hashicorp · modular-magician · Sep 23, 2024 · Sep 23, 2024
@@ -0,0 +1,6 @@
+```release-note:bug
+compute: added `macsec.fail_open` field to `google_compute_interconnect`
+```
+```release-note:deprecation
+compute: deprecated `macsec.pre_shared_keys.fail_open` field in `google_compute_interconnect`. Use the new `macsec.fail_open` field instead
+```
@@ -163,8 +163,9 @@ or re-establishing a MACsec secure link.`,
  letter, or digit, except the last character, which cannot be a dash.`,
 									},
 									"fail_open": {
-										Type:     schema.TypeBool,
-										Optional: true,
+										Type:       schema.TypeBool,
+										Optional:   true,
+										Deprecated: "`failOpen` is deprecated and will be removed in a future major release. Use other `failOpen` instead.",
 										Description: `If set to true, the Interconnect connection is configured with a should-secure
 MACsec security policy, that allows the Google router to fallback to cleartext
 traffic if the MKA session cannot be established. By default, the Interconnect
@@ -183,6 +184,15 @@ hours apart.`,
 								},
 							},
 						},
+						"fail_open": {
+							Type:     schema.TypeBool,
+							Optional: true,
+							Description: `If set to true, the Interconnect connection is configured with a should-secure
+MACsec security policy, that allows the Google router to fallback to cleartext
+traffic if the MKA session cannot be established. By default, the Interconnect
+connection is configured with a must-secure security policy that drops all traffic
+if the MKA session cannot be established with your router.`,
+						},
 					},
 				},
 			},
@@ -1106,6 +1116,8 @@ func flattenComputeInterconnectMacsec(v interface{}, d *schema.ResourceData, con
 	transformed := make(map[string]interface{})
 	transformed["pre_shared_keys"] =
 		flattenComputeInterconnectMacsecPreSharedKeys(original["preSharedKeys"], d, config)
+	transformed["fail_open"] =
+		flattenComputeInterconnectMacsecFailOpen(original["failOpen"], d, config)
 	return []interface{}{transformed}
 }
 func flattenComputeInterconnectMacsecPreSharedKeys(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
@@ -1140,6 +1152,10 @@ func flattenComputeInterconnectMacsecPreSharedKeysFailOpen(v interface{}, d *sch
 	return v
 }
 
+func flattenComputeInterconnectMacsecFailOpen(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
 func flattenComputeInterconnectMacsecEnabled(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
 	return v
 }
@@ -1231,6 +1247,13 @@ func expandComputeInterconnectMacsec(v interface{}, d tpgresource.TerraformResou
 		transformed["preSharedKeys"] = transformedPreSharedKeys
 	}
 
+	transformedFailOpen, err := expandComputeInterconnectMacsecFailOpen(original["fail_open"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedFailOpen); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["failOpen"] = transformedFailOpen
+	}
+
 	return transformed, nil
 }
 
@@ -1282,6 +1305,10 @@ func expandComputeInterconnectMacsecPreSharedKeysFailOpen(v interface{}, d tpgre
 	return v, nil
 }
 
+func expandComputeInterconnectMacsecFailOpen(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandComputeInterconnectMacsecEnabled(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	return v, nil
 }

@@ -85,6 +85,7 @@ resource "google_compute_interconnect" "example-interconnect" {
       name = "test-key"
       start_time = "2023-07-01T21:00:01.000Z"
     }
+    fail_open = true
   }
 }
 `, context)

@@ -156,6 +156,14 @@ The following arguments are supported:
   or re-establishing a MACsec secure link.
   Structure is [documented below](#nested_pre_shared_keys).
 
+* `fail_open` -
+  (Optional)
+  If set to true, the Interconnect connection is configured with a should-secure
+  MACsec security policy, that allows the Google router to fallback to cleartext
+  traffic if the MKA session cannot be established. By default, the Interconnect
+  connection is configured with a must-secure security policy that drops all traffic
+  if the MKA session cannot be established with your router.
+
 
 <a name="nested_pre_shared_keys"></a>The `pre_shared_keys` block supports:
 
@@ -176,13 +184,15 @@ The following arguments are supported:
   hours apart.
 
 * `fail_open` -
-  (Optional)
+  (Optional, Deprecated)
   If set to true, the Interconnect connection is configured with a should-secure
   MACsec security policy, that allows the Google router to fallback to cleartext
   traffic if the MKA session cannot be established. By default, the Interconnect
   connection is configured with a must-secure security policy that drops all traffic
   if the MKA session cannot be established with your router.
 
+  ~> **Warning:** `failOpen` is deprecated and will be removed in a future major release. Use other `failOpen` instead.
+
 ## Attributes Reference
 
 In addition to the arguments listed above, the following computed attributes are exported: