From 928a6c6a0134a4cd7f367971f0f7c2c33ab4e861 Mon Sep 17 00:00:00 2001
From: The Magician <magic-modules@google.com>
Date: Mon, 24 Jun 2019 09:54:12 -0700
Subject: [PATCH] Add new resource for compute default network tier (#3907)

Signed-off-by: Modular Magician <magic-modules@google.com>
---
 google/provider.go                            |   1 +
 ...ce_compute_project_default_network_tier.go |  93 +++++++++++++++
 ...mpute_project_default_network_tier_test.go | 106 ++++++++++++++++++
 ...project_default_network_tier.html.markdown |  46 ++++++++
 .../docs/r/container_cluster.html.markdown    |  14 +--
 website/google.erb                            |   4 +
 6 files changed, 257 insertions(+), 7 deletions(-)
 create mode 100644 google/resource_compute_project_default_network_tier.go
 create mode 100644 google/resource_compute_project_default_network_tier_test.go
 create mode 100644 website/docs/r/compute_project_default_network_tier.html.markdown

diff --git a/google/provider.go b/google/provider.go
index 50b2b983be9..a61816e9a83 100644
--- a/google/provider.go
+++ b/google/provider.go
@@ -226,6 +226,7 @@ func ResourceMapWithErrors() (map[string]*schema.Resource, error) {
 			"google_compute_instance_iam_policy":           ResourceIamPolicyWithImport(IamComputeInstanceSchema, NewComputeInstanceIamUpdater, ComputeInstanceIdParseFunc),
 			"google_compute_instance_template":             resourceComputeInstanceTemplate(),
 			"google_compute_network_peering":               resourceComputeNetworkPeering(),
+			"google_compute_project_default_network_tier":  resourceComputeProjectDefaultNetworkTier(),
 			"google_compute_project_metadata":              resourceComputeProjectMetadata(),
 			"google_compute_project_metadata_item":         resourceComputeProjectMetadataItem(),
 			"google_compute_region_instance_group_manager": resourceComputeRegionInstanceGroupManager(),
diff --git a/google/resource_compute_project_default_network_tier.go b/google/resource_compute_project_default_network_tier.go
new file mode 100644
index 00000000000..8db7a3a2842
--- /dev/null
+++ b/google/resource_compute_project_default_network_tier.go
@@ -0,0 +1,93 @@
+package google
+
+import (
+	"fmt"
+	"github.com/hashicorp/terraform/helper/validation"
+	"log"
+
+	"github.com/hashicorp/terraform/helper/schema"
+	"google.golang.org/api/compute/v1"
+)
+
+func resourceComputeProjectDefaultNetworkTier() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceComputeProjectDefaultNetworkTierCreateOrUpdate,
+		Read:   resourceComputeProjectDefaultNetworkTierRead,
+		Update: resourceComputeProjectDefaultNetworkTierCreateOrUpdate,
+		Delete: resourceComputeProjectDefaultNetworkTierDelete,
+		Importer: &schema.ResourceImporter{
+			State: schema.ImportStatePassthrough,
+		},
+
+		SchemaVersion: 0,
+
+		Schema: map[string]*schema.Schema{
+			"network_tier": {
+				Type:         schema.TypeString,
+				Required:     true,
+				ValidateFunc: validation.StringInSlice([]string{"PREMIUM", "STANDARD"}, false),
+			},
+
+			"project": {
+				Type:     schema.TypeString,
+				Optional: true,
+				Computed: true,
+				ForceNew: true,
+			},
+		},
+	}
+}
+
+func resourceComputeProjectDefaultNetworkTierCreateOrUpdate(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	projectID, err := getProject(d, config)
+	if err != nil {
+		return err
+	}
+
+	request := &compute.ProjectsSetDefaultNetworkTierRequest{
+		NetworkTier: d.Get("network_tier").(string),
+	}
+	op, err := config.clientCompute.Projects.SetDefaultNetworkTier(projectID, request).Do()
+	if err != nil {
+		return fmt.Errorf("SetDefaultNetworkTier failed: %s", err)
+	}
+
+	log.Printf("[DEBUG] SetDefaultNetworkTier: %d (%s)", op.Id, op.SelfLink)
+	err = computeOperationWait(config.clientCompute, op, projectID, "SetDefaultNetworkTier")
+	if err != nil {
+		return fmt.Errorf("SetDefaultNetworkTier failed: %s", err)
+	}
+
+	d.SetId(projectID)
+
+	return resourceComputeProjectDefaultNetworkTierRead(d, meta)
+}
+
+func resourceComputeProjectDefaultNetworkTierRead(d *schema.ResourceData, meta interface{}) error {
+	config := meta.(*Config)
+
+	projectId := d.Id()
+
+	project, err := config.clientCompute.Projects.Get(projectId).Do()
+	if err != nil {
+		return handleNotFoundError(err, d, fmt.Sprintf("Project data for project %q", projectId))
+	}
+
+	err = d.Set("network_tier", project.DefaultNetworkTier)
+	if err != nil {
+		return fmt.Errorf("Error setting default network tier: %s", err)
+	}
+
+	d.Set("project", projectId)
+
+	return nil
+}
+
+func resourceComputeProjectDefaultNetworkTierDelete(d *schema.ResourceData, meta interface{}) error {
+
+	log.Printf("[WARNING] Default Network Tier will be only removed from Terraform state, but will be left intact on GCP.")
+
+	return schema.RemoveFromState(d, meta)
+}
diff --git a/google/resource_compute_project_default_network_tier_test.go b/google/resource_compute_project_default_network_tier_test.go
