-
Notifications
You must be signed in to change notification settings - Fork 2.3k
feat: add support to networkRules on authzPolicy#17777
Conversation
Googlers: For automatic test runs see go/terraform-auto-test-runs.
@melinath, a repository maintainer, has been assigned to review your changes. If you have not received review feedback within 2 business days, please leave a comment on this PR asking them to take a look.
You can help make sure that review is quick by doing a self-review and by running impacted tests locally.
This comment was marked as outdated.
This comment was marked as outdated.
@BBBmau
BBBmau
left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we get the following error currently:
Error recording tests: error running go: exit status 1 stdout: === RUN TestAccNetworkSecurityAuthzPolicy_networkSecurityAuthzPolicyWithNetworkRulesExample === PAUSE TestAccNetworkSecurityAuthzPolicy_networkSecurityAuthzPolicyWithNetworkRulesExample === CONT TestAccNetworkSecurityAuthzPolicy_networkSecurityAuthzPolicyWithNetworkRulesExample resource_network_security_authz_policy_generated_test.go:433: Step 1/3 error: Error running apply: exit status 1 Error: Error waiting to create AuthzPolicy: Error waiting for Creating AuthzPolicy: Error code 13, message: an internal error has occurred with google_network_security_authz_policy.default, on terraform_plugin_test.tf line 80, in resource "google_network_security_authz_policy" "default": 80: resource "google_network_security_authz_policy" "default" { --- FAIL: TestAccNetworkSecurityAuthzPolicy_networkSecurityAuthzPolicyWithNetworkRulesExample (172.11s) FAIL FAIL github.com/hashicorp/terraform-provider-google-beta/google-beta/services/networksecurity 172.189s FAIL stderr:
also we should be extensive with networkRules since it contains a massive amount of new fields
victorsantos-cit
commented
Jun 1, 2026
@BBBmau do you have any kind of ideia , about this error, because, local is working
victorsantos-cit
commented
Jun 1, 2026
@BBBmau Hey bbb, just update you, this feature, its prevent to rollout on this final weekend but broken, in on contact tto discovery more update
Updated descriptions and properties in AuthzPolicy.yaml to clarify matching criteria for operations, headers, and ports.
This comment was marked as outdated.
This comment was marked as outdated.
victorsantos-cit
commented
Jun 3, 2026
@BBBmau Just update you, this feature have a small bug and the Google Team will rollout a update to fixed that
@BBBmau This PR has been waiting for review for 3 weekdays. Please take a look! Use the label disable-review-reminders to disable these notifications.
victorsantos-cit
commented
Jun 5, 2026
@BBBmau, just update you, on local now works and the fix is update now, could you please push again on the queue
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
@BBBmau
BBBmau
left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
tests are passing but we still have multiple fields missing based on the test report. can you create new tests that run each case in order to test the new fields thoroughyl?
victorsantos-cit
commented
Jun 9, 2026
tests are passing but we still have multiple fields missing based on the test report. can you create new tests that run each case in order to test the new fields thoroughyl?
Sorry to daley, i will create another test, using this fields right now
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
melinath
commented
Jun 12, 2026
@modular-magician reassign-reviewer melinath
|
Hi there, I'm the Modular magician. I've detected the following information about your changes for commit a053aa8: Diff reportYour PR generated the following diffs in downstream repositories:
Test reportAnalytics
Affected Service Packages
Step 1: Replaying Mode Action takenFound 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
View the replaying VCR build log Step 2: Recording Mode
🟢 All tests passed! View the recording VCR build log or the debug logs folder for detailed results. @victorsantos-cit, @melinath VCR tests complete for a053aa8! |
@melinath
melinath
left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for getting all the fields included in the tests! Could you also add an update test for this? The easiest way would probably be to convert this resource to use "samples", which can generate update tests.
Migration guide: https://googlecloudplatform.github.io/magic-modules/reference/update-test-changes/
Reference: https://googlecloudplatform.github.io/magic-modules/reference/sample/
Basically we'd want all the new updatable fields to be updated in the test, just to exercise that process.
victorsantos-cit
commented
Jun 12, 2026
Sure, lets create this
|
Hi there, I'm the Modular magician. I've detected the following information about your changes for commit 96f66c7: Diff reportYour PR generated the following diffs in downstream repositories:
Test reportAnalytics
Affected Service Packages
Step 1: Replaying Mode Action takenFound 1 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests
View the replaying VCR build log Step 2: Recording Mode
🟢 All tests passed! View the recording VCR build log or the debug logs folder for detailed results. @victorsantos-cit, @melinath, @BBBmau VCR tests complete for 96f66c7! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM - there are a couple fields that aren't exercised in the update tests, but they have sibling fields which are. There are also some nits (we don't usually want to support UNSPECIFIED fields, but they slip through occasionally; it's not the end of the world.) Overall I think this is good enough.
melinath
commented
Jun 12, 2026
Manual GA test run just out of paranoia: https://hashicorp.teamcity.com/buildConfiguration/TerraformProviders_GoogleCloud_GOOGLE_MMUPSTREAMTESTS_GOOGLE_PACKAGE_NETWORKSECURITY/684639
melinath
commented
Jun 12, 2026
(you won't have access to that)
fd776a2
melinath
commented
Jun 12, 2026
ah, the test is beta-only; created #17960 to double-check if it can be turned on in GA
Uh oh!
There was an error while loading. Please reload this page.
Hello Folks, this PR is to add a support to networkRules field on google_network_security_authz_policy resource
Release Note Template for Downstream PRs (will be copied)
See Write release notes for guidance.