From 81636ac160057e59c8e8953895b9ec837e4e482d Mon Sep 17 00:00:00 2001
From: Matthew Rose <matthew.rose@maxkelsen.com>
Date: Mon, 24 May 2021 17:41:24 +1000
Subject: [PATCH 1/6] Initial functional app engine network settings resource

---
 mmv1/products/appengine/api.yaml | 53 ++++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)

diff --git a/mmv1/products/appengine/api.yaml b/mmv1/products/appengine/api.yaml
index 44891f489ba1..aed2b9ef8c2f 100644
--- a/mmv1/products/appengine/api.yaml
+++ b/mmv1/products/appengine/api.yaml
@@ -1462,3 +1462,56 @@ objects:
             required: true
             description: |
               Mapping from version IDs within the service to fractional (0.000, 1] allocations of traffic for that version. Each version can be specified only once, but some versions in the service may not have any traffic allocation. Services that have traffic allocated cannot be deleted until either the service is deleted or their traffic allocation is removed. Allocations must sum to 1. Up to two decimal place precision is supported for IP-based splits and up to three decimal places is supported for cookie-based splits.
+  - !ruby/object:Api::Resource
+    name: 'ServiceNetworkSettings'
+    description: |
+      A NetworkSettings resource is a container for ingress settings for a version or service.
+    base_url: 'apps/{{project}}/services'
+    self_link: 'apps/{{project}}/services/{{service}}'
+    create_url: 'apps/{{project}}/services/{{service}}?updateMask=networkSettings'
+    create_verb: :PATCH
+    update_url: 'apps/{{project}}/services/{{service}}'
+    update_verb: :PATCH
+    update_mask: true
+    references: !ruby/object:Api::Resource::ReferenceLinks
+      api: 'https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1/apps.services'
+    async: !ruby/object:Api::OpAsync
+      operation: !ruby/object:Api::OpAsync::Operation
+        kind: 'appengine#operation'
+        path: 'name'
+        base_url: 'projects/{{project}}/global/operations/{{op_id}}'
+        wait_ms: 1000
+      result: !ruby/object:Api::OpAsync::Result
+        path: 'targetLink'
+      status: !ruby/object:Api::OpAsync::Status
+        path: 'status'
+        complete: 'DONE'
+        allowed:
+          - 'PENDING'
+          - 'RUNNING'
+          - 'DONE'
+      error: !ruby/object:Api::OpAsync::Error
+        path: 'error/errors'
+        message: 'message'
+    properties:
+      - !ruby/object:Api::Type::String
+        name: 'service'
+        api_name: 'id'
+        required: true
+        description: |
+          The name of the service these settings apply to.
+      - !ruby/object:Api::Type::NestedObject
+        name: 'networkSettings'
+        description: |
+          Ingress settings for this service. Will apply to all versions.
+        required: true
+        properties:
+          - !ruby/object:Api::Type::Enum
+            name: 'ingressTrafficAllowed'
+            description: |
+              The ingress settings for version or service.
+            values:
+              - :INGRESS_TRAFFIC_ALLOWED_UNSPECIFIED
+              - :INGRESS_TRAFFIC_ALLOWED_ALL
+              - :INGRESS_TRAFFIC_ALLOWED_INTERNAL_ONLY
+              - :INGRESS_TRAFFIC_ALLOWED_INTERNAL_AND_LB

From 210f1cb52cc2ae63ace8e2e8a6ce93ed30725b63 Mon Sep 17 00:00:00 2001
From: Matthew Rose <matthew.rose@maxkelsen.com>
Date: Mon, 24 May 2021 19:03:18 +1000
Subject: [PATCH 2/6] Add service_network_settings example to generate test

