Adding IP Collection & IPv6 GCE Endpoint to Subnetwork Resource (#13271) (#9490)

modular-magician · web-flow · commit 24ca458c5c1b · 2025-03-06T09:14:15.000-08:00
[upstream:4bf00c50347784738f6ffc1d5d45d0bb24e09512]

Signed-off-by: Modular Magician &lt;magic-modules@google.com&gt;
diff --git a/.changelog/13271.txt b/.changelog/13271.txt
@@ -0,0 +1,3 @@
+```release-note: enhancement
+compute: added `ip_collection` and `ipv6_gce_endpoint` fields to `google_compute_subnetwork` resource
+```
diff --git a/google-beta/services/compute/resource_compute_subnetwork.go b/google-beta/services/compute/resource_compute_subnetwork.go
@@ -168,6 +168,20 @@ Provide this property when you create the subnetwork. For example,
 10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and
 non-overlapping within a network. Only IPv4 is supported.
 Field is optional when 'reserved_internal_range' is defined, otherwise required.`,
+			},
+			"ip_collection": {
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+				Description: `Resource reference of a PublicDelegatedPrefix. The PDP must be a sub-PDP
+in EXTERNAL_IPV6_SUBNETWORK_CREATION mode.
+Use one of the following formats to specify a sub-PDP when creating an
+IPv6 NetLB forwarding rule using BYOIP:
+Full resource URL, as in:
+  * 'https://www.googleapis.com/compute/v1/projects/{{projectId}}/regions/{{region}}/publicDelegatedPrefixes/{{sub-pdp-name}}'
+Partial URL, as in:
+  * 'projects/{{projectId}}/regions/region/publicDelegatedPrefixes/{{sub-pdp-name}}'
+  * 'regions/{{region}}/publicDelegatedPrefixes/{{sub-pdp-name}}'`,
 			},
 			"ipv6_access_type": {
 				Type:         schema.TypeString,
@@ -366,6 +380,15 @@ outside this subnetwork.`,
 				Computed:    true,
 				Description: `The range of internal IPv6 addresses that are owned by this subnetwork.`,
 			},
+			"ipv6_gce_endpoint": {
+				Type:     schema.TypeString,
+				Computed: true,
+				Description: `Possible endpoints of this subnetwork. It can be one of the following:
+  * VM_ONLY: The subnetwork can be used for creating instances and IPv6 addresses with VM endpoint type. Such a subnetwork
+  gets external IPv6 ranges from a public delegated prefix and cannot be used to create NetLb.
+  * VM_AND_FR: The subnetwork can be used for creating both VM instances and Forwarding Rules. It can also be used to reserve
+  IPv6 addresses with both VM and FR endpoint types. Such a subnetwork gets its IPv6 range from Google IP Pool directly.`,
+			},
 			"subnetwork_id": {
 				Type:        schema.TypeInt,
 				Computed:    true,
@@ -542,6 +565,12 @@ func resourceComputeSubnetworkCreate(d *schema.ResourceData, meta interface{}) e
 	} else if v, ok := d.GetOkExists("external_ipv6_prefix"); !tpgresource.IsEmptyValue(reflect.ValueOf(externalIpv6PrefixProp)) && (ok || !reflect.DeepEqual(v, externalIpv6PrefixProp)) {
 		obj["externalIpv6Prefix"] = externalIpv6PrefixProp
 	}
+	ipCollectionProp, err := expandComputeSubnetworkIpCollection(d.Get("ip_collection"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("ip_collection"); !tpgresource.IsEmptyValue(reflect.ValueOf(ipCollectionProp)) && (ok || !reflect.DeepEqual(v, ipCollectionProp)) {
+		obj["ipCollection"] = ipCollectionProp
+	}
 	allowSubnetCidrRoutesOverlapProp, err := expandComputeSubnetworkAllowSubnetCidrRoutesOverlap(d.Get("allow_subnet_cidr_routes_overlap"), d, config)
 	if err != nil {
 		return err
@@ -708,6 +737,9 @@ func resourceComputeSubnetworkRead(d *schema.ResourceData, meta interface{}) err
 	if err := d.Set("external_ipv6_prefix", flattenComputeSubnetworkExternalIpv6Prefix(res["externalIpv6Prefix"], d, config)); err != nil {
 		return fmt.Errorf("Error reading Subnetwork: %s", err)
 	}
+	if err := d.Set("ipv6_gce_endpoint", flattenComputeSubnetworkIpv6GceEndpoint(res["ipv6GceEndpoint"], d, config)); err != nil {
+		return fmt.Errorf("Error reading Subnetwork: %s", err)
+	}
 	if err := d.Set("allow_subnet_cidr_routes_overlap", flattenComputeSubnetworkAllowSubnetCidrRoutesOverlap(res["allowSubnetCidrRoutesOverlap"], d, config)); err != nil {
 		return fmt.Errorf("Error reading Subnetwork: %s", err)
 	}
@@ -1502,6 +1534,10 @@ func flattenComputeSubnetworkExternalIpv6Prefix(v interface{}, d *schema.Resourc
 	return v
 }
 
