Add google_beyondcorp_security_gateway_application resource. (GoogleCloudPlatform#13918)

Author: Berro321

mmv1/products/beyondcorp/Application.yaml

@@ -13,7 +13,7 @@
 
 ---
 name: Application
-deprecation_message: '`google_beyondcorp_application` is deprecated.'
+deprecation_message: '`google_beyondcorp_application` is deprecated. Use `google_beyondcorp_security_gateway_application` instead.'
 description: Specifies application endpoint(s) to protect behind a Security Gateway.
 base_url: projects/{{project}}/locations/global/securityGateways/{{security_gateways_id}}/applications
 update_mask: true

mmv1/products/beyondcorp/SecurityGatewayApplication.yaml

@@ -0,0 +1,151 @@
+# Copyright 2024 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+name: SecurityGatewayApplication
+description: Specifies application endpoint(s) to protect behind a Security Gateway.
+base_url: projects/{{project}}/locations/global/securityGateways/{{security_gateway_id}}/applications
+update_mask: true
+self_link: projects/{{project}}/locations/global/securityGateways/{{security_gateway_id}}/applications/{{application_id}}
+create_url: projects/{{project}}/locations/global/securityGateways/{{security_gateway_id}}/applications?applicationId={{application_id}}
+update_verb: PATCH
+id_format: projects/{{project}}/locations/global/securityGateways/{{security_gateway_id}}/applications/{{application_id}}
+import_format:
+  - projects/{{project}}/locations/global/securityGateways/{{security_gateway_id}}/applications/{{application_id}}
+iam_policy:
+  method_name_separator: ':'
+  iam_conditions_request_type: 'QUERY_PARAM_NESTED'
+  allowed_iam_role: 'roles/beyondcorp.securityGatewayUser'
+  parent_resource_attribute: 'application_id'
+  import_format:
+    - 'projects/{{project}}/locations/global/securityGateways/{{security_gateway_id}}/applications/{{application_id}}'
+    - '{{application_id}}'
+examples:
+  - name: beyondcorp_security_gateway_application_basic
+    primary_resource_id: example
+    primary_resource_name: 'fmt.Sprintf("tf-test-default-sg%s", context["random_suffix"]), fmt.Sprintf("tf-test-google-sga%s", context["random_suffix"])'
+    vars:
+      security_gateway_name: default-sg
+      application_name: google-sga
+  - name: beyondcorp_security_gateway_application_vpc
+    primary_resource_id: example
+    primary_resource_name: 'fmt.Sprintf("tf-test-default-sg%s", context["random_suffix"]), fmt.Sprintf("tf-test-google-sga%s", context["random_suffix"])'
+    vars:
+      security_gateway_name: default-sg
+      application_name: my-vm-service2
+autogen_async: true
+async:
+  operation:
+    timeouts:
+      insert_minutes: 20
+      update_minutes: 20
+      delete_minutes: 20
+    base_url: '{{op_id}}'
+  actions:
+    - create
+    - delete
+    - update
+  type: OpAsync
+  result:
+    resource_inside_response: true
+  include_project: false
+autogen_status: QXBwbGljYXRpb24=
+parameters:
+  - name: securityGatewayId
+    type: String
+    description: ID of the Security Gateway resource this belongs to.
+    immutable: true
+    url_param_only: true
+    required: true
+  - name: applicationId
+    type: String
+    description: |-
+      User-settable Application resource ID.
+      * Must start with a letter.
+      * Must contain between 4-63 characters from `/a-z-/`.
+      * Must end with a number or letter.
+    immutable: true
+    url_param_only: true
+    required: true
+properties:
+  - name: createTime
+    type: String
+    description: Output only. Timestamp when the resource was created.
+    output: true
+  - name: displayName
+    type: String
+    description: |-
+      Optional. An arbitrary user-provided name for the Application resource.
+      Cannot exceed 64 characters.
+  - name: endpointMatchers
+    type: Array
+    description: |-
+      Required. Endpoint matchers associated with an application.
+      A combination of hostname and ports as endpoint matcher is used to match
+      the application.
+      Match conditions for OR logic.
+      An array of match conditions to allow for multiple matching criteria.
+      The rule is considered a match if one the conditions are met.
+      The conditions can be one of the following combination
+      (Hostname), (Hostname & Ports)
+
+      EXAMPLES:
+      Hostname - ("*.abc.com"), ("xyz.abc.com")
+      Hostname and Ports - ("abc.com" and "22"), ("abc.com" and "22,33") etc
+    required: true
+    item_type:
+      type: NestedObject
+      properties:
+        - name: hostname
+          type: String
+          description: Required. Hostname of the application.
+          required: true
+        - name: ports
+          type: Array
+          description: Optional. Ports of the application.
+          item_type:
+            type: Integer
+  - name: upstreams
+    type: Array
+    description: Optional. List of which upstream resource(s) to forward traffic to.
+    item_type:
+      type: NestedObject
+      properties:
+        - name: egressPolicy
+          type: NestedObject
+          description: Optional. Routing policy information.
+          properties:
+            - name: regions
+              type: Array
+              description: Required. List of regions where the application sends traffic to.
+              required: true
+              item_type:
+                type: String
+        - name: network
+          type: NestedObject
+          description: Network to forward traffic to.
+          properties:
+            - name: name
+              type: string
+              description: |-
+                Required. Network name is of the format:
+                `projects/{project}/global/networks/{network}`
+              required: true
+  - name: name
+    type: String
+    description: Identifier. Name of the resource.
+    output: true
+  - name: updateTime
+    type: String
+    description: Output only. Timestamp when the resource was last modified.
+    output: true

mmv1/templates/terraform/examples/beyondcorp_security_gateway_application_basic.tf.tmpl

