hashicorp · modular-magician · Feb 27, 2023 · Feb 27, 2023
diff --git a/.changelog/7276.txt b/.changelog/7276.txt
@@ -0,0 +1,12 @@
+```release-note:enhancement
+containerazure: added `azure_services_authentication` to `google_container_azure_cluster`
+```
+```release-note:deprecation
+gkehub: deprecated `mesh.control_plane` in `google_gke_hub_feature_membership`. Use `mesh.management` instead (beta-only)
+```
+```release-note:enhancement
+cloudbuild: added `peered_network_ip_range` field to `google_cloudbuild_worker_pool` resource
+```
+```release-note:enhancement
+clouddeploy: added `multi_target` field to `google_clouddeploy_target` resource (beta-only)
+```
diff --git a/go.mod b/go.mod
@@ -3,7 +3,7 @@ go 1.18
 
 require (
 	cloud.google.com/go/bigtable v1.17.0
-	github.com/GoogleCloudPlatform/declarative-resource-client-library v1.31.0
+	github.com/GoogleCloudPlatform/declarative-resource-client-library v1.34.0
 	github.com/apparentlymart/go-cidr v1.1.0
 	github.com/davecgh/go-spew v1.1.1
 	github.com/dnaeon/go-vcr v1.0.1

diff --git a/go.sum b/go.sum
@@ -17,6 +17,8 @@ cloud.google.com/go/longrunning v0.3.0/go.mod h1:qth9Y41RRSUE69rDcOn6DdK3HfQfsUI
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/GoogleCloudPlatform/declarative-resource-client-library v1.31.0 h1:4Orb9zAllU52CUtZfKu9OWYyDK6neeBt2ye6NKqAfOg=
 github.com/GoogleCloudPlatform/declarative-resource-client-library v1.31.0/go.mod h1:pL2Qt5HT+x6xrTd806oMiM3awW6kNIXB/iiuClz6m6k=
+github.com/GoogleCloudPlatform/declarative-resource-client-library v1.34.0 h1:o7t+hPFv+Ax5O2vxzIH7dEtvlWA7JJOlOd7mWFvMa6s=
+github.com/GoogleCloudPlatform/declarative-resource-client-library v1.34.0/go.mod h1:pL2Qt5HT+x6xrTd806oMiM3awW6kNIXB/iiuClz6m6k=
 github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA=
 github.com/Microsoft/go-winio v0.4.16 h1:FtSW/jqD+l4ba5iPBj9CODVtgfYAD8w2wS923g/cFDk=
 github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0=

diff --git a/google/resource_cloudbuild_worker_pool.go b/google/resource_cloudbuild_worker_pool.go
@@ -142,6 +142,13 @@ func CloudbuildWorkerPoolNetworkConfigSchema() *schema.Resource {
 				DiffSuppressFunc: compareResourceNames,
 				Description:      "Required. Immutable. The network definition that the workers are peered to. If this section is left empty, the workers will be peered to `WorkerPool.project_id` on the service producer network. Must be in the format `projects/{project}/global/networks/{network}`, where `{project}` is a project number, such as `12345`, and `{network}` is the name of a VPC network in the project. See [Understanding network configuration options](https://cloud.google.com/cloud-build/docs/custom-workers/set-up-custom-worker-pool-environment#understanding_the_network_configuration_options)",
 			},
+
+			"peered_network_ip_range": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				ForceNew:    true,
+				Description: "Optional. Immutable. Subnet IP range within the peered network. This is specified in CIDR notation with a slash and the subnet prefix size. You can optionally specify an IP address before the subnet prefix value. e.g. `192.168.0.0/29` would specify an IP range starting at 192.168.0.0 with a prefix size of 29 bits. `/16` would specify a prefix size of 16 bits, with an automatically determined IP within the peered VPC. If unspecified, a value of `/24` will be used.",
+			},
 		},
 	}
 }
@@ -425,7 +432,8 @@ func expandCloudbuildWorkerPoolNetworkConfig(o interface{}) *cloudbuild.WorkerPo
 	}
 	obj := objArr[0].(map[string]interface{})
 	return &cloudbuild.WorkerPoolNetworkConfig{
-		PeeredNetwork: dcl.String(obj["peered_network"].(string)),
+		PeeredNetwork:        dcl.String(obj["peered_network"].(string)),
+		PeeredNetworkIPRange: dcl.String(obj["peered_network_ip_range"].(string)),
 	}
 }
 
