diff --git a/region_security_policy_basic/main.tf b/region_security_policy_basic/main.tf
index acc65429..5f4be089 100644
--- a/region_security_policy_basic/main.tf
+++ b/region_security_policy_basic/main.tf
@@ -1,6 +1,4 @@
resource "google_compute_region_security_policy" "region-sec-policy-basic" {
- provider = google-beta
-
name = "my-sec-policy-basic-${local.name_suffix}"
description = "basic region security policy"
type = "CLOUD_ARMOR"
diff --git a/region_security_policy_rule_basic/main.tf b/region_security_policy_rule_basic/main.tf
index 413b6f10..78bb2979 100644
--- a/region_security_policy_rule_basic/main.tf
+++ b/region_security_policy_rule_basic/main.tf
@@ -1,6 +1,4 @@
resource "google_compute_region_security_policy" "default" {
- provider = google-beta
-
region = "us-west2"
name = "policyruletest-${local.name_suffix}"
description = "basic region security policy"
@@ -8,8 +6,6 @@ resource "google_compute_region_security_policy" "default" {
}
resource "google_compute_region_security_policy_rule" "policy_rule" {
- provider = google-beta
-
region = "us-west2"
security_policy = google_compute_region_security_policy.default.name
description = "new rule"
diff --git a/region_security_policy_rule_default_rule/backing_file.tf b/region_security_policy_rule_default_rule/backing_file.tf
new file mode 100644
index 00000000..c60b1199
--- /dev/null
+++ b/region_security_policy_rule_default_rule/backing_file.tf
@@ -0,0 +1,15 @@
+# This file has some scaffolding to make sure that names are unique and that
+# a region and zone are selected when you try to create your Terraform resources.
+
+locals {
+ name_suffix = "${random_pet.suffix.id}"
+}
+
+resource "random_pet" "suffix" {
+ length = 2
+}
+
+provider "google" {
+ region = "us-central1"
+ zone = "us-central1-c"
+}
diff --git a/region_security_policy_rule_default_rule/main.tf b/region_security_policy_rule_default_rule/main.tf
new file mode 100644
index 00000000..d1550626
--- /dev/null
+++ b/region_security_policy_rule_default_rule/main.tf
@@ -0,0 +1,35 @@
+resource "google_compute_region_security_policy" "default" {
+ region = "us-west2"
+ name = "policywithdefaultrule-${local.name_suffix}"
+ description = "basic region security policy"
+ type = "CLOUD_ARMOR"
+}
+
+resource "google_compute_region_security_policy_rule" "default_rule" {
+ region = "us-west2"
+ security_policy = google_compute_region_security_policy.default.name
+ description = "new rule"
+ action = "deny"
+ priority = "2147483647"
+ match {
+ versioned_expr = "SRC_IPS_V1"
+ config {
+ src_ip_ranges = ["*"]
+ }
+ }
+}
+
+resource "google_compute_region_security_policy_rule" "policy_rule" {
+ region = "us-west2"
+ security_policy = google_compute_region_security_policy.default.name
+ description = "new rule"
+ priority = 100
+ match {
+ versioned_expr = "SRC_IPS_V1"
+ config {
+ src_ip_ranges = ["10.10.0.0/16"]
+ }
+ }
+ action = "allow"
+ preview = true
+}
diff --git a/region_security_policy_rule_default_rule/motd b/region_security_policy_rule_default_rule/motd
new file mode 100644
index 00000000..45a906e8
--- /dev/null
+++ b/region_security_policy_rule_default_rule/motd
@@ -0,0 +1,7 @@
+===
+
+These examples use real resources that will be billed to the
+Google Cloud Platform project you use - so make sure that you
+run "terraform destroy" before quitting!
+
+===
diff --git a/region_security_policy_rule_default_rule/tutorial.md b/region_security_policy_rule_default_rule/tutorial.md
new file mode 100644
index 00000000..5b26d93e
--- /dev/null
+++ b/region_security_policy_rule_default_rule/tutorial.md
@@ -0,0 +1,79 @@
+# Region Security Policy Rule Default Rule - Terraform
+
+## Setup
+
+
+
+Welcome to Terraform in Google Cloud Shell! We need you to let us know what project you'd like to use with Terraform.
+
+
+
+Terraform provisions real GCP resources, so anything you create in this session will be billed against this project.
