From 40535d0802e0d39ac133b3687e01f2aa5f9d0660 Mon Sep 17 00:00:00 2001
From: Julio Castillo <jccb@google.com>
Date: Tue, 8 Oct 2024 16:30:57 +0200
Subject: [PATCH 1/2] Add producer VPC spokes support to
 google_network_connectivity_spoke

---
 mmv1/products/networkconnectivity/Spoke.yaml  | 44 +++++++++++++++++++
 .../products/networkconnectivity/product.yaml |  2 +
 2 files changed, 46 insertions(+)

diff --git a/mmv1/products/networkconnectivity/Spoke.yaml b/mmv1/products/networkconnectivity/Spoke.yaml
index a2ffef94adff..c1918b2c0527 100644
--- a/mmv1/products/networkconnectivity/Spoke.yaml
+++ b/mmv1/products/networkconnectivity/Spoke.yaml
@@ -126,6 +126,7 @@ properties:
     immutable: true
     conflicts:
       - linked_interconnect_attachments
+      - linked_producer_vpc_network
       - linked_router_appliance_instances
       - linked_vpc_network
     properties:
@@ -154,6 +155,7 @@ properties:
     immutable: true
     conflicts:
       - linked_vpn_tunnels
+      - linked_producer_vpc_network
       - linked_router_appliance_instances
       - linked_vpc_network
     properties:
@@ -176,12 +178,53 @@ properties:
           The only allowed value for now is "ALL_IPV4_RANGES".
         item_type:
           type: String
+  - name: 'linkedProducerVpcNetwork'
+    type: NestedObject
+    description: Producer VPC network that is associated with the spoke.
+    immutable: true
+    min_version: beta
+    conflicts:
+      - linked_interconnect_attachments
+      - linked_router_appliance_instances
+      - linked_vpn_tunnels
+      - linked_vpc_network
+    properties:
+      - name: 'network'
+        type: String
+        description: VPC network that contains the peering to the Producer VPC
+        min_version: beta
+        required: true
+        immutable: true
+        diff_suppress_func: 'tpgresource.CompareSelfLinkOrResourceName'
+      - name: 'peering'
+        type: String
+        description: |
+          name of the peering between the VPC network and the Producer
+          VPC. Only `servicenetworking-googleapis-com` is supported.
+        min_version: beta
+        required: true
+        immutable: true
+      - name: 'excludeExportRanges'
+        type: Array
+        description: the IP address ranges to be excluded from exporting to the hub.
+        min_version: beta
+        immutable: true
+        item_type:
+          type: String
+      - name: 'includeExportRanges'
+        type: Array
+        description: the IP address ranges to be included when exporting to the hub
+        min_version: beta
+        immutable: true
+        item_type:
+          type: String
   - name: 'linkedRouterApplianceInstances'
     type: NestedObject
     description: The URIs of linked Router appliance resources
     immutable: true
     conflicts:
       - linked_interconnect_attachments
+      - linked_producer_vpc_network
       - linked_vpn_tunnels
       - linked_vpc_network
     properties:
@@ -221,6 +264,7 @@ properties:
     immutable: true
     conflicts:
       - linked_interconnect_attachments
+      - linked_producer_vpc_network
       - linked_router_appliance_instances
       - linked_vpn_tunnels
     properties:
diff --git a/mmv1/products/networkconnectivity/product.yaml b/mmv1/products/networkconnectivity/product.yaml
index 2e1e732db9c7..d1e24ed12df9 100644
--- a/mmv1/products/networkconnectivity/product.yaml
+++ b/mmv1/products/networkconnectivity/product.yaml
@@ -17,5 +17,7 @@ display_name: 'Network Connectivity'
 versions:
   - name: 'ga'
     base_url: 'https://networkconnectivity.googleapis.com/v1/'
+  - name: 'beta'
+    base_url: 'https://networkconnectivity.googleapis.com/v1beta/'
 scopes:
   - 'https://www.googleapis.com/auth/cloud-platform'

