feat(vertexai): Make it possible to use Private Service Connect in Ve…

…rtex AI Index Endpoint (GoogleCloudPlatform#8851)
jialei-chen · Nov 29, 2023 · 1054ba2 · 1054ba2
1 parent 4cd06bd
commit 1054ba2
Show file tree

Hide file tree

Showing 4 changed files with 102 additions and 0 deletions.
diff --git a/mmv1/products/vertexai/IndexEndpoint.yaml b/mmv1/products/vertexai/IndexEndpoint.yaml
@@ -60,6 +60,15 @@ examples:
     test_vars_overrides:
       network_name: 'acctest.BootstrapSharedServiceNetworkingConnection(t, "vpc-network-1")'
     skip_docs: true
+  - !ruby/object:Provider::Terraform::Examples
+    name: "vertex_ai_index_endpoint_with_psc"
+    primary_resource_id: "index_endpoint"
+  - !ruby/object:Provider::Terraform::Examples
+    name: "vertex_ai_index_endpoint_with_false_psc"
+    primary_resource_id: "index_endpoint"
+    # It's not distinguishable if the psc is false or not set, so we need to skip the test.
+    skip_import_test: true
+    skip_docs: true
   - !ruby/object:Provider::Terraform::Examples
     name: "vertex_ai_index_endpoint_with_public_endpoint"
     primary_resource_id: "index_endpoint"
@@ -109,6 +118,28 @@ properties:
       [Format](https://cloud.google.com/compute/docs/reference/rest/v1/networks/insert): `projects/{project}/global/networks/{network}`.
       Where `{project}` is a project number, as in `12345`, and `{network}` is network name.
     immutable: true
+    conflicts:
+      - privateServiceConnectConfig
+  - !ruby/object:Api::Type::NestedObject
+    name: privateServiceConnectConfig
+    immutable: true
+    default_from_api: true
+    description: |-
+      Optional. Configuration for private service connect. `network` and `privateServiceConnectConfig` are mutually exclusive.
+    conflicts:
+      - network
+    custom_flatten: templates/terraform/custom_flatten/vertex_ai_index_endpoint_private_service_connect_config.go.erb
+    properties:
+      - !ruby/object:Api::Type::Boolean
+        name: enablePrivateServiceConnect
+        description: If set to true, the IndexEndpoint is created without private service access.
+        immutable: true
+        required: true
+      - !ruby/object:Api::Type::Array
+        name: projectAllowlist
+        description: A list of Projects from which the forwarding rule will target the service attachment.
+        item_type: Api::Type::String
+        immutable: true
   - !ruby/object:Api::Type::Boolean
     name: publicEndpointEnabled
     immutable: true

diff --git a/...s/terraform/custom_flatten/vertex_ai_index_endpoint_private_service_connect_config.go.erb b/...s/terraform/custom_flatten/vertex_ai_index_endpoint_private_service_connect_config.go.erb
@@ -0,0 +1,42 @@
+<%# The license inside this block applies to this file.
+	# Copyright 2023 Google Inc.
+	# Licensed under the Apache License, Version 2.0 (the "License");
+	# you may not use this file except in compliance with the License.
+	# You may obtain a copy of the License at
+	#
+	#     http://www.apache.org/licenses/LICENSE-2.0
+	#
+	# Unless required by applicable law or agreed to in writing, software
+	# distributed under the License is distributed on an "AS IS" BASIS,
+	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	# See the License for the specific language governing permissions and
+	# limitations under the License.
+-%>
+func flatten<%= prefix -%><%= titlelize_property(property) -%>(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+    transformed := make(map[string]interface{})
+
+    if v == nil {
+        // Disabled by default, but API will not return object if value is false
+        transformed["enable_private_service_connect"] = false
+        return []interface{}{transformed}
+    }
+
+    original := v.(map[string]interface{})
+    if len(original) == 0 {
+        return nil
+    }
+
+    transformed["enable_private_service_connect"] =
+        flattenVertexAIIndexEndpointPrivateServiceConnectConfigEnablePrivateServiceConnect(original["enablePrivateServiceConnect"], d, config)
+    transformed["project_allowlist"] =
+        flattenVertexAIIndexEndpointPrivateServiceConnectConfigProjectAllowlist(original["projectAllowlist"], d, config)
+    return []interface{}{transformed}
+}
+
+func flattenVertexAIIndexEndpointPrivateServiceConnectConfigEnablePrivateServiceConnect(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+       return v
+}
+
+func flattenVertexAIIndexEndpointPrivateServiceConnectConfigProjectAllowlist(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+       return v
+}
diff --git a/mmv1/templates/terraform/examples/vertex_ai_index_endpoint_with_false_psc.tf.erb b/mmv1/templates/terraform/examples/vertex_ai_index_endpoint_with_false_psc.tf.erb
@@ -0,0 +1,12 @@
+resource "google_vertex_ai_index_endpoint" "<%= ctx[:primary_resource_id] %>" {
+  display_name = "sample-endpoint"
+  description  = "A sample vertex endpoint"
+  region       = "us-central1"
+  labels       = {
+    label-one = "value-one"
+  }
+
+  private_service_connect_config {
+    enable_private_service_connect = false
+  }
+}
diff --git a/mmv1/templates/terraform/examples/vertex_ai_index_endpoint_with_psc.tf.erb b/mmv1/templates/terraform/examples/vertex_ai_index_endpoint_with_psc.tf.erb
@@ -0,0 +1,17 @@
+resource "google_vertex_ai_index_endpoint" "<%= ctx[:primary_resource_id] %>" {
+  display_name = "sample-endpoint"
+  description  = "A sample vertex endpoint"
+  region       = "us-central1"
+  labels       = {
+    label-one = "value-one"
+  }
+
+  private_service_connect_config {
+    enable_private_service_connect = true
+    project_allowlist = [
+        data.google_project.project.number,
+    ]
+  }
+}
+
+data "google_project" "project" {}