Add Terraform support for Chronicle Data Table resource

mmv1/products/chronicle/DataTable.yaml

@@ -0,0 +1,221 @@
+# Copyright 2026 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+name: DataTable
+description: Represents a Chronicle Data Table, a multicolumn structure used to ingest your own data into Google SecOps.
+
+base_url: projects/{{project}}/locations/{{location}}/instances/{{instance}}/dataTables
+create_url: projects/{{project}}/locations/{{location}}/instances/{{instance}}/dataTables?dataTableId={{data_table_id}}
+self_link: projects/{{project}}/locations/{{location}}/instances/{{instance}}/dataTables/{{data_table_id}}
+id_format: projects/{{project}}/locations/{{location}}/instances/{{instance}}/dataTables/{{data_table_id}}
+import_format:
+  - projects/{{project}}/locations/{{location}}/instances/{{instance}}/dataTables/{{data_table_id}}
+
+update_verb: PATCH
+update_mask: true
+min_version: 'beta'
+references:
+  guides:
+    'Google SecOps Guides': 'https://cloud.google.com/chronicle/docs/secops/secops-overview'
+  api: 'https://cloud.google.com/chronicle/docs/reference/rest/v1beta/projects.locations.instances.dataTables'
+examples:
+  - name: 'chronicle_data_table_basic'
+    config_path: 'templates/terraform/examples/chronicle_data_table_basic.tf.tmpl'
+    primary_resource_id: 'example'
+    min_version: 'beta'
+    test_env_vars:
+      chronicle_id: 'CHRONICLE_ID'
+    vars:
+      data_table_id: 'terraform_test'
+  - name: 'chronicle_data_table_with_optional_fields'
+    config_path: 'templates/terraform/examples/chronicle_data_table_with_optional_fields.tf.tmpl'
+    primary_resource_id: 'example_dt'
+    min_version: 'beta'
+    test_env_vars:
+      chronicle_id: 'CHRONICLE_ID'
+    vars:
+      data_table_id: 'tf_test_full'
+      data_access_scope_id: 'tf-scope-opt'
+autogen_status: RGF0YVRhYmxl
+
+custom_code:
+  pre_delete: 'templates/terraform/pre_delete/chronicle_data_table.go.tmpl'
+
+virtual_fields:
+  - name: 'deletion_policy'
+    description: |
+      The policy governing the deletion of the data table.
+      If set to `FORCE`, allows the deletion of the data table even if it contains rows.
+      If set to `DEFAULT`,or if the field is omitted, the data table must be empty before it can be deleted.
+      Possible values: DEFAULT, FORCE
+    type: String
+    default_value: "DEFAULT"
+
+parameters:
+  - name: location
+    type: String
+    description: Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.
+    immutable: true
+    url_param_only: true
+    required: true
+  - name: instance
+    type: String
+    description: Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122.
+    immutable: true
+    url_param_only: true
+    required: true
+  - name: dataTableId
+    type: String
+    description: |-
+      The ID to use for the data table. This is also the display name for
+      the data table. It must satisfy the following requirements:
+      - Starts with letter.
+      - Contains only letters, numbers and underscore.
+      - Must be unique and has length < 256.
+    immutable: true
+    url_param_only: true
+    required: true
+properties:
+  - name: approximateRowCount
+    type: Integer
+    description: The count of rows in the data table.
+    output: true
+  - name: columnInfo
+    type: Array
+    description: Details of all the columns in the table
+    immutable: true
+    item_type:
+      type: NestedObject
+      properties:
+        - name: columnIndex
+          type: Integer
+          description: Column Index. 0,1,2...
+          required: true
+          immutable: true
+        - name: columnType
+          type: Enum
+          description: |-
+            Column type can be STRING, CIDR (Ex- 10.1.1.0/24), REGEX
+            Possible values:
+            STRING
+            REGEX
+            CIDR
+            NUMBER
+          enum_values:
+            - STRING
+            - REGEX
+            - CIDR
+            - NUMBER
+          immutable: true
+        - name: keyColumn
+          type: Boolean
+          description: |-
+            Whether to include this column in the calculation of the row ID.
+            If no columns have key_column = true, all columns will be included in the
+            calculation of the row ID.
+          immutable: true
+        - name: mappedColumnPath
+          type: String
+          description: Entity proto field path that the column is mapped to
+          immutable: true
+        - name: originalColumn
+          type: String
+          description: |-
+            Original column name of the Data Table (present in the CSV header in case
+            of creation of data tables using file uploads). It must satisfy the
+            following requirements:
+            - Starts with letter.
+            - Contains only letters, numbers and underscore.
+            - Must be unique and has length < 256
+          required: true
+          immutable: true
+        - name: repeatedValues
+          type: Boolean
+          description: Whether the column is a repeated values column.
+          immutable: true
+  - name: createTime
+    type: String
+    description: Table create time
+    output: true
+  - name: dataTableUuid
+    type: String
+    description: Data table unique id
+    output: true
+  - name: description
+    type: String
+    description: A user-provided description of the data table.
+    required: true
+  - name: displayName
+    type: String
+    description: The unique display name of the data table.
+    output: true
+  - name: name
+    type: String
+    description: |-
+      Identifier. The resource name of the data table
+      Format:
+      "{project}/locations/{region}/instances/{instance}/dataTables/{data_table}"
+    output: true
+  - name: rowTimeToLive
+    type: String
+    description: User-provided TTL of the data table.
+  - name: rowTimeToLiveUpdateTime
+    type: String
+    description: Last update time of the TTL of the data table.
+    output: true
+  - name: ruleAssociationsCount
+    type: Integer
+    description: The count of rules using the data table.
+    output: true
+  - name: rules
+    type: Array
+    description: |-
+      The resource names for the associated Rules that use this
+      data table. Format:
+      projects/{project}/locations/{location}/instances/{instance}/rules/{rule}.
+      {rule} here refers to the rule id.
+    output: true
+    item_type:
+      type: String
+  - name: scopeInfo
+    type: NestedObject
+    diff_suppress_func: 'tpgresource.ProjectNumberDiffSuppress'
+    description: DataTableScopeInfo specifies the scope info of the data table.
+    properties:
+      - name: dataAccessScopes
+        type: Array
+        description: |-
+          Contains the list of scope names of the data table. If the list is empty,
+          the data table is treated as unscoped. The scope names should be
+          full resource names and should be of the format:
+          "projects/{project}/locations/{location}/instances/{instance}/dataAccessScopes/{scope_name}"
+        required: true
+        item_type:
+          type: String
+  - name: updateSource
+    type: Enum
+    description: |2-
+      Possible values:
+      USER
+      RULE
+      SEARCH
+    enum_values:
+      - USER
+      - RULE
+      - SEARCH
+    output: true
+  - name: updateTime
+    type: String
+    description: Table update time
+    output: true

mmv1/products/chronicle/product.yaml

@@ -1,4 +1,4 @@
-# Copyright 2024 Google Inc.
+# Copyright 2026 Google Inc.
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at

mmv1/templates/terraform/examples/chronicle_data_table_basic.tf.tmpl

@@ -0,0 +1,47 @@
+resource "google_chronicle_data_table" "example" {
+  provider       = google-beta
+  location       = "us"
+  instance = "{{index $.TestEnvVars "chronicle_id"}}"
+  data_table_id  = "{{index $.Vars "data_table_id"}}"
+  description    = "sample desc"
+  column_info {
+    column_index    = 0
+    original_column = "username"
+    column_type     = "STRING"
+  }
+  column_info {
+    column_index    = 1
+    original_column = "ip_address"
+    column_type     = "CIDR"
+  }
+}
+
+output "data_table_name" {
+  description = "The resource name of the data table."
+  value = google_chronicle_data_table.example.name
+}
+
+output "data_table_id" {
+  description = "The user-provided ID of the data table."
+  value = google_chronicle_data_table.example.data_table_id
+}
+
+output "data_table_uuid" {
+  description = "The system-generated UUID of the data table."
+  value = google_chronicle_data_table.example.data_table_uuid
+}
+
+output "data_table_description" {
+  description = "The description of the data table."
+  value = google_chronicle_data_table.example.description
+}
+
+output "data_table_create_time" {
+  description = "The creation time of the data table."
+  value = google_chronicle_data_table.example.create_time
+}
+
+output "data_table_ttl" {
+  description = "The row time to live for the data table."
+  value = google_chronicle_data_table.example.row_time_to_live
+}

mmv1/templates/terraform/examples/chronicle_data_table_with_optional_fields.tf.tmpl

@@ -0,0 +1,60 @@
+resource "google_chronicle_data_access_scope" "test_scope_allow_everyone" {
+provider             = google-beta
+ location = "us"
+ instance = "{{index $.TestEnvVars "chronicle_id"}}"
+ data_access_scope_id = "{{index $.Vars "data_access_scope_id"}}"
+ description = "scope-description"
+ allowed_data_access_labels {
+   log_type = "GCP_CLOUDAUDIT"
+ }
+}
+
+resource "google_chronicle_data_table" "example_dt" {
+  provider         = google-beta
+  location         = "us"
+  instance = "{{index $.TestEnvVars "chronicle_id"}}"
+  data_table_id  = "{{index $.Vars "data_table_id"}}"
+  description      = "Comprehensive test table with all teh fields"
+  row_time_to_live = "48h"
+
+  column_info {
+    column_index     = 0
+    original_column  = "username"
+    key_column       = true
+    mapped_column_path = "entity.user.userid"
+    repeated_values  = false
+  }
+  column_info {
+    column_index     = 1
+    original_column  = "ip_address"
+    column_type      = "CIDR"
+    key_column       = false
+    repeated_values  = false
+  }
+
+  scope_info {
+    data_access_scopes = [google_chronicle_data_access_scope.test_scope_allow_everyone.name]
+  }
+  depends_on = [google_chronicle_data_access_scope.test_scope_allow_everyone]
+}
+
+output "data_table_name" {
+  description = "The resource name of the created data table."
+  value       = google_chronicle_data_table.example_dt.name
+}
+
+output "data_table_id" {
+  description = "The ID of the created data table."
+  value       = google_chronicle_data_table.example_dt.id
+}
+
+output "data_table_create_time" {
+  description = "The creation time of the data table."
+  value       = google_chronicle_data_table.example_dt.create_time
+}
+
+output "data_table_column_info" {
+  description = "The column info of the data table."
+  value       = google_chronicle_data_table.example_dt.column_info
+}
+

mmv1/templates/terraform/pre_delete/chronicle_data_table.go.tmpl

@@ -0,0 +1,4 @@
+// Forcefully delete data table even if there are any rows associated.
+if deletionPolicy := d.Get("deletion_policy"); deletionPolicy == "FORCE" {
+    url = url + "?force=true"
+}