Skip to content

Commit

Permalink
Upstream firewalls DSF update to allow unknown values coming from int…
Browse files Browse the repository at this point in the history
…erpolation (#5526) (#4008)

Signed-off-by: Modular Magician <[email protected]>
  • Loading branch information
modular-magician authored Jan 25, 2022
1 parent d0a6b6b commit 7c8f0d1
Show file tree
Hide file tree
Showing 3 changed files with 65 additions and 2 deletions.
3 changes: 3 additions & 0 deletions .changelog/5526.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
compute: fixed a bug where `google_compute_firewall` would incorrectly find `source_ranges` to be empty during validation
```
4 changes: 2 additions & 2 deletions google-beta/resource_compute_firewall.go
Original file line number Diff line number Diff line change
Expand Up @@ -87,10 +87,10 @@ func resourceComputeFirewallSourceFieldsCustomizeDiff(_ context.Context, diff *s
_, sasOk := diff.GetOk("source_service_accounts")

_, tagsExist := diff.GetOkExists("source_tags")
// ranges is computed, but this is what we're trying to avoid, so we're not going to check this
_, rangesExist := diff.GetOkExists("source_ranges")
_, sasExist := diff.GetOkExists("source_service_accounts")

if !tagsOk && !rangesOk && !sasOk && !tagsExist && !sasExist {
if !tagsOk && !rangesOk && !sasOk && !tagsExist && !rangesExist && !sasExist {
return fmt.Errorf("one of source_tags, source_ranges, or source_service_accounts must be defined")
}
}
Expand Down
60 changes: 60 additions & 0 deletions google-beta/resource_compute_firewall_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -239,6 +239,29 @@ func TestAccComputeFirewall_enableLogging(t *testing.T) {
})
}

func TestAccComputeFirewall_moduleOutput(t *testing.T) {
t.Parallel()

networkName := fmt.Sprintf("tf-test-firewall-%s", randString(t, 10))
firewallName := fmt.Sprintf("tf-test-firewall-%s", randString(t, 10))

vcrTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckComputeFirewallDestroyProducer(t),
Steps: []resource.TestStep{
{
Config: testAccComputeFirewall_moduleOutput(networkName, firewallName),
},
{
ResourceName: "google_compute_firewall.foobar",
ImportState: true,
ImportStateVerify: true,
},
},
})
}

func testAccComputeFirewall_basic(network, firewall string) string {
return fmt.Sprintf(`
resource "google_compute_network" "foobar" {
Expand Down Expand Up @@ -444,3 +467,40 @@ resource "google_compute_firewall" "foobar" {
}
`, network, firewall, enableLoggingCfg)
}

func testAccComputeFirewall_moduleOutput(network, firewall string) string {
return fmt.Sprintf(`
resource "google_compute_network" "foobar" {
name = "%s"
auto_create_subnetworks = false
}
resource "google_compute_subnetwork" "foobar" {
name = "%s-subnet"
ip_cidr_range = "10.0.0.0/16"
region = "us-central1"
network = google_compute_network.foobar.name
}
resource "google_compute_address" "foobar" {
name = "%s-address"
subnetwork = google_compute_subnetwork.foobar.id
address_type = "INTERNAL"
region = "us-central1"
}
resource "google_compute_firewall" "foobar" {
name = "%s"
description = "Resource created for Terraform acceptance testing"
network = google_compute_network.foobar.name
direction = "INGRESS"
source_ranges = ["${google_compute_address.foobar.address}/32"]
target_tags = ["foo"]
allow {
protocol = "tcp"
}
}
`, network, network, network, firewall)
}

0 comments on commit 7c8f0d1

Please sign in to comment.