diff --git a/mmv1/products/cloudrun/go_Service.yaml b/mmv1/products/cloudrun/go_Service.yaml index cd4b9a634396..70d027954b61 100644 --- a/mmv1/products/cloudrun/go_Service.yaml +++ b/mmv1/products/cloudrun/go_Service.yaml @@ -69,6 +69,14 @@ examples: cloud_run_service_name: 'cloudrun-srv' test_env_vars: project: 'PROJECT_NAME' + - name: 'cloud_run_service_gpu' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-srv%s", context["random_suffix"])' + min_version: 'beta' + vars: + cloud_run_service_name: 'cloudrun-srv' + test_env_vars: + project: 'PROJECT_NAME' - name: 'cloud_run_service_sql' primary_resource_id: 'default' primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-srv%s", context["random_suffix"])' @@ -737,7 +745,13 @@ properties: The name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. - + - name: 'nodeSelector' + type: KeyValuePairs + description: |- + Node Selector describes the hardware requirements of the resources. + Use the following node selector keys to configure features on a Revision: + - `run.googleapis.com/accelerator` sets the [type of GPU](https://cloud.google.com/run/docs/configuring/services/gpu) required by the Revision to run. + min_version: 'beta' - name: 'containerConcurrency' type: Integer description: |- diff --git a/mmv1/products/cloudrunv2/go_Service.yaml b/mmv1/products/cloudrunv2/go_Service.yaml index ff0bc7cb52a6..d640edf462fe 100644 --- a/mmv1/products/cloudrunv2/go_Service.yaml +++ b/mmv1/products/cloudrunv2/go_Service.yaml @@ -100,6 +100,14 @@ examples: cloud_run_service_name: 'cloudrun-service' ignore_read_extra: - 'deletion_protection' + - name: 'cloudrunv2_service_gpu' + primary_resource_id: 'default' + primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-srv%s", context["random_suffix"])' + min_version: 'beta' + vars: + cloud_run_service_name: 'cloudrun-service' + ignore_read_extra: + - 'deletion_protection' - name: 'cloudrunv2_service_probes' primary_resource_id: 'default' primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-srv%s", context["random_suffix"])' @@ -495,7 +503,7 @@ properties: - name: 'limits' type: KeyValuePairs description: |- - Only memory and CPU are supported. Use key `cpu` for CPU limit and `memory` for memory limit. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go + Only memory, CPU, and nvidia.com/gpu are supported. Use key `cpu` for CPU limit, `memory` for memory limit, `nvidia.com/gpu` for gpu limit. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go default_from_api: true - name: 'cpuIdle' type: Boolean @@ -904,6 +912,16 @@ properties: type: String description: |- The Mesh resource name. For more information see https://cloud.google.com/service-mesh/docs/reference/network-services/rest/v1/projects.locations.meshes#resource:-mesh. + - name: 'nodeSelector' + type: NestedObject + description: Node Selector describes the hardware requirements of the resources. + min_version: 'beta' + properties: + - name: 'accelerator' + type: String + description: + The GPU to attach to an instance. See https://cloud.google.com/run/docs/configuring/services/gpu for configuring GPU. + required: true - name: 'traffic' type: Array description: |- diff --git a/mmv1/products/compute/go_RegionNetworkFirewallPolicyWithRules.yaml b/mmv1/products/compute/go_RegionNetworkFirewallPolicyWithRules.yaml new file mode 100644 index 000000000000..9fc93b160f27 --- /dev/null +++ b/mmv1/products/compute/go_RegionNetworkFirewallPolicyWithRules.yaml @@ -0,0 +1,678 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'RegionNetworkFirewallPolicyWithRules' +description: "The Compute NetworkFirewallPolicy with rules resource" +min_version: 'beta' +docs: +base_url: 'projects/{{project}}/regions/{{region}}/firewallPolicies' +self_link: 'projects/{{project}}/regions/{{region}}/firewallPolicies/{{name}}' +create_url: 'projects/{{project}}/regions/{{region}}/firewallPolicies' +update_verb: 'PATCH' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +async: + actions: ['create', 'delete', 'update'] + type: 'OpAsync' + operation: + base_url: '{{op_id}}' + kind: 'compute#operation' + path: 'name' + wait_ms: 1000 + result: + path: 'targetLink' + resource_inside_response: false + error: + path: 'error/errors' + message: 'message' +custom_code: + constants: 'templates/terraform/constants/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl' + encoder: 'templates/terraform/encoders/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl' + update_encoder: 'templates/terraform/update_encoder/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl' + decoder: 'templates/terraform/decoders/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl' + post_create: 'templates/terraform/post_create/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl' +legacy_long_form_project: true +examples: + - name: 'compute_region_network_firewall_policy_with_rules_full' + primary_resource_id: 'region-network-firewall-policy-with-rules' + vars: + policy_name: 'tf-region-fw-policy-with-rules' + address_group_name: 'tf-address-group' + tag_key_name: 'tf-tag-key' + tag_value_name: 'tf-tag-value' + test_env_vars: + org_id: 'ORG_ID' +parameters: + - name: 'region' + type: String + description: The region of this resource. + min_version: 'beta' + url_param_only: true + immutable: true + default_from_api: true +properties: + - name: 'creationTimestamp' + type: String + description: Creation timestamp in RFC3339 text format. + min_version: 'beta' + output: true + - name: 'name' + type: String + description: | + User-provided name of the Network firewall policy. + The name should be unique in the project in which the firewall policy is created. + The name must be 1-63 characters long, and comply with RFC1035. Specifically, + the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? + which means the first character must be a lowercase letter, and all following characters must be a dash, + lowercase letter, or digit, except the last character, which cannot be a dash. + min_version: 'beta' + required: true + immutable: true + - name: 'networkFirewallPolicyId' + type: String + description: The unique identifier for the resource. This identifier is defined by the server. + api_name: id + min_version: 'beta' + output: true + - name: 'description' + type: String + description: An optional description of this resource. + min_version: 'beta' + - name: 'rule' + type: Array + description: A list of firewall policy rules. + api_name: rules + min_version: 'beta' + required: true + item_type: + type: NestedObject + properties: + - name: 'description' + type: String + description: | + A description of the rule. + min_version: 'beta' + - name: 'ruleName' + type: String + description: | + An optional name for the rule. This field is not a unique identifier + and can be updated. + min_version: 'beta' + - name: 'priority' + type: Integer + description: | + An integer indicating the priority of a rule in the list. The priority must be a value + between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the + highest priority and 2147483647 is the lowest priority. + min_version: 'beta' + required: true + - name: 'match' + type: NestedObject + description: + A match condition that incoming traffic is evaluated against. If it + evaluates to true, the corresponding 'action' is enforced. + min_version: 'beta' + required: true + properties: + - name: 'srcIpRanges' + type: Array + description: | + Source IP address range in CIDR format. Required for + INGRESS rules. + min_version: 'beta' + item_type: + type: String + - name: 'destIpRanges' + type: Array + description: | + Destination IP address range in CIDR format. Required for + EGRESS rules. + min_version: 'beta' + item_type: + type: String + - name: 'srcAddressGroups' + type: Array + description: | + Address groups which should be matched against the traffic source. + Maximum number of source address groups is 10. + min_version: 'beta' + item_type: + type: String + - name: 'destAddressGroups' + type: Array + description: | + Address groups which should be matched against the traffic destination. + Maximum number of destination address groups is 10. + min_version: 'beta' + item_type: + type: String + - name: 'srcFqdns' + type: Array + description: | + Fully Qualified Domain Name (FQDN) which should be matched against + traffic source. Maximum number of source fqdn allowed is 100. + min_version: 'beta' + item_type: + type: String + - name: 'destFqdns' + type: Array + description: | + Fully Qualified Domain Name (FQDN) which should be matched against + traffic destination. Maximum number of destination fqdn allowed is 100. + min_version: 'beta' + item_type: + type: String + - name: 'srcRegionCodes' + type: Array + description: | + Region codes whose IP addresses will be used to match for source + of traffic. Should be specified as 2 letter country code defined as per + ISO 3166 alpha-2 country codes. ex."US" + Maximum number of source region codes allowed is 5000. + min_version: 'beta' + item_type: + type: String + - name: 'destRegionCodes' + type: Array + description: | + Region codes whose IP addresses will be used to match for destination + of traffic. Should be specified as 2 letter country code defined as per + ISO 3166 alpha-2 country codes. ex."US" + Maximum number of destination region codes allowed is 5000. + min_version: 'beta' + item_type: + type: String + - name: 'srcThreatIntelligences' + type: Array + description: | + Names of Network Threat Intelligence lists. + The IPs in these lists will be matched against traffic source. + min_version: 'beta' + item_type: + type: String + - name: 'destThreatIntelligences' + type: Array + description: | + Names of Network Threat Intelligence lists. + The IPs in these lists will be matched against traffic destination. + min_version: 'beta' + item_type: + type: String + - name: 'layer4Config' + type: Array + description: | + Pairs of IP protocols and ports that the rule should match. + api_name: layer4Configs + min_version: 'beta' + required: true + item_type: + type: NestedObject + properties: + - name: 'ipProtocol' + type: String + description: | + The IP protocol to which this rule applies. The protocol + type is required when creating a firewall rule. + This value can either be one of the following well + known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), + or the IP protocol number. + min_version: 'beta' + required: true + - name: 'ports' + type: Array + description: | + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + min_version: 'beta' + item_type: + type: String + - name: 'srcSecureTag' + type: Array + description: | + List of secure tag values, which should be matched at the source + of the traffic. + For INGRESS rule, if all the srcSecureTag are INEFFECTIVE, + and there is no srcIpRange, this rule will be ignored. + Maximum number of source tag values allowed is 256. + api_name: srcSecureTags + min_version: 'beta' + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + Name of the secure tag, created with TagManager's TagValue API. + @pattern tagValues/[0-9]+ + min_version: 'beta' + - name: 'state' + type: Enum + description: | + [Output Only] State of the secure tag, either `EFFECTIVE` or + `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted + or its network is deleted. + min_version: 'beta' + output: true + enum_values: + - 'EFFECTIVE' + - 'INEFFECTIVE' + - name: 'targetSecureTag' + type: Array + description: | + A list of secure tags that controls which instances the firewall rule + applies to. If targetSecureTag are specified, then the + firewall rule applies only to instances in the VPC network that have one + of those EFFECTIVE secure tags, if all the target_secure_tag are in + INEFFECTIVE state, then this rule will be ignored. + targetSecureTag may not be set at the same time as + targetServiceAccounts. + If neither targetServiceAccounts nor + targetSecureTag are specified, the firewall rule applies + to all instances on the specified network. + Maximum number of target label tags allowed is 256. + api_name: targetSecureTags + min_version: 'beta' + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + Name of the secure tag, created with TagManager's TagValue API. + @pattern tagValues/[0-9]+ + min_version: 'beta' + - name: 'state' + type: Enum + description: | + [Output Only] State of the secure tag, either `EFFECTIVE` or + `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted + or its network is deleted. + min_version: 'beta' + output: true + enum_values: + - 'EFFECTIVE' + - 'INEFFECTIVE' + - name: 'action' + type: String + description: | + The Action to perform when the client connection triggers the rule. Can currently be either + "allow", "deny", "apply_security_profile_group" or "goto_next". + min_version: 'beta' + required: true + - name: 'direction' + type: Enum + description: | + The direction in which this rule applies. If unspecified an INGRESS rule is created. + min_version: 'beta' + enum_values: + - 'INGRESS' + - 'EGRESS' + - name: 'enableLogging' + type: Boolean + description: | + Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the + configured export destination in Stackdriver. + min_version: 'beta' + send_empty_value: true + - name: 'targetServiceAccounts' + type: Array + description: | + A list of service accounts indicating the sets of + instances that are applied with this rule. + min_version: 'beta' + item_type: + type: String + - name: 'securityProfileGroup' + type: String + description: | + A fully-qualified URL of a SecurityProfile resource instance. + Example: + https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group + Must be specified if action is 'apply_security_profile_group'. + min_version: 'beta' + - name: 'tlsInspect' + type: Boolean + description: | + Boolean flag indicating if the traffic should be TLS decrypted. + It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions. + min_version: 'beta' + - name: 'disabled' + type: Boolean + description: | + Denotes whether the firewall policy rule is disabled. When set to true, + the firewall policy rule is not enforced and traffic behaves as if it did + not exist. If this is unspecified, the firewall policy rule will be + enabled. + min_version: 'beta' + - name: 'predefinedRules' + type: Array + description: A list of firewall policy pre-defined rules. + min_version: 'beta' + output: true + item_type: + type: NestedObject + properties: + - name: 'description' + type: String + description: | + A description of the rule. + min_version: 'beta' + output: true + - name: 'ruleName' + type: String + description: | + An optional name for the rule. This field is not a unique identifier + and can be updated. + min_version: 'beta' + output: true + - name: 'priority' + type: Integer + description: | + An integer indicating the priority of a rule in the list. The priority must be a value + between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the + highest priority and 2147483647 is the lowest priority. + min_version: 'beta' + output: true + - name: 'match' + type: NestedObject + description: + A match condition that incoming traffic is evaluated against. If it + evaluates to true, the corresponding 'action' is enforced. + min_version: 'beta' + output: true + properties: + - name: 'srcIpRanges' + type: Array + description: | + Source IP address range in CIDR format. Required for + INGRESS rules. + min_version: 'beta' + output: true + item_type: + type: String + - name: 'destIpRanges' + type: Array + description: | + Destination IP address range in CIDR format. Required for + EGRESS rules. + min_version: 'beta' + output: true + item_type: + type: String + - name: 'srcAddressGroups' + type: Array + description: | + Address groups which should be matched against the traffic source. + Maximum number of source address groups is 10. + min_version: 'beta' + output: true + item_type: + type: String + - name: 'destAddressGroups' + type: Array + description: | + Address groups which should be matched against the traffic destination. + Maximum number of destination address groups is 10. + min_version: 'beta' + output: true + item_type: + type: String + - name: 'srcFqdns' + type: Array + description: | + Fully Qualified Domain Name (FQDN) which should be matched against + traffic source. Maximum number of source fqdn allowed is 100. + min_version: 'beta' + output: true + item_type: + type: String + - name: 'destFqdns' + type: Array + description: | + Fully Qualified Domain Name (FQDN) which should be matched against + traffic destination. Maximum number of destination fqdn allowed is 100. + min_version: 'beta' + output: true + item_type: + type: String + - name: 'srcRegionCodes' + type: Array + description: | + Region codes whose IP addresses will be used to match for source + of traffic. Should be specified as 2 letter country code defined as per + ISO 3166 alpha-2 country codes. ex."US" + Maximum number of source region codes allowed is 5000. + min_version: 'beta' + output: true + item_type: + type: String + - name: 'destRegionCodes' + type: Array + description: | + Region codes whose IP addresses will be used to match for destination + of traffic. Should be specified as 2 letter country code defined as per + ISO 3166 alpha-2 country codes. ex."US" + Maximum number of destination region codes allowed is 5000. + min_version: 'beta' + output: true + item_type: + type: String + - name: 'srcThreatIntelligences' + type: Array + description: | + Names of Network Threat Intelligence lists. + The IPs in these lists will be matched against traffic source. + min_version: 'beta' + output: true + item_type: + type: String + - name: 'destThreatIntelligences' + type: Array + description: | + Names of Network Threat Intelligence lists. + The IPs in these lists will be matched against traffic destination. + min_version: 'beta' + output: true + item_type: + type: String + - name: 'layer4Config' + type: Array + description: | + Pairs of IP protocols and ports that the rule should match. + api_name: layer4Configs + min_version: 'beta' + output: true + item_type: + type: NestedObject + properties: + - name: 'ipProtocol' + type: String + description: | + The IP protocol to which this rule applies. The protocol + type is required when creating a firewall rule. + This value can either be one of the following well + known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp), + or the IP protocol number. + min_version: 'beta' + output: true + - name: 'ports' + type: Array + description: | + An optional list of ports to which this rule applies. This field + is only applicable for UDP or TCP protocol. Each entry must be + either an integer or a range. If not specified, this rule + applies to connections through any port. + Example inputs include: ["22"], ["80","443"], and + ["12345-12349"]. + min_version: 'beta' + output: true + item_type: + type: String + - name: 'srcSecureTag' + type: Array + description: | + List of secure tag values, which should be matched at the source + of the traffic. + For INGRESS rule, if all the srcSecureTag are INEFFECTIVE, + and there is no srcIpRange, this rule will be ignored. + Maximum number of source tag values allowed is 256. + api_name: srcSecureTags + min_version: 'beta' + output: true + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + Name of the secure tag, created with TagManager's TagValue API. + @pattern tagValues/[0-9]+ + min_version: 'beta' + output: true + - name: 'state' + type: Enum + description: | + [Output Only] State of the secure tag, either `EFFECTIVE` or + `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted + or its network is deleted. + min_version: 'beta' + output: true + enum_values: + - 'EFFECTIVE' + - 'INEFFECTIVE' + - name: 'targetSecureTag' + type: Array + description: | + A list of secure tags that controls which instances the firewall rule + applies to. If targetSecureTag are specified, then the + firewall rule applies only to instances in the VPC network that have one + of those EFFECTIVE secure tags, if all the target_secure_tag are in + INEFFECTIVE state, then this rule will be ignored. + targetSecureTag may not be set at the same time as + targetServiceAccounts. + If neither targetServiceAccounts nor + targetSecureTag are specified, the firewall rule applies + to all instances on the specified network. + Maximum number of target label tags allowed is 256. + api_name: targetSecureTags + min_version: 'beta' + output: true + item_type: + type: NestedObject + properties: + - name: 'name' + type: String + description: | + Name of the secure tag, created with TagManager's TagValue API. + @pattern tagValues/[0-9]+ + min_version: 'beta' + output: true + - name: 'state' + type: Enum + description: | + [Output Only] State of the secure tag, either `EFFECTIVE` or + `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted + or its network is deleted. + min_version: 'beta' + output: true + enum_values: + - 'EFFECTIVE' + - 'INEFFECTIVE' + - name: 'action' + type: String + description: | + The Action to perform when the client connection triggers the rule. Can currently be either + "allow", "deny", "apply_security_profile_group" or "goto_next". + min_version: 'beta' + output: true + - name: 'direction' + type: Enum + description: | + The direction in which this rule applies. If unspecified an INGRESS rule is created. + min_version: 'beta' + output: true + enum_values: + - 'INGRESS' + - 'EGRESS' + - name: 'enableLogging' + type: Boolean + description: | + Denotes whether to enable logging for a particular rule. + If logging is enabled, logs will be exported to the + configured export destination in Stackdriver. + min_version: 'beta' + output: true + send_empty_value: true + - name: 'targetServiceAccounts' + type: Array + description: | + A list of service accounts indicating the sets of + instances that are applied with this rule. + min_version: 'beta' + output: true + item_type: + type: String + - name: 'securityProfileGroup' + type: String + description: | + A fully-qualified URL of a SecurityProfile resource instance. + Example: + https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group + Must be specified if action is 'apply_security_profile_group'. + min_version: 'beta' + output: true + - name: 'tlsInspect' + type: Boolean + description: | + Boolean flag indicating if the traffic should be TLS decrypted. + It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions. + min_version: 'beta' + output: true + - name: 'disabled' + type: Boolean + description: | + Denotes whether the firewall policy rule is disabled. When set to true, + the firewall policy rule is not enforced and traffic behaves as if it did + not exist. If this is unspecified, the firewall policy rule will be + enabled. + min_version: 'beta' + output: true + - name: 'fingerprint' + type: Fingerprint + description: Fingerprint of the resource. This field is used internally during updates of this resource. + min_version: 'beta' + output: true + - name: 'selfLink' + type: String + description: Server-defined URL for the resource. + min_version: 'beta' + output: true + - name: 'selfLinkWithId' + type: String + description: Server-defined URL for this resource with the resource id. + min_version: 'beta' + output: true + - name: 'ruleTupleCount' + type: Integer + description: Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples. + min_version: 'beta' + output: true diff --git a/mmv1/products/healthcare/go_ConsentStore.yaml b/mmv1/products/healthcare/go_ConsentStore.yaml index c074ab71c852..8ba444b7b043 100644 --- a/mmv1/products/healthcare/go_ConsentStore.yaml +++ b/mmv1/products/healthcare/go_ConsentStore.yaml @@ -43,6 +43,7 @@ iam_policy: - '{{%dataset}}/consentStores/{{name}}' - '{{name}}' custom_code: +# Skipping the sweeper since this is a fine-grained resource under dataset exclude_sweeper: true examples: - name: 'healthcare_consent_store_basic' diff --git a/mmv1/products/healthcare/go_PipelineJob.yaml b/mmv1/products/healthcare/go_PipelineJob.yaml new file mode 100644 index 000000000000..bc3eeb5fa388 --- /dev/null +++ b/mmv1/products/healthcare/go_PipelineJob.yaml @@ -0,0 +1,266 @@ +# Copyright 2024 Google Inc. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Warning: This is a temporary file, and should not be edited directly +--- +name: 'PipelineJob' +kind: 'healthcare#pipelineJob' +description: | + PipelineJobs are Long Running Operations on Healthcare API to Map or Reconcile + incoming data into FHIR format +references: + guides: + 'Creating a PipelineJob': 'https://cloud.google.com/healthcare-api/private/healthcare-data-engine/docs/reference/rest/v1/projects.locations.datasets.pipelineJobs#PipelineJob' + api: 'https://cloud.google.com/healthcare-api/healthcare-data-engine/docs/reference/rest/v1/projects.locations.datasets.pipelineJobs' +docs: +id_format: '{{dataset}}/pipelineJobs/{{name}}' +base_url: '{{dataset}}/pipelineJobs?pipelineJobId={{name}}' +self_link: '{{dataset}}/pipelineJobs/{{name}}' +update_verb: 'PATCH' +update_mask: true +delete_url: '{{dataset}}/pipelineJobs/{{name}}' +import_format: + - '{{%dataset}}/pipelineJobs/{{name}}' + - '{{name}}' + - '{{dataset}}/pipelineJobs?pipelineJobId={{name}}' +timeouts: + insert_minutes: 20 + update_minutes: 20 + delete_minutes: 20 +custom_code: + decoder: 'templates/terraform/decoders/go/long_name_to_self_link.go.tmpl' +exclude_sweeper: true +examples: + - name: 'healthcare_pipeline_job_reconciliation' + primary_resource_id: 'example-pipeline' + vars: + pipeline_name: 'example_pipeline_job' + dataset_name: 'example_dataset' + fhir_store_name: 'fhir_store' + bucket_name: 'example_bucket_name' + - name: 'healthcare_pipeline_job_backfill' + primary_resource_id: 'example-pipeline' + vars: + backfill_pipeline_name: 'example_backfill_pipeline' + dataset_name: 'example_dataset' + mapping_pipeline_name: 'example_mapping_pipeline' + - name: 'healthcare_pipeline_job_whistle_mapping' + primary_resource_id: 'example-mapping-pipeline' + vars: + pipeline_name: 'example_mapping_pipeline_job' + dataset_name: 'example_dataset' + source_fhirstore_name: 'source_fhir_store' + dest_fhirstore_name: 'dest_fhir_store' + bucket_name: 'example_bucket_name' + - name: 'healthcare_pipeline_job_mapping_recon_dest' + primary_resource_id: 'example-mapping-pipeline' + vars: + pipeline_name: 'example_mapping_pipeline_job' + recon_pipeline_name: 'example_recon_pipeline_job' + dataset_name: 'example_dataset' + source_fhirstore_name: 'source_fhir_store' + dest_fhirstore_name: 'dest_fhir_store' + bucket_name: 'example_bucket_name' +parameters: + - name: 'location' + type: String + description: | + Location where the Pipeline Job is to run + url_param_only: true + required: true + immutable: true + - name: 'dataset' + type: String + description: | + Healthcare Dataset under which the Pipeline Job is to run + url_param_only: true + required: true + immutable: true +properties: + - name: 'name' + type: String + description: | + Specifies the name of the pipeline job. This field is user-assigned. + required: true + - name: 'disableLineage' + type: Boolean + description: | + If true, disables writing lineage for the pipeline. + required: false + default_value: false + - name: 'labels' + type: KeyValueLabels + description: | + User-supplied key-value pairs used to organize Pipeline Jobs. + Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of + maximum 128 bytes, and must conform to the following PCRE regular expression: + [\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}_-]{0,62} + Label values are optional, must be between 1 and 63 characters long, have a + UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE + regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63} + No more than 64 labels can be associated with a given pipeline. + An object containing a list of "key": value pairs. + Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }. + required: false + - name: 'selfLink' + type: String + description: | + The fully qualified name of this dataset + ignore_read: true + output: true + - name: 'mappingPipelineJob' + type: NestedObject + description: | + Specifies mapping configuration. + required: false + conflicts: + - reconciliationPipelineJob + - backfillPipelineJob + properties: + - name: 'mappingConfig' + type: NestedObject + description: | + The location of the mapping configuration. + required: true + properties: + - name: 'description' + type: String + description: | + Describes the mapping configuration. + required: false + - name: 'whistleConfigSource' + type: NestedObject + description: | + Specifies the path to the mapping configuration for harmonization pipeline. + required: false + properties: + - name: 'uri' + type: String + description: | + Main configuration file which has the entrypoint or the root function. + Example: gs://{bucket-id}/{path/to/import-root/dir}/entrypoint-file-name.wstl. + required: true + - name: 'importUriPrefix' + type: String + description: | + Directory path where all the Whistle files are located. + Example: gs://{bucket-id}/{path/to/import-root/dir} + required: true + - name: 'fhirStreamingSource' + type: NestedObject + description: | + A streaming FHIR data source. + required: false + properties: + - name: 'fhirStore' + type: String + description: | + The path to the FHIR store in the format projects/{projectId}/locations/{locationId}/datasets/{datasetId}/fhirStores/{fhirStoreId}. + required: true + - name: 'description' + type: String + description: | + Describes the streaming FHIR data source. + required: false + - name: 'fhirStoreDestination' + type: String + description: | + If set, the mapping pipeline will write snapshots to this + FHIR store without assigning stable IDs. You must + grant your pipeline project's Cloud Healthcare Service + Agent serviceaccount healthcare.fhirResources.executeBundle + and healthcare.fhirResources.create permissions on the + destination store. The destination store must set + [disableReferentialIntegrity][FhirStore.disable_referential_integrity] + to true. The destination store must use FHIR version R4. + Format: project/{projectID}/locations/{locationID}/datasets/{datasetName}/fhirStores/{fhirStoreID}. + required: false + conflicts: + - reconciliationDestination + - name: 'reconciliationDestination' + type: Boolean + description: | + If set to true, a mapping pipeline will send output snapshots + to the reconciliation pipeline in its dataset. A reconciliation + pipeline must exist in this dataset before a mapping pipeline + with a reconciliation destination can be created. + required: false + conflicts: + - fhirStoreDestination + - name: 'reconciliationPipelineJob' + type: NestedObject + description: | + Specifies reconciliation configuration. + required: false + conflicts: + - mappingPipelineJob + - backfillPipelineJob + properties: + - name: 'mergeConfig' + type: NestedObject + description: | + Specifies the location of the reconciliation configuration. + required: true + properties: + - name: 'description' + type: String + description: | + Describes the mapping configuration. + required: false + - name: 'whistleConfigSource' + type: NestedObject + description: | + Specifies the path to the mapping configuration for harmonization pipeline. + required: true + properties: + - name: 'uri' + type: String + description: | + Main configuration file which has the entrypoint or the root function. + Example: gs://{bucket-id}/{path/to/import-root/dir}/entrypoint-file-name.wstl. + required: true + - name: 'importUriPrefix' + type: String + description: | + Directory path where all the Whistle files are located. + Example: gs://{bucket-id}/{path/to/import-root/dir} + required: true + - name: 'matchingUriPrefix' + type: String + description: | + Specifies the top level directory of the matching configs used + in all mapping pipelines, which extract properties for resources + to be matched on. + Example: gs://{bucket-id}/{path/to/matching/configs} + required: true + - name: 'fhirStoreDestination' + type: String + description: | + The harmonized FHIR store to write harmonized FHIR resources to, + in the format of: project/{projectID}/locations/{locationID}/datasets/{datasetName}/fhirStores/{id} + required: false + - name: 'backfillPipelineJob' + type: NestedObject + description: | + Specifies the backfill configuration. + required: false + conflicts: + - mappingPipelineJob + - reconciliationPipelineJob + properties: + - name: 'mappingPipelineJob' + type: String + description: | + Specifies the mapping pipeline job to backfill, the name format + should follow: projects/{projectId}/locations/{locationId}/datasets/{datasetId}/pipelineJobs/{pipelineJobId}. + required: false diff --git a/mmv1/products/looker/go_Instance.yaml b/mmv1/products/looker/go_Instance.yaml index ac4949b34cb0..5f2cf1ae012e 100644 --- a/mmv1/products/looker/go_Instance.yaml +++ b/mmv1/products/looker/go_Instance.yaml @@ -101,6 +101,12 @@ examples: client_id: 'my-client-id' client_secret: 'my-client-secret' custom_domain: 'my-custom-domain' + - name: 'looker_instance_psc' + primary_resource_id: 'looker-instance' + vars: + instance_name: 'my-instance' + client_id: 'my-client-id' + client_secret: 'my-client-secret' parameters: - name: 'region' type: String @@ -401,6 +407,57 @@ properties: description: | Whether private IP is enabled on the Looker instance. default_value: false + # PscConfig Object + - name: 'pscConfig' + type: NestedObject + description: | + Information for Private Service Connect (PSC) setup for a Looker instance. + update_mask_fields: + - 'psc_config.allowed_vpcs' + - 'psc_config.service_attachments' + properties: + - name: 'allowedVpcs' + type: Array + description: | + List of VPCs that are allowed ingress into the Looker instance. + item_type: + type: String + - name: 'lookerServiceAttachmentUri' + type: String + description: | + URI of the Looker service attachment. + output: true + - name: 'serviceAttachments' + type: Array + description: | + List of egress service attachment configurations. + item_type: + type: NestedObject + properties: + - name: 'connectionStatus' + type: Enum + description: | + Status of the service attachment connection. + output: true + enum_values: + - 'ACCEPTED' + - 'PENDING' + - 'REJECTED' + - 'NEEDS_ATTENTION' + - 'CLOSED' + - name: 'localFqdn' + type: String + description: | + Fully qualified domain name that will be used in the private DNS record created for the service attachment. + - name: 'targetServiceAttachmentUri' + type: String + description: | + URI of the service attachment to connect to. + # PscConfig Object - End + - name: 'pscEnabled' + type: Boolean + description: | + Whether Public Service Connect (PSC) is enabled on the Looker instance - name: 'publicIpEnabled' type: Boolean description: | diff --git a/mmv1/products/networkconnectivity/go_Spoke.yaml b/mmv1/products/networkconnectivity/go_Spoke.yaml index 6913716512cb..b9eef6be0637 100644 --- a/mmv1/products/networkconnectivity/go_Spoke.yaml +++ b/mmv1/products/networkconnectivity/go_Spoke.yaml @@ -59,6 +59,31 @@ examples: instance_name: 'basic-instance' hub_name: 'basic-hub1' spoke_name: 'basic-spoke' + - name: 'network_connectivity_spoke_vpn_tunnel_basic' + primary_resource_id: 'tunnel1' + vars: + network_name: 'basic-network' + subnetwork_name: 'basic-subnetwork' + gateway_name: 'vpn-gateway' + external_gateway_name: 'external-vpn-gateway' + router_name: 'external-vpn-gateway' + vpn_tunnel_1_name: 'tunnel1' + vpn_tunnel_2_name: 'tunnel2' + router_interface_1_name: 'router-interface1' + router_peer_1_name: 'router-peer1' + router_interface_2_name: 'router-interface2' + router_peer_2_name: 'router-peer2' + hub_name: 'basic-hub1' + vpn_tunnel_1_spoke_name: 'vpn-tunnel-1-spoke' + vpn_tunnel_2_spoke_name: 'vpn-tunnel-2-spoke' + - name: 'network_connectivity_spoke_interconnect_attachment_basic' + primary_resource_id: 'primary' + vars: + hub_name: 'basic-hub1' + network_name: 'basic-network' + router_name: 'external-vpn-gateway' + interconnect_attachment_name: 'partner-interconnect1' + interconnect_attachment_spoke_name: 'interconnect-attachment-spoke' parameters: - name: 'location' type: String @@ -115,6 +140,13 @@ properties: description: A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations. required: true immutable: true + - name: 'includeImportRanges' + type: Array + description: | + IP ranges allowed to be included during import from hub (does not control transit connectivity). + The only allowed value for now is "ALL_IPV4_RANGES". + item_type: + type: String - name: 'linkedInterconnectAttachments' type: NestedObject description: A collection of VLAN attachment resources. These resources should be redundant attachments that all advertise the same prefixes to Google Cloud. Alternatively, in active/passive configurations, all attachments should be capable of advertising the same prefixes. @@ -136,6 +168,13 @@ properties: description: A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations. required: true immutable: true + - name: 'includeImportRanges' + type: Array + description: | + IP ranges allowed to be included during import from hub (does not control transit connectivity). + The only allowed value for now is "ALL_IPV4_RANGES". + item_type: + type: String - name: 'linkedRouterApplianceInstances' type: NestedObject description: The URIs of linked Router appliance resources @@ -168,6 +207,13 @@ properties: description: A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations. required: true immutable: true + - name: 'includeImportRanges' + type: Array + description: | + IP ranges allowed to be included during import from hub (does not control transit connectivity). + The only allowed value for now is "ALL_IPV4_RANGES". + item_type: + type: String - name: 'linkedVpcNetwork' type: NestedObject description: VPC network that is associated with the spoke. diff --git a/mmv1/products/networkservices/ServiceLBPolicies.yaml b/mmv1/products/networkservices/ServiceLbPolicies.yaml similarity index 100% rename from mmv1/products/networkservices/ServiceLBPolicies.yaml rename to mmv1/products/networkservices/ServiceLbPolicies.yaml diff --git a/mmv1/templates/terraform/constants/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl b/mmv1/templates/terraform/constants/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl new file mode 100644 index 000000000000..e3f13f8bdc40 --- /dev/null +++ b/mmv1/templates/terraform/constants/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl @@ -0,0 +1,51 @@ +func regionNetworkFirewallPolicyWithRulesConvertPriorityToInt(v interface {}) (int64, error) { + if strVal, ok := v.(string); ok { + if intVal, err := tpgresource.StringToFixed64(strVal); err == nil { + return intVal, nil + } + } + + if intVal, ok := v.(int64); ok { + return intVal, nil + } + + if floatVal, ok := v.(float64); ok { + intVal := int64(floatVal) + return intVal, nil + } + return 0, fmt.Errorf("Incorrect rule priority: %s. Priority must be a number", v) +} + +func regionNetworkFirewallPolicyWithRulesIsPredefinedRule(rule map[string]interface{}) (bool, error) { + // Priorities from 2147483548 to 2147483647 are reserved and cannot be modified by the user. + const ReservedPriorityStart = 2147483548 + + priority := rule["priority"] + priorityInt, err := regionNetworkFirewallPolicyWithRulesConvertPriorityToInt(priority) + + if err != nil { + return false, err + } + + return priorityInt >= ReservedPriorityStart, nil +} + +func regionNetworkFirewallPolicyWithRulesSplitPredefinedRules(allRules []interface{}) ([]interface{}, []interface{}, error) { + predefinedRules := make([]interface{}, 0) + rules := make([]interface{}, 0) + + for _, rule := range allRules { + isPredefined, err := regionNetworkFirewallPolicyWithRulesIsPredefinedRule(rule.(map[string]interface{})) + if err != nil { + return nil, nil, err + } + + if isPredefined { + predefinedRules = append(predefinedRules, rule) + } else { + rules = append(rules, rule) + } + } + + return rules, predefinedRules, nil +} diff --git a/mmv1/templates/terraform/decoders/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl b/mmv1/templates/terraform/decoders/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl new file mode 100644 index 000000000000..802094cda061 --- /dev/null +++ b/mmv1/templates/terraform/decoders/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl @@ -0,0 +1,16 @@ +rules, predefinedRules, err := regionNetworkFirewallPolicyWithRulesSplitPredefinedRules(res["rules"].([]interface{})) + +if err != nil { + return nil, fmt.Errorf("Error occurred while splitting pre-defined rules: %s", err) +} + +res["rules"] = rules +res["predefinedRules"] = predefinedRules + +config := meta.(*transport_tpg.Config) + +if err := d.Set("predefined_rules", flattenComputeRegionNetworkFirewallPolicyWithRulesPredefinedRules(predefinedRules, d, config)); err != nil { + return nil, fmt.Errorf("Error occurred while setting pre-defined rules: %s", err) +} + +return res, nil diff --git a/mmv1/templates/terraform/encoders/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl b/mmv1/templates/terraform/encoders/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl new file mode 100644 index 000000000000..939b22280811 --- /dev/null +++ b/mmv1/templates/terraform/encoders/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl @@ -0,0 +1,3 @@ +delete(obj, "rules") // Rules are not supported in the create API +return obj, nil + diff --git a/mmv1/templates/terraform/examples/go/cloud_run_service_gpu.tf.tmpl b/mmv1/templates/terraform/examples/go/cloud_run_service_gpu.tf.tmpl new file mode 100644 index 000000000000..5606203f1594 --- /dev/null +++ b/mmv1/templates/terraform/examples/go/cloud_run_service_gpu.tf.tmpl @@ -0,0 +1,35 @@ +resource "google_cloud_run_service" "{{$.PrimaryResourceId}}" { + provider = google-beta + name = "{{index $.Vars "cloud_run_service_name"}}" + location = "us-central1" + + metadata { + annotations = { + "run.googleapis.com/launch-stage" = "BETA" + } + } + + template { + metadata { + annotations = { + "autoscaling.knative.dev/maxScale": "1" + "run.googleapis.com/cpu-throttling": "false" + } + } + spec { + containers { + image = "gcr.io/cloudrun/hello" + resources { + limits = { + "cpu" = "4" + "memory" = "16Gi" + "nvidia.com/gpu" = "1" + } + } + } + node_selector = { + "run.googleapis.com/accelerator" = "nvidia-l4" + } + } + } +} diff --git a/mmv1/templates/terraform/examples/go/cloudrunv2_service_gpu.tf.tmpl b/mmv1/templates/terraform/examples/go/cloudrunv2_service_gpu.tf.tmpl new file mode 100644 index 000000000000..9308a5e1d7ea --- /dev/null +++ b/mmv1/templates/terraform/examples/go/cloudrunv2_service_gpu.tf.tmpl @@ -0,0 +1,28 @@ +resource "google_cloud_run_v2_service" "{{$.PrimaryResourceId}}" { + provider = google-beta + name = "{{index $.Vars "cloud_run_service_name"}}" + location = "us-central1" + deletion_protection = false + ingress = "INGRESS_TRAFFIC_ALL" + launch_stage = "BETA" + + template { + containers { + image = "us-docker.pkg.dev/cloudrun/container/hello" + resources { + limits = { + "cpu" = "4" + "memory" = "16Gi" + "nvidia.com/gpu" = "1" + } + startup_cpu_boost = true + } + } + node_selector { + accelerator = "nvidia-l4" + } + scaling { + max_instance_count = 1 + } + } +} diff --git a/mmv1/templates/terraform/examples/go/compute_region_network_firewall_policy_with_rules_full.tf.tmpl b/mmv1/templates/terraform/examples/go/compute_region_network_firewall_policy_with_rules_full.tf.tmpl new file mode 100644 index 000000000000..1925a3da00de --- /dev/null +++ b/mmv1/templates/terraform/examples/go/compute_region_network_firewall_policy_with_rules_full.tf.tmpl @@ -0,0 +1,83 @@ +data "google_project" "project" { + provider = google-beta +} + +resource "google_compute_region_network_firewall_policy_with_rules" "{{$.PrimaryResourceId}}" { + name = "{{index $.Vars "policy_name"}}" + region = "us-west2" + description = "Terraform test" + provider = google-beta + + rule { + description = "tcp rule" + priority = 1000 + enable_logging = true + action = "allow" + direction = "EGRESS" + match { + layer4_config { + ip_protocol = "tcp" + ports = [8080, 7070] + } + dest_ip_ranges = ["11.100.0.1/32"] + dest_fqdns = ["www.yyy.com", "www.zzz.com"] + dest_region_codes = ["HK", "IN"] + dest_threat_intelligences = ["iplist-search-engines-crawlers", "iplist-tor-exit-nodes"] + dest_address_groups = [google_network_security_address_group.address_group_1.id] + } + target_secure_tag { + name = "tagValues/${google_tags_tag_value.secure_tag_value_1.name}" + } + } + rule { + description = "udp rule" + rule_name = "test-rule" + priority = 2000 + enable_logging = false + action = "deny" + direction = "INGRESS" + match { + layer4_config { + ip_protocol = "udp" + } + src_ip_ranges = ["0.0.0.0/0"] + src_fqdns = ["www.abc.com", "www.def.com"] + src_region_codes = ["US", "CA"] + src_threat_intelligences = ["iplist-known-malicious-ips", "iplist-public-clouds"] + src_address_groups = [google_network_security_address_group.address_group_1.id] + src_secure_tag { + name = "tagValues/${google_tags_tag_value.secure_tag_value_1.name}" + } + } + disabled = true + } +} + +resource "google_network_security_address_group" "address_group_1" { + provider = google-beta + name = "{{index $.Vars "address_group_name"}}" + parent = "projects/${data.google_project.project.name}" + description = "Regional address group" + location = "us-west2" + items = ["208.80.154.224/32"] + type = "IPV4" + capacity = 100 +} + +resource "google_tags_tag_key" "secure_tag_key_1" { + provider = google-beta + description = "Tag key" + parent = "projects/${data.google_project.project.name}" + purpose = "GCE_FIREWALL" + short_name = "{{index $.Vars "tag_key_name"}}" + purpose_data = { + network = "${data.google_project.project.name}/default" + } +} + +resource "google_tags_tag_value" "secure_tag_value_1" { + provider = google-beta + description = "Tag value" + parent = "tagKeys/${google_tags_tag_key.secure_tag_key_1.name}" + short_name = "{{index $.Vars "tag_value_name"}}" +} diff --git a/mmv1/templates/terraform/examples/go/healthcare_pipeline_job_backfill.tf.tmpl b/mmv1/templates/terraform/examples/go/healthcare_pipeline_job_backfill.tf.tmpl new file mode 100644 index 000000000000..56667f06ebf3 --- /dev/null +++ b/mmv1/templates/terraform/examples/go/healthcare_pipeline_job_backfill.tf.tmpl @@ -0,0 +1,13 @@ +resource "google_healthcare_pipeline_job" "{{$.PrimaryResourceId}}" { + name = "{{index $.Vars "backfill_pipeline_name"}}" + location = "us-central1" + dataset = google_healthcare_dataset.dataset.id + backfill_pipeline_job { + mapping_pipeline_job = "${google_healthcare_dataset.dataset.id}/pipelinejobs/{{index $.Vars "mapping_pipeline_name"}}" + } +} + +resource "google_healthcare_dataset" "dataset" { + name = "{{index $.Vars "dataset_name"}}" + location = "us-central1" +} \ No newline at end of file diff --git a/mmv1/templates/terraform/examples/go/healthcare_pipeline_job_mapping_recon_dest.tf.tmpl b/mmv1/templates/terraform/examples/go/healthcare_pipeline_job_mapping_recon_dest.tf.tmpl new file mode 100644 index 000000000000..e9d25c6b448d --- /dev/null +++ b/mmv1/templates/terraform/examples/go/healthcare_pipeline_job_mapping_recon_dest.tf.tmpl @@ -0,0 +1,81 @@ +resource "google_healthcare_pipeline_job" "recon" { + name = "{{index $.Vars "recon_pipeline_name"}}" + location = "us-central1" + dataset = google_healthcare_dataset.dataset.id + disable_lineage = true + reconciliation_pipeline_job { + merge_config { + description = "sample description for reconciliation rules" + whistle_config_source { + uri = "gs://${google_storage_bucket.bucket.name}/${google_storage_bucket_object.merge_file.name}" + import_uri_prefix = "gs://${google_storage_bucket.bucket.name}" + } + } + matching_uri_prefix = "gs://${google_storage_bucket.bucket.name}" + fhir_store_destination = "${google_healthcare_dataset.dataset.id}/fhirStores/${google_healthcare_fhir_store.dest_fhirstore.name}" + } +} + +resource "google_healthcare_pipeline_job" "{{$.PrimaryResourceId}}" { + depends_on = [google_healthcare_pipeline_job.recon] + name = "{{index $.Vars "pipeline_name"}}" + location = "us-central1" + dataset = google_healthcare_dataset.dataset.id + disable_lineage = true + labels = { + example_label_key = "example_label_value" + } + mapping_pipeline_job { + mapping_config { + whistle_config_source { + uri = "gs://${google_storage_bucket.bucket.name}/${google_storage_bucket_object.mapping_file.name}" + import_uri_prefix = "gs://${google_storage_bucket.bucket.name}" + } + description = "example description for mapping configuration" + } + fhir_streaming_source { + fhir_store = "${google_healthcare_dataset.dataset.id}/fhirStores/${google_healthcare_fhir_store.source_fhirstore.name}" + description = "example description for streaming fhirstore" + } + reconciliation_destination = true + } +} + +resource "google_healthcare_dataset" "dataset" { + name = "{{index $.Vars "dataset_name"}}" + location = "us-central1" +} + +resource "google_healthcare_fhir_store" "source_fhirstore" { + name = "{{index $.Vars "source_fhirstore_name"}}" + dataset = google_healthcare_dataset.dataset.id + version = "R4" + enable_update_create = true + disable_referential_integrity = true +} + +resource "google_healthcare_fhir_store" "dest_fhirstore" { + name = "{{index $.Vars "dest_fhirstore_name"}}" + dataset = google_healthcare_dataset.dataset.id + version = "R4" + enable_update_create = true + disable_referential_integrity = true +} + +resource "google_storage_bucket" "bucket" { + name = "{{index $.Vars "bucket_name"}}" + location = "us-central1" + uniform_bucket_level_access = true +} + +resource "google_storage_bucket_object" "mapping_file" { + name = "mapping.wstl" + content = " " + bucket = google_storage_bucket.bucket.name +} + +resource "google_storage_bucket_object" "merge_file" { + name = "merge.wstl" + content = " " + bucket = google_storage_bucket.bucket.name +} \ No newline at end of file diff --git a/mmv1/templates/terraform/examples/go/healthcare_pipeline_job_reconciliation.tf.tmpl b/mmv1/templates/terraform/examples/go/healthcare_pipeline_job_reconciliation.tf.tmpl new file mode 100644 index 000000000000..68c22b8f1cb9 --- /dev/null +++ b/mmv1/templates/terraform/examples/go/healthcare_pipeline_job_reconciliation.tf.tmpl @@ -0,0 +1,42 @@ +resource "google_healthcare_pipeline_job" "{{$.PrimaryResourceId}}" { + name = "{{index $.Vars "pipeline_name"}}" + location = "us-central1" + dataset = google_healthcare_dataset.dataset.id + disable_lineage = true + reconciliation_pipeline_job { + merge_config { + description = "sample description for reconciliation rules" + whistle_config_source { + uri = "gs://${google_storage_bucket.bucket.name}/${google_storage_bucket_object.merge_file.name}" + import_uri_prefix = "gs://${google_storage_bucket.bucket.name}" + } + } + matching_uri_prefix = "gs://${google_storage_bucket.bucket.name}" + fhir_store_destination = "${google_healthcare_dataset.dataset.id}/fhirStores/${google_healthcare_fhir_store.fhirstore.name}" + } +} + +resource "google_healthcare_dataset" "dataset" { + name = "{{index $.Vars "dataset_name"}}" + location = "us-central1" +} + +resource "google_healthcare_fhir_store" "fhirstore" { + name = "{{index $.Vars "fhir_store_name"}}" + dataset = google_healthcare_dataset.dataset.id + version = "R4" + enable_update_create = true + disable_referential_integrity = true +} + +resource "google_storage_bucket" "bucket" { + name = "{{index $.Vars "bucket_name"}}" + location = "us-central1" + uniform_bucket_level_access = true +} + +resource "google_storage_bucket_object" "merge_file" { + name = "merge.wstl" + content = " " + bucket = google_storage_bucket.bucket.name +} \ No newline at end of file diff --git a/mmv1/templates/terraform/examples/go/healthcare_pipeline_job_whistle_mapping.tf.tmpl b/mmv1/templates/terraform/examples/go/healthcare_pipeline_job_whistle_mapping.tf.tmpl new file mode 100644 index 000000000000..d75fd9e3552c --- /dev/null +++ b/mmv1/templates/terraform/examples/go/healthcare_pipeline_job_whistle_mapping.tf.tmpl @@ -0,0 +1,56 @@ +resource "google_healthcare_pipeline_job" "{{$.PrimaryResourceId}}" { + name = "{{index $.Vars "pipeline_name"}}" + location = "us-central1" + dataset = google_healthcare_dataset.dataset.id + disable_lineage = true + labels = { + example_label_key = "example_label_value" + } + mapping_pipeline_job { + mapping_config { + whistle_config_source { + uri = "gs://${google_storage_bucket.bucket.name}/${google_storage_bucket_object.mapping_file.name}" + import_uri_prefix = "gs://${google_storage_bucket.bucket.name}" + } + description = "example description for mapping configuration" + } + fhir_streaming_source { + fhir_store = "${google_healthcare_dataset.dataset.id}/fhirStores/${google_healthcare_fhir_store.source_fhirstore.name}" + description = "example description for streaming fhirstore" + } + fhir_store_destination = "${google_healthcare_dataset.dataset.id}/fhirStores/${google_healthcare_fhir_store.dest_fhirstore.name}" + } +} + +resource "google_healthcare_dataset" "dataset" { + name = "{{index $.Vars "dataset_name"}}" + location = "us-central1" +} + +resource "google_healthcare_fhir_store" "source_fhirstore" { + name = "{{index $.Vars "source_fhirstore_name"}}" + dataset = google_healthcare_dataset.dataset.id + version = "R4" + enable_update_create = true + disable_referential_integrity = true +} + +resource "google_healthcare_fhir_store" "dest_fhirstore" { + name = "{{index $.Vars "dest_fhirstore_name"}}" + dataset = google_healthcare_dataset.dataset.id + version = "R4" + enable_update_create = true + disable_referential_integrity = true +} + +resource "google_storage_bucket" "bucket" { + name = "{{index $.Vars "bucket_name"}}" + location = "us-central1" + uniform_bucket_level_access = true +} + +resource "google_storage_bucket_object" "mapping_file" { + name = "mapping.wstl" + content = " " + bucket = google_storage_bucket.bucket.name +} \ No newline at end of file diff --git a/mmv1/templates/terraform/examples/go/looker_instance_psc.tf.tmpl b/mmv1/templates/terraform/examples/go/looker_instance_psc.tf.tmpl new file mode 100644 index 000000000000..151321ce125f --- /dev/null +++ b/mmv1/templates/terraform/examples/go/looker_instance_psc.tf.tmpl @@ -0,0 +1,17 @@ +resource "google_looker_instance" "{{$.PrimaryResourceId}}" { + name = "{{index $.Vars "instance_name"}}" + platform_edition = "LOOKER_CORE_ENTERPRISE_ANNUAL" + region = "us-central1" + private_ip_enabled = false + public_ip_enabled = false + psc_enabled = true + oauth_config { + client_id = "{{index $.Vars "client_id"}}" + client_secret = "{{index $.Vars "client_secret"}}" + } + psc_config { + allowed_vpcs = ["projects/test-project/global/networks/test"] + # update only + # service_attachments = [{local_fqdn: "www.local-fqdn.com" target_service_attachment_uri: "projects/my-project/regions/us-east1/serviceAttachments/sa"}] + } +} diff --git a/mmv1/templates/terraform/examples/go/network_connectivity_spoke_interconnect_attachment_basic.tf.tmpl b/mmv1/templates/terraform/examples/go/network_connectivity_spoke_interconnect_attachment_basic.tf.tmpl new file mode 100644 index 000000000000..44e35979a8c0 --- /dev/null +++ b/mmv1/templates/terraform/examples/go/network_connectivity_spoke_interconnect_attachment_basic.tf.tmpl @@ -0,0 +1,45 @@ +resource "google_network_connectivity_hub" "basic_hub" { + name = "{{index $.Vars "hub_name"}}" + description = "A sample hub" + labels = { + label-two = "value-one" + } +} + +resource "google_compute_network" "network" { + name = "{{index $.Vars "network_name"}}" + auto_create_subnetworks = false +} + +resource "google_compute_router" "router" { + name = "{{index $.Vars "router_name"}}" + region = "us-central1" + network = google_compute_network.network.name + bgp { + asn = 16550 + } +} + +resource "google_compute_interconnect_attachment" "interconnect-attachment" { + name = "{{index $.Vars "interconnect_attachment_name"}}" + edge_availability_domain = "AVAILABILITY_DOMAIN_1" + type = "PARTNER" + router = google_compute_router.router.id + mtu = 1500 + region = "us-central1" +} + +resource "google_network_connectivity_spoke" "{{$.PrimaryResourceId}}" { + name = "{{index $.Vars "interconnect_attachment_spoke_name"}}" + location = "us-central1" + description = "A sample spoke with a linked Interconnect Attachment" + labels = { + label-one = "value-one" + } + hub = google_network_connectivity_hub.basic_hub.id + linked_interconnect_attachments { + uris = [google_compute_interconnect_attachment.interconnect-attachment.self_link] + site_to_site_data_transfer = true + include_import_ranges = ["ALL_IPV4_RANGES"] + } +} diff --git a/mmv1/templates/terraform/examples/go/network_connectivity_spoke_router_appliance_basic.tf.tmpl b/mmv1/templates/terraform/examples/go/network_connectivity_spoke_router_appliance_basic.tf.tmpl index 693028f32f8c..058a19583736 100644 --- a/mmv1/templates/terraform/examples/go/network_connectivity_spoke_router_appliance_basic.tf.tmpl +++ b/mmv1/templates/terraform/examples/go/network_connectivity_spoke_router_appliance_basic.tf.tmpl @@ -53,5 +53,6 @@ resource "google_network_connectivity_spoke" "primary" { ip_address = "10.0.0.2" } site_to_site_data_transfer = true + include_import_ranges = ["ALL_IPV4_RANGES"] } } diff --git a/mmv1/templates/terraform/examples/go/network_connectivity_spoke_vpn_tunnel_basic.tf.tmpl b/mmv1/templates/terraform/examples/go/network_connectivity_spoke_vpn_tunnel_basic.tf.tmpl new file mode 100644 index 000000000000..94e922e717cc --- /dev/null +++ b/mmv1/templates/terraform/examples/go/network_connectivity_spoke_vpn_tunnel_basic.tf.tmpl @@ -0,0 +1,131 @@ +resource "google_network_connectivity_hub" "basic_hub" { + name = "{{index $.Vars "hub_name"}}" + description = "A sample hub" + labels = { + label-two = "value-one" + } +} + +resource "google_compute_network" "network" { + name = "{{index $.Vars "network_name"}}" + auto_create_subnetworks = false +} + +resource "google_compute_subnetwork" "subnetwork" { + name = "{{index $.Vars "subnetwork_name"}}" + ip_cidr_range = "10.0.0.0/28" + region = "us-central1" + network = google_compute_network.network.self_link +} + +resource "google_compute_ha_vpn_gateway" "gateway" { + name = "{{index $.Vars "gateway_name"}}" + network = google_compute_network.network.id +} + +resource "google_compute_external_vpn_gateway" "external_vpn_gw" { + name = "{{index $.Vars "external_gateway_name"}}" + redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT" + description = "An externally managed VPN gateway" + interface { + id = 0 + ip_address = "8.8.8.8" + } +} + +resource "google_compute_router" "router" { + name = "{{index $.Vars "router_name"}}" + region = "us-central1" + network = google_compute_network.network.name + bgp { + asn = 64514 + } +} + +resource "google_compute_vpn_tunnel" "tunnel1" { + name = "{{index $.Vars "vpn_tunnel_1_name"}}" + region = "us-central1" + vpn_gateway = google_compute_ha_vpn_gateway.gateway.id + peer_external_gateway = google_compute_external_vpn_gateway.external_vpn_gw.id + peer_external_gateway_interface = 0 + shared_secret = "a secret message" + router = google_compute_router.router.id + vpn_gateway_interface = 0 +} + +resource "google_compute_vpn_tunnel" "tunnel2" { + name = "{{index $.Vars "vpn_tunnel_2_name"}}" + region = "us-central1" + vpn_gateway = google_compute_ha_vpn_gateway.gateway.id + peer_external_gateway = google_compute_external_vpn_gateway.external_vpn_gw.id + peer_external_gateway_interface = 0 + shared_secret = "a secret message" + router = " ${google_compute_router.router.id}" + vpn_gateway_interface = 1 +} + +resource "google_compute_router_interface" "router_interface1" { + name = "{{index $.Vars "router_interface_1_name"}}" + router = google_compute_router.router.name + region = "us-central1" + ip_range = "169.254.0.1/30" + vpn_tunnel = google_compute_vpn_tunnel.tunnel1.name +} + +resource "google_compute_router_peer" "router_peer1" { + name = "{{index $.Vars "router_peer_1_name"}}" + router = google_compute_router.router.name + region = "us-central1" + peer_ip_address = "169.254.0.2" + peer_asn = 64515 + advertised_route_priority = 100 + interface = google_compute_router_interface.router_interface1.name +} + +resource "google_compute_router_interface" "router_interface2" { + name = "{{index $.Vars "router_interface_2_name"}}" + router = google_compute_router.router.name + region = "us-central1" + ip_range = "169.254.1.1/30" + vpn_tunnel = google_compute_vpn_tunnel.tunnel2.name +} + +resource "google_compute_router_peer" "router_peer2" { + name = "{{index $.Vars "router_peer_2_name"}}" + router = google_compute_router.router.name + region = "us-central1" + peer_ip_address = "169.254.1.2" + peer_asn = 64515 + advertised_route_priority = 100 + interface = google_compute_router_interface.router_interface2.name +} + +resource "google_network_connectivity_spoke" "{{$.PrimaryResourceId}}" { + name = "{{index $.Vars "vpn_tunnel_1_spoke_name"}}" + location = "us-central1" + description = "A sample spoke with a linked VPN Tunnel" + labels = { + label-one = "value-one" + } + hub = google_network_connectivity_hub.basic_hub.id + linked_vpn_tunnels { + uris = [google_compute_vpn_tunnel.tunnel1.self_link] + site_to_site_data_transfer = true + include_import_ranges = ["ALL_IPV4_RANGES"] + } +} + +resource "google_network_connectivity_spoke" "tunnel2" { + name = "{{index $.Vars "vpn_tunnel_2_spoke_name"}}" + location = "us-central1" + description = "A sample spoke with a linked VPN Tunnel" + labels = { + label-one = "value-one" + } + hub = google_network_connectivity_hub.basic_hub.id + linked_vpn_tunnels { + uris = [google_compute_vpn_tunnel.tunnel2.self_link] + site_to_site_data_transfer = true + include_import_ranges = ["ALL_IPV4_RANGES"] + } +} diff --git a/mmv1/templates/terraform/iam_policy.go.tmpl b/mmv1/templates/terraform/iam_policy.go.tmpl index 58c83fad4b99..726b38c9fe63 100644 --- a/mmv1/templates/terraform/iam_policy.go.tmpl +++ b/mmv1/templates/terraform/iam_policy.go.tmpl @@ -15,7 +15,7 @@ {{- if ne $.Compiler "terraformgoogleconversion-codegen" }} // Copyright (c) HashiCorp, Inc. // SPDX-License-Identifier: MPL-2.0 -{{- end }} +{{ end }} // ---------------------------------------------------------------------------- // // *** AUTO GENERATED CODE *** Type: MMv1 *** diff --git a/mmv1/templates/terraform/operation.go.tmpl b/mmv1/templates/terraform/operation.go.tmpl index f3690006ef57..5a3e4211c7a0 100644 --- a/mmv1/templates/terraform/operation.go.tmpl +++ b/mmv1/templates/terraform/operation.go.tmpl @@ -1,7 +1,7 @@ {{- if ne $.Compiler "terraformgoogleconversion-codegen" }} // Copyright (c) HashiCorp, Inc. // SPDX-License-Identifier: MPL-2.0 -{{- end }} +{{ end }} // ---------------------------------------------------------------------------- // // *** AUTO GENERATED CODE *** Type: MMv1 *** diff --git a/mmv1/templates/terraform/post_create/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl b/mmv1/templates/terraform/post_create/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl new file mode 100644 index 000000000000..a32fbbe431d4 --- /dev/null +++ b/mmv1/templates/terraform/post_create/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl @@ -0,0 +1,31 @@ +log.Printf("[DEBUG] Post-create for RegionNetworkFirewallPolicyWithRules %q", d.Id()) + +url, err = tpgresource.ReplaceVarsForId(d, config, "{{"{{"}}ComputeBasePath{{"}}"}}projects/{{"{{"}}project{{"}}"}}/regions/{{"{{"}}region{{"}}"}}/firewallPolicies/{{"{{"}}name{{"}}"}}") +if err != nil { + return err +} + +headers = make(http.Header) +res, err = transport_tpg.SendRequest(transport_tpg.SendRequestOptions{ + Config: config, + Method: "GET", + Project: billingProject, + RawURL: url, + UserAgent: userAgent, + Headers: headers, +}) +if err != nil { + return transport_tpg.HandleNotFoundError(err, d, fmt.Sprintf("ComputeRegionNetworkFirewallPolicyWithRules %q", d.Id())) +} + +if err := d.Set("fingerprint", flattenComputeRegionNetworkFirewallPolicyWithRulesFingerprint(res["fingerprint"], d, config)); err != nil { + return fmt.Errorf("Error reading RegionNetworkFirewallPolicyWithRules: %s", err) +} + +res, err = resourceComputeRegionNetworkFirewallPolicyWithRulesDecoder(d, meta, res) +if err != nil { + return err +} + +log.Printf("[DEBUG] Updating RegionNetworkFirewallPolicyWithRules %q", d.Id()) +return resourceComputeRegionNetworkFirewallPolicyWithRulesUpdate(d, meta) diff --git a/mmv1/templates/terraform/sweeper_file.go.tmpl b/mmv1/templates/terraform/sweeper_file.go.tmpl index f9cb80ccb29a..1dce3b881e2f 100644 --- a/mmv1/templates/terraform/sweeper_file.go.tmpl +++ b/mmv1/templates/terraform/sweeper_file.go.tmpl @@ -1,7 +1,7 @@ -{{- if ne $.Compiler "terraformgoogleconversion-codegen" }} +{{- if ne $.Compiler "terraformgoogleconversion-codegen" -}} // Copyright (c) HashiCorp, Inc. // SPDX-License-Identifier: MPL-2.0 -{{- end }} +{{ end }} // ---------------------------------------------------------------------------- // // *** AUTO GENERATED CODE *** Type: MMv1 *** diff --git a/mmv1/templates/terraform/update_encoder/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl b/mmv1/templates/terraform/update_encoder/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl new file mode 100644 index 000000000000..f90eb2dfa682 --- /dev/null +++ b/mmv1/templates/terraform/update_encoder/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl @@ -0,0 +1,15 @@ +config := meta.(*transport_tpg.Config) + +predefinedRulesProp, err := expandComputeRegionNetworkFirewallPolicyWithRulesRule(d.Get("predefined_rules"), d, config) +if err != nil { + return nil, err +} + +rules := obj["rules"].