Add Support for CSI (#14238) (#23316)

[upstream:6764c5acedb7e7daf564bbc96fac07d5c5e424c5]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/14238.txt

@@ -0,0 +1,375 @@
+```release-note:enhancement
+compute: added `wire_groups` field to `google_compute_interconnect` resource (beta)
+```
+```release-note:enhancement
+compute: added `CROSS_SITE_NETWORK` enum option to `requested_features` field in `google_compute_interconnect` resource
+```
+subcategory: "Compute Engine"
+description: |-
+  Represents an Interconnect resource.
+---
+
+# google_compute_interconnect
+
+Represents an Interconnect resource. The Interconnect resource is a dedicated connection between
+Google's network and your on-premises network.
+
+
+To get more information about Interconnect, see:
+
+* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/interconnects)
+* How-to Guides
+    * [Create a Dedicated Interconnect](https://cloud.google.com/network-connectivity/docs/interconnect/concepts/dedicated-overview)
+
+## Example Usage - Compute Interconnect Basic
+
+
+```hcl
+data "google_project" "project" {}
+
+resource "google_compute_interconnect" "example-interconnect" {
+  name                 = "example-interconnect"
+  customer_name        = "example_customer"
+  interconnect_type    = "DEDICATED"
+  link_type            = "LINK_TYPE_ETHERNET_10G_LR"
+  location             = "https://www.googleapis.com/compute/v1/${data.google_project.project.id}/global/interconnectLocations/iad-zone1-1"
+  requested_link_count = 1
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+
+* `name` -
+  (Required)
+  Name of the resource. Provided by the client when the resource is created. The name must be
+  1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters
+  long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first
+  character must be a lowercase letter, and all following characters must be a dash,
+  lowercase letter, or digit, except the last character, which cannot be a dash.
+
+* `location` -
+  (Required)
+  URL of the InterconnectLocation object that represents where this connection is to be provisioned.
+  Specifies the location inside Google's Networks.
+
+* `link_type` -
+  (Required)
+  Type of link requested. Note that this field indicates the speed of each of the links in the
+  bundle, not the speed of the entire bundle. Can take one of the following values:
+    - LINK_TYPE_ETHERNET_10G_LR: A 10G Ethernet with LR optics.
+    - LINK_TYPE_ETHERNET_100G_LR: A 100G Ethernet with LR optics.
+    - LINK_TYPE_ETHERNET_400G_LR4: A 400G Ethernet with LR4 optics
+  Possible values are: `LINK_TYPE_ETHERNET_10G_LR`, `LINK_TYPE_ETHERNET_100G_LR`, `LINK_TYPE_ETHERNET_400G_LR4`.
+
+* `requested_link_count` -
+  (Required)
+  Target number of physical links in the link bundle, as requested by the customer.
+
+* `interconnect_type` -
+  (Required)
+  Type of interconnect. Note that a value IT_PRIVATE has been deprecated in favor of DEDICATED.
+  Can take one of the following values:
+    - PARTNER: A partner-managed interconnection shared between customers though a partner.
+    - DEDICATED: A dedicated physical interconnection with the customer.
+  Possible values are: `DEDICATED`, `PARTNER`, `IT_PRIVATE`.
+
+
+- - -
+
+
+* `description` -
+  (Optional)
+  An optional description of this resource. Provide this property when you create the resource.
+
+* `admin_enabled` -
+  (Optional)
+  Administrative status of the interconnect. When this is set to true, the Interconnect is
+  functional and can carry traffic. When set to false, no packets can be carried over the
+  interconnect and no BGP routes are exchanged over it. By default, the status is set to true.
+
+* `noc_contact_email` -
+  (Optional)
+  Email address to contact the customer NOC for operations and maintenance notifications
+  regarding this Interconnect. If specified, this will be used for notifications in addition to
+  all other forms described, such as Cloud Monitoring logs alerting and Cloud Notifications.
+  This field is required for users who sign up for Cloud Interconnect using workforce identity
+  federation.
+
+* `customer_name` -
+  (Optional)
+  Customer name, to put in the Letter of Authorization as the party authorized to request a
+  crossconnect. This field is required for Dedicated and Partner Interconnect, should not be specified
+  for cross-cloud interconnect.
+
+* `labels` -
+  (Optional)
+  Labels for this resource. These can only be added or modified by the setLabels
+  method. Each label key/value pair must comply with RFC1035. Label values may be empty.
+
+  **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
+  Please refer to the field `effective_labels` for all of the labels present on the resource.
+
+* `macsec` -
+  (Optional)
+  Configuration that enables Media Access Control security (MACsec) on the Cloud
+  Interconnect connection between Google and your on-premises router.
+  Structure is [documented below](#nested_macsec).
+
+* `macsec_enabled` -
+  (Optional)
+  Enable or disable MACsec on this Interconnect connection.
+  MACsec enablement fails if the MACsec object is not specified.
+
+* `remote_location` -
+  (Optional)
+  Indicates that this is a Cross-Cloud Interconnect. This field specifies the location outside
+  of Google's network that the interconnect is connected to.
+
+* `requested_features` -
+  (Optional)
+  interconnects.list of features requested for this Interconnect connection. Options: IF_MACSEC (
+  If specified then the connection is created on MACsec capable hardware ports. If not
+  specified, the default value is false, which allocates non-MACsec capable ports first if
+  available). Note that MACSEC is still technically allowed for compatibility reasons, but it
+  does not work with the API, and will be removed in an upcoming major version.
+  Each value may be one of: `MACSEC`, `CROSS_SITE_NETWORK`, `IF_MACSEC`.
+
+* `project` - (Optional) The ID of the project in which the resource belongs.
+    If it is not provided, the provider project is used.
+
+
+<a name="nested_macsec"></a>The `macsec` block supports:
+
+* `pre_shared_keys` -
+  (Required)
+  A keychain placeholder describing a set of named key objects along with their
+  start times. A MACsec CKN/CAK is generated for each key in the key chain.
+  Google router automatically picks the key with the most recent startTime when establishing
+  or re-establishing a MACsec secure link.
+  Structure is [documented below](#nested_macsec_pre_shared_keys).
+
+* `fail_open` -
+  (Optional)
+  If set to true, the Interconnect connection is configured with a should-secure
+  MACsec security policy, that allows the Google router to fallback to cleartext
+  traffic if the MKA session cannot be established. By default, the Interconnect
+  connection is configured with a must-secure security policy that drops all traffic
+  if the MKA session cannot be established with your router.
+
+
+<a name="nested_macsec_pre_shared_keys"></a>The `pre_shared_keys` block supports:
+
+* `name` -
+  (Required)
+  A name for this pre-shared key. The name must be 1-63 characters long, and
+   comply with RFC1035. Specifically, the name must be 1-63 characters long and match
+   the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character
+   must be a lowercase letter, and all following characters must be a dash, lowercase
+   letter, or digit, except the last character, which cannot be a dash.
+
+* `start_time` -
+  (Optional)
+  A RFC3339 timestamp on or after which the key is valid. startTime can be in the
+  future. If the keychain has a single key, startTime can be omitted. If the keychain
+  has multiple keys, startTime is mandatory for each key. The start times of keys must
+  be in increasing order. The start times of two consecutive keys must be at least 6
+  hours apart.
+
+* `fail_open` -
+  (Optional, Deprecated)
+  If set to true, the Interconnect connection is configured with a should-secure
+  MACsec security policy, that allows the Google router to fallback to cleartext
+  traffic if the MKA session cannot be established. By default, the Interconnect
+  connection is configured with a must-secure security policy that drops all traffic
+  if the MKA session cannot be established with your router.
+
+  ~> **Warning:** `failOpen` is deprecated and will be removed in a future major release. Use other `failOpen` instead.
+
+## Attributes Reference
+
+In addition to the arguments listed above, the following computed attributes are exported:
+
+* `id` - an identifier for the resource with format `projects/{{project}}/global/interconnects/{{name}}`
+
+* `creation_timestamp` -
+  Creation timestamp in RFC3339 text format.
+
+* `operational_status` -
+  The current status of this Interconnect's functionality, which can take one of the following:
+    - OS_ACTIVE: A valid Interconnect, which is turned up and is ready to use. Attachments may
+    be provisioned on this Interconnect.
