feat(modelarmorglobal): Add google_mcp_server_floor_setting to FloorSetting (#15663)

Abhi7410 · melinath · web-flow · commit 1d5cd2483154 · 2025-11-25T19:50:15.000Z
Co-authored-by: Stephen Lewis (Burrows) &lt;stephen.r.burrows@gmail.com&gt;
diff --git a/mmv1/products/modelarmorglobal/Floorsetting.yaml b/mmv1/products/modelarmorglobal/Floorsetting.yaml
@@ -208,10 +208,10 @@ properties:
       description: |-
         Possible values:
         AI_PLATFORM
+        GOOGLE_MCP_SERVER
   - name: aiPlatformFloorSetting
     type: NestedObject
     description: AI Platform floor setting.
-    allow_empty_object: true
     properties:
       - name: inspectOnly
         type: Boolean
@@ -232,6 +232,29 @@ properties:
       - name: enableCloudLogging
         type: Boolean
         description: If true, log Model Armor filter results to Cloud Logging.
+  - name: googleMcpServerFloorSetting
+    type: NestedObject
+    description: Google MCP Server floor setting.
+    properties:
+      - name: inspectOnly
+        type: Boolean
+        description: |-
+          If true, Model Armor filters will be run in inspect only mode. No action
+          will be taken on the request.
+        exactly_one_of:
+          - google_mcp_server_floor_setting.0.inspect_only
+          - google_mcp_server_floor_setting.0.inspect_and_block
+      - name: inspectAndBlock
+        type: Boolean
+        description: |-
+          If true, Model Armor filters will be run in inspect and block mode.
+          Requests that trip Model Armor filters will be blocked.
+        exactly_one_of:
+          - google_mcp_server_floor_setting.0.inspect_only
+          - google_mcp_server_floor_setting.0.inspect_and_block
+      - name: enableCloudLogging
+        type: Boolean
+        description: If true, log Model Armor filter results to Cloud Logging.
   - name: floorSettingMetadata
     type: NestedObject
     description: Metadata to enable multi language detection via floor setting.
diff --git a/mmv1/third_party/terraform/services/modelarmorglobal/resource_model_armor_floorsetting_test.go b/mmv1/third_party/terraform/services/modelarmorglobal/resource_model_armor_floorsetting_test.go
@@ -5,6 +5,8 @@ import (
 
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
 
+	"github.com/hashicorp/terraform-plugin-testing/plancheck"
+
 	"github.com/hashicorp/terraform-provider-google/google/acctest"
 
 	"github.com/hashicorp/terraform-provider-google/google/envvar"
@@ -30,8 +32,28 @@ func TestAccModelArmorGlobalFloorsetting_update(t *testing.T) {
 				ImportStateVerify:       true,
 				ImportStateVerifyIgnore: []string{"location", "parent"},
 			},
+			{
+				// Update from inspect_only to inspect_and_block = true for both ai_platform and google_mcp_server
+				Config: testAccModelArmorGlobalFloorsetting_enableInspectAndBlock(context),
+				ConfigPlanChecks: resource.ConfigPlanChecks{
+					PreApply: []plancheck.PlanCheck{
+						plancheck.ExpectResourceAction("google_model_armor_floorsetting.test-resource", plancheck.ResourceActionUpdate),
+					},
+				},
+			},
+			{
+				ResourceName:            "google_model_armor_floorsetting.test-resource",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"location", "parent"},
+			},
 			{
 				Config: testAccModelArmorGlobalFloorsetting_updated(context),
+				ConfigPlanChecks: resource.ConfigPlanChecks{
+					PreApply: []plancheck.PlanCheck{
+						plancheck.ExpectResourceAction("google_model_armor_floorsetting.test-resource", plancheck.ResourceActionUpdate),
+					},
+				},
 			},
 			{
 				ResourceName:            "google_model_armor_floorsetting.test-resource",
@@ -72,12 +94,17 @@ resource "google_model_armor_floorsetting" "test-resource" {
 
   enable_floor_setting_enforcement = true
   
-  integrated_services =  [ "AI_PLATFORM" ]
+  integrated_services =  [ "AI_PLATFORM", "GOOGLE_MCP_SERVER" ]
 
   ai_platform_floor_setting {
     inspect_only            = true
     enable_cloud_logging    = true
   }
+
+  google_mcp_server_floor_setting {
+    inspect_only            = true
+    enable_cloud_logging    = true
+  }
   
   floor_setting_metadata {
     multi_language_detection {
@@ -88,6 +115,55 @@ resource "google_model_armor_floorsetting" "test-resource" {
 `, context)
 }
 
+func testAccModelArmorGlobalFloorsetting_enableInspectAndBlock(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_model_armor_floorsetting" "test-resource" {
+  location    = "global"
+  parent      = "projects/%{project_id}"
+
+  filter_config {
+    rai_settings {
+      rai_filters {
+        filter_type      = "DANGEROUS"
+        confidence_level = "LOW_AND_ABOVE"
+      }
+    }
+    sdp_settings {
+      basic_config {
+        filter_enforcement = "ENABLED"
+      }
+    }
+    pi_and_jailbreak_filter_settings {
+      filter_enforcement = "ENABLED"
+      confidence_level   = "MEDIUM_AND_ABOVE"
+    }
+    malicious_uri_filter_settings {
+      filter_enforcement = "ENABLED"
+    }
+  }
+
+  enable_floor_setting_enforcement = true
+  integrated_services =  [ "AI_PLATFORM", "GOOGLE_MCP_SERVER" ]
+
+  ai_platform_floor_setting {
+    inspect_and_block            = true
+    enable_cloud_logging    = true
+  }
+
+  google_mcp_server_floor_setting {
+    inspect_and_block       = true
+    enable_cloud_logging    = true
+  }
+
+  floor_setting_metadata {
+    multi_language_detection {
+      enable_multi_language_detection = true
+    }
+  }
+}
+`, context)
+}
+
 func testAccModelArmorGlobalFloorsetting_updated(context map[string]interface{}) string {
 	return acctest.Nprintf(`
 resource "google_model_armor_floorsetting" "test-resource" {
@@ -115,11 +191,6 @@ resource "google_model_armor_floorsetting" "test-resource" {
       filter_enforcement = "ENABLED"
     }
   }
-
-  ai_platform_floor_setting {
-    inspect_and_block       = false
-    enable_cloud_logging    = false
-  }
   
   floor_setting_metadata {
     multi_language_detection {
