Skip to content

compute: add filter argument to google_compute_forwarding_rules data source (#20052)#79

Open
jbbqqf wants to merge 12 commits into
mainfrom
feat/20052-forwarding-rules-filter
Open

compute: add filter argument to google_compute_forwarding_rules data source (#20052)#79
jbbqqf wants to merge 12 commits into
mainfrom
feat/20052-forwarding-rules-filter

Conversation

@jbbqqf
Copy link
Copy Markdown
Owner

@jbbqqf jbbqqf commented May 9, 2026

Summary

Adds a filter argument to the google_compute_forwarding_rules data
source, mirroring the filter query parameter supported by the
underlying compute.forwardingRules.list REST API. Without it, users
who want to enumerate forwarding rules for a specific label, network,
target type, or load-balancing scheme have to fetch every rule in the
region and filter in HCL with for_each + tomap workarounds.

Fixes hashicorp/terraform-provider-google#20052 — see hashicorp/terraform-provider-google#20052

Why

The Compute Engine ForwardingRules.list API exposes a filter query
parameter that uses the documented Google filter syntax
(labels.env:prod, network eq ".*/my-vpc", etc.). The vendored Go
client has had (*ForwardingRulesListCall).Filter(string) for years
(see google.golang.org/api/compute/v1/compute2-gen.go), but the
Terraform data source schema only exposed project / region / rules
— so users couldn't take advantage of server-side filtering, and large
GCP projects (hundreds of forwarding rules) saw both unnecessary API
load and inefficient state plans.

GCP API reference:

What changed

This change is to a hand-written Terraform data source (whose source
of truth lives in magic-modules mmv1/third_party/...). Files touched:

 .../data_source_google_compute_forwarding_rules.go | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

Three small edits in
mmv1/third_party/terraform/services/compute/data_source_google_compute_forwarding_rules.go:

  1. Added a filter Optional TypeString schema entry with a
    description pointing to the API docs.
  2. In the Read function, retrieved the user-supplied filter, included
    it in the data source ID (so distinct filter expressions produce
    distinct IDs), and applied it via listCall.Filter(filter) only
    when non-empty.
  3. Set the resolved filter back into state at the end of Read (mirrors
    the existing pattern for project / region).

Edge cases tested

# Scenario HCL excerpt Expected Verified by
1 filter unset (default) # filter omitted Unchanged behavior — ID is projects/.../regions/.../forwardingRules, every rule in the region returned Static: the if filter != "" guard skips both the ID suffix and the Filter() call
2 filter = "labels.env:prod" filter = "labels.env:prod" Server-side filtered list Vendored client has (*ForwardingRulesListCall).Filter(string); the data source now wires it
3 filter with regex syntax filter = "name eq \".*-prod-.*\"" Server-side regex filter Same path as scenario 2; the API accepts the documented filter syntax verbatim
4 Two data-source instances with different filters one with filter=...env:prod, one with filter=...env:dev Distinct IDs, no state collision The ID now includes /filter=<expr> when set

Test protocol

Test Result Notes
cd mmv1 && go run . --output ... --version ga --no-docs OK Regeneration completed cleanly
go build ./google/services/compute/... (TPG) OK full compute service compiles
go vet ./google/services/compute/... (TPG) OK only pre-existing unreachable-code warnings in *_firewall_policy_with_rules.go (unchanged by this PR)
Generated source contains filter schema entry and Filter(filter) call OK grep'd data_source_google_compute_forwarding_rules.go after regen — confirmed

This is purely additive (data source only — no resource lifecycle
implications): omitting filter reproduces the exact previous
behavior. The only risk surface is the server's reaction to an invalid
filter expression, and that surface is identical to what
(*ForwardingRulesListCall).Filter(...) already provides — i.e. the
caller gets the same 400 Bad Request they'd get from gcloud compute forwarding-rules list --filter=....

Resources

Disclosure

This PR was implemented with assistance from Claude Code. The diff was
modeled on the existing filter patterns used by other data sources
(e.g. google_compute_instances) and the vendored Go client's
Filter() builder. The regenerated provider compiled and vetted
cleanly. The author (a human) reviewed the diff and the regenerated
data source before opening this PR.

jcromanu and others added 12 commits May 8, 2026 16:43
@jcromanu
Migrated Compute router status to use transport_tpg.SendRequest (Goog…
28c0142 
…leCloudPlatform#17070)
@zli82016
tgc-revival: add google_colab_notebook_execution (GoogleCloudPlatform…
8ef6479 
…#17468)
@apratimutkarsh
Correct description of the cluster field in RestorePlan (GoogleCloudP…
b00da7a 
…latform#17480)
@Ray784
Custom MAC addresses and NEG based Dynamic NICs support (GoogleCloudP…
07652b5 
…latform#17455)
@shuyama1
Fix data lineage config tests (GoogleCloudPlatform#17482)
202ca26
@melinath
Moved compute-related bootstrapping into the compute package (GoogleC…
37b4def 
…loudPlatform#17461)
@shuyama1
Bump TeamCity execution timeout (GoogleCloudPlatform#17484)
77ef00b
@shuyama1
support sample-based templates in unused-template-check (GoogleCloudP…
a18ab4f 
…latform#17474)
@ota2000
fix(bigqueryconnection): flatten authentication fields from API respo…
ac45a1e 
…nse (GoogleCloudPlatform#17341)
@zli82016
tgc: fix TestAccDatastreamPrivateConnection test (GoogleCloudPlatform…
8d7f85b 
…#17486)
@jbbqqf @claude
compute: add filter argument to google_compute_forwarding_rules data …
2a26607 
…source (#20052)

Adds a filter argument to the data source so users can scope the result
set the same way the underlying compute.forwardingRules.list API allows
(e.g. "labels.env:prod"). The Filter() builder is already exposed by the
Go client; without a Terraform-side argument, the data source returns
the entire forwarding-rule list of the region, forcing users to filter
in HCL with for_each + tomap workarounds.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@jbbqqf
ci: trigger re-run after CLA signature
d15990c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add filter argument to forwarding_rules data source

8 participants

@jbbqqf @jcromanu @zli82016 @apratimutkarsh @Ray784 @shuyama1 @melinath @ota2000