datafusion: Add network config fields for Private Service Connect (#10969) (#18525)

[upstream:b1a4a0722e54c1fdaac36f1f00ca4b1c6e328c0f]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/10969.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+datafusion: added fields `connection_type` and `private_service_connect_config` to enable using Private Service Connect with `google_data_fusion_instance` resources
+```

google/services/datafusion/resource_data_fusion_instance.go

@@ -215,21 +215,65 @@ Please refer to the field 'effective_labels' for all of the labels present on th
 				MaxItems:    1,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
+						"connection_type": {
+							Type:         schema.TypeString,
+							Optional:     true,
+							ForceNew:     true,
+							ValidateFunc: verify.ValidateEnum([]string{"VPC_PEERING", "PRIVATE_SERVICE_CONNECT_INTERFACES", ""}),
+							Description: `Optional. Type of connection for establishing private IP connectivity between the Data Fusion customer project VPC and
+the corresponding tenant project from a predefined list of available connection modes.
+If this field is unspecified for a private instance, VPC peering is used. Possible values: ["VPC_PEERING", "PRIVATE_SERVICE_CONNECT_INTERFACES"]`,
+						},
 						"ip_allocation": {
 							Type:     schema.TypeString,
-							Required: true,
+							Optional: true,
 							ForceNew: true,
 							Description: `The IP range in CIDR notation to use for the managed Data Fusion instance
 nodes. This range must not overlap with any other ranges used in the Data Fusion instance network.`,
 						},
 						"network": {
 							Type:     schema.TypeString,
-							Required: true,
+							Optional: true,
 							ForceNew: true,
 							Description: `Name of the network in the project with which the tenant project
 will be peered for executing pipelines. In case of shared VPC where the network resides in another host
 project the network should specified in the form of projects/{host-project-id}/global/networks/{network}`,
 						},
+						"private_service_connect_config": {
+							Type:     schema.TypeList,
+							Optional: true,
+							ForceNew: true,
+							Description: `Optional. Configuration for Private Service Connect.
+This is required only when using connection type PRIVATE_SERVICE_CONNECT_INTERFACES.`,
+							MaxItems: 1,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"network_attachment": {
+										Type:     schema.TypeString,
+										Optional: true,
+										ForceNew: true,
+										Description: `Optional. The reference to the network attachment used to establish private connectivity.
+It will be of the form projects/{project-id}/regions/{region}/networkAttachments/{network-attachment-id}.
+This is required only when using connection type PRIVATE_SERVICE_CONNECT_INTERFACES.`,
+									},
+									"unreachable_cidr_block": {
+										Type:     schema.TypeString,
+										Optional: true,
+										ForceNew: true,
+										Description: `Optional. Input only. The CIDR block to which the CDF instance can't route traffic to in the consumer project VPC.
+The size of this block should be at least /25. This range should not overlap with the primary address range of any subnetwork used by the network attachment.
+This range can be used for other purposes in the consumer VPC as long as there is no requirement for CDF to reach destinations using these addresses.
+If this value is not provided, the server chooses a non RFC 1918 address range. The format of this field is governed by RFC 4632.`,
+									},
+									"effective_unreachable_cidr_block": {
+										Type:     schema.TypeString,
+										Computed: true,
+										Description: `Output only. The CIDR block to which the CDF instance can't route traffic to in the consumer project VPC.
+The size of this block is /25. The format of this field is governed by RFC 4632.`,
+									},
+								},
+							},
+						},
 					},
 				},
 			},
@@ -961,6 +1005,10 @@ func flattenDataFusionInstanceNetworkConfig(v interface{}, d *schema.ResourceDat
 		flattenDataFusionInstanceNetworkConfigIpAllocation(original["ipAllocation"], d, config)
 	transformed["network"] =
 		flattenDataFusionInstanceNetworkConfigNetwork(original["network"], d, config)
+	transformed["connection_type"] =
+		flattenDataFusionInstanceNetworkConfigConnectionType(original["connectionType"], d, config)
+	transformed["private_service_connect_config"] =
+		flattenDataFusionInstanceNetworkConfigPrivateServiceConnectConfig(original["privateServiceConnectConfig"], d, config)
 	return []interface{}{transformed}
 }
 func flattenDataFusionInstanceNetworkConfigIpAllocation(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
@@ -971,6 +1019,39 @@ func flattenDataFusionInstanceNetworkConfigNetwork(v interface{}, d *schema.Reso
 	return v
 }
 
+func flattenDataFusionInstanceNetworkConfigConnectionType(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
+func flattenDataFusionInstanceNetworkConfigPrivateServiceConnectConfig(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	if v == nil {
+		return nil
+	}
+	original := v.(map[string]interface{})
+	if len(original) == 0 {
+		return nil
+	}
+	transformed := make(map[string]interface{})
+	transformed["network_attachment"] =
+		flattenDataFusionInstanceNetworkConfigPrivateServiceConnectConfigNetworkAttachment(original["networkAttachment"], d, config)
+	transformed["unreachable_cidr_block"] =
+		flattenDataFusionInstanceNetworkConfigPrivateServiceConnectConfigUnreachableCidrBlock(original["unreachableCidrBlock"], d, config)
+	transformed["effective_unreachable_cidr_block"] =
+		flattenDataFusionInstanceNetworkConfigPrivateServiceConnectConfigEffectiveUnreachableCidrBlock(original["effectiveUnreachableCidrBlock"], d, config)
+	return []interface{}{transformed}
+}
+func flattenDataFusionInstanceNetworkConfigPrivateServiceConnectConfigNetworkAttachment(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
+func flattenDataFusionInstanceNetworkConfigPrivateServiceConnectConfigUnreachableCidrBlock(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return d.Get("network_config.0.private_service_connect_config.0.unreachable_cidr_block")
+}
+
+func flattenDataFusionInstanceNetworkConfigPrivateServiceConnectConfigEffectiveUnreachableCidrBlock(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
 func flattenDataFusionInstanceZone(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
 	return v
 }
@@ -1143,6 +1224,20 @@ func expandDataFusionInstanceNetworkConfig(v interface{}, d tpgresource.Terrafor
 		transformed["network"] = transformedNetwork
 	}
 
+	transformedConnectionType, err := expandDataFusionInstanceNetworkConfigConnectionType(original["connection_type"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedConnectionType); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["connectionType"] = transformedConnectionType
+	}
+
+	transformedPrivateServiceConnectConfig, err := expandDataFusionInstanceNetworkConfigPrivateServiceConnectConfig(original["private_service_connect_config"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedPrivateServiceConnectConfig); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["privateServiceConnectConfig"] = transformedPrivateServiceConnectConfig
+	}
+
 	return transformed, nil
 }
 
@@ -1154,6 +1249,55 @@ func expandDataFusionInstanceNetworkConfigNetwork(v interface{}, d tpgresource.T
 	return v, nil
 }
 
+func expandDataFusionInstanceNetworkConfigConnectionType(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
+func expandDataFusionInstanceNetworkConfigPrivateServiceConnectConfig(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	l := v.([]interface{})
+	if len(l) == 0 || l[0] == nil {
+		return nil, nil
+	}
+	raw := l[0]
+	original := raw.(map[string]interface{})
+	transformed := make(map[string]interface{})
+
+	transformedNetworkAttachment, err := expandDataFusionInstanceNetworkConfigPrivateServiceConnectConfigNetworkAttachment(original["network_attachment"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedNetworkAttachment); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["networkAttachment"] = transformedNetworkAttachment
+	}
+
+	transformedUnreachableCidrBlock, err := expandDataFusionInstanceNetworkConfigPrivateServiceConnectConfigUnreachableCidrBlock(original["unreachable_cidr_block"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedUnreachableCidrBlock); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["unreachableCidrBlock"] = transformedUnreachableCidrBlock
+	}
+
+	transformedEffectiveUnreachableCidrBlock, err := expandDataFusionInstanceNetworkConfigPrivateServiceConnectConfigEffectiveUnreachableCidrBlock(original["effective_unreachable_cidr_block"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedEffectiveUnreachableCidrBlock); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["effectiveUnreachableCidrBlock"] = transformedEffectiveUnreachableCidrBlock
+	}
+
+	return transformed, nil
+}
+
+func expandDataFusionInstanceNetworkConfigPrivateServiceConnectConfigNetworkAttachment(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
+func expandDataFusionInstanceNetworkConfigPrivateServiceConnectConfigUnreachableCidrBlock(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
+func expandDataFusionInstanceNetworkConfigPrivateServiceConnectConfigEffectiveUnreachableCidrBlock(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandDataFusionInstanceZone(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	return v, nil
 }

