GoogleCloudPlatform · c2thorn · Jun 22, 2021 · May 24, 2021 · May 24, 2021 · May 24, 2021
diff --git a/mmv1/products/appengine/ansible.yaml b/mmv1/products/appengine/ansible.yaml
@@ -37,6 +37,8 @@ overrides: !ruby/object:Overrides::ResourceOverrides
     exclude: true
   DomainMapping: !ruby/object:Overrides::Ansible::ResourceOverride
     exclude: true
+  ServiceNetworkSettings: !ruby/object:Overrides::Ansible::ResourceOverride
+    exclude: true
 files: !ruby/object:Provider::Config::Files
   resource:
 <%= lines(indent(compile('provider/ansible/resource~compile.yaml'), 4)) -%>
diff --git a/mmv1/products/appengine/api.yaml b/mmv1/products/appengine/api.yaml
@@ -1462,3 +1462,57 @@ objects:
             required: true
             description: |
               Mapping from version IDs within the service to fractional (0.000, 1] allocations of traffic for that version. Each version can be specified only once, but some versions in the service may not have any traffic allocation. Services that have traffic allocated cannot be deleted until either the service is deleted or their traffic allocation is removed. Allocations must sum to 1. Up to two decimal place precision is supported for IP-based splits and up to three decimal places is supported for cookie-based splits.
+  - !ruby/object:Api::Resource
+    name: 'ServiceNetworkSettings'
+    description: |
+      A NetworkSettings resource is a container for ingress settings for a version or service.
+    base_url: 'apps/{{project}}/services'
+    self_link: 'apps/{{project}}/services/{{service}}'
+    create_url: 'apps/{{project}}/services/{{service}}?updateMask=networkSettings'
+    create_verb: :PATCH
+    update_url: 'apps/{{project}}/services/{{service}}'
+    update_verb: :PATCH
+    update_mask: true
+    references: !ruby/object:Api::Resource::ReferenceLinks
+      api: 'https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1/apps.services'
+    async: !ruby/object:Api::OpAsync
+      operation: !ruby/object:Api::OpAsync::Operation
+        kind: 'appengine#operation'
+        path: 'name'
+        base_url: 'projects/{{project}}/global/operations/{{op_id}}'
+        wait_ms: 1000
+      result: !ruby/object:Api::OpAsync::Result
+        path: 'targetLink'
+      status: !ruby/object:Api::OpAsync::Status
+        path: 'status'
+        complete: 'DONE'
+        allowed:
+          - 'PENDING'
+          - 'RUNNING'
+          - 'DONE'
+      error: !ruby/object:Api::OpAsync::Error
+        path: 'error/errors'
+        message: 'message'
+    properties:
+      - !ruby/object:Api::Type::String
+        name: 'service'
+        api_name: 'id'
+        required: true
+        description: |
+          The name of the service these settings apply to.
+      - !ruby/object:Api::Type::NestedObject
+        name: 'networkSettings'
+        description: |
+          Ingress settings for this service. Will apply to all versions.
+        required: true
+        properties:
+          - !ruby/object:Api::Type::Enum
+            name: 'ingressTrafficAllowed'
+            description: |
+              The ingress settings for version or service.
+            default_value: :INGRESS_TRAFFIC_ALLOWED_UNSPECIFIED
+            values:
+              - :INGRESS_TRAFFIC_ALLOWED_UNSPECIFIED
+              - :INGRESS_TRAFFIC_ALLOWED_ALL
+              - :INGRESS_TRAFFIC_ALLOWED_INTERNAL_ONLY
+              - :INGRESS_TRAFFIC_ALLOWED_INTERNAL_AND_LB
diff --git a/mmv1/products/appengine/inspec.yaml b/mmv1/products/appengine/inspec.yaml
@@ -47,4 +47,5 @@ overrides: !ruby/object:Overrides::ResourceOverrides
     exclude: true  
   ServiceSplitTraffic: !ruby/object:Overrides::Inspec::ResourceOverride
     exclude: true  
-
+  ServiceNetworkSettings: !ruby/object:Overrides::Inspec::ResourceOverride
+    exclude: true  
diff --git a/mmv1/products/appengine/terraform.yaml b/mmv1/products/appengine/terraform.yaml
@@ -213,6 +213,20 @@ overrides: !ruby/object:Overrides::ResourceOverrides
           bucket_name: "appengine-static-content"
         test_env_vars:
           org_id: :ORG_ID
+  ServiceNetworkSettings: !ruby/object:Overrides::Terraform::ResourceOverride
+    id_format: "apps/{{project}}/services/{{service}}"
+    import_format: ["apps/{{project}}/services/{{service}}"]
+    mutex: "apps/{{project}}"
+    skip_delete: true
+    custom_code: !ruby/object:Provider::Terraform::CustomCode
+      test_check_destroy: templates/terraform/custom_check_destroy/skip_delete_during_test.go.erb
+    examples:
+      - !ruby/object:Provider::Terraform::Examples
+        name: "app_engine_service_network_settings"
+        primary_resource_id: 'liveapp'
+        vars:
+          service_id: "default"
+          bucket_name: "appengine-static-content"
