Migrate Network Firewall Policy Rule (global and region) from DCL to MMv1

[Samir-Cit]

Hello folks.

This PR is to move two Network Firewall Policy Rule resources (global and region) from DCL to MMv1.

• google_compute_network_firewall_policy_rule
• google_compute_region_network_firewall_policy_rule

And this PR includes:

• Creation of the resource on MMv1.
• Creation of the examples and tests.
• Remove references to DCL resource.

Note: This PR doesn't include the actual deletion of the DCL resource.

Related to hashicorp/terraform-provider-google#18134

Release Note Template for Downstream PRs (will be copied)

compute: `google_compute_network_firewall_policy_rule` now uses MMv1 engine instead of DCL.

compute: `google_compute_region_network_firewall_policy_rule` now uses MMv1 engine instead of DCL.

[github-actions]

Hello! I am a robot. Tests will require approval from a repository maintainer to run.

@ScottSuarez, a repository maintainer, has been assigned to review your changes. If you have not received review feedback within 2 business days, please leave a comment on this PR asking them to take a look.

You can help make sure that review is quick by doing a self-review and by running impacted tests locally.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 10 files changed, 2486 insertions(+), 1615 deletions(-))
google-beta provider: Diff ( 10 files changed, 2486 insertions(+), 1615 deletions(-))
terraform-google-conversion: Diff ( 2 files changed, 856 insertions(+))

Breaking Change(s) Detected

The following breaking change(s) were detected within your pull request.

• Field kind within resource google_compute_network_firewall_policy_rule was either removed or renamed - reference
• Field kind within resource google_compute_region_network_firewall_policy_rule was either removed or renamed - reference
• Field match.src_secure_tags.name lost its diff suppress function - reference
• Field project lost its diff suppress function - reference
• Field region transitioned from optional+computed to optional google_compute_region_network_firewall_policy_rule - reference
• Field target_secure_tags.name lost its diff suppress function - reference

If you believe this detection to be incorrect please raise the concern with your reviewer.
If you intend to make this change you will need to wait for a major release window.
An override-breaking-change label can be added to allow merging.

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_compute_network_firewall_policy_rule (10 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_compute_network_firewall_policy_rule" "primary" {
  target_resources = # value needed
  target_secure_tags {
    name = # value needed
  }
  tls_inspect = # value needed
}

Resource: google_compute_region_network_firewall_policy_rule (1 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_compute_region_network_firewall_policy_rule" "primary" {
  match {
    dest_address_groups       = # value needed
    dest_fqdns                = # value needed
    dest_ip_ranges            = # value needed
    dest_region_codes         = # value needed
    dest_threat_intelligences = # value needed
    layer4_configs {
      ports = # value needed
    }
  }
  security_profile_group = # value needed
  target_resources       = # value needed
  target_secure_tags {
    name = # value needed
  }
  tls_inspect = # value needed
}

[modular-magician]

Tests analytics

Total tests: 979
Passed tests: 901
Skipped tests: 72
Affected tests: 6

Click here to see the affected service packages

• compute

Action taken

Found 6 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

• TestAccComputeInstance_bootDisk_storagePoolSpecified
• TestAccComputeNetworkFirewallPolicyRule_multipleRules
• TestAccComputeNetworkFirewallPolicyRule_networkFirewallPolicyRuleExample
• TestAccComputeNetworkFirewallPolicyRule_securityProfileGroup_update
• TestAccComputeNetworkFirewallPolicyRule_update
• TestAccComputeRegionNetworkFirewallPolicyRule_regionNetworkFirewallPolicyRuleExample

Get to know how VCR tests work

[modular-magician]

$\textcolor{green}{\textsf{Tests passed during RECORDING mode:}}$
TestAccComputeInstance_bootDisk_storagePoolSpecified[Debug log]
TestAccComputeNetworkFirewallPolicyRule_networkFirewallPolicyRuleExample[Debug log]
TestAccComputeRegionNetworkFirewallPolicyRule_regionNetworkFirewallPolicyRuleExample[Debug log]

$\textcolor{green}{\textsf{No issues found for passed tests after REPLAYING rerun.}}$

---

$\textcolor{red}{\textsf{Tests failed during RECORDING mode:}}$
TestAccComputeNetworkFirewallPolicyRule_multipleRules[Error message] [Debug log]
TestAccComputeNetworkFirewallPolicyRule_securityProfileGroup_update[Error message] [Debug log]
TestAccComputeNetworkFirewallPolicyRule_update[Error message] [Debug log]

$\textcolor{red}{\textsf{Errors occurred during RECORDING mode. Please fix them to complete your PR.}}$

View the build log or the debug log for each test

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 9 files changed, 2353 insertions(+), 1624 deletions(-))
google-beta provider: Diff ( 9 files changed, 2353 insertions(+), 1624 deletions(-))
terraform-google-conversion: Diff ( 2 files changed, 866 insertions(+))

Breaking Change(s) Detected

The following breaking change(s) were detected within your pull request.

