Add Feature Service attachment tunneling config (#14602) (#10730)

[upstream:8059e0b433b96f9d1184c31a4bb4e19ad61ac0a1]

Signed-off-by: Modular Magician <magic-modules@google.com>

Author: modular-magician

.changelog/14602.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+compute: added `tunneling_config` field to `google_compute_service_attachment` resource (beta)
+```

google-beta/services/compute/resource_compute_service_attachment.go

@@ -197,6 +197,26 @@ If true, update will affect both PENDING and ACCEPTED/REJECTED PSC endpoints. Fo
 				DiffSuppressFunc: tpgresource.CompareSelfLinkOrResourceName,
 				Description:      `URL of the region where the resource resides.`,
 			},
+			"tunneling_config": {
+				Type:        schema.TypeList,
+				Optional:    true,
+				Description: `Tunneling configuration for this service attachment.`,
+				MaxItems:    1,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"encapsulation_profile": {
+							Type:        schema.TypeString,
+							Optional:    true,
+							Description: `The encapsulation profile for tunneling traffic.`,
+						},
+						"routing_mode": {
+							Type:        schema.TypeString,
+							Optional:    true,
+							Description: `The routing mode for tunneling traffic.`,
+						},
+					},
+				},
+			},
 			"connected_endpoints": {
 				Type:     schema.TypeList,
 				Computed: true,
@@ -239,6 +259,25 @@ this service attachment.`,
 				Description: `Fingerprint of this resource. This field is used internally during
 updates of this resource.`,
 			},
+			"psc_service_attachment_id": {
+				Type:        schema.TypeList,
+				Computed:    true,
+				Description: `An 128-bit global unique ID of the PSC service attachment.`,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"high": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: `The high 64 bits of the PSC service attachment ID.`,
+						},
+						"low": {
+							Type:        schema.TypeString,
+							Computed:    true,
+							Description: `The low 64 bits of the PSC service attachment ID.`,
+						},
+					},
+				},
+			},
 			"send_propagated_connection_limit_if_zero": {
 				Type:     schema.TypeBool,
 				Optional: true,
@@ -345,6 +384,12 @@ func resourceComputeServiceAttachmentCreate(d *schema.ResourceData, meta interfa
 	} else if v, ok := d.GetOkExists("domain_names"); !tpgresource.IsEmptyValue(reflect.ValueOf(domainNamesProp)) && (ok || !reflect.DeepEqual(v, domainNamesProp)) {
 		obj["domainNames"] = domainNamesProp
 	}
+	tunnelingConfigProp, err := expandComputeServiceAttachmentTunnelingConfig(d.Get("tunneling_config"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("tunneling_config"); !tpgresource.IsEmptyValue(reflect.ValueOf(tunnelingConfigProp)) && (ok || !reflect.DeepEqual(v, tunnelingConfigProp)) {
+		obj["tunnelingConfig"] = tunnelingConfigProp
+	}
 	consumerRejectListsProp, err := expandComputeServiceAttachmentConsumerRejectLists(d.Get("consumer_reject_lists"), d, config)
 	if err != nil {
 		return err
@@ -502,6 +547,9 @@ func resourceComputeServiceAttachmentRead(d *schema.ResourceData, meta interface
 	if err := d.Set("fingerprint", flattenComputeServiceAttachmentFingerprint(res["fingerprint"], d, config)); err != nil {
 		return fmt.Errorf("Error reading ServiceAttachment: %s", err)
 	}
+	if err := d.Set("psc_service_attachment_id", flattenComputeServiceAttachmentPscServiceAttachmentId(res["pscServiceAttachmentId"], d, config)); err != nil {
+		return fmt.Errorf("Error reading ServiceAttachment: %s", err)
+	}
 	if err := d.Set("connection_preference", flattenComputeServiceAttachmentConnectionPreference(res["connectionPreference"], d, config)); err != nil {
 		return fmt.Errorf("Error reading ServiceAttachment: %s", err)
 	}
@@ -585,6 +633,12 @@ func resourceComputeServiceAttachmentUpdate(d *schema.ResourceData, meta interfa
 	} else if v, ok := d.GetOkExists("enable_proxy_protocol"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, enableProxyProtocolProp)) {
 		obj["enableProxyProtocol"] = enableProxyProtocolProp
 	}
+	tunnelingConfigProp, err := expandComputeServiceAttachmentTunnelingConfig(d.Get("tunneling_config"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("tunneling_config"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, tunnelingConfigProp)) {
+		obj["tunnelingConfig"] = tunnelingConfigProp
+	}
 	consumerRejectListsProp, err := expandComputeServiceAttachmentConsumerRejectLists(d.Get("consumer_reject_lists"), d, config)
 	if err != nil {
 		return err
@@ -750,6 +804,29 @@ func flattenComputeServiceAttachmentFingerprint(v interface{}, d *schema.Resourc
 	return v
 }
 
