Skip to content

Commit 3ea3807

Browse files
add datasource to google_compute_security_policy resource (#10780) (#18316)
[upstream:a5ef92165addd3b106614c04a2389c3b52d57376] Signed-off-by: Modular Magician <magic-modules@google.com>
1 parent 82b9689 commit 3ea3807

File tree

4 files changed

+187
-0
lines changed

4 files changed

+187
-0
lines changed

google/provider/provider_mmv1_resources.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -201,6 +201,7 @@ var handwrittenDatasources = map[string]*schema.Resource{
201201
"google_compute_router": compute.DataSourceGoogleComputeRouter(),
202202
"google_compute_router_nat": compute.DataSourceGoogleComputeRouterNat(),
203203
"google_compute_router_status": compute.DataSourceGoogleComputeRouterStatus(),
204+
"google_compute_security_policy": compute.DataSourceGoogleComputeSecurityPolicy(),
204205
"google_compute_snapshot": compute.DataSourceGoogleComputeSnapshot(),
205206
"google_compute_ssl_certificate": compute.DataSourceGoogleComputeSslCertificate(),
206207
"google_compute_ssl_policy": compute.DataSourceGoogleComputeSslPolicy(),
Lines changed: 71 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,71 @@
1+
// Copyright (c) HashiCorp, Inc.
2+
// SPDX-License-Identifier: MPL-2.0
3+
package compute
4+
5+
import (
6+
"errors"
7+
"fmt"
8+
9+
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
10+
"github.com/hashicorp/terraform-provider-google/google/tpgresource"
11+
transport_tpg "github.com/hashicorp/terraform-provider-google/google/transport"
12+
)
13+
14+
func DataSourceGoogleComputeSecurityPolicy() *schema.Resource {
15+
// Generate datasource schema from resource
16+
dsSchema := tpgresource.DatasourceSchemaFromResourceSchema(ResourceComputeSecurityPolicy().Schema)
17+
18+
// Set 'Optional' schema elements
19+
tpgresource.AddOptionalFieldsToSchema(dsSchema, "name")
20+
tpgresource.AddOptionalFieldsToSchema(dsSchema, "project")
21+
tpgresource.AddOptionalFieldsToSchema(dsSchema, "self_link")
22+
23+
return &schema.Resource{
24+
Read: dataSourceComputSecurityPolicyRead,
25+
Schema: dsSchema,
26+
}
27+
}
28+
29+
func dataSourceComputSecurityPolicyRead(d *schema.ResourceData, meta interface{}) error {
30+
config := meta.(*transport_tpg.Config)
31+
id := ""
32+
33+
if name, ok := d.GetOk("name"); ok {
34+
project, err := tpgresource.GetProject(d, config)
35+
if err != nil {
36+
return err
37+
}
38+
39+
id = fmt.Sprintf("projects/%s/global/securityPolicies/%s", project, name.(string))
40+
d.SetId(id)
41+
} else if selfLink, ok := d.GetOk("self_link"); ok {
42+
parsed, err := tpgresource.ParseSecurityPolicyFieldValue(selfLink.(string), d, config)
43+
if err != nil {
44+
return err
45+
}
46+
47+
if err := d.Set("name", parsed.Name); err != nil {
48+
return fmt.Errorf("Error setting name: %s", err)
49+
}
50+
51+
if err := d.Set("project", parsed.Project); err != nil {
52+
return fmt.Errorf("Error setting project: %s", err)
53+
}
54+
55+
id = fmt.Sprintf("projects/%s/global/securityPolicies/%s", parsed.Project, parsed.Name)
56+
d.SetId(id)
57+
} else {
58+
return errors.New("Must provide either `self_link` or `name`")
59+
}
60+
61+
err := resourceComputeSecurityPolicyRead(d, meta)
62+
if err != nil {
63+
return err
64+
}
65+
66+
if d.Id() == "" {
67+
return fmt.Errorf("%s not found", id)
68+
}
69+
70+
return nil
71+
}
Lines changed: 75 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,75 @@
1+
// Copyright (c) HashiCorp, Inc.
2+
