Upstream firewalls DSF update to allow unknown values coming from int…

…erpolation (GoogleCloudPlatform#5526)
lcaggio · Mar 17, 2022 · c95ce82 · c95ce82
1 parent 3b733d9
commit c95ce82
Show file tree

Hide file tree

Showing 2 changed files with 62 additions and 2 deletions.
diff --git a/mmv1/templates/terraform/constants/firewall.erb b/mmv1/templates/terraform/constants/firewall.erb
@@ -70,10 +70,10 @@ func resourceComputeFirewallSourceFieldsCustomizeDiff(_ context.Context, diff *s
 		_, sasOk := diff.GetOk("source_service_accounts")
 
 		_, tagsExist := diff.GetOkExists("source_tags")
-		// ranges is computed, but this is what we're trying to avoid, so we're not going to check this
+		_, rangesExist := diff.GetOkExists("source_ranges")
 		_, sasExist := diff.GetOkExists("source_service_accounts")
 
-		if !tagsOk && !rangesOk && !sasOk && !tagsExist && !sasExist {
+		if !tagsOk && !rangesOk && !sasOk && !tagsExist && !rangesExist && !sasExist {
 			return fmt.Errorf("one of source_tags, source_ranges, or source_service_accounts must be defined")
 		}
 	}

diff --git a/mmv1/third_party/terraform/tests/resource_compute_firewall_test.go.erb b/mmv1/third_party/terraform/tests/resource_compute_firewall_test.go.erb
@@ -240,6 +240,29 @@ func TestAccComputeFirewall_enableLogging(t *testing.T) {
 	})
 }
 
+func TestAccComputeFirewall_moduleOutput(t *testing.T) {
+	t.Parallel()
+
+	networkName := fmt.Sprintf("tf-test-firewall-%s", randString(t, 10))
+	firewallName := fmt.Sprintf("tf-test-firewall-%s", randString(t, 10))
+
+	vcrTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckComputeFirewallDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccComputeFirewall_moduleOutput(networkName, firewallName),
+			},
+			{
+				ResourceName:      "google_compute_firewall.foobar",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
 func testAccComputeFirewall_basic(network, firewall string) string {
 	return fmt.Sprintf(`
 resource "google_compute_network" "foobar" {
@@ -445,3 +468,40 @@ resource "google_compute_firewall" "foobar" {
 }
 `, network, firewall, enableLoggingCfg)
 }
+
+func testAccComputeFirewall_moduleOutput(network, firewall string) string {
+	return fmt.Sprintf(`
+resource "google_compute_network" "foobar" {
+  name = "%s"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "foobar" {
+  name          = "%s-subnet"
+  ip_cidr_range = "10.0.0.0/16"
+  region        = "us-central1"
+  network       = google_compute_network.foobar.name
+}
+
+resource "google_compute_address" "foobar" {
+	name         = "%s-address"
+	subnetwork   = google_compute_subnetwork.foobar.id
+	address_type = "INTERNAL"
+	region       = "us-central1"
+  }
+
+resource "google_compute_firewall" "foobar" {
+  name        = "%s"
+  description = "Resource created for Terraform acceptance testing"
+  network     = google_compute_network.foobar.name
+  direction   = "INGRESS"
+
+  source_ranges = ["${google_compute_address.foobar.address}/32"]
+  target_tags   = ["foo"]
+
+  allow {
+    protocol = "tcp"
+  }
+}
+`, network, network, network, firewall)
+}