hashicorp · modular-magician · Mar 4, 2025 · Mar 4, 2025
@@ -0,0 +1,3 @@
+```release-note:none
+Updated descriptions for Network Security's Intercept resources.
+```
@@ -16,12 +16,16 @@
 # ----------------------------------------------------------------------------
 subcategory: "Network Security"
 description: |-
-  InterceptDeployment represents the collectors within a Zone and is associated with a deployment group.
+  A deployment represents a zonal intercept backend ready to accept
+  GENEVE-encapsulated traffic, e.
 ---
 
 # google_network_security_intercept_deployment
 
-InterceptDeployment represents the collectors within a Zone and is associated with a deployment group.
+A deployment represents a zonal intercept backend ready to accept
+GENEVE-encapsulated traffic, e.g. a zonal instance group fronted by an
+internal passthrough load balancer. Deployments are always part of a
+global deployment group which represents a global intercept service.
 
 ~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider.
 See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources.
@@ -106,32 +110,32 @@ The following arguments are supported:
 
 * `forwarding_rule` -
   (Required)
-  Immutable. The regional load balancer which the intercepted traffic should be forwarded
-  to. Format is:
-  projects/{project}/regions/{region}/forwardingRules/{forwardingRule}
+  The regional forwarding rule that fronts the interceptors, for example:
+  `projects/123456789/regions/us-central1/forwardingRules/my-rule`.
+  See https://google.aip.dev/124.
 
 * `intercept_deployment_group` -
   (Required)
-  Immutable. The Intercept Deployment Group that this resource is part of. Format is:
-  `projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup}`
+  The deployment group that this deployment is a part of, for example:
+  `projects/123456789/locations/global/interceptDeploymentGroups/my-dg`.
+  See https://google.aip.dev/124.
 
 * `location` -
   (Required)
-  Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeployment`.
+  The cloud location of the deployment, e.g. `us-central1-a` or `asia-south1-b`.
 
 * `intercept_deployment_id` -
   (Required)
-  Id of the requesting object
-  If auto-generating Id server-side, remove this field and
-  intercept_deployment_id from the method_signature of Create RPC
+  The ID to use for the new deployment, which will become the final
+  component of the deployment's resource name.
 
 
 - - -
 
 
 * `labels` -
   (Optional)
-  Optional. Labels as key value pairs 
+  Labels are key/value pairs that help to organize and filter resources.
   **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
   Please refer to the field `effective_labels` for all of the labels present on the resource.
 
@@ -146,27 +150,34 @@ In addition to the arguments listed above, the following computed attributes are
 * `id` - an identifier for the resource with format `projects/{{project}}/locations/{{location}}/interceptDeployments/{{intercept_deployment_id}}`
 
 * `name` -
-  Identifier. The name of the InterceptDeployment.
+  The resource name of this deployment, for example:
+  `projects/123456789/locations/us-central1-a/interceptDeployments/my-dep`.
+  See https://google.aip.dev/122 for more details.
 
 * `create_time` -
-  Create time stamp
+  The timestamp when the resource was created.
+  See https://google.aip.dev/148#timestamps.
 
 * `update_time` -
-  Update time stamp
+  The timestamp when the resource was most recently updated.
+  See https://google.aip.dev/148#timestamps.
 
 * `state` -
-  Current state of the deployment. 
-   Possible values:
-   STATE_UNSPECIFIED
+  The current state of the deployment.
+  See https://google.aip.dev/216.
+  Possible values:
+  STATE_UNSPECIFIED
   ACTIVE
   CREATING
   DELETING
   OUT_OF_SYNC
   DELETE_FAILED
 
 * `reconciling` -
-  Whether reconciling is in progress, recommended per
-  https://google.aip.dev/128.
+  The current state of the resource does not match the user's intended state,
+  and the system is working to reconcile them. This part of the normal
+  operation (e.g. linking a new association to the parent group).
+  See https://google.aip.dev/128.
 
 * `terraform_labels` -
   The combination of labels configured directly on the resource

@@ -16,12 +16,15 @@
 # ----------------------------------------------------------------------------
 subcategory: "Network Security"
 description: |-
-  A Deployment Group represents the collector deployments across different zones within an organization.
+  A deployment group aggregates many zonal intercept backends (deployments)
+  into a single global intercept service.
 ---
 
 # google_network_security_intercept_deployment_group
 
-A Deployment Group represents the collector deployments across different zones within an organization.
+A deployment group aggregates many zonal intercept backends (deployments)
+into a single global intercept service. Consumers can connect this service
+using an endpoint group.
 
 ~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider.
 See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources.
@@ -60,26 +63,26 @@ The following arguments are supported:
 
 * `network` -
   (Required)
-  Required. Immutable. The network that is being used for the deployment. Format is:
-  projects/{project}/global/networks/{network}.
+  The network that will be used for all child deployments, for example:
+  `projects/{project}/global/networks/{network}`.
+  See https://google.aip.dev/124.
 
 * `location` -
   (Required)
-  Resource ID segment making up resource `name`. It identifies the resource within its parent collection as described in https://google.aip.dev/122. See documentation for resource type `networksecurity.googleapis.com/InterceptDeploymentGroup`.
+  The cloud location of the deployment group, currently restricted to `global`.
 
 * `intercept_deployment_group_id` -
   (Required)
-  Required. Id of the requesting object
-  If auto-generating Id server-side, remove this field and
-  intercept_deployment_group_id from the method_signature of Create RPC
+  The ID to use for the new deployment group, which will become the final
+  component of the deployment group's resource name.
 
 
 - - -
 
 
 * `labels` -
   (Optional)
-  Optional. Labels as key value pairs 
+  Labels are key/value pairs that help to organize and filter resources.
   **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
   Please refer to the field `effective_labels` for all of the labels present on the resource.
 
