Move enable_logging to GA for compute_firewall_rule

Signed-off-by: Modular Magician <[email protected]>
hashicorp · Nov 26, 2019 · 9622f33 · 9622f33
1 parent b58ab1d
commit 9622f33
Show file tree

Hide file tree

Showing 6 changed files with 188 additions and 10 deletions.
diff --git a/google/resource_compute_firewall.go b/google/resource_compute_firewall.go
@@ -152,6 +152,14 @@ network it is associated with. When set to true, the firewall rule is
 not enforced and the network behaves as if it did not exist. If this
 is unspecified, the firewall rule will be enabled.`,
 			},
+			"enable_logging": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Description: `This field denotes whether to enable logging for a particular
+firewall rule. If logging is enabled, logs will be exported to
+Stackdriver.`,
+			},
+
 			"priority": {
 				Type:         schema.TypeInt,
 				Optional:     true,
@@ -369,6 +377,12 @@ func resourceComputeFirewallCreate(d *schema.ResourceData, meta interface{}) err
 	} else if v, ok := d.GetOkExists("disabled"); ok || !reflect.DeepEqual(v, disabledProp) {
 		obj["disabled"] = disabledProp
 	}
+	logConfigProp, err := expandComputeFirewallLogConfig(nil, d, config)
+	if err != nil {
+		return err
+	} else if !isEmptyValue(reflect.ValueOf(logConfigProp)) {
+		obj["logConfig"] = logConfigProp
+	}
 	nameProp, err := expandComputeFirewallName(d.Get("name"), d, config)
 	if err != nil {
 		return err
@@ -497,6 +511,16 @@ func resourceComputeFirewallRead(d *schema.ResourceData, meta interface{}) error
 	if err := d.Set("disabled", flattenComputeFirewallDisabled(res["disabled"], d)); err != nil {
 		return fmt.Errorf("Error reading Firewall: %s", err)
 	}
+	// Terraform must set the top level schema field, but since this object contains collapsed properties
+	// it's difficult to know what the top level should be. Instead we just loop over the map returned from flatten.
+	if flattenedProp := flattenComputeFirewallLogConfig(res["logConfig"], d); flattenedProp != nil {
+		casted := flattenedProp.([]interface{})[0]
+		if casted != nil {
+			for k, v := range casted.(map[string]interface{}) {
+				d.Set(k, v)
+			}
+		}
+	}
 	if err := d.Set("name", flattenComputeFirewallName(res["name"], d)); err != nil {
 		return fmt.Errorf("Error reading Firewall: %s", err)
 	}
@@ -567,6 +591,12 @@ func resourceComputeFirewallUpdate(d *schema.ResourceData, meta interface{}) err
 	} else if v, ok := d.GetOkExists("disabled"); ok || !reflect.DeepEqual(v, disabledProp) {
 		obj["disabled"] = disabledProp
 	}
+	logConfigProp, err := expandComputeFirewallLogConfig(nil, d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("log_config"); !isEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, logConfigProp)) {
+		obj["logConfig"] = logConfigProp
+	}
 	networkProp, err := expandComputeFirewallNetwork(d.Get("network"), d, config)
 	if err != nil {
 		return err
@@ -763,6 +793,23 @@ func flattenComputeFirewallDisabled(v interface{}, d *schema.ResourceData) inter
 	return v
 }
 
+func flattenComputeFirewallLogConfig(v interface{}, d *schema.ResourceData) interface{} {
+	if v == nil {
+		return nil
+	}
+	original := v.(map[string]interface{})
+	if len(original) == 0 {
+		return nil
+	}
+	transformed := make(map[string]interface{})
+	transformed["enable_logging"] =
+		flattenComputeFirewallLogConfigEnableLogging(original["enable"], d)
+	return []interface{}{transformed}
+}
+func flattenComputeFirewallLogConfigEnableLogging(v interface{}, d *schema.ResourceData) interface{} {
+	return v
+}
+
 func flattenComputeFirewallName(v interface{}, d *schema.ResourceData) interface{} {
 	return v
 }
@@ -912,6 +959,22 @@ func expandComputeFirewallDisabled(v interface{}, d TerraformResourceData, confi
 	return v, nil
 }
 