@@ -0,0 +1,13 @@
+resource "google_beyondcorp_security_gateway" "default" {
+  security_gateway_id = "{{index $.Vars "security_gateway_name"}}"
+  display_name = "My Security Gateway resource"
+  hubs { region = "us-central1" }
+}
+
+resource "google_beyondcorp_security_gateway_application" "{{$.PrimaryResourceId}}" {
+  security_gateway_id = google_beyondcorp_security_gateway.default.security_gateway_id
+  application_id = "{{index $.Vars "application_name"}}"
+  endpoint_matchers {
+    hostname = "google.com"
+  }
+}

mmv1/templates/terraform/examples/beyondcorp_security_gateway_application_vpc.tf.tmpl

@@ -0,0 +1,23 @@
+data "google_project" "project" {}
+
+resource "google_beyondcorp_security_gateway" "default" {
+  security_gateway_id = "{{index $.Vars "security_gateway_name"}}"
+  display_name = "My Security Gateway resource"
+  hubs { region = "us-central1" }
+}
+
+resource "google_beyondcorp_security_gateway_application" "{{$.PrimaryResourceId}}" {
+  security_gateway_id = google_beyondcorp_security_gateway.default.security_gateway_id
+  application_id = "{{index $.Vars "application_name"}}"
+  endpoint_matchers {
+    hostname = "my-vm-service.com"
+  }
+  upstreams {
+    egress_policy {
+      regions = ["us-central1"]
+    }
+    network {
+        name = "projects/${data.google_project.project.project_id}/global/networks/default"
+    }
+  }
+}

mmv1/third_party/terraform/services/beyondcorp/resource_beyondcorp_security_gateway_application_test.go

@@ -0,0 +1,98 @@
+package beyondcorp_test
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-plugin-testing/plancheck"
+
+	"github.com/hashicorp/terraform-provider-google/google/acctest"
+)
+
+func TestAccBeyondcorpSecurityGatewayApplication_beyondcorpSecurityGatewayApplicationBasicExample_update(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccBeyondcorpSecurityGatewayApplication_beyondcorpSecurityGatewayApplicationBasicExample_basic(context),
+			},
+			{
+				ResourceName:            "google_beyondcorp_security_gateway_application.example",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"application_id", "security_gateway_id"},
+			},
+			{
+				Config: testAccBeyondcorpSecurityGatewayApplication_beyondcorpSecurityGatewayApplicationBasicExample_update(context),
+				ConfigPlanChecks: resource.ConfigPlanChecks{
+					PreApply: []plancheck.PlanCheck{
+						plancheck.ExpectResourceAction("google_beyondcorp_security_gateway_application.example", plancheck.ResourceActionUpdate),
+					},
+				},
+			},
+			{
+				ResourceName:            "google_beyondcorp_security_gateway_application.example",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"application_id", "security_gateway_id"},
+			},
+		},
+	})
+}
+
+func testAccBeyondcorpSecurityGatewayApplication_beyondcorpSecurityGatewayApplicationBasicExample_basic(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+data "google_project" "project" {}
+
+resource "google_beyondcorp_security_gateway" "default" {
+  security_gateway_id = "default-sg%{random_suffix}"
+  display_name = "My Security Gateway resource"
+  hubs { region = "us-central1" }
+}
+
+resource "google_beyondcorp_security_gateway_application" "example" {
+  security_gateway_id = google_beyondcorp_security_gateway.default.security_gateway_id
+  application_id = "google-sga%{random_suffix}"
+  endpoint_matchers {
+    hostname = "google.com"
+  }
+}
+`, context)
+}
+
+func testAccBeyondcorpSecurityGatewayApplication_beyondcorpSecurityGatewayApplicationBasicExample_update(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+data "google_project" "project" {}
+
+resource "google_beyondcorp_security_gateway" "default" {
+  security_gateway_id = "default-sg%{random_suffix}"
+  display_name = "My Security Gateway resource"
+  hubs { region = "us-central1" }
+}
+
+resource "google_beyondcorp_security_gateway_application" "example" {
+  security_gateway_id = google_beyondcorp_security_gateway.default.security_gateway_id
+  display_name = "Updated Name"
+  application_id = "google-sga%{random_suffix}"
+  endpoint_matchers {
+    hostname = "*.google.com"
+  }
+  endpoint_matchers {
+	hostname = "google.com"
+	ports = [443, 80]
+  }
+  upstreams {
+	network {
+	  name = "projects/${data.google_project.project.project_id}/global/networks/default"
+	}
+  }
+}
+`, context)
+}