All beta fields in compute firewall are GA (#768)

* Upgrade compute v1 client
* Upgrade gensupport
* Use v1 API now that all beta features are in GA for `google_compute_firewall`

google/resource_compute_firewall.go

@@ -13,17 +13,8 @@ import (
 	"google.golang.org/api/compute/v1"
 )
 
-const COMPUTE_FIREWALL_PRIORITY_DEFAULT = 1000
-
 var FirewallBaseApiVersion = v1
-var FirewallVersionedFeatures = []Feature{
-	Feature{Version: v0beta, Item: "deny"},
-	Feature{Version: v0beta, Item: "direction"},
-	Feature{Version: v0beta, Item: "destination_ranges"},
-	Feature{Version: v0beta, Item: "priority", DefaultValue: COMPUTE_FIREWALL_PRIORITY_DEFAULT},
-	Feature{Version: v0beta, Item: "source_service_accounts"},
-	Feature{Version: v0beta, Item: "target_service_accounts"},
-}
+var FirewallVersionedFeatures = []Feature{}
 
 func resourceComputeFirewall() *schema.Resource {
 	return &schema.Resource{
@@ -55,7 +46,7 @@ func resourceComputeFirewall() *schema.Resource {
 				Type:         schema.TypeInt,
 				Optional:     true,
 				ForceNew:     true,
-				Default:      COMPUTE_FIREWALL_PRIORITY_DEFAULT,
+				Default:      1000,
 				ValidateFunc: validation.IntBetween(0, 65535),
 			},
 
@@ -251,7 +242,7 @@ func resourceComputeFirewallCreate(d *schema.ResourceData, meta interface{}) err
 	return resourceComputeFirewallRead(d, meta)
 }
 
-func flattenAllowed(allowed []*computeBeta.FirewallAllowed) []map[string]interface{} {
+func flattenFirewallAllowed(allowed []*computeBeta.FirewallAllowed) []map[string]interface{} {
 	result := make([]map[string]interface{}, 0, len(allowed))
 	for _, allow := range allowed {
 		allowMap := make(map[string]interface{})
@@ -263,7 +254,7 @@ func flattenAllowed(allowed []*computeBeta.FirewallAllowed) []map[string]interfa
 	return result
 }
 
-func flattenDenied(denied []*computeBeta.FirewallDenied) []map[string]interface{} {
+func flattenFirewallDenied(denied []*computeBeta.FirewallDenied) []map[string]interface{} {
 	result := make([]map[string]interface{}, 0, len(denied))
 	for _, deny := range denied {
 		denyMap := make(map[string]interface{})
@@ -296,10 +287,6 @@ func resourceComputeFirewallRead(d *schema.ResourceData, meta interface{}) error
 		if err != nil {
 			return err
 		}
-		// During firewall conversion from v1 to v0beta, the value for Priority is read as 0 (as it doesn't exist in
-		// v1). Unfortunately this is a valid value, but not the same as the default. To avoid this, we explicitly set
-		// the default value here.
-		firewall.Priority = COMPUTE_FIREWALL_PRIORITY_DEFAULT
 	case v0beta:
 		firewallV0Beta, err := config.clientComputeBeta.Firewalls.Get(project, d.Id()).Do()
 		if err != nil {
@@ -329,8 +316,8 @@ func resourceComputeFirewallRead(d *schema.ResourceData, meta interface{}) error
 	d.Set("source_tags", firewall.SourceTags)
 	d.Set("destination_ranges", firewall.DestinationRanges)
 	d.Set("target_tags", firewall.TargetTags)
-	d.Set("allow", flattenAllowed(firewall.Allowed))
-	d.Set("deny", flattenDenied(firewall.Denied))
+	d.Set("allow", flattenFirewallAllowed(firewall.Allowed))
+	d.Set("deny", flattenFirewallDenied(firewall.Denied))
 	d.Set("priority", int(firewall.Priority))
 	d.Set("source_service_accounts", firewall.SourceServiceAccounts)
 	d.Set("target_service_accounts", firewall.TargetServiceAccounts)

google/resource_compute_firewall_test.go

@@ -76,7 +76,7 @@ func TestAccComputeFirewall_update(t *testing.T) {
 func TestAccComputeFirewall_priority(t *testing.T) {
 	t.Parallel()
 
