google_compute_vpn_tunnel doesn't support local subnetworks for policy based routing

[bluemalkin]

Affected Resource(s)

• google_compute_vpn_tunnel

Terraform version

Terraform v0.11.10
+ provider.google v1.19.1
+ provider.google-beta v1.19.0

Description

The resource google_compute_vpn_tunnel doesn't support selecting a list of local subnetworks which you can do via the GCP console.

local_traffic_selector only supports a list of network ranges and renders:

Since I use secondary_ip_range on my google_compute_subnetwork resources, I need to self_link to them rather than adding manually all the ranges.

[bluemalkin]

In addition with Local IP ranges, I cannot add more than 1 range. Invalid value for field 'resource.localTrafficSelector': ''. Multiple traffic selectors are not supported for IKEv1 However this appears to be a GCP limitation, not terraform, hence it would be great to add Local subnetworks support.

[sanghaniJ]

• The request is regarding support for the localSubnetworks field in computeVpnTunnel resource. It is possible using the gCloud console but isn't supported via Terraform.

• While going through the documentation to configure tunnel, I found that we can add localSubnetworks but couldn't find the field representing the same in API Docs.

• Even if the value is set using a console, as there are no fields in the API supporting it, we won't be able to fetch it via GET.

• The localTrafficSelector allows only a single value, it cannot be changed because that is the GCP Behavior.

Hence, in order to support localSubnetworksusing Terraform, it needs to be supported via API.

[sanghaniJ]

b/262349088