+
+## Terraforming!
+
+Let's use {{project-id}} with Terraform! Click the Cloud Shell icon below to copy the command
+to your shell, and then run it from the shell by pressing Enter/Return. Terraform will pick up
+the project name from the environment variable.
+
+```bash
+export GOOGLE_CLOUD_PROJECT={{project-id}}
+```
+
+After that, let's get Terraform started. Run the following to pull in the providers.
+
+```bash
+terraform init
+```
+
+With the providers downloaded and a project set, you're ready to use Terraform. Go ahead!
+
+```bash
+terraform apply
+```
+
+Terraform will show you what it plans to do, and prompt you to accept. Type "yes" to accept the plan.
+
+```bash
+yes
+```
+
+
+## Post-Apply
+
+### Editing your config
+
+Now you've provisioned your resources in GCP! If you run a "plan", you should see no changes needed.
+
+```bash
+terraform plan
+```
+
+So let's make a change! Try editing a number, or appending a value to the name in the editor. Then,
+run a 'plan' again.
+
+```bash
+terraform plan
+```
+
+Afterwards you can run an apply, which implicitly does a plan and shows you the intended changes
+at the 'yes' prompt.
+
+```bash
+terraform apply
+```
+
+```bash
+yes
+```
+
+## Cleanup
+
+Run the following to remove the resources Terraform provisioned:
+
+```bash
+terraform destroy
+```
+```bash
+yes
+```
diff --git a/region_security_policy_rule_multiple_rules/main.tf b/region_security_policy_rule_multiple_rules/main.tf
index cc35abed..b4252b87 100644
--- a/region_security_policy_rule_multiple_rules/main.tf
+++ b/region_security_policy_rule_multiple_rules/main.tf
@@ -1,6 +1,4 @@
resource "google_compute_region_security_policy" "default" {
- provider = google-beta
-
region = "us-west2"
name = "policywithmultiplerules-${local.name_suffix}"
description = "basic region security policy"
@@ -8,8 +6,6 @@ resource "google_compute_region_security_policy" "default" {
}
resource "google_compute_region_security_policy_rule" "policy_rule_one" {
- provider = google-beta
-
region = "us-west2"
security_policy = google_compute_region_security_policy.default.name
description = "new rule one"
@@ -25,8 +21,6 @@ resource "google_compute_region_security_policy_rule" "policy_rule_one" {
}
resource "google_compute_region_security_policy_rule" "policy_rule_two" {
- provider = google-beta
-
region = "us-west2"
security_policy = google_compute_region_security_policy.default.name
description = "new rule two"
diff --git a/region_security_policy_rule_with_preconfigured_waf_config/backing_file.tf b/region_security_policy_rule_with_preconfigured_waf_config/backing_file.tf
new file mode 100644
index 00000000..c60b1199
--- /dev/null
+++ b/region_security_policy_rule_with_preconfigured_waf_config/backing_file.tf
@@ -0,0 +1,15 @@
+# This file has some scaffolding to make sure that names are unique and that
+# a region and zone are selected when you try to create your Terraform resources.
+
+locals {
+ name_suffix = "${random_pet.suffix.id}"
+}
+
+resource "random_pet" "suffix" {
+ length = 2
+}
+
+provider "google" {
+ region = "us-central1"
+ zone = "us-central1-c"
+}
diff --git a/region_security_policy_rule_with_preconfigured_waf_config/main.tf b/region_security_policy_rule_with_preconfigured_waf_config/main.tf
new file mode 100644
index 00000000..507cbfa6
--- /dev/null
+++ b/region_security_policy_rule_with_preconfigured_waf_config/main.tf
@@ -0,0 +1,49 @@
+resource "google_compute_region_security_policy" "default" {
+ region = "asia-southeast1"
+ name = "policyruletest-${local.name_suffix}"
+ description = "basic region security policy"
+ type = "CLOUD_ARMOR"
+}
+
+resource "google_compute_region_security_policy_rule" "policy_rule" {
+ region = "asia-southeast1"
+ security_policy = google_compute_region_security_policy.default.name
+ description = "new rule"
+ priority = 100
+ match {
+ versioned_expr = "SRC_IPS_V1"
+ config {
+ src_ip_ranges = ["10.10.0.0/16"]
+ }
+ }
+ preconfigured_waf_config {
+ exclusion {
+ request_uri {
+ operator = "STARTS_WITH"
+ value = "/admin"
+ }
+ target_rule_set = "rce-stable"
+ }
+ exclusion {
+ request_query_param {
+ operator = "CONTAINS"
+ value = "password"
+ }
+ request_query_param {
+ operator = "STARTS_WITH"
+ value = "freeform"
+ }
+ request_query_param {
+ operator = "EQUALS"
+ value = "description"
+ }
+ target_rule_set = "xss-stable"
+ target_rule_ids = [
+ "owasp-crs-v030001-id941330-xss",
+ "owasp-crs-v030001-id941340-xss",
+ ]
+ }
+ }
+ action = "allow"
+ preview = true
+}
diff --git a/region_security_policy_rule_with_preconfigured_waf_config/motd b/region_security_policy_rule_with_preconfigured_waf_config/motd
new file mode 100644
index 00000000..45a906e8
--- /dev/null
+++ b/region_security_policy_rule_with_preconfigured_waf_config/motd
@@ -0,0 +1,7 @@
+===
+
+These examples use real resources that will be billed to the
+Google Cloud Platform project you use - so make sure that you
+run "terraform destroy" before quitting!
