Add support for network_firewall_policy and region_network_firewall_policy #6693
Conversation
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
|
Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are. Diff report:Terraform GA: Diff ( 33 files changed, 4483 insertions(+), 42 deletions(-)) |
Tests analyticsTotal tests: Action takenTriggering VCR tests in RECORDING mode for the tests that failed during VCR. Click here to see the failed testsTestAccFirebaserulesRelease_BasicRelease|TestAccComputeRouterPeer_enable|TestAccComputeRouterPeer_advertiseMode|TestAccComputeRouterPeer_basic|TestAccComputeVpnTunnel_defaultTrafficSelectors|TestAccComputeRoute_routeIlbVipExample|TestAccComputeRoute_routeIlbExample|TestAccComputeRegionalNetworkFirewallPolicyRule_RegionalHandWritten|TestAccComputeVpnTunnel_router|TestAccComputeRegionalNetworkFirewallPolicy_RegionalHandWritten|TestAccComputeVpnTunnel_regionFromGateway|TestAccComputeVpnTunnel_vpnTunnelBetaExample|TestAccComputeRegionalNetworkFirewallPolicyAssociation_RegionalHandWritten|TestAccComputeVpnTunnel_vpnTunnelBasicExample|TestAccComputeVpnGateway_targetVpnGatewayBasicExample|TestAccComputeServiceAttachment_serviceAttachmentBasicExampleUpdate|TestAccComputeServiceAttachment_serviceAttachmentExplicitProjectsExample|TestAccComputeServiceAttachment_serviceAttachmentBasicExample|TestAccComputeManagedSslCertificate_managedSslCertificateBasicExample|TestAccComputePacketMirroring_computePacketMirroringFullExample|TestAccComputeNetworkFirewallPolicyRule_GlobalHandWritten|TestAccComputeNetworkFirewallPolicy_GlobalHandWritten|TestAccComputeNetworkFirewallPolicyAssociation_GlobalHandWritten|TestAccComputeRegionNetworkEndpointGroup_regionNetworkEndpointGroupPscServiceAttachmentExample|TestAccComputeRouterInterface_withTunnel|TestAccComputeRouterInterface_basic|TestAccComputeRouterPeer_bfd|TestAccComputeForwardingRule_forwardingRuleExternallbExample|TestAccComputeForwardingRule_internalTcpUdpLbWithMigBackendExample|TestAccComputeForwardingRule_internalHttpLbWithMigBackendExample|TestAccComputeForwardingRule_serviceDirectoryRegistrations|TestAccComputeForwardingRule_networkTier|TestAccComputeForwardingRule_ip|TestAccComputeForwardingRule_update|TestAccComputeGlobalForwardingRule_internalLoadBalancing|TestAccComputeForwardingRule_forwardingRuleRegionalHttpXlbExample|TestAccComputeForwardingRule_forwardingRuleInternallbExample|TestAccComputeForwardingRule_forwardingRuleHttpLbExample|TestAccComputeGlobalForwardingRule_labels|TestAccComputeGlobalForwardingRule_ipv6|TestAccComputeGlobalForwardingRule_updateTarget|TestAccComputeForwardingRule_forwardingRuleL3DefaultExample|TestAccComputeForwardingRule_forwardingRuleBasicExample|TestAccComputeGlobalForwardingRule_privateServiceConnectGoogleApisExample|TestAccComputeForwardingRule_forwardingRuleGlobalInternallbExample|TestAccComputeGlobalForwardingRule_globalForwardingRuleHybridExample|TestAccComputeGlobalForwardingRule_globalForwardingRuleExternalManagedExample|TestAccComputeGlobalForwardingRule_globalForwardingRuleInternalExample|TestAccComputeGlobalForwardingRule_globalForwardingRuleHttpExample|TestAccComputeBackendBucket_externalCdnLbWithBackendBucketExample|TestAccComputeGlobalForwardingRule_externalHttpLbMigBackendCustomHeaderExample|TestAccComputeGlobalForwardingRule_externalTcpProxyLbMigBackendExample|TestAccClouddeployTarget_Target|TestAccClouddeployDeliveryPipeline_DeliveryPipeline|TestAccBigtableAppProfile_bigtableAppProfileMulticlusterExample|TestAccBigtableAppProfile_bigtableAppProfileAnyclusterExample|TestAccDataSourceGoogleForwardingRule|TestAccDataSourceGoogleGlobalForwardingRule|TestAccComputeFirewallPolicyRule_update|TestAccComputeFirewallPolicyAssociation_basic|TestAccComputeFirewallPolicyRule_multipleRules|TestAccComputeFirewallPolicy_update |
|
Tests passed during RECORDING mode: Tests failed during RECORDING mode: Please fix these to complete your PR |
