Allow updating Deployment Groups field in Custom Mirroring Security Profile. (#15908)

duvni · web-flow · commit e19a83370a9b · 2025-12-11T20:07:40.000Z
diff --git a/mmv1/products/networksecurity/SecurityProfile.yaml b/mmv1/products/networksecurity/SecurityProfile.yaml
@@ -309,7 +309,6 @@ properties:
           This field is used for Packet Broker mirroring endpoint groups to specify
           the deployment groups that the packet should be mirrored to by the broker.
           Format: projects/{project_id}/locations/global/mirroringDeploymentGroups/{deployment_group_id}
-        immutable: true
         min_version: 'beta'
       - name: 'mirroringEndpointGroupType'
         type: String
diff --git a/mmv1/third_party/terraform/services/networksecurity/resource_network_security_security_profile_test.go.tmpl b/mmv1/third_party/terraform/services/networksecurity/resource_network_security_security_profile_test.go.tmpl
@@ -157,6 +157,46 @@ func TestAccNetworkSecuritySecurityProfile_networkSecuritySecurityProfileUrlFilt
 		},
 	})
 }
+
+func TestAccNetworkSecuritySecurityProfile_networkSecuritySecurityProfileMirroringBrokerUpdate(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"org_id":        envvar.GetTestOrgFromEnv(t),
+		"random_suffix": acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t),
+		CheckDestroy:             testAccCheckNetworkSecuritySecurityProfileDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccNetworkSecuritySecurityProfile_networkSecuritySecurityProfileMirroringBroker_basic(context),
+			},
+			{
+				ResourceName:            "google_network_security_security_profile.default",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"labels", "location", "name", "parent", "terraform_labels"},
+			},
+			{
+				Config: testAccNetworkSecuritySecurityProfile_networkSecuritySecurityProfileMirroringBroker_update(context),
+				ConfigPlanChecks: resource.ConfigPlanChecks{
+					PreApply: []plancheck.PlanCheck{
+					plancheck.ExpectResourceAction("google_network_security_security_profile.default", plancheck.ResourceActionUpdate),
+					},
+				},
+			},
+			{
+				ResourceName:            "google_network_security_security_profile.default",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"labels", "location", "name", "parent", "terraform_labels"},
+			},
+		},
+	})
+}
 {{- end }}
 
 func testAccNetworkSecuritySecurityProfiles_basic(orgId string, randomSuffix string) string {
@@ -329,4 +369,80 @@ resource "google_network_security_security_profile" "default" {
 }
 `, context)
 }
+
+func testAccNetworkSecuritySecurityProfile_networkSecuritySecurityProfileMirroringBroker_basic(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_compute_network" "default" {
+  provider                = google-beta
+  name                    = "tf-test-my-network%{random_suffix}"
+  auto_create_subnetworks = false
+}
+
+resource "google_network_security_mirroring_deployment_group" "default" {
+  provider                      = google-beta
+  mirroring_deployment_group_id = "tf-test-my-dg%{random_suffix}"
+  location                      = "global"
+  network                       = google_compute_network.default.id
+}
+
+resource "google_network_security_mirroring_endpoint_group" "default" {
+  provider                    = google-beta
+  mirroring_endpoint_group_id = "tf-test-my-eg%{random_suffix}"
+  location                    = "global"
+  type                        = "BROKER"
+  mirroring_deployment_groups = [google_network_security_mirroring_deployment_group.default.id]
+}
+
+resource "google_network_security_security_profile" "default" {
+  provider    = google-beta
+  name        = "tf-test-my-security-profile%{random_suffix}"
+  parent      = "organizations/%{org_id}"
+  description = "my description"
+  type        = "CUSTOM_MIRRORING"
+
+  custom_mirroring_profile {
+    mirroring_endpoint_group = google_network_security_mirroring_endpoint_group.default.id
+    mirroring_deployment_groups = [google_network_security_mirroring_deployment_group.default.id]
+  }
+}
+`, context)
+}
+
+func testAccNetworkSecuritySecurityProfile_networkSecuritySecurityProfileMirroringBroker_update(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_compute_network" "default" {
+  provider                = google-beta
+  name                    = "tf-test-my-network%{random_suffix}"
+  auto_create_subnetworks = false
+}
+
+resource "google_network_security_mirroring_deployment_group" "default" {
+  provider                      = google-beta
+  mirroring_deployment_group_id = "tf-test-my-dg%{random_suffix}"
+  location                      = "global"
+  network                       = google_compute_network.default.id
+}
+
+resource "google_network_security_mirroring_endpoint_group" "default" {
+  provider                    = google-beta
+  mirroring_endpoint_group_id = "tf-test-my-eg%{random_suffix}"
+  location                    = "global"
+  type                        = "BROKER"
+  mirroring_deployment_groups = [google_network_security_mirroring_deployment_group.default.id]
+}
+
+resource "google_network_security_security_profile" "default" {
+  provider    = google-beta
+  name        = "tf-test-my-security-profile%{random_suffix}"
+  parent      = "organizations/%{org_id}"
+  description = "my description"
+  type        = "CUSTOM_MIRRORING"
+
+  custom_mirroring_profile {
+    mirroring_endpoint_group = google_network_security_mirroring_endpoint_group.default.id
+    mirroring_deployment_groups = []
+  }
+}
+`, context)
+}
 {{- end }}
