Migrate google_compute_firewall_policy resource from DCL to MMv1 (GoogleCloudPlatform#11357)

Co-authored-by: Cameron Thornton <[email protected]>
Co-authored-by: Max W. Portocarrero <[email protected]>

Author: 3 people

mmv1/products/compute/FirewallPolicy.yaml

@@ -0,0 +1,108 @@
+# Copyright 2024 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+name: 'FirewallPolicy'
+api_resource_type_kind: FirewallPolicy
+description: |
+  Hierarchical firewall policy rules let you create and enforce a consistent firewall policy across your organization. Rules can explicitly allow or deny connections or delegate evaluation to lower level policies. Policies can be created within organizations or folders.
+
+  This resource should be generally be used with `google_compute_firewall_policy_association` and `google_compute_firewall_policy_rule`
+
+  For more information see the [official documentation](https://cloud.google.com/vpc/docs/firewall-policies)
+min_version: 'beta'
+references:
+  guides:
+  api: 'https://cloud.google.com/compute/docs/reference/rest/v1/firewallPolicies'
+docs:
+base_url: 'locations/global/firewallPolicies'
+self_link: 'locations/global/firewallPolicies/{{name}}'
+create_url: 'locations/global/firewallPolicies?parentId={{parent}}'
+update_verb: 'PATCH'
+timeouts:
+  insert_minutes: 20
+  update_minutes: 20
+  delete_minutes: 20
+import_format:
+  - 'locations/global/firewallPolicies/{{name}}'
+  - '{{name}}'
+custom_code:
+  post_create: 'templates/terraform/post_create/compute_firewall_policy.go.tmpl'
+  post_delete: 'templates/terraform/constants/compute_firewall_policy_operation.go.tmpl'
+  post_update: 'templates/terraform/constants/compute_firewall_policy_operation.go.tmpl'
+custom_diff:
+  - 'tpgresource.DefaultProviderProject'
+examples:
+  - name: 'firewall_policy'
+    primary_resource_id: 'default'
+    vars:
+      policy_name: 'my-policy'
+    test_env_vars:
+      org_id: 'ORG_ID'
+parameters:
+properties:
+  - name: 'creationTimestamp'
+    type: String
+    description: |
+      Creation timestamp in RFC3339 text format.
+    output: true
+  - name: 'name'
+    type: String
+    description: |
+      Name of the resource. It is a numeric ID allocated by GCP which uniquely identifies the Firewall Policy.
+    output: true
+  - name: 'firewallPolicyId'
+    type: String
+    api_name: 'id'
+    description: |
+      The unique identifier for the resource. This identifier is defined by the server.
+    output: true
+  - name: 'shortName'
+    type: String
+    description: |
+      User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created.
+      This field is not applicable to network firewall policies. This name must be set on creation and cannot be changed. The name must be 1-63 characters long, and comply with RFC1035.
+      Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
+    required: true
+    immutable: true
+  - name: 'description'
+    type: String
+    description: |
+      An optional description of this resource. Provide this property when you create the resource.
+  - name: 'parent'
+    type: String
+    description: |
+      The parent of the firewall policy.
+    required: true
+    immutable: true
+    diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName'
+  - name: 'fingerprint'
+    type: Fingerprint
+    description: |
+      Fingerprint of the resource. This field is used internally during updates of this resource.
+    output: true
+  - name: 'selfLink'
+    type: String
+    description: |
+      Server-defined URL for the resource.
+    output: true
+  - name: 'selfLinkWithId'
+    type: String
+    description: |
+      Server-defined URL for this resource with the resource id.
+    output: true
+  - name: 'ruleTupleCount'
+    type: Integer
+    description: |
+      Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.
+    output: true

mmv1/templates/terraform/constants/compute_firewall_policy_operation.go.tmpl

@@ -0,0 +1,9 @@
+var opRes map[string]interface{}
+err = ComputeOrgOperationWaitTimeWithResponse(
+	config, res, &opRes, d.Get("parent").(string), "FirewallPolicy operation", userAgent,
+	d.Timeout(schema.TimeoutCreate))
+
+if err != nil {
+	// The resource didn't actually create
+	return fmt.Errorf("Error waiting for FirewallPolicy operation: %s", err)
+}

mmv1/templates/terraform/examples/firewall_policy.tf.tmpl

@@ -0,0 +1,7 @@
+resource "google_compute_firewall_policy" "{{$.PrimaryResourceId}}" {
+  provider = google-beta
+  
+  parent      = "organizations/{{index $.TestEnvVars "org_id"}}"
+  short_name  = "{{index $.Vars "policy_name"}}"
+  description = "Example Resource"
+}

mmv1/templates/terraform/post_create/compute_firewall_policy.go.tmpl

@@ -0,0 +1,25 @@
+var opRes map[string]interface{}
+err = ComputeOrgOperationWaitTimeWithResponse(
+	config, res, &opRes, d.Get("parent").(string), "FirewallPolicy operation", userAgent,
+	d.Timeout(schema.TimeoutCreate))
+
+if err != nil {
+	// The resource didn't actually create
+	d.SetId("")
+	return fmt.Errorf("Error waiting to create FirewallPolicy: %s", err)
+}
+
+firewallPolicyId, ok := opRes["targetId"]
+if !ok {
+	return fmt.Errorf("Create response didn't contain targetId. Create may not have succeeded.")
+}
+if err := d.Set("name", firewallPolicyId.(string)); err != nil {
+	return fmt.Errorf(`Error setting computed identity field "name": %s`, err)
+}
+
+// Store the ID now
+id, err = tpgresource.ReplaceVars(d, config, "locations/global/firewallPolicies/{{"{{"}}name{{"}}"}}")
+if err != nil {
+	return fmt.Errorf("Error constructing id: %s", err)
+}
+d.SetId(id)

mmv1/third_party/terraform/services/compute/resource_compute_firewall_policy_rule_test.go.tmpl

@@ -628,7 +628,7 @@ resource "google_folder" "folder" {
 resource "google_compute_firewall_policy" "fw_policy" {
   parent      = google_folder.folder.id
   short_name  = "tf-test-policy-%{random_suffix}"
-  description = "Description Update"
+  description = "Resource created for Terraform acceptance testing"
 }
 
 resource "google_network_security_address_group" "address_group" {