Add VPC Flow Logs Config Terraform API (GoogleCloudPlatform#12161)

Signed-off-by: alkobi-google <[email protected]>

Author: alkobi-google

mmv1/products/networkmanagement/VpcFlowLogsConfig.yaml

@@ -0,0 +1,177 @@
+# Copyright 2024 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+name: 'VpcFlowLogsConfig'
+description:
+  VPC Flow Logs Config is a resource that lets you configure
+  Flow Logs for VPC, Interconnect attachments or VPN Tunnels.
+min_version: beta
+id_format: 'projects/{{project}}/locations/{{location}}/vpcFlowLogsConfigs/{{vpc_flow_logs_config_id}}'
+base_url: 'projects/{{project}}/locations/{{location}}/vpcFlowLogsConfigs'
+self_link: 'projects/{{project}}/locations/{{location}}/vpcFlowLogsConfigs/{{vpc_flow_logs_config_id}}'
+create_url: 'projects/{{project}}/locations/{{location}}/vpcFlowLogsConfigs?vpcFlowLogsConfigId={{vpc_flow_logs_config_id}}'
+update_verb: 'PATCH'
+update_mask: true
+import_format:
+  - 'projects/{{project}}/locations/{{location}}/vpcFlowLogsConfigs/{{vpc_flow_logs_config_id}}'
+timeouts:
+  insert_minutes: 20
+  update_minutes: 20
+  delete_minutes: 20
+autogen_async: true
+async:
+  actions: ['create', 'delete', 'update']
+  type: 'OpAsync'
+  operation:
+    base_url: '{{op_id}}'
+    path: 'name'
+    wait_ms: 1000
+  result:
+    path: 'response'
+    resource_inside_response: true
+  error:
+    path: 'error'
+    message: 'message'
+custom_code:
+examples:
+  - name: 'network_management_vpc_flow_logs_config_interconnect_full'
+    primary_resource_id: 'interconnect-test'
+    min_version: 'beta'
+    vars:
+      network_name: 'full-interconnect-test-network'
+      router_name: 'full-interconnect-test-router'
+      vpc_flow_logs_config_id: 'full-interconnect-test-id'
+      interconnect_attachment_name: 'full-interconnect-test-id'
+  - name: 'network_management_vpc_flow_logs_config_interconnect_basic'
+    primary_resource_id: 'interconnect-test'
+    min_version: 'beta'
+    vars:
+      network_name: 'basic-interconnect-test-network'
+      router_name: 'basic-interconnect-test-router'
+      vpc_flow_logs_config_id: 'basic-interconnect-test-id'
+      interconnect_attachment_name: 'basic-interconnect-test-id'
+  - name: 'network_management_vpc_flow_logs_config_vpn_basic'
+    primary_resource_id: 'vpn-test'
+    min_version: 'beta'
+    vars:
+      network_name: 'basic-test-network'
+      vpn_tunnel_name: 'basic-test-tunnel'
+      target_vpn_gateway_name: 'basic-test-gateway'
+      address_name: 'basic-test-address'
+      udp500_forwarding_rule_name: 'basic-test-fr500'
+      udp4500_forwarding_rule_name: 'basic-test-fr4500'
+      esp_forwarding_rule_name: 'basic-test-fresp'
+      route_name: 'basic-test-route'
+      vpc_flow_logs_config_id: 'basic-test-id'
+  - name: 'network_management_vpc_flow_logs_config_vpn_full'
+    primary_resource_id: 'vpn-test'
+    min_version: 'beta'
+    vars:
+      network_name: 'full-test-network'
+      vpn_tunnel_name: 'full-test-tunnel'
+      target_vpn_gateway_name: 'full-test-gateway'
+      address_name: 'full-test-address'
+      udp500_forwarding_rule_name: 'full-test-fr500'
+      udp4500_forwarding_rule_name: 'full-test-fr4500'
+      esp_forwarding_rule_name: 'full-test-fresp'
+      route_name: 'full-test-route'
+      vpc_flow_logs_config_id: 'full-test-id'
+parameters:
+  - name: 'location'
+    type: String
+    description: |
+      Resource ID segment making up resource `name`. It identifies the resource
+      within its parent collection as described in https://google.aip.dev/122. See documentation
+      for resource type `networkmanagement.googleapis.com/VpcFlowLogsConfig`.
+    url_param_only: true
+    required: true
+    immutable: true
+  - name: 'vpcFlowLogsConfigId'
+    type: String
+    description: |
+      Required. ID of the `VpcFlowLogsConfig`.
+    url_param_only: true
+    required: true
+    immutable: true
+properties:
+  - name: 'name'
+    type: String
+    description: |
+      Identifier. Unique name of the configuration using the form:     `projects/{project_id}/locations/global/vpcFlowLogsConfigs/{vpc_flow_logs_config_id}`
+    output: true
+  - name: 'description'
+    type: String
+    description: |
+      Optional. The user-supplied description of the VPC Flow Logs configuration. Maximum
+      of 512 characters.
+  - name: 'state'
+    type: String
+    default_from_api: true
+    description: |
+      Optional. The state of the VPC Flow Log configuration. Default value
+      is ENABLED. When creating a new configuration, it must be enabled.   Possible
+  - name: 'aggregationInterval'
+    type: String
+    default_from_api: true
+    description: |
+      Optional. The aggregation interval for the logs. Default value is
+      INTERVAL_5_SEC.   Possible values:  AGGREGATION_INTERVAL_UNSPECIFIED INTERVAL_5_SEC INTERVAL_30_SEC INTERVAL_1_MIN INTERVAL_5_MIN INTERVAL_10_MIN INTERVAL_15_MIN"
+  - name: 'flowSampling'
+    type: Double
+    default_from_api: true
+    description: |
+      Optional. The value of the field must be in (0, 1]. The sampling rate
+      of VPC Flow Logs where 1.0 means all collected logs are reported. Setting the
+      sampling rate to 0.0 is not allowed. If you want to disable VPC Flow Logs, use
+      the state field instead. Default value is 1.0.
+  - name: 'metadata'
+    type: String
+    default_from_api: true
+    description: |
+      Optional. Configures whether all, none or a subset of metadata fields
+      should be added to the reported VPC flow logs. Default value is INCLUDE_ALL_METADATA.
+        Possible values:  METADATA_UNSPECIFIED INCLUDE_ALL_METADATA EXCLUDE_ALL_METADATA CUSTOM_METADATA
+  - name: 'metadataFields'
+    type: Array
+    description: |
+      Optional. Custom metadata fields to include in the reported VPC flow
+      logs. Can only be specified if \"metadata\" was set to CUSTOM_METADATA.
+    item_type:
+      type: String
+  - name: 'filterExpr'
+    type: String
+    description: |
+      Optional. Export filter used to define which VPC Flow Logs should be logged.
+  - name: 'interconnectAttachment'
+    type: String
+    description: |
+      Traffic will be logged from the Interconnect Attachment. Format: projects/{project_id}/regions/{region}/interconnectAttachments/{name}
+  - name: 'vpnTunnel'
+    type: String
+    description: |
+      Traffic will be logged from the VPN Tunnel. Format: projects/{project_id}/regions/{region}/vpnTunnels/{name}
+  - name: 'labels'
+    type: KeyValueLabels
+    description: |
+      Optional. Resource labels to represent user-provided metadata.
+  - name: 'createTime'
+    type: String
+    description: |
+      Output only. The time the config was created.
+    output: true
+  - name: 'updateTime'
+    type: String
+    description: |
+      Output only. The time the config was updated.
+    output: true

