Skip to content

Commit

Permalink
add billing project id support to firewall endpoint resource (#10122) (
Browse files Browse the repository at this point in the history
…hashicorp#7124)

* add billing project support

* removed description field due to API issue

* test updated and fixed for ADC support

* added ADC warning

* removing ADC

[upstream:8f3a9892f4cfeddbaf4dc8457849e30e6ac49b8e]

Signed-off-by: Modular Magician <[email protected]>
  • Loading branch information
modular-magician authored Mar 20, 2024
1 parent 6da4d23 commit bc08799
Show file tree
Hide file tree
Showing 4 changed files with 72 additions and 22 deletions.
3 changes: 3 additions & 0 deletions .changelog/10122.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:breaking-change
networksecurity: added required field `billing_project_id` to `google_network_security_firewall_endpoint` resource. Any configuration without `billing_project_id` specified will cause resource creation fail (beta)
```
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,11 @@ func ResourceNetworkSecurityFirewallEndpoint() *schema.Resource {
),

Schema: map[string]*schema.Schema{
"billing_project_id": {
Type: schema.TypeString,
Required: true,
Description: `Project to bill on endpoint uptime usage.`,
},
"location": {
Type: schema.TypeString,
Required: true,
Expand Down Expand Up @@ -145,6 +150,12 @@ func resourceNetworkSecurityFirewallEndpointCreate(d *schema.ResourceData, meta
}

obj := make(map[string]interface{})
billingProjectIdProp, err := expandNetworkSecurityFirewallEndpointBillingProjectId(d.Get("billing_project_id"), d, config)
if err != nil {
return err
} else if v, ok := d.GetOkExists("billing_project_id"); !tpgresource.IsEmptyValue(reflect.ValueOf(billingProjectIdProp)) && (ok || !reflect.DeepEqual(v, billingProjectIdProp)) {
obj["billingProjectId"] = billingProjectIdProp
}
labelsProp, err := expandNetworkSecurityFirewallEndpointEffectiveLabels(d.Get("effective_labels"), d, config)
if err != nil {
return err
Expand Down Expand Up @@ -251,6 +262,9 @@ func resourceNetworkSecurityFirewallEndpointRead(d *schema.ResourceData, meta in
if err := d.Set("state", flattenNetworkSecurityFirewallEndpointState(res["state"], d, config)); err != nil {
return fmt.Errorf("Error reading FirewallEndpoint: %s", err)
}
if err := d.Set("billing_project_id", flattenNetworkSecurityFirewallEndpointBillingProjectId(res["billingProjectId"], d, config)); err != nil {
return fmt.Errorf("Error reading FirewallEndpoint: %s", err)
}
if err := d.Set("terraform_labels", flattenNetworkSecurityFirewallEndpointTerraformLabels(res["labels"], d, config)); err != nil {
return fmt.Errorf("Error reading FirewallEndpoint: %s", err)
}
Expand All @@ -272,6 +286,12 @@ func resourceNetworkSecurityFirewallEndpointUpdate(d *schema.ResourceData, meta
billingProject := ""

obj := make(map[string]interface{})
billingProjectIdProp, err := expandNetworkSecurityFirewallEndpointBillingProjectId(d.Get("billing_project_id"), d, config)
if err != nil {
return err
} else if v, ok := d.GetOkExists("billing_project_id"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, billingProjectIdProp)) {
obj["billingProjectId"] = billingProjectIdProp
}
labelsProp, err := expandNetworkSecurityFirewallEndpointEffectiveLabels(d.Get("effective_labels"), d, config)
if err != nil {
return err
Expand All @@ -287,6 +307,10 @@ func resourceNetworkSecurityFirewallEndpointUpdate(d *schema.ResourceData, meta
log.Printf("[DEBUG] Updating FirewallEndpoint %q: %#v", d.Id(), obj)
updateMask := []string{}

if d.HasChange("billing_project_id") {
updateMask = append(updateMask, "billingProjectId")
}

if d.HasChange("effective_labels") {
updateMask = append(updateMask, "labels")
}
Expand Down Expand Up @@ -437,6 +461,10 @@ func flattenNetworkSecurityFirewallEndpointState(v interface{}, d *schema.Resour
return v
}

func flattenNetworkSecurityFirewallEndpointBillingProjectId(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}

func flattenNetworkSecurityFirewallEndpointTerraformLabels(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
if v == nil {
return v
Expand All @@ -456,6 +484,10 @@ func flattenNetworkSecurityFirewallEndpointEffectiveLabels(v interface{}, d *sch
return v
}

