Add PSC fields to Filestore instance in beta (#13883) (#10061)

modular-magician · web-flow · commit 7b7712e2bc88 · 2025-05-21T06:42:41.000-07:00
[upstream:d971f7b0ae94ecca883f31345c1a43d1c327407a]

Signed-off-by: Modular Magician &lt;magic-modules@google.com&gt;
diff --git a/.changelog/13883.txt b/.changelog/13883.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+filestore: added PSC fields to `google_filestore_instance` (beta)
+```
diff --git a/google-beta/services/filestore/resource_filestore_instance.go b/google-beta/services/filestore/resource_filestore_instance.go
@@ -128,6 +128,12 @@ The limit is 64 IP ranges/addresses for each FileShareConfig among all NfsExport
 											Type: schema.TypeString,
 										},
 									},
+									"network": {
+										Type:     schema.TypeString,
+										Optional: true,
+										Description: `The source VPC network for 'ip_ranges'.
+Required for instances using Private Service Connect, optional otherwise.`,
+									},
 									"squash_mode": {
 										Type:         schema.TypeString,
 										Optional:     true,
@@ -187,12 +193,32 @@ instance is connected.`,
 							Type:         schema.TypeString,
 							Optional:     true,
 							ForceNew:     true,
-							ValidateFunc: verify.ValidateEnum([]string{"DIRECT_PEERING", "PRIVATE_SERVICE_ACCESS", ""}),
+							ValidateFunc: verify.ValidateEnum([]string{"DIRECT_PEERING", "PRIVATE_SERVICE_ACCESS", "PRIVATE_SERVICE_CONNECT", ""}),
 							Description: `The network connect mode of the Filestore instance.
 If not provided, the connect mode defaults to
-DIRECT_PEERING. Default value: "DIRECT_PEERING" Possible values: ["DIRECT_PEERING", "PRIVATE_SERVICE_ACCESS"]`,
+DIRECT_PEERING. Default value: "DIRECT_PEERING" Possible values: ["DIRECT_PEERING", "PRIVATE_SERVICE_ACCESS", "PRIVATE_SERVICE_CONNECT"]`,
 							Default: "DIRECT_PEERING",
 						},
+						"psc_config": {
+							Type:     schema.TypeList,
+							Optional: true,
+							Description: `Private Service Connect configuration.
+Should only be set when connect_mode is PRIVATE_SERVICE_CONNECT.`,
+							MaxItems: 1,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"endpoint_project": {
+										Type:     schema.TypeString,
+										Optional: true,
+										ForceNew: true,
+										Description: `Consumer service project in which the Private Service Connect endpoint
+would be set up. This is optional, and only relevant in case the network
+is a shared VPC. If this is not specified, the endpoint would be set up
+in the VPC host project.`,
+									},
+								},
+							},
+						},
 						"reserved_ip_range": {
 							Type:     schema.TypeString,
 							Computed: true,
@@ -1074,6 +1100,7 @@ func flattenFilestoreInstanceFileSharesNfsExportOptions(v interface{}, d *schema
 			"squash_mode": flattenFilestoreInstanceFileSharesNfsExportOptionsSquashMode(original["squashMode"], d, config),
 			"anon_uid":    flattenFilestoreInstanceFileSharesNfsExportOptionsAnonUid(original["anonUid"], d, config),
 			"anon_gid":    flattenFilestoreInstanceFileSharesNfsExportOptionsAnonGid(original["anonGid"], d, config),
+			"network":     flattenFilestoreInstanceFileSharesNfsExportOptionsNetwork(original["network"], d, config),
 		})
 	}
 	return transformed
@@ -1124,6 +1151,10 @@ func flattenFilestoreInstanceFileSharesNfsExportOptionsAnonGid(v interface{}, d
 	return v // let terraform core handle it otherwise
 }
 
+func flattenFilestoreInstanceFileSharesNfsExportOptionsNetwork(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
 func flattenFilestoreInstanceNetworks(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
 	if v == nil {
 		return v
@@ -1142,6 +1173,7 @@ func flattenFilestoreInstanceNetworks(v interface{}, d *schema.ResourceData, con
 			"reserved_ip_range": flattenFilestoreInstanceNetworksReservedIpRange(original["reservedIpRange"], d, config),
 			"ip_addresses":      flattenFilestoreInstanceNetworksIpAddresses(original["ipAddresses"], d, config),
 			"connect_mode":      flattenFilestoreInstanceNetworksConnectMode(original["connectMode"], d, config),
+			"psc_config":        flattenFilestoreInstanceNetworksPscConfig(original["pscConfig"], d, config),
 		})
 	}
 	return transformed
@@ -1170,6 +1202,23 @@ func flattenFilestoreInstanceNetworksConnectMode(v interface{}, d *schema.Resour
 	return v
 }
 
