hashicorp · modular-magician · Aug 15, 2024 · Aug 15, 2024
diff --git a/.changelog/10897.txt b/.changelog/10897.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+compute: added fields `reserved_internal_range` and `secondary_ip_ranges[].reserved_internal_range` to `google_compute_subnetwork` resource
+```
diff --git a/google/services/compute/resource_compute_subnetwork.go b/google/services/compute/resource_compute_subnetwork.go
@@ -79,15 +79,6 @@ func ResourceComputeSubnetwork() *schema.Resource {
 		),
 
 		Schema: map[string]*schema.Schema{
-			"ip_cidr_range": {
-				Type:         schema.TypeString,
-				Required:     true,
-				ValidateFunc: verify.ValidateIpCidrRange,
-				Description: `The range of internal addresses that are owned by this subnetwork.
-Provide this property when you create the subnetwork. For example,
-10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and
-non-overlapping within a network. Only IPv4 is supported.`,
-			},
 			"name": {
 				Type:         schema.TypeString,
 				Required:     true,
@@ -124,6 +115,17 @@ creation time.`,
 				ForceNew:    true,
 				Description: `The range of external IPv6 addresses that are owned by this subnetwork.`,
 			},
+			"ip_cidr_range": {
+				Type:         schema.TypeString,
+				Computed:     true,
+				Optional:     true,
+				ValidateFunc: verify.ValidateIpCidrRange,
+				Description: `The range of internal addresses that are owned by this subnetwork.
+Provide this property when you create the subnetwork. For example,
+10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and
+non-overlapping within a network. Only IPv4 is supported.
+Field is optional when 'reserved_internal_range' is defined, otherwise required.`,
+			},
 			"ipv6_access_type": {
 				Type:         schema.TypeString,
 				Optional:     true,
@@ -230,6 +232,14 @@ If unspecified, the purpose defaults to 'PRIVATE_RFC_1918'.`,
 				DiffSuppressFunc: tpgresource.CompareSelfLinkOrResourceName,
 				Description:      `The GCP region for this subnetwork.`,
 			},
+			"reserved_internal_range": {
+				Type:             schema.TypeString,
+				Optional:         true,
+				ForceNew:         true,
+				DiffSuppressFunc: tpgresource.CompareSelfLinkOrResourceName,
+				Description: `The ID of the reserved internal range. Must be prefixed with 'networkconnectivity.googleapis.com'
+E.g. 'networkconnectivity.googleapis.com/projects/{project}/locations/global/internalRanges/{rangeId}'`,
+			},
 			"role": {
 				Type:         schema.TypeString,
 				Optional:     true,
@@ -257,15 +267,6 @@ of zero objects you must use the following syntax:
 For more details about this behavior, see [this section](https://www.terraform.io/docs/configuration/attr-as-blocks.html#defining-a-fixed-object-collection-value).`,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
-						"ip_cidr_range": {
-							Type:         schema.TypeString,
-							Required:     true,
-							ValidateFunc: verify.ValidateIpCidrRange,
-							Description: `The range of IP addresses belonging to this subnetwork secondary
-range. Provide this property when you create the subnetwork.
-Ranges must be unique and non-overlapping with all primary and
-secondary IP ranges within a network. Only IPv4 is supported.`,
-						},
 						"range_name": {
 							Type:         schema.TypeString,
 							Required:     true,
@@ -275,6 +276,24 @@ when adding an alias IP range to a VM instance. The name must
 be 1-63 characters long, and comply with RFC1035. The name
 must be unique within the subnetwork.`,
 						},
+						"ip_cidr_range": {
+							Type:         schema.TypeString,
+							Computed:     true,
+							Optional:     true,
+							ValidateFunc: verify.ValidateIpCidrRange,
+							Description: `The range of IP addresses belonging to this subnetwork secondary
+range. Provide this property when you create the subnetwork.
+Ranges must be unique and non-overlapping with all primary and
+secondary IP ranges within a network. Only IPv4 is supported.
+Field is optional when 'reserved_internal_range' is defined, otherwise required.`,
+						},
+						"reserved_internal_range": {
+							Type:             schema.TypeString,
+							Optional:         true,
+							DiffSuppressFunc: tpgresource.CompareSelfLinkOrResourceName,
+							Description: `The ID of the reserved internal range. Must be prefixed with 'networkconnectivity.googleapis.com'
+E.g. 'networkconnectivity.googleapis.com/projects/{project}/locations/global/internalRanges/{rangeId}'`,
+						},
 					},
 				},
 			},
@@ -390,6 +409,12 @@ func resourceComputeSubnetworkCreate(d *schema.ResourceData, meta interface{}) e
 	} else if v, ok := d.GetOkExists("ip_cidr_range"); !tpgresource.IsEmptyValue(reflect.ValueOf(ipCidrRangeProp)) && (ok || !reflect.DeepEqual(v, ipCidrRangeProp)) {
 		obj["ipCidrRange"] = ipCidrRangeProp
 	}
+	reservedInternalRangeProp, err := expandComputeSubnetworkReservedInternalRange(d.Get("reserved_internal_range"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("reserved_internal_range"); !tpgresource.IsEmptyValue(reflect.ValueOf(reservedInternalRangeProp)) && (ok || !reflect.DeepEqual(v, reservedInternalRangeProp)) {
+		obj["reservedInternalRange"] = reservedInternalRangeProp
+	}
 	nameProp, err := expandComputeSubnetworkName(d.Get("name"), d, config)
 	if err != nil {
 		return err
@@ -573,6 +598,9 @@ func resourceComputeSubnetworkRead(d *schema.ResourceData, meta interface{}) err
 	if err := d.Set("ip_cidr_range", flattenComputeSubnetworkIpCidrRange(res["ipCidrRange"], d, config)); err != nil {
 		return fmt.Errorf("Error reading Subnetwork: %s", err)
 	}
+	if err := d.Set("reserved_internal_range", flattenComputeSubnetworkReservedInternalRange(res["reservedInternalRange"], d, config)); err != nil {
+		return fmt.Errorf("Error reading Subnetwork: %s", err)
+	}
 	if err := d.Set("name", flattenComputeSubnetworkName(res["name"], d, config)); err != nil {
 		return fmt.Errorf("Error reading Subnetwork: %s", err)
 	}
@@ -1112,6 +1140,13 @@ func flattenComputeSubnetworkIpCidrRange(v interface{}, d *schema.ResourceData,
 	return v
 }
 
