Migrate google_compute_firewall_policy_rule resource from DCL to MMv1

.changelog/11360.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+compute: `google_compute_firewall_policy_rule` now uses MMv1 engine instead of DCL.
+```

google-beta/provider/provider_dcl_resources.go

@@ -43,7 +43,6 @@ var dclResources = map[string]*schema.Resource{
 	"google_clouddeploy_target":                  clouddeploy.ResourceClouddeployTarget(),
 	"google_compute_firewall_policy":             compute.ResourceComputeFirewallPolicy(),
 	"google_compute_firewall_policy_association": compute.ResourceComputeFirewallPolicyAssociation(),
-	"google_compute_firewall_policy_rule":        compute.ResourceComputeFirewallPolicyRule(),
 	"google_container_aws_cluster":               containeraws.ResourceContainerAwsCluster(),
 	"google_container_aws_node_pool":             containeraws.ResourceContainerAwsNodePool(),
 	"google_container_azure_client":              containerazure.ResourceContainerAzureClient(),

google-beta/provider/provider_mmv1_resources.go

@@ -501,9 +501,9 @@ var handwrittenIAMDatasources = map[string]*schema.Resource{
 }
 
 // Resources
-// Generated resources: 548
+// Generated resources: 549
 // Generated IAM resources: 291
-// Total generated resources: 839
+// Total generated resources: 840
 var generatedResources = map[string]*schema.Resource{
 	"google_folder_access_approval_settings":                                     accessapproval.ResourceAccessApprovalFolderSettings(),
 	"google_organization_access_approval_settings":                               accessapproval.ResourceAccessApprovalOrganizationSettings(),
@@ -705,6 +705,7 @@ var generatedResources = map[string]*schema.Resource{
 	"google_compute_disk_resource_policy_attachment":                             compute.ResourceComputeDiskResourcePolicyAttachment(),
 	"google_compute_external_vpn_gateway":                                        compute.ResourceComputeExternalVpnGateway(),
 	"google_compute_firewall":                                                    compute.ResourceComputeFirewall(),
+	"google_compute_firewall_policy_rule":                                        compute.ResourceComputeFirewallPolicyRule(),
 	"google_compute_firewall_policy_with_rules":                                  compute.ResourceComputeFirewallPolicyWithRules(),
 	"google_compute_forwarding_rule":                                             compute.ResourceComputeForwardingRule(),
 	"google_compute_global_address":                                              compute.ResourceComputeGlobalAddress(),

google-beta/services/compute/resource_compute_firewall_policy_rule_generated_meta.yaml

@@ -0,0 +1,5 @@
+resource: 'google_compute_firewall_policy_rule'
+generation_type: 'mmv1'
+api_service_name: 'compute.googleapis.com'
+api_version: 'beta'
+api_resource_type_kind: 'FirewallPolicyRule'

google-beta/services/compute/resource_compute_firewall_policy_rule_generated_test.go

@@ -3,75 +3,67 @@
 
 // ----------------------------------------------------------------------------
 //
-//     ***     AUTO GENERATED CODE    ***    Type: DCL     ***
+//     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
 //
 // ----------------------------------------------------------------------------
 //
-//     This file is managed by Magic Modules (https://github.com/GoogleCloudPlatform/magic-modules)
-//     and is based on the DCL (https://github.com/GoogleCloudPlatform/declarative-resource-client-library).
-//     Changes will need to be made to the DCL or Magic Modules instead of here.
+//     This file is automatically generated by Magic Modules and manual
+//     changes will be clobbered when the file is regenerated.
 //
-//     We are not currently able to accept contributions to this file. If changes
-//     are required, please file an issue at https://github.com/hashicorp/terraform-provider-google/issues/new/choose
+//     Please read more about how to change this file in
+//     .github/CONTRIBUTING.md.
 //
 // ----------------------------------------------------------------------------
 
 package compute_test
 
 import (
-	"context"
 	"fmt"
-	dcl "github.com/GoogleCloudPlatform/declarative-resource-client-library/dcl"
-	compute "github.com/GoogleCloudPlatform/declarative-resource-client-library/services/google/compute/beta"
-	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
-	"github.com/hashicorp/terraform-plugin-testing/terraform"
 	"strings"
 	"testing"
 
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-plugin-testing/terraform"
+
 	"github.com/hashicorp/terraform-provider-google-beta/google-beta/acctest"
 	"github.com/hashicorp/terraform-provider-google-beta/google-beta/envvar"
+	"github.com/hashicorp/terraform-provider-google-beta/google-beta/tpgresource"
 	transport_tpg "github.com/hashicorp/terraform-provider-google-beta/google-beta/transport"
 )
 
-func TestAccComputeFirewallPolicyRule_BasicFirSecRuleHandWritten(t *testing.T) {
+func TestAccComputeFirewallPolicyRule_firewallPolicyRuleExample(t *testing.T) {
 	t.Parallel()
 
 	context := map[string]interface{}{
-		"org_id":        envvar.GetTestOrgFromEnv(t),
-		"project_name":  envvar.GetTestProjectFromEnv(),
-		"service_acct":  envvar.GetTestServiceAccountFromEnv(t),
-		"random_suffix": acctest.RandString(t, 10),
+		"org_id":          envvar.GetTestOrgFromEnv(t),
+		"service_account": envvar.GetTestServiceAccountFromEnv(t),
+		"random_suffix":   acctest.RandString(t, 10),
 	}
 
 	acctest.VcrTest(t, resource.TestCase{
 		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
-		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t),
 		CheckDestroy:             testAccCheckComputeFirewallPolicyRuleDestroyProducer(t),
 		Steps: []resource.TestStep{
 			{
-				Config: testAccComputeFirewallPolicyRule_BasicFirSecRuleHandWritten(context),
-			},
-			{
-				ResourceName:      "google_compute_firewall_policy_rule.primary",
-				ImportState:       true,
-				ImportStateVerify: true,
-			},
-			{
-				Config: testAccComputeFirewallPolicyRule_BasicFirSecRuleHandWrittenUpdate0(context),
+				Config: testAccComputeFirewallPolicyRule_firewallPolicyRuleExample(context),
 			},
 			{
-				ResourceName:      "google_compute_firewall_policy_rule.primary",
-				ImportState:       true,
-				ImportStateVerify: true,
+				ResourceName:            "google_compute_firewall_policy_rule.policy_rule",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"firewall_policy"},
 			},
 		},
 	})
 }
 
-func testAccComputeFirewallPolicyRule_BasicFirSecRuleHandWritten(context map[string]interface{}) string {
+func testAccComputeFirewallPolicyRule_firewallPolicyRuleExample(context map[string]interface{}) string {
 	return acctest.Nprintf(`
 resource "google_network_security_address_group" "basic_global_networksecurity_address_group" {
-  name        = "tf-test-policy%{random_suffix}"
+  provider = google-beta
+
+  name        = "address%{random_suffix}"
   parent      = "organizations/%{org_id}"
   description = "Sample global networksecurity_address_group"
   location    = "global"
@@ -81,25 +73,32 @@ resource "google_network_security_address_group" "basic_global_networksecurity_a
 }
 
 resource "google_folder" "folder" {
-  display_name = "tf-test-policy%{random_suffix}"
-  parent       = "organizations/%{org_id}"
+  provider = google-beta
+
+  display_name        = "folder%{random_suffix}"
+  parent              = "organizations/%{org_id}"
   deletion_protection = false
 }
 
 resource "google_compute_firewall_policy" "default" {
+  provider = google-beta
+
   parent      = google_folder.folder.id
-  short_name  = "tf-test-policy%{random_suffix}"
+  short_name  = "policy%{random_suffix}"
   description = "Resource created for Terraform acceptance testing"
 }
 
