Add option to recreate PSC FW rule when status changed to closed (#9190) (#16188)

[upstream:85d3f6e001151c63845fd72325ab07e55f558429]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/9190.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+compute: add `recreate_closed_psc` flag to recreate the PSC Consumer forwarding rule if the `psc_connection_status` is closed on `google_compute_forwarding_rule`.
+```

google/services/compute/resource_compute_forwarding_rule.go

@@ -18,6 +18,7 @@
 package compute
 
 import (
+	"context"
 	"fmt"
 	"log"
 	"reflect"
@@ -32,6 +33,23 @@ import (
 	"github.com/hashicorp/terraform-provider-google/google/verify"
 )
 
+func forwardingRuleCustomizeDiff(_ context.Context, diff *schema.ResourceDiff, v interface{}) error {
+	log.Println("[DEBUG] [PSC] Reached forwardingRuleCustomizeDiff function")
+
+	// if target is not a string it's not set so no PSC connection
+	if target, ok := diff.Get("target").(string); ok {
+		if strings.Contains(target, "/serviceAttachments/") {
+			recreateClosedPsc, _ := diff.Get("recreate_closed_psc").(bool)
+			if pscConnectionStatus, ok := diff.Get("psc_connection_status").(string); ok && recreateClosedPsc && pscConnectionStatus == "CLOSED" {
+				// https://discuss.hashicorp.com/t/force-new-resource-based-on-api-read-difference/29759/6
+				diff.SetNewComputed("psc_connection_status")
+				diff.ForceNew("psc_connection_status")
+			}
+		}
+	}
+	return nil
+}
+
 func ResourceComputeForwardingRule() *schema.Resource {
 	return &schema.Resource{
 		Create: resourceComputeForwardingRuleCreate,
@@ -50,6 +68,7 @@ func ResourceComputeForwardingRule() *schema.Resource {
 		},
 
 		CustomizeDiff: customdiff.All(
+			forwardingRuleCustomizeDiff,
 			tpgresource.SetLabelsDiff,
 			tpgresource.DefaultProviderProject,
 		),
@@ -486,6 +505,12 @@ This field is only used for INTERNAL load balancing.`,
  and default labels configured on the provider.`,
 				Elem: &schema.Schema{Type: schema.TypeString},
 			},
+			"recreate_closed_psc": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Default:     false,
+				Description: `This is used in PSC consumer ForwardingRule to make terraform recreate the ForwardingRule when the status is closed`,
+			},
 			"project": {
 				Type:     schema.TypeString,
 				Optional: true,
@@ -807,6 +832,12 @@ func resourceComputeForwardingRuleRead(d *schema.ResourceData, meta interface{})
 		return transport_tpg.HandleNotFoundError(err, d, fmt.Sprintf("ComputeForwardingRule %q", d.Id()))
 	}
 
+	// Explicitly set virtual fields to default values if unset
+	if _, ok := d.GetOkExists("recreate_closed_psc"); !ok {
+		if err := d.Set("recreate_closed_psc", false); err != nil {
+			return fmt.Errorf("Error setting recreate_closed_psc: %s", err)
+		}
+	}
 	if err := d.Set("project", project); err != nil {
 		return fmt.Errorf("Error reading ForwardingRule: %s", err)
 	}
@@ -1205,6 +1236,11 @@ func resourceComputeForwardingRuleImport(d *schema.ResourceData, meta interface{
 	id = strings.ReplaceAll(id, "projects/projects/", "projects/")
 	d.SetId(id)
 
+	// Explicitly set virtual fields to default values on import
+	if err := d.Set("recreate_closed_psc", false); err != nil {
+		return nil, fmt.Errorf("Error setting recreate_closed_psc: %s", err)
+	}
+
 	return []*schema.ResourceData{d}, nil
 }
 

google/services/compute/resource_compute_forwarding_rule_test.go

@@ -142,6 +142,51 @@ func TestAccComputeForwardingRule_forwardingRuleVpcPscExampleUpdate(t *testing.T
 	})
 }
 
+func TestAccComputeForwardingRule_forwardingRulePscRecreate(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckComputeForwardingRuleDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccComputeForwardingRule_forwardingRulePscRecreate(context),
+			},
+			{
+				ResourceName:            "google_compute_forwarding_rule.default",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"recreate_closed_psc"},
+			},
+			{
+				Config: testAccComputeForwardingRule_forwardingRulePscRecreate(context),
+			},
+			{
+				ResourceName:            "google_compute_forwarding_rule.default",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ExpectNonEmptyPlan:      true,
+				ImportStateVerifyIgnore: []string{"recreate_closed_psc"},
+			},
+			{
+				Config: testAccComputeForwardingRule_forwardingRulePscRecreate(context),
+			},
+			{
+				ResourceName:            "google_compute_forwarding_rule.default",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ExpectNonEmptyPlan:      true,
+				ImportStateVerifyIgnore: []string{"recreate_closed_psc"},
+			},
+		},
+	})
+}
+
 func TestAccComputeForwardingRule_forwardingRuleRegionalSteeringExampleUpdate(t *testing.T) {
 	t.Parallel()
 
