add PREMIUM for Global external IP addresses

[edwardmedia]

Fixes hashicorp/terraform-provider-google#15982

Release Note Template for Downstream PRs (will be copied)

compute: fixed `google_compute_global_address` can't be created when default_network_tier set to STANDARD

[modular-magician]

Hello! I am a robot. It looks like you are a: Community Contributor Googler Core Contributor. Tests will run automatically.

@c2thorn, a repository maintainer, has been assigned to review your changes. If you have not received review feedback within 2 business days, please leave a comment on this PR asking them to take a look.

You can help make sure that review is quick by doing a self-review and by running impacted tests locally.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

Terraform GA: Diff ( 1 file changed, 2 insertions(+))
Terraform Beta: Diff ( 1 file changed, 2 insertions(+))

[modular-magician]

Tests analytics

Total tests: 3092
Passed tests 2737
Skipped tests: 299
Affected tests: 56

Action taken

Found 56 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

TestAccAlloydbInstance_createInstanceWithNetworkConfigAndAllocatedIPRange|TestAccAlloydbCluster_withNetworkConfigAndAllocatedIPRange|TestAccAlloydbBackup_alloydbBackupFullExample|TestAccAlloydbInstance_createInstanceWithMandatoryFields|TestAccAlloydbBackup_alloydbBackupBasicExample|TestAccAlloydbBackup_update|TestAccAlloydbCluster_restore|TestAccAlloydbBackup_createBackupWithMandatoryFields|TestAccAlloydbInstance_createPrimaryAndReadPoolInstance|TestAccAlloydbInstance_alloydbInstanceBasicExample|TestAccAlloydbInstance_update|TestAccAlloydbBackup_usingCMEK|TestAccApigeeEnvReferences_apigeeEnvironmentReferenceTestExample|TestAccApigeeAddonsConfig_apigeeAddonsTestExample|TestAccApigeeTargetServer_apigeeTargetServerTestExample|TestAccApigeeEnvKeystore_apigeeEnvironmentKeystoreTestExample|TestAccApigeeTargetServer_apigeeTargetServerTest_update|TestAccApigeeEnvironmentIamBindingGenerated|TestAccApigeeEnvironmentIamPolicyGenerated|TestAccApigeeEnvironmentIamMemberGenerated|TestAccBackupDRManagementServer_backupDrManagementServerExample|TestAccCloudbuildWorkerPool_withNetwork|TestAccCloudBuildBitbucketServerConfig_cloudbuildBitbucketServerConfigPeeredNetworkExample|TestAccCloudIdsEndpoint_basic|TestAccDataSourceComputeGlobalAddress|TestAccComputeBackendBucket_externalCdnLbWithBackendBucketExample|TestAccComputeGlobalAddress_ipv6|TestAccComputeGlobalAddress_internal|TestAccComputeGlobalAddress_globalAddressPrivateServicesConnectExample|TestAccComputeGlobalAddress_globalAddressBasicExample|TestAccComputeGlobalForwardingRule_externalHttpLbMigBackendCustomHeaderExample|TestAccComputeGlobalForwardingRule_externalTcpProxyLbMigBackendExample|TestAccComputeGlobalForwardingRule_privateServiceConnectGoogleApisNoAutomateDnsExample|TestAccComputeGlobalForwardingRule_privateServiceConnectGoogleApisExample|TestAccDatabaseMigrationServiceConnectionProfile_databaseMigrationServiceConnectionProfileAlloydbExample|TestAccDataFusionInstance_dataFusionInstanceFullExample|TestAccDataprocClusterIamPolicy|TestAccLookerInstance_lookerInstanceEnterpriseFullExample|TestAccMemcacheInstance_memcacheInstanceBasicExample|TestAccMemcacheInstance_update|TestAccRedisInstance_redisInstancePrivateServiceExample|TestAccDataSourceGoogleServiceAccountJwt|TestAccDataSourceGoogleServiceAccountAccessToken_basic|TestAccServiceNetworkingConnection_update|TestAccServiceNetworkingConnection_create|TestAccDatasourceGoogleServiceNetworkingPeeredDnsDomain_basic|TestAccServiceNetworkingPeeredDNSDomain_basic|TestAccSqlDatabaseInstance_deleteDefaultUserBeforeSubsequentApiCalls|TestAccSqlDatabaseInstance_withPrivateNetwork_withAllocatedIpRangeReplica|TestAccSqlDatabaseInstance_withPrivateNetwork_withAllocatedIpRangeClone|TestAccSqlDatabaseInstance_withPrivateNetwork_withoutAllocatedIpRange|TestAccSqlDatabaseInstance_withPrivateNetwork_withAllocatedIpRange|TestAccTPUNode_tpuNodeFullExample|TestAccVertexAIIndexEndpoint_vertexAiIndexEndpointExample|TestAccVertexAIIndexEndpoint_updated|TestAccVertexAIEndpoint_vertexAiEndpointNetwork

Get to know how VCR tests work

[modular-magician]

