Add support for the google_compute_service_attachment resource

mmv1/products/compute/ansible.yaml

@@ -53,6 +53,8 @@ datasources: !ruby/object:Overrides::ResourceOverrides
     exclude: true
   RouterNat: !ruby/object:Overrides::Ansible::ResourceOverride
     exclude: true
+  ServiceAttachment: !ruby/object:Overrides::Ansible::ResourceOverride
+    exclude: true
   SecurityPolicy: !ruby/object:Overrides::Ansible::ResourceOverride
     exclude: true
   Zone: !ruby/object:Overrides::Ansible::ResourceOverride
@@ -400,6 +402,8 @@ overrides: !ruby/object:Overrides::ResourceOverrides
     exclude: true
   RouterNat: !ruby/object:Overrides::Ansible::ResourceOverride
     exclude: true
+  ServiceAttachment: !ruby/object:Overrides::Ansible::ResourceOverride
+    exclude: true
   SecurityPolicy: !ruby/object:Overrides::Ansible::ResourceOverride
     exclude: true
   UrlMap: !ruby/object:Overrides::Ansible::ResourceOverride

mmv1/products/compute/api.yaml

@@ -14119,6 +14119,135 @@ objects:
                       required: true
                       description: |
                        The size of the disk in base-2 GB.
+  - !ruby/object:Api::Resource
+    name: 'ServiceAttachment'
+    kind: 'compute#ServiceAttachment'
+    base_url: projects/{{project}}/regions/{{region}}/serviceAttachments
+    has_self_link: true
+    input: true
+    min_version: beta
+    description: |
+      Represents a ServiceAttachment resource.
+    references: !ruby/object:Api::Resource::ReferenceLinks
+      guides:
+        'Configuring Private Service Connect to access services': 'https://cloud.google.com/vpc/docs/configure-private-service-connect-services'
+      api: 'https://cloud.google.com/compute/docs/reference/beta/serviceAttachments'
+    async: !ruby/object:Api::OpAsync
+      operation: !ruby/object:Api::OpAsync::Operation
+        kind: 'compute#operation'
+        path: 'name'
+        base_url: 'projects/{{project}}/regions/{{region}}/operations/{{op_id}}'
+        wait_ms: 1000
+      result: !ruby/object:Api::OpAsync::Result
+        path: 'targetLink'
+      status: !ruby/object:Api::OpAsync::Status
+        path: 'status'
+        complete: 'DONE'
+        allowed:
+          - 'PENDING'
+          - 'RUNNING'
+          - 'DONE'
+      error: !ruby/object:Api::OpAsync::Error
+        path: 'error/errors'
+        message: 'message'
+    parameters:
+      - !ruby/object:Api::Type::ResourceRef
+        name: 'region'
+        resource: 'Region'
+        imports: 'name'
+        description: |
+          URL of the region where the resource resides.
+        required: true
+    properties:
+      - !ruby/object:Api::Type::String
+        name: 'name'
+        required: true
+        description: |
+          Name of the resource. The name must be 1-63 characters long, and
+          comply with RFC1035. Specifically, the name must be 1-63 characters
+          long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`
+          which means the first character must be a lowercase letter, and all
+          following characters must be a dash, lowercase letter, or digit,
+          except the last character, which cannot be a dash.
+      - !ruby/object:Api::Type::String
+        name: 'description'
+        description: |
+          An optional description of this resource.
+      - !ruby/object:Api::Type::String
+        name: 'connectionPreference'
+        required: true
+        description: |
+          The connection preference to use for this service attachment. Valid
+          values include "ACCEPT_AUTOMATIC", "ACCEPT_MANUAL".
+      - !ruby/object:Api::Type::Array
+        name: 'connectedEndpoints'
+        output: true
+        description: |
+          An array of the consumer forwarding rules connected to this service
+          attachment.
+        item_type: !ruby/object:Api::Type::NestedObject
+          properties:
+          - !ruby/object:Api::Type::String
+            name: 'endpoint'
+            output: true
+            description: |
+              The URL of the consumer forwarding rule.
+          - !ruby/object:Api::Type::String
+            name: 'status'
+            output: true
+            description: |
+              The status of the connection from the consumer forwarding rule to
+              this service attachment.
+      - !ruby/object:Api::Type::ResourceRef
+        name: targetService
+        required: true
+        resource: 'ForwardingRule'
+        imports: 'selfLink'
+        description: |
+          The URL of a forwarding rule that represents the service identified by
+          this service attachment.
+      - !ruby/object:Api::Type::Array
+        name: 'natSubnets'
+        required: true
+        description: |
+          An array of subnets that is provided for NAT in this service attachment.
+        item_type: !ruby/object:Api::Type::ResourceRef
+          name: 'subnet'
+          resource: 'Subnetwork'
+          imports: 'selfLink'
+          description: |
+            A subnet that is provided for NAT in this service attachment.
+      - !ruby/object:Api::Type::Boolean
+        name: 'enableProxyProtocol'
+        required: true
+        description: |
+          If true, enable the proxy protocol which is for supplying client TCP/IP
+          address data in TCP connections that traverse proxies on their way to
+          destination servers.
+      - !ruby/object:Api::Type::Array
+        name: 'consumerRejectLists'
+        item_type: Api::Type::String
+        description: |
+          An array of projects that are not allowed to connect to this service
+          attachment.
+      - !ruby/object:Api::Type::Array
+        name: 'consumerAcceptLists'
+        description: |
+          An array of projects that are allowed to connect to this service
+          attachment.
+        item_type: !ruby/object:Api::Type::NestedObject
+          properties:
+          - !ruby/object:Api::Type::String
+            name: 'projectIdOrNum'
+            required: true
+            description: |
+              A project that is allowed to connect to this service attachment.
+          - !ruby/object:Api::Type::Integer
+            name: 'connectionLimit'
+            required: true
+            description: |
+              The number of consumer forwarding rules the consumer project can
+              create.
   - !ruby/object:Api::Resource
     name: 'SslPolicy'
     kind: 'compute#sslPolicy'

