From 0dc10a5fd985483413b6259268dda5ea4d336393 Mon Sep 17 00:00:00 2001 From: Modular Magician Date: Fri, 14 Jul 2023 19:03:33 +0000 Subject: [PATCH] Add support for creating Apigee Organization without VPC peering (#8317) Signed-off-by: Modular Magician --- .changelog/8317.txt | 3 + ...urce_apigee_organization_generated_test.go | 54 +++++++++++++++ .../apigee/resource_apigee_organization.go | 32 +++++++++ .../docs/r/apigee_organization.html.markdown | 69 +++++++++++++++++++ 4 files changed, 158 insertions(+) create mode 100644 .changelog/8317.txt diff --git a/.changelog/8317.txt b/.changelog/8317.txt new file mode 100644 index 00000000000..6f010c19458 --- /dev/null +++ b/.changelog/8317.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +apigee: added `disable_vpc_peering` field to `google_apigee_organization` resource +``` diff --git a/google/resource_apigee_organization_generated_test.go b/google/resource_apigee_organization_generated_test.go index eafadffe582..3545c827215 100644 --- a/google/resource_apigee_organization_generated_test.go +++ b/google/resource_apigee_organization_generated_test.go @@ -117,6 +117,60 @@ resource "google_apigee_organization" "org" { `, context) } +func TestAccApigeeOrganization_apigeeOrganizationCloudBasicDisableVpcPeeringTestExample(t *testing.T) { + acctest.SkipIfVcr(t) + t.Parallel() + + context := map[string]interface{}{ + "org_id": envvar.GetTestOrgFromEnv(t), + "billing_account": envvar.GetTestBillingAccountFromEnv(t), + "random_suffix": acctest.RandString(t, 10), + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckApigeeOrganizationDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccApigeeOrganization_apigeeOrganizationCloudBasicDisableVpcPeeringTestExample(context), + }, + { + ResourceName: "google_apigee_organization.org", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"project_id", "retention"}, + }, + }, + }) +} + +func testAccApigeeOrganization_apigeeOrganizationCloudBasicDisableVpcPeeringTestExample(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_project" "project" { + project_id = "tf-test%{random_suffix}" + name = "tf-test%{random_suffix}" + org_id = "%{org_id}" + billing_account = "%{billing_account}" +} + +resource "google_project_service" "apigee" { + project = google_project.project.project_id + service = "apigee.googleapis.com" +} + +resource "google_apigee_organization" "org" { + description = "Terraform-provisioned basic Apigee Org without VPC Peering." + analytics_region = "us-central1" + project_id = google_project.project.project_id + disable_vpc_peering = true + depends_on = [ + google_project_service.apigee, + ] +} +`, context) +} + func testAccCheckApigeeOrganizationDestroyProducer(t *testing.T) func(s *terraform.State) error { return func(s *terraform.State) error { for name, rs := range s.RootModule().Resources { diff --git a/google/services/apigee/resource_apigee_organization.go b/google/services/apigee/resource_apigee_organization.go index 762fc63c213..b304f9fd3c7 100644 --- a/google/services/apigee/resource_apigee_organization.go +++ b/google/services/apigee/resource_apigee_organization.go @@ -80,6 +80,15 @@ Valid only when 'RuntimeType' is set to CLOUD. The value can be updated only whe Optional: true, Description: `Description of the Apigee organization.`, }, + "disable_vpc_peering": { + Type: schema.TypeBool, + Optional: true, + Description: `Flag that specifies whether the VPC Peering through Private Google Access should be +disabled between the consumer network and Apigee. Required if an 'authorizedNetwork' +on the consumer project is not provided, in which case the flag should be set to 'true'. +Valid only when 'RuntimeType' is set to CLOUD. The value must be set before the creation +of any Apigee runtime instance and can be updated only when there are no runtime instances.`, + }, "display_name": { Type: schema.TypeString, Optional: true, @@ -201,6 +210,12 @@ func resourceApigeeOrganizationCreate(d *schema.ResourceData, meta interface{}) } else if v, ok := d.GetOkExists("authorized_network"); !tpgresource.IsEmptyValue(reflect.ValueOf(authorizedNetworkProp)) && (ok || !reflect.DeepEqual(v, authorizedNetworkProp)) { obj["authorizedNetwork"] = authorizedNetworkProp } + disableVpcPeeringProp, err := expandApigeeOrganizationDisableVpcPeering(d.Get("disable_vpc_peering"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("disable_vpc_peering"); !tpgresource.IsEmptyValue(reflect.ValueOf(disableVpcPeeringProp)) && (ok || !reflect.DeepEqual(v, disableVpcPeeringProp)) { + obj["disableVpcPeering"] = disableVpcPeeringProp + } runtimeTypeProp, err := expandApigeeOrganizationRuntimeType(d.Get("runtime_type"), d, config) if err != nil { return err @@ -338,6 +353,9 @@ func resourceApigeeOrganizationRead(d *schema.ResourceData, meta interface{}) er if err := d.Set("authorized_network", flattenApigeeOrganizationAuthorizedNetwork(res["authorizedNetwork"], d, config)); err != nil { return fmt.Errorf("Error reading Organization: %s", err) } + if err := d.Set("disable_vpc_peering", flattenApigeeOrganizationDisableVpcPeering(res["disableVpcPeering"], d, config)); err != nil { + return fmt.Errorf("Error reading Organization: %s", err) + } if err := d.Set("runtime_type", flattenApigeeOrganizationRuntimeType(res["runtimeType"], d, config)); err != nil { return fmt.Errorf("Error reading Organization: %s", err) } @@ -397,6 +415,12 @@ func resourceApigeeOrganizationUpdate(d *schema.ResourceData, meta interface{}) } else if v, ok := d.GetOkExists("authorized_network"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, authorizedNetworkProp)) { obj["authorizedNetwork"] = authorizedNetworkProp } + disableVpcPeeringProp, err := expandApigeeOrganizationDisableVpcPeering(d.Get("disable_vpc_peering"), d, config) + if err != nil { + return err + } else if v, ok := d.GetOkExists("disable_vpc_peering"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, disableVpcPeeringProp)) { + obj["disableVpcPeering"] = disableVpcPeeringProp + } runtimeTypeProp, err := expandApigeeOrganizationRuntimeType(d.Get("runtime_type"), d, config) if err != nil { return err @@ -568,6 +592,10 @@ func flattenApigeeOrganizationAuthorizedNetwork(v interface{}, d *schema.Resourc return v } +func flattenApigeeOrganizationDisableVpcPeering(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { + return v +} + func flattenApigeeOrganizationRuntimeType(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} { return v } @@ -648,6 +676,10 @@ func expandApigeeOrganizationAuthorizedNetwork(v interface{}, d tpgresource.Terr return v, nil } +func expandApigeeOrganizationDisableVpcPeering(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { + return v, nil +} + func expandApigeeOrganizationRuntimeType(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) { return v, nil } diff --git a/website/docs/r/apigee_organization.html.markdown b/website/docs/r/apigee_organization.html.markdown index 681bec156a3..f497f4c408b 100644 --- a/website/docs/r/apigee_organization.html.markdown +++ b/website/docs/r/apigee_organization.html.markdown @@ -59,6 +59,19 @@ resource "google_apigee_organization" "org" { depends_on = [google_service_networking_connection.apigee_vpc_connection] } ``` +## Example Usage - Apigee Organization Cloud Basic Disable Vpc Peering + + +```hcl +data "google_client_config" "current" {} + +resource "google_apigee_organization" "org" { + description = "Terraform-provisioned basic Apigee Org without VPC Peering." + analytics_region = "us-central1" + project_id = data.google_client_config.current.project + disable_vpc_peering = true +} +``` ## Example Usage - Apigee Organization Cloud Full @@ -126,6 +139,54 @@ resource "google_apigee_organization" "org" { ] } ``` +## Example Usage - Apigee Organization Cloud Full Disable Vpc Peering + + +```hcl +data "google_client_config" "current" {} + +resource "google_kms_key_ring" "apigee_keyring" { + name = "apigee-keyring" + location = "us-central1" +} + +resource "google_kms_crypto_key" "apigee_key" { + name = "apigee-key" + key_ring = google_kms_key_ring.apigee_keyring.id + + lifecycle { + prevent_destroy = true + } +} + +resource "google_project_service_identity" "apigee_sa" { + provider = google-beta + project = google_project.project.project_id + service = google_project_service.apigee.service +} + +resource "google_kms_crypto_key_iam_binding" "apigee_sa_keyuser" { + crypto_key_id = google_kms_crypto_key.apigee_key.id + role = "roles/cloudkms.cryptoKeyEncrypterDecrypter" + + members = [ + "serviceAccount:${google_project_service_identity.apigee_sa.email}", + ] +} + +resource "google_apigee_organization" "org" { + analytics_region = "us-central1" + display_name = "apigee-org" + description = "Terraform-provisioned Apigee Org without VPC Peering." + project_id = data.google_client_config.current.project + disable_vpc_peering = true + runtime_database_encryption_key_name = google_kms_crypto_key.apigee_key.id + + depends_on = [ + google_kms_crypto_key_iam_binding.apigee_sa_keyuser, + ] +} +``` ## Argument Reference @@ -158,6 +219,14 @@ The following arguments are supported: See [Getting started with the Service Networking API](https://cloud.google.com/service-infrastructure/docs/service-networking/getting-started). Valid only when `RuntimeType` is set to CLOUD. The value can be updated only when there are no runtime instances. For example: "default". +* `disable_vpc_peering` - + (Optional) + Flag that specifies whether the VPC Peering through Private Google Access should be + disabled between the consumer network and Apigee. Required if an `authorizedNetwork` + on the consumer project is not provided, in which case the flag should be set to `true`. + Valid only when `RuntimeType` is set to CLOUD. The value must be set before the creation + of any Apigee runtime instance and can be updated only when there are no runtime instances. + * `runtime_type` - (Optional) Runtime type of the Apigee organization based on the Apigee subscription purchased.