Add support to create NCC Gateway Spoke

mmv1/products/compute/Router.yaml

@@ -46,7 +46,7 @@
   - 'resourceComputeRouterCustomDiff'
 sweeper:
   prefixes:
     - "swg-autogen-router" # Secure Web Proxy(SWP) auto-generated router prefix.
   url_substitutions:
     - region: "us-central1"
     - region: "us-east1"
@@ -74,6 +74,14 @@
     exclude_docs: true
     ignore_read_extra:
       - 'advertisedIpRanges'
+  - name: 'router_ncc_gw'
+    min_version: beta
+    primary_resource_id: 'foobar'
+    vars:
+      router_name: 'my-router'
+      network_name: 'net-spoke'
+      hub_name: 'hub'
+      ncc_gw_name: 'my-ncc-gw'
 parameters:
   - name: 'region'
     type: ResourceRef
@@ -112,9 +120,8 @@
     type: ResourceRef
     description: |
       A reference to the network to which this router belongs.
-    required: true
     immutable: true
   # TODO: Figure out the story for interfaces/bgpPeers. Right
   # now in Terraform we have three separate resources: router,
   # router_interface, and router_peer. Decide whether we want to keep that
   # pattern for the other providers, keep it unique for Terraform, or add
@@ -124,6 +131,8 @@
     custom_expand: 'templates/terraform/custom_expand/resourceref_with_validation.go.tmpl'
     resource: 'Network'
     imports: 'selfLink'
+    conflicts:
+      - nccGateway
   - name: 'bgp'
     type: NestedObject
     description: |
@@ -159,7 +168,7 @@
 
           This enum field has the one valid value: ALL_SUBNETS
         send_empty_value: true
  # TODO: #324 enum?
         item_type:
           type: String
       - name: 'advertisedIpRanges'
@@ -233,6 +242,16 @@
         description: |
           Value of the key used for MD5 authentication.
         required: true
+  - name: 'nccGateway'
+    type: ResourceRef
+    description: |
+      A URI of an NCC Gateway spoke
+    min_version: 'beta'
+    immutable: true
+    resource: 'Spoke'
+    custom_expand: 'templates/terraform/custom_expand/self_link_from_name_network_connectivity.tmpl'
+    conflicts:
+      - network
   - name: 'params'
     type: NestedObject
     min_version: 'beta'

mmv1/products/networkconnectivity/Hub.yaml

@@ -112,6 +112,7 @@ properties:
     enum_values:
       - 'MESH'
       - 'STAR'
+      - 'HYBRID_INSPECTION'
     default_from_api: true
   - name: 'policyMode'
     type: Enum

