hashicorp · modular-magician · Sep 7, 2021 · Sep 7, 2021
diff --git a/.changelog/5165.txt b/.changelog/5165.txt
@@ -0,0 +1,3 @@
+```release-note:none
+
+```
diff --git a/google/resource_assured_workloads_workload.go b/google/resource_assured_workloads_workload.go
@@ -51,85 +51,85 @@ func resourceAssuredWorkloadsWorkload() *schema.Resource {
 				Required:         true,
 				ForceNew:         true,
 				DiffSuppressFunc: compareSelfLinkOrResourceName,
-				Description:      ``,
+				Description:      "Required. Input only. The billing account used for the resources which are direct children of workload. This billing account is initially associated with the resources created as part of Workload creation. After the initial creation of these resources, the customer can change the assigned billing account. The resource name has the form `billingAccounts/{billing_account_id}`. For example, 'billingAccounts/012345-567890-ABCDEF`.",
 			},
 
 			"compliance_regime": {
 				Type:         schema.TypeString,
 				Required:     true,
 				ForceNew:     true,
-				Description:  ``,
+				Description:  "Required. Immutable. Compliance Regime associated with this workload. Possible values: COMPLIANCE_REGIME_UNSPECIFIED, IL4, CJIS, FEDRAMP_HIGH, FEDRAMP_MODERATE, US_REGIONAL_ACCESS",
 				ValidateFunc: validation.StringInSlice([]string{"COMPLIANCE_REGIME_UNSPECIFIED", "IL4", "CJIS", "FEDRAMP_HIGH", "FEDRAMP_MODERATE", "US_REGIONAL_ACCESS", ""}, false),
 			},
 
 			"display_name": {
 				Type:        schema.TypeString,
 				Required:    true,
-				Description: ``,
+				Description: "Required. The user-assigned display name of the Workload. When present it must be between 4 to 30 characters. Allowed characters are: lowercase and uppercase letters, numbers, hyphen, and spaces. Example: My Workload",
 			},
 
 			"location": {
 				Type:        schema.TypeString,
 				Required:    true,
 				ForceNew:    true,
-				Description: ``,
+				Description: "The location for the resource",
 			},
 
 			"organization": {
 				Type:             schema.TypeString,
 				Required:         true,
 				ForceNew:         true,
 				DiffSuppressFunc: compareSelfLinkOrResourceName,
-				Description:      ``,
+				Description:      "The organization for the resource",
 			},
 
 			"kms_settings": {
 				Type:        schema.TypeList,
 				Optional:    true,
 				ForceNew:    true,
-				Description: ``,
+				Description: "Input only. Settings used to create a CMEK crypto key. When set a project with a KMS CMEK key is provisioned. This field is mandatory for a subset of Compliance Regimes.",
 				MaxItems:    1,
 				Elem:        AssuredWorkloadsWorkloadKmsSettingsSchema(),
 			},
 
 			"labels": {
 				Type:        schema.TypeMap,
 				Optional:    true,
-				Description: ``,
+				Description: "Optional. Labels applied to the workload.",
 				Elem:        &schema.Schema{Type: schema.TypeString},
 			},
 
 			"provisioned_resources_parent": {
 				Type:        schema.TypeString,
 				Optional:    true,
 				ForceNew:    true,
-				Description: ``,
+				Description: "Input only. The parent resource for the resources managed by this Assured Workload. May be either an organization or a folder. Must be the same or a child of the Workload parent. If not specified all resources are created under the Workload parent. Formats: folders/{folder_id}, organizations/{organization_id}",
 			},
 
 			"resource_settings": {
 				Type:        schema.TypeList,
 				Optional:    true,
 				ForceNew:    true,
-				Description: ``,
+				Description: "Input only. Resource properties that are used to customize workload resources. These properties (such as custom project id) will be used to create workload resources if possible. This field is optional.",
 				Elem:        AssuredWorkloadsWorkloadResourceSettingsSchema(),
 			},
 
