Create network edge security services and region security policy

[felipegc]

fixes hashicorp/terraform-provider-google#14520
fixes hashicorp/terraform-provider-google#13978
related to GoogleCloudPlatform/terraform-google-cloud-armor#24

Adding the necessary resources to make it possible to activate the new policy type "CLOUD_ARMOR_NETWORK" and "ddos_protection_config"

If this PR is for Terraform, I acknowledge that I have:

• Searched through the issue tracker for an open issue that this either resolves or contributes to, commented on it to claim it, and written "fixes {url}" or "part of {url}" in this PR description. If there were no relevant open issues, I opened one and commented that I would like to work on it (not necessary for very small changes).
• Ensured that all new fields I added that can be set by a user appear in at least one example (for generated resources) or third_party test (for handwritten resources or update tests).
• Generated Terraform providers, and ran make test and make lint in the generated providers to ensure it passes unit and linter tests.
• Ran relevant acceptance tests using my own Google Cloud project and credentials (If the acceptance tests do not yet pass or you are unable to run them, please let your reviewer know).
• Read the Release Notes Guide before writing my release note below.

Release Note Template for Downstream PRs (will be copied)

`google_compute_region_security_policy` (beta)

`google_compute_network_edge_security_service` (beta)

[modular-magician]

Hello! I am a robot who works on Magic Modules PRs.

I've detected that you're a community contributor. @shuyama1, a repository maintainer, has been assigned to assist you and help review your changes.

❓ First time contributing? Click here for more details

---

Your assigned reviewer will help review your code by:

• Ensuring it's backwards compatible, covers common error cases, etc.
• Summarizing the change into a user-facing changelog note.
• Passes tests, either our "VCR" suite, a set of presubmit tests, or with manual test runs.

You can help make sure that review is quick by running local tests and ensuring they're passing in between each push you make to your PR's branch. Also, try to leave a comment with each push you make, as pushes generally don't generate emails.

If your reviewer doesn't get back to you within a week after your most recent change, please feel free to leave a comment on the issue asking them to take a look! In the absence of a dedicated review dashboard most maintainers manage their pending reviews through email, and those will sometimes get lost in their inbox.

---

[felipegc]

@shuyama1 The tests are likely to fail because the project requires "Cloud Armor Managed Protection Plus" tier activated.

The message is probably something like this:

"Error: Error creating NetworkEdgeSecurityService: googleapi: Error 400: Network Security Policies require Cloud Armor Managed Protection Plus tier and above to use., badRequest"

Could you please verify how to activate it in the build project?

https://cloud.google.com/armor/docs/managed-protection-overview

Thanks

[shuyama1]

@felipegc Thanks for the info. Taking a look now.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

Terraform GA: Diff ( 4 files changed, 293 insertions(+))
Terraform Beta: Diff ( 11 files changed, 2007 insertions(+), 2 deletions(-))
TF Conversion: Diff ( 2 files changed, 3 insertions(+), 3 deletions(-))
TF OiCS: Diff ( 8 files changed, 220 insertions(+))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_compute_network_edge_security_service (3 total tests)
Untested fields: validate_only

Please add acceptance tests which include these fields.

[modular-magician]

Tests analytics

Total tests: 2752
Passed tests 2457
Skipped tests: 283
Affected tests: 12

Action taken

Found 12 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

TestAccComputeRegionSecurityPolicy_regionSecurityPolicyBasicUpdateExample|TestAccComputeRegionSecurityPolicy_regionSecurityPolicyWithDdosProtectionConfigExample|TestAccComputeRegionSecurityPolicy_regionSecurityPolicyBasicExample|TestAccComputeNetworkEdgeSecurityService_update|TestAccComputeNetworkEdgeSecurityService_computeNetworkEdgeSecurityServiceBasicExample|TestAccComputeFirewallPolicyRule_multipleRules|TestAccAlloydbBackup_missingLocation|TestAccApigeeKeystoresAliasesKeyCertFile_apigeeKeystoresAliasesKeyCertFileTestExample|TestAccApigeeKeystoresAliasesPkcs12_ApigeeKeystoresAliasesPkcs12Example|TestAccAlloydbCluster_missingLocation|TestAccDataSourceAlloydbLocations_basic|TestAccDataSourceGoogleFirebaseAndroidAppConfig

Get to know how VCR tests work

[modular-magician]

Tests passed during RECORDING mode:
TestAccComputeRegionSecurityPolicy_regionSecurityPolicyBasicExample[Debug log]
TestAccAlloydbBackup_missingLocation[Debug log]
TestAccApigeeKeystoresAliasesKeyCertFile_apigeeKeystoresAliasesKeyCertFileTestExample[Debug log]
TestAccApigeeKeystoresAliasesPkcs12_ApigeeKeystoresAliasesPkcs12Example[Debug log]
TestAccAlloydbCluster_missingLocation[Debug log]
TestAccDataSourceAlloydbLocations_basic[Debug log]
TestAccDataSourceGoogleFirebaseAndroidAppConfig[Debug log]

Tests failed during RECORDING mode:
TestAccComputeRegionSecurityPolicy_regionSecurityPolicyBasicUpdateExample[Error message] [Debug log]
TestAccComputeRegionSecurityPolicy_regionSecurityPolicyWithDdosProtectionConfigExample[Error message] [Debug log]
TestAccComputeNetworkEdgeSecurityService_update[Error message] [Debug log]
TestAccComputeNetworkEdgeSecurityService_computeNetworkEdgeSecurityServiceBasicExample[Error message] [Debug log]
TestAccComputeFirewallPolicyRule_multipleRules[Error message] [Debug log]

Please fix these to complete your PR
View the build log or the debug log for each test

[shuyama1]

Working with internal teams to get our projects switch to Cloud Armor Managed Protection Plus and will rerun tests after.

[felipegc]

Hi @shuyama1 do you have any news about bumping the projects to "Cloud Armor Managed Protection Plus"?
I am already working on developing the rules for the policy which will be dependent on the resources in this PR.
Thanks

[shuyama1]

Hi @felipegc. Sorry, I haven't heard back from the internal team but I'll try to check in with them today.

[felipegc]

@shuyama1 I think I have addressed all issues right? Could you continue the review please? Thanks

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

Terraform GA: Diff ( 4 files changed, 293 insertions(+))
Terraform Beta: Diff ( 11 files changed, 2008 insertions(+), 2 deletions(-))
TF Conversion: Diff ( 2 files changed, 3 insertions(+), 3 deletions(-))
TF OiCS: Diff ( 8 files changed, 220 insertions(+))

[modular-magician]

Tests analytics

Total tests: 2803
Passed tests 2500
Skipped tests: 301
Affected tests: 2

Action taken

Found 2 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

TestAccComputeFirewallPolicyRule_multipleRules|TestAccComputeNetworkEndpoints_networkEndpointsBasic

Get to know how VCR tests work

[modular-magician]

Tests passed during RECORDING mode:
TestAccComputeNetworkEndpoints_networkEndpointsBasic[Debug log]

Tests failed during RECORDING mode:
TestAccComputeFirewallPolicyRule_multipleRules[Error message] [Debug log]

Please fix these to complete your PR
View the build log or the debug log for each test

[shuyama1]

Overall LGTM! only some small comments

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

Terraform GA: Diff ( 4 files changed, 293 insertions(+))
Terraform Beta: Diff ( 11 files changed, 2009 insertions(+), 2 deletions(-))
TF Conversion: Diff ( 2 files changed, 3 insertions(+), 3 deletions(-))
TF OiCS: Diff ( 8 files changed, 220 insertions(+))

[modular-magician]

Tests analytics

Total tests: 2815
Passed tests 2510
Skipped tests: 301
Affected tests: 4

Action taken

Found 4 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

TestAccComputeNetworkEdgeSecurityService_update|TestAccComputeNetworkEdgeSecurityService_computeNetworkEdgeSecurityServiceBasicExample|TestAccComputeNetworkEndpoints_networkEndpointsBasic|TestAccComputeFirewallPolicyRule_multipleRules

Get to know how VCR tests work

[modular-magician]

Tests passed during RECORDING mode:
TestAccComputeNetworkEdgeSecurityService_update[Debug log]
TestAccComputeNetworkEdgeSecurityService_computeNetworkEdgeSecurityServiceBasicExample[Debug log]
TestAccComputeNetworkEndpoints_networkEndpointsBasic[Debug log]

Tests failed during RECORDING mode:
TestAccComputeFirewallPolicyRule_multipleRules[Error message] [Debug log]

Please fix these to complete your PR
View the build log or the debug log for each test

[shuyama1]

Thank you!