From b41efe7dc71201f1fb80503418d0db46624fda77 Mon Sep 17 00:00:00 2001
From: Roberto Jung Drebes <drebes@google.com>
Date: Wed, 4 Jan 2017 10:35:44 +0100
Subject: [PATCH] provider/google: remote_traffic_selector for
 google_compute_vpn_tunnel

---
 .../google/resource_compute_vpn_tunnel.go     | 29 +++++++++++++++----
 .../google/r/compute_vpn_tunnel.html.markdown |  5 ++++
 2 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/builtin/providers/google/resource_compute_vpn_tunnel.go b/builtin/providers/google/resource_compute_vpn_tunnel.go
index 989764c25..7f78688c5 100644
--- a/builtin/providers/google/resource_compute_vpn_tunnel.go
+++ b/builtin/providers/google/resource_compute_vpn_tunnel.go
@@ -72,6 +72,14 @@ func resourceComputeVpnTunnel() *schema.Resource {
 				Set:      schema.HashString,
 			},
 
+			"remote_traffic_selector": &schema.Schema{
+				Type:     schema.TypeSet,
+				Optional: true,
+				ForceNew: true,
+				Elem:     &schema.Schema{Type: schema.TypeString},
+				Set:      schema.HashString,
+			},
+
 			"project": &schema.Schema{
 				Type:     schema.TypeString,
 				Optional: true,
@@ -124,15 +132,24 @@ func resourceComputeVpnTunnelCreate(d *schema.ResourceData, meta interface{}) er
 		}
 	}
 
+	var remoteTrafficSelectors []string
+	if v := d.Get("remote_traffic_selector").(*schema.Set); v.Len() > 0 {
+		remoteTrafficSelectors = make([]string, v.Len())
+		for i, v := range v.List() {
+			remoteTrafficSelectors[i] = v.(string)
+		}
+	}
+
 	vpnTunnelsService := compute.NewVpnTunnelsService(config.clientCompute)
 
 	vpnTunnel := &compute.VpnTunnel{
-		Name:                 name,
-		PeerIp:               peerIp,
-		SharedSecret:         sharedSecret,
-		TargetVpnGateway:     targetVpnGateway,
-		IkeVersion:           int64(ikeVersion),
-		LocalTrafficSelector: localTrafficSelectors,
+		Name:                  name,
+		PeerIp:                peerIp,
+		SharedSecret:          sharedSecret,
+		TargetVpnGateway:      targetVpnGateway,
+		IkeVersion:            int64(ikeVersion),
+		LocalTrafficSelector:  localTrafficSelectors,
+		RemoteTrafficSelector: remoteTrafficSelectors,
 	}
 
 	if v, ok := d.GetOk("description"); ok {
diff --git a/website/source/docs/providers/google/r/compute_vpn_tunnel.html.markdown b/website/source/docs/providers/google/r/compute_vpn_tunnel.html.markdown
index cadfc4788..b4e84094d 100644
--- a/website/source/docs/providers/google/r/compute_vpn_tunnel.html.markdown
+++ b/website/source/docs/providers/google/r/compute_vpn_tunnel.html.markdown
@@ -104,6 +104,11 @@ The following arguments are supported:
     custom subnetted network. Refer to Google documentation for more
     information.
 
+* `remote_traffic_selector` - (Optional) Specifies which CIDR ranges the VPN
+    tunnel can route to the remote side. Mandatory if the VPN gateway is attached to a
+    custom subnetted network. Refer to Google documentation for more
+    information.
+
 * `project` - (Optional) The project in which the resource belongs. If it
     is not provided, the provider project is used.