From 549e631f2e0c70765676647bd190834145590ad3 Mon Sep 17 00:00:00 2001 From: Nick Elliot Date: Mon, 5 Aug 2024 11:16:21 -0700 Subject: [PATCH] go rewrite securitycenter-storage (#11353) --- mmv1/api/type.go | 4 +- .../go_EventThreatDetectionCustomModule.yaml | 103 ++++ .../securitycenter/go_FolderCustomModule.yaml | 231 ++++++++ .../securitycenter/go_MuteConfig.yaml | 104 ++++ .../securitycenter/go_NotificationConfig.yaml | 127 +++++ .../go_OrganizationCustomModule.yaml | 225 ++++++++ .../go_ProjectCustomModule.yaml | 209 +++++++ .../go_ProjectNotificationConfig.yaml | 121 ++++ mmv1/products/securitycenter/go_Source.yaml | 88 +++ mmv1/products/securitycenter/go_product.yaml | 23 + ...erSecurityHealthAnalyticsCustomModule.yaml | 233 ++++++++ ...ationEventThreatDetectionCustomModule.yaml | 113 ++++ ...onSecurityHealthAnalyticsCustomModule.yaml | 230 ++++++++ ...ctSecurityHealthAnalyticsCustomModule.yaml | 218 ++++++++ .../securitycentermanagement/go_product.yaml | 23 + mmv1/products/securityposture/go_Posture.yaml | 528 ++++++++++++++++++ .../securityposture/go_PostureDeployment.yaml | 154 +++++ mmv1/products/securityposture/go_product.yaml | 22 + .../securityscanner/go_ScanConfig.yaml | 196 +++++++ mmv1/products/securityscanner/go_product.yaml | 22 + .../servicedirectory/go_Endpoint.yaml | 112 ++++ .../servicedirectory/go_Namespace.yaml | 89 +++ .../products/servicedirectory/go_Service.yaml | 87 +++ .../products/servicedirectory/go_product.yaml | 22 + .../servicemanagement/go_Service.yaml | 50 ++ .../go_ServiceConsumers.yaml | 59 ++ .../servicemanagement/go_product.yaml | 23 + .../go_VPCServiceControls.yaml | 113 ++++ .../servicenetworking/go_product.yaml | 22 + .../go_ConsumerQuotaOverride.yaml | 151 +++++ mmv1/products/serviceusage/go_product.yaml | 25 + mmv1/products/sourcerepo/Repository.yaml | 1 - mmv1/products/sourcerepo/go_Repository.yaml | 112 ++++ mmv1/products/sourcerepo/go_product.yaml | 23 + mmv1/products/spanner/Instance.yaml | 2 - mmv1/products/spanner/go_Database.yaml | 171 ++++++ mmv1/products/spanner/go_Instance.yaml | 223 ++++++++ mmv1/products/spanner/go_InstanceConfig.yaml | 127 +++++ mmv1/products/spanner/go_product.yaml | 22 + mmv1/products/sql/go_Database.yaml | 116 ++++ .../sql/go_SourceRepresentationInstance.yaml | 135 +++++ mmv1/products/sql/go_product.yaml | 36 ++ ...L.yaml => DefaultObjectAccessControl.yaml} | 0 mmv1/products/storage/ManagedFolder.yaml | 18 +- mmv1/products/storage/go_Bucket.yaml | 516 +++++++++++++++++ .../storage/go_BucketAccessControl.yaml | 104 ++++ .../go_DefaultObjectAccessControl.yaml | 119 ++++ mmv1/products/storage/go_HmacKey.yaml | 99 ++++ mmv1/products/storage/go_ManagedFolder.yaml | 98 ++++ .../storage/go_ObjectAccessControl.yaml | 118 ++++ mmv1/products/storage/go_product.yaml | 22 + .../go/service_directory_service.go.tmpl | 1 - .../go/storage_managed_folder.go.tmpl | 11 + .../base_configs/iam_test_file.go.tmpl | 6 +- .../go/service_management_consumer.tf.tmpl | 1 + mmv1/templates/terraform/operation.go.tmpl | 4 +- .../go/resource_spanner_database.go.tmpl | 3 + .../pre_update/go/spanner_database.go.tmpl | 3 +- mmv1/templates/terraform/resource.go.tmpl | 2 +- .../go/spanner_database.go.tmpl | 3 +- ...tmpl => resource_sql_database_instance.go} | 7 +- .../storage/go/resource_storage_bucket.go | 28 +- .../go/resource_storage_bucket_test.go | 43 +- 63 files changed, 5850 insertions(+), 51 deletions(-) create mode 100644 mmv1/products/securitycenter/go_EventThreatDetectionCustomModule.yaml create mode 100644 mmv1/products/securitycenter/go_FolderCustomModule.yaml create mode 100644 mmv1/products/securitycenter/go_MuteConfig.yaml create mode 100644 mmv1/products/securitycenter/go_NotificationConfig.yaml create mode 100644 mmv1/products/securitycenter/go_OrganizationCustomModule.yaml create mode 100644 mmv1/products/securitycenter/go_ProjectCustomModule.yaml create mode 100644 mmv1/products/securitycenter/go_ProjectNotificationConfig.yaml create mode 100644 mmv1/products/securitycenter/go_Source.yaml create mode 100644 mmv1/products/securitycenter/go_product.yaml create mode 100644 mmv1/products/securitycentermanagement/go_FolderSecurityHealthAnalyticsCustomModule.yaml create mode 100644 mmv1/products/securitycentermanagement/go_OrganizationEventThreatDetectionCustomModule.yaml create mode 100644 mmv1/products/securitycentermanagement/go_OrganizationSecurityHealthAnalyticsCustomModule.yaml create mode 100644 mmv1/products/securitycentermanagement/go_ProjectSecurityHealthAnalyticsCustomModule.yaml create mode 100644 mmv1/products/securitycentermanagement/go_product.yaml create mode 100644 mmv1/products/securityposture/go_Posture.yaml create mode 100644 mmv1/products/securityposture/go_PostureDeployment.yaml create mode 100644 mmv1/products/securityposture/go_product.yaml create mode 100644 mmv1/products/securityscanner/go_ScanConfig.yaml create mode 100644 mmv1/products/securityscanner/go_product.yaml create mode 100644 mmv1/products/servicedirectory/go_Endpoint.yaml create mode 100644 mmv1/products/servicedirectory/go_Namespace.yaml create mode 100644 mmv1/products/servicedirectory/go_Service.yaml create mode 100644 mmv1/products/servicedirectory/go_product.yaml create mode 100644 mmv1/products/servicemanagement/go_Service.yaml create mode 100644 mmv1/products/servicemanagement/go_ServiceConsumers.yaml create mode 100644 mmv1/products/servicemanagement/go_product.yaml create mode 100644 mmv1/products/servicenetworking/go_VPCServiceControls.yaml create mode 100644 mmv1/products/servicenetworking/go_product.yaml create mode 100644 mmv1/products/serviceusage/go_ConsumerQuotaOverride.yaml create mode 100644 mmv1/products/serviceusage/go_product.yaml create mode 100644 mmv1/products/sourcerepo/go_Repository.yaml create mode 100644 mmv1/products/sourcerepo/go_product.yaml create mode 100644 mmv1/products/spanner/go_Database.yaml create mode 100644 mmv1/products/spanner/go_Instance.yaml create mode 100644 mmv1/products/spanner/go_InstanceConfig.yaml create mode 100644 mmv1/products/spanner/go_product.yaml create mode 100644 mmv1/products/sql/go_Database.yaml create mode 100644 mmv1/products/sql/go_SourceRepresentationInstance.yaml create mode 100644 mmv1/products/sql/go_product.yaml rename mmv1/products/storage/{DefaultObjectACL.yaml => DefaultObjectAccessControl.yaml} (100%) create mode 100644 mmv1/products/storage/go_Bucket.yaml create mode 100644 mmv1/products/storage/go_BucketAccessControl.yaml create mode 100644 mmv1/products/storage/go_DefaultObjectAccessControl.yaml create mode 100644 mmv1/products/storage/go_HmacKey.yaml create mode 100644 mmv1/products/storage/go_ManagedFolder.yaml create mode 100644 mmv1/products/storage/go_ObjectAccessControl.yaml create mode 100644 mmv1/products/storage/go_product.yaml create mode 100644 mmv1/templates/terraform/custom_update/go/storage_managed_folder.go.tmpl create mode 100644 mmv1/templates/terraform/pre_delete/go/resource_spanner_database.go.tmpl rename mmv1/third_party/terraform/services/sql/go/{resource_sql_database_instance.go.tmpl => resource_sql_database_instance.go} (99%) diff --git a/mmv1/api/type.go b/mmv1/api/type.go index 39380fce194b..62c342661a6a 100644 --- a/mmv1/api/type.go +++ b/mmv1/api/type.go @@ -299,7 +299,9 @@ func (t *Type) SetDefault(r *Resource) { t.ItemType.ParentMetadata = t t.ItemType.SetDefault(r) case t.IsA("Map"): - t.KeyExpander = "tpgresource.ExpandString" + if t.KeyExpander == "" { + t.KeyExpander = "tpgresource.ExpandString" + } t.ValueType.ParentName = t.Name t.ValueType.ParentMetadata = t t.ValueType.SetDefault(r) diff --git a/mmv1/products/securitycenter/go_EventThreatDetectionCustomModule.yaml b/mmv1/products/securitycenter/go_EventThreatDetectionCustomModule.yaml new file mode 100644 index 000000000000..bd3878e1b4c3 --- /dev/null +++ b/mmv1/products/securitycenter/go_EventThreatDetectionCustomModule.yaml @@ -0,0 +1,103 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'EventThreatDetectionCustomModule' +description: | + Represents an instance of an Event Threat Detection custom module, including + its full module name, display name, enablement state, andlast updated time. + You can create a custom module at the organization level only. +references: + guides: + 'Overview of custom modules for Event Threat Detection': 'https://cloud.google.com/security-command-center/docs/custom-modules-etd-overview' + api: 'https://cloud.google.com/security-command-center/docs/reference/rest/v1/organizations.eventThreatDetectionSettings.customModules' +docs: +base_url: 'organizations/{{organization}}/eventThreatDetectionSettings/customModules' +self_link: 'organizations/{{organization}}/eventThreatDetectionSettings/customModules/{{name}}' +update_verb: 'PATCH' +update_mask: true +mutex: 'organizations/{{organization}}/eventThreatDetectionSettings/customModules' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: +examples: + - name: 'scc_event_threat_detection_custom_module' + primary_resource_id: 'example' + vars: + display_name: 'basic_custom_module' + type: 'CONFIGURABLE_BAD_IP' + test_env_vars: + org_id: 'ORG_ID' + skip_test: true +parameters: + - name: 'organization' + type: String + description: | + Numerical ID of the parent organization. + + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + The resource name of the Event Threat Detection custom module. + Its format is "organizations/{organization}/eventThreatDetectionSettings/customModules/{module}". + output: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + - name: 'config' + type: String + description: | + Config for the module. For the resident module, its config value is defined at this level. + For the inherited module, its config value is inherited from the ancestor module. + required: true + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_schema.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'enablementState' + type: Enum + description: | + The state of enablement for the module at the given level of the hierarchy. + required: true + enum_values: + - 'ENABLED' + - 'DISABLED' + - name: 'type' + type: String + description: | + Immutable. Type for the module. e.g. CONFIGURABLE_BAD_IP. + required: true + immutable: true + - name: 'displayName' + type: String + description: | + The human readable name to be displayed for the module. + - name: 'updateTime' + type: String + description: | + The time at which the custom module was last updated. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and + up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'lastEditor' + type: String + description: | + The editor that last updated the custom module + output: true diff --git a/mmv1/products/securitycenter/go_FolderCustomModule.yaml b/mmv1/products/securitycenter/go_FolderCustomModule.yaml new file mode 100644 index 000000000000..10b38136e7f1 --- /dev/null +++ b/mmv1/products/securitycenter/go_FolderCustomModule.yaml @@ -0,0 +1,231 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'FolderCustomModule' +description: | + Represents an instance of a Security Health Analytics custom module, including + its full module name, display name, enablement state, and last updated time. + You can create a custom module at the organization, folder, or project level. + Custom modules that you create at the organization or folder level are inherited + by the child folders and projects. +references: + guides: + 'Overview of custom modules for Security Health Analytics': 'https://cloud.google.com/security-command-center/docs/custom-modules-sha-overview' + api: 'https://cloud.google.com/security-command-center/docs/reference/rest/v1/folders.securityHealthAnalyticsSettings.customModules' +docs: +base_url: 'folders/{{folder}}/securityHealthAnalyticsSettings/customModules' +self_link: 'folders/{{folder}}/securityHealthAnalyticsSettings/customModules/{{name}}' +update_verb: 'PATCH' +update_mask: true +mutex: 'folders/{{folder}}/securityHealthAnalyticsSettings/customModules' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: +examples: + - name: 'scc_folder_custom_module_basic' + primary_resource_id: 'example' + vars: + folder_display_name: 'folder-name' + display_name: 'basic_custom_module' + sleep: '' + test_env_vars: + org_id: 'ORG_ID' + test_vars_overrides: + 'sleep': 'true' + external_providers: ["random", "time"] + skip_test: true + - name: 'scc_folder_custom_module_full' + primary_resource_id: 'example' + vars: + folder_display_name: 'folder-name' + display_name: 'full_custom_module' + sleep: '' + test_env_vars: + org_id: 'ORG_ID' + test_vars_overrides: + 'sleep': 'true' + external_providers: ["random", "time"] + skip_test: true +parameters: + - name: 'folder' + type: String + description: | + Numerical ID of the parent folder. + + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + The resource name of the custom module. Its format is "folders/{folder_id}/securityHealthAnalyticsSettings/customModules/{customModule}". + The id {customModule} is server-generated and is not user settable. It will be a numeric id containing 1-20 digits. + output: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + - name: 'displayName' + type: String + description: | + The display name of the Security Health Analytics custom module. This + display name becomes the finding category for all findings that are + returned by this custom module. The display name must be between 1 and + 128 characters, start with a lowercase letter, and contain alphanumeric + characters or underscores only. + required: true + immutable: true + validation: + function: 'verify.ValidateRegexp(`^[a-z][\w_]{0,127}$`)' + - name: 'enablementState' + type: Enum + description: | + The enablement state of the custom module. + required: true + enum_values: + - 'ENABLED' + - 'DISABLED' + - name: 'updateTime' + type: String + description: | + The time at which the custom module was last updated. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and + up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'lastEditor' + type: String + description: | + The editor that last updated the custom module. + output: true + - name: 'ancestorModule' + type: String + description: | + If empty, indicates that the custom module was created in the organization, folder, + or project in which you are viewing the custom module. Otherwise, ancestor_module + specifies the organization or folder from which the custom module is inherited. + output: true + - name: 'customConfig' + type: NestedObject + description: | + The user specified custom configuration for the module. + required: true + properties: + - name: 'predicate' + type: NestedObject + description: | + The CEL expression to evaluate to produce findings. When the expression evaluates + to true against a resource, a finding is generated. + required: true + properties: + - name: 'expression' + type: String + description: | + Textual representation of an expression in Common Expression Language syntax. + required: true + - name: 'title' + type: String + description: | + Title for the expression, i.e. a short string describing its purpose. This can + be used e.g. in UIs which allow to enter the expression. + - name: 'description' + type: String + description: | + Description of the expression. This is a longer text which describes the + expression, e.g. when hovered over it in a UI. + - name: 'location' + type: String + description: | + String indicating the location of the expression for error reporting, e.g. a + file name and a position in the file. + - name: 'customOutput' + type: NestedObject + description: | + Custom output properties. + properties: + - name: 'properties' + type: Array + description: | + A list of custom output properties to add to the finding. + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + Name of the property for the custom output. + - name: 'valueExpression' + type: NestedObject + description: | + The CEL expression for the custom output. A resource property can be specified + to return the value of the property or a text string enclosed in quotation marks. + properties: + - name: 'expression' + type: String + description: | + Textual representation of an expression in Common Expression Language syntax. + required: true + - name: 'title' + type: String + description: | + Title for the expression, i.e. a short string describing its purpose. This can + be used e.g. in UIs which allow to enter the expression. + - name: 'description' + type: String + description: | + Description of the expression. This is a longer text which describes the + expression, e.g. when hovered over it in a UI. + - name: 'location' + type: String + description: | + String indicating the location of the expression for error reporting, e.g. a + file name and a position in the file. + - name: 'resourceSelector' + type: NestedObject + description: | + The resource types that the custom module operates on. Each custom module + can specify up to 5 resource types. + required: true + properties: + - name: 'resourceTypes' + type: Array + description: | + The resource types to run the detector on. + required: true + item_type: + type: String + - name: 'severity' + type: Enum + description: | + The severity to assign to findings generated by the module. + required: true + enum_values: + - 'CRITICAL' + - 'HIGH' + - 'MEDIUM' + - 'LOW' + - name: 'description' + type: String + description: | + Text that describes the vulnerability or misconfiguration that the custom + module detects. This explanation is returned with each finding instance to + help investigators understand the detected issue. The text must be enclosed in quotation marks. + - name: 'recommendation' + type: String + description: | + An explanation of the recommended steps that security teams can take to resolve + the detected issue. This explanation is returned with each finding generated by + this module in the nextSteps property of the finding JSON. + required: true diff --git a/mmv1/products/securitycenter/go_MuteConfig.yaml b/mmv1/products/securitycenter/go_MuteConfig.yaml new file mode 100644 index 000000000000..80b90d5f08f5 --- /dev/null +++ b/mmv1/products/securitycenter/go_MuteConfig.yaml @@ -0,0 +1,104 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'MuteConfig' +description: | + Mute Findings is a volume management feature in Security Command Center + that lets you manually or programmatically hide irrelevant findings, + and create filters to automatically silence existing and future + findings based on criteria you specify. +references: + guides: + api: 'https://cloud.google.com/security-command-center/docs/reference/rest/v1/organizations.muteConfigs' +docs: +base_url: '{{parent}}/muteConfigs' +self_link: '{{name}}' +create_url: '{{parent}}/muteConfigs?muteConfigId={{mute_config_id}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - '{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: + custom_import: 'templates/terraform/custom_import/go/scc_mute_config.go.tmpl' +skip_sweeper: true +examples: + - name: 'scc_mute_config' + primary_resource_id: 'default' + vars: + mute_config_id: 'my-config' + test_env_vars: + org_id: 'ORG_ID' +parameters: + - name: 'muteConfigId' + type: String + description: | + Unique identifier provided by the client within the parent scope. + url_param_only: true + required: true + immutable: true + - name: 'parent' + type: String + description: | + Resource name of the new mute configs's parent. Its format is + "organizations/[organization_id]", "folders/[folder_id]", or + "projects/[project_id]". + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + Name of the mute config. Its format is + organizations/{organization}/muteConfigs/{configId}, + folders/{folder}/muteConfigs/{configId}, + or projects/{project}/muteConfigs/{configId} + output: true + - name: 'description' + type: String + description: A description of the mute config. + - name: 'filter' + type: String + description: | + An expression that defines the filter to apply across create/update + events of findings. While creating a filter string, be mindful of + the scope in which the mute configuration is being created. E.g., + If a filter contains project = X but is created under the + project = Y scope, it might not match any findings. + required: true + - name: 'createTime' + type: String + description: | + The time at which the mute config was created. This field is set by + the server and will be ignored if provided on config creation. + output: true + - name: 'updateTime' + type: String + description: | + Output only. The most recent time at which the mute config was + updated. This field is set by the server and will be ignored if + provided on config creation or update. + output: true + - name: 'mostRecentEditor' + type: String + description: | + Email address of the user who last edited the mute config. This + field is set by the server and will be ignored if provided on + config creation or update. + output: true diff --git a/mmv1/products/securitycenter/go_NotificationConfig.yaml b/mmv1/products/securitycenter/go_NotificationConfig.yaml new file mode 100644 index 000000000000..907ce77b9c17 --- /dev/null +++ b/mmv1/products/securitycenter/go_NotificationConfig.yaml @@ -0,0 +1,127 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'NotificationConfig' +description: | + A Cloud Security Command Center (Cloud SCC) notification configs. A + notification config is a Cloud SCC resource that contains the + configuration to send notifications for create/update events of + findings, assets and etc. + ~> **Note:** In order to use Cloud SCC resources, your organization must be enrolled + in [SCC Standard/Premium](https://cloud.google.com/security-command-center/docs/quickstart-security-command-center). + Without doing so, you may run into errors during resource creation. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/security-command-center/docs' + api: 'https://cloud.google.com/security-command-center/docs/reference/rest/v1/organizations.notificationConfigs' +docs: +base_url: 'organizations/{{organization}}/notificationConfigs' +self_link: '{{name}}' +create_url: 'organizations/{{organization}}/notificationConfigs?configId={{config_id}}' +update_verb: 'PATCH' +update_mask: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: + post_create: 'templates/terraform/post_create/go/set_computed_name.tmpl' + custom_import: 'templates/terraform/custom_import/go/scc_source_self_link_as_name_set_organization.go.tmpl' +examples: + - name: 'scc_notification_config_basic' + primary_resource_id: 'custom_notification_config' + vars: + topic_name: 'my-topic' + config_id: 'my-config' + test_env_vars: + org_id: 'ORG_ID' +parameters: + - name: 'organization' + type: String + description: | + The organization whose Cloud Security Command Center the Notification + Config lives in. + url_param_only: true + required: true + immutable: true + - name: 'configId' + type: String + description: | + This must be unique within the organization. + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + The resource name of this notification config, in the format + `organizations/{{organization}}/notificationConfigs/{{config_id}}`. + output: true + - name: 'description' + type: String + description: | + The description of the notification config (max of 1024 characters). + validation: + function: 'validation.StringLenBetween(0, 1024)' + - name: 'pubsubTopic' + type: String + description: | + The Pub/Sub topic to send notifications to. Its format is + "projects/[project_id]/topics/[topic]". + required: true + - name: 'serviceAccount' + type: String + description: | + The service account that needs "pubsub.topics.publish" permission to + publish to the Pub/Sub topic. + output: true + - name: 'streamingConfig' + type: NestedObject + description: | + The config for triggering streaming-based notifications. + required: true + update_mask_fields: + - 'streamingConfig.filter' + properties: + - name: 'filter' + type: String + description: | + Expression that defines the filter to apply across create/update + events of assets or findings as specified by the event type. The + expression is a list of zero or more restrictions combined via + logical operators AND and OR. Parentheses are supported, and OR + has higher precedence than AND. + + Restrictions have the form and may have + a - character in front of them to indicate negation. The fields + map to those defined in the corresponding resource. + + The supported operators are: + + * = for all value types. + * >, <, >=, <= for integer values. + * :, meaning substring matching, for strings. + + The supported value types are: + + * string literals in quotes. + * integer literals without quotes. + * boolean literals true and false without quotes. + + See + [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) + for information on how to write a filter. + required: true diff --git a/mmv1/products/securitycenter/go_OrganizationCustomModule.yaml b/mmv1/products/securitycenter/go_OrganizationCustomModule.yaml new file mode 100644 index 000000000000..90940adf6435 --- /dev/null +++ b/mmv1/products/securitycenter/go_OrganizationCustomModule.yaml @@ -0,0 +1,225 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'OrganizationCustomModule' +description: | + Represents an instance of a Security Health Analytics custom module, including + its full module name, display name, enablement state, and last updated time. + You can create a custom module at the organization, folder, or project level. + Custom modules that you create at the organization or folder level are inherited + by the child folders and projects. +references: + guides: + 'Overview of custom modules for Security Health Analytics': 'https://cloud.google.com/security-command-center/docs/custom-modules-sha-overview' + api: 'https://cloud.google.com/security-command-center/docs/reference/rest/v1/organizations.securityHealthAnalyticsSettings.customModules' +docs: +base_url: 'organizations/{{organization}}/securityHealthAnalyticsSettings/customModules' +self_link: 'organizations/{{organization}}/securityHealthAnalyticsSettings/customModules/{{name}}' +update_verb: 'PATCH' +update_mask: true +mutex: 'organizations/{{organization}}/securityHealthAnalyticsSettings/customModules' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: +examples: + - name: 'scc_organization_custom_module_basic' + primary_resource_id: 'example' + vars: + display_name: 'basic_custom_module' + test_env_vars: + org_id: 'ORG_ID' + test_vars_overrides: + 'sleep': 'true' + skip_test: true + - name: 'scc_organization_custom_module_full' + primary_resource_id: 'example' + vars: + display_name: 'full_custom_module' + test_env_vars: + org_id: 'ORG_ID' + test_vars_overrides: + 'sleep': 'true' + skip_test: true +parameters: + - name: 'organization' + type: String + description: | + Numerical ID of the parent organization. + + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + The resource name of the custom module. Its format is "organizations/{org_id}/securityHealthAnalyticsSettings/customModules/{customModule}". + The id {customModule} is server-generated and is not user settable. It will be a numeric id containing 1-20 digits. + output: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + - name: 'displayName' + type: String + description: | + The display name of the Security Health Analytics custom module. This + display name becomes the finding category for all findings that are + returned by this custom module. The display name must be between 1 and + 128 characters, start with a lowercase letter, and contain alphanumeric + characters or underscores only. + required: true + immutable: true + validation: + function: 'verify.ValidateRegexp(`^[a-z][\w_]{0,127}$`)' + - name: 'enablementState' + type: Enum + description: | + The enablement state of the custom module. + required: true + enum_values: + - 'ENABLED' + - 'DISABLED' + - name: 'updateTime' + type: String + description: | + The time at which the custom module was last updated. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and + up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'lastEditor' + type: String + description: | + The editor that last updated the custom module. + output: true + - name: 'ancestorModule' + type: String + description: | + If empty, indicates that the custom module was created in the organization, folder, + or project in which you are viewing the custom module. Otherwise, ancestor_module + specifies the organization or folder from which the custom module is inherited. + output: true + - name: 'customConfig' + type: NestedObject + description: | + The user specified custom configuration for the module. + required: true + properties: + - name: 'predicate' + type: NestedObject + description: | + The CEL expression to evaluate to produce findings. When the expression evaluates + to true against a resource, a finding is generated. + required: true + properties: + - name: 'expression' + type: String + description: | + Textual representation of an expression in Common Expression Language syntax. + required: true + - name: 'title' + type: String + description: | + Title for the expression, i.e. a short string describing its purpose. This can + be used e.g. in UIs which allow to enter the expression. + - name: 'description' + type: String + description: | + Description of the expression. This is a longer text which describes the + expression, e.g. when hovered over it in a UI. + - name: 'location' + type: String + description: | + String indicating the location of the expression for error reporting, e.g. a + file name and a position in the file. + - name: 'customOutput' + type: NestedObject + description: | + Custom output properties. + properties: + - name: 'properties' + type: Array + description: | + A list of custom output properties to add to the finding. + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + Name of the property for the custom output. + - name: 'valueExpression' + type: NestedObject + description: | + The CEL expression for the custom output. A resource property can be specified + to return the value of the property or a text string enclosed in quotation marks. + properties: + - name: 'expression' + type: String + description: | + Textual representation of an expression in Common Expression Language syntax. + required: true + - name: 'title' + type: String + description: | + Title for the expression, i.e. a short string describing its purpose. This can + be used e.g. in UIs which allow to enter the expression. + - name: 'description' + type: String + description: | + Description of the expression. This is a longer text which describes the + expression, e.g. when hovered over it in a UI. + - name: 'location' + type: String + description: | + String indicating the location of the expression for error reporting, e.g. a + file name and a position in the file. + - name: 'resourceSelector' + type: NestedObject + description: | + The resource types that the custom module operates on. Each custom module + can specify up to 5 resource types. + required: true + properties: + - name: 'resourceTypes' + type: Array + description: | + The resource types to run the detector on. + required: true + item_type: + type: String + - name: 'severity' + type: Enum + description: | + The severity to assign to findings generated by the module. + required: true + enum_values: + - 'CRITICAL' + - 'HIGH' + - 'MEDIUM' + - 'LOW' + - name: 'description' + type: String + description: | + Text that describes the vulnerability or misconfiguration that the custom + module detects. This explanation is returned with each finding instance to + help investigators understand the detected issue. The text must be enclosed in quotation marks. + - name: 'recommendation' + type: String + description: | + An explanation of the recommended steps that security teams can take to resolve + the detected issue. This explanation is returned with each finding generated by + this module in the nextSteps property of the finding JSON. + required: true diff --git a/mmv1/products/securitycenter/go_ProjectCustomModule.yaml b/mmv1/products/securitycenter/go_ProjectCustomModule.yaml new file mode 100644 index 000000000000..107bd8abab5f --- /dev/null +++ b/mmv1/products/securitycenter/go_ProjectCustomModule.yaml @@ -0,0 +1,209 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ProjectCustomModule' +description: | + Represents an instance of a Security Health Analytics custom module, including + its full module name, display name, enablement state, and last updated time. + You can create a custom module at the organization, folder, or project level. + Custom modules that you create at the organization or folder level are inherited + by the child folders and projects. +references: + guides: + 'Overview of custom modules for Security Health Analytics': 'https://cloud.google.com/security-command-center/docs/custom-modules-sha-overview' + api: 'https://cloud.google.com/security-command-center/docs/reference/rest/v1/projects.securityHealthAnalyticsSettings.customModules' +docs: +base_url: 'projects/{{project}}/securityHealthAnalyticsSettings/customModules' +self_link: 'projects/{{project}}/securityHealthAnalyticsSettings/customModules/{{name}}' +update_verb: 'PATCH' +update_mask: true +mutex: 'projects/{{project}}/securityHealthAnalyticsSettings/customModules' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: +examples: + - name: 'scc_project_custom_module_basic' + primary_resource_id: 'example' + vars: + display_name: 'basic_custom_module' + skip_test: true + - name: 'scc_project_custom_module_full' + primary_resource_id: 'example' + vars: + display_name: 'full_custom_module' + skip_test: true +parameters: +properties: + - name: 'name' + type: String + description: | + The resource name of the custom module. Its format is "projects/{project}/securityHealthAnalyticsSettings/customModules/{customModule}". + The id {customModule} is server-generated and is not user settable. It will be a numeric id containing 1-20 digits. + output: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + - name: 'displayName' + type: String + description: | + The display name of the Security Health Analytics custom module. This + display name becomes the finding category for all findings that are + returned by this custom module. The display name must be between 1 and + 128 characters, start with a lowercase letter, and contain alphanumeric + characters or underscores only. + required: true + immutable: true + validation: + function: 'verify.ValidateRegexp(`^[a-z][\w_]{0,127}$`)' + - name: 'enablementState' + type: Enum + description: | + The enablement state of the custom module. + required: true + enum_values: + - 'ENABLED' + - 'DISABLED' + - name: 'updateTime' + type: String + description: | + The time at which the custom module was last updated. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and + up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'lastEditor' + type: String + description: | + The editor that last updated the custom module. + output: true + - name: 'ancestorModule' + type: String + description: | + If empty, indicates that the custom module was created in the organization,folder, + or project in which you are viewing the custom module. Otherwise, ancestor_module + specifies the organization or folder from which the custom module is inherited. + output: true + - name: 'customConfig' + type: NestedObject + description: | + The user specified custom configuration for the module. + required: true + properties: + - name: 'predicate' + type: NestedObject + description: | + The CEL expression to evaluate to produce findings. When the expression evaluates + to true against a resource, a finding is generated. + required: true + properties: + - name: 'expression' + type: String + description: | + Textual representation of an expression in Common Expression Language syntax. + required: true + - name: 'title' + type: String + description: | + Title for the expression, i.e. a short string describing its purpose. This can + be used e.g. in UIs which allow to enter the expression. + - name: 'description' + type: String + description: | + Description of the expression. This is a longer text which describes the + expression, e.g. when hovered over it in a UI. + - name: 'location' + type: String + description: | + String indicating the location of the expression for error reporting, e.g. a + file name and a position in the file. + - name: 'customOutput' + type: NestedObject + description: | + Custom output properties. + properties: + - name: 'properties' + type: Array + description: | + A list of custom output properties to add to the finding. + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + Name of the property for the custom output. + - name: 'valueExpression' + type: NestedObject + description: | + The CEL expression for the custom output. A resource property can be specified + to return the value of the property or a text string enclosed in quotation marks. + properties: + - name: 'expression' + type: String + description: | + Textual representation of an expression in Common Expression Language syntax. + required: true + - name: 'title' + type: String + description: | + Title for the expression, i.e. a short string describing its purpose. This can + be used e.g. in UIs which allow to enter the expression. + - name: 'description' + type: String + description: | + Description of the expression. This is a longer text which describes the + expression, e.g. when hovered over it in a UI. + - name: 'location' + type: String + description: | + String indicating the location of the expression for error reporting, e.g. a + file name and a position in the file. + - name: 'resourceSelector' + type: NestedObject + description: | + The resource types that the custom module operates on. Each custom module + can specify up to 5 resource types. + required: true + properties: + - name: 'resourceTypes' + type: Array + description: | + The resource types to run the detector on. + required: true + item_type: + type: String + - name: 'severity' + type: Enum + description: | + The severity to assign to findings generated by the module. + required: true + enum_values: + - 'CRITICAL' + - 'HIGH' + - 'MEDIUM' + - 'LOW' + - name: 'description' + type: String + description: | + Text that describes the vulnerability or misconfiguration that the custom + module detects. This explanation is returned with each finding instance to + help investigators understand the detected issue. The text must be enclosed in quotation marks. + - name: 'recommendation' + type: String + description: | + An explanation of the recommended steps that security teams can take to resolve + the detected issue. This explanation is returned with each finding generated by + this module in the nextSteps property of the finding JSON. + required: true diff --git a/mmv1/products/securitycenter/go_ProjectNotificationConfig.yaml b/mmv1/products/securitycenter/go_ProjectNotificationConfig.yaml new file mode 100644 index 000000000000..57879dd3a948 --- /dev/null +++ b/mmv1/products/securitycenter/go_ProjectNotificationConfig.yaml @@ -0,0 +1,121 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ProjectNotificationConfig' +description: | + A Cloud Security Command Center (Cloud SCC) notification configs. A + notification config is a Cloud SCC resource that contains the + configuration to send notifications for create/update events of + findings, assets and etc. + ~> **Note:** In order to use Cloud SCC resources, your organization must be enrolled + in [SCC Standard/Premium](https://cloud.google.com/security-command-center/docs/quickstart-security-command-center). + Without doing so, you may run into errors during resource creation. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/security-command-center/docs' + api: 'https://cloud.google.com/security-command-center/docs/reference/rest/v1/projects.notificationConfigs' +docs: +base_url: 'projects/{{project}}/notificationConfigs' +self_link: '{{name}}' +create_url: 'projects/{{project}}/notificationConfigs?configId={{config_id}}' +update_verb: 'PATCH' +update_mask: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: + post_create: 'templates/terraform/post_create/go/set_computed_name.tmpl' + custom_import: 'templates/terraform/custom_import/go/self_link_as_name_set_project.go.tmpl' +examples: + - name: 'scc_project_notification_config_basic' + primary_resource_id: 'custom_notification_config' + vars: + topic_name: 'my-topic' + config_id: 'my-config' + test_env_vars: + project: 'PROJECT_NAME' + ignore_read_extra: + - 'project' +parameters: + - name: 'configId' + type: String + description: | + This must be unique within the organization. + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + The resource name of this notification config, in the format + `projects/{{projectId}}/notificationConfigs/{{config_id}}`. + output: true + - name: 'description' + type: String + description: | + The description of the notification config (max of 1024 characters). + validation: + function: 'validation.StringLenBetween(0, 1024)' + - name: 'pubsubTopic' + type: String + description: | + The Pub/Sub topic to send notifications to. Its format is + "projects/[project_id]/topics/[topic]". + required: true + - name: 'serviceAccount' + type: String + description: | + The service account that needs "pubsub.topics.publish" permission to + publish to the Pub/Sub topic. + output: true + - name: 'streamingConfig' + type: NestedObject + description: | + The config for triggering streaming-based notifications. + required: true + update_mask_fields: + - 'streamingConfig.filter' + properties: + - name: 'filter' + type: String + description: | + Expression that defines the filter to apply across create/update + events of assets or findings as specified by the event type. The + expression is a list of zero or more restrictions combined via + logical operators AND and OR. Parentheses are supported, and OR + has higher precedence than AND. + + Restrictions have the form and may have + a - character in front of them to indicate negation. The fields + map to those defined in the corresponding resource. + + The supported operators are: + + * = for all value types. + * >, <, >=, <= for integer values. + * :, meaning substring matching, for strings. + + The supported value types are: + + * string literals in quotes. + * integer literals without quotes. + * boolean literals true and false without quotes. + + See + [Filtering notifications](https://cloud.google.com/security-command-center/docs/how-to-api-filter-notifications) + for information on how to write a filter. + required: true diff --git a/mmv1/products/securitycenter/go_Source.yaml b/mmv1/products/securitycenter/go_Source.yaml new file mode 100644 index 000000000000..388d768d737d --- /dev/null +++ b/mmv1/products/securitycenter/go_Source.yaml @@ -0,0 +1,88 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Source' +description: | + A Cloud Security Command Center's (Cloud SCC) finding source. A finding + source is an entity or a mechanism that can produce a finding. A source is + like a container of findings that come from the same scanner, logger, + monitor, etc. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/security-command-center/docs' + api: 'https://cloud.google.com/security-command-center/docs/reference/rest/v1/organizations.sources' +docs: +base_url: 'organizations/{{organization}}/sources' +self_link: '{{name}}' +update_verb: 'PATCH' +update_mask: true +skip_delete: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +iam_policy: + method_name_separator: ':' + fetch_iam_policy_verb: 'POST' + parent_resource_attribute: 'source' + base_url: 'organizations/{{organization}}/sources/{{source}}' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + import_format: + - 'organizations/{{organization}}/sources/{{source}}' + - '{{source}}' +custom_code: + post_create: 'templates/terraform/post_create/go/set_computed_name.tmpl' + custom_import: 'templates/terraform/custom_import/go/scc_source_self_link_as_name_set_organization.go.tmpl' +examples: + - name: 'scc_source_basic' + primary_resource_id: 'custom_source' + vars: + source_display_name: 'My Source' + test_env_vars: + org_id: 'ORG_ID' + skip_test: true +parameters: + - name: 'organization' + type: String + description: | + The organization whose Cloud Security Command Center the Source + lives in. + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + The resource name of this source, in the format + `organizations/{{organization}}/sources/{{source}}`. + output: true + - name: 'description' + type: String + description: | + The description of the source (max of 1024 characters). + validation: + function: 'validation.StringLenBetween(0, 1024)' + - name: 'displayName' + type: String + description: | + The source’s display name. A source’s display name must be unique + amongst its siblings, for example, two sources with the same parent + can't share the same display name. The display name must start and end + with a letter or digit, may contain letters, digits, spaces, hyphens, + and underscores, and can be no longer than 32 characters. + required: true + validation: + regex: '[\p{L}\p{N}]({\p{L}\p{N}_- ]{0,30}[\p{L}\p{N}])?' diff --git a/mmv1/products/securitycenter/go_product.yaml b/mmv1/products/securitycenter/go_product.yaml new file mode 100644 index 000000000000..cba94c5c976c --- /dev/null +++ b/mmv1/products/securitycenter/go_product.yaml @@ -0,0 +1,23 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'SecurityCenter' +legacy_name: 'scc' +display_name: 'Security Command Center (SCC)' +versions: + - name: 'ga' + base_url: 'https://securitycenter.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/securitycentermanagement/go_FolderSecurityHealthAnalyticsCustomModule.yaml b/mmv1/products/securitycentermanagement/go_FolderSecurityHealthAnalyticsCustomModule.yaml new file mode 100644 index 000000000000..8bfa10ddac52 --- /dev/null +++ b/mmv1/products/securitycentermanagement/go_FolderSecurityHealthAnalyticsCustomModule.yaml @@ -0,0 +1,233 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'FolderSecurityHealthAnalyticsCustomModule' +description: | + Represents an instance of a Security Health Analytics custom module, including + its full module name, display name, enablement state, and last updated time. + You can create a custom module at the organization, folder, or project level. + Custom modules that you create at the organization or folder level are inherited + by the child folders and projects. +references: + guides: + 'Overview of custom modules for Security Health Analytics': 'https://cloud.google.com/security-command-center/docs/custom-modules-sha-overview' + api: 'https://cloud.google.com/security-command-center/docs/reference/security-center-management/rest/v1/folders.locations.securityHealthAnalyticsCustomModules' +docs: +base_url: 'folders/{{folder}}/locations/{{location}}/securityHealthAnalyticsCustomModules' +self_link: 'folders/{{folder}}/locations/{{location}}/securityHealthAnalyticsCustomModules/{{name}}' +update_verb: 'PATCH' +update_mask: true +mutex: 'folders/{{folder}}/locations/{{location}}/securityHealthAnalyticsCustomModules' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: +examples: + - name: 'scc_management_folder_security_health_analytics_custom_module_basic' + primary_resource_id: 'example' + vars: + folder_display_name: 'folder-name' + display_name: 'basic_custom_module' + sleep: '' + test_env_vars: + org_id: 'ORG_ID' + test_vars_overrides: + 'sleep': 'true' + external_providers: ["random", "time"] + skip_test: true + - name: 'scc_management_folder_security_health_analytics_custom_module_full' + primary_resource_id: 'example' + vars: + folder_display_name: 'folder-name' + display_name: 'full_custom_module' + sleep: '' + test_env_vars: + org_id: 'ORG_ID' + test_vars_overrides: + 'sleep': 'true' + external_providers: ["random", "time"] + skip_test: true +parameters: + - name: 'folder' + type: String + description: | + Numerical ID of the parent folder. + + url_param_only: true + required: true + immutable: true + - name: 'location' + type: String + description: | + Location ID of the parent organization. If not provided, 'global' will be used as the default location. + + url_param_only: true + required: false + immutable: true + default_value: "global" +properties: + - name: 'name' + type: String + description: | + The resource name of the custom module. Its format is "folders/{folder}/locations/{location}/securityHealthAnalyticsCustomModules/{securityHealthAnalyticsCustomModule}". + The id {securityHealthAnalyticsCustomModule} is server-generated and is not user settable. It will be a numeric id containing 1-20 digits. + output: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + - name: 'displayName' + type: String + description: | + The display name of the Security Health Analytics custom module. This + display name becomes the finding category for all findings that are + returned by this custom module. The display name must be between 1 and + 128 characters, start with a lowercase letter, and contain alphanumeric + characters or underscores only. + immutable: true + validation: + function: 'verify.ValidateRegexp(`^[a-z][\w_]{0,127}$`)' + - name: 'enablementState' + type: Enum + description: | + The enablement state of the custom module. + enum_values: + - 'ENABLED' + - 'DISABLED' + - name: 'updateTime' + type: String + description: | + The time at which the custom module was last updated. