Adding ipv6 support for bgp router peer, router interface and router (#10375) (#7207)

[upstream:4838a3707d954dd1f8187968266ef7e4623d3416]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/10375.txt

@@ -0,0 +1,9 @@
+```release-note:enhancement 
+compute: added `identifier_range` field to `google_compute_router` resource (beta)
+```
+```release-note:enhancement 
+compute: added `ip_version` field to `google_compute_router_interface` resource (beta)
+```
+```release-note:enhancement 
+compute: added `enable_ipv4`, `ipv4_nexthop_address` and `peer_ipv4_nexthop_address` fields to `google_compute_router_peer` resource (beta)
+```

google-beta/services/compute/resource_compute_router.go

@@ -153,6 +153,16 @@ CIDR-formatted string.`,
 								},
 							},
 						},
+						"identifier_range": {
+							Type:     schema.TypeString,
+							Computed: true,
+							Optional: true,
+							Description: `Explicitly specifies a range of valid BGP Identifiers for this Router.
+It is provided as a link-local IPv4 range (from 169.254.0.0/16), of
+size at least /30, even if the BGP sessions are over IPv6. It must
+not overlap with any IPv4 BGP session ranges. Other vendors commonly
+call this router ID.`,
+						},
 						"keepalive_interval": {
 							Type:     schema.TypeInt,
 							Optional: true,
@@ -579,6 +589,8 @@ func flattenComputeRouterBgp(v interface{}, d *schema.ResourceData, config *tran
 		flattenComputeRouterBgpAdvertisedIpRanges(original["advertisedIpRanges"], d, config)
 	transformed["keepalive_interval"] =
 		flattenComputeRouterBgpKeepaliveInterval(original["keepaliveInterval"], d, config)
+	transformed["identifier_range"] =
+		flattenComputeRouterBgpIdentifierRange(original["identifierRange"], d, config)
 	return []interface{}{transformed}
 }
 func flattenComputeRouterBgpAsn(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
@@ -650,6 +662,10 @@ func flattenComputeRouterBgpKeepaliveInterval(v interface{}, d *schema.ResourceD
 	return v // let terraform core handle it otherwise
 }
 
+func flattenComputeRouterBgpIdentifierRange(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
 func flattenComputeRouterEncryptedInterconnectRouter(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
 	return v
 }
@@ -721,6 +737,13 @@ func expandComputeRouterBgp(v interface{}, d tpgresource.TerraformResourceData,
 		transformed["keepaliveInterval"] = transformedKeepaliveInterval
 	}
 
+	transformedIdentifierRange, err := expandComputeRouterBgpIdentifierRange(original["identifier_range"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedIdentifierRange); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["identifierRange"] = transformedIdentifierRange
+	}
+
 	return transformed, nil
 }
 
@@ -777,6 +800,10 @@ func expandComputeRouterBgpKeepaliveInterval(v interface{}, d tpgresource.Terraf
 	return v, nil
 }
 
+func expandComputeRouterBgpIdentifierRange(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandComputeRouterEncryptedInterconnectRouter(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	return v, nil
 }

google-beta/services/compute/resource_compute_router_bgp_peer_test.go

@@ -208,6 +208,48 @@ func TestAccComputeRouterPeer_Ipv6Basic(t *testing.T) {
 	})
 }
 
+func TestAccComputeRouterPeer_Ipv4BasicCreateUpdate(t *testing.T) {
+	t.Parallel()
+
+	routerName := fmt.Sprintf("tf-test-router-%s", acctest.RandString(t, 10))
+	resourceName := "google_compute_router_peer.foobar"
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t),
+		CheckDestroy:             testAccCheckComputeRouterPeerDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccComputeRouterPeerIpv4(routerName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckComputeRouterPeerExists(
+						t, resourceName),
+					resource.TestCheckResourceAttr(resourceName, "enable_ipv4", "true"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccComputeRouterPeerUpdateIpv4Address(routerName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckComputeRouterPeerExists(
+						t, resourceName),
+					resource.TestCheckResourceAttr(resourceName, "enable_ipv4", "true"),
+					resource.TestCheckResourceAttr(resourceName, "ipv4_nexthop_address", "169.254.1.2"),
+					resource.TestCheckResourceAttr(resourceName, "peer_ipv4_nexthop_address", "169.254.1.1"),
+				),
+			},
+			{
+				ResourceName:      resourceName,
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
 func TestAccComputeRouterPeer_UpdateIpv6Address(t *testing.T) {
 	t.Parallel()
 
@@ -1421,8 +1463,8 @@ resource "google_compute_router_peer" "foobar" {
   peer_asn                  = 65515
   advertised_route_priority = 100
   interface                 = google_compute_router_interface.foobar.name
-
   enable_ipv6               = %v
+
 }
 `, routerName, routerName, routerName, routerName, routerName, routerName, routerName, routerName, enableIpv6)
 }
@@ -1497,10 +1539,181 @@ resource "google_compute_router_peer" "foobar" {
   peer_asn                  = 65515
   advertised_route_priority = 100
   interface                 = google_compute_router_interface.foobar.name
-
   enable_ipv6               = %v
   ipv6_nexthop_address      = "2600:2d00:0000:0002:0000:0000:0000:0001"
   peer_ipv6_nexthop_address = "2600:2d00:0:2::2"
 }
 `, routerName, routerName, routerName, routerName, routerName, routerName, routerName, routerName, enableIpv6)
 }
+
+func testAccComputeRouterPeerIpv4(routerName string) string {
+	return fmt.Sprintf(`resource "google_compute_network" "foobar" {
+    provider = google-beta
+    name = "%s-net"
+    auto_create_subnetworks = false
+  }
+  
+  resource "google_compute_subnetwork" "foobar" {
+    provider = google-beta
+    name          = "%s-subnet"
+    network       = google_compute_network.foobar.self_link
+    ip_cidr_range = "10.0.0.0/16"
+    region        = "us-central1"
+    stack_type = "IPV4_IPV6"
+    ipv6_access_type = "EXTERNAL" 
+  }
+  
+  resource "google_compute_ha_vpn_gateway" "foobar" {
+    provider = google-beta
+    name    = "%s-gateway"
+    network = google_compute_network.foobar.self_link
+    region  = google_compute_subnetwork.foobar.region
+    stack_type = "IPV4_IPV6"
+  }
+  
+  resource "google_compute_external_vpn_gateway" "external_gateway" {
+    provider = google-beta
+    name            = "%s-external-gateway"
+    redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT"
+    description     = "An externally managed VPN gateway"
+    interface {
+      id         = 0
+      ip_address = "8.8.8.8"
+    }
+  }
+  
+  resource "google_compute_router" "foobar" {
+    provider = google-beta
+    name    = "%s"
+    region  = google_compute_subnetwork.foobar.region
+    network = google_compute_network.foobar.self_link
+    bgp {
+      asn = 64514
+    }
+  }
+  
+  resource "google_compute_vpn_tunnel" "foobar" {
+    provider = google-beta
+    name               = "%s-tunnel"
+    region             = google_compute_subnetwork.foobar.region
+    vpn_gateway = google_compute_ha_vpn_gateway.foobar.id
+    peer_external_gateway           = google_compute_external_vpn_gateway.external_gateway.id
+    peer_external_gateway_interface = 0  
+    shared_secret      = "unguessable"
+    router             = google_compute_router.foobar.name
+    vpn_gateway_interface           = 0
+  }
+  
+  resource "google_compute_router_interface" "foobar" {
+    provider = google-beta
+    name       = "%s-interface"
+    router     = google_compute_router.foobar.name
+    region     = google_compute_router.foobar.region
+    vpn_tunnel = google_compute_vpn_tunnel.foobar.name
+    ip_range   = "fdff:1::1:1/126"
+  }
+  
+  resource "google_compute_router_peer" "foobar" {
+    provider = google-beta
+    name                      = "%s-peer"
+    router                    = google_compute_router.foobar.name
+    region                    = google_compute_router.foobar.region
+    peer_asn                  = 65515
+    advertised_route_priority = 100
+    interface                 = google_compute_router_interface.foobar.name
+    ip_address                = "fdff:1::1:1"
+    peer_ip_address           = "fdff:1::1:2"
+
+    enable_ipv4               = true
+    enable_ipv6               = true
+    ipv4_nexthop_address      = "169.254.1.1"
+    peer_ipv4_nexthop_address = "169.254.1.2"
+  }
+  `, routerName, routerName, routerName, routerName, routerName, routerName, routerName, routerName)
+}
+
+func testAccComputeRouterPeerUpdateIpv4Address(routerName string) string {
+	return fmt.Sprintf(`resource "google_compute_network" "foobar" {
+    provider = google-beta
+    name = "%s-net"
+    auto_create_subnetworks = false
+  }
+  
+  resource "google_compute_subnetwork" "foobar" {
+    provider = google-beta
+    name          = "%s-subnet"
+    network       = google_compute_network.foobar.self_link
+    ip_cidr_range = "10.0.0.0/16"
+    region        = "us-central1"
+    stack_type = "IPV4_IPV6"
+    ipv6_access_type = "EXTERNAL" 
+  }
+  
+  resource "google_compute_ha_vpn_gateway" "foobar" {
+    provider = google-beta
+    name    = "%s-gateway"
+    network = google_compute_network.foobar.self_link
+    region  = google_compute_subnetwork.foobar.region
+    stack_type = "IPV4_IPV6"
+  }
+  
+  resource "google_compute_external_vpn_gateway" "external_gateway" {
+    provider = google-beta
+    name            = "%s-external-gateway"
+    redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT"
+    description     = "An externally managed VPN gateway"
+    interface {
+      id         = 0
+      ip_address = "8.8.8.8"
+    }
+  }
+  
+  resource "google_compute_router" "foobar" {
+    provider = google-beta
+    name    = "%s"
+    region  = google_compute_subnetwork.foobar.region
+    network = google_compute_network.foobar.self_link
+    bgp {
+      asn = 64514
+    }
+  }
+  
+  resource "google_compute_vpn_tunnel" "foobar" {
+    provider = google-beta
+    name               = "%s-tunnel"
+    region             = google_compute_subnetwork.foobar.region
+    vpn_gateway = google_compute_ha_vpn_gateway.foobar.id
+    peer_external_gateway           = google_compute_external_vpn_gateway.external_gateway.id
+    peer_external_gateway_interface = 0  
+    shared_secret      = "unguessable"
+    router             = google_compute_router.foobar.name
+    vpn_gateway_interface           = 0
+  }
+  
+  resource "google_compute_router_interface" "foobar" {
+    provider = google-beta
+    name       = "%s-interface"
+    router     = google_compute_router.foobar.name
+    region     = google_compute_router.foobar.region
+    vpn_tunnel = google_compute_vpn_tunnel.foobar.name
+    ip_range   = "fdff:1::1:1/126"
+  }
+  
+  resource "google_compute_router_peer" "foobar" {
+    provider = google-beta
+    name                      = "%s-peer"
+    router                    = google_compute_router.foobar.name
+    region                    = google_compute_router.foobar.region
+    peer_asn                  = 65515
+    advertised_route_priority = 100
+    interface                 = google_compute_router_interface.foobar.name
+    ip_address                = "fdff:1::1:1"
+    peer_ip_address           = "fdff:1::1:2"
+
+    enable_ipv4               = true
+    enable_ipv6               = true
+    ipv4_nexthop_address      = "169.254.1.2"
+    peer_ipv4_nexthop_address = "169.254.1.1"
+  }
+  `, routerName, routerName, routerName, routerName, routerName, routerName, routerName, routerName)
+}

