Update data_loss_prevention_discovery_config to include field support for OtherCloudDiscoveryTarget

[patrickmoy]

Note that OtherCloudDiscoveryTarget currently only supports AWS S3 buckets in this update.

Release Note Template for Downstream PRs (will be copied)

See Write release notes for guidance.

dlp: added `other_cloud_target` and `other_cloud_starting_location` to `google_data_loss_prevention_discovery_config`

[github-actions]

Hello! I am a robot. Tests will require approval from a repository maintainer to run.

@SirGitsalot, a repository maintainer, has been assigned to review your changes. If you have not received review feedback within 2 business days, please leave a comment on this PR asking them to take a look.

You can help make sure that review is quick by doing a self-review and by running impacted tests locally.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 3 files changed, 2202 insertions(+), 608 deletions(-))
google-beta provider: Diff ( 3 files changed, 2202 insertions(+), 608 deletions(-))
terraform-google-conversion: Diff ( 1 file changed, 512 insertions(+))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_data_loss_prevention_discovery_config (26 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_data_loss_prevention_discovery_config" "primary" {
  other_cloud_starting_location {
    aws_location {
      all_asset_inventory_assets = # value needed
    }
  }
  targets {
    other_cloud_target {
      conditions {
        amazon_s3_bucket_conditions {
          bucket_types           = # value needed
          object_storage_classes = # value needed
        }
      }
      filter {
        single_resource {
          amazon_s3_bucket {
            aws_account {
              account_id = # value needed
            }
            bucket_name = # value needed
          }
        }
      }
    }
  }
}

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 3 files changed, 2202 insertions(+), 608 deletions(-))
google-beta provider: Diff ( 3 files changed, 2202 insertions(+), 608 deletions(-))
terraform-google-conversion: Diff ( 1 file changed, 512 insertions(+))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_data_loss_prevention_discovery_config (26 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_data_loss_prevention_discovery_config" "primary" {
  other_cloud_starting_location {
    aws_location {
      all_asset_inventory_assets = # value needed
    }
  }
  targets {
    other_cloud_target {
      conditions {
        amazon_s3_bucket_conditions {
          bucket_types           = # value needed
          object_storage_classes = # value needed
        }
      }
      filter {
        single_resource {
          amazon_s3_bucket {
            aws_account {
              account_id = # value needed
            }
            bucket_name = # value needed
          }
        }
      }
    }
  }
}

[modular-magician]

Tests analytics

Total tests: 63
Passed tests: 62
Skipped tests: 0
Affected tests: 1

Click here to see the affected service packages

• datalossprevention

Action taken

Found 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

• TestAccDataLossPreventionDiscoveryConfig_Update

Get to know how VCR tests work

[modular-magician]

Tests analytics

Total tests: 63
Passed tests: 62
Skipped tests: 0
Affected tests: 1

Click here to see the affected service packages

• datalossprevention

Action taken

Found 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

• TestAccDataLossPreventionDiscoveryConfig_Update

Get to know how VCR tests work

[modular-magician]

🔴 Tests failed during RECORDING mode:
TestAccDataLossPreventionDiscoveryConfig_Update [Error message] [Debug log]

🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR.

View the build log or the debug log for each test

[modular-magician]

🔴 Tests failed during RECORDING mode:
TestAccDataLossPreventionDiscoveryConfig_Update [Error message] [Debug log]

🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR.

