diff --git a/.changelog/13387.txt b/.changelog/13387.txt
new file mode 100644
index 00000000000..6960399323a
--- /dev/null
+++ b/.changelog/13387.txt
@@ -0,0 +1,9 @@
+```release-note:enhancement
+networkmanagement: added `source.gkeMasterCluster`, `source.cloudSqlInstance`, `source.cloudFunction`, `source.appEngineVersion`, `source.cloudRunRevision` fields to `google_network_management_connectivity_test` resource
+```
+```release-note:enhancement
+networkmanagement: added `destination.forwardingRule`, `destination.gkeMasterCluster`, `destination.fqdn`, `destination.cloudSqlInstance`, `destination.redisInstance`, `destination.redisCluster`, fields to `google_network_management_connectivity_test` resource
+```
+```release-note:enhancement
+networkmanagement: added `roundTrip`, `bypassFirewallChecks` fields to `google_network_management_connectivity_test` resource
+```
\ No newline at end of file
diff --git a/google/services/networkmanagement/resource_network_management_connectivity_test_generated_meta.yaml b/google/services/networkmanagement/resource_network_management_connectivity_test_generated_meta.yaml
index 24287f989f2..52cd93c148e 100644
--- a/google/services/networkmanagement/resource_network_management_connectivity_test_generated_meta.yaml
+++ b/google/services/networkmanagement/resource_network_management_connectivity_test_generated_meta.yaml
@@ -5,18 +5,31 @@ api_service_name: 'networkmanagement.googleapis.com'
api_version: 'v1'
api_resource_type_kind: 'ConnectivityTest'
fields:
+ - field: 'bypass_firewall_checks'
- field: 'description'
+ - field: 'destination.cloud_sql_instance'
+ - field: 'destination.forwarding_rule'
+ - field: 'destination.fqdn'
+ - field: 'destination.gke_master_cluster'
- field: 'destination.instance'
- field: 'destination.ip_address'
- field: 'destination.network'
- field: 'destination.port'
- field: 'destination.project_id'
+ - field: 'destination.redis_cluster'
+ - field: 'destination.redis_instance'
- field: 'effective_labels'
provider_only: true
- field: 'labels'
- field: 'name'
- field: 'protocol'
- field: 'related_projects'
+ - field: 'round_trip'
+ - field: 'source.app_engine_version.uri'
+ - field: 'source.cloud_function.uri'
+ - field: 'source.cloud_run_revision.uri'
+ - field: 'source.cloud_sql_instance'
+ - field: 'source.gke_master_cluster'
- field: 'source.instance'
- field: 'source.ip_address'
- field: 'source.network'
diff --git a/google/services/networkmanagement/resource_network_management_connectivity_test_resource.go b/google/services/networkmanagement/resource_network_management_connectivity_test_resource.go
index 956c4bffe7d..15fc9d99478 100644
--- a/google/services/networkmanagement/resource_network_management_connectivity_test_resource.go
+++ b/google/services/networkmanagement/resource_network_management_connectivity_test_resource.go
@@ -47,9 +47,9 @@ func ResourceNetworkManagementConnectivityTest() *schema.Resource {
},
Timeouts: &schema.ResourceTimeout{
- Create: schema.DefaultTimeout(20 * time.Minute),
- Update: schema.DefaultTimeout(20 * time.Minute),
- Delete: schema.DefaultTimeout(20 * time.Minute),
+ Create: schema.DefaultTimeout(5 * time.Minute),
+ Update: schema.DefaultTimeout(5 * time.Minute),
+ Delete: schema.DefaultTimeout(5 * time.Minute),
},
CustomizeDiff: customdiff.All(
@@ -63,59 +63,81 @@ func ResourceNetworkManagementConnectivityTest() *schema.Resource {
Required: true,
Description: `Required. Destination specification of the Connectivity Test.
-You can use a combination of destination IP address, Compute
-Engine VM instance, or VPC network to uniquely identify the
-destination location.
+You can use a combination of destination IP address, URI of a supported
+endpoint, project ID, or VPC network to identify the destination location.
-Even if the destination IP address is not unique, the source IP
-location is unique. Usually, the analysis can infer the destination
-endpoint from route information.
-
-If the destination you specify is a VM instance and the instance has
-multiple network interfaces, then you must also specify either a
-destination IP address or VPC network to identify the destination
-interface.
-
-A reachability analysis proceeds even if the destination location
-is ambiguous. However, the result can include endpoints that you
-don't intend to test.`,
+Reachability analysis proceeds even if the destination location is
+ambiguous. However, the test result might include endpoints or use a
+destination that you don't intend to test.`,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
+ "cloud_sql_instance": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: `A Cloud SQL instance URI.`,
+ },
+ "forwarding_rule": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: `Forwarding rule URI. Forwarding rules are frontends for load balancers,
+PSC endpoints, and Protocol Forwarding.`,
+ },
+ "fqdn": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: `A DNS endpoint of Google Kubernetes Engine cluster control plane.
