Add support for Cloud Armor Edge policies

jasondamour commented 2 years ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

GCP Cloud Armor security policies (compute_security_policy) have a type field, which must be set to CLOUD_ARMOR_EDGE to support edge rules for Backend Buckets.

https://cloud.google.com/compute/docs/reference/rest/beta/securityPolicies (search for CLOUD_ARMOR_EDGE)

New or Affected Resource(s)

google_compute_security_policy - add support for type field
- Optionally lint rules for supported syntaxes, "edge" policies support limited subset of rules
google_compute_backend_bucket - add support for attached security_policy, same as backend_service

Potential Terraform Configuration

# Note "type"
resource "google_compute_security_policy" "policy" {
  name = "my-policy"
  type = "CLOUD_ARMOR_EDGE"

  rule {
    action   = "allow"
    priority = "2147483647"
    match {
      versioned_expr = "SRC_IPS_V1"
      config {
        src_ip_ranges = ["*"]
      }
    }
    description = "default rule"
  }
}

# Note "security_policy"
resource "google_compute_backend_bucket" "image_backend" {
  name        = "image-backend-bucket"
  description = "Contains beautiful images"
  bucket_name = google_storage_bucket.image_bucket.name
  enable_cdn  = true

  security_policy = google_compute_security_policy.policy.self_link
}

References

https://cloud.google.com/armor/docs/security-policy-overview#edge-policies
Internal issue: http://b/213342155

dgteixeira commented 2 years ago

Great request! We are currently implementing this on a project and it would be amazing to be able to create it through terraform!

Ubaldo-Brea commented 2 years ago

This request will be an effective solution to our project because today, we only configure it by GCP UI!

moektel commented 2 years ago

Hello,

Was wondering if I can do anything to support getting this complete and released.

This type of resource has been a big ask from my team and I would be happy to contribute to see it though

Ubaldo-Brea commented 2 years ago

Hi Team, We really need this to help us on Lift and Shift migration projects that are using Cloud Armor with storage backends. Thank you!

github-actions[bot] commented 2 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

hashicorp / terraform-provider-google