mmv1/products/networkmanagement/product.yaml

@@ -17,6 +17,8 @@ display_name: 'NetworkManagement'
 versions:
   - name: 'ga'
     base_url: 'https://networkmanagement.googleapis.com/v1/'
+  - name: 'beta'
+    base_url: 'https://networkmanagement.googleapis.com/v1beta1/'
 scopes:
   - 'https://www.googleapis.com/auth/cloud-platform'
 async:

mmv1/templates/terraform/examples/network_management_vpc_flow_logs_config_interconnect_basic.tf.tmpl

@@ -0,0 +1,35 @@
+data "google_project" "project" {
+  provider = google-beta
+}
+
+resource "google_network_management_vpc_flow_logs_config" "{{$.PrimaryResourceId}}" {
+  provider                = google-beta
+  vpc_flow_logs_config_id = "{{index $.Vars "vpc_flow_logs_config_id"}}"
+  location                = "global"
+  interconnect_attachment = "projects/${data.google_project.project.number}/regions/us-east4/interconnectAttachments/${google_compute_interconnect_attachment.attachment.name}"
+}
+
+resource "google_compute_network" "network" {
+  provider = google-beta
+  name     = "{{index $.Vars "network_name"}}"
+}
+
+resource "google_compute_router" "router" {
+  provider = google-beta
+  name    = "{{index $.Vars "router_name"}}"
+  network = google_compute_network.network.name
+  bgp {
+    asn = 16550
+  }
+}
+
+resource "google_compute_interconnect_attachment" "attachment" {
+  provider                 = google-beta
+  name                     = "{{index $.Vars "interconnect_attachment_name"}}"
+  edge_availability_domain = "AVAILABILITY_DOMAIN_1"
+  type                     = "PARTNER"
+  router                   = google_compute_router.router.id
+  mtu                      = 1500
+}
+
+

mmv1/templates/terraform/examples/network_management_vpc_flow_logs_config_interconnect_full.tf.tmpl

