From fc7d484e62c2c4b3b8e7dc9581664c6e0f4ba152 Mon Sep 17 00:00:00 2001 From: Matheus Guilherme Souza Aleixo Date: Wed, 2 Apr 2025 18:20:49 -0300 Subject: [PATCH 1/2] - Added sourceSubnetworkIpRangesToNat64 and nat64Subnetwork fields to compute RouterNat; - Added dns64Config field to dns Policy; --- mmv1/products/compute/RouterNat.yaml | 32 ++++ mmv1/products/dns/Policy.yaml | 12 ++ .../resource_compute_router_nat_test.go.tmpl | 181 ++++++++++++++++++ .../dns/resource_dns_policy_test.go.tmpl | 58 ++++++ 4 files changed, 283 insertions(+) diff --git a/mmv1/products/compute/RouterNat.yaml b/mmv1/products/compute/RouterNat.yaml index dc7fd525db8a..2cdda089885c 100644 --- a/mmv1/products/compute/RouterNat.yaml +++ b/mmv1/products/compute/RouterNat.yaml @@ -258,6 +258,38 @@ properties: is_set: true item_type: type: String + - name: 'sourceSubnetworkIpRangesToNat64' + type: Enum + description: | + Specify the Nat option for NAT64, which can take one of the following values: + ALL_IPV6_SUBNETWORKS: All of the IP ranges in every Subnetwork are allowed to Nat. + LIST_OF_IPV6_SUBNETWORKS: A list of Subnetworks are allowed to Nat (specified in the field nat64Subnetwork below). + Note that if this field contains NAT64_ALL_V6_SUBNETWORKS no other Router.Nat section in this region can also enable NAT64 for any Subnetworks in this network. + Other Router.Nat sections can still be present to enable NAT44 only. + enum_values: + - 'ALL_IPV6_SUBNETWORKS' + - 'LIST_OF_IPV6_SUBNETWORKS' + min_version: 'beta' + - name: 'nat64Subnetwork' + type: Array + description: | + One or more subnetwork NAT configurations whose traffic should be translated by NAT64 Gateway. + Only used if `source_subnetwork_ip_ranges_to_nat64` is set to `LIST_OF_IPV6_SUBNETWORKS` + api_name: nat64Subnetworks + is_set: true + send_empty_value: true + set_hash_func: computeRouterNatSubnetworkHash + min_version: 'beta' + item_type: + type: NestedObject + properties: + - name: 'name' + type: ResourceRef + description: 'Self-link of the subnetwork resource that will use NAT64' + required: true + custom_expand: 'templates/terraform/custom_expand/resourceref_with_validation.go.tmpl' + resource: 'Subnetwork' + imports: 'selfLink' - name: 'minPortsPerVm' type: Integer description: | diff --git a/mmv1/products/dns/Policy.yaml b/mmv1/products/dns/Policy.yaml index 545fcf938f12..d3170876e991 100644 --- a/mmv1/products/dns/Policy.yaml +++ b/mmv1/products/dns/Policy.yaml @@ -103,6 +103,18 @@ properties: update_url: 'projects/{{project}}/policies/{{name}}' update_verb: 'PATCH' default_value: "Managed by Terraform" + - name: 'dns64Config' + type: NestedObject + description: Configurations related to DNS64 for this Policy. + properties: + - name: 'scope' + type: NestedObject + description: The scope to which DNS64 config will be applied to. + properties: + - name: 'allQueries' + type: Boolean + description: Controls whether DNS64 is enabled globally at the network level. + send_empty_value: true - name: 'enableInboundForwarding' type: Boolean description: | diff --git a/mmv1/third_party/terraform/services/compute/resource_compute_router_nat_test.go.tmpl b/mmv1/third_party/terraform/services/compute/resource_compute_router_nat_test.go.tmpl index b046526e7535..a3555b979f54 100644 --- a/mmv1/third_party/terraform/services/compute/resource_compute_router_nat_test.go.tmpl +++ b/mmv1/third_party/terraform/services/compute/resource_compute_router_nat_test.go.tmpl @@ -804,6 +804,40 @@ func testAccCheckComputeRouterNatDelete(t *testing.T, n string) resource.TestChe } } +{{ if ne $.TargetVersionName `ga` -}} +func TestAccComputeRouterNat_withNat64Configuration(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": acctest.RandString(t, 10), + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t), + CheckDestroy: testAccCheckComputeRouterNatDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccComputeRouterNatWithNat64Configuration(context), + }, + { + ResourceName: "google_compute_router_nat.foobar", + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccComputeRouterNatWithNat64ConfigurationUpdate(context), + }, + { + ResourceName: "google_compute_router_nat.foobar", + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} +{{- end }} + func testAccComputeRouterNatBasic(routerName string) string { return fmt.Sprintf(` resource "google_compute_network" "foobar" { @@ -2059,3 +2093,150 @@ resource "google_compute_router_nat" "foobar" { } `, testAccComputeRouterNatBaseResourcesWithPrivateNatSubnetworks(routerName, hubName), routerName) } + +{{ if ne $.TargetVersionName `ga` -}} +func testAccComputeRouterNatWithNat64Configuration(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_dns_policy" "foobar" { + provider = google-beta + name = "tf-test-example-policy%{random_suffix}" + enable_inbound_forwarding = false + enable_logging = false + + dns64_config { + scope { + all_queries = true + } + } + networks { + network_url = google_compute_network.foobar.id + } +} + +resource "google_compute_network" "foobar" { + provider = google-beta + name = "tf-test-network%{random_suffix}" + enable_ula_internal_ipv6 = true + auto_create_subnetworks = false +} + +resource "google_compute_subnetwork" "foobar" { + provider = google-beta + name = "tf-test-subnetwork-%{random_suffix}" + network = google_compute_network.foobar.self_link + ip_cidr_range = "10.0.0.0/16" + region = "us-central1" +} + +resource "google_compute_subnetwork" "foobar2" { + provider = google-beta + name = "tf-test-subnetwork-2-%{random_suffix}" + network = google_compute_network.foobar.self_link + ip_cidr_range = "10.182.0.0/20" + ipv6_access_type = "EXTERNAL" + stack_type = "IPV4_IPV6" + region = "us-central1" +} + +resource "google_compute_router" "foobar" { + provider = google-beta + name = "tf-test-router%{random_suffix}" + region = google_compute_subnetwork.foobar.region + network = google_compute_network.foobar.self_link + bgp { + asn = 64514 + } +} + +resource "google_compute_router_nat" "foobar" { + provider = google-beta + name = "tf-test-router-nat%{random_suffix}" + router = google_compute_router.foobar.name + region = google_compute_router.foobar.region + nat_ip_allocate_option = "AUTO_ONLY" + + source_subnetwork_ip_ranges_to_nat = "LIST_OF_SUBNETWORKS" + subnetwork { + name = google_compute_subnetwork.foobar.name + source_ip_ranges_to_nat = ["ALL_IP_RANGES"] + } + + source_subnetwork_ip_ranges_to_nat64 = "ALL_IPV6_SUBNETWORKS" +} +`, context) +} + +func testAccComputeRouterNatWithNat64ConfigurationUpdate(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_dns_policy" "foobar" { + provider = google-beta + name = "tf-test-example-policy%{random_suffix}" + enable_inbound_forwarding = false + enable_logging = false + + dns64_config { + scope { + all_queries = true + } + } + networks { + network_url = google_compute_network.foobar.id + } +} + +resource "google_compute_network" "foobar" { + provider = google-beta + name = "tf-test-network%{random_suffix}" + enable_ula_internal_ipv6 = true + auto_create_subnetworks = false +} + +resource "google_compute_subnetwork" "foobar" { + provider = google-beta + name = "tf-test-subnetwork-%{random_suffix}" + network = google_compute_network.foobar.self_link + ip_cidr_range = "10.0.0.0/16" + region = "us-central1" +} + +resource "google_compute_subnetwork" "foobar2" { + provider = google-beta + name = "tf-test-subnetwork-2-%{random_suffix}" + network = google_compute_network.foobar.self_link + ip_cidr_range = "10.182.0.0/20" + ipv6_access_type = "EXTERNAL" + stack_type = "IPV4_IPV6" + region = "us-central1" +} + +resource "google_compute_router" "foobar" { + provider = google-beta + name = "tf-test-router%{random_suffix}" + region = google_compute_subnetwork.foobar.region + network = google_compute_network.foobar.self_link + bgp { + asn = 64514 + } +} + +resource "google_compute_router_nat" "foobar" { + provider = google-beta + name = "tf-test-router-nat%{random_suffix}" + router = google_compute_router.foobar.name + region = google_compute_router.foobar.region + nat_ip_allocate_option = "AUTO_ONLY" + + source_subnetwork_ip_ranges_to_nat = "LIST_OF_SUBNETWORKS" + subnetwork { + name = google_compute_subnetwork.foobar.name + source_ip_ranges_to_nat = ["ALL_IP_RANGES"] + } + + source_subnetwork_ip_ranges_to_nat64 = "LIST_OF_IPV6_SUBNETWORKS" + nat64_subnetwork { + name = google_compute_subnetwork.foobar2.name + } +} +`, context) +} +{{- end }} diff --git a/mmv1/third_party/terraform/services/dns/resource_dns_policy_test.go.tmpl b/mmv1/third_party/terraform/services/dns/resource_dns_policy_test.go.tmpl index a4210409d1c6..8378349ab1c3 100644 --- a/mmv1/third_party/terraform/services/dns/resource_dns_policy_test.go.tmpl +++ b/mmv1/third_party/terraform/services/dns/resource_dns_policy_test.go.tmpl @@ -70,3 +70,61 @@ resource "google_compute_network" "network-2" { } `, suffix, forwarding, first_nameserver, second_nameserver, network, suffix, suffix) } + +func TestAccDNSPolicy_dnsPolicyDns64(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": acctest.RandString(t, 10), + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckDNSPolicyDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccDNSPolicy_dnsPolicyDns64(context), + }, + { + ResourceName: "google_dns_policy.example-policy", + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func testAccDNSPolicy_dnsPolicyDns64(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_dns_policy" "example-policy" { + name = "tf-test-example-policy%{random_suffix}" + enable_inbound_forwarding = false + + enable_logging = true + + dns64_config { + scope { + all_queries = true + } + } + + networks { + network_url = google_compute_network.network-1.id + } + networks { + network_url = google_compute_network.network-2.id + } +} + +resource "google_compute_network" "network-1" { + name = "tf-test-network-1%{random_suffix}" + auto_create_subnetworks = false +} + +resource "google_compute_network" "network-2" { + name = "tf-test-network-2%{random_suffix}" + auto_create_subnetworks = false +} +`, context) +} From f91cd7cb60da160bb849452c48026c446b8de78a Mon Sep 17 00:00:00 2001 From: Matheus Guilherme Souza Aleixo Date: Fri, 4 Apr 2025 17:09:11 -0300 Subject: [PATCH 2/2] - Added default_from_api property to dns64Config field; - Removed google-beta provider usage in Nat64Config test; --- mmv1/products/dns/Policy.yaml | 1 + .../resource_compute_router_nat_test.go.tmpl | 14 +------------- 2 files changed, 2 insertions(+), 13 deletions(-) diff --git a/mmv1/products/dns/Policy.yaml b/mmv1/products/dns/Policy.yaml index d3170876e991..55ea21dca054 100644 --- a/mmv1/products/dns/Policy.yaml +++ b/mmv1/products/dns/Policy.yaml @@ -105,6 +105,7 @@ properties: default_value: "Managed by Terraform" - name: 'dns64Config' type: NestedObject + default_from_api: true description: Configurations related to DNS64 for this Policy. properties: - name: 'scope' diff --git a/mmv1/third_party/terraform/services/compute/resource_compute_router_nat_test.go.tmpl b/mmv1/third_party/terraform/services/compute/resource_compute_router_nat_test.go.tmpl index a3555b979f54..b0f3dfcdee1f 100644 --- a/mmv1/third_party/terraform/services/compute/resource_compute_router_nat_test.go.tmpl +++ b/mmv1/third_party/terraform/services/compute/resource_compute_router_nat_test.go.tmpl @@ -814,7 +814,7 @@ func TestAccComputeRouterNat_withNat64Configuration(t *testing.T) { acctest.VcrTest(t, resource.TestCase{ PreCheck: func() { acctest.AccTestPreCheck(t) }, - ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t), + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), CheckDestroy: testAccCheckComputeRouterNatDestroyProducer(t), Steps: []resource.TestStep{ { @@ -2098,7 +2098,6 @@ resource "google_compute_router_nat" "foobar" { func testAccComputeRouterNatWithNat64Configuration(context map[string]interface{}) string { return acctest.Nprintf(` resource "google_dns_policy" "foobar" { - provider = google-beta name = "tf-test-example-policy%{random_suffix}" enable_inbound_forwarding = false enable_logging = false @@ -2114,14 +2113,12 @@ resource "google_dns_policy" "foobar" { } resource "google_compute_network" "foobar" { - provider = google-beta name = "tf-test-network%{random_suffix}" enable_ula_internal_ipv6 = true auto_create_subnetworks = false } resource "google_compute_subnetwork" "foobar" { - provider = google-beta name = "tf-test-subnetwork-%{random_suffix}" network = google_compute_network.foobar.self_link ip_cidr_range = "10.0.0.0/16" @@ -2129,7 +2126,6 @@ resource "google_compute_subnetwork" "foobar" { } resource "google_compute_subnetwork" "foobar2" { - provider = google-beta name = "tf-test-subnetwork-2-%{random_suffix}" network = google_compute_network.foobar.self_link ip_cidr_range = "10.182.0.0/20" @@ -2139,7 +2135,6 @@ resource "google_compute_subnetwork" "foobar2" { } resource "google_compute_router" "foobar" { - provider = google-beta name = "tf-test-router%{random_suffix}" region = google_compute_subnetwork.foobar.region network = google_compute_network.foobar.self_link @@ -2149,7 +2144,6 @@ resource "google_compute_router" "foobar" { } resource "google_compute_router_nat" "foobar" { - provider = google-beta name = "tf-test-router-nat%{random_suffix}" router = google_compute_router.foobar.name region = google_compute_router.foobar.region @@ -2169,7 +2163,6 @@ resource "google_compute_router_nat" "foobar" { func testAccComputeRouterNatWithNat64ConfigurationUpdate(context map[string]interface{}) string { return acctest.Nprintf(` resource "google_dns_policy" "foobar" { - provider = google-beta name = "tf-test-example-policy%{random_suffix}" enable_inbound_forwarding = false enable_logging = false @@ -2185,14 +2178,12 @@ resource "google_dns_policy" "foobar" { } resource "google_compute_network" "foobar" { - provider = google-beta name = "tf-test-network%{random_suffix}" enable_ula_internal_ipv6 = true auto_create_subnetworks = false } resource "google_compute_subnetwork" "foobar" { - provider = google-beta name = "tf-test-subnetwork-%{random_suffix}" network = google_compute_network.foobar.self_link ip_cidr_range = "10.0.0.0/16" @@ -2200,7 +2191,6 @@ resource "google_compute_subnetwork" "foobar" { } resource "google_compute_subnetwork" "foobar2" { - provider = google-beta name = "tf-test-subnetwork-2-%{random_suffix}" network = google_compute_network.foobar.self_link ip_cidr_range = "10.182.0.0/20" @@ -2210,7 +2200,6 @@ resource "google_compute_subnetwork" "foobar2" { } resource "google_compute_router" "foobar" { - provider = google-beta name = "tf-test-router%{random_suffix}" region = google_compute_subnetwork.foobar.region network = google_compute_network.foobar.self_link @@ -2220,7 +2209,6 @@ resource "google_compute_router" "foobar" { } resource "google_compute_router_nat" "foobar" { - provider = google-beta name = "tf-test-router-nat%{random_suffix}" router = google_compute_router.foobar.name region = google_compute_router.foobar.region