diff --git a/.changelog/12466.txt b/.changelog/12466.txt new file mode 100644 index 00000000000..54a31d40f65 --- /dev/null +++ b/.changelog/12466.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +compute: `google_compute_firewall_policy_association` now uses MMv1 engine instead of DCL. +``` \ No newline at end of file diff --git a/google/provider/provider_dcl_resources.go b/google/provider/provider_dcl_resources.go index 2f5ca307645..bc342629f98 100644 --- a/google/provider/provider_dcl_resources.go +++ b/google/provider/provider_dcl_resources.go @@ -36,27 +36,26 @@ import ( ) var dclResources = map[string]*schema.Resource{ - "google_apikeys_key": apikeys.ResourceApikeysKey(), - "google_assured_workloads_workload": assuredworkloads.ResourceAssuredWorkloadsWorkload(), - "google_cloudbuild_worker_pool": cloudbuild.ResourceCloudbuildWorkerPool(), - "google_clouddeploy_delivery_pipeline": clouddeploy.ResourceClouddeployDeliveryPipeline(), - "google_clouddeploy_target": clouddeploy.ResourceClouddeployTarget(), - "google_compute_firewall_policy": compute.ResourceComputeFirewallPolicy(), - "google_compute_firewall_policy_association": compute.ResourceComputeFirewallPolicyAssociation(), - "google_container_aws_cluster": containeraws.ResourceContainerAwsCluster(), - "google_container_aws_node_pool": containeraws.ResourceContainerAwsNodePool(), - "google_container_azure_client": containerazure.ResourceContainerAzureClient(), - "google_container_azure_cluster": containerazure.ResourceContainerAzureCluster(), - "google_container_azure_node_pool": containerazure.ResourceContainerAzureNodePool(), - "google_dataplex_asset": dataplex.ResourceDataplexAsset(), - "google_dataplex_lake": dataplex.ResourceDataplexLake(), - "google_dataplex_zone": dataplex.ResourceDataplexZone(), - "google_dataproc_workflow_template": dataproc.ResourceDataprocWorkflowTemplate(), - "google_eventarc_channel": eventarc.ResourceEventarcChannel(), - "google_eventarc_google_channel_config": eventarc.ResourceEventarcGoogleChannelConfig(), - "google_eventarc_trigger": eventarc.ResourceEventarcTrigger(), - "google_firebaserules_release": firebaserules.ResourceFirebaserulesRelease(), - "google_firebaserules_ruleset": firebaserules.ResourceFirebaserulesRuleset(), - "google_gke_hub_feature_membership": gkehub.ResourceGkeHubFeatureMembership(), - "google_recaptcha_enterprise_key": recaptchaenterprise.ResourceRecaptchaEnterpriseKey(), + "google_apikeys_key": apikeys.ResourceApikeysKey(), + "google_assured_workloads_workload": assuredworkloads.ResourceAssuredWorkloadsWorkload(), + "google_cloudbuild_worker_pool": cloudbuild.ResourceCloudbuildWorkerPool(), + "google_clouddeploy_delivery_pipeline": clouddeploy.ResourceClouddeployDeliveryPipeline(), + "google_clouddeploy_target": clouddeploy.ResourceClouddeployTarget(), + "google_compute_firewall_policy": compute.ResourceComputeFirewallPolicy(), + "google_container_aws_cluster": containeraws.ResourceContainerAwsCluster(), + "google_container_aws_node_pool": containeraws.ResourceContainerAwsNodePool(), + "google_container_azure_client": containerazure.ResourceContainerAzureClient(), + "google_container_azure_cluster": containerazure.ResourceContainerAzureCluster(), + "google_container_azure_node_pool": containerazure.ResourceContainerAzureNodePool(), + "google_dataplex_asset": dataplex.ResourceDataplexAsset(), + "google_dataplex_lake": dataplex.ResourceDataplexLake(), + "google_dataplex_zone": dataplex.ResourceDataplexZone(), + "google_dataproc_workflow_template": dataproc.ResourceDataprocWorkflowTemplate(), + "google_eventarc_channel": eventarc.ResourceEventarcChannel(), + "google_eventarc_google_channel_config": eventarc.ResourceEventarcGoogleChannelConfig(), + "google_eventarc_trigger": eventarc.ResourceEventarcTrigger(), + "google_firebaserules_release": firebaserules.ResourceFirebaserulesRelease(), + "google_firebaserules_ruleset": firebaserules.ResourceFirebaserulesRuleset(), + "google_gke_hub_feature_membership": gkehub.ResourceGkeHubFeatureMembership(), + "google_recaptcha_enterprise_key": recaptchaenterprise.ResourceRecaptchaEnterpriseKey(), } diff --git a/google/provider/provider_mmv1_resources.go b/google/provider/provider_mmv1_resources.go index 807ea7ed2f0..8c44e6683a9 100644 --- a/google/provider/provider_mmv1_resources.go +++ b/google/provider/provider_mmv1_resources.go @@ -463,9 +463,9 @@ var handwrittenIAMDatasources = map[string]*schema.Resource{ } // Resources -// Generated resources: 499 +// Generated resources: 500 // Generated IAM resources: 261 -// Total generated resources: 760 +// Total generated resources: 761 var generatedResources = map[string]*schema.Resource{ "google_folder_access_approval_settings": accessapproval.ResourceAccessApprovalFolderSettings(), "google_organization_access_approval_settings": accessapproval.ResourceAccessApprovalOrganizationSettings(), @@ -645,6 +645,7 @@ var generatedResources = map[string]*schema.Resource{ "google_compute_disk_resource_policy_attachment": compute.ResourceComputeDiskResourcePolicyAttachment(), "google_compute_external_vpn_gateway": compute.ResourceComputeExternalVpnGateway(), "google_compute_firewall": compute.ResourceComputeFirewall(), + "google_compute_firewall_policy_association": compute.ResourceComputeFirewallPolicyAssociation(), "google_compute_firewall_policy_rule": compute.ResourceComputeFirewallPolicyRule(), "google_compute_forwarding_rule": compute.ResourceComputeForwardingRule(), "google_compute_global_address": compute.ResourceComputeGlobalAddress(), diff --git a/google/services/compute/resource_compute_firewall_policy_association.go b/google/services/compute/resource_compute_firewall_policy_association.go index 4f7772e0751..09491c1ff64 100644 --- a/google/services/compute/resource_compute_firewall_policy_association.go +++ b/google/services/compute/resource_compute_firewall_policy_association.go @@ -3,34 +3,30 @@ // ---------------------------------------------------------------------------- // -// *** AUTO GENERATED CODE *** Type: DCL *** +// *** AUTO GENERATED CODE *** Type: MMv1 *** // // ---------------------------------------------------------------------------- // -// This file is managed by Magic Modules (https://github.com/GoogleCloudPlatform/magic-modules) -// and is based on the DCL (https://github.com/GoogleCloudPlatform/declarative-resource-client-library). -// Changes will need to be made to the DCL or Magic Modules instead of here. +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. // -// We are not currently able to accept contributions to this file. If changes -// are required, please file an issue at https://github.com/hashicorp/terraform-provider-google/issues/new/choose +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. // // ---------------------------------------------------------------------------- package compute import ( - "context" "fmt" "log" + "net/http" + "reflect" "time" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" - dcl "github.com/GoogleCloudPlatform/declarative-resource-client-library/dcl" - compute "github.com/GoogleCloudPlatform/declarative-resource-client-library/services/google/compute" - - "github.com/hashicorp/terraform-provider-google/google/tpgdclresource" "github.com/hashicorp/terraform-provider-google/google/tpgresource" transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport" ) @@ -49,6 +45,7 @@ func ResourceComputeFirewallPolicyAssociation() *schema.Resource { Create: schema.DefaultTimeout(20 * time.Minute), Delete: schema.DefaultTimeout(20 * time.Minute), }, + CustomizeDiff: customdiff.All( tpgresource.DefaultProviderProject, ), @@ -59,72 +56,103 @@ func ResourceComputeFirewallPolicyAssociation() *schema.Resource { Required: true, ForceNew: true, DiffSuppressFunc: tpgresource.CompareSelfLinkOrResourceName, - Description: "The target that the firewall policy is attached to.", + Description: `The target that the firewall policy is attached to.