Add support to create NCC Gateway Spoke (#15198) (#10894)

[upstream:f64ff0d77642f1509b148b4cdce5cb9e97cad993]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/15198.txt

@@ -0,0 +1,11 @@
+```release-note:enhancement
+networkconnectivity: added `gateway` field to `google_network_connectivity_spoke` resource (beta)
+```
+
+```release-note:enhancement
+networkconnectivity: added `HYBRID_INSPECTION` enum value to `preset_topology` field in `google_network_connectivity_hub` resource (ga)
+```
+
+```release-note:enhancement
+compute: added `ncc_gateway` field to `google_compute_router` resource (beta)
+```

google-beta/fwmodels/provider_model.go

@@ -160,6 +160,7 @@ type ProviderModel struct {
 	MonitoringCustomEndpoint               types.String `tfsdk:"monitoring_custom_endpoint"`
 	NetappCustomEndpoint                   types.String `tfsdk:"netapp_custom_endpoint"`
 	NetworkConnectivityCustomEndpoint      types.String `tfsdk:"network_connectivity_custom_endpoint"`
+	NetworkConnectivityv1CustomEndpoint    types.String `tfsdk:"network_connectivityv1_custom_endpoint"`
 	NetworkManagementCustomEndpoint        types.String `tfsdk:"network_management_custom_endpoint"`
 	NetworkSecurityCustomEndpoint          types.String `tfsdk:"network_security_custom_endpoint"`
 	NetworkServicesCustomEndpoint          types.String `tfsdk:"network_services_custom_endpoint"`

google-beta/fwprovider/framework_provider.go

@@ -826,6 +826,12 @@ func (p *FrameworkProvider) Schema(_ context.Context, _ provider.SchemaRequest,
 					transport_tpg.CustomEndpointValidator(),
 				},
 			},
+			"network_connectivityv1_custom_endpoint": &schema.StringAttribute{
+				Optional: true,
+				Validators: []validator.String{
+					transport_tpg.CustomEndpointValidator(),
+				},
+			},
 			"network_management_custom_endpoint": &schema.StringAttribute{
 				Optional: true,
 				Validators: []validator.String{

google-beta/provider/provider.go

@@ -728,6 +728,11 @@ func Provider() *schema.Provider {
 				Optional:     true,
 				ValidateFunc: transport_tpg.ValidateCustomEndpoint,
 			},
+			"network_connectivityv1_custom_endpoint": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				ValidateFunc: transport_tpg.ValidateCustomEndpoint,
+			},
 			"network_management_custom_endpoint": {
 				Type:         schema.TypeString,
 				Optional:     true,
@@ -1299,6 +1304,7 @@ func ProviderConfigure(ctx context.Context, d *schema.ResourceData, p *schema.Pr
 	config.MonitoringBasePath = d.Get("monitoring_custom_endpoint").(string)
 	config.NetappBasePath = d.Get("netapp_custom_endpoint").(string)
 	config.NetworkConnectivityBasePath = d.Get("network_connectivity_custom_endpoint").(string)
+	config.NetworkConnectivityv1BasePath = d.Get("network_connectivityv1_custom_endpoint").(string)
 	config.NetworkManagementBasePath = d.Get("network_management_custom_endpoint").(string)
 	config.NetworkSecurityBasePath = d.Get("network_security_custom_endpoint").(string)
 	config.NetworkServicesBasePath = d.Get("network_services_custom_endpoint").(string)

google-beta/provider/provider_mmv1_resources.go

@@ -126,6 +126,7 @@ import (
 	"github.com/hashicorp/terraform-provider-google-beta/google-beta/services/monitoring"
 	"github.com/hashicorp/terraform-provider-google-beta/google-beta/services/netapp"
 	"github.com/hashicorp/terraform-provider-google-beta/google-beta/services/networkconnectivity"
+	"github.com/hashicorp/terraform-provider-google-beta/google-beta/services/networkconnectivityv1"
 	"github.com/hashicorp/terraform-provider-google-beta/google-beta/services/networkmanagement"
 	"github.com/hashicorp/terraform-provider-google-beta/google-beta/services/networksecurity"
 	"github.com/hashicorp/terraform-provider-google-beta/google-beta/services/networkservices"
@@ -1405,11 +1406,11 @@ var generatedResources = map[string]*schema.Resource{
 	"google_netapp_kmsconfig":                                                    netapp.ResourceNetappkmsconfig(),
 	"google_network_connectivity_group":                                          networkconnectivity.ResourceNetworkConnectivityGroup(),
 	"google_network_connectivity_hub":                                            networkconnectivity.ResourceNetworkConnectivityHub(),
-	"google_network_connectivity_internal_range":                                 networkconnectivity.ResourceNetworkConnectivityInternalRange(),
 	"google_network_connectivity_policy_based_route":                             networkconnectivity.ResourceNetworkConnectivityPolicyBasedRoute(),
 	"google_network_connectivity_regional_endpoint":                              networkconnectivity.ResourceNetworkConnectivityRegionalEndpoint(),
-	"google_network_connectivity_service_connection_policy":                      networkconnectivity.ResourceNetworkConnectivityServiceConnectionPolicy(),
 	"google_network_connectivity_spoke":                                          networkconnectivity.ResourceNetworkConnectivitySpoke(),
+	"google_network_connectivity_internal_range":                                 networkconnectivityv1.ResourceNetworkConnectivityv1InternalRange(),
+	"google_network_connectivity_service_connection_policy":                      networkconnectivityv1.ResourceNetworkConnectivityv1ServiceConnectionPolicy(),
 	"google_network_management_connectivity_test":                                networkmanagement.ResourceNetworkManagementConnectivityTest(),
 	"google_network_management_organization_vpc_flow_logs_config":                networkmanagement.ResourceNetworkManagementOrganizationVpcFlowLogsConfig(),
 	"google_network_management_vpc_flow_logs_config":                             networkmanagement.ResourceNetworkManagementVpcFlowLogsConfig(),
@@ -1973,6 +1974,7 @@ func UseGeneratedProducts() {
 	var _ = monitoring.ProductName
 	var _ = netapp.ProductName
 	var _ = networkconnectivity.ProductName
+	var _ = networkconnectivityv1.ProductName
 	var _ = networkmanagement.ProductName
 	var _ = networksecurity.ProductName
 	var _ = networkservices.ProductName

google-beta/services/compute/resource_compute_router.go

@@ -25,6 +25,7 @@ import (
 	"log"
 	"net/http"
 	"reflect"
+	"strings"
 	"time"
 
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/customdiff"
@@ -88,13 +89,6 @@ which means the first character must be a lowercase letter, and all
 following characters must be a dash, lowercase letter, or digit,
 except the last character, which cannot be a dash.`,
 			},
-			"network": {
-				Type:             schema.TypeString,
-				Required:         true,
-				ForceNew:         true,
-				DiffSuppressFunc: tpgresource.CompareSelfLinkOrResourceName,
-				Description:      `A reference to the network to which this router belongs.`,
-			},
 			"bgp": {
 				Type:        schema.TypeList,
 				Optional:    true,
@@ -204,6 +198,22 @@ Must be referenced by exactly one bgpPeer. Must comply with RFC1035.`,
 					},
 				},
 			},
+			"ncc_gateway": {
+				Type:             schema.TypeString,
+				Optional:         true,
+				ForceNew:         true,
+				DiffSuppressFunc: tpgresource.CompareSelfLinkOrResourceName,
+				Description:      `A URI of an NCC Gateway spoke`,
+				ConflictsWith:    []string{"network"},
+			},
+			"network": {
+				Type:             schema.TypeString,
+				Optional:         true,
+				ForceNew:         true,
+				DiffSuppressFunc: tpgresource.CompareSelfLinkOrResourceName,
+				Description:      `A reference to the network to which this router belongs.`,
+				ConflictsWith:    []string{"ncc_gateway"},
+			},
 			"params": {
 				Type:        schema.TypeList,
 				Optional:    true,
@@ -313,6 +323,12 @@ func resourceComputeRouterCreate(d *schema.ResourceData, meta interface{}) error
 	} else if v, ok := d.GetOkExists("md5_authentication_keys"); !tpgresource.IsEmptyValue(reflect.ValueOf(md5AuthenticationKeysProp)) && (ok || !reflect.DeepEqual(v, md5AuthenticationKeysProp)) {
 		obj["md5AuthenticationKeys"] = md5AuthenticationKeysProp
 	}
+	nccGatewayProp, err := expandComputeRouterNccGateway(d.Get("ncc_gateway"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("ncc_gateway"); !tpgresource.IsEmptyValue(reflect.ValueOf(nccGatewayProp)) && (ok || !reflect.DeepEqual(v, nccGatewayProp)) {
+		obj["nccGateway"] = nccGatewayProp
+	}
 	paramsProp, err := expandComputeRouterParams(d.Get("params"), d, config)
 	if err != nil {
 		return err
@@ -449,6 +465,9 @@ func resourceComputeRouterRead(d *schema.ResourceData, meta interface{}) error {
 	if err := d.Set("encrypted_interconnect_router", flattenComputeRouterEncryptedInterconnectRouter(res["encryptedInterconnectRouter"], d, config)); err != nil {
 		return fmt.Errorf("Error reading Router: %s", err)
 	}
+	if err := d.Set("ncc_gateway", flattenComputeRouterNccGateway(res["nccGateway"], d, config)); err != nil {
+		return fmt.Errorf("Error reading Router: %s", err)
+	}
 	if err := d.Set("region", flattenComputeRouterRegion(res["region"], d, config)); err != nil {
 		return fmt.Errorf("Error reading Router: %s", err)
 	}
@@ -745,6 +764,13 @@ func flattenComputeRouterEncryptedInterconnectRouter(v interface{}, d *schema.Re
 	return v
 }
 
+func flattenComputeRouterNccGateway(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	if v == nil {
+		return v
+	}
+	return tpgresource.ConvertSelfLinkToV1(v.(string))
+}
+
 func flattenComputeRouterRegion(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
 	if v == nil {
 		return v
@@ -927,6 +953,25 @@ func expandComputeRouterMd5AuthenticationKeysKey(v interface{}, d tpgresource.Te
 	return v, nil
 }
 
+func expandComputeRouterNccGateway(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	// This method returns a full self link from a partial self link.
+	if v == nil || v.(string) == "" {
+		// It does not try to construct anything from empty.
+		return "", nil
+	} else if strings.HasPrefix(v.(string), "https://") {
+		// Anything that starts with a URL scheme is assumed to be a self link worth using.
+		return v, nil
+	}
+	// Anything else is assumed to be a regional resource, with a partial link that begins with the resource name.
+	// This isn't very likely - it's a last-ditch effort to extract something useful here.  We can do a better job
+	// as soon as MultiResourceRefs are working since we'll know the types that this field is supposed to point to.
+	url, err := tpgresource.ReplaceVars(d, config, "{{NetworkConnectivityBasePath}}")
+	if err != nil {
+		return nil, err
+	}
+	return url + v.(string), nil
+}
+
 func expandComputeRouterParams(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	if v == nil {
 		return nil, nil

google-beta/services/compute/resource_compute_router_generated_meta.yaml

@@ -18,6 +18,7 @@ fields:
   - api_field: 'md5AuthenticationKeys.key'
   - api_field: 'md5AuthenticationKeys.name'
   - api_field: 'name'
+  - api_field: 'nccGateway'
   - api_field: 'network'
   - api_field: 'params.resourceManagerTags'
   - api_field: 'region'

google-beta/services/compute/resource_compute_router_generated_test.go

@@ -49,7 +49,7 @@ func TestAccComputeRouter_routerBasicExample(t *testing.T) {
 				ResourceName:            "google_compute_router.foobar",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"advertisedIpRanges", "md5_authentication_keys", "network", "params", "region"},
+				ImportStateVerifyIgnore: []string{"advertisedIpRanges", "md5_authentication_keys", "ncc_gateway", "network", "params", "region"},
 			},
 		},
 	})
@@ -99,7 +99,7 @@ func TestAccComputeRouter_computeRouterEncryptedInterconnectExample(t *testing.T
 				ResourceName:            "google_compute_router.encrypted-interconnect-router",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"advertisedIpRanges", "md5_authentication_keys", "network", "params", "region"},
+				ImportStateVerifyIgnore: []string{"advertisedIpRanges", "md5_authentication_keys", "ncc_gateway", "network", "params", "region"},
 			},
 		},
 	})
@@ -142,7 +142,7 @@ func TestAccComputeRouter_computeRouterMd5encryptedExample(t *testing.T) {
 				ResourceName:            "google_compute_router.foobar",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"advertisedIpRanges", "md5_authentication_keys", "network", "params", "region"},
+				ImportStateVerifyIgnore: []string{"advertisedIpRanges", "md5_authentication_keys", "ncc_gateway", "network", "params", "region"},
 			},
 		},
 	})
@@ -177,6 +177,95 @@ resource "google_compute_network" "foobar" {
 `, context)
 }
 
