Add Support for CSI

[modular-magician]

compute: added `wire_groups` field to `google_compute_interconnect` resource (beta)

compute: added `CROSS_SITE_NETWORK` enum option to `requested_features` field in `google_compute_interconnect` resource

subcategory: "Compute Engine"
description: |-
Represents an Interconnect resource.

google_compute_interconnect

Represents an Interconnect resource. The Interconnect resource is a dedicated connection between
Google's network and your on-premises network.

To get more information about Interconnect, see:

• API documentation
• How-to Guides
  • Create a Dedicated Interconnect

Example Usage - Compute Interconnect Basic

data "google_project" "project" {}

resource "google_compute_interconnect" "example-interconnect" {
  name                 = "example-interconnect"
  customer_name        = "example_customer"
  interconnect_type    = "DEDICATED"
  link_type            = "LINK_TYPE_ETHERNET_10G_LR"
  location             = "https://www.googleapis.com/compute/v1/${data.google_project.project.id}/global/interconnectLocations/iad-zone1-1"
  requested_link_count = 1
}

Argument Reference

The following arguments are supported:

• name -
  (Required)
  Name of the resource. Provided by the client when the resource is created. The name must be
  1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters
  long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first
  character must be a lowercase letter, and all following characters must be a dash,
  lowercase letter, or digit, except the last character, which cannot be a dash.

• location -
  (Required)
  URL of the InterconnectLocation object that represents where this connection is to be provisioned.
  Specifies the location inside Google's Networks.

• link_type -
  (Required)
  Type of link requested. Note that this field indicates the speed of each of the links in the
  bundle, not the speed of the entire bundle. Can take one of the following values:

  • LINK_TYPE_ETHERNET_10G_LR: A 10G Ethernet with LR optics.
  • LINK_TYPE_ETHERNET_100G_LR: A 100G Ethernet with LR optics.
  • LINK_TYPE_ETHERNET_400G_LR4: A 400G Ethernet with LR4 optics
    Possible values are: LINK_TYPE_ETHERNET_10G_LR, LINK_TYPE_ETHERNET_100G_LR, LINK_TYPE_ETHERNET_400G_LR4.

• requested_link_count -
  (Required)
  Target number of physical links in the link bundle, as requested by the customer.

• interconnect_type -
  (Required)
  Type of interconnect. Note that a value IT_PRIVATE has been deprecated in favor of DEDICATED.
  Can take one of the following values:

  • PARTNER: A partner-managed interconnection shared between customers though a partner.
  • DEDICATED: A dedicated physical interconnection with the customer.
    Possible values are: DEDICATED, PARTNER, IT_PRIVATE.

---

• description -
  (Optional)
  An optional description of this resource. Provide this property when you create the resource.

• admin_enabled -
  (Optional)
  Administrative status of the interconnect. When this is set to true, the Interconnect is
  functional and can carry traffic. When set to false, no packets can be carried over the
  interconnect and no BGP routes are exchanged over it. By default, the status is set to true.

• noc_contact_email -
  (Optional)
  Email address to contact the customer NOC for operations and maintenance notifications
  regarding this Interconnect. If specified, this will be used for notifications in addition to
  all other forms described, such as Cloud Monitoring logs alerting and Cloud Notifications.
  This field is required for users who sign up for Cloud Interconnect using workforce identity
  federation.

• customer_name -
  (Optional)
  Customer name, to put in the Letter of Authorization as the party authorized to request a
  crossconnect. This field is required for Dedicated and Partner Interconnect, should not be specified
  for cross-cloud interconnect.

• labels -
  (Optional)
  Labels for this resource. These can only be added or modified by the setLabels
  method. Each label key/value pair must comply with RFC1035. Label values may be empty.

  Note: This field is non-authoritative, and will only manage the labels present in your configuration.
  Please refer to the field effective_labels for all of the labels present on the resource.

• macsec -
  (Optional)
  Configuration that enables Media Access Control security (MACsec) on the Cloud
  Interconnect connection between Google and your on-premises router.
  Structure is documented below.

• macsec_enabled -
  (Optional)
  Enable or disable MACsec on this Interconnect connection.
  MACsec enablement fails if the MACsec object is not specified.

