add Forward_proxy to compute.backendService DynamicForwarding (#16665) (#11723)

[upstream:07aa40da9007eababf64ca07bce9454bb9eeddcd]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/16665.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+compute: added `ForwardProxy` field in `google_compute_region_backend_service` resource
+```

google-beta/services/compute/resource_compute_region_backend_service.go

@@ -678,6 +678,28 @@ feature which together with Service Extension allows customized and complex rout
 				MaxItems: 1,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
+						"forward_proxy": {
+							Type:        schema.TypeList,
+							Optional:    true,
+							Description: `Dynamic Forwarding Proxy configuration.`,
+							MaxItems:    1,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"enabled": {
+										Type:        schema.TypeBool,
+										Required:    true,
+										ForceNew:    true,
+										Description: `A boolean flag enabling dynamic forwarding proxy.`,
+									},
+									"proxy_mode": {
+										Type:         schema.TypeString,
+										Required:     true,
+										ValidateFunc: verify.ValidateEnum([]string{"DIRECT_FORWARDING", "CLOUD_RUN"}),
+										Description:  `Determines the dynamic forwarding proxy mode Possible values: ["DIRECT_FORWARDING", "CLOUD_RUN"]`,
+									},
+								},
+							},
+						},
 						"ip_port_selection": {
 							Type:        schema.TypeList,
 							Optional:    true,
@@ -881,11 +903,11 @@ If OAuth client is not set, Google-managed OAuth client is used.`,
 				Type:         schema.TypeString,
 				Optional:     true,
 				ForceNew:     true,
-				ValidateFunc: verify.ValidateEnum([]string{"EXTERNAL", "EXTERNAL_MANAGED", "INTERNAL", "INTERNAL_MANAGED", ""}),
+				ValidateFunc: verify.ValidateEnum([]string{"EXTERNAL", "EXTERNAL_MANAGED", "INTERNAL", "INTERNAL_MANAGED", "INTERNAL_SELF_MANAGED", ""}),
 				Description: `Indicates what kind of load balancing this regional backend service
 will be used for. A backend service created for one type of load
 balancing cannot be used with the other(s). For more information, refer to
-[Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: "INTERNAL" Possible values: ["EXTERNAL", "EXTERNAL_MANAGED", "INTERNAL", "INTERNAL_MANAGED"]`,
+[Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service). Default value: "INTERNAL" Possible values: ["EXTERNAL", "EXTERNAL_MANAGED", "INTERNAL", "INTERNAL_MANAGED", "INTERNAL_SELF_MANAGED"]`,
 				Default: "INTERNAL",
 			},
 			"locality_lb_policy": {
@@ -3979,6 +4001,8 @@ func flattenComputeRegionBackendServiceDynamicForwarding(v interface{}, d *schem
 	transformed := make(map[string]interface{})
 	transformed["ip_port_selection"] =
 		flattenComputeRegionBackendServiceDynamicForwardingIpPortSelection(original["ipPortSelection"], d, config)
+	transformed["forward_proxy"] =
+		flattenComputeRegionBackendServiceDynamicForwardingForwardProxy(original["forwardProxy"], d, config)
 	return []interface{}{transformed}
 }
 func flattenComputeRegionBackendServiceDynamicForwardingIpPortSelection(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
@@ -3998,6 +4022,29 @@ func flattenComputeRegionBackendServiceDynamicForwardingIpPortSelectionEnabled(v
 	return v
 }
 
+func flattenComputeRegionBackendServiceDynamicForwardingForwardProxy(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	if v == nil {
+		return nil
+	}
+	original := v.(map[string]interface{})
+	if len(original) == 0 {
+		return nil
+	}
+	transformed := make(map[string]interface{})
+	transformed["enabled"] =
+		flattenComputeRegionBackendServiceDynamicForwardingForwardProxyEnabled(original["enabled"], d, config)
+	transformed["proxy_mode"] =
+		flattenComputeRegionBackendServiceDynamicForwardingForwardProxyProxyMode(original["proxyMode"], d, config)
+	return []interface{}{transformed}
+}
+func flattenComputeRegionBackendServiceDynamicForwardingForwardProxyEnabled(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
+func flattenComputeRegionBackendServiceDynamicForwardingForwardProxyProxyMode(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
 func flattenComputeRegionBackendServiceHaPolicy(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
 	if v == nil {
 		return nil
@@ -5580,6 +5627,13 @@ func expandComputeRegionBackendServiceDynamicForwarding(v interface{}, d tpgreso
 		transformed["ipPortSelection"] = transformedIpPortSelection
 	}
 
+	transformedForwardProxy, err := expandComputeRegionBackendServiceDynamicForwardingForwardProxy(original["forward_proxy"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedForwardProxy); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["forwardProxy"] = transformedForwardProxy
+	}
+
 	return transformed, nil
 }
 
