diff --git a/.changelog/4358.txt b/.changelog/4358.txt new file mode 100644 index 0000000000..efb2f19868 --- /dev/null +++ b/.changelog/4358.txt @@ -0,0 +1,4 @@ +```release-note:enhancement +compute: Added support for Private Services Connect for Google APIs in `google_compute_global_address ` +compute: Added support for Private Services Connect for Google APIs` in `google_compute_global_forwarding_rule ` +``` diff --git a/google-beta/common_diff_suppress.go b/google-beta/common_diff_suppress.go index d89a909c8c..117e0f3472 100644 --- a/google-beta/common_diff_suppress.go +++ b/google-beta/common_diff_suppress.go @@ -6,6 +6,7 @@ import ( "crypto/sha256" "encoding/hex" "log" + "net" "reflect" "strconv" "strings" @@ -161,3 +162,9 @@ func timestampDiffSuppress(format string) schema.SchemaDiffSuppressFunc { return oldT == newT } } + +// suppress diff when saved is Ipv4 format while new is required a reference +// this happens for an internal ip for Private Services Connect +func internalIpDiffSuppress(_, old, new string, _ *schema.ResourceData) bool { + return (net.ParseIP(old) != nil) && (net.ParseIP(new) == nil) +} diff --git a/google-beta/resource_compute_global_address.go b/google-beta/resource_compute_global_address.go index b976b757f2..0b031d9885 100644 --- a/google-beta/resource_compute_global_address.go +++ b/google-beta/resource_compute_global_address.go @@ -114,18 +114,20 @@ This should only be set when using an Internal address.`, Description: `The prefix length of the IP range. If not present, it means the address field is a single IP address. -This field is not applicable to addresses with addressType=EXTERNAL.`, +This field is not applicable to addresses with addressType=EXTERNAL, +or addressType=INTERNAL when purpose=PRIVATE_SERVICE_CONNECT`, }, "purpose": { Type: schema.TypeString, Optional: true, ForceNew: true, - ValidateFunc: validation.StringInSlice([]string{"VPC_PEERING", ""}, false), + ValidateFunc: validation.StringInSlice([]string{"VPC_PEERING", "PRIVATE_SERVICE_CONNECT", ""}, false), Description: `The purpose of the resource. For global internal addresses it can be * VPC_PEERING - for peer networks +* PRIVATE_SERVICE_CONNECT - for ([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) only) Private Service Connect networks -This should only be set when using an Internal address. Possible values: ["VPC_PEERING"]`, +This should only be set when using an Internal address. Possible values: ["VPC_PEERING", "PRIVATE_SERVICE_CONNECT"]`, }, "creation_timestamp": { Type: schema.TypeString, diff --git a/google-beta/resource_compute_global_address_generated_test.go b/google-beta/resource_compute_global_address_generated_test.go index cd041a7ddc..1fe59f99ca 100644 --- a/google-beta/resource_compute_global_address_generated_test.go +++ b/google-beta/resource_compute_global_address_generated_test.go @@ -59,6 +59,47 @@ resource "google_compute_global_address" "default" { `, context) } +func TestAccComputeGlobalAddress_globalAddressPrivateServicesConnectExample(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": randString(t, 10), + } + + vcrTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProvidersOiCS, + ExternalProviders: map[string]resource.ExternalProvider{ + "random": {}, + }, + CheckDestroy: testAccCheckComputeGlobalAddressDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccComputeGlobalAddress_globalAddressPrivateServicesConnectExample(context), + }, + }, + }) +} + +func testAccComputeGlobalAddress_globalAddressPrivateServicesConnectExample(context map[string]interface{}) string { + return Nprintf(` +resource "google_compute_global_address" "default" { + provider = google-beta + name = "tf-test-global-psconnect-ip%{random_suffix}" + address_type = "INTERNAL" + purpose = "PRIVATE_SERVICE_CONNECT" + network = google_compute_network.network.id + address = "100.100.100.105" +} + +resource "google_compute_network" "network" { + provider = google-beta + name = "tf-test%{random_suffix}" + auto_create_subnetworks = false +} +`, context) +} + func testAccCheckComputeGlobalAddressDestroyProducer(t *testing.T) func(s *terraform.State) error { return func(s *terraform.State) error { for name, rs := range s.RootModule().Resources { diff --git a/google-beta/resource_compute_global_forwarding_rule.go b/google-beta/resource_compute_global_forwarding_rule.go index d3133875d1..00250f1600 100644 --- a/google-beta/resource_compute_global_forwarding_rule.go +++ b/google-beta/resource_compute_global_forwarding_rule.go @@ -61,14 +61,17 @@ character, which cannot be a dash.