Migrate Network Firewall Policy Association (global and region) resource from DCL to MMv1 (GoogleCloudPlatform#11366)

Co-authored-by: Cameron Thornton <[email protected]>

Author: 2 people

mmv1/products/compute/NetworkFirewallPolicyAssociation.yaml

@@ -0,0 +1,87 @@
+# Copyright 2024 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+name: 'NetworkFirewallPolicyAssociation'
+kind: 'compute#firewallPolicyAssociation'
+description: |
+  The Compute NetworkFirewallPolicyAssociation resource
+references:
+  guides:
+  api: 'https://cloud.google.com/compute/docs/reference/rest/v1/networkFirewallPolicies/addAssociation'
+docs:
+id_format: 'projects/{{project}}/global/firewallPolicies/{{firewall_policy}}/associations/{{name}}'
+base_url: 'projects/{{project}}/global/firewallPolicies/{{firewall_policy}}'
+self_link: 'projects/{{project}}/global/firewallPolicies/{{firewall_policy}}/getAssociation?name={{name}}'
+create_url: 'projects/{{project}}/global/firewallPolicies/{{firewall_policy}}/addAssociation'
+delete_url: 'projects/{{project}}/global/firewallPolicies/{{firewall_policy}}/removeAssociation?name={{name}}'
+delete_verb: 'POST'
+immutable: true
+legacy_long_form_project: true
+import_format:
+  - 'projects/{{project}}/global/firewallPolicies/{{firewall_policy}}/associations/{{name}}'
+  - '{{project}}/{{firewall_policy}}/{{name}}'
+timeouts:
+  insert_minutes: 20
+  update_minutes: 20
+  delete_minutes: 20
+async:
+  actions: ['create', 'delete', 'update']
+  type: 'OpAsync'
+  operation:
+    base_url: '{{op_id}}'
+    kind: 'compute#operation'
+    path: 'name'
+    wait_ms: 1000
+  result:
+    path: 'targetLink'
+    resource_inside_response: false
+  error:
+    path: 'error/errors'
+    message: 'message'
+examples:
+  - name: 'network_firewall_policy_association'
+    primary_resource_id: 'default'
+    vars:
+      policy_name: 'my-policy'
+      association_name: 'my-association'
+      network_name: 'my-network'
+    test_env_vars:
+      project_name: 'PROJECT_NAME'
+parameters:
+  - name: 'firewallPolicy'
+    type: ResourceRef
+    description: |
+      The firewall policy of the resource.
+    url_param_only: true
+    required: true
+    diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName'
+    resource: 'NetworkFirewallPolicy'
+    imports: 'name'
+properties:
+  - name: 'name'
+    type: String
+    description: |
+      The name for an association.
+    required: true
+  - name: 'attachmentTarget'
+    type: String
+    description: |
+      The target that the firewall policy is attached to.
+    required: true
+    diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName'
+  - name: 'shortName'
+    type: String
+    description: |
+      The short name of the firewall policy of the association.
+    output: true

mmv1/products/compute/RegionNetworkFirewallPolicyAssociation.yaml

@@ -0,0 +1,93 @@
+# Copyright 2024 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+name: 'RegionNetworkFirewallPolicyAssociation'
+kind: 'compute#firewallPolicyAssociation'
+description: |
+  The Compute NetworkFirewallPolicyAssociation resource
+references:
+  guides:
+  api: 'https://cloud.google.com/compute/docs/reference/rest/v1/regionNetworkFirewallPolicies/addAssociation'
+docs:
+id_format: 'projects/{{project}}/regions/{{region}}/firewallPolicies/{{firewall_policy}}/associations/{{name}}'
+base_url: 'projects/{{project}}/regions/{{region}}/firewallPolicies/{{firewall_policy}}'
+self_link: 'projects/{{project}}/regions/{{region}}/firewallPolicies/{{firewall_policy}}/getAssociation?name={{name}}'
+create_url: 'projects/{{project}}/regions/{{region}}/firewallPolicies/{{firewall_policy}}/addAssociation'
+delete_url: 'projects/{{project}}/regions/{{region}}/firewallPolicies/{{firewall_policy}}/removeAssociation?name={{name}}'
+delete_verb: 'POST'
+immutable: true
+legacy_long_form_project: true
+import_format:
+  - 'projects/{{project}}/regions/{{region}}/firewallPolicies/{{firewall_policy}}/associations/{{name}}'
+  - '{{project}}/{{firewall_policy}}/{{name}}'
+timeouts:
+  insert_minutes: 20
+  update_minutes: 20
+  delete_minutes: 20
+async:
+  actions: ['create', 'delete', 'update']
+  type: 'OpAsync'
+  operation:
+    base_url: '{{op_id}}'
+    kind: 'compute#operation'
+    path: 'name'
+    wait_ms: 1000
+  result:
+    path: 'targetLink'
+    resource_inside_response: false
+  error:
+    path: 'error/errors'
+    message: 'message'
+examples:
+  - name: 'region_network_firewall_policy_association'
+    primary_resource_id: 'default'
+    vars:
+      policy_name: 'my-policy'
+      association_name: 'my-association'
+      network_name: 'my-network'
+    test_env_vars:
+      region: 'REGION'
+      project_name: 'PROJECT_NAME'
+parameters:
+  - name: 'firewallPolicy'
+    type: ResourceRef
+    description: |
+      The firewall policy of the resource.
+    url_param_only: true
+    required: true
+    diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName'
+    resource: 'RegionNetworkFirewallPolicy'
+    imports: 'name'
+  - name: 'region'
+    type: String
+    description: 'The location of this resource.'
+    url_param_only: true
+    default_from_api: true
+properties:
+  - name: 'name'
+    type: String
+    description: |
+      The name for an association.
+    required: true
+  - name: 'attachmentTarget'
+    type: String
+    description: |
+      The target that the firewall policy is attached to.
+    required: true
+    diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName'
+  - name: 'shortName'
+    type: String
+    description: |
+      The short name of the firewall policy of the association.
+    output: true

