firewallpolicyrule full test

pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/computefirewallpolicyrule-egress-full/create.yaml

@@ -0,0 +1,45 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: compute.cnrm.cloud.google.com/v1beta1
+kind: ComputeFirewallPolicyRule
+metadata:
+  name: firewallpolicyrule-${uniqueId}
+spec:
+  action: "deny"
+  direction: "EGRESS"
+  firewallPolicyRef:
+    name: firewallpolicy-${uniqueId}
+  match:
+    destAddressGroups:
+      - "organizations/${TEST_ORG_ID}/locations/global/addressGroups/testnetworksecurityaddressgroup"
+    destFqdns:
+      - "www.google.com"
+    destIPRanges:
+      - "11.100.0.1/32"
+    destRegionCodes:
+      - "US"
+    destThreatIntelligences:
+      - "iplist-known-malicious-ips"
+    layer4Configs:
+      - ipProtocol: "tcp"
+        ports:
+          - "8080"
+    srcIPRanges:
+      - "10.100.0.1/32"
+  priority: 9000
+  targetResources:
+    - name: network-${uniqueId}
+  targetServiceAccounts:
+    - name: sa-${uniqueId}

pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/computefirewallpolicyrule-egress-full/dependencies.yaml

@@ -0,0 +1,38 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: compute.cnrm.cloud.google.com/v1beta1
+kind: ComputeFirewallPolicy
+metadata:
+  name: firewallpolicy-${uniqueId}
+spec:
+  organizationRef:
+    external: "organizations/${TEST_ORG_ID}"
+  shortName: firewallpolicy-${uniqueId}
+  description: "A basic folder firewall policy"
+---
+apiVersion: compute.cnrm.cloud.google.com/v1beta1
+kind: ComputeNetwork
+metadata:
+  name: network-${uniqueId}
+spec:
+  routingMode: REGIONAL
+  autoCreateSubnetworks: false
+---
+apiVersion: iam.cnrm.cloud.google.com/v1beta1
+kind: IAMServiceAccount
+metadata:
+  annotations:
+    cnrm.cloud.google.com/project-id: ${projectId}
+  name: sa-${uniqueId}

pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/computefirewallpolicyrule-egress-full/update.yaml

@@ -0,0 +1,45 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: compute.cnrm.cloud.google.com/v1beta1
+kind: ComputeFirewallPolicyRule
+metadata:
+  name: firewallpolicyrule-${uniqueId}
+spec:
+  action: "deny"
+  direction: "EGRESS"
+  firewallPolicyRef:
+    name: firewallpolicy-${uniqueId}
+  match:
+    destAddressGroups:
+      - "organizations/${TEST_ORG_ID}/locations/global/addressGroups/testnetworksecurityaddressgroup"
+    destFqdns:
+      - "www.google.com"
+    destIPRanges:
+      - "11.100.0.1/32"
+    destRegionCodes:
+      - "US"
+    destThreatIntelligences:
+      - "iplist-known-malicious-ips"
+    layer4Configs:
+      - ipProtocol: "tcp"
+        ports:
+          - "8080"
+    srcIPRanges:
+      - "10.100.0.1/32"
+  priority: 9000
+  targetResources:
+    - name: network-${uniqueId}
+  targetServiceAccounts:
+    - name: sa-${uniqueId}

pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/computefirewallpolicyrule-ingress-full/create.yaml

@@ -0,0 +1,45 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: compute.cnrm.cloud.google.com/v1beta1
+kind: ComputeFirewallPolicyRule
+metadata:
+  name: firewallpolicyrule-${uniqueId}
+spec:
+  action: "deny"
+  direction: "INGRESS"
+  firewallPolicyRef:
+    name: firewallpolicy-${uniqueId}
+  match:
+    srcAddressGroups:
+      - "organizations/${TEST_ORG_ID}/locations/global/addressGroups/testnetworksecurityaddressgroup"
+    srcFqdns:
+      - "www.google.com"
+    srcIPRanges:
+      - "11.100.0.1/32"
+    srcRegionCodes:
+      - "US"
+    srcThreatIntelligences:
+      - "iplist-known-malicious-ips"
+    layer4Configs:
+      - ipProtocol: "tcp"
+        ports:
+          - "8080"
+    destIPRanges:
+      - "10.100.0.1/32"
+  priority: 9000
+  targetResources:
+    - name: network-${uniqueId}
+  targetServiceAccounts:
+    - name: sa-${uniqueId}

pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/computefirewallpolicyrule-ingress-full/dependencies.yaml

@@ -0,0 +1,38 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: compute.cnrm.cloud.google.com/v1beta1
+kind: ComputeFirewallPolicy
+metadata:
+  name: firewallpolicy-${uniqueId}
+spec:
+  organizationRef:
+    external: "organizations/${TEST_ORG_ID}"
+  shortName: firewallpolicy-${uniqueId}
+  description: "A basic folder firewall policy"
+---
+apiVersion: compute.cnrm.cloud.google.com/v1beta1
+kind: ComputeNetwork
+metadata:
+  name: network-${uniqueId}
+spec:
+  routingMode: REGIONAL
+  autoCreateSubnetworks: false
+---
+apiVersion: iam.cnrm.cloud.google.com/v1beta1
+kind: IAMServiceAccount
+metadata:
+  annotations:
+    cnrm.cloud.google.com/project-id: ${projectId}
+  name: sa-${uniqueId}

pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/computefirewallpolicyrule-ingress-full/update.yaml

@@ -0,0 +1,45 @@
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: compute.cnrm.cloud.google.com/v1beta1
+kind: ComputeFirewallPolicyRule
+metadata:
+  name: firewallpolicyrule-${uniqueId}
+spec:
+  action: "deny"
+  direction: "INGRESS"
+  firewallPolicyRef:
+    name: firewallpolicy-${uniqueId}
+  match:
+    srcAddressGroups:
+      - "organizations/${TEST_ORG_ID}/locations/global/addressGroups/testnetworksecurityaddressgroup"
+    srcFqdns:
+      - "www.google.com"
+    srcIPRanges:
+      - "11.100.0.1/32"
+    srcRegionCodes:
+      - "US"
+    srcThreatIntelligences:
+      - "iplist-known-malicious-ips"
+    layer4Configs:
+      - ipProtocol: "tcp"
+        ports:
+          - "8080"
+    destIPRanges:
+      - "10.100.0.1/32"
+  priority: 9000
+  targetResources:
+    - name: network-${uniqueId}
+  targetServiceAccounts:
+    - name: sa-${uniqueId}