+func expandComputeFirewallLogConfig(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
+	transformed := make(map[string]interface{})
+	transformedEnableLogging, err := expandComputeFirewallLogConfigEnableLogging(d.Get("enable_logging"), d, config)
+	if err != nil {
+		return nil, err
+	} else {
+		transformed["enable"] = transformedEnableLogging
+	}
+
+	return transformed, nil
+}
+
+func expandComputeFirewallLogConfigEnableLogging(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandComputeFirewallName(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
 	return v, nil
 }

diff --git a/google/resource_compute_firewall_test.go b/google/resource_compute_firewall_test.go
@@ -196,6 +196,45 @@ func TestAccComputeFirewall_disabled(t *testing.T) {
 	})
 }
 
+func TestAccComputeFirewall_enableLogging(t *testing.T) {
+	t.Parallel()
+
+	networkName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))
+	firewallName := fmt.Sprintf("firewall-test-%s", acctest.RandString(10))
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckComputeFirewallDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccComputeFirewall_enableLogging(networkName, firewallName, false),
+			},
+			{
+				ResourceName:      "google_compute_firewall.foobar",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccComputeFirewall_enableLogging(networkName, firewallName, true),
+			},
+			{
+				ResourceName:      "google_compute_firewall.foobar",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccComputeFirewall_enableLogging(networkName, firewallName, false),
+			},
+			{
+				ResourceName:      "google_compute_firewall.foobar",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
 func testAccComputeFirewall_basic(network, firewall string) string {
 	return fmt.Sprintf(`
 resource "google_compute_network" "foobar" {
@@ -372,3 +411,29 @@ resource "google_compute_firewall" "foobar" {
 }
 `, network, firewall)
 }
+
+func testAccComputeFirewall_enableLogging(network, firewall string, enableLogging bool) string {
+	enableLoggingCfg := ""
+	if enableLogging {
+		enableLoggingCfg = "enable_logging= true"
+	}
+	return fmt.Sprintf(`
+resource "google_compute_network" "foobar" {
+  name = "%s"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_firewall" "foobar" {
+  name = "%s"
+  description = "Resource created for Terraform acceptance testing"
+  network = google_compute_network.foobar.name
+  source_tags = ["foo"]
+
+  allow {
+    protocol = "icmp"
+  }
+
+  %s
+}
+`, network, firewall, enableLoggingCfg)
+}
diff --git a/google/resource_compute_network_peering.go b/google/resource_compute_network_peering.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"log"
 	"sort"
+	"strings"
 
 	"github.com/hashicorp/terraform-plugin-sdk/helper/schema"
 	computeBeta "google.golang.org/api/compute/v0.beta"
@@ -18,6 +19,9 @@ func resourceComputeNetworkPeering() *schema.Resource {
 		Create: resourceComputeNetworkPeeringCreate,
 		Read:   resourceComputeNetworkPeeringRead,
 		Delete: resourceComputeNetworkPeeringDelete,
+		Importer: &schema.ResourceImporter{
+			State: resourceComputeNetworkPeeringImport,
+		},
 
 		Schema: map[string]*schema.Schema{
 			"name": {
@@ -181,3 +185,25 @@ func getNetworkPeeringLockName(networkName, peerNetworkName string) string {
 
 	return fmt.Sprintf("network_peering/%s/%s", networks[0], networks[1])
 }
+
+func resourceComputeNetworkPeeringImport(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
+	config := meta.(*Config)
+	splits := strings.Split(d.Id(), "/")
+	if len(splits) != 3 {
+		return nil, fmt.Errorf("Error parsing network peering import format, expected: {project}/{network}/{name}")
+	}
+
+	// Build the template for the network self_link
+	urlTemplate, err := replaceVars(d, config, "{{ComputeBasePath}}projects/%s/global/networks/%s")
+	if err != nil {
+		return nil, err
+	}
+	d.Set("network", ConvertSelfLinkToV1(fmt.Sprintf(urlTemplate, splits[0], splits[1])))
+	d.Set("name", splits[2])
+
+	// Replace import id for the resource id
+	id := fmt.Sprintf("%s/%s", splits[1], splits[2])
+	d.SetId(id)
+
+	return []*schema.ResourceData{d}, nil
+}
diff --git a/google/resource_compute_network_peering_test.go b/google/resource_compute_network_peering_test.go
@@ -15,20 +15,30 @@ func TestAccComputeNetworkPeering_basic(t *testing.T) {
 	t.Parallel()
 	var peering_beta computeBeta.NetworkPeering
 