+func flattenComputeSubnetworkIpv6GceEndpoint(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
 func flattenComputeSubnetworkAllowSubnetCidrRoutesOverlap(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
 	return v
 }
@@ -1645,6 +1681,10 @@ func expandComputeSubnetworkExternalIpv6Prefix(v interface{}, d tpgresource.Terr
 	return v, nil
 }
 
+func expandComputeSubnetworkIpCollection(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandComputeSubnetworkAllowSubnetCidrRoutesOverlap(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	return v, nil
 }
diff --git a/google-beta/services/compute/resource_compute_subnetwork_generated_meta.yaml b/google-beta/services/compute/resource_compute_subnetwork_generated_meta.yaml
@@ -12,8 +12,10 @@ fields:
   - field: 'gateway_address'
   - field: 'internal_ipv6_prefix'
   - field: 'ip_cidr_range'
+  - field: 'ip_collection'
   - field: 'ipv6_access_type'
   - field: 'ipv6_cidr_range'
+  - field: 'ipv6_gce_endpoint'
   - field: 'log_config.aggregation_interval'
   - field: 'log_config.filter_expr'
   - field: 'log_config.flow_sampling'
diff --git a/google-beta/services/compute/resource_compute_subnetwork_generated_test.go b/google-beta/services/compute/resource_compute_subnetwork_generated_test.go
@@ -49,7 +49,7 @@ func TestAccComputeSubnetwork_subnetworkBasicExample(t *testing.T) {
 				ResourceName:            "google_compute_subnetwork.network-with-private-secondary-ip-ranges",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"network", "region", "reserved_internal_range"},
+				ImportStateVerifyIgnore: []string{"ip_collection", "network", "region", "reserved_internal_range"},
 			},
 		},
 	})
@@ -94,7 +94,7 @@ func TestAccComputeSubnetwork_subnetworkLoggingConfigExample(t *testing.T) {
 				ResourceName:            "google_compute_subnetwork.subnet-with-logging",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"network", "region", "reserved_internal_range"},
+				ImportStateVerifyIgnore: []string{"ip_collection", "network", "region", "reserved_internal_range"},
 			},
 		},
 	})
@@ -141,7 +141,7 @@ func TestAccComputeSubnetwork_subnetworkInternalL7lbExample(t *testing.T) {
 				ResourceName:            "google_compute_subnetwork.network-for-l7lb",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"network", "region", "reserved_internal_range"},
+				ImportStateVerifyIgnore: []string{"ip_collection", "network", "region", "reserved_internal_range"},
 			},
 		},
 	})
@@ -188,7 +188,7 @@ func TestAccComputeSubnetwork_subnetworkIpv6Example(t *testing.T) {
 				ResourceName:            "google_compute_subnetwork.subnetwork-ipv6",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"network", "region", "reserved_internal_range"},
+				ImportStateVerifyIgnore: []string{"ip_collection", "network", "region", "reserved_internal_range"},
 			},
 		},
 	})
@@ -234,7 +234,7 @@ func TestAccComputeSubnetwork_subnetworkInternalIpv6Example(t *testing.T) {
 				ResourceName:            "google_compute_subnetwork.subnetwork-internal-ipv6",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"network", "region", "reserved_internal_range"},
+				ImportStateVerifyIgnore: []string{"ip_collection", "network", "region", "reserved_internal_range"},
 			},
 		},
 	})
@@ -281,7 +281,7 @@ func TestAccComputeSubnetwork_subnetworkPurposePrivateNatExample(t *testing.T) {
 				ResourceName:            "google_compute_subnetwork.subnetwork-purpose-private-nat",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"network", "region", "reserved_internal_range"},
+				ImportStateVerifyIgnore: []string{"ip_collection", "network", "region", "reserved_internal_range"},
 			},
 		},
 	})
@@ -327,7 +327,7 @@ func TestAccComputeSubnetwork_subnetworkCidrOverlapExample(t *testing.T) {
 				ResourceName:            "google_compute_subnetwork.subnetwork-cidr-overlap",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"network", "region", "reserved_internal_range"},
+				ImportStateVerifyIgnore: []string{"ip_collection", "network", "region", "reserved_internal_range"},
 			},
 		},
 	})
@@ -373,7 +373,7 @@ func TestAccComputeSubnetwork_subnetworkReservedInternalRangeExample(t *testing.
 				ResourceName:            "google_compute_subnetwork.subnetwork-reserved-internal-range",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"network", "region", "reserved_internal_range"},
+				ImportStateVerifyIgnore: []string{"ip_collection", "network", "region", "reserved_internal_range"},
 			},
 		},
 	})
@@ -428,7 +428,7 @@ func TestAccComputeSubnetwork_subnetworkReservedSecondaryRangeExample(t *testing
 				ResourceName:            "google_compute_subnetwork.subnetwork-reserved-secondary-range",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"network", "region", "reserved_internal_range"},
+				ImportStateVerifyIgnore: []string{"ip_collection", "network", "region", "reserved_internal_range"},
 			},
 		},
 	})
@@ -500,7 +500,7 @@ func TestAccComputeSubnetwork_subnetworkIpv6OnlyInternalExample(t *testing.T) {
 				ResourceName:            "google_compute_subnetwork.subnetwork-ipv6-only",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"network", "region", "reserved_internal_range"},
+				ImportStateVerifyIgnore: []string{"ip_collection", "network", "region", "reserved_internal_range"},
 			},
 		},
 	})
@@ -524,6 +524,50 @@ resource "google_compute_network" "custom-test" {
 `, context)
 }
 
