Bump RegionSecurityPolicy and RegionSecurityPolicyRule resources to GA (#13592) (#969)

[upstream:045a8b725e49e6d37302afa11a2c11a62d9ae978]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

region_security_policy_basic/main.tf

@@ -1,6 +1,4 @@
 resource "google_compute_region_security_policy" "region-sec-policy-basic" {
-  provider    = google-beta
-
   name        = "my-sec-policy-basic-${local.name_suffix}"
   description = "basic region security policy"
   type        = "CLOUD_ARMOR"

region_security_policy_rule_basic/main.tf

@@ -1,15 +1,11 @@
 resource "google_compute_region_security_policy" "default" {
-  provider    = google-beta
-  
   region      = "us-west2"
   name        = "policyruletest-${local.name_suffix}"
   description = "basic region security policy"
   type        = "CLOUD_ARMOR"
 }
 
 resource "google_compute_region_security_policy_rule" "policy_rule" {
-  provider = google-beta
-  
   region          = "us-west2"
   security_policy = google_compute_region_security_policy.default.name
   description     = "new rule"

region_security_policy_rule_default_rule/backing_file.tf

@@ -0,0 +1,15 @@
+# This file has some scaffolding to make sure that names are unique and that
+# a region and zone are selected when you try to create your Terraform resources.
+
+locals {
+  name_suffix = "${random_pet.suffix.id}"
+}
+
+resource "random_pet" "suffix" {
+  length = 2
+}
+
+provider "google" {
+  region = "us-central1"
+  zone   = "us-central1-c"
+}

region_security_policy_rule_default_rule/main.tf

@@ -0,0 +1,35 @@
+resource "google_compute_region_security_policy" "default" {
+  region      = "us-west2"
+  name        = "policywithdefaultrule-${local.name_suffix}"
+  description = "basic region security policy"
+  type        = "CLOUD_ARMOR"
+}
+
+resource "google_compute_region_security_policy_rule" "default_rule" {
+  region          = "us-west2"
+  security_policy = google_compute_region_security_policy.default.name
+  description     = "new rule"
+  action          = "deny"
+  priority        = "2147483647"
+  match {
+    versioned_expr = "SRC_IPS_V1"
+    config {
+      src_ip_ranges = ["*"]
+    }
+  }
+}
+
+resource "google_compute_region_security_policy_rule" "policy_rule" {
+  region          = "us-west2"
+  security_policy = google_compute_region_security_policy.default.name
+  description     = "new rule"
+  priority        = 100
+  match {
+    versioned_expr = "SRC_IPS_V1"
+    config {
+      src_ip_ranges = ["10.10.0.0/16"]
+    }
+  }
+  action          = "allow"
+  preview         = true
+}

region_security_policy_rule_default_rule/motd

@@ -0,0 +1,7 @@
+===
+
+These examples use real resources that will be billed to the
+Google Cloud Platform project you use - so make sure that you
+run "terraform destroy" before quitting!
+
+===

region_security_policy_rule_default_rule/tutorial.md

@@ -0,0 +1,79 @@
+# Region Security Policy Rule Default Rule - Terraform
+
+## Setup
+
+<walkthrough-author name="[email protected]" analyticsId="UA-125550242-1" tutorialName="region_security_policy_rule_default_rule" repositoryUrl="https://github.com/terraform-google-modules/docs-examples"></walkthrough-author>
+
+Welcome to Terraform in Google Cloud Shell! We need you to let us know what project you'd like to use with Terraform.
+
+<walkthrough-project-billing-setup></walkthrough-project-billing-setup>
+
+Terraform provisions real GCP resources, so anything you create in this session will be billed against this project.
+
+## Terraforming!
+
+Let's use {{project-id}} with Terraform! Click the Cloud Shell icon below to copy the command
+to your shell, and then run it from the shell by pressing Enter/Return. Terraform will pick up
+the project name from the environment variable.
+
+```bash
+export GOOGLE_CLOUD_PROJECT={{project-id}}
+```
+
+After that, let's get Terraform started. Run the following to pull in the providers.
+
+```bash
+terraform init
+```
+
+With the providers downloaded and a project set, you're ready to use Terraform. Go ahead!
+
+```bash
+terraform apply
+```
+
+Terraform will show you what it plans to do, and prompt you to accept. Type "yes" to accept the plan.
+
+```bash
+yes
+```
+
+
+## Post-Apply
+
+### Editing your config
+
+Now you've provisioned your resources in GCP! If you run a "plan", you should see no changes needed.
+
+```bash
+terraform plan
+```
+
+So let's make a change! Try editing a number, or appending a value to the name in the editor. Then,
+run a 'plan' again.
+
+```bash
+terraform plan
+```
+
+Afterwards you can run an apply, which implicitly does a plan and shows you the intended changes
+at the 'yes' prompt.
+
+```bash
+terraform apply
+```
+
+```bash
+yes
+```
+
+## Cleanup
+
+Run the following to remove the resources Terraform provisioned:
+
+```bash
+terraform destroy
+```
+```bash
+yes
+```

