Skip to content

Commit

Permalink
feat(vertexai): Make it possible to use Private Service Connect in Ve…
Browse files Browse the repository at this point in the history
…rtex AI Index Endpoint (#8851) (#16471)

[upstream:20ab4e9c5fefe34ee1514a19825501b4f806733a]

Signed-off-by: Modular Magician <magic-modules@google.com>
  • Loading branch information
modular-magician authored Nov 8, 2023
1 parent 2f25eb8 commit 83063a6
Show file tree
Hide file tree
Showing 4 changed files with 229 additions and 0 deletions.
3 changes: 3 additions & 0 deletions .changelog/8851.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:enhancement
vertexai: added `private_service_connect_config` to `google_vertex_ai_index_endpoint`
```
101 changes: 101 additions & 0 deletions google/services/vertexai/resource_vertex_ai_index_endpoint.go
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,35 @@ Please refer to the field 'effective_labels' for all of the labels present on th
Private services access must already be configured for the network. If left unspecified, the index endpoint is not peered with any network.
[Format](https://cloud.google.com/compute/docs/reference/rest/v1/networks/insert): 'projects/{project}/global/networks/{network}'.
Where '{project}' is a project number, as in '12345', and '{network}' is network name.`,
ConflictsWith: []string{"private_service_connect_config"},
},
"private_service_connect_config": {
Type: schema.TypeList,
Computed: true,
Optional: true,
ForceNew: true,
Description: `Optional. Configuration for private service connect. 'network' and 'privateServiceConnectConfig' are mutually exclusive.`,
MaxItems: 1,
Elem: &schema.Resource{
Schema: map[string]*schema.Schema{
"enable_private_service_connect": {
Type: schema.TypeBool,
Required: true,
ForceNew: true,
Description: `If set to true, the IndexEndpoint is created without private service access.`,
},
"project_allowlist": {
Type: schema.TypeList,
Optional: true,
ForceNew: true,
Description: `A list of Projects from which the forwarding rule will target the service attachment.`,
Elem: &schema.Schema{
Type: schema.TypeString,
},
},
},
},
ConflictsWith: []string{"network"},
},
"public_endpoint_enabled": {
Type: schema.TypeBool,
Expand Down Expand Up @@ -169,6 +198,12 @@ func resourceVertexAIIndexEndpointCreate(d *schema.ResourceData, meta interface{
} else if v, ok := d.GetOkExists("network"); !tpgresource.IsEmptyValue(reflect.ValueOf(networkProp)) && (ok || !reflect.DeepEqual(v, networkProp)) {
obj["network"] = networkProp
}
privateServiceConnectConfigProp, err := expandVertexAIIndexEndpointPrivateServiceConnectConfig(d.Get("private_service_connect_config"), d, config)
if err != nil {
return err
} else if v, ok := d.GetOkExists("private_service_connect_config"); !tpgresource.IsEmptyValue(reflect.ValueOf(privateServiceConnectConfigProp)) && (ok || !reflect.DeepEqual(v, privateServiceConnectConfigProp)) {
obj["privateServiceConnectConfig"] = privateServiceConnectConfigProp
}
publicEndpointEnabledProp, err := expandVertexAIIndexEndpointPublicEndpointEnabled(d.Get("public_endpoint_enabled"), d, config)
if err != nil {
return err
Expand Down Expand Up @@ -311,6 +346,9 @@ func resourceVertexAIIndexEndpointRead(d *schema.ResourceData, meta interface{})
if err := d.Set("network", flattenVertexAIIndexEndpointNetwork(res["network"], d, config)); err != nil {
return fmt.Errorf("Error reading IndexEndpoint: %s", err)
}
if err := d.Set("private_service_connect_config", flattenVertexAIIndexEndpointPrivateServiceConnectConfig(res["privateServiceConnectConfig"], d, config)); err != nil {
return fmt.Errorf("Error reading IndexEndpoint: %s", err)
}
if err := d.Set("public_endpoint_domain_name", flattenVertexAIIndexEndpointPublicEndpointDomainName(res["publicEndpointDomainName"], d, config)); err != nil {
return fmt.Errorf("Error reading IndexEndpoint: %s", err)
