Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vgm vpc subseg #6553

Merged
merged 1 commit into from
Oct 20, 2023
Merged

Vgm vpc subseg #6553

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .changelog/9298.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:enhancement
accesscontextmanager: added support for Access Context Manager's VPC Sub-segmentation feature
```
137 changes: 137 additions & 0 deletions google-beta/services/accesscontextmanager/resource_access_context_manager_access_level.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -220,6 +220,38 @@ Format: accessPolicies/{policy_id}/accessLevels/{short_name}`,
Type: schema.TypeString,
},
},
"vpc_network_sources": {
Type: schema.TypeList,
Optional: true,
Description: `The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with 'ip_subnetworks'.`,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"vpc_subnetwork": {
Type: schema.TypeList,
Optional: true,
Description: `Sub networks within a VPC network.`,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"network": {
Type: schema.TypeString,
Required: true,
Description: `Required. Network name to be allowed by this Access Level. Networks of foreign organizations requires 'compute.network.get' permission to be granted to caller.`,
},
"vpc_ip_subnetworks": {
Type: schema.TypeList,
Optional: true,
Description: `CIDR block IP subnetwork specification. Must be IPv4.`,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
},
},
},
},
},
},
},
},
},
Expand Down Expand Up @@ -672,6 +704,7 @@ func flattenAccessContextManagerAccessLevelBasicConditions(v interface{}, d *sch
"negate": flattenAccessContextManagerAccessLevelBasicConditionsNegate(original["negate"], d, config),
"device_policy": flattenAccessContextManagerAccessLevelBasicConditionsDevicePolicy(original["devicePolicy"], d, config),
"regions": flattenAccessContextManagerAccessLevelBasicConditionsRegions(original["regions"], d, config),
"vpc_network_sources": flattenAccessContextManagerAccessLevelBasicConditionsVpcNetworkSources(original["vpcNetworkSources"], d, config),
})
}
return transformed
Expand Down Expand Up @@ -771,6 +804,47 @@ func flattenAccessContextManagerAccessLevelBasicConditionsRegions(v interface{},
return v
}

func flattenAccessContextManagerAccessLevelBasicConditionsVpcNetworkSources(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
if v == nil {
return v
}
l := v.([]interface{})
transformed := make([]interface{}, 0, len(l))
for _, raw := range l {
original := raw.(map[string]interface{})
if len(original) < 1 {
// Do not include empty json objects coming back from the api
continue
}
transformed = append(transformed, map[string]interface{}{
"vpc_subnetwork": flattenAccessContextManagerAccessLevelBasicConditionsVpcNetworkSourcesVpcSubnetwork(original["vpcSubnetwork"], d, config),
})
}
return transformed
}
func flattenAccessContextManagerAccessLevelBasicConditionsVpcNetworkSourcesVpcSubnetwork(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
if v == nil {
return nil
}
original := v.(map[string]interface{})
if len(original) == 0 {
return nil
}
transformed := make(map[string]interface{})
transformed["network"] =
flattenAccessContextManagerAccessLevelBasicConditionsVpcNetworkSourcesVpcSubnetworkNetwork(original["network"], d, config)
transformed["vpc_ip_subnetworks"] =
flattenAccessContextManagerAccessLevelBasicConditionsVpcNetworkSourcesVpcSubnetworkVpcIpSubnetworks(original["vpcIpSubnetworks"], d, config)
return []interface{}{transformed}
}
func flattenAccessContextManagerAccessLevelBasicConditionsVpcNetworkSourcesVpcSubnetworkNetwork(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}

func flattenAccessContextManagerAccessLevelBasicConditionsVpcNetworkSourcesVpcSubnetworkVpcIpSubnetworks(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}

func flattenAccessContextManagerAccessLevelCustom(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
if v == nil {
return nil
Expand Down Expand Up @@ -913,6 +987,13 @@ func expandAccessContextManagerAccessLevelBasicConditions(v interface{}, d tpgre
transformed["regions"] = transformedRegions
}

transformedVpcNetworkSources, err := expandAccessContextManagerAccessLevelBasicConditionsVpcNetworkSources(original["vpc_network_sources"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedVpcNetworkSources); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["vpcNetworkSources"] = transformedVpcNetworkSources
}

req = append(req, transformed)
}
return req, nil