-resource "google_compute_firewall_policy_rule" "primary" {
+resource "google_compute_firewall_policy_rule" "policy_rule" {
+  provider = google-beta
+
   firewall_policy = google_compute_firewall_policy.default.name
   description     = "Resource created for Terraform acceptance testing"
   priority        = 9000
   enable_logging  = true
   action          = "allow"
   direction       = "EGRESS"
   disabled        = false
+
   match {
     layer4_configs {
       ip_protocol = "tcp"
@@ -116,70 +115,15 @@ resource "google_compute_firewall_policy_rule" "primary" {
     src_address_groups = []
     dest_address_groups = [google_network_security_address_group.basic_global_networksecurity_address_group.id]
   }
-  target_service_accounts = ["%{service_acct}"]
+  target_service_accounts = ["%{service_account}"]
 }
-
-`, context)
-}
-
-func testAccComputeFirewallPolicyRule_BasicFirSecRuleHandWrittenUpdate0(context map[string]interface{}) string {
-	return acctest.Nprintf(`
-resource "google_network_security_address_group" "basic_global_networksecurity_address_group" {
-  name        = "tf-test-policy%{random_suffix}"
-  parent      = "organizations/%{org_id}"
-  description = "Sample global networksecurity_address_group"
-  location    = "global"
-  items       = ["208.80.154.224/32"]
-  type        = "IPV4"
-  capacity    = 100
-}
-
-resource "google_folder" "folder" {
-  display_name = "tf-test-policy%{random_suffix}"
-  parent       = "organizations/%{org_id}"
-  deletion_protection = false
-}
-
-resource "google_compute_firewall_policy" "default" {
-  parent      = google_folder.folder.id
-  short_name  = "tf-test-policy%{random_suffix}"
-  description = "Resource created for Terraform acceptance testing"
-}
-
-resource "google_compute_firewall_policy_rule" "primary" {
-  firewall_policy = google_compute_firewall_policy.default.name
-  description     = "Resource created for Terraform acceptance testing - Updated"
-  priority        = 9000
-  enable_logging  = true
-  action          = "allow"
-  direction       = "EGRESS"
-  disabled        = false
-  match {
-    layer4_configs {
-      ip_protocol = "tcp"
-      ports = [8080]
-    }
-    layer4_configs {
-      ip_protocol = "udp"
-      ports = [22]
-    }
-    dest_ip_ranges = ["11.100.0.1/32", "10.0.0.0/24"]
-    dest_fqdns = ["google.com"]
-    dest_region_codes = ["US"]
-    dest_threat_intelligences = ["iplist-known-malicious-ips"]
-    src_address_groups = []
-    dest_address_groups = [google_network_security_address_group.basic_global_networksecurity_address_group.id]
-  }
-  target_service_accounts = ["%{service_acct}"]
-}
-
 `, context)
 }
 
 func testAccCheckComputeFirewallPolicyRuleDestroyProducer(t *testing.T) func(s *terraform.State) error {
 	return func(s *terraform.State) error {
 		for name, rs := range s.RootModule().Resources {
-			if rs.Type != "rs.google_compute_firewall_policy_rule" {
+			if rs.Type != "google_compute_firewall_policy_rule" {
 				continue
 			}
 			if strings.HasPrefix(name, "data.") {
@@ -188,29 +132,29 @@ func testAccCheckComputeFirewallPolicyRuleDestroyProducer(t *testing.T) func(s *
 
 			config := acctest.GoogleProviderConfig(t)
 
+			url, err := tpgresource.ReplaceVarsForTest(config, rs, "{{ComputeBasePath}}locations/global/firewallPolicies/{{firewall_policy}}/getRule?priority={{priority}}")
+			if err != nil {
+				return err
+			}
+
 			billingProject := ""
+
 			if config.BillingProject != "" {
 				billingProject = config.BillingProject
 			}
 
-			obj := &compute.FirewallPolicyRule{
-				Action:               dcl.String(rs.Primary.Attributes["action"]),
-				Direction:            compute.FirewallPolicyRuleDirectionEnumRef(rs.Primary.Attributes["direction"]),
-				FirewallPolicy:       dcl.String(rs.Primary.Attributes["firewall_policy"]),
-				Description:          dcl.String(rs.Primary.Attributes["description"]),
-				Disabled:             dcl.Bool(rs.Primary.Attributes["disabled"] == "true"),
-				EnableLogging:        dcl.Bool(rs.Primary.Attributes["enable_logging"] == "true"),
-				SecurityProfileGroup: dcl.String(rs.Primary.Attributes["security_profile_group"]),
-				TlsInspect:           dcl.Bool(rs.Primary.Attributes["tls_inspect"] == "true"),
-				Kind:                 dcl.StringOrNil(rs.Primary.Attributes["kind"]),
-			}
-
-			client := transport_tpg.NewDCLComputeClient(config, config.UserAgent, billingProject, 0)
-			_, err := client.GetFirewallPolicyRule(context.Background(), obj)
+			_, err = transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
+				Config:    config,
+				Method:    "GET",
+				Project:   billingProject,
+				RawURL:    url,
+				UserAgent: config.UserAgent,
+			})
 			if err == nil {
-				return fmt.Errorf("google_compute_firewall_policy_rule still exists %v", obj)
+				return fmt.Errorf("ComputeFirewallPolicyRule still exists at %s", url)
 			}
 		}
+
 		return nil
 	}
 }