Add actions.save_findings.output_config.storage_path field to google_data_loss_prevention_job_trigger. (#15263) (#10816)

[upstream:5de0ca90b3e3a57431f94b5a20c6c8d3456f238b]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/15263.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+dlp: added `actions.save_findings.output_config.storage_path` field to `google_data_loss_prevention_job_trigger` resource
+```

google-beta/services/datalossprevention/resource_data_loss_prevention_job_trigger.go

@@ -670,9 +670,43 @@ is 1,024 characters.`,
 													MaxItems:    1,
 													Elem: &schema.Resource{
 														Schema: map[string]*schema.Schema{
+															"output_schema": {
+																Type:         schema.TypeString,
+																Optional:     true,
+																ValidateFunc: verify.ValidateEnum([]string{"BASIC_COLUMNS", "GCS_COLUMNS", "DATASTORE_COLUMNS", "BIG_QUERY_COLUMNS", "ALL_COLUMNS", ""}),
+																Description: `Schema used for writing the findings for Inspect jobs. This field is only used for
+Inspect and must be unspecified for Risk jobs. Columns are derived from the Finding
+object. If appending to an existing table, any columns from the predefined schema
+that are missing will be added. No columns in the existing table will be deleted.
+
+If unspecified, then all available columns will be used for a new table or an (existing)
+table with no schema, and no changes will be made to an existing table that has a schema.
+Only for use with external storage. Possible values: ["BASIC_COLUMNS", "GCS_COLUMNS", "DATASTORE_COLUMNS", "BIG_QUERY_COLUMNS", "ALL_COLUMNS"]`,
+															},
+															"storage_path": {
+																Type:     schema.TypeList,
+																Optional: true,
+																Description: `Store findings in an existing Cloud Storage bucket. Files will be generated with the job ID and file part number
+as the filename, and will contain findings in textproto format as SaveToGcsFindingsOutput. The file name will use
+the naming convention <job_id>-<shard_number>, for example: my-job-id-2.
+
+Supported for InspectJobs. The bucket must not be the same as the bucket being inspected. If storing findings to
+Cloud Storage, the output schema field should not be set. If set, it will be ignored.`,
+																MaxItems: 1,
+																Elem: &schema.Resource{
+																	Schema: map[string]*schema.Schema{
+																		"path": {
+																			Type:     schema.TypeString,
+																			Required: true,
+																			Description: `A URL representing a file or path (no wildcards) in Cloud Storage.
+Example: 'gs://[BUCKET_NAME]/dictionary.txt'`,
+																		},
+																	},
+																},
+															},
 															"table": {
 																Type:        schema.TypeList,
-																Required:    true,
+																Optional:    true,
 																Description: `Information on the location of the target BigQuery Table.`,
 																MaxItems:    1,
 																Elem: &schema.Resource{
@@ -696,19 +730,6 @@ is 1,024 characters.`,
 																	},
 																},
 															},
-															"output_schema": {
-																Type:         schema.TypeString,
-																Optional:     true,
-																ValidateFunc: verify.ValidateEnum([]string{"BASIC_COLUMNS", "GCS_COLUMNS", "DATASTORE_COLUMNS", "BIG_QUERY_COLUMNS", "ALL_COLUMNS", ""}),
-																Description: `Schema used for writing the findings for Inspect jobs. This field is only used for
-Inspect and must be unspecified for Risk jobs. Columns are derived from the Finding
-object. If appending to an existing table, any columns from the predefined schema
-that are missing will be added. No columns in the existing table will be deleted.
-
-If unspecified, then all available columns will be used for a new table or an (existing)
-table with no schema, and no changes will be made to an existing table that has a schema.
-Only for use with external storage. Possible values: ["BASIC_COLUMNS", "GCS_COLUMNS", "DATASTORE_COLUMNS", "BIG_QUERY_COLUMNS", "ALL_COLUMNS"]`,
-															},
 														},
 													},
 												},
@@ -3245,6 +3266,8 @@ func flattenDataLossPreventionJobTriggerInspectJobActionsSaveFindingsOutputConfi
 	transformed := make(map[string]interface{})
 	transformed["table"] =
 		flattenDataLossPreventionJobTriggerInspectJobActionsSaveFindingsOutputConfigTable(original["table"], d, config)
+	transformed["storage_path"] =
+		flattenDataLossPreventionJobTriggerInspectJobActionsSaveFindingsOutputConfigStoragePath(original["storagePath"], d, config)
 	transformed["output_schema"] =
 		flattenDataLossPreventionJobTriggerInspectJobActionsSaveFindingsOutputConfigOutputSchema(original["outputSchema"], d, config)
 	return []interface{}{transformed}
@@ -3278,6 +3301,23 @@ func flattenDataLossPreventionJobTriggerInspectJobActionsSaveFindingsOutputConfi
 	return v
 }
 