+
+===
diff --git a/region_security_policy_rule_with_preconfigured_waf_config/tutorial.md b/region_security_policy_rule_with_preconfigured_waf_config/tutorial.md
new file mode 100644
index 00000000..28a56649
--- /dev/null
+++ b/region_security_policy_rule_with_preconfigured_waf_config/tutorial.md
@@ -0,0 +1,79 @@
+# Region Security Policy Rule With Preconfigured Waf Config - Terraform
+
+## Setup
+
+
+
+Welcome to Terraform in Google Cloud Shell! We need you to let us know what project you'd like to use with Terraform.
+
+
+
+Terraform provisions real GCP resources, so anything you create in this session will be billed against this project.
+
+## Terraforming!
+
+Let's use {{project-id}} with Terraform! Click the Cloud Shell icon below to copy the command
+to your shell, and then run it from the shell by pressing Enter/Return. Terraform will pick up
+the project name from the environment variable.
+
+```bash
+export GOOGLE_CLOUD_PROJECT={{project-id}}
+```
+
+After that, let's get Terraform started. Run the following to pull in the providers.
+
+```bash
+terraform init
+```
+
+With the providers downloaded and a project set, you're ready to use Terraform. Go ahead!
+
+```bash
+terraform apply
+```
+
+Terraform will show you what it plans to do, and prompt you to accept. Type "yes" to accept the plan.
+
+```bash
+yes
+```
+
+
+## Post-Apply
+
+### Editing your config
+
+Now you've provisioned your resources in GCP! If you run a "plan", you should see no changes needed.
+
+```bash
+terraform plan
+```
+
+So let's make a change! Try editing a number, or appending a value to the name in the editor. Then,
+run a 'plan' again.
+
+```bash
+terraform plan
+```
+
+Afterwards you can run an apply, which implicitly does a plan and shows you the intended changes
+at the 'yes' prompt.
+
+```bash
+terraform apply
+```
+
+```bash
+yes
+```
+
+## Cleanup
+
+Run the following to remove the resources Terraform provisioned:
+
+```bash
+terraform destroy
+```
+```bash
+yes
+```
diff --git a/region_security_policy_with_ddos_protection_config/main.tf b/region_security_policy_with_ddos_protection_config/main.tf
index 0052dc18..ef23ed47 100644
--- a/region_security_policy_with_ddos_protection_config/main.tf
+++ b/region_security_policy_with_ddos_protection_config/main.tf
@@ -1,6 +1,4 @@
resource "google_compute_region_security_policy" "region-sec-policy-ddos-protection" {
- provider = google-beta
-
name = "my-sec-policy-ddos-protection-${local.name_suffix}"
description = "with ddos protection config"
type = "CLOUD_ARMOR_NETWORK"
diff --git a/region_security_policy_with_rules/backing_file.tf b/region_security_policy_with_rules/backing_file.tf
new file mode 100644
index 00000000..c60b1199
--- /dev/null
+++ b/region_security_policy_with_rules/backing_file.tf
@@ -0,0 +1,15 @@
+# This file has some scaffolding to make sure that names are unique and that
+# a region and zone are selected when you try to create your Terraform resources.
