move multi-network to GA (#11062) (#18842)

[upstream:06b986e64435d596263f0f5bbe0f3121cc51561e]

Signed-off-by: Modular Magician <[email protected]>

.changelog/11062.txt

@@ -0,0 +1,6 @@
+```release-note:enhancement
+container: promoted `enable_multi_networking` to GA in the `google_container_cluster` resource
+```
+```release-note:enhancement
+container: promoted `additional_node_network_configs` and `additional_pod_network_configs` fields to GA in the `google_container_node_pool` resource
+```

google/services/container/resource_container_cluster.go

@@ -1832,6 +1832,13 @@ func ResourceContainerCluster() *schema.Resource {
 				Description: `Whether L4ILB Subsetting is enabled for this cluster.`,
 				Default:     false,
 			},
+			"enable_multi_networking": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				ForceNew:    true,
+				Description: `Whether multi-networking is enabled for this cluster.`,
+				Default:     false,
+			},
 			"private_ipv6_google_access": {
 				Type:        schema.TypeString,
 				Optional:    true,
@@ -2119,6 +2126,7 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er
 			EnableL4ilbSubsetting:                d.Get("enable_l4_ilb_subsetting").(bool),
 			DnsConfig:                            expandDnsConfig(d.Get("dns_config")),
 			GatewayApiConfig:                     expandGatewayApiConfig(d.Get("gateway_api_config")),
+			EnableMultiNetworking:                d.Get("enable_multi_networking").(bool),
 		},
 		MasterAuth:           expandMasterAuth(d.Get("master_auth")),
 		NotificationConfig:   expandNotificationConfig(d.Get("notification_config")),
@@ -2640,6 +2648,9 @@ func resourceContainerClusterRead(d *schema.ResourceData, meta interface{}) erro
 	if err := d.Set("enable_intranode_visibility", cluster.NetworkConfig.EnableIntraNodeVisibility); err != nil {
 		return fmt.Errorf("Error setting enable_intranode_visibility: %s", err)
 	}
+	if err := d.Set("enable_multi_networking", cluster.NetworkConfig.EnableMultiNetworking); err != nil {
+		return fmt.Errorf("Error setting enable_multi_networking: %s", err)
+	}
 	if err := d.Set("private_ipv6_google_access", cluster.NetworkConfig.PrivateIpv6GoogleAccess); err != nil {
 		return fmt.Errorf("Error setting private_ipv6_google_access: %s", err)
 	}

google/services/container/resource_container_cluster_test.go

@@ -433,6 +433,29 @@ func TestAccContainerCluster_withILBSubsetting(t *testing.T) {
 	})
 }
 
+func TestAccContainerCluster_withMultiNetworking(t *testing.T) {
+	t.Parallel()
+
+	clusterName := fmt.Sprintf("tf-test-cluster-%s", acctest.RandString(t, 10))
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckContainerClusterDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccContainerCluster_enableMultiNetworking(clusterName),
+			},
+			{
+				ResourceName:            "google_container_cluster.cluster",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"deletion_protection"},
+			},
+		},
+	})
+}
+
 func TestAccContainerCluster_withMasterAuthConfig_NoCert(t *testing.T) {
 	t.Parallel()
 
@@ -558,6 +581,64 @@ func TestUnitContainerCluster_Rfc3339TimeDiffSuppress(t *testing.T) {
 	}
 }
 
+func testAccContainerCluster_enableMultiNetworking(clusterName string) string {
+	return fmt.Sprintf(`
+resource "google_compute_network" "container_network" {
+  name                    = "%s-nw"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "container_subnetwork" {
+  name                     = google_compute_network.container_network.name
+  network                  = google_compute_network.container_network.name
+  ip_cidr_range            = "10.0.36.0/24"
+  region                   = "us-central1"
+  private_ip_google_access = true
+
+  secondary_ip_range {
+    range_name    = "pod"
+    ip_cidr_range = "10.0.0.0/19"
+  }
+
+  secondary_ip_range {
+    range_name    = "svc"
+    ip_cidr_range = "10.0.32.0/22"
+  }
+
+  secondary_ip_range {
+    range_name    = "another-pod"
+    ip_cidr_range = "10.1.32.0/22"
+  }
+
+  lifecycle {
+    ignore_changes = [
+      # The auto nodepool creates a secondary range which diffs this resource.
+      secondary_ip_range,
+    ]
+  }
+}
+
+resource "google_container_cluster" "cluster" {
+  name               = "%s"
+  location           = "us-central1"
+  initial_node_count = 1
+
+  network    = google_compute_network.container_network.name
+  subnetwork = google_compute_subnetwork.container_subnetwork.name
+  ip_allocation_policy {
+    cluster_secondary_range_name  = google_compute_subnetwork.container_subnetwork.secondary_ip_range[0].range_name
+    services_secondary_range_name = google_compute_subnetwork.container_subnetwork.secondary_ip_range[1].range_name
+  }
+  release_channel {
+	channel = "RAPID"
+  }
+  enable_multi_networking = true
+  datapath_provider = "ADVANCED_DATAPATH"
+  deletion_protection = false
+}
+`, clusterName, clusterName)
+}
+
 func TestAccContainerCluster_withNetworkPolicyEnabled(t *testing.T) {
 	t.Parallel()
 