`, }, - "firewall_policy": { Type: schema.TypeString, Required: true, ForceNew: true, - DiffSuppressFunc: tpgresource.CompareSelfLinkOrResourceName, - Description: "The firewall policy ID of the association.", + DiffSuppressFunc: tpgresource.CompareResourceNames, + Description: `The firewall policy of the resource.`, }, - "name": { Type: schema.TypeString, Required: true, ForceNew: true, - Description: "The name for an association.", + Description: `The name for an association.`, }, - "short_name": { Type: schema.TypeString, Computed: true, - Description: "The short name of the firewall policy of the association.", + Description: `The short name of the firewall policy of the association.`, }, }, + UseJSONNumber: true, } } func resourceComputeFirewallPolicyAssociationCreate(d *schema.ResourceData, meta interface{}) error { config := meta.(*transport_tpg.Config) - - obj := &compute.FirewallPolicyAssociation{ - AttachmentTarget: dcl.String(d.Get("attachment_target").(string)), - FirewallPolicy: dcl.String(d.Get("firewall_policy").(string)), - Name: dcl.String(d.Get("name").(string)), + userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent) + if err != nil { + return err } - id, err := obj.ID() + obj := make(map[string]interface{}) + nameProp, err := expandComputeFirewallPolicyAssociationName(d.Get("name"), d, config) if err != nil { - return fmt.Errorf("error constructing id: %s", err) + return err + } else if v, ok := d.GetOkExists("name"); !tpgresource.IsEmptyValue(reflect.ValueOf(nameProp)) && (ok || !reflect.DeepEqual(v, nameProp)) { + obj["name"] = nameProp } - d.SetId(id) - directive := tpgdclresource.CreateDirective - userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent) + attachmentTargetProp, err := expandComputeFirewallPolicyAssociationAttachmentTarget(d.Get("attachment_target"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("attachment_target"); !tpgresource.IsEmptyValue(reflect.ValueOf(attachmentTargetProp)) && (ok || !reflect.DeepEqual(v, attachmentTargetProp)) { + obj["attachmentTarget"] = attachmentTargetProp + } + firewallPolicyProp, err := expandComputeFirewallPolicyAssociationFirewallPolicy(d.Get("firewall_policy"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("firewall_policy"); !tpgresource.IsEmptyValue(reflect.ValueOf(firewallPolicyProp)) && (ok || !reflect.DeepEqual(v, firewallPolicyProp)) { + obj["firewallPolicy"] = firewallPolicyProp + } + + url, err := tpgresource.ReplaceVars(d, config, "{{ComputeBasePath}}locations/global/firewallPolicies/{{firewall_policy}}/addAssociation") if err != nil { return err } + + log.Printf("[DEBUG] Creating new FirewallPolicyAssociation: %#v", obj) billingProject := "" + // err == nil indicates that the billing_project value was found if bp, err := tpgresource.GetBillingProject(d, config); err == nil { billingProject = bp } - client := transport_tpg.NewDCLComputeClient(config, userAgent, billingProject, d.Timeout(schema.TimeoutCreate)) - if bp, err := tpgresource.ReplaceVars(d, config, client.Config.BasePath); err != nil { - d.SetId("") - return fmt.Errorf("Could not format %q: %w", client.Config.BasePath, err) - } else { - client.Config.BasePath = bp + + headers := make(http.Header) + res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{ + Config: config, + Method: "POST", + Project: billingProject, + RawURL: url, + UserAgent: userAgent, + Body: obj, + Timeout: d.Timeout(schema.TimeoutCreate), + Headers: headers, + }) + if err != nil { + return fmt.Errorf("Error creating FirewallPolicyAssociation: %s", err) } - res, err := client.ApplyFirewallPolicyAssociation(context.Background(), obj, directive...) - if _, ok := err.