add network_url attribute in consumer_accept_list block of google_compute_service_attachment resource (#9895) (#7047)

* add network_url attribute in consumer_accept_list block of google_compute_service_attachment resource

* Bugfix: Use SelfLinkRelativePath check to prevent false positive resource changes

[upstream:0249d74bdb046afe63b6562f40b7cfa315eeb8b2]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/9895.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+compute: added the `network_url` attribute to the `consumer_accept_list`-block of the `google_compute_service_attachment` resource.
+```

google-beta/services/compute/resource_compute_service_attachment.go

@@ -18,6 +18,7 @@
 package compute
 
 import (
+	"bytes"
 	"fmt"
 	"log"
 	"reflect"
@@ -30,6 +31,42 @@ import (
 	transport_tpg "github.com/hashicorp/terraform-provider-google-beta/google-beta/transport"
 )
 
+// Hash based on key, which is either project_id_or_num or network_url.
+func computeServiceAttachmentConsumerAcceptListsHash(v interface{}) int {
+	if v == nil {
+		return 0
+	}
+
+	var buf bytes.Buffer
+	m := v.(map[string]interface{})
+	log.Printf("[DEBUG] hashing %v", m)
+
+	if v, ok := m["project_id_or_num"]; ok {
+		if v == nil {
+			v = ""
+		}
+
+		buf.WriteString(fmt.Sprintf("%v-", v))
+	}
+
+	if v, ok := m["network_url"]; ok {
+		if v == nil {
+			v = ""
+		} else {
+			if networkUrl, err := tpgresource.GetRelativePath(v.(string)); err != nil {
+				log.Printf("[WARN] Error on retrieving relative path of network url: %s", err)
+			} else {
+				v = networkUrl
+			}
+		}
+
+		buf.WriteString(fmt.Sprintf("%v-", v))
+	}
+
+	log.Printf("[DEBUG] computed hash value of %v from %v", tpgresource.Hashcode(buf.String()), buf.String())
+	return tpgresource.Hashcode(buf.String())
+}
+
 func ResourceComputeServiceAttachment() *schema.Resource {
 	return &schema.Resource{
 		Create: resourceComputeServiceAttachmentCreate,
@@ -100,7 +137,7 @@ this service attachment.`,
 				Description: `An array of projects that are allowed to connect to this service
 attachment.`,
 				Elem: computeServiceAttachmentConsumerAcceptListsSchema(),
-				// Default schema.HashSchema is used.
+				Set:  computeServiceAttachmentConsumerAcceptListsHash,
 			},
 			"consumer_reject_lists": {
 				Type:     schema.TypeList,
@@ -195,11 +232,19 @@ func computeServiceAttachmentConsumerAcceptListsSchema() *schema.Resource {
 				Required: true,
 				Description: `The number of consumer forwarding rules the consumer project can
 create.`,
+			},
+			"network_url": {
+				Type:             schema.TypeString,
+				Optional:         true,
+				DiffSuppressFunc: tpgresource.CompareSelfLinkRelativePaths,
+				Description: `The network that is allowed to connect to this service attachment.
+Only one of project_id_or_num and network_url may be set.`,
 			},
 			"project_id_or_num": {
-				Type:        schema.TypeString,
-				Required:    true,
-				Description: `A project that is allowed to connect to this service attachment.`,
+				Type:     schema.TypeString,
+				Optional: true,
+				Description: `A project that is allowed to connect to this service attachment.
+Only one of project_id_or_num and network_url may be set.`,
 			},
 		},
 	}
@@ -688,7 +733,7 @@ func flattenComputeServiceAttachmentConsumerAcceptLists(v interface{}, d *schema
 		return v
 	}
 	l := v.([]interface{})
-	transformed := schema.NewSet(schema.HashResource(computeServiceAttachmentConsumerAcceptListsSchema()), []interface{}{})
+	transformed := schema.NewSet(computeServiceAttachmentConsumerAcceptListsHash, []interface{}{})
 	for _, raw := range l {
 		original := raw.(map[string]interface{})
 		if len(original) < 1 {
@@ -697,6 +742,7 @@ func flattenComputeServiceAttachmentConsumerAcceptLists(v interface{}, d *schema
 		}
 		transformed.Add(map[string]interface{}{
 			"project_id_or_num": flattenComputeServiceAttachmentConsumerAcceptListsProjectIdOrNum(original["projectIdOrNum"], d, config),
+			"network_url":       flattenComputeServiceAttachmentConsumerAcceptListsNetworkUrl(original["networkUrl"], d, config),
 			"connection_limit":  flattenComputeServiceAttachmentConsumerAcceptListsConnectionLimit(original["connectionLimit"], d, config),
 		})
 	}
@@ -706,6 +752,10 @@ func flattenComputeServiceAttachmentConsumerAcceptListsProjectIdOrNum(v interfac
 	return v
 }
 
+func flattenComputeServiceAttachmentConsumerAcceptListsNetworkUrl(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
 func flattenComputeServiceAttachmentConsumerAcceptListsConnectionLimit(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
 	// Handles the string fixed64 format
 	if strVal, ok := v.(string); ok {
@@ -797,6 +847,13 @@ func expandComputeServiceAttachmentConsumerAcceptLists(v interface{}, d tpgresou
 			transformed["projectIdOrNum"] = transformedProjectIdOrNum
 		}
 