+Requires gke_master_cluster to be set, can't be used simultaneoulsly with
+ip_address or network. Applicable only to destination endpoint.`,
+ },
+ "gke_master_cluster": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: `A cluster URI for Google Kubernetes Engine cluster control plane.`,
+ },
"instance": {
Type: schema.TypeString,
Optional: true,
Description: `A Compute Engine instance URI.`,
},
"ip_address": {
- Type: schema.TypeString,
- Optional: true,
- Description: `The IP address of the endpoint, which can be an external or
-internal IP. An IPv6 address is only allowed when the test's
-destination is a global load balancer VIP.`,
+ Type: schema.TypeString,
+ Optional: true,
+ Description: `The IP address of the endpoint, which can be an external or internal IP.`,
},
"network": {
Type: schema.TypeString,
Optional: true,
- Description: `A Compute Engine network URI.`,
+ Description: `A VPC network URI.`,
},
"port": {
Type: schema.TypeInt,
Optional: true,
- Description: `The IP protocol port of the endpoint. Only applicable when
-protocol is TCP or UDP.`,
+ Description: `The IP protocol port of the endpoint. Only applicable when protocol is
+TCP or UDP.`,
},
"project_id": {
Type: schema.TypeString,
Optional: true,
- Description: `Project ID where the endpoint is located. The Project ID can be
-derived from the URI if you provide a VM instance or network URI.
-The following are two cases where you must provide the project ID:
-1. Only the IP address is specified, and the IP address is within
-a GCP project. 2. When you are using Shared VPC and the IP address
-that you provide is from the service project. In this case, the
-network that the IP address resides in is defined in the host
-project.`,
+ Description: `Project ID where the endpoint is located.
+The project ID can be derived from the URI if you provide a endpoint or
+network URI.
+The following are two cases where you may need to provide the project ID:
+1. Only the IP address is specified, and the IP address is within a Google
+Cloud project.
+2. When you are using Shared VPC and the IP address that you provide is
+from the service project. In this case, the network that the IP address
+resides in is defined in the host project.`,
+ },
+ "redis_cluster": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: `A Redis Cluster URI.`,
+ },
+ "redis_instance": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: `A Redis Instance URI.`,
},
},
},
@@ -131,46 +153,87 @@ project.`,
Required: true,
Description: `Required. Source specification of the Connectivity Test.
-You can use a combination of source IP address, virtual machine
-(VM) instance, or Compute Engine network to uniquely identify the
-source location.
-
-Examples: If the source IP address is an internal IP address within
-a Google Cloud Virtual Private Cloud (VPC) network, then you must
-also specify the VPC network. Otherwise, specify the VM instance,
-which already contains its internal IP address and VPC network
-information.
+You can use a combination of source IP address, URI of a supported
+endpoint, project ID, or VPC network to identify the source location.
-If the source of the test is within an on-premises network, then
-you must provide the destination VPC network.
-
-If the source endpoint is a Compute Engine VM instance with multiple
-network interfaces, the instance itself is not sufficient to
-identify the endpoint. So, you must also specify the source IP
-address or VPC network.
-
-A reachability analysis proceeds even if the source location is
-ambiguous. However, the test result may include endpoints that
-you don't intend to test.`,
+Reachability analysis might proceed even if the source location is
+ambiguous. However, the test result might include endpoints or use a source
+that you don't intend to test.`,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
+ "app_engine_version": {
+ Type: schema.TypeList,
+ Optional: true,
+ ForceNew: true,
+ Description: `An App Engine service version.`,
+ MaxItems: 1,
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "uri": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: `An App Engine service version name.`,
+ },
+ },
+ },
+ },
+ "cloud_function": {
+ Type: schema.TypeList,
+ Optional: true,
+ ForceNew: true,
+ Description: `A Cloud Function.`,
+ MaxItems: 1,
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "uri": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: `A Cloud Function name.`,
+ },
+ },
+ },
+ },
+ "cloud_run_revision": {
+ Type: schema.TypeList,
+ Optional: true,
+ ForceNew: true,
+ Description: `A Cloud Run revision.`,
+ MaxItems: 1,
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "uri": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: `A Cloud Run revision URI.`,
+ },
+ },
+ },
+ },
+ "cloud_sql_instance": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: `A Cloud SQL instance URI.`,
+ },
+ "gke_master_cluster": {
+ Type: schema.TypeString,
+ Optional: true,
+ Description: `A cluster URI for Google Kubernetes Engine cluster control plane.`,
+ },
"instance": {
Type: schema.TypeString,
Optional: true,
Description: `A Compute Engine instance URI.`,
},
"ip_address": {
- Type: schema.TypeString,
- Optional: true,
- Description: `The IP address of the endpoint, which can be an external or
-internal IP. An IPv6 address is only allowed when the test's
-destination is a global load balancer VIP.`,
+ Type: schema.TypeString,
+ Optional: true,
+ Description: `The IP address of the endpoint, which can be an external or internal IP.`,
},
"network": {
Type: schema.TypeString,
Optional: true,
- Description: `A Compute Engine network URI.`,
+ Description: `A VPC network URI.`,
},
"network_type": {
Type: schema.TypeString,
@@ -181,26 +244,30 @@ destination is a global load balancer VIP.`,
"port": {
Type: schema.TypeInt,
Optional: true,
- Description: `The IP protocol port of the endpoint. Only applicable when
-protocol is TCP or UDP.`,
+ Description: `The IP protocol port of the endpoint. Only applicable when protocol is
+TCP or UDP.`,
},
"project_id": {
Type: schema.TypeString,
Optional: true,
- Description: `Project ID where the endpoint is located. The Project ID can be
-derived from the URI if you provide a VM instance or network URI.
-The following are two cases where you must provide the project ID:
-
-1. Only the IP address is specified, and the IP address is
- within a GCP project.
-2. When you are using Shared VPC and the IP address
- that you provide is from the service project. In this case,
- the network that the IP address resides in is defined in the
- host project.`,
+ Description: `Project ID where the endpoint is located.
+The project ID can be derived from the URI if you provide a endpoint or
+network URI.
+The following are two cases where you may need to provide the project ID:
+1. Only the IP address is specified, and the IP address is within a Google
+Cloud project.
+2. When you are using Shared VPC and the IP address that you provide is
+from the service project. In this case, the network that the IP address
+resides in is defined in the host project.`,
},
},
},
},
+ "bypass_firewall_checks": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Description: `Whether the analysis should skip firewall checking. Default value is false.`,
+ },
"description": {
Type: schema.TypeString,
Optional: true,
@@ -233,6 +300,12 @@ boundaries.`,
Type: schema.TypeString,
},
},
+ "round_trip": {
+ Type: schema.TypeBool,
+ Optional: true,
+ Description: `Whether run analysis for the return path from destination to source.
+Default value is false.`,
+ },
"effective_labels": {
Type: schema.TypeMap,
Computed: true,
@@ -301,6 +374,18 @@ func resourceNetworkManagementConnectivityTestCreate(d *schema.ResourceData, met
} else if v, ok := d.GetOkExists("related_projects"); !tpgresource.IsEmptyValue(reflect.ValueOf(relatedProjectsProp)) && (ok || !reflect.DeepEqual(v, relatedProjectsProp)) {
obj["relatedProjects"] = relatedProjectsProp
}
+ roundTripProp, err := expandNetworkManagementConnectivityTestRoundTrip(d.Get("round_trip"), d, config)
+ if err != nil {
+ return err
+ } else if v, ok := d.GetOkExists("round_trip"); !tpgresource.IsEmptyValue(reflect.ValueOf(roundTripProp)) && (ok || !reflect.DeepEqual(v, roundTripProp)) {
+ obj["roundTrip"] = roundTripProp
+ }
+ bypassFirewallChecksProp, err := expandNetworkManagementConnectivityTestBypassFirewallChecks(d.Get("bypass_firewall_checks"), d, config)
+ if err != nil {
+ return err
+ } else if v, ok := d.GetOkExists("bypass_firewall_checks"); !tpgresource.IsEmptyValue(reflect.ValueOf(bypassFirewallChecksProp)) && (ok || !reflect.DeepEqual(v, bypassFirewallChecksProp)) {
+ obj["bypassFirewallChecks"] = bypassFirewallChecksProp
+ }
labelsProp, err := expandNetworkManagementConnectivityTestEffectiveLabels(d.Get("effective_labels"), d, config)
if err != nil {
return err
@@ -441,6 +526,12 @@ func resourceNetworkManagementConnectivityTestRead(d *schema.ResourceData, meta
if err := d.Set("labels", flattenNetworkManagementConnectivityTestLabels(res["labels"], d, config)); err != nil {
return fmt.Errorf("Error reading ConnectivityTest: %s", err)
}
+ if err := d.Set("round_trip", flattenNetworkManagementConnectivityTestRoundTrip(res["roundTrip"], d, config)); err != nil {
+ return fmt.Errorf("Error reading ConnectivityTest: %s", err)
+ }
+ if err := d.Set("bypass_firewall_checks", flattenNetworkManagementConnectivityTestBypassFirewallChecks(res["bypassFirewallChecks"], d, config)); err != nil {
+ return fmt.Errorf("Error reading ConnectivityTest: %s", err)
+ }
if err := d.Set("terraform_labels", flattenNetworkManagementConnectivityTestTerraformLabels(res["labels"], d, config)); err != nil {
return fmt.Errorf("Error reading ConnectivityTest: %s", err)
}
@@ -497,6 +588,18 @@ func resourceNetworkManagementConnectivityTestUpdate(d *schema.ResourceData, met
} else if v, ok := d.GetOkExists("related_projects"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, relatedProjectsProp)) {
obj["relatedProjects"] = relatedProjectsProp
}
+ roundTripProp, err := expandNetworkManagementConnectivityTestRoundTrip(d.Get("round_trip"), d, config)
+ if err != nil {
+ return err
+ } else if v, ok := d.GetOkExists("round_trip"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, roundTripProp)) {
+ obj["roundTrip"] = roundTripProp
+ }
+ bypassFirewallChecksProp, err := expandNetworkManagementConnectivityTestBypassFirewallChecks(d.Get("bypass_firewall_checks"), d, config)
+ if err != nil {
+ return err
+ } else if v, ok := d.GetOkExists("bypass_firewall_checks"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, bypassFirewallChecksProp)) {
+ obj["bypassFirewallChecks"] = bypassFirewallChecksProp
+ }
labelsProp, err := expandNetworkManagementConnectivityTestEffectiveLabels(d.Get("effective_labels"), d, config)
if err != nil {
return err
@@ -521,6 +624,11 @@ func resourceNetworkManagementConnectivityTestUpdate(d *schema.ResourceData, met
updateMask = append(updateMask, "source.ipAddress",
"source.port",
"source.instance",
+ "source.gkeMasterCluster",
+ "source.cloudSqlInstance",
+ "source.cloudFunction",
+ "source.appEngineVersion",
+ "source.cloudRunRevision",
"source.network",
"source.networkType",
"source.projectId")
@@ -530,6 +638,12 @@ func resourceNetworkManagementConnectivityTestUpdate(d *schema.ResourceData, met
updateMask = append(updateMask, "destination.ipAddress",
"destination.port",
"destination.instance",
+ "destination.forwardingRule",
+ "destination.gkeMasterCluster",
+ "destination.fqdn",
+ "destination.cloudSqlInstance",
+ "destination.redisInstance",
+ "destination.redisCluster",
"destination.network",
"destination.projectId")
}
@@ -542,6 +656,14 @@ func resourceNetworkManagementConnectivityTestUpdate(d *schema.ResourceData, met
updateMask = append(updateMask, "relatedProjects")
}
