From 7959b8cfaa08543888f2e825ef48cdedaa86a76c Mon Sep 17 00:00:00 2001 From: "google-labs-jules[bot]" <161369871+google-labs-jules[bot]@users.noreply.github.com> Date: Wed, 11 Feb 2026 14:56:29 +0000 Subject: [PATCH] Add resource_manager_tags to VPN resources Co-authored-by: NandiniAgrawal15 <78158744+NandiniAgrawal15@users.noreply.github.com> --- mmv1/products/compute/ExternalVpnGateway.yaml | 16 ++++ mmv1/products/compute/HaVpnGateway.yaml | 16 ++++ mmv1/products/compute/VpnGateway.yaml | 16 ++++ mmv1/products/compute/VpnTunnel.yaml | 16 ++++ ...ource_compute_external_vpn_gateway_test.go | 53 +++++++++++ .../resource_compute_ha_vpn_gateway_test.go | 53 +++++++++++ .../resource_compute_vpn_gateway_test.go | 61 ++++++++++++ .../resource_compute_vpn_tunnel_test.go | 92 +++++++++++++++++++ 8 files changed, 323 insertions(+) create mode 100644 mmv1/third_party/terraform/services/compute/resource_compute_vpn_gateway_test.go diff --git a/mmv1/products/compute/ExternalVpnGateway.yaml b/mmv1/products/compute/ExternalVpnGateway.yaml index 06c6b5a9c6b1..c5b30425d314 100644 --- a/mmv1/products/compute/ExternalVpnGateway.yaml +++ b/mmv1/products/compute/ExternalVpnGateway.yaml @@ -125,3 +125,19 @@ properties: Engine. Must specify an IPv6 address (not IPV4-mapped) using any format described in RFC 4291 (e.g. 2001:db8:0:0:2d9:51:0:0). The output format is RFC 5952 format (e.g. 2001:db8::2d9:51:0:0). + - name: 'params' + type: NestedObject + ignore_read: true + immutable: true + description: | + Additional params passed with the request, but not persisted as part of resource payload + properties: + - name: 'resourceManagerTags' + type: KeyValuePairs + description: | + Resource manager tags to be bound to the external VPN gateway. Tag keys and values have the + same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, + and values are in the format tagValues/456. + api_name: resourceManagerTags + min_version: beta + ignore_read: true diff --git a/mmv1/products/compute/HaVpnGateway.yaml b/mmv1/products/compute/HaVpnGateway.yaml index 049fdbb6b888..fdf684adc982 100644 --- a/mmv1/products/compute/HaVpnGateway.yaml +++ b/mmv1/products/compute/HaVpnGateway.yaml @@ -189,3 +189,19 @@ properties: You must always provide an up-to-date fingerprint hash in order to update or change labels, otherwise the request will fail with error 412 conditionNotMet. output: true + - name: 'params' + type: NestedObject + ignore_read: true + immutable: true + description: | + Additional params passed with the request, but not persisted as part of resource payload + properties: + - name: 'resourceManagerTags' + type: KeyValuePairs + description: | + Resource manager tags to be bound to the VPN gateway. Tag keys and values have the + same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, + and values are in the format tagValues/456. + api_name: resourceManagerTags + min_version: beta + ignore_read: true diff --git a/mmv1/products/compute/VpnGateway.yaml b/mmv1/products/compute/VpnGateway.yaml index 6a069cc609a7..c2e3e50e64bb 100644 --- a/mmv1/products/compute/VpnGateway.yaml +++ b/mmv1/products/compute/VpnGateway.yaml @@ -98,3 +98,19 @@ properties: custom_expand: 'templates/terraform/custom_expand/resourceref_with_validation.go.tmpl' resource: 'Network' imports: 'selfLink' + - name: 'params' + type: NestedObject + ignore_read: true + immutable: true + description: | + Additional params passed with the request, but not persisted as part of resource payload + properties: + - name: 'resourceManagerTags' + type: KeyValuePairs + description: | + Resource manager tags to be bound to the VPN gateway. Tag keys and values have the + same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, + and values are in the format tagValues/456. + api_name: resourceManagerTags + min_version: beta + ignore_read: true diff --git a/mmv1/products/compute/VpnTunnel.yaml b/mmv1/products/compute/VpnTunnel.yaml index edc7b639a2e2..d77ea8069b61 100644 --- a/mmv1/products/compute/VpnTunnel.yaml +++ b/mmv1/products/compute/VpnTunnel.yaml @@ -278,3 +278,19 @@ properties: description: 'Perfect forward secrecy groups.' item_type: type: String + - name: 'params' + type: NestedObject + ignore_read: true + immutable: true + description: | + Additional params passed with the request, but not persisted as part of resource payload + properties: + - name: 'resourceManagerTags' + type: KeyValuePairs + description: | + Resource manager tags to be bound to the VPN tunnel. Tag keys and values have the + same definition as resource manager tags. Keys must be in the format tagKeys/{tag_key_id}, + and values are in the format tagValues/456. + api_name: resourceManagerTags + min_version: beta + ignore_read: true diff --git a/mmv1/third_party/terraform/services/compute/resource_compute_external_vpn_gateway_test.go b/mmv1/third_party/terraform/services/compute/resource_compute_external_vpn_gateway_test.go index 7a48b76ea039..f96bdd5a7ce6 100644 --- a/mmv1/third_party/terraform/services/compute/resource_compute_external_vpn_gateway_test.go +++ b/mmv1/third_party/terraform/services/compute/resource_compute_external_vpn_gateway_test.go @@ -6,8 +6,41 @@ import ( "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-provider-google/google/acctest" + "github.com/hashicorp/terraform-provider-google/google/envvar" ) +func TestAccComputeExternalVPNGateway_resourceManagerTags(t *testing.T) { + t.Parallel() + + org := envvar.GetTestOrgFromEnv(t) + suffix := acctest.RandString(t, 10) + tagKeyResult := acctest.BootstrapSharedTestTagKeyDetails(t, "crm-ext-vpn-tagkey", "organizations/"+org, make(map[string]interface{})) + sharedTagkey, _ := tagKeyResult["shared_tag_key"] + tagValueResult := acctest.BootstrapSharedTestTagValueDetails(t, "crm-ext-vpn-tagvalue", sharedTagkey, org) + + context := map[string]interface{}{ + "suffix": suffix, + "tag_key_id": tagKeyResult["name"], + "tag_value_id": tagValueResult["name"], + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + Steps: []resource.TestStep{ + { + Config: testAccComputeExternalVPNGateway_resourceManagerTags(context), + }, + { + ResourceName: "google_compute_external_vpn_gateway.external_gateway", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"params"}, + }, + }, + }) +} + func TestAccComputeExternalVPNGateway_updateLabels(t *testing.T) { t.Parallel() @@ -104,3 +137,23 @@ resource "google_compute_external_vpn_gateway" "external_gateway" { } `, suffix, ipv6_address) } + +func testAccComputeExternalVPNGateway_resourceManagerTags(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_compute_external_vpn_gateway" "external_gateway" { + name = "tf-test-external-gateway-%{suffix}" + redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT" + description = "An externally managed VPN gateway" + interface { + id = 0 + ip_address = "8.8.8.8" + } + + params { + resource_manager_tags = { + "%{tag_key_id}" = "%{tag_value_id}" + } + } +} +`, context) +} diff --git a/mmv1/third_party/terraform/services/compute/resource_compute_ha_vpn_gateway_test.go b/mmv1/third_party/terraform/services/compute/resource_compute_ha_vpn_gateway_test.go index 01d78b209ab1..63049e1eee6b 100644 --- a/mmv1/third_party/terraform/services/compute/resource_compute_ha_vpn_gateway_test.go +++ b/mmv1/third_party/terraform/services/compute/resource_compute_ha_vpn_gateway_test.go @@ -7,8 +7,41 @@ import ( "github.com/hashicorp/terraform-plugin-testing/helper/resource" "github.com/hashicorp/terraform-plugin-testing/plancheck" "github.com/hashicorp/terraform-provider-google/google/acctest" + "github.com/hashicorp/terraform-provider-google/google/envvar" ) +func TestAccComputeHaVpnGateway_resourceManagerTags(t *testing.T) { + t.Parallel() + + org := envvar.GetTestOrgFromEnv(t) + suffix := acctest.RandString(t, 10) + tagKeyResult := acctest.BootstrapSharedTestTagKeyDetails(t, "crm-ha-vpn-tagkey", "organizations/"+org, make(map[string]interface{})) + sharedTagkey, _ := tagKeyResult["shared_tag_key"] + tagValueResult := acctest.BootstrapSharedTestTagValueDetails(t, "crm-ha-vpn-tagvalue", sharedTagkey, org) + + context := map[string]interface{}{ + "suffix": suffix, + "tag_key_id": tagKeyResult["name"], + "tag_value_id": tagValueResult["name"], + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + Steps: []resource.TestStep{ + { + Config: testAccComputeHaVpnGateway_resourceManagerTags(context), + }, + { + ResourceName: "google_compute_ha_vpn_gateway.ha_gateway1", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"params"}, + }, + }, + }) +} + func TestAccComputeHaVpnGateway_updateLabels(t *testing.T) { t.Parallel() @@ -70,3 +103,23 @@ resource "google_compute_network" "network1" { } `, suffix, key, value, suffix) } + +func testAccComputeHaVpnGateway_resourceManagerTags(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_compute_ha_vpn_gateway" "ha_gateway1" { + region = "us-central1" + name = "tf-test-ha-vpn-1%{suffix}" + network = google_compute_network.network1.id + params { + resource_manager_tags = { + "%{tag_key_id}" = "%{tag_value_id}" + } + } +} + +resource "google_compute_network" "network1" { + name = "network1%{suffix}" + auto_create_subnetworks = false +} +`, context) +} diff --git a/mmv1/third_party/terraform/services/compute/resource_compute_vpn_gateway_test.go b/mmv1/third_party/terraform/services/compute/resource_compute_vpn_gateway_test.go new file mode 100644 index 000000000000..34fbb2d32d33 --- /dev/null +++ b/mmv1/third_party/terraform/services/compute/resource_compute_vpn_gateway_test.go @@ -0,0 +1,61 @@ +package compute_test + +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-testing/helper/resource" + "github.com/hashicorp/terraform-provider-google/google/acctest" + "github.com/hashicorp/terraform-provider-google/google/envvar" +) + +func TestAccComputeVpnGateway_resourceManagerTags(t *testing.T) { + t.Parallel() + + org := envvar.GetTestOrgFromEnv(t) + suffix := acctest.RandString(t, 10) + tagKeyResult := acctest.BootstrapSharedTestTagKeyDetails(t, "crm-vpn-tagkey", "organizations/"+org, make(map[string]interface{})) + sharedTagkey, _ := tagKeyResult["shared_tag_key"] + tagValueResult := acctest.BootstrapSharedTestTagValueDetails(t, "crm-vpn-tagvalue", sharedTagkey, org) + + context := map[string]interface{}{ + "suffix": suffix, + "tag_key_id": tagKeyResult["name"], + "tag_value_id": tagValueResult["name"], + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + Steps: []resource.TestStep{ + { + Config: testAccComputeVpnGateway_resourceManagerTags(context), + }, + { + ResourceName: "google_compute_vpn_gateway.foobar", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"params"}, + }, + }, + }) +} + +func testAccComputeVpnGateway_resourceManagerTags(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_compute_network" "foobar" { + name = "tf-test-network-%{suffix}" + auto_create_subnetworks = false +} + +resource "google_compute_vpn_gateway" "foobar" { + name = "tf-test-vpn-%{suffix}" + network = google_compute_network.foobar.id + region = "us-central1" + params { + resource_manager_tags = { + "%{tag_key_id}" = "%{tag_value_id}" + } + } +} +`, context) +} diff --git a/mmv1/third_party/terraform/services/compute/resource_compute_vpn_tunnel_test.go b/mmv1/third_party/terraform/services/compute/resource_compute_vpn_tunnel_test.go index 09b00fda6c54..78531aed0dc6 100644 --- a/mmv1/third_party/terraform/services/compute/resource_compute_vpn_tunnel_test.go +++ b/mmv1/third_party/terraform/services/compute/resource_compute_vpn_tunnel_test.go @@ -222,6 +222,98 @@ resource "google_compute_vpn_tunnel" "test_tunnel" { `, suffix) } +func TestAccComputeVpnTunnel_resourceManagerTags(t *testing.T) { + t.Parallel() + + org := envvar.GetTestOrgFromEnv(t) + suffix := acctest.RandString(t, 10) + tagKeyResult := acctest.BootstrapSharedTestTagKeyDetails(t, "crm-tunnel-tagkey", "organizations/"+org, make(map[string]interface{})) + sharedTagkey, _ := tagKeyResult["shared_tag_key"] + tagValueResult := acctest.BootstrapSharedTestTagValueDetails(t, "crm-tunnel-tagvalue", sharedTagkey, org) + + context := map[string]interface{}{ + "suffix": suffix, + "tag_key_id": tagKeyResult["name"], + "tag_value_id": tagValueResult["name"], + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckComputeVpnTunnelDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccComputeVpnTunnel_resourceManagerTags(context), + }, + { + ResourceName: "google_compute_vpn_tunnel.foobar", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"shared_secret", "detailed_status", "params"}, + }, + }, + }) +} + +func testAccComputeVpnTunnel_resourceManagerTags(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_compute_network" "foobar" { + name = "tf-test-%{suffix}" + auto_create_subnetworks = "true" +} + +resource "google_compute_address" "foobar" { + name = "tf-test-%{suffix}" + region = "us-central1" +} + +resource "google_compute_vpn_gateway" "foobar" { + name = "tf-test-%{suffix}" + network = google_compute_network.foobar.self_link + region = google_compute_address.foobar.region +} + +resource "google_compute_forwarding_rule" "foobar_esp" { + name = "tf-test-%{suffix}-esp" + region = google_compute_vpn_gateway.foobar.region + ip_protocol = "ESP" + ip_address = google_compute_address.foobar.address + target = google_compute_vpn_gateway.foobar.self_link +} + +resource "google_compute_forwarding_rule" "foobar_udp500" { + name = "tf-test-%{suffix}-udp500" + region = google_compute_forwarding_rule.foobar_esp.region + ip_protocol = "UDP" + port_range = "500-500" + ip_address = google_compute_address.foobar.address + target = google_compute_vpn_gateway.foobar.self_link +} + +resource "google_compute_forwarding_rule" "foobar_udp4500" { + name = "tf-test-%{suffix}-udp4500" + region = google_compute_forwarding_rule.foobar_udp500.region + ip_protocol = "UDP" + port_range = "4500-4500" + ip_address = google_compute_address.foobar.address + target = google_compute_vpn_gateway.foobar.self_link +} + +resource "google_compute_vpn_tunnel" "foobar" { + name = "tf-test-%{suffix}" + region = google_compute_forwarding_rule.foobar_udp4500.region + target_vpn_gateway = google_compute_vpn_gateway.foobar.self_link + shared_secret = "unguessable" + peer_ip = "8.8.8.8" + params { + resource_manager_tags = { + "%{tag_key_id}" = "%{tag_value_id}" + } + } +} +`, context) +} + func testAccComputeVpnTunnel_regionFromGateway(suffix, region string) string { return fmt.Sprintf(` resource "google_compute_network" "foobar" {