View the build log or the debug log for each test

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 3 files changed, 2202 insertions(+), 608 deletions(-))
google-beta provider: Diff ( 3 files changed, 2202 insertions(+), 608 deletions(-))
terraform-google-conversion: Diff ( 1 file changed, 512 insertions(+))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_data_loss_prevention_discovery_config (26 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_data_loss_prevention_discovery_config" "primary" {
  other_cloud_starting_location {
    aws_location {
      all_asset_inventory_assets = # value needed
    }
  }
  targets {
    other_cloud_target {
      conditions {
        amazon_s3_bucket_conditions {
          bucket_types           = # value needed
          object_storage_classes = # value needed
        }
      }
      filter {
        single_resource {
          amazon_s3_bucket {
            aws_account {
              account_id = # value needed
            }
            bucket_name = # value needed
          }
        }
      }
    }
  }
}

[modular-magician]

Tests analytics

Total tests: 63
Passed tests: 62
Skipped tests: 0
Affected tests: 1

Click here to see the affected service packages

• datalossprevention

Action taken

Found 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

• TestAccDataLossPreventionDiscoveryConfig_Update

Get to know how VCR tests work

[modular-magician]

🔴 Tests failed during RECORDING mode:
TestAccDataLossPreventionDiscoveryConfig_Update [Error message] [Debug log]

🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR.

View the build log or the debug log for each test

[patrickmoy]

/gcbrun

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 3 files changed, 2202 insertions(+), 608 deletions(-))
google-beta provider: Diff ( 3 files changed, 2202 insertions(+), 608 deletions(-))
terraform-google-conversion: Diff ( 1 file changed, 512 insertions(+))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_data_loss_prevention_discovery_config (26 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_data_loss_prevention_discovery_config" "primary" {
  other_cloud_starting_location {
    aws_location {
      all_asset_inventory_assets = # value needed
    }
  }
  targets {
    other_cloud_target {
      conditions {
        amazon_s3_bucket_conditions {
          bucket_types           = # value needed
          object_storage_classes = # value needed
        }
      }
      filter {
        single_resource {
          amazon_s3_bucket {
            aws_account {
              account_id = # value needed
            }
            bucket_name = # value needed
          }
        }
      }
    }
  }
}

[modular-magician]

Tests analytics

Total tests: 63
Passed tests: 62
Skipped tests: 0
Affected tests: 1

Click here to see the affected service packages

• datalossprevention

Action taken

Found 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

• TestAccDataLossPreventionDiscoveryConfig_Update

Get to know how VCR tests work

[modular-magician]

🔴 Tests failed during RECORDING mode:
TestAccDataLossPreventionDiscoveryConfig_Update [Error message] [Debug log]

🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR.

View the build log or the debug log for each test

[patrickmoy]

/gcbrun

[patrickmoy]

/gcbrun

[patrickmoy]

/gcbrun

[patrickmoy]

/gcbrun

[SirGitsalot]

One nit and a suggestion for a config addition, but otherwise LGTM!

[SirGitsalot]

According to the docs it's possible to specify accountId or allAssetInventoryAssets, but not both. I'm not sure if leaving both unset is valid, but in either case you can improve the user experience by adding either:

• conflicts to both fields, if they're allowed to be unset
• exactly_one_of if one of them is required to be set

[SirGitsalot]

nit: there's some weird indentation in the test configs (GitHub doesn't show it, but I'll bet it's due to a combination of tabs and spaces)

[SirGitsalot]

If adding roles/dlp.admin will do the trick, that change will need to be made in the CI Terraform config

[SirGitsalot]

These IAM grants are the reason that the tests are failing on our CI system - the service account running the test doesn't have permission to make org-level IAM changes. What are the minimum IAM roles needed to create the config?

My reading of the docs makes me think that granting the SA running the test roles/dlp.admin at the org level will be enough to run the test:

If you don't have the Organization Administrator (roles/resourcemanager.organizationAdmin) or Security Admin (roles/iam.securityAdmin) role, you can still create a scan configuration. After you create the scan configuration, someone in your organization who has one of these roles must grant discovery access to the service agent.

[patrickmoy]

Updated CI terraform config; will see if tests pass

[github-actions]

@patrickmoy, this PR is waiting for action from you. If no action is taken, this PR will be closed in 28 days.

Please address any comments or change requests, or re-request review from a core reviewer if no action is required.