@@ -434,7 +442,8 @@ func flattenCloudbuildWorkerPoolNetworkConfig(obj *cloudbuild.WorkerPoolNetworkC
 		return nil
 	}
 	transformed := map[string]interface{}{
-		"peered_network": obj.PeeredNetwork,
+		"peered_network":          obj.PeeredNetwork,
+		"peered_network_ip_range": obj.PeeredNetworkIPRange,
 	}
 
 	return []interface{}{transformed}

diff --git a/google/resource_cloudbuild_worker_pool_test.go b/google/resource_cloudbuild_worker_pool_test.go
@@ -150,6 +150,7 @@ resource "google_cloudbuild_worker_pool" "pool" {
 	}
 	network_config {
 		peered_network = google_compute_network.network.id
+		peered_network_ip_range = "/29"
 	}
 	depends_on = [google_service_networking_connection.worker_pool_conn]
 }

diff --git a/google/resource_container_azure_cluster.go b/google/resource_container_azure_cluster.go
@@ -60,13 +60,6 @@ func ResourceContainerAzureCluster() *schema.Resource {
 				Description: "The Azure region where the cluster runs. Each Google Cloud region supports a subset of nearby Azure regions. You can call to list all supported Azure regions within a given Google Cloud region.",
 			},
 
-			"client": {
-				Type:             schema.TypeString,
-				Required:         true,
-				DiffSuppressFunc: compareSelfLinkOrResourceName,
-				Description:      "Name of the AzureClient. The `AzureClient` resource must reside on the same GCP project and region as the `AzureCluster`. `AzureClient` names are formatted as `projects/<project-number>/locations/<region>/azureClients/<client-id>`. See Resource Names (https:cloud.google.com/apis/design/resource_names) for more details on Google Cloud resource names.",
-			},
-
 			"control_plane": {
 				Type:        schema.TypeList,
 				Required:    true,
@@ -122,6 +115,23 @@ func ResourceContainerAzureCluster() *schema.Resource {
 				Elem:        &schema.Schema{Type: schema.TypeString},
 			},
 
+			"azure_services_authentication": {
+				Type:          schema.TypeList,
+				Optional:      true,
+				Description:   "Azure authentication configuration for management of Azure resources",
+				MaxItems:      1,
+				Elem:          ContainerAzureClusterAzureServicesAuthenticationSchema(),
+				ConflictsWith: []string{"client"},
+			},
+
+			"client": {
+				Type:             schema.TypeString,
+				Optional:         true,
+				DiffSuppressFunc: compareSelfLinkOrResourceName,
+				Description:      "Name of the AzureClient. The `AzureClient` resource must reside on the same GCP project and region as the `AzureCluster`. `AzureClient` names are formatted as `projects/<project-number>/locations/<region>/azureClients/<client-id>`. See Resource Names (https:cloud.google.com/apis/design/resource_names) for more details on Google Cloud resource names.",
+				ConflictsWith:    []string{"azure_services_authentication"},
+			},
+
 			"description": {
 				Type:        schema.TypeString,
 				Optional:    true,
@@ -445,6 +455,24 @@ func ContainerAzureClusterNetworkingSchema() *schema.Resource {
 	}
 }
 
+func ContainerAzureClusterAzureServicesAuthenticationSchema() *schema.Resource {
+	return &schema.Resource{
+		Schema: map[string]*schema.Schema{
+			"application_id": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "The Azure Active Directory Application ID for Authentication configuration.",
+			},
+
+			"tenant_id": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "The Azure Active Directory Tenant ID for Authentication configuration.",
+			},
+		},
+	}
+}
+
 func ContainerAzureClusterWorkloadIdentityConfigSchema() *schema.Resource {
 	return &schema.Resource{
 		Schema: map[string]*schema.Schema{
@@ -477,18 +505,19 @@ func resourceContainerAzureClusterCreate(d *schema.ResourceData, meta interface{
 	}
 
 	obj := &containerazure.Cluster{
-		Authorization:   expandContainerAzureClusterAuthorization(d.Get("authorization")),
-		AzureRegion:     dcl.String(d.Get("azure_region").(string)),
-		Client:          dcl.String(d.Get("client").(string)),
-		ControlPlane:    expandContainerAzureClusterControlPlane(d.Get("control_plane")),
-		Fleet:           expandContainerAzureClusterFleet(d.Get("fleet")),
-		Location:        dcl.String(d.Get("location").(string)),
-		Name:            dcl.String(d.Get("name").(string)),
-		Networking:      expandContainerAzureClusterNetworking(d.Get("networking")),
-		ResourceGroupId: dcl.String(d.Get("resource_group_id").(string)),
-		Annotations:     checkStringMap(d.Get("annotations")),
-		Description:     dcl.String(d.Get("description").(string)),
-		Project:         dcl.String(project),
+		Authorization:               expandContainerAzureClusterAuthorization(d.Get("authorization")),
+		AzureRegion:                 dcl.String(d.Get("azure_region").(string)),
+		ControlPlane:                expandContainerAzureClusterControlPlane(d.Get("control_plane")),
+		Fleet:                       expandContainerAzureClusterFleet(d.Get("fleet")),
+		Location:                    dcl.String(d.Get("location").(string)),
+		Name:                        dcl.String(d.Get("name").(string)),
+		Networking:                  expandContainerAzureClusterNetworking(d.Get("networking")),
+		ResourceGroupId:             dcl.String(d.Get("resource_group_id").(string)),
+		Annotations:                 checkStringMap(d.Get("annotations")),
+		AzureServicesAuthentication: expandContainerAzureClusterAzureServicesAuthentication(d.Get("azure_services_authentication")),
+		Client:                      dcl.String(d.Get("client").(string)),
+		Description:                 dcl.String(d.Get("description").(string)),
+		Project:                     dcl.String(project),
 	}
 
 	id, err := obj.ID()
@@ -536,18 +565,19 @@ func resourceContainerAzureClusterRead(d *schema.ResourceData, meta interface{})
 	}
 
 	obj := &containerazure.Cluster{
-		Authorization:   expandContainerAzureClusterAuthorization(d.Get("authorization")),
-		AzureRegion:     dcl.String(d.Get("azure_region").(string)),
-		Client:          dcl.String(d.Get("client").(string)),
-		ControlPlane:    expandContainerAzureClusterControlPlane(d.Get("control_plane")),
-		Fleet:           expandContainerAzureClusterFleet(d.Get("fleet")),
-		Location:        dcl.String(d.Get("location").(string)),
-		Name:            dcl.String(d.Get("name").(string)),
-		Networking:      expandContainerAzureClusterNetworking(d.Get("networking")),
-		ResourceGroupId: dcl.String(d.Get("resource_group_id").(string)),
-		Annotations:     checkStringMap(d.Get("annotations")),
-		Description:     dcl.String(d.Get("description").(string)),
-		Project:         dcl.String(project),
+		Authorization:               expandContainerAzureClusterAuthorization(d.Get("authorization")),
+		AzureRegion:                 dcl.String(d.Get("azure_region").(string)),
+		ControlPlane:                expandContainerAzureClusterControlPlane(d.Get("control_plane")),
+		Fleet:                       expandContainerAzureClusterFleet(d.Get("fleet")),
+		Location:                    dcl.String(d.Get("location").(string)),
+		Name:                        dcl.String(d.Get("name").(string)),
+		Networking:                  expandContainerAzureClusterNetworking(d.Get("networking")),
+		ResourceGroupId:             dcl.String(d.Get("resource_group_id").(string)),
+		Annotations:                 checkStringMap(d.Get("annotations")),
+		AzureServicesAuthentication: expandContainerAzureClusterAzureServicesAuthentication(d.Get("azure_services_authentication")),
+		Client:                      dcl.String(d.Get("client").(string)),
+		Description:                 dcl.String(d.Get("description").(string)),
+		Project:                     dcl.String(project),
 	}
 
 	userAgent, err := generateUserAgentString(d, config.userAgent)
@@ -578,9 +608,6 @@ func resourceContainerAzureClusterRead(d *schema.ResourceData, meta interface{})
 	if err = d.Set("azure_region", res.AzureRegion); err != nil {
 		return fmt.Errorf("error setting azure_region in state: %s", err)
 	}
-	if err = d.Set("client", res.Client); err != nil {
-		return fmt.Errorf("error setting client in state: %s", err)
-	}
 	if err = d.Set("control_plane", flattenContainerAzureClusterControlPlane(res.ControlPlane)); err != nil {
 		return fmt.Errorf("error setting control_plane in state: %s", err)
 	}
@@ -602,6 +629,12 @@ func resourceContainerAzureClusterRead(d *schema.ResourceData, meta interface{})
 	if err = d.Set("annotations", res.Annotations); err != nil {
 		return fmt.Errorf("error setting annotations in state: %s", err)
 	}
+	if err = d.Set("azure_services_authentication", flattenContainerAzureClusterAzureServicesAuthentication(res.AzureServicesAuthentication)); err != nil {
+		return fmt.Errorf("error setting azure_services_authentication in state: %s", err)
+	}
+	if err = d.Set("client", res.Client); err != nil {
+		return fmt.Errorf("error setting client in state: %s", err)
+	}
 	if err = d.Set("description", res.Description); err != nil {
 		return fmt.Errorf("error setting description in state: %s", err)
 	}
@@ -643,18 +676,19 @@ func resourceContainerAzureClusterUpdate(d *schema.ResourceData, meta interface{
 	}
 
