Bump Cloud Armor Hierchical Policies - Security Policies to GA (#15695)

maxi-cit · web-flow · commit 1515c1c63572 · 2025-11-26T19:04:08.000Z
diff --git a/mmv1/products/compute/OrganizationSecurityPolicy.yaml b/mmv1/products/compute/OrganizationSecurityPolicy.yaml
@@ -16,11 +16,10 @@ name: 'OrganizationSecurityPolicy'
 api_resource_type_kind: SecurityPolicy
 description: |
   Organization security policies are used to control incoming/outgoing traffic.
-min_version: 'beta'
 references:
   guides:
     'Creating a firewall policy': 'https://cloud.google.com/vpc/docs/using-firewall-policies#create-policy'
-  api: 'https://cloud.google.com/compute/docs/reference/rest/beta/organizationSecurityPolicies'
+  api: 'https://cloud.google.com/compute/docs/reference/rest/v1/organizationSecurityPolicies'
 docs:
 id_format: 'locations/global/securityPolicies/{{policy_id}}'
 base_url: 'locations/global/securityPolicies?parentId={{parent}}'
@@ -37,12 +36,13 @@ custom_code:
   post_create: 'templates/terraform/post_create/org_security_policy.go.tmpl'
   post_delete: 'templates/terraform/post_delete/org_security_policy.go.tmpl'
   post_update: 'templates/terraform/post_update/org_security_policy.go.tmpl'
-    # TODO: Remove once b/154369201 is closed.
+  # TODO: Remove once b/154369201 is closed.
   test_check_destroy: 'templates/terraform/custom_check_destroy/skip_delete_during_test.go.tmpl'
 examples:
   - name: 'organization_security_policy_basic'
     primary_resource_id: 'policy'
-    min_version: 'beta'
+    vars:
+      short_name: "my-short-name"
     test_env_vars:
       org_id: 'ORG_ID'
 parameters:
@@ -51,49 +51,44 @@ parameters:
     description: |
       The parent of this OrganizationSecurityPolicy in the Cloud Resource Hierarchy.
       Format: organizations/{organization_id} or folders/{folder_id}
-    min_version: 'beta'
     required: true
     immutable: true
 properties:
   - name: 'displayName'
     type: String
     description: |
       User-provided name of the organization security policy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is FIREWALL.
-    min_version: 'beta'
     immutable: true
     ignore_read: true
   - name: 'description'
     type: String
     description: |
       A textual description for the organization security policy.
-    min_version: 'beta'
   - name: 'shortName'
     type: String
     description: |
       User-provided name of the organization security policy. The name should be unique in the organization in which the security policy is created. This should only be used when SecurityPolicyType is CLOUD_ARMOR.
-    min_version: 'beta'
     immutable: true
   - name: 'fingerprint'
     type: Fingerprint
     description: |
       Fingerprint of this resource. This field is used internally during
       updates of this resource.
-    min_version: 'beta'
     output: true
   - name: 'policy_id'
     type: String
     description: |
       The unique identifier for the resource. This identifier is defined by the server.
     api_name: id
-    min_version: 'beta'
     output: true
   - name: 'type'
     type: Enum
     description: |
       The type indicates the intended use of the security policy. This field can be set only at resource creation time.
-    min_version: 'beta'
+
+      **NOTE** : 'FIREWALL' type is deprecated and will be removed in a future major release. Please use 'google_compute_firewall_policy' instead."
     immutable: true
-    default_value: "FIREWALL"
+    default_from_api: true
     enum_values:
       - 'FIREWALL'
       - 'CLOUD_ARMOR'
diff --git a/mmv1/templates/terraform/examples/organization_security_policy_association_basic.tf.tmpl b/mmv1/templates/terraform/examples/organization_security_policy_association_basic.tf.tmpl
@@ -6,31 +6,10 @@ resource "google_folder" "security_policy_target" {
 }
 
