diff --git a/mmv1/products/cloudrun/go_Service.yaml b/mmv1/products/cloudrun/go_Service.yaml
index cd4b9a634396..70d027954b61 100644
--- a/mmv1/products/cloudrun/go_Service.yaml
+++ b/mmv1/products/cloudrun/go_Service.yaml
@@ -69,6 +69,14 @@ examples:
cloud_run_service_name: 'cloudrun-srv'
test_env_vars:
project: 'PROJECT_NAME'
+ - name: 'cloud_run_service_gpu'
+ primary_resource_id: 'default'
+ primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-srv%s", context["random_suffix"])'
+ min_version: 'beta'
+ vars:
+ cloud_run_service_name: 'cloudrun-srv'
+ test_env_vars:
+ project: 'PROJECT_NAME'
- name: 'cloud_run_service_sql'
primary_resource_id: 'default'
primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-srv%s", context["random_suffix"])'
@@ -737,7 +745,13 @@ properties:
The name of the service to place in the gRPC HealthCheckRequest
(see https://github.com/grpc/grpc/blob/master/doc/health-checking.md).
If this is not specified, the default behavior is defined by gRPC.
-
+ - name: 'nodeSelector'
+ type: KeyValuePairs
+ description: |-
+ Node Selector describes the hardware requirements of the resources.
+ Use the following node selector keys to configure features on a Revision:
+ - `run.googleapis.com/accelerator` sets the [type of GPU](https://cloud.google.com/run/docs/configuring/services/gpu) required by the Revision to run.
+ min_version: 'beta'
- name: 'containerConcurrency'
type: Integer
description: |-
diff --git a/mmv1/products/cloudrunv2/go_Service.yaml b/mmv1/products/cloudrunv2/go_Service.yaml
index ff0bc7cb52a6..d640edf462fe 100644
--- a/mmv1/products/cloudrunv2/go_Service.yaml
+++ b/mmv1/products/cloudrunv2/go_Service.yaml
@@ -100,6 +100,14 @@ examples:
cloud_run_service_name: 'cloudrun-service'
ignore_read_extra:
- 'deletion_protection'
+ - name: 'cloudrunv2_service_gpu'
+ primary_resource_id: 'default'
+ primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-srv%s", context["random_suffix"])'
+ min_version: 'beta'
+ vars:
+ cloud_run_service_name: 'cloudrun-service'
+ ignore_read_extra:
+ - 'deletion_protection'
- name: 'cloudrunv2_service_probes'
primary_resource_id: 'default'
primary_resource_name: 'fmt.Sprintf("tf-test-cloudrun-srv%s", context["random_suffix"])'
@@ -495,7 +503,7 @@ properties:
- name: 'limits'
type: KeyValuePairs
description: |-
- Only memory and CPU are supported. Use key `cpu` for CPU limit and `memory` for memory limit. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go
+ Only memory, CPU, and nvidia.com/gpu are supported. Use key `cpu` for CPU limit, `memory` for memory limit, `nvidia.com/gpu` for gpu limit. Note: The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. The values of the map is string form of the 'quantity' k8s type: https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apimachinery/pkg/api/resource/quantity.go
default_from_api: true
- name: 'cpuIdle'
type: Boolean
@@ -904,6 +912,16 @@ properties:
type: String
description: |-
The Mesh resource name. For more information see https://cloud.google.com/service-mesh/docs/reference/network-services/rest/v1/projects.locations.meshes#resource:-mesh.
+ - name: 'nodeSelector'
+ type: NestedObject
+ description: Node Selector describes the hardware requirements of the resources.
+ min_version: 'beta'
+ properties:
+ - name: 'accelerator'
+ type: String
+ description:
+ The GPU to attach to an instance. See https://cloud.google.com/run/docs/configuring/services/gpu for configuring GPU.
+ required: true
- name: 'traffic'
type: Array
description: |-
diff --git a/mmv1/products/compute/go_RegionNetworkFirewallPolicyWithRules.yaml b/mmv1/products/compute/go_RegionNetworkFirewallPolicyWithRules.yaml
new file mode 100644
index 000000000000..9fc93b160f27
--- /dev/null
+++ b/mmv1/products/compute/go_RegionNetworkFirewallPolicyWithRules.yaml
@@ -0,0 +1,678 @@
+# Copyright 2024 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Warning: This is a temporary file, and should not be edited directly
+---
+name: 'RegionNetworkFirewallPolicyWithRules'
+description: "The Compute NetworkFirewallPolicy with rules resource"
+min_version: 'beta'
+docs:
+base_url: 'projects/{{project}}/regions/{{region}}/firewallPolicies'
+self_link: 'projects/{{project}}/regions/{{region}}/firewallPolicies/{{name}}'
+create_url: 'projects/{{project}}/regions/{{region}}/firewallPolicies'
+update_verb: 'PATCH'
+timeouts:
+ insert_minutes: 20
+ update_minutes: 20
+ delete_minutes: 20
+async:
+ actions: ['create', 'delete', 'update']
+ type: 'OpAsync'
+ operation:
+ base_url: '{{op_id}}'
+ kind: 'compute#operation'
+ path: 'name'
+ wait_ms: 1000
+ result:
+ path: 'targetLink'
+ resource_inside_response: false
+ error:
+ path: 'error/errors'
+ message: 'message'
+custom_code:
+ constants: 'templates/terraform/constants/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl'
+ encoder: 'templates/terraform/encoders/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl'
+ update_encoder: 'templates/terraform/update_encoder/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl'
+ decoder: 'templates/terraform/decoders/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl'
+ post_create: 'templates/terraform/post_create/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl'
+legacy_long_form_project: true
+examples:
+ - name: 'compute_region_network_firewall_policy_with_rules_full'
+ primary_resource_id: 'region-network-firewall-policy-with-rules'
+ vars:
+ policy_name: 'tf-region-fw-policy-with-rules'
+ address_group_name: 'tf-address-group'
+ tag_key_name: 'tf-tag-key'
+ tag_value_name: 'tf-tag-value'
+ test_env_vars:
+ org_id: 'ORG_ID'
+parameters:
+ - name: 'region'
+ type: String
+ description: The region of this resource.
+ min_version: 'beta'
+ url_param_only: true
+ immutable: true
+ default_from_api: true
+properties:
+ - name: 'creationTimestamp'
+ type: String
+ description: Creation timestamp in RFC3339 text format.
+ min_version: 'beta'
+ output: true
+ - name: 'name'
+ type: String
+ description: |
+ User-provided name of the Network firewall policy.
+ The name should be unique in the project in which the firewall policy is created.
+ The name must be 1-63 characters long, and comply with RFC1035. Specifically,
+ the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?
+ which means the first character must be a lowercase letter, and all following characters must be a dash,
+ lowercase letter, or digit, except the last character, which cannot be a dash.
+ min_version: 'beta'
+ required: true
+ immutable: true
+ - name: 'networkFirewallPolicyId'
+ type: String
+ description: The unique identifier for the resource. This identifier is defined by the server.
+ api_name: id
+ min_version: 'beta'
+ output: true
+ - name: 'description'
+ type: String
+ description: An optional description of this resource.
+ min_version: 'beta'
+ - name: 'rule'
+ type: Array
+ description: A list of firewall policy rules.
+ api_name: rules
+ min_version: 'beta'
+ required: true
+ item_type:
+ type: NestedObject
+ properties:
+ - name: 'description'
+ type: String
+ description: |
+ A description of the rule.
+ min_version: 'beta'
+ - name: 'ruleName'
+ type: String
+ description: |
+ An optional name for the rule. This field is not a unique identifier
+ and can be updated.
+ min_version: 'beta'
+ - name: 'priority'
+ type: Integer
+ description: |
+ An integer indicating the priority of a rule in the list. The priority must be a value
+ between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the
+ highest priority and 2147483647 is the lowest priority.
+ min_version: 'beta'
+ required: true
+ - name: 'match'
+ type: NestedObject
+ description:
+ A match condition that incoming traffic is evaluated against. If it
+ evaluates to true, the corresponding 'action' is enforced.
+ min_version: 'beta'
+ required: true
+ properties:
+ - name: 'srcIpRanges'
+ type: Array
+ description: |
+ Source IP address range in CIDR format. Required for
+ INGRESS rules.
+ min_version: 'beta'
+ item_type:
+ type: String
+ - name: 'destIpRanges'
+ type: Array
+ description: |
+ Destination IP address range in CIDR format. Required for
+ EGRESS rules.
+ min_version: 'beta'
+ item_type:
+ type: String
+ - name: 'srcAddressGroups'
+ type: Array
+ description: |
+ Address groups which should be matched against the traffic source.
+ Maximum number of source address groups is 10.
+ min_version: 'beta'
+ item_type:
+ type: String
+ - name: 'destAddressGroups'
+ type: Array
+ description: |
+ Address groups which should be matched against the traffic destination.
+ Maximum number of destination address groups is 10.
+ min_version: 'beta'
+ item_type:
+ type: String
+ - name: 'srcFqdns'
+ type: Array
+ description: |
+ Fully Qualified Domain Name (FQDN) which should be matched against
+ traffic source. Maximum number of source fqdn allowed is 100.
+ min_version: 'beta'
+ item_type:
+ type: String
+ - name: 'destFqdns'
+ type: Array
+ description: |
+ Fully Qualified Domain Name (FQDN) which should be matched against
+ traffic destination. Maximum number of destination fqdn allowed is 100.
+ min_version: 'beta'
+ item_type:
+ type: String
+ - name: 'srcRegionCodes'
+ type: Array
+ description: |
+ Region codes whose IP addresses will be used to match for source
+ of traffic. Should be specified as 2 letter country code defined as per
+ ISO 3166 alpha-2 country codes. ex."US"
+ Maximum number of source region codes allowed is 5000.
+ min_version: 'beta'
+ item_type:
+ type: String
+ - name: 'destRegionCodes'
+ type: Array
+ description: |
+ Region codes whose IP addresses will be used to match for destination
+ of traffic. Should be specified as 2 letter country code defined as per
+ ISO 3166 alpha-2 country codes. ex."US"
+ Maximum number of destination region codes allowed is 5000.
+ min_version: 'beta'
+ item_type:
+ type: String
+ - name: 'srcThreatIntelligences'
+ type: Array
+ description: |
+ Names of Network Threat Intelligence lists.
+ The IPs in these lists will be matched against traffic source.
+ min_version: 'beta'
+ item_type:
+ type: String
+ - name: 'destThreatIntelligences'
+ type: Array
+ description: |
+ Names of Network Threat Intelligence lists.
+ The IPs in these lists will be matched against traffic destination.
+ min_version: 'beta'
+ item_type:
+ type: String
+ - name: 'layer4Config'
+ type: Array
+ description: |
+ Pairs of IP protocols and ports that the rule should match.
+ api_name: layer4Configs
+ min_version: 'beta'
+ required: true
+ item_type:
+ type: NestedObject
+ properties:
+ - name: 'ipProtocol'
+ type: String
+ description: |
+ The IP protocol to which this rule applies. The protocol
+ type is required when creating a firewall rule.
+ This value can either be one of the following well
+ known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp),
+ or the IP protocol number.
+ min_version: 'beta'
+ required: true
+ - name: 'ports'
+ type: Array
+ description: |
+ An optional list of ports to which this rule applies. This field
+ is only applicable for UDP or TCP protocol. Each entry must be
+ either an integer or a range. If not specified, this rule
+ applies to connections through any port.
+ Example inputs include: ["22"], ["80","443"], and
+ ["12345-12349"].
+ min_version: 'beta'
+ item_type:
+ type: String
+ - name: 'srcSecureTag'
+ type: Array
+ description: |
+ List of secure tag values, which should be matched at the source
+ of the traffic.
+ For INGRESS rule, if all the srcSecureTag
are INEFFECTIVE,
+ and there is no srcIpRange
, this rule will be ignored.
+ Maximum number of source tag values allowed is 256.
+ api_name: srcSecureTags
+ min_version: 'beta'
+ item_type:
+ type: NestedObject
+ properties:
+ - name: 'name'
+ type: String
+ description: |
+ Name of the secure tag, created with TagManager's TagValue API.
+ @pattern tagValues/[0-9]+
+ min_version: 'beta'
+ - name: 'state'
+ type: Enum
+ description: |
+ [Output Only] State of the secure tag, either `EFFECTIVE` or
+ `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted
+ or its network is deleted.
+ min_version: 'beta'
+ output: true
+ enum_values:
+ - 'EFFECTIVE'
+ - 'INEFFECTIVE'
+ - name: 'targetSecureTag'
+ type: Array
+ description: |
+ A list of secure tags that controls which instances the firewall rule
+ applies to. If targetSecureTag
are specified, then the
+ firewall rule applies only to instances in the VPC network that have one
+ of those EFFECTIVE secure tags, if all the target_secure_tag are in
+ INEFFECTIVE state, then this rule will be ignored.
+ targetSecureTag
may not be set at the same time as
+ targetServiceAccounts
.
