Public IP Support for AlloyDB (#10331) (#17921)

[upstream:70d8eb14afcca2e3f4f87fb146c333d1780e3a62] Signed-off-by: Modular Magician <magic-modules@google.com>
hashicorp · Apr 19, 2024 · f818aa4 · f818aa4
1 parent 4383e10
commit f818aa4
Show file tree

Hide file tree

Showing 3 changed files with 395 additions and 0 deletions.
diff --git a/google/services/alloydb/resource_alloydb_instance.go b/google/services/alloydb/resource_alloydb_instance.go
@@ -181,6 +181,40 @@ Please refer to the field 'effective_labels' for all of the labels present on th
 					},
 				},
 			},
+			"network_config": {
+				Type:        schema.TypeList,
+				Optional:    true,
+				Description: `Instance level network configuration.`,
+				MaxItems:    1,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"authorized_external_networks": {
+							Type:     schema.TypeList,
+							Optional: true,
+							Description: `A list of external networks authorized to access this instance. This
+field is only allowed to be set when 'enable_public_ip' is set to
+true.`,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"cidr_range": {
+										Type:        schema.TypeString,
+										Optional:    true,
+										Description: `CIDR range for one authorized network of the instance.`,
+									},
+								},
+							},
+							RequiredWith: []string{"network_config.0.enable_public_ip"},
+						},
+						"enable_public_ip": {
+							Type:     schema.TypeBool,
+							Optional: true,
+							Description: `Enabling public ip for the instance. If a user wishes to disable this,
+please also clear the list of the authorized external networks set on
+the same instance.`,
+						},
+					},
+				},
+			},
 			"query_insights_config": {
 				Type:        schema.TypeList,
 				Computed:    true,
@@ -254,6 +288,13 @@ Please refer to the field 'effective_labels' for all of the labels present on th
 				Computed:    true,
 				Description: `The name of the instance resource.`,
 			},
+			"public_ip_address": {
+				Type:     schema.TypeString,
+				Computed: true,
+				Description: `The public IP addresses for the Instance. This is available ONLY when
+networkConfig.enablePublicIp is set to true. This is the connection
+endpoint for an end-user application.`,
+			},
 			"reconciling": {
 				Type:        schema.TypeBool,
 				Computed:    true,
@@ -349,6 +390,12 @@ func resourceAlloydbInstanceCreate(d *schema.ResourceData, meta interface{}) err
 	} else if v, ok := d.GetOkExists("client_connection_config"); !tpgresource.IsEmptyValue(reflect.ValueOf(clientConnectionConfigProp)) && (ok || !reflect.DeepEqual(v, clientConnectionConfigProp)) {
 		obj["clientConnectionConfig"] = clientConnectionConfigProp
 	}
+	networkConfigProp, err := expandAlloydbInstanceNetworkConfig(d.Get("network_config"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("network_config"); !tpgresource.IsEmptyValue(reflect.ValueOf(networkConfigProp)) && (ok || !reflect.DeepEqual(v, networkConfigProp)) {
+		obj["networkConfig"] = networkConfigProp
+	}
 	labelsProp, err := expandAlloydbInstanceEffectiveLabels(d.Get("effective_labels"), d, config)
 	if err != nil {
 		return err
@@ -376,6 +423,20 @@ func resourceAlloydbInstanceCreate(d *schema.ResourceData, meta interface{}) err
 	}
 
 	headers := make(http.Header)
+	// Temporarily remove the enablePublicIp field if it is set to true since the
+	// API prohibits creating instances with public IP enabled.
+	var nc map[string]interface{}
+	if obj["networkConfig"] == nil {
+		nc = make(map[string]interface{})
+	} else {
+		nc = obj["networkConfig"].(map[string]interface{})
+	}
+	if nc["enablePublicIp"] == true {
+		delete(nc, "enablePublicIp")
+		delete(nc, "authorizedExternalNetworks")
+	}
+	obj["networkConfig"] = nc
+
 	// Read the config and call createsecondary api if instance_type is SECONDARY
 
 	if instanceType := d.Get("instance_type"); instanceType == "SECONDARY" {
@@ -412,6 +473,51 @@ func resourceAlloydbInstanceCreate(d *schema.ResourceData, meta interface{}) err
 		return fmt.Errorf("Error waiting to create Instance: %s", err)
 	}
 
