Adding address groups firewall usage in the examples for Firewall and Network Firewall (#7821) (#5584)

* creating the yaml file for address_group, and addinging in the docs overriding

* added the address_groups and provided the update tests

* fixed the address_groups type field, tests are passing

* fix the address group and the examples to use the address_group in examples

* adding the tests for firewall_policy_rule and updating the address_group resource

* updating the variable naming usage

* fix the usage examples in the global

* fixing the variables for the tests, updating the address_group tests

* fixing the direction, the tests with region are ok, need to fix the global

* removing the updates in the resource compute firewall, requires improvement in address_group resource, fixed the tests for global

* removing src_address_group from resource firewall test

* refactoring address group operation to call the generic network security, updated the address group resource to accept the field parent, necessary to create project and org level, updated the tests that requires org level for firewall usage

* fix the name of the file of address_group, removing default value for location and updating transport_tpg version

* adding required for location field

* fix the go vet error for the google-provider, updating file to .erb and adding tag to unless is ga

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/7821.txt

@@ -0,0 +1,4 @@
+```release-note:enhancement
+google_compute_firewall_policy_rule
+google_compute_network_firewall_policy_rule
+```

google-beta/network_security_address_group_operation.go

@@ -0,0 +1,13 @@
+package google
+
+import (
+	"time"
+
+	transport_tpg "github.com/hashicorp/terraform-provider-google-beta/google-beta/transport"
+)
+
+// NetworkSecurityAddressGroupOperationWaitTime is specific for address group resource because the only difference is that it does not need project param.
+func NetworkSecurityAddressGroupOperationWaitTime(config *transport_tpg.Config, op map[string]interface{}, activity, userAgent string, timeout time.Duration) error {
+	// project is not necessary for this operation.
+	return NetworkSecurityOperationWaitTime(config, op, "", activity, userAgent, timeout)
+}

google-beta/resource_compute_firewall_policy_rule_test.go

@@ -95,6 +95,16 @@ resource "google_compute_firewall_policy" "default" {
   description = "Resource created for Terraform acceptance testing"
 }
 
+resource "google_network_security_address_group" "basic_global_networksecurity_address_group" {
+  name        = "tf-test-policy%{random_suffix}"
+  parent      = "%{org_name}"
+  description = "Sample global networksecurity_address_group"
+  location    = "global"
+  items       = ["208.80.154.224/32"]
+  type        = "IPV4"
+  capacity    = 100
+}
+
 resource "google_compute_firewall_policy_rule" "default" {
   firewall_policy = google_compute_firewall_policy.default.id
   description = "Resource created for Terraform acceptance testing"
@@ -112,6 +122,7 @@ resource "google_compute_firewall_policy_rule" "default" {
     dest_fqdns = []
     dest_region_codes = []
     dest_threat_intelligences = []
+    dest_address_groups = [google_network_security_address_group.basic_global_networksecurity_address_group.id]
   }
 }
 `, context)
@@ -148,6 +159,16 @@ resource "google_compute_firewall_policy" "default" {
   description = "Resource created for Terraform acceptance testing"
 }
 
+resource "google_network_security_address_group" "basic_global_networksecurity_address_group" {
+  name        = "tf-test-policy%{random_suffix}"
+  parent      = "%{org_name}"
+  description = "Sample global networksecurity_address_group"
+  location    = "global"
+  items       = ["208.80.154.224/32"]
+  type        = "IPV4"
+  capacity    = 100
+}
+
 resource "google_compute_firewall_policy_rule" "default" {
   firewall_policy = google_compute_firewall_policy.default.id
   description = "Resource created for Terraform acceptance testing"
@@ -169,6 +190,8 @@ resource "google_compute_firewall_policy_rule" "default" {
     dest_fqdns = ["google.com"]
     dest_region_codes = ["US"]
     dest_threat_intelligences = ["iplist-known-malicious-ips"]
+    src_address_groups = []
+    dest_address_groups = [google_network_security_address_group.basic_global_networksecurity_address_group.id]
   }
   target_resources = [google_compute_network.network1.self_link, google_compute_network.network2.self_link]
   target_service_accounts = [google_service_account.service_account.email]
@@ -207,6 +230,16 @@ resource "google_compute_firewall_policy" "default" {
   description = "Resource created for Terraform acceptance testing"
 }
 
