diff --git a/mmv1/products/chronicle/DataAccessLabel.yaml b/mmv1/products/chronicle/DataAccessLabel.yaml new file mode 100644 index 000000000000..36428850ff45 --- /dev/null +++ b/mmv1/products/chronicle/DataAccessLabel.yaml @@ -0,0 +1,98 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +name: DataAccessLabel +description: A DataAccessLabel is a label on events to define user access to data. +min_version: 'beta' +references: + guides: + 'Introduction to data RBAC': 'https://cloud.google.com/chronicle/docs/onboard/onboard-datarbac' + api: 'https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/projects.locations.instances.dataAccessLabels' +base_url: projects/{{project}}/locations/{{location}}/instances/{{instance}}/dataAccessLabels +self_link: projects/{{project}}/locations/{{location}}/instances/{{instance}}/dataAccessLabels/{{data_access_label_id}} +create_url: projects/{{project}}/locations/{{location}}/instances/{{instance}}/dataAccessLabels?dataAccessLabelId={{data_access_label_id}} +id_format: projects/{{project}}/locations/{{location}}/instances/{{instance}}/dataAccessLabels/{{data_access_label_id}} +import_format: + - projects/{{project}}/locations/{{location}}/instances/{{instance}}/dataAccessLabels/{{data_access_label_id}} +update_verb: PATCH +update_mask: true + +examples: + - name: 'chronicle_dataaccesslabel_basic' + primary_resource_id: 'example' + min_version: 'beta' + vars: + data_access_label_id: label-id + description: label-description + test_env_vars: + chronicle_id: 'CHRONICLE_ID' + +parameters: + - name: location + type: String + description: The location of the resource. This is the geographical region where the Chronicle instance resides, such as "us" or "europe-west2". + immutable: true + url_param_only: true + required: true + - name: instance + type: String + description: The unique identifier for the Chronicle instance, which is the same as the customer ID. + immutable: true + url_param_only: true + required: true + - name: dataAccessLabelId + type: String + description: |- + Required. The ID to use for the data access label, which will become the label's + display name and the final component of the label's resource name. It must + only contain ASCII lowercase letters, numbers, and dashes; it must begin + with a letter, and it must not exceed 1000 characters. + immutable: true + url_param_only: true + required: true +properties: + - name: author + type: String + description: Output only. The user who created the data access label. + output: true + - name: lastEditor + type: String + description: Output only. The user who last updated the data access label. + output: true + - name: description + type: String + description: Optional. A description of the data access label for a human reader. + - name: udmQuery + type: String + description: A UDM query over event data. + required: true + - name: name + type: String + description: |- + The unique resource name of the data access label. This unique identifier is generated using values provided for the URL parameters. + Format: + projects/{project}/locations/{location}/instances/{instance}/dataAccessLabels/{data_access_label_id} + output: true + - name: displayName + type: String + description: Output only. The short name displayed for the label as it appears on event data. This is same as data access label id. + output: true + - name: createTime + type: String + description: Output only. The time at which the data access label was created. + output: true + - name: updateTime + type: String + description: Output only. The time at which the data access label was last updated. + output: true diff --git a/mmv1/templates/terraform/examples/chronicle_dataaccesslabel_basic.tf.tmpl b/mmv1/templates/terraform/examples/chronicle_dataaccesslabel_basic.tf.tmpl new file mode 100644 index 000000000000..704b2099beb1 --- /dev/null +++ b/mmv1/templates/terraform/examples/chronicle_dataaccesslabel_basic.tf.tmpl @@ -0,0 +1,8 @@ +resource "google_chronicle_data_access_label" "{{$.PrimaryResourceId}}" { + provider = "google-beta" + location = "us" + instance = "{{index $.TestEnvVars "chronicle_id"}}" + data_access_label_id = "{{index $.Vars "data_access_label_id"}}" + udm_query = "principal.hostname=\"google.com\"" + description = "{{index $.Vars "description"}}" +} diff --git a/mmv1/third_party/terraform/services/chronicle/resource_chronicle_data_access_label_test.go.tmpl b/mmv1/third_party/terraform/services/chronicle/resource_chronicle_data_access_label_test.go.tmpl new file mode 100644 index 000000000000..f4b1493c0163 --- /dev/null +++ b/mmv1/third_party/terraform/services/chronicle/resource_chronicle_data_access_label_test.go.tmpl @@ -0,0 +1,76 @@ +package chronicle_test + +{{- if ne $.TargetVersionName "ga" }} + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-testing/helper/resource" + + "github.com/hashicorp/terraform-provider-google/google/acctest" + "github.com/hashicorp/terraform-provider-google/google/envvar" +) + +func TestAccChronicleDataAccessLabel_chronicleDataaccesslabelBasicExample_update(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "chronicle_id": envvar.GetTestChronicleInstanceIdFromEnv(t), + "random_suffix": acctest.RandString(t, 10), + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t), + CheckDestroy: testAccCheckChronicleDataAccessLabelDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccChronicleDataAccessLabel_chronicleDataaccesslabelBasicExample_full(context), + }, + { + ResourceName: "google_chronicle_data_access_label.example", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"data_access_label_id", "instance", "location"}, + }, + + { + Config: testAccChronicleDataAccessLabel_chronicleDataaccesslabelBasicExample_update(context), + }, + { + ResourceName: "google_chronicle_data_access_label.example", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"data_access_label_id", "instance", "location"}, + }, + }, + }) +} + +func testAccChronicleDataAccessLabel_chronicleDataaccesslabelBasicExample_full(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_chronicle_data_access_label" "example" { + provider = "google-beta" + location = "us" + instance = "%{chronicle_id}" + data_access_label_id = "tf-test-label-id%{random_suffix}" + udm_query = "principal.hostname=\"google.com\"" + description = "tf-test-label-description%{random_suffix}" +} +`, context) +} + +func testAccChronicleDataAccessLabel_chronicleDataaccesslabelBasicExample_update(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_chronicle_data_access_label" "example" { + provider = "google-beta" + location = "us" + instance = "%{chronicle_id}" + data_access_label_id = "tf-test-label-id%{random_suffix}" + udm_query = "principal.hostname=\"google-updated.com\"" + description = "tf-test-label-updated-description%{random_suffix}" +} +`, context) +} + +{{- end }}