mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-10-03 01:01:06 +00:00
All beta fields in compute firewall are GA (#768)
* Upgrade compute v1 client * Upgrade gensupport * Use v1 API now that all beta features are in GA for `google_compute_firewall`
This commit is contained in:
parent
7e0da698d9
commit
454384fc70
@ -13,17 +13,8 @@ import (
|
||||
"google.golang.org/api/compute/v1"
|
||||
)
|
||||
|
||||
const COMPUTE_FIREWALL_PRIORITY_DEFAULT = 1000
|
||||
|
||||
var FirewallBaseApiVersion = v1
|
||||
var FirewallVersionedFeatures = []Feature{
|
||||
Feature{Version: v0beta, Item: "deny"},
|
||||
Feature{Version: v0beta, Item: "direction"},
|
||||
Feature{Version: v0beta, Item: "destination_ranges"},
|
||||
Feature{Version: v0beta, Item: "priority", DefaultValue: COMPUTE_FIREWALL_PRIORITY_DEFAULT},
|
||||
Feature{Version: v0beta, Item: "source_service_accounts"},
|
||||
Feature{Version: v0beta, Item: "target_service_accounts"},
|
||||
}
|
||||
var FirewallVersionedFeatures = []Feature{}
|
||||
|
||||
func resourceComputeFirewall() *schema.Resource {
|
||||
return &schema.Resource{
|
||||
@ -55,7 +46,7 @@ func resourceComputeFirewall() *schema.Resource {
|
||||
Type: schema.TypeInt,
|
||||
Optional: true,
|
||||
ForceNew: true,
|
||||
Default: COMPUTE_FIREWALL_PRIORITY_DEFAULT,
|
||||
Default: 1000,
|
||||
ValidateFunc: validation.IntBetween(0, 65535),
|
||||
},
|
||||
|
||||
@ -251,7 +242,7 @@ func resourceComputeFirewallCreate(d *schema.ResourceData, meta interface{}) err
|
||||
return resourceComputeFirewallRead(d, meta)
|
||||
}
|
||||
|
||||
func flattenAllowed(allowed []*computeBeta.FirewallAllowed) []map[string]interface{} {
|
||||
func flattenFirewallAllowed(allowed []*computeBeta.FirewallAllowed) []map[string]interface{} {
|
||||
result := make([]map[string]interface{}, 0, len(allowed))
|
||||
for _, allow := range allowed {
|
||||
allowMap := make(map[string]interface{})
|
||||
@ -263,7 +254,7 @@ func flattenAllowed(allowed []*computeBeta.FirewallAllowed) []map[string]interfa
|
||||
return result
|
||||
}
|
||||
|
||||
func flattenDenied(denied []*computeBeta.FirewallDenied) []map[string]interface{} {
|
||||
func flattenFirewallDenied(denied []*computeBeta.FirewallDenied) []map[string]interface{} {
|
||||
result := make([]map[string]interface{}, 0, len(denied))
|
||||
for _, deny := range denied {
|
||||
denyMap := make(map[string]interface{})
|
||||
@ -296,10 +287,6 @@ func resourceComputeFirewallRead(d *schema.ResourceData, meta interface{}) error
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
// During firewall conversion from v1 to v0beta, the value for Priority is read as 0 (as it doesn't exist in
|
||||
// v1). Unfortunately this is a valid value, but not the same as the default. To avoid this, we explicitly set
|
||||
// the default value here.
