @@ +rules, predefinedRules, err := firewallPolicyWithRulesSplitPredefinedRules(res["rules"].([]interface{})) + +if err != nil { + return nil, fmt.Errorf("Error occurred while splitting pre-defined rules: %s", err) +} + +res["rules"] = rules +res["predefinedRules"] = predefinedRules + +config := meta.(*transport_tpg.Config) + +if err := d.Set("predefined_rules", flattenComputeFirewallPolicyWithRulesPredefinedRules(predefinedRules, d, config)); err != nil { + return nil, fmt.Errorf("Error occurred while setting pre-defined rules: %s", err) +} + +return res, nil diff --git a/mmv1/templates/terraform/encoders/go/resource_compute_firewall_policy_with_rules.go.tmpl b/mmv1/templates/terraform/encoders/go/resource_compute_firewall_policy_with_rules.go.tmpl new file mode 100644 index 000000000000..939b22280811 --- /dev/null +++ b/mmv1/templates/terraform/encoders/go/resource_compute_firewall_policy_with_rules.go.tmpl @@ -0,0 +1,3 @@ +delete(obj, "rules") // Rules are not supported in the create API +return obj, nil + diff --git a/mmv1/templates/terraform/examples/go/compute_firewall_policy_with_rules_full.tf.tmpl b/mmv1/templates/terraform/examples/go/compute_firewall_policy_with_rules_full.tf.tmpl new file mode 100644 index 000000000000..9bdc5db96f52 --- /dev/null +++ b/mmv1/templates/terraform/examples/go/compute_firewall_policy_with_rules_full.tf.tmpl @@ -0,0 +1,92 @@ +data "google_project" "project" { + provider = google-beta +} + +resource "google_compute_firewall_policy_with_rules" "{{$.PrimaryResourceId}}" { + short_name = "{{index $.Vars "policy_name"}}" + description = "Terraform test" + parent = "organizations/{{index $.TestEnvVars "org_id"}}" + provider = google-beta + + rule { + description = "tcp rule" + priority = 1000 + enable_logging = true + action = "allow" + direction = "EGRESS" + match { + layer4_config { + ip_protocol = "tcp" + ports = [8080, 7070] + } + dest_ip_ranges = ["11.100.0.1/32"] + dest_fqdns = ["www.yyy.com", "www.zzz.com"] + dest_region_codes = ["HK", "IN"] + dest_threat_intelligences = ["iplist-search-engines-crawlers", "iplist-tor-exit-nodes"] + dest_address_groups = [google_network_security_address_group.address_group_1.id] + } + target_resources = ["https://www.googleapis.com/compute/beta/projects/${data.google_project.project.name}/global/networks/default"] + } + rule { + description = "udp rule" + priority = 2000 + enable_logging = false + action = "deny" + direction = "INGRESS" + match { + layer4_config { + ip_protocol = "udp" + } + src_ip_ranges = ["0.0.0.0/0"] + src_fqdns = ["www.abc.com", "www.def.com"] + src_region_codes = ["US", "CA"] + src_threat_intelligences = ["iplist-known-malicious-ips", "iplist-public-clouds"] + src_address_groups = [google_network_security_address_group.address_group_1.id] + } + disabled = true + } + rule { + description = "security profile group rule" + rule_name = "tcp rule" + priority = 3000 + enable_logging = false + action = "apply_security_profile_group" + direction = "INGRESS" + match { + layer4_config { + ip_protocol = "tcp" + } + src_ip_ranges = ["0.0.0.0/0"] + } + target_service_accounts = ["test@google.com"] + security_profile_group = "//networksecurity.googleapis.com/${google_network_security_security_profile_group.security_profile_group_1.id}" + tls_inspect = true + } +} + +resource "google_network_security_address_group" "address_group_1" { + provider = google-beta + name = "{{index $.Vars "address_group_name"}}" + parent = "organizations/{{index $.TestEnvVars "org_id"}}" + description = "Global address group" + location = "global" + items = ["208.80.154.224/32"] + type = "IPV4" + capacity = 100 +} + +resource "google_network_security_security_profile_group" "security_profile_group_1" { + provider = google-beta + name = "{{index $.Vars "security_profile_group_name"}}" + parent = "organizations/{{index $.TestEnvVars "org_id"}}" + description = "my description" + threat_prevention_profile = google_network_security_security_profile.security_profile_1.id +} + +resource "google_network_security_security_profile" "security_profile_1" { + provider = google-beta + name = "{{index $.Vars "security_profile_name"}}" + type = "THREAT_PREVENTION" + parent = "organizations/{{index $.TestEnvVars "org_id"}}" + location = "global" +} diff --git a/mmv1/templates/terraform/examples/go/database_migration_service_migration_job_mysql_to_mysql.tf.tmpl b/mmv1/templates/terraform/examples/go/database_migration_service_migration_job_mysql_to_mysql.tf.tmpl new file mode 100644 index 000000000000..a685679a6c88 --- /dev/null +++ b/mmv1/templates/terraform/examples/go/database_migration_service_migration_job_mysql_to_mysql.tf.tmpl @@ -0,0 +1,105 @@ +data "google_project" "project" { +} + +resource "google_sql_database_instance" "source_csql" { + name = "{{index $.Vars "source_csql"}}" + database_version = "MYSQL_5_7" + settings { + tier = "db-n1-standard-1" + deletion_protection_enabled = false + } + deletion_protection = false +} + +resource "google_sql_ssl_cert" "source_sql_client_cert" { + common_name = "{{index $.Vars "source_sqldb_cert"}}" + instance = google_sql_database_instance.source_csql.name + + depends_on = [google_sql_database_instance.source_csql] +} + +resource "google_sql_user" "source_sqldb_user" { + name = "{{index $.Vars "source_sqldb_user"}}" + instance = google_sql_database_instance.source_csql.name + password = "{{index $.Vars "source_sqldb_pass"}}" + + depends_on = [google_sql_ssl_cert.source_sql_client_cert] +} + +resource "google_database_migration_service_connection_profile" "source_cp" { + location = "us-central1" + connection_profile_id = "{{index $.Vars "source_cp"}}" + display_name = "{{index $.Vars "source_cp"}}_display" + labels = { + foo = "bar" + } + mysql { + host = google_sql_database_instance.source_csql.ip_address.0.ip_address + port = 3306 + username = google_sql_user.source_sqldb_user.name + password = google_sql_user.source_sqldb_user.password + ssl { + client_key = google_sql_ssl_cert.source_sql_client_cert.private_key + client_certificate = google_sql_ssl_cert.source_sql_client_cert.cert + ca_certificate = google_sql_ssl_cert.source_sql_client_cert.server_ca_cert + } + cloud_sql_id = "{{index $.Vars "source_csql"}}" + } + + depends_on = [google_sql_user.source_sqldb_user] +} + +resource "google_sql_database_instance" "destination_csql" { + name = "{{index $.Vars "destination_csql"}}" + database_version = "MYSQL_5_7" + settings { + tier = "db-n1-standard-1" + deletion_protection_enabled = false + } + deletion_protection = false +} + +resource "google_database_migration_service_connection_profile" "destination_cp" { + location = "us-central1" + connection_profile_id = "{{index $.Vars "destination_cp"}}" + display_name = "{{index $.Vars "destination_cp"}}_display" + labels = { + foo = "bar" + } + mysql { + cloud_sql_id = "{{index $.Vars "destination_csql"}}" + } + depends_on = [google_sql_database_instance.destination_csql] +} + +resource "google_compute_network" "default" { + name = "{{index $.Vars "destination_csql"}}" +} + +resource "google_database_migration_service_migration_job" "{{$.PrimaryResourceId}}" { + location = "us-central1" + migration_job_id = "{{index $.Vars "migration_id"}}" + display_name = "{{index $.Vars "migration_id"}}_display" + labels = { + foo = "bar" + } + performance_config { + dump_parallel_level = "MAX" + } + vpc_peering_connectivity { + vpc = google_compute_network.default.id + } + dump_type = "LOGICAL" + dump_flags { + dump_flags { + name = "max-allowed-packet" + value = "1073741824" + } + } + source = google_database_migration_service_connection_profile.source_cp.name + destination = google_database_migration_service_connection_profile.destination_cp.name + type = "CONTINUOUS" +} + + + diff --git a/mmv1/templates/terraform/examples/go/database_migration_service_migration_job_postgres_to_alloydb.tf.tmpl b/mmv1/templates/terraform/examples/go/database_migration_service_migration_job_postgres_to_alloydb.tf.tmpl new file mode 100644 index 000000000000..4420388f858d --- /dev/null +++ b/mmv1/templates/terraform/examples/go/database_migration_service_migration_job_postgres_to_alloydb.tf.tmpl @@ -0,0 +1,120 @@ +data "google_project" "project" { +} + +resource "google_sql_database_instance" "source_csql" { + name = "{{index $.Vars "source_csql"}}" + database_version = "POSTGRES_15" + settings { + tier = "db-custom-2-13312" + deletion_protection_enabled = false + } + deletion_protection = false +} + +resource "google_sql_ssl_cert" "source_sql_client_cert" { + common_name = "{{index $.Vars "source_sqldb_cert"}}" + instance = google_sql_database_instance.source_csql.name + + depends_on = [google_sql_database_instance.source_csql] +} + +resource "google_sql_user" "source_sqldb_user" { + name = "{{index $.Vars "source_sqldb_user"}}" + instance = google_sql_database_instance.source_csql.name + password = "{{index $.Vars "source_sqldb_pass"}}" + + depends_on = [google_sql_ssl_cert.source_sql_client_cert] +} + +resource "google_database_migration_service_connection_profile" "source_cp" { + location = "us-central1" + connection_profile_id = "{{index $.Vars "source_cp"}}" + display_name = "{{index $.Vars "source_cp"}}_display" + labels = { + foo = "bar" + } + postgresql { + host = google_sql_database_instance.source_csql.ip_address.0.ip_address + port = 3306 + username = google_sql_user.source_sqldb_user.name + password = google_sql_user.source_sqldb_user.password + ssl { + client_key = google_sql_ssl_cert.source_sql_client_cert.private_key + client_certificate = google_sql_ssl_cert.source_sql_client_cert.cert + ca_certificate = google_sql_ssl_cert.source_sql_client_cert.server_ca_cert + } + cloud_sql_id = "{{index $.Vars "source_csql"}}" + } + + depends_on = [google_sql_user.source_sqldb_user] +} + +resource "google_alloydb_cluster" "destination_alloydb" { + cluster_id = "{{index $.Vars "destination_alloydb"}}" + location = "us-central1" + network_config { + network = google_compute_network.default.id + } + database_version = "POSTGRES_15" + + initial_user { + user = "{{index $.Vars "destination_alloydb"}}" + password = "{{index $.Vars "destination_alloydb"}}" + } +} + +resource "google_alloydb_instance" "destination_alloydb_primary" { + cluster = google_alloydb_cluster.destination_alloydb.name + instance_id = "{{index $.Vars "destination_alloydb"}}-primary" + instance_type = "PRIMARY" + + depends_on = [google_service_networking_connection.vpc_connection] +} + +resource "google_compute_global_address" "private_ip_alloc" { + name = "{{index $.Vars "destination_alloydb"}}" + address_type = "INTERNAL" + purpose = "VPC_PEERING" + prefix_length = 16 + network = google_compute_network.default.id +} + +resource "google_service_networking_connection" "vpc_connection" { + network = google_compute_network.default.id + service = "servicenetworking.googleapis.com" + reserved_peering_ranges = [google_compute_global_address.private_ip_alloc.name] +} + +resource "google_compute_network" "default" { + name = "{{index $.Vars "destination_alloydb"}}" +} + +resource "google_database_migration_service_connection_profile" "destination_cp" { + location = "us-central1" + connection_profile_id = "{{index $.Vars "destination_cp"}}" + display_name = "{{index $.Vars "destination_cp"}}_display" + labels = { + foo = "bar" + } + postgresql { + alloydb_cluster_id = "{{index $.Vars "destination_alloydb"}}" + } + depends_on = [google_alloydb_cluster.destination_alloydb, google_alloydb_instance.destination_alloydb_primary] +} + +resource "google_database_migration_service_migration_job" "{{$.PrimaryResourceId}}" { + location = "us-central1" + migration_job_id = "{{index $.Vars "migration_id"}}" + display_name = "{{index $.Vars "migration_id"}}_display" + labels = { + foo = "bar" + } + static_ip_connectivity { + } + source = google_database_migration_service_connection_profile.source_cp.name + destination = google_database_migration_service_connection_profile.destination_cp.name + type = "CONTINUOUS" +} + + + diff --git a/mmv1/templates/terraform/examples/go/database_migration_service_migration_job_postgres_to_postgres.tf.tmpl b/mmv1/templates/terraform/examples/go/database_migration_service_migration_job_postgres_to_postgres.tf.tmpl new file mode 100644 index 000000000000..fa3d5885adfd --- /dev/null +++ b/mmv1/templates/terraform/examples/go/database_migration_service_migration_job_postgres_to_postgres.tf.tmpl @@ -0,0 +1,90 @@ +data "google_project" "project" { +} + +resource "google_sql_database_instance" "source_csql" { + name = "{{index $.Vars "source_csql"}}" + database_version = "POSTGRES_15" + settings { + tier = "db-custom-2-13312" + deletion_protection_enabled = false + } + deletion_protection = false +} + +resource "google_sql_ssl_cert" "source_sql_client_cert" { + common_name = "{{index $.Vars "source_sqldb_cert"}}" + instance = google_sql_database_instance.source_csql.name + + depends_on = [google_sql_database_instance.source_csql] +} + +resource "google_sql_user" "source_sqldb_user" { + name = "{{index $.Vars "source_sqldb_user"}}" + instance = google_sql_database_instance.source_csql.name + password = "{{index $.Vars "source_sqldb_pass"}}" + + depends_on = [google_sql_ssl_cert.source_sql_client_cert] +} + +resource "google_database_migration_service_connection_profile" "source_cp" { + location = "us-central1" + connection_profile_id = "{{index $.Vars "source_cp"}}" + display_name = "{{index $.Vars "source_cp"}}_display" + labels = { + foo = "bar" + } + postgresql { + host = google_sql_database_instance.source_csql.ip_address.0.ip_address + port = 3306 + username = google_sql_user.source_sqldb_user.name + password = google_sql_user.source_sqldb_user.password + ssl { + client_key = google_sql_ssl_cert.source_sql_client_cert.private_key + client_certificate = google_sql_ssl_cert.source_sql_client_cert.cert + ca_certificate = google_sql_ssl_cert.source_sql_client_cert.server_ca_cert + } + cloud_sql_id = "{{index $.Vars "source_csql"}}" + } + + depends_on = [google_sql_user.source_sqldb_user] +} + +resource "google_sql_database_instance" "destination_csql" { + name = "{{index $.Vars "destination_csql"}}" + database_version = "POSTGRES_15" + settings { + tier = "db-custom-2-13312" + deletion_protection_enabled = false + } + deletion_protection = false +} + +resource "google_database_migration_service_connection_profile" "destination_cp" { + location = "us-central1" + connection_profile_id = "{{index $.Vars "destination_cp"}}" + display_name = "{{index $.Vars "destination_cp"}}_display" + labels = { + foo = "bar" + } + postgresql { + cloud_sql_id = "{{index $.Vars "destination_csql"}}" + } + depends_on = [google_sql_database_instance.destination_csql] +} + +resource "google_database_migration_service_migration_job" "{{$.PrimaryResourceId}}" { + location = "us-central1" + migration_job_id = "{{index $.Vars "migration_id"}}" + display_name = "{{index $.Vars "migration_id"}}_display" + labels = { + foo = "bar" + } + static_ip_connectivity { + } + source = google_database_migration_service_connection_profile.source_cp.name + destination = google_database_migration_service_connection_profile.destination_cp.name + type = "CONTINUOUS" +} + + + diff --git a/mmv1/templates/terraform/examples/go/discoveryengine_targetsite_advanced.tf.tmpl b/mmv1/templates/terraform/examples/go/discoveryengine_targetsite_advanced.tf.tmpl new file mode 100644 index 000000000000..990d39321e19 --- /dev/null +++ b/mmv1/templates/terraform/examples/go/discoveryengine_targetsite_advanced.tf.tmpl @@ -0,0 +1,18 @@ +resource "google_discovery_engine_target_site" "advanced" { + location = google_discovery_engine_data_store.advanced.location + data_store_id = google_discovery_engine_data_store.advanced.data_store_id + provided_uri_pattern = "http://cloud.google.com/docs/*" + type = "INCLUDE" + exact_match = false +} + +resource "google_discovery_engine_data_store" "advanced" { + location = "global" + data_store_id = "{{index $.Vars "data_store_id"}}" + display_name = "tf-test-advanced-site-search-datastore" + industry_vertical = "GENERIC" + content_config = "PUBLIC_WEBSITE" + solution_types = ["SOLUTION_TYPE_SEARCH"] + create_advanced_site_search = true + skip_default_schema_creation = false +} \ No newline at end of file diff --git a/mmv1/templates/terraform/examples/go/discoveryengine_targetsite_basic.tf.tmpl b/mmv1/templates/terraform/examples/go/discoveryengine_targetsite_basic.tf.tmpl new file mode 100644 index 000000000000..ae7241ac7c86 --- /dev/null +++ b/mmv1/templates/terraform/examples/go/discoveryengine_targetsite_basic.tf.tmpl @@ -0,0 +1,18 @@ +resource "google_discovery_engine_target_site" "basic" { + location = google_discovery_engine_data_store.basic.location + data_store_id = google_discovery_engine_data_store.basic.data_store_id + provided_uri_pattern = "http://cloud.google.com/docs/*" + type = "INCLUDE" + exact_match = false +} + +resource "google_discovery_engine_data_store" "basic" { + location = "global" + data_store_id = "{{index $.Vars "data_store_id"}}" + display_name = "tf-test-basic-site-search-datastore" + industry_vertical = "GENERIC" + content_config = "PUBLIC_WEBSITE" + solution_types = ["SOLUTION_TYPE_SEARCH"] + create_advanced_site_search = false + skip_default_schema_creation = false +} \ No newline at end of file diff --git a/mmv1/templates/terraform/examples/go/healthcare_workspace_basic.tf.tmpl b/mmv1/templates/terraform/examples/go/healthcare_workspace_basic.tf.tmpl new file mode 100644 index 000000000000..8dee100b776a --- /dev/null +++ b/mmv1/templates/terraform/examples/go/healthcare_workspace_basic.tf.tmpl @@ -0,0 +1,18 @@ +resource "google_healthcare_workspace" "{{$.PrimaryResourceId}}" { + name = "{{index $.Vars "workspace_name"}}" + dataset = google_healthcare_dataset.dataset.id + + settings { + data_project_ids = ["{{index $.Vars "source_project_id"}}"] + } + + labels = { + label1 = "labelvalue1" + } +} + + +resource "google_healthcare_dataset" "dataset" { + name = "{{index $.Vars "dataset_name"}}" + location = "us-central1" +} \ No newline at end of file diff --git a/mmv1/templates/terraform/examples/go/regional_secret_config_basic.tf.tmpl b/mmv1/templates/terraform/examples/go/regional_secret_config_basic.tf.tmpl new file mode 100644 index 000000000000..9b6f09711d16 --- /dev/null +++ b/mmv1/templates/terraform/examples/go/regional_secret_config_basic.tf.tmpl @@ -0,0 +1,14 @@ +resource "google_secret_manager_regional_secret" "{{$.PrimaryResourceId}}" { + secret_id = "{{index $.Vars "secret_id"}}" + location = "us-central1" + + labels = { + label = "my-label" + } + + annotations = { + key1 = "value1", + key2 = "value2", + key3 = "value3" + } +} diff --git a/mmv1/templates/terraform/examples/go/regional_secret_with_cmek.tf.tmpl b/mmv1/templates/terraform/examples/go/regional_secret_with_cmek.tf.tmpl new file mode 100644 index 000000000000..23c8fde37e7c --- /dev/null +++ b/mmv1/templates/terraform/examples/go/regional_secret_with_cmek.tf.tmpl @@ -0,0 +1,18 @@ +data "google_project" "project" {} + +resource "google_kms_crypto_key_iam_member" "kms-secret-binding" { + crypto_key_id = "{{index $.Vars "kms_key_name"}}" + role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" + member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com" +} + +resource "google_secret_manager_regional_secret" "{{$.PrimaryResourceId}}" { + secret_id = "{{index $.Vars "secret_id"}}" + location = "us-central1" + + customer_managed_encryption { + kms_key_name = "{{index $.Vars "kms_key_name"}}" + } + + depends_on = [ google_kms_crypto_key_iam_member.kms-secret-binding ] +} diff --git a/mmv1/templates/terraform/examples/go/regional_secret_with_expire_time.tf.tmpl b/mmv1/templates/terraform/examples/go/regional_secret_with_expire_time.tf.tmpl new file mode 100644 index 000000000000..c4c501d09821 --- /dev/null +++ b/mmv1/templates/terraform/examples/go/regional_secret_with_expire_time.tf.tmpl @@ -0,0 +1,16 @@ +resource "google_secret_manager_regional_secret" "{{$.PrimaryResourceId}}" { + secret_id = "{{index $.Vars "secret_id"}}" + location = "us-central1" + + labels = { + label = "my-label" + } + + annotations = { + key1 = "value1", + key2 = "value2", + key3 = "value3" + } + + expire_time = "{{index $.Vars "timestamp"}}" +} diff --git a/mmv1/templates/terraform/examples/go/regional_secret_with_rotation.tf.tmpl b/mmv1/templates/terraform/examples/go/regional_secret_with_rotation.tf.tmpl new file mode 100644 index 000000000000..f8c7485a05b8 --- /dev/null +++ b/mmv1/templates/terraform/examples/go/regional_secret_with_rotation.tf.tmpl @@ -0,0 +1,29 @@ +data "google_project" "project" {} + +resource "google_pubsub_topic" "topic" { + name = "{{index $.Vars "topic_id"}}" +} + +resource "google_pubsub_topic_iam_member" "secrets_manager_access" { + topic = google_pubsub_topic.topic.name + role = "roles/pubsub.publisher" + member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com" +} + +resource "google_secret_manager_regional_secret" "{{$.PrimaryResourceId}}" { + secret_id = "{{index $.Vars "secret_id"}}" + location = "us-central1" + + topics { + name = google_pubsub_topic.topic.id + } + + rotation { + rotation_period = "3600s" + next_rotation_time = "{{index $.Vars "timestamp"}}" + } + + depends_on = [ + google_pubsub_topic_iam_member.secrets_manager_access, + ] +} diff --git a/mmv1/templates/terraform/examples/go/regional_secret_with_ttl.tf.tmpl b/mmv1/templates/terraform/examples/go/regional_secret_with_ttl.tf.tmpl new file mode 100644 index 000000000000..0b5781646ef5 --- /dev/null +++ b/mmv1/templates/terraform/examples/go/regional_secret_with_ttl.tf.tmpl @@ -0,0 +1,16 @@ +resource "google_secret_manager_regional_secret" "{{$.PrimaryResourceId}}" { + secret_id = "{{index $.Vars "secret_id"}}" + location = "us-central1" + + labels = { + label = "my-label" + } + + annotations = { + key1 = "value1", + key2 = "value2", + key3 = "value3" + } + + ttl = "36000s" +} diff --git a/mmv1/templates/terraform/examples/go/regional_secret_with_version_destroy_ttl.tf.tmpl b/mmv1/templates/terraform/examples/go/regional_secret_with_version_destroy_ttl.tf.tmpl new file mode 100644 index 000000000000..2863feb442bd --- /dev/null +++ b/mmv1/templates/terraform/examples/go/regional_secret_with_version_destroy_ttl.tf.tmpl @@ -0,0 +1,16 @@ +resource "google_secret_manager_regional_secret" "{{$.PrimaryResourceId}}" { + secret_id = "{{index $.Vars "secret_id"}}" + location = "us-central1" + + labels = { + label = "my-label" + } + + annotations = { + key1 = "value1", + key2 = "value2", + key3 = "value3" + } + + version_destroy_ttl = "86400s" +} diff --git a/mmv1/templates/terraform/examples/go/scc_folder_big_query_export_config_basic.tf.tmpl b/mmv1/templates/terraform/examples/go/scc_folder_big_query_export_config_basic.tf.tmpl new file mode 100644 index 000000000000..f2b22fa160fc --- /dev/null +++ b/mmv1/templates/terraform/examples/go/scc_folder_big_query_export_config_basic.tf.tmpl @@ -0,0 +1,31 @@ +resource "google_folder" "folder" { + parent = "organizations/{{index $.TestEnvVars "org_id"}}" + display_name = "{{index $.Vars "folder_display_name"}}" + + deletion_protection = false +} + +resource "google_bigquery_dataset" "default" { + dataset_id = "{{index $.Vars "dataset_id"}}" + friendly_name = "test" + description = "This is a test description" + location = "US" + default_table_expiration_ms = 3600000 + default_partition_expiration_ms = null + + labels = { + env = "default" + } + + lifecycle { + ignore_changes = [default_partition_expiration_ms] + } +} + +resource "google_scc_folder_scc_big_query_export" "{{$.PrimaryResourceId}}" { + big_query_export_id = "{{index $.Vars "big_query_export_id"}}" + folder = google_folder.folder.folder_id + dataset = google_bigquery_dataset.default.id + description = "Cloud Security Command Center Findings Big Query Export Config" + filter = "state=\"ACTIVE\" AND NOT mute=\"MUTED\"" +} diff --git a/mmv1/templates/terraform/examples/go/scc_organization_big_query_export_config_basic.tf.tmpl b/mmv1/templates/terraform/examples/go/scc_organization_big_query_export_config_basic.tf.tmpl new file mode 100644 index 000000000000..dbde1f75982d --- /dev/null +++ b/mmv1/templates/terraform/examples/go/scc_organization_big_query_export_config_basic.tf.tmpl @@ -0,0 +1,25 @@ +resource "google_bigquery_dataset" "default" { + dataset_id = "{{index $.Vars "dataset_id"}}" + friendly_name = "test" + description = "This is a test description" + location = "US" + default_table_expiration_ms = 3600000 + default_partition_expiration_ms = null + + labels = { + env = "default" + } + + lifecycle { + ignore_changes = [default_partition_expiration_ms] + } +} + +resource "google_scc_organization_scc_big_query_export" "{{$.PrimaryResourceId}}" { + name = "{{index $.Vars "name"}}" + big_query_export_id = "{{index $.Vars "big_query_export_id"}}" + organization = "{{index $.TestEnvVars "org_id"}}" + dataset = google_bigquery_dataset.default.id + description = "Cloud Security Command Center Findings Big Query Export Config" + filter = "state=\"ACTIVE\" AND NOT mute=\"MUTED\"" +} diff --git a/mmv1/templates/terraform/examples/go/scc_project_big_query_export_config_basic.tf.tmpl b/mmv1/templates/terraform/examples/go/scc_project_big_query_export_config_basic.tf.tmpl new file mode 100644 index 000000000000..3a955741020b --- /dev/null +++ b/mmv1/templates/terraform/examples/go/scc_project_big_query_export_config_basic.tf.tmpl @@ -0,0 +1,25 @@ +resource "google_bigquery_dataset" "default" { + dataset_id = "{{index $.Vars "dataset_id"}}" + friendly_name = "test" + description = "This is a test description" + location = "US" + default_table_expiration_ms = 3600000 + default_partition_expiration_ms = null + + labels = { + env = "default" + } + + lifecycle { + ignore_changes = [default_partition_expiration_ms] + } +} + +resource "google_scc_project_scc_big_query_export" "{{$.PrimaryResourceId}}" { + name = "{{index $.Vars "name"}}" + big_query_export_id = "{{index $.Vars "big_query_export_id"}}" + project = "{{index $.TestEnvVars "project"}}" + dataset = google_bigquery_dataset.default.id + description = "Cloud Security Command Center Findings Big Query Export Config" + filter = "state=\"ACTIVE\" AND NOT mute=\"MUTED\"" +} diff --git a/mmv1/templates/terraform/examples/go/secure_source_manager_instance_basic.tf.tmpl b/mmv1/templates/terraform/examples/go/secure_source_manager_instance_basic.tf.tmpl index 90f296e2a678..d00c77bcb263 100644 --- a/mmv1/templates/terraform/examples/go/secure_source_manager_instance_basic.tf.tmpl +++ b/mmv1/templates/terraform/examples/go/secure_source_manager_instance_basic.tf.tmpl @@ -4,4 +4,9 @@ resource "google_secure_source_manager_instance" "{{$.PrimaryResourceId}}" { labels = { "foo" = "bar" } + + # Prevent accidental deletions. + lifecycle { + prevent_destroy = "{{index $.Vars "prevent_destroy"}}" + } } diff --git a/mmv1/templates/terraform/examples/go/secure_source_manager_instance_cmek.tf.tmpl b/mmv1/templates/terraform/examples/go/secure_source_manager_instance_cmek.tf.tmpl index 2f75a5c03420..0cfbace45e3c 100644 --- a/mmv1/templates/terraform/examples/go/secure_source_manager_instance_cmek.tf.tmpl +++ b/mmv1/templates/terraform/examples/go/secure_source_manager_instance_cmek.tf.tmpl @@ -23,6 +23,11 @@ resource "google_secure_source_manager_instance" "{{$.PrimaryResourceId}}" { depends_on = [ google_kms_crypto_key_iam_member.crypto_key_binding ] + + # Prevent accidental deletions. + lifecycle { + prevent_destroy = "{{index $.Vars "prevent_destroy"}}" + } } data "google_project" "project" {} \ No newline at end of file diff --git a/mmv1/templates/terraform/examples/go/secure_source_manager_instance_private.tf.tmpl b/mmv1/templates/terraform/examples/go/secure_source_manager_instance_private.tf.tmpl index e6509f48ea09..d4f1df7b60bd 100644 --- a/mmv1/templates/terraform/examples/go/secure_source_manager_instance_private.tf.tmpl +++ b/mmv1/templates/terraform/examples/go/secure_source_manager_instance_private.tf.tmpl @@ -60,6 +60,12 @@ resource "google_secure_source_manager_instance" "{{$.PrimaryResourceId}}" { is_private = true ca_pool = google_privateca_ca_pool.ca_pool.id } + + # Prevent accidental deletions. + lifecycle { + prevent_destroy = "{{index $.Vars "prevent_destroy"}}" + } + depends_on = [ google_privateca_certificate_authority.root_ca, time_sleep.wait_120_seconds diff --git a/mmv1/templates/terraform/examples/go/secure_source_manager_instance_private_psc_backend.tf.tmpl b/mmv1/templates/terraform/examples/go/secure_source_manager_instance_private_psc_backend.tf.tmpl index fba2c6ec4757..db941e7fe8ed 100644 --- a/mmv1/templates/terraform/examples/go/secure_source_manager_instance_private_psc_backend.tf.tmpl +++ b/mmv1/templates/terraform/examples/go/secure_source_manager_instance_private_psc_backend.tf.tmpl @@ -63,6 +63,12 @@ resource "google_secure_source_manager_instance" "{{$.PrimaryResourceId}}" { is_private = true ca_pool = google_privateca_ca_pool.ca_pool.id } + + # Prevent accidental deletions. + lifecycle { + prevent_destroy = "{{index $.Vars "prevent_destroy"}}" + } + depends_on = [ google_privateca_certificate_authority.root_ca, time_sleep.wait_120_seconds diff --git a/mmv1/templates/terraform/examples/go/secure_source_manager_instance_private_psc_endpoint.tf.tmpl b/mmv1/templates/terraform/examples/go/secure_source_manager_instance_private_psc_endpoint.tf.tmpl index 670b709ed73a..167222bde11d 100644 --- a/mmv1/templates/terraform/examples/go/secure_source_manager_instance_private_psc_endpoint.tf.tmpl +++ b/mmv1/templates/terraform/examples/go/secure_source_manager_instance_private_psc_endpoint.tf.tmpl @@ -63,6 +63,12 @@ resource "google_secure_source_manager_instance" "{{$.PrimaryResourceId}}" { is_private = true ca_pool = google_privateca_ca_pool.ca_pool.id } + + # Prevent accidental deletions. + lifecycle { + prevent_destroy = "{{index $.Vars "prevent_destroy"}}" + } + depends_on = [ google_privateca_certificate_authority.root_ca, time_sleep.wait_120_seconds diff --git a/mmv1/templates/terraform/examples/go/secure_source_manager_repository_basic.tf.tmpl b/mmv1/templates/terraform/examples/go/secure_source_manager_repository_basic.tf.tmpl index fc410d2d0d58..ac62f0cffcd4 100644 --- a/mmv1/templates/terraform/examples/go/secure_source_manager_repository_basic.tf.tmpl +++ b/mmv1/templates/terraform/examples/go/secure_source_manager_repository_basic.tf.tmpl @@ -1,10 +1,20 @@ resource "google_secure_source_manager_instance" "instance" { location = "us-central1" instance_id = "{{index $.Vars "instance_id"}}" + + # Prevent accidental deletions. + lifecycle { + prevent_destroy = "{{index $.Vars "prevent_destroy"}}" + } } resource "google_secure_source_manager_repository" "{{$.PrimaryResourceId}}" { location = "us-central1" repository_id = "{{index $.Vars "repository_id"}}" instance = google_secure_source_manager_instance.instance.name + + # Prevent accidental deletions. + lifecycle { + prevent_destroy = "{{index $.Vars "prevent_destroy"}}" + } } diff --git a/mmv1/templates/terraform/examples/go/secure_source_manager_repository_initial_config.tf.tmpl b/mmv1/templates/terraform/examples/go/secure_source_manager_repository_initial_config.tf.tmpl index 969a25833002..b3b54bfdd790 100644 --- a/mmv1/templates/terraform/examples/go/secure_source_manager_repository_initial_config.tf.tmpl +++ b/mmv1/templates/terraform/examples/go/secure_source_manager_repository_initial_config.tf.tmpl @@ -1,6 +1,11 @@ resource "google_secure_source_manager_instance" "instance" { location = "us-central1" instance_id = "{{index $.Vars "instance_id"}}" + + # For preventing accidental deletions + lifecycle { + prevent_destroy = "{{index $.Vars "prevent_destroy"}}" + } } resource "google_secure_source_manager_repository" "{{$.PrimaryResourceId}}" { @@ -15,4 +20,9 @@ resource "google_secure_source_manager_repository" "{{$.PrimaryResourceId}}" { license = "mit" readme = "default" } + + # Prevent accidental deletions. + lifecycle { + prevent_destroy = "{{index $.Vars "prevent_destroy"}}" + } } diff --git a/mmv1/templates/terraform/examples/go/site_verification_domain_record.tf.tmpl b/mmv1/templates/terraform/examples/go/site_verification_domain_record.tf.tmpl new file mode 100644 index 000000000000..9fad84824bee --- /dev/null +++ b/mmv1/templates/terraform/examples/go/site_verification_domain_record.tf.tmpl @@ -0,0 +1,23 @@ +data "google_site_verification_token" "token" { + type = "INET_DOMAIN" + identifier = "{{index $.Vars "domain"}}" + verification_method = "DNS_TXT" +} + +resource "google_dns_record_set" "example" { + managed_zone = "{{index $.Vars "managed_zone"}}" + name = "{{index $.Vars "dns_name"}}" + type = "TXT" + rrdatas = [data.google_site_verification_token.token.token] + ttl = 86400 +} + +resource "google_site_verification_web_resource" "{{$.PrimaryResourceId}}" { + site { + type = data.google_site_verification_token.token.type + identifier = data.google_site_verification_token.token.identifier + } + verification_method = data.google_site_verification_token.token.verification_method + + depends_on = [google_dns_record_set.example] +} diff --git a/mmv1/templates/terraform/iam/example_config_body/go/secret_manager_regional_secret.tf.tmpl b/mmv1/templates/terraform/iam/example_config_body/go/secret_manager_regional_secret.tf.tmpl new file mode 100644 index 000000000000..fc10adcc521c --- /dev/null +++ b/mmv1/templates/terraform/iam/example_config_body/go/secret_manager_regional_secret.tf.tmpl @@ -0,0 +1,4 @@ + + project = google_secret_manager_regional_secret.regional-secret-basic.project + location = google_secret_manager_regional_secret.regional-secret-basic.location + secret_id = google_secret_manager_regional_secret.regional-secret-basic.secret_id diff --git a/mmv1/templates/terraform/iam/example_config_body/secret_manager_regional_secret.tf.erb b/mmv1/templates/terraform/iam/example_config_body/secret_manager_regional_secret.tf.erb index 324d07d37a8d..fc10adcc521c 100644 --- a/mmv1/templates/terraform/iam/example_config_body/secret_manager_regional_secret.tf.erb +++ b/mmv1/templates/terraform/iam/example_config_body/secret_manager_regional_secret.tf.erb @@ -1,3 +1,4 @@ + project = google_secret_manager_regional_secret.regional-secret-basic.project location = google_secret_manager_regional_secret.regional-secret-basic.location secret_id = google_secret_manager_regional_secret.regional-secret-basic.secret_id diff --git a/mmv1/templates/terraform/post_create/go/resource_compute_firewall_policy_with_rules.go.tmpl b/mmv1/templates/terraform/post_create/go/resource_compute_firewall_policy_with_rules.go.tmpl new file mode 100644 index 000000000000..399d97ec29fb --- /dev/null +++ b/mmv1/templates/terraform/post_create/go/resource_compute_firewall_policy_with_rules.go.tmpl @@ -0,0 +1,56 @@ +parent := d.Get("parent").(string) +var opRes map[string]interface{} +err = ComputeOrgOperationWaitTimeWithResponse( + config, res, &opRes, parent, "Creating FirewallPolicy", userAgent, + d.Timeout(schema.TimeoutCreate)) + +if err != nil { + // The resource didn't actually create + d.SetId("") + return fmt.Errorf("Error waiting to create FirewallPolicy: %s", err) +} + +policyId, ok := opRes["targetId"] +if !ok { + return fmt.Errorf("Create response didn't contain targetId. Create may not have succeeded.") +} +if err := d.Set("policy_id", policyId.