terraform-provider-google/google/resource_compute_firewall_test.go

package google

import (
	"fmt"
	"testing"

	"github.com/hashicorp/terraform/helper/acctest"
	"github.com/hashicorp/terraform/helper/resource"
	"github.com/hashicorp/terraform/terraform"

	computeBeta "google.golang.org/api/compute/v0.beta"
	"google.golang.org/api/compute/v1"
)

func TestAccComputeFirewall_basic(t *testing.T) {
	var firewall compute.Firewall
	networkName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))
	firewallName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))

	resource.Test(t, resource.TestCase{
		PreCheck:     func() { testAccPreCheck(t) },
		Providers:    testAccProviders,
		CheckDestroy: testAccCheckComputeFirewallDestroy,
		Steps: []resource.TestStep{
			resource.TestStep{
				Config: testAccComputeFirewall_basic(networkName, firewallName),
				Check: resource.ComposeTestCheckFunc(
					testAccCheckComputeFirewallExists(
						"google_compute_firewall.foobar", &firewall),
				),
			},
		},
	})
}

func TestAccComputeFirewall_update(t *testing.T) {
	var firewall compute.Firewall
	networkName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))
	firewallName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))

	resource.Test(t, resource.TestCase{
		PreCheck:     func() { testAccPreCheck(t) },
		Providers:    testAccProviders,
		CheckDestroy: testAccCheckComputeFirewallDestroy,
		Steps: []resource.TestStep{
			resource.TestStep{
				Config: testAccComputeFirewall_basic(networkName, firewallName),
				Check: resource.ComposeTestCheckFunc(
					testAccCheckComputeFirewallExists(
						"google_compute_firewall.foobar", &firewall),
				),
			},
			resource.TestStep{
				Config: testAccComputeFirewall_update(networkName, firewallName),
				Check: resource.ComposeTestCheckFunc(
					testAccCheckComputeFirewallExists(
						"google_compute_firewall.foobar", &firewall),
					testAccCheckComputeFirewallPorts(
						&firewall, "80-255"),
				),
			},
		},
	})
}

func TestAccComputeFirewall_noSource(t *testing.T) {
	var firewall compute.Firewall
	networkName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))
	firewallName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))

	resource.Test(t, resource.TestCase{
		PreCheck:     func() { testAccPreCheck(t) },
		Providers:    testAccProviders,
		CheckDestroy: testAccCheckComputeFirewallDestroy,
		Steps: []resource.TestStep{
			resource.TestStep{
				Config: testAccComputeFirewall_noSource(networkName, firewallName),
				Check: resource.ComposeTestCheckFunc(
					testAccCheckComputeFirewallExists(
						"google_compute_firewall.foobar", &firewall),
				),
			},
		},
	})
}

func TestAccComputeFirewall_denied(t *testing.T) {
	var firewall computeBeta.Firewall
	networkName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))
	firewallName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))

	resource.Test(t, resource.TestCase{
		PreCheck:     func() { testAccPreCheck(t) },
		Providers:    testAccProviders,
		CheckDestroy: testAccCheckComputeFirewallDestroy,
		Steps: []resource.TestStep{
			resource.TestStep{
				Config: testAccComputeFirewall_denied(networkName, firewallName),
				Check: resource.ComposeTestCheckFunc(
					testAccCheckComputeBetaFirewallExists("google_compute_firewall.foobar", &firewall),
					testAccCheckComputeBetaFirewallDenyPorts(&firewall, "22"),
				),
			},
		},
	})
}

func testAccCheckComputeFirewallDestroy(s *terraform.State) error {
	config := testAccProvider.Meta().(*Config)

	for _, rs := range s.RootModule().Resources {
		if rs.Type != "google_compute_firewall" {
			continue
		}