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and + up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'lastEditor' + type: String + description: | + The editor that last updated the custom module. + output: true + - name: 'ancestorModule' + type: String + description: | + If empty, indicates that the custom module was created in the organization, folder, + or project in which you are viewing the custom module. Otherwise, ancestor_module + specifies the organization or folder from which the custom module is inherited. + output: true + - name: 'customConfig' + type: NestedObject + description: | + The user specified custom configuration for the module. + properties: + - name: 'predicate' + type: NestedObject + description: | + The CEL expression to evaluate to produce findings. When the expression evaluates + to true against a resource, a finding is generated. + properties: + - name: 'expression' + type: String + description: | + Textual representation of an expression in Common Expression Language syntax. + required: true + - name: 'title' + type: String + description: | + Title for the expression, i.e. a short string describing its purpose. This can + be used e.g. in UIs which allow to enter the expression. + - name: 'description' + type: String + description: | + Description of the expression. This is a longer text which describes the + expression, e.g. when hovered over it in a UI. + - name: 'location' + type: String + description: | + String indicating the location of the expression for error reporting, e.g. a + file name and a position in the file. + - name: 'customOutput' + type: NestedObject + description: | + Custom output properties. + properties: + - name: 'properties' + type: Array + description: | + A list of custom output properties to add to the finding. + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + Name of the property for the custom output. + - name: 'valueExpression' + type: NestedObject + description: | + The CEL expression for the custom output. A resource property can be specified + to return the value of the property or a text string enclosed in quotation marks. + properties: + - name: 'expression' + type: String + description: | + Textual representation of an expression in Common Expression Language syntax. + required: true + - name: 'title' + type: String + description: | + Title for the expression, i.e. a short string describing its purpose. This can + be used e.g. in UIs which allow to enter the expression. + - name: 'description' + type: String + description: | + Description of the expression. This is a longer text which describes the + expression, e.g. when hovered over it in a UI. + - name: 'location' + type: String + description: | + String indicating the location of the expression for error reporting, e.g. a + file name and a position in the file. + - name: 'resourceSelector' + type: NestedObject + description: | + The resource types that the custom module operates on. Each custom module + can specify up to 5 resource types. + properties: + - name: 'resourceTypes' + type: Array + description: | + The resource types to run the detector on. + required: true + item_type: + type: String + - name: 'severity' + type: Enum + description: | + The severity to assign to findings generated by the module. + enum_values: + - 'CRITICAL' + - 'HIGH' + - 'MEDIUM' + - 'LOW' + - name: 'description' + type: String + description: | + Text that describes the vulnerability or misconfiguration that the custom + module detects. This explanation is returned with each finding instance to + help investigators understand the detected issue. The text must be enclosed in quotation marks. + - name: 'recommendation' + type: String + description: | + An explanation of the recommended steps that security teams can take to resolve + the detected issue. This explanation is returned with each finding generated by + this module in the nextSteps property of the finding JSON. diff --git a/mmv1/products/securitycentermanagement/go_OrganizationEventThreatDetectionCustomModule.yaml b/mmv1/products/securitycentermanagement/go_OrganizationEventThreatDetectionCustomModule.yaml new file mode 100644 index 000000000000..f079e61ab5b1 --- /dev/null +++ b/mmv1/products/securitycentermanagement/go_OrganizationEventThreatDetectionCustomModule.yaml @@ -0,0 +1,113 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'OrganizationEventThreatDetectionCustomModule' +description: | + Represents an instance of an Event Threat Detection custom module, including + its full module name, display name, enablement state, and last updated time. + You can create a custom module at the organization level only. +references: + guides: + 'Overview of custom modules for Event Threat Detection': 'https://cloud.google.com/security-command-center/docs/custom-modules-etd-overview' + api: 'https://cloud.google.com/security-command-center/docs/reference/security-center-management/rest/v1/organizations.locations.eventThreatDetectionCustomModules' +docs: +base_url: 'organizations/{{organization}}/locations/{{location}}/eventThreatDetectionCustomModules' +self_link: 'organizations/{{organization}}/locations/{{location}}/eventThreatDetectionCustomModules/{{name}}' +update_verb: 'PATCH' +update_mask: true +mutex: 'organizations/{{organization}}/locations/{{location}}/eventThreatDetectionCustomModules' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: +examples: + - name: 'scc_management_organization_event_threat_detection_custom_module' + primary_resource_id: 'example' + vars: + display_name: 'basic_custom_module' + type: 'CONFIGURABLE_BAD_IP' + test_env_vars: + org_id: 'ORG_ID' + skip_test: true +parameters: + - name: 'organization' + type: String + description: | + Numerical ID of the parent organization. + + url_param_only: true + required: true + immutable: true + - name: 'location' + type: String + description: | + Location ID of the parent organization. Only global is supported at the moment. + + + url_param_only: true + required: false + immutable: true + default_value: "global" +properties: + - name: 'name' + type: String + description: | + The resource name of the Event Threat Detection custom module. + Its format is "organizations/{organization}/locations/{location}/eventThreatDetectionCustomModules/{eventThreatDetectionCustomModule}". + output: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + - name: 'config' + type: String + description: | + Config for the module. For the resident module, its config value is defined at this level. + For the inherited module, its config value is inherited from the ancestor module. + required: false + state_func: 'func(v interface{}) string { s, _ := structure.NormalizeJsonString(v); return s }' + custom_flatten: 'templates/terraform/custom_flatten/go/json_schema.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/json_schema.tmpl' + validation: + function: 'validation.StringIsJSON' + - name: 'enablementState' + type: Enum + description: | + The state of enablement for the module at the given level of the hierarchy. + required: false + enum_values: + - 'ENABLED' + - 'DISABLED' + - name: 'type' + type: String + description: | + Immutable. Type for the module. e.g. CONFIGURABLE_BAD_IP. + required: false + immutable: true + - name: 'displayName' + type: String + description: | + The human readable name to be displayed for the module. + - name: 'updateTime' + type: String + description: | + The time at which the custom module was last updated. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and + up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'lastEditor' + type: String + description: | + The editor that last updated the custom module + output: true diff --git a/mmv1/products/securitycentermanagement/go_OrganizationSecurityHealthAnalyticsCustomModule.yaml b/mmv1/products/securitycentermanagement/go_OrganizationSecurityHealthAnalyticsCustomModule.yaml new file mode 100644 index 000000000000..8b3a92077600 --- /dev/null +++ b/mmv1/products/securitycentermanagement/go_OrganizationSecurityHealthAnalyticsCustomModule.yaml @@ -0,0 +1,230 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'OrganizationSecurityHealthAnalyticsCustomModule' +description: | + Represents an instance of a Security Health Analytics custom module, including + its full module name, display name, enablement state, and last updated time. + You can create a custom module at the organization, folder, or project level. + Custom modules that you create at the organization or folder level are inherited + by the child folders and projects. +references: + guides: + 'Overview of custom modules for Security Health Analytics': 'https://cloud.google.com/security-command-center/docs/custom-modules-sha-overview' + api: 'https://cloud.google.com/security-command-center/docs/reference/security-center-management/rest/v1/organizations.locations.securityHealthAnalyticsCustomModules' +docs: +base_url: 'organizations/{{organization}}/locations/{{location}}/securityHealthAnalyticsCustomModules' +self_link: 'organizations/{{organization}}/locations/{{location}}/securityHealthAnalyticsCustomModules/{{name}}' +update_verb: 'PATCH' +update_mask: true +mutex: 'organizations/{{organization}}/locations/{{location}}/securityHealthAnalyticsCustomModules' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: +examples: + - name: 'scc_management_organization_security_health_analytics_custom_module_basic' + primary_resource_id: 'example' + vars: + display_name: 'basic_custom_module' + test_env_vars: + org_id: 'ORG_ID' + test_vars_overrides: + 'sleep': 'true' + skip_test: true + - name: 'scc_management_organization_security_health_analytics_custom_module_full' + primary_resource_id: 'example' + vars: + display_name: 'full_custom_module' + test_env_vars: + org_id: 'ORG_ID' + test_vars_overrides: + 'sleep': 'true' + skip_test: true +parameters: + - name: 'organization' + type: String + description: | + Numerical ID of the parent organization. + url_param_only: true + required: true + immutable: true + - name: 'location' + type: String + description: | + Location ID of the parent organization. If not provided, 'global' will be used as the default location. + + url_param_only: true + required: false + immutable: true + default_value: "global" +properties: + - name: 'name' + type: String + description: | + The resource name of the custom module. Its format is "organizations/{organization}/locations/{location}/securityHealthAnalyticsCustomModules/{securityHealthAnalyticsCustomModule}". + The id {securityHealthAnalyticsCustomModule} is server-generated and is not user settable. It will be a numeric id containing 1-20 digits. + output: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + - name: 'displayName' + type: String + description: | + The display name of the Security Health Analytics custom module. This + display name becomes the finding category for all findings that are + returned by this custom module. The display name must be between 1 and + 128 characters, start with a lowercase letter, and contain alphanumeric + characters or underscores only. + immutable: true + validation: + function: 'verify.ValidateRegexp(`^[a-z][\w_]{0,127}$`)' + - name: 'enablementState' + type: Enum + description: | + The enablement state of the custom module. + enum_values: + - 'ENABLED' + - 'DISABLED' + - name: 'updateTime' + type: String + description: | + The time at which the custom module was last updated. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and + up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'lastEditor' + type: String + description: | + The editor that last updated the custom module. + output: true + - name: 'ancestorModule' + type: String + description: | + If empty, indicates that the custom module was created in the organization, folder, + or project in which you are viewing the custom module. Otherwise, ancestor_module + specifies the organization or folder from which the custom module is inherited. + output: true + - name: 'customConfig' + type: NestedObject + description: | + The user specified custom configuration for the module. + properties: + - name: 'predicate' + type: NestedObject + description: | + The CEL expression to evaluate to produce findings. When the expression evaluates + to true against a resource, a finding is generated. + required: true + properties: + - name: 'expression' + type: String + description: | + Textual representation of an expression in Common Expression Language syntax. + required: true + - name: 'title' + type: String + description: | + Title for the expression, i.e. a short string describing its purpose. This can + be used e.g. in UIs which allow to enter the expression. + - name: 'description' + type: String + description: | + Description of the expression. This is a longer text which describes the + expression, e.g. when hovered over it in a UI. + - name: 'location' + type: String + description: | + String indicating the location of the expression for error reporting, e.g. a + file name and a position in the file. + - name: 'customOutput' + type: NestedObject + description: | + Custom output properties. + properties: + - name: 'properties' + type: Array + description: | + A list of custom output properties to add to the finding. + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + Name of the property for the custom output. + - name: 'valueExpression' + type: NestedObject + description: | + The CEL expression for the custom output. A resource property can be specified + to return the value of the property or a text string enclosed in quotation marks. + properties: + - name: 'expression' + type: String + description: | + Textual representation of an expression in Common Expression Language syntax. + required: true + - name: 'title' + type: String + description: | + Title for the expression, i.e. a short string describing its purpose. This can + be used e.g. in UIs which allow to enter the expression. + - name: 'description' + type: String + description: | + Description of the expression. This is a longer text which describes the + expression, e.g. when hovered over it in a UI. + - name: 'location' + type: String + description: | + String indicating the location of the expression for error reporting, e.g. a + file name and a position in the file. + - name: 'resourceSelector' + type: NestedObject + description: | + The resource types that the custom module operates on. Each custom module + can specify up to 5 resource types. + required: true + properties: + - name: 'resourceTypes' + type: Array + description: | + The resource types to run the detector on. + required: true + item_type: + type: String + - name: 'severity' + type: Enum + description: | + The severity to assign to findings generated by the module. + required: true + enum_values: + - 'CRITICAL' + - 'HIGH' + - 'MEDIUM' + - 'LOW' + - name: 'description' + type: String + description: | + Text that describes the vulnerability or misconfiguration that the custom + module detects. This explanation is returned with each finding instance to + help investigators understand the detected issue. The text must be enclosed in quotation marks. + - name: 'recommendation' + type: String + description: | + An explanation of the recommended steps that security teams can take to resolve + the detected issue. This explanation is returned with each finding generated by + this module in the nextSteps property of the finding JSON. + required: true diff --git a/mmv1/products/securitycentermanagement/go_ProjectSecurityHealthAnalyticsCustomModule.yaml b/mmv1/products/securitycentermanagement/go_ProjectSecurityHealthAnalyticsCustomModule.yaml new file mode 100644 index 000000000000..184f08a8aa6b --- /dev/null +++ b/mmv1/products/securitycentermanagement/go_ProjectSecurityHealthAnalyticsCustomModule.yaml @@ -0,0 +1,218 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ProjectSecurityHealthAnalyticsCustomModule' +description: | + Represents an instance of a Security Health Analytics custom module, including + its full module name, display name, enablement state, and last updated time. + You can create a custom module at the organization, folder, or project level. + Custom modules that you create at the organization or folder level are inherited + by the child folders and projects. +references: + guides: + 'Overview of custom modules for Security Health Analytics': 'https://cloud.google.com/security-command-center/docs/custom-modules-sha-overview' + api: 'https://cloud.google.com/security-command-center/docs/reference/security-center-management/rest/v1/projects.locations.securityHealthAnalyticsCustomModules' +docs: +base_url: 'projects/{{project}}/locations/{{location}}/securityHealthAnalyticsCustomModules' +self_link: 'projects/{{project}}/locations/{{location}}/securityHealthAnalyticsCustomModules/{{name}}' +update_verb: 'PATCH' +update_mask: true +mutex: 'projects/{{project}}/locations/{{location}}/securityHealthAnalyticsCustomModules' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: +examples: + - name: 'scc_management_organization_project_security_health_analytics_custom_module_basic' + primary_resource_id: 'example' + vars: + display_name: 'basic_custom_module' + skip_test: true + - name: 'scc_management_organization_project_security_health_analytics_custom_module_full' + primary_resource_id: 'example' + vars: + display_name: 'full_custom_module' + skip_test: true +parameters: + - name: 'location' + type: String + description: | + Location ID of the parent organization. If not provided, 'global' will be used as the default location. + + url_param_only: true + required: false + immutable: true + default_value: "global" +properties: + - name: 'name' + type: String + description: | + The resource name of the custom module. Its format is "projects/{project}/locations/{location}/securityHealthAnalyticsCustomModules/{securityHealthAnalyticsCustomModule}". + The id {securityHealthAnalyticsCustomModule} is server-generated and is not user settable. It will be a numeric id containing 1-20 digits. + output: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + - name: 'displayName' + type: String + description: | + The display name of the Security Health Analytics custom module. This + display name becomes the finding category for all findings that are + returned by this custom module. The display name must be between 1 and + 128 characters, start with a lowercase letter, and contain alphanumeric + characters or underscores only. + required: false + immutable: true + validation: + function: 'verify.ValidateRegexp(`^[a-z][\w_]{0,127}$`)' + - name: 'enablementState' + type: Enum + description: | + The enablement state of the custom module. + required: false + enum_values: + - 'ENABLED' + - 'DISABLED' + - name: 'updateTime' + type: String + description: | + The time at which the custom module was last updated. + + A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and + up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z". + output: true + - name: 'lastEditor' + type: String + description: | + The editor that last updated the custom module. + output: true + - name: 'ancestorModule' + type: String + description: | + If empty, indicates that the custom module was created in the organization,folder, + or project in which you are viewing the custom module. Otherwise, ancestor_module + specifies the organization or folder from which the custom module is inherited. + output: true + - name: 'customConfig' + type: NestedObject + description: | + The user specified custom configuration for the module. + required: false + properties: + - name: 'predicate' + type: NestedObject + description: | + The CEL expression to evaluate to produce findings. When the expression evaluates + to true against a resource, a finding is generated. + required: true + properties: + - name: 'expression' + type: String + description: | + Textual representation of an expression in Common Expression Language syntax. + required: true + - name: 'title' + type: String + description: | + Title for the expression, i.e. a short string describing its purpose. This can + be used e.g. in UIs which allow to enter the expression. + - name: 'description' + type: String + description: | + Description of the expression. This is a longer text which describes the + expression, e.g. when hovered over it in a UI. + - name: 'location' + type: String + description: | + String indicating the location of the expression for error reporting, e.g. a + file name and a position in the file. + - name: 'customOutput' + type: NestedObject + description: | + Custom output properties. + properties: + - name: 'properties' + type: Array + description: | + A list of custom output properties to add to the finding. + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + Name of the property for the custom output. + - name: 'valueExpression' + type: NestedObject + description: | + The CEL expression for the custom output. A resource property can be specified + to return the value of the property or a text string enclosed in quotation marks. + properties: + - name: 'expression' + type: String + description: | + Textual representation of an expression in Common Expression Language syntax. + required: true + - name: 'title' + type: String + description: | + Title for the expression, i.e. a short string describing its purpose. This can + be used e.g. in UIs which allow to enter the expression. + - name: 'description' + type: String + description: | + Description of the expression. This is a longer text which describes the + expression, e.g. when hovered over it in a UI. + - name: 'location' + type: String + description: | + String indicating the location of the expression for error reporting, e.g. a + file name and a position in the file. + - name: 'resourceSelector' + type: NestedObject + description: | + The resource types that the custom module operates on. Each custom module + can specify up to 5 resource types. + required: true + properties: + - name: 'resourceTypes' + type: Array + description: | + The resource types to run the detector on. + required: true + item_type: + type: String + - name: 'severity' + type: Enum + description: | + The severity to assign to findings generated by the module. + required: true + enum_values: + - 'CRITICAL' + - 'HIGH' + - 'MEDIUM' + - 'LOW' + - name: 'description' + type: String + description: | + Text that describes the vulnerability or misconfiguration that the custom + module detects. This explanation is returned with each finding instance to + help investigators understand the detected issue. The text must be enclosed in quotation marks. + - name: 'recommendation' + type: String + description: | + An explanation of the recommended steps that security teams can take to resolve + the detected issue. This explanation is returned with each finding generated by + this module in the nextSteps property of the finding JSON. + required: true diff --git a/mmv1/products/securitycentermanagement/go_product.yaml b/mmv1/products/securitycentermanagement/go_product.yaml new file mode 100644 index 000000000000..0c3864bf632c --- /dev/null +++ b/mmv1/products/securitycentermanagement/go_product.yaml @@ -0,0 +1,23 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'SecurityCenterManagement' +legacy_name: 'scc_management' +display_name: 'Security Command Center Management (SCC)' +versions: + - name: 'ga' + base_url: 'https://securitycentermanagement.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/securityposture/go_Posture.yaml b/mmv1/products/securityposture/go_Posture.yaml new file mode 100644 index 000000000000..9603884218d1 --- /dev/null +++ b/mmv1/products/securityposture/go_Posture.yaml @@ -0,0 +1,528 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Posture' +description: | + A Posture represents a collection of policy set including its name, state, description + and policy sets. A policy set includes set of policies along with their definition. + A posture can be created at the organization level. + Every update to a deployed posture creates a new posture revision with an updated revision_id. +references: + guides: + 'Create and deploy a posture': 'https://cloud.google.com/security-command-center/docs/how-to-use-security-posture' +docs: +base_url: '{{parent}}/locations/{{location}}/postures' +self_link: '{{parent}}/locations/{{location}}/postures/{{posture_id}}' +create_url: '{{parent}}/locations/{{location}}/postures?postureId={{posture_id}}' +update_url: '{{parent}}/locations/{{location}}/postures/{{posture_id}}?revisionId={{revision_id}}' +update_verb: 'PATCH' +update_mask: true +delete_url: '{{parent}}/locations/{{location}}/postures/{{posture_id}}' +import_format: + - '{{%parent}}/locations/{{location}}/postures/{{posture_id}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + result: + resource_inside_response: false +custom_code: + constants: 'templates/terraform/constants/go/posture.go.tmpl' +custom_diff: + - 'revisionIdCustomizeDiff' +examples: + - name: 'securityposture_posture_basic' + primary_resource_id: 'posture1' + vars: + posture_id: 'posture_example' + test_env_vars: + org_id: 'ORG_ID' +parameters: + - name: 'parent' + type: String + description: | + The parent of the resource, an organization. Format should be `organizations/{organization_id}`. + url_param_only: true + required: true + immutable: true + - name: 'location' + type: String + description: "Location of the resource, eg: global." + url_param_only: true + required: true + immutable: true + - name: 'postureId' + type: String + description: | + Id of the posture. It is an immutable field. + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + Name of the posture. + output: true + - name: 'state' + type: Enum + description: | + State of the posture. Update to state field should not be triggered along with + with other field updates. + required: true + enum_values: + - 'DEPRECATED' + - 'DRAFT' + - 'ACTIVE' + - name: 'revisionId' + type: String + description: | + Revision_id of the posture. + immutable: true + output: true + - name: 'createTime' + type: Time + description: | + Time the Posture was created in UTC. + output: true + - name: 'updateTime' + type: Time + description: | + Time the Posture was updated in UTC. + output: true + - name: 'description' + type: String + description: | + Description of the posture. + - name: 'etag' + type: Fingerprint + description: 'For Resource freshness validation (https://google.aip.dev/154)' + output: true + - name: 'reconciling' + type: Boolean + description: | + If set, there are currently changes in flight to the posture. + output: true + - name: 'policySets' + type: Array + description: | + List of policy sets for the posture. + required: true + item_type: + description: | + Set of security policies. + type: NestedObject + properties: + - name: 'policySetId' + type: String + description: | + ID of the policy set. + required: true + - name: 'description' + type: String + description: | + Description of the policy set. + - name: 'policies' + type: Array + description: | + List of security policy + required: true + item_type: + description: | + Description of a security policy. + type: NestedObject + properties: + - name: 'policyId' + type: String + description: | + ID of the policy. + required: true + - name: 'description' + type: String + description: | + Description of the policy. + - name: 'complianceStandards' + type: Array + description: 'Mapping for policy to security standards and controls.' + item_type: + description: | + Set of security controls corresponding to the policy. + type: NestedObject + properties: + - name: 'standard' + type: String + description: | + Mapping of compliance standards for the policy. + - name: 'control' + type: String + description: | + Mapping of security controls for the policy. + - name: 'constraint' + type: NestedObject + description: 'Policy constraint definition.It can have the definition of one of