feat(function): add vpc integration for namespace resource

Author: Mia-Cross

docs/resources/function_namespace.md

@@ -40,6 +40,10 @@ The following arguments are supported:
 
 - `secret_environment_variables` - (Optional) The secret environment variables of the namespace.
 
+- `activate_vpc_integration` - (Optional) Activates VPC integration for the namespace. Functions of a namespace with VPC integration activated will be able to connect to a Private Network.
+
+~> **Important** Updates to `activate_vpc_integration` will recreate the namespace.
+
 ## Attributes Reference
 
 The `scaleway_function_namespace` resource exports certain attributes once the Functions namespace has been created. These attributes can be referenced in other parts of your Terraform configuration.

internal/services/function/function.go

@@ -14,6 +14,7 @@ import (
 	"github.com/scaleway/terraform-provider-scaleway/v2/internal/cdf"
 	"github.com/scaleway/terraform-provider-scaleway/v2/internal/dsf"
 	"github.com/scaleway/terraform-provider-scaleway/v2/internal/httperrors"
+	"github.com/scaleway/terraform-provider-scaleway/v2/internal/locality"
 	"github.com/scaleway/terraform-provider-scaleway/v2/internal/locality/regional"
 	"github.com/scaleway/terraform-provider-scaleway/v2/internal/services/account"
 	"github.com/scaleway/terraform-provider-scaleway/v2/internal/types"
@@ -170,6 +171,11 @@ func ResourceFunction() *schema.Resource {
 				Computed:    true,
 				Description: "The native function domain name.",
 			},
+			"private_network_id": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "ID of the Private Network the container is connected to",
+			},
 			"region":          regional.Schema(),
 			"organization_id": account.OrganizationIDSchema(),
 			"project_id":      account.ProjectIDSchema(),
@@ -214,6 +220,10 @@ func ResourceFunctionCreate(ctx context.Context, d *schema.ResourceData, m inter
 		req.Timeout = &scw.Duration{Seconds: int64(timeout.(int))}
 	}
 
+	if pnID, ok := d.GetOk("private_network_id"); ok {
+		req.PrivateNetworkID = types.ExpandStringPtr(locality.ExpandID(pnID.(string)))
+	}
+
 	f, err := api.CreateFunction(req, scw.WithContext(ctx))
 	if err != nil {
 		return diag.FromErr(err)
@@ -324,6 +334,10 @@ func ResourceFunctionRead(ctx context.Context, d *schema.ResourceData, m interfa
 	_ = d.Set("secret_environment_variables", flattenFunctionSecrets(f.SecretEnvironmentVariables))
 	_ = d.Set("tags", types.FlattenSliceString(f.Tags))
 
+	if f.PrivateNetworkID != nil {
+		_ = d.Set("private_network_id", regional.NewID(region, types.FlattenStringPtr(f.PrivateNetworkID).(string)).String())
+	}
+
 	return diags
 }
 
@@ -415,6 +429,16 @@ func ResourceFunctionUpdate(ctx context.Context, d *schema.ResourceData, m inter
 		updated = true
 	}
 
+	if d.HasChanges("private_network_id") {
+		if _, newPNID := d.GetChange("private_network_id"); newPNID != nil && newPNID.(string) != "" {
+			req.PrivateNetworkID = types.ExpandUpdatedStringPtr(locality.ExpandID(newPNID.(string)))
+		} else {
+			req.PrivateNetworkID = nil
+		}
+
+		updated = true
+	}
+
 	if updated {
 		_, err = api.UpdateFunction(req, scw.WithContext(ctx))
 		if err != nil {

internal/services/function/namespace.go

@@ -86,6 +86,13 @@ func ResourceNamespace() *schema.Resource {
 				Computed:    true,
 				Description: "The ID of the registry namespace",
 			},
+			"activate_vpc_integration": {
+				Type:        schema.TypeBool,
+				ForceNew:    true,
+				Optional:    true,
+				Default:     false,
+				Description: "Activate VPC integration for the namespace",
+			},
 			"region":          regional.Schema(),
 			"organization_id": account.OrganizationIDSchema(),
 			"project_id":      account.ProjectIDSchema(),
@@ -113,6 +120,10 @@ func ResourceFunctionNamespaceCreate(ctx context.Context, d *schema.ResourceData
 		createReq.Tags = types.ExpandStrings(rawTag)
 	}
 