---
 mmv1/products/appengine/terraform.yaml        | 18 ++++++++++
 ...app_engine_service_network_settings.tf.erb | 35 +++++++++++++++++++
 2 files changed, 53 insertions(+)
 create mode 100644 mmv1/templates/terraform/examples/app_engine_service_network_settings.tf.erb

diff --git a/mmv1/products/appengine/terraform.yaml b/mmv1/products/appengine/terraform.yaml
index 40e924a510da..4f8f3d5f7d7b 100644
--- a/mmv1/products/appengine/terraform.yaml
+++ b/mmv1/products/appengine/terraform.yaml
@@ -213,6 +213,24 @@ overrides: !ruby/object:Overrides::ResourceOverrides
           bucket_name: "appengine-static-content"
         test_env_vars:
           org_id: :ORG_ID
+  ServiceNetworkSettings: !ruby/object:Overrides::Terraform::ResourceOverride
+    id_format: "apps/{{project}}/services/{{service}}"
+    import_format: ["apps/{{project}}/services/{{service}}"]
+    mutex: "apps/{{project}}"
+    skip_delete: true
+    custom_code: !ruby/object:Provider::Terraform::CustomCode
+      test_check_destroy: templates/terraform/custom_check_destroy/skip_delete_during_test.go.erb
+    properties:
+      networkSettings: !ruby/object:Overrides::Terraform::PropertyOverride
+        ignore_read: true
+    examples:
+      - !ruby/object:Provider::Terraform::Examples
+        name: "app_engine_service_network_settings"
+        primary_resource_id: 'liveapp'
+        vars:
+          service_id: "default"
+          network_settings.ingress_traffic_allowed: "INGRESS_TRAFFIC_ALLOWED_INTERNAL_ONLY"
+          bucket_name: "appengine-static-content"
 # This is for copying files over
 files: !ruby/object:Provider::Config::Files
   # These files have templating (ERB) code that will be run.
diff --git a/mmv1/templates/terraform/examples/app_engine_service_network_settings.tf.erb b/mmv1/templates/terraform/examples/app_engine_service_network_settings.tf.erb
new file mode 100644
index 000000000000..01a5fa3710c3
--- /dev/null
+++ b/mmv1/templates/terraform/examples/app_engine_service_network_settings.tf.erb
@@ -0,0 +1,35 @@
+resource "google_storage_bucket" "bucket" {
+	name = "<%= ctx[:vars]['bucket_name'] %>"
+}
+
+resource "google_storage_bucket_object" "object" {
+	name   = "hello-world.zip"
+	bucket = google_storage_bucket.bucket.name
+	source = "./test-fixtures/appengine/hello-world.zip"
+}
+
+resource "google_app_engine_standard_app_version" "liveapp_v1" {
+  version_id = "v1"
+  service = "liveapp"
+  delete_service_on_destroy = true
+
+  runtime = "nodejs10"
+  entrypoint {
+    shell = "node ./app.js"
+  }
+  deployment {
+    zip {
+      source_url = "https://storage.googleapis.com/${google_storage_bucket.bucket.name}/${google_storage_bucket_object.object.name}"
+    }  
+  }
+  env_variables = {
+    port = "8080"
+  }
+}
+
+resource "google_app_engine_service_network_settings" "<%= ctx[:primary_resource_id] %>" {
+  service = google_app_engine_standard_app_version.liveapp_v1.service
+  network_settings {
+    ingress_traffic_allowed = "INGRESS_TRAFFIC_ALLOWED_INTERNAL_ONLY"
+  }
+}

From 4bec6e04b663a75e3601405f2336b264947e6c71 Mon Sep 17 00:00:00 2001
From: Matthew Rose <matthew.rose@maxkelsen.com>
Date: Mon, 24 May 2021 19:17:47 +1000
Subject: [PATCH 3/6] Add default value for enum