 # This is for copying files over
 files: !ruby/object:Provider::Config::Files
   # These files have templating (ERB) code that will be run.

diff --git a/mmv1/templates/terraform/examples/app_engine_service_network_settings.tf.erb b/mmv1/templates/terraform/examples/app_engine_service_network_settings.tf.erb
@@ -0,0 +1,35 @@
+resource "google_storage_bucket" "bucket" {
+	name = "<%= ctx[:vars]['bucket_name'] %>"
+}
+
+resource "google_storage_bucket_object" "object" {
+	name   = "hello-world.zip"
+	bucket = google_storage_bucket.bucket.name
+	source = "./test-fixtures/appengine/hello-world.zip"
+}
+
+resource "google_app_engine_standard_app_version" "liveapp_v1" {
+  version_id = "v1"
+  service = "liveapp"
+  delete_service_on_destroy = true
+
+  runtime = "nodejs10"
+  entrypoint {
+    shell = "node ./app.js"
+  }
+  deployment {
+    zip {
+      source_url = "https://storage.googleapis.com/${google_storage_bucket.bucket.name}/${google_storage_bucket_object.object.name}"
+    }  
+  }
+  env_variables = {
+    port = "8080"
+  }
+}
+
+resource "google_app_engine_service_network_settings" "<%= ctx[:primary_resource_id] %>" {
+  service = google_app_engine_standard_app_version.liveapp_v1.service
+  network_settings {
+    ingress_traffic_allowed = "INGRESS_TRAFFIC_ALLOWED_INTERNAL_ONLY"
+  }
+}
diff --git a/mmv1/third_party/terraform/tests/resource_app_engine_service_network_settings_test.go b/mmv1/third_party/terraform/tests/resource_app_engine_service_network_settings_test.go
@@ -0,0 +1,116 @@
+package google
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+)
+
+func TestAccAppEngineServiceNetworkSettings_update(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": randString(t, 10),
+	}
+
+	vcrTest(t, resource.TestCase{
+		PreCheck:  func() { testAccPreCheck(t) },
+		Providers: testAccProviders,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAppEngineServiceNetworkSettings_basic(context),
+			},
+			{
+				ResourceName:      "google_app_engine_service_network_settings.main",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccAppEngineServiceNetworkSettings_update(context),
+			},
+			{
+				ResourceName:      "google_app_engine_service_network_settings.main",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func testAccAppEngineServiceNetworkSettings_basic(context map[string]interface{}) string {
+	return Nprintf(`
+resource "google_storage_bucket" "bucket" {
+  name = "tf-test-%{random_suffix}-ae-networksettings"
+}
+
+resource "google_storage_bucket_object" "object" {
+  name = "hello-world.zip"
+  bucket = google_storage_bucket.bucket.name
+  source = "./test-fixtures/appengine/hello-world.zip"
+}
+
+resource "google_app_engine_standard_app_version" "app" {
+  version_id = "v1"
+  service = "app-%{random_suffix}"
+  delete_service_on_destroy = true
+
+  runtime = "nodejs10"
+  entrypoint {
+    shell = "node ./app.js"
+  }
+  deployment {
+    zip {
+      source_url = "https://storage.googleapis.com/${google_storage_bucket.bucket.name}/${google_storage_bucket_object.object.name}"
+    }
+  }
+  env_variables = {
+    port = "8080"
+  }
+}
+
+resource "google_app_engine_service_network_settings" "main" {
+  service = google_app_engine_standard_app_version.app.service
+  network_settings {
+    ingress_traffic_allowed = "INGRESS_TRAFFIC_ALLOWED_ALL"
+  }
+}`, context)
+}
+
+func testAccAppEngineServiceNetworkSettings_update(context map[string]interface{}) string {
+	return Nprintf(`
+resource "google_storage_bucket" "bucket" {
+  name = "tf-test-%{random_suffix}-ae-networksettings"
+}
+
+resource "google_storage_bucket_object" "object" {
+  name = "hello-world.zip"
+  bucket = google_storage_bucket.bucket.name
+  source = "./test-fixtures/appengine/hello-world.zip"
+}
+
+resource "google_app_engine_standard_app_version" "app" {
+  version_id = "v1"
+  service = "app-%{random_suffix}"
+  delete_service_on_destroy = true
+
+  runtime = "nodejs10"
+  entrypoint {
+    shell = "node ./app.js"
+  }
+  deployment {
+    zip {
+      source_url = "https://storage.googleapis.com/${google_storage_bucket.bucket.name}/${google_storage_bucket_object.object.name}"
+    }
+  }
+  env_variables = {
+    port = "8080"
+  }
+}
+
+resource "google_app_engine_service_network_settings" "main" {
+  service = google_app_engine_standard_app_version.app.service
+  network_settings {
+    ingress_traffic_allowed = "INGRESS_TRAFFIC_ALLOWED_INTERNAL_ONLY"
+  }
+}`, context)
+}