Add Feature Service attachment tunneling config (#14602)

Author: Dawid212

mmv1/products/compute/ServiceAttachment.yaml

@@ -95,6 +95,17 @@ examples:
       producer_forwarding_rule_name: 'producer-forwarding-rule'
       consumer_address_name: 'psc-ilb-consumer-address'
       consumer_forwarding_rule_name: 'psc-ilb-consumer-forwarding-rule'
+  - name: 'service_attachment_tunneling_config'
+    primary_resource_id: 'psc_ilb_service_attachment'
+    min_version: beta
+    vars:
+      service_attachment_name: 'my-psc-ilb'
+      network_name: 'psc-ilb-network'
+      nat_subnetwork_name: 'psc-ilb-nat'
+      producer_subnetwork_name: 'psc-ilb-producer-subnetwork'
+      producer_health_check_name: 'producer-service-health-check'
+      producer_service_name: 'producer-service'
+      producer_forwarding_rule_name: 'producer-forwarding-rule'
   - name: 'service_attachment_cross_region_ilb'
     primary_resource_id: 'psc_ilb_service_attachment'
     vars:
@@ -133,6 +144,22 @@ properties:
       Fingerprint of this resource. This field is used internally during
       updates of this resource.
     output: true
+  - name: 'pscServiceAttachmentId'
+    type: NestedObject
+    description: |
+      An 128-bit global unique ID of the PSC service attachment.
+    output: true
+    properties:
+      - name: 'high'
+        type: String
+        description: |
+          The high 64 bits of the PSC service attachment ID.
+        output: true
+      - name: 'low'
+        type: String
+        description: |
+          The low 64 bits of the PSC service attachment ID.
+        output: true
   - name: 'connectionPreference'
     type: String
     description: |
@@ -213,6 +240,21 @@ properties:
     immutable: true
     item_type:
       type: String
+  - name: 'tunnelingConfig'
+    type: NestedObject
+    description: |
+      Tunneling configuration for this service attachment.
+    min_version: beta
+    ignore_read: true
+    properties:
+      - name: 'routingMode'
+        type: String
+        description: |
+          The routing mode for tunneling traffic.
+      - name: 'encapsulationProfile'
+        type: String
+        description: |
+          The encapsulation profile for tunneling traffic.
   - name: 'consumerRejectLists'
     type: Array
     description: |

mmv1/templates/terraform/examples/service_attachment_tunneling_config.tf.tmpl

@@ -0,0 +1,82 @@
+provider "google-beta" {
+}
+
+resource "google_compute_service_attachment" "{{$.PrimaryResourceId}}" {
+  provider = google-beta
+  
+  name        = "{{index $.Vars "service_attachment_name"}}"
+  region      = "us-west2"
+  description = "A service attachment configured with tunneling"
+
+  enable_proxy_protocol    = false
+  connection_preference    = "ACCEPT_AUTOMATIC"
+  nat_subnets              = [google_compute_subnetwork.psc_ilb_nat.id]
+  target_service           = google_compute_forwarding_rule.psc_ilb_target_service.id
+
+  tunneling_config {
+    routing_mode = "REGIONAL"
+    encapsulation_profile = "IPV4"
+  }
+}
+
+resource "google_compute_forwarding_rule" "psc_ilb_target_service" {
+  provider = google-beta
+  
+  name   = "{{index $.Vars "producer_forwarding_rule_name"}}"
+  region = "us-west2"
+
+  load_balancing_scheme = "INTERNAL"
+  backend_service       = google_compute_region_backend_service.producer_service_backend.id
+  all_ports             = true
+  network               = google_compute_network.psc_ilb_network.name
+  subnetwork            = google_compute_subnetwork.psc_ilb_producer_subnetwork.name
+}
+
+resource "google_compute_region_backend_service" "producer_service_backend" {
+  provider = google-beta
+  
+  name   = "{{index $.Vars "producer_service_name"}}"
+  region = "us-west2"
+
+  health_checks = [google_compute_health_check.producer_service_health_check.id]
+}
+
+resource "google_compute_health_check" "producer_service_health_check" {
+  provider = google-beta
+  
+  name = "{{index $.Vars "producer_health_check_name"}}"
+
+  check_interval_sec = 1
+  timeout_sec        = 1
+  tcp_health_check {
+    port = "80"
+  }
+}
+
+resource "google_compute_network" "psc_ilb_network" {
+  provider = google-beta
+  
+  name = "{{index $.Vars "network_name"}}"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "psc_ilb_producer_subnetwork" {
+  provider = google-beta
+  
+  name   = "{{index $.Vars "producer_subnetwork_name"}}"
+  region = "us-west2"
+
+  network       = google_compute_network.psc_ilb_network.id
+  ip_cidr_range = "10.0.0.0/16"
+}
+
+resource "google_compute_subnetwork" "psc_ilb_nat" {
+  provider = google-beta
+  
+  name   = "{{index $.Vars "nat_subnetwork_name"}}"
+  region = "us-west2"
+
+  network       = google_compute_network.psc_ilb_network.id
+  purpose       =  "PRIVATE_SERVICE_CONNECT"
+  ip_cidr_range = "10.1.0.0/16"
+} 

mmv1/third_party/terraform/services/compute/resource_compute_service_attachment_tunneling_test.go.tmpl

@@ -0,0 +1,130 @@
+package compute_test
+{{ if ne $.TargetVersionName `ga` -}}
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+	"github.com/hashicorp/terraform-provider-google/google/acctest"
+)
+
+func TestAccComputeServiceAttachment_tunnelingConfigUpdate(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t),
+		CheckDestroy:             testAccCheckComputeServiceAttachmentDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccComputeServiceAttachment_tunnelingConfig(context, "REGIONAL", "IPV4"),
+			},
+			{
+				ResourceName:            "google_compute_service_attachment.psc_ilb_service_attachment",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"target_service", "region", "tunneling_config"},
+			},
+			{
+				Config: testAccComputeServiceAttachment_tunnelingConfig(context, "GLOBAL", "IPV6"),
+			},
+			{
+				ResourceName:            "google_compute_service_attachment.psc_ilb_service_attachment",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"target_service", "region", "tunneling_config"},
+			},
+		},
+	})
+}
+
+func testAccComputeServiceAttachment_tunnelingConfig(context map[string]interface{}, routingMode, encapsulationProfile string) string {
+	context["routing_mode"] = routingMode
+	context["encapsulation_profile"] = encapsulationProfile
+
+	return acctest.Nprintf(`
+resource "google_compute_service_attachment" "psc_ilb_service_attachment" {
+  provider = google-beta
+  
+  name        = "tf-test-my-psc-ilb%{random_suffix}"
+  region      = "us-west2"
+  description = "A service attachment configured with tunneling"
+
+  enable_proxy_protocol    = false
+  connection_preference    = "ACCEPT_AUTOMATIC"
+  nat_subnets              = [google_compute_subnetwork.psc_ilb_nat.id]
+  target_service           = google_compute_forwarding_rule.psc_ilb_target_service.id
+
+  tunneling_config {
+    routing_mode = "%{routing_mode}"
+    encapsulation_profile = "%{encapsulation_profile}"
+  }
+}
+
+resource "google_compute_forwarding_rule" "psc_ilb_target_service" {
+  provider = google-beta
+  
+  name   = "tf-test-producer-forwarding-rule%{random_suffix}"
+  region = "us-west2"
+
+  load_balancing_scheme = "INTERNAL"
+  backend_service       = google_compute_region_backend_service.producer_service_backend.id
+  all_ports             = true
+  network               = google_compute_network.psc_ilb_network.name
+  subnetwork            = google_compute_subnetwork.psc_ilb_producer_subnetwork.name
+}
+
+resource "google_compute_region_backend_service" "producer_service_backend" {
+  provider = google-beta
+  
+  name   = "tf-test-producer-service%{random_suffix}"
+  region = "us-west2"
+
+  health_checks = [google_compute_health_check.producer_service_health_check.id]
+}
+
+resource "google_compute_health_check" "producer_service_health_check" {
+  provider = google-beta
+  
+  name = "tf-test-producer-service-health-check%{random_suffix}"
+
+  check_interval_sec = 1
+  timeout_sec        = 1
+  tcp_health_check {
+    port = "80"
+  }
+}
+
+resource "google_compute_network" "psc_ilb_network" {
+  provider = google-beta
+  
+  name = "tf-test-psc-ilb-network%{random_suffix}"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "psc_ilb_producer_subnetwork" {
+  provider = google-beta
+  
+  name   = "tf-test-psc-ilb-producer-subnetwork%{random_suffix}"
+  region = "us-west2"
+
+  network       = google_compute_network.psc_ilb_network.id
+  ip_cidr_range = "10.0.0.0/16"
+}
+
+resource "google_compute_subnetwork" "psc_ilb_nat" {
+  provider = google-beta
+  
+  name   = "tf-test-psc-ilb-nat%{random_suffix}"
+  region = "us-west2"
+
+  network       = google_compute_network.psc_ilb_network.id
+  purpose       =  "PRIVATE_SERVICE_CONNECT"
+  ip_cidr_range = "10.1.0.0/16"
+}
+`, context)
+}
+{{- end }}