diff --git a/config/tests/samples/create/harness.go b/config/tests/samples/create/harness.go index 5312286030..57f28cca0b 100644 --- a/config/tests/samples/create/harness.go +++ b/config/tests/samples/create/harness.go @@ -667,6 +667,7 @@ func MaybeSkip(t *testing.T, name string, resources []*unstructured.Unstructured case schema.GroupKind{Group: "compute.cnrm.cloud.google.com", Kind: "ComputeBackendService"}: case schema.GroupKind{Group: "compute.cnrm.cloud.google.com", Kind: "ComputeDisk"}: case schema.GroupKind{Group: "compute.cnrm.cloud.google.com", Kind: "ComputeFirewallPolicy"}: + case schema.GroupKind{Group: "compute.cnrm.cloud.google.com", Kind: "ComputeFirewallPolicyRule"}: case schema.GroupKind{Group: "compute.cnrm.cloud.google.com", Kind: "ComputeForwardingRule"}: case schema.GroupKind{Group: "compute.cnrm.cloud.google.com", Kind: "ComputeHealthCheck"}: case schema.GroupKind{Group: "compute.cnrm.cloud.google.com", Kind: "ComputeInstance"}: diff --git a/mockgcp/mockcompute/firewallpoliciesv1.go b/mockgcp/mockcompute/firewallpoliciesv1.go index 489de4e470..baa566feb5 100644 --- a/mockgcp/mockcompute/firewallpoliciesv1.go +++ b/mockgcp/mockcompute/firewallpoliciesv1.go @@ -225,6 +225,132 @@ func (s *FirewallPoliciesV1) Delete(ctx context.Context, req *pb.DeleteFirewallP }) } +func (s *FirewallPoliciesV1) GetRule(ctx context.Context, req *pb.GetRuleFirewallPolicyRequest) (*pb.FirewallPolicyRule, error) { + reqName := "locations/global/firewallPolicies/" + req.GetFirewallPolicy() + name, err := s.parseFirewallPolicyName(reqName) + if err != nil { + return nil, err + } + + fqn := name.String() + + obj := &pb.FirewallPolicy{} + if err := s.storage.Get(ctx, fqn, obj); err != nil { + return nil, err + } + + var rule *pb.FirewallPolicyRule + rules := obj.GetRules() + if len(rules) == 0 { + return nil, err + } + + for _, r := range rules { + if r.Priority == req.Priority { + rule = r + } + } + if rule == nil { + return nil, status.Errorf(codes.NotFound, "Invalid value for field 'priority': '%q'. The firewall policy does not contain a rule at priority %q.", strconv.Itoa(int(*req.Priority)), strconv.Itoa(int(*req.Priority))) + } + + return rule, nil +} + +func (s *FirewallPoliciesV1) AddRule(ctx context.Context, req *pb.AddRuleFirewallPolicyRequest) (*pb.Operation, error) { + reqName := "locations/global/firewallPolicies/" + req.GetFirewallPolicy() + name, err := s.parseFirewallPolicyName(reqName) + if err != nil { + return nil, err + } + + fqn := name.String() + + obj := &pb.FirewallPolicy{} + if err := s.storage.Get(ctx, fqn, obj); err != nil { + return nil, err + } + + obj.Rules = []*pb.FirewallPolicyRule{req.GetFirewallPolicyRuleResource()} + + if err := s.storage.Update(ctx, fqn, obj); err != nil { + return nil, err + } + + op := &pb.Operation{ + TargetId: obj.Id, + TargetLink: obj.SelfLink, + OperationType: PtrTo("addFirewallRuleToFirewallPolicy"), + User: PtrTo("user@example.com"), + } + return s.startGlobalOrganizationLRO(ctx, op, func() (proto.Message, error) { + return obj, nil + }) +} + +func (s *FirewallPoliciesV1) PatchRule(ctx context.Context, req *pb.PatchRuleFirewallPolicyRequest) (*pb.Operation, error) { + reqName := "locations/global/firewallPolicies/" + req.GetFirewallPolicy() + + name, err := s.parseFirewallPolicyName(reqName) + if err != nil { + return nil, err + } + + fqn := name.String() + obj := &pb.FirewallPolicy{} + if err := s.storage.Get(ctx, fqn, obj); err != nil { + return nil, err + } + + obj.Rules = []*pb.FirewallPolicyRule{req.GetFirewallPolicyRuleResource()} + + if err := s.storage.Update(ctx, fqn, obj); err != nil { + return nil, err + } + + op := &pb.Operation{ + TargetId: obj.Id, + TargetLink: obj.SelfLink, + OperationType: PtrTo("patchFirewallRuleInFirewallPolicy"), + User: PtrTo("user@example.com"), + // patch operation finished super fast + Progress: PtrTo(int32(100)), + Status: PtrTo(pb.Operation_DONE), + } + return s.startGlobalOrganizationLRO(ctx, op, func() (proto.Message, error) { + return obj, nil + }) +} +func (s *FirewallPoliciesV1) RemoveRule(ctx context.Context, req *pb.RemoveRuleFirewallPolicyRequest) (*pb.Operation, error) { + reqName := "locations/global/firewallPolicies/" + req.GetFirewallPolicy() + name, err := s.parseFirewallPolicyName(reqName) + if err != nil { + return nil, err + } + + fqn := name.String() + + obj := &pb.FirewallPolicy{} + if err := s.storage.Get(ctx, fqn, obj); err != nil { + return nil, err + } + + obj.Rules = nil + if err := s.storage.Update(ctx, fqn, obj); err != nil { + return nil, err + } + + op := &pb.Operation{ + TargetId: obj.Id, + TargetLink: obj.SelfLink, + OperationType: PtrTo("removeFirewallRuleFromFirewallPolicy"), + User: PtrTo("user@example.com"), + } + return s.startGlobalOrganizationLRO(ctx, op, func() (proto.Message, error) { + return obj, nil + }) +} + type firewallPolicyName struct { Name string } diff --git a/pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/_generated_object_computefirewallpolicyrule.golden.yaml b/pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/_generated_object_computefirewallpolicyrule.golden.yaml index 52d426c96b..ed5bf8df6d 100644 --- a/pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/_generated_object_computefirewallpolicyrule.golden.yaml +++ b/pkg/test/resourcefixture/testdata/basic/compute/v1beta1/computefirewallpolicyrule/_generated_object_computefirewallpolicyrule.golden.yaml @@ -30,6 +30,4 @@ status: reason: UpToDate status: "True" type: Ready - kind: compute#firewallPolicyRule observedGeneration: 2 - ruleTupleCount: 2