• remote_location -
  (Optional)
  Indicates that this is a Cross-Cloud Interconnect. This field specifies the location outside
  of Google's network that the interconnect is connected to.

• requested_features -
  (Optional)
  interconnects.list of features requested for this Interconnect connection. Options: IF_MACSEC (
  If specified then the connection is created on MACsec capable hardware ports. If not
  specified, the default value is false, which allocates non-MACsec capable ports first if
  available). Note that MACSEC is still technically allowed for compatibility reasons, but it
  does not work with the API, and will be removed in an upcoming major version.
  Each value may be one of: MACSEC, CROSS_SITE_NETWORK, IF_MACSEC.

• project - (Optional) The ID of the project in which the resource belongs.
  If it is not provided, the provider project is used.

The macsec block supports:

• pre_shared_keys -
  (Required)
  A keychain placeholder describing a set of named key objects along with their
  start times. A MACsec CKN/CAK is generated for each key in the key chain.
  Google router automatically picks the key with the most recent startTime when establishing
  or re-establishing a MACsec secure link.
  Structure is documented below.

• fail_open -
  (Optional)
  If set to true, the Interconnect connection is configured with a should-secure
  MACsec security policy, that allows the Google router to fallback to cleartext
  traffic if the MKA session cannot be established. By default, the Interconnect
  connection is configured with a must-secure security policy that drops all traffic
  if the MKA session cannot be established with your router.

The pre_shared_keys block supports:

• name -
  (Required)
  A name for this pre-shared key. The name must be 1-63 characters long, and
  comply with RFC1035. Specifically, the name must be 1-63 characters long and match
  the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character
  must be a lowercase letter, and all following characters must be a dash, lowercase
  letter, or digit, except the last character, which cannot be a dash.

• start_time -
  (Optional)
  A RFC3339 timestamp on or after which the key is valid. startTime can be in the
  future. If the keychain has a single key, startTime can be omitted. If the keychain
  has multiple keys, startTime is mandatory for each key. The start times of keys must
  be in increasing order. The start times of two consecutive keys must be at least 6
  hours apart.

• fail_open -
  (Optional, Deprecated)
  If set to true, the Interconnect connection is configured with a should-secure
  MACsec security policy, that allows the Google router to fallback to cleartext
  traffic if the MKA session cannot be established. By default, the Interconnect
  connection is configured with a must-secure security policy that drops all traffic
  if the MKA session cannot be established with your router.

  ~> Warning: failOpen is deprecated and will be removed in a future major release. Use other failOpen instead.

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

• id - an identifier for the resource with format projects/{{project}}/global/interconnects/{{name}}

• creation_timestamp -
  Creation timestamp in RFC3339 text format.

• operational_status -
  The current status of this Interconnect's functionality, which can take one of the following:

  • OS_ACTIVE: A valid Interconnect, which is turned up and is ready to use. Attachments may
    be provisioned on this Interconnect.
  • OS_UNPROVISIONED: An Interconnect that has not completed turnup. No attachments may be
    provisioned on this Interconnect.
  • OS_UNDER_MAINTENANCE: An Interconnect that is undergoing internal maintenance. No
    attachments may be provisioned or updated on this Interconnect.

• provisioned_link_count -
  Number of links actually provisioned in this interconnect.

• interconnect_attachments -
  A list of the URLs of all InterconnectAttachments configured to use this Interconnect.

• peer_ip_address -
  IP address configured on the customer side of the Interconnect link.
  The customer should configure this IP address during turnup when prompted by Google NOC.
  This can be used only for ping tests.

• google_ip_address -
  IP address configured on the Google side of the Interconnect link.
  This can be used only for ping tests.

• google_reference_id -
  Google reference ID to be used when raising support tickets with Google or otherwise to debug
  backend connectivity issues.

• expected_outages -
  A list of outages expected for this Interconnect.
  Structure is documented below.

• circuit_infos -
  A list of CircuitInfo objects, that describe the individual circuits in this LAG.
  Structure is documented below.

• label_fingerprint -
  A fingerprint for the labels being applied to this Interconnect, which is essentially a hash
  of the labels set used for optimistic locking. The fingerprint is initially generated by
  Compute Engine and changes after every request to modify or update labels.
  You must always provide an up-to-date fingerprint hash in order to update or change labels,
  otherwise the request will fail with error 412 conditionNotMet.