([]interface{}) +obj["rules"] = append(rules, predefinedRulesProp) + +return obj, nil + + + + diff --git a/mmv1/third_party/terraform/provider/go/provider_mmv1_resources.go.tmpl b/mmv1/third_party/terraform/provider/go/provider_mmv1_resources.go.tmpl index 022bfb078ab4..a8921bde2496 100644 --- a/mmv1/third_party/terraform/provider/go/provider_mmv1_resources.go.tmpl +++ b/mmv1/third_party/terraform/provider/go/provider_mmv1_resources.go.tmpl @@ -179,8 +179,10 @@ var handwrittenDatasources = map[string]*schema.Resource{ "google_runtimeconfig_config": runtimeconfig.DataSourceGoogleRuntimeconfigConfig(), "google_runtimeconfig_variable": runtimeconfig.DataSourceGoogleRuntimeconfigVariable(), {{- end }} + "google_secret_manager_regional_secret_version_access": secretmanagerregional.DataSourceSecretManagerRegionalRegionalSecretVersionAccess(), "google_secret_manager_regional_secret_version": secretmanagerregional.DataSourceSecretManagerRegionalRegionalSecretVersion(), "google_secret_manager_regional_secret": secretmanagerregional.DataSourceSecretManagerRegionalRegionalSecret(), + "google_secret_manager_regional_secrets": secretmanagerregional.DataSourceSecretManagerRegionalRegionalSecrets(), "google_secret_manager_secret": secretmanager.DataSourceSecretManagerSecret(), "google_secret_manager_secrets": secretmanager.DataSourceSecretManagerSecrets(), "google_secret_manager_secret_version": secretmanager.DataSourceSecretManagerSecretVersion(), diff --git a/mmv1/third_party/terraform/services/cloudrun/go/resource_cloud_run_service_test.go.tmpl b/mmv1/third_party/terraform/services/cloudrun/go/resource_cloud_run_service_test.go.tmpl index fb6619b5d5ed..0e8d0b38029d 100644 --- a/mmv1/third_party/terraform/services/cloudrun/go/resource_cloud_run_service_test.go.tmpl +++ b/mmv1/third_party/terraform/services/cloudrun/go/resource_cloud_run_service_test.go.tmpl @@ -1483,3 +1483,121 @@ resource "google_cloud_run_service" "default" { `, name, project) } {{- end }} + +{{ if ne $.TargetVersionName `ga` -}} +func TestAccCloudRunService_resourcesRequirements(t *testing.T) { + t.Parallel() + + project := envvar.GetTestProjectFromEnv() + name := "tftest-cloudrun-" + acctest.RandString(t, 6) + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t), + Steps: []resource.TestStep{ + { + Config: testAccCloudRunV2Service_cloudrunServiceWithoutGpu(name, project), + }, + { + ResourceName: "google_cloud_run_service.default", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"metadata.0.resource_version", "metadata.0.annotations", "metadata.0.labels", "metadata.0.terraform_labels", "status.0.conditions"}, + }, + { + Config: testAccCloudRunV2Service_cloudrunServiceWithGpu(name, project), + }, + { + ResourceName: "google_cloud_run_service.default", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"metadata.0.resource_version", "metadata.0.annotations", "metadata.0.labels", "metadata.0.terraform_labels", "status.0.conditions"}, + }, + { + Config: testAccCloudRunV2Service_cloudrunServiceWithoutGpu(name, project), + }, + { + ResourceName: "google_cloud_run_service.default", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"metadata.0.resource_version", "metadata.0.annotations", "metadata.0.labels", "metadata.0.terraform_labels", "status.0.conditions"}, + }, + }, + }) +} + +func testAccCloudRunV2Service_cloudrunServiceWithoutGpu(name, project string) string { + return fmt.Sprintf(` +resource "google_cloud_run_service" "default" { + provider = google-beta + name = "%s" + location = "us-central1" + + metadata { + namespace = "%s" + } + + template { + metadata { + annotations = { + "autoscaling.knative.dev/maxScale": "1" + "run.googleapis.com/cpu-throttling": "false" + } + } + spec { + containers { + image = "gcr.io/cloudrun/hello" + resources { + limits = { + "cpu" = "4" + "memory" = "16Gi" + } + } + } + } + } +} +`, name, project) +} + +func testAccCloudRunV2Service_cloudrunServiceWithGpu(name, project string) string { + return fmt.Sprintf(` +resource "google_cloud_run_service" "default" { + provider = google-beta + name = "%s" + location = "us-central1" + + metadata { + namespace = "%s" + annotations = { + "run.googleapis.com/launch-stage" = "BETA" + } + } + + template { + metadata { + annotations = { + "autoscaling.knative.dev/maxScale": "1" + "run.googleapis.com/cpu-throttling": "false" + } + } + spec { + containers { + image = "gcr.io/cloudrun/hello" + resources { + limits = { + "cpu" = "4" + "memory" = "16Gi" + "nvidia.com/gpu" = "1" + } + } + } + node_selector = { + "run.googleapis.com/accelerator" = "nvidia-l4" + } + } + } +} +`, name, project) +} +{{- end }} diff --git a/mmv1/third_party/terraform/services/cloudrunv2/go/resource_cloud_run_v2_service_test.go.tmpl b/mmv1/third_party/terraform/services/cloudrunv2/go/resource_cloud_run_v2_service_test.go.tmpl index 96026c217727..f44bc016460f 100644 --- a/mmv1/third_party/terraform/services/cloudrunv2/go/resource_cloud_run_v2_service_test.go.tmpl +++ b/mmv1/third_party/terraform/services/cloudrunv2/go/resource_cloud_run_v2_service_test.go.tmpl @@ -1194,3 +1194,122 @@ resource "google_network_services_mesh" "new_mesh" { `, context) } {{- end }} + +{{ if ne $.TargetVersionName `ga` -}} +func TestAccCloudRunV2Service_cloudrunv2ServiceWithResourcesRequirements(t *testing.T) { + t.Parallel() + context := map[string]interface{} { + "random_suffix" : acctest.RandString(t, 10), + } + acctest.VcrTest(t, resource.TestCase { + PreCheck: func() { acctest.AccTestPreCheck(t)}, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckCloudRunV2ServiceDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccCloudRunV2Service_cloudrunv2ServiceWithoutGpu(context), + }, + { + ResourceName: "google_cloud_run_v2_service.default", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"name", "location", "annotations", "labels", "terraform_labels", "launch_stage", "deletion_protection"}, + }, + { + Config: testAccCloudRunV2Service_cloudrunv2ServiceWithGpu(context), + }, + { + ResourceName: "google_cloud_run_v2_service.default", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"name", "location", "annotations", "labels", "terraform_labels", "launch_stage", "deletion_protection"}, + }, + { + Config: testAccCloudRunV2Service_cloudrunv2ServiceWithoutGpu(context), + }, + { + ResourceName: "google_cloud_run_v2_service.default", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"name", "location", "annotations", "labels", "terraform_labels", "launch_stage", "deletion_protection"}, + }, + }, + }) +} + +func testAccCloudRunV2Service_cloudrunv2ServiceWithoutGpu(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_cloud_run_v2_service" "default" { + name = "tf-test-cloudrun-service%{random_suffix}" + description = "description creating" + location = "us-central1" + deletion_protection = false + launch_stage = "GA" + annotations = { + generated-by = "magic-modules" + } + ingress = "INGRESS_TRAFFIC_ALL" + labels = { + label-1 = "value-1" + } + client = "client-1" + client_version = "client-version-1" + template { + containers { + image = "us-docker.pkg.dev/cloudrun/container/hello" + resources { + limits = { + "cpu" = "4" + "memory" = "16Gi" + } + startup_cpu_boost = true + } + } + scaling { + max_instance_count = 1 + } + } +} +`, context) +} + +func testAccCloudRunV2Service_cloudrunv2ServiceWithGpu(context map[string]interface{}) string { + return acctest.Nprintf(` +resource "google_cloud_run_v2_service" "default" { + name = "tf-test-cloudrun-service%{random_suffix}" + description = "description creating" + location = "us-central1" + deletion_protection = false + launch_stage = "BETA" + annotations = { + generated-by = "magic-modules" + } + ingress = "INGRESS_TRAFFIC_ALL" + labels = { + label-1 = "value-1" + } + client = "client-1" + client_version = "client-version-1" + template { + containers { + image = "us-docker.pkg.dev/cloudrun/container/hello" + resources { + limits = { + "cpu" = "4" + "memory" = "16Gi" + "nvidia.com/gpu" = "1" + } + startup_cpu_boost = true + } + } + node_selector { + accelerator = "nvidia-l4" + } + scaling { + max_instance_count = 1 + } + } +} +`, context) +} +{{- end }} diff --git a/mmv1/third_party/terraform/services/compute/go/resource_compute_region_network_firewall_policy_with_rules_test.go.tmpl b/mmv1/third_party/terraform/services/compute/go/resource_compute_region_network_firewall_policy_with_rules_test.go.tmpl new file mode 100644 index 000000000000..28eb6d172d99 --- /dev/null +++ b/mmv1/third_party/terraform/services/compute/go/resource_compute_region_network_firewall_policy_with_rules_test.go.tmpl @@ -0,0 +1,213 @@ +package compute_test +{{- if ne $.TargetVersionName "ga" }} +import ( + "testing" + + "github.com/hashicorp/terraform-plugin-testing/helper/resource" + + "github.com/hashicorp/terraform-provider-google/google/acctest" +) + +func TestAccComputeRegionNetworkFirewallPolicyWithRules_update(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": acctest.RandString(t, 10), + } + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t), + CheckDestroy: testAccCheckComputeRegionNetworkFirewallPolicyWithRulesDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccComputeRegionNetworkFirewallPolicyWithRules_full(context), + }, + { + ResourceName: "google_compute_region_network_firewall_policy_with_rules.region-network-firewall-policy-with-rules", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"region"}, + }, + { + Config: testAccComputeRegionNetworkFirewallPolicyWithRules_update(context), + }, + { + ResourceName: "google_compute_region_network_firewall_policy_with_rules.region-network-firewall-policy-with-rules", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"region"}, + }, + }, + }) +} + +func testAccComputeRegionNetworkFirewallPolicyWithRules_full(context map[string]interface{}) string { + return acctest.Nprintf(` +data "google_project" "project" { + provider = google-beta +} + +resource "google_compute_region_network_firewall_policy_with_rules" "region-network-firewall-policy-with-rules" { + name = "tf-test-tf-region-fw-policy-with-rules%{random_suffix}" + region = "us-west2" + description = "Terraform test" + provider = google-beta + + rule { + description = "tcp rule" + priority = 1000 + enable_logging = true + action = "allow" + direction = "EGRESS" + match { + layer4_config { + ip_protocol = "tcp" + ports = [8080, 7070] + } + dest_ip_ranges = ["11.100.0.1/32"] + dest_fqdns = ["www.yyy.com", "www.zzz.com"] + dest_region_codes = ["HK", "IN"] + dest_threat_intelligences = ["iplist-search-engines-crawlers", "iplist-tor-exit-nodes"] + dest_address_groups = [google_network_security_address_group.address_group_1.id] + } + target_secure_tag { + name = "tagValues/${google_tags_tag_value.secure_tag_value_1.name}" + } + } + rule { + description = "udp rule" + rule_name = "test-rule" + priority = 2000 + enable_logging = false + action = "deny" + direction = "INGRESS" + match { + layer4_config { + ip_protocol = "udp" + } + src_ip_ranges = ["0.0.0.0/0"] + src_fqdns = ["www.abc.com", "www.def.com"] + src_region_codes = ["US", "CA"] + src_threat_intelligences = ["iplist-known-malicious-ips", "iplist-public-clouds"] + src_address_groups = [google_network_security_address_group.address_group_1.id] + src_secure_tag { + name = "tagValues/${google_tags_tag_value.secure_tag_value_1.name}" + } + } + disabled = true + } +} + +resource "google_network_security_address_group" "address_group_1" { + provider = google-beta + name = "tf-test-tf-address-group%{random_suffix}" + parent = "projects/${data.google_project.project.name}" + description = "Regional address group" + location = "us-west2" + items = ["208.80.154.224/32"] + type = "IPV4" + capacity = 100 +} + +resource "google_tags_tag_key" "secure_tag_key_1" { + provider = google-beta + description = "Tag key" + parent = "projects/${data.google_project.project.name}" + purpose = "GCE_FIREWALL" + short_name = "tf-test-tf-tag-key%{random_suffix}" + purpose_data = { + network = "${data.google_project.project.name}/default" + } +} + +resource "google_tags_tag_value" "secure_tag_value_1" { + provider = google-beta + description = "Tag value" + parent = "tagKeys/${google_tags_tag_key.secure_tag_key_1.name}" + short_name = "tf-test-tf-tag-value%{random_suffix}" +} +`, context) +} + +func testAccComputeRegionNetworkFirewallPolicyWithRules_update(context map[string]interface{}) string { + return acctest.Nprintf(` +data "google_project" "project" { + provider = google-beta +} + +resource "google_compute_region_network_firewall_policy_with_rules" "region-network-firewall-policy-with-rules" { + name = "tf-test-tf-fw-policy-with-rules%{random_suffix}" + description = "Terraform test - update" + region = "us-west2" + provider = google-beta + + rule { + description = "tcp rule - changed" + priority = 1000 + enable_logging = false + action = "allow" + direction = "EGRESS" + match { + layer4_config { + ip_protocol = "tcp" + ports = [8080, 7070] + } + dest_ip_ranges = ["11.100.0.1/32"] + } + } + rule { + description = "new udp rule" + priority = 4000 + enable_logging = true + action = "deny" + direction = "INGRESS" + match { + layer4_config { + ip_protocol = "udp" + } + src_ip_ranges = ["0.0.0.0/0"] + src_fqdns = ["www.abc.com", "www.ghi.com"] + src_region_codes = ["IT", "FR"] + src_threat_intelligences = ["iplist-public-clouds"] + src_address_groups = [google_network_security_address_group.address_group_1.id] + src_secure_tag { + name = "tagValues/${google_tags_tag_value.secure_tag_value_1.name}" + } + } + disabled = false + } +} + +resource "google_network_security_address_group" "address_group_1" { + provider = google-beta + name = "tf-test-tf-address-group%{random_suffix}" + parent = "projects/${data.google_project.project.name}" + description = "Regional address group" + location = "us-west2" + items = ["208.80.154.224/32"] + type = "IPV4" + capacity = 100 +} + +resource "google_tags_tag_key" "secure_tag_key_1" { + provider = google-beta + description = "Tag key" + parent = "projects/${data.google_project.project.name}" + purpose = "GCE_FIREWALL" + short_name = "tf-test-tf-tag-key%{random_suffix}" + purpose_data = { + network = "${data.google_project.project.name}/default" + } +} + +resource "google_tags_tag_value" "secure_tag_value_1" { + provider = google-beta + description = "Tag value" + parent = "tagKeys/${google_tags_tag_key.secure_tag_key_1.name}" + short_name = "tf-test-tf-tag-value%{random_suffix}" +} +`, context) +} +{{- end }} + diff --git a/mmv1/third_party/terraform/services/container/go/node_config.go.tmpl b/mmv1/third_party/terraform/services/container/go/node_config.go.tmpl index abe7a87b0797..8b7c70515e06 100644 --- a/mmv1/third_party/terraform/services/container/go/node_config.go.tmpl +++ b/mmv1/third_party/terraform/services/container/go/node_config.go.tmpl @@ -646,6 +646,26 @@ func schemaNodeConfig() *schema.Schema { Description: `cgroupMode specifies the cgroup mode to be used on the node.`, DiffSuppressFunc: tpgresource.EmptyOrDefaultStringSuppress("CGROUP_MODE_UNSPECIFIED"), }, + "hugepages_config": { + Type: schema.TypeList, + Optional: true, + MaxItems: 1, + Description: `Amounts for 2M and 1G hugepages.`, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "hugepage_size_2m": { + Type: schema.TypeInt, + Optional: true, + Description: `Amount of 2M hugepages.`, + }, + "hugepage_size_1g": { + Type: schema.TypeInt, + Optional: true, + Description: `Amount of 1G hugepages.`, + }, + }, + }, + }, }, }, }, @@ -815,7 +835,6 @@ func expandNodeConfigDefaults(configured interface{}) *container.NodeConfigDefau if v, ok := config["insecure_kubelet_readonly_port_enabled"]; ok { nodeConfigDefaults.NodeKubeletConfig = &container.NodeKubeletConfig{ InsecureKubeletReadonlyPortEnabled: expandInsecureKubeletReadonlyPortEnabled(v), - ForceSendFields: []string{"InsecureKubeletReadonlyPortEnabled"}, } } if variant, ok := config["logging_variant"]; ok { @@ -1245,6 +1264,10 @@ func expandLinuxNodeConfig(v interface{}) *container.LinuxNodeConfig { linuxNodeConfig.CgroupMode = cgroupMode } + if v, ok := cfg["hugepages_config"]; ok { + linuxNodeConfig.Hugepages = expandHugepagesConfig(v) + } + return linuxNodeConfig } @@ -1269,6 +1292,32 @@ func expandCgroupMode(cfg map[string]interface{}) string { return cgroupMode.(string) } +func expandHugepagesConfig(v interface{}) *container.HugepagesConfig { + if v == nil { + return nil + } + ls := v.([]interface{}) + if len(ls) == 0 { + return nil + } + if ls[0] == nil { + return &container.HugepagesConfig{} + } + cfg := ls[0].(map[string]interface{}) + + hugepagesConfig := &container.HugepagesConfig{} + + if v, ok := cfg["hugepage_size_2m"]; ok { + hugepagesConfig.HugepageSize2m = int64(v.(int)) + } + + if v, ok := cfg["hugepage_size_1g"]; ok { + hugepagesConfig.HugepageSize1g = int64(v.(int)) + } + + return hugepagesConfig +} + func expandContainerdConfig(v interface{}) *container.ContainerdConfig { if v == nil { return nil @@ -1799,8 +1848,20 @@ func flattenLinuxNodeConfig(c *container.LinuxNodeConfig) []map[string]interface result := []map[string]interface{}{} if c != nil { result = append(result, map[string]interface{}{ - "sysctls": c.Sysctls, - "cgroup_mode": c.CgroupMode, + "sysctls": c.Sysctls, + "cgroup_mode": c.CgroupMode, + "hugepages_config": flattenHugepagesConfig(c.Hugepages), + }) + } + return result +} + +func flattenHugepagesConfig(c *container.HugepagesConfig) []map[string]interface{} { + result := []map[string]interface{}{} + if c != nil { + result = append(result, map[string]interface{}{ + "hugepage_size_2m": c.HugepageSize2m, + "hugepage_size_1g": c.HugepageSize1g, }) } return result diff --git a/mmv1/third_party/terraform/services/container/go/resource_container_cluster_test.go.tmpl b/mmv1/third_party/terraform/services/container/go/resource_container_cluster_test.go.tmpl index f9f6f30ac85d..afbe1852a239 100644 --- a/mmv1/third_party/terraform/services/container/go/resource_container_cluster_test.go.tmpl +++ b/mmv1/third_party/terraform/services/container/go/resource_container_cluster_test.go.tmpl @@ -3369,6 +3369,32 @@ func TestAccContainerCluster_withAutopilotKubeletConfig(t *testing.T) { }) } +func TestAccContainerCluster_withAutopilot_withNodePoolDefaults(t *testing.T) { + t.Parallel() + + randomSuffix := acctest.RandString(t, 10) + clusterName := fmt.Sprintf("tf-test-cluster-%s", randomSuffix) + networkName := acctest.BootstrapSharedTestNetwork(t, "gke-cluster") + subnetworkName := acctest.BootstrapSubnet(t, "gke-cluster", networkName) + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckContainerClusterDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccContainerCluster_withAutopilot_withNodePoolDefaults(clusterName, networkName, subnetworkName), + }, + { + ResourceName: "google_container_cluster.primary", + ImportState: true, + ImportStateVerify: true, + ImportStateVerifyIgnore: []string{"deletion_protection"}, + }, + }, + }) +} + func TestAccContainerCluster_withAutopilotResourceManagerTags(t *testing.T) { t.Parallel() @@ -10709,6 +10735,25 @@ func testAccContainerCluster_withAutopilotKubeletConfigUpdates(name, insecureKub `, name, insecureKubeletReadonlyPortEnabled) } +func testAccContainerCluster_withAutopilot_withNodePoolDefaults(name, networkName, subnetworkName string) string { + return fmt.Sprintf(` +resource "google_container_cluster" "primary" { + name = "%s" + location = "us-central1" + enable_autopilot = true + + node_pool_defaults { + node_config_defaults { + } + } + + deletion_protection = false + network = "%s" + subnetwork = "%s" + } +`, name, networkName, subnetworkName) +} + func testAccContainerCluster_resourceManagerTags(projectID, clusterName, networkName, subnetworkName, randomSuffix string) string { return fmt.Sprintf(` data "google_project" "project" { diff --git a/mmv1/third_party/terraform/services/container/go/resource_container_node_pool_test.go.tmpl b/mmv1/third_party/terraform/services/container/go/resource_container_node_pool_test.go.tmpl index 128ee9254e31..a066953a01d7 100644 --- a/mmv1/third_party/terraform/services/container/go/resource_container_node_pool_test.go.tmpl +++ b/mmv1/third_party/terraform/services/container/go/resource_container_node_pool_test.go.tmpl @@ -670,6 +670,40 @@ func TestAccContainerNodePool_withCgroupMode(t *testing.T) { }) } +func TestAccContainerNodePool_withHugepageConfig(t *testing.T) { + t.Parallel() + + cluster := fmt.Sprintf("tf-test-cluster-%s", acctest.RandString(t, 10)) + np := fmt.Sprintf("tf-test-np-%s", acctest.RandString(t, 10)) + networkName := acctest.BootstrapSharedTestNetwork(t, "gke-cluster") + subnetworkName := acctest.BootstrapSubnet(t, "gke-cluster", networkName) + + acctest.VcrTest(t, resource.TestCase{ + PreCheck: func() { acctest.AccTestPreCheck(t) }, + ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t), + CheckDestroy: testAccCheckContainerClusterDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccContainerNodePool_withHugepageConfig(cluster, np, networkName, subnetworkName, 1), + }, + { + ResourceName: "google_container_node_pool.np", + ImportState: true, + ImportStateVerify: true, + }, + // Perform an update. + { + Config: testAccContainerNodePool_withHugepageConfig(cluster, np, networkName, subnetworkName, 2), + }, + { + ResourceName: "google_container_node_pool.np", + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + func TestAccContainerNodePool_withNetworkConfig(t *testing.T) { t.Parallel() @@ -3390,6 +3424,46 @@ resource "google_container_node_pool" "with_tier1_net" { `, network, cluster, np, np, np, np, netTier) } + +func testAccContainerNodePool_withHugepageConfig(cluster, np, networkName, subnetworkName string, hugepage int) string { + return fmt.Sprintf(` +data "google_container_engine_versions" "central1a" { + location = "us-central1-a" +} + +resource "google_container_cluster" "cluster" { + name = "%s" + location = "us-central1-a" + initial_node_count = 1 + min_master_version = data.google_container_engine_versions.central1a.latest_master_version + deletion_protection = false + network = "%s" + subnetwork = "%s" +} + +resource "google_container_node_pool" "np" { + name = "%s" + location = "us-central1-a" + cluster = google_container_cluster.cluster.name + initial_node_count = 1 + node_config { + image_type = "COS_CONTAINERD" + machine_type = "c2d-standard-2" # This is required for hugepage_size_1g https://cloud.google.com/kubernetes-engine/docs/how-to/node-system-config#huge-page-options + linux_node_config { + hugepages_config { + hugepage_size_2m = %d + hugepage_size_1g = %d + } + } + oauth_scopes = [ + "https://www.googleapis.com/auth/logging.write", + "https://www.googleapis.com/auth/monitoring", + ] + } +} +`, cluster, networkName, subnetworkName, np, hugepage, hugepage) +} + func testAccContainerNodePool_withMultiNicNetworkConfig(cluster, np, network string) string { return fmt.Sprintf(` resource "google_compute_network" "container_network" {