+
+locals {
+ name_suffix = "${random_pet.suffix.id}"
+}
+
+resource "random_pet" "suffix" {
+ length = 2
+}
+
+provider "google" {
+ region = "us-central1"
+ zone = "us-central1-c"
+}
diff --git a/region_security_policy_with_rules/main.tf b/region_security_policy_with_rules/main.tf
new file mode 100644
index 00000000..988e6c26
--- /dev/null
+++ b/region_security_policy_with_rules/main.tf
@@ -0,0 +1,27 @@
+resource "google_compute_region_security_policy" "region-sec-policy-with-rules" {
+ name = "my-sec-policy-with-rules-${local.name_suffix}"
+ description = "basic region security policy with multiple rules"
+ type = "CLOUD_ARMOR"
+
+ rules {
+ action = "deny"
+ priority = "1000"
+ match {
+ expr {
+ expression = "request.path.matches(\"/login.html\") && token.recaptcha_session.score < 0.2"
+ }
+ }
+ }
+
+ rules {
+ action = "deny"
+ priority = "2147483647"
+ match {
+ versioned_expr = "SRC_IPS_V1"
+ config {
+ src_ip_ranges = ["*"]
+ }
+ }
+ description = "default rule"
+ }
+}
diff --git a/region_security_policy_with_rules/motd b/region_security_policy_with_rules/motd
new file mode 100644
index 00000000..45a906e8
--- /dev/null
+++ b/region_security_policy_with_rules/motd
@@ -0,0 +1,7 @@
+===
+
+These examples use real resources that will be billed to the
+Google Cloud Platform project you use - so make sure that you
+run "terraform destroy" before quitting!
+
+===
diff --git a/region_security_policy_with_rules/tutorial.md b/region_security_policy_with_rules/tutorial.md
new file mode 100644
index 00000000..639063b1
--- /dev/null
+++ b/region_security_policy_with_rules/tutorial.md
@@ -0,0 +1,79 @@
+# Region Security Policy With Rules - Terraform
+
+## Setup
+
+
+
+Welcome to Terraform in Google Cloud Shell! We need you to let us know what project you'd like to use with Terraform.
+
+
+
+Terraform provisions real GCP resources, so anything you create in this session will be billed against this project.
+
+## Terraforming!
+
+Let's use {{project-id}} with Terraform! Click the Cloud Shell icon below to copy the command
+to your shell, and then run it from the shell by pressing Enter/Return. Terraform will pick up
+the project name from the environment variable.
+
+```bash
+export GOOGLE_CLOUD_PROJECT={{project-id}}
+```
+
+After that, let's get Terraform started. Run the following to pull in the providers.
+
+```bash
+terraform init
+```
+
+With the providers downloaded and a project set, you're ready to use Terraform. Go ahead!
+
+```bash
+terraform apply
+```
+
+Terraform will show you what it plans to do, and prompt you to accept. Type "yes" to accept the plan.
+
+```bash
+yes
+```
+
+
+## Post-Apply
+
+### Editing your config
+
+Now you've provisioned your resources in GCP! If you run a "plan", you should see no changes needed.
+
+```bash
+terraform plan
+```
+
+So let's make a change! Try editing a number, or appending a value to the name in the editor. Then,
+run a 'plan' again.
+
+```bash
+terraform plan
+```
+
+Afterwards you can run an apply, which implicitly does a plan and shows you the intended changes
+at the 'yes' prompt.
+
+```bash
+terraform apply
+```
+
+```bash
+yes
+```
+
+## Cleanup
+
+Run the following to remove the resources Terraform provisioned:
+
+```bash
+terraform destroy
+```
+```bash
+yes
+```
diff --git a/region_security_policy_with_user_defined_fields/main.tf b/region_security_policy_with_user_defined_fields/main.tf
index da61946c..e9a88f5a 100644
--- a/region_security_policy_with_user_defined_fields/main.tf
+++ b/region_security_policy_with_user_defined_fields/main.tf
@@ -1,6 +1,4 @@
resource "google_compute_region_security_policy" "region-sec-policy-user-defined-fields" {
- provider = google-beta
-
name = "my-sec-policy-user-defined-fields-${local.name_suffix}"
description = "with user defined fields"
type = "CLOUD_ARMOR_NETWORK"