 resource "google_compute_organization_security_policy" "policy" {
-  provider = google-beta
+  provider     = google-beta
   display_name = "tf-test%{random_suffix}"
   parent       = google_folder.security_policy_target.name
-}
-
-resource "google_compute_organization_security_policy_rule" "{{$.PrimaryResourceId}}" {
-  provider = google-beta
-  policy_id = google_compute_organization_security_policy.{{$.PrimaryResourceId}}.id
-  action = "allow"
-
-  direction = "INGRESS"
-  enable_logging = true
-  match {
-    config {
-      src_ip_ranges = ["192.168.0.0/16", "10.0.0.0/8"]
-      layer4_config {
-        ip_protocol = "tcp"
-        ports = ["22"]
-      }
-      layer4_config {
-        ip_protocol = "icmp"
-      }
-    }
-  }
-  priority = 100
+  type         = "FIREWALL"
 }
 
 resource "google_compute_organization_security_policy_association" "{{$.PrimaryResourceId}}" {
diff --git a/mmv1/templates/terraform/examples/organization_security_policy_basic.tf.tmpl b/mmv1/templates/terraform/examples/organization_security_policy_basic.tf.tmpl
@@ -1,5 +1,5 @@
 resource "google_compute_organization_security_policy" "{{$.PrimaryResourceId}}" {
-  provider = google-beta
-  display_name = "tf-test%{random_suffix}"
-  parent       = "organizations/{{index $.TestEnvVars "org_id"}}"
+  short_name = "{{index $.Vars "short_name"}}"
+  parent     = "organizations/{{index $.TestEnvVars "org_id"}}"
+  type       = "CLOUD_ARMOR"
 }
diff --git a/mmv1/templates/terraform/examples/organization_security_policy_rule_basic.tf.tmpl b/mmv1/templates/terraform/examples/organization_security_policy_rule_basic.tf.tmpl
@@ -1,7 +1,8 @@
 resource "google_compute_organization_security_policy" "{{$.PrimaryResourceId}}" {
-  provider = google-beta
+  provider     = google-beta
   display_name = "tf-test%{random_suffix}"
   parent       = "organizations/{{index $.TestEnvVars "org_id"}}"
+  type         = "FIREWALL"
 }
 
 resource "google_compute_organization_security_policy_rule" "{{$.PrimaryResourceId}}" {
diff --git a/mmv1/third_party/terraform/services/compute/resource_compute_organization_security_policy_rule_test.go.tmpl b/mmv1/third_party/terraform/services/compute/resource_compute_organization_security_policy_rule_test.go.tmpl
@@ -53,7 +53,9 @@ resource "google_folder" "security_policy_target" {
 resource "google_compute_organization_security_policy" "policy" {
   display_name = "tf-test%{random_suffix}"
   parent       = google_folder.security_policy_target.name
+  type         = "FIREWALL"
 }
+
 resource "google_compute_organization_security_policy_rule" "policy" {
   policy_id = google_compute_organization_security_policy.policy.id
   action = "allow"
@@ -88,6 +90,7 @@ resource "google_folder" "security_policy_target" {
 resource "google_compute_organization_security_policy" "policy" {
   display_name = "tf-test%{random_suffix}"
   parent       = google_folder.security_policy_target.name
+  type         = "FIREWALL"
 }
 
 resource "google_compute_organization_security_policy_rule" "policy" {
diff --git a/mmv1/third_party/terraform/services/compute/resource_compute_organization_security_policy_test.go b/mmv1/third_party/terraform/services/compute/resource_compute_organization_security_policy_test.go
@@ -1,8 +1,8 @@
 package compute_test
-{{- if ne $.TargetVersionName "ga" }}
 
 import (
 	"testing"
+
 	"github.com/hashicorp/terraform-provider-google/google/acctest"
 	"github.com/hashicorp/terraform-provider-google/google/envvar"
 
