diff --git a/mmv1/products/compute/RouterNat.yaml b/mmv1/products/compute/RouterNat.yaml index dc7fd525db8a..2cdda089885c 100644 --- a/mmv1/products/compute/RouterNat.yaml +++ b/mmv1/products/compute/RouterNat.yaml @@ -258,6 +258,38 @@ properties: is_set: true item_type: type: String + - name: 'sourceSubnetworkIpRangesToNat64' + type: Enum + description: | + Specify the Nat option for NAT64, which can take one of the following values: + ALL_IPV6_SUBNETWORKS: All of the IP ranges in every Subnetwork are allowed to Nat. + LIST_OF_IPV6_SUBNETWORKS: A list of Subnetworks are allowed to Nat (specified in the field nat64Subnetwork below). + Note that if this field contains NAT64_ALL_V6_SUBNETWORKS no other Router.Nat section in this region can also enable NAT64 for any Subnetworks in this network. + Other Router.Nat sections can still be present to enable NAT44 only. + enum_values: + - 'ALL_IPV6_SUBNETWORKS' + - 'LIST_OF_IPV6_SUBNETWORKS' + min_version: 'beta' + - name: 'nat64Subnetwork' + type: Array + description: | + One or more subnetwork NAT configurations whose traffic should be translated by NAT64 Gateway. + Only used if `source_subnetwork_ip_ranges_to_nat64` is set to `LIST_OF_IPV6_SUBNETWORKS` + api_name: nat64Subnetworks + is_set: true + send_empty_value: true + set_hash_func: computeRouterNatSubnetworkHash + min_version: 'beta' + item_type: + type: NestedObject + properties: + - name: 'name' + type: ResourceRef + description: 'Self-link of the subnetwork resource that will use NAT64' + required: true + custom_expand: 'templates/terraform/custom_expand/resourceref_with_validation.go.tmpl' + resource: 'Subnetwork' + imports: 'selfLink' - name: 'minPortsPerVm' type: Integer description: | diff --git a/mmv1/products/dns/Policy.yaml b/mmv1/products/dns/Policy.yaml index 545fcf938f12..55ea21dca054 100644 --- a/mmv1/products/dns/Policy.yaml +++ b/mmv1/products/dns/Policy.yaml @@ -103,6 +103,19 @@ properties: update_url: 'projects/{{project}}/policies/{{name}}' update_verb: 'PATCH' default_value: "Managed by Terraform" + - name: 'dns64Config' + type: NestedObject + default_from_api: true + description: Configurations related to DNS64 for this Policy. + properties: + - name: 'scope' + type: NestedObject + description: The scope to which DNS64 config will be applied to. + properties: + - name: 'allQueries' + type: Boolean + description: Controls whether DNS64 is enabled globally at the network level. + send_empty_value: true - name: 'enableInboundForwarding' type: Boolean description: | diff --git a/mmv1/third_party/terraform/services/compute/resource_compute_router_nat_test.go.tmpl b/mmv1/third_party/terraform/services/compute/resource_compute_router_nat_test.go.tmpl index b046526e7535..b0f3dfcdee1f 100644 --- a/mmv1/third_party/terraform/services/compute/resource_compute_router_nat_test.go.tmpl +++ b/mmv1/third_party/terraform/services/compute/resource_compute_router_nat_test.go.tmpl @@ -804,6 +804,40 @@ func testAccCheckComputeRouterNatDelete(t *testing.T, n string) resource.TestChe } } +{{ if ne $.TargetVersionName `ga` -}} +func TestAccComputeRouterNat_withNat64Configuration(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": acctest.RandString(t, 10), + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckComputeRouterNatDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccComputeRouterNatWithNat64Configuration(context), + }, + { + ResourceName: "google_compute_router_nat.foobar", + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccComputeRouterNatWithNat64ConfigurationUpdate(context), + }, + { + ResourceName: "google_compute_router_nat.foobar", + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} +{{- end }} + func testAccComputeRouterNatBasic(routerName string) string { return fmt.Sprintf(` resource "google_compute_network" "foobar" { @@ -2059,3 +2093,138 @@ resource "google_compute_router_nat" "foobar" { } `, testAccComputeRouterNatBaseResourcesWithPrivateNatSubnetworks(routerName, hubName), routerName) } + +{{ if ne $.TargetVersionName `ga` -}} +func testAccComputeRouterNatWithNat64Configuration(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_dns_policy" "foobar" { + name = "tf-test-example-policy%{random_suffix}" + enable_inbound_forwarding = false + enable_logging = false + + dns64_config { + scope { + all_queries = true + } + } + networks { + network_url = google_compute_network.foobar.id + } +} + +resource "google_compute_network" "foobar" { + name = "tf-test-network%{random_suffix}" + enable_ula_internal_ipv6 = true + auto_create_subnetworks = false +} + +resource "google_compute_subnetwork" "foobar" { + name = "tf-test-subnetwork-%{random_suffix}" + network = google_compute_network.foobar.self_link + ip_cidr_range = "10.0.0.0/16" + region = "us-central1" +} + +resource "google_compute_subnetwork" "foobar2" { + name = "tf-test-subnetwork-2-%{random_suffix}" + network = google_compute_network.foobar.self_link + ip_cidr_range = "10.182.0.0/20" + ipv6_access_type = "EXTERNAL" + stack_type = "IPV4_IPV6" + region = "us-central1" +} + +resource "google_compute_router" "foobar" { + name = "tf-test-router%{random_suffix}" + region = google_compute_subnetwork.foobar.region + network = google_compute_network.foobar.self_link + bgp { + asn = 64514 + } +} + +resource "google_compute_router_nat" "foobar" { + name = "tf-test-router-nat%{random_suffix}" + router = google_compute_router.foobar.name + region = google_compute_router.foobar.region + nat_ip_allocate_option = "AUTO_ONLY" + + source_subnetwork_ip_ranges_to_nat = "LIST_OF_SUBNETWORKS" + subnetwork { + name = google_compute_subnetwork.foobar.name + source_ip_ranges_to_nat = ["ALL_IP_RANGES"] + } + + source_subnetwork_ip_ranges_to_nat64 = "ALL_IPV6_SUBNETWORKS" +} +`, context) +} + +func testAccComputeRouterNatWithNat64ConfigurationUpdate(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_dns_policy" "foobar" { + name = "tf-test-example-policy%{random_suffix}" + enable_inbound_forwarding = false + enable_logging = false + + dns64_config { + scope { + all_queries = true + } + } + networks { + network_url = google_compute_network.foobar.id + } +} + +resource "google_compute_network" "foobar" { + name = "tf-test-network%{random_suffix}" + enable_ula_internal_ipv6 = true + auto_create_subnetworks = false +} + +resource "google_compute_subnetwork" "foobar" { + name = "tf-test-subnetwork-%{random_suffix}" + network = google_compute_network.foobar.self_link + ip_cidr_range = "10.0.0.0/16" + region = "us-central1" +} + +resource "google_compute_subnetwork" "foobar2" { + name = "tf-test-subnetwork-2-%{random_suffix}" + network = google_compute_network.foobar.self_link + ip_cidr_range = "10.182.0.0/20" + ipv6_access_type = "EXTERNAL" + stack_type = "IPV4_IPV6" + region = "us-central1" +} + +resource "google_compute_router" "foobar" { + name = "tf-test-router%{random_suffix}" + region = google_compute_subnetwork.foobar.region + network = google_compute_network.foobar.self_link + bgp { + asn = 64514 + } +} + +resource "google_compute_router_nat" "foobar" { + name = "tf-test-router-nat%{random_suffix}" + router = google_compute_router.foobar.name + region = google_compute_router.foobar.region + nat_ip_allocate_option = "AUTO_ONLY" + + source_subnetwork_ip_ranges_to_nat = "LIST_OF_SUBNETWORKS" + subnetwork { + name = google_compute_subnetwork.foobar.name + source_ip_ranges_to_nat = ["ALL_IP_RANGES"] + } + + source_subnetwork_ip_ranges_to_nat64 = "LIST_OF_IPV6_SUBNETWORKS" + nat64_subnetwork { + name = google_compute_subnetwork.foobar2.name + } +} +`, context) +} +{{- end }} diff --git a/mmv1/third_party/terraform/services/dns/resource_dns_policy_test.go.tmpl b/mmv1/third_party/terraform/services/dns/resource_dns_policy_test.go.tmpl index a4210409d1c6..8378349ab1c3 100644 --- a/mmv1/third_party/terraform/services/dns/resource_dns_policy_test.go.tmpl +++ b/mmv1/third_party/terraform/services/dns/resource_dns_policy_test.go.tmpl @@ -70,3 +70,61 @@ resource "google_compute_network" "network-2" { } `, suffix, forwarding, first_nameserver, second_nameserver, network, suffix, suffix) } + +func TestAccDNSPolicy_dnsPolicyDns64(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": acctest.RandString(t, 10), + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckDNSPolicyDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccDNSPolicy_dnsPolicyDns64(context), + }, + { + ResourceName: "google_dns_policy.example-policy", + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func testAccDNSPolicy_dnsPolicyDns64(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_dns_policy" "example-policy" { + name = "tf-test-example-policy%{random_suffix}" + enable_inbound_forwarding = false + + enable_logging = true + + dns64_config { + scope { + all_queries = true + } + } + + networks { + network_url = google_compute_network.network-1.id + } + networks { + network_url = google_compute_network.network-2.id + } +} + +resource "google_compute_network" "network-1" { + name = "tf-test-network-1%{random_suffix}" + auto_create_subnetworks = false +} + +resource "google_compute_network" "network-2" { + name = "tf-test-network-2%{random_suffix}" + auto_create_subnetworks = false +} +`, context) +}