Add Network Intelligence Center support for Firewall rule insights

[steencaleb]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

Currently there is no support for Firewall Insights within Network Intelligence Center - specifically a way to enable or disable "Shadowed" and "Overly permissive" rule insights through Terraform. It would be nice to keep these settings configurable through terraform instead of through the GUI.

New or Affected Resource(s)

google_recommender_insight_type_config

Potential Terraform Configuration

resource "google_compute_firewall" "default"{
          name = "test-firewall"
          network = var.network

          allow {
               protocol = "icmp"
          }

          firewall_insights {
              shadowed = true
              shadowed_observation_period = 7d
              overly_permissive = false
          }
}

References

[melinath]

It looks like this uses the recommender API rather than being related to google_compute_firewall based on https://cloud.google.com/network-intelligence-center/docs/firewall-insights/how-to/configure-observation-period#api Specifically this configuration is controleld by thehttps://cloud.google.com/recommender/docs/reference/rest/v1/projects.locations.insightTypes/getConfig singleton resource.