diff --git a/src/main/java/gyro/google/compute/BackendBucketResource.java b/src/main/java/gyro/google/compute/BackendBucketResource.java index 2aca3cdb..b155799a 100644 --- a/src/main/java/gyro/google/compute/BackendBucketResource.java +++ b/src/main/java/gyro/google/compute/BackendBucketResource.java @@ -85,6 +85,8 @@ public class BackendBucketResource extends ComputeResource implements Copyable signedUrlKey; + private SecurityPolicyResource securityPolicy; + /** * Cloud Storage bucket name. */ @@ -179,6 +181,18 @@ public void setSignedUrlKey(List signedUrlKey) { this.signedUrlKey = signedUrlKey; } + /** + * The security policy associated with this backend bucket. + */ + @Updatable + public SecurityPolicyResource getSecurityPolicy() { + return securityPolicy; + } + + public void setSecurityPolicy(SecurityPolicyResource securityPolicy) { + this.securityPolicy = securityPolicy; + } + @Override public void copyFrom(BackendBucket model) { BucketResource bucketResource = null; @@ -197,6 +211,10 @@ public void copyFrom(BackendBucket model) { setEnableCdn(model.getEnableCdn()); } + if (model.hasEdgeSecurityPolicy()) { + setSecurityPolicy(findById(SecurityPolicyResource.class, model.getEdgeSecurityPolicy())); + } + setCdnPolicy(null); if (model.hasCdnPolicy()) { BackendBucketCdnPolicy cp = newSubresource(BackendBucketCdnPolicy.class); @@ -283,6 +301,10 @@ protected void doCreate(GyroUI ui, State state) throws Exception { builder.setCdnPolicy(getCdnPolicy().toBackendBucketCdnPolicy()); } + if (getSecurityPolicy() != null) { + builder.setEdgeSecurityPolicy(getSecurityPolicy().getName()); + } + Operation operation = client.insertCallable().call(InsertBackendBucketRequest.newBuilder() .setProject(getProjectId()) .setBackendBucketResource(builder) diff --git a/src/main/java/gyro/google/compute/SecurityPolicyResource.java b/src/main/java/gyro/google/compute/SecurityPolicyResource.java index ecac5f89..57af6f2a 100644 --- a/src/main/java/gyro/google/compute/SecurityPolicyResource.java +++ b/src/main/java/gyro/google/compute/SecurityPolicyResource.java @@ -37,6 +37,8 @@ import gyro.core.scope.State; import gyro.core.validation.Regex; import gyro.core.validation.Required; +import gyro.core.validation.ValidStrings; +import gyro.core.validation.ValidationError; import gyro.google.Copyable; /** @@ -221,6 +223,7 @@ public class SecurityPolicyResource extends ComputeResource implements Copyable< private SecurityPolicyRule defaultRule; private String fingerprint; private SecurityPolicyAdaptiveProtection adaptiveProtectionConfig; + private String securityPolicyType; // Not yet supported in UI private SecurityPolicyAdvancedOptions advancedOptionsConfig; @@ -336,6 +339,19 @@ public void setDefaultRule(SecurityPolicyRule defaultRule) { this.defaultRule = defaultRule; } + /** + * The type of the security policy. + */ + @ValidStrings({"CLOUD_ARMOR", "CLOUD_ARMOR_EDGE", "CLOUD_ARMOR_INTERNAL_SERVICE", "CLOUD_ARMOR_NETWORK"}) + @Required + public String getSecurityPolicyType() { + return securityPolicyType; + } + + public void setSecurityPolicyType(String securityPolicyType) { + this.securityPolicyType = securityPolicyType; + } + @Override protected boolean doRefresh() throws Exception { try (SecurityPoliciesClient client = createClient(SecurityPoliciesClient.class)) { @@ -396,6 +412,7 @@ public void copyFrom(SecurityPolicy model) { setDescription(model.getDescription()); setSelfLink(model.getSelfLink()); setFingerprint(model.getFingerprint()); + setSecurityPolicyType(model.getType()); getRule().clear(); model.getRulesList().forEach(rule -> { @@ -428,7 +445,7 @@ public void copyFrom(SecurityPolicy model) { private SecurityPolicy toSecurityPolicy() { SecurityPolicy.Builder builder = SecurityPolicy.newBuilder(); - builder.setName(getName()); + builder.setName(getName()).setType(getSecurityPolicyType()); if (getDescription() != null) { builder.setDescription(getDescription()); @@ -466,4 +483,17 @@ private SecurityPolicy getSecurityPolicy(SecurityPoliciesClient client) { return route; } + + @Override + public List validate(Set configuredFields) { + List errors = new ArrayList<>(); + + if (configuredFields.contains("adaptive-protection-config")) { + if (getAdaptiveProtectionConfig() != null && !getSecurityPolicyType().equals("CLOUD_ARMOR")) { + errors.add(new ValidationError(this, "adaptive-protection-config", "'adaptive-protection-config' is not allowed when security-policy-type is not set to 'CLOUD_ARMOR'.")); + } + } + + return errors; + } }