Added support for Private Services Connect for Google APIs

.changelog/4358.txt

@@ -0,0 +1,4 @@
+```release-note:enhancement
+compute: Added support for Private Services Connect for Google APIs in `google_compute_global_address `
+compute: Added support for Private Services Connect for Google APIs` in `google_compute_global_forwarding_rule `
+```

google-beta/common_diff_suppress.go

@@ -6,6 +6,7 @@ import (
 	"crypto/sha256"
 	"encoding/hex"
 	"log"
+	"net"
 	"reflect"
 	"strconv"
 	"strings"
@@ -161,3 +162,9 @@ func timestampDiffSuppress(format string) schema.SchemaDiffSuppressFunc {
 		return oldT == newT
 	}
 }
+
+// suppress diff when saved is Ipv4 format while new is required a reference
+// this happens for an internal ip for Private Services Connect
+func internalIpDiffSuppress(_, old, new string, _ *schema.ResourceData) bool {
+	return (net.ParseIP(old) != nil) && (net.ParseIP(new) == nil)
+}

google-beta/resource_compute_global_address.go

@@ -114,18 +114,20 @@ This should only be set when using an Internal address.`,
 				Description: `The prefix length of the IP range. If not present, it means the
 address field is a single IP address.
 
-This field is not applicable to addresses with addressType=EXTERNAL.`,
+This field is not applicable to addresses with addressType=EXTERNAL,
+or addressType=INTERNAL when purpose=PRIVATE_SERVICE_CONNECT`,
 			},
 			"purpose": {
 				Type:         schema.TypeString,
 				Optional:     true,
 				ForceNew:     true,
-				ValidateFunc: validation.StringInSlice([]string{"VPC_PEERING", ""}, false),
+				ValidateFunc: validation.StringInSlice([]string{"VPC_PEERING", "PRIVATE_SERVICE_CONNECT", ""}, false),
 				Description: `The purpose of the resource. For global internal addresses it can be
 
 * VPC_PEERING - for peer networks
+* PRIVATE_SERVICE_CONNECT - for ([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) only) Private Service Connect networks
 
-This should only be set when using an Internal address. Possible values: ["VPC_PEERING"]`,
+This should only be set when using an Internal address. Possible values: ["VPC_PEERING", "PRIVATE_SERVICE_CONNECT"]`,
 			},
 			"creation_timestamp": {
 				Type:        schema.TypeString,

google-beta/resource_compute_global_address_generated_test.go

@@ -59,6 +59,47 @@ resource "google_compute_global_address" "default" {
 `, context)
 }
 
+func TestAccComputeGlobalAddress_globalAddressPrivateServicesConnectExample(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": randString(t, 10),
+	}
+
+	vcrTest(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProvidersOiCS,
+		ExternalProviders: map[string]resource.ExternalProvider{
+			"random": {},
+		},
+		CheckDestroy: testAccCheckComputeGlobalAddressDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccComputeGlobalAddress_globalAddressPrivateServicesConnectExample(context),
+			},
+		},
+	})
+}
+
+func testAccComputeGlobalAddress_globalAddressPrivateServicesConnectExample(context map[string]interface{}) string {
+	return Nprintf(`
+resource "google_compute_global_address" "default" {
+  provider      = google-beta
+  name          = "tf-test-global-psconnect-ip%{random_suffix}"
+  address_type  = "INTERNAL"
+  purpose       = "PRIVATE_SERVICE_CONNECT"
+  network       = google_compute_network.network.id
+  address       = "100.100.100.105"
+}
+
+resource "google_compute_network" "network" {
+  provider      = google-beta
+  name          = "tf-test%{random_suffix}"
+  auto_create_subnetworks = false
+}
+`, context)
+}
+
 func testAccCheckComputeGlobalAddressDestroyProducer(t *testing.T) func(s *terraform.State) error {
 	return func(s *terraform.State) error {
 		for name, rs := range s.RootModule().Resources {

google-beta/resource_compute_global_forwarding_rule.go

@@ -61,14 +61,17 @@ character, which cannot be a dash.`,
 				Description: `The URL of the target resource to receive the matched traffic.
 The forwarded traffic must be of a type appropriate to the target object.
 For INTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets
-are valid.`,
+are valid.
+
+([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) only) For global address with a purpose of PRIVATE_SERVICE_CONNECT and
+addressType of INTERNAL, only "all-apis" and "vpc-sc" are valid.`,
 			},
 			"ip_address": {
-				Type:         schema.TypeString,
-				Computed:     true,
-				Optional:     true,
-				ForceNew:     true,
-				ValidateFunc: validateIpAddress,
+				Type:             schema.TypeString,
+				Computed:         true,
+				Optional:         true,
+				ForceNew:         true,
+				DiffSuppressFunc: internalIpDiffSuppress,
 				Description: `The IP address that this forwarding rule is serving on behalf of.
 
