Support NetworkFirewallPolicyRule resource

[cbuto]

What problem are you facing?

While attempting to use the the NetworkFirewallPolicy and NetworkFirewallPolicyAssociation resources, I found that the provider doesn't have support for NetworkFirewallPolicyRules.

the associate terraform resource is google_compute_network_firewall_policy_rule.

What could help solve your problem?

Add support for NetworkFirewallPolicyRule resources in the provider

[github-actions]

This provider repo does not have enough maintainers to address every issue. Since there has been no activity in the last 90 days it is now marked as stale. It will be closed in 14 days if no further activity occurs. Leaving a comment starting with /fresh will mark this issue as not stale.

[brais-real-edo]

/fresh We are also interested in this resource, so we are going to add it to the provider

[brais-real-edo]

@turkenf I'm following the "Adding a new resource" documentation
In step 7, after copying examples-generated to examples and reviewing the manifests I don't know how to proceed, let me explain you where I get stuck:
In Terraform documentation examples are refering to a resource which is still not implemented within Crossplane provider (google_network_security_address_group).
example-generated:

apiVersion: compute.gcp.upbound.io/v1beta1
kind: NetworkFirewallPolicyRule
metadata:
  annotations:
    meta.upbound.io/example-id: compute/v1beta1/networkfirewallpolicyrule
  labels:
    testing.upbound.io/example-name: primary
  name: primary
spec:
  forProvider:
    action: allow
    description: This is a simple rule description
    direction: INGRESS
    disabled: false
    enableLogging: true
    firewallPolicySelector:
      matchLabels:
        testing.upbound.io/example-name: basic_network_firewall_policy
    match:
    - layer4Configs:
      - ipProtocol: all
      srcAddressGroups:
      - ${google_network_security_address_group.basic_global_networksecurity_address_group.id}
      srcFqdns:
      - google.com
      srcIpRanges:
      - 10.100.0.1/32
      srcRegionCodes:
      - US
      srcSecureTags:
      - name: tagValues/${google_tags_tag_value.basic_value.name}
      srcThreatIntelligences:
      - iplist-known-malicious-ips
    ruleName: test-rule
    targetServiceAccounts:
    - my@service-account.com

As this dependency comes from an optional field (forProvider.match[].srcAddressGroups) what should I do with it?
Should I modify the example to remove this reference? Should I keep it although it refers to a resource that should be created outside of Crossplane by now? Should I create a new example manually?

Thank you in advance

[turkenf]

Hi @brais-real-edo,

Thank you for your effort and interest. In such cases, you can continue with two ways:

• First of all, as you mentioned, since the field is optinol, you can test it by removing it from the example and if the tests are successful, we can continue in this way.

• In the second option, you can configure and add the missing resource, but since this requires some effort, you can also choose the first option according to your bandwidth.