feat: add support for direct vpc in Cloud Functions v2 beta provider (#15539)

akerekes · web-flow · commit 4debc82de75e · 2025-10-30T20:51:37.000Z
diff --git a/mmv1/products/cloudfunctions2/Function.yaml b/mmv1/products/cloudfunctions2/Function.yaml
@@ -302,6 +302,23 @@ examples:
     ignore_read_extra:
       - 'build_config.0.source.0.storage_source.0.object'
       - 'build_config.0.source.0.storage_source.0.bucket'
+  - name: 'cloudfunctions2_directvpc'
+    primary_resource_id: 'function'
+    primary_resource_name: 'fmt.Sprintf("tf-test-function-v2%s", context["random_suffix"])'
+    vars:
+      function: 'function-v2'
+      bucket_name: 'gcf-source'
+      zip_path: 'function-source.zip'
+    test_env_vars:
+      project: 'PROJECT_NAME'
+    test_vars_overrides:
+      'location': '"us-central1"'
+      'zip_path': '"./test-fixtures/function-source.zip"'
+        # ignore these fields during import step
+    ignore_read_extra:
+      - 'build_config.0.source.0.storage_source.0.object'
+      - 'build_config.0.source.0.storage_source.0.bucket'
+    min_version: 'beta'
 parameters:
   - name: 'location'
     type: String
@@ -559,6 +576,34 @@ properties:
           - 'VPC_CONNECTOR_EGRESS_SETTINGS_UNSPECIFIED'
           - 'PRIVATE_RANGES_ONLY'
           - 'ALL_TRAFFIC'
+      - name: 'directVpcNetworkInterface'
+        min_version: 'beta'
+        type: Array
+        description: 'The Direct VPC network interface for the Cloud Function. Currently only a single Direct VPC is supported.'
+        item_type:
+          type: NestedObject
+          properties:
+            - name: network
+              type: String
+              description: |
+                The name of the VPC network to which the function will be connected. Specify either a VPC network or a subnet, or both. If you specify only a network, the subnet uses the same name as the network.
+            - name: subnetwork
+              type: String
+              description: |
+                The name of the VPC subnetwork that the Cloud Function resource will get IPs from. Specify either a VPC network or a subnet, or both. If both network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the subnetwork with the same name with the network will be used.
+            - name: tags
+              type: Array
+              description: 'Network tags applied to this Cloud Function resource.'
+              item_type:
+                type: String
+      - name: 'directVpcEgress'
+        min_version: 'beta'
+        type: Enum
+        description: 'Egress settings for direct VPC. If not provided, it defaults to VPC_EGRESS_PRIVATE_RANGES_ONLY.'
+        default_from_api: true
+        enum_values:
+          - 'VPC_EGRESS_ALL_TRAFFIC'
+          - 'VPC_EGRESS_PRIVATE_RANGES_ONLY'
       - name: 'ingressSettings'
         type: Enum
         description:
diff --git a/mmv1/templates/terraform/examples/cloudfunctions2_directvpc.tf.tmpl b/mmv1/templates/terraform/examples/cloudfunctions2_directvpc.tf.tmpl
@@ -0,0 +1,47 @@
+locals {
+  project = "{{index $.TestEnvVars "project"}}" # Google Cloud Platform Project ID
+}
+
+resource "google_storage_bucket" "bucket" {
+  provider = google-beta
+  name     = "${local.project}-{{index $.Vars "bucket_name"}}"  # Every bucket name must be globally unique
+  location = "US"
+  uniform_bucket_level_access = true
+}
+
+resource "google_storage_bucket_object" "object" {
+  provider = google-beta
+  name   = "function-source.zip"
+  bucket = google_storage_bucket.bucket.name
+  source = "{{index $.Vars "zip_path"}}"  # Add path to the zipped function source code
+}
+
+resource "google_cloudfunctions2_function" "{{$.PrimaryResourceId}}" {
+  provider = google-beta
+  name = "{{index $.Vars "function"}}"
+  location = "us-central1"
+  description = "a new function"
+
+  build_config {
+    runtime = "nodejs20"
+    entry_point = "helloHttp"  # Set the entry point
+    source {
+    storage_source {
+        bucket = google_storage_bucket.bucket.name
+        object = google_storage_bucket_object.object.name
+      }
+    }
+  }
+
+  service_config {
+    max_instance_count  = 1
+    available_memory    = "256M"
+    timeout_seconds     = 60
+    direct_vpc_network_interface {
+      network = "default"
+      subnetwork = "default"
+      tags = ["tag1", "tag2"]
+    }
+    direct_vpc_egress = "VPC_EGRESS_ALL_TRAFFIC"
+  }
+}
diff --git a/mmv1/third_party/terraform/services/cloudfunctions2/resource_cloudfunctions2_function_test.go.tmpl b/mmv1/third_party/terraform/services/cloudfunctions2/resource_cloudfunctions2_function_test.go.tmpl
@@ -4,6 +4,9 @@ import (
 	"testing"
 
 	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+{{ if ne $.TargetVersionName "ga" }}
+        "github.com/hashicorp/terraform-plugin-testing/plancheck"
+{{ end }}
 	"github.com/hashicorp/terraform-provider-google/google/acctest"
 	"github.com/hashicorp/terraform-provider-google/google/envvar"
 )
@@ -642,3 +645,152 @@ output "binary_authorization_policy_eq" {
 }
 `, context)
 }
+
+{{ if ne $.TargetVersionName "ga" }}
+
+func TestAccCloudfunctions2function_cloudfunctions2DirectvpcExample_update(t *testing.T) {
+        t.Parallel()
+
+        context := map[string]interface{}{
+                "project":       envvar.GetTestProjectFromEnv(),
+                "location":      "us-central1",
+                "zip_path":      "./test-fixtures/function-source.zip",
+                "random_suffix": acctest.RandString(t, 10),
+        }
+
+        acctest.VcrTest(t, resource.TestCase{
+                PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+                ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t),
+                CheckDestroy:             testAccCheckCloudfunctions2functionDestroyProducer(t),
+                Steps: []resource.TestStep{
+                        {
+                                Config: testAccCloudfunctions2function_cloudfunctions2DirectvpcExample_basic(context),
+                        },
+                        {
+                                ResourceName:            "google_cloudfunctions2_function.function",
+                                ImportState:             true,
+                                ImportStateVerify:       true,
+                                ImportStateVerifyIgnore: []string{"build_config.0.source.0.storage_source.0.bucket", "build_config.0.source.0.storage_source.0.object", "labels", "location", "terraform_labels"},
+                        },
+                        {
+                                Config: testAccCloudfunctions2function_cloudfunctions2DirectvpcExample_update(context),
+                                ConfigPlanChecks: resource.ConfigPlanChecks{
+                                  PreApply: []plancheck.PlanCheck{
+                                    plancheck.ExpectResourceAction("google_cloudfunctions2_function.function", plancheck.ResourceActionUpdate),
+                                  },
+                                },
+                        },
+                        {
+                                ResourceName:            "google_cloudfunctions2_function.function",
+                                ImportState:             true,
+                                ImportStateVerify:       true,
+                                ImportStateVerifyIgnore: []string{"build_config.0.source.0.storage_source.0.bucket", "build_config.0.source.0.storage_source.0.object", "build_config.0.source.0.storage_source.0.generation", "labels", "location", "terraform_labels"},
+                        },
+                },
+        })
+}
+
+func testAccCloudfunctions2function_cloudfunctions2DirectvpcExample_basic(context map[string]interface{}) string {
+        return acctest.Nprintf(`
+locals {
+  project = "%{project}" # Google Cloud Platform Project ID
+}
+
+resource "google_storage_bucket" "bucket" {
+  provider = google-beta
+  name     = "${local.project}-tf-test-gcf-source%{random_suffix}"  # Every bucket name must be globally unique
+  location = "US"
+  uniform_bucket_level_access = true
+}
+
+resource "google_storage_bucket_object" "object" {
+  provider = google-beta
+  name   = "function-source.zip"
+  bucket = google_storage_bucket.bucket.name
+  source = "%{zip_path}"  # Add path to the zipped function source code
+}
+
+resource "google_cloudfunctions2_function" "function" {
+  provider = google-beta
+  name = "tf-test-function-v2%{random_suffix}"
+  location = "us-central1"
+  description = "a new function"
+
+  build_config {
+    runtime = "nodejs20"
+    entry_point = "helloHttp"  # Set the entry point
+    source {
+    storage_source {
+        bucket = google_storage_bucket.bucket.name
+        object = google_storage_bucket_object.object.name
+      }
+    }
+  }
+
+  service_config {
+    max_instance_count  = 1
+    available_memory    = "256M"
+    timeout_seconds     = 60
+    direct_vpc_network_interface {
+      network = "default"
+      subnetwork = "default"
+      tags = ["tag1", "tag2"]
+    }
+    direct_vpc_egress = "VPC_EGRESS_ALL_TRAFFIC"
+  }
+}
+`, context)
+}
+
+func testAccCloudfunctions2function_cloudfunctions2DirectvpcExample_update(context map[string]interface{}) string {
+        return acctest.Nprintf(`
+locals {
+  project = "%{project}" # Google Cloud Platform Project ID
+}
+
+resource "google_storage_bucket" "bucket" {
+  provider = google-beta
+  name     = "${local.project}-tf-test-gcf-source%{random_suffix}"  # Every bucket name must be globally unique
+  location = "US"
+  uniform_bucket_level_access = true
+}
+
+resource "google_storage_bucket_object" "object" {
+  provider = google-beta
+  name   = "function-source.zip"
+  bucket = google_storage_bucket.bucket.name
+  source = "%{zip_path}"  # Add path to the zipped function source code
+}
+
+resource "google_cloudfunctions2_function" "function" {
+  provider = google-beta
+  name = "tf-test-function-v2%{random_suffix}"
+  location = "us-central1"
+  description = "a new function"
+
+  build_config {
+    runtime = "nodejs20"
+    entry_point = "helloHttp"  # Set the entry point
+    source {
+    storage_source {
+        bucket = google_storage_bucket.bucket.name
+        object = google_storage_bucket_object.object.name
+      }
+    }
+  }
+
+  service_config {
+    max_instance_count  = 1
+    available_memory    = "256M"
+    timeout_seconds     = 60
+    direct_vpc_network_interface {
+      network = "default"
+      subnetwork = "default"
+      tags = ["tag3", "tag4"]
+    }
+    direct_vpc_egress = "VPC_EGRESS_PRIVATE_RANGES_ONLY"
+  }
+}
+`, context)
+}
+{{ end }}