func expandNetworkSecurityFirewallEndpointBillingProjectId(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}

func expandNetworkSecurityFirewallEndpointEffectiveLabels(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (map[string]string, error) {
if v == nil {
return map[string]string{}, nil
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ func TestAccNetworkSecurityFirewallEndpoints_basic(t *testing.T) {
acctest.SkipIfVcr(t)
t.Parallel()

billingProjectId := envvar.GetTestProjectFromEnv()
orgId := envvar.GetTestOrgFromEnv(t)
randomSuffix := acctest.RandString(t, 10)

Expand All @@ -29,7 +30,7 @@ func TestAccNetworkSecurityFirewallEndpoints_basic(t *testing.T) {
CheckDestroy: testAccCheckNetworkSecurityFirewallEndpointDestroyProducer(t),
Steps: []resource.TestStep{
{
Config: testAccNetworkSecurityFirewallEndpoints_basic(orgId, randomSuffix),
Config: testAccNetworkSecurityFirewallEndpoints_basic(orgId, billingProjectId, randomSuffix),
},
{
ResourceName: "google_network_security_firewall_endpoint.foobar",
Expand All @@ -38,7 +39,7 @@ func TestAccNetworkSecurityFirewallEndpoints_basic(t *testing.T) {
ImportStateVerifyIgnore: []string{"labels", "terraform_labels"},
},
{
Config: testAccNetworkSecurityFirewallEndpoints_update(orgId, randomSuffix),
Config: testAccNetworkSecurityFirewallEndpoints_update(orgId, billingProjectId, randomSuffix),
},
{
ResourceName: "google_network_security_firewall_endpoint.foobar",
Expand All @@ -50,34 +51,38 @@ func TestAccNetworkSecurityFirewallEndpoints_basic(t *testing.T) {
})
}

func testAccNetworkSecurityFirewallEndpoints_basic(orgId string, randomSuffix string) string {
func testAccNetworkSecurityFirewallEndpoints_basic(orgId string, billingProjectId string, randomSuffix string) string {
return fmt.Sprintf(`
resource "google_network_security_firewall_endpoint" "foobar" {
provider = google-beta
name = "tf-test-my-firewall-endpoint%s"
parent = "organizations/%s"
location = "us-central1-a"
labels = {
foo = "bar"
}
provider = google-beta
name = "tf-test-my-firewall-endpoint%[1]s"
parent = "organizations/%[2]s"
location = "us-central1-a"
billing_project_id = "%[3]s"
labels = {
foo = "bar"
}
}
`, randomSuffix, orgId)
`, randomSuffix, orgId, billingProjectId)
}

func testAccNetworkSecurityFirewallEndpoints_update(orgId string, randomSuffix string) string {
func testAccNetworkSecurityFirewallEndpoints_update(orgId string, billingProjectId string, randomSuffix string) string {
return fmt.Sprintf(`
resource "google_network_security_firewall_endpoint" "foobar" {
provider = google-beta
name = "tf-test-my-firewall-endpoint%s"
parent = "organizations/%s"
location = "us-central1-a"
labels = {
foo = "bar-updated"
}
provider = google-beta
name = "tf-test-my-firewall-endpoint%[1]s"
parent = "organizations/%[2]s"
location = "us-central1-a"
billing_project_id = "%[3]s"
labels = {
foo = "bar-updated"
}
}
`, randomSuffix, orgId)
`, randomSuffix, orgId, billingProjectId)
}

func testAccCheckNetworkSecurityFirewallEndpointDestroyProducer(t *testing.T) func(s *terraform.State) error {
Expand Down
10 changes: 10 additions & 0 deletions website/docs/r/network_security_firewall_endpoint.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,12 @@ To get more information about FirewallEndpoint, see:
* [Firewall endpoint overview](https://cloud.google.com/firewall/docs/about-firewall-endpoints)
* [Create and associate firewall endpoints](https://cloud.google.com/firewall/docs/configure-firewall-endpoints)

~> **Warning:** If you are using User ADCs (Application Default Credentials) with this resource,
you must specify a `billing_project` and set `user_project_override` to true
in the provider configuration. Otherwise the ACM API will return a 403 error.
Your account must have the `serviceusage.services.use` permission on the
`billing_project` you defined.

## Example Usage - Network Security Firewall Endpoint Basic


Expand All @@ -56,6 +62,10 @@ resource "google_network_security_firewall_endpoint" "default" {
The following arguments are supported:


* `billing_project_id` -
(Required)
Project to bill on endpoint uptime usage.

* `name` -
(Required)
The name of the firewall endpoint resource.
Expand Down

0 comments on commit bc08799

Please sign in to comment.