// SPDX-License-Identifier: MPL-2.0
3+
package compute_test
4+
5+
import (
6+
"fmt"
7+
"testing"
8+
9+
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
10+
"github.com/hashicorp/terraform-provider-google/google/acctest"
11+
)
12+
13+
func TestAccDataSourceComputeSecurityPolicy_basic(t *testing.T) {
14+
t.Parallel()
15+
16+
acctest.VcrTest(t, resource.TestCase{
17+
PreCheck: func() { acctest.AccTestPreCheck(t) },
18+
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
19+
CheckDestroy: testAccCheckComputeSecurityPolicyDestroyProducer(t),
20+
Steps: []resource.TestStep{
21+
{
22+
Config: testAccDataSourceComputeSecurityPolicy_basic(acctest.RandString(t, 10)),
23+
Check: resource.ComposeTestCheckFunc(
24+
acctest.CheckDataSourceStateMatchesResourceState("data.google_compute_security_policy.sp1", "google_compute_security_policy.policy"),
25+
acctest.CheckDataSourceStateMatchesResourceState("data.google_compute_security_policy.sp2", "google_compute_security_policy.policy"),
26+
),
27+
},
28+
},
29+
})
30+
}
31+
32+
func testAccDataSourceComputeSecurityPolicy_basic(suffix string) string {
33+
return fmt.Sprintf(`
34+
resource "google_compute_security_policy" "policy" {
35+
name = "my-policy-%s"
36+
37+
rule {
38+
action = "deny(403)"
39+
priority = "1000"
40+
description = "Deny access to IPs in 9.9.9.0/24"
41+
42+
match {
43+
versioned_expr = "SRC_IPS_V1"
44+
45+
config {
46+
src_ip_ranges = ["9.9.9.0/24"]
47+
}
48+
}
49+
}
50+
51+
rule {
52+
action = "allow"
53+
priority = "2147483647"
54+
description = "default rule"
55+
56+
match {
57+
versioned_expr = "SRC_IPS_V1"
58+
59+
config {
60+
src_ip_ranges = ["*"]
61+
}
62+
}
63+
}
64+
}
65+
66+
data "google_compute_security_policy" "sp1" {
67+
name = google_compute_security_policy.policy.name
68+
project = google_compute_security_policy.policy.project
69+
}
70+
71+
data "google_compute_security_policy" "sp2" {
72+
self_link = google_compute_security_policy.policy.self_link
73+
}
74+
`, suffix)
75+
}
Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
---
2+
subcategory: "Compute Engine"
3+
description: |-
4+
Get information about a Google Compute Security Policy.
5+
---
6+
7+
# google_compute_security_policy
8+
9+
To get more information about Google Compute Security Policy, see:
10+
11+
* [API documentation](https://cloud.google.com/compute/docs/reference/rest/beta/securityPolicies)
12+
* How-to Guides
13+
* [Official Documentation](https://cloud.google.com/armor/docs/configure-security-policies)
14+
15+
## Example Usage
16+
17+
```hcl
18+
data "google_compute_security_policy" "sp1" {
19+
name = "my-policy"
20+
project = "my-project"
21+
}
22+
23+
data "google_compute_security_policy" "sp2" {
24+
self_link = "https://www.googleapis.com/compute/v1/projects/my-project/global/securityPolicies/my-policy"
25+
}
26+
```
27+
28+
## Argument Reference
29+
30+
The following arguments are supported:
31+
32+
* `name` - (Optional) The name of the security policy. Provide either this or a `self_link`.
33+
34+
* `project` - (Optional) The project in which the resource belongs. If it is not provided, the provider project is used.
35+
36+
* `self_link` - (Optional) The self_link of the security policy. Provide either this or a `name`
37+
38+
## Attributes Reference
39+
40+
See [google_compute_security_policy](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_security_policy) resource for details of the available attributes.

0 commit comments

Comments
 (0)