+resource "google_network_security_address_group" "basic_global_networksecurity_address_group" {
+  name        = "tf-test-policy%{random_suffix}"
+  parent      = "%{org_name}"
+  description = "Sample global networksecurity_address_group"
+  location    = "global"
+  items       = ["208.80.154.224/32"]
+  type        = "IPV4"
+  capacity    = 100
+}
+
 resource "google_compute_firewall_policy_rule" "default" {
   firewall_policy = google_compute_firewall_policy.default.id
   description = "Test description"
@@ -290,6 +323,16 @@ resource "google_compute_firewall_policy" "default" {
   description = "Resource created for Terraform acceptance testing"
 }
 
+resource "google_network_security_address_group" "basic_global_networksecurity_address_group" {
+  name        = "tf-test-policy%{random_suffix}"
+  parent      = "%{org_name}"
+  description = "Sample global networksecurity_address_group"
+  location    = "global"
+  items       = ["208.80.154.224/32"]
+  type        = "IPV4"
+  capacity    = 100
+}
+
 resource "google_compute_firewall_policy_rule" "rule1" {
   firewall_policy = google_compute_firewall_policy.default.id
   description = "Resource created for Terraform acceptance testing"
@@ -307,6 +350,7 @@ resource "google_compute_firewall_policy_rule" "rule1" {
     dest_fqdns = ["google.com"]
     dest_region_codes = ["US"]
     dest_threat_intelligences = ["iplist-known-malicious-ips"]
+    dest_address_groups = [google_network_security_address_group.basic_global_networksecurity_address_group.id]
   }
 }
 
@@ -330,6 +374,7 @@ resource "google_compute_firewall_policy_rule" "rule2" {
     src_fqdns = ["google.com"]
     src_region_codes = ["US"]
     src_threat_intelligences = ["iplist-known-malicious-ips"]
+    src_address_groups = [google_network_security_address_group.basic_global_networksecurity_address_group.id]
   }
 }
 `, context)
@@ -348,6 +393,16 @@ resource "google_compute_firewall_policy" "default" {
   description = "Description Update"
 }
 
+resource "google_network_security_address_group" "basic_global_networksecurity_address_group" {
+  name        = "tf-test-policy%{random_suffix}"
+  parent      = "%{org_name}"
+  description = "Sample global networksecurity_address_group"
+  location    = "global"
+  items       = ["208.80.154.224/32"]
+  type        = "IPV4"
+  capacity    = 100
+}
+
 resource "google_compute_firewall_policy_rule" "rule1" {
   firewall_policy = google_compute_firewall_policy.default.id
   description = "Resource created for Terraform acceptance testing"
@@ -364,6 +419,7 @@ resource "google_compute_firewall_policy_rule" "rule1" {
     dest_fqdns = ["google.com"]
     dest_region_codes = ["US"]
     dest_threat_intelligences = ["iplist-known-malicious-ips"]
+    dest_address_groups = [google_network_security_address_group.basic_global_networksecurity_address_group.id]
   }
 }
 
@@ -387,6 +443,7 @@ resource "google_compute_firewall_policy_rule" "rule2" {
     src_fqdns = ["google.com"]
     src_region_codes = ["US"]
     src_threat_intelligences = ["iplist-known-malicious-ips"]
+    src_address_groups = [google_network_security_address_group.basic_global_networksecurity_address_group.id]
   }
 }
 
@@ -407,6 +464,7 @@ resource "google_compute_firewall_policy_rule" "rule3" {
     src_fqdns = ["google.com"]
     src_region_codes = ["US"]
     src_threat_intelligences = ["iplist-known-malicious-ips"]
+    src_address_groups = [google_network_security_address_group.basic_global_networksecurity_address_group.id]
   }
 }
 `, context)
@@ -425,6 +483,16 @@ resource "google_compute_firewall_policy" "default" {
   description = "Resource created for Terraform acceptance testing"
 }
 
+resource "google_network_security_address_group" "basic_global_networksecurity_address_group" {
+  name        = "tf-test-policy%{random_suffix}"
+  parent      = "%{org_name}"
+  description = "Sample global networksecurity_address_group"
+  location    = "global"
+  items       = ["208.80.154.224/32"]
+  type        = "IPV4"
+  capacity    = 100
+}
+
 resource "google_compute_firewall_policy_rule" "rule1" {
   firewall_policy = google_compute_firewall_policy.default.id
   description = "Resource created for Terraform acceptance testing"

google-beta/resource_compute_network_firewall_policy_rule_generated_test.go

@@ -66,6 +66,16 @@ func TestAccComputeNetworkFirewallPolicyRule_GlobalHandWritten(t *testing.T) {
 
 func testAccComputeNetworkFirewallPolicyRule_GlobalHandWritten(context map[string]interface{}) string {
 	return Nprintf(`
+resource "google_network_security_address_group" "basic_global_networksecurity_address_group" {
+  name        = "tf-test-policy%{random_suffix}"
+  parent      = "projects/%{project_name}"
+  description = "Sample global networksecurity_address_group"
+  location    = "global"
+  items       = ["208.80.154.224/32"]
+  type        = "IPV4"
+  capacity    = 100
+}
+
 resource "google_compute_network_firewall_policy" "basic_network_firewall_policy" {
   name        = "tf-test-policy%{random_suffix}"
   description = "Sample global network firewall policy"
@@ -96,6 +106,8 @@ resource "google_compute_network_firewall_policy_rule" "primary" {
     layer4_configs {
       ip_protocol = "all"
     }
+    
+    src_address_groups = [google_network_security_address_group.basic_global_networksecurity_address_group.id]
   }
 }
 
@@ -124,6 +136,16 @@ resource "google_tags_tag_value" "basic_value" {
 
 func testAccComputeNetworkFirewallPolicyRule_GlobalHandWrittenUpdate0(context map[string]interface{}) string {
 	return Nprintf(`
+resource "google_network_security_address_group" "basic_global_networksecurity_address_group" {
+  name        = "tf-test-policy%{random_suffix}"
+  parent      = "projects/%{project_name}"
+  description = "Sample global networksecurity_address_group. Update"
+  location    = "global"
+  items       = ["208.80.154.224/32"]
+  type        = "IPV4"
+  capacity    = 100
+}
+
 resource "google_compute_network_firewall_policy" "basic_network_firewall_policy" {
   name        = "tf-test-policy%{random_suffix}"
   description = "Sample global network firewall policy"
@@ -150,6 +172,9 @@ resource "google_compute_network_firewall_policy_rule" "primary" {
       ip_protocol = "tcp"
       ports       = ["123"]
     }
+    
+    dest_address_groups = [google_network_security_address_group.basic_global_networksecurity_address_group.id]
+
   }
 
   target_secure_tags {

google-beta/resource_compute_region_network_firewall_policy_rule_generated_test.go

@@ -67,6 +67,16 @@ func TestAccComputeRegionNetworkFirewallPolicyRule_RegionalHandWritten(t *testin
 
 func testAccComputeRegionNetworkFirewallPolicyRule_RegionalHandWritten(context map[string]interface{}) string {
 	return Nprintf(`
+resource "google_network_security_address_group" "basic_regional_networksecurity_address_group" {
+  name        = "tf-test-policy%{random_suffix}"
+  parent      = "projects/%{project_name}"
+  description = "Sample regional networksecurity_address_group"
+  location    = "%{region}"
+  items       = ["208.80.154.224/32"]
+  type        = "IPV4"
+  capacity    = 100
+}
+
 resource "google_compute_region_network_firewall_policy" "basic_regional_network_firewall_policy" {
   name        = "tf-test-policy%{random_suffix}"
   description = "Sample regional network firewall policy"
@@ -99,6 +109,8 @@ resource "google_compute_region_network_firewall_policy_rule" "primary" {
     src_secure_tags {
       name = "tagValues/${google_tags_tag_value.basic_value.name}"
     }
+    
+    src_address_groups = [google_network_security_address_group.basic_regional_networksecurity_address_group.id]
   }
 }
 
@@ -128,6 +140,16 @@ resource "google_tags_tag_value" "basic_value" {
 
 func testAccComputeRegionNetworkFirewallPolicyRule_RegionalHandWrittenUpdate0(context map[string]interface{}) string {
 	return Nprintf(`
+resource "google_network_security_address_group" "basic_regional_networksecurity_address_group" {
+  name        = "tf-test-policy%{random_suffix}"
+  parent      = "projects/%{project_name}"
+  description = "Sample regional networksecurity_address_group. Update"
+  location    = "%{region}"
+  items       = ["208.80.154.224/32"]
+  type        = "IPV4"
+  capacity    = 100
+}
+
 resource "google_compute_region_network_firewall_policy" "basic_regional_network_firewall_policy" {
   name        = "tf-test-policy%{random_suffix}"
   description = "Sample regional network firewall policy"
@@ -156,6 +178,8 @@ resource "google_compute_region_network_firewall_policy_rule" "primary" {
       ip_protocol = "tcp"
       ports       = ["123"]
     }
+    
+    dest_address_groups = [google_network_security_address_group.basic_regional_networksecurity_address_group.id]
   }
 
   target_secure_tags {