Adds support for public access prevention (beta) (#5519) (#10740)

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/5519.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+compute: added field `public_access_prevention` to resource `bucket` (beta)
+```

google/resource_storage_bucket.go

@@ -589,7 +589,6 @@ func resourceStorageBucketUpdate(d *schema.ResourceData, meta interface{}) error
 	}
 
 	res, err := config.NewStorageClient(userAgent).Buckets.Patch(d.Get("name").(string), sb).Do()
-
 	if err != nil {
 		return err
 	}
@@ -735,6 +734,12 @@ func resourceStorageBucketRead(d *schema.ResourceData, meta interface{}) error {
 		}
 	}
 
+	if res.IamConfiguration != nil && res.IamConfiguration.PublicAccessPrevention != "" {
+		if err := d.Set("public_access_prevention", res.IamConfiguration.PublicAccessPrevention); err != nil {
+			return fmt.Errorf("Error setting public_access_prevention: %s", err)
+		}
+	}
+
 	if res.Billing == nil {
 		if err := d.Set("requester_pays", nil); err != nil {
 			return fmt.Errorf("Error setting requester_pays: %s", err)
@@ -1119,13 +1124,15 @@ func expandBucketWebsite(v interface{}) *storage.BucketWebsite {
 }
 
 func expandIamConfiguration(d *schema.ResourceData) *storage.BucketIamConfiguration {
-	return &storage.BucketIamConfiguration{
+	cfg := &storage.BucketIamConfiguration{
 		ForceSendFields: []string{"UniformBucketLevelAccess"},
 		UniformBucketLevelAccess: &storage.BucketIamConfigurationUniformBucketLevelAccess{
 			Enabled:         d.Get("uniform_bucket_level_access").(bool),
 			ForceSendFields: []string{"Enabled"},
 		},
 	}
+
+	return cfg
 }
 
 func expandStorageBucketLifecycle(v interface{}) (*storage.BucketLifecycle, error) {

google/resource_storage_bucket_test.go

@@ -590,6 +590,7 @@ func TestAccStorageBucket_forceDestroyObjectDeleteError(t *testing.T) {
 		},
 	})
 }
+
 func TestAccStorageBucket_versioning(t *testing.T) {
 	t.Parallel()
 

website/docs/r/os_config_os_policy_assignment.html.markdown

@@ -703,6 +703,46 @@ The `disruption_budget` block supports:
   (Optional)
   Specifies the relative value defined as a percentage, which will be multiplied by a reference value.
 
+The `source` block supports:
+    
+* `allow_insecure` -
+  (Optional)
+  Defaults to false. When false, files are subject to validations based on the file type: Remote: A checksum must be specified. Cloud Storage: An object generation number must be specified.
+    
+* `gcs` -
+  (Optional)
+  A Cloud Storage object.
+    
+* `local_path` -
+  (Optional)
+  A local path within the VM to use.
+    
+* `remote` -
+  (Optional)
+  A generic remote file.
+    
+The `validate` block supports:
+    
+* `interpreter` -
+  (Required)
+  Required. The script interpreter to use. Possible values: INTERPRETER_UNSPECIFIED, NONE, SHELL, POWERSHELL
+    
+* `args` -
+  (Optional)
+  Optional arguments to pass to the source during execution.
+    
+* `file` -
+  (Optional)
+  Required. A deb package.
+    
+* `output_file_path` -
+  (Optional)
+  Only recorded for enforce Exec. Path to an output file (that is created by this Exec) whose content will be recorded in OSPolicyResourceCompliance after a successful run. Absence or failure to read this file will result in this ExecResource being non-compliant. Output file size is limited to 100K bytes.
+    
+* `script` -
+  (Optional)
+  An inline script. The size of the script is limited to 1024 characters.
+    
 - - -
 
 * `description` -
@@ -952,24 +992,6 @@ The `zypper` block supports:
   (Required)
   Required. A one word, unique name for this repository. This is the `repo id` in the zypper config file and also the `display_name` if `display_name` is omitted. This id is also used as the unique identifier when checking for GuestPolicy conflicts.
 
-The `file` block supports:
-    
-* `allow_insecure` -
-  (Optional)
-  Defaults to false. When false, files are subject to validations based on the file type: Remote: A checksum must be specified. Cloud Storage: An object generation number must be specified.
-    
-* `gcs` -
-  (Optional)
-  A Cloud Storage object.
-    
-* `local_path` -
-  (Optional)
-  A local path within the VM to use.
-    
-* `remote` -
-  (Optional)
-  A generic remote file.
-    
 The `gcs` block supports:
 
 * `bucket` -
@@ -994,28 +1016,6 @@ The `remote` block supports:
   (Optional)
   SHA256 checksum of the remote file.
 
-The `enforce` block supports:
-    
-* `interpreter` -
-  (Required)
-  Required. The script interpreter to use. Possible values: INTERPRETER_UNSPECIFIED, NONE, SHELL, POWERSHELL
-    
-* `args` -
-  (Optional)
-  Optional arguments to pass to the source during execution.
-    
-* `file` -
-  (Optional)
-  Required. A deb package.
-    
-* `output_file_path` -
-  (Optional)
-  Only recorded for enforce Exec. Path to an output file (that is created by this Exec) whose content will be recorded in OSPolicyResourceCompliance after a successful run. Absence or failure to read this file will result in this ExecResource being non-compliant. Output file size is limited to 100K bytes.
-    
-* `script` -
-  (Optional)
-  An inline script. The size of the script is limited to 1024 characters.
-    
 ## Attributes Reference
 
 In addition to the arguments listed above, the following computed attributes are exported: