fix: google-anyscale-vpc-firewall - Firewall Rule Names

The firewall rule names were not properly getting pulled from the variable when pulling from the `predefined_firewall_rules`. Additonal updates: - E2E test added for Services where functional verification isn't possible - Removed the unit test for the firewall as it was no longer maintained. Changes to be committed: modified: ../modules/google-anyscale-vpc-firewall/main.tf deleted: ../modules/google-anyscale-vpc-firewall/test/terraform_google_anyscale_vpc_firewall_test.go new file: anyscale-service/service.py
anyscale · Oct 9, 2024 · e0e0c7b · e0e0c7b
1 parent 55a4abd
commit e0e0c7b
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 70 deletions.
diff --git a/modules/google-anyscale-vpc-firewall/main.tf b/modules/google-anyscale-vpc-firewall/main.tf
@@ -91,7 +91,7 @@ resource "google_compute_network_firewall_policy_rule" "ingress_allow_from_cidr_
   count   = local.ingress_from_cidr_blocks_enabled ? length(var.ingress_from_cidr_map) : 0
   project = var.anyscale_project_id
 
-  description     = lookup(var.ingress_from_cidr_map[count.index], "description", "Ingress Rule")
+  description     = try(var.predefined_firewall_rules[lookup(var.ingress_from_cidr_map[count.index], "rule", "")].description, "Ingress Rule")
   direction       = "INGRESS"
   action          = "allow"
   enable_logging  = var.enable_firewall_rule_logging
@@ -144,7 +144,7 @@ resource "google_compute_network_firewall_policy_rule" "ingress_allow_from_gcp_h
   count   = local.ingress_from_gcp_health_checks ? length(var.ingress_from_gcp_health_checks) : 0
   project = var.anyscale_project_id
 
-  description     = lookup(var.ingress_from_gcp_health_checks[count.index], "description", "Ingress Rule")
+  description     = try(var.predefined_firewall_rules[lookup(var.ingress_from_gcp_health_checks[count.index], "rule", "")].description, "Ingress Rule")
   direction       = "INGRESS"
   action          = "allow"
   enable_logging  = var.enable_firewall_rule_logging

diff --git a/modules/google-anyscale-vpc-firewall/test/terraform_google_anyscale_vpc_firewall_test.go b/modules/google-anyscale-vpc-firewall/test/terraform_google_anyscale_vpc_firewall_test.go
diff --git a/test/anyscale-service/service.py b/test/anyscale-service/service.py
@@ -0,0 +1,27 @@
+from fastapi import FastAPI
+from ray import serve
+import os
+
+# Use this var to test service inplace update. When the env var is updated, users see new return value.
+msg = os.getenv("SERVE_RESPONSE_MESSAGE", "Hello world!")
+
+app = FastAPI()
+
+
+@serve.deployment(route_prefix="/")
+@serve.ingress(app)
+class HelloWorld:
+    @app.get("/")
+    def hello(self):
+        return msg
+
+    @app.get("/healthcheck")
+    def healthcheck(self):
+        return
+
+
+entrypoint = HelloWorld.bind()
+
+# The following block will be executed if the script is run by Python directly
+if __name__ == "__main__":
+    serve.run(entrypoint)