}
Expand Down Expand Up @@ -529,6 +567,35 @@ func flattenVertexAIIndexEndpointNetwork(v interface{}, d *schema.ResourceData,
return v
}

func flattenVertexAIIndexEndpointPrivateServiceConnectConfig(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
transformed := make(map[string]interface{})

if v == nil {
// Disabled by default, but API will not return object if value is false
transformed["enable_private_service_connect"] = false
return []interface{}{transformed}
}

original := v.(map[string]interface{})
if len(original) == 0 {
return nil
}

transformed["enable_private_service_connect"] =
flattenVertexAIIndexEndpointPrivateServiceConnectConfigEnablePrivateServiceConnect(original["enablePrivateServiceConnect"], d, config)
transformed["project_allowlist"] =
flattenVertexAIIndexEndpointPrivateServiceConnectConfigProjectAllowlist(original["projectAllowlist"], d, config)
return []interface{}{transformed}
}

func flattenVertexAIIndexEndpointPrivateServiceConnectConfigEnablePrivateServiceConnect(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}

func flattenVertexAIIndexEndpointPrivateServiceConnectConfigProjectAllowlist(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}

func flattenVertexAIIndexEndpointPublicEndpointDomainName(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
return v
}
Expand Down Expand Up @@ -564,6 +631,40 @@ func expandVertexAIIndexEndpointNetwork(v interface{}, d tpgresource.TerraformRe
return v, nil
}

func expandVertexAIIndexEndpointPrivateServiceConnectConfig(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
l := v.([]interface{})
if len(l) == 0 || l[0] == nil {
return nil, nil
}
raw := l[0]
original := raw.(map[string]interface{})
transformed := make(map[string]interface{})

transformedEnablePrivateServiceConnect, err := expandVertexAIIndexEndpointPrivateServiceConnectConfigEnablePrivateServiceConnect(original["enable_private_service_connect"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedEnablePrivateServiceConnect); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["enablePrivateServiceConnect"] = transformedEnablePrivateServiceConnect
}

transformedProjectAllowlist, err := expandVertexAIIndexEndpointPrivateServiceConnectConfigProjectAllowlist(original["project_allowlist"], d, config)
if err != nil {
return nil, err
} else if val := reflect.ValueOf(transformedProjectAllowlist); val.IsValid() && !tpgresource.IsEmptyValue(val) {
transformed["projectAllowlist"] = transformedProjectAllowlist
}

return transformed, nil
}

func expandVertexAIIndexEndpointPrivateServiceConnectConfigEnablePrivateServiceConnect(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}

func expandVertexAIIndexEndpointPrivateServiceConnectConfigProjectAllowlist(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}

func expandVertexAIIndexEndpointPublicEndpointEnabled(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
return v, nil
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,89 @@ data "google_project" "project" {}
`, context)
}

func TestAccVertexAIIndexEndpoint_vertexAiIndexEndpointWithPscExample(t *testing.T) {
t.Parallel()

context := map[string]interface{}{
"random_suffix": acctest.RandString(t, 10),
}

acctest.VcrTest(t, resource.TestCase{
PreCheck: func() { acctest.AccTestPreCheck(t) },
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
CheckDestroy: testAccCheckVertexAIIndexEndpointDestroyProducer(t),
Steps: []resource.TestStep{
{
Config: testAccVertexAIIndexEndpoint_vertexAiIndexEndpointWithPscExample(context),
},
{
ResourceName: "google_vertex_ai_index_endpoint.index_endpoint",
ImportState: true,
ImportStateVerify: true,
ImportStateVerifyIgnore: []string{"etag", "public_endpoint_enabled", "region", "labels", "terraform_labels"},
},
},
})
}

func testAccVertexAIIndexEndpoint_vertexAiIndexEndpointWithPscExample(context map[string]interface{}) string {