following constraints: + orgPolicyConstraint + orgPolicyConstraintCustom + securityHealthAnalyticsModule + securityHealthAnalyticsCustomModule' + required: true + properties: + - name: 'orgPolicyConstraint' + type: NestedObject + description: | + Organization policy canned constraint definition. + properties: + - name: 'cannedConstraintId' + type: String + description: 'Organization policy canned constraint Id' + required: true + - name: 'policyRules' + type: Array + description: 'Definition of policy rules' + required: true + item_type: + description: | + A message that holds specific allowed and denied values. + This message can define specific values and subtrees of the Resource + Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that + are allowed or denied. It can have a CEL expressions and one of the following + type: NestedObject + properties: + - name: 'values' + type: NestedObject + description: | + List of values to be used for this policy rule. This field can be set only in policies for list constraints. + properties: + - name: 'allowedValues' + type: Array + description: 'List of values allowed at this resource.' + item_type: + type: String + - name: 'deniedValues' + type: Array + description: 'List of values denied at this resource.' + item_type: + type: String + - name: 'allowAll' + type: Boolean + description: | + Setting this to true means that all values are allowed. This field can be set only in policies for list constraints. + default_value: false + - name: 'denyAll' + type: Boolean + description: | + Setting this to true means that all values are denied. This field can be set only in policies for list constraints. + default_value: false + - name: 'enforce' + type: Boolean + description: | + If `true`, then the policy is enforced. If `false`, then any configuration is acceptable. + This field can be set only in policies for boolean constraints. + - name: 'condition' + type: NestedObject + description: | + Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. + This page details the objects and attributes that are used to the build the CEL expressions for + custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec. + properties: + - name: 'expression' + type: String + description: + Textual representation of an expression in Common Expression + Language syntax. + required: true + - name: 'title' + type: String + description: + Title for the expression, i.e. a short string describing its + purpose. + - name: 'description' + type: String + description: Description of the expression + - name: 'location' + type: String + description: + String indicating the location of the expression for error + reporting, e.g. a file name and a position in the file + - name: 'orgPolicyConstraintCustom' + type: NestedObject + description: | + Organization policy custom constraint policy definition. + properties: + - name: 'customConstraint' + type: NestedObject + description: 'Organization policy custom constraint definition.' + properties: + - name: 'name' + type: String + description: | + Immutable. The name of the custom constraint. This is unique within the organization. + required: true + custom_flatten: 'templates/terraform/custom_flatten/go/securityposture_custom_constraint_name.go.tmpl' + - name: 'displayName' + type: String + description: | + A human-friendly name for the constraint. + - name: 'description' + type: String + description: | + A human-friendly description of the constraint to display as an error message when the policy is violated. + - name: 'condition' + type: String + description: | + A CEL condition that refers to a supported service resource, for example `resource.management.autoUpgrade == false`. For details about CEL usage, see [Common Expression Language](https://cloud.google.com/resource-manager/docs/organization-policy/creating-managing-custom-constraints#common_expression_language). + required: true + - name: 'actionType' + type: Enum + description: | + The action to take if the condition is met. + required: true + enum_values: + - 'ALLOW' + - 'DENY' + - name: 'methodTypes' + type: Array + description: | + A list of RESTful methods for which to enforce the constraint. Can be `CREATE`, `UPDATE`, or both. Not all Google Cloud services support both methods. To see supported methods for each service, find the service in [Supported services](https://cloud.google.com/resource-manager/docs/organization-policy/custom-constraint-supported-services). + required: true + item_type: + type: String + min_size: 1 + - name: 'resourceTypes' + type: Array + description: | + Immutable. The fully qualified name of the Google Cloud REST resource containing the object and field you want to restrict. For example, `container.googleapis.com/NodePool`. + required: true + item_type: + type: String + min_size: 1 + - name: 'policyRules' + type: Array + description: 'Definition of policy rules' + required: true + item_type: + description: | + A message that holds specific allowed and denied values. + This message can define specific values and subtrees of the Resource + Manager resource hierarchy (`Organizations`, `Folders`, `Projects`) that + are allowed or denied. It can have a CEL expressions and one of the following + type: NestedObject + properties: + - name: 'values' + type: NestedObject + description: | + List of values to be used for this policy rule. This field can be set only in policies for list constraints. + properties: + - name: 'allowedValues' + type: Array + description: 'List of values allowed at this resource.' + item_type: + type: String + - name: 'deniedValues' + type: Array + description: 'List of values denied at this resource.' + item_type: + type: String + - name: 'allowAll' + type: Boolean + description: | + Setting this to true means that all values are allowed. This field can be set only in policies for list constraints. + default_value: false + - name: 'denyAll' + type: Boolean + description: | + Setting this to true means that all values are denied. This field can be set only in policies for list constraints. + default_value: false + - name: 'enforce' + type: Boolean + description: | + If `true`, then the policy is enforced. If `false`, then any configuration is acceptable. + This field can be set only in policies for boolean constraints. + - name: 'condition' + type: NestedObject + description: | + Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. + This page details the objects and attributes that are used to the build the CEL expressions for + custom access levels - https://cloud.google.com/access-context-manager/docs/custom-access-level-spec. + properties: + - name: 'expression' + type: String + description: + Textual representation of an expression in Common Expression + Language syntax. + required: true + - name: 'title' + type: String + description: + Title for the expression, i.e. a short string describing its + purpose. + - name: 'description' + type: String + description: Description of the expression + - name: 'location' + type: String + description: + String indicating the location of the expression for error + reporting, e.g. a file name and a position in the file + - name: 'securityHealthAnalyticsModule' + type: NestedObject + description: 'Security Health Analytics built-in detector definition.' + properties: + - name: 'moduleName' + type: String + description: 'The name of the module eg: BIGQUERY_TABLE_CMEK_DISABLED.' + required: true + - name: 'moduleEnablementState' + type: Enum + description: 'The state of enablement for the module at its level of the resource hierarchy.' + enum_values: + - 'ENABLEMENT_STATE_UNSPECIFIED' + - 'ENABLED' + - 'DISABLED' + - name: 'securityHealthAnalyticsCustomModule' + type: NestedObject + description: 'Definition of Security Health Analytics Custom Module.' + properties: + - name: 'id' + type: String + description: 'A server generated id of custom module.' + output: true + - name: 'displayName' + type: String + description: | + The display name of the Security Health Analytics custom module. This + display name becomes the finding category for all findings that are + returned by this custom module. + - name: 'moduleEnablementState' + type: Enum + description: 'The state of enablement for the module at its level of the resource hierarchy.' + enum_values: + - 'ENABLEMENT_STATE_UNSPECIFIED' + - 'ENABLED' + - 'DISABLED' + - name: 'config' + type: NestedObject + description: 'Custom module details.' + required: true + properties: + - name: 'predicate' + type: NestedObject + description: | + The CEL expression to evaluate to produce findings.When the expression + evaluates to true against a resource, a finding is generated. + required: true + properties: + - name: 'expression' + type: String + description: + Textual representation of an expression in Common Expression + Language syntax. + required: true + - name: 'title' + type: String + description: + Title for the expression, i.e. a short string describing its + purpose. + - name: 'description' + type: String + description: Description of the expression + - name: 'location' + type: String + description: + String indicating the location of the expression for error + reporting, e.g. a file name and a position in the file + - name: 'customOutput' + type: NestedObject + description: | + Custom output properties. A set of optional name-value pairs that define custom source properties to + return with each finding that is generated by the custom module. The custom + source properties that are defined here are included in the finding JSON + under `sourceProperties`. + properties: + - name: 'properties' + type: Array + description: 'A list of custom output properties to add to the finding.' + item_type: + description: 'An individual name-value pair that defines a custom source property.' + type: NestedObject + properties: + - name: 'name' + type: String + description: 'Name of the property for the custom output.' + required: true + - name: 'valueExpression' + type: NestedObject + description: | + The CEL expression for the custom output. A resource property can be + specified to return the value of the property or a text string enclosed + in quotation marks. + properties: + - name: 'expression' + type: String + description: + Textual representation of an expression in Common Expression + Language syntax. + required: true + - name: 'title' + type: String + description: + Title for the expression, i.e. a short string describing its + purpose. + - name: 'description' + type: String + description: Description of the expression + - name: 'location' + type: String + description: + String indicating the location of the expression for error + reporting, e.g. a file name and a position in the file + - name: 'resourceSelector' + type: NestedObject + description: | + The resource types that the custom module operates on. Each custom module + can specify up to 5 resource types. + required: true + properties: + - name: 'resourceTypes' + type: Array + description: 'The resource types to run the detector on.' + required: true + item_type: + type: String + - name: 'severity' + type: Enum + description: 'The severity to assign to findings generated by the module.' + required: true + enum_values: + - 'SEVERITY_UNSPECIFIED' + - 'CRITICAL' + - 'HIGH' + - 'MEDIUM' + - 'LOW' + - name: 'description' + type: String + description: | + Text that describes the vulnerability or misconfiguration that the custom + module detects. + - name: 'recommendation' + type: String + description: | + An explanation of the recommended steps that security teams can take to + resolve the detected issue diff --git a/mmv1/products/securityposture/go_PostureDeployment.yaml b/mmv1/products/securityposture/go_PostureDeployment.yaml new file mode 100644 index 000000000000..0b851d10c512 --- /dev/null +++ b/mmv1/products/securityposture/go_PostureDeployment.yaml @@ -0,0 +1,154 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'PostureDeployment' +description: | + Represents a deployment of a security posture on a resource. A posture contains user curated policy sets. A posture can + be deployed on a project or on a folder or on an organization. To deploy a posture we need to populate the posture's name + and its revision_id in the posture deployment configuration. Every update to a deployed posture generates a new revision_id. + Thus, the updated revision_id should be used in the respective posture deployment's configuration to deploy that posture + on a resource. +references: + guides: + 'Create and deploy a posture': 'https://cloud.google.com/security-command-center/docs/how-to-use-security-posture' +docs: +base_url: '{{parent}}/locations/{{location}}/postureDeployments' +self_link: '{{parent}}/locations/{{location}}/postureDeployments/{{posture_deployment_id}}' +create_url: '{{parent}}/locations/{{location}}/postureDeployments?postureDeploymentId={{posture_deployment_id}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - '{{%parent}}/locations/{{location}}/postureDeployments/{{posture_deployment_id}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + result: + resource_inside_response: false +custom_code: +parameters: + - name: 'parent' + type: String + description: | + The parent of the resource, an organization. Format should be `organizations/{organization_id}`. + url_param_only: true + required: true + immutable: true + - name: 'location' + type: String + description: | + The location of the resource, eg. global`. + url_param_only: true + required: true + immutable: true + - name: 'postureDeploymentId' + type: String + description: | + ID of the posture deployment. + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + Name of the posture deployment instance. + output: true + - name: 'targetResource' + type: String + description: | + The resource on which the posture should be deployed. This can be in one of the following formats: + projects/{project_number}, + folders/{folder_number}, + organizations/{organization_id} + required: true + immutable: true + - name: 'state' + type: Enum + description: | + State of the posture deployment. A posture deployment can be in the following terminal states: + ACTIVE, CREATE_FAILED, UPDATE_FAILED, DELETE_FAILED. + output: true + enum_values: + - 'STATE_UNSPECIFIED' + - 'CREATING' + - 'DELETING' + - 'UPDATING' + - 'ACTIVE' + - 'CREATE_FAILED' + - 'UPDATE_FAILED' + - 'DELETE_FAILED' + - name: 'postureId' + type: String + description: | + Relative name of the posture which needs to be deployed. It should be in the format: + organizations/{organization_id}/locations/{location}/postures/{posture_id} + required: true + - name: 'postureRevisionId' + type: String + description: | + Revision_id the posture which needs to be deployed. + required: true + - name: 'createTime' + type: Time + description: | + Time the posture deployment was created in UTC. + output: true + - name: 'updateTime' + type: Time + description: | + Time the posture deployment was updated in UTC. + output: true + - name: 'description' + type: String + description: | + Description of the posture deployment. + - name: 'etag' + type: String + description: 'For Resource freshness validation (https://google.aip.dev/154)' + output: true + - name: 'reconciling' + type: Boolean + description: | + If set, there are currently changes in flight to the posture deployment. + output: true + - name: 'desiredPostureId' + type: String + description: | + This is an output only optional field which will be filled in case when + PostureDeployment state is UPDATE_FAILED or CREATE_FAILED or DELETE_FAILED. + It denotes the desired posture to be deployed. + output: true + - name: 'desiredPostureRevisionId' + type: String + description: | + This is an output only optional field which will be filled in case when + PostureDeployment state is UPDATE_FAILED or CREATE_FAILED or DELETE_FAILED. + It denotes the desired posture revision_id to be deployed. + output: true + - name: 'failureMessage' + type: String + description: | + This is a output only optional field which will be filled in case where + PostureDeployment enters a failure state like UPDATE_FAILED or + CREATE_FAILED or DELETE_FAILED. It will have the failure message for posture deployment's + CREATE/UPDATE/DELETE methods. + output: true diff --git a/mmv1/products/securityposture/go_product.yaml b/mmv1/products/securityposture/go_product.yaml new file mode 100644 index 000000000000..d15064015ff2 --- /dev/null +++ b/mmv1/products/securityposture/go_product.yaml @@ -0,0 +1,22 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Securityposture' +display_name: 'Security Posture' +versions: + - name: 'ga' + base_url: 'https://securityposture.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/securityscanner/go_ScanConfig.yaml b/mmv1/products/securityscanner/go_ScanConfig.yaml new file mode 100644 index 000000000000..f665deaa212d --- /dev/null +++ b/mmv1/products/securityscanner/go_ScanConfig.yaml @@ -0,0 +1,196 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ScanConfig' +description: | + A ScanConfig resource contains the configurations to launch a scan. +min_version: 'beta' +references: + guides: + 'Using Cloud Security Scanner': 'https://cloud.google.com/security-scanner/docs/scanning' + api: 'https://cloud.google.com/security-scanner/docs/reference/rest/v1beta/projects.scanConfigs' +docs: +base_url: 'projects/{{project}}/scanConfigs' +self_link: '{{name}}' +update_verb: 'PATCH' +update_mask: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: + post_create: 'templates/terraform/post_create/go/set_computed_name.tmpl' + custom_import: 'templates/terraform/custom_import/go/self_link_as_name.tmpl' +examples: + - name: 'scan_config_basic' + primary_resource_id: 'scan-config' + min_version: 'beta' + vars: + address_name: 'scan-basic-static-ip' + scan_config_name: 'terraform-scan-config' +parameters: +properties: + - name: 'name' + type: String + description: | + A server defined name for this index. Format: + `projects/{{project}}/scanConfigs/{{server_generated_id}}` + min_version: 'beta' + output: true + - name: 'displayName' + type: String + description: | + The user provider display name of the ScanConfig. + min_version: 'beta' + required: true + - name: 'maxQps' + type: Integer + description: | + The maximum QPS during scanning. A valid value ranges from 5 to 20 inclusively. + Defaults to 15. + min_version: 'beta' + validation: + function: 'validation.IntBetween(5, 20)' + default_value: 15 + - name: 'startingUrls' + type: Array + description: | + The starting URLs from which the scanner finds site pages. + min_version: 'beta' + required: true + item_type: + type: String + - name: 'authentication' + type: NestedObject + description: | + The authentication configuration. + If specified, service will use the authentication configuration during scanning. + min_version: 'beta' + properties: + - name: 'googleAccount' + type: NestedObject + description: | + Describes authentication configuration that uses a Google account. + min_version: 'beta' + at_least_one_of: + - 'authentication.0.google_account' + - 'authentication.0.custom_account' + properties: + - name: 'username' + type: String + description: | + The user name of the Google account. + min_version: 'beta' + required: true + - name: 'password' + type: String + description: | + The password of the Google account. The credential is stored encrypted + in GCP. + min_version: 'beta' + required: true + immutable: true + sensitive: true + custom_flatten: 'templates/terraform/custom_flatten/go/scan_config_auth_custom_password.go.tmpl' + - name: 'customAccount' + type: NestedObject + description: | + Describes authentication configuration that uses a custom account. + min_version: 'beta' + at_least_one_of: + - 'authentication.0.google_account' + - 'authentication.0.custom_account' + properties: + - name: 'username' + type: String + description: | + The user name of the custom account. + min_version: 'beta' + required: true + - name: 'password' + type: String + description: | + The password of the custom account. The credential is stored encrypted + in GCP. + min_version: 'beta' + required: true + immutable: true + sensitive: true + custom_flatten: 'templates/terraform/custom_flatten/go/scan_config_auth_google_password.go.tmpl' + - name: 'loginUrl' + type: String + description: | + The login form URL of the website. + min_version: 'beta' + required: true + - name: 'userAgent' + type: Enum + description: Type of the user agents used for scanning + min_version: 'beta' + default_value: "CHROME_LINUX" + enum_values: + - 'USER_AGENT_UNSPECIFIED' + - 'CHROME_LINUX' + - 'CHROME_ANDROID' + - 'SAFARI_IPHONE' + - name: 'blacklistPatterns' + type: Array + description: | + The blacklist URL patterns as described in + https://cloud.google.com/security-scanner/docs/excluded-urls + min_version: 'beta' + item_type: + type: String + - name: 'schedule' + type: NestedObject + description: | + The schedule of the ScanConfig + min_version: 'beta' + properties: + - name: 'scheduleTime' + type: Time + description: | + A timestamp indicates when the next run will be scheduled. The value is refreshed + by the server after each run. If unspecified, it will default to current server time, + which means the scan will be scheduled to start immediately. + min_version: 'beta' + - name: 'intervalDurationDays' + type: Integer + description: | + The duration of time between executions in days + min_version: 'beta' + required: true + - name: 'targetPlatforms' + type: Array + description: | + Set of Cloud Platforms targeted by the scan. If empty, APP_ENGINE will be used as a default. + min_version: 'beta' + item_type: + type: Enum + description: | + This field only has a name and description because of MM + limitations. It should not appear in downstreams. + enum_values: + - 'APP_ENGINE' + - 'COMPUTE' + - name: 'exportToSecurityCommandCenter' + type: Enum + description: | + Controls export of scan configurations and results to Cloud Security Command Center. + min_version: 'beta' + default_value: "ENABLED" + enum_values: + - 'ENABLED' + - 'DISABLED' diff --git a/mmv1/products/securityscanner/go_product.yaml b/mmv1/products/securityscanner/go_product.yaml new file mode 100644 index 000000000000..5ce4c929a168 --- /dev/null +++ b/mmv1/products/securityscanner/go_product.yaml @@ -0,0 +1,22 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'SecurityScanner' +display_name: 'Cloud Security Scanner' +versions: + - name: 'beta' + base_url: 'https://websecurityscanner.googleapis.com/v1beta/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/servicedirectory/go_Endpoint.yaml b/mmv1/products/servicedirectory/go_Endpoint.yaml new file mode 100644 index 000000000000..93e3994841e7 --- /dev/null +++ b/mmv1/products/servicedirectory/go_Endpoint.yaml @@ -0,0 +1,112 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Endpoint' +description: | + An individual endpoint that provides a service. +min_version: 'beta' +references: + guides: + 'Configuring an endpoint': 'https://cloud.google.com/service-directory/docs/configuring-service-directory#configuring_an_endpoint' + api: 'https://cloud.google.com/service-directory/docs/reference/rest/v1beta1/projects.locations.namespaces.services.endpoints' +docs: +base_url: '{{name}}' +self_link: '{{name}}' +create_url: '{{service}}/endpoints?endpointId={{endpoint_id}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}}/endpoints/{{endpoint_id}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: + custom_import: 'templates/terraform/custom_import/go/service_directory_endpoint.go.tmpl' +skip_sweeper: true +examples: + - name: 'service_directory_endpoint_basic' + primary_resource_id: 'example' + min_version: 'beta' + vars: + service_id: 'example-service' + namespace_id: 'example-namespace' + endpoint_id: 'example-endpoint' + - name: 'service_directory_endpoint_with_network' + primary_resource_id: 'example' + min_version: 'beta' + vars: + service_id: 'example-service' + namespace_id: 'example-namespace' + endpoint_id: 'example-endpoint' + network_name: 'example-network' +parameters: + - name: 'service' + type: String + description: | + The resource name of the service that this endpoint provides. + min_version: 'beta' + url_param_only: true + required: true + immutable: true + ignore_read: true + - name: 'endpointId' + type: String + description: | + The Resource ID must be 1-63 characters long, including digits, + lowercase letters or the hyphen character. + min_version: 'beta' + url_param_only: true + required: true + immutable: true + validation: + function: 'verify.ValidateRFC1035Name(2, 63)' +properties: + - name: 'name' + type: String + description: | + The resource name for the endpoint in the format + `projects/*/locations/*/namespaces/*/services/*/endpoints/*`. + min_version: 'beta' + output: true + - name: 'address' + type: String + description: | + IPv4 or IPv6 address of the endpoint. + min_version: 'beta' + validation: + function: 'verify.ValidateIpAddress' + - name: 'port' + type: Integer + description: | + Port that the endpoint is running on, must be in the + range of [0, 65535]. If unspecified, the default is 0. + min_version: 'beta' + validation: + function: 'validation.IntBetween(0, 65535)' + - name: 'metadata' + type: KeyValuePairs + description: | + Metadata for the endpoint. This data can be consumed + by service clients. The entire metadata dictionary may contain + up to 512 characters, spread across all key-value pairs. + Metadata that goes beyond any these limits will be rejected. + min_version: 'beta' + - name: 'network' + type: String + description: | + The URL to the network, such as projects/PROJECT_NUMBER/locations/global/networks/NETWORK_NAME. + min_version: 'beta' + immutable: true diff --git a/mmv1/products/servicedirectory/go_Namespace.yaml b/mmv1/products/servicedirectory/go_Namespace.yaml new file mode 