(string)); err != nil { + return fmt.Errorf("Error setting policy_id: %s", err) +} + +// Store the ID now. +id, err = tpgresource.ReplaceVars(d, config, "locations/global/firewallPolicies/{{"{{"}}policy_id{{"}}"}}") +if err != nil { + return fmt.Errorf("Error constructing id: %s", err) +} +d.SetId(id) + +url, err = tpgresource.ReplaceVarsForId(d, config, "{{"{{"}}ComputeBasePath{{"}}"}}locations/global/firewallPolicies/{{"{{"}}policy_id{{"}}"}}") +if err != nil { + return err +} + +headers = make(http.Header) +res, err = transport_tpg.SendRequest(transport_tpg.SendRequestOptions{ + Config: config, + Method: "GET", + Project: billingProject, + RawURL: url, + UserAgent: userAgent, + Headers: headers, +}) +if err != nil { + return transport_tpg.HandleNotFoundError(err, d, fmt.Sprintf("ComputeFirewallPolicyWithRules %q", d.Id())) +} + +if err := d.Set("fingerprint", flattenComputeFirewallPolicyWithRulesFingerprint(res["fingerprint"], d, config)); err != nil { + return fmt.Errorf("Error reading FirewallPolicyWithRules: %s", err) +} + +res, err = resourceComputeFirewallPolicyWithRulesDecoder(d, meta, res) +if err != nil { + return err +} + +log.Printf("[DEBUG] Updating FirewallPolicyWithRules %q", d.Id()) +return resourceComputeFirewallPolicyWithRulesUpdate(d, meta) diff --git a/mmv1/templates/terraform/post_delete/go/resource_compute_firewall_policy_with_rules.go.tmpl b/mmv1/templates/terraform/post_delete/go/resource_compute_firewall_policy_with_rules.go.tmpl new file mode 100644 index 000000000000..7aafd3d08c77 --- /dev/null +++ b/mmv1/templates/terraform/post_delete/go/resource_compute_firewall_policy_with_rules.go.tmpl @@ -0,0 +1,10 @@ +parent := d.Get("parent").(string) +var opRes map[string]interface{} +err = ComputeOrgOperationWaitTimeWithResponse( + config, res, &opRes, parent, "Deleting FirewallPolicy", userAgent, + d.Timeout(schema.TimeoutCreate)) + +if err != nil { + // The resource didn't actually delete + return fmt.Errorf("Error waiting to delete FirewallPolicy: %s", err) +} diff --git a/mmv1/templates/terraform/post_update/go/resource_compute_firewall_policy_with_rules.go.tmpl b/mmv1/templates/terraform/post_update/go/resource_compute_firewall_policy_with_rules.go.tmpl new file mode 100644 index 000000000000..e2f74c48342f --- /dev/null +++ b/mmv1/templates/terraform/post_update/go/resource_compute_firewall_policy_with_rules.go.tmpl @@ -0,0 +1,10 @@ +parent := d.Get("parent").(string) +var opRes map[string]interface{} +err = ComputeOrgOperationWaitTimeWithResponse( + config, res, &opRes, parent, "Updating FirewallPolicy", userAgent, +d.Timeout(schema.TimeoutCreate)) + +if err != nil { + // The resource didn't actually update + return fmt.Errorf("Error waiting to update FirewallPolicy: %s", err) +} diff --git a/mmv1/templates/terraform/pre_update/go/secret_manager_regional_secret.go.tmpl b/mmv1/templates/terraform/pre_update/go/secret_manager_regional_secret.go.tmpl new file mode 100644 index 000000000000..d8e8c9875701 --- /dev/null +++ b/mmv1/templates/terraform/pre_update/go/secret_manager_regional_secret.go.tmpl @@ -0,0 +1,16 @@ +{{/* + The license inside this block applies to this file + Copyright 2024 Google Inc. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ -}} +// As the API expects only one of ttl or expireTime +if d.HasChange("ttl") && !d.HasChange("expire_time") { + delete(obj, "expireTime") +} diff --git a/mmv1/templates/terraform/update_encoder/go/resource_compute_firewall_policy_with_rules.go.tmpl b/mmv1/templates/terraform/update_encoder/go/resource_compute_firewall_policy_with_rules.go.tmpl new file mode 100644 index 000000000000..1e3c847c6c09 --- /dev/null +++ b/mmv1/templates/terraform/update_encoder/go/resource_compute_firewall_policy_with_rules.go.tmpl @@ -0,0 +1,11 @@ +config := meta.(*transport_tpg.Config) + +predefinedRulesProp, err := expandComputeFirewallPolicyWithRulesRule(d.Get("predefined_rules"), d, config) +if err != nil { + return nil, err +} + +rules := obj["rules"].([]interface{}) +obj["rules"] = append(rules, predefinedRulesProp) + +return obj, nil diff --git a/mmv1/templates/terraform/yaml_conversion_field.erb b/mmv1/templates/terraform/yaml_conversion_field.erb index 386ddcd7932e..b0d9ad2edb6b 100644 --- a/mmv1/templates/terraform/yaml_conversion_field.erb +++ b/mmv1/templates/terraform/yaml_conversion_field.erb @@ -242,7 +242,7 @@ <% end -%> <% end -%> <% unless property.skip_docs_values.nil? -%> - skip_docs_values: <%= property.skip_docs_values %> + exclude_docs_values: <%= property.skip_docs_values %> <% end -%> <% end -%> <% if property.is_a?(Api::Type::Map) -%> diff --git a/mmv1/third_party/terraform/fwprovider/go/framework_provider_test.go.tmpl b/mmv1/third_party/terraform/fwprovider/go/framework_provider_test.go.tmpl index 488c19c15632..0a910cabedaf 100644 --- a/mmv1/third_party/terraform/fwprovider/go/framework_provider_test.go.tmpl +++ b/mmv1/third_party/terraform/fwprovider/go/framework_provider_test.go.tmpl @@ -51,12 +51,12 @@ func TestAccFrameworkProviderBasePath_setInvalidBasePath(t *testing.T) { }, }, Config: testAccProviderBasePath_setBasePath("https://www.example.com/compute/beta/", acctest.RandString(t, 10)), - ExpectError: regexp.MustCompile("got HTTP response code 404 with body"), + ExpectError: regexp.MustCompile("got HTTP response code [4-5][0-9]{2} with body"), }, { ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), Config: testAccProviderBasePath_setBasePath("https://www.example.com/compute/beta/", acctest.RandString(t, 10)), - ExpectError: regexp.MustCompile("got HTTP response code 404 with body"), + ExpectError: regexp.MustCompile("got HTTP response code [4-5][0-9]{2} with body"), }, }, }) @@ -283,4 +283,4 @@ func testAccCheckComputeAddressDestroyProducer(t *testing.T) func(s *terraform.S return nil } -} \ No newline at end of file +} diff --git a/mmv1/third_party/terraform/provider/go/provider_mmv1_resources.go.tmpl b/mmv1/third_party/terraform/provider/go/provider_mmv1_resources.go.tmpl index 4409a5ea1b18..3561808e5d8b 100644 --- a/mmv1/third_party/terraform/provider/go/provider_mmv1_resources.go.tmpl +++ b/mmv1/third_party/terraform/provider/go/provider_mmv1_resources.go.tmpl @@ -9,7 +9,6 @@ import ( {{ if eq $.TargetVersionName `ga` }} "github.com/hashicorp/terraform-provider-google/google/services/composer" - "github.com/hashicorp/terraform-provider-google/google/services/siteverification" {{- end }} "github.com/hashicorp/terraform-provider-google/google/services/container" "github.com/hashicorp/terraform-provider-google/google/services/containeraws" diff --git a/mmv1/third_party/terraform/provider/go/provider_test.go.tmpl b/mmv1/third_party/terraform/provider/go/provider_test.go.tmpl index 96a6c3665d29..046e242ae8e7 100644 --- a/mmv1/third_party/terraform/provider/go/provider_test.go.tmpl +++ b/mmv1/third_party/terraform/provider/go/provider_test.go.tmpl @@ -71,7 +71,7 @@ func TestAccProviderBasePath_setInvalidBasePath(t *testing.T) { Steps: []resource.TestStep{ { Config: testAccProviderBasePath_setBasePath("https://www.example.com/compute/beta/", acctest.RandString(t, 10)), - ExpectError: regexp.MustCompile("got HTTP response code 404 with body"), + ExpectError: regexp.MustCompile("got HTTP response code [4-5][0-9]{2} with body"), }, }, }) diff --git a/mmv1/third_party/terraform/services/compute/go/resource_compute_firewall_policy_with_rules_test.go.tmpl b/mmv1/third_party/terraform/services/compute/go/resource_compute_firewall_policy_with_rules_test.go.tmpl new file mode 100644 index 000000000000..ad841a132a2c --- /dev/null +++ b/mmv1/third_party/terraform/services/compute/go/resource_compute_firewall_policy_with_rules_test.go.tmpl @@ -0,0 +1,221 @@ +package compute_test +{{- if ne $.TargetVersionName "ga" }} +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-testing/helper/resource" + + "github.com/hashicorp/terraform-provider-google/google/acctest" + "github.com/hashicorp/terraform-provider-google/google/envvar" +) + +func TestAccComputeFirewallPolicyWithRules_update(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "org_id": envvar.GetTestOrgFromEnv(t), + "random_suffix": acctest.RandString(t, 10), + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t), + CheckDestroy: testAccCheckComputeFirewallPolicyWithRulesDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccComputeFirewallPolicyWithRules_full(context), + }, + { + ResourceName: "google_compute_firewall_policy_with_rules.firewall-policy-with-rules", + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccComputeFirewallPolicyWithRules_update(context), + }, + { + ResourceName: "google_compute_firewall_policy_with_rules.firewall-policy-with-rules", + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func testAccComputeFirewallPolicyWithRules_full(context map[string]interface{}) string { + return acctest.Nprintf(` +data "google_project" "project" { + provider = google-beta +} + +resource "google_compute_firewall_policy_with_rules" "firewall-policy-with-rules" { + short_name = "tf-test-tf-fw-org-policy-with-rules%{random_suffix}" + description = "Terraform test" + parent = "organizations/%{org_id}" + provider = google-beta + + rule { + description = "tcp rule" + priority = 1000 + enable_logging = true + action = "allow" + direction = "EGRESS" + match { + layer4_config { + ip_protocol = "tcp" + ports = [8080, 7070] + } + dest_ip_ranges = ["11.100.0.1/32"] + dest_fqdns = ["www.yyy.com", "www.zzz.com"] + dest_region_codes = ["HK", "IN"] + dest_threat_intelligences = ["iplist-search-engines-crawlers", "iplist-tor-exit-nodes"] + dest_address_groups = [google_network_security_address_group.address_group_1.id] + } + target_resources = ["https://www.googleapis.com/compute/beta/projects/${data.google_project.project.name}/global/networks/default"] + } + rule { + description = "udp rule" + priority = 2000 + enable_logging = false + action = "deny" + direction = "INGRESS" + match { + layer4_config { + ip_protocol = "udp" + } + src_ip_ranges = ["0.0.0.0/0"] + src_fqdns = ["www.abc.com", "www.def.com"] + src_region_codes = ["US", "CA"] + src_threat_intelligences = ["iplist-known-malicious-ips", "iplist-public-clouds"] + src_address_groups = [google_network_security_address_group.address_group_1.id] + } + disabled = true + } + rule { + description = "security profile group rule" + rule_name = "tcp rule" + priority = 3000 + enable_logging = false + action = "apply_security_profile_group" + direction = "INGRESS" + match { + layer4_config { + ip_protocol = "tcp" + } + src_ip_ranges = ["0.0.0.0/0"] + } + target_service_accounts = ["test@google.com"] + security_profile_group = "//networksecurity.googleapis.com/${google_network_security_security_profile_group.security_profile_group_1.id}" + tls_inspect = true + } +} + +resource "google_network_security_address_group" "address_group_1" { + provider = google-beta + name = "tf-test-tf-address-group%{random_suffix}" + parent = "organizations/%{org_id}" + description = "Global address group" + location = "global" + items = ["208.80.154.224/32"] + type = "IPV4" + capacity = 100 +} + +resource "google_network_security_security_profile_group" "security_profile_group_1" { + provider = google-beta + name = "tf-test-tf-security-profile-group%{random_suffix}" + parent = "organizations/%{org_id}" + description = "my description" + threat_prevention_profile = google_network_security_security_profile.security_profile_1.id +} + +resource "google_network_security_security_profile" "security_profile_1" { + provider = google-beta + name = "tf-test-tf-security-profile%{random_suffix}" + type = "THREAT_PREVENTION" + parent = "organizations/%{org_id}" + location = "global" +} +`, context) +} + +func testAccComputeFirewallPolicyWithRules_update(context map[string]interface{}) string { + return acctest.Nprintf(` +data "google_project" "project" { + provider = google-beta +} + +resource "google_compute_firewall_policy_with_rules" "firewall-policy-with-rules" { + short_name = "tf-test-tf-fw-org-policy-with-rules%{random_suffix}" + description = "Terraform test - update" + parent = "organizations/%{org_id}" + provider = google-beta + + rule { + description = "tcp rule - update" + rule_name = "udp rule" + priority = 1000 + enable_logging = false + action = "deny" + direction = "INGRESS" + match { + layer4_config { + ip_protocol = "udp" + ports = [8080] + } + src_ip_ranges = ["11.100.0.1/32", "0.0.0.0/0"] + src_fqdns = ["www.yyy.com"] + src_region_codes = ["HK"] + src_threat_intelligences = ["iplist-search-engines-crawlers"] + } + } + rule { + description = "udp rule" + priority = 3000 + enable_logging = false + action = "deny" + direction = "INGRESS" + match { + layer4_config { + ip_protocol = "all" + } + src_ip_ranges = ["0.0.0.0/0"] + src_fqdns = ["www.abc.com", "www.xyz.com"] + src_region_codes = ["US", "CA", "FR"] + src_threat_intelligences = ["iplist-known-malicious-ips", "iplist-public-clouds"] + src_address_groups = [google_network_security_address_group.address_group_1.id] + } + disabled = false + } +} + +resource "google_network_security_address_group" "address_group_1" { + provider = google-beta + name = "tf-test-tf-address-group%{random_suffix}" + parent = "organizations/%{org_id}" + description = "Global address group" + location = "global" + items = ["208.80.154.224/32"] + type = "IPV4" + capacity = 100 +} + +resource "google_network_security_security_profile_group" "security_profile_group_1" { + provider = google-beta + name = "tf-test-tf-security-profile-group%{random_suffix}" + parent = "organizations/%{org_id}" + description = "my description" + threat_prevention_profile = google_network_security_security_profile.security_profile_1.id +} + +resource "google_network_security_security_profile" "security_profile_1" { + provider = google-beta + name = "tf-test-tf-security-profile%{random_suffix}" + type = "THREAT_PREVENTION" + parent = "organizations/%{org_id}" + location = "global" +} +`, context) +} +{{- end }} + diff --git a/mmv1/third_party/terraform/services/container/go/node_config.go.tmpl b/mmv1/third_party/terraform/services/container/go/node_config.go.tmpl index 3e54a9c8a3d9..74fd6c15f8e6 100644 --- a/mmv1/third_party/terraform/services/container/go/node_config.go.tmpl +++ b/mmv1/third_party/terraform/services/container/go/node_config.go.tmpl @@ -600,9 +600,9 @@ func schemaNodeConfig() *schema.Schema { Schema: map[string]*schema.Schema{ "cpu_manager_policy": { Type: schema.TypeString, - Required: true, + Optional: true, ValidateFunc: validation.StringInSlice([]string{"static", "none", ""}, false), - Description: `Control the CPU management policy on the node.`, + Description: `Control the CPU management policy on the node.`, }, "cpu_cfs_quota": { Type: schema.TypeBool, diff --git a/mmv1/third_party/terraform/services/container/go/resource_container_cluster_test.go.tmpl b/mmv1/third_party/terraform/services/container/go/resource_container_cluster_test.go.tmpl index 23e71a030bd0..abb1ab9d3d31 100644 --- a/mmv1/third_party/terraform/services/container/go/resource_container_cluster_test.go.tmpl +++ b/mmv1/third_party/terraform/services/container/go/resource_container_cluster_test.go.tmpl @@ -1535,6 +1535,40 @@ func TestAccContainerCluster_withNodeConfig(t *testing.T) { }) } +// Note: Updates for these are currently known to be broken (b/361634104), and +// so are not tested here. +// They can probably be made similar to, or consolidated with, +// TestAccContainerCluster_withInsecureKubeletReadonlyPortEnabledInNodeConfigUpdates +// after that's resolved. +func TestAccContainerCluster_withNodeConfigKubeletConfigSettings(t *testing.T) { + t.Parallel() + clusterName := fmt.Sprintf("tf-test-cluster-%s", acctest.RandString(t, 10)) + networkName := acctest.BootstrapSharedTestNetwork(t, "gke-cluster") + subnetworkName := acctest.BootstrapSubnet(t, "gke-cluster", networkName) + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckContainerClusterDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccContainerCluster_withNodeConfigKubeletConfigSettings(clusterName, networkName, subnetworkName), + ConfigPlanChecks: resource.ConfigPlanChecks{ + PreApply: []plancheck.PlanCheck{ + acctest.ExpectNoDelete(), + }, + }, + }, + { + ResourceName: "google_container_cluster.with_node_config_kubelet_config_settings", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, + }, + }, + }) +} + // This is for node_config.kubelet_config, which affects the default node-pool // (default-pool) when created via the google_container_cluster resource func TestAccContainerCluster_withInsecureKubeletReadonlyPortEnabledInNodeConfigUpdates(t *testing.T) { @@ -6658,6 +6692,28 @@ resource "google_container_cluster" "with_node_config" { `, clusterName, networkName, subnetworkName) } +func testAccContainerCluster_withNodeConfigKubeletConfigSettings(clusterName, networkName, subnetworkName string) string { + return fmt.Sprintf(` +resource "google_container_cluster" "with_node_config_kubelet_config_settings" { + name = "%s" + location = "us-central1-f" + initial_node_count = 1 + + node_config { + kubelet_config { + cpu_manager_policy = "static" + cpu_cfs_quota = true + cpu_cfs_quota_period = "100ms" + pod_pids_limit = 2048 + } + } + deletion_protection = false + network = "%s" + subnetwork = "%s" +} +`, clusterName, networkName, subnetworkName) +} + func testAccContainerCluster_withInsecureKubeletReadonlyPortEnabledInNodeConfig(clusterName, networkName, subnetworkName, insecureKubeletReadonlyPortEnabled string) string { return fmt.Sprintf(` resource "google_container_cluster" "with_insecure_kubelet_readonly_port_enabled_in_node_config" { @@ -6667,9 +6723,6 @@ resource "google_container_cluster" "with_insecure_kubelet_readonly_port_enabled node_config { kubelet_config { - # Must be set when kubelet_config is, but causes permadrift unless set to - # undocumented empty value - cpu_manager_policy = "" insecure_kubelet_readonly_port_enabled = "%s" } } diff --git a/mmv1/third_party/terraform/services/secretmanagerregional/go/iam_secret_manager_regional_secret_test.go b/mmv1/third_party/terraform/services/secretmanagerregional/go/iam_secret_manager_regional_secret_test.go new file mode 100644 index 000000000000..0a3ddebaef22 --- /dev/null +++ b/mmv1/third_party/terraform/services/secretmanagerregional/go/iam_secret_manager_regional_secret_test.go @@ -0,0 +1,197 @@ +package secretmanagerregional_test + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-testing/helper/resource" + + "github.com/hashicorp/terraform-provider-google/google/acctest" + "github.com/hashicorp/terraform-provider-google/google/envvar" +) + +func TestAccSecretManagerRegionalRegionalSecretIam_iamPolicyUpdate(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": acctest.RandString(t, 10), + "role": "roles/secretmanager.secretAccessor", + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckSecretManagerRegionalRegionalSecretDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccSecretManagerRegionalRegionalSecretIam_iamPolicyBasic(context), + }, + { + ResourceName: "google_secret_manager_regional_secret_iam_policy.default", + ImportStateId: fmt.Sprintf("projects/%s/locations/%s/secrets/%s", envvar.GetTestProjectFromEnv(), envvar.GetTestRegionFromEnv(), fmt.Sprintf("tf-test-tf-reg-secret%s", context["random_suffix"])), + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccSecretManagerRegionalRegionalSecretIam_iamPolicyUpdate(context), + }, + { + ResourceName: "google_secret_manager_regional_secret_iam_policy.default", + ImportStateId: fmt.Sprintf("projects/%s/locations/%s/secrets/%s", envvar.GetTestProjectFromEnv(), envvar.GetTestRegionFromEnv(), fmt.Sprintf("tf-test-tf-reg-secret%s", context["random_suffix"])), + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func testAccSecretManagerRegionalRegionalSecretIam_iamPolicyBasic(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_secret_manager_regional_secret" "default" { + secret_id = "tf-test-tf-reg-secret%{random_suffix}" + location = "us-central1" + ttl = "3600s" + + labels = { + label = "my-label" + } + + annotations = { + key1 = "value1" + } +} + +data "google_iam_policy" "default" { + binding { + role = "%{role}" + members = ["user:admin@hashicorptest.com"] + } +} + +resource "google_secret_manager_regional_secret_iam_policy" "default" { + project = google_secret_manager_regional_secret.default.project + location = google_secret_manager_regional_secret.default.location + secret_id = google_secret_manager_regional_secret.default.secret_id + policy_data = data.google_iam_policy.default.policy_data +} +`, context) +} + +func testAccSecretManagerRegionalRegionalSecretIam_iamPolicyUpdate(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_secret_manager_regional_secret" "default" { + secret_id = "tf-test-tf-reg-secret%{random_suffix}" + location = "us-central1" + ttl = "3600s" + + labels = { + label = "my-label" + } + + annotations = { + key1 = "value1" + } +} + +data "google_iam_policy" "default" { + binding { + role = "%{role}" + members = ["user:admin@hashicorptest.com", "user:gterraformtest1@gmail.com"] + } +} + +resource "google_secret_manager_regional_secret_iam_policy" "default" { + project = google_secret_manager_regional_secret.default.project + location = google_secret_manager_regional_secret.default.location + secret_id = google_secret_manager_regional_secret.default.secret_id + policy_data = data.google_iam_policy.default.policy_data +} +`, context) +} + +func TestAccSecretManagerRegionalRegionalSecretIam_iamBindingUpdate(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": acctest.RandString(t, 10), + "role": "roles/secretmanager.secretAccessor", + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckSecretManagerRegionalRegionalSecretDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccSecretManagerRegionalRegionalSecretIam_iamBindingBasic(context), + }, + { + ResourceName: "google_secret_manager_regional_secret_iam_binding.default", + ImportStateId: fmt.Sprintf("projects/%s/locations/%s/secrets/%s roles/secretmanager.secretAccessor", envvar.GetTestProjectFromEnv(), envvar.GetTestRegionFromEnv(), fmt.Sprintf("tf-test-tf-reg-secret%s", context["random_suffix"])), + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccSecretManagerRegionalRegionalSecretIam_iamBindingUpdate(context), + }, + { + ResourceName: "google_secret_manager_regional_secret_iam_binding.default", + ImportStateId: fmt.Sprintf("projects/%s/locations/%s/secrets/%s roles/secretmanager.secretAccessor", envvar.GetTestProjectFromEnv(), envvar.GetTestRegionFromEnv(), fmt.Sprintf("tf-test-tf-reg-secret%s", context["random_suffix"])), + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func testAccSecretManagerRegionalRegionalSecretIam_iamBindingBasic(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_secret_manager_regional_secret" "default" { + secret_id = "tf-test-tf-reg-secret%{random_suffix}" + location = "us-central1" + ttl = "3600s" + + labels = { + label = "my-label" + } + + annotations = { + key1 = "value1" + } +} + +resource "google_secret_manager_regional_secret_iam_binding" "default" { + project = google_secret_manager_regional_secret.default.project + location = google_secret_manager_regional_secret.default.location + secret_id = google_secret_manager_regional_secret.default.secret_id + role = "%{role}" + members = ["user:admin@hashicorptest.com", "user:gterraformtest1@gmail.com"] +} +`, context) +} + +func testAccSecretManagerRegionalRegionalSecretIam_iamBindingUpdate(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_secret_manager_regional_secret" "default" { + secret_id = "tf-test-tf-reg-secret%{random_suffix}" + location = "us-central1" + ttl = "3600s" + + labels = { + label = "my-label" + } + + annotations = { + key1 = "value1" + } +} + +resource "google_secret_manager_regional_secret_iam_binding" "default" { + project = google_secret_manager_regional_secret.default.project + location = google_secret_manager_regional_secret.default.location + secret_id = google_secret_manager_regional_secret.default.secret_id + role = "%{role}" + members = ["user:admin@hashicorptest.com"] +} +`, context) +} diff --git a/mmv1/third_party/terraform/services/secretmanagerregional/go/resource_secret_manager_regional_secret_test.go b/mmv1/third_party/terraform/services/secretmanagerregional/go/resource_secret_manager_regional_secret_test.go new file mode 100644 index 000000000000..f58ab01270b7 --- /dev/null +++ b/mmv1/third_party/terraform/services/secretmanagerregional/go/resource_secret_manager_regional_secret_test.go @@ -0,0 +1,1311 @@ +package secretmanagerregional_test + +import ( + "testing" + + "github.com/hashicorp/terraform-provider-google/google/acctest" + + "github.com/hashicorp/terraform-plugin-testing/helper/resource" +) + +func TestAccSecretManagerRegionalRegionalSecret_import(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": acctest.RandString(t, 10), + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckSecretManagerRegionalRegionalSecretDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccSecretManagerRegionalSecret_basic(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-basic", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + }, + }) +} + +func TestAccSecretManagerRegionalRegionalSecret_labelsUpdate(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": acctest.RandString(t, 10), + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckSecretManagerRegionalRegionalSecretDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccSecretManagerRegionalSecret_withoutLabels(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-with-labels", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + { + Config: testAccSecretManagerRegionalSecret_labelsUpdate(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-with-labels", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + { + Config: testAccSecretManagerRegionalSecret_labelsUpdateOther(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-with-labels", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + { + Config: testAccSecretManagerRegionalSecret_withoutLabels(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-with-labels", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + }, + }) +} + +func TestAccSecretManagerRegionalRegionalSecret_annotationsUpdate(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": acctest.RandString(t, 10), + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckSecretManagerRegionalRegionalSecretDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccSecretManagerRegionalSecret_withoutAnnotations(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-with-annotations", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + { + Config: testAccSecretManagerRegionalSecret_annotationsUpdate(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-with-annotations", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + { + Config: testAccSecretManagerRegionalSecret_annotationsUpdateOther(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-with-annotations", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + { + Config: testAccSecretManagerRegionalSecret_withoutAnnotations(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-with-annotations", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + }, + }) +} + +func TestAccSecretManagerRegionalRegionalSecret_cmekUpdate(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "kms_key_name": acctest.BootstrapKMSKeyWithPurposeInLocationAndName(t, "ENCRYPT_DECRYPT", "us-central1", "tf-secret-manager-managed-central-key3").CryptoKey.Name, + "kms_key_name_other": acctest.BootstrapKMSKeyWithPurposeInLocationAndName(t, "ENCRYPT_DECRYPT", "us-central1", "tf-secret-manager-managed-central-key4").CryptoKey.Name, + "random_suffix": acctest.RandString(t, 10), + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckSecretManagerRegionalRegionalSecretDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccSecretManagerRegionalSecret_withoutCmek(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-cmek-update", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + { + Config: testAccSecretManagerRegionalSecret_cmekUpdate(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-cmek-update", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + { + Config: testAccSecretManagerRegionalSecret_cmekUpdateOther(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-cmek-update", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + { + Config: testAccSecretManagerRegionalSecret_withoutCmek(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-cmek-update", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + }, + }) +} + +func TestAccSecretManagerRegionalRegionalSecret_topicsUpdate(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": acctest.RandString(t, 10), + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckSecretManagerRegionalRegionalSecretDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccSecretManagerRegionalSecret_withoutTopics(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-with-topics", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + { + Config: testAccSecretManagerRegionalSecret_topicsUpdate(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-with-topics", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + { + Config: testAccSecretManagerRegionalSecret_topicsUpdateOther(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-with-topics", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + { + Config: testAccSecretManagerRegionalSecret_withoutTopics(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-with-topics", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + }, + }) +} + +func TestAccSecretManagerRegionalRegionalSecret_rotationInfoUpdate(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "timestamp_1": "2114-11-30T00:00:00Z", + "timestamp_2": "2116-11-30T00:00:00Z", + "random_suffix": acctest.RandString(t, 10), + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckSecretManagerRegionalRegionalSecretDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccSecretManagerRegionalSecret_rotationBasic(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-with-rotation-update", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + { + Config: testAccSecretManagerRegionalSecret_rotationTimeUpdate(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-with-rotation-update", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + { + Config: testAccSecretManagerRegionalSecret_rotationPeriodUpdate(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-with-rotation-update", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + { + Config: testAccSecretManagerRegionalSecret_rotationBasic(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-with-rotation-update", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + }, + }) +} + +func TestAccSecretManagerRegionalRegionalSecret_expireTimeUpdate(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "timestamp_1": "2114-11-30T00:00:00Z", + "timestamp_2": "2116-11-30T00:00:00Z", + "random_suffix": acctest.RandString(t, 10), + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckSecretManagerRegionalRegionalSecretDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccSecretManagerRegionalSecret_withoutTtlAndExpireTime(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-with-expiration", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + { + Config: testAccSecretManagerRegionalSecret_expireTimeBasic(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-with-expiration", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + { + Config: testAccSecretManagerRegionalSecret_expireTimeUpdate(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-with-expiration", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + { + Config: testAccSecretManagerRegionalSecret_withoutTtlAndExpireTime(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-with-expiration", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + }, + }) +} + +func TestAccSecretManagerRegionalRegionalSecret_ttlUpdate(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": acctest.RandString(t, 10), + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckSecretManagerRegionalRegionalSecretDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccSecretManagerRegionalSecret_withoutTtlAndExpireTime(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-with-expiration", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"ttl", "annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + { + Config: testAccSecretManagerRegionalSecret_ttlBasic(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-with-expiration", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"ttl", "annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + { + Config: testAccSecretManagerRegionalSecret_ttlUpdate(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-with-expiration", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"ttl", "annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + { + Config: testAccSecretManagerRegionalSecret_withoutTtlAndExpireTime(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-with-expiration", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"ttl", "annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + }, + }) +} + +func TestAccSecretManagerRegionalRegionalSecret_updateBetweenTtlAndExpireTime(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "timestamp_1": "2114-11-30T00:00:00Z", + "random_suffix": acctest.RandString(t, 10), + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckSecretManagerRegionalRegionalSecretDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccSecretManagerRegionalSecret_ttlBasic(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-with-expiration", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"ttl", "annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + { + Config: testAccSecretManagerRegionalSecret_expireTimeBasic(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-with-expiration", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"ttl", "annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + { + Config: testAccSecretManagerRegionalSecret_ttlBasic(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-with-expiration", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"ttl", "annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + }, + }) +} + +func TestAccSecretManagerRegionalRegionalSecret_versionDestroyTtlUpdate(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": acctest.RandString(t, 10), + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckSecretManagerRegionalRegionalSecretDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccSecretManagerRegionalSecret_withoutVersionDestroyTtl(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-with-version-destroy-ttl", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + { + Config: testAccSecretManagerRegionalSecret_versionDestroyTtlBasic(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-with-version-destroy-ttl", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + { + Config: testAccSecretManagerRegionalSecret_versionDestroyTtlUpdate(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-with-version-destroy-ttl", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + { + Config: testAccSecretManagerRegionalSecret_withoutVersionDestroyTtl(context), + }, + { + ResourceName: "google_secret_manager_regional_secret.regional-secret-with-version-destroy-ttl", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"annotations", "labels", "location", "secret_id", "terraform_labels"}, + }, + }, + }) +} + +// TODO: Uncomment once google_secret_manager_regional_secret_version is added +// func TestAccSecretManagerRegionalRegionalSecret_versionAliasesUpdate(t *testing.T) { +// t.Parallel() +// +// context := map[string]interface{}{ +// "random_suffix": acctest.RandString(t, 10), +// } +// +// acctest.VcrTest(t, resource.TestCase{ +// PreCheck: func() { acctest.AccTestPreCheck(t) }, +// ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), +// CheckDestroy: testAccCheckSecretManagerRegionalRegionalSecretDestroyProducer(t), +// Steps: []resource.TestStep{ +// { +// Config: testAccSecretManagerRegionalSecret_basicRegionalSecretWithVersions(context), +// }, +// { +// ResourceName: "google_secret_manager_regional_secret.regional-secret-with-version-aliases", +// ImportState: true, +// ImportStateVerify: true, +// ImportStateVerifyIgnore: []string{"ttl", "annotations", "labels", "location", "secret_id", "terraform_labels"}, +// }, +// { +// Config: testAccSecretManagerRegionalSecret_versionAliasesBasic(context), +// }, +// { +// ResourceName: "google_secret_manager_regional_secret.regional-secret-with-version-aliases", +// ImportState: true, +// ImportStateVerify: true, +// ImportStateVerifyIgnore: []string{"ttl", "annotations", "labels", "location", "secret_id", "terraform_labels"}, +// }, +// { +// Config: testAccSecretManagerRegionalSecret_versionAliasesUpdate(context), +// }, +// { +// ResourceName: "google_secret_manager_regional_secret.regional-secret-with-version-aliases", +// ImportState: true, +// ImportStateVerify: true, +// ImportStateVerifyIgnore: []string{"ttl", "annotations", "labels", "location", "secret_id", "terraform_labels"}, +// }, +// { +// Config: testAccSecretManagerRegionalSecret_basicRegionalSecretWithVersions(context), +// }, +// { +// ResourceName: "google_secret_manager_regional_secret.regional-secret-with-version-aliases", +// ImportState: true, +// ImportStateVerify: true, +// ImportStateVerifyIgnore: []string{"ttl", "annotations", "labels", "location", "secret_id", "terraform_labels"}, +// }, +// }, +// }) +// } + +func testAccSecretManagerRegionalSecret_basic(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_secret_manager_regional_secret" "regional-secret-basic" { + secret_id = "tf-test-reg-secret-%{random_suffix}" + location = "us-central1" +} +`, context) +} + +func testAccSecretManagerRegionalSecret_withoutLabels(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_secret_manager_regional_secret" "regional-secret-with-labels" { + secret_id = "tf-test-reg-secret-%{random_suffix}" + location = "us-central1" + + annotations = { + annotationkey = "annotation-value" + } +} +`, context) +} + +func testAccSecretManagerRegionalSecret_labelsUpdate(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_secret_manager_regional_secret" "regional-secret-with-labels" { + secret_id = "tf-test-reg-secret-%{random_suffix}" + location = "us-central1" + + labels = { + key1 = "value1" + key2 = "value2" + key3 = "value3" + key4 = "value4" + key5 = "value5" + } + + annotations = { + annotationkey = "annotation-value" + } +} +`, context) +} + +func testAccSecretManagerRegionalSecret_labelsUpdateOther(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_secret_manager_regional_secret" "regional-secret-with-labels" { + secret_id = "tf-test-reg-secret-%{random_suffix}" + location = "us-central1" + + labels = { + key1 = "value1" + key2 = "updatevalue2" + updatekey3 = "value3" + updatekey4 = "updatevalue4" + key6 = "value6" + } + + annotations = { + annotationkey = "annotation-value" + } +} +`, context) +} + +func testAccSecretManagerRegionalSecret_withoutAnnotations(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_secret_manager_regional_secret" "regional-secret-with-annotations" { + secret_id = "tf-test-reg-secret-%{random_suffix}" + location = "us-central1" + + labels = { + mykey = "myvalue" + } +} +`, context) +} + +func testAccSecretManagerRegionalSecret_annotationsUpdate(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_secret_manager_regional_secret" "regional-secret-with-annotations" { + secret_id = "tf-test-reg-secret-%{random_suffix}" + location = "us-central1" + + labels = { + mykey = "myvalue" + } + + annotations = { + key1 = "value1" + key2 = "value2" + key3 = "value3" + key4 = "value4" + key5 = "value5" + } +} +`, context) +} + +func testAccSecretManagerRegionalSecret_annotationsUpdateOther(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_secret_manager_regional_secret" "regional-secret-with-annotations" { + secret_id = "tf-test-reg-secret-%{random_suffix}" + location = "us-central1" + + labels = { + mykey = "myvalue" + } + + annotations = { + key1 = "value1" + key2 = "updatevalue2" + updatekey3 = "value3" + updatekey4 = "updatevalue4" + key6 = "value6" + } +} +`, context) +} + +func testAccSecretManagerRegionalSecret_withoutCmek(context map[string]interface{}) string { + return acctest.Nprintf(` +data "google_project" "project" {} + +resource "google_kms_crypto_key_iam_member" "kms-regional-secret-binding-1" { + crypto_key_id = "%{kms_key_name}" + role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" + member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com" +} + +resource "google_kms_crypto_key_iam_member" "kms-regional-secret-binding-2" { + crypto_key_id = "%{kms_key_name_other}" + role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" + member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com" +} + +resource "google_secret_manager_regional_secret" "regional-secret-cmek-update" { + secret_id = "tf-test-secret%{random_suffix}" + location = "us-central1" + + depends_on = [ + google_kms_crypto_key_iam_member.kms-regional-secret-binding-1, + google_kms_crypto_key_iam_member.kms-regional-secret-binding-2, + ] +} +`, context) +} + +func testAccSecretManagerRegionalSecret_cmekUpdate(context map[string]interface{}) string { + return acctest.Nprintf(` +data "google_project" "project" {} + +resource "google_kms_crypto_key_iam_member" "kms-regional-secret-binding-1" { + crypto_key_id = "%{kms_key_name}" + role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" + member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com" +} + +resource "google_kms_crypto_key_iam_member" "kms-regional-secret-binding-2" { + crypto_key_id = "%{kms_key_name_other}" + role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" + member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com" +} + +resource "google_secret_manager_regional_secret" "regional-secret-cmek-update" { + secret_id = "tf-test-secret%{random_suffix}" + location = "us-central1" + + customer_managed_encryption { + kms_key_name = "%{kms_key_name}" + } + + depends_on = [ + google_kms_crypto_key_iam_member.kms-regional-secret-binding-1, + google_kms_crypto_key_iam_member.kms-regional-secret-binding-2, + ] +} +`, context) +} + +func testAccSecretManagerRegionalSecret_cmekUpdateOther(context map[string]interface{}) string { + return acctest.Nprintf(` +data "google_project" "project" {} + +resource "google_kms_crypto_key_iam_member" "kms-regional-secret-binding-1" { + crypto_key_id = "%{kms_key_name}" + role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" + member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com" +} + +resource "google_kms_crypto_key_iam_member" "kms-regional-secret-binding-2" { + crypto_key_id = "%{kms_key_name_other}" + role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" + member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com" +} + +resource "google_secret_manager_regional_secret" "regional-secret-cmek-update" { + secret_id = "tf-test-secret%{random_suffix}" + location = "us-central1" + + customer_managed_encryption { + kms_key_name = "%{kms_key_name_other}" + } + + depends_on = [ + google_kms_crypto_key_iam_member.kms-regional-secret-binding-1, + google_kms_crypto_key_iam_member.kms-regional-secret-binding-2, + ] +} +`, context) +} + +func testAccSecretManagerRegionalSecret_withoutTopics(context map[string]interface{}) string { + return acctest.Nprintf(` +data "google_project" "project" {} + +resource "google_pubsub_topic" "topic-1" { + name = "tf-test-topic-1-%{random_suffix}" +} + +resource "google_pubsub_topic" "topic-2" { + name = "tf-test-topic-2-%{random_suffix}" +} + +resource "google_pubsub_topic" "topic-3" { + name = "tf-test-topic-3-%{random_suffix}" +} + +resource "google_pubsub_topic_iam_member" "secrets_manager_access_1" { + topic = google_pubsub_topic.topic-1.name + member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com" + role = "roles/pubsub.publisher" +} + +resource "google_pubsub_topic_iam_member" "secrets_manager_access_2" { + topic = google_pubsub_topic.topic-2.name + member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com" + role = "roles/pubsub.publisher" +} + +resource "google_pubsub_topic_iam_member" "secrets_manager_access_3" { + topic = google_pubsub_topic.topic-3.name + member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com" + role = "roles/pubsub.publisher" +} + +resource "google_secret_manager_regional_secret" "regional-secret-with-topics" { + secret_id = "tf-test-reg-secret-%{random_suffix}" + location = "us-central1" + + labels = { + mykey = "myvalue" + } + + depends_on = [ + google_pubsub_topic_iam_member.secrets_manager_access_1, + google_pubsub_topic_iam_member.secrets_manager_access_2, + google_pubsub_topic_iam_member.secrets_manager_access_3, + ] +} +`, context) +} + +func testAccSecretManagerRegionalSecret_topicsUpdate(context map[string]interface{}) string { + return acctest.Nprintf(` +data "google_project" "project" {} + +resource "google_pubsub_topic" "topic-1" { + name = "tf-test-topic-1-%{random_suffix}" +} + +resource "google_pubsub_topic" "topic-2" { + name = "tf-test-topic-2-%{random_suffix}" +} + +resource "google_pubsub_topic" "topic-3" { + name = "tf-test-topic-3-%{random_suffix}" +} + +resource "google_pubsub_topic_iam_member" "secrets_manager_access_1" { + topic = google_pubsub_topic.topic-1.name + member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com" + role = "roles/pubsub.publisher" +} + +resource "google_pubsub_topic_iam_member" "secrets_manager_access_2" { + topic = google_pubsub_topic.topic-2.name + member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com" + role = "roles/pubsub.publisher" +} + +resource "google_pubsub_topic_iam_member" "secrets_manager_access_3" { + topic = google_pubsub_topic.topic-3.name + member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com" + role = "roles/pubsub.publisher" +} + +resource "google_secret_manager_regional_secret" "regional-secret-with-topics" { + secret_id = "tf-test-reg-secret-%{random_suffix}" + location = "us-central1" + + labels = { + mykey = "myvalue" + } + + topics { + name = google_pubsub_topic.topic-1.id + } + + topics { + name = google_pubsub_topic.topic-2.id + } + + depends_on = [ + google_pubsub_topic_iam_member.secrets_manager_access_1, + google_pubsub_topic_iam_member.secrets_manager_access_2, + google_pubsub_topic_iam_member.secrets_manager_access_3, + ] +} +`, context) +} + +func testAccSecretManagerRegionalSecret_topicsUpdateOther(context map[string]interface{}) string { + return acctest.Nprintf(` +data "google_project" "project" {} + +resource "google_pubsub_topic" "topic-1" { + name = "tf-test-topic-1-%{random_suffix}" +} + +resource "google_pubsub_topic" "topic-2" { + name = "tf-test-topic-2-%{random_suffix}" +} + +resource "google_pubsub_topic" "topic-3" { + name = "tf-test-topic-3-%{random_suffix}" +} + +resource "google_pubsub_topic_iam_member" "secrets_manager_access_1" { + topic = google_pubsub_topic.topic-1.name + member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com" + role = "roles/pubsub.publisher" +} + +resource "google_pubsub_topic_iam_member" "secrets_manager_access_2" { + topic = google_pubsub_topic.topic-2.name + member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com" + role = "roles/pubsub.publisher" +} + +resource "google_pubsub_topic_iam_member" "secrets_manager_access_3" { + topic = google_pubsub_topic.topic-3.name + member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com" + role = "roles/pubsub.publisher" +} + +resource "google_secret_manager_regional_secret" "regional-secret-with-topics" { + secret_id = "tf-test-reg-secret-%{random_suffix}" + location = "us-central1" + + labels = { + mykey = "myvalue" + } + + topics { + name = google_pubsub_topic.topic-1.id + } + + topics { + name = google_pubsub_topic.topic-3.id + } + + depends_on = [ + google_pubsub_topic_iam_member.secrets_manager_access_1, + google_pubsub_topic_iam_member.secrets_manager_access_2, + google_pubsub_topic_iam_member.secrets_manager_access_3, + ] +} +`, context) +} + +func testAccSecretManagerRegionalSecret_rotationBasic(context map[string]interface{}) string { + return acctest.Nprintf(` +data "google_project" "project" {} + +resource "google_pubsub_topic" "topic-update" { + name = "tf-test-topic%{random_suffix}" +} + +resource "google_pubsub_topic_iam_member" "secrets_manager_topic_access" { + topic = google_pubsub_topic.topic-update.name + role = "roles/pubsub.publisher" + member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com" +} + +resource "google_secret_manager_regional_secret" "regional-secret-with-rotation-update" { + secret_id = "tf-test-reg-secret%{random_suffix}" + location = "us-central1" + + topics { + name = google_pubsub_topic.topic-update.id + } + + rotation { + rotation_period = "7200s" + next_rotation_time = "%{timestamp_1}" + } + + depends_on = [ + google_pubsub_topic_iam_member.secrets_manager_topic_access, + ] +} +`, context) +} + +func testAccSecretManagerRegionalSecret_rotationTimeUpdate(context map[string]interface{}) string { + return acctest.Nprintf(` +data "google_project" "project" {} + +resource "google_pubsub_topic" "topic-update" { + name = "tf-test-topic%{random_suffix}" +} + +resource "google_pubsub_topic_iam_member" "secrets_manager_topic_access" { + topic = google_pubsub_topic.topic-update.name + role = "roles/pubsub.publisher" + member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com" +} + +resource "google_secret_manager_regional_secret" "regional-secret-with-rotation-update" { + secret_id = "tf-test-reg-secret%{random_suffix}" + location = "us-central1" + + topics { + name = google_pubsub_topic.topic-update.id + } + + rotation { + rotation_period = "7200s" + next_rotation_time = "%{timestamp_2}" + } + + depends_on = [ + google_pubsub_topic_iam_member.secrets_manager_topic_access, + ] +} +`, context) +} + +func testAccSecretManagerRegionalSecret_rotationPeriodUpdate(context map[string]interface{}) string { + return acctest.Nprintf(` +data "google_project" "project" {} + +resource "google_pubsub_topic" "topic-update" { + name = "tf-test-topic%{random_suffix}" +} + +resource "google_pubsub_topic_iam_member" "secrets_manager_topic_access" { + topic = google_pubsub_topic.topic-update.name + role = "roles/pubsub.publisher" + member = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-secretmanager.iam.gserviceaccount.com" +} + +resource "google_secret_manager_regional_secret" "regional-secret-with-rotation-update" { + secret_id = "tf-test-reg-secret%{random_suffix}" + location = "us-central1" + + topics { + name = google_pubsub_topic.topic-update.id + } + + rotation { + rotation_period = "10800s" + next_rotation_time = "%{timestamp_2}" + } + + depends_on = [ + google_pubsub_topic_iam_member.secrets_manager_topic_access, + ] +} +`, context) +} + +func testAccSecretManagerRegionalSecret_withoutTtlAndExpireTime(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_secret_manager_regional_secret" "regional-secret-with-expiration" { + secret_id = "tf-test-reg-secret%{random_suffix}" + location = "us-central1" + + labels = { + mylabel = "mykey" + } + + annotations = { + myannot = "myannotkey" + } +} +`, context) +} + +func testAccSecretManagerRegionalSecret_expireTimeBasic(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_secret_manager_regional_secret" "regional-secret-with-expiration" { + secret_id = "tf-test-reg-secret%{random_suffix}" + location = "us-central1" + + labels = { + mylabel = "mykey" + } + + annotations = { + myannot = "myannotkey" + } + + expire_time = "%{timestamp_1}" +} +`, context) +} + +func testAccSecretManagerRegionalSecret_expireTimeUpdate(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_secret_manager_regional_secret" "regional-secret-with-expiration" { + secret_id = "tf-test-reg-secret%{random_suffix}" + location = "us-central1" + + labels = { + mylabel = "mykey" + } + + annotations = { + myannot = "myannotkey" + } + + expire_time = "%{timestamp_2}" +} +`, context) +} + +func testAccSecretManagerRegionalSecret_ttlBasic(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_secret_manager_regional_secret" "regional-secret-with-expiration" { + secret_id = "tf-test-reg-secret%{random_suffix}" + location = "us-central1" + + labels = { + mylabel = "mykey" + } + + annotations = { + myannot = "myannotkey" + } + + ttl = "360000s" +} +`, context) +} + +func testAccSecretManagerRegionalSecret_ttlUpdate(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_secret_manager_regional_secret" "regional-secret-with-expiration" { + secret_id = "tf-test-reg-secret%{random_suffix}" + location = "us-central1" + + labels = { + mylabel = "mykey" + } + + annotations = { + myannot = "myannotkey" + } + + ttl = "720000s" +} +`, context) +} + +func testAccSecretManagerRegionalSecret_withoutVersionDestroyTtl(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_secret_manager_regional_secret" "regional-secret-with-version-destroy-ttl" { + secret_id = "tf-test-reg-secret%{random_suffix}" + location = "us-central1" + + labels = { + mylabel = "mykey" + } + + annotations = { + myannot = "myannotkey" + } +} +`, context) +} + +func testAccSecretManagerRegionalSecret_versionDestroyTtlBasic(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_secret_manager_regional_secret" "regional-secret-with-version-destroy-ttl" { + secret_id = "tf-test-reg-secret%{random_suffix}" + location = "us-central1" + + labels = { + mylabel = "mykey" + } + + annotations = { + myannot = "myannotkey" + } + + version_destroy_ttl = "90000s" +} +`, context) +} + +func testAccSecretManagerRegionalSecret_versionDestroyTtlUpdate(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_secret_manager_regional_secret" "regional-secret-with-version-destroy-ttl" { + secret_id = "tf-test-reg-secret%{random_suffix}" + location = "us-central1" + + labels = { + mylabel = "mykey" + } + + annotations = { + myannot = "myannotkey" + } + + version_destroy_ttl = "360000s" +} +`, context) +} + +// TODO: Uncomment once google_secret_manager_regional_secret_version is added +// func testAccSecretManagerRegionalSecret_basicRegionalSecretWithVersions(context map[string]interface{}) string { +// return acctest.Nprintf(` +// resource "google_secret_manager_regional_secret" "regional-secret-with-version-aliases" { +// secret_id = "tf-test-reg-secret%{random_suffix}" +// location = "us-central1" +// +// labels = { +// mylabel = "mykey" +// } +// } +// +// resource "google_secret_manager_regional_secret_version" "reg-secret-version-1" { +// secret = google_secret_manager_regional_secret.regional-secret-with-version-aliases.id +// +// secret_data = "very secret data keep it down %{random_suffix}-1" +// } +// +// resource "google_secret_manager_regional_secret_version" "reg-secret-version-2" { +// secret = google_secret_manager_regional_secret.regional-secret-with-version-aliases.id +// +// secret_data = "very secret data keep it down %{random_suffix}-2" +// } +// +// resource "google_secret_manager_regional_secret_version" "reg-secret-version-3" { +// secret = google_secret_manager_regional_secret.regional-secret-with-version-aliases.id +// +// secret_data = "very secret data keep it down %{random_suffix}-3" +// } +// +// resource "google_secret_manager_regional_secret_version" "reg-secret-version-4" { +// secret = google_secret_manager_regional_secret.regional-secret-with-version-aliases.id +// +// secret_data = "very secret data keep it down %{random_suffix}-4" +// } +// `, context) +// } +// +// func testAccSecretManagerRegionalSecret_versionAliasesBasic(context map[string]interface{}) string { +// return acctest.Nprintf(` +// resource "google_secret_manager_regional_secret" "regional-secret-with-version-aliases" { +// secret_id = "tf-test-reg-secret%{random_suffix}" +// location = "us-central1" +// +// version_aliases = { +// firstalias = "1", +// secondalias = "2", +// thirdalias = "3", +// otheralias = "2", +// somealias = "3" +// } +// +// labels = { +// mylabel = "mykey" +// } +// } +// +// resource "google_secret_manager_regional_secret_version" "reg-secret-version-1" { +// secret = google_secret_manager_regional_secret.regional-secret-with-version-aliases.id +// +// secret_data = "very secret data keep it down %{random_suffix}-1" +// } +// +// resource "google_secret_manager_regional_secret_version" "reg-secret-version-2" { +// secret = google_secret_manager_regional_secret.regional-secret-with-version-aliases.id +// +// secret_data = "very secret data keep it down %{random_suffix}-2" +// } +// +// resource "google_secret_manager_regional_secret_version" "reg-secret-version-3" { +// secret = google_secret_manager_regional_secret.regional-secret-with-version-aliases.id +// +// secret_data = "very secret data keep it down %{random_suffix}-3" +// } +// +// resource "google_secret_manager_regional_secret_version" "reg-secret-version-4" { +// secret = google_secret_manager_regional_secret.regional-secret-with-version-aliases.id +// +// secret_data = "very secret data keep it down %{random_suffix}-4" +// } +// `, context) +// } +// +// func testAccSecretManagerRegionalSecret_versionAliasesUpdate(context map[string]interface{}) string { +// return acctest.Nprintf(` +// resource "google_secret_manager_regional_secret" "regional-secret-with-version-aliases" { +// secret_id = "tf-test-reg-secret%{random_suffix}" +// location = "us-central1" +// +// version_aliases = { +// firstalias = "1", +// secondaliasupdated = "2", +// otheralias = "1", +// somealias = "3", +// fourthalias = "4" +// } +// +// labels = { +// mylabel = "mykey" +// } +// } +// +// resource "google_secret_manager_regional_secret_version" "reg-secret-version-1" { +// secret = google_secret_manager_regional_secret.regional-secret-with-version-aliases.id +// +// secret_data = "very secret data keep it down %{random_suffix}-1" +// } +// +// resource "google_secret_manager_regional_secret_version" "reg-secret-version-2" { +// secret = google_secret_manager_regional_secret.regional-secret-with-version-aliases.id +// +// secret_data = "very secret data keep it down %{random_suffix}-2" +// } +// +// resource "google_secret_manager_regional_secret_version" "reg-secret-version-3" { +// secret = google_secret_manager_regional_secret.regional-secret-with-version-aliases.id +// +// secret_data = "very secret data keep it down %{random_suffix}-3" +// } +// +// resource "google_secret_manager_regional_secret_version" "reg-secret-version-4" { +// secret = google_secret_manager_regional_secret.regional-secret-with-version-aliases.id +// +// secret_data = "very secret data keep it down %{random_suffix}-4" +// } +// `, context) +// }