mmv1/products/networkconnectivity/Spoke.yaml

@@ -17,7 +17,7 @@
 references:
   guides:
     'Official Documentation': 'https://cloud.google.com/network-connectivity/docs/network-connectivity-center/concepts/overview'
-  api: 'https://cloud.google.com/network-connectivity/docs/reference/networkconnectivity/rest/v1beta/projects.locations.spokes'
+  api: 'https://cloud.google.com/network-connectivity/docs/reference/networkconnectivity/rest/v1/projects.locations.spokes'
 docs:
 base_url: 'projects/{{project}}/locations/{{location}}/spokes'
 self_link: 'projects/{{project}}/locations/{{location}}/spokes/{{name}}'
@@ -79,7 +79,7 @@
       hub_name: 'basic-hub1'
       vpn_tunnel_1_spoke_name: 'vpn-tunnel-1-spoke'
       vpn_tunnel_2_spoke_name: 'vpn-tunnel-2-spoke'
  # Skip due to multiple fine-grained resources
     skip_vcr: true
   - name: 'network_connectivity_spoke_interconnect_attachment_basic'
     primary_resource_id: 'primary'
@@ -110,6 +110,13 @@
       network_name: 'net'
       hub_name: 'hub1'
       spoke_name: 'spoke1-ipv6'
+  - name: 'network_connectivity_spoke_gateway'
+    primary_resource_id: 'primary'
+    min_version: beta
+    vars:
+      network_name: 'net-spoke'
+      hub_name: 'hub'
+      spoke_name: 'gateway'
 parameters:
   - name: 'location'
     type: String
@@ -148,6 +155,7 @@
   - name: 'group'
     type: String
     description: The name of the group that this spoke is associated with.
+    diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName'
     immutable: true
     default_from_api: true
   - name: 'linkedVpnTunnels'
@@ -158,6 +166,7 @@
       - linked_router_appliance_instances
       - linked_vpc_network
       - linked_producer_vpc_network
+      - gateway
     update_mask_fields:
       - 'linkedVpnTunnels.includeImportRanges'
     properties:
@@ -188,6 +197,7 @@
       - linked_router_appliance_instances
       - linked_vpc_network
       - linked_producer_vpc_network
+      - gateway
     update_mask_fields:
       - 'linkedInterconnectAttachments.includeImportRanges'
     properties:
@@ -218,6 +228,7 @@
       - linked_vpn_tunnels
       - linked_vpc_network
       - linked_producer_vpc_network
+      - gateway
     update_mask_fields:
       - 'linkedRouterApplianceInstances.instances'
       - 'linkedRouterApplianceInstances.includeImportRanges'
@@ -259,6 +270,7 @@
       - linked_router_appliance_instances
       - linked_vpn_tunnels
       - linked_producer_vpc_network
+      - gateway
     update_mask_fields:
       - 'linkedVpcNetwork.excludeExportRanges'
       - 'linkedVpcNetwork.includeExportRanges'
@@ -288,6 +300,7 @@
       - linked_router_appliance_instances
       - linked_vpn_tunnels
       - linked_vpc_network
+      - gateway
     properties:
       - name: network
         type: String
@@ -315,6 +328,47 @@
         description: IP ranges encompassing the subnets to be excluded from peering.
         item_type:
           type: String
+  - name: gateway
+    type: NestedObject
+    description: This is a gateway that can apply specialized processing to traffic going through it.
+    immutable: true
+    min_version: beta
+    conflicts:
+      - linked_interconnect_attachments
+      - linked_router_appliance_instances
+      - linked_vpn_tunnels
+      - linked_vpc_network
+      - linkedProducerVpcNetwork
+    properties:
+      - name: ipRangeReservations
+        type: Array
+        description: A list of IP ranges that are reserved for this gateway's internal infrastructure.
+        required: true
+        immutable: true
+        item_type:
+          type: NestedObject
+          properties:
+            - name: ipRange
+              type: String
+              description: A block of IP address ranges used to allocate supporting infrastructure for this gateway—for example, 10.1.2.0/23. The IP address block must be a /23 range. This IP address block must not overlap with subnets in any spoke or peer network that the gateway can communicate with.
+              required: true
+              immutable: true
+      - name: capacity
+        type: Enum
+        description: the capacity of the gateway spoke, in Gbps.
+        required: true
+        enum_values:
+          - 'CAPACITY_1_GBPS'
+          - 'CAPACITY_10_GBPS'
+          - 'CAPACITY_100_GBPS'
+      - name: routers
+        type: Array
+        description: Set of Cloud Routers that are attached to this NCC-GW
+        min_version: beta
+        item_type:
+          type: String
+          description: Cloud Router that is attached to the NCC-GW
+        output: true
   - name: 'uniqueId'
     type: String
     description: Output only. The Google-generated UUID for the spoke. This value is unique across all spoke resources. If a spoke is deleted and another with the same name is created, the new spoke is assigned a different unique_id.

mmv1/products/networkconnectivity/product.yaml

@@ -17,5 +17,7 @@ display_name: 'Network Connectivity'
 versions:
   - name: 'ga'
     base_url: 'https://networkconnectivity.googleapis.com/v1/'
+  - name: 'beta'
+    base_url: 'https://networkconnectivity.googleapis.com/v1beta/'
 scopes:
   - 'https://www.googleapis.com/auth/cloud-platform'

mmv1/products/networkconnectivityv1/product.yaml

@@ -0,0 +1,22 @@
+# Copyright 2024 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+name: 'NetworkConnectivityv1'
+legacy_name: 'network_connectivity'
+display_name: 'Network Connectivity'
+versions:
+  - name: 'ga'
+    base_url: 'https://networkconnectivity.googleapis.com/v1/'
+scopes:
+  - 'https://www.googleapis.com/auth/cloud-platform'

mmv1/templates/terraform/custom_expand/self_link_from_name_network_connectivity.tmpl

@@ -0,0 +1,30 @@
+{{/*
+	The license inside this block applies to this file
+	Copyright 2024 Google Inc.
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+*/ -}}
+func expand{{$.GetPrefix}}{{$.TitlelizeProperty}}(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+  // This method returns a full self link from a partial self link.
+  if v == nil || v.(string) == "" {
+    // It does not try to construct anything from empty.
+    return "", nil
+  } else if strings.HasPrefix(v.(string), "https://") {
+    // Anything that starts with a URL scheme is assumed to be a self link worth using.
+    return v, nil
+  }
+  // Anything else is assumed to be a regional resource, with a partial link that begins with the resource name.
+  // This isn't very likely - it's a last-ditch effort to extract something useful here.  We can do a better job
+  // as soon as MultiResourceRefs are working since we'll know the types that this field is supposed to point to.
+  url, err := tpgresource.ReplaceVars(d, config, "{{"{{"}}NetworkConnectivityBasePath{{"}}"}}")
+  if err != nil {
+    return nil, err
+  }
+  return url + v.(string), nil
+}