+func flattenComputeSubnetworkReservedInternalRange(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	if v == nil {
+		return v
+	}
+	return tpgresource.ConvertSelfLinkToV1(v.(string))
+}
+
 func flattenComputeSubnetworkName(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
 	return v
 }
@@ -1144,8 +1179,9 @@ func flattenComputeSubnetworkSecondaryIpRange(v interface{}, d *schema.ResourceD
 			continue
 		}
 		transformed = append(transformed, map[string]interface{}{
-			"range_name":    flattenComputeSubnetworkSecondaryIpRangeRangeName(original["rangeName"], d, config),
-			"ip_cidr_range": flattenComputeSubnetworkSecondaryIpRangeIpCidrRange(original["ipCidrRange"], d, config),
+			"range_name":              flattenComputeSubnetworkSecondaryIpRangeRangeName(original["rangeName"], d, config),
+			"ip_cidr_range":           flattenComputeSubnetworkSecondaryIpRangeIpCidrRange(original["ipCidrRange"], d, config),
+			"reserved_internal_range": flattenComputeSubnetworkSecondaryIpRangeReservedInternalRange(original["reservedInternalRange"], d, config),
 		})
 	}
 	return transformed
@@ -1158,6 +1194,13 @@ func flattenComputeSubnetworkSecondaryIpRangeIpCidrRange(v interface{}, d *schem
 	return v
 }
 
+func flattenComputeSubnetworkSecondaryIpRangeReservedInternalRange(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	if v == nil {
+		return v
+	}
+	return tpgresource.ConvertSelfLinkToV1(v.(string))
+}
+
 func flattenComputeSubnetworkPrivateIpGoogleAccess(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
 	return v
 }
@@ -1234,6 +1277,10 @@ func expandComputeSubnetworkIpCidrRange(v interface{}, d tpgresource.TerraformRe
 	return v, nil
 }
 
