Merge branch 'GoogleCloudPlatform:main' into main

docs/content/develop/field-reference.md

@@ -225,6 +225,18 @@ Example:
   diff_suppress_func: 'tpgresource.CaseDiffSuppress'
 ```
 
+### `api_name`
+Specifies a name to use for communication with the API that is different than
+the name of the field in Terraform. In general, setting an `api_name` is not
+recommended, because it makes it more difficult for users and maintainers to
+understand how the resource maps to the underlying API.
+
+```yaml
+- !ruby/object:Api::Type::String
+  name: 'fieldOne'
+  api_name: 'otherFieldName'
+```
+
 ## `Enum` properties
 
 ### `values`

docs/content/develop/permadiff.md

@@ -226,9 +226,7 @@ In tests, add the field to `ImportStateVerifyIgnore` on any relevant import step
 
 ## API returns a list in a different order than was sent {#list-order}
 
-For an Array of nested objects, convert it to a Set – this is a [breaking change]({{< ref "/develop/breaking-changes/breaking-changes" >}}) and can only happen in a major release.
-
-For an Array of simple values (such as strings or ints), rewrite the value in the flattener to match the order in the user's configuration. This will also simplify diffs if new values are added or removed.
+For an Array of string values (or nested objects with unique string identifiers), use the `SortStringsByConfigOrder` or `SortMapsByConfigOrder` helper functions to sort the API response to match the order in the user's configuration. This will also simplify diffs if new values are added or removed.
 
 {{< tabs "diff_suppress_list" >}}
 
@@ -239,10 +237,13 @@ Add a [custom flattener]({{< ref "/develop/custom-code#custom_flatten" >}}) for
 func flatten<%= prefix -%><%= titlelize_property(property) -%>(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
     configValue := d.Get("path.0.to.0.parent_field.0.nested_field").([]string)
 
-    ret := []string{}
-    // Add values from v to ret to match order in configValue and put any new strings at the end
+    sorted, err := tpgresource.SortStringsByConfigOrder(configValue, v.([]string))
+    if err != nil {
+        log.Printf("[ERROR] Could not sort API response value: %s", err)
+        return v
+    }
 
-    return ret
+    return sorted.(interface{})
 }
 ```
 {{< /tab >}}
@@ -253,11 +254,16 @@ Define resource-specific functions in your service package, for example at the t
 func flattenResourceNameFieldName(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
     configValue := d.Get("path.0.to.0.parent_field.0.nested_field").([]string)
 
-    ret := []string{}
-    // Add values from v to ret to match order in configValue and put any new strings at the end
+    sorted, err := tpgresource.SortStringsByConfigOrder(configValue, v.([]string))
+    if err != nil {
+        log.Printf("[ERROR] Could not sort API response value: %s", err)
+        return v
+    }
 
-    return ret
+    return sorted.(interface{})
 }
 ```
 {{< /tab >}}
 {{< /tabs >}}
+
+For other Array fields, convert the field to a Set – this is a [breaking change]({{< ref "/develop/breaking-changes/breaking-changes" >}}) and can only happen in a major release.

mmv1/products/artifactregistry/Repository.yaml

@@ -101,18 +101,79 @@ examples:
       repository_id: 'my-repository'
       description: 'example docker repository with cleanup policies'
   - !ruby/object:Provider::Terraform::Examples
-    name: 'artifact_registry_repository_remote_custom'
+    name: 'artifact_registry_repository_remote_dockerhub_auth'
     primary_resource_id: 'my-repo'
+    # Ignore this field as it is INPUT_ONLY. AR will not return this in the
+    # response.
+    ignore_read_extra:
+      - 'remote_repository_config.0.disable_upstream_validation'
     vars:
-      repository_id: 'example-custom-remote'
-      description: 'example remote docker repository with credentials'
+      repository_id: 'example-dockerhub-remote'
+      description: 'example remote dockerhub repository with credentials'
       secret_id: 'example-secret'
-      secret_resource_id: 'example-custom-remote-secret'
+      secret_resource_id: 'example-remote-secret'
+      username: 'remote-username'
+      secret_data: 'remote-password'
+  - !ruby/object:Provider::Terraform::Examples
+    name: 'artifact_registry_repository_remote_docker_custom_with_auth'
+    primary_resource_id: 'my-repo'
+    ignore_read_extra:
+      # Ignore this field as it is INPUT_ONLY. AR will not return this in the
+      # response.