+ If neither targetServiceAccounts
nor
+ targetSecureTag
are specified, the firewall rule applies
+ to all instances on the specified network.
+ Maximum number of target label tags allowed is 256.
+ api_name: targetSecureTags
+ min_version: 'beta'
+ item_type:
+ type: NestedObject
+ properties:
+ - name: 'name'
+ type: String
+ description: |
+ Name of the secure tag, created with TagManager's TagValue API.
+ @pattern tagValues/[0-9]+
+ min_version: 'beta'
+ - name: 'state'
+ type: Enum
+ description: |
+ [Output Only] State of the secure tag, either `EFFECTIVE` or
+ `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted
+ or its network is deleted.
+ min_version: 'beta'
+ output: true
+ enum_values:
+ - 'EFFECTIVE'
+ - 'INEFFECTIVE'
+ - name: 'action'
+ type: String
+ description: |
+ The Action to perform when the client connection triggers the rule. Can currently be either
+ "allow", "deny", "apply_security_profile_group" or "goto_next".
+ min_version: 'beta'
+ required: true
+ - name: 'direction'
+ type: Enum
+ description: |
+ The direction in which this rule applies. If unspecified an INGRESS rule is created.
+ min_version: 'beta'
+ enum_values:
+ - 'INGRESS'
+ - 'EGRESS'
+ - name: 'enableLogging'
+ type: Boolean
+ description: |
+ Denotes whether to enable logging for a particular rule.
+ If logging is enabled, logs will be exported to the
+ configured export destination in Stackdriver.
+ min_version: 'beta'
+ send_empty_value: true
+ - name: 'targetServiceAccounts'
+ type: Array
+ description: |
+ A list of service accounts indicating the sets of
+ instances that are applied with this rule.
+ min_version: 'beta'
+ item_type:
+ type: String
+ - name: 'securityProfileGroup'
+ type: String
+ description: |
+ A fully-qualified URL of a SecurityProfile resource instance.
+ Example:
+ https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group
+ Must be specified if action is 'apply_security_profile_group'.
+ min_version: 'beta'
+ - name: 'tlsInspect'
+ type: Boolean
+ description: |
+ Boolean flag indicating if the traffic should be TLS decrypted.
+ It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions.
+ min_version: 'beta'
+ - name: 'disabled'
+ type: Boolean
+ description: |
+ Denotes whether the firewall policy rule is disabled. When set to true,
+ the firewall policy rule is not enforced and traffic behaves as if it did
+ not exist. If this is unspecified, the firewall policy rule will be
+ enabled.
+ min_version: 'beta'
+ - name: 'predefinedRules'
+ type: Array
+ description: A list of firewall policy pre-defined rules.
+ min_version: 'beta'
+ output: true
+ item_type:
+ type: NestedObject
+ properties:
+ - name: 'description'
+ type: String
+ description: |
+ A description of the rule.
+ min_version: 'beta'
+ output: true
+ - name: 'ruleName'
+ type: String
+ description: |
+ An optional name for the rule. This field is not a unique identifier
+ and can be updated.
+ min_version: 'beta'
+ output: true
+ - name: 'priority'
+ type: Integer
+ description: |
+ An integer indicating the priority of a rule in the list. The priority must be a value
+ between 0 and 2147483647. Rules are evaluated from highest to lowest priority where 0 is the
+ highest priority and 2147483647 is the lowest priority.
+ min_version: 'beta'
+ output: true
+ - name: 'match'
+ type: NestedObject
+ description:
+ A match condition that incoming traffic is evaluated against. If it
+ evaluates to true, the corresponding 'action' is enforced.
+ min_version: 'beta'
+ output: true
+ properties:
+ - name: 'srcIpRanges'
+ type: Array
+ description: |
+ Source IP address range in CIDR format. Required for
+ INGRESS rules.
+ min_version: 'beta'
+ output: true
+ item_type:
+ type: String
+ - name: 'destIpRanges'
+ type: Array
+ description: |
+ Destination IP address range in CIDR format. Required for
+ EGRESS rules.
+ min_version: 'beta'
+ output: true
+ item_type:
+ type: String
+ - name: 'srcAddressGroups'
+ type: Array
+ description: |
+ Address groups which should be matched against the traffic source.
+ Maximum number of source address groups is 10.
+ min_version: 'beta'
+ output: true
+ item_type:
+ type: String
+ - name: 'destAddressGroups'
+ type: Array
+ description: |
+ Address groups which should be matched against the traffic destination.
+ Maximum number of destination address groups is 10.
+ min_version: 'beta'
+ output: true
+ item_type:
+ type: String
+ - name: 'srcFqdns'
+ type: Array
+ description: |
+ Fully Qualified Domain Name (FQDN) which should be matched against
+ traffic source. Maximum number of source fqdn allowed is 100.
+ min_version: 'beta'
+ output: true
+ item_type:
+ type: String
+ - name: 'destFqdns'
+ type: Array
+ description: |
+ Fully Qualified Domain Name (FQDN) which should be matched against
+ traffic destination. Maximum number of destination fqdn allowed is 100.
+ min_version: 'beta'
+ output: true
+ item_type:
+ type: String
+ - name: 'srcRegionCodes'
+ type: Array
+ description: |
+ Region codes whose IP addresses will be used to match for source
+ of traffic. Should be specified as 2 letter country code defined as per
+ ISO 3166 alpha-2 country codes. ex."US"
+ Maximum number of source region codes allowed is 5000.
+ min_version: 'beta'
+ output: true
+ item_type:
+ type: String
+ - name: 'destRegionCodes'
+ type: Array
+ description: |
+ Region codes whose IP addresses will be used to match for destination
+ of traffic. Should be specified as 2 letter country code defined as per
+ ISO 3166 alpha-2 country codes. ex."US"
+ Maximum number of destination region codes allowed is 5000.
+ min_version: 'beta'
+ output: true
+ item_type:
+ type: String
+ - name: 'srcThreatIntelligences'
+ type: Array
+ description: |
+ Names of Network Threat Intelligence lists.
+ The IPs in these lists will be matched against traffic source.
+ min_version: 'beta'
+ output: true
+ item_type:
+ type: String
+ - name: 'destThreatIntelligences'
+ type: Array
+ description: |
+ Names of Network Threat Intelligence lists.
+ The IPs in these lists will be matched against traffic destination.
+ min_version: 'beta'
+ output: true
+ item_type:
+ type: String
+ - name: 'layer4Config'
+ type: Array
+ description: |
+ Pairs of IP protocols and ports that the rule should match.
+ api_name: layer4Configs
+ min_version: 'beta'
+ output: true
+ item_type:
+ type: NestedObject
+ properties:
+ - name: 'ipProtocol'
+ type: String
+ description: |
+ The IP protocol to which this rule applies. The protocol
+ type is required when creating a firewall rule.
+ This value can either be one of the following well
+ known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp),
+ or the IP protocol number.
+ min_version: 'beta'
+ output: true
+ - name: 'ports'
+ type: Array
+ description: |
+ An optional list of ports to which this rule applies. This field
+ is only applicable for UDP or TCP protocol. Each entry must be
+ either an integer or a range. If not specified, this rule
+ applies to connections through any port.
+ Example inputs include: ["22"], ["80","443"], and
+ ["12345-12349"].
+ min_version: 'beta'
+ output: true
+ item_type:
+ type: String
+ - name: 'srcSecureTag'
+ type: Array
+ description: |
+ List of secure tag values, which should be matched at the source
+ of the traffic.
+ For INGRESS rule, if all the srcSecureTag
are INEFFECTIVE,
+ and there is no srcIpRange
, this rule will be ignored.
+ Maximum number of source tag values allowed is 256.
+ api_name: srcSecureTags
+ min_version: 'beta'
+ output: true
+ item_type:
+ type: NestedObject
+ properties:
+ - name: 'name'
+ type: String
+ description: |
+ Name of the secure tag, created with TagManager's TagValue API.
+ @pattern tagValues/[0-9]+
+ min_version: 'beta'
+ output: true
+ - name: 'state'
+ type: Enum
+ description: |
+ [Output Only] State of the secure tag, either `EFFECTIVE` or
+ `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted
+ or its network is deleted.
+ min_version: 'beta'
+ output: true
+ enum_values:
+ - 'EFFECTIVE'
+ - 'INEFFECTIVE'
+ - name: 'targetSecureTag'
+ type: Array
+ description: |
+ A list of secure tags that controls which instances the firewall rule
+ applies to. If targetSecureTag
are specified, then the
+ firewall rule applies only to instances in the VPC network that have one
+ of those EFFECTIVE secure tags, if all the target_secure_tag are in
+ INEFFECTIVE state, then this rule will be ignored.
+ targetSecureTag
may not be set at the same time as
+ targetServiceAccounts
.
+ If neither targetServiceAccounts
nor
+ targetSecureTag
are specified, the firewall rule applies
+ to all instances on the specified network.
+ Maximum number of target label tags allowed is 256.
+ api_name: targetSecureTags
+ min_version: 'beta'
+ output: true
+ item_type:
+ type: NestedObject
+ properties:
+ - name: 'name'
+ type: String
+ description: |
+ Name of the secure tag, created with TagManager's TagValue API.
+ @pattern tagValues/[0-9]+
+ min_version: 'beta'
+ output: true
+ - name: 'state'
+ type: Enum
+ description: |
+ [Output Only] State of the secure tag, either `EFFECTIVE` or
+ `INEFFECTIVE`. A secure tag is `INEFFECTIVE` when it is deleted
+ or its network is deleted.
+ min_version: 'beta'
+ output: true
+ enum_values:
+ - 'EFFECTIVE'
+ - 'INEFFECTIVE'
+ - name: 'action'
+ type: String
+ description: |
+ The Action to perform when the client connection triggers the rule. Can currently be either
+ "allow", "deny", "apply_security_profile_group" or "goto_next".
+ min_version: 'beta'
+ output: true
+ - name: 'direction'
+ type: Enum
+ description: |
+ The direction in which this rule applies. If unspecified an INGRESS rule is created.
+ min_version: 'beta'
+ output: true
+ enum_values:
+ - 'INGRESS'
+ - 'EGRESS'
+ - name: 'enableLogging'
+ type: Boolean
+ description: |
+ Denotes whether to enable logging for a particular rule.
+ If logging is enabled, logs will be exported to the
+ configured export destination in Stackdriver.
+ min_version: 'beta'
+ output: true
+ send_empty_value: true
+ - name: 'targetServiceAccounts'
+ type: Array
+ description: |
+ A list of service accounts indicating the sets of
+ instances that are applied with this rule.
+ min_version: 'beta'
+ output: true
+ item_type:
+ type: String
+ - name: 'securityProfileGroup'
+ type: String
+ description: |
+ A fully-qualified URL of a SecurityProfile resource instance.
+ Example:
+ https://networksecurity.googleapis.com/v1/projects/{project}/locations/{location}/securityProfileGroups/my-security-profile-group
+ Must be specified if action is 'apply_security_profile_group'.
+ min_version: 'beta'
+ output: true
+ - name: 'tlsInspect'
+ type: Boolean
+ description: |
+ Boolean flag indicating if the traffic should be TLS decrypted.
+ It can be set only if action = 'apply_security_profile_group' and cannot be set for other actions.
+ min_version: 'beta'
+ output: true
+ - name: 'disabled'
+ type: Boolean
+ description: |
+ Denotes whether the firewall policy rule is disabled. When set to true,
+ the firewall policy rule is not enforced and traffic behaves as if it did
+ not exist. If this is unspecified, the firewall policy rule will be
+ enabled.
+ min_version: 'beta'
+ output: true
+ - name: 'fingerprint'
+ type: Fingerprint
+ description: Fingerprint of the resource. This field is used internally during updates of this resource.
+ min_version: 'beta'
+ output: true
+ - name: 'selfLink'
+ type: String
+ description: Server-defined URL for the resource.
+ min_version: 'beta'
+ output: true
+ - name: 'selfLinkWithId'
+ type: String
+ description: Server-defined URL for this resource with the resource id.
+ min_version: 'beta'
+ output: true
+ - name: 'ruleTupleCount'
+ type: Integer
+ description: Total count of all firewall policy rule tuples. A firewall policy can not exceed a set number of tuples.
+ min_version: 'beta'
+ output: true
diff --git a/mmv1/products/healthcare/go_ConsentStore.yaml b/mmv1/products/healthcare/go_ConsentStore.yaml
index c074ab71c852..8ba444b7b043 100644
--- a/mmv1/products/healthcare/go_ConsentStore.yaml
+++ b/mmv1/products/healthcare/go_ConsentStore.yaml
@@ -43,6 +43,7 @@ iam_policy:
- '{{%dataset}}/consentStores/{{name}}'
- '{{name}}'
custom_code:
+# Skipping the sweeper since this is a fine-grained resource under dataset
exclude_sweeper: true
examples:
- name: 'healthcare_consent_store_basic'
diff --git a/mmv1/products/healthcare/go_PipelineJob.yaml b/mmv1/products/healthcare/go_PipelineJob.yaml
new file mode 100644
index 000000000000..bc3eeb5fa388
--- /dev/null
+++ b/mmv1/products/healthcare/go_PipelineJob.yaml
@@ -0,0 +1,266 @@
+# Copyright 2024 Google Inc.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Warning: This is a temporary file, and should not be edited directly
+---
+name: 'PipelineJob'
+kind: 'healthcare#pipelineJob'
+description: |
+ PipelineJobs are Long Running Operations on Healthcare API to Map or Reconcile
+ incoming data into FHIR format
+references:
+ guides:
+ 'Creating a PipelineJob': 'https://cloud.google.com/healthcare-api/private/healthcare-data-engine/docs/reference/rest/v1/projects.locations.datasets.pipelineJobs#PipelineJob'
+ api: 'https://cloud.google.com/healthcare-api/healthcare-data-engine/docs/reference/rest/v1/projects.locations.datasets.pipelineJobs'
+docs:
+id_format: '{{dataset}}/pipelineJobs/{{name}}'
+base_url: '{{dataset}}/pipelineJobs?pipelineJobId={{name}}'
+self_link: '{{dataset}}/pipelineJobs/{{name}}'
+update_verb: 'PATCH'
+update_mask: true
+delete_url: '{{dataset}}/pipelineJobs/{{name}}'
+import_format:
+ - '{{%dataset}}/pipelineJobs/{{name}}'
+ - '{{name}}'
+ - '{{dataset}}/pipelineJobs?pipelineJobId={{name}}'
+timeouts:
+ insert_minutes: 20
+ update_minutes: 20
+ delete_minutes: 20
+custom_code:
+ decoder: 'templates/terraform/decoders/go/long_name_to_self_link.go.tmpl'
+exclude_sweeper: true
+examples:
+ - name: 'healthcare_pipeline_job_reconciliation'
+ primary_resource_id: 'example-pipeline'
+ vars:
+ pipeline_name: 'example_pipeline_job'
+ dataset_name: 'example_dataset'
+ fhir_store_name: 'fhir_store'
+ bucket_name: 'example_bucket_name'
+ - name: 'healthcare_pipeline_job_backfill'
+ primary_resource_id: 'example-pipeline'
+ vars:
+ backfill_pipeline_name: 'example_backfill_pipeline'
+ dataset_name: 'example_dataset'
+ mapping_pipeline_name: 'example_mapping_pipeline'
+ - name: 'healthcare_pipeline_job_whistle_mapping'
+ primary_resource_id: 'example-mapping-pipeline'
+ vars:
+ pipeline_name: 'example_mapping_pipeline_job'
+ dataset_name: 'example_dataset'
+ source_fhirstore_name: 'source_fhir_store'
+ dest_fhirstore_name: 'dest_fhir_store'
+ bucket_name: 'example_bucket_name'
+ - name: 'healthcare_pipeline_job_mapping_recon_dest'
+ primary_resource_id: 'example-mapping-pipeline'
+ vars:
+ pipeline_name: 'example_mapping_pipeline_job'
+ recon_pipeline_name: 'example_recon_pipeline_job'
+ dataset_name: 'example_dataset'
+ source_fhirstore_name: 'source_fhir_store'
+ dest_fhirstore_name: 'dest_fhir_store'
+ bucket_name: 'example_bucket_name'
+parameters:
+ - name: 'location'
+ type: String
+ description: |
+ Location where the Pipeline Job is to run
+ url_param_only: true
+ required: true
+ immutable: true
+ - name: 'dataset'
+ type: String
+ description: |
+ Healthcare Dataset under which the Pipeline Job is to run
+ url_param_only: true
+ required: true
+ immutable: true
+properties:
+ - name: 'name'
+ type: String
+ description: |
+ Specifies the name of the pipeline job. This field is user-assigned.
+ required: true
+ - name: 'disableLineage'
+ type: Boolean
+ description: |
+ If true, disables writing lineage for the pipeline.
+ required: false
+ default_value: false
+ - name: 'labels'
+ type: KeyValueLabels
+ description: |
+ User-supplied key-value pairs used to organize Pipeline Jobs.
+ Label keys must be between 1 and 63 characters long, have a UTF-8 encoding of
+ maximum 128 bytes, and must conform to the following PCRE regular expression:
+ [\p{Ll}\p{Lo}][\p{Ll}\p{Lo}\p{N}_-]{0,62}
+ Label values are optional, must be between 1 and 63 characters long, have a
+ UTF-8 encoding of maximum 128 bytes, and must conform to the following PCRE
+ regular expression: [\p{Ll}\p{Lo}\p{N}_-]{0,63}
+ No more than 64 labels can be associated with a given pipeline.
+ An object containing a list of "key": value pairs.
+ Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.
+ required: false
+ - name: 'selfLink'
+ type: String
+ description: |
+ The fully qualified name of this dataset
+ ignore_read: true
+ output: true
+ - name: 'mappingPipelineJob'
+ type: NestedObject
+ description: |
+ Specifies mapping configuration.
+ required: false
+ conflicts:
+ - reconciliationPipelineJob
+ - backfillPipelineJob
+ properties:
+ - name: 'mappingConfig'
+ type: NestedObject
+ description: |
+ The location of the mapping configuration.
+ required: true
+ properties:
+ - name: 'description'
+ type: String
+ description: |
+ Describes the mapping configuration.
+ required: false
+ - name: 'whistleConfigSource'
+ type: NestedObject
+ description: |
+ Specifies the path to the mapping configuration for harmonization pipeline.
+ required: false
+ properties:
+ - name: 'uri'
+ type: String
+ description: |
+ Main configuration file which has the entrypoint or the root function.
+ Example: gs://{bucket-id}/{path/to/import-root/dir}/entrypoint-file-name.wstl.
+ required: true
+ - name: 'importUriPrefix'
+ type: String
+ description: |
+ Directory path where all the Whistle files are located.
+ Example: gs://{bucket-id}/{path/to/import-root/dir}
+ required: true
+ - name: 'fhirStreamingSource'
+ type: NestedObject
+ description: |
+ A streaming FHIR data source.
+ required: false
+ properties:
+ - name: 'fhirStore'
+ type: String
+ description: |
+ The path to the FHIR store in the format projects/{projectId}/locations/{locationId}/datasets/{datasetId}/fhirStores/{fhirStoreId}.
+ required: true
+ - name: 'description'
+ type: String
+ description: |
+ Describes the streaming FHIR data source.
+ required: false
+ - name: 'fhirStoreDestination'
+ type: String
+ description: |
+ If set, the mapping pipeline will write snapshots to this
+ FHIR store without assigning stable IDs. You must
+ grant your pipeline project's Cloud Healthcare Service
+ Agent serviceaccount healthcare.fhirResources.executeBundle
+ and healthcare.fhirResources.create permissions on the
+ destination store. The destination store must set
+ [disableReferentialIntegrity][FhirStore.disable_referential_integrity]
+ to true. The destination store must use FHIR version R4.
+ Format: project/{projectID}/locations/{locationID}/datasets/{datasetName}/fhirStores/{fhirStoreID}.
+ required: false
+ conflicts:
+ - reconciliationDestination
+ - name: 'reconciliationDestination'
+ type: Boolean
+ description: |
+ If set to true, a mapping pipeline will send output snapshots
+ to the reconciliation pipeline in its dataset. A reconciliation
+ pipeline must exist in this dataset before a mapping pipeline
+ with a reconciliation destination can be created.
+ required: false
+ conflicts:
+ - fhirStoreDestination
+ - name: 'reconciliationPipelineJob'
+ type: NestedObject
+ description: |
+ Specifies reconciliation configuration.
+ required: false
+ conflicts:
+ - mappingPipelineJob
+ - backfillPipelineJob
+ properties:
+ - name: 'mergeConfig'
+ type: NestedObject
+ description: |
+ Specifies the location of the reconciliation configuration.
+ required: true
+ properties:
+ - name: 'description'
+ type: String
+ description: |
+ Describes the mapping configuration.
+ required: false
+ - name: 'whistleConfigSource'
+ type: NestedObject
+ description: |
+ Specifies the path to the mapping configuration for harmonization pipeline.
+ required: true
+ properties:
+ - name: 'uri'
+ type: String
+ description: |
+ Main configuration file which has the entrypoint or the root function.
+ Example: gs://{bucket-id}/{path/to/import-root/dir}/entrypoint-file-name.wstl.
+ required: true
+ - name: 'importUriPrefix'
+ type: String
+ description: |
+ Directory path where all the Whistle files are located.
+ Example: gs://{bucket-id}/{path/to/import-root/dir}
+ required: true
+ - name: 'matchingUriPrefix'
+ type: String
+ description: |
+ Specifies the top level directory of the matching configs used
+ in all mapping pipelines, which extract properties for resources
+ to be matched on.
+ Example: gs://{bucket-id}/{path/to/matching/configs}
+ required: true
+ - name: 'fhirStoreDestination'
+ type: String
+ description: |
+ The harmonized FHIR store to write harmonized FHIR resources to,
+ in the format of: project/{projectID}/locations/{locationID}/datasets/{datasetName}/fhirStores/{id}
+ required: false
+ - name: 'backfillPipelineJob'
+ type: NestedObject
+ description: |
+ Specifies the backfill configuration.
+ required: false
+ conflicts:
+ - mappingPipelineJob
+ - reconciliationPipelineJob
+ properties:
+ - name: 'mappingPipelineJob'
+ type: String
+ description: |
+ Specifies the mapping pipeline job to backfill, the name format
+ should follow: projects/{projectId}/locations/{locationId}/datasets/{datasetId}/pipelineJobs/{pipelineJobId}.
+ required: false
diff --git a/mmv1/products/looker/go_Instance.yaml b/mmv1/products/looker/go_Instance.yaml
index ac4949b34cb0..5f2cf1ae012e 100644
--- a/mmv1/products/looker/go_Instance.yaml
+++ b/mmv1/products/looker/go_Instance.yaml
@@ -101,6 +101,12 @@ examples:
client_id: 'my-client-id'
client_secret: 'my-client-secret'
custom_domain: 'my-custom-domain'
+ - name: 'looker_instance_psc'
+ primary_resource_id: 'looker-instance'
+ vars:
+ instance_name: 'my-instance'
+ client_id: 'my-client-id'
+ client_secret: 'my-client-secret'
parameters:
- name: 'region'
type: String
@@ -401,6 +407,57 @@ properties:
description: |
Whether private IP is enabled on the Looker instance.
default_value: false
+ # PscConfig Object
+ - name: 'pscConfig'
+ type: NestedObject
+ description: |
+ Information for Private Service Connect (PSC) setup for a Looker instance.
+ update_mask_fields:
+ - 'psc_config.allowed_vpcs'
+ - 'psc_config.service_attachments'
+ properties:
+ - name: 'allowedVpcs'
+ type: Array
+ description: |
+ List of VPCs that are allowed ingress into the Looker instance.
+ item_type:
+ type: String
+ - name: 'lookerServiceAttachmentUri'
+ type: String
+ description: |
+ URI of the Looker service attachment.
+ output: true
+ - name: 'serviceAttachments'
+ type: Array
+ description: |
+ List of egress service attachment configurations.
+ item_type:
+ type: NestedObject
+ properties:
+ - name: 'connectionStatus'
+ type: Enum
+ description: |
+ Status of the service attachment connection.
+ output: true
+ enum_values:
+ - 'ACCEPTED'
+ - 'PENDING'
+ - 'REJECTED'
+ - 'NEEDS_ATTENTION'
+ - 'CLOSED'
+ - name: 'localFqdn'
+ type: String
+ description: |
+ Fully qualified domain name that will be used in the private DNS record created for the service attachment.
+ - name: 'targetServiceAttachmentUri'
+ type: String
+ description: |
+ URI of the service attachment to connect to.
+ # PscConfig Object - End
+ - name: 'pscEnabled'
+ type: Boolean
+ description: |
+ Whether Public Service Connect (PSC) is enabled on the Looker instance
- name: 'publicIpEnabled'
type: Boolean
description: |
diff --git a/mmv1/products/networkconnectivity/go_Spoke.yaml b/mmv1/products/networkconnectivity/go_Spoke.yaml
index 6913716512cb..b9eef6be0637 100644
--- a/mmv1/products/networkconnectivity/go_Spoke.yaml
+++ b/mmv1/products/networkconnectivity/go_Spoke.yaml
@@ -59,6 +59,31 @@ examples:
instance_name: 'basic-instance'
hub_name: 'basic-hub1'
spoke_name: 'basic-spoke'
+ - name: 'network_connectivity_spoke_vpn_tunnel_basic'
+ primary_resource_id: 'tunnel1'
+ vars:
+ network_name: 'basic-network'
+ subnetwork_name: 'basic-subnetwork'
+ gateway_name: 'vpn-gateway'
+ external_gateway_name: 'external-vpn-gateway'
+ router_name: 'external-vpn-gateway'
+ vpn_tunnel_1_name: 'tunnel1'
+ vpn_tunnel_2_name: 'tunnel2'
+ router_interface_1_name: 'router-interface1'
+ router_peer_1_name: 'router-peer1'
+ router_interface_2_name: 'router-interface2'
+ router_peer_2_name: 'router-peer2'
+ hub_name: 'basic-hub1'
+ vpn_tunnel_1_spoke_name: 'vpn-tunnel-1-spoke'
+ vpn_tunnel_2_spoke_name: 'vpn-tunnel-2-spoke'
+ - name: 'network_connectivity_spoke_interconnect_attachment_basic'
+ primary_resource_id: 'primary'
+ vars:
+ hub_name: 'basic-hub1'
+ network_name: 'basic-network'
+ router_name: 'external-vpn-gateway'
+ interconnect_attachment_name: 'partner-interconnect1'
+ interconnect_attachment_spoke_name: 'interconnect-attachment-spoke'
parameters:
- name: 'location'
type: String
@@ -115,6 +140,13 @@ properties:
description: A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations.
required: true
immutable: true
+ - name: 'includeImportRanges'
+ type: Array
+ description: |
+ IP ranges allowed to be included during import from hub (does not control transit connectivity).
+ The only allowed value for now is "ALL_IPV4_RANGES".
+ item_type:
+ type: String
- name: 'linkedInterconnectAttachments'
type: NestedObject
description: A collection of VLAN attachment resources. These resources should be redundant attachments that all advertise the same prefixes to Google Cloud. Alternatively, in active/passive configurations, all attachments should be capable of advertising the same prefixes.
@@ -136,6 +168,13 @@ properties:
description: A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations.
required: true
immutable: true
+ - name: 'includeImportRanges'
+ type: Array
+ description: |
+ IP ranges allowed to be included during import from hub (does not control transit connectivity).
+ The only allowed value for now is "ALL_IPV4_RANGES".
+ item_type:
+ type: String
- name: 'linkedRouterApplianceInstances'
type: NestedObject
description: The URIs of linked Router appliance resources
@@ -168,6 +207,13 @@ properties:
description: A value that controls whether site-to-site data transfer is enabled for these resources. Note that data transfer is available only in supported locations.
required: true
immutable: true
+ - name: 'includeImportRanges'
+ type: Array
+ description: |
+ IP ranges allowed to be included during import from hub (does not control transit connectivity).
+ The only allowed value for now is "ALL_IPV4_RANGES".
+ item_type:
+ type: String
- name: 'linkedVpcNetwork'
type: NestedObject
description: VPC network that is associated with the spoke.
diff --git a/mmv1/products/networkservices/ServiceLBPolicies.yaml b/mmv1/products/networkservices/ServiceLbPolicies.yaml
similarity index 100%
rename from mmv1/products/networkservices/ServiceLBPolicies.yaml
rename to mmv1/products/networkservices/ServiceLbPolicies.yaml
diff --git a/mmv1/templates/terraform/constants/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl b/mmv1/templates/terraform/constants/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl
new file mode 100644
index 000000000000..e3f13f8bdc40
--- /dev/null
+++ b/mmv1/templates/terraform/constants/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl
@@ -0,0 +1,51 @@
+func regionNetworkFirewallPolicyWithRulesConvertPriorityToInt(v interface {}) (int64, error) {
+ if strVal, ok := v.(string); ok {
+ if intVal, err := tpgresource.StringToFixed64(strVal); err == nil {
+ return intVal, nil
+ }
+ }
+
+ if intVal, ok := v.(int64); ok {
+ return intVal, nil
+ }
+
+ if floatVal, ok := v.(float64); ok {
+ intVal := int64(floatVal)
+ return intVal, nil
+ }
+ return 0, fmt.Errorf("Incorrect rule priority: %s. Priority must be a number", v)
+}
+
+func regionNetworkFirewallPolicyWithRulesIsPredefinedRule(rule map[string]interface{}) (bool, error) {
+ // Priorities from 2147483548 to 2147483647 are reserved and cannot be modified by the user.
+ const ReservedPriorityStart = 2147483548
+
+ priority := rule["priority"]
+ priorityInt, err := regionNetworkFirewallPolicyWithRulesConvertPriorityToInt(priority)
+
+ if err != nil {
+ return false, err
+ }
+
+ return priorityInt >= ReservedPriorityStart, nil
+}
+
+func regionNetworkFirewallPolicyWithRulesSplitPredefinedRules(allRules []interface{}) ([]interface{}, []interface{}, error) {
+ predefinedRules := make([]interface{}, 0)
+ rules := make([]interface{}, 0)
+
+ for _, rule := range allRules {
+ isPredefined, err := regionNetworkFirewallPolicyWithRulesIsPredefinedRule(rule.(map[string]interface{}))
+ if err != nil {
+ return nil, nil, err
+ }
+
+ if isPredefined {
+ predefinedRules = append(predefinedRules, rule)
+ } else {
+ rules = append(rules, rule)
+ }
+ }
+
+ return rules, predefinedRules, nil
+}
diff --git a/mmv1/templates/terraform/decoders/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl b/mmv1/templates/terraform/decoders/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl
new file mode 100644
index 000000000000..802094cda061
--- /dev/null
+++ b/mmv1/templates/terraform/decoders/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl
@@ -0,0 +1,16 @@
+rules, predefinedRules, err := regionNetworkFirewallPolicyWithRulesSplitPredefinedRules(res["rules"].([]interface{}))
+
+if err != nil {
+ return nil, fmt.Errorf("Error occurred while splitting pre-defined rules: %s", err)
+}
+
+res["rules"] = rules
+res["predefinedRules"] = predefinedRules
+
+config := meta.(*transport_tpg.Config)
+
+if err := d.Set("predefined_rules", flattenComputeRegionNetworkFirewallPolicyWithRulesPredefinedRules(predefinedRules, d, config)); err != nil {
+ return nil, fmt.Errorf("Error occurred while setting pre-defined rules: %s", err)
+}
+
+return res, nil
diff --git a/mmv1/templates/terraform/encoders/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl b/mmv1/templates/terraform/encoders/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl
new file mode 100644
index 000000000000..939b22280811
--- /dev/null
+++ b/mmv1/templates/terraform/encoders/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl
@@ -0,0 +1,3 @@
+delete(obj, "rules") // Rules are not supported in the create API
+return obj, nil
+
diff --git a/mmv1/templates/terraform/examples/go/cloud_run_service_gpu.tf.tmpl b/mmv1/templates/terraform/examples/go/cloud_run_service_gpu.tf.tmpl
new file mode 100644
index 000000000000..5606203f1594
--- /dev/null
+++ b/mmv1/templates/terraform/examples/go/cloud_run_service_gpu.tf.tmpl
@@ -0,0 +1,35 @@
+resource "google_cloud_run_service" "{{$.PrimaryResourceId}}" {
+ provider = google-beta
+ name = "{{index $.Vars "cloud_run_service_name"}}"
+ location = "us-central1"
+
+ metadata {
+ annotations = {
+ "run.googleapis.com/launch-stage" = "BETA"
+ }
+ }
+
+ template {
+ metadata {
+ annotations = {
+ "autoscaling.knative.dev/maxScale": "1"
+ "run.googleapis.com/cpu-throttling": "false"
+ }
+ }
+ spec {
+ containers {
+ image = "gcr.io/cloudrun/hello"
+ resources {
+ limits = {
+ "cpu" = "4"
+ "memory" = "16Gi"
+ "nvidia.com/gpu" = "1"
+ }
+ }
+ }
+ node_selector = {
+ "run.googleapis.com/accelerator" = "nvidia-l4"
+ }
+ }
+ }
+}
diff --git a/mmv1/templates/terraform/examples/go/cloudrunv2_service_gpu.tf.tmpl b/mmv1/templates/terraform/examples/go/cloudrunv2_service_gpu.tf.tmpl
new file mode 100644
index 000000000000..9308a5e1d7ea
--- /dev/null
+++ b/mmv1/templates/terraform/examples/go/cloudrunv2_service_gpu.tf.tmpl
@@ -0,0 +1,28 @@
+resource "google_cloud_run_v2_service" "{{$.PrimaryResourceId}}" {
+ provider = google-beta
+ name = "{{index $.Vars "cloud_run_service_name"}}"
+ location = "us-central1"
+ deletion_protection = false
+ ingress = "INGRESS_TRAFFIC_ALL"
+ launch_stage = "BETA"
+
+ template {
+ containers {
+ image = "us-docker.pkg.dev/cloudrun/container/hello"
+ resources {
+ limits = {
+ "cpu" = "4"
+ "memory" = "16Gi"
+ "nvidia.com/gpu" = "1"
+ }
+ startup_cpu_boost = true
+ }
+ }
+ node_selector {
+ accelerator = "nvidia-l4"
+ }
+ scaling {
+ max_instance_count = 1
+ }
+ }
+}
diff --git a/mmv1/templates/terraform/examples/go/compute_region_network_firewall_policy_with_rules_full.tf.tmpl b/mmv1/templates/terraform/examples/go/compute_region_network_firewall_policy_with_rules_full.tf.tmpl
new file mode 100644
index 000000000000..1925a3da00de
--- /dev/null
+++ b/mmv1/templates/terraform/examples/go/compute_region_network_firewall_policy_with_rules_full.tf.tmpl
@@ -0,0 +1,83 @@
+data "google_project" "project" {
+ provider = google-beta
+}
+
+resource "google_compute_region_network_firewall_policy_with_rules" "{{$.PrimaryResourceId}}" {
+ name = "{{index $.Vars "policy_name"}}"
+ region = "us-west2"
+ description = "Terraform test"
+ provider = google-beta
+
+ rule {
+ description = "tcp rule"
+ priority = 1000
+ enable_logging = true
+ action = "allow"
+ direction = "EGRESS"
+ match {
+ layer4_config {
+ ip_protocol = "tcp"
+ ports = [8080, 7070]
+ }
+ dest_ip_ranges = ["11.100.0.1/32"]
+ dest_fqdns = ["www.yyy.com", "www.zzz.com"]
+ dest_region_codes = ["HK", "IN"]
+ dest_threat_intelligences = ["iplist-search-engines-crawlers", "iplist-tor-exit-nodes"]
+ dest_address_groups = [google_network_security_address_group.address_group_1.id]
+ }
+ target_secure_tag {
+ name = "tagValues/${google_tags_tag_value.secure_tag_value_1.name}"
+ }
+ }
+ rule {
+ description = "udp rule"
+ rule_name = "test-rule"
+ priority = 2000
+ enable_logging = false
+ action = "deny"
+ direction = "INGRESS"
+ match {
+ layer4_config {
+ ip_protocol = "udp"
+ }
+ src_ip_ranges = ["0.0.0.0/0"]
+ src_fqdns = ["www.abc.com", "www.def.com"]
+ src_region_codes = ["US", "CA"]
+ src_threat_intelligences = ["iplist-known-malicious-ips", "iplist-public-clouds"]
+ src_address_groups = [google_network_security_address_group.address_group_1.id]
+ src_secure_tag {
+ name = "tagValues/${google_tags_tag_value.secure_tag_value_1.name}"
+ }
+ }
+ disabled = true
+ }
+}
+
+resource "google_network_security_address_group" "address_group_1" {
+ provider = google-beta
+ name = "{{index $.Vars "address_group_name"}}"
+ parent = "projects/${data.google_project.project.name}"
+ description = "Regional address group"
+ location = "us-west2"
+ items = ["208.80.154.224/32"]
+ type = "IPV4"
+ capacity = 100
+}
+
+resource "google_tags_tag_key" "secure_tag_key_1" {
+ provider = google-beta
+ description = "Tag key"
+ parent = "projects/${data.google_project.project.name}"
+ purpose = "GCE_FIREWALL"
+ short_name = "{{index $.Vars "tag_key_name"}}"
+ purpose_data = {
+ network = "${data.google_project.project.name}/default"
+ }
+}
+
+resource "google_tags_tag_value" "secure_tag_value_1" {
+ provider = google-beta
+ description = "Tag value"
+ parent = "tagKeys/${google_tags_tag_key.secure_tag_key_1.name}"
+ short_name = "{{index $.Vars "tag_value_name"}}"
+}
diff --git a/mmv1/templates/terraform/examples/go/healthcare_pipeline_job_backfill.tf.tmpl b/mmv1/templates/terraform/examples/go/healthcare_pipeline_job_backfill.tf.tmpl
new file mode 100644
index 000000000000..56667f06ebf3
--- /dev/null
+++ b/mmv1/templates/terraform/examples/go/healthcare_pipeline_job_backfill.tf.tmpl
@@ -0,0 +1,13 @@
+resource "google_healthcare_pipeline_job" "{{$.PrimaryResourceId}}" {
+ name = "{{index $.Vars "backfill_pipeline_name"}}"
+ location = "us-central1"
+ dataset = google_healthcare_dataset.dataset.id
+ backfill_pipeline_job {
+ mapping_pipeline_job = "${google_healthcare_dataset.dataset.id}/pipelinejobs/{{index $.Vars "mapping_pipeline_name"}}"
+ }
+}
+
+resource "google_healthcare_dataset" "dataset" {
+ name = "{{index $.Vars "dataset_name"}}"
+ location = "us-central1"
+}
\ No newline at end of file
diff --git a/mmv1/templates/terraform/examples/go/healthcare_pipeline_job_mapping_recon_dest.tf.tmpl b/mmv1/templates/terraform/examples/go/healthcare_pipeline_job_mapping_recon_dest.tf.tmpl
new file mode 100644
index 000000000000..e9d25c6b448d
--- /dev/null
+++ b/mmv1/templates/terraform/examples/go/healthcare_pipeline_job_mapping_recon_dest.tf.tmpl
@@ -0,0 +1,81 @@
+resource "google_healthcare_pipeline_job" "recon" {
+ name = "{{index $.Vars "recon_pipeline_name"}}"
+ location = "us-central1"
+ dataset = google_healthcare_dataset.dataset.id
+ disable_lineage = true
+ reconciliation_pipeline_job {
+ merge_config {
+ description = "sample description for reconciliation rules"
+ whistle_config_source {
+ uri = "gs://${google_storage_bucket.bucket.name}/${google_storage_bucket_object.merge_file.name}"
+ import_uri_prefix = "gs://${google_storage_bucket.bucket.name}"
+ }
+ }
+ matching_uri_prefix = "gs://${google_storage_bucket.bucket.name}"
+ fhir_store_destination = "${google_healthcare_dataset.dataset.id}/fhirStores/${google_healthcare_fhir_store.dest_fhirstore.name}"
+ }
+}
+
+resource "google_healthcare_pipeline_job" "{{$.PrimaryResourceId}}" {
+ depends_on = [google_healthcare_pipeline_job.recon]
+ name = "{{index $.Vars "pipeline_name"}}"
+ location = "us-central1"
+ dataset = google_healthcare_dataset.dataset.id
+ disable_lineage = true
+ labels = {
+ example_label_key = "example_label_value"
+ }
+ mapping_pipeline_job {
+ mapping_config {
+ whistle_config_source {
+ uri = "gs://${google_storage_bucket.bucket.name}/${google_storage_bucket_object.mapping_file.name}"
+ import_uri_prefix = "gs://${google_storage_bucket.bucket.name}"
+ }
+ description = "example description for mapping configuration"
+ }
+ fhir_streaming_source {
+ fhir_store = "${google_healthcare_dataset.dataset.id}/fhirStores/${google_healthcare_fhir_store.source_fhirstore.name}"
+ description = "example description for streaming fhirstore"
+ }
+ reconciliation_destination = true
+ }
+}
+
+resource "google_healthcare_dataset" "dataset" {
+ name = "{{index $.Vars "dataset_name"}}"
+ location = "us-central1"
+}
+
+resource "google_healthcare_fhir_store" "source_fhirstore" {
+ name = "{{index $.Vars "source_fhirstore_name"}}"
+ dataset = google_healthcare_dataset.dataset.id
+ version = "R4"
+ enable_update_create = true
+ disable_referential_integrity = true
+}
+
+resource "google_healthcare_fhir_store" "dest_fhirstore" {
+ name = "{{index $.Vars "dest_fhirstore_name"}}"
+ dataset = google_healthcare_dataset.dataset.id
+ version = "R4"
+ enable_update_create = true
+ disable_referential_integrity = true
+}
+
+resource "google_storage_bucket" "bucket" {
+ name = "{{index $.Vars "bucket_name"}}"
+ location = "us-central1"
+ uniform_bucket_level_access = true
+}
+
+resource "google_storage_bucket_object" "mapping_file" {
+ name = "mapping.wstl"
+ content = " "
+ bucket = google_storage_bucket.bucket.name
+}
+
+resource "google_storage_bucket_object" "merge_file" {
+ name = "merge.wstl"
+ content = " "
+ bucket = google_storage_bucket.bucket.name
+}
\ No newline at end of file
diff --git a/mmv1/templates/terraform/examples/go/healthcare_pipeline_job_reconciliation.tf.tmpl b/mmv1/templates/terraform/examples/go/healthcare_pipeline_job_reconciliation.tf.tmpl
new file mode 100644
index 000000000000..68c22b8f1cb9
--- /dev/null
+++ b/mmv1/templates/terraform/examples/go/healthcare_pipeline_job_reconciliation.tf.tmpl
@@ -0,0 +1,42 @@
+resource "google_healthcare_pipeline_job" "{{$.PrimaryResourceId}}" {
+ name = "{{index $.Vars "pipeline_name"}}"
+ location = "us-central1"
+ dataset = google_healthcare_dataset.dataset.id
+ disable_lineage = true
+ reconciliation_pipeline_job {
+ merge_config {
+ description = "sample description for reconciliation rules"
+ whistle_config_source {
+ uri = "gs://${google_storage_bucket.bucket.name}/${google_storage_bucket_object.merge_file.name}"
+ import_uri_prefix = "gs://${google_storage_bucket.bucket.name}"
+ }
+ }
+ matching_uri_prefix = "gs://${google_storage_bucket.bucket.name}"
+ fhir_store_destination = "${google_healthcare_dataset.dataset.id}/fhirStores/${google_healthcare_fhir_store.fhirstore.name}"
+ }
+}
+
+resource "google_healthcare_dataset" "dataset" {
+ name = "{{index $.Vars "dataset_name"}}"
+ location = "us-central1"
+}
+
+resource "google_healthcare_fhir_store" "fhirstore" {
+ name = "{{index $.Vars "fhir_store_name"}}"
+ dataset = google_healthcare_dataset.dataset.id
+ version = "R4"
+ enable_update_create = true
+ disable_referential_integrity = true
+}
+
+resource "google_storage_bucket" "bucket" {
+ name = "{{index $.Vars "bucket_name"}}"
+ location = "us-central1"
+ uniform_bucket_level_access = true
+}
+
+resource "google_storage_bucket_object" "merge_file" {
+ name = "merge.wstl"
+ content = " "
+ bucket = google_storage_bucket.bucket.name
+}
\ No newline at end of file
diff --git a/mmv1/templates/terraform/examples/go/healthcare_pipeline_job_whistle_mapping.tf.tmpl b/mmv1/templates/terraform/examples/go/healthcare_pipeline_job_whistle_mapping.tf.tmpl
new file mode 100644
index 000000000000..d75fd9e3552c
--- /dev/null
+++ b/mmv1/templates/terraform/examples/go/healthcare_pipeline_job_whistle_mapping.tf.tmpl
@@ -0,0 +1,56 @@
+resource "google_healthcare_pipeline_job" "{{$.PrimaryResourceId}}" {
+ name = "{{index $.Vars "pipeline_name"}}"
+ location = "us-central1"
+ dataset = google_healthcare_dataset.dataset.id
+ disable_lineage = true
+ labels = {
+ example_label_key = "example_label_value"
+ }
+ mapping_pipeline_job {
+ mapping_config {
+ whistle_config_source {
+ uri = "gs://${google_storage_bucket.bucket.name}/${google_storage_bucket_object.mapping_file.name}"
+ import_uri_prefix = "gs://${google_storage_bucket.bucket.name}"
+ }
+ description = "example description for mapping configuration"
+ }
+ fhir_streaming_source {
+ fhir_store = "${google_healthcare_dataset.dataset.id}/fhirStores/${google_healthcare_fhir_store.source_fhirstore.name}"
+ description = "example description for streaming fhirstore"
+ }
+ fhir_store_destination = "${google_healthcare_dataset.dataset.id}/fhirStores/${google_healthcare_fhir_store.dest_fhirstore.name}"
+ }
+}
+
+resource "google_healthcare_dataset" "dataset" {
+ name = "{{index $.Vars "dataset_name"}}"
+ location = "us-central1"
+}
+
+resource "google_healthcare_fhir_store" "source_fhirstore" {
+ name = "{{index $.Vars "source_fhirstore_name"}}"
+ dataset = google_healthcare_dataset.dataset.id
+ version = "R4"
+ enable_update_create = true
+ disable_referential_integrity = true
+}
+
+resource "google_healthcare_fhir_store" "dest_fhirstore" {
+ name = "{{index $.Vars "dest_fhirstore_name"}}"
+ dataset = google_healthcare_dataset.dataset.id
+ version = "R4"
+ enable_update_create = true
+ disable_referential_integrity = true
+}
+
+resource "google_storage_bucket" "bucket" {
+ name = "{{index $.Vars "bucket_name"}}"
+ location = "us-central1"
+ uniform_bucket_level_access = true
+}
+
+resource "google_storage_bucket_object" "mapping_file" {
+ name = "mapping.wstl"
+ content = " "
+ bucket = google_storage_bucket.bucket.name
+}
\ No newline at end of file
diff --git a/mmv1/templates/terraform/examples/go/looker_instance_psc.tf.tmpl b/mmv1/templates/terraform/examples/go/looker_instance_psc.tf.tmpl
new file mode 100644
index 000000000000..151321ce125f
--- /dev/null
+++ b/mmv1/templates/terraform/examples/go/looker_instance_psc.tf.tmpl
@@ -0,0 +1,17 @@
+resource "google_looker_instance" "{{$.PrimaryResourceId}}" {
+ name = "{{index $.Vars "instance_name"}}"
+ platform_edition = "LOOKER_CORE_ENTERPRISE_ANNUAL"
+ region = "us-central1"
+ private_ip_enabled = false
+ public_ip_enabled = false
+ psc_enabled = true
+ oauth_config {
+ client_id = "{{index $.Vars "client_id"}}"
+ client_secret = "{{index $.Vars "client_secret"}}"
+ }
+ psc_config {
+ allowed_vpcs = ["projects/test-project/global/networks/test"]
+ # update only
+ # service_attachments = [{local_fqdn: "www.local-fqdn.com" target_service_attachment_uri: "projects/my-project/regions/us-east1/serviceAttachments/sa"}]
+ }
+}
diff --git a/mmv1/templates/terraform/examples/go/network_connectivity_spoke_interconnect_attachment_basic.tf.tmpl b/mmv1/templates/terraform/examples/go/network_connectivity_spoke_interconnect_attachment_basic.tf.tmpl
new file mode 100644
index 000000000000..44e35979a8c0
--- /dev/null
+++ b/mmv1/templates/terraform/examples/go/network_connectivity_spoke_interconnect_attachment_basic.tf.tmpl
@@ -0,0 +1,45 @@
+resource "google_network_connectivity_hub" "basic_hub" {
+ name = "{{index $.Vars "hub_name"}}"
+ description = "A sample hub"
+ labels = {
+ label-two = "value-one"
+ }
+}
+
+resource "google_compute_network" "network" {
+ name = "{{index $.Vars "network_name"}}"
+ auto_create_subnetworks = false
+}
+
+resource "google_compute_router" "router" {
+ name = "{{index $.Vars "router_name"}}"
+ region = "us-central1"
+ network = google_compute_network.network.name
+ bgp {
+ asn = 16550
+ }
+}
+
+resource "google_compute_interconnect_attachment" "interconnect-attachment" {
+ name = "{{index $.Vars "interconnect_attachment_name"}}"
+ edge_availability_domain = "AVAILABILITY_DOMAIN_1"
+ type = "PARTNER"
+ router = google_compute_router.router.id
+ mtu = 1500
+ region = "us-central1"
+}
+
+resource "google_network_connectivity_spoke" "{{$.PrimaryResourceId}}" {
+ name = "{{index $.Vars "interconnect_attachment_spoke_name"}}"
+ location = "us-central1"
+ description = "A sample spoke with a linked Interconnect Attachment"
+ labels = {
+ label-one = "value-one"
+ }
+ hub = google_network_connectivity_hub.basic_hub.id
+ linked_interconnect_attachments {
+ uris = [google_compute_interconnect_attachment.interconnect-attachment.self_link]
+ site_to_site_data_transfer = true
+ include_import_ranges = ["ALL_IPV4_RANGES"]
+ }
+}
diff --git a/mmv1/templates/terraform/examples/go/network_connectivity_spoke_router_appliance_basic.tf.tmpl b/mmv1/templates/terraform/examples/go/network_connectivity_spoke_router_appliance_basic.tf.tmpl
index 693028f32f8c..058a19583736 100644
--- a/mmv1/templates/terraform/examples/go/network_connectivity_spoke_router_appliance_basic.tf.tmpl
+++ b/mmv1/templates/terraform/examples/go/network_connectivity_spoke_router_appliance_basic.tf.tmpl
@@ -53,5 +53,6 @@ resource "google_network_connectivity_spoke" "primary" {
ip_address = "10.0.0.2"
}
site_to_site_data_transfer = true
+ include_import_ranges = ["ALL_IPV4_RANGES"]
}
}
diff --git a/mmv1/templates/terraform/examples/go/network_connectivity_spoke_vpn_tunnel_basic.tf.tmpl b/mmv1/templates/terraform/examples/go/network_connectivity_spoke_vpn_tunnel_basic.tf.tmpl
new file mode 100644
index 000000000000..94e922e717cc
--- /dev/null
+++ b/mmv1/templates/terraform/examples/go/network_connectivity_spoke_vpn_tunnel_basic.tf.tmpl
@@ -0,0 +1,131 @@
+resource "google_network_connectivity_hub" "basic_hub" {
+ name = "{{index $.Vars "hub_name"}}"
+ description = "A sample hub"
+ labels = {
+ label-two = "value-one"
+ }
+}
+
+resource "google_compute_network" "network" {
+ name = "{{index $.Vars "network_name"}}"
+ auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "subnetwork" {
+ name = "{{index $.Vars "subnetwork_name"}}"
+ ip_cidr_range = "10.0.0.0/28"
+ region = "us-central1"
+ network = google_compute_network.network.self_link
+}
+
+resource "google_compute_ha_vpn_gateway" "gateway" {
+ name = "{{index $.Vars "gateway_name"}}"
+ network = google_compute_network.network.id
+}
+
+resource "google_compute_external_vpn_gateway" "external_vpn_gw" {
+ name = "{{index $.Vars "external_gateway_name"}}"
+ redundancy_type = "SINGLE_IP_INTERNALLY_REDUNDANT"
+ description = "An externally managed VPN gateway"
+ interface {
+ id = 0
+ ip_address = "8.8.8.8"
+ }
+}
+
+resource "google_compute_router" "router" {
+ name = "{{index $.Vars "router_name"}}"
+ region = "us-central1"
+ network = google_compute_network.network.name
+ bgp {
+ asn = 64514
+ }
+}
+
+resource "google_compute_vpn_tunnel" "tunnel1" {
+ name = "{{index $.Vars "vpn_tunnel_1_name"}}"
+ region = "us-central1"
+ vpn_gateway = google_compute_ha_vpn_gateway.gateway.id
+ peer_external_gateway = google_compute_external_vpn_gateway.external_vpn_gw.id
+ peer_external_gateway_interface = 0
+ shared_secret = "a secret message"
+ router = google_compute_router.router.id
+ vpn_gateway_interface = 0
+}
+
+resource "google_compute_vpn_tunnel" "tunnel2" {
+ name = "{{index $.Vars "vpn_tunnel_2_name"}}"
+ region = "us-central1"
+ vpn_gateway = google_compute_ha_vpn_gateway.gateway.id
+ peer_external_gateway = google_compute_external_vpn_gateway.external_vpn_gw.id
+ peer_external_gateway_interface = 0
+ shared_secret = "a secret message"
+ router = " ${google_compute_router.router.id}"
+ vpn_gateway_interface = 1
+}
+
+resource "google_compute_router_interface" "router_interface1" {
+ name = "{{index $.Vars "router_interface_1_name"}}"
+ router = google_compute_router.router.name
+ region = "us-central1"
+ ip_range = "169.254.0.1/30"
+ vpn_tunnel = google_compute_vpn_tunnel.tunnel1.name
+}
+
+resource "google_compute_router_peer" "router_peer1" {
+ name = "{{index $.Vars "router_peer_1_name"}}"
+ router = google_compute_router.router.name
+ region = "us-central1"
+ peer_ip_address = "169.254.0.2"
+ peer_asn = 64515
+ advertised_route_priority = 100
+ interface = google_compute_router_interface.router_interface1.name
+}
+
+resource "google_compute_router_interface" "router_interface2" {
+ name = "{{index $.Vars "router_interface_2_name"}}"
+ router = google_compute_router.router.name
+ region = "us-central1"
+ ip_range = "169.254.1.1/30"
+ vpn_tunnel = google_compute_vpn_tunnel.tunnel2.name
+}
+
+resource "google_compute_router_peer" "router_peer2" {
+ name = "{{index $.Vars "router_peer_2_name"}}"
+ router = google_compute_router.router.name
+ region = "us-central1"
+ peer_ip_address = "169.254.1.2"
+ peer_asn = 64515
+ advertised_route_priority = 100
+ interface = google_compute_router_interface.router_interface2.name
+}
+
+resource "google_network_connectivity_spoke" "{{$.PrimaryResourceId}}" {
+ name = "{{index $.Vars "vpn_tunnel_1_spoke_name"}}"
+ location = "us-central1"
+ description = "A sample spoke with a linked VPN Tunnel"
+ labels = {
+ label-one = "value-one"
+ }
+ hub = google_network_connectivity_hub.basic_hub.id
+ linked_vpn_tunnels {
+ uris = [google_compute_vpn_tunnel.tunnel1.self_link]
+ site_to_site_data_transfer = true
+ include_import_ranges = ["ALL_IPV4_RANGES"]
+ }
+}
+
+resource "google_network_connectivity_spoke" "tunnel2" {
+ name = "{{index $.Vars "vpn_tunnel_2_spoke_name"}}"
+ location = "us-central1"
+ description = "A sample spoke with a linked VPN Tunnel"
+ labels = {
+ label-one = "value-one"
+ }
+ hub = google_network_connectivity_hub.basic_hub.id
+ linked_vpn_tunnels {
+ uris = [google_compute_vpn_tunnel.tunnel2.self_link]
+ site_to_site_data_transfer = true
+ include_import_ranges = ["ALL_IPV4_RANGES"]
+ }
+}
diff --git a/mmv1/templates/terraform/iam_policy.go.tmpl b/mmv1/templates/terraform/iam_policy.go.tmpl
index 58c83fad4b99..726b38c9fe63 100644
--- a/mmv1/templates/terraform/iam_policy.go.tmpl
+++ b/mmv1/templates/terraform/iam_policy.go.tmpl
@@ -15,7 +15,7 @@
{{- if ne $.Compiler "terraformgoogleconversion-codegen" }}
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
-{{- end }}
+{{ end }}
// ----------------------------------------------------------------------------
//
// *** AUTO GENERATED CODE *** Type: MMv1 ***
diff --git a/mmv1/templates/terraform/operation.go.tmpl b/mmv1/templates/terraform/operation.go.tmpl
index f3690006ef57..5a3e4211c7a0 100644
--- a/mmv1/templates/terraform/operation.go.tmpl
+++ b/mmv1/templates/terraform/operation.go.tmpl
@@ -1,7 +1,7 @@
{{- if ne $.Compiler "terraformgoogleconversion-codegen" }}
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
-{{- end }}
+{{ end }}
// ----------------------------------------------------------------------------
//
// *** AUTO GENERATED CODE *** Type: MMv1 ***
diff --git a/mmv1/templates/terraform/post_create/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl b/mmv1/templates/terraform/post_create/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl
new file mode 100644
index 000000000000..a32fbbe431d4
--- /dev/null
+++ b/mmv1/templates/terraform/post_create/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl
@@ -0,0 +1,31 @@
+log.Printf("[DEBUG] Post-create for RegionNetworkFirewallPolicyWithRules %q", d.Id())
+
+url, err = tpgresource.ReplaceVarsForId(d, config, "{{"{{"}}ComputeBasePath{{"}}"}}projects/{{"{{"}}project{{"}}"}}/regions/{{"{{"}}region{{"}}"}}/firewallPolicies/{{"{{"}}name{{"}}"}}")
+if err != nil {
+ return err
+}
+
+headers = make(http.Header)
+res, err = transport_tpg.SendRequest(transport_tpg.SendRequestOptions{
+ Config: config,
+ Method: "GET",
+ Project: billingProject,
+ RawURL: url,
+ UserAgent: userAgent,
+ Headers: headers,
+})
+if err != nil {
+ return transport_tpg.HandleNotFoundError(err, d, fmt.Sprintf("ComputeRegionNetworkFirewallPolicyWithRules %q", d.Id()))
+}
+
+if err := d.Set("fingerprint", flattenComputeRegionNetworkFirewallPolicyWithRulesFingerprint(res["fingerprint"], d, config)); err != nil {
+ return fmt.Errorf("Error reading RegionNetworkFirewallPolicyWithRules: %s", err)
+}
+
+res, err = resourceComputeRegionNetworkFirewallPolicyWithRulesDecoder(d, meta, res)
+if err != nil {
+ return err
+}
+
+log.Printf("[DEBUG] Updating RegionNetworkFirewallPolicyWithRules %q", d.Id())
+return resourceComputeRegionNetworkFirewallPolicyWithRulesUpdate(d, meta)
diff --git a/mmv1/templates/terraform/sweeper_file.go.tmpl b/mmv1/templates/terraform/sweeper_file.go.tmpl
index f9cb80ccb29a..1dce3b881e2f 100644
--- a/mmv1/templates/terraform/sweeper_file.go.tmpl
+++ b/mmv1/templates/terraform/sweeper_file.go.tmpl
@@ -1,7 +1,7 @@
-{{- if ne $.Compiler "terraformgoogleconversion-codegen" }}
+{{- if ne $.Compiler "terraformgoogleconversion-codegen" -}}
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
-{{- end }}
+{{ end }}
// ----------------------------------------------------------------------------
//
// *** AUTO GENERATED CODE *** Type: MMv1 ***
diff --git a/mmv1/templates/terraform/update_encoder/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl b/mmv1/templates/terraform/update_encoder/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl
new file mode 100644
index 000000000000..f90eb2dfa682
--- /dev/null
+++ b/mmv1/templates/terraform/update_encoder/go/resource_compute_region_network_firewall_policy_with_rules.go.tmpl
@@ -0,0 +1,15 @@
+config := meta.(*transport_tpg.Config)
+
+predefinedRulesProp, err := expandComputeRegionNetworkFirewallPolicyWithRulesRule(d.Get("predefined_rules"), d, config)
+if err != nil {
+ return nil, err
+}
+
+rules := obj["rules"].([]interface{})
+obj["rules"] = append(rules, predefinedRulesProp)
+
+return obj, nil
+
+
+
+
diff --git a/mmv1/third_party/terraform/provider/go/provider_mmv1_resources.go.tmpl b/mmv1/third_party/terraform/provider/go/provider_mmv1_resources.go.tmpl
index 022bfb078ab4..a8921bde2496 100644
--- a/mmv1/third_party/terraform/provider/go/provider_mmv1_resources.go.tmpl
+++ b/mmv1/third_party/terraform/provider/go/provider_mmv1_resources.go.tmpl
@@ -179,8 +179,10 @@ var handwrittenDatasources = map[string]*schema.Resource{
"google_runtimeconfig_config": runtimeconfig.DataSourceGoogleRuntimeconfigConfig(),
"google_runtimeconfig_variable": runtimeconfig.DataSourceGoogleRuntimeconfigVariable(),
{{- end }}
+ "google_secret_manager_regional_secret_version_access": secretmanagerregional.DataSourceSecretManagerRegionalRegionalSecretVersionAccess(),
"google_secret_manager_regional_secret_version": secretmanagerregional.DataSourceSecretManagerRegionalRegionalSecretVersion(),
"google_secret_manager_regional_secret": secretmanagerregional.DataSourceSecretManagerRegionalRegionalSecret(),
+ "google_secret_manager_regional_secrets": secretmanagerregional.DataSourceSecretManagerRegionalRegionalSecrets(),
"google_secret_manager_secret": secretmanager.DataSourceSecretManagerSecret(),
"google_secret_manager_secrets": secretmanager.DataSourceSecretManagerSecrets(),
"google_secret_manager_secret_version": secretmanager.DataSourceSecretManagerSecretVersion(),
diff --git a/mmv1/third_party/terraform/services/cloudrun/go/resource_cloud_run_service_test.go.tmpl b/mmv1/third_party/terraform/services/cloudrun/go/resource_cloud_run_service_test.go.tmpl
index fb6619b5d5ed..0e8d0b38029d 100644
--- a/mmv1/third_party/terraform/services/cloudrun/go/resource_cloud_run_service_test.go.tmpl
+++ b/mmv1/third_party/terraform/services/cloudrun/go/resource_cloud_run_service_test.go.tmpl
@@ -1483,3 +1483,121 @@ resource "google_cloud_run_service" "default" {
`, name, project)
}
{{- end }}
+
+{{ if ne $.TargetVersionName `ga` -}}
+func TestAccCloudRunService_resourcesRequirements(t *testing.T) {
+ t.Parallel()
+
+ project := envvar.GetTestProjectFromEnv()
+ name := "tftest-cloudrun-" + acctest.RandString(t, 6)
+
+ acctest.VcrTest(t, resource.TestCase{
+ PreCheck: func() { acctest.AccTestPreCheck(t) },
+ ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t),
+ Steps: []resource.TestStep{
+ {
+ Config: testAccCloudRunV2Service_cloudrunServiceWithoutGpu(name, project),
+ },
+ {
+ ResourceName: "google_cloud_run_service.default",
+ ImportState: true,
+ ImportStateVerify: true,
+ ImportStateVerifyIgnore: []string{"metadata.0.resource_version", "metadata.0.annotations", "metadata.0.labels", "metadata.0.terraform_labels", "status.0.conditions"},
+ },
+ {
+ Config: testAccCloudRunV2Service_cloudrunServiceWithGpu(name, project),
+ },
+ {
+ ResourceName: "google_cloud_run_service.default",
+ ImportState: true,
+ ImportStateVerify: true,
+ ImportStateVerifyIgnore: []string{"metadata.0.resource_version", "metadata.0.annotations", "metadata.0.labels", "metadata.0.terraform_labels", "status.0.conditions"},
+ },
+ {
+ Config: testAccCloudRunV2Service_cloudrunServiceWithoutGpu(name, project),
+ },
+ {
+ ResourceName: "google_cloud_run_service.default",
+ ImportState: true,
+ ImportStateVerify: true,
+ ImportStateVerifyIgnore: []string{"metadata.0.resource_version", "metadata.0.annotations", "metadata.0.labels", "metadata.0.terraform_labels", "status.0.conditions"},
+ },
+ },
+ })
+}
+
+func testAccCloudRunV2Service_cloudrunServiceWithoutGpu(name, project string) string {
+ return fmt.Sprintf(`
+resource "google_cloud_run_service" "default" {
+ provider = google-beta
+ name = "%s"
+ location = "us-central1"
+
+ metadata {
+ namespace = "%s"
+ }
+
+ template {
+ metadata {
+ annotations = {
+ "autoscaling.knative.dev/maxScale": "1"
+ "run.googleapis.com/cpu-throttling": "false"
+ }
+ }
+ spec {
+ containers {
+ image = "gcr.io/cloudrun/hello"
+ resources {
+ limits = {
+ "cpu" = "4"
+ "memory" = "16Gi"
+ }
+ }
+ }
+ }
+ }
+}
+`, name, project)
+}
+
+func testAccCloudRunV2Service_cloudrunServiceWithGpu(name, project string) string {
+ return fmt.Sprintf(`
+resource "google_cloud_run_service" "default" {
+ provider = google-beta
+ name = "%s"
+ location = "us-central1"
+
+ metadata {
+ namespace = "%s"
+ annotations = {
+ "run.googleapis.com/launch-stage" = "BETA"
+ }
+ }
+
+ template {
+ metadata {
+ annotations = {
+ "autoscaling.knative.dev/maxScale": "1"
+ "run.googleapis.com/cpu-throttling": "false"
+ }
+ }
+ spec {
+ containers {
+ image = "gcr.io/cloudrun/hello"
+ resources {
+ limits = {
+ "cpu" = "4"
+ "memory" = "16Gi"
+ "nvidia.com/gpu" = "1"
+ }
+ }
+ }
+ node_selector = {
+ "run.googleapis.com/accelerator" = "nvidia-l4"
+ }
+ }
+ }
+}
+`, name, project)
+}
+{{- end }}
diff --git a/mmv1/third_party/terraform/services/cloudrunv2/go/resource_cloud_run_v2_service_test.go.tmpl b/mmv1/third_party/terraform/services/cloudrunv2/go/resource_cloud_run_v2_service_test.go.tmpl
index 96026c217727..f44bc016460f 100644
--- a/mmv1/third_party/terraform/services/cloudrunv2/go/resource_cloud_run_v2_service_test.go.tmpl
+++ b/mmv1/third_party/terraform/services/cloudrunv2/go/resource_cloud_run_v2_service_test.go.tmpl
@@ -1194,3 +1194,122 @@ resource "google_network_services_mesh" "new_mesh" {
`, context)
}
{{- end }}
+
+{{ if ne $.TargetVersionName `ga` -}}
+func TestAccCloudRunV2Service_cloudrunv2ServiceWithResourcesRequirements(t *testing.T) {
+ t.Parallel()
+ context := map[string]interface{} {
+ "random_suffix" : acctest.RandString(t, 10),
+ }
+ acctest.VcrTest(t, resource.TestCase {
+ PreCheck: func() { acctest.AccTestPreCheck(t)},
+ ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+ CheckDestroy: testAccCheckCloudRunV2ServiceDestroyProducer(t),
+ Steps: []resource.TestStep{
+ {
+ Config: testAccCloudRunV2Service_cloudrunv2ServiceWithoutGpu(context),
+ },
+ {
+ ResourceName: "google_cloud_run_v2_service.default",
+ ImportState: true,
+ ImportStateVerify: true,
+ ImportStateVerifyIgnore: []string{"name", "location", "annotations", "labels", "terraform_labels", "launch_stage", "deletion_protection"},
+ },
+ {
+ Config: testAccCloudRunV2Service_cloudrunv2ServiceWithGpu(context),
+ },
+ {
+ ResourceName: "google_cloud_run_v2_service.default",
+ ImportState: true,
+ ImportStateVerify: true,
+ ImportStateVerifyIgnore: []string{"name", "location", "annotations", "labels", "terraform_labels", "launch_stage", "deletion_protection"},
+ },
+ {
+ Config: testAccCloudRunV2Service_cloudrunv2ServiceWithoutGpu(context),
+ },
+ {
+ ResourceName: "google_cloud_run_v2_service.default",
+ ImportState: true,
+ ImportStateVerify: true,
+ ImportStateVerifyIgnore: []string{"name", "location", "annotations", "labels", "terraform_labels", "launch_stage", "deletion_protection"},
+ },
+ },
+ })
+}
+
+func testAccCloudRunV2Service_cloudrunv2ServiceWithoutGpu(context map[string]interface{}) string {
+ return acctest.Nprintf(`
+resource "google_cloud_run_v2_service" "default" {
+ name = "tf-test-cloudrun-service%{random_suffix}"
+ description = "description creating"
+ location = "us-central1"
+ deletion_protection = false
+ launch_stage = "GA"
+ annotations = {
+ generated-by = "magic-modules"
+ }
+ ingress = "INGRESS_TRAFFIC_ALL"
+ labels = {
+ label-1 = "value-1"
+ }
+ client = "client-1"
+ client_version = "client-version-1"
+ template {
+ containers {
+ image = "us-docker.pkg.dev/cloudrun/container/hello"
+ resources {
+ limits = {
+ "cpu" = "4"
+ "memory" = "16Gi"
+ }
+ startup_cpu_boost = true
+ }
+ }
+ scaling {
+ max_instance_count = 1
+ }
+ }
+}
+`, context)
+}
+
+func testAccCloudRunV2Service_cloudrunv2ServiceWithGpu(context map[string]interface{}) string {
+ return acctest.Nprintf(`
+resource "google_cloud_run_v2_service" "default" {
+ name = "tf-test-cloudrun-service%{random_suffix}"
+ description = "description creating"
+ location = "us-central1"
+ deletion_protection = false
+ launch_stage = "BETA"
+ annotations = {
+ generated-by = "magic-modules"
+ }
+ ingress = "INGRESS_TRAFFIC_ALL"
+ labels = {
+ label-1 = "value-1"
+ }
+ client = "client-1"
+ client_version = "client-version-1"
+ template {
+ containers {
+ image = "us-docker.pkg.dev/cloudrun/container/hello"
+ resources {
+ limits = {
+ "cpu" = "4"
+ "memory" = "16Gi"
+ "nvidia.com/gpu" = "1"
+ }
+ startup_cpu_boost = true
+ }
+ }
+ node_selector {
+ accelerator = "nvidia-l4"
+ }
+ scaling {
+ max_instance_count = 1
+ }
+ }
+}
+`, context)
+}
+{{- end }}
diff --git a/mmv1/third_party/terraform/services/compute/go/resource_compute_region_network_firewall_policy_with_rules_test.go.tmpl b/mmv1/third_party/terraform/services/compute/go/resource_compute_region_network_firewall_policy_with_rules_test.go.tmpl
new file mode 100644
index 000000000000..28eb6d172d99
--- /dev/null
+++ b/mmv1/third_party/terraform/services/compute/go/resource_compute_region_network_firewall_policy_with_rules_test.go.tmpl
@@ -0,0 +1,213 @@
+package compute_test
+{{- if ne $.TargetVersionName "ga" }}
+import (
+ "testing"
+
+ "github.com/hashicorp/terraform-plugin-testing/helper/resource"
+
+ "github.com/hashicorp/terraform-provider-google/google/acctest"
+)
+
+func TestAccComputeRegionNetworkFirewallPolicyWithRules_update(t *testing.T) {
+ t.Parallel()
+
+ context := map[string]interface{}{
+ "random_suffix": acctest.RandString(t, 10),
+ }
+
+ acctest.VcrTest(t, resource.TestCase{
+ PreCheck: func() { acctest.AccTestPreCheck(t) },
+ ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t),
+ CheckDestroy: testAccCheckComputeRegionNetworkFirewallPolicyWithRulesDestroyProducer(t),
+ Steps: []resource.TestStep{
+ {
+ Config: testAccComputeRegionNetworkFirewallPolicyWithRules_full(context),
+ },
+ {
+ ResourceName: "google_compute_region_network_firewall_policy_with_rules.region-network-firewall-policy-with-rules",
+ ImportState: true,
+ ImportStateVerify: true,
+ ImportStateVerifyIgnore: []string{"region"},
+ },
+ {
+ Config: testAccComputeRegionNetworkFirewallPolicyWithRules_update(context),
+ },
+ {
+ ResourceName: "google_compute_region_network_firewall_policy_with_rules.region-network-firewall-policy-with-rules",
+ ImportState: true,
+ ImportStateVerify: true,
+ ImportStateVerifyIgnore: []string{"region"},
+ },
+ },
+ })
+}
+
+func testAccComputeRegionNetworkFirewallPolicyWithRules_full(context map[string]interface{}) string {
+ return acctest.Nprintf(`
+data "google_project" "project" {
+ provider = google-beta
+}
+
+resource "google_compute_region_network_firewall_policy_with_rules" "region-network-firewall-policy-with-rules" {
+ name = "tf-test-tf-region-fw-policy-with-rules%{random_suffix}"
+ region = "us-west2"
+ description = "Terraform test"
+ provider = google-beta
+
+ rule {
+ description = "tcp rule"
+ priority = 1000
+ enable_logging = true
+ action = "allow"
+ direction = "EGRESS"
+ match {
+ layer4_config {
+ ip_protocol = "tcp"
+ ports = [8080, 7070]
+ }
+ dest_ip_ranges = ["11.100.0.1/32"]
+ dest_fqdns = ["www.yyy.com", "www.zzz.com"]
+ dest_region_codes = ["HK", "IN"]
+ dest_threat_intelligences = ["iplist-search-engines-crawlers", "iplist-tor-exit-nodes"]
+ dest_address_groups = [google_network_security_address_group.address_group_1.id]
+ }
+ target_secure_tag {
+ name = "tagValues/${google_tags_tag_value.secure_tag_value_1.name}"
+ }
+ }
+ rule {
+ description = "udp rule"
+ rule_name = "test-rule"
+ priority = 2000
+ enable_logging = false
+ action = "deny"
+ direction = "INGRESS"
+ match {
+ layer4_config {
+ ip_protocol = "udp"
+ }
+ src_ip_ranges = ["0.0.0.0/0"]
+ src_fqdns = ["www.abc.com", "www.def.com"]
+ src_region_codes = ["US", "CA"]
+ src_threat_intelligences = ["iplist-known-malicious-ips", "iplist-public-clouds"]
+ src_address_groups = [google_network_security_address_group.address_group_1.id]
+ src_secure_tag {
+ name = "tagValues/${google_tags_tag_value.secure_tag_value_1.name}"
+ }
+ }
+ disabled = true
+ }
+}
+
+resource "google_network_security_address_group" "address_group_1" {
+ provider = google-beta
+ name = "tf-test-tf-address-group%{random_suffix}"
+ parent = "projects/${data.google_project.project.name}"
+ description = "Regional address group"
+ location = "us-west2"
+ items = ["208.80.154.224/32"]
+ type = "IPV4"
+ capacity = 100
+}
+
+resource "google_tags_tag_key" "secure_tag_key_1" {
+ provider = google-beta
+ description = "Tag key"
+ parent = "projects/${data.google_project.project.name}"
+ purpose = "GCE_FIREWALL"
+ short_name = "tf-test-tf-tag-key%{random_suffix}"
+ purpose_data = {
+ network = "${data.google_project.project.name}/default"
+ }
+}
+
+resource "google_tags_tag_value" "secure_tag_value_1" {
+ provider = google-beta
+ description = "Tag value"
+ parent = "tagKeys/${google_tags_tag_key.secure_tag_key_1.name}"
+ short_name = "tf-test-tf-tag-value%{random_suffix}"
+}
+`, context)
+}
+
+func testAccComputeRegionNetworkFirewallPolicyWithRules_update(context map[string]interface{}) string {
+ return acctest.Nprintf(`
+data "google_project" "project" {
+ provider = google-beta
+}
+
+resource "google_compute_region_network_firewall_policy_with_rules" "region-network-firewall-policy-with-rules" {
+ name = "tf-test-tf-fw-policy-with-rules%{random_suffix}"
+ description = "Terraform test - update"
+ region = "us-west2"
+ provider = google-beta
+
+ rule {
+ description = "tcp rule - changed"
+ priority = 1000
+ enable_logging = false
+ action = "allow"
+ direction = "EGRESS"
+ match {
+ layer4_config {
+ ip_protocol = "tcp"
+ ports = [8080, 7070]
+ }
+ dest_ip_ranges = ["11.100.0.1/32"]
+ }
+ }
+ rule {
+ description = "new udp rule"
+ priority = 4000
+ enable_logging = true
+ action = "deny"
+ direction = "INGRESS"
+ match {
+ layer4_config {
+ ip_protocol = "udp"
+ }
+ src_ip_ranges = ["0.0.0.0/0"]
+ src_fqdns = ["www.abc.com", "www.ghi.com"]
+ src_region_codes = ["IT", "FR"]
+ src_threat_intelligences = ["iplist-public-clouds"]
+ src_address_groups = [google_network_security_address_group.address_group_1.id]
+ src_secure_tag {
+ name = "tagValues/${google_tags_tag_value.secure_tag_value_1.name}"
+ }
+ }
+ disabled = false
+ }
+}
+
+resource "google_network_security_address_group" "address_group_1" {
+ provider = google-beta
+ name = "tf-test-tf-address-group%{random_suffix}"
+ parent = "projects/${data.google_project.project.name}"
+ description = "Regional address group"
+ location = "us-west2"
+ items = ["208.80.154.224/32"]
+ type = "IPV4"
+ capacity = 100
+}
+
+resource "google_tags_tag_key" "secure_tag_key_1" {
+ provider = google-beta
+ description = "Tag key"
+ parent = "projects/${data.google_project.project.name}"
+ purpose = "GCE_FIREWALL"
+ short_name = "tf-test-tf-tag-key%{random_suffix}"
+ purpose_data = {
+ network = "${data.google_project.project.name}/default"
+ }
+}
+
+resource "google_tags_tag_value" "secure_tag_value_1" {
+ provider = google-beta
+ description = "Tag value"
+ parent = "tagKeys/${google_tags_tag_key.secure_tag_key_1.name}"
+ short_name = "tf-test-tf-tag-value%{random_suffix}"
+}
+`, context)
+}
+{{- end }}
+
diff --git a/mmv1/third_party/terraform/services/container/go/node_config.go.tmpl b/mmv1/third_party/terraform/services/container/go/node_config.go.tmpl
index abe7a87b0797..8b7c70515e06 100644
--- a/mmv1/third_party/terraform/services/container/go/node_config.go.tmpl
+++ b/mmv1/third_party/terraform/services/container/go/node_config.go.tmpl
@@ -646,6 +646,26 @@ func schemaNodeConfig() *schema.Schema {
Description: `cgroupMode specifies the cgroup mode to be used on the node.`,
DiffSuppressFunc: tpgresource.EmptyOrDefaultStringSuppress("CGROUP_MODE_UNSPECIFIED"),
},
+ "hugepages_config": {
+ Type: schema.TypeList,
+ Optional: true,
+ MaxItems: 1,
+ Description: `Amounts for 2M and 1G hugepages.`,
+ Elem: &schema.Resource{
+ Schema: map[string]*schema.Schema{
+ "hugepage_size_2m": {
+ Type: schema.TypeInt,
+ Optional: true,
+ Description: `Amount of 2M hugepages.`,
+ },
+ "hugepage_size_1g": {
+ Type: schema.TypeInt,
+ Optional: true,
+ Description: `Amount of 1G hugepages.`,
+ },
+ },
+ },
+ },
},
},
},
@@ -815,7 +835,6 @@ func expandNodeConfigDefaults(configured interface{}) *container.NodeConfigDefau
if v, ok := config["insecure_kubelet_readonly_port_enabled"]; ok {
nodeConfigDefaults.NodeKubeletConfig = &container.NodeKubeletConfig{
InsecureKubeletReadonlyPortEnabled: expandInsecureKubeletReadonlyPortEnabled(v),
- ForceSendFields: []string{"InsecureKubeletReadonlyPortEnabled"},
}
}
if variant, ok := config["logging_variant"]; ok {
@@ -1245,6 +1264,10 @@ func expandLinuxNodeConfig(v interface{}) *container.LinuxNodeConfig {
linuxNodeConfig.CgroupMode = cgroupMode
}
+ if v, ok := cfg["hugepages_config"]; ok {
+ linuxNodeConfig.Hugepages = expandHugepagesConfig(v)
+ }
+
return linuxNodeConfig
}
@@ -1269,6 +1292,32 @@ func expandCgroupMode(cfg map[string]interface{}) string {
return cgroupMode.(string)
}
+func expandHugepagesConfig(v interface{}) *container.HugepagesConfig {
+ if v == nil {
+ return nil
+ }
+ ls := v.([]interface{})
+ if len(ls) == 0 {
+ return nil
+ }
+ if ls[0] == nil {
+ return &container.HugepagesConfig{}
+ }
+ cfg := ls[0].(map[string]interface{})
+
+ hugepagesConfig := &container.HugepagesConfig{}
+
+ if v, ok := cfg["hugepage_size_2m"]; ok {
+ hugepagesConfig.HugepageSize2m = int64(v.(int))
+ }
+
+ if v, ok := cfg["hugepage_size_1g"]; ok {
+ hugepagesConfig.HugepageSize1g = int64(v.(int))
+ }
+
+ return hugepagesConfig
+}
+
func expandContainerdConfig(v interface{}) *container.ContainerdConfig {
if v == nil {
return nil
@@ -1799,8 +1848,20 @@ func flattenLinuxNodeConfig(c *container.LinuxNodeConfig) []map[string]interface
result := []map[string]interface{}{}
if c != nil {
result = append(result, map[string]interface{}{
- "sysctls": c.Sysctls,
- "cgroup_mode": c.CgroupMode,
+ "sysctls": c.Sysctls,
+ "cgroup_mode": c.CgroupMode,
+ "hugepages_config": flattenHugepagesConfig(c.Hugepages),
+ })
+ }
+ return result
+}
+
+func flattenHugepagesConfig(c *container.HugepagesConfig) []map[string]interface{} {
+ result := []map[string]interface{}{}
+ if c != nil {
+ result = append(result, map[string]interface{}{
+ "hugepage_size_2m": c.HugepageSize2m,
+ "hugepage_size_1g": c.HugepageSize1g,
})
}
return result
diff --git a/mmv1/third_party/terraform/services/container/go/resource_container_cluster_test.go.tmpl b/mmv1/third_party/terraform/services/container/go/resource_container_cluster_test.go.tmpl
index f9f6f30ac85d..afbe1852a239 100644
--- a/mmv1/third_party/terraform/services/container/go/resource_container_cluster_test.go.tmpl
+++ b/mmv1/third_party/terraform/services/container/go/resource_container_cluster_test.go.tmpl
@@ -3369,6 +3369,32 @@ func TestAccContainerCluster_withAutopilotKubeletConfig(t *testing.T) {
})
}
+func TestAccContainerCluster_withAutopilot_withNodePoolDefaults(t *testing.T) {
+ t.Parallel()
+
+ randomSuffix := acctest.RandString(t, 10)
+ clusterName := fmt.Sprintf("tf-test-cluster-%s", randomSuffix)
+ networkName := acctest.BootstrapSharedTestNetwork(t, "gke-cluster")
+ subnetworkName := acctest.BootstrapSubnet(t, "gke-cluster", networkName)
+
+ acctest.VcrTest(t, resource.TestCase{
+ PreCheck: func() { acctest.AccTestPreCheck(t) },
+ ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+ CheckDestroy: testAccCheckContainerClusterDestroyProducer(t),
+ Steps: []resource.TestStep{
+ {
+ Config: testAccContainerCluster_withAutopilot_withNodePoolDefaults(clusterName, networkName, subnetworkName),
+ },
+ {
+ ResourceName: "google_container_cluster.primary",
+ ImportState: true,
+ ImportStateVerify: true,
+ ImportStateVerifyIgnore: []string{"deletion_protection"},
+ },
+ },
+ })
+}
+
func TestAccContainerCluster_withAutopilotResourceManagerTags(t *testing.T) {
t.Parallel()
@@ -10709,6 +10735,25 @@ func testAccContainerCluster_withAutopilotKubeletConfigUpdates(name, insecureKub
`, name, insecureKubeletReadonlyPortEnabled)
}
+func testAccContainerCluster_withAutopilot_withNodePoolDefaults(name, networkName, subnetworkName string) string {
+ return fmt.Sprintf(`
+resource "google_container_cluster" "primary" {
+ name = "%s"
+ location = "us-central1"
+ enable_autopilot = true
+
+ node_pool_defaults {
+ node_config_defaults {
+ }
+ }
+
+ deletion_protection = false
+ network = "%s"
+ subnetwork = "%s"
+ }
+`, name, networkName, subnetworkName)
+}
+
func testAccContainerCluster_resourceManagerTags(projectID, clusterName, networkName, subnetworkName, randomSuffix string) string {
return fmt.Sprintf(`
data "google_project" "project" {
diff --git a/mmv1/third_party/terraform/services/container/go/resource_container_node_pool_test.go.tmpl b/mmv1/third_party/terraform/services/container/go/resource_container_node_pool_test.go.tmpl
index 128ee9254e31..a066953a01d7 100644
--- a/mmv1/third_party/terraform/services/container/go/resource_container_node_pool_test.go.tmpl
+++ b/mmv1/third_party/terraform/services/container/go/resource_container_node_pool_test.go.tmpl
@@ -670,6 +670,40 @@ func TestAccContainerNodePool_withCgroupMode(t *testing.T) {
})
}
+func TestAccContainerNodePool_withHugepageConfig(t *testing.T) {
+ t.Parallel()
+
+ cluster := fmt.Sprintf("tf-test-cluster-%s", acctest.RandString(t, 10))
+ np := fmt.Sprintf("tf-test-np-%s", acctest.RandString(t, 10))
+ networkName := acctest.BootstrapSharedTestNetwork(t, "gke-cluster")
+ subnetworkName := acctest.BootstrapSubnet(t, "gke-cluster", networkName)
+
+ acctest.VcrTest(t, resource.TestCase{
+ PreCheck: func() { acctest.AccTestPreCheck(t) },
+ ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+ CheckDestroy: testAccCheckContainerClusterDestroyProducer(t),
+ Steps: []resource.TestStep{
+ {
+ Config: testAccContainerNodePool_withHugepageConfig(cluster, np, networkName, subnetworkName, 1),
+ },
+ {
+ ResourceName: "google_container_node_pool.np",
+ ImportState: true,
+ ImportStateVerify: true,
+ },
+ // Perform an update.
+ {
+ Config: testAccContainerNodePool_withHugepageConfig(cluster, np, networkName, subnetworkName, 2),
+ },
+ {
+ ResourceName: "google_container_node_pool.np",
+ ImportState: true,
+ ImportStateVerify: true,
+ },
+ },
+ })
+}
+
func TestAccContainerNodePool_withNetworkConfig(t *testing.T) {
t.Parallel()
@@ -3390,6 +3424,46 @@ resource "google_container_node_pool" "with_tier1_net" {
`, network, cluster, np, np, np, np, netTier)
}
+
+func testAccContainerNodePool_withHugepageConfig(cluster, np, networkName, subnetworkName string, hugepage int) string {
+ return fmt.Sprintf(`
+data "google_container_engine_versions" "central1a" {
+ location = "us-central1-a"
+}
+
+resource "google_container_cluster" "cluster" {
+ name = "%s"
+ location = "us-central1-a"
+ initial_node_count = 1
+ min_master_version = data.google_container_engine_versions.central1a.latest_master_version
+ deletion_protection = false
+ network = "%s"
+ subnetwork = "%s"
+}
+
+resource "google_container_node_pool" "np" {
+ name = "%s"
+ location = "us-central1-a"
+ cluster = google_container_cluster.cluster.name
+ initial_node_count = 1
+ node_config {
+ image_type = "COS_CONTAINERD"
+ machine_type = "c2d-standard-2" # This is required for hugepage_size_1g https://cloud.google.com/kubernetes-engine/docs/how-to/node-system-config#huge-page-options
+ linux_node_config {
+ hugepages_config {
+ hugepage_size_2m = %d
+ hugepage_size_1g = %d
+ }
+ }
+ oauth_scopes = [
+ "https://www.googleapis.com/auth/logging.write",
+ "https://www.googleapis.com/auth/monitoring",
+ ]
+ }
+}
+`, cluster, networkName, subnetworkName, np, hugepage, hugepage)
+}
+
func testAccContainerNodePool_withMultiNicNetworkConfig(cluster, np, network string) string {
return fmt.Sprintf(`
resource "google_compute_network" "container_network" {