+	primaryNetworkName := acctest.RandomWithPrefix("network-test-1")
+	peeringName := acctest.RandomWithPrefix("peering-test-1")
+	importId := fmt.Sprintf("%s/%s/%s", getTestProjectFromEnv(), primaryNetworkName, peeringName)
+
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { testAccPreCheck(t) },
 		Providers:    testAccProviders,
 		CheckDestroy: testAccComputeNetworkPeeringDestroy,
 		Steps: []resource.TestStep{
 			{
-				Config: testAccComputeNetworkPeering_basic(),
+				Config: testAccComputeNetworkPeering_basic(primaryNetworkName, peeringName),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckComputeNetworkPeeringExist("google_compute_network_peering.foo", &peering_beta),
 					testAccCheckComputeNetworkPeeringAutoCreateRoutes(true, &peering_beta),
 					testAccCheckComputeNetworkPeeringExist("google_compute_network_peering.bar", &peering_beta),
 					testAccCheckComputeNetworkPeeringAutoCreateRoutes(true, &peering_beta),
 				),
 			},
+			{
+				ResourceName:      "google_compute_network_peering.foo",
+				ImportState:       true,
+				ImportStateVerify: true,
+				ImportStateId:     importId,
+			},
 		},
 	})
 
@@ -97,30 +107,30 @@ func testAccCheckComputeNetworkPeeringAutoCreateRoutes(v bool, peering *computeB
 	}
 }
 
-func testAccComputeNetworkPeering_basic() string {
+func testAccComputeNetworkPeering_basic(primaryNetworkName, peeringName string) string {
 	s := `
 resource "google_compute_network" "network1" {
-  name                    = "network-test-1-%s"
-  auto_create_subnetworks = false
-}
-
-resource "google_compute_network" "network2" {
-  name                    = "network-test-2-%s"
+  name                    = "%s"
   auto_create_subnetworks = false
 }
 
 resource "google_compute_network_peering" "foo" {
-  name         = "peering-test-1-%s"
+  name         = "%s"
   network      = google_compute_network.network1.self_link
   peer_network = google_compute_network.network2.self_link
 }
 
+resource "google_compute_network" "network2" {
+  name                    = "network-test-2-%s"
+  auto_create_subnetworks = false
+}
+
 resource "google_compute_network_peering" "bar" {
   network      = google_compute_network.network2.self_link
   peer_network = google_compute_network.network1.self_link
   name         = "peering-test-2-%s"
 `
 
 	s = s + `}`
-	return fmt.Sprintf(s, acctest.RandString(10), acctest.RandString(10), acctest.RandString(10), acctest.RandString(10))
+	return fmt.Sprintf(s, primaryNetworkName, peeringName, acctest.RandString(10), acctest.RandString(10))
 }
diff --git a/website/docs/r/compute_firewall.html.markdown b/website/docs/r/compute_firewall.html.markdown
@@ -132,6 +132,12 @@ The following arguments are supported:
   not enforced and the network behaves as if it did not exist. If this
   is unspecified, the firewall rule will be enabled.
 
+* `enable_logging` -
+  (Optional)
+  This field denotes whether to enable logging for a particular
+  firewall rule. If logging is enabled, logs will be exported to
+  Stackdriver.
+
 * `priority` -
   (Optional)
   Priority for this rule. This is an integer between 0 and 65535, both

diff --git a/website/docs/r/compute_network_peering.html.markdown b/website/docs/r/compute_network_peering.html.markdown
@@ -71,3 +71,11 @@ exported:
 `ACTIVE` when there's a matching configuration in the peer network.
 
 * `state_details` - Details about the current state of the peering.
+
+## Import
+
+VPC network peerings can be imported using the name and project of the primary network the peering exists in and the name of the network peering
+
+```
+$ terraform import google_compute_network_peering.peering_network project-name/network-name/peering-name
+```