compute: fixed google_compute_firewall_policy_rule staying disabled after apply with disabled = false (#14182) (#23329)

modular-magician · web-flow · commit 22537d6e004c · 2025-06-18T11:24:54.000-07:00
[upstream:810619d5071fe7dc82f2ccf7db3130da7ebb3ca3]

Signed-off-by: Modular Magician &lt;magic-modules@google.com&gt;
diff --git a/.changelog/14182.txt b/.changelog/14182.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+compute: fixed `google_compute_firewall_policy_rule` staying disabled after apply with `disabled = false`
+```
diff --git a/google/services/compute/resource_compute_firewall_policy_rule.go b/google/services/compute/resource_compute_firewall_policy_rule.go
@@ -339,7 +339,7 @@ func resourceComputeFirewallPolicyRuleCreate(d *schema.ResourceData, meta interf
 	disabledProp, err := expandComputeFirewallPolicyRuleDisabled(d.Get("disabled"), d, config)
 	if err != nil {
 		return err
-	} else if v, ok := d.GetOkExists("disabled"); !tpgresource.IsEmptyValue(reflect.ValueOf(disabledProp)) && (ok || !reflect.DeepEqual(v, disabledProp)) {
+	} else if v, ok := d.GetOkExists("disabled"); ok || !reflect.DeepEqual(v, disabledProp) {
 		obj["disabled"] = disabledProp
 	}
 	firewallPolicyProp, err := expandComputeFirewallPolicyRuleFirewallPolicy(d.Get("firewall_policy"), d, config)
@@ -552,7 +552,7 @@ func resourceComputeFirewallPolicyRuleUpdate(d *schema.ResourceData, meta interf
 	disabledProp, err := expandComputeFirewallPolicyRuleDisabled(d.Get("disabled"), d, config)
 	if err != nil {
 		return err
-	} else if v, ok := d.GetOkExists("disabled"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, disabledProp)) {
+	} else if v, ok := d.GetOkExists("disabled"); ok || !reflect.DeepEqual(v, disabledProp) {
 		obj["disabled"] = disabledProp
 	}
 	firewallPolicyProp, err := expandComputeFirewallPolicyRuleFirewallPolicy(d.Get("firewall_policy"), d, config)
diff --git a/google/services/compute/resource_compute_firewall_policy_rule_test.go b/google/services/compute/resource_compute_firewall_policy_rule_test.go
@@ -189,6 +189,43 @@ func TestAccComputeFirewallPolicyRule_basic(t *testing.T) {
 	})
 }
 
+func TestAccComputeFirewallPolicyRule_disabled_enabled(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": acctest.RandString(t, 10),
+		"org_name":      fmt.Sprintf("organizations/%s", envvar.GetTestOrgFromEnv(t)),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccComputeFirewallPolicyRule_disabled(context, true),
+			},
+			{
+				ResourceName:            "google_compute_firewall_policy_rule.default",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"firewall_policy"},
+			},
+			{
+				Config: testAccComputeFirewallPolicyRule_disabled(context, false),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("google_compute_firewall_policy_rule.default", "disabled", "false"),
+				),
+			},
+			{
+				ResourceName:            "google_compute_firewall_policy_rule.default",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"firewall_policy"},
+			},
+		},
+	})
+}
+
 func testAccComputeFirewallPolicyRule_basic(context map[string]interface{}) string {
 	return acctest.Nprintf(`
 resource "google_folder" "folder" {
@@ -794,3 +831,39 @@ resource "google_compute_firewall_policy_rule" "fw_policy_rule3" {
 }
 `, context)
 }
+
+func testAccComputeFirewallPolicyRule_disabled(context map[string]interface{}, disabled bool) string {
+	context["disabled"] = fmt.Sprintf("%t", disabled)
+	return acctest.Nprintf(`
+resource "google_folder" "default" {
+  display_name = "tf-test-folder-%{random_suffix}"
+  parent       = "%{org_name}"
+  deletion_protection = false
+}
+
+resource "google_compute_firewall_policy" "default" {
+  parent      = google_folder.default.name
+  short_name  = "tf-test-policy-%{random_suffix}"
+  description = "Resource created for Terraform acceptance testing"
+}
+
+resource "google_compute_firewall_policy_rule" "default" {
+  firewall_policy         = google_compute_firewall_policy.default.name
+  description             = "Resource created for Terraform acceptance testing"
+  priority                = 9000
+  enable_logging          = true
+  action                  = "allow"
+  direction               = "EGRESS"
+  disabled                = %{disabled}
+
+  match {
+    dest_ip_ranges = ["35.235.240.0/20"]
+
+    layer4_configs {
+      ip_protocol = "tcp"
+      ports       = [22]
+    }
+  }
+}
+`, context)
+}

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	+```release-note:bug
	`2`	+compute: fixed `google_compute_firewall_policy_rule` staying disabled after apply with `disabled = false`
	`3`	+```