+func flattenComputeServiceAttachmentPscServiceAttachmentId(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	if v == nil {
+		return nil
+	}
+	original := v.(map[string]interface{})
+	if len(original) == 0 {
+		return nil
+	}
+	transformed := make(map[string]interface{})
+	transformed["high"] =
+		flattenComputeServiceAttachmentPscServiceAttachmentIdHigh(original["high"], d, config)
+	transformed["low"] =
+		flattenComputeServiceAttachmentPscServiceAttachmentIdLow(original["low"], d, config)
+	return []interface{}{transformed}
+}
+func flattenComputeServiceAttachmentPscServiceAttachmentIdHigh(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
+func flattenComputeServiceAttachmentPscServiceAttachmentIdLow(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
 func flattenComputeServiceAttachmentConnectionPreference(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
 	return v
 }
@@ -947,6 +1024,40 @@ func expandComputeServiceAttachmentDomainNames(v interface{}, d tpgresource.Terr
 	return v, nil
 }
 
+func expandComputeServiceAttachmentTunnelingConfig(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	l := v.([]interface{})
+	if len(l) == 0 || l[0] == nil {
+		return nil, nil
+	}
+	raw := l[0]
+	original := raw.(map[string]interface{})
+	transformed := make(map[string]interface{})
+
+	transformedRoutingMode, err := expandComputeServiceAttachmentTunnelingConfigRoutingMode(original["routing_mode"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedRoutingMode); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["routingMode"] = transformedRoutingMode
+	}
+
+	transformedEncapsulationProfile, err := expandComputeServiceAttachmentTunnelingConfigEncapsulationProfile(original["encapsulation_profile"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedEncapsulationProfile); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["encapsulationProfile"] = transformedEncapsulationProfile
+	}
+
+	return transformed, nil
+}
+
+func expandComputeServiceAttachmentTunnelingConfigRoutingMode(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
+func expandComputeServiceAttachmentTunnelingConfigEncapsulationProfile(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandComputeServiceAttachmentConsumerRejectLists(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	return v, nil
 }

google-beta/services/compute/resource_compute_service_attachment_generated_meta.yaml

@@ -22,8 +22,12 @@ fields:
   - field: 'name'
   - field: 'nat_subnets'
   - field: 'propagated_connection_limit'
+  - field: 'psc_service_attachment_id.high'
+  - field: 'psc_service_attachment_id.low'
   - field: 'reconcile_connections'
   - field: 'region'
   - field: 'send_propagated_connection_limit_if_zero'
     provider_only: true
   - field: 'target_service'
+  - field: 'tunneling_config.encapsulation_profile'
+  - field: 'tunneling_config.routing_mode'

google-beta/services/compute/resource_compute_service_attachment_generated_test.go

@@ -49,7 +49,7 @@ func TestAccComputeServiceAttachment_serviceAttachmentBasicExample(t *testing.T)
 				ResourceName:            "google_compute_service_attachment.psc_ilb_service_attachment",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"region"},
+				ImportStateVerifyIgnore: []string{"region", "tunneling_config"},
 			},
 		},
 	})
@@ -158,7 +158,7 @@ func TestAccComputeServiceAttachment_serviceAttachmentExplicitProjectsExample(t
 				ResourceName:            "google_compute_service_attachment.psc_ilb_service_attachment",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"region"},
+				ImportStateVerifyIgnore: []string{"region", "tunneling_config"},
 			},
 		},
 	})
@@ -274,7 +274,7 @@ func TestAccComputeServiceAttachment_serviceAttachmentExplicitNetworksExample(t
 				ResourceName:            "google_compute_service_attachment.psc_ilb_service_attachment",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"region"},
+				ImportStateVerifyIgnore: []string{"region", "tunneling_config"},
 			},
 		},
 	})
@@ -401,7 +401,7 @@ func TestAccComputeServiceAttachment_serviceAttachmentReconcileConnectionsExampl
 				ResourceName:            "google_compute_service_attachment.psc_ilb_service_attachment",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"region"},
+				ImportStateVerifyIgnore: []string{"region", "tunneling_config"},
 			},
 		},
 	})
@@ -482,6 +482,118 @@ resource "google_compute_subnetwork" "psc_ilb_nat" {
 `, context)
 }
 