 	obj := &containerazure.Cluster{
-		Authorization:   expandContainerAzureClusterAuthorization(d.Get("authorization")),
-		AzureRegion:     dcl.String(d.Get("azure_region").(string)),
-		Client:          dcl.String(d.Get("client").(string)),
-		ControlPlane:    expandContainerAzureClusterControlPlane(d.Get("control_plane")),
-		Fleet:           expandContainerAzureClusterFleet(d.Get("fleet")),
-		Location:        dcl.String(d.Get("location").(string)),
-		Name:            dcl.String(d.Get("name").(string)),
-		Networking:      expandContainerAzureClusterNetworking(d.Get("networking")),
-		ResourceGroupId: dcl.String(d.Get("resource_group_id").(string)),
-		Annotations:     checkStringMap(d.Get("annotations")),
-		Description:     dcl.String(d.Get("description").(string)),
-		Project:         dcl.String(project),
+		Authorization:               expandContainerAzureClusterAuthorization(d.Get("authorization")),
+		AzureRegion:                 dcl.String(d.Get("azure_region").(string)),
+		ControlPlane:                expandContainerAzureClusterControlPlane(d.Get("control_plane")),
+		Fleet:                       expandContainerAzureClusterFleet(d.Get("fleet")),
+		Location:                    dcl.String(d.Get("location").(string)),
+		Name:                        dcl.String(d.Get("name").(string)),
+		Networking:                  expandContainerAzureClusterNetworking(d.Get("networking")),
+		ResourceGroupId:             dcl.String(d.Get("resource_group_id").(string)),
+		Annotations:                 checkStringMap(d.Get("annotations")),
+		AzureServicesAuthentication: expandContainerAzureClusterAzureServicesAuthentication(d.Get("azure_services_authentication")),
+		Client:                      dcl.String(d.Get("client").(string)),
+		Description:                 dcl.String(d.Get("description").(string)),
+		Project:                     dcl.String(project),
 	}
 	directive := UpdateDirective
 	userAgent, err := generateUserAgentString(d, config.userAgent)
@@ -697,18 +731,19 @@ func resourceContainerAzureClusterDelete(d *schema.ResourceData, meta interface{
 	}
 
 	obj := &containerazure.Cluster{
-		Authorization:   expandContainerAzureClusterAuthorization(d.Get("authorization")),
-		AzureRegion:     dcl.String(d.Get("azure_region").(string)),
-		Client:          dcl.String(d.Get("client").(string)),
-		ControlPlane:    expandContainerAzureClusterControlPlane(d.Get("control_plane")),
-		Fleet:           expandContainerAzureClusterFleet(d.Get("fleet")),
-		Location:        dcl.String(d.Get("location").(string)),
-		Name:            dcl.String(d.Get("name").(string)),
-		Networking:      expandContainerAzureClusterNetworking(d.Get("networking")),
-		ResourceGroupId: dcl.String(d.Get("resource_group_id").(string)),
-		Annotations:     checkStringMap(d.Get("annotations")),
-		Description:     dcl.String(d.Get("description").(string)),
-		Project:         dcl.String(project),
+		Authorization:               expandContainerAzureClusterAuthorization(d.Get("authorization")),
+		AzureRegion:                 dcl.String(d.Get("azure_region").(string)),
+		ControlPlane:                expandContainerAzureClusterControlPlane(d.Get("control_plane")),
+		Fleet:                       expandContainerAzureClusterFleet(d.Get("fleet")),
+		Location:                    dcl.String(d.Get("location").(string)),
+		Name:                        dcl.String(d.Get("name").(string)),
+		Networking:                  expandContainerAzureClusterNetworking(d.Get("networking")),
+		ResourceGroupId:             dcl.String(d.Get("resource_group_id").(string)),
+		Annotations:                 checkStringMap(d.Get("annotations")),
+		AzureServicesAuthentication: expandContainerAzureClusterAzureServicesAuthentication(d.Get("azure_services_authentication")),
+		Client:                      dcl.String(d.Get("client").(string)),
+		Description:                 dcl.String(d.Get("description").(string)),
+		Project:                     dcl.String(project),
 	}
 
 	log.Printf("[DEBUG] Deleting Cluster %q", d.Id())
@@ -1128,6 +1163,34 @@ func flattenContainerAzureClusterNetworking(obj *containerazure.ClusterNetworkin
 
