Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Local IP Range support in compute_firewall #6931

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 0 additions & 6 deletions mmv1/products/compute/api.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3742,9 +3742,6 @@ objects:
traffic that has destination IP address in these ranges. These ranges
must be expressed in CIDR format. Only IPv4 is supported.
item_type: Api::Type::String
conflicts:
- source_ranges
- source_tags
- !ruby/object:Api::Type::Enum
name: 'direction'
description: |
Expand Down Expand Up @@ -3840,8 +3837,6 @@ objects:
connection does not need to match both properties for the firewall to
apply. Only IPv4 is supported. For INGRESS traffic, one of `source_ranges`,
`source_tags` or `source_service_accounts` is required.
conflicts:
- destination_ranges
item_type: Api::Type::String
- !ruby/object:Api::Type::Array
name: 'sourceServiceAccounts'
Expand Down Expand Up @@ -3879,7 +3874,6 @@ objects:
item_type: Api::Type::String
conflicts:
- source_service_accounts
- destination_ranges
- target_service_accounts
- !ruby/object:Api::Type::Array
name: 'targetServiceAccounts'
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,45 @@ func TestAccComputeFirewall_update(t *testing.T) {
})
}

func TestAccComputeFirewall_localRanges(t *testing.T) {
t.Parallel()

networkName := fmt.Sprintf("tf-test-firewall-%s", randString(t, 10))
firewallName := fmt.Sprintf("tf-test-firewall-%s", randString(t, 10))

vcrTest(t, resource.TestCase{
PreCheck: func() { testAccPreCheck(t) },
Providers: testAccProviders,
CheckDestroy: testAccCheckComputeFirewallDestroyProducer(t),
Steps: []resource.TestStep{
{
Config: testAccComputeFirewall_localRanges(networkName, firewallName),
},
{
ResourceName: "google_compute_firewall.foobar",
ImportState: true,
ImportStateVerify: true,
},
{
Config: testAccComputeFirewall_localRangesUpdate(networkName, firewallName),
},
{
ResourceName: "google_compute_firewall.foobar",
ImportState: true,
ImportStateVerify: true,
},
{
Config: testAccComputeFirewall_localRanges(networkName, firewallName),
},
{
ResourceName: "google_compute_firewall.foobar",
ImportState: true,
ImportStateVerify: true,
},
},
})
}

func TestAccComputeFirewall_priority(t *testing.T) {
t.Parallel()

Expand Down Expand Up @@ -283,6 +322,53 @@ resource "google_compute_firewall" "foobar" {
`, network, firewall)
}

func testAccComputeFirewall_localRanges(network, firewall string) string {
return fmt.Sprintf(`
resource "google_compute_network" "foobar" {
name = "%s"
auto_create_subnetworks = false
}

resource "google_compute_firewall" "foobar" {
name = "%s"
description = "Resource created for Terraform acceptance testing"
network = google_compute_network.foobar.name
source_tags = ["foo"]

source_ranges = ["10.0.0.0/8"]
destination_ranges = ["192.168.1.0/24"]

allow {
protocol = "icmp"
}
}
`, network, firewall)
}


func testAccComputeFirewall_localRangesUpdate(network, firewall string) string {
return fmt.Sprintf(`
resource "google_compute_network" "foobar" {
name = "%s"
auto_create_subnetworks = false
}

resource "google_compute_firewall" "foobar" {
name = "%s"
description = "Resource created for Terraform acceptance testing"
network = google_compute_network.foobar.name
source_tags = ["foo"]

source_ranges = ["192.168.1.0/24"]
destination_ranges = ["10.0.0.0/8"]

allow {
protocol = "icmp"
}
}
`, network, firewall)
}

func testAccComputeFirewall_update(network, firewall string) string {
return fmt.Sprintf(`
resource "google_compute_network" "foobar" {
Expand Down