mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-07-03 08:42:39 +00:00
Add ability to set priority on compute_firewall (#345)
* Add ability to set priority on compute_firewall * Set the priority explicitly when upgrading v1->v0beta
This commit is contained in:
Joe Selman
GitHub
parent
2f71ca6530
commit
6377443d4a
|
|
@ -14,11 +14,14 @@ import (
|
|||
"google.golang.org/api/compute/v1"
|
||||
)
|
||||
|
||||
const COMPUTE_FIREWALL_PRIORITY_DEFAULT = 1000
|
||||
|
||||
var FirewallBaseApiVersion = v1
|
||||
var FirewallVersionedFeatures = []Feature{
|
||||
Feature{Version: v0beta, Item: "deny"},
|
||||
Feature{Version: v0beta, Item: "direction"},
|
||||
Feature{Version: v0beta, Item: "destination_ranges"},
|
||||
Feature{Version: v0beta, Item: "priority"},
|
||||
}
|
||||
|
||||
func resourceComputeFirewall() *schema.Resource {
|
||||
|
|
@ -46,6 +49,14 @@ func resourceComputeFirewall() *schema.Resource {
|
|||
ForceNew: true,
|
||||
},
|
||||
|
||||
"priority": {
|
||||
Type: schema.TypeInt,
|
||||
Optional: true,
|
||||
ForceNew: true,
|
||||
Default: COMPUTE_FIREWALL_PRIORITY_DEFAULT,
|
||||
ValidateFunc: validation.IntBetween(0, 65535),
|
||||
},
|
||||
|
||||
"allow": {
|
||||
Type: schema.TypeSet,
|
||||
Optional: true,
|
||||
|
|
@ -267,6 +278,10 @@ func resourceComputeFirewallRead(d *schema.ResourceData, meta interface{}) error
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
// During firewall conversion from v1 to v0beta, the value for Priority is read as 0 (as it doesn't exist in
|
||||
// v1). Unfortunately this is a valid value, but not the same as the default. To avoid this, we explicitly set
|
||||
// the default value here.
|
||||
firewall.Priority = COMPUTE_FIREWALL_PRIORITY_DEFAULT
|
||||
case v0beta:
|
||||
firewallV0Beta, err := config.clientComputeBeta.Firewalls.Get(project, d.Id()).Do()
|
||||
if err != nil {
|
||||
|
|
@ -299,6 +314,7 @@ func resourceComputeFirewallRead(d *schema.ResourceData, meta interface{}) error
|
|||
d.Set("target_tags", firewall.TargetTags)
|
||||
d.Set("allow", flattenAllowed(firewall.Allowed))
|
||||
d.Set("deny", flattenDenied(firewall.Denied))
|
||||
d.Set("priority", int(firewall.Priority))
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
@ -485,5 +501,6 @@ func resourceFirewall(d *schema.ResourceData, meta interface{}, computeApiVersio
|
|||
SourceTags: sourceTags,
|
||||
DestinationRanges: destinationRanges,
|
||||
TargetTags: targetTags,
|
||||
Priority: int64(d.Get("priority").(int)),
|
||||
}, nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -63,6 +63,26 @@ func TestAccComputeFirewall_update(t *testing.T) {
|
|||
})
|
||||
}
|
||||
|
||||
func TestAccComputeFirewall_priority(t *testing.T) {
|
||||
var firewall computeBeta.Firewall
|
||||
networkName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))
|
||||
firewallName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))
|
||||
|
||||
resource.Test(t, resource.TestCase{
|
||||
PreCheck: func() { testAccPreCheck(t) },
|
||||
Providers: testAccProviders,
|
||||
CheckDestroy: testAccCheckComputeFirewallDestroy,
|
||||
Steps: []resource.TestStep{{
|
||||
Config: testAccComputeFirewall_priority(networkName, firewallName, 1001),
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckComputeBetaFirewallExists(
|
||||
"google_compute_firewall.foobar", &firewall),
|
||||
testAccCheckComputeFirewallHasPriority(&firewall, 1001),
|
||||
),
|
||||
}},
|
||||
})
|
||||
}
|
||||
|
||||
func TestAccComputeFirewall_noSource(t *testing.T) {
|
||||
var firewall compute.Firewall
|
||||
networkName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))
|
||||
|
|
@ -173,6 +193,15 @@ func testAccCheckComputeFirewallExists(n string, firewall *compute.Firewall) res
|
|||
}
|
||||
}
|
||||
|
||||
func testAccCheckComputeFirewallHasPriority(firewall *computeBeta.Firewall, priority int) resource.TestCheckFunc {
|
||||
return func(s *terraform.State) error {
|
||||
if firewall.Priority != int64(priority) {
|
||||
return fmt.Errorf("Priority for firewall does not match: expected %d, found %d", priority, firewall.Priority)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
func testAccCheckComputeBetaFirewallExists(n string, firewall *computeBeta.Firewall) resource.TestCheckFunc {
|
||||
return func(s *terraform.State) error {
|
||||
rs, ok := s.RootModule().Resources[n]
|
||||
|
|
@ -280,6 +309,26 @@ func testAccComputeFirewall_update(network, firewall string) string {
|
|||
}`, network, firewall)
|
||||
}
|
||||
|
||||
func testAccComputeFirewall_priority(network, firewall string, priority int) string {
|
||||
return fmt.Sprintf(`
|
||||
resource "google_compute_network" "foobar" {
|
||||
name = "%s"
|
||||
ipv4_range = "10.0.0.0/16"
|
||||
}
|
||||
|
||||
resource "google_compute_firewall" "foobar" {
|
||||
name = "firewall-test-%s"
|
||||
description = "Resource created for Terraform acceptance testing"
|
||||
network = "${google_compute_network.foobar.name}"
|
||||
source_tags = ["foo"]
|
||||
|
||||
allow {
|
||||
protocol = "icmp"
|
||||
}
|
||||
priority = %d
|
||||
}`, network, firewall, priority)
|
||||
}
|
||||
|
||||
func testAccComputeFirewall_noSource(network, firewall string) string {
|
||||
return fmt.Sprintf(`
|
||||
resource "google_compute_network" "foobar" {
|
||||
|
|
|
|||
|
|
@ -52,6 +52,10 @@ The following arguments are supported:
|
|||
* `project` - (Optional) The project in which the resource belongs. If it
|
||||
is not provided, the provider project is used.
|
||||
|
||||
* `priority` - (Optional) The priority for this firewall. Ranges from 0-65535, inclusive. Defaults to 1000. Firewall
|
||||
resources with lower priority values have higher precedence (e.g. a firewall resource with a priority value of 0
|
||||
takes effect over all other firewall rules with a non-zero priority).
|
||||
|
||||
* `source_ranges` - (Optional) A list of source CIDR ranges that this
|
||||
firewall applies to. Can't be used for `EGRESS`.
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user