+ if d.HasChange("round_trip") {
+ updateMask = append(updateMask, "roundTrip")
+ }
+
+ if d.HasChange("bypass_firewall_checks") {
+ updateMask = append(updateMask, "bypassFirewallChecks")
+ }
+
if d.HasChange("effective_labels") {
updateMask = append(updateMask, "labels")
}
@@ -690,6 +812,16 @@ func flattenNetworkManagementConnectivityTestSource(v interface{}, d *schema.Res
flattenNetworkManagementConnectivityTestSourcePort(original["port"], d, config)
transformed["instance"] =
flattenNetworkManagementConnectivityTestSourceInstance(original["instance"], d, config)
+ transformed["gke_master_cluster"] =
+ flattenNetworkManagementConnectivityTestSourceGkeMasterCluster(original["gkeMasterCluster"], d, config)
+ transformed["cloud_sql_instance"] =
+ flattenNetworkManagementConnectivityTestSourceCloudSqlInstance(original["cloudSqlInstance"], d, config)
+ transformed["cloud_function"] =
+ flattenNetworkManagementConnectivityTestSourceCloudFunction(original["cloudFunction"], d, config)
+ transformed["app_engine_version"] =
+ flattenNetworkManagementConnectivityTestSourceAppEngineVersion(original["appEngineVersion"], d, config)
+ transformed["cloud_run_revision"] =
+ flattenNetworkManagementConnectivityTestSourceCloudRunRevision(original["cloudRunRevision"], d, config)
transformed["network"] =
flattenNetworkManagementConnectivityTestSourceNetwork(original["network"], d, config)
transformed["network_type"] =
@@ -723,6 +855,65 @@ func flattenNetworkManagementConnectivityTestSourceInstance(v interface{}, d *sc
return v
}
+func flattenNetworkManagementConnectivityTestSourceGkeMasterCluster(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ return v
+}
+
+func flattenNetworkManagementConnectivityTestSourceCloudSqlInstance(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ return v
+}
+
+func flattenNetworkManagementConnectivityTestSourceCloudFunction(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ if v == nil {
+ return nil
+ }
+ original := v.(map[string]interface{})
+ if len(original) == 0 {
+ return nil
+ }
+ transformed := make(map[string]interface{})
+ transformed["uri"] =
+ flattenNetworkManagementConnectivityTestSourceCloudFunctionUri(original["uri"], d, config)
+ return []interface{}{transformed}
+}
+func flattenNetworkManagementConnectivityTestSourceCloudFunctionUri(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ return v
+}
+
+func flattenNetworkManagementConnectivityTestSourceAppEngineVersion(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ if v == nil {
+ return nil
+ }
+ original := v.(map[string]interface{})
+ if len(original) == 0 {
+ return nil
+ }
+ transformed := make(map[string]interface{})
+ transformed["uri"] =
+ flattenNetworkManagementConnectivityTestSourceAppEngineVersionUri(original["uri"], d, config)
+ return []interface{}{transformed}
+}
+func flattenNetworkManagementConnectivityTestSourceAppEngineVersionUri(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ return v
+}
+
+func flattenNetworkManagementConnectivityTestSourceCloudRunRevision(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ if v == nil {
+ return nil
+ }
+ original := v.(map[string]interface{})
+ if len(original) == 0 {
+ return nil
+ }
+ transformed := make(map[string]interface{})
+ transformed["uri"] =
+ flattenNetworkManagementConnectivityTestSourceCloudRunRevisionUri(original["uri"], d, config)
+ return []interface{}{transformed}
+}
+func flattenNetworkManagementConnectivityTestSourceCloudRunRevisionUri(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ return v
+}
+
func flattenNetworkManagementConnectivityTestSourceNetwork(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}
@@ -750,6 +941,18 @@ func flattenNetworkManagementConnectivityTestDestination(v interface{}, d *schem
flattenNetworkManagementConnectivityTestDestinationPort(original["port"], d, config)
transformed["instance"] =
flattenNetworkManagementConnectivityTestDestinationInstance(original["instance"], d, config)
+ transformed["forwarding_rule"] =
+ flattenNetworkManagementConnectivityTestDestinationForwardingRule(original["forwardingRule"], d, config)
+ transformed["gke_master_cluster"] =
+ flattenNetworkManagementConnectivityTestDestinationGkeMasterCluster(original["gkeMasterCluster"], d, config)
+ transformed["fqdn"] =
+ flattenNetworkManagementConnectivityTestDestinationFqdn(original["fqdn"], d, config)
+ transformed["cloud_sql_instance"] =
+ flattenNetworkManagementConnectivityTestDestinationCloudSqlInstance(original["cloudSqlInstance"], d, config)
+ transformed["redis_instance"] =
+ flattenNetworkManagementConnectivityTestDestinationRedisInstance(original["redisInstance"], d, config)
+ transformed["redis_cluster"] =
+ flattenNetworkManagementConnectivityTestDestinationRedisCluster(original["redisCluster"], d, config)
transformed["network"] =
flattenNetworkManagementConnectivityTestDestinationNetwork(original["network"], d, config)
transformed["project_id"] =
@@ -781,6 +984,30 @@ func flattenNetworkManagementConnectivityTestDestinationInstance(v interface{},
return v
}
+func flattenNetworkManagementConnectivityTestDestinationForwardingRule(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ return v
+}
+
+func flattenNetworkManagementConnectivityTestDestinationGkeMasterCluster(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ return v
+}
+
+func flattenNetworkManagementConnectivityTestDestinationFqdn(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ return v
+}
+
+func flattenNetworkManagementConnectivityTestDestinationCloudSqlInstance(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ return v
+}
+
+func flattenNetworkManagementConnectivityTestDestinationRedisInstance(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ return v
+}
+
+func flattenNetworkManagementConnectivityTestDestinationRedisCluster(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ return v
+}
+
func flattenNetworkManagementConnectivityTestDestinationNetwork(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}
@@ -812,6 +1039,14 @@ func flattenNetworkManagementConnectivityTestLabels(v interface{}, d *schema.Res
return transformed
}
+func flattenNetworkManagementConnectivityTestRoundTrip(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ return v
+}
+
+func flattenNetworkManagementConnectivityTestBypassFirewallChecks(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+ return v
+}
+
func flattenNetworkManagementConnectivityTestTerraformLabels(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
if v == nil {
return v
@@ -874,6 +1109,41 @@ func expandNetworkManagementConnectivityTestSource(v interface{}, d tpgresource.
transformed["instance"] = transformedInstance
}
+ transformedGkeMasterCluster, err := expandNetworkManagementConnectivityTestSourceGkeMasterCluster(original["gke_master_cluster"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedGkeMasterCluster); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["gkeMasterCluster"] = transformedGkeMasterCluster
+ }
+
+ transformedCloudSqlInstance, err := expandNetworkManagementConnectivityTestSourceCloudSqlInstance(original["cloud_sql_instance"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedCloudSqlInstance); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["cloudSqlInstance"] = transformedCloudSqlInstance
+ }
+
+ transformedCloudFunction, err := expandNetworkManagementConnectivityTestSourceCloudFunction(original["cloud_function"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedCloudFunction); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["cloudFunction"] = transformedCloudFunction
+ }
+
+ transformedAppEngineVersion, err := expandNetworkManagementConnectivityTestSourceAppEngineVersion(original["app_engine_version"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedAppEngineVersion); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["appEngineVersion"] = transformedAppEngineVersion
+ }
+
+ transformedCloudRunRevision, err := expandNetworkManagementConnectivityTestSourceCloudRunRevision(original["cloud_run_revision"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedCloudRunRevision); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["cloudRunRevision"] = transformedCloudRunRevision
+ }
+
transformedNetwork, err := expandNetworkManagementConnectivityTestSourceNetwork(original["network"], d, config)
if err != nil {
return nil, err
@@ -910,6 +1180,83 @@ func expandNetworkManagementConnectivityTestSourceInstance(v interface{}, d tpgr
return v, nil
}
+func expandNetworkManagementConnectivityTestSourceGkeMasterCluster(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ return v, nil
+}
+
+func expandNetworkManagementConnectivityTestSourceCloudSqlInstance(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ return v, nil
+}
+
+func expandNetworkManagementConnectivityTestSourceCloudFunction(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ l := v.([]interface{})
+ if len(l) == 0 || l[0] == nil {
+ return nil, nil
+ }
+ raw := l[0]
+ original := raw.(map[string]interface{})
+ transformed := make(map[string]interface{})
+
+ transformedUri, err := expandNetworkManagementConnectivityTestSourceCloudFunctionUri(original["uri"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedUri); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["uri"] = transformedUri
+ }
+
+ return transformed, nil
+}
+
+func expandNetworkManagementConnectivityTestSourceCloudFunctionUri(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ return v, nil
+}
+
+func expandNetworkManagementConnectivityTestSourceAppEngineVersion(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ l := v.([]interface{})
+ if len(l) == 0 || l[0] == nil {
+ return nil, nil
+ }
+ raw := l[0]
+ original := raw.(map[string]interface{})
+ transformed := make(map[string]interface{})
+
+ transformedUri, err := expandNetworkManagementConnectivityTestSourceAppEngineVersionUri(original["uri"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedUri); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["uri"] = transformedUri
+ }
+
+ return transformed, nil
+}
+
+func expandNetworkManagementConnectivityTestSourceAppEngineVersionUri(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ return v, nil
+}
+
+func expandNetworkManagementConnectivityTestSourceCloudRunRevision(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ l := v.([]interface{})
+ if len(l) == 0 || l[0] == nil {
+ return nil, nil
+ }
+ raw := l[0]
+ original := raw.(map[string]interface{})
+ transformed := make(map[string]interface{})
+
+ transformedUri, err := expandNetworkManagementConnectivityTestSourceCloudRunRevisionUri(original["uri"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedUri); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["uri"] = transformedUri
+ }
+
+ return transformed, nil
+}
+
+func expandNetworkManagementConnectivityTestSourceCloudRunRevisionUri(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ return v, nil
+}
+
func expandNetworkManagementConnectivityTestSourceNetwork(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
@@ -952,6 +1299,48 @@ func expandNetworkManagementConnectivityTestDestination(v interface{}, d tpgreso
transformed["instance"] = transformedInstance
