private-googleapis data source support (#4367)

Signed-off-by: Modular Magician <[email protected]>

google/data_source_google_netblock_ip_ranges.go

@@ -68,11 +68,17 @@ func dataSourceGoogleNetblockIpRangesRead(d *schema.ResourceData, meta interface
 		d.Set("cidr_blocks_ipv6", CidrBlocks["cidr_blocks_ipv6"])
 	// Static ranges
 	case "restricted-googleapis":
-		// https://cloud.google.com/vpc/docs/configure-private-google-access-hybrid
+		// https://cloud.google.com/vpc/docs/private-access-options#domain-vips
 		CidrBlocks["cidr_blocks_ipv4"] = append(CidrBlocks["cidr_blocks_ipv4"], "199.36.153.4/30")
 		CidrBlocks["cidr_blocks"] = CidrBlocks["cidr_blocks_ipv4"]
 		d.Set("cidr_blocks", CidrBlocks["cidr_blocks"])
 		d.Set("cidr_blocks_ipv4", CidrBlocks["cidr_blocks_ipv4"])
+	case "private-googleapis":
+		// https://cloud.google.com/vpc/docs/private-access-options#domain-vips
+		CidrBlocks["cidr_blocks_ipv4"] = append(CidrBlocks["cidr_blocks_ipv4"], "199.36.153.8/30")
+		CidrBlocks["cidr_blocks"] = CidrBlocks["cidr_blocks_ipv4"]
+		d.Set("cidr_blocks", CidrBlocks["cidr_blocks"])
+		d.Set("cidr_blocks_ipv4", CidrBlocks["cidr_blocks_ipv4"])
 	case "dns-forwarders":
 		// https://cloud.google.com/dns/zones/#creating-forwarding-zones
 		CidrBlocks["cidr_blocks_ipv4"] = append(CidrBlocks["cidr_blocks_ipv4"], "35.199.192.0/19")

google/data_source_google_netblock_ip_ranges_test.go

@@ -61,6 +61,19 @@ func TestAccDataSourceGoogleNetblockIpRanges_basic(t *testing.T) {
 					resource.TestCheckResourceAttr("data.google_netblock_ip_ranges.restricted", "cidr_blocks_ipv6.#", "0"),
 				),
 			},
+			{
+				Config: testAccNetblockIpRangesConfig_private,
+				Check: resource.ComposeTestCheckFunc(
+					// Private Google Access Unrestricted VIP
+					resource.TestCheckResourceAttr("data.google_netblock_ip_ranges.private", "cidr_blocks.#", "1"),
+					resource.TestMatchResourceAttr("data.google_netblock_ip_ranges.private",
+						"cidr_blocks.0", regexp.MustCompile("^(?:[0-9a-fA-F./:]{1,4}){1,2}.*/[0-9]{1,3}$")),
+					resource.TestCheckResourceAttr("data.google_netblock_ip_ranges.private", "cidr_blocks_ipv4.#", "1"),
+					resource.TestMatchResourceAttr("data.google_netblock_ip_ranges.private",
+						"cidr_blocks_ipv4.0", regexp.MustCompile("^(?:[0-9]{1,3}.){3}[0-9]{1,3}/[0-9]{1,2}$")),
+					resource.TestCheckResourceAttr("data.google_netblock_ip_ranges.private", "cidr_blocks_ipv6.#", "0"),
+				),
+			},
 			{
 				Config: testAccNetblockIpRangesConfig_dns,
 				Check: resource.ComposeTestCheckFunc(
@@ -133,6 +146,12 @@ data "google_netblock_ip_ranges" "restricted" {
 }
 `
 
+const testAccNetblockIpRangesConfig_private = `
+data "google_netblock_ip_ranges" "private" {
+  range_type = "private-googleapis"
+}
+`
+
 const testAccNetblockIpRangesConfig_dns = `
 data "google_netblock_ip_ranges" "dns" {
   range_type = "dns-forwarders"

website/docs/d/datasource_google_netblock_ip_ranges.html.markdown

@@ -64,7 +64,9 @@ The following arguments are supported:
 
   * `google-netblocks` - Corresponds to IP addresses used for Google services. [More details.](https://support.google.com/a/answer/33786?hl=en)
 
-  * `restricted-googleapis` - Corresponds to the IP addresses used for Private Google Access and/or VPC Service Controls API access. [More details.](https://cloud.google.com/vpc/docs/configure-private-google-access-hybrid)
+  * `restricted-googleapis` - Corresponds to the IP addresses used for Private Google Access only for services that support VPC Service Controls API access. [More details.](https://cloud.google.com/vpc/docs/private-access-options#domain-vips)
+
+  * `private-googleapis` - Corresponds to the IP addresses used for Private Google Access for services that do not support VPC Service Controls. [More details.](https://cloud.google.com/vpc/docs/private-access-options#domain-vips)
 
   * `dns-forwarders` - Corresponds to the IP addresses used to originate Cloud DNS outbound forwarding. [More details.](https://cloud.google.com/dns/zones/#creating-forwarding-zones)