• state -
  The current state of Interconnect functionality, which can take one of the following values:

  • ACTIVE: The Interconnect is valid, turned up and ready to use.
    Attachments may be provisioned on this Interconnect.
  • UNPROVISIONED: The Interconnect has not completed turnup. No attachments may b
    provisioned on this Interconnect.
  • UNDER_MAINTENANCE: The Interconnect is undergoing internal maintenance. No attachments may
    be provisioned or updated on this Interconnect.

• satisfies_pzs -
  Reserved for future use.

• available_features -
  interconnects.list of features available for this Interconnect connection. Can take the value:
  MACSEC. If present then the Interconnect connection is provisioned on MACsec capable hardware
  ports. If not present then the Interconnect connection is provisioned on non-MACsec capable
  ports and MACsec isn't supported and enabling MACsec fails).

• wire_groups -
  (Beta)
  A list of the URLs of all CrossSiteNetwork WireGroups configured to use this Interconnect.[The Interconnect cannot be deleted if this list is non-empty.]

• interconnect_groups -
  URLs of InterconnectGroups that include this Interconnect.
  Order is arbitrary and items are unique.

• terraform_labels -
  The combination of labels configured directly on the resource
  and default labels configured on the provider.

• effective_labels -
  All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.

The expected_outages block contains:

• name -
  (Output)
  Unique identifier for this outage notification.

• description -
  (Output)
  A description about the purpose of the outage.

• source -
  (Output)
  The party that generated this notification. Note that the value of NSRC_GOOGLE has been
  deprecated in favor of GOOGLE. Can take the following value:

  • GOOGLE: this notification as generated by Google.

• state -
  (Output)
  State of this notification. Note that the versions of this enum prefixed with "NS_" have
  been deprecated in favor of the unprefixed values. Can take one of the following values:

  • ACTIVE: This outage notification is active. The event could be in the past, present,
    or future. See startTime and endTime for scheduling.
  • CANCELLED: The outage associated with this notification was cancelled before the
    outage was due to start.
  • COMPLETED: The outage associated with this notification is complete.

• issue_type -
  (Output)
  Form this outage is expected to take. Note that the versions of this enum prefixed with
  "IT_" have been deprecated in favor of the unprefixed values. Can take one of the
  following values:

  • OUTAGE: The Interconnect may be completely out of service for some or all of the
    specified window.
  • PARTIAL_OUTAGE: Some circuits comprising the Interconnect as a whole should remain
    up, but with reduced bandwidth.

• affected_circuits -
  (Output)
  If issueType is IT_PARTIAL_OUTAGE, a list of the Google-side circuit IDs that will be
  affected.

• start_time -
  (Output)
  Scheduled start time for the outage (milliseconds since Unix epoch).

• end_time -
  (Output)
  Scheduled end time for the outage (milliseconds since Unix epoch).

The circuit_infos block contains:

• google_circuit_id -
  (Output)
  Google-assigned unique ID for this circuit. Assigned at circuit turn-up.

• google_demarc_id -
  (Output)
  Google-side demarc ID for this circuit. Assigned at circuit turn-up and provided by
  Google to the customer in the LOA.

• customer_demarc_id -
  (Output)
  Customer-side demarc ID for this circuit.

Timeouts

This resource provides the following
Timeouts configuration options:

• create - Default is 20 minutes.
• update - Default is 20 minutes.
• delete - Default is 20 minutes.

Import

Interconnect can be imported using any of these accepted formats:

• projects/{{project}}/global/interconnects/{{name}}
• {{project}}/{{name}}
• {{name}}

In Terraform v1.5.0 and later, use an import block to import Interconnect using one of the formats above. For example:

import {
  id = "projects/{{project}}/global/interconnects/{{name}}"
  to = google_compute_interconnect.default
}

When using the terraform import command, Interconnect can be imported using one of the formats above. For example:

$ terraform import google_compute_interconnect.default projects/{{project}}/global/interconnects/{{name}}
$ terraform import google_compute_interconnect.default {{project}}/{{name}}
$ terraform import google_compute_interconnect.default {{name}}

User Project Overrides

This resource supports User Project Overrides.

Derived from GoogleCloudPlatform/magic-modules#14238