Added support for NAT64 when configuring Router NAT (GoogleCloudPlatform#13522)

Author: matheusaleixo-cit

mmv1/products/compute/RouterNat.yaml

@@ -257,6 +257,36 @@ properties:
           is_set: true
           item_type:
             type: String
+  - name: 'sourceSubnetworkIpRangesToNat64'
+    type: Enum
+    description: |
+      Specify the Nat option for NAT64, which can take one of the following values:
+      ALL_IPV6_SUBNETWORKS: All of the IP ranges in every Subnetwork are allowed to Nat.
+      LIST_OF_IPV6_SUBNETWORKS: A list of Subnetworks are allowed to Nat (specified in the field nat64Subnetwork below).
+      Note that if this field contains NAT64_ALL_V6_SUBNETWORKS no other Router.Nat section in this region can also enable NAT64 for any Subnetworks in this network.
+      Other Router.Nat sections can still be present to enable NAT44 only.
+    enum_values:
+      - 'ALL_IPV6_SUBNETWORKS'
+      - 'LIST_OF_IPV6_SUBNETWORKS'
+  - name: 'nat64Subnetwork'
+    type: Array
+    description: |
+      One or more subnetwork NAT configurations whose traffic should be translated by NAT64 Gateway.
+      Only used if `source_subnetwork_ip_ranges_to_nat64` is set to `LIST_OF_IPV6_SUBNETWORKS`
+    api_name: nat64Subnetworks
+    is_set: true
+    send_empty_value: true
+    set_hash_func: computeRouterNatSubnetworkHash
+    item_type:
+      type: NestedObject
+      properties:
+        - name: 'name'
+          type: ResourceRef
+          description: 'Self-link of the subnetwork resource that will use NAT64'
+          required: true
+          custom_expand: 'templates/terraform/custom_expand/resourceref_with_validation.go.tmpl'
+          resource: 'Subnetwork'
+          imports: 'selfLink'
   - name: 'minPortsPerVm'
     type: Integer
     description: |

mmv1/products/dns/Policy.yaml

@@ -103,6 +103,20 @@ properties:
     update_url: 'projects/{{project}}/policies/{{name}}'
     update_verb: 'PATCH'
     default_value: "Managed by Terraform"
+  - name: 'dns64Config'
+    type: NestedObject
+    default_from_api: true
+    description: Configurations related to DNS64 for this Policy.
+    properties:
+      - name: 'scope'
+        type: NestedObject
+        description: The scope to which DNS64 config will be applied to.
+        required: true
+        properties:
+          - name: 'allQueries'
+            type: Boolean
+            description: Controls whether DNS64 is enabled globally at the network level.
+            send_empty_value: true
   - name: 'enableInboundForwarding'
     type: Boolean
     description: |

mmv1/third_party/terraform/services/compute/resource_compute_router_nat_test.go

@@ -797,6 +797,38 @@ func testAccCheckComputeRouterNatDelete(t *testing.T, n string) resource.TestChe
 	}
 }
 