new file mode 100644
index 00000000000..fdc21f4231d
--- /dev/null
+++ b/google/resource_compute_project_default_network_tier_test.go
@@ -0,0 +1,106 @@
+package google
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/acctest"
+	"github.com/hashicorp/terraform/helper/resource"
+)
+
+func TestAccComputeProjectDefaultNetworkTier_basic(t *testing.T) {
+	t.Parallel()
+
+	org := getTestOrgFromEnv(t)
+	billingId := getTestBillingAccountFromEnv(t)
+	projectID := "terraform-test-" + acctest.RandString(10)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccComputeProject_defaultNetworkTier_premium(projectID, pname, org, billingId),
+			},
+			{
+				ResourceName:      "google_compute_project_default_network_tier.fizzbuzz",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func TestAccComputeProjectDefaultNetworkTier_modify(t *testing.T) {
+	t.Parallel()
+
+	org := getTestOrgFromEnv(t)
+	billingId := getTestBillingAccountFromEnv(t)
+	projectID := "terraform-test-" + acctest.RandString(10)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccComputeProject_defaultNetworkTier_premium(projectID, pname, org, billingId),
+			},
+			{
+				ResourceName:      "google_compute_project_default_network_tier.fizzbuzz",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+
+			{
+				Config: testAccComputeProject_defaultNetworkTier_standard(projectID, pname, org, billingId),
+			},
+			{
+				ResourceName:      "google_compute_project_default_network_tier.fizzbuzz",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func testAccComputeProject_defaultNetworkTier_premium(projectID, name, org, billing string) string {
+	return fmt.Sprintf(`
+resource "google_project" "project" {
+  project_id      = "%s"
+  name            = "%s"
+  org_id          = "%s"
+  billing_account = "%s"
+}
+
+resource "google_project_service" "compute" {
+  project = "${google_project.project.project_id}"
+  service = "compute.googleapis.com"
+}
+
+resource "google_compute_project_default_network_tier" "fizzbuzz" {
+  project      = "${google_project.project.project_id}"
+  network_tier = "PREMIUM"
+  depends_on   = ["google_project_service.compute"]
+}`, projectID, name, org, billing)
+}
+
+func testAccComputeProject_defaultNetworkTier_standard(projectID, name, org, billing string) string {
+	return fmt.Sprintf(`
+resource "google_project" "project" {
+  project_id      = "%s"
+  name            = "%s"
+  org_id          = "%s"
+  billing_account = "%s"
+}
+
+resource "google_project_service" "compute" {
+  project = "${google_project.project.project_id}"
+  service = "compute.googleapis.com"
+}
+
+resource "google_compute_project_default_network_tier" "fizzbuzz" {
+  project      = "${google_project.project.project_id}"
+  network_tier = "STANDARD"
+  depends_on   = ["google_project_service.compute"]
+}`, projectID, name, org, billing)
+}
diff --git a/website/docs/r/compute_project_default_network_tier.html.markdown b/website/docs/r/compute_project_default_network_tier.html.markdown
new file mode 100644
index 00000000000..20dd54ad837
--- /dev/null
+++ b/website/docs/r/compute_project_default_network_tier.html.markdown
@@ -0,0 +1,46 @@
+---
+layout: "google"
+page_title: "Google: google_compute_project_default_network_tier"
+sidebar_current: "docs-google-compute-project-default-network-tier"
+description: |-
+ Configures the default network tier for a project.
+---
+
+# google\_compute\_project\_default\_network\_tier
+
+Configures the Google Compute Engine
+[Default Network Tier](https://cloud.google.com/network-tiers/docs/using-network-service-tiers#setting_the_tier_for_all_resources_in_a_project)
+for a project.
+
+For more information, see,
+[the Project API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/projects/setDefaultNetworkTier).
+
+## Example Usage
+
+```hcl
+resource "google_compute_project_default_network_tier" "default" {
+  network_tier = "PREMIUM"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `network_tier` - (Required) The default network tier to be configured for the project.
+   This field can take the following values: `PREMIUM` or `STANDARD`.
+
+- - -
+
+* `project` - (Optional) The ID of the project in which the resource belongs. If it
+    is not provided, the provider project is used.
+
+## Attributes Reference
+
+Only the arguments listed above are exposed as attributes.
+
+## Import
+
+This resource can be imported using the project ID:
+
+`terraform import google_compute_project_default_network_tier.default project-id`
diff --git a/website/docs/r/container_cluster.html.markdown b/website/docs/r/container_cluster.html.markdown
index e0ed7a623fe..59a968dbf5f 100644
--- a/website/docs/r/container_cluster.html.markdown
+++ b/website/docs/r/container_cluster.html.markdown
@@ -589,6 +589,13 @@ In addition, the `private_cluster_config` allows access to the following read-on
 
