gkeCluster added in dns_managed_zone and dns_response_policy

mmv1/products/dns/api.yaml

@@ -184,6 +184,18 @@ objects:
           resources that the zone is visible from.
         send_empty_value: true
         properties:
+          - !ruby/object:Api::Type::Array
+            name: 'gkeClusters'
+            description: 'The list of Google Kubernetes Engine clusters that can see this zone.'
+            item_type: !ruby/object:Api::Type::NestedObject
+              properties:
+                - !ruby/object:Api::Type::String
+                  name: 'gkeClusterName'
+                  description: |
+                    The resource name of the cluster to bind this ManagedZone to.  
+                    This should be specified in the format like  
+                    `projects/*/locations/*/clusters/*`
+                  required: true
           - !ruby/object:Api::Type::Array
             name: 'networks'
             description: 'The list of VPC networks that can see this zone.'
@@ -547,6 +559,18 @@ objects:
               The fully qualified URL of the VPC network to bind to.
               This should be formatted like
               `https://www.googleapis.com/compute/v1/projects/{project}/global/networks/{network}`
+      - !ruby/object:Api::Type::Array
+            name: 'gkeClusters'
+            description: 'The list of Google Kubernetes Engine clusters that can see this zone.'
+            item_type: !ruby/object:Api::Type::NestedObject
+              properties:
+                - !ruby/object:Api::Type::String
+                  name: 'gkeClusterName'
+                  description: |
+                    The resource name of the cluster to bind this ManagedZone to.  
+                    This should be specified in the format like  
+                    `projects/*/locations/*/clusters/*`
+                  required: true
   - !ruby/object:Api::Resource
     name: 'ResponsePolicyRule'
     kind: 'dns#responsePolicyRule'

mmv1/products/dns/terraform.yaml

@@ -53,6 +53,13 @@ overrides: !ruby/object:Overrides::ResourceOverrides
           zone_name: "private-zone"
           network_1_name: "network-1"
           network_2_name: "network-2"
+      - !ruby/object:Provider::Terraform::Examples
+        name: "dns_managed_zone_private_gke"
+        primary_resource_id: "private-zone-gke"
+        vars:
+          zone_name: "private-zone"
+          network_1_name: "network-1"
+          cluster_1_name: "cluster-1"
       - !ruby/object:Provider::Terraform::Examples
         name: "dns_managed_zone_private_peering"
         primary_resource_id: "peering-zone"
@@ -226,14 +233,15 @@ overrides: !ruby/object:Overrides::ResourceOverrides
           response_policy_name: "example-response-policy"
           network_1_name: "network-1"
           network_2_name: "network-2"
+          cluster_1_name: "cluster-1"
     properties:
       id: !ruby/object:Overrides::Terraform::PropertyOverride
         exclude: true
       networks.networkUrl: !ruby/object:Overrides::Terraform::PropertyOverride
         custom_expand: templates/terraform/custom_expand/network_full_url.erb
         diff_suppress_func: 'compareSelfLinkOrResourceName'
     custom_code: !ruby/object:Provider::Terraform::CustomCode
-      pre_delete: templates/terraform/pre_delete/response_policy_detach_network.erb
+      pre_delete: templates/terraform/pre_delete/response_policy_detach_network_gke.erb
   ResponsePolicyRule: !ruby/object:Overrides::Terraform::ResourceOverride
     id_format: 'projects/{{project}}/responsePolicies/{{response_policy}}/rules/{{rule_name}}'
     import_format: ["projects/{{project}}/responsePolicies/{{response_policy}}/rules/{{rule_name}}"]
@@ -245,6 +253,7 @@ overrides: !ruby/object:Overrides::ResourceOverrides
           response_policy_name: "example-response-policy"
           network_1_name: "network-1"
           network_2_name: "network-2"
+          cluster_1_name: "cluster-1"
           response_policy_rule_name: "example-rule"
 # This is for copying files over
 files: !ruby/object:Provider::Config::Files

mmv1/templates/terraform/custom_expand/dns_managed_zone_private_visibility_config.go.erb

@@ -25,6 +25,13 @@ func expand<%= prefix -%><%= titlelize_property(property) -%>(v interface{}, d T
 	original := raw.(map[string]interface{})
 	transformed := make(map[string]interface{})
 
+	transformedGkeClusters, err := expandDNSManagedZonePrivateVisibilityConfigGkeClusters(original["gke_clusters"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedGkeClusters); val.IsValid() && !isEmptyValue(val) {
+		transformed["gkeClusters"] = transformedGkeClusters
+	}
+
 	transformedNetworks, err := expandDNSManagedZonePrivateVisibilityConfigNetworks(original["networks"], d, config)
 	if err != nil {
 		return nil, err
@@ -58,6 +65,28 @@ func expand<%= prefix -%><%= titlelize_property(property) -%>Networks(v interfac
 	return req, nil
 }
 
+func expand<%= prefix -%><%= titlelize_property(property) -%>GkeClusters(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
+	l := v.([]interface{})
+	req := make([]interface{}, 0, len(l))
+	for _, raw := range l {
+		if raw == nil {
+			continue
+		}
+		original := raw.(map[string]interface{})
+		transformed := make(map[string]interface{})
+
+		transformedGkeClusterName, err := expandDNSManagedZonePrivateVisibilityConfigGkeClustersGkeClusterName(original["gke_cluster_name"], d, config)
+		if err != nil {
+			return nil, err
+		} else if val := reflect.ValueOf(transformedGkeClusterName); val.IsValid() && !isEmptyValue(val) {
+			transformed["gkeClusterName"] = transformedGkeClusterName
+		}
+
+		req = append(req, transformed)
+	}
+	return req, nil
+}
+
 func expand<%= prefix -%><%= titlelize_property(property) -%>NetworksNetworkUrl(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
 	if v == nil || v.(string) == "" {
 		return "", nil
@@ -71,3 +100,6 @@ func expand<%= prefix -%><%= titlelize_property(property) -%>NetworksNetworkUrl(
 	return ConvertSelfLinkToV1(url), nil
 }
 
+func expandDNSManagedZonePrivateVisibilityConfigGkeClustersGkeClusterName(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
+	return v, nil
+}

mmv1/templates/terraform/examples/dns_managed_zone_private_gke.tf.erb

@@ -0,0 +1,72 @@
+# [START dns_managed_zone_private_gke]
+resource "google_dns_managed_zone" "<%= ctx[:primary_resource_id] %>" {
+  name        = "<%= ctx[:vars]['zone_name'] %>"
+  dns_name    = "private.example.com."
+  description = "Example private DNS zone"
+  labels = {
+    foo = "bar"
+  }
+
+  visibility = "private"
+
+  private_visibility_config {
+    networks {
+      network_url = google_compute_network.network-1.id
+    }
+    gke_clusters {
+      gke_cluster_name = google_container_cluster.cluster-1.id
+    }
+  }
+}
+
+resource "google_compute_network" "network-1" {
+  name                    = "<%= ctx[:vars]['network_1_name'] %>"
+  auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "subnetwork-1" {
+  name                     = google_compute_network.network-1.name
+  network                  = google_compute_network.network-1.name
+  ip_cidr_range            = "10.0.36.0/24"
+  region                   = "us-central1"
+  private_ip_google_access = true
+
+  secondary_ip_range {
+    range_name    = "pod"
+    ip_cidr_range = "10.0.0.0/19"
+  }
+
+  secondary_ip_range {
+    range_name    = "svc"
+    ip_cidr_range = "10.0.32.0/22"
+  }
+}
+
+resource "google_container_cluster" "cluster-1" {
+  name               = "<%= ctx[:vars]['cluster_1_name'] %>"
+  location           = "us-central1-c"
+  initial_node_count = 1
+
+  networking_mode = "VPC_NATIVE"
+  default_snat_status {
+    disabled = true
+  }
+  network    = google_compute_network.network-1.name
+  subnetwork = google_compute_subnetwork.subnetwork-1.name
+
+  private_cluster_config {
+    enable_private_endpoint = true
+    enable_private_nodes    = true
+    master_ipv4_cidr_block  = "10.42.0.0/28"
+    master_global_access_config {
+      enabled = true
+	}
+  }
+  master_authorized_networks_config {
+  }
+  ip_allocation_policy {
+    cluster_secondary_range_name  = google_compute_subnetwork.subnetwork-1.secondary_ip_range[0].range_name
+    services_secondary_range_name = google_compute_subnetwork.subnetwork-1.secondary_ip_range[1].range_name
+  }
+}
+# [END dns_managed_zone_private_gke]

mmv1/templates/terraform/examples/dns_response_policy_basic.tf.erb

@@ -13,6 +13,56 @@ resource "google_compute_network" "network-2" {
   auto_create_subnetworks = false
 }
 
+resource "google_compute_subnetwork" "subnetwork-1" {
+  provider = google-beta
+
+  name                     = google_compute_network.network-1.name
+  network                  = google_compute_network.network-1.name
+  ip_cidr_range            = "10.0.36.0/24"
+  region                   = "us-central1"
+  private_ip_google_access = true
+
+  secondary_ip_range {
+    range_name    = "pod"
+    ip_cidr_range = "10.0.0.0/19"
+  }
+
+  secondary_ip_range {
+    range_name    = "svc"
+    ip_cidr_range = "10.0.32.0/22"
+  }
+}
+
+resource "google_container_cluster" "cluster-1" {
+  provider = google-beta
+
+  name               = "<%= ctx[:vars]['cluster_1_name'] %>"
+  location           = "us-central1-c"
+  initial_node_count = 1
+
+  networking_mode = "VPC_NATIVE"
+  default_snat_status {
+    disabled = true
+  }
+  network    = google_compute_network.network-1.name
+  subnetwork = google_compute_subnetwork.subnetwork-1.name
+
+  private_cluster_config {
+    enable_private_endpoint = true
+    enable_private_nodes    = true
+    master_ipv4_cidr_block  = "10.42.0.0/28"
+    master_global_access_config {
+      enabled = true
+	}
+  }
+  master_authorized_networks_config {
+  }
+  ip_allocation_policy {
+    cluster_secondary_range_name  = google_compute_subnetwork.subnetwork-1.secondary_ip_range[0].range_name
+    services_secondary_range_name = google_compute_subnetwork.subnetwork-1.secondary_ip_range[1].range_name
+  }
+}
+
 resource "google_dns_response_policy" "<%= ctx[:primary_resource_id] %>" {
   provider = google-beta
 