This notification can be disabled with the disable-automatic-closure label.

[github-actions]

@patrickmoy, this PR is waiting for action from you. If no action is taken, this PR will be closed in 14 days.

Please address any comments or change requests, or re-request review from a core reviewer if no action is required.

This notification can be disabled with the disable-automatic-closure label.

[github-actions]

@patrickmoy, this PR is waiting for action from you. If no action is taken, this PR will be closed in 2 weekdays.

Please address any comments or change requests, or re-request review from a core reviewer if no action is required.

This notification can be disabled with the disable-automatic-closure label.

[patrickmoy]

/gcbrun

[zli82016]

/gcbrun

[zli82016]

/gcbrun

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 3 files changed, 2186 insertions(+), 607 deletions(-))
google-beta provider: Diff ( 3 files changed, 2186 insertions(+), 607 deletions(-))
terraform-google-conversion: Diff ( 1 file changed, 501 insertions(+))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_data_loss_prevention_discovery_config (26 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_data_loss_prevention_discovery_config" "primary" {
  other_cloud_starting_location {
    aws_location {
      all_asset_inventory_assets = # value needed
    }
  }
  targets {
    other_cloud_target {
      conditions {
        amazon_s3_bucket_conditions {
          bucket_types           = # value needed
          object_storage_classes = # value needed
        }
      }
      filter {
        single_resource {
          amazon_s3_bucket {
            aws_account {
              account_id = # value needed
            }
            bucket_name = # value needed
          }
        }
      }
    }
  }
}

[modular-magician]

Tests analytics

Total tests: 63
Passed tests: 62
Skipped tests: 0
Affected tests: 1

Click here to see the affected service packages

• datalossprevention

Action taken

Found 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

• TestAccDataLossPreventionDiscoveryConfig_Update

Get to know how VCR tests work

[modular-magician]

🔴 Tests failed during RECORDING mode:
TestAccDataLossPreventionDiscoveryConfig_Update [Error message] [Debug log]

🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR.

View the build log or the debug log for each test

[github-actions]

@SirGitsalot This PR has been waiting for review for 3 weekdays. Please take a look! Use the label disable-review-reminders to disable these notifications.

[patrickmoy]

/gcbrun

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 3 files changed, 2186 insertions(+), 607 deletions(-))
google-beta provider: Diff ( 3 files changed, 2186 insertions(+), 607 deletions(-))
terraform-google-conversion: Diff ( 1 file changed, 501 insertions(+))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_data_loss_prevention_discovery_config (26 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_data_loss_prevention_discovery_config" "primary" {
  other_cloud_starting_location {
    aws_location {
      all_asset_inventory_assets = # value needed
    }
  }
  targets {
    other_cloud_target {
      conditions {
        amazon_s3_bucket_conditions {
          bucket_types           = # value needed
          object_storage_classes = # value needed
        }
      }
      filter {
        single_resource {
          amazon_s3_bucket {
            aws_account {
              account_id = # value needed
            }
            bucket_name = # value needed
          }
        }
      }
    }
  }
}

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 3 files changed, 2186 insertions(+), 607 deletions(-))
google-beta provider: Diff ( 3 files changed, 2186 insertions(+), 607 deletions(-))
terraform-google-conversion: Diff ( 1 file changed, 501 insertions(+))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_data_loss_prevention_discovery_config (26 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_data_loss_prevention_discovery_config" "primary" {
  other_cloud_starting_location {
    aws_location {
      all_asset_inventory_assets = # value needed
    }
  }
  targets {
    other_cloud_target {
      conditions {
        amazon_s3_bucket_conditions {
          bucket_types           = # value needed
          object_storage_classes = # value needed
        }
      }
      filter {
        single_resource {
          amazon_s3_bucket {
            aws_account {
              account_id = # value needed
            }
            bucket_name = # value needed
          }
        }
      }
    }
  }
}

[modular-magician]