 * `public_endpoint` - The external IP address of this cluster's master endpoint.
 
+The `sandbox_type` block supports:
+
+* `sandbox_type` (Required) Which sandbox to use for pods in the node pool.
+    Accepted values are:
+
+    * `"gvisor"`: Pods run within a gVisor sandbox.
+
 The `resource_usage_export_config` block supports:
 
 * `enable_network_egress_metering` (Optional) - Whether to enable network egress metering for this cluster. If enabled, a daemonset will be created
@@ -607,13 +614,6 @@ resource_usage_export_config {
 }
 ```
 
-The `sandbox_type` block supports:
-
-* `sandbox_type` (Required) Which sandbox to use for pods in the node pool.
-    Accepted values are:
-
-    * `"gvisor"`: Pods run within a gVisor sandbox.
-
 The `taint` block supports:
 
 * `key` (Required) Key for taint.
diff --git a/website/google.erb b/website/google.erb
index 370387ad7c7..5015c2585a1 100644
--- a/website/google.erb
+++ b/website/google.erb
@@ -453,6 +453,10 @@
       <a href="/docs/providers/google/r/compute_network_peering.html">google_compute_network_peering</a>
       </li>
 
+      <li<%= sidebar_current("docs-google-compute-project-default-network-tier") %>>
+      <a href="/docs/providers/google/r/compute_project_default_network_tier.html">google_compute_project_default_network_tier</a>
+      </li>
+
       <li<%= sidebar_current("docs-google-compute-project-metadata") %>>
       <a href="/docs/providers/google/r/compute_project_metadata.html">google_compute_project_metadata</a>
       </li>