From 763f67c22c55a17d03358de02ff1dab68a85e800 Mon Sep 17 00:00:00 2001
From: Peter McAtominey <peter@tripiq.eu>
Date: Wed, 21 Jun 2017 09:51:25 +0100
Subject: [PATCH] compute_firewall: set source_ranges to Computed to avoid
 perpetual diff

If this is not set in Terraform, then the API defaults to 0.0.0.0/0,
Terraform would then attempt to remove that value and so on.
---
 google/resource_compute_firewall.go      |  1 +
 google/resource_compute_firewall_test.go | 40 ++++++++++++++++++++++++
 2 files changed, 41 insertions(+)

diff --git a/google/resource_compute_firewall.go b/google/resource_compute_firewall.go
index c276d86c..571d5572 100644
--- a/google/resource_compute_firewall.go
+++ b/google/resource_compute_firewall.go
@@ -76,6 +76,7 @@ func resourceComputeFirewall() *schema.Resource {
 			"source_ranges": {
 				Type:     schema.TypeSet,
 				Optional: true,
+				Computed: true,
 				Elem:     &schema.Schema{Type: schema.TypeString},
 				Set:      schema.HashString,
 			},
diff --git a/google/resource_compute_firewall_test.go b/google/resource_compute_firewall_test.go
index 8b077314..01bafcbb 100644
--- a/google/resource_compute_firewall_test.go
+++ b/google/resource_compute_firewall_test.go
@@ -61,6 +61,27 @@ func TestAccComputeFirewall_update(t *testing.T) {
 	})
 }
 
+func TestAccComputeFirewall_noSource(t *testing.T) {
+	var firewall compute.Firewall
+	networkName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))
+	firewallName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckComputeFirewallDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccComputeFirewall_noSource(networkName, firewallName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckComputeFirewallExists(
+						"google_compute_firewall.foobar", &firewall),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckComputeFirewallDestroy(s *terraform.State) error {
 	config := testAccProvider.Meta().(*Config)
 
@@ -161,3 +182,22 @@ func testAccComputeFirewall_update(network, firewall string) string {
 		}
 	}`, network, firewall)
 }
+
+func testAccComputeFirewall_noSource(network, firewall string) string {
+	return fmt.Sprintf(`
+	resource "google_compute_network" "foobar" {
+		name = "%s"
+		ipv4_range = "10.0.0.0/16"
+	}
+
+	resource "google_compute_firewall" "foobar" {
+		name = "firewall-test-%s"
+		description = "Resource created for Terraform acceptance testing"
+		network = "${google_compute_network.foobar.name}"
+
+		allow {
+			protocol = "tcp"
+			ports    = [22]
+		}
+	}`, network, firewall)
+}