From 2c7718dc4c54a95b0ad872fb0ac9ba9904bb75ba Mon Sep 17 00:00:00 2001
From: Julio Castillo <jccb@google.com>
Date: Tue, 8 Oct 2024 17:31:53 +0200
Subject: [PATCH 2/2] Add producer VPC spoke example

---
 mmv1/products/networkconnectivity/Spoke.yaml  |  8 +++
 ..._spoke_linked_producer_vpc_network.tf.tmpl | 59 +++++++++++++++++++
 2 files changed, 67 insertions(+)
 create mode 100644 mmv1/templates/terraform/examples/network_connectivity_spoke_linked_producer_vpc_network.tf.tmpl

diff --git a/mmv1/products/networkconnectivity/Spoke.yaml b/mmv1/products/networkconnectivity/Spoke.yaml
index c1918b2c0527..dac3e56ae4ea 100644
--- a/mmv1/products/networkconnectivity/Spoke.yaml
+++ b/mmv1/products/networkconnectivity/Spoke.yaml
@@ -85,6 +85,14 @@ examples:
       router_name: 'external-vpn-gateway'
       interconnect_attachment_name: 'partner-interconnect1'
       interconnect_attachment_spoke_name: 'interconnect-attachment-spoke'
+  - name: 'network_connectivity_spoke_linked_producer_vpc_network'
+    primary_resource_id: 'producer'
+    vars:
+      network_name: 'net'
+      hub_name: 'hub'
+      range_name: 'psa-range'
+      consumer_vpc_spoke_name: 'consumer-vpc-spoke'
+      producer_vpc_spoke_name: 'producer-vpc-spoke'
 parameters:
   - name: 'location'
     type: String
diff --git a/mmv1/templates/terraform/examples/network_connectivity_spoke_linked_producer_vpc_network.tf.tmpl b/mmv1/templates/terraform/examples/network_connectivity_spoke_linked_producer_vpc_network.tf.tmpl
new file mode 100644
index 000000000000..94dd8420d94a
--- /dev/null
+++ b/mmv1/templates/terraform/examples/network_connectivity_spoke_linked_producer_vpc_network.tf.tmpl
@@ -0,0 +1,59 @@
+resource "google_compute_network" "network" {
+  provider                = google-beta
+  name                    = "{{index $.Vars "network_name"}}"
+  auto_create_subnetworks = false
+}
+
+resource "google_network_connectivity_hub" "hub" {
+  provider    = google-beta
+  name        = "{{index $.Vars "hub_name"}}"
+}
+
+# reserve private range for service networking
+resource "google_compute_global_address" "range" {
+  provider      = google-beta
+  name          = "{{index $.Vars "range_name"}}"
+  purpose       = "VPC_PEERING"
+  address_type  = "INTERNAL"
+  prefix_length = 16
+  network       = google_compute_network.network.id
+}
+
+# create service networking connection
+resource "google_service_networking_connection" "default" {
+  provider                = google-beta
+  network                 = google_compute_network.network.id
+  service                 = "servicenetworking.googleapis.com"
+  reserved_peering_ranges = [google_compute_global_address.range.name]
+}
+
+# attach the consumer VPC to the hub
+resource "google_network_connectivity_spoke" "consumer" {
+  provider = google-beta
+  name     = "{{index $.Vars "consumer_vpc_spoke_name"}}"
+  location = "global"
+  hub      = google_network_connectivity_hub.hub.id
+  linked_vpc_network {
+    uri = google_compute_network.network.id
+  }
+}
+
+# attach the producer VPC to the hub
+resource "google_network_connectivity_spoke" "{{$.PrimaryResourceId}}"  {
+  provider = google-beta
+  name     = "{{index $.Vars "producer_vpc_spoke_name"}}"
+  location = "global"
+  hub      = google_network_connectivity_hub.hub.id
+  linked_producer_vpc_network {
+    exclude_export_ranges = ["10.10.0.0/16"]
+    include_export_ranges = ["10.0.0.0/8"]
+    network = google_compute_network.network.id
+    peering = google_service_networking_connection.default.peering
+  }
+
+  # producer vpc spoke can only be attached after attaching the
+  # consumer vpc
+  depends_on = [    
+    google_network_connectivity_spoke.consumer
+  ]
+}