 Addresses are restricted based on the forwarding rule's load balancing
@@ -102,7 +105,9 @@ or unnecessary diffs.`,
 				ValidateFunc:     validation.StringInSlice([]string{"TCP", "UDP", "ESP", "AH", "SCTP", "ICMP", ""}, false),
 				DiffSuppressFunc: caseDiffSuppress,
 				Description: `The IP protocol to which this rule applies. When the load balancing scheme is
-INTERNAL_SELF_MANAGED, only TCP is valid. Possible values: ["TCP", "UDP", "ESP", "AH", "SCTP", "ICMP"]`,
+INTERNAL_SELF_MANAGED, only TCP is valid. This field must not be set if the
+global address is configured as a purpose of PRIVATE_SERVICE_CONNECT
+and addressType of INTERNAL Possible values: ["TCP", "UDP", "ESP", "AH", "SCTP", "ICMP"]`,
 			},
 			"description": {
 				Type:     schema.TypeString,
@@ -135,8 +140,8 @@ Internal Global HTTP(S) LB. The value of EXTERNAL means that this
 will be used for External Global Load Balancing (HTTP(S) LB,
 External TCP/UDP LB, SSL Proxy)
 
-NOTE: Currently global forwarding rules cannot be used for INTERNAL
-load balancing. Default value: "EXTERNAL" Possible values: ["EXTERNAL", "INTERNAL_SELF_MANAGED"]`,
+([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) only) Note: This field must be set "" if the global address is
+configured as a purpose of PRIVATE_SERVICE_CONNECT and addressType of INTERNAL. Default value: "EXTERNAL" Possible values: ["EXTERNAL", "INTERNAL_SELF_MANAGED"]`,
 				Default: "EXTERNAL",
 			},
 			"metadata_filters": {

google-beta/resource_compute_global_forwarding_rule_generated_test.go

@@ -238,6 +238,56 @@ resource "google_compute_health_check" "default" {
 `, context)
 }
 
+func TestAccComputeGlobalForwardingRule_globalForwardingRulePrivateServicesConnectExample(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": randString(t, 10),
+	}
+
+	vcrTest(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProvidersOiCS,
+		ExternalProviders: map[string]resource.ExternalProvider{
+			"random": {},
+		},
+		CheckDestroy: testAccCheckComputeGlobalForwardingRuleDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccComputeGlobalForwardingRule_globalForwardingRulePrivateServicesConnectExample(context),
+			},
+		},
+	})
+}
+
+func testAccComputeGlobalForwardingRule_globalForwardingRulePrivateServicesConnectExample(context map[string]interface{}) string {
+	return Nprintf(`
+resource "google_compute_global_address" "default" {
+  provider      = google-beta
+  name          = "tf-test-global-psconnect-ip%{random_suffix}"
+  address_type  = "INTERNAL"
+  purpose       = "PRIVATE_SERVICE_CONNECT"
+  network       = google_compute_network.network.id
+  address       = "100.100.100.106"
+}
+
+resource "google_compute_global_forwarding_rule" "default" {
+  provider      = google-beta
+  name          = "globalrule%{random_suffix}"
+  target        = "all-apis"
+  network       = google_compute_network.network.id
+  ip_address    = google_compute_global_address.default.id
+  load_balancing_scheme = ""
+}
+
+resource "google_compute_network" "network" {
+  provider      = google-beta
+  name          = "tf-test%{random_suffix}"
+  auto_create_subnetworks = false
+}
+`, context)
+}
+
 func testAccCheckComputeGlobalForwardingRuleDestroyProducer(t *testing.T) func(s *terraform.State) error {
 	return func(s *terraform.State) error {
 		for name, rs := range s.RootModule().Resources {

