Fix issue due to Secure Web Proxy recreation due to not setting addresses field (#9771) (#6871)

* added default_from_api to addresses field

* added bug integration test

* fixed test name
[upstream:cb9e3ed179edc64b4b0021e4966680259914a29e]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/9771.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+networkservices: fixed a perma-diff on `addresses` in `google_network_services_gateway`
+```

google-beta/services/networkservices/resource_network_services_gateway.go

@@ -195,6 +195,7 @@ limited to 1 port. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 and support mu
 			},
 			"addresses": {
 				Type:     schema.TypeList,
+				Computed: true,
 				Optional: true,
 				ForceNew: true,
 				Description: `Zero or one IPv4-address on which the Gateway will receive the traffic. When no address is provided,

google-beta/services/networkservices/resource_network_services_gateway_test.go

@@ -65,11 +65,112 @@ resource "google_network_services_gateway" "foobar" {
   description = "update description"
   labels      = {
     foo = "bar"
-  } 
+  }
 }
 `, gatewayName)
 }
 
+func TestAccNetworkServicesGateway_networkServicesGatewaySecureWebProxyWithoutAddresses(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckNetworkServicesGatewayDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccNetworkServicesGateway_networkServicesGatewaySecureWebProxy(context, false),
+			},
+			{
+				ResourceName:            "google_network_services_gateway.default",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"name", "location", "delete_swg_autogen_router_on_destroy", "labels", "terraform_labels"},
+			},
+		},
+	})
+}
+
+func testAccNetworkServicesGateway_networkServicesGatewaySecureWebProxy(context map[string]interface{}, withAddresses bool) string {
+	config := ""
+	config += acctest.Nprintf(`
+resource "google_certificate_manager_certificate" "default" {
+  name        = "tf-test-my-certificate-%{random_suffix}"
+  location    = "us-central1"
+  self_managed {
+    pem_certificate = file("test-fixtures/cert.pem")
+    pem_private_key = file("test-fixtures/private-key.pem")
+  }
+}
+
+resource "google_compute_network" "default" {
+  name                    = "tf-test-my-network-%{random_suffix}"
+  routing_mode            = "REGIONAL"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "default" {
+  name          = "tf-test-my-subnetwork-name-%{random_suffix}"
+  purpose       = "PRIVATE"
+  ip_cidr_range = "10.128.0.0/20"
+  region        = "us-central1"
+  network       = google_compute_network.default.id
+  role          = "ACTIVE"
+}
+
+resource "google_compute_subnetwork" "proxyonlysubnet" {
+  name          = "tf-test-my-proxy-only-subnetwork-%{random_suffix}"
+  purpose       = "REGIONAL_MANAGED_PROXY"
+  ip_cidr_range = "192.168.0.0/23"
+  region        = "us-central1"
+  network       = google_compute_network.default.id
+  role          = "ACTIVE"
+}
+
+resource "google_network_security_gateway_security_policy" "default" {
+  name        = "tf-test-my-policy-name-%{random_suffix}"
+  location    = "us-central1"
+}
+
+resource "google_network_security_gateway_security_policy_rule" "default" {
+  name                    = "tf-test-my-policyrule-name-%{random_suffix}"
+  location                = "us-central1"
+  gateway_security_policy = google_network_security_gateway_security_policy.default.name
+  enabled                 = true
+  priority                = 1
+  session_matcher         = "host() == 'example.com'"
+  basic_profile           = "ALLOW"
+}
+
+resource "google_network_services_gateway" "default" {
+  name                                 = "tf-test-my-gateway-%{random_suffix}"
+  location                             = "us-central1"`, context)
+
+	if withAddresses {
+		config += `
+  addresses                            = ["10.128.0.99"]`
+	}
+
+	config += acctest.Nprintf(`
+  type                                 = "SECURE_WEB_GATEWAY"
+  ports                                = [443]
+  scope                                = "tf-test-my-default-scope-%{random_suffix}"
+  certificate_urls                     = [google_certificate_manager_certificate.default.id]
+  gateway_security_policy              = google_network_security_gateway_security_policy.default.id
+  network                              = google_compute_network.default.id
+  subnetwork                           = google_compute_subnetwork.default.id
+  delete_swg_autogen_router_on_destroy = true
+  depends_on                           = [google_compute_subnetwork.proxyonlysubnet]
+  }
+`, context)
+
+	return config
+}
+
 // TODO(#14600): Enable the test once the api allows to update the fields for secure web gateway type.
 //func TestAccNetworkServicesGateway_updateSwp(t *testing.T) {
 //cmName := fmt.Sprintf("tf-test-gateway-swp-cm-%s", acctest.RandString(t, 10))
@@ -361,12 +462,12 @@ resource "google_network_security_gateway_security_policy_rule" "default" {
   name                    = "%s"
   location                = "us-west1"
   gateway_security_policy = google_network_security_gateway_security_policy.default.name
-  enabled                 = true  
+  enabled                 = true
   priority                = 1
   session_matcher         = "host() == 'example.com'"
   basic_profile           = "ALLOW"
 }
-	  
+
 resource "google_network_services_gateway" "gateway1" {
   name                                 = "%s"
   location                             = "us-west1"
@@ -455,12 +556,12 @@ resource "google_network_security_gateway_security_policy_rule" "default" {
   name                    = "%s"
   location                = "us-west1"
   gateway_security_policy = google_network_security_gateway_security_policy.default.name
-  enabled                 = true  
+  enabled                 = true
   priority                = 1
   session_matcher         = "host() == 'example.com'"
   basic_profile           = "ALLOW"
 }
-	  
+
 resource "google_network_services_gateway" "gateway1" {
   name                                 = "%s"
   location                             = "us-west1"
@@ -577,12 +678,12 @@ resource "google_network_security_gateway_security_policy_rule" "default" {
   name                    = "%s"
   location                = "us-west2"
   gateway_security_policy = google_network_security_gateway_security_policy.default.name
-  enabled                 = true  
+  enabled                 = true
   priority                = 1
   session_matcher         = "host() == 'example.com'"
   basic_profile           = "ALLOW"
 }
-	  
+
 resource "google_network_services_gateway" "gateway1" {
   name                                 = "%s"
   location                             = "us-west2"
@@ -686,12 +787,12 @@ resource "google_network_security_gateway_security_policy_rule" "default" {
   name                    = "%s"
   location                = "us-west2"
   gateway_security_policy = google_network_security_gateway_security_policy.default.name
-  enabled                 = true  
+  enabled                 = true
   priority                = 1
   session_matcher         = "host() == 'example.com'"
   basic_profile           = "ALLOW"
 }
-	  
+
 resource "google_network_services_gateway" "gateway1" {
   name                                 = "%s"
   location                             = "us-west2"