+func TestAccComputeRouter_routerNccGwExample(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t),
+		CheckDestroy:             testAccCheckComputeRouterDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccComputeRouter_routerNccGwExample(context),
+			},
+			{
+				ResourceName:            "google_compute_router.foobar",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"md5_authentication_keys", "ncc_gateway", "network", "params", "region"},
+			},
+		},
+	})
+}
+
+func testAccComputeRouter_routerNccGwExample(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_compute_network" "network" {
+  provider = google-beta
+  name        = "tf-test-net-spoke%{random_suffix}"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "subnetwork" {
+  provider = google-beta
+  name          = "tf-test-subnet%{random_suffix}"
+  ip_cidr_range = "10.0.0.0/28"
+  region        = "us-central1"
+  network       = google_compute_network.network.self_link
+}
+
+resource "google_network_connectivity_hub" "basic_hub" {
+  provider = google-beta
+  name        = "hub%{random_suffix}"
+  description = "A sample hub"
+  labels = {
+    label-two = "value-one"
+  }
+  preset_topology = "HYBRID_INSPECTION"
+}
+
+resource "google_network_connectivity_spoke" "primary" {
+  provider = google-beta
+  name        = "tf-test-my-ncc-gw%{random_suffix}"
+  location = "us-central1"
+  description = "A sample spoke of type Gateway"
+  labels = {
+    label-one = "value-one"
+  }
+  hub =  google_network_connectivity_hub.basic_hub.id
+  gateway {
+    ip_range_reservations {
+      ip_range = "10.0.0.0/23"
+    }
+    capacity = "CAPACITY_1_GBPS"
+  }
+  group = "gateways"
+}
+
+
+resource "google_compute_router" "foobar" {
+  provider = google-beta
+  name    = "tf-test-my-router%{random_suffix}"
+  bgp {
+    asn               = 64514
+    advertise_mode    = "CUSTOM"
+    advertised_groups = ["ALL_SUBNETS"]
+    advertised_ip_ranges {
+      range = "1.2.3.4"
+    }
+    advertised_ip_ranges {
+      range = "6.7.0.0/16"
+    }
+  }
+  ncc_gateway = google_network_connectivity_spoke.primary.id
+}
+`, context)
+}
+
 func testAccCheckComputeRouterDestroyProducer(t *testing.T) func(s *terraform.State) error {
 	return func(s *terraform.State) error {
 		for name, rs := range s.RootModule().Resources {

google-beta/services/networkconnectivity/resource_network_connectivity_group_generated_meta.yaml

@@ -2,7 +2,7 @@ resource: 'google_network_connectivity_group'
 generation_type: 'mmv1'
 source_file: 'products/networkconnectivity/Group.yaml'
 api_service_name: 'networkconnectivity.googleapis.com'
-api_version: 'v1'
+api_version: 'v1beta'
 api_resource_type_kind: 'Group'
 fields:
   - api_field: 'autoAccept.autoAcceptProjects'

google-beta/services/networkconnectivity/resource_network_connectivity_hub.go

@@ -99,8 +99,8 @@ Please refer to the field 'effective_labels' for all of the labels present on th
 				Computed:     true,
 				Optional:     true,
 				ForceNew:     true,
-				ValidateFunc: verify.ValidateEnum([]string{"MESH", "STAR", ""}),
-				Description:  `Optional. The topology implemented in this hub. Currently, this field is only used when policyMode = PRESET. The available preset topologies are MESH and STAR. If presetTopology is unspecified and policyMode = PRESET, the presetTopology defaults to MESH. When policyMode = CUSTOM, the presetTopology is set to PRESET_TOPOLOGY_UNSPECIFIED. Possible values: ["MESH", "STAR"]`,
+				ValidateFunc: verify.ValidateEnum([]string{"MESH", "STAR", "HYBRID_INSPECTION", ""}),
+				Description:  `Optional. The topology implemented in this hub. Currently, this field is only used when policyMode = PRESET. The available preset topologies are MESH and STAR. If presetTopology is unspecified and policyMode = PRESET, the presetTopology defaults to MESH. When policyMode = CUSTOM, the presetTopology is set to PRESET_TOPOLOGY_UNSPECIFIED. Possible values: ["MESH", "STAR", "HYBRID_INSPECTION"]`,
 			},
 			"create_time": {
 				Type:        schema.TypeString,