google_access_context_manager_service_perimeter - beta support for ingressPolicies and egressPolicies

[eadred]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

The Access Context Manager accessPolicies.servicePerimeters.create API method now supports ingressPolicies and egressPolicies in the ServicePerimeterConfig resource. This is available in beta in the 321.0.0 version of the SDK.

The google_access_context_manager_service_perimeter Terraform resource should support this in the Beta Google provider.

New or Affected Resource(s)

• google_access_context_manager_service_perimeter

Potential Terraform Configuration

Example for enforced configuration. For dry run the same ingressPolicy/egressPolicy properties would be available for the spec block.

resource "google_access_context_manager_service_perimeter" "my_perimeter" {
  parent = "accessPolicies/1234567890"
  name   = "accessPolicies/1234567890/servicePerimeters/my_perimeter"
  
  # other settings...

  status {
    # other settings...

    # This is an example that doesn't show all possible properties in the API request payload.
    # In general, this structure should match the API payload schema

    ingressPolicy { # Allow this to be specified multiple times
      ingressFrom {
        source { # Allow this to be specified multiple times
          accessLevel = "accessPolicies/1234567890/accessPolicies/my_policy"
          resource = "projects/12345678"
        }
        identities = ["user:[email protected]"]
      }
      ingressTo {
        resources = ["projects/12345678"]
        operation { # Allow this to be specified multiple times
          serviceName = "storage.googleapis.com"
          methodSelector {
            method = "google.storage.objects.create"
          }
          methodSelector {
            method = "google.storage.buckets.testIamPermissions"
          }
        }
      }
    }

    egressPolicy { # Allow this to be specified multiple times
      egressFrom {
        identities = ["user:[email protected]"]
      }
      egressTo {
        resources = ["projects/12345678"]
        operation { # Allow this to be specified multiple times
          serviceName = "storage.googleapis.com"
          methodSelector {
            method = "google.storage.objects.create"
          }
          methodSelector {
            method = "google.storage.buckets.testIamPermissions"
          }
        }
      }  
    }
  }
}

References

None

[eadred]

Duplicate of #8482

[eadred]

Another related PR: GoogleCloudPlatform/magic-modules#4509

[rileykarson]

Closed in GoogleCloudPlatform/magic-modules#4509, I think.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!