Add priority field to regional network firewall policy association (#16726) (#11770)

[upstream:05e0dac3ad176d8ad214b41baf27bdff71f5cad5]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/16726.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+compute: added `priority` field to `google_compute_region_network_firewall_policy_association` resource
+```

google-beta/services/compute/resource_compute_region_network_firewall_policy_association.go

@@ -136,6 +136,13 @@ func ResourceComputeRegionNetworkFirewallPolicyAssociation() *schema.Resource {
 				ForceNew:    true,
 				Description: `The name for an association.`,
 			},
+			"priority": {
+				Type:        schema.TypeInt,
+				Computed:    true,
+				Optional:    true,
+				ForceNew:    true,
+				Description: `An integer indicating the priority of an association.`,
+			},
 			"region": {
 				Type:        schema.TypeString,
 				Computed:    true,
@@ -179,6 +186,12 @@ func resourceComputeRegionNetworkFirewallPolicyAssociationCreate(d *schema.Resou
 	} else if v, ok := d.GetOkExists("attachment_target"); !tpgresource.IsEmptyValue(reflect.ValueOf(attachmentTargetProp)) && (ok || !reflect.DeepEqual(v, attachmentTargetProp)) {
 		obj["attachmentTarget"] = attachmentTargetProp
 	}
+	priorityProp, err := expandComputeRegionNetworkFirewallPolicyAssociationPriority(d.Get("priority"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("priority"); !tpgresource.IsEmptyValue(reflect.ValueOf(priorityProp)) && (ok || !reflect.DeepEqual(v, priorityProp)) {
+		obj["priority"] = priorityProp
+	}
 
 	url, err := tpgresource.ReplaceVarsForId(d, config, "{{ComputeBasePath}}projects/{{project}}/regions/{{region}}/firewallPolicies/{{firewall_policy}}/addAssociation")
 	if err != nil {
@@ -287,6 +300,9 @@ func resourceComputeRegionNetworkFirewallPolicyAssociationRead(d *schema.Resourc
 	if err := d.Set("short_name", flattenComputeRegionNetworkFirewallPolicyAssociationShortName(res["shortName"], d, config)); err != nil {
 		return fmt.Errorf("Error reading RegionNetworkFirewallPolicyAssociation: %s", err)
 	}
+	if err := d.Set("priority", flattenComputeRegionNetworkFirewallPolicyAssociationPriority(res["priority"], d, config)); err != nil {
+		return fmt.Errorf("Error reading RegionNetworkFirewallPolicyAssociation: %s", err)
+	}
 
 	return nil
 }
@@ -381,10 +397,31 @@ func flattenComputeRegionNetworkFirewallPolicyAssociationShortName(v interface{}
 	return v
 }
 
+func flattenComputeRegionNetworkFirewallPolicyAssociationPriority(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	// Handles the string fixed64 format
+	if strVal, ok := v.(string); ok {
+		if intVal, err := tpgresource.StringToFixed64(strVal); err == nil {
+			return intVal
+		}
+	}
+
+	// number values are represented as float64
+	if floatVal, ok := v.(float64); ok {
+		intVal := int(floatVal)
+		return intVal
+	}
+
+	return v // let terraform core handle it otherwise
+}
+
 func expandComputeRegionNetworkFirewallPolicyAssociationName(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	return v, nil
 }
 
 func expandComputeRegionNetworkFirewallPolicyAssociationAttachmentTarget(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	return v, nil
 }
+
+func expandComputeRegionNetworkFirewallPolicyAssociationPriority(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}

google-beta/services/compute/resource_compute_region_network_firewall_policy_association_generated_meta.yaml

@@ -11,6 +11,8 @@ fields:
       provider_only: true
     - api_field: associations.name
       field: name
+    - api_field: associations.priority
+      field: priority
     - field: region
       provider_only: true
     - api_field: associations.shortName

google-beta/services/compute/resource_compute_region_network_firewall_policy_association_generated_test.go

@@ -101,6 +101,61 @@ resource "google_compute_region_network_firewall_policy_association" "default" {
 `, context)
 }
 
+func TestAccComputeRegionNetworkFirewallPolicyAssociation_regionNetworkFirewallPolicyAssociationPriorityExample(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"project_name":  envvar.GetTestProjectFromEnv(),
+		"region":        envvar.GetTestRegionFromEnv(),
+		"random_suffix": acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t),
+		CheckDestroy:             testAccCheckComputeRegionNetworkFirewallPolicyAssociationDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccComputeRegionNetworkFirewallPolicyAssociation_regionNetworkFirewallPolicyAssociationPriorityExample(context),
+			},
+			{
+				ResourceName:            "google_compute_region_network_firewall_policy_association.association",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"firewall_policy", "region"},
+			},
+		},
+	})
+}
+
+func testAccComputeRegionNetworkFirewallPolicyAssociation_regionNetworkFirewallPolicyAssociationPriorityExample(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_compute_region_network_firewall_policy" "policy" {
+  provider = google-beta
+  name = "tf-test-my-policy%{random_suffix}"
+  project = "%{project_name}"
+  description = "Sample global network firewall policy"
+  region = "%{region}"
+}
+
+resource "google_compute_network" "network" {
+  provider = google-beta
+  name = "tf-test-my-network%{random_suffix}"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_region_network_firewall_policy_association" "association" {
+  provider = google-beta
+  name = "tf-test-my-association%{random_suffix}"
+  project = "%{project_name}"
+  attachment_target = google_compute_network.network.id
+  firewall_policy =  google_compute_region_network_firewall_policy.policy.id
+  region = "%{region}"
+  priority = 1
+}
+`, context)
+}
+
 func testAccCheckComputeRegionNetworkFirewallPolicyAssociationDestroyProducer(t *testing.T) func(s *terraform.State) error {
 	return func(s *terraform.State) error {
 		for name, rs := range s.RootModule().Resources {

website/docs/r/compute_region_network_firewall_policy_association.html.markdown

@@ -52,6 +52,34 @@ resource "google_compute_region_network_firewall_policy_association" "default" {
   region = "us-west1"
 }
 ```
+## Example Usage - Region Network Firewall Policy Association Priority
+
+
+```hcl
+resource "google_compute_region_network_firewall_policy" "policy" {
+  provider = google-beta
+  name = "my-policy"
+  project = "my-project-name"
+  description = "Sample global network firewall policy"
+  region = "us-west1"
+}
+
+resource "google_compute_network" "network" {
+  provider = google-beta
+  name = "my-network"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_region_network_firewall_policy_association" "association" {
+  provider = google-beta
+  name = "my-association"
+  project = "my-project-name"
+  attachment_target = google_compute_network.network.id
+  firewall_policy =  google_compute_region_network_firewall_policy.policy.id
+  region = "us-west1"
+  priority = 1
+}
+```
 
 ## Argument Reference
 
@@ -71,6 +99,10 @@ The following arguments are supported:
   The firewall policy of the resource.
 
 
+* `priority` -
+  (Optional, [Beta](../guides/provider_versions.html.markdown))
+  An integer indicating the priority of an association.
+
 * `region` -
   (Optional)
   The location of this resource.