Request to Add 'dest_fqdns', 'dest_region_codes', 'dest_threat_intelligences', 'src_fqdns', 'src_region_codes', and 'src_threat_intelligences' to Organizational Security Rules

[johnson-jorn]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

Ref https://github.com/hashicorp/terraform-provider-google/pull/14378

compute: added 'dest_fqdns', 'dest_region_codes', 'dest_threat_intelligences', 'src_fqdns', 'src_region_codes', and 'src_threat_intelligences' to 'google_compute_firewall_policy_rule' resource.

Please add the same feature enhancements that were added as above to the google_compute_organization_security_policy_rule .

New or Affected Resource(s)

google_compute_organization_security_policy_rule

Potential Terraform Configuration

resource "google_compute_organization_security_policy_rule" "default" {
  firewall_policy = google_compute_firewall_policy.default.id
  description = "Example Resource"
  priority = 9000
  enable_logging = true
  action = "allow"
  direction = "EGRESS"
  disabled = false
  match {
    config {
      layer4_configs {
        ip_protocol = "tcp"
        ports = [80, 8080]
      }
      dest_ip_ranges = ["11.100.0.1/32"]
      dest_fqdns = ["google.com"]
      dest_region_codes = ["US"]
      dest_threat_intelligences = ["iplist-public-clouds"]
      dest_address_groups = [google_network_security_address_group.basic_global_networksecurity_address_group.id]
    }
  }
}

References

* #14378

• b/305204485

[villers]

Hello,

I would like to request the implementation of the ability to manage threat_intelligences for google_compute_organization_security_policy_rule resources.

Currently, it is possible to manage threat_intelligences for google_compute_firewall_policy_rule resources, as demonstrated by the following pull request: https://github.com/hashicorp/terraform-provider-google/pull/14378/files#diff-b9799c1c8ccf718a4d992bfbecf90585e4a71caa40b0c6b08f506379a40f30f7

It would be beneficial to have the same functionality for google_compute_organization_security_policy_rule resources to enhance security controls for organization.

Additional context:

A similar feature request has been made in the Terraform provider: https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall_policy_rule#dest_threat_intelligences Thank you for considering this feature request.

[frosteze]

up