@@ -330,6 +375,107 @@ resource "google_compute_address" "consumer_address" {
 }
 
 
+// Producer service attachment
+
+resource "google_compute_network" "producer_net" {
+  name                    = "tf-test-producer-net%{random_suffix}"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "producer_subnet" {
+  name          = "tf-test-producer-net%{random_suffix}"
+  ip_cidr_range = "10.0.0.0/16"
+  region        = "us-central1"
+  network       = google_compute_network.producer_net.id
+}
+
+resource "google_compute_subnetwork" "psc_producer_subnet" {
+  name          = "tf-test-producer-psc-net%{random_suffix}"
+  ip_cidr_range = "10.1.0.0/16"
+  region        = "us-central1"
+
+  purpose       = "PRIVATE_SERVICE_CONNECT"
+  network       = google_compute_network.producer_net.id
+}
+
+resource "google_compute_service_attachment" "producer_service_attachment" {
+  name        = "tf-test-producer-service%{random_suffix}"
+  region      = "us-central1"
+  description = "A service attachment configured with Terraform"
+
+  enable_proxy_protocol = true
+  connection_preference = "ACCEPT_AUTOMATIC"
+  nat_subnets           = [google_compute_subnetwork.psc_producer_subnet.name]
+  target_service        = google_compute_forwarding_rule.producer_target_service.id
+}
+
+resource "google_compute_forwarding_rule" "producer_target_service" {
+  name     = "tf-test-producer-forwarding-rule%{random_suffix}"
+  region   = "us-central1"
+
+  load_balancing_scheme = "INTERNAL"
+  backend_service       = google_compute_region_backend_service.producer_service_backend.id
+  all_ports             = true
+  network               = google_compute_network.producer_net.name
+  subnetwork            = google_compute_subnetwork.producer_subnet.name
+}
+
+resource "google_compute_region_backend_service" "producer_service_backend" {
+  name     = "tf-test-producer-service-backend%{random_suffix}"
+  region   = "us-central1"
+
+  health_checks = [google_compute_health_check.producer_service_health_check.id]
+}
+
+resource "google_compute_health_check" "producer_service_health_check" {
+  name     = "tf-test-producer-service-health-check%{random_suffix}"
+
+  check_interval_sec = 1
+  timeout_sec        = 1
+  tcp_health_check {
+    port = "80"
+  }
+}
+`, context)
+}
+
+func testAccComputeForwardingRule_forwardingRulePscRecreate(context map[string]interface{}) string {
+
+	return acctest.Nprintf(`
+// Forwarding rule for VPC private service connect
+resource "google_compute_forwarding_rule" "default" {
+  name                    = "tf-test-psc-endpoint%{random_suffix}"
+  region                  = "us-central1"
+  load_balancing_scheme   = ""
+  target                  = google_compute_service_attachment.producer_service_attachment.id
+  network                 = google_compute_network.consumer_net.name
+  ip_address              = google_compute_address.consumer_address.id
+  allow_psc_global_access = true
+  recreate_closed_psc     = true
+}
+
+// Consumer service endpoint
+
+resource "google_compute_network" "consumer_net" {
+  name                    = "tf-test-consumer-net%{random_suffix}"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "consumer_subnet" {
+  name          = "tf-test-consumer-net%{random_suffix}"
+  ip_cidr_range = "10.0.0.0/16"
+  region        = "us-central1"
+  network       = google_compute_network.consumer_net.id
+}
+
+resource "google_compute_address" "consumer_address" {
+  name         = "tf-test-website-ip%{random_suffix}-1"
+  region       = "us-central1"
+  subnetwork   = google_compute_subnetwork.consumer_subnet.id
+  address_type = "INTERNAL"
+}
+
+
 // Producer service attachment
 
 resource "google_compute_network" "producer_net" {

website/docs/r/compute_forwarding_rule.html.markdown

@@ -1570,6 +1570,7 @@ The following arguments are supported:
 * `project` - (Optional) The ID of the project in which the resource belongs.
     If it is not provided, the provider project is used.
 
+* `recreate_closed_psc` - (Optional) This is used in PSC consumer ForwardingRule to make terraform recreate the ForwardingRule when the status is closed
 
 <a name="nested_service_directory_registrations"></a>The `service_directory_registrations` block supports: