Add Cloud SCC Source resource

products/kms/terraform.yaml

@@ -42,7 +42,7 @@ overrides: !ruby/object:Overrides::ResourceOverrides
       location: !ruby/object:Overrides::Terraform::PropertyOverride
         ignore_read: true
     custom_code: !ruby/object:Provider::Terraform::CustomCode
-      custom_delete: templates/terraform/custom_delete/kms_key_ring.erb
+      custom_delete: templates/terraform/custom_delete/skip_delete.go.erb
       decoder: templates/terraform/decoders/long_name_to_self_link.go.erb
       encoder: templates/terraform/encoders/send_nil_body.go.erb
       extra_schema_entry: templates/terraform/extra_schema_entry/kms_self_link.erb

products/securitycenter/api.yaml

@@ -0,0 +1,68 @@
+# Copyright 2019 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+--- !ruby/object:Api::Product
+name: SecurityCenter
+display_name: Cloud Security Command Center
+versions:
+  - !ruby/object:Api::Product::Version
+    name: ga
+    base_url: https://securitycenter.googleapis.com/v1/
+scopes:
+  - https://www.googleapis.com/auth/cloud-platform
+objects:
+  - !ruby/object:Api::Resource
+    name: 'Source'
+    base_url: organizations/{{organization}}/sources
+    self_link: '{{name}}'
+    update_verb: :PATCH
+    update_mask: true
+    description: |
+      A Cloud Security Command Center's (Cloud SCC) finding source. A finding
+      source is an entity or a mechanism that can produce a finding. A source is
+      like a container of findings that come from the same scanner, logger,
+      monitor, etc.
+    references: !ruby/object:Api::Resource::ReferenceLinks
+      guides:
+        'Official Documentation':
+          'https://cloud.google.com/binary-authorization/'
+      api: 'https://cloud.google.com/security-command-center/docs/reference/rest/v1beta1/organizations.sources'
+    parameters:
+      - !ruby/object:Api::Type::String
+        name: organization
+        required: true
+        input: true
+        url_param_only: true
+        description: |
+          The organization whose Cloud Security Command Center the Source
+          lives in.
+    properties:
+      - !ruby/object:Api::Type::String
+        name: name
+        output: true
+        description: |
+          The resource name of this source, in the format
+          `organizations/{{organization}}/sources/{{source}}`.
+      - !ruby/object:Api::Type::String
+        name: description
+        description: |
+          The description of the source (max of 1024 characters).
+      - !ruby/object:Api::Type::String
+        name: displayName
+        required: true
+        description: |
+          The source’s display name. A source’s display name must be unique
+          amongst its siblings, for example, two sources with the same parent
+          can't share the same display name. The display name must start and end
+          with a letter or digit, may contain letters, digits, spaces, hyphens,
+          and underscores, and can be no longer than 32 characters.

products/securitycenter/terraform.yaml

@@ -0,0 +1,44 @@
+# Copyright 2019 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+--- !ruby/object:Provider::Terraform::Config
+legacy_name: scc
+overrides: !ruby/object:Overrides::ResourceOverrides
+  Source: !ruby/object:Overrides::Terraform::ResourceOverride
+    examples:
+     - !ruby/object:Provider::Terraform::Examples
+      name: "scc_source_basic"
+      # resource can't be destroyed, so checkdestroy fails unnecessarily
+      skip_test: true
+      primary_resource_id: "custom_source"
+      vars:
+        source_display_name: "My Source"
+      test_env_vars:
+        org_id: :ORG_ID
+    properties:
+      description: !ruby/object:Overrides::Terraform::PropertyOverride
+        validation: !ruby/object:Provider::Terraform::Validation
+          function: 'validation.StringLenBetween(0, 1024)'
+      displayName: !ruby/object:Overrides::Terraform::PropertyOverride
+        validation: !ruby/object:Provider::Terraform::Validation
+          regex: '[\p{L}\p{N}]({\p{L}\p{N}_- ]{0,30}[\p{L}\p{N}])?'
+    custom_code: !ruby/object:Provider::Terraform::CustomCode
+      custom_delete: templates/terraform/custom_delete/skip_delete.go.erb
+      custom_import: templates/terraform/custom_import/scc_source_self_link_as_name_set_organization.go.erb
+      post_create: templates/terraform/post_create/set_computed_name.erb
+# This is for copying files over
+files: !ruby/object:Provider::Config::Files
+  # These files have templating (ERB) code that will be run.
+  # This is usually to add licensing info, autogeneration notices, etc.
+  compile:
+<%= lines(indent(compile('provider/terraform/product~compile.yaml'), 4)) -%>

templates/terraform/custom_delete/skip_delete.go.erb

@@ -0,0 +1,6 @@
+log.Printf("[WARNING] <%= object.__product.name + " " + object.name %> resources" +
+" cannot be deleted from GCP. The resource %s will be removed from Terraform" +
+" state, but will still be present on the server.", d.Id())
+d.SetId("")
+
+return nil

templates/terraform/custom_import/scc_source_self_link_as_name_set_organization.go.erb

