diff --git a/mmv1/products/cloudids/api.yaml b/mmv1/products/cloudids/api.yaml new file mode 100644 index 00000000000..c8b73aa4e6c --- /dev/null +++ b/mmv1/products/cloudids/api.yaml @@ -0,0 +1,111 @@ +# Copyright 2022 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Api::Product +name: CloudIds +display_name: Cloud Intrusion Detection Service +versions: + - !ruby/object:Api::Product::Version + name: ga + base_url: https://ids.googleapis.com/v1/ +scopes: + - https://www.googleapis.com/auth/cloudids +apis_required: + - !ruby/object:Api::Product::ApiReference + name: Cloud Intrusion Detection Service (IDS) API + url: https://console.cloud.google.com/apis/library/ids.googleapis.com/ +async: !ruby/object:Api::OpAsync + operation: !ruby/object:Api::OpAsync::Operation + path: 'name' + base_url: '{{op_id}}' + wait_ms: 2000 + result: !ruby/object:Api::OpAsync::Result + path: 'response' + resource_inside_response: true + status: !ruby/object:Api::OpAsync::Status + path: 'done' + complete: true + allowed: + - true + - false + error: !ruby/object:Api::OpAsync::Error + path: 'error' + message: 'message' +objects: + - !ruby/object:Api::Resource + name: 'Endpoint' + base_url: 'projects/{{project}}/locations/{{location}}/endpoints' + create_url: 'projects/{{project}}/locations/{{location}}/endpoints?endpointId={{name}}' + self_link: 'projects/{{project}}/locations/{{location}}/endpoints/{{name}}' + create_verb: :POST + input: true + description: | + Cloud IDS is an intrusion detection service that provides threat detection for intrusions, malware, spyware, and command-and-control attacks on your network. + references: !ruby/object:Api::Resource::ReferenceLinks + api: 'https://cloud.google.com/intrusion-detection-system/docs/configuring-ids' + parameters: + - !ruby/object:Api::Type::String + name: 'location' + required: true + url_param_only: true + input: true + description: | + The location for the endpoint. + properties: + - !ruby/object:Api::Type::String + name: 'name' + required: true + input: true + description: | + Name of the endpoint in the format projects/{project_id}/locations/{locationId}/endpoints/{endpointId}. + - !ruby/object:Api::Type::String + name: 'createTime' + output: true + description: | + Creation timestamp in RFC 3339 text format. + - !ruby/object:Api::Type::String + name: 'updateTime' + output: true + description: | + Last update timestamp in RFC 3339 text format. + - !ruby/object:Api::Type::String + name: 'network' + required: true + input: true + description: | + Name of the VPC network that is connected to the IDS endpoint. This can either contain the VPC network name itself (like "src-net") or the full URL to the network (like "projects/{project_id}/global/networks/src-net"). + - !ruby/object:Api::Type::String + name: 'description' + description: | + An optional description of the endpoint. + - !ruby/object:Api::Type::String + name: 'endpoint_forwarding_rule' + output: true + description: | + URL of the endpoint's network address to which traffic is to be sent by Packet Mirroring. + - !ruby/object:Api::Type::String + name: 'endpoint' + output: true + description: | + Internal IP address of the endpoint's network entry point. + - !ruby/object:Api::Type::Enum + name: 'severity' + required: true + description: | + The minimum alert severity level that is reported by the endpoint. + values: + - :INFORMATIONAL + - :LOW + - :MEDIUM + - :HIGH + - :CRITICAL \ No newline at end of file diff --git a/mmv1/products/cloudids/terraform.yaml b/mmv1/products/cloudids/terraform.yaml new file mode 100644 index 00000000000..828ab7b6c49 --- /dev/null +++ b/mmv1/products/cloudids/terraform.yaml @@ -0,0 +1,32 @@ +# Copyright 2022 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- !ruby/object:Provider::Terraform::Config +overrides: !ruby/object:Overrides::ResourceOverrides + Endpoint: !ruby/object:Overrides::Terraform::ResourceOverride + id_format: 'projects/{{project}}/locations/{{location}}/endpoints/{{name}}' + base_url: projects/{{project}}/locations/{{location}}/endpoints + import_format: ["projects/{{project}}/locations/{{location}}/endpoints/{{name}}"] + autogen_async: true + examples: + - !ruby/object:Provider::Terraform::Examples + name: "cloudids_endpoint" + primary_resource_id: "example-endpoint" + #Skip_test set to true since the example is identical to what's in the _test.go file. + skip_test: true + properties: + location: !ruby/object:Overrides::Terraform::PropertyOverride + ignore_read: true + name: !ruby/object:Overrides::Terraform::PropertyOverride + custom_flatten: 'templates/terraform/custom_flatten/name_from_self_link.erb' + custom_expand: 'templates/terraform/custom_expand/shortname_to_url.go.erb' \ No newline at end of file diff --git a/mmv1/templates/terraform/examples/cloudids_endpoint.tf.erb b/mmv1/templates/terraform/examples/cloudids_endpoint.tf.erb new file mode 100644 index 00000000000..7ccfcad8ded --- /dev/null +++ b/mmv1/templates/terraform/examples/cloudids_endpoint.tf.erb @@ -0,0 +1,23 @@ +resource "google_compute_network" "default" { + name = "tf-test-my-network" +} +resource "google_compute_global_address" "service_range" { + name = "address" + purpose = "VPC_PEERING" + address_type = "INTERNAL" + prefix_length = 16 + network = google_compute_network.default.id +} +resource "google_service_networking_connection" "private_service_connection" { + network = google_compute_network.default.id + service = "servicenetworking.googleapis.com" + reserved_peering_ranges = [google_compute_global_address.service_range.name] +} + +resource "google_cloud_ids_endpoint" "<%= ctx[:primary_resource_id] %>" { + name = "test" + location = "us-central1-f" + network = google_compute_network.default.id + severity = "INFORMATIONAL" + depends_on = [google_service_networking_connection.private_service_connection] +} \ No newline at end of file diff --git a/mmv1/third_party/terraform/tests/resource_cloudids_endpoint_test.go b/mmv1/third_party/terraform/tests/resource_cloudids_endpoint_test.go new file mode 100644 index 00000000000..8797febd8b8 --- /dev/null +++ b/mmv1/third_party/terraform/tests/resource_cloudids_endpoint_test.go @@ -0,0 +1,95 @@ +package google + +import ( + "fmt" + "strings" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" +) + +func TestAccCloudIdsEndpoint_basic(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": randString(t, 10), + } + + vcrTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckCloudIdsEndpointDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testCloudIds_basic(context), + }, + { + ResourceName: "google_cloud_ids_endpoint.endpoint", + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func testCloudIds_basic(context map[string]interface{}) string { + return Nprintf(` +resource "google_compute_network" "default" { + name = "tf-test-my-network%{random_suffix}" +} +resource "google_compute_global_address" "service_range" { + name = "address" + purpose = "VPC_PEERING" + address_type = "INTERNAL" + prefix_length = 16 + network = google_compute_network.default.id +} +resource "google_service_networking_connection" "private_service_connection" { + network = google_compute_network.default.id + service = "servicenetworking.googleapis.com" + reserved_peering_ranges = [google_compute_global_address.service_range.name] +} + +resource "google_cloud_ids_endpoint" "endpoint" { + name = "cloud-ids-test-%{random_suffix}" + location = "us-central1-f" + network = google_compute_network.default.id + severity = "INFORMATIONAL" + depends_on = [google_service_networking_connection.private_service_connection] +} +`, context) +} + +func testAccCheckCloudIdsEndpointDestroyProducer(t *testing.T) func(s *terraform.State) error { + return func(s *terraform.State) error { + for name, rs := range s.RootModule().Resources { + if rs.Type != "google_cloud_ids_endpoint" { + continue + } + if strings.HasPrefix(name, "data.") { + continue + } + + config := googleProviderConfig(t) + + url, err := replaceVarsForTest(config, rs, "{{CloudIdsBasePath}}projects/{{project}}/locations/{{location}}/endpoints/{{name}}") + if err != nil { + return err + } + + billingProject := "" + + if config.BillingProject != "" { + billingProject = config.BillingProject + } + + _, err = sendRequest(config, "GET", billingProject, url, config.userAgent, nil) + if err == nil { + return fmt.Errorf("CloudIdsEndpoint still exists at %s", url) + } + } + + return nil + } +}