|
Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are. Diff report:Terraform GA: Diff ( 33 files changed, 4483 insertions(+), 42 deletions(-)) |
|
Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are. Diff report:Terraform GA: Diff ( 33 files changed, 4483 insertions(+), 42 deletions(-)) |
Tests analyticsTotal tests: Action takenTriggering VCR tests in RECORDING mode for the tests that failed during VCR. Click here to see the failed testsTestAccComputeVpnTunnel_defaultTrafficSelectors|TestAccComputeVpnTunnel_router|TestAccComputeVpnTunnel_regionFromGateway|TestAccComputeVpnTunnel_vpnTunnelBetaExample|TestAccComputeVpnTunnel_vpnTunnelBasicExample|TestAccComputeVpnGateway_targetVpnGatewayBasicExample|TestAccComputeServiceAttachment_serviceAttachmentBasicExampleUpdate|TestAccComputeServiceAttachment_serviceAttachmentExplicitProjectsExample|TestAccComputeRouterInterface_withTunnel|TestAccComputeRouterPeer_bfd|TestAccComputeRouterPeer_enable|TestAccComputeRouterPeer_advertiseMode|TestAccComputeRouterPeer_basic|TestAccComputeRoute_routeIlbVipExample|TestAccComputeRegionNetworkEndpointGroup_regionNetworkEndpointGroupPscServiceAttachmentExample|TestAccComputeRegionalNetworkFirewallPolicyRule_RegionalHandWritten|TestAccComputeRegionalNetworkFirewallPolicy_RegionalHandWritten|TestAccComputeRegionalNetworkFirewallPolicyAssociation_RegionalHandWritten|TestAccComputeNetworkFirewallPolicyRule_GlobalHandWritten|TestAccComputeNetworkFirewallPolicyAssociation_GlobalHandWritten|TestAccComputeManagedSslCertificate_managedSslCertificateBasicExample|TestAccComputeGlobalForwardingRule_globalForwardingRuleExternalManagedExample|TestAccComputeGlobalForwardingRule_globalForwardingRuleInternalExample|TestAccComputeGlobalForwardingRule_globalForwardingRuleHttpExample|TestAccComputeForwardingRule_forwardingRuleRegionalHttpXlbExample|TestAccComputeGlobalForwardingRule_externalHttpLbMigBackendCustomHeaderExample|TestAccComputeForwardingRule_forwardingRuleHttpLbExample|TestAccComputeGlobalForwardingRule_externalTcpProxyLbMigBackendExample|TestAccComputeForwardingRule_forwardingRuleInternallbExample|TestAccComputeForwardingRule_forwardingRuleL3DefaultExample|TestAccComputeForwardingRule_forwardingRuleGlobalInternallbExample|TestAccComputeForwardingRule_forwardingRuleExternallbExample|TestAccComputeForwardingRule_internalTcpUdpLbWithMigBackendExample|TestAccComputeForwardingRule_internalHttpLbWithMigBackendExample|TestAccComputeGlobalForwardingRule_labels|TestAccComputeGlobalForwardingRule_ipv6|TestAccComputeGlobalForwardingRule_internalLoadBalancing|TestAccComputeGlobalForwardingRule_updateTarget|TestAccComputeGlobalForwardingRule_privateServiceConnectGoogleApisExample|TestAccBillingSubaccount_renameOnDestroy|TestAccFirebaserulesRelease_BasicRelease|TestAccComputeBackendBucket_externalCdnLbWithBackendBucketExample|TestAccDataSourceGoogleGlobalForwardingRule|TestAccComputeForwardingRule_ip|TestAccDataSourceGoogleForwardingRule|TestAccComputeFirewallPolicyAssociation_basic|TestAccComputeFirewallPolicyRule_update|TestAccComputeFirewallPolicyRule_multipleRules |
|
Tests passed during RECORDING mode: Tests failed during RECORDING mode: Please fix these to complete your PR |
There was a problem hiding this comment.
As mentioned in chat / noted inline, there's some upgrade difficulties that are going to block merging after initial review.
Additionally, would it be possible to break this into 3 sequential PRs, one per base resource? It's my experience that review time is pretty much exponential with the number of new resources, so keeping to 1 resource (or 1 base resource w/ locational resources like this) tends to go much faster. That'll let us work out the generator changes + network_firewall_policy/its regional variant before worrying about the other two, which are likely to be pretty routine.
