Create network edge security services and region security policy (#7979) (#14971)

Signed-off-by: Modular Magician <[email protected]>
Co-authored-by: diogoEsteves <[email protected]>

Author: modular-magician

.changelog/7979.txt

@@ -0,0 +1,6 @@
+```release-note:new-resource
+`google_compute_region_security_policy` (beta)
+````
+```release-note:new-resource
+`google_compute_network_edge_security_service` (beta)
+```

google/resource_compute_network_edge_security_service_test.go

@@ -0,0 +1,3 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+package google

google/resource_compute_region_security_policy_test.go

@@ -0,0 +1,3 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+package google

website/docs/r/compute_network_edge_security_service.html.markdown

@@ -0,0 +1,121 @@
+---
+# ----------------------------------------------------------------------------
+#
+#     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
+#
+# ----------------------------------------------------------------------------
+#
+#     This file is automatically generated by Magic Modules and manual
+#     changes will be clobbered when the file is regenerated.
+#
+#     Please read more about how to change this file in
+#     .github/CONTRIBUTING.md.
+#
+# ----------------------------------------------------------------------------
+subcategory: "Compute Engine"
+description: |-
+  Google Cloud Armor network edge security service resource.
+---
+
+# google\_compute\_network\_edge\_security\_service
+
+Google Cloud Armor network edge security service resource.
+
+~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider.
+See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources.
+
+To get more information about NetworkEdgeSecurityService, see:
+
+* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/networkEdgeSecurityServices)
+* How-to Guides
+    * [Official Documentation](https://cloud.google.com/armor/docs/advanced-network-ddos?hl=pt-br#activate_advanced_network_ddos_protection)
+
+## Example Usage - Compute Network Edge Security Service Basic
+
+
+```hcl
+resource "google_compute_network_edge_security_service" "default" {
+  provider     = google-beta  
+
+  name         = "my-edge-security-service"
+  region       = "asia-southeast1"
+  description  = "My basic resource"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+
+* `name` -
+  (Required)
+  Name of the resource. Provided by the client when the resource is created.
+
+
+- - -
+
+
+* `description` -
+  (Optional)
+  Free-text description of the resource.
+
+* `security_policy` -
+  (Optional)
+  The resource URL for the network edge security service associated with this network edge security service.
+
+* `region` -
+  (Optional)
+  The region of the gateway security policy.
+
+* `project` - (Optional) The ID of the project in which the resource belongs.
+    If it is not provided, the provider project is used.
+
+
+## Attributes Reference
+
+In addition to the arguments listed above, the following computed attributes are exported:
+
+* `id` - an identifier for the resource with format `projects/{{project}}/regions/{{region}}/networkEdgeSecurityServices/{{name}}`
+
+* `service_id` -
+  The unique identifier for the resource. This identifier is defined by the server.
+
+* `creation_timestamp` -
+  Creation timestamp in RFC3339 text format.
+
+* `self_link` -
+  Server-defined URL for the resource.
+
+* `self_link_with_service_id` -
+  Server-defined URL for this resource with the resource id.
+
+* `fingerprint` -
+  Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a NetworkEdgeSecurityService.
+  An up-to-date fingerprint must be provided in order to update the NetworkEdgeSecurityService, otherwise the request will fail with error 412 conditionNotMet.
+
+
+## Timeouts
+
+This resource provides the following
+[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:
+
+- `create` - Default is 20 minutes.
+- `update` - Default is 20 minutes.
+- `delete` - Default is 20 minutes.
+
+## Import
+
+
+NetworkEdgeSecurityService can be imported using any of these accepted formats:
+
+```
+$ terraform import google_compute_network_edge_security_service.default projects/{{project}}/regions/{{region}}/networkEdgeSecurityServices/{{name}}
+$ terraform import google_compute_network_edge_security_service.default {{project}}/{{region}}/{{name}}
+$ terraform import google_compute_network_edge_security_service.default {{region}}/{{name}}
+$ terraform import google_compute_network_edge_security_service.default {{name}}
+```
+
+## User Project Overrides
+
+This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).