@@ -25,21 +25,21 @@ func TestAccComputeOrganizationSecurityPolicy_organizationSecurityPolicyUpdateEx
 			{
 				Config: testAccComputeOrganizationSecurityPolicy_organizationSecurityPolicyPreUpdateExample(context),
 			},
-                        {
-                                ResourceName:            "google_compute_organization_security_policy.policy",
-                                ImportState:             true,
-                                ImportStateVerify:       true,
-                                ImportStateVerifyIgnore: []string{"display_name"},
-                        },
-                        {
+			{
+				ResourceName:            "google_compute_organization_security_policy.policy",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"display_name", "parent"},
+			},
+			{
 				Config: testAccComputeOrganizationSecurityPolicy_organizationSecurityPolicyPostUpdateExample(context),
-                        },
-                        {
-                                ResourceName:            "google_compute_organization_security_policy.policy",
-                                ImportState:             true,
-                                ImportStateVerify:       true,
-                                ImportStateVerifyIgnore: []string{"display_name"},
-                        },
+			},
+			{
+				ResourceName:            "google_compute_organization_security_policy.policy",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"display_name", "parent"},
+			},
 		},
 	})
 }
@@ -59,9 +59,10 @@ func TestAccComputeOrganizationSecurityPolicy_organizationSecurityPolicyShortNam
 				Config: testAccComputeOrganizationSecurityPolicy_organizationSecurityPolicyShortName(context),
 			},
 			{
-				ResourceName:      "google_compute_organization_security_policy.policy",
-				ImportState:       true,
-				ImportStateVerify: true,
+				ResourceName:            "google_compute_organization_security_policy.policy",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"display_name", "parent"},
 			},
 		},
 	})
@@ -70,18 +71,18 @@ func TestAccComputeOrganizationSecurityPolicy_organizationSecurityPolicyShortNam
 func testAccComputeOrganizationSecurityPolicy_organizationSecurityPolicyPreUpdateExample(context map[string]interface{}) string {
 	return acctest.Nprintf(`
 resource "google_compute_organization_security_policy" "policy" {
-  display_name = "tf-test%{random_suffix}"
-  parent       = "organizations/%{org_id}"
+  short_name = "tf-test%{random_suffix}"
+  parent     = "organizations/%{org_id}"
 }
 `, context)
 }
 
 func testAccComputeOrganizationSecurityPolicy_organizationSecurityPolicyPostUpdateExample(context map[string]interface{}) string {
 	return acctest.Nprintf(`
 resource "google_compute_organization_security_policy" "policy" {
-  display_name = "tf-test%{random_suffix}"
-  parent       = "organizations/%{org_id}"
-  description  = "Updated description."
+  short_name  = "tf-test%{random_suffix}"
+  parent      = "organizations/%{org_id}"
+  description = "Updated description."
 }
 `, context)
 }
@@ -96,4 +97,3 @@ resource "google_compute_organization_security_policy" "policy" {
 }
 `, context)
 }
-{{- end }}

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`resource "google_compute_organization_security_policy" "{{$.PrimaryResourceId}}" {`
`2`		`- provider = google-beta`
`3`		`- display_name = "tf-test%{random_suffix}"`
`4`		`- parent = "organizations/{{index $.TestEnvVars "org_id"}}"`
	`2`	`+ short_name = "{{index $.Vars "short_name"}}"`
	`3`	`+ parent = "organizations/{{index $.TestEnvVars "org_id"}}"`
	`4`	`+ type = "CLOUD_ARMOR"`
`5`	`5`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,8 @@`
`1`	`1`	`resource "google_compute_organization_security_policy" "{{$.PrimaryResourceId}}" {`
`2`		`- provider = google-beta`
	`2`	`+ provider = google-beta`
`3`	`3`	`display_name = "tf-test%{random_suffix}"`
`4`	`4`	`parent = "organizations/{{index $.TestEnvVars "org_id"}}"`
	`5`	`+ type = "FIREWALL"`
`5`	`6`	`}`
`6`	`7`
`7`	`8`	`resource "google_compute_organization_security_policy_rule" "{{$.PrimaryResourceId}}" {`