 			"create_time": {
 				Type:        schema.TypeString,
 				Computed:    true,
-				Description: ``,
+				Description: "Output only. Immutable. The Workload creation timestamp.",
 			},
 
 			"name": {
 				Type:        schema.TypeString,
 				Computed:    true,
-				Description: ``,
+				Description: "Output only. The resource name of the workload.",
 			},
 
 			"resources": {
 				Type:        schema.TypeList,
 				Computed:    true,
-				Description: ``,
+				Description: "Output only. The resources associated with this workload. These resources will be created when creating the workload. If any of the projects already exist, the workload creation will fail. Always read only.",
 				Elem:        AssuredWorkloadsWorkloadResourcesSchema(),
 			},
 		},
@@ -143,14 +143,14 @@ func AssuredWorkloadsWorkloadKmsSettingsSchema() *schema.Resource {
 				Type:        schema.TypeString,
 				Required:    true,
 				ForceNew:    true,
-				Description: ``,
+				Description: "Required. Input only. Immutable. The time at which the Key Management Service will automatically create a new version of the crypto key and mark it as the primary.",
 			},
 
 			"rotation_period": {
 				Type:        schema.TypeString,
 				Required:    true,
 				ForceNew:    true,
-				Description: ``,
+				Description: "Required. Input only. Immutable. will be advanced by this period when the Key Management Service automatically rotates a key. Must be at least 24 hours and at most 876,000 hours.",
 			},
 		},
 	}
@@ -163,14 +163,14 @@ func AssuredWorkloadsWorkloadResourceSettingsSchema() *schema.Resource {
 				Type:        schema.TypeString,
 				Optional:    true,
 				ForceNew:    true,
-				Description: ``,
+				Description: "Resource identifier. For a project this represents project_number. If the project is already taken, the workload creation will fail.",
 			},
 
 			"resource_type": {
 				Type:         schema.TypeString,
 				Optional:     true,
 				ForceNew:     true,
-				Description:  ``,
+				Description:  "Indicates the type of resource. This field should be specified to correspond the id to the right project type (CONSUMER_PROJECT or ENCRYPTION_KEYS_PROJECT) Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER",
 				ValidateFunc: validation.StringInSlice([]string{"RESOURCE_TYPE_UNSPECIFIED", "CONSUMER_PROJECT", "ENCRYPTION_KEYS_PROJECT", "KEYRING", "CONSUMER_FOLDER", ""}, false),
 			},
 		},
@@ -183,13 +183,13 @@ func AssuredWorkloadsWorkloadResourcesSchema() *schema.Resource {
 			"resource_id": {
 				Type:        schema.TypeInt,
 				Computed:    true,
-				Description: ``,
+				Description: "Resource identifier. For a project this represents project_number.",
 			},
 
 			"resource_type": {
 				Type:        schema.TypeString,
 				Computed:    true,
-				Description: ``,
+				Description: "Indicates the type of resource. Possible values: RESOURCE_TYPE_UNSPECIFIED, CONSUMER_PROJECT, ENCRYPTION_KEYS_PROJECT, KEYRING, CONSUMER_FOLDER",
 			},
 		},
 	}

diff --git a/google/resource_compute_firewall_policy.go b/google/resource_compute_firewall_policy.go
@@ -50,62 +50,62 @@ func resourceComputeFirewallPolicy() *schema.Resource {
 				Required:         true,
 				ForceNew:         true,
 				DiffSuppressFunc: compareSelfLinkOrResourceName,
-				Description:      ``,
+				Description:      "The parent of the firewall policy.",
 			},
 
 			"short_name": {
 				Type:        schema.TypeString,
 				Required:    true,
 				ForceNew:    true,
-				Description: ``,
+				Description: "User-provided name of the Organization firewall policy. The name should be unique in the organization in which the firewall policy is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.",
 			},
 
 			"description": {
 				Type:        schema.TypeString,
 				Optional:    true,
-				Description: ``,
+				Description: "An optional description of this resource. Provide this property when you create the resource.",
 			},
 