---
 mmv1/products/appengine/api.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/mmv1/products/appengine/api.yaml b/mmv1/products/appengine/api.yaml
index aed2b9ef8c2f..5c97dfff57ec 100644
--- a/mmv1/products/appengine/api.yaml
+++ b/mmv1/products/appengine/api.yaml
@@ -1510,6 +1510,7 @@ objects:
             name: 'ingressTrafficAllowed'
             description: |
               The ingress settings for version or service.
+            default_value: :INGRESS_TRAFFIC_ALLOWED_UNSPECIFIED
             values:
               - :INGRESS_TRAFFIC_ALLOWED_UNSPECIFIED
               - :INGRESS_TRAFFIC_ALLOWED_ALL

From a362677dbab9e13c8eef02b13683c738360f132d Mon Sep 17 00:00:00 2001
From: Matthew Rose <matthew.rose@maxkelsen.com>
Date: Thu, 3 Jun 2021 09:25:29 +1000
Subject: [PATCH 4/6] Exclude ServiceNetworkSettings from Inspec

---
 mmv1/products/appengine/inspec.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/mmv1/products/appengine/inspec.yaml b/mmv1/products/appengine/inspec.yaml
index a4458cff4707..fc0b60386639 100644
--- a/mmv1/products/appengine/inspec.yaml
+++ b/mmv1/products/appengine/inspec.yaml
@@ -47,4 +47,5 @@ overrides: !ruby/object:Overrides::ResourceOverrides
     exclude: true  
   ServiceSplitTraffic: !ruby/object:Overrides::Inspec::ResourceOverride
     exclude: true  
-  
\ No newline at end of file
+  ServiceNetworkSettings: !ruby/object:Overrides::Inspec::ResourceOverride
+    exclude: true  

From 409a839470b48ae1b33455b1b74c1aac02a07093 Mon Sep 17 00:00:00 2001
From: Matthew Rose <matthew.rose@maxkelsen.com>
Date: Wed, 9 Jun 2021 13:16:46 +1000
Subject: [PATCH 5/6] Exclude ServiceNetworkSettings from Ansible

---
 mmv1/products/appengine/ansible.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/mmv1/products/appengine/ansible.yaml b/mmv1/products/appengine/ansible.yaml
index 7d0ab5bcc8a1..3169da6e75b2 100644
--- a/mmv1/products/appengine/ansible.yaml
+++ b/mmv1/products/appengine/ansible.yaml
@@ -37,6 +37,8 @@ overrides: !ruby/object:Overrides::ResourceOverrides
     exclude: true
   DomainMapping: !ruby/object:Overrides::Ansible::ResourceOverride
     exclude: true
+  ServiceNetworkSettings: !ruby/object:Overrides::Ansible::ResourceOverride
+    exclude: true
 files: !ruby/object:Provider::Config::Files
   resource:
 <%= lines(indent(compile('provider/ansible/resource~compile.yaml'), 4)) -%>

From 74419fbe03cf098038f6159c2d467cc4cb4b511b Mon Sep 17 00:00:00 2001
From: Matthew Rose <matthew.rose@maxkelsen.com>
Date: Fri, 11 Jun 2021 13:36:24 +1000
Subject: [PATCH 6/6] Add update test, remove ignore_read from yaml

---
 mmv1/products/appengine/terraform.yaml        |   4 -
 ...pp_engine_service_network_settings_test.go | 116 ++++++++++++++++++
 2 files changed, 116 insertions(+), 4 deletions(-)
 create mode 100644 mmv1/third_party/terraform/tests/resource_app_engine_service_network_settings_test.go