• Field kind within resource google_compute_network_firewall_policy_rule was either removed or renamed - reference
• Field kind within resource google_compute_region_network_firewall_policy_rule was either removed or renamed - reference
• Field project lost its diff suppress function - reference
• Field project transitioned from optional+computed to optional google_compute_network_firewall_policy_rule - reference
• Field region transitioned from optional+computed to optional google_compute_region_network_firewall_policy_rule - reference

If you believe this detection to be incorrect please raise the concern with your reviewer.
If you intend to make this change you will need to wait for a major release window.
An override-breaking-change label can be added to allow merging.

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_compute_network_firewall_policy_rule (10 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_compute_network_firewall_policy_rule" "primary" {
  target_resources = # value needed
  target_secure_tags {
    name = # value needed
  }
  tls_inspect = # value needed
}

Resource: google_compute_region_network_firewall_policy_rule (1 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_compute_region_network_firewall_policy_rule" "primary" {
  match {
    dest_address_groups       = # value needed
    dest_fqdns                = # value needed
    dest_ip_ranges            = # value needed
    dest_region_codes         = # value needed
    dest_threat_intelligences = # value needed
    layer4_configs {
      ports = # value needed
    }
  }
  security_profile_group = # value needed
  target_resources       = # value needed
  target_secure_tags {
    name = # value needed
  }
  tls_inspect = # value needed
}

[modular-magician]

Tests analytics

Total tests: 980
Passed tests: 904
Skipped tests: 72
Affected tests: 4

Click here to see the affected service packages

• compute

Action taken

Found 4 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

• TestAccComputeNetworkFirewallPolicyRule_multipleRules
• TestAccComputeNetworkFirewallPolicyRule_networkFirewallPolicyRuleExample
• TestAccComputeNetworkFirewallPolicyRule_securityProfileGroup_update
• TestAccComputeNetworkFirewallPolicyRule_update

Get to know how VCR tests work

[modular-magician]

$\textcolor{green}{\textsf{Tests passed during RECORDING mode:}}$
TestAccComputeNetworkFirewallPolicyRule_multipleRules[Debug log]
TestAccComputeNetworkFirewallPolicyRule_securityProfileGroup_update[Debug log]
TestAccComputeNetworkFirewallPolicyRule_update[Debug log]

$\textcolor{green}{\textsf{No issues found for passed tests after REPLAYING rerun.}}$

---

$\textcolor{red}{\textsf{Tests failed during RECORDING mode:}}$
TestAccComputeNetworkFirewallPolicyRule_networkFirewallPolicyRuleExample[Error message] [Debug log]

$\textcolor{red}{\textsf{Errors occurred during RECORDING mode. Please fix them to complete your PR.}}$

View the build log or the debug log for each test

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 9 files changed, 2355 insertions(+), 1626 deletions(-))
google-beta provider: Diff ( 9 files changed, 2355 insertions(+), 1626 deletions(-))
terraform-google-conversion: Diff ( 2 files changed, 866 insertions(+))

Breaking Change(s) Detected

The following breaking change(s) were detected within your pull request.

• Field kind within resource google_compute_network_firewall_policy_rule was either removed or renamed - reference
• Field kind within resource google_compute_region_network_firewall_policy_rule was either removed or renamed - reference
• Field project lost its diff suppress function - reference
• Field project transitioned from optional+computed to optional google_compute_network_firewall_policy_rule - reference
• Field region transitioned from optional+computed to optional google_compute_region_network_firewall_policy_rule - reference

If you believe this detection to be incorrect please raise the concern with your reviewer.
If you intend to make this change you will need to wait for a major release window.
An override-breaking-change label can be added to allow merging.

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_compute_network_firewall_policy_rule (10 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_compute_network_firewall_policy_rule" "primary" {
  target_resources = # value needed
  target_secure_tags {
    name = # value needed
  }
  tls_inspect = # value needed
}

Resource: google_compute_region_network_firewall_policy_rule (1 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_compute_region_network_firewall_policy_rule" "primary" {
  match {
    dest_address_groups       = # value needed
    dest_fqdns                = # value needed
    dest_ip_ranges            = # value needed
    dest_region_codes         = # value needed
    dest_threat_intelligences = # value needed
    layer4_configs {
      ports = # value needed
    }
  }
  security_profile_group = # value needed
  target_resources       = # value needed
  target_secure_tags {
    name = # value needed
  }
  tls_inspect = # value needed
}

[modular-magician]

Tests analytics

Total tests: 981
Passed tests: 909
Skipped tests: 72
Affected tests: 0

Click here to see the affected service packages

• compute

$\textcolor{green}{\textsf{All tests passed!}}$

View the build log

[github-actions]

@slevenick @trodge This PR has been waiting for review for 3 weekdays. Please take a look! Use the label disable-review-reminders to disable these notifications.

[trodge]

This looks to me like you're on the right track, but I'd like us to improve the test coverage to make sure the migration works as expected.

All of the detected breaking changes will need to be addressed by adding support for emulating the DCL behaviors in MMv1, usually through custom_code additions.