Tests analytics

Total tests: 63
Passed tests: 62
Skipped tests: 0
Affected tests: 1

Click here to see the affected service packages

• datalossprevention

Action taken

Found 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

• TestAccDataLossPreventionDiscoveryConfig_Update

Get to know how VCR tests work

[modular-magician]

Tests analytics

Total tests: 63
Passed tests: 62
Skipped tests: 0
Affected tests: 1

Click here to see the affected service packages

• datalossprevention

Action taken

Found 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

• TestAccDataLossPreventionDiscoveryConfig_Update

Get to know how VCR tests work

[modular-magician]

🔴 Tests failed during RECORDING mode:
TestAccDataLossPreventionDiscoveryConfig_Update [Error message] [Debug log]

🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR.

View the build log or the debug log for each test

[modular-magician]

🔴 Tests failed during RECORDING mode:
TestAccDataLossPreventionDiscoveryConfig_Update [Error message] [Debug log]

🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR.

View the build log or the debug log for each test

[patrickmoy]

/gcbrun

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 3 files changed, 2186 insertions(+), 607 deletions(-))
google-beta provider: Diff ( 3 files changed, 2186 insertions(+), 607 deletions(-))
terraform-google-conversion: Diff ( 1 file changed, 501 insertions(+))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_data_loss_prevention_discovery_config (26 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_data_loss_prevention_discovery_config" "primary" {
  other_cloud_starting_location {
    aws_location {
      all_asset_inventory_assets = # value needed
    }
  }
  targets {
    other_cloud_target {
      conditions {
        amazon_s3_bucket_conditions {
          bucket_types           = # value needed
          object_storage_classes = # value needed
        }
      }
      filter {
        single_resource {
          amazon_s3_bucket {
            aws_account {
              account_id = # value needed
            }
            bucket_name = # value needed
          }
        }
      }
    }
  }
}

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 3 files changed, 2186 insertions(+), 607 deletions(-))
google-beta provider: Diff ( 3 files changed, 2186 insertions(+), 607 deletions(-))
terraform-google-conversion: Diff ( 1 file changed, 501 insertions(+))

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_data_loss_prevention_discovery_config (26 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_data_loss_prevention_discovery_config" "primary" {
  other_cloud_starting_location {
    aws_location {
      all_asset_inventory_assets = # value needed
    }
  }
  targets {
    other_cloud_target {
      conditions {
        amazon_s3_bucket_conditions {
          bucket_types           = # value needed
          object_storage_classes = # value needed
        }
      }
      filter {
        single_resource {
          amazon_s3_bucket {
            aws_account {
              account_id = # value needed
            }
            bucket_name = # value needed
          }
        }
      }
    }
  }
}

[modular-magician]

Tests analytics

Total tests: 63
Passed tests: 62
Skipped tests: 0
Affected tests: 1

Click here to see the affected service packages

• datalossprevention

Action taken

Found 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

• TestAccDataLossPreventionDiscoveryConfig_Update

Get to know how VCR tests work

[modular-magician]

Tests analytics

Total tests: 63
Passed tests: 62
Skipped tests: 0
Affected tests: 1

Click here to see the affected service packages

• datalossprevention

Action taken

Found 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

• TestAccDataLossPreventionDiscoveryConfig_Update

Get to know how VCR tests work

[modular-magician]

🔴 Tests failed during RECORDING mode:
TestAccDataLossPreventionDiscoveryConfig_Update [Error message] [Debug log]

🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR.

View the build log or the debug log for each test

[modular-magician]

🔴 Tests failed during RECORDING mode:
TestAccDataLossPreventionDiscoveryConfig_Update [Error message] [Debug log]

🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR.

View the build log or the debug log for each test

[github-actions]

@GoogleCloudPlatform/terraform-team @SirGitsalot This PR has been waiting for review for 1 week. Please take a look! Use the label disable-review-reminders to disable these notifications.