Add PSC fields to Filestore instance in beta (GoogleCloudPlatform#13883)

osela · BBBmau · commit e1f62d752606 · 2025-07-28T11:29:04.000-07:00
diff --git a/mmv1/products/filestore/Instance.yaml b/mmv1/products/filestore/Instance.yaml
@@ -209,6 +209,12 @@ properties:
                   An integer representing the anonymous group id with a default value of 65534.
                   Anon_gid may only be set with squashMode of ROOT_SQUASH. An error will be returned
                   if this field is specified for other squashMode settings.
+              - name: 'network'
+                type: String
+                min_version: beta
+                description: |
+                  The source VPC network for `ip_ranges`.
+                  Required for instances using Private Service Connect, optional otherwise.
           max_size: 10
     max_size: 1
   - name: 'networks'
@@ -273,6 +279,22 @@ properties:
           enum_values:
             - 'DIRECT_PEERING'
             - 'PRIVATE_SERVICE_ACCESS'
+            - 'PRIVATE_SERVICE_CONNECT'
+        - name: 'pscConfig'
+          type: NestedObject
+          min_version: beta
+          description: |
+            Private Service Connect configuration.
+            Should only be set when connect_mode is PRIVATE_SERVICE_CONNECT.
+          properties:
+            - name: endpointProject
+              type: String
+              description: |
+                Consumer service project in which the Private Service Connect endpoint
+                would be set up. This is optional, and only relevant in case the network
+                is a shared VPC. If this is not specified, the endpoint would be set up
+                in the VPC host project.
+              immutable: true
     min_size: 1
   - name: 'etag'
     type: String
diff --git a/mmv1/third_party/terraform/services/filestore/resource_filestore_instance_test.go.tmpl b/mmv1/third_party/terraform/services/filestore/resource_filestore_instance_test.go.tmpl
@@ -592,4 +592,166 @@ resource "google_filestore_instance" "instance" {
 }
 `, name, location, tier)
 }
+
+{{- end }}
+{{- if ne $.TargetVersionName "ga" }}
+
+func TestAccFilestoreInstance_psc(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"name":     fmt.Sprintf("tf-test-%d", acctest.RandInt(t)),
+		"location": "us-central1",
+		"tier":     "REGIONAL",
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t),
+		CheckDestroy:             testAccCheckFilestoreInstanceDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccFilestoreInstance_psc(context),
+				Check:  resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("google_filestore_instance.instance", "networks.0.connect_mode", "PRIVATE_SERVICE_CONNECT"),
+				),
+			},
+			{
+				ResourceName:            "google_filestore_instance.instance",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"zone"},
+			},
+		},
+	})
+}
+
+func testAccFilestoreInstance_psc(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+data "google_client_config" "current" {
+  provider = google-beta
+}
+
+resource "google_compute_network" "psc_network" {
+  provider                = google-beta
+  name                    = "%{name}"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "psc_subnet" {
+  provider      = google-beta
+  name          = "%{name}"
+  ip_cidr_range = "10.2.0.0/16"
+  region        = "%{location}"
+  network       = google_compute_network.psc_network.id
+}
+
+resource "google_network_connectivity_service_connection_policy" "default" {
+  provider      = google-beta
+  name          = "%{name}"
+  location      = "%{location}"
+  service_class = "google-cloud-filestore"
+  network       = google_compute_network.psc_network.id
+  psc_config {
+    subnetworks = [google_compute_subnetwork.psc_subnet.id]
+  }
+}
+
+resource "google_filestore_instance" "instance" {
+  provider = google-beta
+  depends_on = [
+    google_network_connectivity_service_connection_policy.default
+  ]
+  name        = "%{name}"
+  location    = "%{location}"
+  tier        = "%{tier}"
+  description = "An instance created during testing."
+  protocol    = "NFS_V4_1"
+
+  file_shares {
+    capacity_gb = 1024
+    name        = "share"
+
+    nfs_export_options {
+      ip_ranges = ["70.0.0.1/24"]
+      network   = google_compute_network.psc_network.name
+    }
+  }
+
+  networks {
+    network      = google_compute_network.psc_network.name
+    modes        = ["MODE_IPV4"]
+    connect_mode = "PRIVATE_SERVICE_CONNECT"
+    psc_config {
+      endpoint_project = data.google_client_config.current.project
+    }
+  }
+}
+`, context)
+}
+
+func TestAccFilestoreInstance_nfsExportOptionsNetwork_update(t *testing.T) {
+	t.Parallel()
+
+	name := fmt.Sprintf("tf-test-%d", acctest.RandInt(t))
+	location := "us-central1-a"
+	tier := "ZONAL"
+
+	// Currently, we can only alternate between an empty network and the instance network of non-PSC instances.
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t),
+		CheckDestroy:             testAccCheckFilestoreInstanceDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccFilestoreInstance_nfsExportOptionsNetwork_update(name, location, tier, ""),
+				Check:  resource.TestCheckResourceAttr("google_filestore_instance.instance", "file_shares.0.nfs_export_options.0.network", ""),
+			},
+			{
+				ResourceName:            "google_filestore_instance.instance",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"zone"},
+			},
+			{
+				Config: testAccFilestoreInstance_nfsExportOptionsNetwork_update(name, location, tier, "default"),
+				Check:  resource.TestCheckResourceAttr("google_filestore_instance.instance", "file_shares.0.nfs_export_options.0.network", "default"),
+			},
+			{
+				ResourceName:            "google_filestore_instance.instance",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"zone"},
+			},
+		},
+	})
+}
+
+func testAccFilestoreInstance_nfsExportOptionsNetwork_update(name, location, tier, network string) string {
+	return fmt.Sprintf(`
+resource "google_filestore_instance" "instance" {
+  provider    = google-beta
+  name        = "%s"
+  zone        = "%s"
+  tier        = "%s"
+  description = "An instance created during testing."
+
+  file_shares {
+    capacity_gb = 1024
+    name        = "share"
+
+	nfs_export_options {
+      ip_ranges = ["70.0.0.1/24"]
+      network   = "%s"
+    }
+  }
+
+  networks {
+    network = "default"
+	modes   = ["MODE_IPV4"]
+  }
+}
+`, name, location, tier, network)
+}
+
 {{- end }}