@@ -24,5 +74,8 @@ resource "google_dns_response_policy" "<%= ctx[:primary_resource_id] %>" {
   networks {
     network_url = google_compute_network.network-2.id
   }
+  gke_clusters {
+	  gke_cluster_name = google_container_cluster.cluster-1.id
+  }
 }
 # [END dns_response_policy_basic]

mmv1/templates/terraform/pre_delete/response_policy_detach_network_gke.erb

@@ -0,0 +1,31 @@
+// if gke clusters are attached, they need to be detached before the response policy can be deleted
+if d.Get("gke_clusters.#").(int) > 0 {
+	patched := make(map[string]interface{})
+	patched["gkeClusters"] = nil
+
+	url, err := replaceVars(d, config, "{{DNSBasePath}}projects/{{project}}/responsePolicies/{{response_policy_name}}")
+	if err != nil {
+		return err
+	}
+
+	_, err = sendRequestWithTimeout(config, "PATCH", project, url, userAgent, patched, d.Timeout(schema.TimeoutUpdate)<%= object.error_retry_predicates ? ", " + object.error_retry_predicates.join(',') : "" -%>)
+	if err != nil {
+		return fmt.Errorf("Error updating Policy %q: %s", d.Id(), err)
+	}
+}
+
+// if networks are attached, they need to be detached before the response policy can be deleted
+if d.Get("networks.#").(int) > 0 {
+	patched := make(map[string]interface{})
+	patched["networks"] = nil
+
+	url, err := replaceVars(d, config, "{{DNSBasePath}}projects/{{project}}/responsePolicies/{{response_policy_name}}")
+	if err != nil {
+		return err
+	}
+
+	_, err = sendRequestWithTimeout(config, "PATCH", project, url, userAgent, patched, d.Timeout(schema.TimeoutUpdate)<%= object.error_retry_predicates ? ", " + object.error_retry_predicates.join(',') : "" -%>)
+	if err != nil {
+		return fmt.Errorf("Error updating Policy %q: %s", d.Id(), err)
+	}
+}

mmv1/third_party/terraform/tests/resource_dns_managed_zone_test.go.erb

@@ -390,6 +390,9 @@ resource "google_dns_managed_zone" "private" {
     networks {
       network_url = google_compute_network.%s.self_link
     }
+    gke_clusters {
+		gke_cluster_name = google_container_cluster.cluster-1.id
+	}
   }
 }
 
@@ -407,7 +410,53 @@ resource "google_compute_network" "network-3" {
   name                    = "tf-test-network-3-%s"
   auto_create_subnetworks = false
 }
-`, suffix, first_network, second_network, suffix, suffix, suffix)
+
+resource "google_compute_subnetwork" "subnetwork-1" {
+  name                     = google_compute_network.network-1.name
+  network                  = google_compute_network.network-1.name
+  ip_cidr_range            = "10.0.36.0/24"
+  region                   = "us-central1"
+  private_ip_google_access = true
+
+  secondary_ip_range {
+    range_name    = "pod"
+    ip_cidr_range = "10.0.0.0/19"
+  }
+
+  secondary_ip_range {
+    range_name    = "svc"
+    ip_cidr_range = "10.0.32.0/22"
+  }
+}
+
+resource "google_container_cluster" "cluster-1" {
+  name               = "tf-test-cluster-1-%s"
+  location           = "us-central1-c"
+  initial_node_count = 1
+
+  networking_mode = "VPC_NATIVE"
+  default_snat_status {
+    disabled = true
+  }
+  network    = google_compute_network.network-1.name
+  subnetwork = google_compute_subnetwork.subnetwork-1.name
+
+  private_cluster_config {
+    enable_private_endpoint = true
+    enable_private_nodes    = true
+    master_ipv4_cidr_block  = "10.42.0.0/28"
+    master_global_access_config {
+      enabled = true
+	}
+  }
+  master_authorized_networks_config {
+  }
+  ip_allocation_policy {
+    cluster_secondary_range_name  = google_compute_subnetwork.subnetwork-1.secondary_ip_range[0].range_name
+    services_secondary_range_name = google_compute_subnetwork.subnetwork-1.secondary_ip_range[1].range_name
+  }
+}
+`, suffix, first_network, second_network, suffix, suffix, suffix, suffix)
 }
 
 func testAccDnsManagedZone_privateForwardingUpdate(suffix, first_nameserver, second_nameserver, first_forwarding_path, second_forwarding_path string) string {