Add SPA fields to beyondcorp_security_gateway (#15322)

Berro321 · web-flow · commit 3ffbc3295e99 · 2025-10-07T17:44:06.000Z
diff --git a/mmv1/products/beyondcorp/SecurityGateway.yaml b/mmv1/products/beyondcorp/SecurityGateway.yaml
@@ -37,6 +37,12 @@ examples:
     region_override: 'global'
     vars:
       security_gateway_name: default
+  - name: beyondcorp_security_gateway_spa
+    primary_resource_id: example-spa
+    primary_resource_name: 'fmt.Sprintf("default-spa%s", context["random_suffix"])'
+    region_override: 'global'
+    vars:
+      security_gateway_name: default-spa
 autogen_async: true
 async:
   operation:
@@ -144,3 +150,87 @@ properties:
     description: |-
       Service account used for operations that involve resources in consumer projects.
     output: true
+  - name: proxyProtocolConfig
+    type: NestedObject
+    description: Shared proxy configuration for all apps.
+    properties:
+      - name: allowedClientHeaders
+        type: Array
+        description: The configuration for the proxy.
+        item_type:
+          type: string
+      - name: contextualHeaders
+        type: NestedObject
+        description: Configuration for the contextual headers.
+        properties:
+          - name: userInfo
+            type: NestedObject
+            description: User info configuration.
+            properties:
+              - name: outputType
+                type: Enum
+                description: The output type of the delegated user info.
+                enum_values:
+                  - 'PROTOBUF'
+                  - 'JSON'
+                  - 'NONE'
+          - name: groupInfo
+            type: NestedObject
+            description: Group info configuration.
+            properties:
+              - name: outputType
+                type: Enum
+                description: The output type of the delegated group info.
+                enum_values:
+                  - 'PROTOBUF'
+                  - 'JSON'
+                  - 'NONE'
+          - name: deviceInfo
+            type: NestedObject
+            description: Device info configuration.
+            properties:
+              - name: outputType
+                type: Enum
+                description: The output type of the delegated device info.
+                enum_values:
+                  - 'PROTOBUF'
+                  - 'JSON'
+                  - 'NONE'
+          - name: outputType
+            type: Enum
+            description: Default output type for all enabled headers.
+            enum_values:
+              - 'PROTOBUF'
+              - 'JSON'
+              - 'NONE'
+      - name: metadataHeaders
+        type: KeyValuePairs
+        description: |-
+          Custom resource specific headers along with the values.
+          The names should conform to RFC 9110:
+          > Field names SHOULD constrain themselves to alphanumeric characters, "-",
+            and ".", and SHOULD begin with a letter.
+          > Field values SHOULD contain only ASCII printable characters and tab.
+      - name: gatewayIdentity
+        type: Enum
+        description: Gateway identity configuration.
+        enum_values:
+          - 'RESOURCE_NAME'
+      - name: clientIp
+        type: Boolean
+        description: Client IP configuration. The client IP address is included if true.
+  - name: serviceDiscovery
+    type: NestedObject
+    description: Settings related to the Service Discovery.
+    properties:
+      - name: apiGateway
+        type: NestedObject
+        description: External API configuration.
+        properties:
+          - name: resourceOverride
+            type: NestedObject
+            description: Enables fetching resource model updates to alter service behavior per Chrome profile.
+            properties:
+              - name: path
+                type: String
+                description: Contains uri path fragment where HTTP request is sent.
diff --git a/mmv1/templates/terraform/examples/beyondcorp_security_gateway_spa.tf.tmpl b/mmv1/templates/terraform/examples/beyondcorp_security_gateway_spa.tf.tmpl
@@ -0,0 +1,32 @@
+resource "google_beyondcorp_security_gateway" "{{$.PrimaryResourceId}}" {
+  security_gateway_id = "{{index $.Vars "security_gateway_name"}}"
+  display_name = "My SPA Security Gateway resource"
+  proxy_protocol_config {
+    allowed_client_headers = ["header1", "header2"]
+    contextual_headers {
+      user_info {
+        output_type = "PROTOBUF"
+      }
+      group_info {
+        output_type = "JSON"
+      }
+      device_info {
+        output_type = "NONE"
+      }
+      output_type = "NONE"
+    }
+    metadata_headers = {
+      metadata-header1 = "value1"
+      metadata-header2 = "value2"
+    }
+    gateway_identity = "RESOURCE_NAME"
+    client_ip = true
+  }
+  service_discovery {
+    api_gateway {
+      resource_override {
+        path = "/api/v1/routes"
+       }
+    }
+  }
+}