google/services/container/resource_container_node_pool.go

@@ -391,6 +391,57 @@ var schemaNodePool = map[string]*schema.Schema{
 					ValidateFunc: verify.ValidateIpCidrRange,
 					Description:  `The IP address range for pod IPs in this node pool. Only applicable if create_pod_range is true. Set to blank to have a range chosen with the default size. Set to /netmask (e.g. /14) to have a range chosen with a specific netmask. Set to a CIDR notation (e.g. 10.96.0.0/14) to pick a specific range to use.`,
 				},
+				"additional_node_network_configs": {
+					Type:        schema.TypeList,
+					Optional:    true,
+					ForceNew:    true,
+					Description: `We specify the additional node networks for this node pool using this list. Each node network corresponds to an additional interface`,
+					Elem: &schema.Resource{
+						Schema: map[string]*schema.Schema{
+							"network": {
+								Type:        schema.TypeString,
+								Optional:    true,
+								ForceNew:    true,
+								Description: `Name of the VPC where the additional interface belongs.`,
+							},
+							"subnetwork": {
+								Type:        schema.TypeString,
+								Optional:    true,
+								ForceNew:    true,
+								Description: `Name of the subnetwork where the additional interface belongs.`,
+							},
+						},
+					},
+				},
+				"additional_pod_network_configs": {
+					Type:        schema.TypeList,
+					Optional:    true,
+					ForceNew:    true,
+					Description: `We specify the additional pod networks for this node pool using this list. Each pod network corresponds to an additional alias IP range for the node`,
+					Elem: &schema.Resource{
+						Schema: map[string]*schema.Schema{
+							"subnetwork": {
+								Type:        schema.TypeString,
+								Optional:    true,
+								ForceNew:    true,
+								Description: `Name of the subnetwork where the additional pod network belongs.`,
+							},
+							"secondary_pod_range": {
+								Type:        schema.TypeString,
+								Optional:    true,
+								ForceNew:    true,
+								Description: `The name of the secondary range on the subnet which provides IP address for this pod range.`,
+							},
+							"max_pods_per_node": {
+								Type:        schema.TypeInt,
+								Optional:    true,
+								ForceNew:    true,
+								Computed:    true,
+								Description: `The maximum number of pods per node which use this pod network.`,
+							},
+						},
+					},
+				},
 				"pod_cidr_overprovision_config": {
 					Type:        schema.TypeList,
 					Optional:    true,
@@ -1164,12 +1215,14 @@ func flattenNodeNetworkConfig(c *container.NodeNetworkConfig, d *schema.Resource
 	result := []map[string]interface{}{}
 	if c != nil {
 		result = append(result, map[string]interface{}{
-			"create_pod_range":              d.Get(prefix + "network_config.0.create_pod_range"), // API doesn't return this value so we set the old one. Field is ForceNew + Required
-			"pod_ipv4_cidr_block":           c.PodIpv4CidrBlock,
-			"pod_range":                     c.PodRange,
-			"enable_private_nodes":          c.EnablePrivateNodes,
-			"pod_cidr_overprovision_config": flattenPodCidrOverprovisionConfig(c.PodCidrOverprovisionConfig),
-			"network_performance_config":    flattenNodeNetworkPerformanceConfig(c.NetworkPerformanceConfig),
+			"create_pod_range":                d.Get(prefix + "network_config.0.create_pod_range"), // API doesn't return this value so we set the old one. Field is ForceNew + Required
+			"pod_ipv4_cidr_block":             c.PodIpv4CidrBlock,
+			"pod_range":                       c.PodRange,
+			"enable_private_nodes":            c.EnablePrivateNodes,
+			"pod_cidr_overprovision_config":   flattenPodCidrOverprovisionConfig(c.PodCidrOverprovisionConfig),
+			"network_performance_config":      flattenNodeNetworkPerformanceConfig(c.NetworkPerformanceConfig),
+			"additional_node_network_configs": flattenAdditionalNodeNetworkConfig(c.AdditionalNodeNetworkConfigs),
+			"additional_pod_network_configs":  flattenAdditionalPodNetworkConfig(c.AdditionalPodNetworkConfigs),
 		})
 	}
 	return result
@@ -1185,6 +1238,37 @@ func flattenNodeNetworkPerformanceConfig(c *container.NetworkPerformanceConfig)
 	return result
 }
 