|
||||
firewall.Priority = COMPUTE_FIREWALL_PRIORITY_DEFAULT
|
||||
case v0beta:
|
||||
firewallV0Beta, err := config.clientComputeBeta.Firewalls.Get(project, d.Id()).Do()
|
||||
if err != nil {
|
||||
@ -329,8 +316,8 @@ func resourceComputeFirewallRead(d *schema.ResourceData, meta interface{}) error
|
||||
d.Set("source_tags", firewall.SourceTags)
|
||||
d.Set("destination_ranges", firewall.DestinationRanges)
|
||||
d.Set("target_tags", firewall.TargetTags)
|
||||
d.Set("allow", flattenAllowed(firewall.Allowed))
|
||||
d.Set("deny", flattenDenied(firewall.Denied))
|
||||
d.Set("allow", flattenFirewallAllowed(firewall.Allowed))
|
||||
d.Set("deny", flattenFirewallDenied(firewall.Denied))
|
||||
d.Set("priority", int(firewall.Priority))
|
||||
d.Set("source_service_accounts", firewall.SourceServiceAccounts)
|
||||
d.Set("target_service_accounts", firewall.TargetServiceAccounts)
|
||||
|
@ -76,7 +76,7 @@ func TestAccComputeFirewall_update(t *testing.T) {
|
||||
func TestAccComputeFirewall_priority(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
var firewall computeBeta.Firewall
|
||||
var firewall compute.Firewall
|
||||
networkName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))
|
||||
firewallName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))
|
||||
|
||||
@ -87,10 +87,10 @@ func TestAccComputeFirewall_priority(t *testing.T) {
|
||||
Steps: []resource.TestStep{{
|
||||
Config: testAccComputeFirewall_priority(networkName, firewallName, 1001),
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckComputeBetaFirewallExists(
|
||||
testAccCheckComputeFirewallExists(
|
||||
"google_compute_firewall.foobar", &firewall),
|
||||
testAccCheckComputeFirewallHasPriority(&firewall, 1001),
|
||||
testAccCheckComputeFirewallBetaApiVersion(&firewall),
|
||||
testAccCheckComputeFirewallApiVersion(&firewall),
|
||||
),
|
||||
}},
|
||||
})
|
||||
@ -123,7 +123,7 @@ func TestAccComputeFirewall_noSource(t *testing.T) {
|
||||
func TestAccComputeFirewall_denied(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
var firewall computeBeta.Firewall
|
||||
var firewall compute.Firewall
|
||||
networkName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))
|
||||
firewallName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))
|
||||
|
||||
@ -135,9 +135,9 @@ func TestAccComputeFirewall_denied(t *testing.T) {
|
||||
resource.TestStep{
|
||||
Config: testAccComputeFirewall_denied(networkName, firewallName),
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckComputeBetaFirewallExists("google_compute_firewall.foobar", &firewall),
|
||||
testAccCheckComputeBetaFirewallDenyPorts(&firewall, "22"),
|
||||
testAccCheckComputeFirewallBetaApiVersion(&firewall),
|
||||
testAccCheckComputeFirewallExists("google_compute_firewall.foobar", &firewall),
|
||||
testAccCheckComputeFirewallDenyPorts(&firewall, "22"),
|
||||
testAccCheckComputeFirewallApiVersion(&firewall),
|
||||
),
|
||||
},
|
||||
},
|
||||
@ -147,7 +147,7 @@ func TestAccComputeFirewall_denied(t *testing.T) {
|
||||
func TestAccComputeFirewall_egress(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
var firewall computeBeta.Firewall
|
||||
var firewall compute.Firewall
|
||||
networkName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))
|
||||
firewallName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))
|
||||
|
||||
@ -159,9 +159,9 @@ func TestAccComputeFirewall_egress(t *testing.T) {
|
||||
resource.TestStep{
|
||||
Config: testAccComputeFirewall_egress(networkName, firewallName),
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckComputeBetaFirewallExists("google_compute_firewall.foobar", &firewall),
|
||||
testAccCheckComputeBetaFirewallEgress(&firewall),
|
||||
testAccCheckComputeFirewallBetaApiVersion(&firewall),
|
||||
testAccCheckComputeFirewallExists("google_compute_firewall.foobar", &firewall),
|
||||
testAccCheckComputeFirewallEgress(&firewall),
|
||||
testAccCheckComputeFirewallApiVersion(&firewall),
|
||||
),
|
||||
},
|
||||
},
|
||||
@ -171,7 +171,7 @@ func TestAccComputeFirewall_egress(t *testing.T) {
|
||||
func TestAccComputeFirewall_serviceAccounts(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
var firewall computeBeta.Firewall
|
||||
var firewall compute.Firewall
|
||||
networkName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))
|
||||
firewallName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))