mmv1/products/compute/inspec.yaml

@@ -174,6 +174,8 @@ overrides: !ruby/object:Overrides::ResourceOverrides
     exclude: true
   RouterBgpPeer: !ruby/object:Overrides::Inspec::ResourceOverride
     exclude: true
+  ServiceAttachment: !ruby/object:Overrides::Inspec::ResourceOverride
+    exclude: true
   Subnetwork: !ruby/object:Overrides::Inspec::ResourceOverride
     additional_functions: third_party/inspec/custom_functions/google_compute_subnetwork.erb
     singular_extra_examples: third_party/inspec/documentation/google_compute_subnetwork.md

mmv1/products/compute/terraform.yaml

@@ -2198,6 +2198,38 @@ overrides: !ruby/object:Overrides::ResourceOverrides
           If it is not provided, the provider region is used.
   SecurityPolicy: !ruby/object:Overrides::Terraform::ResourceOverride
     exclude: true
+  ServiceAttachment: !ruby/object:Overrides::Terraform::ResourceOverride
+    examples:
+      - !ruby/object:Provider::Terraform::Examples
+        name: "service_attachment_basic"
+        primary_resource_id: "psc_ilb_service_attachment"
+        vars:
+          service_attachment_name: "my-psc-ilb"
+          network_name: "psc-ilb-network"
+          nat_subnetwork_name: "psc-ilb-nat"
+          producer_subnetwork_name: "psc-ilb-producer-subnetwork"
+          producer_health_check_name: "producer-service-health-check"
+          producer_service_name: "producer-service"
+          producer_forwarding_rule_name: "producer-forwarding-rule"
+          consumer_address_name: "psc-ilb-consumer-address"
+          consumer_forwarding_rule_name: "psc-ilb-consumer-forwarding-rule"
+      - !ruby/object:Provider::Terraform::Examples
+        name: "service_attachment_explicit_projects"
+        primary_resource_id: "psc_ilb_service_attachment"
+        vars:
+          service_attachment_name: "my-psc-ilb"
+          network_name: "psc-ilb-network"
+          nat_subnetwork_name: "psc-ilb-nat"
+          producer_subnetwork_name: "psc-ilb-producer-subnetwork"
+          producer_health_check_name: "producer-service-health-check"
+          producer_service_name: "producer-service"
+          producer_forwarding_rule_name: "producer-forwarding-rule"
+          consumer_address_name: "psc-ilb-consumer-address"
+          consumer_forwarding_rule_name: "psc-ilb-consumer-forwarding-rule"
+    properties:
+      region: !ruby/object:Overrides::Terraform::PropertyOverride
+        required: false
+        default_from_api: true
   Snapshot: !ruby/object:Overrides::Terraform::ResourceOverride
     timeouts: !ruby/object:Api::Timeouts
       insert_minutes: 5

mmv1/templates/terraform/examples/service_attachment_basic.tf.erb

@@ -0,0 +1,97 @@
+resource "google_compute_service_attachment" "<%= ctx[:primary_resource_id] %>" {
+  provider = "google-beta"
+
+  name        = "<%= ctx[:vars]['service_attachment_name'] %>"
+  region      = "us-west2"
+  description = "A service attachment configured with Terraform"
+
+  enable_proxy_protocol    = true
+  connection_preference    = "ACCEPT_AUTOMATIC"
+  nat_subnets              = [google_compute_subnetwork.psc_ilb_nat.id]
+  target_service           = google_compute_forwarding_rule.psc_ilb_target_service.id
+}
+
+resource "google_compute_address" "psc_ilb_consumer_address" {
+  provider = "google-beta"
+
+  name   = "<%= ctx[:vars]['consumer_address_name'] %>"
+  region = "us-west2"
+
+  subnetwork   = "default"
+  address_type = "INTERNAL"
+  address      = "10.168.0.17"
+}
+
+resource "google_compute_forwarding_rule" "psc_ilb_consumer" {
+  provider = "google-beta"
+
+  name   = "<%= ctx[:vars]['consumer_forwarding_rule_name'] %>"
+  region = "us-west2"
+
+  target                = google_compute_service_attachment.psc_ilb_service_attachment.id
+  load_balancing_scheme = "" # need to override EXTERNAL default when target is a service attachment
+  network               = "default"
+  ip_address            = google_compute_address.psc_ilb_consumer_address.id
+}
+
+resource "google_compute_forwarding_rule" "psc_ilb_target_service" {
+  provider = "google-beta"
+
+  name   = "<%= ctx[:vars]['producer_forwarding_rule_name'] %>"
+  region = "us-west2"
+
+  load_balancing_scheme = "INTERNAL"
+  backend_service       = google_compute_region_backend_service.producer_service_backend.id
+  all_ports             = true
+  network               = google_compute_network.psc_ilb_network.name
+  subnetwork            = google_compute_subnetwork.psc_ilb_producer_subnetwork.name
+}
+
+resource "google_compute_region_backend_service" "producer_service_backend" {
+  provider = "google-beta"
+
+  name   = "<%= ctx[:vars]['producer_service_name'] %>"
+  region = "us-west2"
+
+  health_checks = [google_compute_health_check.producer_service_health_check.id]
+}
+
+resource "google_compute_health_check" "producer_service_health_check" {
+  provider = "google-beta"
+
+  name = "<%= ctx[:vars]['producer_health_check_name'] %>"
+
+  check_interval_sec = 1
+  timeout_sec        = 1
+  tcp_health_check {
+    port = "80"
+  }
+}
+
+resource "google_compute_network" "psc_ilb_network" {
+  provider = "google-beta"
+
+  name = "<%= ctx[:vars]['network_name'] %>"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "psc_ilb_producer_subnetwork" {
+  provider = "google-beta"
+
+  name   = "<%= ctx[:vars]['producer_subnetwork_name'] %>"
+  region = "us-west2"
+
+  network       = google_compute_network.psc_ilb_network.id
+  ip_cidr_range = "10.0.0.0/16"
+}
+
+resource "google_compute_subnetwork" "psc_ilb_nat" {
+  provider = "google-beta"
+
+  name   = "<%= ctx[:vars]['nat_subnetwork_name'] %>"
+  region = "us-west2"
+
+  network       = google_compute_network.psc_ilb_network.id
+  purpose       =  "PRIVATE_SERVICE_CONNECT"
+  ip_cidr_range = "10.1.0.0/16"
+}