GoogleCloudPlatform · roaks3 · Jan 17, 2024 · Jan 11, 2024 · Jan 12, 2024 · Jan 12, 2024
diff --git a/mmv1/products/networksecurity/SecurityProfile.yaml b/mmv1/products/networksecurity/SecurityProfile.yaml
@@ -0,0 +1,168 @@
+# Copyright 2024 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the 'License');
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an 'AS IS' BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+--- !ruby/object:Api::Resource
+name: 'SecurityProfile'
+base_url: '{{parent}}/locations/{{location}}/securityProfiles'
+create_url: '{{parent}}/locations/{{location}}/securityProfiles?securityProfileId={{name}}'
+self_link: '{{parent}}/locations/{{location}}/securityProfiles/{{name}}'
+min_version: beta
+update_verb: :PATCH
+update_mask: true
+description: |
+  A security profile defines the behavior associated to a profile type.
+references:
+  !ruby/object:Api::Resource::ReferenceLinks
+  api: 'https://cloud.google.com/firewall/docs/reference/network-security/rest/v1beta1/projects.locations.securityProfiles'
+  guides:
+    'Create and manage security profiles': 'https://cloud.google.com/firewall/docs/configure-security-profiles'
+async: !ruby/object:Api::OpAsync
+  operation: !ruby/object:Api::OpAsync::Operation
+    base_url: '{{op_id}}'
+  include_project: true
+import_format: ['{{%parent}}/locations/{{location}}/securityProfiles/{{name}}']
+examples:
+  - !ruby/object:Provider::Terraform::Examples
+    name: 'network_security_security_profile_basic'
+    primary_resource_id: 'default'
+    min_version: beta
+    vars:
+      resource_name: 'my-security-profile'
+    test_env_vars:
+      org_id: :ORG_ID
+  - !ruby/object:Provider::Terraform::Examples
+    name: 'network_security_security_profile_overrides'
+    primary_resource_id: 'default'
+    min_version: beta
+    vars:
+      resource_name: 'my-security-profile'
+    test_env_vars:
+      org_id: :ORG_ID
+parameters:
+  - !ruby/object:Api::Type::String
+    name: 'name'
+    required: true
+    immutable: true
+    url_param_only: true
+    description: |
+      The name of the security profile resource.
+  - !ruby/object:Api::Type::String
+    name: 'location'
+    default_value: 'global'
+    immutable: true
+    description: |
+      The location of the security profile.
+      The default value is `global`.
+    url_param_only: true
+  - !ruby/object:Api::Type::String
+    name: 'parent'
+    description: |
+      The name of the parent this security profile belongs to.
+      Format: organizations/{organization_id}.
+    immutable: true
+    url_param_only: true
+properties:
+  - !ruby/object:Api::Type::String
+    name: 'selfLink'
+    description: |
+      Server-defined URL of this resource.
+    output: true
+  - !ruby/object:Api::Type::Time
+    name: 'createTime'
+    description: Time the security profile was created in UTC.
+    output: true
+  - !ruby/object:Api::Type::Time
+    name: 'updateTime'
+    description: Time the security profile was updated in UTC.
+    output: true
+  - !ruby/object:Api::Type::String
+    name: 'etag'
+    output: true
+    description: |
+      This checksum is computed by the server based on the value of other fields,
+      and may be sent on update and delete requests to ensure the client has an up-to-date
+      value before proceeding.
+  - !ruby/object:Api::Type::String
+    name: 'description'
+    description: |
+      An optional description of the security profile. The Max length is 512 characters.
+  - !ruby/object:Api::Type::KeyValueLabels
+    name: 'labels'
+    description: |
+      A map of key/value label pairs to assign to the resource.
+  - !ruby/object:Api::Type::NestedObject
+    name: threatPreventionProfile
+    description: The threat prevention configuration for the security profile.
+    properties:
+      - !ruby/object:Api::Type::Array
+        name: severityOverrides
+        description: The configuration for overriding threats actions by severity match.
+        item_type: !ruby/object:Api::Type::NestedObject
+          properties:
+            - !ruby/object:Api::Type::Enum
+              name: 'action'
+              description: Threat action override.
+              required: true
+              values:
+                - :ALERT
+                - :ALLOW
+                - :DEFAULT_ACTION
+                - :DENY
+            - !ruby/object:Api::Type::Enum
+              name: 'severity'
+              description: Severity level to match.
+              required: true
+              values:
+                - :CRITICAL
+                - :HIGH
+                - :INFORMATIONAL
+                - :LOW
+                - :MEDIUM
+      - !ruby/object:Api::Type::Array
+        name: threatOverrides
+        description: |
+          The configuration for overriding threats actions by threat id match.
+          If a threat is matched both by configuration provided in severity overrides
+          and threat overrides, the threat overrides action is applied.
+        item_type: !ruby/object:Api::Type::NestedObject
+          properties:
+            - !ruby/object:Api::Type::Enum
+              name: 'action'
+              description: Threat action.
+              required: true
+              values:
+                - :ALERT
+                - :ALLOW
+                - :DEFAULT_ACTION
+                - :DENY
+            - !ruby/object:Api::Type::String
+              name: 'threatId'
+              description: Vendor-specific ID of a threat to override.
+              required: true
+            - !ruby/object:Api::Type::Enum
+              name: 'type'
+              description: Type of threat.
+              output: true
+              values:
+                - :ANTIVIRUS
+                - :DNS
+                - :UNKNOWN
+                - :VULNERABILITY
+                - :SPYWARE
+  - !ruby/object:Api::Type::Enum
+    name: 'type'
+    description: The type of security profile.
+    required: true
+    immutable: true
+    values:
+      - :THREAT_PREVENTION
diff --git a/mmv1/templates/terraform/examples/network_security_security_profile_basic.tf.erb b/mmv1/templates/terraform/examples/network_security_security_profile_basic.tf.erb
@@ -0,0 +1,11 @@
+resource "google_network_security_security_profile" "<%= ctx[:primary_resource_id] %>" {
+  provider    = google-beta
+  name        = "<%= ctx[:vars]['resource_name'] %>"
+  parent      = "organizations/<%= ctx[:test_env_vars]['org_id'] %>"
+  description = "my description"
+  type        = "THREAT_PREVENTION"
+
+  labels = {
+    foo = "bar"
+  }
+}
diff --git a/mmv1/templates/terraform/examples/network_security_security_profile_overrides.tf.erb b/mmv1/templates/terraform/examples/network_security_security_profile_overrides.tf.erb
@@ -0,0 +1,24 @@
+resource "google_network_security_security_profile" "<%= ctx[:primary_resource_id] %>" {
+  provider    = google-beta
+  name        = "<%= ctx[:vars]['resource_name'] %>"
+  parent      = "organizations/<%= ctx[:test_env_vars]['org_id'] %>"
+  description = "my description"
+  type        = "THREAT_PREVENTION"
+
+  threat_prevention_profile {
+    severity_overrides {
+      action   = "ALLOW"
+      severity = "INFORMATIONAL"
+    }
+
+    severity_overrides {
+      action   = "DENY"
+      severity = "HIGH"
+    }
+
+    threat_overrides {
+      action    = "ALLOW"
+      threat_id = "280647"
+    }
+  }
+}
diff --git a/...terraform/services/networksecurity/resource_network_security_security_profile_test.go.erb b/...terraform/services/networksecurity/resource_network_security_security_profile_test.go.erb
@@ -0,0 +1,93 @@
+<% autogen_exception -%>
+package networksecurity_test
+<% unless version == 'ga' -%>
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-provider-google/google/acctest"
+	"github.com/hashicorp/terraform-provider-google/google/envvar"
+)
+
+func TestAccNetworkSecuritySecurityProfiles_update(t *testing.T) {
+	t.Parallel()
+
+	orgId := envvar.GetTestOrgFromEnv(t)
+	randomSuffix := acctest.RandString(t, 10)
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t),
+		CheckDestroy:             testAccCheckNetworkSecuritySecurityProfileDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccNetworkSecuritySecurityProfiles_basic(orgId, randomSuffix),
+			},
+			{
+				ResourceName:            "google_network_security_security_profile.foobar",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"labels", "terraform_labels"},
+			},
+			{
+				Config: testAccNetworkSecuritySecurityProfiles_update(orgId, randomSuffix),
+			},
+			{
+				ResourceName:            "google_network_security_security_profile.foobar",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"labels", "terraform_labels"},
+			},
+		},
+	})
+}
+
+func testAccNetworkSecuritySecurityProfiles_basic(orgId string, randomSuffix string) string {
+	return fmt.Sprintf(`
+resource "google_network_security_security_profile" "foobar" {
+    provider    = google-beta
+    name        = "tf-test-my-security-profile%s"
+    parent      = "organizations/%s"
+    location    = "global"
+    description = "My security profile."
+    type        = "THREAT_PREVENTION"
+
+    labels = {
+        foo = "bar"
+    }
+}
+`, randomSuffix, orgId)
+}
+
+func testAccNetworkSecuritySecurityProfiles_update(orgId string, randomSuffix string) string {
+	return fmt.Sprintf(`
+resource "google_network_security_security_profile" "foobar" {
+    provider    = google-beta
+    name        = "tf-test-my-security-profile%s"
+    parent      = "organizations/%s"
+    location    = "global"
+    description = "My security profile. Update"
+    type        = "THREAT_PREVENTION"
+
+    labels = {
+        foo = "foo"
+    }
+
+    threat_prevention_profile {
+        severity_overrides {
+            action   = "ALLOW"
+            severity = "INFORMATIONAL"
+        }
+
+        severity_overrides {
+            action   = "DENY"
+            severity = "HIGH"
+        }
+    }
+}
+`, randomSuffix, orgId)
+}
+
+<% end -%>