(dcl.DiffAfterApplyError); ok { - log.Printf("[DEBUG] Diff after apply returned from the DCL: %s", err) - } else if err != nil { + // Store the ID now + id, err := tpgresource.ReplaceVars(d, config, "locations/global/firewallPolicies/{{firewall_policy}}/associations/{{name}}") + if err != nil { + return fmt.Errorf("Error constructing id: %s", err) + } + d.SetId(id) + + parent := d.Get("firewall_policy").(string) + var opRes map[string]interface{} + err = ComputeOrgOperationWaitTimeWithResponse( + config, res, &opRes, parent, "Creating FirewallPolicyAssociation", userAgent, + d.Timeout(schema.TimeoutCreate)) + + if err != nil { // The resource didn't actually create d.SetId("") - return fmt.Errorf("Error creating FirewallPolicyAssociation: %s", err) + return fmt.Errorf("Error waiting to create FirewallPolicyAssociation: %s", err) } log.Printf("[DEBUG] Finished creating FirewallPolicyAssociation %q: %#v", d.Id(), res) @@ -134,46 +162,49 @@ func resourceComputeFirewallPolicyAssociationCreate(d *schema.ResourceData, meta func resourceComputeFirewallPolicyAssociationRead(d *schema.ResourceData, meta interface{}) error { config := meta.(*transport_tpg.Config) - - obj := &compute.FirewallPolicyAssociation{ - AttachmentTarget: dcl.String(d.Get("attachment_target").(string)), - FirewallPolicy: dcl.String(d.Get("firewall_policy").(string)), - Name: dcl.String(d.Get("name").(string)), + userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent) + if err != nil { + return err } - userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent) + url, err := tpgresource.ReplaceVars(d, config, "{{ComputeBasePath}}locations/global/firewallPolicies/{{firewall_policy}}/getAssociation?name={{name}}") if err != nil { return err } + billingProject := "" + // err == nil indicates that the billing_project value was found if bp, err := tpgresource.GetBillingProject(d, config); err == nil { billingProject = bp } - client := transport_tpg.NewDCLComputeClient(config, userAgent, billingProject, d.Timeout(schema.TimeoutRead)) - if bp, err := tpgresource.ReplaceVars(d, config, client.Config.BasePath); err != nil { - d.SetId("") - return fmt.Errorf("Could not format %q: %w", client.Config.BasePath, err) - } else { - client.Config.BasePath = bp + + headers := make(http.Header) + expandComputeFirewallPolicyAssociationFirewallPolicy(d.Get("firewall_policy"), d, config) + url, err = tpgresource.ReplaceVars(d, config, "{{ComputeBasePath}}locations/global/firewallPolicies/{{firewall_policy}}/getAssociation?name={{name}}") + if err != nil { + return err } - res, err := client.GetFirewallPolicyAssociation(context.Background(), obj) + res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{ + Config: config, + Method: "GET", + Project: billingProject, + RawURL: url, + UserAgent: userAgent, + Headers: headers, + }) if err != nil { - resourceName := fmt.Sprintf("ComputeFirewallPolicyAssociation %q", d.Id()) - return tpgdclresource.HandleNotFoundDCLError(err, d, resourceName) + return transport_tpg.HandleNotFoundError(err, d, fmt.Sprintf("ComputeFirewallPolicyAssociation %q", d.Id())) } - if err = d.Set("attachment_target", res.AttachmentTarget); err != nil { - return fmt.Errorf("error setting attachment_target in state: %s", err) - } - if err = d.Set("firewall_policy", res.FirewallPolicy); err != nil { - return fmt.Errorf("error setting firewall_policy in state: %s", err) + if err := d.Set("name", flattenComputeFirewallPolicyAssociationName(res["name"], d, config)); err != nil { + return fmt.Errorf("Error reading FirewallPolicyAssociation: %s", err) } - if err = d.Set("name", res.Name); err != nil { - return fmt.Errorf("error setting name in state: %s", err) + if err := d.Set("attachment_target", flattenComputeFirewallPolicyAssociationAttachmentTarget(res["attachmentTarget"], d, config)); err != nil { + return fmt.Errorf("Error reading FirewallPolicyAssociation: %s", err) } - if err = d.Set("short_name", res.ShortName); err != nil { - return fmt.Errorf("error setting short_name in state: %s", err) + if err := d.Set("short_name", flattenComputeFirewallPolicyAssociationShortName(res["shortName"], d, config)); err != nil { + return fmt.Errorf("Error reading FirewallPolicyAssociation: %s", err) } return nil @@ -181,50 +212,69 @@ func resourceComputeFirewallPolicyAssociationRead(d *schema.ResourceData, meta i func resourceComputeFirewallPolicyAssociationDelete(d *schema.ResourceData, meta interface{}) error { config := meta.