+      - 'remote_repository_config.0.disable_upstream_validation'
+    vars:
+      repository_id: 'example-docker-custom-remote'
+      description: 'example remote custom docker repository with credentials'
+      secret_id: 'example-secret'
+      secret_resource_id: 'example-remote-secret'
+      username: 'remote-username'
+      secret_data: 'remote-password'
+  - !ruby/object:Provider::Terraform::Examples
+    name: 'artifact_registry_repository_remote_maven_custom_with_auth'
+    primary_resource_id: 'my-repo'
+    ignore_read_extra:
+      # Ignore this field as it is INPUT_ONLY. AR will not return this in the
+      # response.
+      - 'remote_repository_config.0.disable_upstream_validation'
+    vars:
+      repository_id: 'example-maven-custom-remote'
+      description: 'example remote custom maven repository with credentials'
+      secret_id: 'example-secret'
+      secret_resource_id: 'example-remote-secret'
+      username: 'remote-username'
+      secret_data: 'remote-password'
+  - !ruby/object:Provider::Terraform::Examples
+    name: 'artifact_registry_repository_remote_npm_custom_with_auth'
+    primary_resource_id: 'my-repo'
+    ignore_read_extra:
+      # Ignore this field as it is INPUT_ONLY. AR will not return this in the
+      # response.
+      - 'remote_repository_config.0.disable_upstream_validation'
+    vars:
+      repository_id: 'example-npm-custom-remote'
+      description: 'example remote custom npm repository with credentials'
+      secret_id: 'example-secret'
+      secret_resource_id: 'example-remote-secret'
+      username: 'remote-username'
+      secret_data: 'remote-password'
+  - !ruby/object:Provider::Terraform::Examples
+    name: 'artifact_registry_repository_remote_python_custom_with_auth'
+    primary_resource_id: 'my-repo'
+    ignore_read_extra:
+      # Ignore this field as it is INPUT_ONLY. AR will not return this in the
+      # response.
+      - 'remote_repository_config.0.disable_upstream_validation'
+    vars:
+      repository_id: 'example-python-custom-remote'
+      description: 'example remote custom python repository with credentials'
+      secret_id: 'example-secret'
+      secret_resource_id: 'example-remote-secret'
       username: 'remote-username'
       secret_data: 'remote-password'
 custom_code: !ruby/object:Provider::Terraform::CustomCode
   constants: templates/terraform/constants/artifact_registry_repository.go.erb
   encoder: templates/terraform/encoders/location_from_region.go.erb
+  pre_create: templates/terraform/pre_create/artifact_registry_remote_repository.go.erb
 properties:
   - !ruby/object:Api::Type::String
     name: name
@@ -388,14 +449,29 @@ properties:
         properties:
           - !ruby/object:Api::Type::Enum
             name: 'publicRepository'
-            exactly_one_of:
-              - remoteRepositoryConfig.0.docker_repository.0.public_repository
             description: |-
               Address of the remote repository.
             immutable: true
+            conflicts:
+              - remoteRepositoryConfig.0.docker_repository.0.custom_repository
             values:
               - :DOCKER_HUB
+            # Eventually lets delete default_value and custom_flatten in a major release
             default_value: :DOCKER_HUB
+            custom_flatten: 'templates/terraform/custom_flatten/default_if_empty.erb'
+          - !ruby/object:Api::Type::NestedObject
+            name: 'customRepository'
+            description: |-
+              Settings for a remote repository with a custom uri.
+            immutable: true
+            conflicts:
+              - remoteRepositoryConfig.0.docker_repository.0.public_repository
+            properties:
+              - !ruby/object:Api::Type::String
+                name: 'uri'
+                description: |-
+                  Specific uri to the registry, e.g. `"https://registry-1.docker.io"`
+                immutable: true
       - !ruby/object:Api::Type::NestedObject
         name: 'mavenRepository'
         exactly_one_of:
@@ -411,14 +487,29 @@ properties:
         properties:
           - !ruby/object:Api::Type::Enum
             name: 'publicRepository'
-            exactly_one_of:
-              - remoteRepositoryConfig.0.maven_repository.0.public_repository
             description: |-
               Address of the remote repository.
             immutable: true
+            conflicts:
+              - remoteRepositoryConfig.0.maven_repository.0.custom_repository
             values:
               - :MAVEN_CENTRAL
+            # Eventually lets delete default_value and custom_flatten in a major release
             default_value: :MAVEN_CENTRAL
+            custom_flatten: 'templates/terraform/custom_flatten/default_if_empty.erb'
+          - !ruby/object:Api::Type::NestedObject
+            name: 'customRepository'
+            description: |-
+              Settings for a remote repository with a custom uri.