+	if activateVPC, ok := d.GetOk("activate_vpc_integration"); ok {
+		createReq.ActivateVpcIntegration = activateVPC.(bool)
+	}
+
 	ns, err := api.CreateNamespace(createReq, scw.WithContext(ctx))
 	if err != nil {
 		return diag.FromErr(err)
@@ -155,6 +166,7 @@ func ResourceFunctionNamespaceRead(ctx context.Context, d *schema.ResourceData,
 	_ = d.Set("registry_endpoint", ns.RegistryEndpoint)
 	_ = d.Set("registry_namespace_id", ns.RegistryNamespaceID)
 	_ = d.Set("secret_environment_variables", flattenFunctionSecrets(ns.SecretEnvironmentVariables))
+	_ = d.Set("activate_vpc_integration", types.FlattenBoolPtr(ns.VpcIntegrationActivated))
 
 	return nil
 }

internal/services/function/namespace_test.go

@@ -10,6 +10,7 @@ import (
 	"github.com/scaleway/terraform-provider-scaleway/v2/internal/acctest"
 	"github.com/scaleway/terraform-provider-scaleway/v2/internal/httperrors"
 	"github.com/scaleway/terraform-provider-scaleway/v2/internal/services/function"
+	vpcchecks "github.com/scaleway/terraform-provider-scaleway/v2/internal/services/vpc/testfuncs"
 )
 
 func TestAccFunctionNamespace_Basic(t *testing.T) {
@@ -179,6 +180,84 @@ func TestAccFunctionNamespace_EnvironmentVariables(t *testing.T) {
 	})
 }
 
+func TestAccFunctionNamespace_VPCIntegration(t *testing.T) {
+	tt := acctest.NewTestTools(t)
+	defer tt.Cleanup()
+
+	namespaceID := ""
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:          func() { acctest.PreCheck(t) },
+		ProviderFactories: tt.ProviderFactories,
+		CheckDestroy: resource.ComposeTestCheckFunc(
+			testAccCheckFunctionNamespaceDestroy(tt),
+			testAccCheckFunctionDestroy(tt),
+			vpcchecks.CheckPrivateNetworkDestroy(tt),
+		),
+		Steps: []resource.TestStep{
+			{
+				Config: `
+					resource scaleway_vpc_private_network main {}
+
+					resource scaleway_function_namespace main {}
+
+					resource scaleway_function main {
+						namespace_id = scaleway_function_namespace.main.id
+						privacy = "private"
+						runtime = "go123"
+						handler = "Handle"
+					}
+				`,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckFunctionNamespaceExists(tt, "scaleway_function_namespace.main"),
+					resource.TestCheckResourceAttr("scaleway_function_namespace.main", "activate_vpc_integration", "false"),
+					acctest.CheckResourceIDPersisted("scaleway_function_namespace.main", &namespaceID),
+				),
+			},
+			//{
+			//	Config: `
+			//		resource scaleway_vpc_private_network main {}
+			//
+			//		resource scaleway_function_namespace main {}
+			//
+			//		resource scaleway_function main {
+			//			namespace_id = scaleway_function_namespace.main.id
+			//			privacy = "private"
+			//			runtime = "go123"
+			//			handler = "Handle"
+			//			private_network_id = scaleway_vpc_private_network.main.id
+			//		}
+			//	`,
+			//	ExpectError: regexp.MustCompile("Application can't be attached to private network, vpc integration must be activated on its parent namespace"),
+			//},
+			{
+				Config: `
+					resource scaleway_vpc_private_network main {}
+
+					resource scaleway_function_namespace main {
+						activate_vpc_integration = true
+					}
+
+					resource scaleway_function main {
+						namespace_id = scaleway_function_namespace.main.id
+						privacy = "private"
+						runtime = "go123"
+						handler = "Handle"
+						private_network_id = scaleway_vpc_private_network.main.id
+					}
+				`,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckFunctionNamespaceExists(tt, "scaleway_function_namespace.main"),
+					testAccCheckFunctionExists(tt, "scaleway_function.main"),
+					resource.TestCheckResourceAttr("scaleway_function_namespace.main", "activate_vpc_integration", "true"),
+					resource.TestCheckResourceAttrPair("scaleway_function.main", "private_network_id", "scaleway_vpc_private_network.main", "id"),
+					acctest.CheckResourceIDChanged("scaleway_function_namespace.main", &namespaceID),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckFunctionNamespaceExists(tt *acctest.TestTools, n string) resource.TestCheckFunc {
 	return func(state *terraform.State) error {
 		rs, ok := state.RootModule().Resources[n]