From 8f3a9892f4cfeddbaf4dc8457849e30e6ac49b8e Mon Sep 17 00:00:00 2001
From: Max Portocarrero CI&T <105444618+maxi-cit@users.noreply.github.com>
Date: Tue, 19 Mar 2024 20:51:00 -0500
Subject: [PATCH] add billing project id support to firewall endpoint resource
 (#10122)

* add billing project support

* removed description field due to API issue

* test updated and fixed for ADC support

* added ADC warning

* removing ADC
---
 .../networksecurity/FirewallEndpoint.yaml     | 12 +++++
 ...ork_security_firewall_endpoint_test.go.erb | 49 ++++++++++---------
 2 files changed, 39 insertions(+), 22 deletions(-)

diff --git a/mmv1/products/networksecurity/FirewallEndpoint.yaml b/mmv1/products/networksecurity/FirewallEndpoint.yaml
index bc53ec4fa5a5..a2118263106c 100644
--- a/mmv1/products/networksecurity/FirewallEndpoint.yaml
+++ b/mmv1/products/networksecurity/FirewallEndpoint.yaml
@@ -23,6 +23,13 @@ description: |
   A Firewall endpoint is a Cloud Firewall resource that enables
   layer 7 advanced protection capabilities, such as intrusion prevention,
   in your network.
+docs: !ruby/object:Provider::Terraform::Docs
+  warning: |
+    If you are using User ADCs (Application Default Credentials) with this resource,
+    you must specify a `billing_project` and set `user_project_override` to true
+    in the provider configuration. Otherwise the ACM API will return a 403 error.
+    Your account must have the `serviceusage.services.use` permission on the
+    `billing_project` you defined.
 references:
   !ruby/object:Api::Resource::ReferenceLinks
   api: 'https://cloud.google.com/firewall/docs/reference/network-security/rest/v1beta1/organizations.locations.firewallEndpoints'
@@ -110,3 +117,8 @@ properties:
     name: 'state'
     description: The current state of the endpoint.
     output: true
+  - !ruby/object:Api::Type::String
+    name: 'billingProjectId'
+    description: |
+      Project to bill on endpoint uptime usage.
+    required: true
diff --git a/mmv1/third_party/terraform/services/networksecurity/resource_network_security_firewall_endpoint_test.go.erb b/mmv1/third_party/terraform/services/networksecurity/resource_network_security_firewall_endpoint_test.go.erb
index 05413b1545ec..888d865f9fbb 100644
--- a/mmv1/third_party/terraform/services/networksecurity/resource_network_security_firewall_endpoint_test.go.erb
+++ b/mmv1/third_party/terraform/services/networksecurity/resource_network_security_firewall_endpoint_test.go.erb
@@ -20,6 +20,7 @@ func TestAccNetworkSecurityFirewallEndpoints_basic(t *testing.T) {
 	acctest.SkipIfVcr(t)
 	t.Parallel()
 
+	billingProjectId := envvar.GetTestProjectFromEnv()
 	orgId := envvar.GetTestOrgFromEnv(t)
 	randomSuffix := acctest.RandString(t, 10)
 
@@ -29,7 +30,7 @@ func TestAccNetworkSecurityFirewallEndpoints_basic(t *testing.T) {
 		CheckDestroy:             testAccCheckNetworkSecurityFirewallEndpointDestroyProducer(t),
 		Steps: []resource.TestStep{
 			{
-				Config: testAccNetworkSecurityFirewallEndpoints_basic(orgId, randomSuffix),
+				Config: testAccNetworkSecurityFirewallEndpoints_basic(orgId, billingProjectId, randomSuffix),
 			},
 			{
 				ResourceName:            "google_network_security_firewall_endpoint.foobar",
@@ -38,7 +39,7 @@ func TestAccNetworkSecurityFirewallEndpoints_basic(t *testing.T) {
 				ImportStateVerifyIgnore: []string{"labels", "terraform_labels"},
 			},
 			{
-				Config: testAccNetworkSecurityFirewallEndpoints_update(orgId, randomSuffix),
+				Config: testAccNetworkSecurityFirewallEndpoints_update(orgId, billingProjectId, randomSuffix),
 			},
 			{
 				ResourceName:            "google_network_security_firewall_endpoint.foobar",
@@ -50,34 +51,38 @@ func TestAccNetworkSecurityFirewallEndpoints_basic(t *testing.T) {
 	})
 }
 
-func testAccNetworkSecurityFirewallEndpoints_basic(orgId string, randomSuffix string) string {
+func testAccNetworkSecurityFirewallEndpoints_basic(orgId string, billingProjectId string, randomSuffix string) string {
 	return fmt.Sprintf(`
 resource "google_network_security_firewall_endpoint" "foobar" {
-    provider = google-beta
-    name     = "tf-test-my-firewall-endpoint%s"
-    parent   = "organizations/%s"
-    location = "us-central1-a"
-
-    labels = {
-        foo = "bar"
-    }
+  provider = google-beta
+
+  name     = "tf-test-my-firewall-endpoint%[1]s"
+  parent   = "organizations/%[2]s"
+  location = "us-central1-a"
+  billing_project_id = "%[3]s"
+
+  labels = {
+    foo = "bar"
+  }
 }
-`, randomSuffix, orgId)
+`, randomSuffix, orgId, billingProjectId)
 }
 
-func testAccNetworkSecurityFirewallEndpoints_update(orgId string, randomSuffix string) string {
+func testAccNetworkSecurityFirewallEndpoints_update(orgId string, billingProjectId string, randomSuffix string) string {
 	return fmt.Sprintf(`
 resource "google_network_security_firewall_endpoint" "foobar" {
-    provider = google-beta
-    name     = "tf-test-my-firewall-endpoint%s"
-    parent   = "organizations/%s"
-    location = "us-central1-a"
-
-    labels = {
-        foo = "bar-updated"
-    }
+  provider = google-beta
+
+  name     = "tf-test-my-firewall-endpoint%[1]s"
+  parent   = "organizations/%[2]s"
+  location = "us-central1-a"
+  billing_project_id = "%[3]s"
+
+  labels = {
+    foo = "bar-updated"
+  }
 }
-`, randomSuffix, orgId)
+`, randomSuffix, orgId, billingProjectId)
 }
 
 func testAccCheckNetworkSecurityFirewallEndpointDestroyProducer(t *testing.T) func(s *terraform.State) error {