+            immutable: true
+            conflicts:
+              - remoteRepositoryConfig.0.maven_repository.0.public_repository
+            properties:
+              - !ruby/object:Api::Type::String
+                name: 'uri'
+                description: |-
+                  Specific uri to the registry, e.g. `"https://repo.maven.apache.org/maven2"`
+                immutable: true
       - !ruby/object:Api::Type::NestedObject
         name: 'npmRepository'
         exactly_one_of:
@@ -434,14 +525,29 @@ properties:
         properties:
           - !ruby/object:Api::Type::Enum
             name: 'publicRepository'
-            exactly_one_of:
-              - remoteRepositoryConfig.0.npm_repository.0.public_repository
             description: |-
               Address of the remote repository.
             immutable: true
+            conflicts:
+              - remoteRepositoryConfig.0.npm_repository.0.custom_repository
             values:
               - :NPMJS
+            # Eventually lets delete default_value and custom_flatten in a major release
             default_value: :NPMJS
+            custom_flatten: 'templates/terraform/custom_flatten/default_if_empty.erb'
+          - !ruby/object:Api::Type::NestedObject
+            name: 'customRepository'
+            description: |-
+              Settings for a remote repository with a custom uri.
+            immutable: true
+            conflicts:
+              - remoteRepositoryConfig.0.npm_repository.0.public_repository
+            properties:
+              - !ruby/object:Api::Type::String
+                name: 'uri'
+                description: |-
+                  Specific uri to the registry, e.g. `"https://registry.npmjs.org"`
+                immutable: true
       - !ruby/object:Api::Type::NestedObject
         name: 'pythonRepository'
         exactly_one_of:
@@ -457,14 +563,29 @@ properties:
         properties:
           - !ruby/object:Api::Type::Enum
             name: 'publicRepository'
-            exactly_one_of:
-              - remoteRepositoryConfig.0.python_repository.0.public_repository
             description: |-
               Address of the remote repository.
             immutable: true
+            conflicts:
+              - remoteRepositoryConfig.0.python_repository.0.custom_repository
             values:
               - :PYPI
+            # Eventually lets delete default_value and custom_flatten in a major release
             default_value: :PYPI
+            custom_flatten: 'templates/terraform/custom_flatten/default_if_empty.erb'
+          - !ruby/object:Api::Type::NestedObject
+            name: 'customRepository'
+            description: |-
+              Settings for a remote repository with a custom uri.
+            immutable: true
+            conflicts:
+              - remoteRepositoryConfig.0.python_repository.0.public_repository
+            properties:
+              - !ruby/object:Api::Type::String
+                name: 'uri'
+                description: |-
+                  Specific uri to the registry, e.g. `"https://pypi.io"`
+                immutable: true
       - !ruby/object:Api::Type::NestedObject
         name: 'yumRepository'
         exactly_one_of:
@@ -527,6 +648,14 @@ properties:
                   remote repository. Must be in the format of
                   `projects/{project}/secrets/{secret}/versions/{version}`.
                 immutable: true
+      - !ruby/object:Api::Type::Boolean
+        name: 'disableUpstreamValidation'
+        # Ignore read on this field because it is INPUT_ONLY.
+        # Need to use custom flatten because ignore_read doesn't work with nested fields.
+        custom_flatten: 'templates/terraform/custom_flatten/artifactregistry_rr_disable_upstream_validation.go.erb'
+        description: |-
+          If true, the remote repository upstream and upstream credentials will
+          not be validated.
   - !ruby/object:Api::Type::Boolean
     name: 'cleanupPolicyDryRun'
     description: |-

mmv1/products/cloudfunctions2/Function.yaml

@@ -156,6 +156,28 @@ examples:
     ignore_read_extra:
       - 'build_config.0.source.0.storage_source.0.object'
       - 'build_config.0.source.0.storage_source.0.bucket'
+  - !ruby/object:Provider::Terraform::Examples
+    name: 'cloudfunctions2_basic_builder'
+    primary_resource_id: 'function'
+    primary_resource_name: "fmt.Sprintf(\"tf-test-function-v2%s\",
+      context[\"random_suffix\"\
+      ])"
+    vars:
+      function: 'function-v2'
+      bucket_name: 'gcf-source'
+      zip_path: 'function-source.zip'
+      service_account: 'gcf-sa'
+    test_env_vars:
+      project: :PROJECT_NAME
+    test_vars_overrides:
+      zip_path: '"./test-fixtures/function-source.zip"'
+      location:
+        '"us-central1"'
+        # ignore these fields during import step
+    ignore_read_extra:
+      - 'build_config.0.source.0.storage_source.0.object'
+      - 'build_config.0.source.0.storage_source.0.bucket'
+    pull_external: true
   - !ruby/object:Provider::Terraform::Examples
     name: 'cloudfunctions2_secret_env'
     primary_resource_id: 'function'
@@ -422,6 +444,10 @@ properties:
         description: |
           User managed repository created in Artifact Registry optionally with a customer managed encryption key.