$\textcolor{green}{\textsf{Tests passed during RECORDING mode:}}$
TestAccDataSourceComputeGlobalAddress[Debug log]
TestAccComputeBackendBucket_externalCdnLbWithBackendBucketExample[Debug log]
TestAccComputeGlobalAddress_ipv6[Debug log]
TestAccComputeGlobalAddress_globalAddressBasicExample[Debug log]
TestAccComputeGlobalForwardingRule_externalHttpLbMigBackendCustomHeaderExample[Debug log]
TestAccComputeGlobalForwardingRule_externalTcpProxyLbMigBackendExample[Debug log]
TestAccDataprocClusterIamPolicy[Debug log]
TestAccDataSourceGoogleServiceAccountJwt[Debug log]

Rerun these tests in REPLAYING mode to catch issues

$\textcolor{green}{\textsf{No issues found for passed tests after REPLAYING rerun.}}$

---

$\textcolor{red}{\textsf{Tests failed during RECORDING mode:}}$
TestAccAlloydbInstance_createInstanceWithNetworkConfigAndAllocatedIPRange[Error message] [Debug log]
TestAccAlloydbCluster_withNetworkConfigAndAllocatedIPRange[Error message] [Debug log]
TestAccAlloydbBackup_alloydbBackupFullExample[Error message] [Debug log]
TestAccAlloydbInstance_createInstanceWithMandatoryFields[Error message] [Debug log]
TestAccAlloydbBackup_alloydbBackupBasicExample[Error message] [Debug log]
TestAccAlloydbBackup_update[Error message] [Debug log]
TestAccAlloydbCluster_restore[Error message] [Debug log]
TestAccAlloydbBackup_createBackupWithMandatoryFields[Error message] [Debug log]
TestAccAlloydbInstance_createPrimaryAndReadPoolInstance[Error message] [Debug log]
TestAccAlloydbInstance_alloydbInstanceBasicExample[Error message] [Debug log]
TestAccAlloydbInstance_update[Error message] [Debug log]
TestAccAlloydbBackup_usingCMEK[Error message] [Debug log]
TestAccApigeeEnvReferences_apigeeEnvironmentReferenceTestExample[Error message] [Debug log]
TestAccApigeeAddonsConfig_apigeeAddonsTestExample[Error message] [Debug log]
TestAccApigeeTargetServer_apigeeTargetServerTestExample[Error message] [Debug log]
TestAccApigeeEnvKeystore_apigeeEnvironmentKeystoreTestExample[Error message] [Debug log]
TestAccApigeeTargetServer_apigeeTargetServerTest_update[Error message] [Debug log]
TestAccApigeeEnvironmentIamBindingGenerated[Error message] [Debug log]
TestAccApigeeEnvironmentIamPolicyGenerated[Error message] [Debug log]
TestAccApigeeEnvironmentIamMemberGenerated[Error message] [Debug log]
TestAccBackupDRManagementServer_backupDrManagementServerExample[Error message] [Debug log]
TestAccCloudbuildWorkerPool_withNetwork[Error message] [Debug log]
TestAccCloudBuildBitbucketServerConfig_cloudbuildBitbucketServerConfigPeeredNetworkExample[Error message] [Debug log]
TestAccCloudIdsEndpoint_basic[Error message] [Debug log]
TestAccComputeGlobalAddress_internal[Error message] [Debug log]
TestAccComputeGlobalAddress_globalAddressPrivateServicesConnectExample[Error message] [Debug log]
TestAccComputeGlobalForwardingRule_privateServiceConnectGoogleApisNoAutomateDnsExample[Error message] [Debug log]
TestAccComputeGlobalForwardingRule_privateServiceConnectGoogleApisExample[Error message] [Debug log]
TestAccDatabaseMigrationServiceConnectionProfile_databaseMigrationServiceConnectionProfileAlloydbExample[Error message] [Debug log]
TestAccDataFusionInstance_dataFusionInstanceFullExample[Error message] [Debug log]
TestAccLookerInstance_lookerInstanceEnterpriseFullExample[Error message] [Debug log]
TestAccMemcacheInstance_memcacheInstanceBasicExample[Error message] [Debug log]
TestAccMemcacheInstance_update[Error message] [Debug log]
TestAccRedisInstance_redisInstancePrivateServiceExample[Error message] [Debug log]
TestAccDataSourceGoogleServiceAccountAccessToken_basic[Error message] [Debug log]
TestAccServiceNetworkingConnection_update[Error message] [Debug log]
TestAccServiceNetworkingConnection_create[Error message] [Debug log]
TestAccDatasourceGoogleServiceNetworkingPeeredDnsDomain_basic[Error message] [Debug log]
TestAccServiceNetworkingPeeredDNSDomain_basic[Error message] [Debug log]
TestAccSqlDatabaseInstance_deleteDefaultUserBeforeSubsequentApiCalls[Error message] [Debug log]
TestAccSqlDatabaseInstance_withPrivateNetwork_withAllocatedIpRangeReplica[Error message] [Debug log]
TestAccSqlDatabaseInstance_withPrivateNetwork_withAllocatedIpRangeClone[Error message] [Debug log]
TestAccSqlDatabaseInstance_withPrivateNetwork_withoutAllocatedIpRange[Error message] [Debug log]
TestAccSqlDatabaseInstance_withPrivateNetwork_withAllocatedIpRange[Error message] [Debug log]
TestAccTPUNode_tpuNodeFullExample[Error message] [Debug log]
TestAccVertexAIIndexEndpoint_vertexAiIndexEndpointExample[Error message] [Debug log]
TestAccVertexAIIndexEndpoint_updated[Error message] [Debug log]
TestAccVertexAIEndpoint_vertexAiEndpointNetwork[Error message] [Debug log]

$\textcolor{red}{\textsf{Please fix these to complete your PR.}}$
View the build log or the debug log for each test

[c2thorn]

Seems fine based on documentation, but I want to know why current implementations are not failing without this? @edwardmedia
Is this just a specific use case?

[glimberg]

@c2thorn See hashicorp/terraform-provider-google#15982

This does currently fail when a GCP project's default network tier is set to STANDARD rather than PREMIUM. The documentation states that the GCP's REST API will assume PREMIUM for any global address. In practice, this isn't the case, and I've verified it via cURL as well

curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer $(gcloud auth print-access-token)" "https://compute.googleapis.com/compute/v1/projects/${PROJECT_ID}/global/addresses?alt=json" --data '{"name":"${GLOBAL_IP_ADDRESS_NAME}"}'
{
  "error": {
    "code": 400,
    "message": "STANDARD network tier (the project's default network tier) is not supported: STANDARD network tier is not supported for global address.",
    "errors": [
      {
        "message": "STANDARD network tier (the project's default network tier) is not supported: STANDARD network tier is not supported for global address.",
        "domain": "global",
        "reason": "badRequest"
      }
    ]
  }
}

curl -X POST -H "Content-Type: application/json" -H "Authorization: Bearer $(gcloud auth print-access-token)" "https://compute.googleapis.com/compute/v1/projects/${PROJECT_ID}/global/addresses?alt=json" --data '{"name":"${GLOBAL_IP_ADDRESS_NAME}","networkTier":"PREMIUM"}'
{
  "kind": "compute#operation",
  "id": "760793188359971737",
  "name": "operation-1695948149954-60674b3091944-8bdbeb1a-b7b58b8c",
  "operationType": "insert",
  "targetLink": "https://www.googleapis.com/compute/v1/projects/<project id recacted>/global/addresses/<ip address name redacted>",
  "targetId": "408497069976429465",
  "status": "RUNNING",
  "user": "<email address redadted>",
  "progress": 0,
  "insertTime": "2023-09-28T17:42:30.350-07:00",
  "startTime": "2023-09-28T17:42:30.361-07:00",
  "selfLink": "https://www.googleapis.com/compute/v1/projects/<project id redacted>/global/operations/operation-1695948149954-60674b3091944-8bdbeb1a-b7b58b8c"
}

[c2thorn]

thanks @glimberg for the context

[c2thorn]

Looks like tests are failing from this:

 Error: Error creating GlobalAddress: googleapi: Error 400: Invalid value for field 'resource.networkTier': 'PREMIUM'. An address with type INTERNAL cannot have a network tier., invalid

We need to get the condition (external/internal) logic right or just add the field. I'd prefer to just add the field.

[glimberg]

I finally was able to get on a call with GCP support on the API's behavior vs. the documentation for the globalAddress endpoint. According to support, the documentation is wrong. When the networkTier field is not specified, it does NOT assume PREMIUM tier. Instead it follows the project's default network tier setting. In my case with the default network tier set to STANDARD, networkTier when not specified defaults to STANDARD.

Adding the field to the google_compute_global_address resource is probably the best way forward here.

[modular-magician]

Hi there, I'm the Modular magician. I've detected the following information about your changes:

Diff report

Your PR generated some diffs in downstreams - here they are.

Terraform GA: Diff ( 1 file changed, 5 insertions(+))
Terraform Beta: Diff ( 1 file changed, 5 insertions(+))

[modular-magician]

Tests analytics

Total tests: 3112
Passed tests 2795
Skipped tests: 314
Affected tests: 3

Action taken

Found 3 affected test(s) by replaying old test recordings. Starting RECORDING based on the most recent commit. Click here to see the affected tests

TestAccContainerNodePool_withKubeletConfig|TestAccContainerCluster_withAddons|TestAccContainerNodePool_withUpgradeSettings

Get to know how VCR tests work

[modular-magician]

$\textcolor{red}{\textsf{Tests failed during RECORDING mode:}}$
TestAccContainerNodePool_withKubeletConfig[Error message] [Debug log]
TestAccContainerCluster_withAddons[Error message] [Debug log]
TestAccContainerNodePool_withUpgradeSettings[Error message] [Debug log]

$\textcolor{red}{\textsf{Please fix these to complete your PR.}}$
View the build log or the debug log for each test