-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
adding security_policy field to TargetInstance #8357
adding security_policy field to TargetInstance #8357
Conversation
Hello! I am a robot who works on Magic Modules PRs. I've detected that you're a community contributor. @melinath, a repository maintainer, has been assigned to assist you and help review your changes. ❓ First time contributing? Click here for more detailsYour assigned reviewer will help review your code by:
You can help make sure that review is quick by running local tests and ensuring they're passing in between each push you make to your PR's branch. Also, try to leave a comment with each push you make, as pushes generally don't generate emails. If your reviewer doesn't get back to you within a week after your most recent change, please feel free to leave a comment on the issue asking them to take a look! In the absence of a dedicated review dashboard most maintainers manage their pending reviews through email, and those will sometimes get lost in their inbox. |
@melinath I have a question: This feature is only available for whitelist project now. Is that possible to proceed with the code review, merge and release for that with some kind of "warning" or "disclaimer"? Thanks |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's okay to add fields that require being on an allowlist as long as they are publicly visible in the API documentation. I'm not sure whether it's required on our end to explain the allowlist in the field's documentation, but it probably wouldn't hurt.
However, we will need to make sure that our test projects get added to the relevant allowlist (if they aren't already) so that we can run tests related to the feature. Could you provide a link to any relevant docs?
This comment was marked as outdated.
This comment was marked as outdated.
Thanks for the quick reply. Here is the api documentation: https://cloud.google.com/compute/docs/reference/rest/beta/targetInstances/setSecurityPolicy We will probably need to add the build project/region in allowlist. In order to run my tests locally my project was added including the “asia-southeast” region. If the build projects are not added in allowlist what is the next step to do? Thanks |
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks like the tests are currently failing with:
Error: Error creating TargetInstance: googleapi: Error 400: Invalid value for field 'resource.instance': 'asia-southeast1-a'. Invalid zone asia-southeast1-a for the instance. It must be same as target instance's zone, invalid
This happens while trying to create the TargetInstance, so I can't tell whether the test project is on the allowlist already or not. If not, we'll have to work with the team adding the feature to get on the allowlist (if that is possible.)
@melinath This probably happened because the test was not setting the zone so it likely used the default zone set in the environment which was different from the one used in the test. I changed the test to make sure to use the same zone as the instance now. If the project needs to be allowlisted we should expect an error like: "Required 'access' permission for 'Compute API'" while executing the setSecurityPolicy method. Could you please run again? |
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please make the security_policy field updatable and add an update test
mmv1/templates/terraform/post_create/compute_target_instance_security_policy.go.erb
Show resolved
Hide resolved
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are. Terraform GA: Diff ( 2 files changed, 96 insertions(+)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks for adding the update test! The one thing missing is a lifecycle
block to ensure that the updates are actually happening rather than a destroy + recreate
Examples:
mmv1/third_party/terraform/services/compute/resource_compute_target_instance_test.go.erb
Outdated
Show resolved
Hide resolved
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are. Terraform GA: Diff ( 2 files changed, 96 insertions(+)) |
Tests analyticsTotal tests: Action takenFound 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected testsTestAccComputeTargetInstance_targetInstanceWithSecurityPolicyExample |
Rerun these tests in REPLAYING mode to catch issues
|
) * adding security_policy field to TargetInstance * making sure the target_instance uses the same zone as instance * fixing test by adding ddos protection policy rule * fixing review issues * making securityPolicy field updatable and add hw test for it * adding lifecyle block and context var for hw test * separating regions for tests
) * adding security_policy field to TargetInstance * making sure the target_instance uses the same zone as instance * fixing test by adding ddos protection policy rule * fixing review issues * making securityPolicy field updatable and add hw test for it * adding lifecyle block and context var for hw test * separating regions for tests
Fixes hashicorp/terraform-provider-google#15175
Adding security_policy field in google_compute_target_instance resource.
If this PR is for Terraform, I acknowledge that I have:
make test
andmake lint
in the generated providers to ensure it passes unit and linter tests.Release Note Template for Downstream PRs (will be copied)