|
||||
|
||||
@ -189,9 +189,9 @@ func TestAccComputeFirewall_serviceAccounts(t *testing.T) {
|
||||
resource.TestStep{
|
||||
Config: testAccComputeFirewall_serviceAccounts(sourceSa, targetSa, networkName, firewallName),
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckComputeBetaFirewallExists("google_compute_firewall.foobar", &firewall),
|
||||
testAccCheckComputeBetaFirewallServiceAccounts(sourceSaEmail, targetSaEmail, &firewall),
|
||||
testAccCheckComputeFirewallBetaApiVersion(&firewall),
|
||||
testAccCheckComputeFirewallExists("google_compute_firewall.foobar", &firewall),
|
||||
testAccCheckComputeFirewallServiceAccounts(sourceSaEmail, targetSaEmail, &firewall),
|
||||
testAccCheckComputeFirewallApiVersion(&firewall),
|
||||
),
|
||||
},
|
||||
},
|
||||
@ -245,7 +245,7 @@ func testAccCheckComputeFirewallExists(n string, firewall *compute.Firewall) res
|
||||
}
|
||||
}
|
||||
|
||||
func testAccCheckComputeFirewallHasPriority(firewall *computeBeta.Firewall, priority int) resource.TestCheckFunc {
|
||||
func testAccCheckComputeFirewallHasPriority(firewall *compute.Firewall, priority int) resource.TestCheckFunc {
|
||||
return func(s *terraform.State) error {
|
||||
if firewall.Priority != int64(priority) {
|
||||
return fmt.Errorf("Priority for firewall does not match: expected %d, found %d", priority, firewall.Priority)
|
||||
@ -298,7 +298,7 @@ func testAccCheckComputeFirewallPorts(
|
||||
}
|
||||
}
|
||||
|
||||
func testAccCheckComputeBetaFirewallDenyPorts(firewall *computeBeta.Firewall, ports string) resource.TestCheckFunc {
|
||||
func testAccCheckComputeFirewallDenyPorts(firewall *compute.Firewall, ports string) resource.TestCheckFunc {
|
||||
return func(s *terraform.State) error {
|
||||
if len(firewall.Denied) == 0 {
|
||||
return fmt.Errorf("no denied rules")
|
||||
@ -312,7 +312,7 @@ func testAccCheckComputeBetaFirewallDenyPorts(firewall *computeBeta.Firewall, po
|
||||
}
|
||||
}
|
||||
|
||||
func testAccCheckComputeBetaFirewallEgress(firewall *computeBeta.Firewall) resource.TestCheckFunc {
|
||||
func testAccCheckComputeFirewallEgress(firewall *compute.Firewall) resource.TestCheckFunc {
|
||||
return func(s *terraform.State) error {
|
||||
if firewall.Direction != "EGRESS" {
|
||||
return fmt.Errorf("firewall not EGRESS")
|
||||
@ -322,7 +322,7 @@ func testAccCheckComputeBetaFirewallEgress(firewall *computeBeta.Firewall) resou
|
||||
}
|
||||
}
|
||||
|
||||
func testAccCheckComputeBetaFirewallServiceAccounts(sourceSa, targetSa string, firewall *computeBeta.Firewall) resource.TestCheckFunc {
|
||||
func testAccCheckComputeFirewallServiceAccounts(sourceSa, targetSa string, firewall *compute.Firewall) resource.TestCheckFunc {
|
||||
return func(s *terraform.State) error {
|
||||
if len(firewall.SourceServiceAccounts) != 1 || firewall.SourceServiceAccounts[0] != sourceSa {
|
||||
return fmt.Errorf("Expected sourceServiceAccount of %s, got %v", sourceSa, firewall.SourceServiceAccounts)
|
||||
@ -352,7 +352,7 @@ func testAccCheckComputeFirewallApiVersion(firewall *compute.Firewall) resource.
|
||||
// The self-link of the network field is used to determine which API was used when fetching
|
||||
// the state from the API.
|
||||
if !strings.Contains(firewall.Network, "compute/v1") {
|
||||
return fmt.Errorf("firewall beta API was not used")
|
||||
return fmt.Errorf("firewall v1 API was not used")
|
||||
}
|
||||
|
||||
return nil
|
||||
|
7040
vendor/google.golang.org/api/compute/v1/compute-api.json
generated
vendored
7040
vendor/google.golang.org/api/compute/v1/compute-api.json
generated
vendored
File diff suppressed because it is too large
Load Diff
12795
vendor/google.golang.org/api/compute/v1/compute-gen.go
generated
vendored
12795
vendor/google.golang.org/api/compute/v1/compute-gen.go
generated
vendored
File diff suppressed because it is too large
Load Diff
10
vendor/google.golang.org/api/gensupport/send.go
generated
vendored
10
vendor/google.golang.org/api/gensupport/send.go
generated
vendored
@ -5,6 +5,7 @@
|
||||
package gensupport
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"net/http"
|
||||
|
||||
@ -59,3 +60,12 @@ func SendRequest(ctx context.Context, client *http.Client, req *http.Request) (*
|
||||
}
|
||||
return resp, err
|
||||
}
|
||||
|
||||
// DecodeResponse decodes the body of res into target. If there is no body,
|
||||
// target is unchanged.