+    - OS_UNPROVISIONED: An Interconnect that has not completed turnup. No attachments may be
+    provisioned on this Interconnect.
+    - OS_UNDER_MAINTENANCE: An Interconnect that is undergoing internal maintenance. No
+    attachments may be provisioned or updated on this Interconnect.
+
+* `provisioned_link_count` -
+  Number of links actually provisioned in this interconnect.
+
+* `interconnect_attachments` -
+  A list of the URLs of all InterconnectAttachments configured to use this Interconnect.
+
+* `peer_ip_address` -
+  IP address configured on the customer side of the Interconnect link.
+  The customer should configure this IP address during turnup when prompted by Google NOC.
+  This can be used only for ping tests.
+
+* `google_ip_address` -
+  IP address configured on the Google side of the Interconnect link.
+  This can be used only for ping tests.
+
+* `google_reference_id` -
+  Google reference ID to be used when raising support tickets with Google or otherwise to debug
+  backend connectivity issues.
+
+* `expected_outages` -
+  A list of outages expected for this Interconnect.
+  Structure is [documented below](#nested_expected_outages).
+
+* `circuit_infos` -
+  A list of CircuitInfo objects, that describe the individual circuits in this LAG.
+  Structure is [documented below](#nested_circuit_infos).
+
+* `label_fingerprint` -
+  A fingerprint for the labels being applied to this Interconnect, which is essentially a hash
+  of the labels set used for optimistic locking. The fingerprint is initially generated by
+  Compute Engine and changes after every request to modify or update labels.
+  You must always provide an up-to-date fingerprint hash in order to update or change labels,
+  otherwise the request will fail with error 412 conditionNotMet.
+
+* `state` -
+  The current state of Interconnect functionality, which can take one of the following values:
+    - ACTIVE: The Interconnect is valid, turned up and ready to use.
+    Attachments may be provisioned on this Interconnect.
+    - UNPROVISIONED: The Interconnect has not completed turnup. No attachments may b
+     provisioned on this Interconnect.
+    - UNDER_MAINTENANCE: The Interconnect is undergoing internal maintenance. No attachments may
+     be provisioned or updated on this Interconnect.
+
+* `satisfies_pzs` -
+  Reserved for future use.
+
+* `available_features` -
+  interconnects.list of features available for this Interconnect connection. Can take the value:
+  MACSEC. If present then the Interconnect connection is provisioned on MACsec capable hardware
+  ports. If not present then the Interconnect connection is provisioned on non-MACsec capable
+  ports and MACsec isn't supported and enabling MACsec fails).
+
+* `wire_groups` -
+  ([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
+  A list of the URLs of all CrossSiteNetwork WireGroups configured to use this Interconnect.[The Interconnect   cannot be deleted if this list is non-empty.]
+
+* `interconnect_groups` -
+  URLs of InterconnectGroups that include this Interconnect.
+  Order is arbitrary and items are unique.
+
+* `terraform_labels` -
+  The combination of labels configured directly on the resource
+   and default labels configured on the provider.
+
+* `effective_labels` -
+  All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.
+
+
+<a name="nested_expected_outages"></a>The `expected_outages` block contains:
+
+* `name` -
+  (Output)
+  Unique identifier for this outage notification.
+
+* `description` -
+  (Output)
+  A description about the purpose of the outage.
+
+* `source` -
+  (Output)
+  The party that generated this notification. Note that the value of NSRC_GOOGLE has been
+  deprecated in favor of GOOGLE. Can take the following value:
+    - GOOGLE: this notification as generated by Google.
+
+* `state` -
+  (Output)
+  State of this notification. Note that the versions of this enum prefixed with "NS_" have
+  been deprecated in favor of the unprefixed values. Can take one of the following values:
+    - ACTIVE: This outage notification is active. The event could be in the past, present,
+    or future. See startTime and endTime for scheduling.
+    - CANCELLED: The outage associated with this notification was cancelled before the
+    outage was due to start.
+    - COMPLETED: The outage associated with this notification is complete.
+
+* `issue_type` -
+  (Output)
+  Form this outage is expected to take. Note that the versions of this enum prefixed with
+  "IT_" have been deprecated in favor of the unprefixed values. Can take one of the
+  following values:
+    - OUTAGE: The Interconnect may be completely out of service for some or all of the
+    specified window.
+    - PARTIAL_OUTAGE: Some circuits comprising the Interconnect as a whole should remain
+    up, but with reduced bandwidth.
+
+* `affected_circuits` -
+  (Output)
+  If issueType is IT_PARTIAL_OUTAGE, a list of the Google-side circuit IDs that will be
+  affected.
+
+* `start_time` -
+  (Output)
+  Scheduled start time for the outage (milliseconds since Unix epoch).
+
+* `end_time` -
+  (Output)
+  Scheduled end time for the outage (milliseconds since Unix epoch).
+
+<a name="nested_circuit_infos"></a>The `circuit_infos` block contains:
+
+* `google_circuit_id` -
+  (Output)
+  Google-assigned unique ID for this circuit. Assigned at circuit turn-up.
+
+* `google_demarc_id` -
+  (Output)
+  Google-side demarc ID for this circuit. Assigned at circuit turn-up and provided by
+  Google to the customer in the LOA.
+
+* `customer_demarc_id` -
+  (Output)
+  Customer-side demarc ID for this circuit.
+
+## Timeouts
+
+This resource provides the following
+[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:
+
+- `create` - Default is 20 minutes.
+- `update` - Default is 20 minutes.
+- `delete` - Default is 20 minutes.
+
+## Import
+
+
+Interconnect can be imported using any of these accepted formats:
+
+* `projects/{{project}}/global/interconnects/{{name}}`
+* `{{project}}/{{name}}`
+* `{{name}}`
+
+
+In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import Interconnect using one of the formats above. For example:
+
+```tf
+import {
+  id = "projects/{{project}}/global/interconnects/{{name}}"
+  to = google_compute_interconnect.default
+}
+```
+
+When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), Interconnect can be imported using one of the formats above. For example:
+
+```
+$ terraform import google_compute_interconnect.default projects/{{project}}/global/interconnects/{{name}}
+$ terraform import google_compute_interconnect.default {{project}}/{{name}}
+$ terraform import google_compute_interconnect.default {{name}}
+```

google/services/compute/resource_compute_interconnect.go

@@ -231,10 +231,10 @@ of Google's network that the interconnect is connected to.`,
 If specified then the connection is created on MACsec capable hardware ports. If not
 specified, the default value is false, which allocates non-MACsec capable ports first if
 available). Note that MACSEC is still technically allowed for compatibility reasons, but it
-does not work with the API, and will be removed in an upcoming major version. Possible values: ["MACSEC", "IF_MACSEC"]`,
+does not work with the API, and will be removed in an upcoming major version. Possible values: ["MACSEC", "CROSS_SITE_NETWORK", "IF_MACSEC"]`,
 				Elem: &schema.Schema{
 					Type:         schema.TypeString,
-					ValidateFunc: verify.ValidateEnum([]string{"MACSEC", "IF_MACSEC"}),
+					ValidateFunc: verify.ValidateEnum([]string{"MACSEC", "CROSS_SITE_NETWORK", "IF_MACSEC"}),
 				},
 			},
 			"available_features": {

google/services/compute/resource_compute_interconnect_generated_test.go

@@ -64,7 +64,7 @@ resource "google_compute_interconnect" "example-interconnect" {
   customer_name        = "internal_customer" # Special customer only available for Google testing.
   interconnect_type    = "DEDICATED"
   link_type            = "LINK_TYPE_ETHERNET_10G_LR"
-  location             = "https://www.googleapis.com/compute/v1/projects/${data.google_project.project.name}/global/interconnectLocations/z2z-us-east4-zone1-lciadl-a" # Special location only available for Google testing.
+  location             = "https://www.googleapis.com/compute/v1/${data.google_project.project.id}/global/interconnectLocations/z2z-us-east4-zone1-lciadl-a" # Special location only available for Google testing.
   requested_link_count = 1
   admin_enabled        = true
   description          = "example description"