website/docs/r/compute_global_address.html.markdown

@@ -45,6 +45,30 @@ resource "google_compute_global_address" "default" {
   name = "global-appserver-ip"
 }
 ```
+<div class = "oics-button" style="float: right; margin: 0 0 -15px">
+  <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=global_address_private_services_connect&cloudshell_image=gcr.io%2Fgraphite-cloud-shell-images%2Fterraform%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
+    <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
+  </a>
+</div>
+## Example Usage - Global Address Private Services Connect
+
+
+```hcl
+resource "google_compute_global_address" "default" {
+  provider      = google-beta
+  name          = "global-psconnect-ip"
+  address_type  = "INTERNAL"
+  purpose       = "PRIVATE_SERVICE_CONNECT"
+  network       = google_compute_network.network.id
+  address       = "100.100.100.105"
+}
+
+resource "google_compute_network" "network" {
+  provider      = google-beta
+  name          = "tf-test%{random_suffix}"
+  auto_create_subnetworks = false
+}
+```
 
 ## Argument Reference
 
@@ -88,7 +112,8 @@ The following arguments are supported:
   (Optional)
   The prefix length of the IP range. If not present, it means the
   address field is a single IP address.
-  This field is not applicable to addresses with addressType=EXTERNAL.
+  This field is not applicable to addresses with addressType=EXTERNAL,
+  or addressType=INTERNAL when purpose=PRIVATE_SERVICE_CONNECT
 
 * `address_type` -
   (Optional)
@@ -102,8 +127,9 @@ The following arguments are supported:
   (Optional)
   The purpose of the resource. For global internal addresses it can be
   * VPC_PEERING - for peer networks
+  * PRIVATE_SERVICE_CONNECT - for ([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) only) Private Service Connect networks
   This should only be set when using an Internal address.
-  Possible values are `VPC_PEERING`.
+  Possible values are `VPC_PEERING` and `PRIVATE_SERVICE_CONNECT`.
 
 * `network` -
   (Optional)

website/docs/r/compute_global_forwarding_rule.html.markdown

@@ -207,6 +207,39 @@ resource "google_compute_health_check" "default" {
   }
 }
 ```
+<div class = "oics-button" style="float: right; margin: 0 0 -15px">
+  <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=global_forwarding_rule_private_services_connect&cloudshell_image=gcr.io%2Fgraphite-cloud-shell-images%2Fterraform%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
+    <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
+  </a>
+</div>
+## Example Usage - Global Forwarding Rule Private Services Connect
+
+
+```hcl
+resource "google_compute_global_address" "default" {
+  provider      = google-beta
+  name          = "global-psconnect-ip"
+  address_type  = "INTERNAL"
+  purpose       = "PRIVATE_SERVICE_CONNECT"
+  network       = google_compute_network.network.id
+  address       = "100.100.100.106"
+}
+
+resource "google_compute_global_forwarding_rule" "default" {
+  provider      = google-beta
+  name          = "globalrule"
+  target        = "all-apis"
+  network       = google_compute_network.network.id
+  ip_address    = google_compute_global_address.default.id
+  load_balancing_scheme = ""
+}
+
+resource "google_compute_network" "network" {
+  provider      = google-beta
+  name          = "tf-test%{random_suffix}"
+  auto_create_subnetworks = false
+}
+```
 
 ## Argument Reference
 
@@ -229,6 +262,8 @@ The following arguments are supported:
   The forwarded traffic must be of a type appropriate to the target object.
   For INTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets
   are valid.
+  ([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) only) For global address with a purpose of PRIVATE_SERVICE_CONNECT and
+  addressType of INTERNAL, only "all-apis" and "vpc-sc" are valid.
 
 
 - - -
@@ -265,7 +300,9 @@ The following arguments are supported:
 * `ip_protocol` -
   (Optional)
   The IP protocol to which this rule applies. When the load balancing scheme is
-  INTERNAL_SELF_MANAGED, only TCP is valid.
+  INTERNAL_SELF_MANAGED, only TCP is valid. This field must not be set if the
+  global address is configured as a purpose of PRIVATE_SERVICE_CONNECT
+  and addressType of INTERNAL
   Possible values are `TCP`, `UDP`, `ESP`, `AH`, `SCTP`, and `ICMP`.
 
 * `ip_version` -
@@ -284,8 +321,8 @@ The following arguments are supported:
   Internal Global HTTP(S) LB. The value of EXTERNAL means that this
   will be used for External Global Load Balancing (HTTP(S) LB,
   External TCP/UDP LB, SSL Proxy)
-  NOTE: Currently global forwarding rules cannot be used for INTERNAL
-  load balancing.
+  ([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html) only) Note: This field must be set "" if the global address is
+  configured as a purpose of PRIVATE_SERVICE_CONNECT and addressType of INTERNAL.
   Default value is `EXTERNAL`.
   Possible values are `EXTERNAL` and `INTERNAL_SELF_MANAGED`.