-	var firewall computeBeta.Firewall
+	var firewall compute.Firewall
 	networkName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))
 	firewallName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))
 
@@ -87,10 +87,10 @@ func TestAccComputeFirewall_priority(t *testing.T) {
 		Steps: []resource.TestStep{{
 			Config: testAccComputeFirewall_priority(networkName, firewallName, 1001),
 			Check: resource.ComposeTestCheckFunc(
-				testAccCheckComputeBetaFirewallExists(
+				testAccCheckComputeFirewallExists(
 					"google_compute_firewall.foobar", &firewall),
 				testAccCheckComputeFirewallHasPriority(&firewall, 1001),
-				testAccCheckComputeFirewallBetaApiVersion(&firewall),
+				testAccCheckComputeFirewallApiVersion(&firewall),
 			),
 		}},
 	})
@@ -123,7 +123,7 @@ func TestAccComputeFirewall_noSource(t *testing.T) {
 func TestAccComputeFirewall_denied(t *testing.T) {
 	t.Parallel()
 
-	var firewall computeBeta.Firewall
+	var firewall compute.Firewall
 	networkName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))
 	firewallName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))
 
@@ -135,9 +135,9 @@ func TestAccComputeFirewall_denied(t *testing.T) {
 			resource.TestStep{
 				Config: testAccComputeFirewall_denied(networkName, firewallName),
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckComputeBetaFirewallExists("google_compute_firewall.foobar", &firewall),
-					testAccCheckComputeBetaFirewallDenyPorts(&firewall, "22"),
-					testAccCheckComputeFirewallBetaApiVersion(&firewall),
+					testAccCheckComputeFirewallExists("google_compute_firewall.foobar", &firewall),
+					testAccCheckComputeFirewallDenyPorts(&firewall, "22"),
+					testAccCheckComputeFirewallApiVersion(&firewall),
 				),
 			},
 		},
@@ -147,7 +147,7 @@ func TestAccComputeFirewall_denied(t *testing.T) {
 func TestAccComputeFirewall_egress(t *testing.T) {
 	t.Parallel()
 
-	var firewall computeBeta.Firewall
+	var firewall compute.Firewall
 	networkName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))
 	firewallName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))
 
@@ -159,9 +159,9 @@ func TestAccComputeFirewall_egress(t *testing.T) {
 			resource.TestStep{
 				Config: testAccComputeFirewall_egress(networkName, firewallName),
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckComputeBetaFirewallExists("google_compute_firewall.foobar", &firewall),
-					testAccCheckComputeBetaFirewallEgress(&firewall),
-					testAccCheckComputeFirewallBetaApiVersion(&firewall),
+					testAccCheckComputeFirewallExists("google_compute_firewall.foobar", &firewall),
+					testAccCheckComputeFirewallEgress(&firewall),
+					testAccCheckComputeFirewallApiVersion(&firewall),
 				),
 			},
 		},
@@ -171,7 +171,7 @@ func TestAccComputeFirewall_egress(t *testing.T) {
 func TestAccComputeFirewall_serviceAccounts(t *testing.T) {
 	t.Parallel()
 
-	var firewall computeBeta.Firewall
+	var firewall compute.Firewall
 	networkName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))
 	firewallName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))
 
