All beta fields in compute firewall are GA

google/resource_compute_firewall.go

@@ -13,17 +13,8 @@ import (
 	"google.golang.org/api/compute/v1"
 )
 
-const COMPUTE_FIREWALL_PRIORITY_DEFAULT = 1000
-
 var FirewallBaseApiVersion = v1
-var FirewallVersionedFeatures = []Feature{
-	Feature{Version: v0beta, Item: "deny"},
-	Feature{Version: v0beta, Item: "direction"},
-	Feature{Version: v0beta, Item: "destination_ranges"},
-	Feature{Version: v0beta, Item: "priority", DefaultValue: COMPUTE_FIREWALL_PRIORITY_DEFAULT},
-	Feature{Version: v0beta, Item: "source_service_accounts"},
-	Feature{Version: v0beta, Item: "target_service_accounts"},
-}
+var FirewallVersionedFeatures = []Feature{}
 
 func resourceComputeFirewall() *schema.Resource {
 	return &schema.Resource{
@@ -55,7 +46,7 @@ func resourceComputeFirewall() *schema.Resource {
 				Type:         schema.TypeInt,
 				Optional:     true,
 				ForceNew:     true,
-				Default:      COMPUTE_FIREWALL_PRIORITY_DEFAULT,
+				Default:      1000,
 				ValidateFunc: validation.IntBetween(0, 65535),
 			},
 
@@ -251,7 +242,7 @@ func resourceComputeFirewallCreate(d *schema.ResourceData, meta interface{}) err
 	return resourceComputeFirewallRead(d, meta)
 }
 
-func flattenAllowed(allowed []*computeBeta.FirewallAllowed) []map[string]interface{} {
+func flattenFirewallAllowed(allowed []*computeBeta.FirewallAllowed) []map[string]interface{} {
 	result := make([]map[string]interface{}, 0, len(allowed))
 	for _, allow := range allowed {
 		allowMap := make(map[string]interface{})
@@ -263,7 +254,7 @@ func flattenAllowed(allowed []*computeBeta.FirewallAllowed) []map[string]interfa
 	return result
 }
 
-func flattenDenied(denied []*computeBeta.FirewallDenied) []map[string]interface{} {
+func flattenFirewallDenied(denied []*computeBeta.FirewallDenied) []map[string]interface{} {
 	result := make([]map[string]interface{}, 0, len(denied))
 	for _, deny := range denied {
 		denyMap := make(map[string]interface{})
@@ -296,10 +287,6 @@ func resourceComputeFirewallRead(d *schema.ResourceData, meta interface{}) error
 		if err != nil {
 			return err
 		}
-		// During firewall conversion from v1 to v0beta, the value for Priority is read as 0 (as it doesn't exist in
-		// v1). Unfortunately this is a valid value, but not the same as the default. To avoid this, we explicitly set
-		// the default value here.
-		firewall.Priority = COMPUTE_FIREWALL_PRIORITY_DEFAULT
 	case v0beta:
 		firewallV0Beta, err := config.clientComputeBeta.Firewalls.Get(project, d.Id()).Do()
 		if err != nil {
@@ -329,8 +316,8 @@ func resourceComputeFirewallRead(d *schema.ResourceData, meta interface{}) error
 	d.Set("source_tags", firewall.SourceTags)
 	d.Set("destination_ranges", firewall.DestinationRanges)
 	d.Set("target_tags", firewall.TargetTags)
-	d.Set("allow", flattenAllowed(firewall.Allowed))
-	d.Set("deny", flattenDenied(firewall.Denied))
+	d.Set("allow", flattenFirewallAllowed(firewall.Allowed))
+	d.Set("deny", flattenFirewallDenied(firewall.Denied))
 	d.Set("priority", int(firewall.Priority))
 	d.Set("source_service_accounts", firewall.SourceServiceAccounts)
 	d.Set("target_service_accounts", firewall.TargetServiceAccounts)

google/resource_compute_firewall_test.go

@@ -76,7 +76,7 @@ func TestAccComputeFirewall_update(t *testing.T) {
 func TestAccComputeFirewall_priority(t *testing.T) {
 	t.Parallel()
 
-	var firewall computeBeta.Firewall
+	var firewall compute.Firewall
 	networkName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))
 	firewallName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))
 
@@ -87,10 +87,10 @@ func TestAccComputeFirewall_priority(t *testing.T) {
 		Steps: []resource.TestStep{{
 			Config: testAccComputeFirewall_priority(networkName, firewallName, 1001),
 			Check: resource.ComposeTestCheckFunc(
-				testAccCheckComputeBetaFirewallExists(
+				testAccCheckComputeFirewallExists(
 					"google_compute_firewall.foobar", &firewall),
 				testAccCheckComputeFirewallHasPriority(&firewall, 1001),
-				testAccCheckComputeFirewallBetaApiVersion(&firewall),
+				testAccCheckComputeFirewallApiVersion(&firewall),
 			),
 		}},
 	})
@@ -123,7 +123,7 @@ func TestAccComputeFirewall_noSource(t *testing.T) {
 func TestAccComputeFirewall_denied(t *testing.T) {
 	t.Parallel()
 
-	var firewall computeBeta.Firewall
+	var firewall compute.Firewall
 	networkName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))
 	firewallName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))
 
@@ -135,9 +135,9 @@ func TestAccComputeFirewall_denied(t *testing.T) {
 			resource.TestStep{
 				Config: testAccComputeFirewall_denied(networkName, firewallName),
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckComputeBetaFirewallExists("google_compute_firewall.foobar", &firewall),
-					testAccCheckComputeBetaFirewallDenyPorts(&firewall, "22"),
-					testAccCheckComputeFirewallBetaApiVersion(&firewall),
+					testAccCheckComputeFirewallExists("google_compute_firewall.foobar", &firewall),
+					testAccCheckComputeFirewallDenyPorts(&firewall, "22"),
+					testAccCheckComputeFirewallApiVersion(&firewall),
 				),
 			},
 		},
@@ -147,7 +147,7 @@ func TestAccComputeFirewall_denied(t *testing.T) {
 func TestAccComputeFirewall_egress(t *testing.T) {
 	t.Parallel()
 
-	var firewall computeBeta.Firewall
+	var firewall compute.Firewall
 	networkName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))
 	firewallName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))
 
@@ -159,9 +159,9 @@ func TestAccComputeFirewall_egress(t *testing.T) {
 			resource.TestStep{
 				Config: testAccComputeFirewall_egress(networkName, firewallName),
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckComputeBetaFirewallExists("google_compute_firewall.foobar", &firewall),
-					testAccCheckComputeBetaFirewallEgress(&firewall),
-					testAccCheckComputeFirewallBetaApiVersion(&firewall),
+					testAccCheckComputeFirewallExists("google_compute_firewall.foobar", &firewall),
+					testAccCheckComputeFirewallEgress(&firewall),
+					testAccCheckComputeFirewallApiVersion(&firewall),
 				),
 			},
 		},
@@ -171,7 +171,7 @@ func TestAccComputeFirewall_egress(t *testing.T) {
 func TestAccComputeFirewall_serviceAccounts(t *testing.T) {
 	t.Parallel()
 
-	var firewall computeBeta.Firewall
+	var firewall compute.Firewall
 	networkName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))
 	firewallName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))
 
@@ -189,9 +189,9 @@ func TestAccComputeFirewall_serviceAccounts(t *testing.T) {
 			resource.TestStep{
 				Config: testAccComputeFirewall_serviceAccounts(sourceSa, targetSa, networkName, firewallName),
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckComputeBetaFirewallExists("google_compute_firewall.foobar", &firewall),
-					testAccCheckComputeBetaFirewallServiceAccounts(sourceSaEmail, targetSaEmail, &firewall),
-					testAccCheckComputeFirewallBetaApiVersion(&firewall),
+					testAccCheckComputeFirewallExists("google_compute_firewall.foobar", &firewall),
+					testAccCheckComputeFirewallServiceAccounts(sourceSaEmail, targetSaEmail, &firewall),
+					testAccCheckComputeFirewallApiVersion(&firewall),
 				),
 			},
 		},
@@ -245,7 +245,7 @@ func testAccCheckComputeFirewallExists(n string, firewall *compute.Firewall) res
 	}
 }
 
-func testAccCheckComputeFirewallHasPriority(firewall *computeBeta.Firewall, priority int) resource.TestCheckFunc {
+func testAccCheckComputeFirewallHasPriority(firewall *compute.Firewall, priority int) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		if firewall.Priority != int64(priority) {
 			return fmt.Errorf("Priority for firewall does not match: expected %d, found %d", priority, firewall.Priority)
@@ -298,7 +298,7 @@ func testAccCheckComputeFirewallPorts(
 	}
 }
 
-func testAccCheckComputeBetaFirewallDenyPorts(firewall *computeBeta.Firewall, ports string) resource.TestCheckFunc {
+func testAccCheckComputeFirewallDenyPorts(firewall *compute.Firewall, ports string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		if len(firewall.Denied) == 0 {
 			return fmt.Errorf("no denied rules")
@@ -312,7 +312,7 @@ func testAccCheckComputeBetaFirewallDenyPorts(firewall *computeBeta.Firewall, po
 	}
 }
 
-func testAccCheckComputeBetaFirewallEgress(firewall *computeBeta.Firewall) resource.TestCheckFunc {
+func testAccCheckComputeFirewallEgress(firewall *compute.Firewall) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		if firewall.Direction != "EGRESS" {
 			return fmt.Errorf("firewall not EGRESS")
@@ -322,7 +322,7 @@ func testAccCheckComputeBetaFirewallEgress(firewall *computeBeta.Firewall) resou
 	}
 }
 
-func testAccCheckComputeBetaFirewallServiceAccounts(sourceSa, targetSa string, firewall *computeBeta.Firewall) resource.TestCheckFunc {
+func testAccCheckComputeFirewallServiceAccounts(sourceSa, targetSa string, firewall *compute.Firewall) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		if len(firewall.SourceServiceAccounts) != 1 || firewall.SourceServiceAccounts[0] != sourceSa {
 			return fmt.Errorf("Expected sourceServiceAccount of %s, got %v", sourceSa, firewall.SourceServiceAccounts)
@@ -352,7 +352,7 @@ func testAccCheckComputeFirewallApiVersion(firewall *compute.Firewall) resource.
 		// The self-link of the network field is used to determine which API was used when fetching
 		// the state from the API.
 		if !strings.Contains(firewall.Network, "compute/v1") {
-			return fmt.Errorf("firewall beta API was not used")
+			return fmt.Errorf("firewall v1 API was not used")
 		}
 
 		return nil