From 82e00b500f54c297961c18a8ed0dbd7f4ef8e850 Mon Sep 17 00:00:00 2001
From: The Magician <magic-modules@google.com>
Date: Wed, 8 May 2024 13:41:05 -0700
Subject: [PATCH] add autoNetworkTier to Router NAT (#9379) (#18055)

[upstream:f8831fb24cf0875492c4d141499a6a628daf838a]

Signed-off-by: Modular Magician <magic-modules@google.com>
---
 .../compute/resource_compute_router_nat.go    |  32 +++++
 .../resource_compute_router_nat_test.go       | 109 ++++++++++++++++++
 .../docs/r/compute_router_nat.html.markdown   |   7 ++
 3 files changed, 148 insertions(+)

diff --git a/google/services/compute/resource_compute_router_nat.go b/google/services/compute/resource_compute_router_nat.go
index b1ee0683852..fb758357e47 100644
--- a/google/services/compute/resource_compute_router_nat.go
+++ b/google/services/compute/resource_compute_router_nat.go
@@ -219,6 +219,15 @@ ranges in every Subnetwork are allowed to Nat.
 contains ALL_SUBNETWORKS_ALL_IP_RANGES or
 ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any
 other RouterNat section in any Router for this network in this region. Possible values: ["ALL_SUBNETWORKS_ALL_IP_RANGES", "ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES", "LIST_OF_SUBNETWORKS"]`,
+			},
+			"auto_network_tier": {
+				Type:         schema.TypeString,
+				Computed:     true,
+				Optional:     true,
+				ValidateFunc: verify.ValidateEnum([]string{"PREMIUM", "STANDARD", ""}),
+				Description: `The network tier to use when automatically reserving NAT IP addresses.
+Must be one of: PREMIUM, STANDARD. If not specified, then the current
+project-level default tier is used. Possible values: ["PREMIUM", "STANDARD"]`,
 			},
 			"drain_nat_ips": {
 				Type:     schema.TypeSet,
@@ -608,6 +617,12 @@ func resourceComputeRouterNatCreate(d *schema.ResourceData, meta interface{}) er
 	} else if v, ok := d.GetOkExists("enable_endpoint_independent_mapping"); ok || !reflect.DeepEqual(v, enableEndpointIndependentMappingProp) {
 		obj["enableEndpointIndependentMapping"] = enableEndpointIndependentMappingProp
 	}
+	autoNetworkTierProp, err := expandNestedComputeRouterNatAutoNetworkTier(d.Get("auto_network_tier"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("auto_network_tier"); !tpgresource.IsEmptyValue(reflect.ValueOf(autoNetworkTierProp)) && (ok || !reflect.DeepEqual(v, autoNetworkTierProp)) {
+		obj["autoNetworkTier"] = autoNetworkTierProp
+	}
 
 	lockName, err := tpgresource.ReplaceVars(d, config, "router/{{region}}/{{router}}")
 	if err != nil {
@@ -785,6 +800,9 @@ func resourceComputeRouterNatRead(d *schema.ResourceData, meta interface{}) erro
 	if err := d.Set("enable_endpoint_independent_mapping", flattenNestedComputeRouterNatEnableEndpointIndependentMapping(res["enableEndpointIndependentMapping"], d, config)); err != nil {
 		return fmt.Errorf("Error reading RouterNat: %s", err)
 	}
+	if err := d.Set("auto_network_tier", flattenNestedComputeRouterNatAutoNetworkTier(res["autoNetworkTier"], d, config)); err != nil {
+		return fmt.Errorf("Error reading RouterNat: %s", err)
+	}
 
 	return nil
 }
@@ -901,6 +919,12 @@ func resourceComputeRouterNatUpdate(d *schema.ResourceData, meta interface{}) er
 	} else if v, ok := d.GetOkExists("enable_endpoint_independent_mapping"); ok || !reflect.DeepEqual(v, enableEndpointIndependentMappingProp) {
 		obj["enableEndpointIndependentMapping"] = enableEndpointIndependentMappingProp
 	}
+	autoNetworkTierProp, err := expandNestedComputeRouterNatAutoNetworkTier(d.Get("auto_network_tier"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("auto_network_tier"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, autoNetworkTierProp)) {
+		obj["autoNetworkTier"] = autoNetworkTierProp
+	}
 
 	lockName, err := tpgresource.ReplaceVars(d, config, "router/{{region}}/{{router}}")
 	if err != nil {
@@ -1325,6 +1349,10 @@ func flattenNestedComputeRouterNatEnableEndpointIndependentMapping(v interface{}
 	return v
 }
 
+func flattenNestedComputeRouterNatAutoNetworkTier(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
 func expandNestedComputeRouterNatName(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	return v, nil
 }
@@ -1616,6 +1644,10 @@ func expandNestedComputeRouterNatEnableEndpointIndependentMapping(v interface{},
 	return v, nil
 }
 
