Add support for instance_ip_mode to appengine flexible in beta (#10326)

Co-authored-by: Riley Karson <rileykarson@google.com>
GoogleCloudPlatform · May 16, 2024 · 4b33dad · 4b33dad
1 parent aaedc62
commit 4b33dad
Show file tree

Hide file tree

Showing 8 changed files with 161 additions and 48 deletions.
diff --git a/mmv1/products/appengine/DomainMapping.yaml b/mmv1/products/appengine/DomainMapping.yaml
@@ -47,8 +47,10 @@ examples:
   - !ruby/object:Provider::Terraform::Examples
     name: 'app_engine_domain_mapping_basic'
     primary_resource_id: 'domain_mapping'
+    ignore_read_extra:
+      - 'ssl_settings.0.ssl_management_type'
 custom_code: !ruby/object:Provider::Terraform::CustomCode
-  constants: templates/terraform/constants/domain_mapping.erb
+  decoder: templates/terraform/decoders/app_engine_domain_mapping.go.erb
 parameters:
   - !ruby/object:Api::Type::Enum
     name: 'overrideStrategy'
@@ -78,7 +80,7 @@ properties:
     name: 'sslSettings'
     description: |
       SSL configuration for this domain. If unconfigured, this domain will not serve with SSL.
-    diff_suppress_func: 'sslSettingsDiffSuppress'
+    default_from_api: true
     update_mask_fields:
       - 'ssl_settings.certificate_id'
       - 'ssl_settings.ssl_management_type'

diff --git a/mmv1/products/appengine/FlexibleAppVersion.yaml b/mmv1/products/appengine/FlexibleAppVersion.yaml
@@ -139,6 +139,14 @@ properties:
         description: |
           List of ports, or port pairs, to forward from the virtual machine to the application container.
         item_type: Api::Type::String
+      - !ruby/object:Api::Type::Enum
+        name: 'instanceIpMode'
+        description: |
+          Prevent instances from receiving an ephemeral external IP address.
+        min_version: beta
+        values:
+          - :EXTERNAL
+          - :INTERNAL
       - !ruby/object:Api::Type::String
         name: 'instanceTag'
         description: |

diff --git a/mmv1/products/appengine/product.yaml b/mmv1/products/appengine/product.yaml
@@ -18,5 +18,8 @@ versions:
   - !ruby/object:Api::Product::Version
     name: ga
     base_url: https://appengine.googleapis.com/v1/
+  - !ruby/object:Api::Product::Version
+    name: beta
+    base_url: https://appengine.googleapis.com/v1beta/
 scopes:
   - https://www.googleapis.com/auth/cloud-platform
diff --git a/mmv1/templates/terraform/constants/domain_mapping.erb b/mmv1/templates/terraform/constants/domain_mapping.erb
diff --git a/mmv1/templates/terraform/constants/go/domain_mapping.tmpl b/mmv1/templates/terraform/constants/go/domain_mapping.tmpl
diff --git a/mmv1/templates/terraform/decoders/app_engine_domain_mapping.go.erb b/mmv1/templates/terraform/decoders/app_engine_domain_mapping.go.erb
@@ -0,0 +1,18 @@
+// sslManagementType does not get returned with the beta endpoint. Hence, if sslSettings is set
+// and sslManagementType is set, we return that value. Otherwise, we carry over the old value
+// from state by calling d.Get("ssl_settings.0.ssl_management_type")
+if v, ok := res["sslSettings"]; ok {
+  original := v.(map[string]interface{})
+  if _, ok := original["sslManagementType"]; !ok {
+      original["sslManagementType"] = d.Get("ssl_settings.0.ssl_management_type")
+  }
+  res["sslSettings"] = original
+} else {
+  // If ssl_settings is not set, we call d.Get("ssl_settings.0.ssl_management_type"), create sslSettings,
+  // and store the retrieved value in sslManagementType
+  transformed := make(map[string]interface{})
+  transformed["sslManagementType"] = d.Get("ssl_settings.0.ssl_management_type")
+  res["sslSettings"] = transformed
+}
+
+return res, nil
diff --git a/mmv1/third_party/terraform/services/appengine/resource_app_engine_domain_mapping_test.go b/mmv1/third_party/terraform/services/appengine/resource_app_engine_domain_mapping_test.go
@@ -25,7 +25,7 @@ func TestAccAppEngineDomainMapping_update(t *testing.T) {
 				ResourceName:            "google_app_engine_domain_mapping.domain_mapping",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"override_strategy"},
+				ImportStateVerifyIgnore: []string{"override_strategy", "ssl_settings.0.ssl_management_type"},
 			},
 			{
 				Config: testAccAppEngineDomainMapping_update(domainName),
@@ -34,7 +34,7 @@ func TestAccAppEngineDomainMapping_update(t *testing.T) {
 				ResourceName:            "google_app_engine_domain_mapping.domain_mapping",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"override_strategy"},
+				ImportStateVerifyIgnore: []string{"override_strategy", "ssl_settings.0.ssl_management_type"},
 			},
 		},
 	})