}
+ transformedForwardingRule, err := expandNetworkManagementConnectivityTestDestinationForwardingRule(original["forwarding_rule"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedForwardingRule); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["forwardingRule"] = transformedForwardingRule
+ }
+
+ transformedGkeMasterCluster, err := expandNetworkManagementConnectivityTestDestinationGkeMasterCluster(original["gke_master_cluster"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedGkeMasterCluster); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["gkeMasterCluster"] = transformedGkeMasterCluster
+ }
+
+ transformedFqdn, err := expandNetworkManagementConnectivityTestDestinationFqdn(original["fqdn"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedFqdn); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["fqdn"] = transformedFqdn
+ }
+
+ transformedCloudSqlInstance, err := expandNetworkManagementConnectivityTestDestinationCloudSqlInstance(original["cloud_sql_instance"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedCloudSqlInstance); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["cloudSqlInstance"] = transformedCloudSqlInstance
+ }
+
+ transformedRedisInstance, err := expandNetworkManagementConnectivityTestDestinationRedisInstance(original["redis_instance"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedRedisInstance); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["redisInstance"] = transformedRedisInstance
+ }
+
+ transformedRedisCluster, err := expandNetworkManagementConnectivityTestDestinationRedisCluster(original["redis_cluster"], d, config)
+ if err != nil {
+ return nil, err
+ } else if val := reflect.ValueOf(transformedRedisCluster); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+ transformed["redisCluster"] = transformedRedisCluster
+ }
+
transformedNetwork, err := expandNetworkManagementConnectivityTestDestinationNetwork(original["network"], d, config)
if err != nil {
return nil, err
@@ -981,6 +1370,30 @@ func expandNetworkManagementConnectivityTestDestinationInstance(v interface{}, d
return v, nil
}
+func expandNetworkManagementConnectivityTestDestinationForwardingRule(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ return v, nil
+}
+
+func expandNetworkManagementConnectivityTestDestinationGkeMasterCluster(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ return v, nil
+}
+
+func expandNetworkManagementConnectivityTestDestinationFqdn(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ return v, nil
+}
+
+func expandNetworkManagementConnectivityTestDestinationCloudSqlInstance(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ return v, nil
+}
+
+func expandNetworkManagementConnectivityTestDestinationRedisInstance(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ return v, nil
+}
+
+func expandNetworkManagementConnectivityTestDestinationRedisCluster(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ return v, nil
+}
+
func expandNetworkManagementConnectivityTestDestinationNetwork(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
@@ -997,6 +1410,14 @@ func expandNetworkManagementConnectivityTestRelatedProjects(v interface{}, d tpg
return v, nil
}
+func expandNetworkManagementConnectivityTestRoundTrip(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ return v, nil
+}
+
+func expandNetworkManagementConnectivityTestBypassFirewallChecks(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+ return v, nil
+}
+
func expandNetworkManagementConnectivityTestEffectiveLabels(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (map[string]string, error) {
if v == nil {
return map[string]string{}, nil
diff --git a/google/services/networkmanagement/resource_network_management_connectivity_test_resource_generated_test.go b/google/services/networkmanagement/resource_network_management_connectivity_test_resource_generated_test.go
index 4b06b5da285..a1d3b80448e 100644
--- a/google/services/networkmanagement/resource_network_management_connectivity_test_resource_generated_test.go
+++ b/google/services/networkmanagement/resource_network_management_connectivity_test_resource_generated_test.go
@@ -192,6 +192,64 @@ resource "google_compute_address" "dest-addr" {
`, context)
}
+func TestAccNetworkManagementConnectivityTest_networkManagementConnectivityTestEndpointsExample(t *testing.T) {
+ t.Parallel()
+
+ context := map[string]interface{}{
+ "random_suffix": acctest.RandString(t, 10),
+ }
+
+ acctest.VcrTest(t, resource.TestCase{
+ PreCheck: func() { acctest.AccTestPreCheck(t) },
+ ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+ CheckDestroy: testAccCheckNetworkManagementConnectivityTestDestroyProducer(t),
+ Steps: []resource.TestStep{
+ {
+ Config: testAccNetworkManagementConnectivityTest_networkManagementConnectivityTestEndpointsExample(context),
+ },
+ {
+ ResourceName: "google_network_management_connectivity_test.endpoints-test",
+ ImportState: true,
+ ImportStateVerify: true,
+ ImportStateVerifyIgnore: []string{"labels", "terraform_labels"},
+ },
+ },
+ })
+}
+
+func testAccNetworkManagementConnectivityTest_networkManagementConnectivityTestEndpointsExample(context map[string]interface{}) string {
+ return acctest.Nprintf(`
+resource "google_network_management_connectivity_test" "endpoints-test" {
+ name = "tf-test-conn-test-endpoints%{random_suffix}"
+ source {
+ gke_master_cluster = "projects/test-project/locations/us-central1/clusters/name"
+ cloud_sql_instance = "projects/test-project/instances/name"
+ app_engine_version {
+ uri = "apps/test-project/services/default/versions/name"
+ }
+ cloud_function {
+ uri = "projects/test-project/locations/us-central1/functions/name"
+ }
+ cloud_run_revision {
+ uri = "projects/test-project/locations/us-central1/revisions/name"
+ }
+ port = 80
+ }
+ destination {
+ port = 443
+ forwarding_rule = "projects/test-project/regions/us-central1/forwardingRules/name"
+ gke_master_cluster = "projects/test-project/locations/us-central1/clusters/name"
+ fqdn = "name.us-central1.gke.goog"
+ cloud_sql_instance = "projects/test-project/instances/name"
+ redis_instance = "projects/test-project/locations/us-central1/instances/name"
+ redis_cluster = "projects/test-project/locations/us-central1/clusters/name"
+ }
+ bypass_firewall_checks = true
+ round_trip = true
+}
+`, context)
+}
+
func testAccCheckNetworkManagementConnectivityTestDestroyProducer(t *testing.T) func(s *terraform.State) error {
return func(s *terraform.State) error {
for name, rs := range s.RootModule().Resources {
diff --git a/website/docs/r/network_management_connectivity_test.html.markdown b/website/docs/r/network_management_connectivity_test.html.markdown
index 59757633b66..0b6567fe21f 100644
--- a/website/docs/r/network_management_connectivity_test.html.markdown
+++ b/website/docs/r/network_management_connectivity_test.html.markdown
@@ -156,6 +156,44 @@ resource "google_compute_address" "dest-addr" {
region = "us-central1"
}
```
+
+## Example Usage - Network Management Connectivity Test Endpoints
+
+
+```hcl
+resource "google_network_management_connectivity_test" "endpoints-test" {
+ name = "conn-test-endpoints"
+ source {
+ gke_master_cluster = "projects/test-project/locations/us-central1/clusters/name"
+ cloud_sql_instance = "projects/test-project/instances/name"
+ app_engine_version {
+ uri = "apps/test-project/services/default/versions/name"
+ }
+ cloud_function {
+ uri = "projects/test-project/locations/us-central1/functions/name"
+ }
+ cloud_run_revision {
+ uri = "projects/test-project/locations/us-central1/revisions/name"
+ }
+ port = 80
+ }
+ destination {
+ port = 443
+ forwarding_rule = "projects/test-project/regions/us-central1/forwardingRules/name"
+ gke_master_cluster = "projects/test-project/locations/us-central1/clusters/name"
+ fqdn = "name.us-central1.gke.goog"
+ cloud_sql_instance = "projects/test-project/instances/name"
+ redis_instance = "projects/test-project/locations/us-central1/instances/name"
+ redis_cluster = "projects/test-project/locations/us-central1/clusters/name"
+ }
+ bypass_firewall_checks = true
+ round_trip = true
+}
+```
## Argument Reference
@@ -169,41 +207,21 @@ The following arguments are supported:
* `source` -
(Required)
Required. Source specification of the Connectivity Test.
- You can use a combination of source IP address, virtual machine
- (VM) instance, or Compute Engine network to uniquely identify the
- source location.
- Examples: If the source IP address is an internal IP address within
- a Google Cloud Virtual Private Cloud (VPC) network, then you must
- also specify the VPC network. Otherwise, specify the VM instance,
- which already contains its internal IP address and VPC network
- information.
- If the source of the test is within an on-premises network, then
- you must provide the destination VPC network.
- If the source endpoint is a Compute Engine VM instance with multiple
- network interfaces, the instance itself is not sufficient to
- identify the endpoint. So, you must also specify the source IP
- address or VPC network.
- A reachability analysis proceeds even if the source location is
- ambiguous. However, the test result may include endpoints that
- you don't intend to test.
+ You can use a combination of source IP address, URI of a supported
+ endpoint, project ID, or VPC network to identify the source location.
+ Reachability analysis might proceed even if the source location is
+ ambiguous. However, the test result might include endpoints or use a source
+ that you don't intend to test.
Structure is [documented below](#nested_source).
* `destination` -
(Required)
Required. Destination specification of the Connectivity Test.
- You can use a combination of destination IP address, Compute
- Engine VM instance, or VPC network to uniquely identify the
- destination location.
- Even if the destination IP address is not unique, the source IP
- location is unique. Usually, the analysis can infer the destination
- endpoint from route information.
- If the destination you specify is a VM instance and the instance has
- multiple network interfaces, then you must also specify either a
- destination IP address or VPC network to identify the destination
- interface.
- A reachability analysis proceeds even if the destination location
- is ambiguous. However, the result can include endpoints that you
- don't intend to test.
+ You can use a combination of destination IP address, URI of a supported
+ endpoint, project ID, or VPC network to identify the destination location.
+ Reachability analysis proceeds even if the destination location is
+ ambiguous. However, the test result might include endpoints or use a
+ destination that you don't intend to test.
Structure is [documented below](#nested_destination).
@@ -211,22 +229,43 @@ The following arguments are supported:
* `ip_address` -
(Optional)
- The IP address of the endpoint, which can be an external or
- internal IP. An IPv6 address is only allowed when the test's
- destination is a global load balancer VIP.
+ The IP address of the endpoint, which can be an external or internal IP.
* `port` -
(Optional)
- The IP protocol port of the endpoint. Only applicable when
- protocol is TCP or UDP.
