Add TCP TIME_WAIT timeout to google_compute_router_nat (#7154) (#5123)

Signed-off-by: Modular Magician <[email protected]> Signed-off-by: Modular Magician <[email protected]>
hashicorp · Jan 23, 2023 · bf2000e · bf2000e
1 parent 286536a
commit bf2000e
Show file tree

Hide file tree

Showing 4 changed files with 51 additions and 0 deletions.
diff --git a/.changelog/7154.txt b/.changelog/7154.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+compute:  added `tcp_time_wait_timeout_sec` field to `google_compute_router_nat` resource
+```
diff --git a/google-beta/resource_compute_router_nat.go b/google-beta/resource_compute_router_nat.go
@@ -321,6 +321,13 @@ is set to MANUAL_ONLY.`,
 Defaults to 1200s if not set.`,
 				Default: 1200,
 			},
+			"tcp_time_wait_timeout_sec": {
+				Type:     schema.TypeInt,
+				Optional: true,
+				Description: `Timeout (in seconds) for TCP connections that are in TIME_WAIT state.
+Defaults to 120s if not set.`,
+				Default: 120,
+			},
 			"tcp_transitory_idle_timeout_sec": {
 				Type:     schema.TypeInt,
 				Optional: true,
@@ -540,6 +547,12 @@ func resourceComputeRouterNatCreate(d *schema.ResourceData, meta interface{}) er
 	} else if v, ok := d.GetOkExists("tcp_transitory_idle_timeout_sec"); !isEmptyValue(reflect.ValueOf(tcpTransitoryIdleTimeoutSecProp)) && (ok || !reflect.DeepEqual(v, tcpTransitoryIdleTimeoutSecProp)) {
 		obj["tcpTransitoryIdleTimeoutSec"] = tcpTransitoryIdleTimeoutSecProp
 	}
+	tcpTimeWaitTimeoutSecProp, err := expandNestedComputeRouterNatTcpTimeWaitTimeoutSec(d.Get("tcp_time_wait_timeout_sec"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("tcp_time_wait_timeout_sec"); !isEmptyValue(reflect.ValueOf(tcpTimeWaitTimeoutSecProp)) && (ok || !reflect.DeepEqual(v, tcpTimeWaitTimeoutSecProp)) {
+		obj["tcpTimeWaitTimeoutSec"] = tcpTimeWaitTimeoutSecProp
+	}
 	logConfigProp, err := expandNestedComputeRouterNatLogConfig(d.Get("log_config"), d, config)
 	if err != nil {
 		return err
@@ -702,6 +715,9 @@ func resourceComputeRouterNatRead(d *schema.ResourceData, meta interface{}) erro
 	if err := d.Set("tcp_transitory_idle_timeout_sec", flattenNestedComputeRouterNatTcpTransitoryIdleTimeoutSec(res["tcpTransitoryIdleTimeoutSec"], d, config)); err != nil {
 		return fmt.Errorf("Error reading RouterNat: %s", err)
 	}
+	if err := d.Set("tcp_time_wait_timeout_sec", flattenNestedComputeRouterNatTcpTimeWaitTimeoutSec(res["tcpTimeWaitTimeoutSec"], d, config)); err != nil {
+		return fmt.Errorf("Error reading RouterNat: %s", err)
+	}
 	if err := d.Set("log_config", flattenNestedComputeRouterNatLogConfig(res["logConfig"], d, config)); err != nil {
 		return fmt.Errorf("Error reading RouterNat: %s", err)
 	}
@@ -803,6 +819,12 @@ func resourceComputeRouterNatUpdate(d *schema.ResourceData, meta interface{}) er
 	} else if v, ok := d.GetOkExists("tcp_transitory_idle_timeout_sec"); !isEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, tcpTransitoryIdleTimeoutSecProp)) {
 		obj["tcpTransitoryIdleTimeoutSec"] = tcpTransitoryIdleTimeoutSecProp
 	}
+	tcpTimeWaitTimeoutSecProp, err := expandNestedComputeRouterNatTcpTimeWaitTimeoutSec(d.Get("tcp_time_wait_timeout_sec"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("tcp_time_wait_timeout_sec"); !isEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, tcpTimeWaitTimeoutSecProp)) {
+		obj["tcpTimeWaitTimeoutSec"] = tcpTimeWaitTimeoutSecProp
+	}
 	logConfigProp, err := expandNestedComputeRouterNatLogConfig(d.Get("log_config"), d, config)
 	if err != nil {
 		return err
@@ -1104,6 +1126,20 @@ func flattenNestedComputeRouterNatTcpTransitoryIdleTimeoutSec(v interface{}, d *
 	return v
 }
 
+func flattenNestedComputeRouterNatTcpTimeWaitTimeoutSec(v interface{}, d *schema.ResourceData, config *Config) interface{} {
+	if v == nil || isEmptyValue(reflect.ValueOf(v)) {
+		return 120
+	}
+	// Handles the string fixed64 format
+	if strVal, ok := v.(string); ok {
+		if intVal, err := stringToFixed64(strVal); err == nil {
+			return intVal
+		} // let terraform core handle it if we can't convert the string to an int.
+	}
+
+	return v
+}
+
 func flattenNestedComputeRouterNatLogConfig(v interface{}, d *schema.ResourceData, config *Config) interface{} {
 	if v == nil {
 		return nil
@@ -1335,6 +1371,10 @@ func expandNestedComputeRouterNatTcpTransitoryIdleTimeoutSec(v interface{}, d Te
 	return v, nil
 }
 
+func expandNestedComputeRouterNatTcpTimeWaitTimeoutSec(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandNestedComputeRouterNatLogConfig(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
 	l := v.([]interface{})
 	if len(l) == 0 || l[0] == nil {

diff --git a/google-beta/resource_compute_router_nat_test.go b/google-beta/resource_compute_router_nat_test.go
@@ -594,6 +594,7 @@ resource "google_compute_router_nat" "foobar" {
   icmp_idle_timeout_sec            = 60
   tcp_established_idle_timeout_sec = 1600
   tcp_transitory_idle_timeout_sec  = 60
+  tcp_time_wait_timeout_sec        = 60
 
   log_config {
     enable = true
@@ -645,6 +646,7 @@ resource "google_compute_router_nat" "foobar" {
   icmp_idle_timeout_sec            = 60
   tcp_established_idle_timeout_sec = 1600
   tcp_transitory_idle_timeout_sec  = 60
+  tcp_time_wait_timeout_sec        = 60
 
   log_config {
     enable = true
@@ -696,6 +698,7 @@ resource "google_compute_router_nat" "foobar" {
   icmp_idle_timeout_sec            = 60
   tcp_established_idle_timeout_sec = 1600
   tcp_transitory_idle_timeout_sec  = 60
+  tcp_time_wait_timeout_sec        = 60
 
   log_config {
     enable = true

diff --git a/website/docs/r/compute_router_nat.html.markdown b/website/docs/r/compute_router_nat.html.markdown
@@ -264,6 +264,11 @@ The following arguments are supported:
   Timeout (in seconds) for TCP transitory connections.
   Defaults to 30s if not set.
 
+* `tcp_time_wait_timeout_sec` -
+  (Optional)
+  Timeout (in seconds) for TCP connections that are in TIME_WAIT state.
+  Defaults to 120s if not set.
+
 * `log_config` -
   (Optional)
   Configuration for logging on NAT