+	// If enablePublicIp is set to true, then we must create the instance first with
+	// it disabled then update to enable it.
+	networkConfigProp, err = expandAlloydbInstanceNetworkConfig(d.Get("network_config"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("network_config"); !tpgresource.IsEmptyValue(reflect.ValueOf(networkConfigProp)) && (ok || !reflect.DeepEqual(v, networkConfigProp)) {
+		nc := networkConfigProp.(map[string]interface{})
+		if nc["enablePublicIp"] == true {
+			obj["networkConfig"] = networkConfigProp
+
+			updateMask := []string{}
+			updateMask = append(updateMask, "networkConfig")
+			url, err := tpgresource.ReplaceVars(d, config, "{{AlloydbBasePath}}{{cluster}}/instances/{{instance_id}}")
+			if err != nil {
+				return err
+			}
+			url, err = transport_tpg.AddQueryParams(url, map[string]string{"updateMask": strings.Join(updateMask, ",")})
+			if err != nil {
+				return err
+			}
+
+			updateRes, err := transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
+				Config:    config,
+				Method:    "PATCH",
+				Project:   billingProject,
+				RawURL:    url,
+				UserAgent: userAgent,
+				Body:      obj,
+				Timeout:   d.Timeout(schema.TimeoutUpdate),
+			})
+			if err != nil {
+				return fmt.Errorf("Error updating the Instance to enable public ip: %s", err)
+			} else {
+				log.Printf("[DEBUG] Finished updating Instance to enable public ip %q: %#v", d.Id(), updateRes)
+			}
+			err = AlloydbOperationWaitTime(
+				config, updateRes, project, "Updating Instance", userAgent,
+				d.Timeout(schema.TimeoutUpdate))
+
+			if err != nil {
+				return err
+			}
+		}
+	}
+
 	log.Printf("[DEBUG] Finished creating Instance %q: %#v", d.Id(), res)
 
 	return resourceAlloydbInstanceRead(d, meta)
@@ -500,6 +606,12 @@ func resourceAlloydbInstanceRead(d *schema.ResourceData, meta interface{}) error
 	if err := d.Set("client_connection_config", flattenAlloydbInstanceClientConnectionConfig(res["clientConnectionConfig"], d, config)); err != nil {
 		return fmt.Errorf("Error reading Instance: %s", err)
 	}
+	if err := d.Set("network_config", flattenAlloydbInstanceNetworkConfig(res["networkConfig"], d, config)); err != nil {
+		return fmt.Errorf("Error reading Instance: %s", err)
+	}
+	if err := d.Set("public_ip_address", flattenAlloydbInstancePublicIpAddress(res["publicIpAddress"], d, config)); err != nil {
+		return fmt.Errorf("Error reading Instance: %s", err)
+	}
 	if err := d.Set("terraform_labels", flattenAlloydbInstanceTerraformLabels(res["labels"], d, config)); err != nil {
 		return fmt.Errorf("Error reading Instance: %s", err)
 	}
@@ -572,6 +684,12 @@ func resourceAlloydbInstanceUpdate(d *schema.ResourceData, meta interface{}) err
 	} else if v, ok := d.GetOkExists("client_connection_config"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, clientConnectionConfigProp)) {
 		obj["clientConnectionConfig"] = clientConnectionConfigProp
 	}
+	networkConfigProp, err := expandAlloydbInstanceNetworkConfig(d.Get("network_config"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("network_config"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, networkConfigProp)) {
+		obj["networkConfig"] = networkConfigProp
+	}
 	labelsProp, err := expandAlloydbInstanceEffectiveLabels(d.Get("effective_labels"), d, config)
 	if err != nil {
 		return err
@@ -626,6 +744,10 @@ func resourceAlloydbInstanceUpdate(d *schema.ResourceData, meta interface{}) err
 		updateMask = append(updateMask, "clientConnectionConfig")
 	}
 
+	if d.HasChange("network_config") {
+		updateMask = append(updateMask, "networkConfig")
+	}
+
 	if d.HasChange("effective_labels") {
 		updateMask = append(updateMask, "labels")
 	}
@@ -996,6 +1118,51 @@ func flattenAlloydbInstanceClientConnectionConfigSslConfigSslMode(v interface{},
 	return v
 }
 
+func flattenAlloydbInstanceNetworkConfig(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	if v == nil {
+		return nil
+	}
+	original := v.(map[string]interface{})
+	if len(original) == 0 {
+		return nil
+	}
+	transformed := make(map[string]interface{})
+	transformed["authorized_external_networks"] =
+		flattenAlloydbInstanceNetworkConfigAuthorizedExternalNetworks(original["authorizedExternalNetworks"], d, config)
+	transformed["enable_public_ip"] =
+		flattenAlloydbInstanceNetworkConfigEnablePublicIp(original["enablePublicIp"], d, config)
+	return []interface{}{transformed}
+}
+func flattenAlloydbInstanceNetworkConfigAuthorizedExternalNetworks(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	if v == nil {
+		return v
+	}
+	l := v.([]interface{})
+	transformed := make([]interface{}, 0, len(l))
+	for _, raw := range l {
+		original := raw.(map[string]interface{})
+		if len(original) < 1 {
+			// Do not include empty json objects coming back from the api
+			continue
+		}
+		transformed = append(transformed, map[string]interface{}{
+			"cidr_range": flattenAlloydbInstanceNetworkConfigAuthorizedExternalNetworksCidrRange(original["cidrRange"], d, config),
+		})
+	}
+	return transformed
+}
+func flattenAlloydbInstanceNetworkConfigAuthorizedExternalNetworksCidrRange(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
+func flattenAlloydbInstanceNetworkConfigEnablePublicIp(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
+func flattenAlloydbInstancePublicIpAddress(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
 func flattenAlloydbInstanceTerraformLabels(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
 	if v == nil {
 		return v
@@ -1201,6 +1368,62 @@ func expandAlloydbInstanceClientConnectionConfigSslConfigSslMode(v interface{},
 	return v, nil
 }
 
+func expandAlloydbInstanceNetworkConfig(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	l := v.([]interface{})
+	if len(l) == 0 || l[0] == nil {
+		return nil, nil
+	}
+	raw := l[0]
+	original := raw.(map[string]interface{})
+	transformed := make(map[string]interface{})
+
+	transformedAuthorizedExternalNetworks, err := expandAlloydbInstanceNetworkConfigAuthorizedExternalNetworks(original["authorized_external_networks"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedAuthorizedExternalNetworks); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["authorizedExternalNetworks"] = transformedAuthorizedExternalNetworks
+	}
+
+	transformedEnablePublicIp, err := expandAlloydbInstanceNetworkConfigEnablePublicIp(original["enable_public_ip"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedEnablePublicIp); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["enablePublicIp"] = transformedEnablePublicIp
+	}
+
+	return transformed, nil
+}
+
+func expandAlloydbInstanceNetworkConfigAuthorizedExternalNetworks(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	l := v.([]interface{})
+	req := make([]interface{}, 0, len(l))
+	for _, raw := range l {
+		if raw == nil {
+			continue
+		}
+		original := raw.(map[string]interface{})
+		transformed := make(map[string]interface{})
+
+		transformedCidrRange, err := expandAlloydbInstanceNetworkConfigAuthorizedExternalNetworksCidrRange(original["cidr_range"], d, config)
+		if err != nil {
+			return nil, err
+		} else if val := reflect.ValueOf(transformedCidrRange); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+			transformed["cidrRange"] = transformedCidrRange
+		}
+
+		req = append(req, transformed)
+	}
+	return req, nil
+}
+
+func expandAlloydbInstanceNetworkConfigAuthorizedExternalNetworksCidrRange(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
+func expandAlloydbInstanceNetworkConfigEnablePublicIp(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandAlloydbInstanceEffectiveLabels(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (map[string]string, error) {
 	if v == nil {
 		return map[string]string{}, nil