+func flattenDataLossPreventionJobTriggerInspectJobActionsSaveFindingsOutputConfigStoragePath(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	if v == nil {
+		return nil
+	}
+	original := v.(map[string]interface{})
+	if len(original) == 0 {
+		return nil
+	}
+	transformed := make(map[string]interface{})
+	transformed["path"] =
+		flattenDataLossPreventionJobTriggerInspectJobActionsSaveFindingsOutputConfigStoragePathPath(original["path"], d, config)
+	return []interface{}{transformed}
+}
+func flattenDataLossPreventionJobTriggerInspectJobActionsSaveFindingsOutputConfigStoragePathPath(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
 func flattenDataLossPreventionJobTriggerInspectJobActionsSaveFindingsOutputConfigOutputSchema(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
 	return v
 }
@@ -5686,6 +5726,13 @@ func expandDataLossPreventionJobTriggerInspectJobActionsSaveFindingsOutputConfig
 		transformed["table"] = transformedTable
 	}
 
+	transformedStoragePath, err := expandDataLossPreventionJobTriggerInspectJobActionsSaveFindingsOutputConfigStoragePath(original["storage_path"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedStoragePath); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["storagePath"] = transformedStoragePath
+	}
+
 	transformedOutputSchema, err := expandDataLossPreventionJobTriggerInspectJobActionsSaveFindingsOutputConfigOutputSchema(original["output_schema"], d, config)
 	if err != nil {
 		return nil, err
@@ -5744,6 +5791,32 @@ func expandDataLossPreventionJobTriggerInspectJobActionsSaveFindingsOutputConfig
 	return v, nil
 }
 
+func expandDataLossPreventionJobTriggerInspectJobActionsSaveFindingsOutputConfigStoragePath(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	if v == nil {
+		return nil, nil
+	}
+	l := v.([]interface{})
+	if len(l) == 0 || l[0] == nil {
+		return nil, nil
+	}
+	raw := l[0]
+	original := raw.(map[string]interface{})
+	transformed := make(map[string]interface{})
+
+	transformedPath, err := expandDataLossPreventionJobTriggerInspectJobActionsSaveFindingsOutputConfigStoragePathPath(original["path"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedPath); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["path"] = transformedPath
+	}
+
+	return transformed, nil
+}
+
+func expandDataLossPreventionJobTriggerInspectJobActionsSaveFindingsOutputConfigStoragePathPath(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandDataLossPreventionJobTriggerInspectJobActionsSaveFindingsOutputConfigOutputSchema(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	return v, nil
 }

google-beta/services/datalossprevention/resource_data_loss_prevention_job_trigger_generated_meta.yaml

@@ -22,6 +22,7 @@ fields:
   - field: 'inspect_job.actions.publish_summary_to_cscc'
   - field: 'inspect_job.actions.publish_to_stackdriver'
   - field: 'inspect_job.actions.save_findings.output_config.output_schema'
+  - field: 'inspect_job.actions.save_findings.output_config.storage_path.path'
   - field: 'inspect_job.actions.save_findings.output_config.table.dataset_id'
   - field: 'inspect_job.actions.save_findings.output_config.table.project_id'
   - field: 'inspect_job.actions.save_findings.output_config.table.table_id'

google-beta/services/datalossprevention/resource_data_loss_prevention_job_trigger_test.go

@@ -529,6 +529,41 @@ func TestAccDataLossPreventionJobTrigger_dlpJobTriggerCreateWithTimespanConfigBi
 	})
 }
 