return acctest.Nprintf(`
resource "google_vertex_ai_index_endpoint" "index_endpoint" {
display_name = "sample-endpoint"
description = "A sample vertex endpoint"
region = "us-central1"
labels = {
label-one = "value-one"
}
private_service_connect_config {
enable_private_service_connect = true
project_allowlist = [
data.google_project.project.number,
]
}
}
data "google_project" "project" {}
`, context)
}

func TestAccVertexAIIndexEndpoint_vertexAiIndexEndpointWithFalsePscExample(t *testing.T) {
t.Parallel()

context := map[string]interface{}{
"random_suffix": acctest.RandString(t, 10),
}

acctest.VcrTest(t, resource.TestCase{
PreCheck: func() { acctest.AccTestPreCheck(t) },
ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
CheckDestroy: testAccCheckVertexAIIndexEndpointDestroyProducer(t),
Steps: []resource.TestStep{
{
Config: testAccVertexAIIndexEndpoint_vertexAiIndexEndpointWithFalsePscExample(context),
},
},
})
}

func testAccVertexAIIndexEndpoint_vertexAiIndexEndpointWithFalsePscExample(context map[string]interface{}) string {
return acctest.Nprintf(`
resource "google_vertex_ai_index_endpoint" "index_endpoint" {
display_name = "sample-endpoint"
description = "A sample vertex endpoint"
region = "us-central1"
labels = {
label-one = "value-one"
}
private_service_connect_config {
enable_private_service_connect = false
}
}
`, context)
}

func TestAccVertexAIIndexEndpoint_vertexAiIndexEndpointWithPublicEndpointExample(t *testing.T) {
t.Parallel()

Expand Down
42 changes: 42 additions & 0 deletions website/docs/r/vertex_ai_index_endpoint.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,33 @@ resource "google_compute_network" "vertex_network" {
name = "network-name"
}
data "google_project" "project" {}
```
<div class = "oics-button" style="float: right; margin: 0 0 -15px">
<a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgit.luolix.top%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=vertex_ai_index_endpoint_with_psc&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
<img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
</a>
</div>
## Example Usage - Vertex Ai Index Endpoint With Psc


```hcl
resource "google_vertex_ai_index_endpoint" "index_endpoint" {
display_name = "sample-endpoint"
description = "A sample vertex endpoint"
region = "us-central1"
labels = {
label-one = "value-one"
}
private_service_connect_config {
enable_private_service_connect = true
project_allowlist = [
data.google_project.project.number,
]
}
}
data "google_project" "project" {}
```
<div class = "oics-button" style="float: right; margin: 0 0 -15px">
Expand Down Expand Up @@ -114,6 +141,11 @@ The following arguments are supported:
[Format](https://cloud.google.com/compute/docs/reference/rest/v1/networks/insert): `projects/{project}/global/networks/{network}`.
Where `{project}` is a project number, as in `12345`, and `{network}` is network name.

* `private_service_connect_config` -
(Optional)
Optional. Configuration for private service connect. `network` and `privateServiceConnectConfig` are mutually exclusive.
Structure is [documented below](#nested_private_service_connect_config).

* `public_endpoint_enabled` -
(Optional)
If true, the deployed index will be accessible through public endpoint.
Expand All @@ -126,6 +158,16 @@ The following arguments are supported:
If it is not provided, the provider project is used.


<a name="nested_private_service_connect_config"></a>The `private_service_connect_config` block supports:

* `enable_private_service_connect` -
(Required)
If set to true, the IndexEndpoint is created without private service access.

* `project_allowlist` -
(Optional)
A list of Projects from which the forwarding rule will target the service attachment.

## Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:
Expand Down

0 comments on commit 83063a6

Please sign in to comment.