		_, err := config.clientCompute.Firewalls.Get(
			config.Project, rs.Primary.ID).Do()
		if err == nil {
			return fmt.Errorf("Firewall still exists")
		}
	}

	return nil
}

func testAccCheckComputeFirewallExists(n string, firewall *compute.Firewall) resource.TestCheckFunc {
	return func(s *terraform.State) error {
		rs, ok := s.RootModule().Resources[n]
		if !ok {
			return fmt.Errorf("Not found: %s", n)
		}

		if rs.Primary.ID == "" {
			return fmt.Errorf("No ID is set")
		}

		config := testAccProvider.Meta().(*Config)

		found, err := config.clientCompute.Firewalls.Get(
			config.Project, rs.Primary.ID).Do()
		if err != nil {
			return err
		}

		if found.Name != rs.Primary.ID {
			return fmt.Errorf("Firewall not found")
		}

		*firewall = *found

		return nil
	}
}

func testAccCheckComputeBetaFirewallExists(n string, firewall *computeBeta.Firewall) resource.TestCheckFunc {
	return func(s *terraform.State) error {
		rs, ok := s.RootModule().Resources[n]
		if !ok {
			return fmt.Errorf("Not found: %s", n)
		}

		if rs.Primary.ID == "" {
			return fmt.Errorf("No ID is set")
		}

		config := testAccProvider.Meta().(*Config)

		found, err := config.clientComputeBeta.Firewalls.Get(
			config.Project, rs.Primary.ID).Do()
		if err != nil {
			return err
		}

		if found.Name != rs.Primary.ID {
			return fmt.Errorf("Firewall not found")
		}

		*firewall = *found

		return nil
	}
}

func testAccCheckComputeFirewallPorts(
	firewall *compute.Firewall, ports string) resource.TestCheckFunc {
	return func(s *terraform.State) error {
		if len(firewall.Allowed) == 0 {
			return fmt.Errorf("no allowed rules")
		}

		if firewall.Allowed[0].Ports[0] != ports {
			return fmt.Errorf("bad: %#v", firewall.Allowed[0].Ports)
		}

		return nil
	}
}

func testAccCheckComputeBetaFirewallDenyPorts(firewall *computeBeta.Firewall, ports string) resource.TestCheckFunc {
	return func(s *terraform.State) error {
		if len(firewall.Denied) == 0 {
			return fmt.Errorf("no denied rules")
		}

		if firewall.Denied[0].Ports[0] != ports {
			return fmt.Errorf("bad: %#v", firewall.Denied[0].Ports)
		}

		return nil
	}
}

func testAccComputeFirewall_basic(network, firewall string) string {
	return fmt.Sprintf(`
	resource "google_compute_network" "foobar" {
		name = "%s"
		ipv4_range = "10.0.0.0/16"
	}

	resource "google_compute_firewall" "foobar" {
		name = "firewall-test-%s"
		description = "Resource created for Terraform acceptance testing"
		network = "${google_compute_network.foobar.name}"
		source_tags = ["foo"]

		allow {
			protocol = "icmp"
		}
	}`, network, firewall)
}

func testAccComputeFirewall_update(network, firewall string) string {
	return fmt.Sprintf(`
	resource "google_compute_network" "foobar" {
		name = "%s"
		ipv4_range = "10.0.0.0/16"
	}

	resource "google_compute_firewall" "foobar" {
		name = "firewall-test-%s"
		description = "Resource created for Terraform acceptance testing"
		network = "${google_compute_network.foobar.name}"
		source_tags = ["foo"]

		allow {
			protocol = "tcp"
			ports = ["80-255"]
		}
	}`, network, firewall)
}

func testAccComputeFirewall_noSource(network, firewall string) string {
	return fmt.Sprintf(`
	resource "google_compute_network" "foobar" {
		name = "%s"
		ipv4_range = "10.0.0.0/16"
	}

	resource "google_compute_firewall" "foobar" {
		name = "firewall-test-%s"
		description = "Resource created for Terraform acceptance testing"
		network = "${google_compute_network.foobar.name}"