+func TestAccComputeRouterNat_withNat64Configuration(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckComputeRouterNatDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccComputeRouterNatWithNat64Configuration(context),
+			},
+			{
+				ResourceName:      "google_compute_router_nat.foobar",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccComputeRouterNatWithNat64ConfigurationUpdate(context),
+			},
+			{
+				ResourceName:      "google_compute_router_nat.foobar",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
 func testAccComputeRouterNatBasic(routerName string) string {
 	return fmt.Sprintf(`
 resource "google_compute_network" "foobar" {
@@ -2047,3 +2079,136 @@ resource "google_compute_router_nat" "foobar" {
 }
 `, testAccComputeRouterNatBaseResourcesWithPrivateNatSubnetworks(routerName, hubName), routerName)
 }
+
+func testAccComputeRouterNatWithNat64Configuration(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_dns_policy" "foobar" {
+  name                      = "tf-test-example-policy%{random_suffix}"
+  enable_inbound_forwarding = false
+  enable_logging            = false
+
+  dns64_config {
+    scope {
+      all_queries = true
+    }
+  }
+  networks {
+    network_url = google_compute_network.foobar.id
+  }
+}
+
+resource "google_compute_network" "foobar" {
+  name                     = "tf-test-network%{random_suffix}"
+  enable_ula_internal_ipv6 = true
+  auto_create_subnetworks  = false
+}
+
+resource "google_compute_subnetwork" "foobar" {
+  name          = "tf-test-subnetwork-%{random_suffix}"
+  network       = google_compute_network.foobar.self_link
+  ip_cidr_range = "10.0.0.0/16"
+  region        = "us-central1"
+}
+
+resource "google_compute_subnetwork" "foobar2" {
+  name             = "tf-test-subnetwork-2-%{random_suffix}"
+  network          = google_compute_network.foobar.self_link
+  ip_cidr_range    = "10.182.0.0/20"
+  ipv6_access_type = "EXTERNAL"
+  stack_type       = "IPV4_IPV6"
+  region           = "us-central1"
+}
+
+resource "google_compute_router" "foobar" {
+  name    = "tf-test-router%{random_suffix}"
+  region  = google_compute_subnetwork.foobar.region
+  network = google_compute_network.foobar.self_link
+  bgp {
+    asn = 64514
+  }
+}
+
+resource "google_compute_router_nat" "foobar" {
+  name                   = "tf-test-router-nat%{random_suffix}"
+  router                 = google_compute_router.foobar.name
+  region                 = google_compute_router.foobar.region
+  nat_ip_allocate_option = "AUTO_ONLY"
+  
+  source_subnetwork_ip_ranges_to_nat = "LIST_OF_SUBNETWORKS"
+  subnetwork {
+    name                    = google_compute_subnetwork.foobar.name
+    source_ip_ranges_to_nat = ["ALL_IP_RANGES"]
+  }
+
+  source_subnetwork_ip_ranges_to_nat64 = "ALL_IPV6_SUBNETWORKS"
+}
+`, context)
+}
+
+func testAccComputeRouterNatWithNat64ConfigurationUpdate(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_dns_policy" "foobar" {
+  name                      = "tf-test-example-policy%{random_suffix}"
+  enable_inbound_forwarding = false
+  enable_logging            = false
+
+  dns64_config {
+    scope {
+      all_queries = true
+    }
+  }
+  networks {
+    network_url = google_compute_network.foobar.id
+  }
+}
+
+resource "google_compute_network" "foobar" {
+  name                     = "tf-test-network%{random_suffix}"
+  enable_ula_internal_ipv6 = true
+  auto_create_subnetworks  = false
+}
+
+resource "google_compute_subnetwork" "foobar" {
+  name          = "tf-test-subnetwork-%{random_suffix}"
+  network       = google_compute_network.foobar.self_link
+  ip_cidr_range = "10.0.0.0/16"
+  region        = "us-central1"
+}
+
+resource "google_compute_subnetwork" "foobar2" {
+  name             = "tf-test-subnetwork-2-%{random_suffix}"
+  network          = google_compute_network.foobar.self_link
+  ip_cidr_range    = "10.182.0.0/20"
+  ipv6_access_type = "EXTERNAL"
+  stack_type       = "IPV4_IPV6"
+  region           = "us-central1"
+}
+
+resource "google_compute_router" "foobar" {
+  name    = "tf-test-router%{random_suffix}"
+  region  = google_compute_subnetwork.foobar.region
+  network = google_compute_network.foobar.self_link
+  bgp {
+    asn = 64514
+  }
+}
+
+resource "google_compute_router_nat" "foobar" {
+  name                   = "tf-test-router-nat%{random_suffix}"
+  router                 = google_compute_router.foobar.name
+  region                 = google_compute_router.foobar.region
+  nat_ip_allocate_option = "AUTO_ONLY"
+  
+  source_subnetwork_ip_ranges_to_nat = "LIST_OF_SUBNETWORKS"
+  subnetwork {
+    name                    = google_compute_subnetwork.foobar.name
+    source_ip_ranges_to_nat = ["ALL_IP_RANGES"]
+  }
+  
+  source_subnetwork_ip_ranges_to_nat64 = "LIST_OF_IPV6_SUBNETWORKS"
+  nat64_subnetwork {
+    name = google_compute_subnetwork.foobar2.name
+  }
+}
+`, context)
+}

mmv1/third_party/terraform/services/dns/resource_dns_policy_test.go

@@ -2,9 +2,10 @@ package dns_test
 
 import (
 	"fmt"
-	"github.com/hashicorp/terraform-provider-google/google/acctest"
 	"testing"
 
+	"github.com/hashicorp/terraform-provider-google/google/acctest"
+
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
 )
 
@@ -70,3 +71,101 @@ resource "google_compute_network" "network-2" {
 }
 `, suffix, forwarding, first_nameserver, second_nameserver, network, suffix, suffix)
 }
+
+func TestAccDNSPolicy_dnsPolicyDns64(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckDNSPolicyDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDNSPolicy_dnsPolicyDns64(context),
+			},
+			{
+				ResourceName:      "google_dns_policy.example-policy",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccDNSPolicy_dnsPolicyDns64Update(context),
+			},
+			{
+				ResourceName:      "google_dns_policy.example-policy",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func testAccDNSPolicy_dnsPolicyDns64(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_dns_policy" "example-policy" {
+  name                      = "tf-test-example-policy%{random_suffix}"
+  enable_inbound_forwarding = false
+
+  enable_logging = true
+
+  dns64_config {
+    scope {
+      all_queries = true
+    }
+  }
+
+  networks {
+    network_url = google_compute_network.network-1.id
+  }
+  networks {
+    network_url = google_compute_network.network-2.id
+  }
+}
+
+resource "google_compute_network" "network-1" {
+  name                    = "tf-test-network-1%{random_suffix}"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_network" "network-2" {
+  name                    = "tf-test-network-2%{random_suffix}"
+  auto_create_subnetworks = false
+}
+`, context)
+}
+
+func testAccDNSPolicy_dnsPolicyDns64Update(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_dns_policy" "example-policy" {
+  name                      = "tf-test-example-policy%{random_suffix}"
+  enable_inbound_forwarding = false
+
+  enable_logging = true
+
+  dns64_config {
+    scope {}
+  }
+
+  networks {
+    network_url = google_compute_network.network-1.id
+  }
+  networks {
+    network_url = google_compute_network.network-2.id
+  }
+}
+
+resource "google_compute_network" "network-1" {
+  name                    = "tf-test-network-1%{random_suffix}"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_network" "network-2" {
+  name                    = "tf-test-network-2%{random_suffix}"
+  auto_create_subnetworks = false
+}
+`, context)
+}