ghabian
changed the title
|
Hi! I'm the modular magician. Your PR generated some diffs in downstreams - here they are. Diff report:Terraform GA: Diff ( 21 files changed, 1390 insertions(+), 42 deletions(-)) |
Tests analyticsTotal tests: Action takenTriggering VCR tests in RECORDING mode for the tests that failed during VCR. Click here to see the failed testsTestAccFirebaserulesRelease_BasicRelease|TestAccComputeVpnTunnel_defaultTrafficSelectors|TestAccComputeVpnTunnel_router|TestAccComputeVpnTunnel_vpnTunnelBasicExample|TestAccComputeRegionNetworkFirewallPolicy_RegionalHandWritten|TestAccComputeServiceAttachment_serviceAttachmentBasicExampleUpdate|TestAccComputeRouterInterface_withTunnel|TestAccComputeRouterPeer_bfd|TestAccComputeRouterPeer_enable|TestAccComputeRouterPeer_advertiseMode|TestAccComputeRouterPeer_basic|TestAccComputeManagedSslCertificate_managedSslCertificateBasicExample|TestAccComputeGlobalForwardingRule_globalForwardingRuleInternalExample|TestAccComputeGlobalForwardingRule_internalLoadBalancing|TestAccComputeGlobalForwardingRule_externalHttpLbMigBackendCustomHeaderExample|TestAccComputeForwardingRule_internalTcpUdpLbWithMigBackendExample|TestAccComputeGlobalForwardingRule_ipv6|TestAccComputeGlobalForwardingRule_privateServiceConnectGoogleApisExample|TestAccComputeGlobalForwardingRule_updateTarget|TestAccComputeForwardingRule_internalHttpLbWithMigBackendExample|TestAccComputeGlobalForwardingRule_globalForwardingRuleExternalManagedExample|TestAccComputeForwardingRule_ip|TestAccComputeForwardingRule_forwardingRuleRegionalHttpXlbExample|TestAccComputeForwardingRule_forwardingRuleHttpLbExample|TestAccComputeForwardingRule_forwardingRuleInternallbExample|TestAccDataSourceGoogleGlobalForwardingRule|TestAccDataSourceGoogleForwardingRule|TestAccComputeFirewallPolicyRule_update |
|
Tests passed during RECORDING mode: Tests failed during RECORDING mode: Please fix these to complete your PR |
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are. Terraform GA: Diff ( 21 files changed, 1390 insertions(+), 42 deletions(-)) |
Tests analyticsTotal tests: Action takenTriggering VCR tests in RECORDING mode for the tests that failed during VCR. Click here to see the failed testsTestAccComputeVpnTunnel_defaultTrafficSelectors|TestAccComputeVpnTunnel_vpnTunnelBasicExample|TestAccComputeManagedSslCertificate_managedSslCertificateBasicExample|TestAccComputeGlobalForwardingRule_internalLoadBalancing|TestAccComputeForwardingRule_internalHttpLbWithMigBackendExample|TestAccComputeForwardingRule_forwardingRuleRegionalHttpXlbExample|TestAccComputeForwardingRule_forwardingRuleHttpLbExample|TestAccComputeGlobalForwardingRule_externalHttpLbMigBackendCustomHeaderExample|TestAccComputeForwardingRule_update|TestAccDataSourceGoogleForwardingRule |
|
Tests passed during RECORDING mode: Tests failed during RECORDING mode: Please fix these to complete your PR |
This reverts commit e3a4a13.
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are. Terraform GA: Diff ( 9 files changed, 1274 insertions(+), 29 deletions(-)) |
Tests analyticsTotal tests: Action takenTriggering VCR tests in RECORDING mode for the tests that failed during VCR. Click here to see the failed testsTestAccFirebaserulesRelease_BasicRelease |
There was a problem hiding this comment.
Looks like we're not testing update here, even though the resource supports it. We should be able to port over https://github.com/GoogleCloudPlatform/declarative-resource-client-library/blob/main/services/google/compute/samples/regional_network_firewall_policy.yaml? I see that we're not using sample generation though- I'm assuming it doesn't work with multi-location resources?
It's honestly probably easiest to handwrite the update test if so: https://github.com/GoogleCloudPlatform/magic-modules/blob/main/mmv1/third_party/terraform/README.md#update-tests
|
Hi there, I'm the Modular magician. I've detected the following information about your changes: Diff reportYour PR generated some diffs in downstreams - here they are. Terraform GA: Diff ( 9 files changed, 1314 insertions(+), 29 deletions(-)) |
Tests analyticsTotal tests: Action takenTriggering VCR tests in RECORDING mode for the tests that failed during VCR. Click here to see the failed testsTestAccFirebaserulesRelease_BasicRelease|TestAccComputeNetworkFirewallPolicy_GlobalHandWritten|TestAccComputeRegionNetworkFirewallPolicy_RegionalHandWritten |
…olicy (GoogleCloudPlatform#6693) Co-authored-by: Ghaleb Al-habian <galhabian@google.com> Co-authored-by: Angel Montero <angelmontero@google.com> Co-authored-by: Chris Hawk <hawk@google.com>
This PR adds support for the network_firewall_policy resource, and its regional counterpart (region_network_firewall_policy). These resources have been integrated into the DCL already and requires DCL v1.25 .
I'm also adding two new fields into
meta.yaml:doc_hide_conditionalandtest_hide_conditionalas I have not found a better way to handle samples for primary DCL resources that have regional and global versions such asnetwork_firewall_policyandforwarding_rule. These two new fields will allow the splitting of the samples directory by thelocationfield; selectively hiding certain sample files for certain location fields.If this PR is for Terraform, I acknowledge that I have:
make testandmake lintto ensure it passes unit and linter tests.Release Note Template for Downstream PRs (will be copied)