Add the PSA write endpoint (#14510) (#23867)

[upstream:2fde81bab0ab9281ce361b9d937e1a8d1e426b3f]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/14510.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+sql: add field `psa_write_endpoint` flag to `google_sql_database_instance`
+```

google/services/sql/resource_sql_database_instance.go

@@ -992,6 +992,11 @@ is set to true. Defaults to ZONAL.`,
 				MaxItems: 1,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
+						"psa_write_endpoint": {
+							Type:        schema.TypeString,
+							Optional:    true,
+							Description: fmt.Sprintf(`If set, this field indicates this instance has a private service access (PSA) DNS endpoint that is pointing to the primary instance of the cluster. If this instance is the primary, then the DNS endpoint points to this instance. After a switchover or replica failover operation, this DNS endpoint points to the promoted instance. This is a read-only field, returned to the user as information. This field can exist even if a standalone instance doesn't have a DR replica yet or the DR replica is deleted.`),
+						},
 						"failover_dr_replica_name": {
 							Type:             schema.TypeString,
 							Optional:         true,
@@ -2549,6 +2554,10 @@ func flattenDatabaseFlags(databaseFlags []*sqladmin.DatabaseFlags) []map[string]
 // is nil since replication_cluster is computed+optional.
 func flattenReplicationCluster(replicationCluster *sqladmin.ReplicationCluster, d *schema.ResourceData) []map[string]interface{} {
 	data := make(map[string]interface{})
+	data["psa_write_endpoint"] = ""
+	if replicationCluster != nil && replicationCluster.PsaWriteEndpoint != "" {
+		data["psa_write_endpoint"] = replicationCluster.PsaWriteEndpoint
+	}
 	data["failover_dr_replica_name"] = ""
 	if replicationCluster != nil && replicationCluster.FailoverDrReplicaName != "" {
 		data["failover_dr_replica_name"] = replicationCluster.FailoverDrReplicaName

google/services/sql/resource_sql_database_instance_test.go

@@ -2714,6 +2714,60 @@ func TestAccSqlDatabaseInstance_SwitchoverSuccess(t *testing.T) {
 	})
 }
 
+func TestAccSqlDatabaseInstance_MysqlEplusWithPrivateNetwork(t *testing.T) {
+	t.Parallel()
+
+	instanceName := "tf-test-" + acctest.RandString(t, 10)
+	networkName := acctest.BootstrapSharedServiceNetworkingConnection(t, "endpoint")
+	projectId := envvar.GetTestProjectFromEnv()
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccSqlDatabaseInstanceDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testGoogleSqlDatabaseInstanceConfig_eplusOnPrivateNetwork(projectId, networkName, instanceName, "MYSQL_8_0"),
+				Check:  resource.ComposeTestCheckFunc(verifyCreateOperationOnEplusWithPrivateNetwork("google_sql_database_instance.instance")),
+			},
+			{
+				ResourceName:            "google_sql_database_instance.instance",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateIdPrefix:     fmt.Sprintf("%s/", projectId),
+				ImportStateVerifyIgnore: []string{"deletion_protection"},
+			},
+		},
+	})
+}
+
+func TestAccSqlDatabaseInstance_PostgresEplusWithPrivateNetwork(t *testing.T) {
+	t.Parallel()
+
+	instanceName := "tf-test-" + acctest.RandString(t, 10)
+	networkName := acctest.BootstrapSharedServiceNetworkingConnection(t, "endpoint")
+	projectId := envvar.GetTestProjectFromEnv()
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccSqlDatabaseInstanceDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testGoogleSqlDatabaseInstanceConfig_eplusOnPrivateNetwork(projectId, networkName, instanceName, "POSTGRES_12"),
+				Check:  resource.ComposeTestCheckFunc(verifyCreateOperationOnEplusWithPrivateNetwork("google_sql_database_instance.instance")),
+			},
+			{
+				ResourceName:            "google_sql_database_instance.instance",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateIdPrefix:     fmt.Sprintf("%s/", projectId),
+				ImportStateVerifyIgnore: []string{"deletion_protection"},
+			},
+		},
+	})
+}
+
 // Switchover for MySQL.
 func TestAccSqlDatabaseInstance_MysqlSwitchoverSuccess(t *testing.T) {
 	t.Parallel()
@@ -4012,6 +4066,35 @@ resource "google_sql_database_instance" "original-replica" {
 `, replicaName)
 }
 