+ The IP protocol port of the endpoint. Only applicable when protocol is
+ TCP or UDP.
* `instance` -
(Optional)
A Compute Engine instance URI.
+* `gke_master_cluster` -
+ (Optional)
+ A cluster URI for Google Kubernetes Engine cluster control plane.
+
+* `cloud_sql_instance` -
+ (Optional)
+ A Cloud SQL instance URI.
+
+* `cloud_function` -
+ (Optional)
+ A Cloud Function.
+ Structure is [documented below](#nested_source_cloud_function).
+
+* `app_engine_version` -
+ (Optional)
+ An App Engine service version.
+ Structure is [documented below](#nested_source_app_engine_version).
+
+* `cloud_run_revision` -
+ (Optional)
+ A Cloud Run revision.
+ Structure is [documented below](#nested_source_cloud_run_revision).
+
* `network` -
(Optional)
- A Compute Engine network URI.
+ A VPC network URI.
* `network_type` -
(Optional)
@@ -235,47 +274,92 @@ The following arguments are supported:
* `project_id` -
(Optional)
- Project ID where the endpoint is located. The Project ID can be
- derived from the URI if you provide a VM instance or network URI.
- The following are two cases where you must provide the project ID:
- 1. Only the IP address is specified, and the IP address is
- within a GCP project.
- 2. When you are using Shared VPC and the IP address
- that you provide is from the service project. In this case,
- the network that the IP address resides in is defined in the
- host project.
+ Project ID where the endpoint is located.
+ The project ID can be derived from the URI if you provide a endpoint or
+ network URI.
+ The following are two cases where you may need to provide the project ID:
+ 1. Only the IP address is specified, and the IP address is within a Google
+ Cloud project.
+ 2. When you are using Shared VPC and the IP address that you provide is
+ from the service project. In this case, the network that the IP address
+ resides in is defined in the host project.
+
+
+The `cloud_function` block supports:
+
+* `uri` -
+ (Optional)
+ A Cloud Function name.
+
+The `app_engine_version` block supports:
+
+* `uri` -
+ (Optional)
+ An App Engine service version name.
+
+The `cloud_run_revision` block supports:
+
+* `uri` -
+ (Optional)
+ A Cloud Run revision URI.
The `destination` block supports:
* `ip_address` -
(Optional)
- The IP address of the endpoint, which can be an external or
- internal IP. An IPv6 address is only allowed when the test's
- destination is a global load balancer VIP.
+ The IP address of the endpoint, which can be an external or internal IP.
* `port` -
(Optional)
- The IP protocol port of the endpoint. Only applicable when
- protocol is TCP or UDP.
+ The IP protocol port of the endpoint. Only applicable when protocol is
+ TCP or UDP.
* `instance` -
(Optional)
A Compute Engine instance URI.
+* `forwarding_rule` -
+ (Optional)
+ Forwarding rule URI. Forwarding rules are frontends for load balancers,
+ PSC endpoints, and Protocol Forwarding.
+
+* `gke_master_cluster` -
+ (Optional)
+ A cluster URI for Google Kubernetes Engine cluster control plane.
+
+* `fqdn` -
+ (Optional)
+ A DNS endpoint of Google Kubernetes Engine cluster control plane.
+ Requires gke_master_cluster to be set, can't be used simultaneoulsly with
+ ip_address or network. Applicable only to destination endpoint.
+
+* `cloud_sql_instance` -
+ (Optional)
+ A Cloud SQL instance URI.
+
+* `redis_instance` -
+ (Optional)
+ A Redis Instance URI.
+
+* `redis_cluster` -
+ (Optional)
+ A Redis Cluster URI.
+
* `network` -
(Optional)
- A Compute Engine network URI.
+ A VPC network URI.
* `project_id` -
(Optional)
- Project ID where the endpoint is located. The Project ID can be
- derived from the URI if you provide a VM instance or network URI.
- The following are two cases where you must provide the project ID:
- 1. Only the IP address is specified, and the IP address is within
- a GCP project. 2. When you are using Shared VPC and the IP address
- that you provide is from the service project. In this case, the
- network that the IP address resides in is defined in the host
- project.
+ Project ID where the endpoint is located.
+ The project ID can be derived from the URI if you provide a endpoint or
+ network URI.
+ The following are two cases where you may need to provide the project ID:
+ 1. Only the IP address is specified, and the IP address is within a Google
+ Cloud project.
+ 2. When you are using Shared VPC and the IP address that you provide is
+ from the service project. In this case, the network that the IP address
+ resides in is defined in the host project.
- - -
@@ -302,6 +386,15 @@ The following arguments are supported:
**Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field `effective_labels` for all of the labels present on the resource.
+* `round_trip` -
+ (Optional)
+ Whether run analysis for the return path from destination to source.
+ Default value is false.
+
+* `bypass_firewall_checks` -
+ (Optional)
+ Whether the analysis should skip firewall checking. Default value is false.
+
* `project` - (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
@@ -325,9 +418,9 @@ In addition to the arguments listed above, the following computed attributes are
This resource provides the following
[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:
-- `create` - Default is 20 minutes.
-- `update` - Default is 20 minutes.
-- `delete` - Default is 20 minutes.
+- `create` - Default is 5 minutes.
+- `update` - Default is 5 minutes.
+- `delete` - Default is 5 minutes.
## Import
+
+