From f719d79807e3bc80d213892ab328bac155121ecd Mon Sep 17 00:00:00 2001 From: Jack Whelpton Date: Wed, 1 Dec 2021 14:48:35 -0800 Subject: [PATCH 1/2] Adds unit test for firewall depending on module output * see https://github.com/hashicorp/terraform-provider-google/issues/10494 --- google/resource_compute_firewall_test.go | 60 ++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/google/resource_compute_firewall_test.go b/google/resource_compute_firewall_test.go index 52324c5f80c..a32c212e99e 100644 --- a/google/resource_compute_firewall_test.go +++ b/google/resource_compute_firewall_test.go @@ -239,6 +239,29 @@ func TestAccComputeFirewall_enableLogging(t *testing.T) { }) } +func TestAccComputeFirewall_moduleOutput(t *testing.T) { + t.Parallel() + + networkName := fmt.Sprintf("tf-test-firewall-%s", randString(t, 10)) + firewallName := fmt.Sprintf("tf-test-firewall-%s", randString(t, 10)) + + vcrTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckComputeFirewallDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccComputeFirewall_moduleOutput(networkName, firewallName), + }, + { + ResourceName: "google_compute_firewall.foobar", + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + func testAccComputeFirewall_basic(network, firewall string) string { return fmt.Sprintf(` resource "google_compute_network" "foobar" { @@ -444,3 +467,40 @@ resource "google_compute_firewall" "foobar" { } `, network, firewall, enableLoggingCfg) } + +func testAccComputeFirewall_moduleOutput(network, firewall string) string { + return fmt.Sprintf(` +resource "google_compute_network" "foobar" { + name = "%s" + auto_create_subnetworks = false +} + +resource "google_compute_subnetwork" "foobar" { + name = "%s-subnet" + ip_cidr_range = "10.0.0.0/16" + region = "us-central1" + network = google_compute_network.foobar.name +} + +resource "google_compute_address" "foobar" { + name = "%s-address" + subnetwork = google_compute_subnetwork.foobar.id + address_type = "INTERNAL" + region = "us-central1" + } + +resource "google_compute_firewall" "foobar" { + name = "%s" + description = "Resource created for Terraform acceptance testing" + network = google_compute_network.foobar.name + direction = "INGRESS" + + source_ranges = ["${google_compute_address.foobar.address}/32"] + target_tags = ["foo"] + + allow { + protocol = "tcp" + } +} +`, network, network, network, firewall) +} From 11b80dc23f16edc5c0a18e95e82c9360e8fe9dff Mon Sep 17 00:00:00 2001 From: Jack Whelpton Date: Wed, 1 Dec 2021 16:03:01 -0800 Subject: [PATCH 2/2] Allows computed values for source_ranges --- google/resource_compute_firewall.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/google/resource_compute_firewall.go b/google/resource_compute_firewall.go index 4bacf6f4f28..487c59f2ebe 100644 --- a/google/resource_compute_firewall.go +++ b/google/resource_compute_firewall.go @@ -88,10 +88,10 @@ func resourceComputeFirewallSourceFieldsCustomizeDiff(_ context.Context, diff *s _, sasOk := diff.GetOk("source_service_accounts") _, tagsExist := diff.GetOkExists("source_tags") - // ranges is computed, but this is what we're trying to avoid, so we're not going to check this + _, rangesExist := diff.GetOkExists("source_ranges") _, sasExist := diff.GetOkExists("source_service_accounts") - if !tagsOk && !rangesOk && !sasOk && !tagsExist && !sasExist { + if !tagsOk && !rangesOk && !sasOk && !tagsExist && !rangesExist && !sasExist { return fmt.Errorf("one of source_tags, source_ranges, or source_service_accounts must be defined") } } @@ -884,6 +884,7 @@ func flattenComputeFirewallAllow(v interface{}, d *schema.ResourceData, config * } return transformed } + func flattenComputeFirewallAllowProtocol(v interface{}, d *schema.ResourceData, config *Config) interface{} { return v } @@ -915,6 +916,7 @@ func flattenComputeFirewallDeny(v interface{}, d *schema.ResourceData, config *C } return transformed } + func flattenComputeFirewallDenyProtocol(v interface{}, d *schema.ResourceData, config *Config) interface{} { return v }