diff --git a/...third_party/terraform/services/appengine/resource_app_engine_flexible_app_version_test.go b/...third_party/terraform/services/appengine/resource_app_engine_flexible_app_version_test.go
@@ -38,7 +38,7 @@ func TestAccAppEngineFlexibleAppVersion_update(t *testing.T) {
 				ResourceName:            "google_app_engine_flexible_app_version.foo",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"env_variables", "deployment", "entrypoint", "service", "noop_on_destroy"},
+				ImportStateVerifyIgnore: []string{"env_variables", "deployment", "entrypoint", "service", "delete_service_on_destroy"},
 			},
 		},
 	})
@@ -53,28 +53,79 @@ resource "google_project" "my_project" {
   billing_account = "%{billing_account}"
 }
 
-resource "google_app_engine_application" "app" {
-  project     = google_project.my_project.project_id
-  location_id = "us-central"
+resource "google_project_service" "compute" {
+  project = google_project.my_project.project_id
+  service = "compute.googleapis.com"
+
+  disable_dependent_services = false
 }
 
-resource "google_project_service" "project" {
+resource "google_project_service" "appengineflex" {
   project = google_project.my_project.project_id
   service = "appengineflex.googleapis.com"
 
   disable_dependent_services = false
 }
 
+resource "google_compute_network" "network" {
+  project                 = google_project_service.compute.project
+  name                    = "custom"
+  auto_create_subnetworks = "false"
+}
+
+resource "google_compute_subnetwork" "subnetwork" {
+  project                  = google_project_service.compute.project
+  name                     = "custom"
+  region                   = "us-central1"
+  network                  = google_compute_network.network.id
+  ip_cidr_range            = "10.0.0.0/16"
+  private_ip_google_access = true
+}
+
+resource "google_app_engine_application" "app" {
+  project     = google_project.my_project.project_id
+  location_id = "us-central"
+}
+
 resource "google_project_iam_member" "gae_api" {
-  project = google_project_service.project.project
+  project = google_project_service.appengineflex.project
   role    = "roles/compute.networkUser"
   member  = "serviceAccount:service-${google_project.my_project.number}@gae-api-prod.google.com.iam.gserviceaccount.com"
 }
 
-resource "google_app_engine_flexible_app_version" "foo" {
+resource "google_app_engine_standard_app_version" "foo" {
   project    = google_project_iam_member.gae_api.project
   version_id = "v1"
   service    = "default"
+  runtime    = "python38"
+
+  entrypoint {
+    shell = "gunicorn -b :$PORT main:app"
+  }
+
+  deployment {
+    files {
+      name = "main.py"
+      source_url = "https://storage.googleapis.com/${google_storage_bucket.bucket.name}/${google_storage_bucket_object.main.name}"
+    }
+
+    files {
+      name = "requirements.txt"
+      source_url = "https://storage.googleapis.com/${google_storage_bucket.bucket.name}/${google_storage_bucket_object.requirements.name}"
+    }
+  }
+
+  env_variables = {
+    port = "8000"
+  }
+
+  noop_on_destroy = true
+}
+
+resource "google_app_engine_flexible_app_version" "foo" {
+  project    = google_project_iam_member.gae_api.project
+  version_id = "v1"
+  service    = "custom"
   runtime    = "python"
 
   runtime_api_version = "1"
@@ -119,8 +170,9 @@ resource "google_app_engine_flexible_app_version" "foo" {
   }
 
   network {
-    name       = "default"
-    subnetwork = "default"
+    name             = google_compute_network.network.name
+    subnetwork       = google_compute_subnetwork.subnetwork.name
+    instance_ip_mode = "EXTERNAL"
   }
 
   instance_class = "B1"
@@ -130,6 +182,8 @@ resource "google_app_engine_flexible_app_version" "foo" {
   }
 
   noop_on_destroy = true
+
+  depends_on = [google_app_engine_standard_app_version.foo]
 }
 
 resource "google_storage_bucket" "bucket" {
@@ -166,28 +220,79 @@ resource "google_project" "my_project" {
   billing_account = "%{billing_account}"
 }
 
-resource "google_app_engine_application" "app" {
-  project     = google_project.my_project.project_id
-  location_id = "us-central"
+resource "google_project_service" "compute" {
+  project = google_project.my_project.project_id
+  service = "compute.googleapis.com"
+
+  disable_dependent_services = false
 }
 
-resource "google_project_service" "project" {
+resource "google_project_service" "appengineflex" {
   project = google_project.my_project.project_id
   service = "appengineflex.googleapis.com"
 
   disable_dependent_services = false
 }
 
+resource "google_compute_network" "network" {
+  project                 = google_project_service.compute.project
+  name                    = "custom"
+  auto_create_subnetworks = "false"
+}
+
+resource "google_compute_subnetwork" "subnetwork" {
+  project                  = google_project_service.compute.project
+  name                     = "custom"
+  region                   = "us-central1"
+  network                  = google_compute_network.network.id
+  ip_cidr_range            = "10.0.0.0/16"
+  private_ip_google_access = true
+}
+
+resource "google_app_engine_application" "app" {
+  project     = google_project.my_project.project_id
+  location_id = "us-central"
+}
+
 resource "google_project_iam_member" "gae_api" {
-  project = google_project_service.project.project
+  project = google_project_service.appengineflex.project
   role    = "roles/compute.networkUser"
   member  = "serviceAccount:service-${google_project.my_project.number}@gae-api-prod.google.com.iam.gserviceaccount.com"
 }
 
-resource "google_app_engine_flexible_app_version" "foo" {
+resource "google_app_engine_standard_app_version" "foo" {
   project    = google_project_iam_member.gae_api.project
   version_id = "v1"
   service    = "default"
+  runtime    = "python38"
+
+  entrypoint {
+    shell = "gunicorn -b :$PORT main:app"
+  }
+
+  deployment {
+    files {
+      name = "main.py"
+      source_url = "https://storage.googleapis.com/${google_storage_bucket.bucket.name}/${google_storage_bucket_object.main.name}"
+    }
+
+    files {
+      name = "requirements.txt"
+      source_url = "https://storage.googleapis.com/${google_storage_bucket.bucket.name}/${google_storage_bucket_object.requirements.name}"
+    }
+  }
+
+  env_variables = {
+    port = "8000"
+  }
+
+  noop_on_destroy = true
+}
+
+resource "google_app_engine_flexible_app_version" "foo" {
+  project    = google_project_iam_member.gae_api.project
+  version_id = "v1"
+  service    = "custom"
   runtime    = "python"
 
   runtime_api_version = "1"
@@ -232,8 +337,9 @@ resource "google_app_engine_flexible_app_version" "foo" {
   }
 
   network {
-    name       = "default"
-    subnetwork = "default"
+    name             = google_compute_network.network.name
+    subnetwork       = google_compute_subnetwork.subnetwork.name
+    instance_ip_mode = "INTERNAL"
   }
 
   instance_class = "B2"
@@ -242,7 +348,9 @@ resource "google_app_engine_flexible_app_version" "foo" {
     instances = 2
   }
 
-  noop_on_destroy = true
+  delete_service_on_destroy = true
+  
+  depends_on = [google_app_engine_standard_app_version.foo]
 }
 
 resource "google_storage_bucket" "bucket" {