+func expandNestedComputeRouterNatAutoNetworkTier(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
 func flattenNestedComputeRouterNat(d *schema.ResourceData, meta interface{}, res map[string]interface{}) (map[string]interface{}, error) {
 	var v interface{}
 	var ok bool
diff --git a/google/services/compute/resource_compute_router_nat_test.go b/google/services/compute/resource_compute_router_nat_test.go
index 3b39e77980e..cc40ed208c4 100644
--- a/google/services/compute/resource_compute_router_nat_test.go
+++ b/google/services/compute/resource_compute_router_nat_test.go
@@ -417,6 +417,31 @@ func TestAccComputeRouterNat_withEndpointTypes(t *testing.T) {
 	})
 }
 
+func TestAccComputeRouterNat_AutoNetworkTier(t *testing.T) {
+	t.Parallel()
+
+	testId := acctest.RandString(t, 10)
+	routerName := fmt.Sprintf("tf-test-router-private-nat-%s", testId)
+	hubName := fmt.Sprintf("%s-hub", routerName)
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckComputeRouterNatDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccComputeRouterNatWitAutoNetworkTier(routerName, hubName),
+			},
+			{
+				// implicitly full ImportStateId
+				ResourceName:      "google_compute_router_nat.foobar",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
 func testAccCheckComputeRouterNatDestroyProducer(t *testing.T) func(s *terraform.State) error {
 	return func(s *terraform.State) error {
 		config := acctest.GoogleProviderConfig(t)
@@ -1303,3 +1328,87 @@ resource "google_compute_router_nat" "foobar" {
 }
 `, routerName, routerName, routerName, routerName)
 }
+
+func testAccComputeRouterNatBaseResourcesWithPrivateNatSubnetworks(routerName, hubName string) string {
+	return fmt.Sprintf(`
+resource "google_compute_network" "foobar" {
+  name                    = "%s-net"
+  auto_create_subnetworks = "false"
+}
+
+resource "google_compute_subnetwork" "subnet1" {
+  name          = "%s-subnet1"
+  network       = google_compute_network.foobar.self_link
+  ip_cidr_range = "10.0.0.0/16"
+  region        = "us-central1"
+  purpose       = "PRIVATE_NAT"
+}
+
+resource "google_compute_subnetwork" "subnet2" {
+  name          = "%s-subnet2"
+  network       = google_compute_network.foobar.self_link
+  ip_cidr_range = "10.10.1.0/24"
+  region        = "us-central1"
+  purpose       = "PRIVATE_NAT"
+}
+
+resource "google_compute_subnetwork" "subnet3" {
+  name          = "%s-subnet3"
+  network       = google_compute_network.foobar.self_link
+  ip_cidr_range = "10.158.1.0/24"
+  region        = "us-central1"
+  purpose       = "PRIVATE_NAT"
+}
+
+resource "google_compute_subnetwork" "subnet4" {
+  name          = "%s-subnet4"
+  network       = google_compute_network.foobar.self_link
+  ip_cidr_range = "10.168.1.0/24"
+  region        = "us-central1"
+  purpose       = "PRIVATE_NAT"
+}
+
+resource "google_network_connectivity_hub" "foobar" {
+  name        = "%s"
+  description = "vpc hub for inter vpc nat"
+}
+
+resource "google_network_connectivity_spoke" "primary" {
+  name        = "%s-spoke"
+  location    = "global"
+  description = "vpc spoke for inter vpc nat"
+  hub =  google_network_connectivity_hub.foobar.id
+  linked_vpc_network {
+    exclude_export_ranges = [
+      "10.10.0.0/16"
+    ]
+    uri = google_compute_network.foobar.self_link
+  }
+}
+
+resource "google_compute_router" "foobar" {
+  name     = "%s"
+  region   = google_compute_subnetwork.subnet1.region
+  network  = google_compute_network.foobar.self_link
+  depends_on = [
+    google_network_connectivity_spoke.primary
+  ]
+}
+`, routerName, routerName, routerName, routerName, routerName, hubName, routerName, routerName)
+}
+
+func testAccComputeRouterNatWitAutoNetworkTier(routerName, hubName string) string {
+	return fmt.Sprintf(`
+%s
+
+resource "google_compute_router_nat" "foobar" {
+  name                                = "%s"
+  router                              = google_compute_router.foobar.name
+  region                              = google_compute_router.foobar.region
+
+  source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES"
+  nat_ip_allocate_option             = "AUTO_ONLY"
+  auto_network_tier                  = "PREMIUM"
+}
+`, testAccComputeRouterNatBaseResourcesWithPrivateNatSubnetworks(routerName, hubName), routerName)
+}
diff --git a/website/docs/r/compute_router_nat.html.markdown b/website/docs/r/compute_router_nat.html.markdown
index ee7bb3b0cf5..c61084dd101 100644
--- a/website/docs/r/compute_router_nat.html.markdown
+++ b/website/docs/r/compute_router_nat.html.markdown
@@ -377,6 +377,13 @@ The following arguments are supported:
   Default value is `PUBLIC`.
   Possible values are: `PUBLIC`, `PRIVATE`.
 
+* `auto_network_tier` -
+  (Optional)
+  The network tier to use when automatically reserving NAT IP addresses.
+  Must be one of: PREMIUM, STANDARD. If not specified, then the current
+  project-level default tier is used.
+  Possible values are: `PREMIUM`, `STANDARD`.
+
 * `region` -
   (Optional)
   Region where the router and NAT reside.