Adding ServiceConnectionPolicies resource in NetworkConnectivity. (Go…

…ogleCloudPlatform#8273)

* adding both resources, basic test for serviceClass it's working, need to fix the test scenario for policy

* fix the test scenario and the service class resource properties

* adding a testing update, just adding the labels for the resource

* added the resource service connection map, and it's basic test, need to evaluate

* Revert "added the resource service connection map, and it's basic test, need to evaluate"

This reverts commit 4240e1d.

* removing the service class in one test scenario and using a static value

* fix a typo

* removing serviceClass and fix the tests

* removing ga tag and updatinga etag for fingerprint type

* updating the code, to remove the static value from the docs, need to test

* adding a file to tpgtools override at product level

* adding function to help with env var, but the patch on tests it's failing

* adding the variable to be used in the docs

* fixing the test, the network field cannot be immutable

* removing the env_var service class and adding a static value

* updating the value used from tests and documentation

* removing unused resources for docs and tests

* fix typos, not used variables and run the fmt

* adding description to the basic test

* fixed yaml variable override

* removing unused resources for tests, and making the test fails with network as immutable

* adding encoder to help network field be immutable and be sent on patch method

mmv1/products/networkconnectivity/ServiceConnectionPolicies.yaml

@@ -0,0 +1,139 @@
+# Copyright 2023 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the 'License');
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an 'AS IS' BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+--- !ruby/object:Api::Resource
+name: 'ServiceConnectionPolicy'
+base_url: 'projects/{{project}}/locations/{{location}}/serviceConnectionPolicies'
+create_url: 'projects/{{project}}/locations/{{location}}/serviceConnectionPolicies?serviceConnectionPolicyId={{name}}'
+self_link: 'projects/{{project}}/locations/{{location}}/serviceConnectionPolicies/{{name}}'
+update_verb: :PATCH
+update_mask: true
+description:
+  'Manage Service Connection Policies.'
+references: !ruby/object:Api::Resource::ReferenceLinks
+  api: 'https://cloud.google.com/secure-web-proxy/docs/reference/networkconnectivity/rest/v1/projects.locations.networkConnectionPolicies'
+  guides:
+    'About Service Connection Policies': 'https://cloud.google.com/vpc/docs/about-service-connection-policies#service-policies'
+async: !ruby/object:Api::OpAsync
+  operation: !ruby/object:Api::OpAsync::Operation
+    path: 'name'
+    base_url: '{{op_id}}'
+    wait_ms: 1000
+    timeouts: !ruby/object:Api::Timeouts
+      insert_minutes: 30
+      update_minutes: 30
+      delete_minutes: 30
+  result: !ruby/object:Api::OpAsync::Result
+    path: 'response'
+  status: !ruby/object:Api::OpAsync::Status
+    path: 'done'
+    complete: true
+    allowed:
+      - true
+      - false
+  error: !ruby/object:Api::OpAsync::Error
+    path: 'error'
+    message: 'message'
+autogen_async: true
+import_format:
+  ['projects/{{project}}/locations/{{location}}/serviceConnectionPolicies/{{name}}']
+examples:
+  - !ruby/object:Provider::Terraform::Examples
+    name: 'network_connectivity_policy_basic'
+    primary_resource_id: 'default'
+    vars:
+      resource_name: 'my-network-connectivity-policy'
+      producer_network_name: 'producer-net'
+      producer_subnetwork_name: 'producer-subnet'
+      service_class_name: 'my-basic-service-class'
+    test_vars_overrides:
+      service_class_name: '"gcp-memorystore-redis"'
+custom_code: !ruby/object:Provider::Terraform::CustomCode
+  update_encoder: templates/terraform/encoders/service_connection_policy.go.erb
+parameters:
+  - !ruby/object:Api::Type::String
+    name: 'name'
+    required: true
+    immutable: true
+    url_param_only: true
+    description: |
+      The name of a ServiceConnectionPolicy. Format: projects/{project}/locations/{location}/serviceConnectionPolicies/{service_connection_policy} See: https://google.aip.dev/122#fields-representing-resource-names
+  - !ruby/object:Api::Type::String
+    name: 'location'
+    required: true
+    immutable: true
+    url_param_only: true
+    description: |
+      The location of the ServiceConnectionPolicy.
+properties:
+  - !ruby/object:Api::Type::Time
+    name: 'createTime'
+    description: |
+      The timestamp when the resource was created.
+    output: true
+  - !ruby/object:Api::Type::Time
+    name: 'updateTime'
+    description: |
+      The timestamp when the resource was updated.
+    output: true
+  - !ruby/object:Api::Type::String
+    name: 'serviceClass'
+    required: true
+    immutable: true
+    description: |
+      The service class identifier for which this ServiceConnectionPolicy is for. The service class identifier is a unique, symbolic representation of a ServiceClass.
+      It is provided by the Service Producer. Google services have a prefix of gcp. For example, gcp-cloud-sql. 3rd party services do not. For example, test-service-a3dfcx.
+  - !ruby/object:Api::Type::String
+    name: 'description'
+    description: |
+      Free-text description of the resource.
+  - !ruby/object:Api::Type::String
+    name: 'network'
+    required: true
+    immutable: true
+    description: |
+      The resource path of the consumer network. Example: - projects/{projectNumOrId}/global/networks/{resourceId}.
+  - !ruby/object:Api::Type::NestedObject
+    name: 'pscConfig'
+    description: |
+      Configuration used for Private Service Connect connections. Used when Infrastructure is PSC.
+    properties: 
+      - !ruby/object:Api::Type::Array
+        name: 'subnetworks'
+        required: true
+        item_type: Api::Type::String
+        description: |
+          IDs of the subnetworks or fully qualified identifiers for the subnetworks
+      - !ruby/object:Api::Type::String
+        name: 'limit'
+        description: |
+          Max number of PSC connections for this policy.
+  - !ruby/object:Api::Type::Fingerprint
+    name: 'etag'
+    description: |
+      The etag is computed by the server, and may be sent on update and delete requests to ensure the client has an up-to-date value before proceeding.
+  - !ruby/object:Api::Type::Array
+    name: 'pscConnections'
+    output: true
+    item_type: Api::Type::String
+    description: |
+      Information about each Private Service Connect connection.
+  - !ruby/object:Api::Type::String
+    name: 'infrastructure'
+    output: true
+    description: |
+      The type of underlying resources used to create the connection.
+  - !ruby/object:Api::Type::KeyValuePairs
+    name: "labels"
+    description: |
+      User-defined labels.

