add google_compute_security_policy data source

[StephenWithPH]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.

Description

Decoupling Terraform configurations is a recommended practice:

Similarly, infrastructure code can be split into smaller Terraform configurations, which have limited scope and are owned by specific teams. These independent configurations use output variables to publish information and remote state resources to access output data from other workspaces.

Adding a google_compute_security_policy data source supports this ideal.

If a core networking team provisions security policies, other teams may rely on the security policies' existence. The other teams could make use of a google_compute_security_policy data source in their own Terraform configurations. In this case, incorporating the data source would simply validate that the given policy exists. This is a fast-feedback approach (terraform plan and terraform apply should fail when the data source lookup fails because it does not exist) which is significantly better than debugging an application whose breakage is attributable to a missing security policy that was not provisioned by the networking team.

New or Affected Resource(s)

• google_compute_security_policy

Potential Terraform Configuration

data "google_compute_security_policy" "resolved_by_self_link" {
  self_link = "<some valid self_link>"
}

data "google_compute_security_policy" "resolved_by_project_and_name" {
  project = "<some project name>"
  name   = "<some valid name>"
}

[keithmattix]

Any update on this? I'm wanting to use the same security policy for multiple backend_services in different TF workspaces; a data call would be great here

[bluemalkin]

Would love to see this soon !

[AarshDhokai]

b/261819193

[SarahFrench]

I just closed a duplicate issue which had ticket b/305277165 attached to it. I'll add this to this issue's description, alongside the one added in Dec 8, 2022

[jbss-prosper]

Would love to see this

[M-Schiefer]

I'd also very much appreciate this feature!

I have a google_compute_security_policy that is created on a higher infrastructure level by terraform, to which other terraform projects dynamically add & remove google_compute_security_policy_rule resources.

These projects have a different lifecycle to the one creating the policy, and creating separate policies is also not an option, since only one policy can be bound to a specific external LoadBalancer.

Since importing is not a solution (the lower-level terraform projects are being created & destroyed with a different lifecycle), I have to manage the policy rules by gcloud cli instead, which breaks our IaC conventions.

[maxi-cit]

Hello folks, I started working on this and I will be fully open a PR soon.

TL:DR I am taking into consideration the ideas from @AarshDhokai and I d have liked to rebase based on his branch but its not possible since it is currently out-dated.

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.