+func flattenAdditionalNodeNetworkConfig(c []*container.AdditionalNodeNetworkConfig) []map[string]interface{} {
+	if c == nil {
+		return nil
+	}
+
+	result := []map[string]interface{}{}
+	for _, nodeNetworkConfig := range c {
+		result = append(result, map[string]interface{}{
+			"network":    nodeNetworkConfig.Network,
+			"subnetwork": nodeNetworkConfig.Subnetwork,
+		})
+	}
+	return result
+}
+
+func flattenAdditionalPodNetworkConfig(c []*container.AdditionalPodNetworkConfig) []map[string]interface{} {
+	if c == nil {
+		return nil
+	}
+
+	result := []map[string]interface{}{}
+	for _, podNetworkConfig := range c {
+		result = append(result, map[string]interface{}{
+			"subnetwork":          podNetworkConfig.Subnetwork,
+			"secondary_pod_range": podNetworkConfig.SecondaryPodRange,
+			"max_pods_per_node":   podNetworkConfig.MaxPodsPerNode.MaxPodsPerNode,
+		})
+	}
+	return result
+}
+
 func expandNodeNetworkConfig(v interface{}) *container.NodeNetworkConfig {
 	networkNodeConfigs := v.([]interface{})
 
@@ -1213,6 +1297,37 @@ func expandNodeNetworkConfig(v interface{}) *container.NodeNetworkConfig {
 		nnc.ForceSendFields = []string{"EnablePrivateNodes"}
 	}
 
+	if v, ok := networkNodeConfig["additional_node_network_configs"]; ok && len(v.([]interface{})) > 0 {
+		node_network_configs := v.([]interface{})
+		nodeNetworkConfigs := make([]*container.AdditionalNodeNetworkConfig, 0, len(node_network_configs))
+		for _, raw := range node_network_configs {
+			data := raw.(map[string]interface{})
+			networkConfig := &container.AdditionalNodeNetworkConfig{
+				Network:    data["network"].(string),
+				Subnetwork: data["subnetwork"].(string),
+			}
+			nodeNetworkConfigs = append(nodeNetworkConfigs, networkConfig)
+		}
+		nnc.AdditionalNodeNetworkConfigs = nodeNetworkConfigs
+	}
+
+	if v, ok := networkNodeConfig["additional_pod_network_configs"]; ok && len(v.([]interface{})) > 0 {
+		pod_network_configs := v.([]interface{})
+		podNetworkConfigs := make([]*container.AdditionalPodNetworkConfig, 0, len(pod_network_configs))
+		for _, raw := range pod_network_configs {
+			data := raw.(map[string]interface{})
+			podnetworkConfig := &container.AdditionalPodNetworkConfig{
+				Subnetwork:        data["subnetwork"].(string),
+				SecondaryPodRange: data["secondary_pod_range"].(string),
+				MaxPodsPerNode: &container.MaxPodsConstraint{
+					MaxPodsPerNode: int64(data["max_pods_per_node"].(int)),
+				},
+			}
+			podNetworkConfigs = append(podNetworkConfigs, podnetworkConfig)
+		}
+		nnc.AdditionalPodNetworkConfigs = podNetworkConfigs
+	}
+
 	nnc.PodCidrOverprovisionConfig = expandPodCidrOverprovisionConfig(networkNodeConfig["pod_cidr_overprovision_config"])
 
 	if v, ok := networkNodeConfig["network_performance_config"]; ok && len(v.([]interface{})) > 0 {