 			"creation_timestamp": {
 				Type:        schema.TypeString,
 				Computed:    true,
-				Description: ``,
+				Description: "Creation timestamp in RFC3339 text format.",
 			},
 
 			"fingerprint": {
 				Type:        schema.TypeString,
 				Computed:    true,
-				Description: ``,
+				Description: "Fingerprint of the resource. This field is used internally during updates of this resource.",
 			},
 
 			"firewall_policy_id": {
 				Type:        schema.TypeString,
 				Computed:    true,
-				Description: ``,
+				Description: "The unique identifier for the resource. This identifier is defined by the server.",
 			},
 
 			"name": {
 				Type:        schema.TypeString,
 				Computed:    true,
-				Description: ``,
+				Description: "Name of the resource. It is a numeric ID allocated by GCP which uniquely identifies the Firewall Policy.",
 			},
 
 			"rule_tuple_count": {
 				Type:        schema.TypeInt,
 				Computed:    true,
-				Description: ``,
+				Description: "Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.",
 			},
 
 			"self_link": {
 				Type:        schema.TypeString,
 				Computed:    true,
-				Description: ``,
+				Description: "Server-defined URL for the resource.",
 			},
 
 			"self_link_with_id": {
 				Type:        schema.TypeString,
 				Computed:    true,
-				Description: ``,
+				Description: "Server-defined URL for this resource with the resource id.",
 			},
 		},
 	}

diff --git a/google/resource_compute_firewall_policy_association.go b/google/resource_compute_firewall_policy_association.go
@@ -48,28 +48,28 @@ func resourceComputeFirewallPolicyAssociation() *schema.Resource {
 				Required:         true,
 				ForceNew:         true,
 				DiffSuppressFunc: compareSelfLinkOrResourceName,
-				Description:      ``,
+				Description:      "The target that the firewall policy is attached to.",
 			},
 
 			"firewall_policy": {
 				Type:             schema.TypeString,
 				Required:         true,
 				ForceNew:         true,
 				DiffSuppressFunc: compareSelfLinkOrResourceName,
-				Description:      ``,
+				Description:      "The firewall policy ID of the association.",
 			},
 
 			"name": {
 				Type:        schema.TypeString,
 				Required:    true,
 				ForceNew:    true,
-				Description: ``,
+				Description: "The name for an association.",
 			},
 
 			"short_name": {
 				Type:        schema.TypeString,
 				Computed:    true,
-				Description: ``,
+				Description: "The short name of the firewall policy of the association.",
 			},
 		},
 	}

diff --git a/google/resource_compute_firewall_policy_rule.go b/google/resource_compute_firewall_policy_rule.go
@@ -49,13 +49,13 @@ func resourceComputeFirewallPolicyRule() *schema.Resource {
 			"action": {
 				Type:        schema.TypeString,
 				Required:    true,
-				Description: ``,
+				Description: "The Action to perform when the client connection triggers the rule. Can currently be either \"allow\" or \"deny()\" where valid values for status are 403, 404, and 502.",
 			},
 
 			"direction": {
 				Type:         schema.TypeString,
 				Required:     true,
-				Description:  ``,
+				Description:  "The direction in which this rule applies. Possible values: INGRESS, EGRESS",
 				ValidateFunc: validation.StringInSlice([]string{"INGRESS", "EGRESS", ""}, false),
 			},
 
@@ -64,13 +64,13 @@ func resourceComputeFirewallPolicyRule() *schema.Resource {
 				Required:         true,
 				ForceNew:         true,
 				DiffSuppressFunc: compareSelfLinkOrResourceName,
-				Description:      ``,
+				Description:      "The firewall policy of the resource.",
 			},
 