google-beta/services/compute/resource_compute_router_interface.go

@@ -14,6 +14,7 @@ import (
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/hashicorp/terraform-provider-google-beta/google-beta/verify"
 	"google.golang.org/api/googleapi"
 
 	compute "google.golang.org/api/compute/v0.beta"
@@ -77,6 +78,14 @@ func ResourceComputeRouterInterface() *schema.Resource {
 				AtLeastOneOf: []string{"ip_range", "interconnect_attachment", "subnetwork", "vpn_tunnel"},
 				Description:  `The IP address and range of the interface. The IP range must be in the RFC3927 link-local IP space. Changing this forces a new interface to be created.`,
 			},
+			"ip_version": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				ForceNew:     true,
+				Computed:     true,
+				ValidateFunc: verify.ValidateEnum([]string{"IPV4", "IPV6"}),
+				Description:  `IP version of this interface.`,
+			},
 			"private_ip_address": {
 				Type:        schema.TypeString,
 				Optional:    true,
@@ -175,6 +184,10 @@ func resourceComputeRouterInterfaceCreate(d *schema.ResourceData, meta interface
 		iface.IpRange = ipRangeVal.(string)
 	}
 
+	if ipVersionVal, ok := d.GetOk("ip_version"); ok {
+		iface.IpVersion = ipVersionVal.(string)
+	}
+
 	if privateIpVal, ok := d.GetOk("private_ip_address"); ok {
 		iface.PrivateIpAddress = privateIpVal.(string)
 	}
@@ -266,6 +279,9 @@ func resourceComputeRouterInterfaceRead(d *schema.ResourceData, meta interface{}
 			if err := d.Set("ip_range", iface.IpRange); err != nil {
 				return fmt.Errorf("Error setting ip_range: %s", err)
 			}
+			if err := d.Set("ip_version", iface.IpVersion); err != nil {
+				return fmt.Errorf("Error setting ip_version: %s", err)
+			}
 			if err := d.Set("private_ip_address", iface.PrivateIpAddress); err != nil {
 				return fmt.Errorf("Error setting private_ip_address: %s", err)
 			}