VPCFlowLogs - Add Organization Support (#14885)

Author: maayanbeltzer

mmv1/products/networkmanagement/OrganizationVpcFlowLogsConfig.yaml

@@ -0,0 +1,153 @@
+# Copyright 2025 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+name: 'OrganizationVpcFlowLogsConfig'
+description:
+  VPC Flow Logs Config is a resource that lets you configure
+  Flow Logs for Organization.
+min_version: beta
+id_format: 'organizations/{{organization}}/locations/{{location}}/vpcFlowLogsConfigs/{{vpc_flow_logs_config_id}}'
+base_url: 'organizations/{{organization}}/locations/{{location}}/vpcFlowLogsConfigs'
+self_link: 'organizations/{{organization}}/locations/{{location}}/vpcFlowLogsConfigs/{{vpc_flow_logs_config_id}}'
+create_url: 'organizations/{{organization}}/locations/{{location}}/vpcFlowLogsConfigs?vpcFlowLogsConfigId={{vpc_flow_logs_config_id}}'
+update_verb: 'PATCH'
+update_mask: true
+import_format:
+  - 'organizations/{{organization}}/locations/{{location}}/vpcFlowLogsConfigs/{{vpc_flow_logs_config_id}}'
+timeouts:
+  insert_minutes: 20
+  update_minutes: 20
+  delete_minutes: 20
+autogen_async: true
+async:
+  actions: ['create', 'delete', 'update']
+  type: 'OpAsync'
+  operation:
+    base_url: '{{op_id}}'
+  result:
+    resource_inside_response: true
+  include_project: true
+custom_code:
+sweeper:
+  url_substitutions:
+    - parent: "organizations/${ORG_ID}"
+    - region: "global"
+examples:
+  - name: 'network_management_org_vpc_flow_logs_config_basic'
+    primary_resource_id: 'org-test'
+    min_version: 'beta'
+    vars:
+      vpc_flow_logs_config_id: 'basic-org-test-id'
+    test_env_vars:
+      org_id: 'ORG_ID'
+parameters:
+  - name: 'organization'
+    type: String
+    description: Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.
+    immutable: true
+    url_param_only: true
+    required: true
+  - name: 'location'
+    type: String
+    description: |
+      Resource ID segment making up resource `name`. It identifies the resource
+      within its parent collection as described in https://google.aip.dev/122. See documentation
+      for resource type `networkmanagement.googleapis.com/VpcFlowLogsConfig`.
+    url_param_only: true
+    required: true
+    immutable: true
+  - name: 'vpcFlowLogsConfigId'
+    type: String
+    description: |
+      Required. ID of the `VpcFlowLogsConfig`.
+    url_param_only: true
+    required: true
+    immutable: true
+properties:
+  - name: 'name'
+    type: String
+    description: |
+      Identifier. Unique name of the configuration using the form:     `organizations/{org_id}/locations/global/vpcFlowLogsConfigs/{vpc_flow_logs_config_id}`
+    output: true
+  - name: 'description'
+    type: String
+    description: |
+      Optional. The user-supplied description of the VPC Flow Logs configuration. Maximum
+      of 512 characters.
+  - name: 'state'
+    type: String
+    default_from_api: true
+    description: |
+      Optional. The state of the VPC Flow Log configuration. Default value
+      is ENABLED. When creating a new configuration, it must be enabled.
+      Possible values: ENABLED DISABLED
+  - name: 'aggregationInterval'
+    type: String
+    default_from_api: true
+    description: |
+      Optional. The aggregation interval for the logs. Default value is
+      INTERVAL_5_SEC.   Possible values: INTERVAL_5_SEC INTERVAL_30_SEC INTERVAL_1_MIN INTERVAL_5_MIN INTERVAL_10_MIN INTERVAL_15_MIN
+  - name: 'flowSampling'
+    type: Double
+    default_from_api: true
+    description: |
+      Optional. The value of the field must be in (0, 1]. The sampling rate
+      of VPC Flow Logs where 1.0 means all collected logs are reported. Setting the
+      sampling rate to 0.0 is not allowed. If you want to disable VPC Flow Logs, use
+      the state field instead. Default value is 1.0.
+  - name: 'metadata'
+    type: String
+    default_from_api: true
+    description: |
+      Optional. Configures whether all, none or a subset of metadata fields
+      should be added to the reported VPC flow logs. Default value is INCLUDE_ALL_METADATA.
+        Possible values:  METADATA_UNSPECIFIED INCLUDE_ALL_METADATA EXCLUDE_ALL_METADATA CUSTOM_METADATA
+  - name: 'metadataFields'
+    type: Array
+    description: |
+      Optional. Custom metadata fields to include in the reported VPC flow
+      logs. Can only be specified if \"metadata\" was set to CUSTOM_METADATA.
+    item_type:
+      type: String
+  - name: 'filterExpr'
+    type: String
+    description: |
+      Optional. Export filter used to define which VPC Flow Logs should be logged.
+  - name: 'labels'
+    type: KeyValueLabels
+    description: |
+      Optional. Resource labels to represent the user-provided metadata.
+  - name: 'createTime'
+    type: String
+    description: |
+      Output only. The time the config was created.
+    output: true
+  - name: 'updateTime'
+    type: String
+    description: |
+      Output only. The time the config was updated.
+    output: true
+  - name: 'crossProjectMetadata'
+    type: Enum
+    default_from_api: true
+    description: |-
+      Determines whether to include cross project annotations in the logs.
+      This field is available only for organization configurations. If not
+      specified in org configs will be set to CROSS_PROJECT_METADATA_ENABLED.
+      Possible values:
+      CROSS_PROJECT_METADATA_ENABLED
+      CROSS_PROJECT_METADATA_DISABLED
+    enum_values:
+      - CROSS_PROJECT_METADATA_ENABLED
+      - CROSS_PROJECT_METADATA_DISABLED

mmv1/templates/terraform/examples/network_management_org_vpc_flow_logs_config_basic.tf.tmpl

@@ -0,0 +1,7 @@
+resource "google_network_management_organization_vpc_flow_logs_config" "{{$.PrimaryResourceId}}" {
+  provider                = google-beta
+  vpc_flow_logs_config_id = "{{index $.Vars "vpc_flow_logs_config_id"}}"
+  location                = "global"
+  organization            = "{{index $.TestEnvVars "org_id"}}"
+}
+

mmv1/third_party/terraform/services/networkmanagement/resource_network_management_org_vpc_flow_logs_config_test.go.tmpl

@@ -0,0 +1,75 @@
+package networkmanagement_test
+
+{{ if ne $.TargetVersionName "ga" -}}
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-provider-google/google/acctest"
+    "github.com/hashicorp/terraform-provider-google/google/envvar"
+)
+
+func TestAccNetworkManagementOrganizationVpcFlowLogsConfig_update(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": acctest.RandString(t, 10),
+		"org_id":        envvar.GetTestOrgFromEnv(t),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t),
+		CheckDestroy:             testAccCheckNetworkManagementVpcFlowLogsConfigDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccNetworkManagementOrganizationVpcFlowLogsConfig_basic(context),
+			},
+			{
+				ResourceName:            "google_network_management_organization_vpc_flow_logs_config.org-test-update",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"organization", "location", "vpc_flow_logs_config_id"},
+			},
+			{
+				Config: testAccNetworkManagementOrganizationVpcFlowLogsConfig_update(context),
+			},
+			{
+				ResourceName:            "google_network_management_organization_vpc_flow_logs_config.org-test-update",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"organization", "location", "vpc_flow_logs_config_id"},
+			},
+		},
+	})
+}
+
+func testAccNetworkManagementOrganizationVpcFlowLogsConfig_basic(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_network_management_organization_vpc_flow_logs_config" "org-test-update" {
+  provider                = google-beta
+  vpc_flow_logs_config_id = "tf-test-update-org-id-%{random_suffix}"
+  organization            = "%{org_id}"
+  location                = "global"
+}
+`, context)
+}
+
+func testAccNetworkManagementOrganizationVpcFlowLogsConfig_update(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_network_management_organization_vpc_flow_logs_config" "org-test-update" {
+  provider                = google-beta
+  vpc_flow_logs_config_id = "tf-test-update-org-id-%{random_suffix}"
+  organization            = "%{org_id}"
+  location                = "global"
+
+  state                   = "DISABLED"
+  aggregation_interval    = "INTERVAL_30_SEC"
+  description             = "This is an updated description"
+  flow_sampling           = 0.5
+  metadata                = "EXCLUDE_ALL_METADATA"
+  cross_project_metadata  = "CROSS_PROJECT_METADATA_DISABLED"
+}
+`, context)
+}
+{{ end }}