@@ -189,9 +189,9 @@ func TestAccComputeFirewall_serviceAccounts(t *testing.T) {
 			resource.TestStep{
 				Config: testAccComputeFirewall_serviceAccounts(sourceSa, targetSa, networkName, firewallName),
 				Check: resource.ComposeTestCheckFunc(
-					testAccCheckComputeBetaFirewallExists("google_compute_firewall.foobar", &firewall),
-					testAccCheckComputeBetaFirewallServiceAccounts(sourceSaEmail, targetSaEmail, &firewall),
-					testAccCheckComputeFirewallBetaApiVersion(&firewall),
+					testAccCheckComputeFirewallExists("google_compute_firewall.foobar", &firewall),
+					testAccCheckComputeFirewallServiceAccounts(sourceSaEmail, targetSaEmail, &firewall),
+					testAccCheckComputeFirewallApiVersion(&firewall),
 				),
 			},
 		},
@@ -245,7 +245,7 @@ func testAccCheckComputeFirewallExists(n string, firewall *compute.Firewall) res
 	}
 }
 
-func testAccCheckComputeFirewallHasPriority(firewall *computeBeta.Firewall, priority int) resource.TestCheckFunc {
+func testAccCheckComputeFirewallHasPriority(firewall *compute.Firewall, priority int) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		if firewall.Priority != int64(priority) {
 			return fmt.Errorf("Priority for firewall does not match: expected %d, found %d", priority, firewall.Priority)
@@ -298,7 +298,7 @@ func testAccCheckComputeFirewallPorts(
 	}
 }
 
-func testAccCheckComputeBetaFirewallDenyPorts(firewall *computeBeta.Firewall, ports string) resource.TestCheckFunc {
+func testAccCheckComputeFirewallDenyPorts(firewall *compute.Firewall, ports string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		if len(firewall.Denied) == 0 {
 			return fmt.Errorf("no denied rules")
@@ -312,7 +312,7 @@ func testAccCheckComputeBetaFirewallDenyPorts(firewall *computeBeta.Firewall, po
 	}
 }
 
-func testAccCheckComputeBetaFirewallEgress(firewall *computeBeta.Firewall) resource.TestCheckFunc {
+func testAccCheckComputeFirewallEgress(firewall *compute.Firewall) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		if firewall.Direction != "EGRESS" {
 			return fmt.Errorf("firewall not EGRESS")
@@ -322,7 +322,7 @@ func testAccCheckComputeBetaFirewallEgress(firewall *computeBeta.Firewall) resou
 	}
 }
 
-func testAccCheckComputeBetaFirewallServiceAccounts(sourceSa, targetSa string, firewall *computeBeta.Firewall) resource.TestCheckFunc {
+func testAccCheckComputeFirewallServiceAccounts(sourceSa, targetSa string, firewall *compute.Firewall) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		if len(firewall.SourceServiceAccounts) != 1 || firewall.SourceServiceAccounts[0] != sourceSa {
 			return fmt.Errorf("Expected sourceServiceAccount of %s, got %v", sourceSa, firewall.SourceServiceAccounts)
@@ -352,7 +352,7 @@ func testAccCheckComputeFirewallApiVersion(firewall *compute.Firewall) resource.
 		// The self-link of the network field is used to determine which API was used when fetching
 		// the state from the API.
 		if !strings.Contains(firewall.Network, "compute/v1") {
-			return fmt.Errorf("firewall beta API was not used")
+			return fmt.Errorf("firewall v1 API was not used")
 		}
 
 		return nil

vendor/google.golang.org/api/gensupport/send.go

@@ -5,6 +5,7 @@
 package gensupport
 
 import (
+	"encoding/json"
 	"errors"
 	"net/http"
 