 }
 
+func expandContainerAzureClusterAzureServicesAuthentication(o interface{}) *containerazure.ClusterAzureServicesAuthentication {
+	if o == nil {
+		return containerazure.EmptyClusterAzureServicesAuthentication
+	}
+	objArr := o.([]interface{})
+	if len(objArr) == 0 || objArr[0] == nil {
+		return containerazure.EmptyClusterAzureServicesAuthentication
+	}
+	obj := objArr[0].(map[string]interface{})
+	return &containerazure.ClusterAzureServicesAuthentication{
+		ApplicationId: dcl.String(obj["application_id"].(string)),
+		TenantId:      dcl.String(obj["tenant_id"].(string)),
+	}
+}
+
+func flattenContainerAzureClusterAzureServicesAuthentication(obj *containerazure.ClusterAzureServicesAuthentication) interface{} {
+	if obj == nil || obj.Empty() {
+		return nil
+	}
+	transformed := map[string]interface{}{
+		"application_id": obj.ApplicationId,
+		"tenant_id":      obj.TenantId,
+	}
+
+	return []interface{}{transformed}
+
+}
+
 func flattenContainerAzureClusterWorkloadIdentityConfig(obj *containerazure.ClusterWorkloadIdentityConfig) interface{} {
 	if obj == nil || obj.Empty() {
 		return nil

diff --git a/google/resource_container_azure_cluster_generated_test.go b/google/resource_container_azure_cluster_generated_test.go
@@ -231,10 +231,10 @@ func testAccCheckContainerAzureClusterDestroyProducer(t *testing.T) func(s *terr
 
 			obj := &containerazure.Cluster{
 				AzureRegion:     dcl.String(rs.Primary.Attributes["azure_region"]),
-				Client:          dcl.String(rs.Primary.Attributes["client"]),
 				Location:        dcl.String(rs.Primary.Attributes["location"]),
 				Name:            dcl.String(rs.Primary.Attributes["name"]),
 				ResourceGroupId: dcl.String(rs.Primary.Attributes["resource_group_id"]),
+				Client:          dcl.String(rs.Primary.Attributes["client"]),
 				Description:     dcl.String(rs.Primary.Attributes["description"]),
 				Project:         dcl.StringOrNil(rs.Primary.Attributes["project"]),
 				CreateTime:      dcl.StringOrNil(rs.Primary.Attributes["create_time"]),

diff --git a/website/docs/r/cloudbuild_worker_pool.html.markdown b/website/docs/r/cloudbuild_worker_pool.html.markdown
@@ -61,6 +61,7 @@ resource "google_cloudbuild_worker_pool" "pool" {
   }
   network_config {
     peered_network = google_compute_network.network.id
+    peered_network_ip_range = "/29"
   }
   depends_on = [google_service_networking_connection.worker_pool_conn]
 }
@@ -100,6 +101,10 @@ The following arguments are supported:
 * `peered_network` -
   (Required)
   Immutable. The network definition that the workers are peered to. If this section is left empty, the workers will be peered to `WorkerPool.project_id` on the service producer network. Must be in the format `projects/{project}/global/networks/{network}`, where `{project}` is a project number, such as `12345`, and `{network}` is the name of a VPC network in the project. See (https://cloud.google.com/cloud-build/docs/custom-workers/set-up-custom-worker-pool-environment#understanding_the_network_configuration_options)
+
+* `peered_network_ip_range` -
+  (Optional)
+  Immutable. Subnet IP range within the peered network. This is specified in CIDR notation with a slash and the subnet prefix size. You can optionally specify an IP address before the subnet prefix value. e.g. `192.168.0.0/29` would specify an IP range starting at 192.168.0.0 with a prefix size of 29 bits. `/16` would specify a prefix size of 16 bits, with an automatically determined IP within the peered VPC. If unspecified, a value of `/24` will be used.
 
 <a name="nested_worker_config"></a>The `worker_config` block supports: