Add Mirroring Endpoint resource to Network Security. (#15457)

Author: duvni

mmv1/products/networksecurity/MirroringEndpoint.yaml

@@ -0,0 +1,131 @@
+# Copyright 2025 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+name: 'MirroringEndpoint'
+description: |-
+  An endpoint is a managed mirroring collector that provides enhanced packet
+  enrichment capabilities and support for multiple replica destinations.
+  Endpoints are always part of a global endpoint group which represents a
+  global "mirroring broker" service.
+min_version: 'beta'
+id_format: 'projects/{{project}}/locations/{{location}}/mirroringEndpoints/{{mirroring_endpoint_id}}'
+base_url: 'projects/{{project}}/locations/{{location}}/mirroringEndpoints'
+self_link: 'projects/{{project}}/locations/{{location}}/mirroringEndpoints/{{mirroring_endpoint_id}}'
+create_url: 'projects/{{project}}/locations/{{location}}/mirroringEndpoints?mirroringEndpointId={{mirroring_endpoint_id}}'
+update_verb: 'PATCH'
+update_mask: true
+import_format:
+  - 'projects/{{project}}/locations/{{location}}/mirroringEndpoints/{{mirroring_endpoint_id}}'
+autogen_async: true
+async:
+  actions: ['create', 'delete', 'update']
+  type: 'OpAsync'
+  operation:
+    base_url: '{{op_id}}'
+  result:
+    resource_inside_response: true
+custom_code:
+examples:
+  - name: 'network_security_mirroring_endpoint_basic'
+    config_path: 'templates/terraform/examples/network_security_mirroring_endpoint_basic.tf.tmpl'
+    primary_resource_id: 'default'
+    vars:
+      network_name: 'example-network'
+      deployment_group_id: 'example-dg'
+      endpoint_group_id: 'example-eg'
+      endpoint_id: 'example-endpoint'
+parameters:
+  - name: 'location'
+    type: String
+    description: |-
+      The cloud location of the endpoint, e.g. `us-central1-a` or `asia-south1-b`.
+    url_param_only: true
+    required: true
+    immutable: true
+  - name: 'mirroringEndpointId'
+    type: String
+    description: |-
+      The ID to use for the new endpoint, which will become the final
+      component of the endpoint's resource name.
+    min_version: 'beta'
+    url_param_only: true
+    required: true
+    immutable: true
+properties:
+  - name: 'name'
+    type: String
+    description: |-
+      The resource name of this endpoint, for example:
+      `projects/123456789/locations/us-central1-a/mirroringEndpoints/my-endpoint`.
+      See https://google.aip.dev/122 for more details.
+    min_version: 'beta'
+    immutable: true
+    output: true
+  - name: 'createTime'
+    type: String
+    description: |-
+      The timestamp when the resource was created.
+      See https://google.aip.dev/148#timestamps.
+    min_version: 'beta'
+    output: true
+  - name: 'updateTime'
+    type: String
+    description: |-
+      The timestamp when the resource was most recently updated.
+      See https://google.aip.dev/148#timestamps.
+    min_version: 'beta'
+    output: true
+  - name: 'labels'
+    type: KeyValueLabels
+    description: |-
+      Labels are key/value pairs that help to organize and filter resources.
+    min_version: 'beta'
+  - name: 'mirroringEndpointGroup'
+    type: String
+    description: |-
+      The endpoint group that this endpoint belongs to.
+      Format is:
+      `projects/{project}/locations/{location}/mirroringEndpointGroups/{mirroringEndpointGroup}`
+    min_version: 'beta'
+    required: true
+    immutable: true
+  - name: 'state'
+    type: String
+    description: |-
+      The current state of the endpoint.
+      See https://google.aip.dev/216.
+      Possible values:
+      STATE_UNSPECIFIED
+      CREATING
+      ACTIVE
+      DELETING
+      DELETE_FAILED
+      OUT_OF_SYNC
+    min_version: 'beta'
+    output: true
+  - name: 'reconciling'
+    type: Boolean
+    description: |-
+      The current state of the resource does not match the user's intended state,
+      and the system is working to reconcile them. This part of the normal
+      operation (e.g. linking a new association to the parent group).
+      See https://google.aip.dev/128.
+    min_version: 'beta'
+    output: true
+  - name: 'description'
+    type: String
+    description: |-
+      User-provided description of the endpoint.
+      Used as additional context for the endpoint.
+    min_version: 'beta'

mmv1/templates/terraform/examples/network_security_mirroring_endpoint_basic.tf.tmpl

@@ -0,0 +1,31 @@
+resource "google_compute_network" "network" {
+  provider                = google-beta
+  name                    = "{{index $.Vars "network_name"}}"
+  auto_create_subnetworks = false
+}
+
+resource "google_network_security_mirroring_deployment_group" "deployment_group" {
+  provider                      = google-beta
+  mirroring_deployment_group_id = "{{index $.Vars "deployment_group_id"}}"
+  location                      = "global"
+  network                       = google_compute_network.network.id
+}
+
+resource "google_network_security_mirroring_endpoint_group" "endpoint_group" {
+  provider                    = google-beta
+  mirroring_endpoint_group_id = "{{index $.Vars "endpoint_group_id"}}"
+  location                    = "global"
+  type                        = "BROKER"
+  mirroring_deployment_groups = [google_network_security_mirroring_deployment_group.deployment_group.id]
+}
+
+resource "google_network_security_mirroring_endpoint" "{{$.PrimaryResourceId}}" {
+  provider                 = google-beta
+  mirroring_endpoint_id    = "{{index $.Vars "endpoint_id"}}"
+  location                 = "us-west2-a"
+  mirroring_endpoint_group = google_network_security_mirroring_endpoint_group.endpoint_group.id
+  description              = "some description"
+  labels = {
+    foo = "bar"
+  }
+}

mmv1/third_party/terraform/services/networksecurity/resource_network_security_mirroring_endpoint_test.go.tmpl

@@ -0,0 +1,123 @@
+package networksecurity_test
+{{- if ne $.TargetVersionName "ga" }}
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-plugin-testing/plancheck"
+
+	"github.com/hashicorp/terraform-provider-google/google/acctest"
+)
+
+func TestAccNetworkSecurityMirroringEndpoint_update(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccNetworkSecurityMirroringEndpoint_basic(context),
+			},
+			{
+				ResourceName:            "google_network_security_mirroring_endpoint.default",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"labels", "terraform_labels"},
+			},
+			{
+				Config: testAccNetworkSecurityMirroringEndpoint_update(context),
+				ConfigPlanChecks: resource.ConfigPlanChecks{
+					PreApply: []plancheck.PlanCheck{
+						plancheck.ExpectResourceAction("google_network_security_mirroring_endpoint.default", plancheck.ResourceActionUpdate),
+					},
+				},
+			},
+			{
+				ResourceName:            "google_network_security_mirroring_endpoint.default",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"update_time", "labels", "terraform_labels"},
+			},
+		},
+	})
+}
+
+func testAccNetworkSecurityMirroringEndpoint_basic(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_compute_network" "network" {
+  provider                = google-beta
+  name                    = "tf-test-example-network%{random_suffix}"
+  auto_create_subnetworks = false
+}
+
+resource "google_network_security_mirroring_deployment_group" "deployment_group" {
+  provider                      = google-beta
+  mirroring_deployment_group_id = "tf-test-example-dg%{random_suffix}"
+  location                      = "global"
+  network                       = google_compute_network.network.id
+}
+
+resource "google_network_security_mirroring_endpoint_group" "endpoint_group" {
+  provider                    = google-beta
+  mirroring_endpoint_group_id = "tf-test-example-eg%{random_suffix}"
+  location                    = "global"
+  type                        = "BROKER"
+  mirroring_deployment_groups = [google_network_security_mirroring_deployment_group.deployment_group.id]
+}
+
+resource "google_network_security_mirroring_endpoint" "default" {
+  provider                 = google-beta
+  mirroring_endpoint_id    = "tf-test-example-endpoint%{random_suffix}"
+  location                 = "us-west2-a"
+  mirroring_endpoint_group = google_network_security_mirroring_endpoint_group.endpoint_group.id
+  description              = "some description"
+  labels = {
+    foo = "bar"
+  }
+}
+`, context)
+}
+
+func testAccNetworkSecurityMirroringEndpoint_update(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_compute_network" "network" {
+  provider                = google-beta
+  name                    = "tf-test-example-network%{random_suffix}"
+  auto_create_subnetworks = false
+}
+
+resource "google_network_security_mirroring_deployment_group" "deployment_group" {
+  provider                      = google-beta
+  mirroring_deployment_group_id = "tf-test-example-dg%{random_suffix}"
+  location                      = "global"
+  network                       = google_compute_network.network.id
+}
+
+resource "google_network_security_mirroring_endpoint_group" "endpoint_group" {
+  provider                    = google-beta
+  mirroring_endpoint_group_id = "tf-test-example-eg%{random_suffix}"
+  location                    = "global"
+  type                        = "BROKER"
+  mirroring_deployment_groups = [google_network_security_mirroring_deployment_group.deployment_group.id]
+}
+
+resource "google_network_security_mirroring_endpoint" "default" {
+  provider                 = google-beta
+  mirroring_endpoint_id    = "tf-test-example-endpoint%{random_suffix}"
+  location                 = "us-west2-a"
+  mirroring_endpoint_group = google_network_security_mirroring_endpoint_group.endpoint_group.id
+  description              = "some description"
+  labels = {
+    foo = "goo"
+  }
+}
+`, context)
+}
+
+{{ end }}