+func expandComputeSubnetworkReservedInternalRange(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandComputeSubnetworkName(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	return v, nil
 }
@@ -1278,6 +1325,13 @@ func expandComputeSubnetworkSecondaryIpRange(v interface{}, d tpgresource.Terraf
 			transformed["ipCidrRange"] = transformedIpCidrRange
 		}
 
+		transformedReservedInternalRange, err := expandComputeSubnetworkSecondaryIpRangeReservedInternalRange(original["reserved_internal_range"], d, config)
+		if err != nil {
+			return nil, err
+		} else if val := reflect.ValueOf(transformedReservedInternalRange); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+			transformed["reservedInternalRange"] = transformedReservedInternalRange
+		}
+
 		req = append(req, transformed)
 	}
 	return req, nil
@@ -1291,6 +1345,10 @@ func expandComputeSubnetworkSecondaryIpRangeIpCidrRange(v interface{}, d tpgreso
 	return v, nil
 }
 
+func expandComputeSubnetworkSecondaryIpRangeReservedInternalRange(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandComputeSubnetworkPrivateIpGoogleAccess(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	return v, nil
 }

diff --git a/google/services/compute/resource_compute_subnetwork_generated_test.go b/google/services/compute/resource_compute_subnetwork_generated_test.go
@@ -49,7 +49,7 @@ func TestAccComputeSubnetwork_subnetworkBasicExample(t *testing.T) {
 				ResourceName:            "google_compute_subnetwork.network-with-private-secondary-ip-ranges",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"network", "region"},
+				ImportStateVerifyIgnore: []string{"network", "region", "reserved_internal_range"},
 			},
 		},
 	})
@@ -94,7 +94,7 @@ func TestAccComputeSubnetwork_subnetworkLoggingConfigExample(t *testing.T) {
 				ResourceName:            "google_compute_subnetwork.subnet-with-logging",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"network", "region"},
+				ImportStateVerifyIgnore: []string{"network", "region", "reserved_internal_range"},
 			},
 		},
 	})
@@ -141,7 +141,7 @@ func TestAccComputeSubnetwork_subnetworkIpv6Example(t *testing.T) {
 				ResourceName:            "google_compute_subnetwork.subnetwork-ipv6",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"network", "region"},
+				ImportStateVerifyIgnore: []string{"network", "region", "reserved_internal_range"},
 			},
 		},
 	})
@@ -187,7 +187,7 @@ func TestAccComputeSubnetwork_subnetworkInternalIpv6Example(t *testing.T) {
 				ResourceName:            "google_compute_subnetwork.subnetwork-internal-ipv6",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"network", "region"},
+				ImportStateVerifyIgnore: []string{"network", "region", "reserved_internal_range"},
 			},
 		},
 	})