@@ -0,0 +1,40 @@
+data "google_project" "project" {
+  provider = google-beta
+}
+
+resource "google_network_management_vpc_flow_logs_config" "{{$.PrimaryResourceId}}" {
+  provider                = google-beta
+  vpc_flow_logs_config_id = "{{index $.Vars "vpc_flow_logs_config_id"}}"
+  location                = "global"
+  interconnect_attachment = "projects/${data.google_project.project.number}/regions/us-east4/interconnectAttachments/${google_compute_interconnect_attachment.attachment.name}"
+  state                   = "ENABLED"
+  aggregation_interval    = "INTERVAL_5_SEC"
+  description             = "VPC Flow Logs over a VPN Gateway."
+  flow_sampling           = 0.5
+  metadata                = "INCLUDE_ALL_METADATA"
+}
+
+resource "google_compute_network" "network" {
+  provider = google-beta
+  name     = "{{index $.Vars "network_name"}}"
+}
+
+resource "google_compute_router" "router" {
+  provider = google-beta
+  name    = "{{index $.Vars "router_name"}}"
+  network = google_compute_network.network.name
+  bgp {
+    asn = 16550
+  }
+}
+
+resource "google_compute_interconnect_attachment" "attachment" {
+  provider                 = google-beta
+  name                     = "{{index $.Vars "interconnect_attachment_name"}}"
+  edge_availability_domain = "AVAILABILITY_DOMAIN_1"
+  type                     = "PARTNER"
+  router                   = google_compute_router.router.id
+  mtu                      = 1500
+}
+
+

mmv1/templates/terraform/examples/network_management_vpc_flow_logs_config_vpn_basic.tf.tmpl

@@ -0,0 +1,76 @@
+data "google_project" "project" {
+  provider = google-beta
+}
+
+resource "google_network_management_vpc_flow_logs_config" "{{$.PrimaryResourceId}}" {
+  provider                = google-beta
+  vpc_flow_logs_config_id = "{{index $.Vars "vpc_flow_logs_config_id"}}"
+  location                = "global"
+  vpn_tunnel              = "projects/${data.google_project.project.number}/regions/us-central1/vpnTunnels/${google_compute_vpn_tunnel.tunnel.name}"
+}
+
+resource "google_compute_vpn_tunnel" "tunnel" {
+  provider           = google-beta
+  name               = "{{index $.Vars "vpn_tunnel_name"}}"
+  peer_ip            = "15.0.0.120"
+  shared_secret      = "a secret message"
+  target_vpn_gateway = google_compute_vpn_gateway.target_gateway.id
+
+  depends_on = [
+    google_compute_forwarding_rule.fr_esp,
+    google_compute_forwarding_rule.fr_udp500,
+    google_compute_forwarding_rule.fr_udp4500,
+  ]
+}
+
+resource "google_compute_vpn_gateway" "target_gateway" {
+  provider = google-beta
+  name     = "{{index $.Vars "target_vpn_gateway_name"}}"
+  network  = google_compute_network.network.id
+}
+
+resource "google_compute_network" "network" {
+  provider = google-beta
+  name     = "{{index $.Vars "network_name"}}"
+}
+
+resource "google_compute_address" "vpn_static_ip" {
+  provider = google-beta
+  name     = "{{index $.Vars "address_name"}}"
+}
+
+resource "google_compute_forwarding_rule" "fr_esp" {
+  provider    = google-beta
+  name        = "{{index $.Vars "esp_forwarding_rule_name"}}"
+  ip_protocol = "ESP"
+  ip_address  = google_compute_address.vpn_static_ip.address
+  target      = google_compute_vpn_gateway.target_gateway.id
+}
+
+resource "google_compute_forwarding_rule" "fr_udp500" {
+  provider    = google-beta
+  name        = "{{index $.Vars "udp500_forwarding_rule_name"}}"
+  ip_protocol = "UDP"
+  port_range  = "500"
+  ip_address  = google_compute_address.vpn_static_ip.address
+  target      = google_compute_vpn_gateway.target_gateway.id
+}
+
+resource "google_compute_forwarding_rule" "fr_udp4500" {
+  provider    = google-beta
+  name        = "{{index $.Vars "udp4500_forwarding_rule_name"}}"
+  ip_protocol = "UDP"
+  port_range  = "4500"
+  ip_address  = google_compute_address.vpn_static_ip.address
+  target      = google_compute_vpn_gateway.target_gateway.id
+}
+
+resource "google_compute_route" "route" {
+  provider            = google-beta
+  name                = "{{index $.Vars "route_name"}}"
+  network             = google_compute_network.network.name
+  dest_range          = "15.0.0.0/24"
+  priority            = 1000
+  next_hop_vpn_tunnel = google_compute_vpn_tunnel.tunnel.id
+}
+