 			"match": {
 				Type:        schema.TypeList,
 				Required:    true,
-				Description: ``,
+				Description: "A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding 'action' is enforced.",
 				MaxItems:    1,
 				Elem:        ComputeFirewallPolicyRuleMatchSchema(),
 			},
@@ -79,52 +79,52 @@ func resourceComputeFirewallPolicyRule() *schema.Resource {
 				Type:        schema.TypeInt,
 				Required:    true,
 				ForceNew:    true,
-				Description: ``,
+				Description: "An integer indicating the priority of a rule in the list. The priority must be a positive value between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the highest priority and 2147483647 is the lowest prority.",
 			},
 
 			"description": {
 				Type:        schema.TypeString,
 				Optional:    true,
-				Description: ``,
+				Description: "An optional description for this resource.",
 			},
 
 			"disabled": {
 				Type:        schema.TypeBool,
 				Optional:    true,
-				Description: ``,
+				Description: "Denotes whether the firewall policy rule is disabled. When set to true, the firewall policy rule is not enforced and traffic behaves as if it did not exist. If this is unspecified, the firewall policy rule will be enabled.",
 			},
 
 			"enable_logging": {
 				Type:        schema.TypeBool,
 				Optional:    true,
-				Description: ``,
+				Description: "Denotes whether to enable logging for a particular rule. If logging is enabled, logs will be exported to the configured export destination in Stackdriver. Logs may be exported to BigQuery or Pub/Sub. Note: you cannot enable logging on \"goto_next\" rules.",
 			},
 
 			"target_resources": {
 				Type:             schema.TypeList,
 				Optional:         true,
 				DiffSuppressFunc: compareSelfLinkOrResourceName,
-				Description:      ``,
+				Description:      "A list of network resource URLs to which this rule applies. This field allows you to control which network's VMs get this rule. If this field is left blank, all VMs within the organization will receive the rule.",
 				Elem:             &schema.Schema{Type: schema.TypeString},
 			},
 
 			"target_service_accounts": {
 				Type:        schema.TypeList,
 				Optional:    true,
-				Description: ``,
+				Description: "A list of service accounts indicating the sets of instances that are applied with this rule.",
 				Elem:        &schema.Schema{Type: schema.TypeString},
 			},
 
 			"kind": {
 				Type:        schema.TypeString,
 				Computed:    true,
-				Description: ``,
+				Description: "Type of the resource. Always `compute#firewallPolicyRule` for firewall policy rules",
 			},
 
 			"rule_tuple_count": {
 				Type:        schema.TypeInt,
 				Computed:    true,
-				Description: ``,
+				Description: "Calculation of the complexity of a single firewall policy rule.",
 			},
 		},
 	}
@@ -136,21 +136,21 @@ func ComputeFirewallPolicyRuleMatchSchema() *schema.Resource {
 			"layer4_configs": {
 				Type:        schema.TypeList,
 				Required:    true,
-				Description: ``,
+				Description: "Pairs of IP protocols and ports that the rule should match.",
 				Elem:        ComputeFirewallPolicyRuleMatchLayer4ConfigsSchema(),
 			},
 
 			"dest_ip_ranges": {
 				Type:        schema.TypeList,
 				Optional:    true,
-				Description: ``,
+				Description: "CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 256.",
 				Elem:        &schema.Schema{Type: schema.TypeString},
 			},
 
 			"src_ip_ranges": {
 				Type:        schema.TypeList,
 				Optional:    true,
-				Description: ``,
+				Description: "CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 256.",
 				Elem:        &schema.Schema{Type: schema.TypeString},
 			},
 		},
@@ -163,13 +163,13 @@ func ComputeFirewallPolicyRuleMatchLayer4ConfigsSchema() *schema.Resource {
 			"ip_protocol": {
 				Type:        schema.TypeString,
 				Required:    true,
-				Description: ``,
+				Description: "The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (`tcp`, `udp`, `icmp`, `esp`, `ah`, `ipip`, `sctp`), or the IP protocol number.",
 			},
 
 			"ports": {
 				Type:        schema.TypeList,
 				Optional:    true,
-				Description: ``,
+				Description: "An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ``.",
 				Elem:        &schema.Schema{Type: schema.TypeString},
 			},
 		},