+func TestAccDataLossPreventionJobTrigger_dlpJobTriggerSaveToCloudStorage(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"project":       envvar.GetTestProjectFromEnv(),
+		"random_suffix": acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckDataLossPreventionJobTriggerDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataLossPreventionJobTrigger_inspectUpdateSaveToCloudStorage(context),
+			},
+			{
+				ResourceName:            "google_data_loss_prevention_job_trigger.basic",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"parent"},
+			},
+			{
+				Config: testAccDataLossPreventionJobTrigger_inspectUpdateSaveToCloudStorageUpdate(context),
+			},
+			{
+				ResourceName:            "google_data_loss_prevention_job_trigger.basic",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"parent"},
+			},
+		},
+	})
+}
+
 func testAccDataLossPreventionJobTrigger_dlpJobTriggerBasic(context map[string]interface{}) string {
 	return acctest.Nprintf(`
 resource "google_data_loss_prevention_job_trigger" "basic" {
@@ -2843,3 +2878,77 @@ resource "google_data_loss_prevention_job_trigger" "bigquery_row_limit_timespan"
 }
 `, context)
 }
+
+func testAccDataLossPreventionJobTrigger_inspectUpdateSaveToCloudStorage(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_data_loss_prevention_job_trigger" "basic" {
+	parent = "projects/%{project}"
+	description = "Starting description"
+	display_name = "display"
+
+	triggers {
+		schedule {
+			recurrence_period_duration = "86400s"
+		}
+	}
+
+	inspect_job {
+		inspect_template_name = "fake"
+		actions {
+			save_findings {
+				output_config {
+					storage_path {
+						path = "gs://mybucket/save-path/"
+					}
+				}
+			}
+		}
+		storage_config {
+			cloud_storage_options {
+				file_set {
+					url = "gs://mybucket/directory/"
+				}
+				file_types = ["POWERPOINT", "EXCEL", "CSV", "TSV"]
+			}
+		}
+	}
+}
+`, context)
+}
+
+func testAccDataLossPreventionJobTrigger_inspectUpdateSaveToCloudStorageUpdate(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_data_loss_prevention_job_trigger" "basic" {
+	parent = "projects/%{project}"
+	description = "Starting description"
+	display_name = "display"
+
+	triggers {
+		schedule {
+			recurrence_period_duration = "86400s"
+		}
+	}
+
+	inspect_job {
+		inspect_template_name = "fake"
+		actions {
+			save_findings {
+				output_config {
+					storage_path {
+						path = "gs://mybucket/save-path-updated/"
+					}
+				}
+			}
+		}
+		storage_config {
+			cloud_storage_options {
+				file_set {
+					url = "gs://mybucket/directory/"
+				}
+				file_types = ["POWERPOINT", "EXCEL", "CSV", "TSV"]
+			}
+		}
+	}
+}
+`, context)
+}

website/docs/r/data_loss_prevention_job_trigger.html.markdown

@@ -1513,10 +1513,19 @@ The following arguments are supported:
 <a name="nested_inspect_job_actions_actions_save_findings_output_config"></a>The `output_config` block supports:
 
 * `table` -
-  (Required)
+  (Optional)
   Information on the location of the target BigQuery Table.
   Structure is [documented below](#nested_inspect_job_actions_actions_save_findings_output_config_table).
 
+* `storage_path` -
+  (Optional)
+  Store findings in an existing Cloud Storage bucket. Files will be generated with the job ID and file part number
+  as the filename, and will contain findings in textproto format as SaveToGcsFindingsOutput. The file name will use
+  the naming convention <job_id>-<shard_number>, for example: my-job-id-2.
+  Supported for InspectJobs. The bucket must not be the same as the bucket being inspected. If storing findings to
+  Cloud Storage, the output schema field should not be set. If set, it will be ignored.
+  Structure is [documented below](#nested_inspect_job_actions_actions_save_findings_output_config_storage_path).
+
 * `output_schema` -
   (Optional)
   Schema used for writing the findings for Inspect jobs. This field is only used for
@@ -1544,6 +1553,13 @@ The following arguments are supported:
   Name of the table. If is not set a new one will be generated for you with the following format:
   `dlp_googleapis_yyyy_mm_dd_[dlp_job_id]`. Pacific timezone will be used for generating the date details.
 
+<a name="nested_inspect_job_actions_actions_save_findings_output_config_storage_path"></a>The `storage_path` block supports:
+
+* `path` -
+  (Required)
+  A URL representing a file or path (no wildcards) in Cloud Storage.
+  Example: `gs://[BUCKET_NAME]/dictionary.txt`
+
 <a name="nested_inspect_job_actions_actions_pub_sub"></a>The `pub_sub` block supports:
 
 * `topic` -