+func TestAccComputeServiceAttachment_serviceAttachmentTunnelingConfigExample(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t),
+		CheckDestroy:             testAccCheckComputeServiceAttachmentDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccComputeServiceAttachment_serviceAttachmentTunnelingConfigExample(context),
+			},
+			{
+				ResourceName:            "google_compute_service_attachment.psc_ilb_service_attachment",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"region", "tunneling_config"},
+			},
+		},
+	})
+}
+
+func testAccComputeServiceAttachment_serviceAttachmentTunnelingConfigExample(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+provider "google-beta" {
+}
+
+resource "google_compute_service_attachment" "psc_ilb_service_attachment" {
+  provider = google-beta
+  
+  name        = "tf-test-my-psc-ilb%{random_suffix}"
+  region      = "us-west2"
+  description = "A service attachment configured with tunneling"
+
+  enable_proxy_protocol    = false
+  connection_preference    = "ACCEPT_AUTOMATIC"
+  nat_subnets              = [google_compute_subnetwork.psc_ilb_nat.id]
+  target_service           = google_compute_forwarding_rule.psc_ilb_target_service.id
+
+  tunneling_config {
+    routing_mode = "REGIONAL"
+    encapsulation_profile = "IPV4"
+  }
+}
+
+resource "google_compute_forwarding_rule" "psc_ilb_target_service" {
+  provider = google-beta
+  
+  name   = "tf-test-producer-forwarding-rule%{random_suffix}"
+  region = "us-west2"
+
+  load_balancing_scheme = "INTERNAL"
+  backend_service       = google_compute_region_backend_service.producer_service_backend.id
+  all_ports             = true
+  network               = google_compute_network.psc_ilb_network.name
+  subnetwork            = google_compute_subnetwork.psc_ilb_producer_subnetwork.name
+}
+
+resource "google_compute_region_backend_service" "producer_service_backend" {
+  provider = google-beta
+  
+  name   = "tf-test-producer-service%{random_suffix}"
+  region = "us-west2"
+
+  health_checks = [google_compute_health_check.producer_service_health_check.id]
+}
+
+resource "google_compute_health_check" "producer_service_health_check" {
+  provider = google-beta
+  
+  name = "tf-test-producer-service-health-check%{random_suffix}"
+
+  check_interval_sec = 1
+  timeout_sec        = 1
+  tcp_health_check {
+    port = "80"
+  }
+}
+
+resource "google_compute_network" "psc_ilb_network" {
+  provider = google-beta
+  
+  name = "tf-test-psc-ilb-network%{random_suffix}"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "psc_ilb_producer_subnetwork" {
+  provider = google-beta
+  
+  name   = "tf-test-psc-ilb-producer-subnetwork%{random_suffix}"
+  region = "us-west2"
+
+  network       = google_compute_network.psc_ilb_network.id
+  ip_cidr_range = "10.0.0.0/16"
+}
+
+resource "google_compute_subnetwork" "psc_ilb_nat" {
+  provider = google-beta
+  
+  name   = "tf-test-psc-ilb-nat%{random_suffix}"
+  region = "us-west2"
+
+  network       = google_compute_network.psc_ilb_network.id
+  purpose       =  "PRIVATE_SERVICE_CONNECT"
+  ip_cidr_range = "10.1.0.0/16"
+} 
+`, context)
+}
+
 func TestAccComputeServiceAttachment_serviceAttachmentCrossRegionIlbExample(t *testing.T) {
 	t.Parallel()
 
@@ -501,7 +613,7 @@ func TestAccComputeServiceAttachment_serviceAttachmentCrossRegionIlbExample(t *t
 				ResourceName:            "google_compute_service_attachment.psc_ilb_service_attachment",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"region"},
+				ImportStateVerifyIgnore: []string{"region", "tunneling_config"},
 			},
 		},
 	})