Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

making sure swp can be created without scope and certificateUrls #15273

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .changelog/8390.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:enhancement
network_services: removing required flags from `scope` field in `google_network_services_gateway` resource
```
83 changes: 83 additions & 0 deletions google/resource_network_services_gateway_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -733,3 +733,86 @@ resource "google_compute_subnetwork" "proxyonlysubnet2" {

`, cmName, netName, subnetName, pSubnetName, policyName, ruleName, gatewayName, gatewayScope, net2Name, subnet2Name, pSubnet2Name)
}

func TestAccNetworkServicesGateway_minimalSwp(t *testing.T) {
netName := fmt.Sprintf("tf-test-gateway-swp-net-%s", acctest.RandString(t, 10))
subnetName := fmt.Sprintf("tf-test-gateway-swp-subnet-%s", acctest.RandString(t, 10))
pSubnetName := fmt.Sprintf("tf-test-gateway-swp-proxyonly-%s", acctest.RandString(t, 10))
policyName := fmt.Sprintf("tf-test-gateway-swp-policy-%s", acctest.RandString(t, 10))
ruleName := fmt.Sprintf("tf-test-gateway-swp-rule-%s", acctest.RandString(t, 10))
gatewayName := fmt.Sprintf("tf-test-gateway-swp-%s", acctest.RandString(t, 10))

acctest.VcrTest(t, resource.TestCase{
PreCheck: func() { acctest.AccTestPreCheck(t) },
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
CheckDestroy: testAccCheckNetworkServicesGatewayDestroyProducer(t),
Steps: []resource.TestStep{
{
Config: testAccNetworkServicesGateway_minimalSwp(netName, subnetName, pSubnetName, policyName, ruleName, gatewayName),
},
{
ResourceName: "google_network_services_gateway.foobar",
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"name", "location", "delete_swg_autogen_router_on_destroy"},
},
},
})
}

func testAccNetworkServicesGateway_minimalSwp(netName, subnetName, pSubnetName, policyName, ruleName, gatewayName string) string {
return fmt.Sprintf(`
resource "google_compute_network" "default" {
name = "%s"
routing_mode = "REGIONAL"
auto_create_subnetworks = false
}

resource "google_compute_subnetwork" "proxyonlysubnet" {
name = "%s"
purpose = "REGIONAL_MANAGED_PROXY"
ip_cidr_range = "192.168.0.0/23"
region = "us-central1"
network = google_compute_network.default.id
role = "ACTIVE"
}

resource "google_compute_subnetwork" "default" {
name = "%s"
purpose = "PRIVATE"
ip_cidr_range = "10.128.0.0/20"
region = "us-central1"
network = google_compute_network.default.id
role = "ACTIVE"
}

resource "google_network_security_gateway_security_policy" "default" {
name = "%s"
location = "us-central1"
}

resource "google_network_security_gateway_security_policy_rule" "default" {
name = "%s"
location = "us-central1"
gateway_security_policy = google_network_security_gateway_security_policy.default.name
enabled = true
priority = 1
session_matcher = "host() == 'example.com'"
basic_profile = "ALLOW"
}

resource "google_network_services_gateway" "foobar" {
name = "%s"
location = "us-central1"
addresses = ["10.128.0.99"]
type = "SECURE_WEB_GATEWAY"
ports = [443]
description = "my description"
gateway_security_policy = google_network_security_gateway_security_policy.default.id
network = google_compute_network.default.id
subnetwork = google_compute_subnetwork.default.id
delete_swg_autogen_router_on_destroy = true
depends_on = [google_compute_subnetwork.proxyonlysubnet]
}
`, netName, subnetName, pSubnetName, policyName, ruleName, gatewayName)
}
Original file line number Diff line number Diff line change
Expand Up @@ -180,15 +180,6 @@ limited to 1 port. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 and support mu
Type: schema.TypeInt,
},
},
"scope": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
Description: `Immutable. Scope determines how configuration across multiple Gateway instances are merged.
The configuration for multiple Gateway instances with the same scope will be merged as presented as
a single coniguration to the proxy/load balancer.
Max length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens.`,
},
"type": {
Type: schema.TypeString,
Required: true,
Expand Down Expand Up @@ -250,6 +241,15 @@ The default value is 'global'.`,
Description: `The relative resource name identifying the VPC network that is using this configuration.
For example: 'projects/*/global/networks/network-1'.
Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY'.`,
},
"scope": {
Type: schema.TypeString,
Optional: true,
ForceNew: true,
Description: `Immutable. Scope determines how configuration across multiple Gateway instances are merged.
The configuration for multiple Gateway instances with the same scope will be merged as presented as
a single coniguration to the proxy/load balancer.
Max length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens.`,
},
"server_tls_policy": {
Type: schema.TypeString,
Expand Down
14 changes: 7 additions & 7 deletions website/docs/r/network_services_gateway.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -241,13 +241,6 @@ The following arguments are supported:
The proxy binds to the specified ports. Gateways of type 'SECURE_WEB_GATEWAY' are
limited to 1 port. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 and support multiple ports.

* `scope` -
(Required)
Immutable. Scope determines how configuration across multiple Gateway instances are merged.
The configuration for multiple Gateway instances with the same scope will be merged as presented as
a single coniguration to the proxy/load balancer.
Max length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens.

* `name` -
(Required)
Short name of the Gateway resource to be created.
Expand All @@ -264,6 +257,13 @@ The following arguments are supported:
(Optional)
A free-text description of the resource. Max length 1024 characters.

* `scope` -
(Optional)
Immutable. Scope determines how configuration across multiple Gateway instances are merged.
The configuration for multiple Gateway instances with the same scope will be merged as presented as
a single coniguration to the proxy/load balancer.
Max length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens.

* `server_tls_policy` -
(Optional)
A fully-qualified ServerTLSPolicy URL reference. Specifies how TLS traffic is terminated.
Expand Down