Fix service_attachment.target_service validation (#12571) (#8924)

[upstream:3da69150b3f378d0df0be20ce2dcf9b243445783] Signed-off-by: Modular Magician <[email protected]>
hashicorp · Dec 17, 2024 · 44b24f5 · 44b24f5
1 parent 2043f1b
commit 44b24f5
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 3 deletions.
diff --git a/.changelog/12571.txt b/.changelog/12571.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+compute: add back the validation for `target_service` field on the `google_compute_service_attachment` resource to validade a `ForwardingRule` or `Gateway` URL.
+```
diff --git a/google-beta/services/compute/resource_compute_service_attachment.go b/google-beta/services/compute/resource_compute_service_attachment.go
@@ -23,6 +23,7 @@ import (
 	"log"
 	"net/http"
 	"reflect"
+	"strings"
 	"time"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff"
@@ -887,6 +888,18 @@ func expandComputeServiceAttachmentConnectionPreference(v interface{}, d tpgreso
 }
 
 func expandComputeServiceAttachmentTargetService(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	resource := strings.Split(v.(string), "/")
+	resourceKind := resource[len(resource)-2]
+	resourceBound := resource[len(resource)-4]
+	if len(resource) < 4 {
+		return nil, fmt.Errorf("invalid value for target_service")
+	}
+
+	_, err := tpgresource.ParseRegionalFieldValue(resourceKind, v.(string), "project", resourceBound, "zone", d, config, true)
+	if err != nil {
+		return nil, fmt.Errorf("invalid value for target_service: %w", err)
+	}
+
 	return v, nil
 }
 

diff --git a/google-beta/services/compute/resource_compute_service_attachment_test.go b/google-beta/services/compute/resource_compute_service_attachment_test.go
@@ -416,7 +416,7 @@ resource "google_compute_service_attachment" "default" {
   enable_proxy_protocol    = false
   connection_preference    = "ACCEPT_AUTOMATIC"
   nat_subnets              = [google_compute_subnetwork.psc.id]
-  target_service           = google_network_services_gateway.foobar.self_link
+  target_service           = google_network_services_gateway.default.self_link
 }
 
 resource "google_certificate_manager_certificate" "default" {
@@ -475,14 +475,14 @@ resource "google_network_security_gateway_security_policy_rule" "default" {
   basic_profile           = "ALLOW"
 }
 
-resource "google_network_services_gateway" "foobar" {
+resource "google_network_services_gateway" "default" {
   name                                 = "tf-test-sa-swp-%{random_suffix}"
   location                             = "us-east1"
   addresses                            = ["10.128.0.99"]
   type                                 = "SECURE_WEB_GATEWAY"
   ports                                = [443]
   description                          = "my description"
-  scope                                = "%s"
+  scope                                = "serviceAttachment"
   certificate_urls                     = [google_certificate_manager_certificate.default.id]
   gateway_security_policy              = google_network_security_gateway_security_policy.default.id
   network                              = google_compute_network.default.id