@@ -5609,6 +5663,43 @@ func expandComputeRegionBackendServiceDynamicForwardingIpPortSelectionEnabled(v
 	return v, nil
 }
 
+func expandComputeRegionBackendServiceDynamicForwardingForwardProxy(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	if v == nil {
+		return nil, nil
+	}
+	l := v.([]interface{})
+	if len(l) == 0 || l[0] == nil {
+		return nil, nil
+	}
+	raw := l[0]
+	original := raw.(map[string]interface{})
+	transformed := make(map[string]interface{})
+
+	transformedEnabled, err := expandComputeRegionBackendServiceDynamicForwardingForwardProxyEnabled(original["enabled"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedEnabled); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["enabled"] = transformedEnabled
+	}
+
+	transformedProxyMode, err := expandComputeRegionBackendServiceDynamicForwardingForwardProxyProxyMode(original["proxy_mode"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedProxyMode); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["proxyMode"] = transformedProxyMode
+	}
+
+	return transformed, nil
+}
+
+func expandComputeRegionBackendServiceDynamicForwardingForwardProxyEnabled(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
+func expandComputeRegionBackendServiceDynamicForwardingForwardProxyProxyMode(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandComputeRegionBackendServiceHaPolicy(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	if v == nil {
 		return nil, nil
@@ -5827,7 +5918,7 @@ func expandComputeRegionBackendServiceRegion(v interface{}, d tpgresource.Terraf
 }
 
 func resourceComputeRegionBackendServiceEncoder(d *schema.ResourceData, meta interface{}, obj map[string]interface{}) (map[string]interface{}, error) {
-	if d.Get("load_balancing_scheme").(string) == "EXTERNAL_MANAGED" || d.Get("load_balancing_scheme").(string) == "INTERNAL_MANAGED" {
+	if d.Get("load_balancing_scheme").(string) == "EXTERNAL_MANAGED" || d.Get("load_balancing_scheme").(string) == "INTERNAL_MANAGED" || d.Get("load_balancing_scheme").(string) == "INTERNAL_SELF_MANAGED" {
 		return obj, nil
 	}
 

google-beta/services/compute/resource_compute_region_backend_service_generated_meta.yaml

@@ -82,6 +82,8 @@ fields:
     - api_field: customMetrics.dryRun
     - api_field: customMetrics.name
     - api_field: description
+    - api_field: dynamicForwarding.forwardProxy.enabled
+    - api_field: dynamicForwarding.forwardProxy.proxyMode
     - api_field: dynamicForwarding.ipPortSelection.enabled
     - api_field: enableCDN
     - api_field: failoverPolicy.disableConnectionDrainOnFailover

google-beta/services/compute/resource_compute_region_backend_service_generated_test.go

@@ -779,6 +779,92 @@ resource "google_compute_region_backend_service" "default" {
 `, context)
 }
 
+func TestAccComputeRegionBackendService_regionBackendServiceDynamicForwardingForwardProxyCloudRunExample(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t),
+		CheckDestroy:             testAccCheckComputeRegionBackendServiceDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccComputeRegionBackendService_regionBackendServiceDynamicForwardingForwardProxyCloudRunExample(context),
+			},
+			{
+				ResourceName:            "google_compute_region_backend_service.default",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"iap.0.oauth2_client_secret", "network", "params", "region"},
+			},
+		},
+	})
+}
+
+func testAccComputeRegionBackendService_regionBackendServiceDynamicForwardingForwardProxyCloudRunExample(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_compute_region_backend_service" "default" {
+  provider              = google-beta
+  name                  = "tf-test-region-service%{random_suffix}"
+  region                = "us-central1"
+  load_balancing_scheme = "INTERNAL_SELF_MANAGED"
+  protocol = "HTTP2"
+  dynamic_forwarding {
+    forward_proxy {
+      enabled = true
+      proxy_mode = "CLOUD_RUN"
+    }
+  }
+}
+`, context)
+}
+
+func TestAccComputeRegionBackendService_regionBackendServiceDynamicForwardingForwardProxyDirectForwardingExample(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t),
+		CheckDestroy:             testAccCheckComputeRegionBackendServiceDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccComputeRegionBackendService_regionBackendServiceDynamicForwardingForwardProxyDirectForwardingExample(context),
+			},
+			{
+				ResourceName:            "google_compute_region_backend_service.default",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"iap.0.oauth2_client_secret", "network", "params", "region"},
+			},
+		},
+	})
+}
+
+func testAccComputeRegionBackendService_regionBackendServiceDynamicForwardingForwardProxyDirectForwardingExample(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+resource "google_compute_region_backend_service" "default" {
+  provider                        = google-beta
+  name                            = "tf-test-region-service%{random_suffix}"
+  region                          = "us-central1"
+  load_balancing_scheme           = "INTERNAL_SELF_MANAGED"
+  protocol                        = "HTTP2"
+  dynamic_forwarding {
+    forward_proxy {
+      enabled = true
+      proxy_mode = "DIRECT_FORWARDING"
+    }
+  }
+}
+`, context)
+}
+
 func TestAccComputeRegionBackendService_regionBackendServiceHaPolicyExample(t *testing.T) {
 	t.Parallel()
 