@@ -0,0 +1,18 @@
+config := meta.(*Config)
+
+// current import_formats can't import fields with forward slashes in their value
+if err := parseImportId([]string{"(?P<name>.+)"}, d, config); err != nil {
+	return nil, err
+}
+
+stringParts := strings.Split(d.Get("name").(string), "/")
+if len(stringParts) != 4 {
+	return nil, fmt.Errorf(
+			"Saw %s when the name is expected to have shape %s",
+			d.Get("name"),
+			"organizations/{{organization}}/sources/{{source}}",
+		)
+}
+
+d.Set("organization", fmt.Sprintf("%s", stringParts[1]))
+return []*schema.ResourceData{d}, nil

templates/terraform/examples/scc_source_basic.tf.erb

@@ -0,0 +1,5 @@
+resource "google_scc_source" "<%= ctx[:primary_resource_id] %>" {
+  display_name = "<%= ctx[:vars]['source_display_name'] %>"
+  organization = "<%= ctx[:test_env_vars]['org_id'] %>"
+  description = "My custom Cloud Security Command Center Finding Source"
+}

third_party/terraform/tests/resource_security_center_source_test.go

@@ -0,0 +1,49 @@
+package google
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/acctest"
+	"github.com/hashicorp/terraform/helper/resource"
+)
+
+func TestAccSecurityCenterSource_basic(t *testing.T) {
+	t.Parallel()
+
+	orgId := getTestOrgFromEnv(t)
+	suffix := acctest.RandString(10)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccSecurityCenterSource_sccSourceBasicExample(orgId, suffix, "My description"),
+			},
+			{
+				ResourceName:      "google_scc_source.custom_source",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccSecurityCenterSource_sccSourceBasicExample(orgId, suffix, ""),
+			},
+			{
+				ResourceName:      "google_scc_source.custom_source",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func testAccSecurityCenterSource_sccSourceBasicExample(orgId, suffix, description string) string {
+	return fmt.Sprintf(`
+resource "google_scc_source" "custom_source" {
+  display_name = "TFSrc %s"
+  organization = "%s"
+  description  = "%s"
+}
+`, suffix, orgId, description)
+}

third_party/terraform/website-compiled/google.erb

@@ -966,6 +966,15 @@
     </ul>
     </li>
 
+    <li<%%= sidebar_current("docs-google-security-center") %>>
+    <a href="#">Google Cloud Security Command Center (SCC) Resources</a>
+    <ul class="nav nav-visible">
+      <li<%%= sidebar_current("docs-google-security-center-source") %>>
+          <a href="/docs/providers/google/r/security_center_source.html">google_scc_source</a>
+      </li>
+    </ul>
+    </li>
+
     <li<%%= sidebar_current("docs-google-service-networking") %>>
     <a href="#">Google Service Networking Resources</a>
     <ul class="nav nav-visible">

third_party/terraform/website/docs/provider_reference.html.markdown

@@ -263,6 +263,7 @@ be used for configuration are below:
 * `resource_manager_custom_endpoint` (`GOOGLE_RESOURCE_MANAGER_CUSTOM_ENDPOINT`) - `https://cloudresourcemanager.googleapis.com/v1/`
 * `resource_manager_v2beta1_custom_endpoint` (`GOOGLE_RESOURCE_MANAGER_V2BETA1_CUSTOM_ENDPOINT`) - `https://cloudresourcemanager.googleapis.com/v2beta1/`
 * `runtimeconfig_custom_endpoint` (`GOOGLE_RUNTIMECONFIG_CUSTOM_ENDPOINT`) - `https://runtimeconfig.googleapis.com/v1beta1/`
+* `security_center_custom_endpoints` (`GOOGLE_SECURITY_CENTER_CUSTOM_ENDPOINT`) - `https://securitycenter.googleapis.com/v1/`
 * `service_management_custom_endpoint` (`GOOGLE_SERVICE_MANAGEMENT_CUSTOM_ENDPOINT`) - `https://servicemanagement.googleapis.com/v1/`
 * `service_networking_custom_endpoint` (`GOOGLE_SERVICE_NETWORKING_CUSTOM_ENDPOINT`) - `https://servicenetworking.googleapis.com/v1/`
 * `service_usage_custom_endpoint` (`GOOGLE_SERVICE_USAGE_CUSTOM_ENDPOINT`) - `https://serviceusage.googleapis.com/v1/`