diff --git a/pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/computefirewallpolicyrule-egress-full/create.yaml b/pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/computefirewallpolicyrule-egress-full/create.yaml new file mode 100644 index 0000000000..fc5325c3fe --- /dev/null +++ b/pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/computefirewallpolicyrule-egress-full/create.yaml @@ -0,0 +1,45 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: compute.cnrm.cloud.google.com/v1beta1 +kind: ComputeFirewallPolicyRule +metadata: + name: firewallpolicyrule-${uniqueId} +spec: + action: "deny" + direction: "EGRESS" + firewallPolicyRef: + name: firewallpolicy-${uniqueId} + match: + destAddressGroups: + - "organizations/${TEST_ORG_ID}/locations/global/addressGroups/testnetworksecurityaddressgroup" + destFqdns: + - "www.google.com" + destIPRanges: + - "11.100.0.1/32" + destRegionCodes: + - "US" + destThreatIntelligences: + - "iplist-known-malicious-ips" + layer4Configs: + - ipProtocol: "tcp" + ports: + - "8080" + srcIPRanges: + - "10.100.0.1/32" + priority: 9000 + targetResources: + - name: network-${uniqueId} + targetServiceAccounts: + - name: sa-${uniqueId} diff --git a/pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/computefirewallpolicyrule-egress-full/dependencies.yaml b/pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/computefirewallpolicyrule-egress-full/dependencies.yaml new file mode 100644 index 0000000000..40c27777fc --- /dev/null +++ b/pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/computefirewallpolicyrule-egress-full/dependencies.yaml @@ -0,0 +1,38 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: compute.cnrm.cloud.google.com/v1beta1 +kind: ComputeFirewallPolicy +metadata: + name: firewallpolicy-${uniqueId} +spec: + organizationRef: + external: "organizations/${TEST_ORG_ID}" + shortName: firewallpolicy-${uniqueId} + description: "A basic folder firewall policy" +--- +apiVersion: compute.cnrm.cloud.google.com/v1beta1 +kind: ComputeNetwork +metadata: + name: network-${uniqueId} +spec: + routingMode: REGIONAL + autoCreateSubnetworks: false +--- +apiVersion: iam.cnrm.cloud.google.com/v1beta1 +kind: IAMServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/project-id: ${projectId} + name: sa-${uniqueId} diff --git a/pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/computefirewallpolicyrule-egress-full/update.yaml b/pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/computefirewallpolicyrule-egress-full/update.yaml new file mode 100644 index 0000000000..fc5325c3fe --- /dev/null +++ b/pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/computefirewallpolicyrule-egress-full/update.yaml @@ -0,0 +1,45 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: compute.cnrm.cloud.google.com/v1beta1 +kind: ComputeFirewallPolicyRule +metadata: + name: firewallpolicyrule-${uniqueId} +spec: + action: "deny" + direction: "EGRESS" + firewallPolicyRef: + name: firewallpolicy-${uniqueId} + match: + destAddressGroups: + - "organizations/${TEST_ORG_ID}/locations/global/addressGroups/testnetworksecurityaddressgroup" + destFqdns: + - "www.google.com" + destIPRanges: + - "11.100.0.1/32" + destRegionCodes: + - "US" + destThreatIntelligences: + - "iplist-known-malicious-ips" + layer4Configs: + - ipProtocol: "tcp" + ports: + - "8080" + srcIPRanges: + - "10.100.0.1/32" + priority: 9000 + targetResources: + - name: network-${uniqueId} + targetServiceAccounts: + - name: sa-${uniqueId} diff --git a/pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/computefirewallpolicyrule-ingress-full/create.yaml b/pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/computefirewallpolicyrule-ingress-full/create.yaml new file mode 100644 index 0000000000..fdea311aec --- /dev/null +++ b/pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/computefirewallpolicyrule-ingress-full/create.yaml @@ -0,0 +1,45 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: compute.cnrm.cloud.google.com/v1beta1 +kind: ComputeFirewallPolicyRule +metadata: + name: firewallpolicyrule-${uniqueId} +spec: + action: "deny" + direction: "INGRESS" + firewallPolicyRef: + name: firewallpolicy-${uniqueId} + match: + srcAddressGroups: + - "organizations/${TEST_ORG_ID}/locations/global/addressGroups/testnetworksecurityaddressgroup" + srcFqdns: + - "www.google.com" + srcIPRanges: + - "11.100.0.1/32" + srcRegionCodes: + - "US" + srcThreatIntelligences: + - "iplist-known-malicious-ips" + layer4Configs: + - ipProtocol: "tcp" + ports: + - "8080" + destIPRanges: + - "10.100.0.1/32" + priority: 9000 + targetResources: + - name: network-${uniqueId} + targetServiceAccounts: + - name: sa-${uniqueId} diff --git a/pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/computefirewallpolicyrule-ingress-full/dependencies.yaml b/pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/computefirewallpolicyrule-ingress-full/dependencies.yaml new file mode 100644 index 0000000000..40c27777fc --- /dev/null +++ b/pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/computefirewallpolicyrule-ingress-full/dependencies.yaml @@ -0,0 +1,38 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: compute.cnrm.cloud.google.com/v1beta1 +kind: ComputeFirewallPolicy +metadata: + name: firewallpolicy-${uniqueId} +spec: + organizationRef: + external: "organizations/${TEST_ORG_ID}" + shortName: firewallpolicy-${uniqueId} + description: "A basic folder firewall policy" +--- +apiVersion: compute.cnrm.cloud.google.com/v1beta1 +kind: ComputeNetwork +metadata: + name: network-${uniqueId} +spec: + routingMode: REGIONAL + autoCreateSubnetworks: false +--- +apiVersion: iam.cnrm.cloud.google.com/v1beta1 +kind: IAMServiceAccount +metadata: + annotations: + cnrm.cloud.google.com/project-id: ${projectId} + name: sa-${uniqueId} diff --git a/pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/computefirewallpolicyrule-ingress-full/update.yaml b/pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/computefirewallpolicyrule-ingress-full/update.yaml new file mode 100644 index 0000000000..fdea311aec --- /dev/null +++ b/pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/computefirewallpolicyrule-ingress-full/update.yaml @@ -0,0 +1,45 @@ +# Copyright 2024 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: compute.cnrm.cloud.google.com/v1beta1 +kind: ComputeFirewallPolicyRule +metadata: + name: firewallpolicyrule-${uniqueId} +spec: + action: "deny" + direction: "INGRESS" + firewallPolicyRef: + name: firewallpolicy-${uniqueId} + match: + srcAddressGroups: + - "organizations/${TEST_ORG_ID}/locations/global/addressGroups/testnetworksecurityaddressgroup" + srcFqdns: + - "www.google.com" + srcIPRanges: + - "11.100.0.1/32" + srcRegionCodes: + - "US" + srcThreatIntelligences: + - "iplist-known-malicious-ips" + layer4Configs: + - ipProtocol: "tcp" + ports: + - "8080" + destIPRanges: + - "10.100.0.1/32" + priority: 9000 + targetResources: + - name: network-${uniqueId} + targetServiceAccounts: + - name: sa-${uniqueId} diff --git a/pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/create.yaml b/pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/computefirewallpolicyrule-minimal/create.yaml similarity index 100% rename from pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/create.yaml rename to pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/computefirewallpolicyrule-minimal/create.yaml diff --git a/pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/dependencies.yaml b/pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/computefirewallpolicyrule-minimal/dependencies.yaml similarity index 100% rename from pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/dependencies.yaml rename to pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/computefirewallpolicyrule-minimal/dependencies.yaml diff --git a/pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/update.yaml b/pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/computefirewallpolicyrule-minimal/update.yaml similarity index 100% rename from pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/update.yaml rename to pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/computefirewallpolicyrule-minimal/update.yaml