add datasource to google_compute_security_policy resource (#10780) (#18316)

[upstream:a5ef92165addd3b106614c04a2389c3b52d57376]

Signed-off-by: Modular Magician <magic-modules@google.com>

Author: modular-magician

google/provider/provider_mmv1_resources.go

@@ -201,6 +201,7 @@ var handwrittenDatasources = map[string]*schema.Resource{
 	"google_compute_router":                               compute.DataSourceGoogleComputeRouter(),
 	"google_compute_router_nat":                           compute.DataSourceGoogleComputeRouterNat(),
 	"google_compute_router_status":                        compute.DataSourceGoogleComputeRouterStatus(),
+	"google_compute_security_policy":                      compute.DataSourceGoogleComputeSecurityPolicy(),
 	"google_compute_snapshot":                             compute.DataSourceGoogleComputeSnapshot(),
 	"google_compute_ssl_certificate":                      compute.DataSourceGoogleComputeSslCertificate(),
 	"google_compute_ssl_policy":                           compute.DataSourceGoogleComputeSslPolicy(),

google/services/compute/data_source_compute_secutity_policy.go

@@ -0,0 +1,71 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+package compute
+
+import (
+	"errors"
+	"fmt"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-provider-google/google/tpgresource"
+	transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport"
+)
+
+func DataSourceGoogleComputeSecurityPolicy() *schema.Resource {
+	// Generate datasource schema from resource
+	dsSchema := tpgresource.DatasourceSchemaFromResourceSchema(ResourceComputeSecurityPolicy().Schema)
+
+	// Set 'Optional' schema elements
+	tpgresource.AddOptionalFieldsToSchema(dsSchema, "name")
+	tpgresource.AddOptionalFieldsToSchema(dsSchema, "project")
+	tpgresource.AddOptionalFieldsToSchema(dsSchema, "self_link")
+
+	return &schema.Resource{
+		Read:   dataSourceComputSecurityPolicyRead,
+		Schema: dsSchema,
+	}
+}
+
+func dataSourceComputSecurityPolicyRead(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*transport_tpg.Config)
+	id := ""
+
+	if name, ok := d.GetOk("name"); ok {
+		project, err := tpgresource.GetProject(d, config)
+		if err != nil {
+			return err
+		}
+
+		id = fmt.Sprintf("projects/%s/global/securityPolicies/%s", project, name.(string))
+		d.SetId(id)
+	} else if selfLink, ok := d.GetOk("self_link"); ok {
+		parsed, err := tpgresource.ParseSecurityPolicyFieldValue(selfLink.(string), d, config)
+		if err != nil {
+			return err
+		}
+
+		if err := d.Set("name", parsed.Name); err != nil {
+			return fmt.Errorf("Error setting name: %s", err)
+		}
+
+		if err := d.Set("project", parsed.Project); err != nil {
+			return fmt.Errorf("Error setting project: %s", err)
+		}
+
+		id = fmt.Sprintf("projects/%s/global/securityPolicies/%s", parsed.Project, parsed.Name)
+		d.SetId(id)
+	} else {
+		return errors.New("Must provide either `self_link` or `name`")
+	}
+
+	err := resourceComputeSecurityPolicyRead(d, meta)
+	if err != nil {
+		return err
+	}
+
+	if d.Id() == "" {
+		return fmt.Errorf("%s not found", id)
+	}
+
+	return nil
+}

google/services/compute/data_source_compute_secutity_policy_test.go

@@ -0,0 +1,75 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: MPL-2.0
+package compute_test
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-provider-google/google/acctest"
+)
+
+func TestAccDataSourceComputeSecurityPolicy_basic(t *testing.T) {
+	t.Parallel()
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckComputeSecurityPolicyDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataSourceComputeSecurityPolicy_basic(acctest.RandString(t, 10)),
+				Check: resource.ComposeTestCheckFunc(
+					acctest.CheckDataSourceStateMatchesResourceState("data.google_compute_security_policy.sp1", "google_compute_security_policy.policy"),
+					acctest.CheckDataSourceStateMatchesResourceState("data.google_compute_security_policy.sp2", "google_compute_security_policy.policy"),
+				),
+			},
+		},
+	})
+}
+
+func testAccDataSourceComputeSecurityPolicy_basic(suffix string) string {
+	return fmt.Sprintf(`
+resource "google_compute_security_policy" "policy" {
+  name = "my-policy-%s"
+
+  rule {
+    action      = "deny(403)"
+    priority    = "1000"
+    description = "Deny access to IPs in 9.9.9.0/24"
+
+    match {
+      versioned_expr = "SRC_IPS_V1"
+
+      config {
+        src_ip_ranges = ["9.9.9.0/24"]
+      }
+    }
+  }
+
+  rule {
+    action      = "allow"
+    priority    = "2147483647"
+    description = "default rule"
+
+    match {
+      versioned_expr = "SRC_IPS_V1"
+
+      config {
+        src_ip_ranges = ["*"]
+      }
+    }
+  }
+}
+
+data "google_compute_security_policy" "sp1" {
+  name    = google_compute_security_policy.policy.name
+  project = google_compute_security_policy.policy.project
+}
+
+data "google_compute_security_policy" "sp2" {
+  self_link = google_compute_security_policy.policy.self_link
+}
+`, suffix)
+}

website/docs/d/compute_security_policy.html.markdown

@@ -0,0 +1,40 @@
+---
+subcategory: "Compute Engine"
+description: |-
+  Get information about a Google Compute Security Policy.
+---
+
+# google_compute_security_policy
+
+To get more information about Google Compute Security Policy, see:
+
+* [API documentation](https://cloud.google.com/compute/docs/reference/rest/beta/securityPolicies)
+* How-to Guides
+    * [Official Documentation](https://cloud.google.com/armor/docs/configure-security-policies)
+
+## Example Usage
+
+```hcl
+data "google_compute_security_policy" "sp1" {
+  name = "my-policy"
+  project = "my-project"
+}
+
+data "google_compute_security_policy" "sp2" {
+  self_link = "https://www.googleapis.com/compute/v1/projects/my-project/global/securityPolicies/my-policy"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Optional) The name of the security policy. Provide either this or a `self_link`.
+
+* `project` - (Optional) The project in which the resource belongs. If it is not provided, the provider project is used.
+
+* `self_link` - (Optional) The self_link of the security policy. Provide either this or a `name`
+
+## Attributes Reference
+
+See [google_compute_security_policy](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_security_policy) resource for details of the available attributes.