From b68ecbc560651484f97741491a79d696b36ed074 Mon Sep 17 00:00:00 2001 From: Will Yardley Date: Tue, 12 Nov 2024 15:37:42 -0800 Subject: [PATCH] compute: forced recreation of `google_compute_security_policy` on `type` updates (#12233) --- .../resource_compute_security_policy.go.tmpl | 1 + ...ource_compute_security_policy_test.go.tmpl | 56 ++++++++++++++++--- 2 files changed, 50 insertions(+), 7 deletions(-) diff --git a/mmv1/third_party/terraform/services/compute/resource_compute_security_policy.go.tmpl b/mmv1/third_party/terraform/services/compute/resource_compute_security_policy.go.tmpl index c175d8012ddb..df7961e3eebc 100644 --- a/mmv1/third_party/terraform/services/compute/resource_compute_security_policy.go.tmpl +++ b/mmv1/third_party/terraform/services/compute/resource_compute_security_policy.go.tmpl @@ -81,6 +81,7 @@ func ResourceComputeSecurityPolicy() *schema.Resource { Type: schema.TypeString, Optional: true, Computed: true, + ForceNew: true, Description: `The type indicates the intended use of the security policy. CLOUD_ARMOR - Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers. CLOUD_ARMOR_EDGE - Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.`, ValidateFunc: validation.StringInSlice([]string{"CLOUD_ARMOR", "CLOUD_ARMOR_EDGE", "CLOUD_ARMOR_INTERNAL_SERVICE"}, false), }, diff --git a/mmv1/third_party/terraform/services/compute/resource_compute_security_policy_test.go.tmpl b/mmv1/third_party/terraform/services/compute/resource_compute_security_policy_test.go.tmpl index a479836e1e96..27d2c3755737 100644 --- a/mmv1/third_party/terraform/services/compute/resource_compute_security_policy_test.go.tmpl +++ b/mmv1/third_party/terraform/services/compute/resource_compute_security_policy_test.go.tmpl @@ -6,6 +6,7 @@ import ( "testing" "github.com/hashicorp/terraform-plugin-testing/helper/resource" + "github.com/hashicorp/terraform-plugin-testing/plancheck" "github.com/hashicorp/terraform-plugin-testing/terraform" "github.com/hashicorp/terraform-provider-google/google/acctest" "github.com/hashicorp/terraform-provider-google/google/envvar" @@ -22,7 +23,48 @@ func TestAccComputeSecurityPolicy_basic(t *testing.T) { CheckDestroy: testAccCheckComputeSecurityPolicyDestroyProducer(t), Steps: []resource.TestStep{ { - Config: testAccComputeSecurityPolicy_basic(spName), + Config: testAccComputeSecurityPolicy_basic(spName, "CLOUD_ARMOR"), + }, + { + ResourceName: "google_compute_security_policy.policy", + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func TestAccComputeSecurityPolicy_basicUpdate(t *testing.T) { + t.Parallel() + + spName := fmt.Sprintf("tf-test-%s", acctest.RandString(t, 10)) + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckComputeSecurityPolicyDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccComputeSecurityPolicy_basic(spName, "CLOUD_ARMOR"), + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("google_compute_security_policy.policy", "type", "CLOUD_ARMOR"), + ), + }, + { + ResourceName: "google_compute_security_policy.policy", + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccComputeSecurityPolicy_basic(spName, "CLOUD_ARMOR_EDGE"), + ConfigPlanChecks: resource.ConfigPlanChecks{ + PreApply: []plancheck.PlanCheck{ + plancheck.ExpectResourceAction("google_compute_security_policy.policy", plancheck.ResourceActionDestroyBeforeCreate), + }, + }, + Check: resource.ComposeTestCheckFunc( + resource.TestCheckResourceAttr("google_compute_security_policy.policy", "type", "CLOUD_ARMOR_EDGE"), + ), }, { ResourceName: "google_compute_security_policy.policy", @@ -212,7 +254,7 @@ func TestAccComputeSecurityPolicy_withAdvancedOptionsConfig(t *testing.T) { CheckDestroy: testAccCheckComputeSecurityPolicyDestroyProducer(t), Steps: []resource.TestStep{ { - Config: testAccComputeSecurityPolicy_basic(spName), + Config: testAccComputeSecurityPolicy_basic(spName, "CLOUD_ARMOR"), }, { ResourceName: "google_compute_security_policy.policy", @@ -254,7 +296,7 @@ func TestAccComputeSecurityPolicy_withAdvancedOptionsConfig(t *testing.T) { ImportStateVerify: true, }, { - Config: testAccComputeSecurityPolicy_basic(spName), + Config: testAccComputeSecurityPolicy_basic(spName, "CLOUD_ARMOR"), }, { ResourceName: "google_compute_security_policy.policy", @@ -534,7 +576,7 @@ func TestAccComputeSecurityPolicy_withRecaptchaOptionsConfig(t *testing.T) { CheckDestroy: testAccCheckComputeSecurityPolicyDestroyProducer(t), Steps: []resource.TestStep{ { - Config: testAccComputeSecurityPolicy_basic(spName), + Config: testAccComputeSecurityPolicy_basic(spName, "CLOUD_ARMOR"), }, { ResourceName: "google_compute_security_policy.policy", @@ -782,14 +824,14 @@ func testAccCheckComputeSecurityPolicyDestroyProducer(t *testing.T) func(s *terr } } -func testAccComputeSecurityPolicy_basic(spName string) string { +func testAccComputeSecurityPolicy_basic(spName, policyType string) string { return fmt.Sprintf(` resource "google_compute_security_policy" "policy" { name = "%s" description = "basic security policy" - type = "CLOUD_ARMOR" + type = "%s" } -`, spName) +`, spName, policyType) } func testAccComputeSecurityPolicy_withRule(spName string) string {