From 367d67d159f2a2bdb5b7760b92cb150b8ee27354 Mon Sep 17 00:00:00 2001
From: Shuya Ma <87669292+shuyama1@users.noreply.github.com>
Date: Fri, 3 Dec 2021 14:19:08 -0800
Subject: [PATCH] Support `allocated_ip_range` in
 `google_sql_database_instance` (#5500)

* support allocated_ip_range in sql_database_instance

* support allocated_ip_range

* clean up

* remove unused variable

* separate tests

* increase size of allogcated ip range
---
 .../resource_sql_database_instance.go.erb     | 16 +++-
 ...resource_sql_database_instance_test.go.erb | 80 ++++++++++++++++---
 .../r/sql_database_instance.html.markdown     |  2 +
 3 files changed, 84 insertions(+), 14 deletions(-)

diff --git a/mmv1/third_party/terraform/resources/resource_sql_database_instance.go.erb b/mmv1/third_party/terraform/resources/resource_sql_database_instance.go.erb
index 4267e7e6a7ca..dd752a0a3b39 100644
--- a/mmv1/third_party/terraform/resources/resource_sql_database_instance.go.erb
+++ b/mmv1/third_party/terraform/resources/resource_sql_database_instance.go.erb
@@ -53,6 +53,7 @@ var (
 		"settings.0.ip_configuration.0.ipv4_enabled",
 		"settings.0.ip_configuration.0.require_ssl",
 		"settings.0.ip_configuration.0.private_network",
+		"settings.0.ip_configuration.0.allocated_ip_range",
 	}
 
 	maintenanceWindowKeys = []string{
@@ -307,6 +308,13 @@ settings.backup_configuration.binary_log_enabled are both set to true.`,
 										AtLeastOneOf:     ipConfigurationKeys,
 										Description:      `The VPC network from which the Cloud SQL instance is accessible for private IP. For example, projects/myProject/global/networks/default. Specifying a network enables private IP. At least ipv4_enabled must be enabled or a private_network must be configured. This setting can be updated, but it cannot be removed after it is set.`,
 									},
+									"allocated_ip_range": {
+										Type:         schema.TypeString,
+										Optional:     true,
+										ForceNew:     true,
+										AtLeastOneOf: ipConfigurationKeys,
+										Description:  `The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with RFC 1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?.`,
+									},
 								},
 							},
 						},
@@ -1038,6 +1046,7 @@ func expandIpConfiguration(configured []interface{}) *sqladmin.IpConfiguration {
 		Ipv4Enabled:        _ipConfiguration["ipv4_enabled"].(bool),
 		RequireSsl:         _ipConfiguration["require_ssl"].(bool),
 		PrivateNetwork:     _ipConfiguration["private_network"].(string),
+		AllocatedIpRange:   _ipConfiguration["allocated_ip_range"].(string),
 		AuthorizedNetworks: expandAuthorizedNetworks(_ipConfiguration["authorized_networks"].(*schema.Set).List()),
 		ForceSendFields:    []string{"Ipv4Enabled", "RequireSsl"},
 	}
@@ -1420,9 +1429,10 @@ func flattenDatabaseFlags(databaseFlags []*sqladmin.DatabaseFlags) []map[string]
 
 func flattenIpConfiguration(ipConfiguration *sqladmin.IpConfiguration) interface{} {
 	data := map[string]interface{}{
-		"ipv4_enabled":    ipConfiguration.Ipv4Enabled,
-		"private_network": ipConfiguration.PrivateNetwork,
-		"require_ssl":     ipConfiguration.RequireSsl,
+		"ipv4_enabled":       ipConfiguration.Ipv4Enabled,
+		"private_network":    ipConfiguration.PrivateNetwork,
+		"allocated_ip_range": ipConfiguration.AllocatedIpRange,
+		"require_ssl":        ipConfiguration.RequireSsl,
 	}
 
 	if ipConfiguration.AuthorizedNetworks != nil {
diff --git a/mmv1/third_party/terraform/tests/resource_sql_database_instance_test.go.erb b/mmv1/third_party/terraform/tests/resource_sql_database_instance_test.go.erb
index 9bf239cdbebe..73fa5e281900 100644
--- a/mmv1/third_party/terraform/tests/resource_sql_database_instance_test.go.erb
+++ b/mmv1/third_party/terraform/tests/resource_sql_database_instance_test.go.erb
@@ -666,9 +666,7 @@ func TestAccSqlDatabaseInstance_basic_with_user_labels(t *testing.T) {
 	})
 }
 
-<% unless version == 'ga' -%>
-<%# This test does not work in GA yet because service networking is still in beta -%>
-func TestAccSqlDatabaseInstance_withPrivateNetwork(t *testing.T) {
+func TestAccSqlDatabaseInstance_withPrivateNetwork_withoutAllocatedIpRange(t *testing.T) {
 	t.Parallel()
 
 	databaseName := "tf-test-" + randString(t, 10)
@@ -681,7 +679,7 @@ func TestAccSqlDatabaseInstance_withPrivateNetwork(t *testing.T) {
 		CheckDestroy: testAccSqlDatabaseInstanceDestroyProducer(t),
 		Steps: []resource.TestStep{
 			{
-				Config: testAccSqlDatabaseInstance_withPrivateNetwork(databaseName, networkName, addressName),
+				Config: testAccSqlDatabaseInstance_withPrivateNetwork_withoutAllocatedIpRange(databaseName, networkName, addressName),
 			},
 			{
 				ResourceName:      "google_sql_database_instance.instance",
@@ -692,7 +690,32 @@ func TestAccSqlDatabaseInstance_withPrivateNetwork(t *testing.T) {
 		},
 	})
 }
-<% end -%>
+
+func TestAccSqlDatabaseInstance_withPrivateNetwork_withAllocatedIpRange(t *testing.T) {
+	t.Parallel()
+
+	databaseName := "tf-test-" + randString(t, 10)
+	addressName := "tf-test-" + randString(t, 10)
+	networkName := BootstrapSharedTestNetwork(t, "sql-instance-private-allocated-ip-range")
+
+	vcrTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccSqlDatabaseInstanceDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccSqlDatabaseInstance_withPrivateNetwork_withAllocatedIpRange(databaseName, networkName, addressName),
+			},
+			{
+				ResourceName:      "google_sql_database_instance.instance",
+				ImportState:       true,
+				ImportStateVerify: true,
+				ImportStateVerifyIgnore: []string{"deletion_protection"},
+			},
+		},
+	})
+}
+
 
 func TestAccSqlDatabaseInstance_createFromBackup(t *testing.T) {
 	// Sqladmin client
@@ -1027,9 +1050,7 @@ resource "google_sql_database_instance" "instance-failover" {
 `, instanceName, failoverName)
 }
 
-<% unless version == 'ga' -%>
-<%# This test does not work in GA yet because service networking is still in beta -%>
-func testAccSqlDatabaseInstance_withPrivateNetwork(databaseName, networkName, addressRangeName string) string {
+func testAccSqlDatabaseInstance_withPrivateNetwork_withoutAllocatedIpRange(databaseName, networkName, addressRangeName string) string {
 	return fmt.Sprintf(`
 data "google_compute_network" "servicenet" {
   name                    = "%s"
@@ -1058,14 +1079,51 @@ resource "google_sql_database_instance" "instance" {
   settings {
     tier = "db-f1-micro"
     ip_configuration {
-      ipv4_enabled    = "false"
-      private_network = data.google_compute_network.servicenet.self_link
+      ipv4_enabled       = "false"
+      private_network    = data.google_compute_network.servicenet.self_link
+    }
+  }
+}
+`, networkName, addressRangeName, databaseName)
+}
+
+func testAccSqlDatabaseInstance_withPrivateNetwork_withAllocatedIpRange(databaseName, networkName, addressRangeName string) string {
+	return fmt.Sprintf(`
+data "google_compute_network" "servicenet" {
+  name                    = "%s"
+}
+
+resource "google_compute_global_address" "foobar" {
+  name          = "%s"
+  purpose       = "VPC_PEERING"
+  address_type  = "INTERNAL"
+  prefix_length = 24
+  network       = data.google_compute_network.servicenet.self_link
+}
+
+resource "google_service_networking_connection" "foobar" {
+  network                 = data.google_compute_network.servicenet.self_link
+  service                 = "servicenetworking.googleapis.com"
+  reserved_peering_ranges = [google_compute_global_address.foobar.name]
+}
+
+resource "google_sql_database_instance" "instance" {
+  depends_on = [google_service_networking_connection.foobar]
+  name                = "%s"
+  region              = "us-central1"
+  database_version    = "MYSQL_5_7"
+  deletion_protection = false
+  settings {
+    tier = "db-f1-micro"
+    ip_configuration {
+      ipv4_enabled       = "false"
+      private_network    = data.google_compute_network.servicenet.self_link
+      allocated_ip_range = google_compute_global_address.foobar.name
     }
   }
 }
 `, networkName, addressRangeName, databaseName)
 }
-<% end -%>
 
 var testGoogleSqlDatabaseInstance_settings = `
 resource "google_sql_database_instance" "instance" {
diff --git a/mmv1/third_party/terraform/website/docs/r/sql_database_instance.html.markdown b/mmv1/third_party/terraform/website/docs/r/sql_database_instance.html.markdown
index 89c0feb4ea57..6b1dab914f1e 100644
--- a/mmv1/third_party/terraform/website/docs/r/sql_database_instance.html.markdown
+++ b/mmv1/third_party/terraform/website/docs/r/sql_database_instance.html.markdown
@@ -295,6 +295,8 @@ This setting can be updated, but it cannot be removed after it is set.
 
 * `require_ssl` - (Optional) Whether SSL connections over IP are enforced or not.
 
+* `allocated_ip_range` - (Optional) The name of the allocated ip range for the private ip CloudSQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with [RFC 1035](https://datatracker.ietf.org/doc/html/rfc1035). Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?.
+
 The optional `settings.ip_configuration.authorized_networks[]` sublist supports:
 
 * `expiration_time` - (Optional) The [RFC 3339](https://tools.ietf.org/html/rfc3339)