+func testGoogleSqlDatabaseInstanceConfig_eplusOnPrivateNetwork(project, networkName, instanceName, databaseVersion string) string {
+	return fmt.Sprintf(`
+data "google_compute_network" "servicenet" {
+  name                    = "%s"
+}
+
+resource "google_sql_database_instance" "instance" {
+  project             = "%s"
+  name                = "%s"
+  region              = "us-east1"
+  database_version    = "%s"
+  instance_type       = "CLOUD_SQL_INSTANCE"
+  deletion_protection = false
+
+  settings {
+    tier              = "db-perf-optimized-N-2"
+    edition           = "ENTERPRISE_PLUS"
+    ip_configuration {
+      ipv4_enabled       = "false"
+      private_network    = data.google_compute_network.servicenet.self_link
+    }
+    backup_configuration {
+      enabled            = true
+    }
+  }
+}
+`, networkName, project, instanceName, databaseVersion)
+}
+
 func testGoogleSqlDatabaseInstanceConfig_mysqlEplusWithReplica(project, primaryName, replicaName string) string {
 	return fmt.Sprintf(`
 resource "google_sql_database_instance" "original-primary" {
@@ -4771,6 +4854,28 @@ func verifyPscOperation(resourceName string, isPscConfigExpected bool, expectedP
 	}
 }
 
+func verifyCreateOperationOnEplusWithPrivateNetwork(resourceName string) func(*terraform.State) error {
+	return func(s *terraform.State) error {
+		resource, ok := s.RootModule().Resources[resourceName]
+		if !ok {
+			return fmt.Errorf("Can't find %s in state", resourceName)
+		}
+
+		resourceAttributes := resource.Primary.Attributes
+		_, ok = resourceAttributes["replication_cluster.#"]
+		if !ok {
+			return fmt.Errorf("replication_cluster.# block is not present in state for %s", resourceName)
+		}
+
+		_, ok = resourceAttributes["replication_cluster.0.psa_write_endpoint"]
+		if !ok {
+			return fmt.Errorf("replication_cluster.psa_write_endpoint is not present in state for %s", resourceName)
+		}
+
+		return nil
+	}
+}
+
 func verifyPscAutoConnectionsOperation(resourceName string, isPscConfigExpected bool, expectedPscEnabled bool, isPscAutoConnectionConfigExpected bool, expectedConsumerNetwork string, expectedConsumerProject string) func(*terraform.State) error {
 	return func(s *terraform.State) error {
 		resource, ok := s.RootModule().Resources[resourceName]

website/docs/r/sql_database_instance.html.markdown

@@ -600,6 +600,8 @@ block during resource creation/update will trigger the restore action after the
 
 The optional, computed `replication_cluster` block represents a primary instance and disaster recovery replica pair. Applicable to MySQL and PostgreSQL. This field can be set only after both the primary and replica are created. This block supports:
 
+* `psa_write_endpoint`: Read-only field which if set, indicates this instance has a private service access (PSA) DNS endpoint that is pointing to the primary instance of the cluster. If this instance is the primary, then the DNS endpoint points to this instance. After a switchover or replica failover operation, this DNS endpoint points to the promoted instance. This is a read-only field, returned to the user as information. This field can exist even if a standalone instance doesn't have a DR replica yet or the DR replica is deleted.
+
 * `failover_dr_replica_name`: (Optional) If the instance is a primary instance, then this field identifies the disaster recovery (DR) replica. The standard format of this field is "your-project:your-instance". You can also set this field to "your-instance", but cloud SQL backend will convert it to the aforementioned standard format.
 
 * `dr_replica`: Read-only field that indicates whether the replica is a DR replica.