google/services/datafusion/resource_data_fusion_instance_generated_test.go

@@ -50,7 +50,7 @@ func TestAccDataFusionInstance_dataFusionInstanceBasicExample(t *testing.T) {
 				ResourceName:            "google_data_fusion_instance.basic_instance",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"labels", "region", "terraform_labels"},
+				ImportStateVerifyIgnore: []string{"labels", "network_config.0.private_service_connect_config.0.unreachable_cidr_block", "region", "terraform_labels"},
 			},
 		},
 	})
@@ -87,7 +87,7 @@ func TestAccDataFusionInstance_dataFusionInstanceFullExample(t *testing.T) {
 				ResourceName:            "google_data_fusion_instance.extended_instance",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"labels", "region", "terraform_labels"},
+				ImportStateVerifyIgnore: []string{"labels", "network_config.0.private_service_connect_config.0.unreachable_cidr_block", "region", "terraform_labels"},
 			},
 		},
 	})
@@ -139,6 +139,76 @@ resource "google_compute_global_address" "private_ip_alloc" {
 `, context)
 }
 
+func TestAccDataFusionInstance_dataFusionInstancePscExample(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"prober_test_run": `options = { prober_test_run = "true" }`,
+		"random_suffix":   acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckDataFusionInstanceDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccDataFusionInstance_dataFusionInstancePscExample(context),
+			},
+			{
+				ResourceName:            "google_data_fusion_instance.psc_instance",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"labels", "network_config.0.private_service_connect_config.0.unreachable_cidr_block", "region", "terraform_labels"},
+			},
+		},
+	})
+}
+
+func testAccDataFusionInstance_dataFusionInstancePscExample(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_data_fusion_instance" "psc_instance" {
+  name             = "tf-test-psc-instance%{random_suffix}"
+  region           = "us-central1"
+  type             = "BASIC"
+  private_instance = true
+
+  network_config {
+    connection_type = "PRIVATE_SERVICE_CONNECT_INTERFACES"
+    private_service_connect_config {
+      network_attachment     = google_compute_network_attachment.psc.id
+      unreachable_cidr_block = "192.168.0.0/25"
+    }
+  }
+
+  %{prober_test_run}
+}
+
+resource "google_compute_network" "psc" {
+  name                    = "tf-test-datafusion-psc-network%{random_suffix}"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "psc" {
+  name   = "tf-test-datafusion-psc-subnet%{random_suffix}"
+  region = "us-central1"
+
+  network       = google_compute_network.psc.id
+  ip_cidr_range = "10.0.0.0/16"
+}
+
+resource "google_compute_network_attachment" "psc" {
+  name                  = "tf-test-datafusion-psc-attachment%{random_suffix}"
+  region                = "us-central1"
+  connection_preference = "ACCEPT_AUTOMATIC"
+
+  subnetworks = [
+    google_compute_subnetwork.psc.self_link
+  ]
+}
+`, context)
+}
+
 func TestAccDataFusionInstance_dataFusionInstanceCmekExample(t *testing.T) {
 	t.Parallel()
 
@@ -158,7 +228,7 @@ func TestAccDataFusionInstance_dataFusionInstanceCmekExample(t *testing.T) {
 				ResourceName:            "google_data_fusion_instance.cmek",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"labels", "region", "terraform_labels"},
+				ImportStateVerifyIgnore: []string{"labels", "network_config.0.private_service_connect_config.0.unreachable_cidr_block", "region", "terraform_labels"},
 			},
 		},
 	})
@@ -219,7 +289,7 @@ func TestAccDataFusionInstance_dataFusionInstanceEnterpriseExample(t *testing.T)
 				ResourceName:            "google_data_fusion_instance.enterprise_instance",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"labels", "region", "terraform_labels"},
+				ImportStateVerifyIgnore: []string{"labels", "network_config.0.private_service_connect_config.0.unreachable_cidr_block", "region", "terraform_labels"},
 			},
 		},
 	})
@@ -256,7 +326,7 @@ func TestAccDataFusionInstance_dataFusionInstanceEventExample(t *testing.T) {
 				ResourceName:            "google_data_fusion_instance.event",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"labels", "region", "terraform_labels"},
+				ImportStateVerifyIgnore: []string{"labels", "network_config.0.private_service_connect_config.0.unreachable_cidr_block", "region", "terraform_labels"},
 			},
 		},
 	})
@@ -300,7 +370,7 @@ func TestAccDataFusionInstance_dataFusionInstanceZoneExample(t *testing.T) {
 				ResourceName:            "google_data_fusion_instance.zone",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"labels", "region", "terraform_labels"},
+				ImportStateVerifyIgnore: []string{"labels", "network_config.0.private_service_connect_config.0.unreachable_cidr_block", "region", "terraform_labels"},
 			},
 		},
 	})