region_security_policy_rule_multiple_rules/main.tf

@@ -1,15 +1,11 @@
 resource "google_compute_region_security_policy" "default" {
-  provider    = google-beta
-  
   region      = "us-west2"
   name        = "policywithmultiplerules-${local.name_suffix}"
   description = "basic region security policy"
   type        = "CLOUD_ARMOR"
 }
 
 resource "google_compute_region_security_policy_rule" "policy_rule_one" {
-  provider = google-beta
-  
   region          = "us-west2"
   security_policy = google_compute_region_security_policy.default.name
   description     = "new rule one"
@@ -25,8 +21,6 @@ resource "google_compute_region_security_policy_rule" "policy_rule_one" {
 }
 
 resource "google_compute_region_security_policy_rule" "policy_rule_two" {
-  provider = google-beta
-  
   region          = "us-west2"
   security_policy = google_compute_region_security_policy.default.name
   description     = "new rule two"

region_security_policy_rule_with_preconfigured_waf_config/backing_file.tf

@@ -0,0 +1,15 @@
+# This file has some scaffolding to make sure that names are unique and that
+# a region and zone are selected when you try to create your Terraform resources.
+
+locals {
+  name_suffix = "${random_pet.suffix.id}"
+}
+
+resource "random_pet" "suffix" {
+  length = 2
+}
+
+provider "google" {
+  region = "us-central1"
+  zone   = "us-central1-c"
+}

region_security_policy_rule_with_preconfigured_waf_config/main.tf

@@ -0,0 +1,49 @@
+resource "google_compute_region_security_policy" "default" {
+  region      = "asia-southeast1"
+  name        = "policyruletest-${local.name_suffix}"
+  description = "basic region security policy"
+  type        = "CLOUD_ARMOR"
+}
+
+resource "google_compute_region_security_policy_rule" "policy_rule" {
+  region          = "asia-southeast1"
+  security_policy = google_compute_region_security_policy.default.name
+  description     = "new rule"
+  priority        = 100
+  match {
+    versioned_expr = "SRC_IPS_V1"
+    config {
+      src_ip_ranges = ["10.10.0.0/16"]
+    }
+  }
+  preconfigured_waf_config {
+    exclusion {
+      request_uri {
+        operator = "STARTS_WITH"
+        value = "/admin"
+      }
+      target_rule_set = "rce-stable"
+    }
+    exclusion {
+      request_query_param {
+        operator = "CONTAINS"
+        value = "password"
+      }
+      request_query_param {
+        operator = "STARTS_WITH"
+        value = "freeform"
+      }
+      request_query_param {
+        operator = "EQUALS"
+        value = "description"
+      }
+      target_rule_set = "xss-stable"
+      target_rule_ids = [
+        "owasp-crs-v030001-id941330-xss",
+        "owasp-crs-v030001-id941340-xss",
+      ]
+    }
+  }
+  action          = "allow"
+  preview         = true
+}

region_security_policy_rule_with_preconfigured_waf_config/motd

@@ -0,0 +1,7 @@
+===
+
+These examples use real resources that will be billed to the
+Google Cloud Platform project you use - so make sure that you
+run "terraform destroy" before quitting!
+
+===