Skip to content

Commit 4948856

Browse files
compute: forced recreation of google_compute_security_policy on type updates (#12233) (#20316)
[upstream:acda2f0f71f92d1b4ff964acffc4de6f88cd585a] Signed-off-by: Modular Magician <magic-modules@google.com>
1 parent 5a7d34c commit 4948856

File tree

3 files changed

+53
-7
lines changed

3 files changed

+53
-7
lines changed

.changelog/12233.txt

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
```release-note:bug
2+
compute: fixed permadiff on attempted `type` field updates in `google_computer_security_policy`, updating this field will now force recreation of the resource
3+
```

google/services/compute/resource_compute_security_policy.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -79,6 +79,7 @@ func ResourceComputeSecurityPolicy() *schema.Resource {
7979
Type: schema.TypeString,
8080
Optional: true,
8181
Computed: true,
82+
ForceNew: true,
8283
Description: `The type indicates the intended use of the security policy. CLOUD_ARMOR - Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers. CLOUD_ARMOR_EDGE - Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.`,
8384
ValidateFunc: validation.StringInSlice([]string{"CLOUD_ARMOR", "CLOUD_ARMOR_EDGE", "CLOUD_ARMOR_INTERNAL_SERVICE"}, false),
8485
},

google/services/compute/resource_compute_security_policy_test.go

Lines changed: 49 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@ import (
88
"testing"
99

1010
"github.com/hashicorp/terraform-plugin-testing/helper/resource"
11+
"github.com/hashicorp/terraform-plugin-testing/plancheck"
1112
"github.com/hashicorp/terraform-plugin-testing/terraform"
1213
"github.com/hashicorp/terraform-provider-google/google/acctest"
1314
"github.com/hashicorp/terraform-provider-google/google/envvar"
@@ -24,7 +25,48 @@ func TestAccComputeSecurityPolicy_basic(t *testing.T) {
2425
CheckDestroy: testAccCheckComputeSecurityPolicyDestroyProducer(t),
2526
Steps: []resource.TestStep{
2627
{
27-
Config: testAccComputeSecurityPolicy_basic(spName),
28+
Config: testAccComputeSecurityPolicy_basic(spName, "CLOUD_ARMOR"),
29+
},
30+
{
31+
ResourceName: "google_compute_security_policy.policy",
32+
ImportState: true,
33+
ImportStateVerify: true,
34+
},
35+
},
36+
})
37+
}
38+
39+
func TestAccComputeSecurityPolicy_basicUpdate(t *testing.T) {
40+
t.Parallel()
41+
42+
spName := fmt.Sprintf("tf-test-%s", acctest.RandString(t, 10))
43+
44+
acctest.VcrTest(t, resource.TestCase{
45+
PreCheck: func() { acctest.AccTestPreCheck(t) },
46+
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
47+
CheckDestroy: testAccCheckComputeSecurityPolicyDestroyProducer(t),
48+
Steps: []resource.TestStep{
49+
{
50+
Config: testAccComputeSecurityPolicy_basic(spName, "CLOUD_ARMOR"),
51+
Check: resource.ComposeTestCheckFunc(
52+
resource.TestCheckResourceAttr("google_compute_security_policy.policy", "type", "CLOUD_ARMOR"),
53+
),
54+
},
55+
{
56+
ResourceName: "google_compute_security_policy.policy",
57+
ImportState: true,
58+
ImportStateVerify: true,
59+
},
60+
{
61+
Config: testAccComputeSecurityPolicy_basic(spName, "CLOUD_ARMOR_EDGE"),
62+
ConfigPlanChecks: resource.ConfigPlanChecks{
63+
PreApply: []plancheck.PlanCheck{
64+
plancheck.ExpectResourceAction("google_compute_security_policy.policy", plancheck.ResourceActionDestroyBeforeCreate),
65+
},
66+
},
67+
Check: resource.ComposeTestCheckFunc(
68+
resource.TestCheckResourceAttr("google_compute_security_policy.policy", "type", "CLOUD_ARMOR_EDGE"),
69+
),
2870
},
2971
{
3072
ResourceName: "google_compute_security_policy.policy",
@@ -214,7 +256,7 @@ func TestAccComputeSecurityPolicy_withAdvancedOptionsConfig(t *testing.T) {
214256
CheckDestroy: testAccCheckComputeSecurityPolicyDestroyProducer(t),
215257
Steps: []resource.TestStep{
216258
{
217-
Config: testAccComputeSecurityPolicy_basic(spName),
259+
Config: testAccComputeSecurityPolicy_basic(spName, "CLOUD_ARMOR"),
218260
},
219261
{
220262
ResourceName: "google_compute_security_policy.policy",
@@ -256,7 +298,7 @@ func TestAccComputeSecurityPolicy_withAdvancedOptionsConfig(t *testing.T) {
256298
ImportStateVerify: true,
257299
},
258300
{
259-
Config: testAccComputeSecurityPolicy_basic(spName),
301+
Config: testAccComputeSecurityPolicy_basic(spName, "CLOUD_ARMOR"),
260302
},
261303
{
262304
ResourceName: "google_compute_security_policy.policy",
@@ -384,7 +426,7 @@ func TestAccComputeSecurityPolicy_withRecaptchaOptionsConfig(t *testing.T) {
384426
CheckDestroy: testAccCheckComputeSecurityPolicyDestroyProducer(t),
385427
Steps: []resource.TestStep{
386428
{
387-
Config: testAccComputeSecurityPolicy_basic(spName),
429+
Config: testAccComputeSecurityPolicy_basic(spName, "CLOUD_ARMOR"),
388430
},
389431
{
390432
ResourceName: "google_compute_security_policy.policy",
@@ -632,14 +674,14 @@ func testAccCheckComputeSecurityPolicyDestroyProducer(t *testing.T) func(s *terr
632674
}
633675
}
634676

635-
func testAccComputeSecurityPolicy_basic(spName string) string {
677+
func testAccComputeSecurityPolicy_basic(spName, policyType string) string {
636678
return fmt.Sprintf(`
637679
resource "google_compute_security_policy" "policy" {
638680
name = "%s"
639681
description = "basic security policy"
640-
type = "CLOUD_ARMOR"
682+
type = "%s"
641683
}
642-
`, spName)
684+
`, spName, policyType)
643685
}
644686

645687
func testAccComputeSecurityPolicy_withRule(spName string) string {

0 commit comments

Comments
 (0)