diff --git a/mmv1/products/appengine/terraform.yaml b/mmv1/products/appengine/terraform.yaml
index 4f8f3d5f7d7b..930e997b3f8a 100644
--- a/mmv1/products/appengine/terraform.yaml
+++ b/mmv1/products/appengine/terraform.yaml
@@ -220,16 +220,12 @@ overrides: !ruby/object:Overrides::ResourceOverrides
     skip_delete: true
     custom_code: !ruby/object:Provider::Terraform::CustomCode
       test_check_destroy: templates/terraform/custom_check_destroy/skip_delete_during_test.go.erb
-    properties:
-      networkSettings: !ruby/object:Overrides::Terraform::PropertyOverride
-        ignore_read: true
     examples:
       - !ruby/object:Provider::Terraform::Examples
         name: "app_engine_service_network_settings"
         primary_resource_id: 'liveapp'
         vars:
           service_id: "default"
-          network_settings.ingress_traffic_allowed: "INGRESS_TRAFFIC_ALLOWED_INTERNAL_ONLY"
           bucket_name: "appengine-static-content"
 # This is for copying files over
 files: !ruby/object:Provider::Config::Files
diff --git a/mmv1/third_party/terraform/tests/resource_app_engine_service_network_settings_test.go b/mmv1/third_party/terraform/tests/resource_app_engine_service_network_settings_test.go
new file mode 100644
index 000000000000..d51f65b99a36
--- /dev/null
+++ b/mmv1/third_party/terraform/tests/resource_app_engine_service_network_settings_test.go
@@ -0,0 +1,116 @@
+package google
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccAppEngineServiceNetworkSettings_update(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": randString(t, 10),
+	}
+
+	vcrTest(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAppEngineServiceNetworkSettings_basic(context),
+			},
+			{
+				ResourceName:      "google_app_engine_service_network_settings.main",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccAppEngineServiceNetworkSettings_update(context),
+			},
+			{
+				ResourceName:      "google_app_engine_service_network_settings.main",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func testAccAppEngineServiceNetworkSettings_basic(context map[string]interface{}) string {
+	return Nprintf(`
+resource "google_storage_bucket" "bucket" {
+  name = "tf-test-%{random_suffix}-ae-networksettings"
+}
+
+resource "google_storage_bucket_object" "object" {
+  name = "hello-world.zip"
+  bucket = google_storage_bucket.bucket.name
+  source = "./test-fixtures/appengine/hello-world.zip"
+}
+
+resource "google_app_engine_standard_app_version" "app" {
+  version_id = "v1"
+  service = "app-%{random_suffix}"
+  delete_service_on_destroy = true
+
+  runtime = "nodejs10"
+  entrypoint {
+    shell = "node ./app.js"
+  }
+  deployment {
+    zip {
+      source_url = "https://storage.googleapis.com/${google_storage_bucket.bucket.name}/${google_storage_bucket_object.object.name}"
+    }
+  }
+  env_variables = {
+    port = "8080"
+  }
+}
+
+resource "google_app_engine_service_network_settings" "main" {
+  service = google_app_engine_standard_app_version.app.service
+  network_settings {
+    ingress_traffic_allowed = "INGRESS_TRAFFIC_ALLOWED_ALL"
+  }
+}`, context)
+}
+
+func testAccAppEngineServiceNetworkSettings_update(context map[string]interface{}) string {
+	return Nprintf(`
+resource "google_storage_bucket" "bucket" {
+  name = "tf-test-%{random_suffix}-ae-networksettings"
+}
+
+resource "google_storage_bucket_object" "object" {
+  name = "hello-world.zip"
+  bucket = google_storage_bucket.bucket.name
+  source = "./test-fixtures/appengine/hello-world.zip"
+}
+
+resource "google_app_engine_standard_app_version" "app" {
+  version_id = "v1"
+  service = "app-%{random_suffix}"
+  delete_service_on_destroy = true
+
+  runtime = "nodejs10"
+  entrypoint {
+    shell = "node ./app.js"
+  }
+  deployment {
+    zip {
+      source_url = "https://storage.googleapis.com/${google_storage_bucket.bucket.name}/${google_storage_bucket_object.object.name}"
+    }
+  }
+  env_variables = {
+    port = "8080"
+  }
+}
+
+resource "google_app_engine_service_network_settings" "main" {
+  service = google_app_engine_standard_app_version.app.service
+  network_settings {
+    ingress_traffic_allowed = "INGRESS_TRAFFIC_ALLOWED_INTERNAL_ONLY"
+  }
+}`, context)
+}