website/docs/r/compute_region_backend_service.html.markdown

@@ -556,6 +556,52 @@ resource "google_compute_region_backend_service" "default" {
   }
 }
 ```
+<div class = "oics-button" style="float: right; margin: 0 0 -15px">
+  <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md&cloudshell_working_dir=region_backend_service_dynamic_forwarding_forward_proxy_cloud_run&open_in_editor=main.tf" target="_blank">
+    <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
+  </a>
+</div>
+## Example Usage - Region Backend Service Dynamic Forwarding Forward Proxy Cloud Run
+
+
+```hcl
+resource "google_compute_region_backend_service" "default" {
+  provider              = google-beta
+  name                  = "region-service"
+  region                = "us-central1"
+  load_balancing_scheme = "INTERNAL_SELF_MANAGED"
+  protocol = "HTTP2"
+  dynamic_forwarding {
+    forward_proxy {
+      enabled = true
+      proxy_mode = "CLOUD_RUN"
+    }
+  }
+}
+```
+<div class = "oics-button" style="float: right; margin: 0 0 -15px">
+  <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md&cloudshell_working_dir=region_backend_service_dynamic_forwarding_forward_proxy_direct_forwarding&open_in_editor=main.tf" target="_blank">
+    <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
+  </a>
+</div>
+## Example Usage - Region Backend Service Dynamic Forwarding Forward Proxy Direct Forwarding
+
+
+```hcl
+resource "google_compute_region_backend_service" "default" {
+  provider                        = google-beta
+  name                            = "region-service"
+  region                          = "us-central1"
+  load_balancing_scheme           = "INTERNAL_SELF_MANAGED"
+  protocol                        = "HTTP2"
+  dynamic_forwarding {
+    forward_proxy {
+      enabled = true
+      proxy_mode = "DIRECT_FORWARDING"
+    }
+  }
+}
+```
 <div class = "oics-button" style="float: right; margin: 0 0 -15px">
   <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md&cloudshell_working_dir=region_backend_service_ha_policy&open_in_editor=main.tf" target="_blank">
     <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
@@ -804,7 +850,7 @@ The following arguments are supported:
   balancing cannot be used with the other(s). For more information, refer to
   [Choosing a load balancer](https://cloud.google.com/load-balancing/docs/backend-service).
   Default value is `INTERNAL`.
-  Possible values are: `EXTERNAL`, `EXTERNAL_MANAGED`, `INTERNAL`, `INTERNAL_MANAGED`.
+  Possible values are: `EXTERNAL`, `EXTERNAL_MANAGED`, `INTERNAL`, `INTERNAL_MANAGED`, `INTERNAL_SELF_MANAGED`.
 
 * `locality_lb_policy` -
   (Optional)
@@ -1665,13 +1711,29 @@ The following arguments are supported:
   IP:PORT based dynamic forwarding configuration.
   Structure is [documented below](#nested_dynamic_forwarding_ip_port_selection).
 
+* `forward_proxy` -
+  (Optional, [Beta](../guides/provider_versions.html.markdown))
+  Dynamic Forwarding Proxy configuration.
+  Structure is [documented below](#nested_dynamic_forwarding_forward_proxy).
+
 
 <a name="nested_dynamic_forwarding_ip_port_selection"></a>The `ip_port_selection` block supports:
 
 * `enabled` -
   (Optional, [Beta](../guides/provider_versions.html.markdown))
   A boolean flag enabling IP:PORT based dynamic forwarding.
 
+<a name="nested_dynamic_forwarding_forward_proxy"></a>The `forward_proxy` block supports:
+
+* `enabled` -
+  (Required, [Beta](../guides/provider_versions.html.markdown))
+  A boolean flag enabling dynamic forwarding proxy.
+
+* `proxy_mode` -
+  (Required, [Beta](../guides/provider_versions.html.markdown))
+  Determines the dynamic forwarding proxy mode
+  Possible values are: `DIRECT_FORWARDING`, `CLOUD_RUN`.
+
 <a name="nested_ha_policy"></a>The `ha_policy` block supports:
 
 * `fast_ip_move` -