making sure swp can be created without scope and certificateUrls (#8390) (#15273)

* making sure swp can be created without scope and certificateUrls

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/8390.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+network_services: removing required flags from `scope` field in `google_network_services_gateway` resource
+```

google/resource_network_services_gateway_test.go

@@ -733,3 +733,86 @@ resource "google_compute_subnetwork" "proxyonlysubnet2" {
 
 `, cmName, netName, subnetName, pSubnetName, policyName, ruleName, gatewayName, gatewayScope, net2Name, subnet2Name, pSubnet2Name)
 }
+
+func TestAccNetworkServicesGateway_minimalSwp(t *testing.T) {
+	netName := fmt.Sprintf("tf-test-gateway-swp-net-%s", acctest.RandString(t, 10))
+	subnetName := fmt.Sprintf("tf-test-gateway-swp-subnet-%s", acctest.RandString(t, 10))
+	pSubnetName := fmt.Sprintf("tf-test-gateway-swp-proxyonly-%s", acctest.RandString(t, 10))
+	policyName := fmt.Sprintf("tf-test-gateway-swp-policy-%s", acctest.RandString(t, 10))
+	ruleName := fmt.Sprintf("tf-test-gateway-swp-rule-%s", acctest.RandString(t, 10))
+	gatewayName := fmt.Sprintf("tf-test-gateway-swp-%s", acctest.RandString(t, 10))
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckNetworkServicesGatewayDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccNetworkServicesGateway_minimalSwp(netName, subnetName, pSubnetName, policyName, ruleName, gatewayName),
+			},
+			{
+				ResourceName:            "google_network_services_gateway.foobar",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"name", "location", "delete_swg_autogen_router_on_destroy"},
+			},
+		},
+	})
+}
+
+func testAccNetworkServicesGateway_minimalSwp(netName, subnetName, pSubnetName, policyName, ruleName, gatewayName string) string {
+	return fmt.Sprintf(`
+resource "google_compute_network" "default" {
+  name                    = "%s"
+  routing_mode            = "REGIONAL"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "proxyonlysubnet" {
+  name          = "%s"
+  purpose       = "REGIONAL_MANAGED_PROXY"
+  ip_cidr_range = "192.168.0.0/23"
+  region        = "us-central1"
+  network       = google_compute_network.default.id
+  role          = "ACTIVE"
+}
+
+resource "google_compute_subnetwork" "default" {
+  name          = "%s"
+  purpose       = "PRIVATE"
+  ip_cidr_range = "10.128.0.0/20"
+  region        = "us-central1"
+  network       = google_compute_network.default.id
+  role          = "ACTIVE"
+}
+
+resource "google_network_security_gateway_security_policy" "default" {
+  name        = "%s"
+  location    = "us-central1"
+}
+
+resource "google_network_security_gateway_security_policy_rule" "default" {
+  name                    = "%s"
+  location                = "us-central1"
+  gateway_security_policy = google_network_security_gateway_security_policy.default.name
+  enabled                 = true
+  priority                = 1
+  session_matcher         = "host() == 'example.com'"
+  basic_profile           = "ALLOW"
+}
+
+resource "google_network_services_gateway" "foobar" {
+  name                                 = "%s"
+  location                             = "us-central1"
+  addresses                            = ["10.128.0.99"]
+  type                                 = "SECURE_WEB_GATEWAY"
+  ports                                = [443]
+  description                          = "my description"
+  gateway_security_policy              = google_network_security_gateway_security_policy.default.id
+  network                              = google_compute_network.default.id
+  subnetwork                           = google_compute_subnetwork.default.id
+  delete_swg_autogen_router_on_destroy = true
+  depends_on                           = [google_compute_subnetwork.proxyonlysubnet]
+}
+`, netName, subnetName, pSubnetName, policyName, ruleName, gatewayName)
+}

google/services/networkservices/resource_network_services_gateway.go

@@ -180,15 +180,6 @@ limited to 1 port. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 and support mu
 					Type: schema.TypeInt,
 				},
 			},
-			"scope": {
-				Type:     schema.TypeString,
-				Required: true,
-				ForceNew: true,
-				Description: `Immutable. Scope determines how configuration across multiple Gateway instances are merged.
-The configuration for multiple Gateway instances with the same scope will be merged as presented as
-a single coniguration to the proxy/load balancer.
-Max length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens.`,
-			},
 			"type": {
 				Type:         schema.TypeString,
 				Required:     true,
@@ -250,6 +241,15 @@ The default value is 'global'.`,
 				Description: `The relative resource name identifying the VPC network that is using this configuration.
 For example: 'projects/*/global/networks/network-1'.
 Currently, this field is specific to gateways of type 'SECURE_WEB_GATEWAY'.`,
+			},
+			"scope": {
+				Type:     schema.TypeString,
+				Optional: true,
+				ForceNew: true,
+				Description: `Immutable. Scope determines how configuration across multiple Gateway instances are merged.
+The configuration for multiple Gateway instances with the same scope will be merged as presented as
+a single coniguration to the proxy/load balancer.
+Max length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens.`,
 			},
 			"server_tls_policy": {
 				Type:     schema.TypeString,

website/docs/r/network_services_gateway.html.markdown

@@ -241,13 +241,6 @@ The following arguments are supported:
   The proxy binds to the specified ports. Gateways of type 'SECURE_WEB_GATEWAY' are
   limited to 1 port. Gateways of type 'OPEN_MESH' listen on 0.0.0.0 and support multiple ports.
 
-* `scope` -
-  (Required)
-  Immutable. Scope determines how configuration across multiple Gateway instances are merged.
-  The configuration for multiple Gateway instances with the same scope will be merged as presented as
-  a single coniguration to the proxy/load balancer.
-  Max length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens.
-
 * `name` -
   (Required)
   Short name of the Gateway resource to be created.
@@ -264,6 +257,13 @@ The following arguments are supported:
   (Optional)
   A free-text description of the resource. Max length 1024 characters.
 
+* `scope` -
+  (Optional)
+  Immutable. Scope determines how configuration across multiple Gateway instances are merged.
+  The configuration for multiple Gateway instances with the same scope will be merged as presented as
+  a single coniguration to the proxy/load balancer.
+  Max length 64 characters. Scope should start with a letter and can only have letters, numbers, hyphens.
+
 * `server_tls_policy` -
   (Optional)
   A fully-qualified ServerTLSPolicy URL reference. Specifies how TLS traffic is terminated.