website/docs/r/compute_region_security_policy.html.markdown

@@ -0,0 +1,166 @@
+---
+# ----------------------------------------------------------------------------
+#
+#     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
+#
+# ----------------------------------------------------------------------------
+#
+#     This file is automatically generated by Magic Modules and manual
+#     changes will be clobbered when the file is regenerated.
+#
+#     Please read more about how to change this file in
+#     .github/CONTRIBUTING.md.
+#
+# ----------------------------------------------------------------------------
+subcategory: "Compute Engine"
+description: |-
+  Represents a Region Cloud Armor Security Policy resource.
+---
+
+# google\_compute\_region\_security\_policy
+
+Represents a Region Cloud Armor Security Policy resource.
+
+~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider.
+See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources.
+
+To get more information about RegionSecurityPolicy, see:
+
+* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/regionSecurityPolicies)
+* How-to Guides
+    * [Official Documentation](https://cloud.google.com/armor/docs/security-policy-concepts)
+
+<div class = "oics-button" style="float: right; margin: 0 0 -15px">
+  <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.jpy.wang%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=region_security_policy_basic&cloudshell_image=gcr.io%2Fgraphite-cloud-shell-images%2Fterraform%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
+    <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
+  </a>
+</div>
+## Example Usage - Region Security Policy Basic
+
+
+```hcl
+resource "google_compute_region_security_policy" "region-sec-policy-basic" {
+  provider    = google-beta
+
+  name        = "my-sec-policy-basic"
+  description = "basic region security policy"
+  type        = "CLOUD_ARMOR"
+}
+```
+<div class = "oics-button" style="float: right; margin: 0 0 -15px">
+  <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.jpy.wang%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=region_security_policy_with_ddos_protection_config&cloudshell_image=gcr.io%2Fgraphite-cloud-shell-images%2Fterraform%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
+    <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
+  </a>
+</div>
+## Example Usage - Region Security Policy With Ddos Protection Config
+
+
+```hcl
+resource "google_compute_region_security_policy" "region-sec-policy-ddos-protection" {
+  provider    = google-beta  
+
+  name        = "my-sec-policy-ddos-protection"
+  description = "with ddos protection config"
+  type        = "CLOUD_ARMOR_NETWORK"
+
+  ddos_protection_config {
+    ddos_protection = "ADVANCED_PREVIEW"
+  }
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+
+* `name` -
+  (Required)
+  Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035.
+  Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
+
+
+- - -
+
+
+* `description` -
+  (Optional)
+  An optional description of this resource. Provide this property when you create the resource.
+
+* `type` -
+  (Optional)
+  The type indicates the intended use of the security policy.
+  - CLOUD_ARMOR: Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers.
+  - CLOUD_ARMOR_EDGE: Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.
+  - CLOUD_ARMOR_NETWORK: Cloud Armor network policies can be configured to filter packets targeting network load balancing resources such as backend services, target pools, target instances, and instances with external IPs. They filter requests before the request is served from the application.
+  This field can be set only at resource creation time.
+  Possible values are: `CLOUD_ARMOR`, `CLOUD_ARMOR_EDGE`, `CLOUD_ARMOR_NETWORK`.
+
+* `ddos_protection_config` -
+  (Optional)
+  Configuration for Google Cloud Armor DDOS Proctection Config.
+  Structure is [documented below](#nested_ddos_protection_config).
+
+* `region` -
+  (Optional)
+  The Region in which the created Region Security Policy should reside.
+  If it is not provided, the provider region is used.
+
+* `project` - (Optional) The ID of the project in which the resource belongs.
+    If it is not provided, the provider project is used.
+
+
+<a name="nested_ddos_protection_config"></a>The `ddos_protection_config` block supports:
+
+* `ddos_protection` -
+  (Required)
+  Google Cloud Armor offers the following options to help protect systems against DDoS attacks:
+  - STANDARD: basic always-on protection for network load balancers, protocol forwarding, or VMs with public IP addresses.
+  - ADVANCED: additional protections for Managed Protection Plus subscribers who use network load balancers, protocol forwarding, or VMs with public IP addresses.
+  - ADVANCED_PREVIEW: flag to enable the security policy in preview mode.
+  Possible values are: `ADVANCED`, `ADVANCED_PREVIEW`, `STANDARD`.
+
+## Attributes Reference
+
+In addition to the arguments listed above, the following computed attributes are exported:
+
+* `id` - an identifier for the resource with format `projects/{{project}}/regions/{{region}}/securityPolicies/{{name}}`
+
+* `policy_id` -
+  The unique identifier for the resource. This identifier is defined by the server.
+
+* `fingerprint` -
+  Fingerprint of this resource. This field is used internally during
+  updates of this resource.
+
+* `self_link` -
+  Server-defined URL for the resource.
+
+* `self_link_with_policy_id` -
+  Server-defined URL for this resource with the resource id.
+
+
+## Timeouts
+
+This resource provides the following
+[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:
+
+- `create` - Default is 20 minutes.
+- `update` - Default is 20 minutes.
+- `delete` - Default is 20 minutes.
+
+## Import
+
+
+RegionSecurityPolicy can be imported using any of these accepted formats:
+
+```
+$ terraform import google_compute_region_security_policy.default projects/{{project}}/regions/{{region}}/securityPolicies/{{name}}
+$ terraform import google_compute_region_security_policy.default {{project}}/{{region}}/{{name}}
+$ terraform import google_compute_region_security_policy.default {{region}}/{{name}}
+$ terraform import google_compute_region_security_policy.default {{name}}
+```
+
+## User Project Overrides
+
+This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).