mmv1/products/networkconnectivity/product.yaml

@@ -0,0 +1,27 @@
+# Copyright 2023 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+--- !ruby/object:Api::Product
+name: NetworkConnectivity
+display_name: Network Connectivity
+scopes:
+  - https://www.googleapis.com/auth/cloud-platform
+versions:
+  - !ruby/object:Api::Product::Version
+    name: ga
+    base_url: https://networkconnectivity.googleapis.com/v1/
+apis_required:
+  - !ruby/object:Api::Product::ApiReference
+    name: Network Connectivity API
+    url: https://console.cloud.google.com/apis/library/networkconnectivity.googleapis.com/
+

mmv1/templates/terraform/encoders/service_connection_policy.go.erb

@@ -0,0 +1,2 @@
+obj["network"] = d.Get("network").(string)
+return obj, nil

mmv1/templates/terraform/examples/network_connectivity_policy_basic.tf.erb

@@ -0,0 +1,23 @@
+resource "google_compute_network" "producer_net" {
+  name                    = "<%= ctx[:vars]['producer_network_name'] %>"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "producer_subnet" {
+  name          = "<%= ctx[:vars]['producer_subnetwork_name'] %>"
+  ip_cidr_range = "10.0.0.0/16"
+  region        = "us-central1"
+  network       = google_compute_network.producer_net.id
+}
+
+resource "google_network_connectivity_service_connection_policy" "default" {
+  name = "<%= ctx[:vars]['resource_name'] %>"
+  location = "us-central1"
+  service_class = "<%= ctx[:vars]['service_class_name'] %>"
+  description   = "my basic service connection policy"
+  network = google_compute_network.producer_net.id
+  psc_config {
+    subnetworks = [google_compute_subnetwork.producer_subnet.id]
+    limit = 2
+  }
+}