|
||||
func DecodeResponse(target interface{}, res *http.Response) error {
|
||||
if res.StatusCode == http.StatusNoContent {
|
||||
return nil
|
||||
}
|
||||
return json.NewDecoder(res.Body).Decode(target)
|
||||
}
|
||||
|
12
vendor/vendor.json
vendored
12
vendor/vendor.json
vendored
@ -1062,10 +1062,10 @@
|
||||
"revisionTime": "2017-08-10T01:39:55Z"
|
||||
},
|
||||
{
|
||||
"checksumSHA1": "YV/pP+zT70CYbDN79bBO7NypLXk=",
|
||||
"checksumSHA1": "FDH3RnrVbXNiOeQ0Wfi41oXZ+p0=",
|
||||
"path": "google.golang.org/api/compute/v1",
|
||||
"revision": "e962708912ea1b4d4321358ccdae614a77eb883a",
|
||||
"revisionTime": "2017-09-27T00:04:17Z"
|
||||
"revision": "790790d1b4a7d6b0d03d3725f980eedf80dc2707",
|
||||
"revisionTime": "2017-11-18T00:03:45Z"
|
||||
},
|
||||
{
|
||||
"checksumSHA1": "acuDPZa9rxUvFhdijdVfG4jy+rw=",
|
||||
@ -1091,10 +1091,10 @@
|
||||
"revisionTime": "2016-11-27T23:54:21Z"
|
||||
},
|
||||
{
|
||||
"checksumSHA1": "/y0saWnM+kTnSvZrNlvoNOgj0Uo=",
|
||||
"checksumSHA1": "QG/4r7h0fWCSM4tn8932h02tSIo=",
|
||||
"path": "google.golang.org/api/gensupport",
|
||||
"revision": "672d215daf0631fcae4c08c2a4324a763aaaf789",
|
||||
"revisionTime": "2017-10-29T00:03:09Z"
|
||||
"revision": "790790d1b4a7d6b0d03d3725f980eedf80dc2707",
|
||||
"revisionTime": "2017-11-18T00:03:45Z"
|
||||
},
|
||||
{
|
||||
"checksumSHA1": "BWKmb7kGYbfbvXO6E7tCpTh9zKE=",
|
||||
|
@ -65,17 +65,17 @@ The following arguments are supported:
|
||||
|
||||
- - -
|
||||
|
||||
* `deny` - (Optional, [Beta](/docs/providers/google/index.html#beta-features)) Can be specified multiple times for each deny
|
||||
* `deny` - (Optional) Can be specified multiple times for each deny
|
||||
rule. Each deny block supports fields documented below. Can be specified
|
||||
instead of allow.
|
||||
|
||||
* `direction` - (Optional, [Beta](/docs/providers/google/index.html#beta-features)) Direction of traffic to which this firewall applies;
|
||||
* `direction` - (Optional) Direction of traffic to which this firewall applies;
|
||||
One of `INGRESS` or `EGRESS`. Defaults to `INGRESS`.
|
||||
|
||||
* `destination_ranges` - (Optional, [Beta](/docs/providers/google/index.html#beta-features)) A list of destination CIDR ranges that this
|
||||
* `destination_ranges` - (Optional) A list of destination CIDR ranges that this
|
||||
firewall applies to. Can't be used for `INGRESS`.
|
||||
|
||||
* `source_service_accounts` - (Optional, [Beta](/docs/providers/google/index.html#beta-features)) A list of service accounts such that
|
||||
* `source_service_accounts` - (Optional) A list of service accounts such that
|
||||
the firewall will apply only to traffic originating from an instance with a service account in this list. Source service accounts
|
||||
cannot be used to control traffic to an instance's external IP address because service accounts are associated with an instance, not
|
||||
an IP address. `source_ranges` can be set at the same time as `source_service_accounts`. If both are set, the firewall will apply to
|
||||
@ -83,7 +83,7 @@ The following arguments are supported:
|
||||
`source_service_accounts`. The connection does not need to match both properties for the firewall to apply. `source_service_accounts`
|
||||
cannot be used at the same time as `source_tags` or `target_tags`.
|
||||
|
||||
* `target_service_accounts` - (Optional, [Beta](/docs/providers/google/index.html#beta-features)) A list of service accounts indicating
|
||||
* `target_service_accounts` - (Optional) A list of service accounts indicating
|
||||
sets of instances located in the network that may make network connections as specified in `allow`. `target_service_accounts` cannot
|
||||
be used at the same time as `source_tags` or `target_tags`. If neither `target_service_accounts` nor `target_tags` are specified, the
|
||||
firewall rule applies to all instances on the specified network.
|
||||
|
Loading…
Reference in New Issue
Block a user