feat: add support for direct vpc in Cloud Functions v2 beta provider (#15539) (#10971)

[upstream:4debc82de75ec8d994dee3c3de7ecef98280f488]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/15539.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+cloudfunctions2: added `directVpcNetworkInterface` and `directVpcEgress` field to `google_cloudfunctions2_function` resource
+```

google-beta/services/cloudfunctions2/resource_cloudfunctions2_function.go

@@ -372,6 +372,40 @@ supplied the value is interpreted as bytes.`,
 							Optional:    true,
 							Description: `The binary authorization policy to be checked when deploying the Cloud Run service.`,
 						},
+						"direct_vpc_egress": {
+							Type:         schema.TypeString,
+							Computed:     true,
+							Optional:     true,
+							ValidateFunc: verify.ValidateEnum([]string{"VPC_EGRESS_ALL_TRAFFIC", "VPC_EGRESS_PRIVATE_RANGES_ONLY", ""}),
+							Description:  `Egress settings for direct VPC. If not provided, it defaults to VPC_EGRESS_PRIVATE_RANGES_ONLY. Possible values: ["VPC_EGRESS_ALL_TRAFFIC", "VPC_EGRESS_PRIVATE_RANGES_ONLY"]`,
+						},
+						"direct_vpc_network_interface": {
+							Type:        schema.TypeList,
+							Optional:    true,
+							Description: `The Direct VPC network interface for the Cloud Function. Currently only a single Direct VPC is supported.`,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"network": {
+										Type:        schema.TypeString,
+										Optional:    true,
+										Description: `The name of the VPC network to which the function will be connected. Specify either a VPC network or a subnet, or both. If you specify only a network, the subnet uses the same name as the network.`,
+									},
+									"subnetwork": {
+										Type:        schema.TypeString,
+										Optional:    true,
+										Description: `The name of the VPC subnetwork that the Cloud Function resource will get IPs from. Specify either a VPC network or a subnet, or both. If both network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the subnetwork with the same name with the network will be used.`,
+									},
+									"tags": {
+										Type:        schema.TypeList,
+										Optional:    true,
+										Description: `Network tags applied to this Cloud Function resource.`,
+										Elem: &schema.Schema{
+											Type: schema.TypeString,
+										},
+									},
+								},
+							},
+						},
 						"environment_variables": {
 							Type:             schema.TypeMap,
 							Computed:         true,
@@ -1280,6 +1314,10 @@ func flattenCloudfunctions2functionServiceConfig(v interface{}, d *schema.Resour
 		flattenCloudfunctions2functionServiceConfigVpcConnector(original["vpcConnector"], d, config)
 	transformed["vpc_connector_egress_settings"] =
 		flattenCloudfunctions2functionServiceConfigVpcConnectorEgressSettings(original["vpcConnectorEgressSettings"], d, config)
+	transformed["direct_vpc_network_interface"] =
+		flattenCloudfunctions2functionServiceConfigDirectVpcNetworkInterface(original["directVpcNetworkInterface"], d, config)
+	transformed["direct_vpc_egress"] =
+		flattenCloudfunctions2functionServiceConfigDirectVpcEgress(original["directVpcEgress"], d, config)
 	transformed["ingress_settings"] =
 		flattenCloudfunctions2functionServiceConfigIngressSettings(original["ingressSettings"], d, config)
 	transformed["uri"] =
@@ -1390,6 +1428,42 @@ func flattenCloudfunctions2functionServiceConfigVpcConnectorEgressSettings(v int
 	return v
 }
 
+func flattenCloudfunctions2functionServiceConfigDirectVpcNetworkInterface(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	if v == nil {
+		return v
+	}
+	l := v.([]interface{})
+	transformed := make([]interface{}, 0, len(l))
+	for _, raw := range l {
+		original := raw.(map[string]interface{})
+		if len(original) < 1 {
+			// Do not include empty json objects coming back from the api
+			continue
+		}
+		transformed = append(transformed, map[string]interface{}{
+			"network":    flattenCloudfunctions2functionServiceConfigDirectVpcNetworkInterfaceNetwork(original["network"], d, config),
+			"subnetwork": flattenCloudfunctions2functionServiceConfigDirectVpcNetworkInterfaceSubnetwork(original["subnetwork"], d, config),
+			"tags":       flattenCloudfunctions2functionServiceConfigDirectVpcNetworkInterfaceTags(original["tags"], d, config),
+		})
+	}
+	return transformed
+}
+func flattenCloudfunctions2functionServiceConfigDirectVpcNetworkInterfaceNetwork(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
+func flattenCloudfunctions2functionServiceConfigDirectVpcNetworkInterfaceSubnetwork(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
+func flattenCloudfunctions2functionServiceConfigDirectVpcNetworkInterfaceTags(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
+func flattenCloudfunctions2functionServiceConfigDirectVpcEgress(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
 func flattenCloudfunctions2functionServiceConfigIngressSettings(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
 	return v
 }
@@ -2062,6 +2136,20 @@ func expandCloudfunctions2functionServiceConfig(v interface{}, d tpgresource.Ter
 		transformed["vpcConnectorEgressSettings"] = transformedVpcConnectorEgressSettings
 	}
 
+	transformedDirectVpcNetworkInterface, err := expandCloudfunctions2functionServiceConfigDirectVpcNetworkInterface(original["direct_vpc_network_interface"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedDirectVpcNetworkInterface); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["directVpcNetworkInterface"] = transformedDirectVpcNetworkInterface
+	}
+
+	transformedDirectVpcEgress, err := expandCloudfunctions2functionServiceConfigDirectVpcEgress(original["direct_vpc_egress"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedDirectVpcEgress); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["directVpcEgress"] = transformedDirectVpcEgress
+	}
+
 	transformedIngressSettings, err := expandCloudfunctions2functionServiceConfigIngressSettings(original["ingress_settings"], d, config)
 	if err != nil {
 		return nil, err
@@ -2168,6 +2256,61 @@ func expandCloudfunctions2functionServiceConfigVpcConnectorEgressSettings(v inte
 	return v, nil
 }
 
+func expandCloudfunctions2functionServiceConfigDirectVpcNetworkInterface(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	if v == nil {
+		return nil, nil
+	}
+	l := v.([]interface{})
+	req := make([]interface{}, 0, len(l))
+	for _, raw := range l {
+		if raw == nil {
+			continue
+		}
+		original := raw.(map[string]interface{})
+		transformed := make(map[string]interface{})
+
+		transformedNetwork, err := expandCloudfunctions2functionServiceConfigDirectVpcNetworkInterfaceNetwork(original["network"], d, config)
+		if err != nil {
+			return nil, err
+		} else if val := reflect.ValueOf(transformedNetwork); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+			transformed["network"] = transformedNetwork
+		}
+
+		transformedSubnetwork, err := expandCloudfunctions2functionServiceConfigDirectVpcNetworkInterfaceSubnetwork(original["subnetwork"], d, config)
+		if err != nil {
+			return nil, err
+		} else if val := reflect.ValueOf(transformedSubnetwork); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+			transformed["subnetwork"] = transformedSubnetwork
+		}
+
+		transformedTags, err := expandCloudfunctions2functionServiceConfigDirectVpcNetworkInterfaceTags(original["tags"], d, config)
+		if err != nil {
+			return nil, err
+		} else if val := reflect.ValueOf(transformedTags); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+			transformed["tags"] = transformedTags
+		}
+
+		req = append(req, transformed)
+	}
+	return req, nil
+}
+
+func expandCloudfunctions2functionServiceConfigDirectVpcNetworkInterfaceNetwork(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
+func expandCloudfunctions2functionServiceConfigDirectVpcNetworkInterfaceSubnetwork(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
+func expandCloudfunctions2functionServiceConfigDirectVpcNetworkInterfaceTags(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
+func expandCloudfunctions2functionServiceConfigDirectVpcEgress(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandCloudfunctions2functionServiceConfigIngressSettings(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	return v, nil
 }

google-beta/services/cloudfunctions2/resource_cloudfunctions2_function_generated_meta.yaml

@@ -46,6 +46,10 @@ fields:
   - api_field: 'serviceConfig.availableCpu'
   - api_field: 'serviceConfig.availableMemory'
   - api_field: 'serviceConfig.binaryAuthorizationPolicy'
+  - api_field: 'serviceConfig.directVpcEgress'
+  - api_field: 'serviceConfig.directVpcNetworkInterface.network'
+  - api_field: 'serviceConfig.directVpcNetworkInterface.subnetwork'
+  - api_field: 'serviceConfig.directVpcNetworkInterface.tags'
   - api_field: 'serviceConfig.environmentVariables'
   - api_field: 'serviceConfig.gcfUri'
   - api_field: 'serviceConfig.ingressSettings'

google-beta/services/cloudfunctions2/resource_cloudfunctions2_function_generated_test.go

@@ -1284,6 +1284,86 @@ resource "google_cloudfunctions2_function" "function" {
 `, context)
 }
 
+func TestAccCloudfunctions2function_cloudfunctions2DirectvpcExample(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"project":       envvar.GetTestProjectFromEnv(),
+		"location":      "us-central1",
+		"zip_path":      "./test-fixtures/function-source.zip",
+		"random_suffix": acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t),
+		CheckDestroy:             testAccCheckCloudfunctions2functionDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccCloudfunctions2function_cloudfunctions2DirectvpcExample(context),
+			},
+			{
+				ResourceName:            "google_cloudfunctions2_function.function",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"build_config.0.source.0.storage_source.0.bucket", "build_config.0.source.0.storage_source.0.object", "labels", "location", "terraform_labels"},
+			},
+		},
+	})
+}
+
+func testAccCloudfunctions2function_cloudfunctions2DirectvpcExample(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+locals {
+  project = "%{project}" # Google Cloud Platform Project ID
+}
+
+resource "google_storage_bucket" "bucket" {
+  provider = google-beta
+  name     = "${local.project}-tf-test-gcf-source%{random_suffix}"  # Every bucket name must be globally unique
+  location = "US"
+  uniform_bucket_level_access = true
+}
+
+resource "google_storage_bucket_object" "object" {
+  provider = google-beta
+  name   = "function-source.zip"
+  bucket = google_storage_bucket.bucket.name
+  source = "%{zip_path}"  # Add path to the zipped function source code
+}
+
+resource "google_cloudfunctions2_function" "function" {
+  provider = google-beta
+  name = "tf-test-function-v2%{random_suffix}"
+  location = "us-central1"
+  description = "a new function"
+
+  build_config {
+    runtime = "nodejs20"
+    entry_point = "helloHttp"  # Set the entry point
+    source {
+    storage_source {
+        bucket = google_storage_bucket.bucket.name
+        object = google_storage_bucket_object.object.name
+      }
+    }
+  }
+
+  service_config {
+    max_instance_count  = 1
+    available_memory    = "256M"
+    timeout_seconds     = 60
+    direct_vpc_network_interface {
+      network = "default"
+      subnetwork = "default"
+      tags = ["tag1", "tag2"]
+    }
+    direct_vpc_egress = "VPC_EGRESS_ALL_TRAFFIC"
+  }
+}
+`, context)
+}
+
 func testAccCheckCloudfunctions2functionDestroyProducer(t *testing.T) func(s *terraform.State) error {
 	return func(s *terraform.State) error {
 		for name, rs := range s.RootModule().Resources {