Expand Down Expand Up @@ -1060,6 +1141,62 @@ func expandAccessContextManagerAccessLevelBasicConditionsRegions(v interface{},
return v, nil
}

func expandAccessContextManagerAccessLevelBasicConditionsVpcNetworkSources(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
l := v.([]interface{})
req := make([]interface{}, 0, len(l))
for _, raw := range l {
if raw == nil {
continue
}
original := raw.(map[string]interface{})
transformed := make(map[string]interface{})

transformedVpcSubnetwork, err := expandAccessContextManagerAccessLevelBasicConditionsVpcNetworkSourcesVpcSubnetwork(original["vpc_subnetwork"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedVpcSubnetwork); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["vpcSubnetwork"] = transformedVpcSubnetwork
}

req = append(req, transformed)
}
return req, nil
}

func expandAccessContextManagerAccessLevelBasicConditionsVpcNetworkSourcesVpcSubnetwork(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
l := v.([]interface{})
if len(l) == 0 || l[0] == nil {
return nil, nil
}
raw := l[0]
original := raw.(map[string]interface{})
transformed := make(map[string]interface{})

transformedNetwork, err := expandAccessContextManagerAccessLevelBasicConditionsVpcNetworkSourcesVpcSubnetworkNetwork(original["network"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedNetwork); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["network"] = transformedNetwork
}

transformedVpcIpSubnetworks, err := expandAccessContextManagerAccessLevelBasicConditionsVpcNetworkSourcesVpcSubnetworkVpcIpSubnetworks(original["vpc_ip_subnetworks"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedVpcIpSubnetworks); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["vpcIpSubnetworks"] = transformedVpcIpSubnetworks
}

return transformed, nil
}

func expandAccessContextManagerAccessLevelBasicConditionsVpcNetworkSourcesVpcSubnetworkNetwork(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}

func expandAccessContextManagerAccessLevelBasicConditionsVpcNetworkSourcesVpcSubnetworkVpcIpSubnetworks(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}

func expandAccessContextManagerAccessLevelCustom(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
l := v.([]interface{})
if len(l) == 0 || l[0] == nil {
Expand Down
142 changes: 142 additions & 0 deletions ...a/services/accesscontextmanager/resource_access_context_manager_access_level_condition.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -195,6 +195,42 @@ Format: accessPolicies/{policy_id}/accessLevels/{short_name}`,
Type: schema.TypeString,
},
},
"vpc_network_sources": {
Type: schema.TypeList,
Optional: true,
ForceNew: true,
Description: `The request must originate from one of the provided VPC networks in Google Cloud. Cannot specify this field together with 'ip_subnetworks'.`,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"vpc_subnetwork": {
Type: schema.TypeList,
Optional: true,
ForceNew: true,
Description: `Sub networks within a VPC network.`,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"network": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
Description: `Required. Network name to be allowed by this Access Level. Networks of foreign organizations requires 'compute.network.get' permission to be granted to caller.`,
},
"vpc_ip_subnetworks": {
Type: schema.TypeList,
Optional: true,
ForceNew: true,
Description: `CIDR block IP subnetwork specification. Must be IPv4.`,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
},
},
},
},
},
},
},
UseJSONNumber: true,
}
Expand Down Expand Up @@ -244,6 +280,12 @@ func resourceAccessContextManagerAccessLevelConditionCreate(d *schema.ResourceDa
} else if v, ok := d.GetOkExists("regions"); !tpgresource.IsEmptyValue(reflect.ValueOf(regionsProp)) && (ok || !reflect.DeepEqual(v, regionsProp)) {
obj["regions"] = regionsProp
}
vpcNetworkSourcesProp, err := expandNestedAccessContextManagerAccessLevelConditionVpcNetworkSources(d.Get("vpc_network_sources"), d, config)
if err != nil {
return err
} else if v, ok := d.GetOkExists("vpc_network_sources"); !tpgresource.IsEmptyValue(reflect.ValueOf(vpcNetworkSourcesProp)) && (ok || !reflect.DeepEqual(v, vpcNetworkSourcesProp)) {
obj["vpcNetworkSources"] = vpcNetworkSourcesProp
}

lockName, err := tpgresource.ReplaceVars(d, config, "{{access_level}}")
if err != nil {
Expand Down Expand Up @@ -408,6 +450,9 @@ func resourceAccessContextManagerAccessLevelConditionRead(d *schema.ResourceData
if err := d.Set("regions", flattenNestedAccessContextManagerAccessLevelConditionRegions(res["regions"], d, config)); err != nil {
