From c058cdcbed0c6dda2f4671ac9394c1e2a2ea8716 Mon Sep 17 00:00:00 2001
From: Roberto Jung Drebes <drebes@google.com>
Date: Wed, 4 Jan 2017 10:35:44 +0100
Subject: [PATCH 1/2] provider/google: remote_traffic_selector for
 google_compute_vpn_tunnel

---
 resource_compute_vpn_tunnel.go | 29 +++++++++++++++++++++++------
 1 file changed, 23 insertions(+), 6 deletions(-)

diff --git a/resource_compute_vpn_tunnel.go b/resource_compute_vpn_tunnel.go
index 989764c2..7f78688c 100644
--- a/resource_compute_vpn_tunnel.go
+++ b/resource_compute_vpn_tunnel.go
@@ -72,6 +72,14 @@ func resourceComputeVpnTunnel() *schema.Resource {
 				Set:      schema.HashString,
 			},
 
+			"remote_traffic_selector": &schema.Schema{
+				Type:     schema.TypeSet,
+				Optional: true,
+				ForceNew: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+				Set:      schema.HashString,
+			},
+
 			"project": &schema.Schema{
 				Type:     schema.TypeString,
 				Optional: true,
@@ -124,15 +132,24 @@ func resourceComputeVpnTunnelCreate(d *schema.ResourceData, meta interface{}) er
 		}
 	}
 
+	var remoteTrafficSelectors []string
+	if v := d.Get("remote_traffic_selector").(*schema.Set); v.Len() > 0 {
+		remoteTrafficSelectors = make([]string, v.Len())
+		for i, v := range v.List() {
+			remoteTrafficSelectors[i] = v.(string)
+		}
+	}
+
 	vpnTunnelsService := compute.NewVpnTunnelsService(config.clientCompute)
 
 	vpnTunnel := &compute.VpnTunnel{
-		Name:                 name,
-		PeerIp:               peerIp,
-		SharedSecret:         sharedSecret,
-		TargetVpnGateway:     targetVpnGateway,
-		IkeVersion:           int64(ikeVersion),
-		LocalTrafficSelector: localTrafficSelectors,
+		Name:                  name,
+		PeerIp:                peerIp,
+		SharedSecret:          sharedSecret,
+		TargetVpnGateway:      targetVpnGateway,
+		IkeVersion:            int64(ikeVersion),
+		LocalTrafficSelector:  localTrafficSelectors,
+		RemoteTrafficSelector: remoteTrafficSelectors,
 	}
 
 	if v, ok := d.GetOk("description"); ok {

From 515b12f7509ed676c03c701f2aa7d38ddf2500f4 Mon Sep 17 00:00:00 2001
From: Roberto Jung Drebes <drebes@gmail.com>
Date: Sat, 28 Jan 2017 00:43:45 +0100
Subject: [PATCH 2/2] provider/google: acceptance tests for traffic selectors

---
 resource_compute_vpn_tunnel.go      | 12 ++++++++++++
 resource_compute_vpn_tunnel_test.go | 19 +++++++++++++++----
 2 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/resource_compute_vpn_tunnel.go b/resource_compute_vpn_tunnel.go
index 7f78688c..7989035d 100644
--- a/resource_compute_vpn_tunnel.go
+++ b/resource_compute_vpn_tunnel.go
@@ -199,6 +199,18 @@ func resourceComputeVpnTunnelRead(d *schema.ResourceData, meta interface{}) erro
 		return fmt.Errorf("Error Reading VPN Tunnel %s: %s", name, err)
 	}
 
+	localTrafficSelectors := []string{}
+	for _, lts := range vpnTunnel.LocalTrafficSelector {
+		localTrafficSelectors = append(localTrafficSelectors, lts)
+	}
+	d.Set("local_traffic_selector", localTrafficSelectors)
+
+	remoteTrafficSelectors := []string{}
+	for _, rts := range vpnTunnel.RemoteTrafficSelector {
+		remoteTrafficSelectors = append(remoteTrafficSelectors, rts)
+	}
+	d.Set("remote_traffic_selector", remoteTrafficSelectors)
+
 	d.Set("detailed_status", vpnTunnel.DetailedStatus)
 	d.Set("self_link", vpnTunnel.SelfLink)
 
diff --git a/resource_compute_vpn_tunnel_test.go b/resource_compute_vpn_tunnel_test.go
index 896c94c4..c863fce6 100644
--- a/resource_compute_vpn_tunnel_test.go
+++ b/resource_compute_vpn_tunnel_test.go
@@ -22,6 +22,10 @@ func TestAccComputeVpnTunnel_basic(t *testing.T) {
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckComputeVpnTunnelExists(
 						"google_compute_vpn_tunnel.foobar"),
+					resource.TestCheckResourceAttr(
+						"google_compute_vpn_tunnel.foobar", "local_traffic_selector.#", "1"),
+					resource.TestCheckResourceAttr(
+						"google_compute_vpn_tunnel.foobar", "remote_traffic_selector.#", "2"),
 				),
 			},
 		},
@@ -83,16 +87,21 @@ func testAccCheckComputeVpnTunnelExists(n string) resource.TestCheckFunc {
 var testAccComputeVpnTunnel_basic = fmt.Sprintf(`
 resource "google_compute_network" "foobar" {
 	name = "tunnel-test-%s"
-	ipv4_range = "10.0.0.0/16"
+}
+resource "google_compute_subnetwork" "foobar" {
+	name = "tunnel-test-%s"
+	network = "${google_compute_network.foobar.self_link}"
+	ip_cidr_range = "10.0.0.0/16"
+	region = "us-central1"
 }
 resource "google_compute_address" "foobar" {
 	name = "tunnel-test-%s"
-	region = "us-central1"
+	region = "${google_compute_subnetwork.foobar.region}"
 }
 resource "google_compute_vpn_gateway" "foobar" {
 	name = "tunnel-test-%s"
 	network = "${google_compute_network.foobar.self_link}"
-	region = "${google_compute_address.foobar.region}"
+	region = "${google_compute_subnetwork.foobar.region}"
 }
 resource "google_compute_forwarding_rule" "foobar_esp" {
 	name = "tunnel-test-%s"
@@ -123,6 +132,8 @@ resource "google_compute_vpn_tunnel" "foobar" {
 	target_vpn_gateway = "${google_compute_vpn_gateway.foobar.self_link}"
 	shared_secret = "unguessable"
 	peer_ip = "8.8.8.8"
+	local_traffic_selector = ["${google_compute_subnetwork.foobar.ip_cidr_range}"]
+	remote_traffic_selector = ["192.168.0.0/24", "192.168.1.0/24"]
 }`, acctest.RandString(10), acctest.RandString(10), acctest.RandString(10),
 	acctest.RandString(10), acctest.RandString(10), acctest.RandString(10),
-	acctest.RandString(10))
+	acctest.RandString(10), acctest.RandString(10))