Add Network Intelligence Center support for Firewall rule insights

[steencaleb]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

Currently there is no support for Firewall Insights within Network Intelligence Center - specifically a way to enable or disable "Shadowed" and "Overly permissive" rule insights through Terraform. It would be nice to keep these settings configurable through terraform instead of through the GUI.

New or Affected Resource(s)

google_recommender_insight_type_config

Potential Terraform Configuration

resource "google_compute_firewall" "default"{
          name = "test-firewall"
          network = var.network

          allow {
               protocol = "icmp"
          }

          firewall_insights {
              shadowed = true
              shadowed_observation_period = 7d
              overly_permissive = false
          }
}

References

[melinath]

It looks like this uses the recommender API rather than being related to google_compute_firewall based on https://cloud.google.com/network-intelligence-center/docs/firewall-insights/how-to/configure-observation-period#api Specifically this configuration is controlled by the https://cloud.google.com/recommender/docs/reference/rest/v1/projects.locations.insightTypes/getConfig singleton resource.

[danicat]

I’ve seen no much progress has been made on this ticket since its creation. This recently became an important thing for us because we would like to enable this feature through terraform and/or crossplane. Who can we speak to for a potential collaboration on implementing this? Me and my team can do the open source development, but since it is a new resource I am assuming we need a strong alignment with the Active Assist PM (who owns the recommender API). Please advise.