Here are some examples of PRs showing how that process can work:

#10759
#11052
#11066
#10527

[trodge]

See #11368 (comment) and #11368 (comment)

[Samir-Cit]

This looks to me like you're on the right track, but I'd like us to improve the test coverage to make sure the migration works as expected.

All of the detected breaking changes will need to be addressed by adding support for emulating the DCL behaviors in MMv1, usually through custom_code additions.

Here are some examples of PRs showing how that process can work:

#10759 #11052 #11066 #10527

Hello @trodge , I just saw both your comments.
Thanks for the examples, it will help me a lot!
I'll take a look and apply what fits on my development and also create new test scenarios to improve the coverage.

[modular-magician]

🟢 Tests passed during RECORDING mode:
TestAccComputeNetworkFirewallPolicyRule_multipleRules[Debug log]
TestAccComputeNetworkFirewallPolicyRule_networkFirewallPolicyRuleExample[Debug log]
TestAccComputeNetworkFirewallPolicyRule_secureTags[Debug log]
TestAccComputeNetworkFirewallPolicyRule_securityProfileGroup_update[Debug log]
TestAccComputeNetworkFirewallPolicyRule_update[Debug log]
TestAccComputeRegionNetworkFirewallPolicyRule_multipleRules[Debug log]
TestAccComputeRegionNetworkFirewallPolicyRule_regionNetworkFirewallPolicyRuleExample[Debug log]
TestAccComputeRegionNetworkFirewallPolicyRule_secureTags[Debug log]
TestAccComputeRegionNetworkFirewallPolicyRule_update[Debug log]

🟢 No issues found for passed tests after REPLAYING rerun.

---

🟢 All tests passed!

View the build log or the debug log for each test

stale

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 12 files changed, 3579 insertions(+), 1556 deletions(-))
google-beta provider: Diff ( 12 files changed, 3579 insertions(+), 1556 deletions(-))
terraform-google-conversion: Diff ( 2 files changed, 836 insertions(+))

Breaking Change(s) Detected

The following breaking change(s) were detected within your pull request.

• Field project lost its diff suppress function - reference

If you believe this detection to be incorrect please raise the concern with your reviewer.
If you intend to make this change you will need to wait for a major release window.
An override-breaking-change label can be added to allow merging.

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_compute_region_network_firewall_policy_rule (10 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_compute_region_network_firewall_policy_rule" "primary" {
  security_profile_group = # value needed
}

[modular-magician]

Tests analytics

Total tests: 1032
Passed tests: 956
Skipped tests: 73
Affected tests: 3

Click here to see the affected service packages

• compute

Action taken

Found 3 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

• TestAccComputeRegionNetworkFirewallPolicyRule_multipleRules
• TestAccComputeRegionNetworkFirewallPolicyRule_secureTags
• TestAccComputeRegionNetworkFirewallPolicyRule_update

Get to know how VCR tests work

[modular-magician]

🔴 Tests failed during RECORDING mode:
TestAccComputeRegionNetworkFirewallPolicyRule_multipleRules[Error message] [Debug log]
TestAccComputeRegionNetworkFirewallPolicyRule_secureTags[Error message] [Debug log]
TestAccComputeRegionNetworkFirewallPolicyRule_update[Error message] [Debug log]

🔴 Errors occurred during RECORDING mode. Please fix them to complete your PR.

View the build log or the debug log for each test

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

google provider: Diff ( 12 files changed, 3579 insertions(+), 1556 deletions(-))
google-beta provider: Diff ( 12 files changed, 3579 insertions(+), 1556 deletions(-))
terraform-google-conversion: Diff ( 2 files changed, 836 insertions(+))

Breaking Change(s) Detected

The following breaking change(s) were detected within your pull request.

• Field project lost its diff suppress function - reference

If you believe this detection to be incorrect please raise the concern with your reviewer.
If you intend to make this change you will need to wait for a major release window.
An override-breaking-change label can be added to allow merging.

Missing test report

Your PR includes resource fields which are not covered by any test.

Resource: google_compute_region_network_firewall_policy_rule (10 total tests)
Please add an acceptance test which includes these fields. The test should include the following:

resource "google_compute_region_network_firewall_policy_rule" "primary" {
  security_profile_group = # value needed
}

[modular-magician]

Tests analytics

Total tests: 1032
Passed tests: 958
Skipped tests: 73
Affected tests: 1

Click here to see the affected service packages

• compute

Action taken

Found 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

• TestAccComputeRegionNetworkFirewallPolicyRule_secureTags

Get to know how VCR tests work

[modular-magician]

🟢 Tests passed during RECORDING mode:
TestAccComputeRegionNetworkFirewallPolicyRule_secureTags[Debug log]

🟢 No issues found for passed tests after REPLAYING rerun.

---

🟢 All tests passed!

View the build log or the debug log for each test

[github-actions]

@slevenick @trodge This PR has been waiting for review for 3 weekdays. Please take a look! Use the label disable-review-reminders to disable these notifications.