mmv1/templates/terraform/examples/network_firewall_policy_association.tf.tmpl

@@ -0,0 +1,17 @@
+resource "google_compute_network_firewall_policy" "policy" {
+  name = "{{index $.Vars "policy_name"}}"
+  project = "{{index $.TestEnvVars "project_name"}}"
+  description = "Sample global network firewall policy"
+}
+
+resource "google_compute_network" "network" {
+  name = "{{index $.Vars "network_name"}}"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_network_firewall_policy_association" "{{$.PrimaryResourceId}}" {
+  name = "{{index $.Vars "association_name"}}"
+  project = "{{index $.TestEnvVars "project_name"}}"
+  attachment_target = google_compute_network.network.id
+  firewall_policy =  google_compute_network_firewall_policy.policy.id
+}

mmv1/templates/terraform/examples/region_network_firewall_policy_association.tf.tmpl

@@ -0,0 +1,19 @@
+resource "google_compute_region_network_firewall_policy" "policy" {
+  name = "{{index $.Vars "policy_name"}}"
+  project = "{{index $.TestEnvVars "project_name"}}"
+  description = "Sample global network firewall policy"
+  region = "{{index $.TestEnvVars "region"}}"
+}
+
+resource "google_compute_network" "network" {
+  name = "{{index $.Vars "network_name"}}"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_region_network_firewall_policy_association" "{{$.PrimaryResourceId}}" {
+  name = "{{index $.Vars "association_name"}}"
+  project = "{{index $.TestEnvVars "project_name"}}"
+  attachment_target = google_compute_network.network.id
+  firewall_policy =  google_compute_region_network_firewall_policy.policy.id
+  region = "{{index $.TestEnvVars "region"}}"
+}

mmv1/third_party/terraform/services/compute/resource_compute_network_firewall_policy_rule_test.go.tmpl

@@ -86,6 +86,7 @@ func TestAccComputeNetworkFirewallPolicyRule_multipleRules(t *testing.T) {
 
   context := map[string]interface{}{
     "random_suffix": acctest.RandString(t, 10),
+    "project_name":  envvar.GetTestProjectFromEnv(),
     "org_name":      fmt.Sprintf("organizations/%s", envvar.GetTestOrgFromEnv(t)),
   }
 
@@ -731,11 +732,23 @@ resource "google_compute_network_firewall_policy_rule" "fw_policy_rule2" {
 
 func testAccComputeNetworkFirewallPolicyRule_multipleAdd(context map[string]interface{}) string {
 	return acctest.Nprintf(`
+resource "google_compute_network" "network1" {
+  name                    = "tf-test-%{random_suffix}"
+  auto_create_subnetworks = false
+}
+
 resource "google_compute_network_firewall_policy" "fw_policy" {
   name        = "tf-test-policy-%{random_suffix}"
   description = "Resource created for Terraform acceptance testing"
 }
 
+resource "google_compute_network_firewall_policy_association" "fw_policy_a" {
+  name              = "tf-test-policy-a-%{random_suffix}"
+  project           = "projects/%{project_name}"
+  attachment_target = google_compute_network.network1.id
+  firewall_policy   = google_compute_network_firewall_policy.fw_policy.id
+}
+
 resource "google_network_security_address_group" "address_group" {
   name        = "tf-test-policy%{random_suffix}"
   parent      = "%{org_name}"
@@ -815,11 +828,23 @@ resource "google_compute_network_firewall_policy_rule" "fw_policy_rule3" {
 
 func testAccComputeNetworkFirewallPolicyRule_multipleRemove(context map[string]interface{}) string {
 	return acctest.Nprintf(`
+resource "google_compute_network" "network1" {
+  name                    = "tf-test-%{random_suffix}"
+  auto_create_subnetworks = false
+}
+
 resource "google_compute_network_firewall_policy" "fw_policy" {
   name        = "tf-test-policy-%{random_suffix}"
   description = "Resource created for Terraform acceptance testing"
 }
 
+resource "google_compute_network_firewall_policy_association" "fw_policy_a" {
+  name              = "tf-test-policy-a-%{random_suffix}"
+  project           = "%{project_name}"
+  attachment_target = google_compute_network.network1.id
+  firewall_policy   = google_compute_network_firewall_policy.fw_policy.id
+}
+
 resource "google_network_security_address_group" "address_group" {
   name        = "tf-test-policy%{random_suffix}"
   parent      = "%{org_name}"