google_compute_firewall: can't use network name but are forced to use its FQURN

[walterdolce]

Hi guys, I see the google_compute_firewall resource returns the fully qualified URN of the network associated with it and so we can't simply say "firewall rule belongs to network foo", but are forced to hardcode the full URL...and how knows when that URL will change ;)

Please see below:

 ×  gcp-firewall-rules: Ensure the GCP firewall rules are configured and secured properly (1 failed)
     ✔  Firewall Rule ingress-deny-all should exist
     ×  Firewall Rule ingress-deny-all network should cmp == "my-network-name"

     expected: "my-network-name"
          got: "https://www.googleapis.com/compute/v1/projects/my-gcp-project/global/networks/my-network-name"

     (compared using `cmp` matcher)

I would expect to be able to simply use the name and not have to hardcode the full URL.

Perhaps it's worth changing the resource to allow that as well as the full URL for those who want to be sure the full URL is what they expect? (maybe they want to be sure to hit API v1 and not v2?)

Hope that makes sense. Thank you.

[slevenick]

One solution that works for most of these cases is to use a regular expression to match the end of the network URL.

For example: its('network') { should match /\/my-network-name$/ } Will only pass for URLs that end with /my-network-name.

[skpaterson]

Agreed, it's definitely worth adding a helper method e.g. network_name to improve on what gets returned from the API.