@@ -59,3 +60,12 @@ func SendRequest(ctx context.Context, client *http.Client, req *http.Request) (*
 	}
 	return resp, err
 }
+
+// DecodeResponse decodes the body of res into target. If there is no body,
+// target is unchanged.
+func DecodeResponse(target interface{}, res *http.Response) error {
+	if res.StatusCode == http.StatusNoContent {
+		return nil
+	}
+	return json.NewDecoder(res.Body).Decode(target)
+}

vendor/vendor.json

@@ -1062,10 +1062,10 @@
 			"revisionTime": "2017-08-10T01:39:55Z"
 		},
 		{
-			"checksumSHA1": "YV/pP+zT70CYbDN79bBO7NypLXk=",
+			"checksumSHA1": "FDH3RnrVbXNiOeQ0Wfi41oXZ+p0=",
 			"path": "google.golang.org/api/compute/v1",
-			"revision": "e962708912ea1b4d4321358ccdae614a77eb883a",
-			"revisionTime": "2017-09-27T00:04:17Z"
+			"revision": "790790d1b4a7d6b0d03d3725f980eedf80dc2707",
+			"revisionTime": "2017-11-18T00:03:45Z"
 		},
 		{
 			"checksumSHA1": "acuDPZa9rxUvFhdijdVfG4jy+rw=",
@@ -1091,10 +1091,10 @@
 			"revisionTime": "2016-11-27T23:54:21Z"
 		},
 		{
-			"checksumSHA1": "/y0saWnM+kTnSvZrNlvoNOgj0Uo=",
+			"checksumSHA1": "QG/4r7h0fWCSM4tn8932h02tSIo=",
 			"path": "google.golang.org/api/gensupport",
-			"revision": "672d215daf0631fcae4c08c2a4324a763aaaf789",
-			"revisionTime": "2017-10-29T00:03:09Z"
+			"revision": "790790d1b4a7d6b0d03d3725f980eedf80dc2707",
+			"revisionTime": "2017-11-18T00:03:45Z"
 		},
 		{
 			"checksumSHA1": "BWKmb7kGYbfbvXO6E7tCpTh9zKE=",

website/docs/r/compute_firewall.html.markdown

@@ -65,17 +65,17 @@ The following arguments are supported:
 
 - - -
 
-* `deny` - (Optional, [Beta](/docs/providers/google/index.html#beta-features)) Can be specified multiple times for each deny
+* `deny` - (Optional) Can be specified multiple times for each deny
     rule. Each deny block supports fields documented below. Can be specified
     instead of allow.
 
-* `direction` - (Optional, [Beta](/docs/providers/google/index.html#beta-features)) Direction of traffic to which this firewall applies;
+* `direction` - (Optional) Direction of traffic to which this firewall applies;
     One of `INGRESS` or `EGRESS`. Defaults to `INGRESS`.
 
-* `destination_ranges` - (Optional, [Beta](/docs/providers/google/index.html#beta-features)) A list of destination CIDR ranges that this
+* `destination_ranges` - (Optional) A list of destination CIDR ranges that this
    firewall applies to. Can't be used for `INGRESS`.
 
-* `source_service_accounts` - (Optional, [Beta](/docs/providers/google/index.html#beta-features)) A list of service accounts such that
+* `source_service_accounts` - (Optional) A list of service accounts such that
     the firewall will apply only to traffic originating from an instance with a service account in this list. Source service accounts
     cannot be used to control traffic to an instance's external IP address because service accounts are associated with an instance, not
     an IP address. `source_ranges` can be set at the same time as `source_service_accounts`. If both are set, the firewall will apply to
@@ -83,7 +83,7 @@ The following arguments are supported:
     `source_service_accounts`. The connection does not need to match both properties for the firewall to apply. `source_service_accounts`
     cannot be used at the same time as `source_tags` or `target_tags`.
 
-* `target_service_accounts` - (Optional, [Beta](/docs/providers/google/index.html#beta-features)) A list of service accounts indicating
+* `target_service_accounts` - (Optional) A list of service accounts indicating
     sets of instances located in the network that may make network connections as specified in `allow`. `target_service_accounts` cannot
     be used at the same time as `source_tags` or `target_tags`. If neither `target_service_accounts` nor `target_tags` are specified, the
     firewall rule applies to all instances on the specified network.