100644 index 000000000000..7f37d84ec64a --- /dev/null +++ b/mmv1/products/servicedirectory/go_Namespace.yaml @@ -0,0 +1,89 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Namespace' +description: | + A container for `services`. Namespaces allow administrators to group services + together and define permissions for a collection of services. +min_version: 'beta' +references: + guides: + 'Configuring a namespace': 'https://cloud.google.com/service-directory/docs/configuring-service-directory#configuring_a_namespace' + api: 'https://cloud.google.com/service-directory/docs/reference/rest/v1beta1/projects.locations.namespaces' +docs: +base_url: '{{name}}' +self_link: '{{name}}' +create_url: 'projects/{{project}}/locations/{{location}}/namespaces?namespaceId={{namespace_id}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +iam_policy: + skip_import_test: true + method_name_separator: ':' + fetch_iam_policy_verb: 'POST' + parent_resource_attribute: 'name' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' +custom_code: + custom_import: 'templates/terraform/custom_import/go/service_directory_namespace.go.tmpl' +skip_sweeper: true +examples: + - name: 'service_directory_namespace_basic' + primary_resource_id: 'example' + min_version: 'beta' + vars: + namespace_id: 'example-namespace' +parameters: + - name: 'location' + type: String + description: | + The location for the Namespace. + A full list of valid locations can be found by running + `gcloud beta service-directory locations list`. + min_version: 'beta' + url_param_only: true + required: true + immutable: true + ignore_read: true + - name: 'namespaceId' + type: String + description: | + The Resource ID must be 1-63 characters long, including digits, + lowercase letters or the hyphen character. + min_version: 'beta' + url_param_only: true + required: true + immutable: true + validation: + function: 'verify.ValidateRFC1035Name(2, 63)' +properties: + - name: 'name' + type: String + description: | + The resource name for the namespace + in the format `projects/*/locations/*/namespaces/*`. + min_version: 'beta' + output: true + - name: 'labels' + type: KeyValueLabels + description: | + Resource labels associated with this Namespace. No more than 64 user + labels can be associated with a given resource. Label keys and values can + be no longer than 63 characters. + min_version: 'beta' diff --git a/mmv1/products/servicedirectory/go_Service.yaml b/mmv1/products/servicedirectory/go_Service.yaml new file mode 100644 index 000000000000..6bc7a06ae034 --- /dev/null +++ b/mmv1/products/servicedirectory/go_Service.yaml @@ -0,0 +1,87 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Service' +description: | + An individual service. A service contains a name and optional metadata. +min_version: 'beta' +references: + guides: + 'Configuring a service': 'https://cloud.google.com/service-directory/docs/configuring-service-directory#configuring_a_service' + api: 'https://cloud.google.com/service-directory/docs/reference/rest/v1beta1/projects.locations.namespaces.services' +docs: +base_url: '{{name}}' +self_link: '{{name}}' +create_url: '{{namespace}}/services?serviceId={{service_id}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +iam_policy: + skip_import_test: true + method_name_separator: ':' + fetch_iam_policy_verb: 'POST' + parent_resource_attribute: 'name' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' +custom_code: + custom_import: 'templates/terraform/custom_import/go/service_directory_service.go.tmpl' +skip_sweeper: true +examples: + - name: 'service_directory_service_basic' + primary_resource_id: 'example' + min_version: 'beta' + vars: + service_id: 'example-service' + namespace_id: 'example-namespace' +parameters: + - name: 'namespace' + type: String + description: | + The resource name of the namespace this service will belong to. + min_version: 'beta' + url_param_only: true + required: true + ignore_read: true + - name: 'serviceId' + type: String + description: | + The Resource ID must be 1-63 characters long, including digits, + lowercase letters or the hyphen character. + min_version: 'beta' + url_param_only: true + required: true + immutable: true + validation: + function: 'verify.ValidateRFC1035Name(2, 63)' +properties: + - name: 'name' + type: String + description: | + The resource name for the service in the + format `projects/*/locations/*/namespaces/*/services/*`. + min_version: 'beta' + output: true + - name: 'metadata' + type: KeyValuePairs + description: | + Metadata for the service. This data can be consumed + by service clients. The entire metadata dictionary may contain + up to 2000 characters, spread across all key-value pairs. + Metadata that goes beyond any these limits will be rejected. + min_version: 'beta' diff --git a/mmv1/products/servicedirectory/go_product.yaml b/mmv1/products/servicedirectory/go_product.yaml new file mode 100644 index 000000000000..7b9904238fd9 --- /dev/null +++ b/mmv1/products/servicedirectory/go_product.yaml @@ -0,0 +1,22 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ServiceDirectory' +display_name: 'Service Directory' +versions: + - name: 'beta' + base_url: 'https://servicedirectory.googleapis.com/v1beta1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/servicemanagement/go_Service.yaml b/mmv1/products/servicemanagement/go_Service.yaml new file mode 100644 index 000000000000..ad54cfa3d045 --- /dev/null +++ b/mmv1/products/servicemanagement/go_Service.yaml @@ -0,0 +1,50 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Service' +legacy_name: 'google_endpoints_service' +description: | + A service that is managed by Google Service Management +exclude_resource: true +docs: +id_format: 'services/{{service_name}}' +base_url: 'services' +self_link: 'services/{{service_name}}' +import_format: + - 'services/{{service_name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +iam_policy: + method_name_separator: ':' + fetch_iam_policy_verb: 'POST' + parent_resource_attribute: 'service_name' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' +custom_code: +examples: + - name: 'endpoints_iam' + primary_resource_id: 'endpoints_service' + primary_resource_name: 'fmt.Sprintf("endpoint%s.endpoints.%s.cloud.goog", context["random_suffix"], context["project_name"])' + vars: + name: 'endpoint' + test_env_vars: + project_name: 'PROJECT_NAME' +parameters: +properties: + - name: 'serviceName' + type: String + description: The name of the service. + required: true diff --git a/mmv1/products/servicemanagement/go_ServiceConsumers.yaml b/mmv1/products/servicemanagement/go_ServiceConsumers.yaml new file mode 100644 index 000000000000..67554127b7a6 --- /dev/null +++ b/mmv1/products/servicemanagement/go_ServiceConsumers.yaml @@ -0,0 +1,59 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ServiceConsumers' +legacy_name: 'google_endpoints_service_consumers' +description: | + A service that is managed by Google Service Management +exclude_resource: true +docs: +id_format: 'services/{{service_name}}/consumers/{{consumer_project}}' +base_url: 'services/{{service_name}}/consumers/{{consumer_project}}' +self_link: 'services/{{service_name}}/consumers/{{consumer_project}}' +import_format: + - 'services/{{service_name}}/consumers/{{consumer_project}}' + - '{{consumer_project}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +iam_policy: + method_name_separator: ':' + parent_resource_type: 'google_endpoints_service' + fetch_iam_policy_verb: 'POST' + allowed_iam_role: 'roles/servicemanagement.serviceController' + parent_resource_attribute: 'consumer_project' + example_config_body: 'templates/terraform/iam/example_config_body/go/service_management_consumer.tf.tmpl' +custom_code: +examples: + - name: 'endpoints_iam' + primary_resource_id: 'endpoints_service' + primary_resource_name: 'fmt.Sprintf("endpoint%s.endpoints.%s.cloud.goog", context["random_suffix"], context["project_name"]), context["project_name"]' + vars: + name: 'endpoint' + test_env_vars: + project_name: 'PROJECT_NAME' + consumer_project: 'PROJECT_NAME' +parameters: +properties: + - name: 'serviceName' + type: String + description: The name of the service. + required: true + - name: 'consumerProject' + type: String + description: + The service consumer project ID which you are granting permission to + required: true diff --git a/mmv1/products/servicemanagement/go_product.yaml b/mmv1/products/servicemanagement/go_product.yaml new file mode 100644 index 000000000000..650a4e4173d9 --- /dev/null +++ b/mmv1/products/servicemanagement/go_product.yaml @@ -0,0 +1,23 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ServiceManagement' +legacy_name: 'endpoints' +display_name: 'Cloud Endpoints' +versions: + - name: 'ga' + base_url: 'https://servicemanagement.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/cloudplatform' diff --git a/mmv1/products/servicenetworking/go_VPCServiceControls.yaml b/mmv1/products/servicenetworking/go_VPCServiceControls.yaml new file mode 100644 index 000000000000..de486c9f4d37 --- /dev/null +++ b/mmv1/products/servicenetworking/go_VPCServiceControls.yaml @@ -0,0 +1,113 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'VPCServiceControls' +description: | + Manages the VPC Service Controls configuration for a service + networking connection + + When enabled, Google Cloud makes the following + route configuration changes in the service producer VPC network: + - Removes the IPv4 default route (destination 0.0.0.0/0, + next hop default internet gateway), Google Cloud then creates an + IPv4 route for destination 199.36.153.4/30 using the default + internet gateway next hop. + - Creates Cloud DNS managed private zones and authorizes those zones + for the service producer VPC network. The zones include + googleapis.com, gcr.io, pkg.dev, notebooks.cloud.google.com, + kernels.googleusercontent.com, backupdr.cloud.google.com, and + backupdr.googleusercontent.com as necessary domains or host names + for Google APIs and services that are compatible with VPC Service + Controls. Record data in the zones resolves all host names to + 199.36.153.4, 199.36.153.5, 199.36.153.6, and 199.36.153.7. + + When disabled, Google Cloud makes the following route configuration + changes in the service producer VPC network: + - Restores a default route (destination 0.0.0.0/0, next hop default + internet gateway) + - Deletes the Cloud DNS managed private zones that provided the host + name overrides. +references: + guides: + 'Private Google Access with VPC Service Controls': 'https://cloud.google.com/vpc-service-controls/docs/private-connectivity' + 'Set up private connectivity to Google APIs and services': 'https://cloud.google.com/vpc-service-controls/docs/set-up-private-connectivity' + 'Enable VPC Service Controls for service networking': 'https://cloud.google.com/sdk/gcloud/reference/services/vpc-peerings/enable-vpc-service-controls' + api: 'https://cloud.google.com/service-infrastructure/docs/service-networking/reference/rest/v1/services' +docs: + note: | + Destroying a `google_service_networking_vpc_service_controls` + resource will remove it from state, but will not change the + underlying VPC Service Controls configuration for the service + producer network. +id_format: 'services/{{service}}/projects/{{project}}/networks/{{network}}' +base_url: '' +skip_delete: true +import_format: + - 'services/{{service}}/projects/{{project}}/networks/{{network}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: [''] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + result: + resource_inside_response: false + include_project: true +custom_code: + constants: 'templates/terraform/constants/go/service_networking_vpc_service_controls.go.tmpl' + custom_create: 'templates/terraform/custom_create/go/service_networking_vpc_service_controls.go.tmpl' + pre_read: 'templates/terraform/pre_read/go/service_networking_vpc_service_controls.go.tmpl' + custom_update: 'templates/terraform/custom_create/go/service_networking_vpc_service_controls.go.tmpl' +exclude_tgc: true +examples: + - name: 'service_networking_vpc_service_controls_basic' + primary_resource_id: 'default' + vars: + network_name: 'example-network' + psa_range_name: 'psa-range' +parameters: + - name: 'network' + type: String + description: | + The network that the consumer is using to connect with services. + url_param_only: true + required: true + immutable: true + - name: 'service' + type: String + description: | + The service that is managing peering connectivity for a service + producer's organization. For Google services that support this + functionality, this value is `servicenetworking.googleapis.com`. + url_param_only: true + required: true + immutable: true + - name: 'project' + type: String + description: |- + The id of the Google Cloud project containing the consumer network. + immutable: true + ignore_read: true +properties: + - name: 'enabled' + type: Boolean + description: |- + Desired VPC Service Controls state service producer VPC network, as + described at the top of this page. + required: true diff --git a/mmv1/products/servicenetworking/go_product.yaml b/mmv1/products/servicenetworking/go_product.yaml new file mode 100644 index 000000000000..1808655b57ab --- /dev/null +++ b/mmv1/products/servicenetworking/go_product.yaml @@ -0,0 +1,22 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ServiceNetworking' +display_name: 'Service Networking' +versions: + - name: 'ga' + base_url: 'https://servicenetworking.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/serviceusage/go_ConsumerQuotaOverride.yaml b/mmv1/products/serviceusage/go_ConsumerQuotaOverride.yaml new file mode 100644 index 000000000000..84d60dd2bfdf --- /dev/null +++ b/mmv1/products/serviceusage/go_ConsumerQuotaOverride.yaml @@ -0,0 +1,151 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ConsumerQuotaOverride' +description: | + A consumer override is applied to the consumer on its own authority to limit its own quota usage. + Consumer overrides cannot be used to grant more quota than would be allowed by admin overrides, + producer overrides, or the default limit of the service. +min_version: 'beta' +references: + guides: + 'Managing Service Quota': 'https://cloud.google.com/service-usage/docs/manage-quota ' + 'REST API documentation': 'https://cloud.google.com/service-usage/docs/reference/rest/v1beta1/services.consumerQuotaMetrics.limits.consumerOverrides' +docs: +id_format: 'projects/{{project}}/services/{{service}}/consumerQuotaMetrics/{{metric}}/limits/{{limit}}/consumerOverrides/{{name}}' +base_url: 'projects/{{project}}/services/{{service}}/consumerQuotaMetrics/{{metric}}/limits/{{limit}}/consumerOverrides' +self_link: 'projects/{{project}}/services/{{service}}/consumerQuotaMetrics/{{metric}}/limits/{{limit}}/consumerOverrides/' +create_url: 'projects/{{project}}/services/{{service}}/consumerQuotaMetrics/{{metric}}/limits/{{limit}}/consumerOverrides/{{name}}?force={{force}}' +update_url: 'projects/{{project}}/services/{{service}}/consumerQuotaMetrics/{{metric}}/limits/{{limit}}/consumerOverrides/{{name}}?force={{force}}' +update_verb: 'PATCH' +delete_url: 'projects/{{project}}/services/{{service}}/consumerQuotaMetrics/{{metric}}/limits/{{limit}}/consumerOverrides/{{name}}?force={{force}}' +import_format: + - 'services/{{service}}/consumerQuotaMetrics/{{metric}}/limits/{{limit}}/consumerOverrides/{{name}}' + - 'projects/{{project}}/services/{{service}}/consumerQuotaMetrics/{{metric}}/limits/{{limit}}/consumerOverrides/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +identity: + - name +nested_query: + keys: + - overrides + is_list_of_ids: false + modify_by_patch: false +custom_code: + test_check_destroy: 'templates/terraform/custom_check_destroy/go/consumer_quota_override.go.tmpl' +skip_sweeper: true +examples: + - name: 'consumer_quota_override' + primary_resource_id: 'override' + min_version: 'beta' + vars: + project_id: 'quota' + test_env_vars: + org_id: 'ORG_ID' + - name: 'consumer_quota_override_zero_value' + primary_resource_id: 'override' + min_version: 'beta' + vars: + project_id: 'quota' + test_env_vars: + org_id: 'ORG_ID' + skip_docs: true + - name: 'region_consumer_quota_override' + primary_resource_id: 'override' + min_version: 'beta' + vars: + project_id: 'quota' + test_env_vars: + org_id: 'ORG_ID' + - name: 'consumer_quota_override_custom_dimension' + primary_resource_id: 'override' + min_version: 'beta' + vars: + project_id: 'quota' + test_env_vars: + org_id: 'ORG_ID' +parameters: + - name: 'name' + type: String + description: | + The server-generated name of the quota override. + min_version: 'beta' + output: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + - name: 'force' + type: Boolean + description: | + If the new quota would decrease the existing quota by more than 10%, the request is rejected. + If `force` is `true`, that safety check is ignored. + min_version: 'beta' + url_param_only: true + default_value: false + - name: 'service' + type: String + description: | + The service that the metrics belong to, e.g. `compute.googleapis.com`. + min_version: 'beta' + url_param_only: true + required: true + immutable: true + - name: 'metric' + type: String + description: | + The metric that should be limited, e.g. `compute.googleapis.com/cpus`. + min_version: 'beta' + url_param_only: true + required: true + immutable: true + - name: 'limit' + type: String + description: | + The limit on the metric, e.g. `/project/region`. + + ~> Make sure that `limit` is in a format that doesn't start with `1/` or contain curly braces. + E.g. use `/project/user` instead of `1/{project}/{user}`. + min_version: 'beta' + url_param_only: true + required: true + immutable: true +properties: + - name: 'overrideValue' + type: String + description: | + The overriding quota limit value. Can be any nonnegative integer, or -1 (unlimited quota). + min_version: 'beta' + required: true + custom_flatten: 'templates/terraform/custom_flatten/go/consumer_quote_override_override_value.go.tmpl' + - name: 'dimensions' + type: KeyValuePairs + description: | + If this map is nonempty, then this override applies only to specific values for dimensions defined in the limit unit. + min_version: 'beta' + immutable: true diff --git a/mmv1/products/serviceusage/go_product.yaml b/mmv1/products/serviceusage/go_product.yaml new file mode 100644 index 000000000000..8cb409756906 --- /dev/null +++ b/mmv1/products/serviceusage/go_product.yaml @@ -0,0 +1,25 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ServiceUsage' +display_name: 'Service Usage' +versions: + - name: 'ga' + base_url: 'https://serviceusage.googleapis.com/v1/' + - name: 'beta' + base_url: 'https://serviceusage.googleapis.com/v1beta1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' +operation_retry: 'templates/terraform/operation_retry/service_usage.go' diff --git a/mmv1/products/sourcerepo/Repository.yaml b/mmv1/products/sourcerepo/Repository.yaml index 5f91f3eecc0f..c10c2e060f62 100644 --- a/mmv1/products/sourcerepo/Repository.yaml +++ b/mmv1/products/sourcerepo/Repository.yaml @@ -100,7 +100,6 @@ properties: This service account needs to be in the same project as the PubsubConfig. When added, the caller needs to have iam.serviceAccounts.actAs permission on this service account. If unspecified, it defaults to the compute engine default service account. - default_from_api: true key_expander: 'expandSourceRepoRepositoryPubsubConfigsTopic' set_hash_func: 'resourceSourceRepoRepositoryPubSubConfigsHash' diff --git a/mmv1/products/sourcerepo/go_Repository.yaml b/mmv1/products/sourcerepo/go_Repository.yaml new file mode 100644 index 000000000000..44adf1378288 --- /dev/null +++ b/mmv1/products/sourcerepo/go_Repository.yaml @@ -0,0 +1,112 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Repository' +description: | + A repository (or repo) is a Git repository storing versioned source content. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/source-repositories/' + api: 'https://cloud.google.com/source-repositories/docs/reference/rest/v1/projects.repos' +docs: +base_url: 'projects/{{project}}/repos' +self_link: 'projects/{{project}}/repos/{{name}}' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/repos/{{%name}}' + - '{{%name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +collection_url_key: 'repos' +iam_policy: + method_name_separator: ':' + parent_resource_attribute: 'repository' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + custom_diff_suppress: 'templates/terraform/iam/go/sourcerepo_diff_suppress.go.tmpl' +custom_code: + constants: 'templates/terraform/constants/go/source_repo_repository.go.tmpl' + update_encoder: 'templates/terraform/update_encoder/go/source_repo_repository.tmpl' + post_create: 'templates/terraform/post_create/go/source_repo_repository_update.go.tmpl' +exclude_tgc: true +examples: + - name: 'sourcerepo_repository_basic' + primary_resource_id: 'my-repo' + primary_resource_name: 'fmt.Sprintf("my/repository%s", context["random_suffix"])' + vars: + repository_name: 'my/repository' + - name: 'sourcerepo_repository_full' + primary_resource_id: 'my-repo' + vars: + repository_name: 'my-repository' + account_id: 'my-account' + topic_name: 'my-topic' +parameters: +properties: + - name: 'name' + type: String + description: | + Resource name of the repository, of the form `{{repo}}`. + The repo name may contain slashes. eg, `name/with/slash` + required: true + immutable: true + custom_flatten: 'templates/terraform/custom_flatten/go/repository_short_name_from_name.go.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/shortname_to_url.go.tmpl' + - name: 'url' + type: String + description: | + URL to clone the repository from Google Cloud Source Repositories. + output: true + - name: 'size' + type: Integer + description: | + The disk usage of the repo, in bytes. + output: true + - name: 'pubsubConfigs' + type: Map + description: | + How this repository publishes a change in the repository through Cloud Pub/Sub. + Keyed by the topic names. + key_expander: 'expandSourceRepoRepositoryPubsubConfigsTopic' + set_hash_func: 'resourceSourceRepoRepositoryPubSubConfigsHash' + key_name: 'topic' + key_description: | + A Cloud Pub/Sub topic in this repo's project. Values are of the form + `projects//topics/` or `` (where the topic will + be inferred). + value_type: + name: pubsubConfig + type: NestedObject + properties: + - name: 'messageFormat' + type: Enum + description: | + The format of the Cloud Pub/Sub messages. + - PROTOBUF: The message payload is a serialized protocol buffer of SourceRepoEvent. + - JSON: The message payload is a JSON string of SourceRepoEvent. + required: true + enum_values: + - 'PROTOBUF' + - 'JSON' + - name: 'serviceAccountEmail' + type: String + description: | + Email address of the service account used for publishing Cloud Pub/Sub messages. + This service account needs to be in the same project as the PubsubConfig. When added, + the caller needs to have iam.serviceAccounts.actAs permission on this service account. + If unspecified, it defaults to the compute engine default service account. + default_from_api: true diff --git a/mmv1/products/sourcerepo/go_product.yaml b/mmv1/products/sourcerepo/go_product.yaml new file mode 100644 index 000000000000..9de91aa3aa4d --- /dev/null +++ b/mmv1/products/sourcerepo/go_product.yaml @@ -0,0 +1,23 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'SourceRepo' +legacy_name: 'sourcerepo' +display_name: 'Cloud Source Repositories' +versions: + - name: 'ga' + base_url: 'https://sourcerepo.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/cloud-platform' diff --git a/mmv1/products/spanner/Instance.yaml b/mmv1/products/spanner/Instance.yaml index 251e3ee20d17..424f56a404e4 100644 --- a/mmv1/products/spanner/Instance.yaml +++ b/mmv1/products/spanner/Instance.yaml @@ -97,8 +97,6 @@ properties: A unique identifier for the instance, which cannot be changed after the instance is created. The name must be between 6 and 30 characters in length. - - If not provided, a random string starting with `tf-` will be selected. immutable: true required: true diff --git a/mmv1/products/spanner/go_Database.yaml b/mmv1/products/spanner/go_Database.yaml new file mode 100644 index 000000000000..f90784c84a33 --- /dev/null +++ b/mmv1/products/spanner/go_Database.yaml @@ -0,0 +1,171 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Database' +description: | + A Cloud Spanner Database which is hosted on a Spanner instance. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/spanner/' + api: 'https://cloud.google.com/spanner/docs/reference/rest/v1/projects.instances.databases' +docs: + warning: | + On newer versions of the provider, you must explicitly set `deletion_protection=false` + (and run `terraform apply` to write the field to state) in order to destroy an instance. + It is recommended to not set this field (or set it to true) until you're ready to destroy. + On older versions, it is strongly recommended to set `lifecycle { prevent_destroy = true }` + on databases in order to prevent accidental data loss. See + [Terraform docs](https://developer.hashicorp.com/terraform/language/meta-arguments/lifecycle#prevent_destroy) + for more information on lifecycle parameters. +id_format: '{{instance}}/{{name}}' +base_url: 'projects/{{project}}/instances/{{instance}}/databases' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/instances/{{instance}}/databases/{{name}}' + - 'instances/{{instance}}/databases/{{name}}' + - '{{project}}/{{instance}}/{{name}}' + - '{{instance}}/{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'update', 'delete'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +custom_code: + constants: 'templates/terraform/constants/go/spanner_database.go.tmpl' + encoder: 'templates/terraform/encoders/go/spanner_database.go.tmpl' + update_encoder: 'templates/terraform/update_encoder/go/spanner_database.go.tmpl' + decoder: 'templates/terraform/decoders/go/spanner_database.go.tmpl' + post_create: 'templates/terraform/post_create/go/spanner_database.go.tmpl' + pre_update: 'templates/terraform/pre_update/go/spanner_database.go.tmpl' + pre_delete: 'templates/terraform/pre_delete/go/resource_spanner_database.go.tmpl' +custom_diff: + - 'resourceSpannerDBDdlCustomDiff' +skip_sweeper: true +examples: + - name: 'spanner_database_basic' + primary_resource_id: 'database' + vars: + database_name: 'my-database' + ignore_read_extra: + - 'deletion_protection' + skip_vcr: true +virtual_fields: + - name: 'deletion_protection' + description: | + Whether Terraform will be prevented from destroying the database. Defaults to true. + When a`terraform destroy` or `terraform apply` would delete the database, + the command will fail if this field is not set to false in Terraform state. + When the field is set to true or unset in Terraform state, a `terraform apply` + or `terraform destroy` that would delete the database will fail. + When the field is set to false, deleting the database is allowed. + type: Boolean + default_value: true +parameters: + - name: 'instance' + type: ResourceRef + description: 'The instance to create the database on.' + required: true + immutable: true + custom_expand: 'templates/terraform/custom_expand/go/resourceref_with_validation.go.tmpl' + resource: 'Instance' + imports: 'name' +properties: + - name: 'name' + type: String + description: | + A unique identifier for the database, which cannot be changed after + the instance is created. Values are of the form [a-z][-a-z0-9]*[a-z0-9]. + required: true + immutable: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + validation: + regex: '^[a-z][a-z0-9_\-]*[a-z0-9]$' + - name: 'versionRetentionPeriod' + type: String + description: | + The retention period for the database. The retention period must be between 1 hour + and 7 days, and can be specified in days, hours, minutes, or seconds. For example, + the values 1d, 24h, 1440m, and 86400s are equivalent. Default value is 1h. + If this property is used, you must avoid adding new DDL statements to `ddl` that + update the database's version_retention_period. + default_from_api: true + update_url: 'projects/{{project}}/instances/{{instance}}/databases/{{name}}/ddl' + - name: 'ddl' + type: Array + description: | + An optional list of DDL statements to run inside the newly created + database. Statements can create tables, indexes, etc. These statements + execute atomically with the creation of the database: if there is an + error in any statement, the database is not created. + api_name: extraStatements + ignore_read: true + update_url: 'projects/{{project}}/instances/{{instance}}/databases/{{name}}/ddl' + item_type: + type: String + - name: 'state' + type: Enum + description: An explanation of the status of the database. + output: true + enum_values: + - 'READY' + - 'CREATING' + - name: 'encryptionConfig' + type: NestedObject + description: | + Encryption configuration for the database + immutable: true + properties: + - name: 'kmsKeyName' + type: String + description: | + Fully qualified name of the KMS key to use to encrypt this database. This key must exist + in the same location as the Spanner Database. + required: true + immutable: true + - name: 'databaseDialect' + type: Enum + description: | + The dialect of the Cloud Spanner Database. + If it is not provided, "GOOGLE_STANDARD_SQL" will be used. + immutable: true + default_from_api: true + enum_values: + - 'GOOGLE_STANDARD_SQL' + - 'POSTGRESQL' + - name: 'enableDropProtection' + type: Boolean + description: | + Whether drop protection is enabled for this database. Defaults to false. + Drop protection is different from + the "deletion_protection" attribute in the following ways: + (1) "deletion_protection" only protects the database from deletions in Terraform. + whereas setting “enableDropProtection” to true protects the database from deletions in all interfaces. + (2) Setting "enableDropProtection" to true also prevents the deletion of the parent instance containing the database. + "deletion_protection" attribute does not provide protection against the deletion of the parent instance. + default_value: false diff --git a/mmv1/products/spanner/go_Instance.yaml b/mmv1/products/spanner/go_Instance.yaml new file mode 100644 index 000000000000..5ad67edcd1e6 --- /dev/null +++ b/mmv1/products/spanner/go_Instance.yaml @@ -0,0 +1,223 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Instance' +description: | + An isolated set of Cloud Spanner resources on which databases can be + hosted. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/spanner/' + api: 'https://cloud.google.com/spanner/docs/reference/rest/v1/projects.instances' +docs: +id_format: '{{project}}/{{name}}' +base_url: 'projects/{{project}}/instances' +update_verb: 'PATCH' +import_format: + - 'projects/{{project}}/instances/{{name}}' + - '{{project}}/{{name}}' + - '{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + path: 'name' + wait_ms: 1000 + result: + path: 'response' + resource_inside_response: true + error: + path: 'error' + message: 'message' +custom_code: + constants: 'templates/terraform/constants/go/spanner_instance.go.tmpl' + encoder: 'templates/terraform/encoders/go/spanner_instance.go.tmpl' + update_encoder: 'templates/terraform/encoders/go/spanner_instance_update.go.tmpl' + decoder: 'templates/terraform/decoders/go/spanner_instance.go.tmpl' + post_create: 'templates/terraform/post_create/go/sleep.go.tmpl' + pre_update: 'templates/terraform/pre_update/go/spanner_instance.go.tmpl' + pre_delete: 'templates/terraform/pre_delete/go/spanner_instance.go.tmpl' +examples: + - name: 'spanner_instance_basic' + primary_resource_id: 'example' + skip_vcr: true + - name: 'spanner_instance_processing_units' + primary_resource_id: 'example' + skip_vcr: true + - name: 'spanner_instance_with_autoscaling' + primary_resource_id: 'example' + skip_vcr: true + - name: 'spanner_instance_multi_regional' + primary_resource_id: 'example' + skip_vcr: true +virtual_fields: + - name: 'force_destroy' + description: | + When deleting a spanner instance, this boolean option will delete all backups of this instance. + This must be set to true if you created a backup manually in the console. + type: Boolean + default_value: false +parameters: +properties: + - name: 'name' + type: String + description: | + A unique identifier for the instance, which cannot be changed after + the instance is created. The name must be between 6 and 30 characters + in length. + If not provided, a random string starting with `tf-` will be selected. + required: true + immutable: true + default_from_api: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + validation: + regex: '^[a-z][-a-z0-9]*[a-z0-9]$' + - name: 'config' + type: ResourceRef + description: | + The name of the instance's configuration (similar but not + quite the same as a region) which defines the geographic placement and + replication of your databases in this instance. It determines where your data + is stored. Values are typically of the form `regional-europe-west1` , `us-central` etc. + In order to obtain a valid list please consult the + [Configuration section of the docs](https://cloud.google.com/spanner/docs/instances). + required: true + immutable: true + custom_expand: 'templates/terraform/custom_expand/go/spanner_instance_config.go.tmpl' + resource: 'InstanceConfig' + imports: 'name' + - name: 'displayName' + type: String + description: | + The descriptive name for this instance as it appears in UIs. Must be + unique per project and between 4 and 30 characters in length. + required: true + - name: 'num_nodes' + type: Integer + description: | + The number of nodes allocated to this instance. Exactly one of either node_count or processing_units + must be present in terraform. + api_name: nodeCount + default_from_api: true + exactly_one_of: + - 'num_nodes' + - 'processing_units' + - 'autoscaling_config' + - name: 'processingUnits' + type: Integer + description: | + The number of processing units allocated to this instance. Exactly one of processing_units + or node_count must be present in terraform. + default_from_api: true + exactly_one_of: + - 'num_nodes' + - 'processing_units' + - 'autoscaling_config' + - name: 'labels' + type: KeyValueLabels + description: | + An object containing a list of "key": value pairs. + Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + - name: 'state' + type: Enum + description: | + Instance status: `CREATING` or `READY`. + output: true + enum_values: + - 'READY' + - 'CREATING' + - name: 'autoscalingConfig' + type: NestedObject + description: | + The autoscaling configuration. Autoscaling is enabled if this field is set. + When autoscaling is enabled, num_nodes and processing_units are treated as, + OUTPUT_ONLY fields and reflect the current compute capacity allocated to + the instance. + exactly_one_of: + - 'num_nodes' + - 'processing_units' + - 'autoscaling_config' + properties: + - name: 'autoscalingLimits' + type: NestedObject + description: | + Defines scale in controls to reduce the risk of response latency + and outages due to abrupt scale-in events. Users can define the minimum and + maximum compute capacity allocated to the instance, and the autoscaler will + only scale within that range. Users can either use nodes or processing + units to specify the limits, but should use the same unit to set both the + min_limit and max_limit. + properties: + - name: 'minProcessingUnits' + type: Integer + description: | + Specifies minimum number of processing units allocated to the instance. + If set, this number should be multiples of 1000. + exactly_one_of: + - 'min_processing_units' + - 'min_nodes' + - name: 'maxProcessingUnits' + type: Integer + description: | + Specifies maximum number of processing units allocated to the instance. + If set, this number should be multiples of 1000 and be greater than or equal to + min_processing_units. + exactly_one_of: + - 'max_processing_units' + - 'max_nodes' + - name: 'minNodes' + type: Integer + description: | + Specifies number of nodes allocated to the instance. If set, this number + should be greater than or equal to 1. + exactly_one_of: + - 'min_processing_units' + - 'min_nodes' + required_with: + - 'max_nodes' + - name: 'maxNodes' + type: Integer + description: | + Specifies maximum number of nodes allocated to the instance. If set, this number + should be greater than or equal to min_nodes. + exactly_one_of: + - 'max_processing_units' + - 'max_nodes' + required_with: + - 'min_nodes' + - name: 'autoscalingTargets' + type: NestedObject + description: | + Defines scale in controls to reduce the risk of response latency + and outages due to abrupt scale-in events + properties: + - name: 'highPriorityCpuUtilizationPercent' + type: Integer + description: | + Specifies the target high priority cpu utilization percentage that the autoscaler + should be trying to achieve for the instance. + This number is on a scale from 0 (no utilization) to 100 (full utilization).. + - name: 'storageUtilizationPercent' + type: Integer + description: | + Specifies the target storage utilization percentage that the autoscaler + should be trying to achieve for the instance. + This number is on a scale from 0 (no utilization) to 100 (full utilization). diff --git a/mmv1/products/spanner/go_InstanceConfig.yaml b/mmv1/products/spanner/go_InstanceConfig.yaml new file mode 100644 index 000000000000..c31dcf3c72b8 --- /dev/null +++ b/mmv1/products/spanner/go_InstanceConfig.yaml @@ -0,0 +1,127 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'InstanceConfig' +description: | + A possible configuration for a Cloud Spanner instance. Configurations + define the geographic placement of nodes and their replication. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/spanner/' + api: 'https://cloud.google.com/spanner/docs/reference/rest/v1/projects.instanceConfigs' +docs: +id_format: '{{project}}/{{name}}' +base_url: 'projects/{{project}}/instanceConfigs' +update_verb: 'PATCH' +update_mask: true +import_format: + - 'projects/{{project}}/instanceConfigs/{{name}}' + - '{{project}}/{{name}}' + - '{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +autogen_async: true +async: + actions: ['create', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + result: + resource_inside_response: true +custom_code: + constants: 'templates/terraform/constants/go/spanner_instance_config.go.tmpl' + encoder: 'templates/terraform/encoders/go/spanner_instance_config.go.tmpl' + update_encoder: 'templates/terraform/update_encoder/go/spanner_instance_config_update.go.tmpl' + decoder: 'templates/terraform/decoders/go/spanner_instance_config.go.tmpl' +exclude_tgc: true +skip_sweeper: true +examples: + - name: 'spanner_instance_config_basic' + primary_resource_id: 'example' + vars: + instance_config_name: '"custom-nam11-config"' + test_vars_overrides: + 'instance_config_name': '"custom-tf-test-nam11-config"' +parameters: +properties: + - name: 'name' + type: String + description: | + A unique identifier for the instance configuration. Values are of the + form projects//instanceConfigs/[a-z][-a-z0-9]* + required: true + immutable: true + default_from_api: true + - name: 'displayName' + type: String + description: | + The name of this instance configuration as it appears in UIs. + required: true + - name: 'baseConfig' + type: String + description: | + Base configuration name, e.g. nam3, based on which this configuration is created. + Only set for user managed configurations. + baseConfig must refer to a configuration of type GOOGLE_MANAGED in the same project as this configuration. + immutable: true + default_from_api: true + custom_flatten: 'templates/terraform/custom_flatten/go/name_from_self_link.tmpl' + custom_expand: 'templates/terraform/custom_expand/go/spanner_instance_config.go.tmpl' + - name: 'configType' + type: String + description: | + Output only. Whether this instance config is a Google or User Managed Configuration. + output: true + - name: 'replicas' + type: Array + description: | + The geographic placement of nodes in this instance configuration and their replication properties. + is_set: true + required: true + immutable: true + set_hash_func: replicasHash + item_type: + type: NestedObject + properties: + - name: 'location' + type: String + description: | + The location of the serving resources, e.g. "us-central1". + immutable: true + - name: 'type' + type: Enum + description: | + Indicates the type of replica. See the [replica types + documentation](https://cloud.google.com/spanner/docs/replication#replica_types) + for more details. + immutable: true + enum_values: + - 'READ_WRITE' + - 'READ_ONLY' + - 'WITNESS' + - name: 'defaultLeaderLocation' + type: Boolean + description: |- + If true, this location is designated as the default leader location where + leader replicas are placed. + immutable: true + default_value: false + - name: 'labels' + type: KeyValueLabels + description: | + An object containing a list of "key": value pairs. + Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. diff --git a/mmv1/products/spanner/go_product.yaml b/mmv1/products/spanner/go_product.yaml new file mode 100644 index 000000000000..ca7e4c2bdb7a --- /dev/null +++ b/mmv1/products/spanner/go_product.yaml @@ -0,0 +1,22 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Spanner' +display_name: 'Cloud Spanner' +versions: + - name: 'ga' + base_url: 'https://spanner.googleapis.com/v1/' +scopes: + - 'https://www.googleapis.com/auth/spanner.admin' diff --git a/mmv1/products/sql/go_Database.yaml b/mmv1/products/sql/go_Database.yaml new file mode 100644 index 000000000000..7760424bf406 --- /dev/null +++ b/mmv1/products/sql/go_Database.yaml @@ -0,0 +1,116 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Database' +kind: 'sql#database' +description: | + Represents a SQL database inside the Cloud SQL instance, hosted in + Google's cloud. +docs: +base_url: 'projects/{{project}}/instances/{{instance}}/databases' +has_self_link: true +mutex: 'google-sql-database-instance-{{project}}-{{instance}}' +import_format: + - 'projects/{{project}}/instances/{{instance}}/databases/{{name}}' + - '{{project}}/{{instance}}/{{name}}' + - 'instances/{{instance}}/databases/{{name}}' + - '{{instance}}/{{name}}' + - '{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/operations/{{op_id}}' + kind: 'sql#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +collection_url_key: 'items' +custom_code: + pre_delete: 'templates/terraform/pre_delete/go/sql_database_deletion_policy.tmpl' +skip_sweeper: true +read_error_transform: 'transformSQLDatabaseReadError' +examples: + - name: 'sql_database_basic' + primary_resource_id: 'database' + vars: + database_name: 'my-database' + database_instance_name: 'my-database-instance' + deletion_protection: 'true' + test_vars_overrides: + 'deletion_protection': 'false' + - name: 'sql_database_deletion_policy' + primary_resource_id: 'database_deletion_policy' + vars: + database_name: 'my-database' + database_instance_name: 'my-database-instance' + deletion_protection: 'true' + test_vars_overrides: + 'deletion_protection': 'false' + ignore_read_extra: + - 'deletion_policy' +virtual_fields: + - name: 'deletion_policy' + description: | + The deletion policy for the database. Setting ABANDON allows the resource + to be abandoned rather than deleted. This is useful for Postgres, where databases cannot be + deleted from the API if there are users other than cloudsqlsuperuser with access. Possible + values are: "ABANDON", "DELETE". Defaults to "DELETE". + type: String + default_value: "DELETE" +parameters: + - name: 'instance' + type: String + description: | + The name of the Cloud SQL instance. This does not include the project + ID. + required: true + immutable: true +properties: + - name: 'charset' + type: String + description: | + The charset value. See MySQL's + [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) + and Postgres' [Character Set Support](https://www.postgresql.org/docs/9.6/static/multibyte.html) + for more details and supported values. Postgres databases only support + a value of `UTF8` at creation time. + default_from_api: true + diff_suppress_func: 'tpgresource.CaseDiffSuppress' + - name: 'collation' + type: String + description: | + The collation value. See MySQL's + [Supported Character Sets and Collations](https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html) + and Postgres' [Collation Support](https://www.postgresql.org/docs/9.6/static/collation.html) + for more details and supported values. Postgres databases only support + a value of `en_US.UTF8` at creation time. + default_from_api: true + - name: 'name' + type: String + description: | + The name of the database in the Cloud SQL instance. + This does not include the project ID or instance name. + required: true + immutable: true diff --git a/mmv1/products/sql/go_SourceRepresentationInstance.yaml b/mmv1/products/sql/go_SourceRepresentationInstance.yaml new file mode 100644 index 000000000000..ce0876661c6d --- /dev/null +++ b/mmv1/products/sql/go_SourceRepresentationInstance.yaml @@ -0,0 +1,135 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'SourceRepresentationInstance' +kind: 'sql#instance' +description: | + A source representation instance is a Cloud SQL instance that represents + the source database server to the Cloud SQL replica. It is visible in the + Cloud Console and appears the same as a regular Cloud SQL instance, but it + contains no data, requires no configuration or maintenance, and does not + affect billing. You cannot update the source representation instance. +docs: +base_url: 'projects/{{project}}/instances' +immutable: true +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: 'projects/{{project}}/operations/{{op_id}}' + kind: 'sql#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +custom_code: + encoder: 'templates/terraform/encoders/go/sql_source_representation_instance.go.tmpl' + decoder: 'templates/terraform/decoders/go/sql_source_representation_instance.go.tmpl' +examples: + - name: 'sql_source_representation_instance_basic' + primary_resource_id: 'instance' + vars: + name: 'my-instance' + ignore_read_extra: + - 'password' + - name: 'sql_source_representation_instance_postgres' + primary_resource_id: 'instance' + vars: + name: 'my-instance' + ignore_read_extra: + - 'password' +parameters: +properties: + - name: 'name' + type: String + description: | + The name of the source representation instance. Use any valid Cloud SQL instance name. + required: true + - name: 'region' + type: String + description: | + The Region in which the created instance should reside. + If it is not provided, the provider region is used. + required: false + default_from_api: true + - name: 'databaseVersion' + type: Enum + description: | + The MySQL version running on your source database server. + required: true + enum_values: + - 'MYSQL_5_6' + - 'MYSQL_5_7' + - 'MYSQL_8_0' + - 'POSTGRES_9_6' + - 'POSTGRES_10' + - 'POSTGRES_11' + - 'POSTGRES_12' + - 'POSTGRES_13' + - 'POSTGRES_14' + - name: 'onPremisesConfiguration' + type: NestedObject + description: | + Configuration specific to on-premises instances. + required: true + flatten_object: true + properties: + - name: 'host' + type: String + description: | + The IPv4 address and port for the external server, or the the DNS address for the external server. If the external server is hosted on Cloud SQL, the port is 5432. + required: true + - name: 'port' + type: Integer + description: | + The externally accessible port for the source database server. + Defaults to 3306. + validation: + function: 'validation.IntBetween(0, 65535)' + default_value: 3306 + - name: 'username' + type: String + description: | + The replication user account on the external server. + - name: 'password' + type: String + description: | + The password for the replication user account. + sensitive: true + custom_flatten: 'templates/terraform/custom_flatten/go/source_representation_instance_configuration_password.go.tmpl' + - name: 'dumpFilePath' + type: String + description: | + A file in the bucket that contains the data from the external server. + - name: 'caCertificate' + type: String + description: | + The CA certificate on the external server. Include only if SSL/TLS is used on the external server. + - name: 'clientCertificate' + type: String + description: | + The client certificate on the external server. Required only for server-client authentication. Include only if SSL/TLS is used on the external server. + - name: 'clientKey' + type: String + description: | + The private key file for the client certificate on the external server. Required only for server-client authentication. Include only if SSL/TLS is used on the external server. diff --git a/mmv1/products/sql/go_product.yaml b/mmv1/products/sql/go_product.yaml new file mode 100644 index 000000000000..a49995887239 --- /dev/null +++ b/mmv1/products/sql/go_product.yaml @@ -0,0 +1,36 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'SQL' +display_name: 'Cloud SQL' +client_name: 'SqlAdmin' +versions: + - name: 'ga' + base_url: 'https://sqladmin.googleapis.com/sql/v1beta4/' +scopes: + - 'https://www.googleapis.com/auth/sqlservice.admin' +async: + type: "OpAsync" + operation: + base_url: 'projects/{{project}}/operations/{{op_id}}' + kind: 'sql#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' diff --git a/mmv1/products/storage/DefaultObjectACL.yaml b/mmv1/products/storage/DefaultObjectAccessControl.yaml similarity index 100% rename from mmv1/products/storage/DefaultObjectACL.yaml rename to mmv1/products/storage/DefaultObjectAccessControl.yaml diff --git a/mmv1/products/storage/ManagedFolder.yaml b/mmv1/products/storage/ManagedFolder.yaml index 94f33ac04c18..468af2da2848 100644 --- a/mmv1/products/storage/ManagedFolder.yaml +++ b/mmv1/products/storage/ManagedFolder.yaml @@ -50,6 +50,15 @@ examples: bucket_name: 'my-bucket' ignore_read_extra: - 'force_destroy' +virtual_fields: + - !ruby/object:Api::Type::Boolean + name: 'force_destroy' + default_value: false + description: | + Allows the deletion of a managed folder even if contains + objects. If a non-empty managed folder is deleted, any objects + within the folder will remain in a simulated folder with the + same name. parameters: - !ruby/object:Api::Type::ResourceRef name: 'bucket' @@ -70,15 +79,6 @@ parameters: # consistent output. validation: !ruby/object:Provider::Terraform::Validation regex: '/$' -virtual_fields: - - !ruby/object:Api::Type::Boolean - name: 'force_destroy' - default_value: false - description: | - Allows the deletion of a managed folder even if contains - objects. If a non-empty managed folder is deleted, any objects - within the folder will remain in a simulated folder with the - same name. properties: - !ruby/object:Api::Type::String name: createTime diff --git a/mmv1/products/storage/go_Bucket.yaml b/mmv1/products/storage/go_Bucket.yaml new file mode 100644 index 000000000000..d1cb83f9b922 --- /dev/null +++ b/mmv1/products/storage/go_Bucket.yaml @@ -0,0 +1,516 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Bucket' +kind: 'storage#bucket' +description: | + The Buckets resource represents a bucket in Google Cloud Storage. There is + a single global namespace shared by all buckets. For more information, see + Bucket Name Requirements. + + Buckets contain objects which can be accessed by their own methods. In + addition to the acl property, buckets contain bucketAccessControls, for + use in fine-grained manipulation of an existing bucket's access controls. + + A bucket is always owned by the project team owners group. +exclude_resource: true +docs: +base_url: 'b?project={{project}}' +self_link: 'b/{{name}}?projection=full' +import_format: + - '{{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +collection_url_key: 'items' +iam_policy: + exclude_tgc: true + fetch_iam_policy_method: 'iam' + set_iam_policy_verb: 'PUT' + set_iam_policy_method: 'iam' + wrapped_policy_obj: false + allowed_iam_role: 'roles/storage.objectViewer' + admin_iam_role: 'roles/storage.admin' + parent_resource_attribute: 'bucket' + iam_conditions_request_type: 'QUERY_PARAM' + base_url: 'b/{{name}}' + example_config_body: 'templates/terraform/iam/go/iam_attributes.go.tmpl' + custom_diff_suppress: 'templates/terraform/iam/go/storage_bucket_diff_suppress.go.tmpl' + import_format: + - 'b/{{name}}' + - '{{name}}' +custom_code: +examples: + - name: 'storage_bucket_basic' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-my-bucket%s", context["random_suffix"])' + vars: + name: 'my-bucket' +parameters: + - name: 'project' + type: String + description: 'A valid API project identifier.' + immutable: true + - name: 'predefinedDefaultObjectAcl' + type: Enum + description: | + Apply a predefined set of default object access controls to this + bucket. + + Acceptable values are: + - "authenticatedRead": Object owner gets OWNER access, and + allAuthenticatedUsers get READER access. + - "bucketOwnerFullControl": Object owner gets OWNER access, and + project team owners get OWNER access. + - "bucketOwnerRead": Object owner gets OWNER access, and project + team owners get READER access. + - "private": Object owner gets OWNER access. + - "projectPrivate": Object owner gets OWNER access, and project team + members get access according to their roles. + - "publicRead": Object owner gets OWNER access, and allUsers get + READER access. + immutable: true + enum_values: + - 'authenticatedRead' + - 'bucketOwnerFullControl' + - 'bucketOwnerRead' + - 'private' + - 'projectPrivate' + - 'publicRead' +properties: + - name: 'acl' + type: Array + description: 'Access controls on the bucket.' + item_type: + type: NestedObject + properties: + - name: 'bucket' + type: ResourceRef + description: 'The name of the bucket.' + required: true + resource: 'Bucket' + imports: 'name' + - name: 'domain' + type: String + description: 'The domain associated with the entity.' + output: true + - name: 'email' + type: String + description: 'The email address associated with the entity.' + output: true + - name: 'entity' + type: String + description: | + The entity holding the permission, in one of the following forms: + user-userId + user-email + group-groupId + group-email + domain-domain + project-team-projectId + allUsers + allAuthenticatedUsers + Examples: + The user liz@example.com would be user-liz@example.com. + The group example@googlegroups.com would be + group-example@googlegroups.com. + To refer to all members of the Google Apps for Business domain + example.com, the entity would be domain-example.com. + required: true + - name: 'entityId' + type: String + description: 'The ID for the entity' + # | 'etag' is not applicable for state convergence. + - name: 'id' + type: String + description: 'The ID of the access-control entry.' + output: true + - name: 'projectTeam' + type: NestedObject + description: 'The project team associated with the entity' + properties: + - name: 'projectNumber' + type: String + description: 'The project team associated with the entity' + - name: 'team' + type: Enum + description: 'The team.' + enum_values: + - 'editors' + - 'owners' + - 'viewers' + - name: 'role' + type: Enum + description: 'The access permission for the entity.' + enum_values: + - 'OWNER' + - 'READER' + - 'WRITER' + - name: 'cors' + type: Array + description: | + The bucket's Cross-Origin Resource Sharing (CORS) configuration. + item_type: + type: NestedObject + properties: + - name: 'maxAgeSeconds' + type: Integer + description: | + The value, in seconds, to return in the Access-Control-Max-Age + header used in preflight responses. + - name: 'method' + type: Array + description: | + The list of HTTP methods on which to include CORS response + headers, (GET, OPTIONS, POST, etc) Note: "*" is permitted in the + list of methods, and means "any method". + item_type: + type: String + - name: 'origin' + type: Array + description: | + The list of Origins eligible to receive CORS response headers. + Note: "*" is permitted in the list of origins, and means "any + Origin". + item_type: + type: String + - name: 'responseHeader' + type: Array + description: | + The list of HTTP headers other than the simple response headers + to give permission for the user-agent to share across domains. + item_type: + type: String + - name: 'defaultEventBasedHold' + type: Boolean + description: | + Whether or not to automatically apply an eventBasedHold to new objects + added to the bucket. + - name: 'defaultObjectAcl' + type: Array + description: | + Default access controls to apply to new objects when no ACL is + provided. + immutable: true + item_type: + type: NestedObject + properties: + - name: 'bucket' + type: ResourceRef + description: 'The name of the bucket.' + required: true + resource: 'Bucket' + imports: 'name' + - name: 'domain' + type: String + description: 'The domain associated with the entity.' + output: true + - name: 'email' + type: String + description: 'The email address associated with the entity.' + output: true + - name: 'entity' + type: String + description: | + The entity holding the permission, in one of the following forms: + * user-{{userId}} + * user-{{email}} (such as "user-liz@example.com") + * group-{{groupId}} + * group-{{email}} (such as "group-example@googlegroups.com") + * domain-{{domain}} (such as "domain-example.com") + * project-team-{{projectId}} + * allUsers + * allAuthenticatedUsers + required: true + - name: 'entityId' + type: String + description: 'The ID for the entity' + # | 'etag' is not applicable for state convergence. + output: true + - name: 'generation' + type: Integer + description: + 'The content generation of the object, if applied to an object.' + output: true + - name: 'id' + type: String + description: 'The ID of the access-control entry.' + output: true + - name: 'object' + type: String + description: 'The name of the object, if applied to an object.' + required: false + - name: 'projectTeam' + type: NestedObject + description: 'The project team associated with the entity' + output: true + properties: + - name: 'projectNumber' + type: String + description: 'The project team associated with the entity' + - name: 'team' + type: Enum + description: 'The team.' + enum_values: + - 'editors' + - 'owners' + - 'viewers' + - name: 'role' + type: Enum + description: 'The access permission for the entity.' + required: true + enum_values: + - 'OWNER' + - 'READER' + - name: 'id' + type: String + description: | + The ID of the bucket. For buckets, the id and name properities are the + same. + output: true + - name: 'lifecycle' + type: NestedObject + description: | + The bucket's lifecycle configuration. + + See https://developers.google.com/storage/docs/lifecycle for more + information. + properties: + - name: 'rule' + type: Array + description: | + A lifecycle management rule, which is made of an action to take + and the condition(s) under which the action will be taken. + item_type: + type: NestedObject + properties: + - name: 'action' + type: NestedObject + description: 'The action to take.' + properties: + - name: 'storageClass' + type: String + description: | + Target storage class. Required iff the type of the + action is SetStorageClass. + - name: 'type' + type: Enum + description: | + Type of the action. Currently, only Delete and + SetStorageClass are supported. + enum_values: + - 'Delete' + - 'SetStorageClass' + - name: 'condition' + type: NestedObject + description: | + The condition(s) under which the action will be taken. + properties: + - name: 'ageDays' + type: Integer + description: | + Age of an object (in days). This condition is satisfied + when an object reaches the specified age. + api_name: age + - name: 'createdBefore' + type: Time + description: | + A date in RFC 3339 format with only the date part (for + instance, "2013-01-15"). This condition is satisfied + when an object is created before midnight of the + specified date in UTC. + - name: 'customTimeBefore' + type: Time + description: | + A date in the RFC 3339 format YYYY-MM-DD. This condition + is satisfied when the customTime metadata for the object + is set to an earlier date than the date used in + this lifecycle condition. + - name: 'daysSinceCustomTime' + type: Integer + description: | + Days since the date set in the customTime metadata for the + object. This condition is satisfied when the current date + and time is at least the specified number of days after + the customTime. + - name: 'daysSinceNoncurrentTime' + type: Integer + description: | + Relevant only for versioned objects. This condition is + satisfied when an object has been noncurrent for more than + the specified number of days. + - name: 'isLive' + type: Boolean + description: | + Relevant only for versioned objects. If the value is + true, this condition matches live objects; if the value + is false, it matches archived objects. + - name: 'matchesStorageClass' + type: Array + description: | + Objects having any of the storage classes specified by + this condition will be matched. Values include + MULTI_REGIONAL, REGIONAL, NEARLINE, COLDLINE, ARCHIVE, + STANDARD, and DURABLE_REDUCED_AVAILABILITY. + item_type: + type: String + - name: 'noncurrentTimeBefore' + type: Time + description: | + Relevant only for versioned objects. A date in the + RFC 3339 format YYYY-MM-DD. This condition is satisfied + for objects that became noncurrent on a date prior to the + one specified in this condition. + - name: 'numNewerVersions' + type: Integer + description: | + Relevant only for versioned objects. If the value is N, + this condition is satisfied when there are at least N + versions (including the live version) newer than this + version of the object. + - name: 'location' + type: String + description: | + The location of the bucket. Object data for objects in the bucket + resides in physical storage within this region. Defaults to US. See + the developer's guide for the authoritative list. + - name: 'logging' + type: NestedObject + description: | + The bucket's logging configuration, which defines the destination + bucket and optional name prefix for the current bucket's logs. + properties: + - name: 'logBucket' + type: String + description: | + The destination bucket where the current bucket's logs should be + placed. + - name: 'logObjectPrefix' + type: String + description: 'A prefix for log object names.' + - name: 'metageneration' + type: Integer + description: 'The metadata generation of this bucket.' + - name: 'name' + type: String + description: 'The name of the bucket' + validation: + function: 'verify.ValidateGCSName' + - name: 'owner' + type: NestedObject + description: | + The owner of the bucket. This is always the project team's owner + group. + properties: + - name: 'entity' + type: String + description: 'The entity, in the form project-owner-projectId.' + - name: 'entityId' + type: String + description: 'The ID for the entity.' + output: true + - name: 'projectNumber' + type: String + description: 'The project number of the project the bucket belongs to.' + output: true + - name: 'storageClass' + type: Enum + description: | + The bucket's default storage class, used whenever no storageClass is + specified for a newly-created object. This defines how objects in the + bucket are stored and determines the SLA and the cost of storage. + Values include MULTI_REGIONAL, REGIONAL, STANDARD, NEARLINE, + COLDLINE, ARCHIVE, and DURABLE_REDUCED_AVAILABILITY. If this value is + not specified when the bucket is created, it will default to + STANDARD. For more information, see storage classes. + enum_values: + - 'MULTI_REGIONAL' + - 'REGIONAL' + - 'STANDARD' + - 'NEARLINE' + - 'COLDLINE' + - 'ARCHIVE' + - 'DURABLE_REDUCED_AVAILABILITY' + - name: 'timeCreated' + type: Time + description: 'The creation time of the bucket in RFC 3339 format.' + output: true + - name: 'updated' + type: Time + description: 'The modification time of the bucket in RFC 3339 format.' + output: true + - name: 'versioning' + type: NestedObject + description: "The bucket's versioning configuration." + properties: + - name: 'enabled' + type: Boolean + description: | + While set to true, versioning is fully enabled for this bucket. + - name: 'website' + type: NestedObject + description: | + The bucket's website configuration, controlling how the service + behaves when accessing bucket contents as a web site. See the Static + Website Examples for more information. + properties: + - name: 'mainPageSuffix' + type: String + description: | + If the requested object path is missing, the service will ensure + the path has a trailing '/', append this suffix, and attempt to + retrieve the resulting object. This allows the creation of + index.html objects to represent directory pages. + - name: 'notFoundPage' + type: String + description: | + If the requested object path is missing, and any mainPageSuffix + object is missing, if applicable, the service will return the + named object from this bucket as the content for a 404 Not Found + result. + - name: 'labels' + type: KeyValueLabels + description: | + Labels applied to this bucket. A list of key->value pairs. + - name: 'encryption' + type: NestedObject + description: | + Encryption configuration for the bucket + properties: + - name: 'defaultKmsKeyName' + type: String + description: | + A Cloud KMS key that will be used to encrypt objects inserted into this bucket, + if no encryption method is specified. + - name: 'retentionPolicy' + type: NestedObject + description: | + Retention policy for the bucket + properties: + - name: 'effectiveTime' + type: Time + description: | + The time from which the retention policy was effective + - name: 'isLocked' + type: Boolean + description: | + If the retention policy is locked. If true, the retention policy cannot be removed and the period cannot + be reduced. + - name: 'retentionPeriod' + type: Integer + description: | + The period of time, in seconds, that objects in the bucket must be retained and cannot be deleted, + overwritten, or made noncurrent. diff --git a/mmv1/products/storage/go_BucketAccessControl.yaml b/mmv1/products/storage/go_BucketAccessControl.yaml new file mode 100644 index 000000000000..bb7dfd5c9681 --- /dev/null +++ b/mmv1/products/storage/go_BucketAccessControl.yaml @@ -0,0 +1,104 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'BucketAccessControl' +kind: 'storage#bucketAccessControl' +description: | + Bucket ACLs can be managed authoritatively using the + [`storage_bucket_acl`](https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/storage_bucket_acl) + resource. Do not use these two resources in conjunction to manage the same bucket. + + The BucketAccessControls resource manages the Access Control List + (ACLs) for a single entity/role pairing on a bucket. ACLs let you specify who + has access to your data and to what extent. + + There are three roles that can be assigned to an entity: + + READERs can get the bucket, though no acl property will be returned, and + list the bucket's objects. WRITERs are READERs, and they can insert + objects into the bucket and delete the bucket's objects. OWNERs are + WRITERs, and they can get the acl property of a bucket, update a bucket, + and call all BucketAccessControls methods on the bucket. For more + information, see Access Control, with the caveat that this API uses + READER, WRITER, and OWNER instead of READ, WRITE, and FULL_CONTROL. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/storage/docs/access-control/lists' + api: 'https://cloud.google.com/storage/docs/json_api/v1/bucketAccessControls' +docs: +id_format: '{{bucket}}/{{entity}}' +base_url: 'b/{{bucket}}/acl' +self_link: 'b/{{bucket}}/acl/{{entity}}' +mutex: 'storage/buckets/{{bucket}}' +import_format: + - '{{bucket}}/{{entity}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +collection_url_key: 'items' +identity: + - entity +custom_code: +skip_sweeper: true +examples: + - name: 'storage_bucket_access_control_public_bucket' + primary_resource_id: 'public_rule' + vars: + bucket_name: 'static-content-bucket' +parameters: +properties: + - name: 'bucket' + type: ResourceRef + description: 'The name of the bucket.' + required: true + immutable: true + resource: 'Bucket' + imports: 'name' + - name: 'domain' + type: String + description: 'The domain associated with the entity.' + output: true + - name: 'email' + type: String + description: 'The email address associated with the entity.' + output: true + - name: 'entity' + type: String + description: | + The entity holding the permission, in one of the following forms: + user-userId + user-email + group-groupId + group-email + domain-domain + project-team-projectId + allUsers + allAuthenticatedUsers + Examples: + The user liz@example.com would be user-liz@example.com. + The group example@googlegroups.com would be + group-example@googlegroups.com. + To refer to all members of the Google Apps for Business domain + example.com, the entity would be domain-example.com. + required: true + immutable: true + - name: 'role' + type: Enum + description: 'The access permission for the entity.' + enum_values: + - 'OWNER' + - 'READER' + - 'WRITER' diff --git a/mmv1/products/storage/go_DefaultObjectAccessControl.yaml b/mmv1/products/storage/go_DefaultObjectAccessControl.yaml new file mode 100644 index 000000000000..2de8f2091604 --- /dev/null +++ b/mmv1/products/storage/go_DefaultObjectAccessControl.yaml @@ -0,0 +1,119 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'DefaultObjectAccessControl' +kind: 'storage#objectAccessControl' +description: | + The DefaultObjectAccessControls resources represent the Access Control + Lists (ACLs) applied to a new object within a Google Cloud Storage bucket + when no ACL was provided for that object. ACLs let you specify who has + access to your bucket contents and to what extent. + + There are two roles that can be assigned to an entity: + + READERs can get an object, though the acl property will not be revealed. + OWNERs are READERs, and they can get the acl property, update an object, + and call all objectAccessControls methods on the object. The owner of an + object is always an OWNER. + For more information, see Access Control, with the caveat that this API + uses READER and OWNER instead of READ and FULL_CONTROL. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/storage/docs/access-control/create-manage-lists' + api: 'https://cloud.google.com/storage/docs/json_api/v1/defaultObjectAccessControls' +docs: +id_format: '{{bucket}}/{{entity}}' +base_url: 'b/{{bucket}}/defaultObjectAcl' +self_link: 'b/{{bucket}}/defaultObjectAcl/{{entity}}' +mutex: 'storage/buckets/{{bucket}}' +import_format: + - '{{bucket}}/{{entity}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: +skip_sweeper: true +examples: + - name: 'storage_default_object_access_control_public' + primary_resource_id: 'public_rule' + vars: + bucket_name: 'static-content-bucket' +parameters: +properties: + - name: 'bucket' + type: ResourceRef + description: 'The name of the bucket.' + required: true + ignore_read: true + resource: 'Bucket' + imports: 'name' + - name: 'domain' + type: String + description: 'The domain associated with the entity.' + output: true + - name: 'email' + type: String + description: 'The email address associated with the entity.' + output: true + - name: 'entity' + type: String + description: | + The entity holding the permission, in one of the following forms: + * user-{{userId}} + * user-{{email}} (such as "user-liz@example.com") + * group-{{groupId}} + * group-{{email}} (such as "group-example@googlegroups.com") + * domain-{{domain}} (such as "domain-example.com") + * project-team-{{projectId}} + * allUsers + * allAuthenticatedUsers + required: true + - name: 'entityId' + type: String + description: 'The ID for the entity' + # | 'etag' is not applicable for state convergence. + output: true + - name: 'generation' + type: Integer + description: + 'The content generation of the object, if applied to an object.' + output: true + - name: 'object' + type: String + description: 'The name of the object, if applied to an object.' + required: false + - name: 'projectTeam' + type: NestedObject + description: 'The project team associated with the entity' + output: true + properties: + - name: 'projectNumber' + type: String + description: 'The project team associated with the entity' + - name: 'team' + type: Enum + description: 'The team.' + enum_values: + - 'editors' + - 'owners' + - 'viewers' + - name: 'role' + type: Enum + description: 'The access permission for the entity.' + required: true + enum_values: + - 'OWNER' + - 'READER' diff --git a/mmv1/products/storage/go_HmacKey.yaml b/mmv1/products/storage/go_HmacKey.yaml new file mode 100644 index 000000000000..92507bc8b3f0 --- /dev/null +++ b/mmv1/products/storage/go_HmacKey.yaml @@ -0,0 +1,99 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'HmacKey' +kind: 'storage#hmacKey' +description: | + The hmacKeys resource represents an HMAC key within Cloud Storage. The resource + consists of a secret and HMAC key metadata. HMAC keys can be used as credentials + for service accounts. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/storage/docs/authentication/managing-hmackeys' + api: 'https://cloud.google.com/storage/docs/json_api/v1/projects/hmacKeys' +docs: + warning: | + All arguments including the `secret` value will be stored in the raw + state as plain-text. [Read more about sensitive data in state](https://www.terraform.io/language/state/sensitive-data). + On import, the `secret` value will not be retrieved. +id_format: 'projects/{{project}}/hmacKeys/{{access_id}}' +base_url: 'projects/{{project}}/hmacKeys' +self_link: 'projects/{{project}}/hmacKeys/{{access_id}}' +create_url: 'projects/{{project}}/hmacKeys?serviceAccountEmail={{service_account_email}}' +immutable: true +import_format: + - 'projects/{{project}}/hmacKeys/{{access_id}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + type: 'PollAsync' + check_response_func_existence: 'transport_tpg.PollCheckForExistence' + check_response_func_absence: 'transport_tpg.PollCheckForAbsence' + suppress_error: false + target_occurrences: 1 + actions: ['create'] +custom_code: + decoder: 'templates/terraform/decoders/go/treat_deleted_state_as_gone.go.tmpl' + post_create: 'templates/terraform/post_create/go/storage_hmac_key.go.tmpl' + pre_delete: 'templates/terraform/pre_delete/go/storage_hmac_key.go.tmpl' + test_check_destroy: 'templates/terraform/custom_check_destroy/go/storage_hmac_key.go.tmpl' +skip_sweeper: true +examples: + - name: 'storage_hmac_key' + primary_resource_id: 'key' + vars: + account_id: 'my-svc-acc' +parameters: +properties: + - name: 'serviceAccountEmail' + type: String + description: | + The email address of the key's associated service account. + required: true + - name: 'state' + type: Enum + description: | + The state of the key. Can be set to one of ACTIVE, INACTIVE. + update_url: 'projects/{{project}}/hmacKeys/{{access_id}}' + update_id: 'state' + fingerprint_name: 'etag' + default_value: "ACTIVE" + enum_values: + - 'ACTIVE' + - 'INACTIVE' + - name: 'secret' + type: String + description: | + HMAC secret key material. + ignore_read: true + sensitive: true + output: true + - name: 'accessId' + type: String + description: | + The access ID of the HMAC Key. + output: true + - name: 'timeCreated' + type: Time + description: | + 'The creation time of the HMAC key in RFC 3339 format. ' + output: true + - name: 'updated' + type: Time + description: | + 'The last modification time of the HMAC key metadata in RFC 3339 format.' + output: true diff --git a/mmv1/products/storage/go_ManagedFolder.yaml b/mmv1/products/storage/go_ManagedFolder.yaml new file mode 100644 index 000000000000..c53767b11aef --- /dev/null +++ b/mmv1/products/storage/go_ManagedFolder.yaml @@ -0,0 +1,98 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ManagedFolder' +kind: 'storage#managedFolder' +description: | + A Google Cloud Storage Managed Folder. + + You can apply Identity and Access Management (IAM) policies to + managed folders to grant principals access only to the objects + within the managed folder, which lets you more finely control access + for specific data sets and tables within a bucket. You can nest + managed folders up to 15 levels deep, including the parent managed + folder. + + Managed folders can only be created in buckets that have uniform + bucket-level access enabled. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/storage/docs/managed-folders' + api: 'https://cloud.google.com/storage/docs/json_api/v1/managedFolder' +docs: +id_format: '{{bucket}}/{{name}}' +base_url: 'b/{{bucket}}/managedFolders' +self_link: 'b/{{bucket}}/managedFolders/{{%name}}' +has_self_link: true +delete_url: 'b/{{bucket}}/managedFolders/{{%name}}?allowNonEmpty={{force_destroy}}' +import_format: + - '{{bucket}}/managedFolders/{{%name}}' + - '{{bucket}}/{{%name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: + custom_update: 'templates/terraform/custom_update/go/storage_managed_folder.go.tmpl' +skip_sweeper: true +examples: + - name: 'storage_managed_folder_basic' + primary_resource_id: 'folder' + vars: + bucket_name: 'my-bucket' + ignore_read_extra: + - 'force_destroy' +virtual_fields: + - name: 'force_destroy' + description: | + Allows the deletion of a managed folder even if contains + objects. If a non-empty managed folder is deleted, any objects + within the folder will remain in a simulated folder with the + same name. + type: Boolean + default_value: false +parameters: + - name: 'bucket' + type: ResourceRef + description: 'The name of the bucket that contains the managed folder.' + required: true + immutable: true + resource: 'Bucket' + imports: 'name' + - name: 'name' + type: String + description: | + The name of the managed folder expressed as a path. Must include + trailing '/'. For example, `example_dir/example_dir2/`. + required: true + immutable: true + validation: + regex: '/$' +properties: + - name: 'createTime' + type: String + description: | + The timestamp at which this managed folder was created. + output: true + - name: 'updateTime' + type: String + description: | + The timestamp at which this managed folder was most recently updated. + output: true + - name: 'metageneration' + type: String + description: | + The metadata generation of the managed folder. + output: true diff --git a/mmv1/products/storage/go_ObjectAccessControl.yaml b/mmv1/products/storage/go_ObjectAccessControl.yaml new file mode 100644 index 000000000000..65703338e957 --- /dev/null +++ b/mmv1/products/storage/go_ObjectAccessControl.yaml @@ -0,0 +1,118 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'ObjectAccessControl' +kind: 'storage#objectAccessControl' +description: | + The ObjectAccessControls resources represent the Access Control Lists + (ACLs) for objects within Google Cloud Storage. ACLs let you specify + who has access to your data and to what extent. + + There are two roles that can be assigned to an entity: + + READERs can get an object, though the acl property will not be revealed. + OWNERs are READERs, and they can get the acl property, update an object, + and call all objectAccessControls methods on the object. The owner of an + object is always an OWNER. + For more information, see Access Control, with the caveat that this API + uses READER and OWNER instead of READ and FULL_CONTROL. +references: + guides: + 'Official Documentation': 'https://cloud.google.com/storage/docs/access-control/create-manage-lists' + api: 'https://cloud.google.com/storage/docs/json_api/v1/objectAccessControls' +docs: +id_format: '{{bucket}}/{{object}}/{{entity}}' +base_url: 'b/{{bucket}}/o/{{%object}}/acl' +self_link: 'b/{{bucket}}/o/{{%object}}/acl/{{entity}}' +mutex: 'storage/buckets/{{bucket}}/objects/{{object}}' +import_format: + - '{{bucket}}/{{%object}}/{{entity}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: +skip_sweeper: true +examples: + - name: 'storage_object_access_control_public_object' + primary_resource_id: 'public_rule' + vars: + bucket_name: 'static-content-bucket' + object_name: 'public-object' +parameters: +properties: + - name: 'bucket' + type: ResourceRef + description: 'The name of the bucket.' + required: true + resource: 'Bucket' + imports: 'name' + - name: 'domain' + type: String + description: 'The domain associated with the entity.' + output: true + - name: 'email' + type: String + description: 'The email address associated with the entity.' + output: true + - name: 'entity' + type: String + description: | + The entity holding the permission, in one of the following forms: + * user-{{userId}} + * user-{{email}} (such as "user-liz@example.com") + * group-{{groupId}} + * group-{{email}} (such as "group-example@googlegroups.com") + * domain-{{domain}} (such as "domain-example.com") + * project-team-{{projectId}} + * allUsers + * allAuthenticatedUsers + required: true + - name: 'entityId' + type: String + description: 'The ID for the entity' + # | 'etag' is not applicable for state convergence. + output: true + - name: 'generation' + type: Integer + description: + 'The content generation of the object, if applied to an object.' + output: true + - name: 'object' + type: String + description: 'The name of the object to apply the access control to.' + required: true + - name: 'projectTeam' + type: NestedObject + description: 'The project team associated with the entity' + output: true + properties: + - name: 'projectNumber' + type: String + description: 'The project team associated with the entity' + - name: 'team' + type: Enum + description: 'The team.' + enum_values: + - 'editors' + - 'owners' + - 'viewers' + - name: 'role' + type: Enum + description: 'The access permission for the entity.' + required: true + enum_values: + - 'OWNER' + - 'READER' diff --git a/mmv1/products/storage/go_product.yaml b/mmv1/products/storage/go_product.yaml new file mode 100644 index 000000000000..e5e241189cff --- /dev/null +++ b/mmv1/products/storage/go_product.yaml @@ -0,0 +1,22 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'Storage' +display_name: 'Cloud Storage' +versions: + - name: 'ga' + base_url: 'https://storage.googleapis.com/storage/v1/' +scopes: + - 'https://www.googleapis.com/auth/devstorage.full_control' diff --git a/mmv1/templates/terraform/custom_import/go/service_directory_service.go.tmpl b/mmv1/templates/terraform/custom_import/go/service_directory_service.go.tmpl index 54e6d0f587d0..78cb56c58cd0 100644 --- a/mmv1/templates/terraform/custom_import/go/service_directory_service.go.tmpl +++ b/mmv1/templates/terraform/custom_import/go/service_directory_service.go.tmpl @@ -53,4 +53,3 @@ if len(nameParts) == 8 { "{{"{{"}}location{{"}}"}}/{{"{{"}}namespace_id{{"}}"}}/{{"{{"}}service_id{{"}}"}}") } return []*schema.ResourceData{d}, nil - diff --git a/mmv1/templates/terraform/custom_update/go/storage_managed_folder.go.tmpl b/mmv1/templates/terraform/custom_update/go/storage_managed_folder.go.tmpl new file mode 100644 index 000000000000..417b7b924566 --- /dev/null +++ b/mmv1/templates/terraform/custom_update/go/storage_managed_folder.go.tmpl @@ -0,0 +1,11 @@ +_ = config + +// we can only get here if force_destroy was updated +if d.Get("force_destroy") != nil { + if err := d.Set("force_destroy", d.Get("force_destroy")); err != nil { + return fmt.Errorf("Error updating force_destroy: %s", err) + } +} + +// all other fields are immutable, don't do anything else +return nil diff --git a/mmv1/templates/terraform/examples/base_configs/iam_test_file.go.tmpl b/mmv1/templates/terraform/examples/base_configs/iam_test_file.go.tmpl index 9983bb4ccc5d..a2873cc6249b 100644 --- a/mmv1/templates/terraform/examples/base_configs/iam_test_file.go.tmpl +++ b/mmv1/templates/terraform/examples/base_configs/iam_test_file.go.tmpl @@ -113,12 +113,10 @@ func TestAcc{{ $.ResourceName }}IamMemberGenerated(t *testing.T) { func TestAcc{{ $.ResourceName }}IamPolicyGenerated(t *testing.T) { t.Parallel() - -{{- if $.IamPolicy.AdminIamRole }} +{{ if $.IamPolicy.AdminIamRole }} // This may skip test, so do it first sa := envvar.GetTestServiceAccountFromEnv(t) -{{- end }} -{{ template "IamContext" $ }} +{{- end }}{{ template "IamContext" $ }} {{- if $.IamPolicy.AdminIamRole }} context["service_account"] = sa {{- end }} diff --git a/mmv1/templates/terraform/iam/example_config_body/go/service_management_consumer.tf.tmpl b/mmv1/templates/terraform/iam/example_config_body/go/service_management_consumer.tf.tmpl index 7b2623648cb7..8cd2eddbf93a 100644 --- a/mmv1/templates/terraform/iam/example_config_body/go/service_management_consumer.tf.tmpl +++ b/mmv1/templates/terraform/iam/example_config_body/go/service_management_consumer.tf.tmpl @@ -1,2 +1,3 @@ + service_name = google_endpoints_service.endpoints_service.service_name consumer_project = "%{consumer_project}" \ No newline at end of file diff --git a/mmv1/templates/terraform/operation.go.tmpl b/mmv1/templates/terraform/operation.go.tmpl index 966c36f6762a..a7a435a672f9 100644 --- a/mmv1/templates/terraform/operation.go.tmpl +++ b/mmv1/templates/terraform/operation.go.tmpl @@ -68,9 +68,9 @@ func (w *{{ $.ProductMetadata.Name }}OperationWaiter) QueryOp() (interface{}, er }) } -{{- if $.ProductMetadata.OperationRetry }} +{{ if $.ProductMetadata.OperationRetry }} func (w *{{ $.ProductMetadata.Name }}OperationWaiter) IsRetryable(err error) bool { - {{- $.CustomTemplate $.ProductMetadata.OperationRetry false }} + {{ $.CustomTemplate $.ProductMetadata.OperationRetry false }} } {{- end }} diff --git a/mmv1/templates/terraform/pre_delete/go/resource_spanner_database.go.tmpl b/mmv1/templates/terraform/pre_delete/go/resource_spanner_database.go.tmpl new file mode 100644 index 000000000000..b0c2553f74e8 --- /dev/null +++ b/mmv1/templates/terraform/pre_delete/go/resource_spanner_database.go.tmpl @@ -0,0 +1,3 @@ +if d.Get("deletion_protection").(bool) { + return fmt.Errorf("cannot destroy instance without setting deletion_protection=false and running `terraform apply`") +} diff --git a/mmv1/templates/terraform/pre_update/go/spanner_database.go.tmpl b/mmv1/templates/terraform/pre_update/go/spanner_database.go.tmpl index f0ad51601fd6..49e42175c1ac 100644 --- a/mmv1/templates/terraform/pre_update/go/spanner_database.go.tmpl +++ b/mmv1/templates/terraform/pre_update/go/spanner_database.go.tmpl @@ -8,8 +8,7 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and - limitations under the License. -*/ -}} + limitations under the License. */}} if obj["statements"] != nil { if len(obj["statements"].([]string)) == 0 { diff --git a/mmv1/templates/terraform/resource.go.tmpl b/mmv1/templates/terraform/resource.go.tmpl index a58c1f46b85f..f5421ca69008 100644 --- a/mmv1/templates/terraform/resource.go.tmpl +++ b/mmv1/templates/terraform/resource.go.tmpl @@ -164,7 +164,7 @@ func Resource{{ $.ResourceName -}}() *schema.Resource { ForceNew: true, }, {{- end}} -{{if $.HasSelfLink -}} +{{- if $.HasSelfLink }} "self_link": { Type: schema.TypeString, Computed: true, diff --git a/mmv1/templates/terraform/update_encoder/go/spanner_database.go.tmpl b/mmv1/templates/terraform/update_encoder/go/spanner_database.go.tmpl index 85d3d94dc062..291a709b0238 100644 --- a/mmv1/templates/terraform/update_encoder/go/spanner_database.go.tmpl +++ b/mmv1/templates/terraform/update_encoder/go/spanner_database.go.tmpl @@ -8,8 +8,7 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and - limitations under the License. -*/ -}} + limitations under the License. */}} if obj["versionRetentionPeriod"] != nil || obj["extraStatements"] != nil { old, new := d.GetChange("ddl") diff --git a/mmv1/third_party/terraform/services/sql/go/resource_sql_database_instance.go.tmpl b/mmv1/third_party/terraform/services/sql/go/resource_sql_database_instance.go similarity index 99% rename from mmv1/third_party/terraform/services/sql/go/resource_sql_database_instance.go.tmpl rename to mmv1/third_party/terraform/services/sql/go/resource_sql_database_instance.go index e47854237371..96af8245f06a 100644 --- a/mmv1/third_party/terraform/services/sql/go/resource_sql_database_instance.go.tmpl +++ b/mmv1/third_party/terraform/services/sql/go/resource_sql_database_instance.go @@ -575,6 +575,7 @@ is set to true. Defaults to ZONAL.`, "insights_config": { Type: schema.TypeList, Optional: true, + Computed: true, MaxItems: 1, Elem: &schema.Resource{ Schema: map[string]*schema.Schema{ @@ -663,7 +664,7 @@ is set to true. Defaults to ZONAL.`, Optional: true, Computed: true, ValidateFunc: validation.StringInSlice([]string{"NOT_REQUIRED", "REQUIRED"}, false), - Description: `Specifies if connections must use Cloud SQL connectors.`, + Description: `Enables the enforcement of Cloud SQL Auth Proxy or Cloud SQL connectors for all the connections. If enabled, all the direct connections are rejected.`, }, "deletion_protection_enabled": { Type: schema.TypeBool, @@ -1146,7 +1147,7 @@ func resourceSqlDatabaseInstanceCreate(d *schema.ResourceData, meta interface{}) return fmt.Errorf("Error, failed to create instance %s: %s", instance.Name, err) } - id, err := tpgresource.ReplaceVars(d, config, "projects/{{"{{"}}project{{"}}"}}/instances/{{"{{"}}name{{"}}"}}") + id, err := tpgresource.ReplaceVars(d, config, "projects/{{project}}/instances/{{name}}") if err != nil { return fmt.Errorf("Error constructing id: %s", err) } @@ -2049,7 +2050,7 @@ func resourceSqlDatabaseInstanceImport(d *schema.ResourceData, meta interface{}) } // Replace import id for the resource id - id, err := tpgresource.ReplaceVars(d, config, "projects/{{"{{"}}project{{"}}"}}/instances/{{"{{"}}name{{"}}"}}") + id, err := tpgresource.ReplaceVars(d, config, "projects/{{project}}/instances/{{name}}") if err != nil { return nil, fmt.Errorf("Error constructing id: %s", err) } diff --git a/mmv1/third_party/terraform/services/storage/go/resource_storage_bucket.go b/mmv1/third_party/terraform/services/storage/go/resource_storage_bucket.go index 905f4da3d07e..8ad06ff90f82 100644 --- a/mmv1/third_party/terraform/services/storage/go/resource_storage_bucket.go +++ b/mmv1/third_party/terraform/services/storage/go/resource_storage_bucket.go @@ -228,6 +228,7 @@ func ResourceStorageBucket() *schema.Resource { }, "no_age": { Type: schema.TypeBool, + Deprecated: "`no_age` is deprecated and will be removed in a future major release. Use `send_age_if_zero` instead.", Optional: true, Description: `While set true, age value will be omitted.Required to set true when age is unset in the config file.`, }, @@ -261,6 +262,12 @@ func ResourceStorageBucket() *schema.Resource { Elem: &schema.Schema{Type: schema.TypeString}, Description: `One or more matching name suffixes to satisfy this condition.`, }, + "send_age_if_zero": { + Type: schema.TypeBool, + Optional: true, + Default: true, + Description: `While set true, age value will be sent in the request even for zero value of the field. This field is only useful for setting 0 value to the age field. It can be used alone or together with age.`, + }, "send_days_since_noncurrent_time_if_zero": { Type: schema.TypeBool, Optional: true, @@ -1395,13 +1402,21 @@ func flattenBucketLifecycleRuleCondition(index int, d *schema.ResourceData, cond ruleCondition["with_state"] = "ARCHIVED" } } - // setting no_age value from state config since it is terraform only variable and not getting value from backend. + // Setting the lifecycle condition virtual fields from the state file if they + // are already present otherwise setting them to individual default values. if v, ok := d.GetOk(fmt.Sprintf("lifecycle_rule.%d.condition",index)); ok{ state_condition := v.(*schema.Set).List()[0].(map[string]interface{}) ruleCondition["no_age"] = state_condition["no_age"].(bool) ruleCondition["send_days_since_noncurrent_time_if_zero"] = state_condition["send_days_since_noncurrent_time_if_zero"].(bool) ruleCondition["send_days_since_custom_time_if_zero"] = state_condition["send_days_since_custom_time_if_zero"].(bool) ruleCondition["send_num_newer_versions_if_zero"] = state_condition["send_num_newer_versions_if_zero"].(bool) + ruleCondition["send_age_if_zero"] = state_condition["send_age_if_zero"].(bool) + } else { + ruleCondition["no_age"] = false + ruleCondition["send_age_if_zero"] = true + ruleCondition["send_days_since_noncurrent_time_if_zero"] = false + ruleCondition["send_days_since_custom_time_if_zero"] = false + ruleCondition["send_num_newer_versions_if_zero"] = false } return ruleCondition @@ -1551,13 +1566,15 @@ func expandStorageBucketLifecycleRuleCondition(v interface{}) (*storage.BucketLi condition := conditions[0].(map[string]interface{}) transformed := &storage.BucketLifecycleRuleCondition{} - // Setting high precedence of no_age over age when both used together. + // Setting high precedence of no_age over age and send_age_if_zero. // Only sets age value when no_age is not present or no_age is present and has false value if v, ok := condition["no_age"]; !ok || !(v.(bool)) { if v, ok := condition["age"]; ok { age := int64(v.(int)) - transformed.Age = &age - transformed.ForceSendFields = append(transformed.ForceSendFields, "Age") + u, ok := condition["send_age_if_zero"] + if age > 0 || (ok && u.(bool)) { + transformed.Age = &age + } } } @@ -1671,6 +1688,9 @@ func resourceGCSBucketLifecycleRuleConditionHash(v interface{}) int { if v, ok := m["no_age"]; ok && v.(bool){ buf.WriteString(fmt.Sprintf("%t-", v.(bool))) } else { + if v, ok := m["send_age_if_zero"]; ok { + buf.WriteString(fmt.Sprintf("%t-", v.(bool))) + } if v, ok := m["age"]; ok { buf.WriteString(fmt.Sprintf("%d-", v.(int))) } diff --git a/mmv1/third_party/terraform/services/storage/go/resource_storage_bucket_test.go b/mmv1/third_party/terraform/services/storage/go/resource_storage_bucket_test.go index b53439ac6bc6..d6b7177ecdf2 100644 --- a/mmv1/third_party/terraform/services/storage/go/resource_storage_bucket_test.go +++ b/mmv1/third_party/terraform/services/storage/go/resource_storage_bucket_test.go @@ -460,7 +460,7 @@ func TestAccStorageBucket_lifecycleRulesMultiple(t *testing.T) { ResourceName: "google_storage_bucket.bucket", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"force_destroy"}, + ImportStateVerifyIgnore: []string{"force_destroy","lifecycle_rule.0.condition.0.send_age_if_zero","lifecycle_rule.1.condition.0.send_age_if_zero","lifecycle_rule.2.condition.0.send_age_if_zero","lifecycle_rule.3.condition.0.send_age_if_zero","lifecycle_rule.4.condition.0.send_age_if_zero","lifecycle_rule.5.condition.0.send_age_if_zero","lifecycle_rule.6.condition.0.send_age_if_zero","lifecycle_rule.7.condition.0.send_age_if_zero","lifecycle_rule.8.condition.0.send_age_if_zero","lifecycle_rule.9.condition.0.send_age_if_zero"}, }, { Config: testAccStorageBucket_lifecycleRulesMultiple_update(bucketName), @@ -469,7 +469,7 @@ func TestAccStorageBucket_lifecycleRulesMultiple(t *testing.T) { ResourceName: "google_storage_bucket.bucket", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"force_destroy"}, + ImportStateVerifyIgnore: []string{"force_destroy","lifecycle_rule.0.condition.0.send_age_if_zero","lifecycle_rule.1.condition.0.send_age_if_zero","lifecycle_rule.2.condition.0.send_age_if_zero","lifecycle_rule.3.condition.0.send_age_if_zero","lifecycle_rule.4.condition.0.send_age_if_zero","lifecycle_rule.5.condition.0.send_age_if_zero","lifecycle_rule.6.condition.0.send_age_if_zero","lifecycle_rule.7.condition.0.send_age_if_zero","lifecycle_rule.8.condition.0.send_age_if_zero","lifecycle_rule.9.condition.0.send_age_if_zero"}, }, }, }) @@ -498,7 +498,7 @@ func TestAccStorageBucket_lifecycleRuleStateLive(t *testing.T) { ResourceName: "google_storage_bucket.bucket", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"force_destroy"}, + ImportStateVerifyIgnore: []string{"force_destroy","lifecycle_rule.0.condition.0.send_age_if_zero","lifecycle_rule.1.condition.0.send_age_if_zero"}, }, }, }) @@ -527,7 +527,7 @@ func TestAccStorageBucket_lifecycleRuleStateArchived(t *testing.T) { ResourceName: "google_storage_bucket.bucket", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"force_destroy"}, + ImportStateVerifyIgnore: []string{"force_destroy","lifecycle_rule.0.condition.0.send_age_if_zero"}, }, { Config: testAccStorageBucket_lifecycleRule_withStateArchived(bucketName), @@ -541,7 +541,7 @@ func TestAccStorageBucket_lifecycleRuleStateArchived(t *testing.T) { ResourceName: "google_storage_bucket.bucket", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"force_destroy"}, + ImportStateVerifyIgnore: []string{"force_destroy","lifecycle_rule.0.condition.0.send_age_if_zero"}, }, }, }) @@ -570,7 +570,7 @@ func TestAccStorageBucket_lifecycleRuleStateAny(t *testing.T) { ResourceName: "google_storage_bucket.bucket", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"force_destroy"}, + ImportStateVerifyIgnore: []string{"force_destroy","lifecycle_rule.0.condition.0.send_age_if_zero"}, }, { Config: testAccStorageBucket_lifecycleRule_withStateLive(bucketName), @@ -584,7 +584,7 @@ func TestAccStorageBucket_lifecycleRuleStateAny(t *testing.T) { ResourceName: "google_storage_bucket.bucket", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"force_destroy"}, + ImportStateVerifyIgnore: []string{"force_destroy","lifecycle_rule.0.condition.0.send_age_if_zero","lifecycle_rule.1.condition.0.send_age_if_zero"}, }, { Config: testAccStorageBucket_lifecycleRule_withStateAny(bucketName), @@ -598,7 +598,7 @@ func TestAccStorageBucket_lifecycleRuleStateAny(t *testing.T) { ResourceName: "google_storage_bucket.bucket", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"force_destroy"}, + ImportStateVerifyIgnore: []string{"force_destroy","lifecycle_rule.0.condition.0.send_age_if_zero"}, }, { Config: testAccStorageBucket_lifecycleRule_withStateArchived(bucketName), @@ -612,7 +612,7 @@ func TestAccStorageBucket_lifecycleRuleStateAny(t *testing.T) { ResourceName: "google_storage_bucket.bucket", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"force_destroy"}, + ImportStateVerifyIgnore: []string{"force_destroy","lifecycle_rule.0.condition.0.send_age_if_zero"}, }, }, }) @@ -621,6 +621,7 @@ func TestAccStorageBucket_lifecycleRuleStateAny(t *testing.T) { func TestAccStorageBucket_lifecycleRulesVirtualFields(t *testing.T) { t.Parallel() var bucket storage.Bucket + zero_age := int64(0) bucketName := acctest.TestBucketName(t) acctest.VcrTest(t, resource.TestCase{ @@ -646,28 +647,30 @@ func TestAccStorageBucket_lifecycleRulesVirtualFields(t *testing.T) { Check: resource.ComposeTestCheckFunc( testAccCheckStorageBucketExists( t, "google_storage_bucket.bucket", bucketName, &bucket), - testAccCheckStorageBucketLifecycleConditionNoAge(nil, &bucket), + testAccCheckStorageBucketLifecycleConditionNoAge(nil, &bucket, 1), + testAccCheckStorageBucketLifecycleConditionNoAge(&zero_age, &bucket, 2), ), }, { ResourceName: "google_storage_bucket.bucket", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"force_destroy","lifecycle_rule.1.condition.0.no_age","lifecycle_rule.1.condition.0.send_days_since_noncurrent_time_if_zero","lifecycle_rule.2.condition.0.send_days_since_noncurrent_time_if_zero","lifecycle_rule.1.condition.0.send_days_since_custom_time_if_zero","lifecycle_rule.2.condition.0.send_days_since_custom_time_if_zero","lifecycle_rule.1.condition.0.send_num_newer_versions_if_zero","lifecycle_rule.2.condition.0.send_num_newer_versions_if_zero"}, + ImportStateVerifyIgnore: []string{"force_destroy", "lifecycle_rule.1.condition.0.no_age", "lifecycle_rule.1.condition.0.send_days_since_noncurrent_time_if_zero", "lifecycle_rule.2.condition.0.send_days_since_noncurrent_time_if_zero", "lifecycle_rule.1.condition.0.send_days_since_custom_time_if_zero", "lifecycle_rule.2.condition.0.send_days_since_custom_time_if_zero", "lifecycle_rule.1.condition.0.send_num_newer_versions_if_zero", "lifecycle_rule.2.condition.0.send_num_newer_versions_if_zero", "lifecycle_rule.1.condition.0.send_age_if_zero"}, }, { Config: testAccStorageBucket_customAttributes_withLifecycleVirtualFieldsUpdate2(bucketName), Check: resource.ComposeTestCheckFunc( testAccCheckStorageBucketExists( t, "google_storage_bucket.bucket", bucketName, &bucket), - testAccCheckStorageBucketLifecycleConditionNoAge(nil, &bucket), + testAccCheckStorageBucketLifecycleConditionNoAge(nil, &bucket, 1), + testAccCheckStorageBucketLifecycleConditionNoAge(nil, &bucket, 2), ), }, { ResourceName: "google_storage_bucket.bucket", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"force_destroy","lifecycle_rule.1.condition.0.no_age","lifecycle_rule.0.condition.0.send_days_since_noncurrent_time_if_zero","lifecycle_rule.0.condition.0.send_days_since_custom_time_if_zero","lifecycle_rule.0.condition.0.send_num_newer_versions_if_zero"}, + ImportStateVerifyIgnore: []string{"force_destroy", "lifecycle_rule.1.condition.0.no_age", "lifecycle_rule.0.condition.0.send_days_since_noncurrent_time_if_zero", "lifecycle_rule.0.condition.0.send_days_since_custom_time_if_zero", "lifecycle_rule.0.condition.0.send_num_newer_versions_if_zero", "lifecycle_rule.0.condition.0.send_age_if_zero", "lifecycle_rule.1.condition.0.send_age_if_zero", "lifecycle_rule.2.condition.0.send_age_if_zero"}, }, { Config: testAccStorageBucket_customAttributes_withLifecycle1(bucketName), @@ -846,7 +849,7 @@ func TestAccStorageBucket_update(t *testing.T) { ResourceName: "google_storage_bucket.bucket", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"force_destroy"}, + ImportStateVerifyIgnore: []string{"force_destroy","lifecycle_rule.0.condition.0.send_age_if_zero"}, }, { Config: testAccStorageBucket_customAttributes_withLifecycle2(bucketName), @@ -862,7 +865,7 @@ func TestAccStorageBucket_update(t *testing.T) { ResourceName: "google_storage_bucket.bucket", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"force_destroy"}, + ImportStateVerifyIgnore: []string{"force_destroy","lifecycle_rule.0.condition.0.send_age_if_zero","lifecycle_rule.1.condition.0.send_age_if_zero"}, }, { Config: testAccStorageBucket_customAttributes_withLifecycle1Update(bucketName), @@ -878,7 +881,7 @@ func TestAccStorageBucket_update(t *testing.T) { ResourceName: "google_storage_bucket.bucket", ImportState: true, ImportStateVerify: true, - ImportStateVerifyIgnore: []string{"force_destroy"}, + ImportStateVerifyIgnore: []string{"force_destroy","lifecycle_rule.0.condition.0.send_age_if_zero"}, }, { Config: testAccStorageBucket_customAttributes(bucketName), @@ -1680,10 +1683,10 @@ func testAccCheckStorageBucketLifecycleConditionState(expected *bool, b *storage } } -func testAccCheckStorageBucketLifecycleConditionNoAge(expected *int64, b *storage.Bucket) resource.TestCheckFunc { +func testAccCheckStorageBucketLifecycleConditionNoAge(expected *int64, b *storage.Bucket, index int) resource.TestCheckFunc { return func(s *terraform.State) error { - actual := b.Lifecycle.Rule[1].Condition.Age - if expected == nil && b.Lifecycle.Rule[1].Condition.Age == nil { + actual := b.Lifecycle.Rule[index].Condition.Age + if expected == nil && b.Lifecycle.Rule[index].Condition.Age == nil { return nil } if expected == nil { @@ -1977,6 +1980,7 @@ resource "google_storage_bucket" "bucket" { condition { age = 10 no_age = true + send_age_if_zero = false custom_time_before = "2022-09-01" days_since_noncurrent_time = 0 send_days_since_noncurrent_time_if_zero = false @@ -1991,6 +1995,7 @@ resource "google_storage_bucket" "bucket" { type = "Delete" } condition { + send_age_if_zero= false custom_time_before = "2022-09-01" send_days_since_noncurrent_time_if_zero = false send_days_since_custom_time_if_zero = false