(*transport_tpg.Config) - - obj := &compute.FirewallPolicyAssociation{ - AttachmentTarget: dcl.String(d.Get("attachment_target").(string)), - FirewallPolicy: dcl.String(d.Get("firewall_policy").(string)), - Name: dcl.String(d.Get("name").(string)), - } - - log.Printf("[DEBUG] Deleting FirewallPolicyAssociation %q", d.Id()) userAgent, err := tpgresource.GenerateUserAgentString(d, config.UserAgent) if err != nil { return err } + billingProject := "" + + url, err := tpgresource.ReplaceVars(d, config, "{{ComputeBasePath}}locations/global/firewallPolicies/{{firewall_policy}}/removeAssociation?name={{name}}") + if err != nil { + return err + } + + var obj map[string]interface{} + // err == nil indicates that the billing_project value was found if bp, err := tpgresource.GetBillingProject(d, config); err == nil { billingProject = bp } - client := transport_tpg.NewDCLComputeClient(config, userAgent, billingProject, d.Timeout(schema.TimeoutDelete)) - if bp, err := tpgresource.ReplaceVars(d, config, client.Config.BasePath); err != nil { - d.SetId("") - return fmt.Errorf("Could not format %q: %w", client.Config.BasePath, err) - } else { - client.Config.BasePath = bp + + headers := make(http.Header) + + log.Printf("[DEBUG] Deleting FirewallPolicyAssociation %q", d.Id()) + res, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{ + Config: config, + Method: "POST", + Project: billingProject, + RawURL: url, + UserAgent: userAgent, + Body: obj, + Timeout: d.Timeout(schema.TimeoutDelete), + Headers: headers, + }) + if err != nil { + return transport_tpg.HandleNotFoundError(err, d, "FirewallPolicyAssociation") } - if err := client.DeleteFirewallPolicyAssociation(context.Background(), obj); err != nil { - return fmt.Errorf("Error deleting FirewallPolicyAssociation: %s", err) + + parent := d.Get("firewall_policy").(string) + var opRes map[string]interface{} + err = ComputeOrgOperationWaitTimeWithResponse( + config, res, &opRes, parent, "Deleting FirewallPolicyAssociation", userAgent, + d.Timeout(schema.TimeoutCreate)) + + if err != nil { + // The resource didn't actually create + d.SetId("") + return fmt.Errorf("Error waiting to delete FirewallPolicyAssociation: %s", err) } - log.Printf("[DEBUG] Finished deleting FirewallPolicyAssociation %q", d.Id()) + log.Printf("[DEBUG] Finished deleting FirewallPolicyAssociation %q: %#v", d.Id(), res) return nil } func resourceComputeFirewallPolicyAssociationImport(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { config := meta.(*transport_tpg.Config) - if err := tpgresource.ParseImportId([]string{ - "locations/global/firewallPolicies/(?P[^/]+)/associations/(?P[^/]+)", - "(?P[^/]+)/(?P[^/]+)", + "^locations/global/firewallPolicies/(?P[^/]+)/associations/(?P[^/]+)$", + "^(?P[^/]+)/(?P[^/]+)$", }, d, config); err != nil { return nil, err } // Replace import id for the resource id - id, err := tpgresource.ReplaceVarsForId(d, config, "locations/global/firewallPolicies/{{firewall_policy}}/associations/{{name}}") + id, err := tpgresource.ReplaceVars(d, config, "locations/global/firewallPolicies/{{firewall_policy}}/associations/{{name}}") if err != nil { return nil, fmt.Errorf("Error constructing id: %s", err) } @@ -232,3 +282,31 @@ func resourceComputeFirewallPolicyAssociationImport(d *schema.ResourceData, meta return []*schema.ResourceData{d}, nil } + +func flattenComputeFirewallPolicyAssociationName(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { + return v +} + +func flattenComputeFirewallPolicyAssociationAttachmentTarget(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { + return v +} + +func flattenComputeFirewallPolicyAssociationShortName(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { + return v +} + +func expandComputeFirewallPolicyAssociationName(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + return v, nil +} + +func expandComputeFirewallPolicyAssociationAttachmentTarget(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + return v, nil +} + +func expandComputeFirewallPolicyAssociationFirewallPolicy(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + firewallPolicyId := tpgresource.GetResourceNameFromSelfLink(v.(string)) + if err := d.Set("firewall_policy", firewallPolicyId); err != nil { + return nil, fmt.Errorf("Error setting firewall_policy: %s", err) + } + return firewallPolicyId, nil +} diff --git a/google/services/compute/resource_compute_firewall_policy_association_generated_meta.yaml b/google/services/compute/resource_compute_firewall_policy_association_generated_meta.yaml new file mode 100644 index 00000000000..d25ca693702 --- /dev/null +++ b/google/services/compute/resource_compute_firewall_policy_association_generated_meta.yaml @@ -0,0 +1,5 @@ +resource: 'google_compute_firewall_policy_association' +generation_type: 'mmv1' +api_service_name: 'compute.googleapis.com' +api_version: 'v1' +api_resource_type_kind: 'FirewallPolicy' diff --git a/google/services/compute/resource_compute_firewall_policy_association_test.go b/google/services/compute/resource_compute_firewall_policy_association_test.go index 3d68d1a941d..e9b56db78cb 100644 --- a/google/services/compute/resource_compute_firewall_policy_association_test.go +++ b/google/services/compute/resource_compute_firewall_policy_association_test.go @@ -64,3 +64,53 @@ resource "google_compute_firewall_policy_association" "default" { } `, context) } + +func TestAccComputeFirewallPolicyAssociation_organization(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": acctest.RandString(t, 10), + "org_name": fmt.Sprintf("organizations/%s", envvar.GetTestOrgFromEnv(t)), + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + ExternalProviders: map[string]resource.ExternalProvider{ + "time": {}, + }, + Steps: []resource.TestStep{ + { + Config: testAccComputeFirewallPolicyAssociation_organization(context), + }, + { + ResourceName: "google_compute_firewall_policy_association.default", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"firewall_policy"}, + }, + }, + }) +} + +func testAccComputeFirewallPolicyAssociation_organization(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_folder" "folder" { + display_name = "tf-test-my-folder-%{random_suffix}" + parent = "%{org_name}" + deletion_protection = false +} + +resource "google_compute_firewall_policy" "policy" { + parent = "%{org_name}" + short_name = "tf-test-my-policy-%{random_suffix}" + description = "Example Resource" +} + +resource "google_compute_firewall_policy_association" "default" { + firewall_policy = google_compute_firewall_policy.policy.id + attachment_target = google_folder.folder.name + name = "tf-test-my-association-%{random_suffix}" +} +`, context) +} diff --git a/website/docs/r/compute_firewall_policy_association.html.markdown b/website/docs/r/compute_firewall_policy_association.html.markdown index cfe4cc3fdcd..421f50c9b71 100644 --- a/website/docs/r/compute_firewall_policy_association.html.markdown +++ b/website/docs/r/compute_firewall_policy_association.html.markdown @@ -1,62 +1,71 @@ --- # ---------------------------------------------------------------------------- # -# *** AUTO GENERATED CODE *** Type: DCL *** +# *** AUTO GENERATED CODE *** Type: MMv1 *** # # ---------------------------------------------------------------------------- # -# This file is managed by Magic Modules (https:#github.com/GoogleCloudPlatform/magic-modules) -# and is based on the DCL (https:#github.com/GoogleCloudPlatform/declarative-resource-client-library). -# Changes will need to be made to the DCL or Magic Modules instead of here. +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. # -# We are not currently able to accept contributions to this file. If changes -# are required, please file an issue at https:#github.com/hashicorp/terraform-provider-google/issues/new/choose +# Please read more about how to change this file in +# .github/CONTRIBUTING.md. # # ---------------------------------------------------------------------------- subcategory: "Compute Engine" description: |- - Applies a hierarchical firewall policy to a target resource + Allows associating hierarchical firewall policies with the target where they are applied. --- # google_compute_firewall_policy_association Allows associating hierarchical firewall policies with the target where they are applied. This allows creating policies and rules in a different location than they are applied. +For more information on applying hierarchical firewall policies see the [official documentation](https://cloud.google.com/firewall/docs/firewall-policies#managing_hierarchical_firewall_policy_resources) -For more information on applying hierarchical firewall policies see the [official documentation](https://cloud.google.com/vpc/docs/firewall-policies#managing_hierarchical_firewall_policy_resources) -## Example Usage +To get more information about FirewallPolicyAssociation, see: + +* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/firewallPolicies/addAssociation) + +## Example Usage - Firewall Policy Association + ```hcl -resource "google_compute_firewall_policy" "default" { - parent = "organizations/12345" +resource "google_folder" "folder" { + display_name = "my-folder" + parent = "organizations/123456789" + deletion_protection = false +} + +resource "google_compute_firewall_policy" "policy" { + parent = "organizations/123456789" short_name = "my-policy" description = "Example Resource" } resource "google_compute_firewall_policy_association" "default" { - firewall_policy = google_compute_firewall_policy.default.id + firewall_policy = google_compute_firewall_policy.policy.id attachment_target = google_folder.folder.name name = "my-association" } ``` - ## Argument Reference The following arguments are supported: + +* `name` - + (Required) + The name for an association. + * `attachment_target` - (Required) The target that the firewall policy is attached to. - + * `firewall_policy` - (Required) - The firewall policy ID of the association. - -* `name` - - (Required) - The name for an association. - + The firewall policy of the resource. - - - @@ -71,22 +80,25 @@ In addition to the arguments listed above, the following computed attributes are * `short_name` - The short name of the firewall policy of the association. - + + ## Timeouts This resource provides the following -[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options: configuration options: +[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options: - `create` - Default is 20 minutes. - `delete` - Default is 20 minutes. ## Import + FirewallPolicyAssociation can be imported using any of these accepted formats: * `locations/global/firewallPolicies/{{firewall_policy}}/associations/{{name}}` * `{{firewall_policy}}/{{name}}` + In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import FirewallPolicyAssociation using one of the formats above. For example: ```tf @@ -102,6 +114,3 @@ When using the [`terraform import` command](https://developer.hashicorp.com/terr $ terraform import google_compute_firewall_policy_association.default locations/global/firewallPolicies/{{firewall_policy}}/associations/{{name}} $ terraform import google_compute_firewall_policy_association.default {{firewall_policy}}/{{name}} ``` - - -