From 27927ddc2cb2f905310d560d3ca3ff82ffa6214d Mon Sep 17 00:00:00 2001
From: Matt Robenolt <matt@ydekproductions.com>
Date: Thu, 18 May 2017 13:35:02 -0700
Subject: [PATCH] provider/google: Add support for privateIpGoogleAccess on
 subnetworks (#14234)

---
 .../data_source_google_compute_subnetwork.go      |  5 +++++
 .../data_source_google_compute_subnetwork_test.go |  2 ++
 .../google/resource_compute_subnetwork.go         | 15 +++++++++++----
 .../google/resource_compute_subnetwork_test.go    | 10 +++++++++-
 .../d/datasource_compute_subnetwork.html.markdown |  6 +++++-
 .../google/r/compute_subnetwork.html.markdown     |  4 ++++
 6 files changed, 36 insertions(+), 6 deletions(-)

diff --git a/builtin/providers/google/data_source_google_compute_subnetwork.go b/builtin/providers/google/data_source_google_compute_subnetwork.go
index bff489ba3..03a368bcd 100644
--- a/builtin/providers/google/data_source_google_compute_subnetwork.go
+++ b/builtin/providers/google/data_source_google_compute_subnetwork.go
@@ -29,6 +29,10 @@ func dataSourceGoogleComputeSubnetwork() *schema.Resource {
 				Type:     schema.TypeString,
 				Computed: true,
 			},
+			"private_ip_google_access": &schema.Schema{
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
 			"network": &schema.Schema{
 				Type:     schema.TypeString,
 				Computed: true,
@@ -75,6 +79,7 @@ func dataSourceGoogleComputeSubnetworkRead(d *schema.ResourceData, meta interfac
 	}
 
 	d.Set("ip_cidr_range", subnetwork.IpCidrRange)
+	d.Set("private_ip_google_access", subnetwork.PrivateIpGoogleAccess)
 	d.Set("self_link", subnetwork.SelfLink)
 	d.Set("description", subnetwork.Description)
 	d.Set("gateway_address", subnetwork.GatewayAddress)
diff --git a/builtin/providers/google/data_source_google_compute_subnetwork_test.go b/builtin/providers/google/data_source_google_compute_subnetwork_test.go
index f3d8516da..835bd6ea3 100644
--- a/builtin/providers/google/data_source_google_compute_subnetwork_test.go
+++ b/builtin/providers/google/data_source_google_compute_subnetwork_test.go
@@ -45,6 +45,7 @@ func testAccDataSourceGoogleSubnetworkCheck(data_source_name string, resource_na
 			"description",
 			"ip_cidr_range",
 			"network",
+			"private_ip_google_access",
 		}
 
 		for _, attr_to_check := range subnetwork_attrs_to_test {
@@ -73,6 +74,7 @@ resource "google_compute_subnetwork" "foobar" {
 	description = "my-description"
 	ip_cidr_range = "10.0.0.0/24"
 	network  = "${google_compute_network.foobar.self_link}"
+	private_ip_google_access = true
 }
 
 data "google_compute_subnetwork" "my_subnetwork" {
diff --git a/builtin/providers/google/resource_compute_subnetwork.go b/builtin/providers/google/resource_compute_subnetwork.go
index 53f0c0dae..d00cdc20d 100644
--- a/builtin/providers/google/resource_compute_subnetwork.go
+++ b/builtin/providers/google/resource_compute_subnetwork.go
@@ -58,6 +58,12 @@ func resourceComputeSubnetwork() *schema.Resource {
 				ForceNew: true,
 			},
 
+			"private_ip_google_access": &schema.Schema{
+				Type:     schema.TypeBool,
+				Optional: true,
+				ForceNew: true,
+			},
+
 			"self_link": &schema.Schema{
 				Type:     schema.TypeString,
 				Computed: true,
@@ -97,10 +103,11 @@ func resourceComputeSubnetworkCreate(d *schema.ResourceData, meta interface{}) e
 
 	// Build the subnetwork parameters
 	subnetwork := &compute.Subnetwork{
-		Name:        d.Get("name").(string),
-		Description: d.Get("description").(string),
-		IpCidrRange: d.Get("ip_cidr_range").(string),
-		Network:     network,
+		Name:                  d.Get("name").(string),
+		Description:           d.Get("description").(string),
+		IpCidrRange:           d.Get("ip_cidr_range").(string),
+		PrivateIpGoogleAccess: d.Get("private_ip_google_access").(bool),
+		Network:               network,
 	}
 
 	log.Printf("[DEBUG] Subnetwork insert request: %#v", subnetwork)
diff --git a/builtin/providers/google/resource_compute_subnetwork_test.go b/builtin/providers/google/resource_compute_subnetwork_test.go
index 9f4ba887f..3719a2fcc 100644
--- a/builtin/providers/google/resource_compute_subnetwork_test.go
+++ b/builtin/providers/google/resource_compute_subnetwork_test.go
@@ -102,4 +102,12 @@ resource "google_compute_subnetwork" "network-ref-by-name" {
 	network = "${google_compute_network.custom-test.name}"
 }
 
-`, acctest.RandString(10), acctest.RandString(10), acctest.RandString(10))
+resource "google_compute_subnetwork" "network-with-private-google-access" {
+	name = "subnetwork-test-%s"
+	ip_cidr_range = "10.2.0.0/16"
+	region = "us-central1"
+	network = "${google_compute_network.custom-test.self_link}"
+	private_ip_google_access = true
+}
+
+`, acctest.RandString(10), acctest.RandString(10), acctest.RandString(10), acctest.RandString(10))
diff --git a/website/source/docs/providers/google/d/datasource_compute_subnetwork.html.markdown b/website/source/docs/providers/google/d/datasource_compute_subnetwork.html.markdown
index faf6b99f9..ea53d3ef9 100644
--- a/website/source/docs/providers/google/d/datasource_compute_subnetwork.html.markdown
+++ b/website/source/docs/providers/google/d/datasource_compute_subnetwork.html.markdown
@@ -38,7 +38,7 @@ The following arguments are supported:
 In addition to the arguments listed above, the following attributes are exported:
 
 * `network` - The network name or resource link to the parent
-    network of this subnetwork. 
+    network of this subnetwork.
 
 * `description` - Description of this subnetwork.
 
@@ -47,4 +47,8 @@ In addition to the arguments listed above, the following attributes are exported
 
 * `gateway_address` - The IP address of the gateway.
 
+* `private_ip_google_access` - Whether the VMs in this subnet
+    can access Google services without assigned external IP
+    addresses.
+
 * `self_link` - The URI of the created resource.
diff --git a/website/source/docs/providers/google/r/compute_subnetwork.html.markdown b/website/source/docs/providers/google/r/compute_subnetwork.html.markdown
index 2879f8a79..73564d090 100644
--- a/website/source/docs/providers/google/r/compute_subnetwork.html.markdown
+++ b/website/source/docs/providers/google/r/compute_subnetwork.html.markdown
@@ -45,6 +45,10 @@ The following arguments are supported:
 * `region` - (Optional) The region this subnetwork will be created in. If
     unspecified, this defaults to the region configured in the provider.
 
+* `private_ip_google_access` - Whether the VMs in this subnet
+    can access Google services without assigned external IP
+    addresses.
+
 ## Attributes Reference
 
 In addition to the arguments listed above, the following computed attributes are