mmv1/templates/terraform/examples/network_connectivity_spoke_gateway.tf.tmpl

@@ -0,0 +1,41 @@
+resource "google_compute_network" "network" {
+  provider = google-beta
+  name        = "{{index $.Vars "network_name"}}"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "subnetwork" {
+  provider = google-beta
+  name          = "tf-test-subnet%{random_suffix}"
+  ip_cidr_range = "10.0.0.0/28"
+  region        = "us-central1"
+  network       = google_compute_network.network.self_link
+}
+
+resource "google_network_connectivity_hub" "basic_hub" {
+  provider = google-beta
+  name        = "{{index $.Vars "hub_name"}}"
+  description = "A sample hub"
+  labels = {
+    label-two = "value-one"
+  }
+  preset_topology = "HYBRID_INSPECTION"
+}
+
+resource "google_network_connectivity_spoke" "primary" {
+  provider = google-beta
+  name        = "{{index $.Vars "spoke_name"}}"
+  location = "us-central1"
+  description = "A sample spoke of type Gateway"
+  labels = {
+    label-one = "value-one"
+  }
+  hub =  google_network_connectivity_hub.basic_hub.id
+  gateway {
+    ip_range_reservations {
+      ip_range = "10.0.0.0/23"
+    }
+    capacity = "CAPACITY_1_GBPS"
+  }
+  group = "gateways"
+}

mmv1/templates/terraform/examples/router_ncc_gw.tf.tmpl

@@ -0,0 +1,59 @@
+resource "google_compute_network" "network" {
+  provider = google-beta
+  name        = "{{index $.Vars "network_name"}}"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "subnetwork" {
+  provider = google-beta
+  name          = "tf-test-subnet%{random_suffix}"
+  ip_cidr_range = "10.0.0.0/28"
+  region        = "us-central1"
+  network       = google_compute_network.network.self_link
+}
+
+resource "google_network_connectivity_hub" "basic_hub" {
+  provider = google-beta
+  name        = "{{index $.Vars "hub_name"}}"
+  description = "A sample hub"
+  labels = {
+    label-two = "value-one"
+  }
+  preset_topology = "HYBRID_INSPECTION"
+}
+
+resource "google_network_connectivity_spoke" "primary" {
+  provider = google-beta
+  name        = "{{index $.Vars "ncc_gw_name"}}"
+  location = "us-central1"
+  description = "A sample spoke of type Gateway"
+  labels = {
+    label-one = "value-one"
+  }
+  hub =  google_network_connectivity_hub.basic_hub.id
+  gateway {
+    ip_range_reservations {
+      ip_range = "10.0.0.0/23"
+    }
+    capacity = "CAPACITY_1_GBPS"
+  }
+  group = "gateways"
+}
+
+
+resource "google_compute_router" "foobar" {
+  provider = google-beta
+  name    = "{{index $.Vars "router_name"}}"
+  bgp {
+    asn               = 64514
+    advertise_mode    = "CUSTOM"
+    advertised_groups = ["ALL_SUBNETS"]
+    advertised_ip_ranges {
+      range = "1.2.3.4"
+    }
+    advertised_ip_ranges {
+      range = "6.7.0.0/16"
+    }
+  }
+  ncc_gateway = google_network_connectivity_spoke.primary.id
+}

mmv1/third_party/terraform/.teamcity/components/inputs/services_beta.kt

@@ -591,6 +591,11 @@ var ServicesListBeta = mapOf(
         "displayName" to "Networkconnectivity",
         "path" to "./google-beta/services/networkconnectivity"
     ),
+    "networkconnectivityv1" to mapOf(
+        "name" to "networkconnectivityv1",
+        "displayName" to "Networkconnectivityv1",
+        "path" to "./google-beta/services/networkconnectivityv1"
+    ),
     "networkmanagement" to mapOf(
         "name" to "networkmanagement",
         "displayName" to "Networkmanagement",

mmv1/third_party/terraform/.teamcity/components/inputs/services_ga.kt

@@ -586,6 +586,11 @@ var ServicesListGa = mapOf(
         "displayName" to "Networkconnectivity",
         "path" to "./google/services/networkconnectivity"
     ),
+    "networkconnectivityv1" to mapOf(
+        "name" to "networkconnectivityv1",
+        "displayName" to "Networkconnectivityv1",
+        "path" to "./google/services/networkconnectivityv1"
+    ),
     "networkmanagement" to mapOf(
         "name" to "networkmanagement",
         "displayName" to "Networkmanagement",