+		transformedNetworkUrl, err := expandComputeServiceAttachmentConsumerAcceptListsNetworkUrl(original["network_url"], d, config)
+		if err != nil {
+			return nil, err
+		} else if val := reflect.ValueOf(transformedNetworkUrl); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+			transformed["networkUrl"] = transformedNetworkUrl
+		}
+
 		transformedConnectionLimit, err := expandComputeServiceAttachmentConsumerAcceptListsConnectionLimit(original["connection_limit"], d, config)
 		if err != nil {
 			return nil, err
@@ -813,6 +870,10 @@ func expandComputeServiceAttachmentConsumerAcceptListsProjectIdOrNum(v interface
 	return v, nil
 }
 
+func expandComputeServiceAttachmentConsumerAcceptListsNetworkUrl(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandComputeServiceAttachmentConsumerAcceptListsConnectionLimit(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	return v, nil
 }

google-beta/services/compute/resource_compute_service_attachment_generated_test.go

@@ -255,6 +255,133 @@ resource "google_compute_subnetwork" "psc_ilb_nat" {
 `, context)
 }
 
+func TestAccComputeServiceAttachment_serviceAttachmentExplicitNetworksExample(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckComputeServiceAttachmentDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccComputeServiceAttachment_serviceAttachmentExplicitNetworksExample(context),
+			},
+			{
+				ResourceName:            "google_compute_service_attachment.psc_ilb_service_attachment",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"target_service", "region"},
+			},
+		},
+	})
+}
+
+func testAccComputeServiceAttachment_serviceAttachmentExplicitNetworksExample(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_compute_service_attachment" "psc_ilb_service_attachment" {
+  name        = "tf-test-my-psc-ilb%{random_suffix}"
+  region      = "us-west2"
+  description = "A service attachment configured with Terraform"
+
+  enable_proxy_protocol    = false
+  
+  connection_preference    = "ACCEPT_MANUAL"
+  nat_subnets              = [google_compute_subnetwork.psc_ilb_nat.id]
+  target_service           = google_compute_forwarding_rule.psc_ilb_target_service.id
+
+  consumer_accept_lists {
+    network_url       = google_compute_network.psc_ilb_consumer_network.self_link
+    connection_limit  = 1
+  }
+}
+
+resource "google_compute_network" "psc_ilb_consumer_network" {
+  name                    = "tf-test-psc-ilb-consumer-network%{random_suffix}"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "psc_ilb_consumer_subnetwork" {
+  name          = "tf-test-psc-ilb-consumer-network%{random_suffix}"
+  ip_cidr_range = "10.0.0.0/16"
+  region        = "us-west2"
+  network       = google_compute_network.psc_ilb_consumer_network.id
+}
+
+resource "google_compute_address" "psc_ilb_consumer_address" {
+  name   = "tf-test-psc-ilb-consumer-address%{random_suffix}"
+  region = "us-west2"
+
+  subnetwork   = google_compute_subnetwork.psc_ilb_consumer_subnetwork.id
+  address_type = "INTERNAL"
+}
+
+resource "google_compute_forwarding_rule" "psc_ilb_consumer" {
+  name   = "tf-test-psc-ilb-consumer-forwarding-rule%{random_suffix}"
+  region = "us-west2"
+
+  target                = google_compute_service_attachment.psc_ilb_service_attachment.id
+  load_balancing_scheme = "" # need to override EXTERNAL default when target is a service attachment
+  network               = google_compute_network.psc_ilb_consumer_network.id
+  subnetwork            = google_compute_subnetwork.psc_ilb_consumer_subnetwork.id
+  ip_address            = google_compute_address.psc_ilb_consumer_address.id
+}
+
+resource "google_compute_forwarding_rule" "psc_ilb_target_service" {
+  name   = "tf-test-producer-forwarding-rule%{random_suffix}"
+  region = "us-west2"
+
+  load_balancing_scheme = "INTERNAL"
+  backend_service       = google_compute_region_backend_service.producer_service_backend.id
+  all_ports             = true
+  network               = google_compute_network.psc_ilb_network.name
+  subnetwork            = google_compute_subnetwork.psc_ilb_producer_subnetwork.name
+}
+
+resource "google_compute_region_backend_service" "producer_service_backend" {
+  name   = "tf-test-producer-service%{random_suffix}"
+  region = "us-west2"
+
+  health_checks = [google_compute_health_check.producer_service_health_check.id]
+}
+
+resource "google_compute_health_check" "producer_service_health_check" {
+  name = "tf-test-producer-service-health-check%{random_suffix}"
+
+  check_interval_sec = 1
+  timeout_sec        = 1
+  tcp_health_check {
+    port = "80"
+  }
+}
+
+resource "google_compute_network" "psc_ilb_network" {
+  name = "tf-test-psc-ilb-network%{random_suffix}"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "psc_ilb_producer_subnetwork" {
+  name   = "tf-test-psc-ilb-producer-subnetwork%{random_suffix}"
+  region = "us-west2"
+
+  network       = google_compute_network.psc_ilb_network.id
+  ip_cidr_range = "10.0.0.0/16"
+}
+
+resource "google_compute_subnetwork" "psc_ilb_nat" {
+  name   = "tf-test-psc-ilb-nat%{random_suffix}"
+  region = "us-west2"
+
+  network       = google_compute_network.psc_ilb_network.id
+  purpose       =  "PRIVATE_SERVICE_CONNECT"
+  ip_cidr_range = "10.1.0.0/16"
+}
+`, context)
+}
+
 func TestAccComputeServiceAttachment_serviceAttachmentReconcileConnectionsExample(t *testing.T) {
 	t.Parallel()