fixed firewall endpoint association example (GoogleCloudPlatform#11373)

romanini-ciandt · Aug 20, 2024 · 0461920 · 0461920
1 parent fc33184
commit 0461920
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 6 deletions.
diff --git a/mmv1/products/networksecurity/FirewallEndpointAssociation.yaml b/mmv1/products/networksecurity/FirewallEndpointAssociation.yaml
@@ -23,6 +23,13 @@ description: |
   the same zone. After you define this association, Cloud Firewall forwards the
   zonal workload traffic in your VPC network that requires layer 7 inspection to
   the attached firewall endpoint.
+docs: !ruby/object:Provider::Terraform::Docs
+  warning: |
+    If you are using User ADCs (Application Default Credentials) with this resource,
+    you must specify a `billing_project_id` and set `user_project_override` to true
+    in the provider configuration. Otherwise the ACM API will return a 403 error.
+    Your account must have the `serviceusage.services.use` permission on the
+    `billing_project_id` you defined.
 references:
   !ruby/object:Api::Resource::ReferenceLinks
   api: 'https://cloud.google.com/firewall/docs/reference/network-security/rest/v1/projects.locations.firewallEndpointAssociations#FirewallEndpointAssociation'

diff --git a/.../templates/terraform/examples/network_security_firewall_endpoint_association_basic.tf.erb b/.../templates/terraform/examples/network_security_firewall_endpoint_association_basic.tf.erb
@@ -1,17 +1,26 @@
+resource "google_compute_network" "foobar" {
+  name                    = "tf-test-my-vpc%{randomSuffix}"
+  auto_create_subnetworks = false
+}
+
 resource "google_network_security_firewall_endpoint" "<%= ctx[:primary_resource_id] %>" {
-  name        = "<%= ctx[:vars]['resource_name_prefix'] %>"
-  parent      = "organizations/<%= ctx[:test_env_vars]['org_id'] %>"
-  location    = "us-central1-a"
+  name               = "<%= ctx[:vars]['resource_name_prefix'] %>"
+  parent             = "organizations/<%= ctx[:test_env_vars]['org_id'] %>"
+  location           = "us-central1-a"
+  billing_project_id = "<%= ctx[:test_env_vars]['project'] %>"
 
   labels = {
     foo = "bar"
   }
 }
 
 resource "google_network_security_firewall_endpoint_association" "<%= ctx[:primary_resource_id] %>_association" {
-  name        = "<%= ctx[:vars]['resource_name_prefix'] %>-association"
-  parent      = "projects/<%= ctx[:test_env_vars]['project'] %>"
-  location    = "us-central1-a"
+  name              = "<%= ctx[:vars]['resource_name_prefix'] %>-association"
+  parent            = "projects/<%= ctx[:test_env_vars]['project'] %>"
+  location          = "us-central1-a"
+  network           = google_compute_network.foobar.id
+  firewall_endpoint = google_network_security_firewall_endpoint.<%= ctx[:primary_resource_id] %>.id
+  disabled          = false
 
   labels = {
     foo = "bar"