		allow {
			protocol = "tcp"
			ports    = [22]
		}
	}`, network, firewall)
}

func testAccComputeFirewall_denied(network, firewall string) string {
	return fmt.Sprintf(`
	resource "google_compute_network" "foobar" {
		name = "%s"
		ipv4_range = "10.0.0.0/16"
	}

	resource "google_compute_firewall" "foobar" {
		name = "firewall-test-%s"
		description = "Resource created for Terraform acceptance testing"
		network = "${google_compute_network.foobar.name}"
		source_tags = ["foo"]

		deny {
			protocol = "tcp"
			ports    = [22]
		}
	}`, network, firewall)
}
providers/google: compute_firewall 2014-08-26 05:09:38 +00:00			`package google`

			`import (`
			`"fmt"`
			`"testing"`

provider/google: remove conflicting names from acceptance tests 2016-01-05 21:47:10 +00:00			`"github.com/hashicorp/terraform/helper/acctest"`
providers/google: compute_firewall 2014-08-26 05:09:38 +00:00			`"github.com/hashicorp/terraform/helper/resource"`
			`"github.com/hashicorp/terraform/terraform"`
Add Beta support & Beta feature deny to google_compute_firewall (#282) * Add versioned Beta support to google_compute_firewall. * Add Beta support for deny to google_compute_firewall. * remove extra line: * make fmt * Add missing ForceNew fields. * Respond to review comments testing functionality + reducing network GET to v1 2017-08-07 20:14:35 +00:00
			`computeBeta "google.golang.org/api/compute/v0.beta"`
Update Google API import to point to the new location. 2015-03-18 17:10:39 +00:00			`"google.golang.org/api/compute/v1"`
providers/google: compute_firewall 2014-08-26 05:09:38 +00:00			`)`

			`func TestAccComputeFirewall_basic(t *testing.T) {`
			`var firewall compute.Firewall`
provider/google: limit hardcoded test resource names 2016-01-06 00:49:06 +00:00			`networkName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))`
			`firewallName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))`
providers/google: compute_firewall 2014-08-26 05:09:38 +00:00
			`resource.Test(t, resource.TestCase{`
			`PreCheck: func() { testAccPreCheck(t) },`
			`Providers: testAccProviders,`
			`CheckDestroy: testAccCheckComputeFirewallDestroy,`
			`Steps: []resource.TestStep{`
			`resource.TestStep{`
provider/google: limit hardcoded test resource names 2016-01-06 00:49:06 +00:00			`Config: testAccComputeFirewall_basic(networkName, firewallName),`
providers/google: compute_firewall 2014-08-26 05:09:38 +00:00			`Check: resource.ComposeTestCheckFunc(`
			`testAccCheckComputeFirewallExists(`
			`"google_compute_firewall.foobar", &firewall),`
			`),`
			`},`
			`},`
			`})`
			`}`

providers/google: compute_firewall update 2014-08-26 19:50:08 +00:00			`func TestAccComputeFirewall_update(t *testing.T) {`
			`var firewall compute.Firewall`
provider/google: limit hardcoded test resource names 2016-01-06 00:49:06 +00:00			`networkName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))`
			`firewallName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))`
providers/google: compute_firewall update 2014-08-26 19:50:08 +00:00
			`resource.Test(t, resource.TestCase{`
			`PreCheck: func() { testAccPreCheck(t) },`
			`Providers: testAccProviders,`
			`CheckDestroy: testAccCheckComputeFirewallDestroy,`
			`Steps: []resource.TestStep{`
			`resource.TestStep{`
provider/google: limit hardcoded test resource names 2016-01-06 00:49:06 +00:00			`Config: testAccComputeFirewall_basic(networkName, firewallName),`
providers/google: compute_firewall update 2014-08-26 19:50:08 +00:00			`Check: resource.ComposeTestCheckFunc(`
			`testAccCheckComputeFirewallExists(`
			`"google_compute_firewall.foobar", &firewall),`
			`),`
			`},`
			`resource.TestStep{`
provider/google: limit hardcoded test resource names 2016-01-06 00:49:06 +00:00			`Config: testAccComputeFirewall_update(networkName, firewallName),`
providers/google: compute_firewall update 2014-08-26 19:50:08 +00:00			`Check: resource.ComposeTestCheckFunc(`
			`testAccCheckComputeFirewallExists(`
			`"google_compute_firewall.foobar", &firewall),`
			`testAccCheckComputeFirewallPorts(`
			`&firewall, "80-255"),`
			`),`
			`},`
			`},`
			`})`
			`}`