`, Description: `The URL of the target resource to receive the matched traffic. The forwarded traffic must be of a type appropriate to the target object. For INTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets -are valid.`, +are valid. + +([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) only) For global address with a purpose of PRIVATE_SERVICE_CONNECT and +addressType of INTERNAL, only "all-apis" and "vpc-sc" are valid.`, }, "ip_address": { - Type: schema.TypeString, - Computed: true, - Optional: true, - ForceNew: true, - ValidateFunc: validateIpAddress, + Type: schema.TypeString, + Computed: true, + Optional: true, + ForceNew: true, + DiffSuppressFunc: internalIpDiffSuppress, Description: `The IP address that this forwarding rule is serving on behalf of. Addresses are restricted based on the forwarding rule's load balancing @@ -102,7 +105,9 @@ or unnecessary diffs.`, ValidateFunc: validation.StringInSlice([]string{"TCP", "UDP", "ESP", "AH", "SCTP", "ICMP", ""}, false), DiffSuppressFunc: caseDiffSuppress, Description: `The IP protocol to which this rule applies. When the load balancing scheme is -INTERNAL_SELF_MANAGED, only TCP is valid. Possible values: ["TCP", "UDP", "ESP", "AH", "SCTP", "ICMP"]`, +INTERNAL_SELF_MANAGED, only TCP is valid. This field must not be set if the +global address is configured as a purpose of PRIVATE_SERVICE_CONNECT +and addressType of INTERNAL Possible values: ["TCP", "UDP", "ESP", "AH", "SCTP", "ICMP"]`, }, "description": { Type: schema.TypeString, @@ -135,8 +140,8 @@ Internal Global HTTP(S) LB. The value of EXTERNAL means that this will be used for External Global Load Balancing (HTTP(S) LB, External TCP/UDP LB, SSL Proxy) -NOTE: Currently global forwarding rules cannot be used for INTERNAL -load balancing. Default value: "EXTERNAL" Possible values: ["EXTERNAL", "INTERNAL_SELF_MANAGED"]`, +([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) only) Note: This field must be set "" if the global address is +configured as a purpose of PRIVATE_SERVICE_CONNECT and addressType of INTERNAL. Default value: "EXTERNAL" Possible values: ["EXTERNAL", "INTERNAL_SELF_MANAGED"]`, Default: "EXTERNAL", }, "metadata_filters": { diff --git a/google-beta/resource_compute_global_forwarding_rule_generated_test.go b/google-beta/resource_compute_global_forwarding_rule_generated_test.go index e36cb77da9..ec1036e0be 100644 --- a/google-beta/resource_compute_global_forwarding_rule_generated_test.go +++ b/google-beta/resource_compute_global_forwarding_rule_generated_test.go @@ -238,6 +238,56 @@ resource "google_compute_health_check" "default" { `, context) } +func TestAccComputeGlobalForwardingRule_globalForwardingRulePrivateServicesConnectExample(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": randString(t, 10), + } + + vcrTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProvidersOiCS, + ExternalProviders: map[string]resource.ExternalProvider{ + "random": {}, + }, + CheckDestroy: testAccCheckComputeGlobalForwardingRuleDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccComputeGlobalForwardingRule_globalForwardingRulePrivateServicesConnectExample(context), + }, + }, + }) +} + +func testAccComputeGlobalForwardingRule_globalForwardingRulePrivateServicesConnectExample(context map[string]interface{}) string { + return Nprintf(` +resource "google_compute_global_address" "default" { + provider = google-beta + name = "tf-test-global-psconnect-ip%{random_suffix}" + address_type = "INTERNAL" + purpose = "PRIVATE_SERVICE_CONNECT" + network = google_compute_network.network.id + address = "100.100.100.106" +} + +resource "google_compute_global_forwarding_rule" "default" { + provider = google-beta + name = "globalrule%{random_suffix}" + target = "all-apis" + network = google_compute_network.network.id + ip_address = google_compute_global_address.default.id + load_balancing_scheme = "" +} + +resource "google_compute_network" "network" { + provider = google-beta + name = "tf-test%{random_suffix}" + auto_create_subnetworks = false +} +`, context) +} + func testAccCheckComputeGlobalForwardingRuleDestroyProducer(t *testing.T) func(s *terraform.State) error { return func(s *terraform.State) error { for name, rs := range s.RootModule().Resources { diff --git a/website/docs/r/compute_global_address.html.markdown b/website/docs/r/compute_global_address.html.markdown index 27ca7ca083..4a63336f10 100644 --- a/website/docs/r/compute_global_address.html.markdown +++ b/website/docs/r/compute_global_address.html.markdown @@ -45,6 +45,30 @@ resource "google_compute_global_address" "default" { name = "global-appserver-ip" } ``` +
+ + Open in Cloud Shell + +
+## Example Usage - Global Address Private Services Connect + + +```hcl +resource "google_compute_global_address" "default" { + provider = google-beta + name = "global-psconnect-ip" + address_type = "INTERNAL" + purpose = "PRIVATE_SERVICE_CONNECT" + network = google_compute_network.network.id + address = "100.100.100.105" +} + +resource "google_compute_network" "network" { + provider = google-beta + name = "tf-test%{random_suffix}" + auto_create_subnetworks = false +} +``` ## Argument Reference @@ -88,7 +112,8 @@ The following arguments are supported: (Optional) The prefix length of the IP range. If not present, it means the address field is a single IP address. - This field is not applicable to addresses with addressType=EXTERNAL. + This field is not applicable to addresses with addressType=EXTERNAL, + or addressType=INTERNAL when purpose=PRIVATE_SERVICE_CONNECT * `address_type` - (Optional) @@ -102,8 +127,9 @@ The following arguments are supported: (Optional) The purpose of the resource. For global internal addresses it can be * VPC_PEERING - for peer networks + * PRIVATE_SERVICE_CONNECT - for ([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) only) Private Service Connect networks This should only be set when using an Internal address. - Possible values are `VPC_PEERING`. + Possible values are `VPC_PEERING` and `PRIVATE_SERVICE_CONNECT`. * `network` - (Optional) diff --git a/website/docs/r/compute_global_forwarding_rule.html.markdown b/website/docs/r/compute_global_forwarding_rule.html.markdown index de26fe394b..447e6a8ba4 100644 --- a/website/docs/r/compute_global_forwarding_rule.html.markdown +++ b/website/docs/r/compute_global_forwarding_rule.html.markdown @@ -207,6 +207,39 @@ resource "google_compute_health_check" "default" { } } ``` +
+ + Open in Cloud Shell + +
+## Example Usage - Global Forwarding Rule Private Services Connect + + +```hcl +resource "google_compute_global_address" "default" { + provider = google-beta + name = "global-psconnect-ip" + address_type = "INTERNAL" + purpose = "PRIVATE_SERVICE_CONNECT" + network = google_compute_network.network.id + address = "100.100.100.106" +} + +resource "google_compute_global_forwarding_rule" "default" { + provider = google-beta + name = "globalrule" + target = "all-apis" + network = google_compute_network.network.id + ip_address = google_compute_global_address.default.id + load_balancing_scheme = "" +} + +resource "google_compute_network" "network" { + provider = google-beta + name = "tf-test%{random_suffix}" + auto_create_subnetworks = false +} +``` ## Argument Reference @@ -229,6 +262,8 @@ The following arguments are supported: The forwarded traffic must be of a type appropriate to the target object. For INTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets are valid. + ([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) only) For global address with a purpose of PRIVATE_SERVICE_CONNECT and + addressType of INTERNAL, only "all-apis" and "vpc-sc" are valid. - - - @@ -265,7 +300,9 @@ The following arguments are supported: * `ip_protocol` - (Optional) The IP protocol to which this rule applies. When the load balancing scheme is - INTERNAL_SELF_MANAGED, only TCP is valid. + INTERNAL_SELF_MANAGED, only TCP is valid. This field must not be set if the + global address is configured as a purpose of PRIVATE_SERVICE_CONNECT + and addressType of INTERNAL Possible values are `TCP`, `UDP`, `ESP`, `AH`, `SCTP`, and `ICMP`. * `ip_version` - @@ -284,8 +321,8 @@ The following arguments are supported: Internal Global HTTP(S) LB. The value of EXTERNAL means that this will be used for External Global Load Balancing (HTTP(S) LB, External TCP/UDP LB, SSL Proxy) - NOTE: Currently global forwarding rules cannot be used for INTERNAL - load balancing. + ([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) only) Note: This field must be set "" if the global address is + configured as a purpose of PRIVATE_SERVICE_CONNECT and addressType of INTERNAL. Default value is `EXTERNAL`. Possible values are `EXTERNAL` and `INTERNAL_SELF_MANAGED`.