Add managed_private_network (#13379) (#22509)

[upstream:a11d542578debee1bc958d8634844e71a6b77da2]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/13379.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+storagetransfer: added `transfer_spec.aws_s3_data_source.managed_private_network` field to `google_storage_transfer_job` resource
+```

google/services/storagetransfer/resource_storage_transfer_job.go

@@ -741,6 +741,11 @@ func awsS3DataSchema() *schema.Resource {
 				ExactlyOneOf: awsS3AuthKeys,
 				Description:  `The Amazon Resource Name (ARN) of the role to support temporary credentials via 'AssumeRoleWithWebIdentity'. For more information about ARNs, see [IAM ARNs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns). When a role ARN is provided, Transfer Service fetches temporary credentials for the session using a 'AssumeRoleWithWebIdentity' call for the provided role using the [GoogleServiceAccount][] for this project.`,
 			},
+			"managed_private_network": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Description: `Egress bytes over a Google-managed private network. This network is shared between other users of Storage Transfer Service.`,
+			},
 		},
 	}
 }
@@ -1298,12 +1303,18 @@ func expandAwsS3Data(awsS3Datas []interface{}) *storagetransfer.AwsS3Data {
 	}
 
 	awsS3Data := awsS3Datas[0].(map[string]interface{})
-	return &storagetransfer.AwsS3Data{
+	result := &storagetransfer.AwsS3Data{
 		BucketName:   awsS3Data["bucket_name"].(string),
 		AwsAccessKey: expandAwsAccessKeys(awsS3Data["aws_access_key"].([]interface{})),
 		RoleArn:      awsS3Data["role_arn"].(string),
 		Path:         awsS3Data["path"].(string),
 	}
+
+	if v, ok := awsS3Data["managed_private_network"]; ok {
+		result.ManagedPrivateNetwork = v.(bool)
+	}
+
+	return result
 }
 
 func flattenAwsS3Data(awsS3Data *storagetransfer.AwsS3Data, d *schema.ResourceData) []map[string]interface{} {
@@ -1315,6 +1326,11 @@ func flattenAwsS3Data(awsS3Data *storagetransfer.AwsS3Data, d *schema.ResourceDa
 	if _, exist := d.GetOk("transfer_spec.0.aws_s3_data_source.0.aws_access_key"); exist {
 		data["aws_access_key"] = flattenAwsAccessKeys(d)
 	}
+
+	if awsS3Data.ManagedPrivateNetwork {
+		data["managed_private_network"] = awsS3Data.ManagedPrivateNetwork
+	}
+
 	return []map[string]interface{}{data}
 }
 

google/services/storagetransfer/resource_storage_transfer_job_meta.yaml

@@ -45,6 +45,7 @@ fields:
   - field: 'transfer_spec.aws_s3_data_source.aws_access_key.access_key_id'
   - field: 'transfer_spec.aws_s3_data_source.aws_access_key.secret_access_key'
   - field: 'transfer_spec.aws_s3_data_source.bucket_name'
+  - field: 'transfer_spec.aws_s3_data_source.managed_private_network'
   - field: 'transfer_spec.aws_s3_data_source.path'
   - field: 'transfer_spec.aws_s3_data_source.role_arn'
   - field: 'transfer_spec.azure_blob_storage_data_source.azure_credentials.sas_token'

website/docs/r/storage_transfer_job.html.markdown

@@ -260,6 +260,8 @@ A duration in seconds with up to nine fractional digits, terminated by 's'. Exam
 
 * `role_arn` - (Optional) The Amazon Resource Name (ARN) of the role to support temporary credentials via 'AssumeRoleWithWebIdentity'. For more information about ARNs, see [IAM ARNs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns). When a role ARN is provided, Transfer Service fetches temporary credentials for the session using a 'AssumeRoleWithWebIdentity' call for the provided role using the [GoogleServiceAccount][] for this project.
 
+* `managed_private_network` - (Optional) Egress bytes over a Google-managed private network. This network is shared between other users of Storage Transfer Service.
+
 The `aws_access_key` block supports:
 
 * `access_key_id` - (Required) AWS Key ID.