Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upstream firewalls DSF update to allow unknown values #10976

Merged
merged 1 commit into from
Jan 25, 2022
Merged

Upstream firewalls DSF update to allow unknown values #10976

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .changelog/5526.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
compute: fixed a bug where `google_compute_firewall` would incorrectly find `source_ranges` to be empty during validation
```
4 changes: 2 additions & 2 deletions google/resource_compute_firewall.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,10 +87,10 @@ func resourceComputeFirewallSourceFieldsCustomizeDiff(_ context.Context, diff *s
_, sasOk := diff.GetOk("source_service_accounts")

_, tagsExist := diff.GetOkExists("source_tags")
// ranges is computed, but this is what we're trying to avoid, so we're not going to check this
_, rangesExist := diff.GetOkExists("source_ranges")
_, sasExist := diff.GetOkExists("source_service_accounts")

if !tagsOk && !rangesOk && !sasOk && !tagsExist && !sasExist {
if !tagsOk && !rangesOk && !sasOk && !tagsExist && !rangesExist && !sasExist {
return fmt.Errorf("one of source_tags, source_ranges, or source_service_accounts must be defined")
}
}
Expand Down
60 changes: 60 additions & 0 deletions google/resource_compute_firewall_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -239,6 +239,29 @@ func TestAccComputeFirewall_enableLogging(t *testing.T) {
})
}

func TestAccComputeFirewall_moduleOutput(t *testing.T) {
t.Parallel()

networkName := fmt.Sprintf("tf-test-firewall-%s", randString(t, 10))
firewallName := fmt.Sprintf("tf-test-firewall-%s", randString(t, 10))

vcrTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckComputeFirewallDestroyProducer(t),
Steps: []resource.TestStep{
{
Config: testAccComputeFirewall_moduleOutput(networkName, firewallName),
},
{
ResourceName: "google_compute_firewall.foobar",
ImportState: true,
ImportStateVerify: true,
},
},
})
}

func testAccComputeFirewall_basic(network, firewall string) string {
return fmt.Sprintf(`
resource "google_compute_network" "foobar" {
Expand Down Expand Up @@ -444,3 +467,40 @@ resource "google_compute_firewall" "foobar" {
}
`, network, firewall, enableLoggingCfg)
}

func testAccComputeFirewall_moduleOutput(network, firewall string) string {
return fmt.Sprintf(`
resource "google_compute_network" "foobar" {
name = "%s"
auto_create_subnetworks = false
}

resource "google_compute_subnetwork" "foobar" {
name = "%s-subnet"
ip_cidr_range = "10.0.0.0/16"
region = "us-central1"
network = google_compute_network.foobar.name
}

resource "google_compute_address" "foobar" {
name = "%s-address"
subnetwork = google_compute_subnetwork.foobar.id
address_type = "INTERNAL"
region = "us-central1"
}

resource "google_compute_firewall" "foobar" {
name = "%s"
description = "Resource created for Terraform acceptance testing"
network = google_compute_network.foobar.name
direction = "INGRESS"

source_ranges = ["${google_compute_address.foobar.address}/32"]
target_tags = ["foo"]

allow {
protocol = "tcp"
}
}
`, network, network, network, firewall)
}