Local IP Range support in compute_firewall (#6931) (#13240)

Signed-off-by: Modular Magician <[email protected]>

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/6931.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+compute: Add support for Local IP Ranges in `google_compute_firewall`
+```

google/resource_compute_firewall.go

@@ -213,8 +213,7 @@ must be expressed in CIDR format. Only IPv4 is supported.`,
 				Elem: &schema.Schema{
 					Type: schema.TypeString,
 				},
-				Set:           schema.HashString,
-				ConflictsWith: []string{"source_ranges", "source_tags"},
+				Set: schema.HashString,
 			},
 			"direction": {
 				Type:         schema.TypeString,
@@ -282,8 +281,7 @@ apply. Only IPv4 is supported. For INGRESS traffic, one of 'source_ranges',
 				Elem: &schema.Schema{
 					Type: schema.TypeString,
 				},
-				Set:           schema.HashString,
-				ConflictsWith: []string{"destination_ranges"},
+				Set: schema.HashString,
 			},
 			"source_service_accounts": {
 				Type:     schema.TypeSet,
@@ -324,7 +322,7 @@ one of 'source_ranges', 'source_tags' or 'source_service_accounts' is required.`
 					Type: schema.TypeString,
 				},
 				Set:           schema.HashString,
-				ConflictsWith: []string{"source_service_accounts", "destination_ranges", "target_service_accounts"},
+				ConflictsWith: []string{"source_service_accounts", "target_service_accounts"},
 			},
 			"target_service_accounts": {
 				Type:     schema.TypeSet,

google/resource_compute_firewall_test.go

@@ -47,6 +47,45 @@ func TestAccComputeFirewall_update(t *testing.T) {
 	})
 }
 
+func TestAccComputeFirewall_localRanges(t *testing.T) {
+	t.Parallel()
+
+	networkName := fmt.Sprintf("tf-test-firewall-%s", randString(t, 10))
+	firewallName := fmt.Sprintf("tf-test-firewall-%s", randString(t, 10))
+
+	vcrTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckComputeFirewallDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccComputeFirewall_localRanges(networkName, firewallName),
+			},
+			{
+				ResourceName:      "google_compute_firewall.foobar",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccComputeFirewall_localRangesUpdate(networkName, firewallName),
+			},
+			{
+				ResourceName:      "google_compute_firewall.foobar",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccComputeFirewall_localRanges(networkName, firewallName),
+			},
+			{
+				ResourceName:      "google_compute_firewall.foobar",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
 func TestAccComputeFirewall_priority(t *testing.T) {
 	t.Parallel()
 
@@ -282,6 +321,52 @@ resource "google_compute_firewall" "foobar" {
 `, network, firewall)
 }
 
+func testAccComputeFirewall_localRanges(network, firewall string) string {
+	return fmt.Sprintf(`
+resource "google_compute_network" "foobar" {
+  name                    = "%s"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_firewall" "foobar" {
+  name        = "%s"
+  description = "Resource created for Terraform acceptance testing"
+  network     = google_compute_network.foobar.name
+  source_tags = ["foo"]
+
+  source_ranges      = ["10.0.0.0/8"]
+  destination_ranges = ["192.168.1.0/24"]
+
+  allow {
+    protocol = "icmp"
+  }
+}
+`, network, firewall)
+}
+
+func testAccComputeFirewall_localRangesUpdate(network, firewall string) string {
+	return fmt.Sprintf(`
+resource "google_compute_network" "foobar" {
+  name                    = "%s"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_firewall" "foobar" {
+  name        = "%s"
+  description = "Resource created for Terraform acceptance testing"
+  network     = google_compute_network.foobar.name
+  source_tags = ["foo"]
+
+  source_ranges      = ["192.168.1.0/24"]
+  destination_ranges = ["10.0.0.0/8"]
+
+  allow {
+    protocol = "icmp"
+  }
+}
+`, network, firewall)
+}
+
 func testAccComputeFirewall_update(network, firewall string) string {
 	return fmt.Sprintf(`
 resource "google_compute_network" "foobar" {