@@ -94,29 +97,36 @@ In addition to the arguments listed above, the following computed attributes are
 * `id` - an identifier for the resource with format `projects/{{project}}/locations/{{location}}/interceptDeploymentGroups/{{intercept_deployment_group_id}}`
 
 * `name` -
-  Output only. Identifier. Then name of the InterceptDeploymentGroup.
+  The resource name of this deployment group, for example:
+  `projects/123456789/locations/global/interceptDeploymentGroups/my-dg`.
+  See https://google.aip.dev/122 for more details.
 
 * `create_time` -
-  Output only. [Output only] Create time stamp
+  The timestamp when the resource was created.
+  See https://google.aip.dev/148#timestamps.
 
 * `update_time` -
-  Output only. [Output only] Update time stamp
+  The timestamp when the resource was most recently updated.
+  See https://google.aip.dev/148#timestamps.
 
 * `connected_endpoint_groups` -
-  Output only. The list of Intercept Endpoint Groups that are connected to this resource.
+  The list of endpoint groups that are connected to this resource.
   Structure is [documented below](#nested_connected_endpoint_groups).
 
 * `state` -
-  Output only. Current state of the deployment group. 
-   Possible values:
-   STATE_UNSPECIFIED
+  The current state of the deployment group.
+  See https://google.aip.dev/216.
+  Possible values:
+  STATE_UNSPECIFIED
   ACTIVE
   CREATING
   DELETING
 
 * `reconciling` -
-  Output only. Whether reconciling is in progress, recommended per
-  https://google.aip.dev/128.
+  The current state of the resource does not match the user's intended state,
+  and the system is working to reconcile them. This is part of the normal
+  operation (e.g. adding a new deployment to the group)
+  See https://google.aip.dev/128.
 
 * `terraform_labels` -
   The combination of labels configured directly on the resource
@@ -130,7 +140,9 @@ In addition to the arguments listed above, the following computed attributes are
 
 * `name` -
   (Output)
-  Output only. A connected intercept endpoint group.
+  The connected endpoint group's resource name, for example:
+  `projects/123456789/locations/global/interceptEndpointGroups/my-eg`.
+  See https://google.aip.dev/124.
 
 ## Timeouts
 

@@ -16,12 +16,16 @@
 # ----------------------------------------------------------------------------
 subcategory: "Network Security"
 description: |-
-  An intercept endpoint group is a global resource in the consumer account representing the producer’s deployment group.
+  An endpoint group is a consumer frontend for a deployment group (backend).
 ---
 
 # google_network_security_intercept_endpoint_group
 
-An intercept endpoint group is a global resource in the consumer account representing the producer’s deployment group.
+An endpoint group is a consumer frontend for a deployment group (backend).
+In order to configure intercept for a network, consumers must create:
+- An association between their network and the endpoint group.
+- A security profile that points to the endpoint group.
+- A firewall rule that references the security profile (group).
 
 ~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider.
 See [Provider Versions](https://terraform.io/docs/providers/google/guides/provider_versions.html) for more details on beta resources.
@@ -67,25 +71,26 @@ The following arguments are supported:
 
 * `intercept_deployment_group` -
   (Required)
-  Immutable. The Intercept Deployment Group that this resource is connected to. Format
-  is:
-  `projects/{project}/locations/global/interceptDeploymentGroups/{interceptDeploymentGroup}`
+  The deployment group that this endpoint group is connected to, for example:
+  `projects/123456789/locations/global/interceptDeploymentGroups/my-dg`.
+  See https://google.aip.dev/124.
 
 * `location` -
   (Required)
-  The location of the Intercept Endpoint Group, currently restricted to `global`.
+  The cloud location of the endpoint group, currently restricted to `global`.
 
 * `intercept_endpoint_group_id` -
   (Required)
-  ID of the Intercept Endpoint Group.
+  The ID to use for the endpoint group, which will become the final component
+  of the endpoint group's resource name.
 
 
 - - -
 
 
 * `labels` -
   (Optional)
-  Optional. Labels as key value pairs
+  Labels are key/value pairs that help to organize and filter resources.
   **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
   Please refer to the field `effective_labels` for all of the labels present on the resource.
 
@@ -100,27 +105,35 @@ In addition to the arguments listed above, the following computed attributes are
 * `id` - an identifier for the resource with format `projects/{{project}}/locations/{{location}}/interceptEndpointGroups/{{intercept_endpoint_group_id}}`
 
 * `name` -
-  Identifier. The name of the Intercept Endpoint Group.
+  The resource name of this endpoint group, for example:
+  `projects/123456789/locations/global/interceptEndpointGroups/my-eg`.
+  See https://google.aip.dev/122 for more details.
 
 * `create_time` -
-  Create time stamp.
+  The timestamp when the resource was created.
+  See https://google.aip.dev/148#timestamps.
 
 * `update_time` -
-  Update time stamp.
+  The timestamp when the resource was most recently updated.
+  See https://google.aip.dev/148#timestamps.
 
 * `state` -
-  Current state of the endpoint group. 
-   Possible values:
-   STATE_UNSPECIFIED
+  The current state of the endpoint group.
+  See https://google.aip.dev/216.
+  Possible values:
+  STATE_UNSPECIFIED
   ACTIVE
   CLOSED
   CREATING
   DELETING
   OUT_OF_SYNC
+  DELETE_FAILED
 
 * `reconciling` -
-  Whether reconciling is in progress, recommended per
-  https://google.aip.dev/128.
+  The current state of the resource does not match the user's intended state,
+  and the system is working to reconcile them. This is part of the normal
+  operation (e.g. adding a new association to the group).
+  See https://google.aip.dev/128.
 
 * `terraform_labels` -
   The combination of labels configured directly on the resource