return fmt.Errorf("Error reading AccessLevelCondition: %s", err)
}
if err := d.Set("vpc_network_sources", flattenNestedAccessContextManagerAccessLevelConditionVpcNetworkSources(res["vpcNetworkSources"], d, config)); err != nil {
return fmt.Errorf("Error reading AccessLevelCondition: %s", err)
}

return nil
}
Expand Down Expand Up @@ -557,6 +602,47 @@ func flattenNestedAccessContextManagerAccessLevelConditionRegions(v interface{},
return v
}

func flattenNestedAccessContextManagerAccessLevelConditionVpcNetworkSources(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
if v == nil {
return v
}
l := v.([]interface{})
transformed := make([]interface{}, 0, len(l))
for _, raw := range l {
original := raw.(map[string]interface{})
if len(original) < 1 {
// Do not include empty json objects coming back from the api
continue
}
transformed = append(transformed, map[string]interface{}{
"vpc_subnetwork": flattenNestedAccessContextManagerAccessLevelConditionVpcNetworkSourcesVpcSubnetwork(original["vpcSubnetwork"], d, config),
})
}
return transformed
}
func flattenNestedAccessContextManagerAccessLevelConditionVpcNetworkSourcesVpcSubnetwork(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
if v == nil {
return nil
}
original := v.(map[string]interface{})
if len(original) == 0 {
return nil
}
transformed := make(map[string]interface{})
transformed["network"] =
flattenNestedAccessContextManagerAccessLevelConditionVpcNetworkSourcesVpcSubnetworkNetwork(original["network"], d, config)
transformed["vpc_ip_subnetworks"] =
flattenNestedAccessContextManagerAccessLevelConditionVpcNetworkSourcesVpcSubnetworkVpcIpSubnetworks(original["vpcIpSubnetworks"], d, config)
return []interface{}{transformed}
}
func flattenNestedAccessContextManagerAccessLevelConditionVpcNetworkSourcesVpcSubnetworkNetwork(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}

func flattenNestedAccessContextManagerAccessLevelConditionVpcNetworkSourcesVpcSubnetworkVpcIpSubnetworks(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}

func expandNestedAccessContextManagerAccessLevelConditionIpSubnetworks(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
Expand Down Expand Up @@ -688,6 +774,62 @@ func expandNestedAccessContextManagerAccessLevelConditionRegions(v interface{},
return v, nil
}

func expandNestedAccessContextManagerAccessLevelConditionVpcNetworkSources(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
l := v.([]interface{})
req := make([]interface{}, 0, len(l))
for _, raw := range l {
if raw == nil {
continue
}
original := raw.(map[string]interface{})
transformed := make(map[string]interface{})

transformedVpcSubnetwork, err := expandNestedAccessContextManagerAccessLevelConditionVpcNetworkSourcesVpcSubnetwork(original["vpc_subnetwork"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedVpcSubnetwork); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["vpcSubnetwork"] = transformedVpcSubnetwork
}

req = append(req, transformed)
}
return req, nil
}

func expandNestedAccessContextManagerAccessLevelConditionVpcNetworkSourcesVpcSubnetwork(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
l := v.([]interface{})
if len(l) == 0 || l[0] == nil {
return nil, nil
}
raw := l[0]
original := raw.(map[string]interface{})
transformed := make(map[string]interface{})

transformedNetwork, err := expandNestedAccessContextManagerAccessLevelConditionVpcNetworkSourcesVpcSubnetworkNetwork(original["network"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedNetwork); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["network"] = transformedNetwork
}

transformedVpcIpSubnetworks, err := expandNestedAccessContextManagerAccessLevelConditionVpcNetworkSourcesVpcSubnetworkVpcIpSubnetworks(original["vpc_ip_subnetworks"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedVpcIpSubnetworks); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["vpcIpSubnetworks"] = transformedVpcIpSubnetworks
}

return transformed, nil
}

func expandNestedAccessContextManagerAccessLevelConditionVpcNetworkSourcesVpcSubnetworkNetwork(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}

func expandNestedAccessContextManagerAccessLevelConditionVpcNetworkSourcesVpcSubnetworkVpcIpSubnetworks(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}

func flattenNestedAccessContextManagerAccessLevelCondition(d *schema.ResourceData, meta interface{}, res map[string]interface{}) (map[string]interface{}, error) {
var v interface{}
var ok bool
Expand Down
Loading