diff --git a/website/docs/r/compute_subnetwork.html.markdown b/website/docs/r/compute_subnetwork.html.markdown
@@ -235,19 +235,99 @@ resource "google_compute_network" "net-cidr-overlap" {
   auto_create_subnetworks = false
 }
 ```
+<div class = "oics-button" style="float: right; margin: 0 0 -15px">
+  <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md&cloudshell_working_dir=subnetwork_reserved_internal_range&open_in_editor=main.tf" target="_blank">
+    <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
+  </a>
+</div>
+## Example Usage - Subnetwork Reserved Internal Range
+
+
+```hcl
+resource "google_compute_subnetwork" "subnetwork-reserved-internal-range" {
+  provider                = google-beta
+  name                    = "subnetwork-reserved-internal-range"
+  region                  = "us-central1"
+  network                 = google_compute_network.default.id
+  reserved_internal_range = "networkconnectivity.googleapis.com/${google_network_connectivity_internal_range.reserved.id}"
+}
+
+resource "google_compute_network" "default" {
+  provider                = google-beta
+  name                    = "network-reserved-internal-range"
+  auto_create_subnetworks = false
+}
+
+resource "google_network_connectivity_internal_range" "reserved" {
+  provider          = google-beta
+  name              = "reserved"
+  network           = google_compute_network.default.id
+  usage             = "FOR_VPC"
+  peering           = "FOR_SELF"
+  prefix_length     = 24
+  target_cidr_range = [
+    "10.0.0.0/8"
+  ]
+}
+```
+<div class = "oics-button" style="float: right; margin: 0 0 -15px">
+  <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md&cloudshell_working_dir=subnetwork_reserved_secondary_range&open_in_editor=main.tf" target="_blank">
+    <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
+  </a>
+</div>
+## Example Usage - Subnetwork Reserved Secondary Range
+
+
+```hcl
+resource "google_compute_subnetwork" "subnetwork-reserved-secondary-range" {
+  provider                = google-beta
+  name                    = "subnetwork-reserved-secondary-range"
+  region                  = "us-central1"
+  network                 = google_compute_network.default.id
+  reserved_internal_range = "networkconnectivity.googleapis.com/${google_network_connectivity_internal_range.reserved.id}"
+
+  secondary_ip_range {
+    range_name              = "secondary"
+    reserved_internal_range = "networkconnectivity.googleapis.com/${google_network_connectivity_internal_range.reserved_secondary.id}"
+  }
+}
+
+resource "google_compute_network" "default" {
+  provider                = google-beta
+  name                    = "network-reserved-secondary-range"
+  auto_create_subnetworks = false
+}
+
+resource "google_network_connectivity_internal_range" "reserved" {
+  provider          = google-beta
+  name              = "reserved"
+  network           = google_compute_network.default.id
+  usage             = "FOR_VPC"
+  peering           = "FOR_SELF"
+  prefix_length     = 24
+  target_cidr_range = [
+    "10.0.0.0/8"
+  ]
+}
+
+resource "google_network_connectivity_internal_range" "reserved_secondary" {
+  provider          = google-beta
+  name              = "reserved-secondary"
+  network           = google_compute_network.default.id
+  usage             = "FOR_VPC"
+  peering           = "FOR_SELF"
+  prefix_length     = 16
+  target_cidr_range = [
+    "10.0.0.0/8"
+  ]
+}
+```
 
 ## Argument Reference
 
 The following arguments are supported:
 
 
-* `ip_cidr_range` -
-  (Required)
-  The range of internal addresses that are owned by this subnetwork.
-  Provide this property when you create the subnetwork. For example,
-  10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and
-  non-overlapping within a network. Only IPv4 is supported.
-
 * `name` -
   (Required)
   The name of the resource, provided by the client when initially
@@ -273,6 +353,19 @@ The following arguments are supported:
   you create the resource. This field can be set only at resource
   creation time.
 
+* `ip_cidr_range` -
+  (Optional)
+  The range of internal addresses that are owned by this subnetwork.
+  Provide this property when you create the subnetwork. For example,
+  10.0.0.0/8 or 192.168.0.0/16. Ranges must be unique and
+  non-overlapping within a network. Only IPv4 is supported.
+  Field is optional when `reserved_internal_range` is defined, otherwise required.
+
+* `reserved_internal_range` -
+  (Optional)
+  The ID of the reserved internal range. Must be prefixed with `networkconnectivity.googleapis.com`
+  E.g. `networkconnectivity.googleapis.com/projects/{project}/locations/global/internalRanges/{rangeId}`
+
 * `purpose` -
   (Optional)
   The purpose of the resource. This field can be either `PRIVATE_RFC_1918`, `REGIONAL_MANAGED_PROXY`, `GLOBAL_MANAGED_PROXY`, `PRIVATE_SERVICE_CONNECT` or `PRIVATE_NAT`([Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html)).
@@ -364,11 +457,17 @@ The following arguments are supported:
   must be unique within the subnetwork.
 
 * `ip_cidr_range` -
-  (Required)
+  (Optional)
   The range of IP addresses belonging to this subnetwork secondary
   range. Provide this property when you create the subnetwork.
   Ranges must be unique and non-overlapping with all primary and
   secondary IP ranges within a network. Only IPv4 is supported.
+  Field is optional when `reserved_internal_range` is defined, otherwise required.
+
+* `reserved_internal_range` -
+  (Optional)
+  The ID of the reserved internal range. Must be prefixed with `networkconnectivity.googleapis.com`
+  E.g. `networkconnectivity.googleapis.com/projects/{project}/locations/global/internalRanges/{rangeId}`
 
 <a name="nested_log_config"></a>The `log_config` block supports: