Riley Karson

Notes: We should probably prefer branches over tags to avoid polluting tag space. GHA can be preferred for branch management to avoid needing extra perms in TC.

This seems like a case where we'd recommend a fine-grained rule resource similar to https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_region_security_policy_rule (and the organization level one) to manage rules you want Terraform to create/manage, allowing you...

Similar to the relationship between `google_compute_region_security_policy` / `google_compute_region_security_policy_rule`, i.e. a `google_compute_security_policy_rule` resource. That would be globally scoped.

Note: Nothing in the API indicates this wouldn't be updatable using standard update methods

We'd go with `google_access_context_manager_service_perimeter_access_level`, a single resource attachment similar to how `google_access_context_manager_service_perimeter_resource` attaches a single resource. size/s because there's a practically identical reference in `google_access_context_manager_service_perimeter_resource`

This could make sense to add, but we're not sure. Adding to `Backlog`.

Posting these because I got a little mixed up here- there's two `networksecurity.googleapis.com` API definitions. Weird! * https://cloud.google.com/firewall/docs/reference/network-security/rest * https://cloud.google.com/secure-web-proxy/docs/reference/network-security/rest

Yep! What's unusual is that they share a service endpoint, I got mixed up looking for these resources because of that

@shuyama1 do you mind updating the forwarded ticket? I think this is a bug, not an enhancement.

This is intended behaviour, as `initialize_params` is in use. Rather than persistent settings for the resource `initialize_params` indicates "these are the settings the resource should have been created with". Generally...