mmv1/third_party/terraform/fwmodels/provider_model.go.erb

@@ -53,7 +53,6 @@ type ProviderModel struct {
 	CloudResourceManagerCustomEndpoint types.String `tfsdk:"cloud_resource_manager_custom_endpoint"`
 	EventarcCustomEndpoint             types.String `tfsdk:"eventarc_custom_endpoint"`
 	FirebaserulesCustomEndpoint        types.String `tfsdk:"firebaserules_custom_endpoint"`
-	NetworkConnectivityCustomEndpoint  types.String `tfsdk:"network_connectivity_custom_endpoint"`
 <% if version == "ga" -%>
 	OrgPolicyCustomEndpoint            types.String `tfsdk:"org_policy_custom_endpoint"`
 <% end -%>

mmv1/third_party/terraform/tests/resource_network_connectivity_service_connection_policies_test.go

@@ -0,0 +1,109 @@
+package google
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-provider-google/google/acctest"
+)
+
+func TestAccNetworkConnectivityServiceConnectionPolicy_update(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"networkProducerName":         fmt.Sprintf("tf-test-network-%s", RandString(t, 10)),
+		"subnetworkProducerName1":     fmt.Sprintf("tf-test-subnet-producer-%s", RandString(t, 10)),
+		"subnetworkProducerName2":     fmt.Sprintf("tf-test-subnet-producer-%s", RandString(t, 10)),
+		"serviceConnectionPolicyName": fmt.Sprintf("tf-test-service-connection-policy-%s", RandString(t, 10)),
+	}
+
+	VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckNetworkConnectivityServiceConnectionPolicyDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccNetworkConnectivityServiceConnectionPolicy_basic(context),
+			},
+			{
+				ResourceName:      "google_network_connectivity_service_connection_policy.default",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccNetworkConnectivityServiceConnectionPolicy_update(context),
+			},
+			{
+				ResourceName:      "google_network_connectivity_service_connection_policy.default",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccNetworkConnectivityServiceConnectionPolicy_basic(context),
+			},
+			{
+				ResourceName:      "google_network_connectivity_service_connection_policy.default",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func testAccNetworkConnectivityServiceConnectionPolicy_basic(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+  resource "google_compute_network" "producer_net" {
+    name                    = "%{networkProducerName}"
+    auto_create_subnetworks = false
+  }
+  
+  resource "google_compute_subnetwork" "producer_subnet" {
+    name          = "%{subnetworkProducerName1}"
+    ip_cidr_range = "10.0.0.0/16"
+    region        = "us-central1"
+    network       = google_compute_network.producer_net.id
+  }
+  
+  resource "google_network_connectivity_service_connection_policy" "default" {
+    name = "%{serviceConnectionPolicyName}"
+    location = "us-central1"
+    service_class = "gcp-memorystore-redis"
+    network = google_compute_network.producer_net.id
+    psc_config {
+      subnetworks = [google_compute_subnetwork.producer_subnet.id]
+      limit = 2
+    }
+  }
+`, context)
+}
+
+func testAccNetworkConnectivityServiceConnectionPolicy_update(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_compute_network" "producer_net" {
+  name                    = "%{networkProducerName}"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "producer_subnet1" {
+  name          = "%{subnetworkProducerName2}"
+  ip_cidr_range = "10.1.0.0/16"
+  region        = "us-central1"
+  network       = google_compute_network.producer_net.id
+}
+
+resource "google_network_connectivity_service_connection_policy" "default" {
+  name = "%{serviceConnectionPolicyName}"
+  location = "us-central1"
+  service_class = "gcp-memorystore-redis"
+  network = google_compute_network.producer_net.id
+  psc_config {
+    subnetworks = [google_compute_subnetwork.producer_subnet1.id]
+    limit = 4
+  }
+  labels      = {
+    foo = "bar"
+  }
+}
+`, context)
+}

tpgtools/overrides/networkconnectivity/tpgtools_product.yaml

@@ -0,0 +1,5 @@
+## product level overrides
+
+- type: PRODUCT_BASE_PATH
+  details:
+    skip: true