Add Authz Extension and Authz Policy resources

[Samir-Cit]

Hello folks.
This PR is to add 2 (two) new resources to the terraform MMv1:

• Authz Extension (google_network_services_authz_extension)
• Authz Policy (google_network_security_authz_policy)

Note: The Authz Policy resource has one field called cloudIap wich is an object without fields. So to make it work on terraform/yaml I needed to add one property called enabled that will be converted to the cloudIap field. You can check this field on the api page.

Release Note Template for Downstream PRs (will be copied)

See Write release notes for guidance.

networksecurity: Added new resource `google_network_security_authz_policy`

networkservices: Added new resource `google_network_services_authz_extension`

[github-actions]

Hello! I am a robot. Tests will require approval from a repository maintainer to run.

@trodge, a repository maintainer, has been assigned to review your changes. If you have not received review feedback within 2 business days, please leave a comment on this PR asking them to take a look.

You can help make sure that review is quick by doing a self-review and by running impacted tests locally.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 11 files changed, 2767 insertions(+), 2 deletions(-))
google-beta provider: Diff ( 11 files changed, 2767 insertions(+), 2 deletions(-))
terraform-google-conversion: Diff ( 2 files changed, 403 insertions(+))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_network_security_authz_policy (1 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_network_security_authz_policy" "primary" {
  custom_provider {
    cloud_iap {
      enabled = # value needed
    }
  }
  labels = # value needed
}

Resource: google_network_services_authz_extension (2 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_network_services_authz_extension" "primary" {
  labels      = # value needed
  metadata    = # value needed
  wire_format = # value needed
}

[modular-magician]

Tests analytics

Total tests: 96
Passed tests: 89
Skipped tests: 5
Affected tests: 2

Click here to see the affected service packages

• networksecurity
• networkservices

Action taken

Found 2 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

• TestAccNetworkSecurityAuthzPolicy_networkServicesAuthzPolicyAdvancedExample
• TestAccNetworkServicesAuthzExtension_networkServicesAuthzExtensionBasicExample

Get to know how VCR tests work

[modular-magician]

🟢 Tests passed during RECORDING mode:
TestAccNetworkServicesAuthzExtension_networkServicesAuthzExtensionBasicExample [Debug log]

🟢 No issues found for passed tests after REPLAYING rerun.

---

🔴 Tests failed during RECORDING mode:
TestAccNetworkSecurityAuthzPolicy_networkServicesAuthzPolicyAdvancedExample [Error message] [Debug log]

🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR.

View the build log or the debug log for each test

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 11 files changed, 5123 insertions(+), 2 deletions(-))
google-beta provider: Diff ( 11 files changed, 5123 insertions(+), 2 deletions(-))
terraform-google-conversion: Diff ( 2 files changed, 1224 insertions(+))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_network_security_authz_policy (1 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_network_security_authz_policy" "primary" {
  custom_provider {
    cloud_iap {
      enabled = # value needed
    }
  }
  http_rules {
    from {
      not_sources {
        principals {
          contains    = # value needed
          exact       = # value needed
          ignore_case = # value needed
          prefix      = # value needed
          suffix      = # value needed
        }
        resources {
          iam_service_account {
            contains    = # value needed
            exact       = # value needed
            ignore_case = # value needed
            prefix      = # value needed
            suffix      = # value needed
          }
          tag_value_id_set {
            ids = # value needed
          }
        }
      }
      sources {
        principals {
          contains    = # value needed
          exact       = # value needed
          ignore_case = # value needed
          prefix      = # value needed
          suffix      = # value needed
        }
        resources {
          iam_service_account {
            contains    = # value needed
            exact       = # value needed
            ignore_case = # value needed
            prefix      = # value needed
            suffix      = # value needed
          }
          tag_value_id_set {
            ids = # value needed
          }
        }
      }
    }
    to {
      operations {
        header_set {
          headers {
            name = # value needed
            value {
              contains    = # value needed
              exact       = # value needed
              ignore_case = # value needed
              prefix      = # value needed
              suffix      = # value needed
            }
          }
        }
        hosts {
          contains    = # value needed
          exact       = # value needed
          ignore_case = # value needed
          prefix      = # value needed
          suffix      = # value needed
        }
        methods = # value needed
        paths {
          contains    = # value needed
          exact       = # value needed
          ignore_case = # value needed
          prefix      = # value needed
          suffix      = # value needed
        }
      }
    }
    when = # value needed
  }
}

[modular-magician]

Tests analytics

Total tests: 96
Passed tests: 89
Skipped tests: 5
Affected tests: 2

Click here to see the affected service packages

• networksecurity
• networkservices

Action taken

Found 2 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

• TestAccNetworkSecurityAuthzPolicy_networkServicesAuthzPolicyAdvancedExample
• TestAccNetworkServicesAuthzExtension_networkServicesAuthzExtensionBasicExample

Get to know how VCR tests work

[modular-magician]

🔴 Tests failed during RECORDING mode:
TestAccNetworkSecurityAuthzPolicy_networkServicesAuthzPolicyAdvancedExample [Error message] [Debug log]
TestAccNetworkServicesAuthzExtension_networkServicesAuthzExtensionBasicExample [Error message] [Debug log]

🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR.

View the build log or the debug log for each test

[github-actions]

@trodge This PR has been waiting for review for 3 weekdays. Please take a look! Use the label disable-review-reminders to disable these notifications.

[github-actions]

@GoogleCloudPlatform/terraform-team @trodge This PR has been waiting for review for 1 week. Please take a look! Use the label disable-review-reminders to disable these notifications.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 13 files changed, 5615 insertions(+), 2 deletions(-))
google-beta provider: Diff ( 13 files changed, 5615 insertions(+), 2 deletions(-))
terraform-google-conversion: Diff ( 2 files changed, 1236 insertions(+))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_network_security_authz_policy (2 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_network_security_authz_policy" "primary" {
  custom_provider {
    cloud_iap {
      enabled = # value needed
    }
  }
}

[modular-magician]

Tests analytics

Total tests: 102
Passed tests: 93
Skipped tests: 5
Affected tests: 4

Click here to see the affected service packages

• networksecurity
• networkservices

Action taken

Found 4 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

• TestAccNetworkSecurityAuthzPolicy_networkServicesAuthzPolicyAdvancedExample
• TestAccNetworkSecurityAuthzPolicy_networkServicesAuthzPolicyHttpRules
• TestAccNetworkServicesAuthzExtension_networkServicesAuthzExtensionBasicExample
• TestAccNetworkServicesAuthzExtension_update

Get to know how VCR tests work

[modular-magician]

🟢 Tests passed during RECORDING mode:
TestAccNetworkSecurityAuthzPolicy_networkServicesAuthzPolicyAdvancedExample [Debug log]
TestAccNetworkSecurityAuthzPolicy_networkServicesAuthzPolicyHttpRules [Debug log]
TestAccNetworkServicesAuthzExtension_networkServicesAuthzExtensionBasicExample [Debug log]
TestAccNetworkServicesAuthzExtension_update [Debug log]

🟢 No issues found for passed tests after REPLAYING rerun.

---

🟢 All tests passed!

View the build log or the debug log for each test