+func TestAccComputeSubnetwork_subnetworkWithSubnetModePdpExample(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"ip_collection_url": "projects/tf-static-byoip/regions/us-central1/publicDelegatedPrefixes/tf-test-subnet-mode-pdp",
+		"random_suffix":     acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckComputeSubnetworkDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccComputeSubnetwork_subnetworkWithSubnetModePdpExample(context),
+			},
+			{
+				ResourceName:            "google_compute_subnetwork.subnetwork-with-subnet-mode-pdp",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"ip_collection", "network", "region", "reserved_internal_range"},
+			},
+		},
+	})
+}
+
+func testAccComputeSubnetwork_subnetworkWithSubnetModePdpExample(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_compute_subnetwork" "subnetwork-with-subnet-mode-pdp" {
+  name             = "tf-test-subnet-mode-pdp-subnet%{random_suffix}"
+  region           = "us-central1"
+  network          = google_compute_network.custom-test-network.id
+  stack_type       = "IPV6_ONLY"
+  ipv6_access_type = "EXTERNAL"
+  ip_collection    = "%{ip_collection_url}"
+}
+
+resource "google_compute_network" "custom-test-network" {
+  name                    = "tf-test-network-byoipv6-external%{random_suffix}"
+  auto_create_subnetworks = false
+}
+`, context)
+}
+
 func TestAccComputeSubnetwork_subnetworkIpv6OnlyExternalExample(t *testing.T) {
 	t.Parallel()
 
@@ -543,7 +587,7 @@ func TestAccComputeSubnetwork_subnetworkIpv6OnlyExternalExample(t *testing.T) {
 				ResourceName:            "google_compute_subnetwork.subnetwork-ipv6-only",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"network", "region", "reserved_internal_range"},
+				ImportStateVerifyIgnore: []string{"ip_collection", "network", "region", "reserved_internal_range"},
 			},
 		},
 	})
diff --git a/website/docs/r/compute_subnetwork.html.markdown b/website/docs/r/compute_subnetwork.html.markdown
@@ -437,6 +437,18 @@ The following arguments are supported:
   (Optional)
   The range of external IPv6 addresses that are owned by this subnetwork.
 
+* `ip_collection` -
+  (Optional)
+  Resource reference of a PublicDelegatedPrefix. The PDP must be a sub-PDP
+  in EXTERNAL_IPV6_SUBNETWORK_CREATION mode.
+  Use one of the following formats to specify a sub-PDP when creating an
+  IPv6 NetLB forwarding rule using BYOIP:
+  Full resource URL, as in:
+    * `https://www.googleapis.com/compute/v1/projects/{{projectId}}/regions/{{region}}/publicDelegatedPrefixes/{{sub-pdp-name}}`
+  Partial URL, as in:
+    * `projects/{{projectId}}/regions/region/publicDelegatedPrefixes/{{sub-pdp-name}}`
+    * `regions/{{region}}/publicDelegatedPrefixes/{{sub-pdp-name}}`
+
 * `allow_subnet_cidr_routes_overlap` -
   (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
   Typically packets destined to IPs within the subnetwork range that do not match
@@ -536,6 +548,13 @@ In addition to the arguments listed above, the following computed attributes are
 
 * `internal_ipv6_prefix` -
   The internal IPv6 address range that is assigned to this subnetwork.
+
+* `ipv6_gce_endpoint` -
+  Possible endpoints of this subnetwork. It can be one of the following:
+    * VM_ONLY: The subnetwork can be used for creating instances and IPv6 addresses with VM endpoint type. Such a subnetwork
+    gets external IPv6 ranges from a public delegated prefix and cannot be used to create NetLb.
+    * VM_AND_FR: The subnetwork can be used for creating both VM instances and Forwarding Rules. It can also be used to reserve
+    IPv6 addresses with both VM and FR endpoint types. Such a subnetwork gets its IPv6 range from Google IP Pool directly.
 * `self_link` - The URI of the created resource.
 
 

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	+```release-note: enhancement
	`2`	+compute: added `ip_collection` and `ipv6_gce_endpoint` fields to `google_compute_subnetwork` resource
	`3`	+```