         default_from_api: true
+      - !ruby/object:Api::Type::String
+        name: 'serviceAccount'
+        description: 'The fully-qualified name of the service account to be used for building the container.'
+        default_from_api: true
   - !ruby/object:Api::Type::NestedObject
     name: 'serviceConfig'
     description: 'Describes the Service being deployed.'

mmv1/products/compute/NetworkEdgeSecurityService.yaml

@@ -21,6 +21,8 @@ create_url: 'projects/{{project}}/regions/{{region}}/networkEdgeSecurityServices
 self_link: 'projects/{{project}}/regions/{{region}}/networkEdgeSecurityServices/{{name}}'
 update_verb: :PATCH
 update_mask: true
+# Skipping the sweeper since we need to sweep multiple regions
+skip_sweeper: true
 references: !ruby/object:Api::Resource::ReferenceLinks
   guides:
     'Official Documentation': 'https://cloud.google.com/armor/docs/advanced-network-ddos?hl=pt-br#activate_advanced_network_ddos_protection'

mmv1/templates/terraform/custom_flatten/artifactregistry_rr_disable_upstream_validation.go.erb

@@ -0,0 +1,3 @@
+func flatten<%= prefix -%><%= titlelize_property(property) -%>(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+  return d.Get("remote_repository_config.0.disable_upstream_validation")
+}

mmv1/templates/terraform/examples/artifact_registry_repository_remote_docker_custom_with_auth.tf.erb

@@ -0,0 +1,42 @@
+data "google_project" "project" {}
+
+resource "google_secret_manager_secret" "<%= ctx[:vars]['secret_resource_id'] %>" {
+  secret_id = "<%= ctx[:vars]['secret_id'] %>"
+  replication {
+    auto {}
+  }
+}
+
+resource "google_secret_manager_secret_version" "<%= ctx[:vars]['secret_resource_id'] %>_version" {
+  secret = google_secret_manager_secret.<%= ctx[:vars]['secret_resource_id'] %>.id
+  secret_data = "<%= ctx[:vars]['secret_data'] %>"
+}
+
+resource "google_secret_manager_secret_iam_member" "secret-access" {
+  secret_id = google_secret_manager_secret.<%= ctx[:vars]['secret_resource_id'] %>.id
+  role      = "roles/secretmanager.secretAccessor"
+  member    = "serviceAccount:service-${data.google_project.project.number}@gcp-sa-artifactregistry.iam.gserviceaccount.com"
+}
+
+resource "google_artifact_registry_repository" "<%= ctx[:primary_resource_id] %>" {
+  location      = "us-central1"
+  repository_id = "<%= ctx[:vars]['repository_id'] %>"
+  description   = "<%= ctx[:vars]['description'] %>"
+  format        = "DOCKER"
+  mode          = "REMOTE_REPOSITORY"
+  remote_repository_config {
+    description = "custom docker remote with credentials"
+    disable_upstream_validation = true
+    docker_repository {
+      custom_repository {
+        uri = "https://registry-1.docker.io"
+      }
+    }
+    upstream_credentials {
+      username_password_credentials {
+        username = "<%= ctx[:vars]['username'] %>"
+        password_secret_version = google_secret_manager_secret_version.<%= ctx[:vars]['secret_resource_id'] %>_version.name
+      }
+    }
+  }
+}

mmv1/templates/terraform/examples/artifact_registry_repository_remote_custom.tf.erb → mmv1/templates/terraform/examples/artifact_registry_repository_remote_dockerhub_auth.tf.erb

@@ -26,6 +26,7 @@ resource "google_artifact_registry_repository" "<%= ctx[:primary_resource_id] %>
   mode          = "REMOTE_REPOSITORY"
   remote_repository_config {
     description = "docker hub with custom credentials"
+    disable_upstream_validation = true
     docker_repository {
       public_repository = "DOCKER_HUB"
     }