compute_firewall: set source_ranges to Computed to avoid perpetual diff If this is not set in Terraform, then the API defaults to 0.0.0.0/0, Terraform would then attempt to remove that value and so on. 2017-06-21 08:51:25 +00:00			`func TestAccComputeFirewall_noSource(t *testing.T) {`
			`var firewall compute.Firewall`
			`networkName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))`
			`firewallName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))`

			`resource.Test(t, resource.TestCase{`
			`PreCheck: func() { testAccPreCheck(t) },`
			`Providers: testAccProviders,`
			`CheckDestroy: testAccCheckComputeFirewallDestroy,`
			`Steps: []resource.TestStep{`
			`resource.TestStep{`
			`Config: testAccComputeFirewall_noSource(networkName, firewallName),`
			`Check: resource.ComposeTestCheckFunc(`
			`testAccCheckComputeFirewallExists(`
			`"google_compute_firewall.foobar", &firewall),`
			`),`
			`},`
			`},`
			`})`
			`}`

Add Beta support & Beta feature deny to google_compute_firewall (#282) * Add versioned Beta support to google_compute_firewall. * Add Beta support for deny to google_compute_firewall. * remove extra line: * make fmt * Add missing ForceNew fields. * Respond to review comments testing functionality + reducing network GET to v1 2017-08-07 20:14:35 +00:00			`func TestAccComputeFirewall_denied(t *testing.T) {`
			`var firewall computeBeta.Firewall`
			`networkName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))`
			`firewallName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))`

			`resource.Test(t, resource.TestCase{`
			`PreCheck: func() { testAccPreCheck(t) },`
			`Providers: testAccProviders,`
			`CheckDestroy: testAccCheckComputeFirewallDestroy,`
			`Steps: []resource.TestStep{`
			`resource.TestStep{`
			`Config: testAccComputeFirewall_denied(networkName, firewallName),`
			`Check: resource.ComposeTestCheckFunc(`
			`testAccCheckComputeBetaFirewallExists("google_compute_firewall.foobar", &firewall),`
			`testAccCheckComputeBetaFirewallDenyPorts(&firewall, "22"),`
			`),`
			`},`
			`},`
			`})`
			`}`

providers/google: compute_firewall 2014-08-26 05:09:38 +00:00			`func testAccCheckComputeFirewallDestroy(s *terraform.State) error {`
			`config := testAccProvider.Meta().(*Config)`

providers/google: tests passing, compiling 2014-09-17 00:16:53 +00:00			`for _, rs := range s.RootModule().Resources {`
providers/google: compute_firewall 2014-08-26 05:09:38 +00:00			`if rs.Type != "google_compute_firewall" {`
			`continue`
			`}`

			`_, err := config.clientCompute.Firewalls.Get(`
providers/google: tests passing, compiling 2014-09-17 00:16:53 +00:00			`config.Project, rs.Primary.ID).Do()`
providers/google: compute_firewall 2014-08-26 05:09:38 +00:00			`if err == nil {`
			`return fmt.Errorf("Firewall still exists")`
			`}`
			`}`

			`return nil`
			`}`

			`func testAccCheckComputeFirewallExists(n string, firewall *compute.Firewall) resource.TestCheckFunc {`
			`return func(s *terraform.State) error {`
providers/google: tests passing, compiling 2014-09-17 00:16:53 +00:00			`rs, ok := s.RootModule().Resources[n]`
providers/google: compute_firewall 2014-08-26 05:09:38 +00:00			`if !ok {`
			`return fmt.Errorf("Not found: %s", n)`
			`}`

providers/google: tests passing, compiling 2014-09-17 00:16:53 +00:00			`if rs.Primary.ID == "" {`
providers/google: compute_firewall 2014-08-26 05:09:38 +00:00			`return fmt.Errorf("No ID is set")`
			`}`

			`config := testAccProvider.Meta().(*Config)`

			`found, err := config.clientCompute.Firewalls.Get(`
providers/google: tests passing, compiling 2014-09-17 00:16:53 +00:00			`config.Project, rs.Primary.ID).Do()`
providers/google: compute_firewall 2014-08-26 05:09:38 +00:00			`if err != nil {`
			`return err`
			`}`

providers/google: tests passing, compiling 2014-09-17 00:16:53 +00:00			`if found.Name != rs.Primary.ID {`
providers/google: compute_firewall 2014-08-26 05:09:38 +00:00			`return fmt.Errorf("Firewall not found")`
			`}`

			`firewall = found`

			`return nil`
			`}`
			`}`

Add Beta support & Beta feature deny to google_compute_firewall (#282) * Add versioned Beta support to google_compute_firewall. * Add Beta support for deny to google_compute_firewall. * remove extra line: * make fmt * Add missing ForceNew fields. * Respond to review comments testing functionality + reducing network GET to v1 2017-08-07 20:14:35 +00:00			`func testAccCheckComputeBetaFirewallExists(n string, firewall *computeBeta.Firewall) resource.TestCheckFunc {`
			`return func(s *terraform.State) error {`
			`rs, ok := s.RootModule().Resources[n]`
			`if !ok {`
			`return fmt.Errorf("Not found: %s", n)`
			`}`

			`if rs.Primary.ID == "" {`
			`return fmt.Errorf("No ID is set")`
			`}`

			`config := testAccProvider.Meta().(*Config)`

			`found, err := config.clientComputeBeta.Firewalls.Get(`
			`config.Project, rs.Primary.ID).Do()`
			`if err != nil {`
			`return err`
			`}`

			`if found.Name != rs.Primary.ID {`
			`return fmt.Errorf("Firewall not found")`
			`}`

			`firewall = found`

			`return nil`
			`}`
			`}`

providers/google: compute_firewall update 2014-08-26 19:50:08 +00:00			`func testAccCheckComputeFirewallPorts(`
			`firewall *compute.Firewall, ports string) resource.TestCheckFunc {`
			`return func(s *terraform.State) error {`
			`if len(firewall.Allowed) == 0 {`
			`return fmt.Errorf("no allowed rules")`
			`}`

			`if firewall.Allowed[0].Ports[0] != ports {`
			`return fmt.Errorf("bad: %#v", firewall.Allowed[0].Ports)`
			`}`

			`return nil`
			`}`
			`}`

Add Beta support & Beta feature deny to google_compute_firewall (#282) * Add versioned Beta support to google_compute_firewall. * Add Beta support for deny to google_compute_firewall. * remove extra line: * make fmt * Add missing ForceNew fields. * Respond to review comments testing functionality + reducing network GET to v1 2017-08-07 20:14:35 +00:00			`func testAccCheckComputeBetaFirewallDenyPorts(firewall *computeBeta.Firewall, ports string) resource.TestCheckFunc {`
			`return func(s *terraform.State) error {`
			`if len(firewall.Denied) == 0 {`
			`return fmt.Errorf("no denied rules")`
			`}`

			`if firewall.Denied[0].Ports[0] != ports {`
			`return fmt.Errorf("bad: %#v", firewall.Denied[0].Ports)`
			`}`

			`return nil`
			`}`
			`}`

provider/google: limit hardcoded test resource names 2016-01-06 00:49:06 +00:00			`func testAccComputeFirewall_basic(network, firewall string) string {`
			return fmt.Sprintf(`
			`resource "google_compute_network" "foobar" {`
provider/google: Support Import of 'google_compute_firewall' 2016-08-04 20:51:29 +00:00			`name = "%s"`
provider/google: limit hardcoded test resource names 2016-01-06 00:49:06 +00:00			`ipv4_range = "10.0.0.0/16"`
providers/google: compute_firewall 2014-08-26 05:09:38 +00:00			`}`
providers/google: compute_firewall update 2014-08-26 19:50:08 +00:00
provider/google: limit hardcoded test resource names 2016-01-06 00:49:06 +00:00			`resource "google_compute_firewall" "foobar" {`
			`name = "firewall-test-%s"`
			`description = "Resource created for Terraform acceptance testing"`
			`network = "${google_compute_network.foobar.name}"`
			`source_tags = ["foo"]`
providers/google: compute_firewall update 2014-08-26 19:50:08 +00:00
provider/google: limit hardcoded test resource names 2016-01-06 00:49:06 +00:00			`allow {`
			`protocol = "icmp"`
			`}`
			}`, network, firewall)
			`}`
providers/google: compute_firewall update 2014-08-26 19:50:08 +00:00
provider/google: limit hardcoded test resource names 2016-01-06 00:49:06 +00:00			`func testAccComputeFirewall_update(network, firewall string) string {`
			return fmt.Sprintf(`
			`resource "google_compute_network" "foobar" {`
provider/google: Support Import of 'google_compute_firewall' 2016-08-04 20:51:29 +00:00			`name = "%s"`
provider/google: limit hardcoded test resource names 2016-01-06 00:49:06 +00:00			`ipv4_range = "10.0.0.0/16"`
providers/google: compute_firewall update 2014-08-26 19:50:08 +00:00			`}`
provider/google: limit hardcoded test resource names 2016-01-06 00:49:06 +00:00
			`resource "google_compute_firewall" "foobar" {`
			`name = "firewall-test-%s"`
			`description = "Resource created for Terraform acceptance testing"`
			`network = "${google_compute_network.foobar.name}"`
			`source_tags = ["foo"]`

			`allow {`
			`protocol = "tcp"`
			`ports = ["80-255"]`
			`}`
			}`, network, firewall)
			`}`
compute_firewall: set source_ranges to Computed to avoid perpetual diff If this is not set in Terraform, then the API defaults to 0.0.0.0/0, Terraform would then attempt to remove that value and so on. 2017-06-21 08:51:25 +00:00
			`func testAccComputeFirewall_noSource(network, firewall string) string {`
			return fmt.Sprintf(`
			`resource "google_compute_network" "foobar" {`
			`name = "%s"`
			`ipv4_range = "10.0.0.0/16"`
			`}`

			`resource "google_compute_firewall" "foobar" {`
			`name = "firewall-test-%s"`
			`description = "Resource created for Terraform acceptance testing"`
			`network = "${google_compute_network.foobar.name}"`

			`allow {`
			`protocol = "tcp"`
			`ports = [22]`
			`}`
			}`, network, firewall)
			`}`
Add Beta support & Beta feature deny to google_compute_firewall (#282) * Add versioned Beta support to google_compute_firewall. * Add Beta support for deny to google_compute_firewall. * remove extra line: * make fmt * Add missing ForceNew fields. * Respond to review comments testing functionality + reducing network GET to v1 2017-08-07 20:14:35 +00:00
			`func testAccComputeFirewall_denied(network, firewall string) string {`
			return fmt.Sprintf(`
			`resource "google_compute_network" "foobar" {`
			`name = "%s"`
			`ipv4_range = "10.0.0.0/16"`
			`}`

			`resource "google_compute_firewall" "foobar" {`
			`name = "firewall-test-%s"`
			`description = "Resource created for Terraform acceptance testing"`
			`network = "${google_compute_network.foobar.name}"`
			`source_tags = ["foo"]`

			`deny {`
			`protocol = "tcp"`
			`ports = [22]`
			`}`
			}`, network, firewall)
			`}`