+func flattenFilestoreInstanceNetworksPscConfig(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	if v == nil {
+		return nil
+	}
+	original := v.(map[string]interface{})
+	if len(original) == 0 {
+		return nil
+	}
+	transformed := make(map[string]interface{})
+	transformed["endpoint_project"] =
+		flattenFilestoreInstanceNetworksPscConfigEndpointProject(original["endpointProject"], d, config)
+	return []interface{}{transformed}
+}
+func flattenFilestoreInstanceNetworksPscConfigEndpointProject(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
 func flattenFilestoreInstanceEtag(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
 	return v
 }
@@ -1485,6 +1534,13 @@ func expandFilestoreInstanceFileSharesNfsExportOptions(v interface{}, d tpgresou
 			transformed["anonGid"] = transformedAnonGid
 		}
 
+		transformedNetwork, err := expandFilestoreInstanceFileSharesNfsExportOptionsNetwork(original["network"], d, config)
+		if err != nil {
+			return nil, err
+		} else if val := reflect.ValueOf(transformedNetwork); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+			transformed["network"] = transformedNetwork
+		}
+
 		req = append(req, transformed)
 	}
 	return req, nil
@@ -1510,6 +1566,10 @@ func expandFilestoreInstanceFileSharesNfsExportOptionsAnonGid(v interface{}, d t
 	return v, nil
 }
 
+func expandFilestoreInstanceFileSharesNfsExportOptionsNetwork(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandFilestoreInstanceNetworks(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	l := v.([]interface{})
 	req := make([]interface{}, 0, len(l))
@@ -1555,6 +1615,13 @@ func expandFilestoreInstanceNetworks(v interface{}, d tpgresource.TerraformResou
 			transformed["connectMode"] = transformedConnectMode
 		}
 
+		transformedPscConfig, err := expandFilestoreInstanceNetworksPscConfig(original["psc_config"], d, config)
+		if err != nil {
+			return nil, err
+		} else if val := reflect.ValueOf(transformedPscConfig); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+			transformed["pscConfig"] = transformedPscConfig
+		}
+
 		req = append(req, transformed)
 	}
 	return req, nil
@@ -1580,6 +1647,29 @@ func expandFilestoreInstanceNetworksConnectMode(v interface{}, d tpgresource.Ter
 	return v, nil
 }
 
+func expandFilestoreInstanceNetworksPscConfig(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	l := v.([]interface{})
+	if len(l) == 0 || l[0] == nil {
+		return nil, nil
+	}
+	raw := l[0]
+	original := raw.(map[string]interface{})
+	transformed := make(map[string]interface{})
+
+	transformedEndpointProject, err := expandFilestoreInstanceNetworksPscConfigEndpointProject(original["endpoint_project"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedEndpointProject); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["endpointProject"] = transformedEndpointProject
+	}
+
+	return transformed, nil
+}
+
+func expandFilestoreInstanceNetworksPscConfigEndpointProject(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandFilestoreInstanceKmsKeyName(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	return v, nil
 }
diff --git a/google-beta/services/filestore/resource_filestore_instance_generated_meta.yaml b/google-beta/services/filestore/resource_filestore_instance_generated_meta.yaml
@@ -28,6 +28,7 @@ fields:
   - field: 'file_shares.nfs_export_options.anon_gid'
   - field: 'file_shares.nfs_export_options.anon_uid'
   - field: 'file_shares.nfs_export_options.ip_ranges'
+  - field: 'file_shares.nfs_export_options.network'
   - field: 'file_shares.nfs_export_options.squash_mode'
   - field: 'file_shares.source_backup'
   - field: 'initial_replication.replicas.peer_instance'
@@ -44,6 +45,7 @@ fields:
   - field: 'networks.ip_addresses'
   - field: 'networks.modes'
   - field: 'networks.network'
+  - field: 'networks.psc_config.endpoint_project'
   - field: 'networks.reserved_ip_range'
   - field: 'performance_config.fixed_iops.max_iops'
   - field: 'performance_config.iops_per_tb.max_iops_per_tb'
diff --git a/google-beta/services/filestore/resource_filestore_instance_test.go b/google-beta/services/filestore/resource_filestore_instance_test.go
@@ -606,3 +606,161 @@ resource "google_filestore_instance" "instance" {
 }
 `, name, location, tier)
 }
+
+func TestAccFilestoreInstance_psc(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"name":     fmt.Sprintf("tf-test-%d", acctest.RandInt(t)),
+		"location": "us-central1",
+		"tier":     "REGIONAL",
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t),
+		CheckDestroy:             testAccCheckFilestoreInstanceDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccFilestoreInstance_psc(context),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("google_filestore_instance.instance", "networks.0.connect_mode", "PRIVATE_SERVICE_CONNECT"),
+				),
+			},
+			{
+				ResourceName:            "google_filestore_instance.instance",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"zone"},
+			},
+		},
+	})
+}
+
+func testAccFilestoreInstance_psc(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+data "google_client_config" "current" {
+  provider = google-beta
+}
+
+resource "google_compute_network" "psc_network" {
+  provider                = google-beta
+  name                    = "%{name}"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "psc_subnet" {
+  provider      = google-beta
+  name          = "%{name}"
+  ip_cidr_range = "10.2.0.0/16"
+  region        = "%{location}"
+  network       = google_compute_network.psc_network.id
+}
+
+resource "google_network_connectivity_service_connection_policy" "default" {
+  provider      = google-beta
+  name          = "%{name}"
+  location      = "%{location}"
+  service_class = "google-cloud-filestore"
+  network       = google_compute_network.psc_network.id
+  psc_config {
+    subnetworks = [google_compute_subnetwork.psc_subnet.id]
+  }
+}
+
+resource "google_filestore_instance" "instance" {
+  provider = google-beta
+  depends_on = [
+    google_network_connectivity_service_connection_policy.default
+  ]
+  name        = "%{name}"
+  location    = "%{location}"
+  tier        = "%{tier}"
+  description = "An instance created during testing."
+  protocol    = "NFS_V4_1"
+
+  file_shares {
+    capacity_gb = 1024
+    name        = "share"
+
+    nfs_export_options {
+      ip_ranges = ["70.0.0.1/24"]
+      network   = google_compute_network.psc_network.name
+    }
+  }
+
+  networks {
+    network      = google_compute_network.psc_network.name
+    modes        = ["MODE_IPV4"]
+    connect_mode = "PRIVATE_SERVICE_CONNECT"
+    psc_config {
+      endpoint_project = data.google_client_config.current.project
+    }
+  }
+}
+`, context)
+}
+
+func TestAccFilestoreInstance_nfsExportOptionsNetwork_update(t *testing.T) {
+	t.Parallel()
+
+	name := fmt.Sprintf("tf-test-%d", acctest.RandInt(t))
+	location := "us-central1-a"
+	tier := "ZONAL"
+
+	// Currently, we can only alternate between an empty network and the instance network of non-PSC instances.
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t),
+		CheckDestroy:             testAccCheckFilestoreInstanceDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccFilestoreInstance_nfsExportOptionsNetwork_update(name, location, tier, ""),
+				Check:  resource.TestCheckResourceAttr("google_filestore_instance.instance", "file_shares.0.nfs_export_options.0.network", ""),
+			},
+			{
+				ResourceName:            "google_filestore_instance.instance",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"zone"},
+			},
+			{
+				Config: testAccFilestoreInstance_nfsExportOptionsNetwork_update(name, location, tier, "default"),
+				Check:  resource.TestCheckResourceAttr("google_filestore_instance.instance", "file_shares.0.nfs_export_options.0.network", "default"),
+			},
+			{
+				ResourceName:            "google_filestore_instance.instance",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"zone"},
+			},
+		},
+	})
+}
+
+func testAccFilestoreInstance_nfsExportOptionsNetwork_update(name, location, tier, network string) string {
+	return fmt.Sprintf(`
+resource "google_filestore_instance" "instance" {
+  provider    = google-beta
+  name        = "%s"
+  zone        = "%s"
+  tier        = "%s"
+  description = "An instance created during testing."
+
+  file_shares {
+    capacity_gb = 1024
+    name        = "share"
+
+	nfs_export_options {
+      ip_ranges = ["70.0.0.1/24"]
+      network   = "%s"
+    }
+  }
+
+  networks {
+    network = "default"
+	modes   = ["MODE_IPV4"]
+  }
+}
+`, name, location, tier, network)
+}
diff --git a/website/docs/r/filestore_instance.html.markdown b/website/docs/r/filestore_instance.html.markdown
@@ -241,6 +241,11 @@ The following arguments are supported:
   Anon_gid may only be set with squashMode of ROOT_SQUASH. An error will be returned
   if this field is specified for other squashMode settings.
 
+* `network` -
+  (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
+  The source VPC network for `ip_ranges`.
+  Required for instances using Private Service Connect, optional otherwise.
+
 <a name="nested_networks"></a>The `networks` block supports:
 
 * `network` -
@@ -269,7 +274,23 @@ The following arguments are supported:
   If not provided, the connect mode defaults to
   DIRECT_PEERING.
   Default value is `DIRECT_PEERING`.
-  Possible values are: `DIRECT_PEERING`, `PRIVATE_SERVICE_ACCESS`.
+  Possible values are: `DIRECT_PEERING`, `PRIVATE_SERVICE_ACCESS`, `PRIVATE_SERVICE_CONNECT`.
+
+* `psc_config` -
+  (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
+  Private Service Connect configuration.
+  Should only be set when connect_mode is PRIVATE_SERVICE_CONNECT.
+  Structure is [documented below](#nested_networks_networks_psc_config).
+
+
+<a name="nested_networks_networks_psc_config"></a>The `psc_config` block supports:
+
+* `endpoint_project` -
+  (Optional)
+  Consumer service project in which the Private Service Connect endpoint
+  would be set up. This is optional, and only relevant in case the network
+  is a shared VPC. If this is not specified, the endpoint would be set up
+  in the VPC host project.
 
 - - -
 

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	+```release-note:enhancement
	`2`	+filestore: added PSC fields to `google_filestore_instance` (beta)
	`3`	+```