update documentation to reflect VRF resource additions and changes

Signed-off-by: Marques Johansson <mjohansson@equinix.com>

DEVELOPMENT.md

@@ -86,6 +86,7 @@ Interconnection Zone 2 seller profile. Reflected by Fabric connection tests.
 Google l2 connection primary. Reflected by Fabric connection tests
 * `TF_ACC_FABRIC_L2_GCP2_INTERCONN_SERVICE_KEY` alters default authentication key of Equinix Fabric
 Google l2 connection secondary. Reflected by Fabric connection tests
+* `TF_ACC_METAL_DEDICATED_CONNECTION_ID` defines the UUID of a Metal Dedicated Connection, necessary for Virtual Circuit testing.
 * `TF_ACC_NETWORK_DEVICE_BILLING_ACCOUNT_NAME` alters default billing account name for
 Network edge device primary. Reflected by Network Edge tests.
 * `TF_ACC_NETWORK_DEVICE_SECONDARY_BILLING_ACCOUNT_NAME` alters default billing account

docs/data-sources/equinix_metal_gateway.md

@@ -6,6 +6,8 @@ subcategory: "Metal"
 
 Use this datasource to retrieve Metal Gateway resources in Equinix Metal.
 
+~> VRF features are not generally available. The interfaces related to VRF resources may change ahead of general availability.
+
 ## Example Usage
 
 ```hcl
@@ -34,6 +36,7 @@ In addition to all arguments above, the following attributes are exported:
 
 * `project_id` - UUID of the project where the gateway is scoped to.
 * `vlan_id` - UUID of the VLAN where the gateway is scoped to.
+* `vrf_id` - UUID of the VRF associated with the IP Reservation.
 * `ip_reservation_id` - UUID of IP reservation block bound to the gateway.
 * `private_ipv4_subnet_size` - Size of the private IPv4 subnet bound to this metal gateway. One of
 `8`, `16`, `32`, `64`, `128`.

docs/data-sources/equinix_metal_reserved_ip_block.md

@@ -7,6 +7,8 @@ subcategory: "Metal"
 Use this data source to find IP address blocks in Equinix Metal. You can use IP address or a block
 ID for lookup.
 
+~> VRF features are not generally available. The interfaces related to VRF resources may change ahead of general availability.
+
 ## Example Usage
 
 Look up an IP address for a domain name, then use the IP to look up the containing IP block and
@@ -45,4 +47,6 @@ The following arguments are supported:
 ## Attributes Reference
 
 This datasource exposes the same attributes as the
-[equinix_metal_reserved_ip_block](../resources/equinix_metal_reserved_ip_block.md) resource.
+[equinix_metal_reserved_ip_block](../resources/equinix_metal_reserved_ip_block.md) resource, with the following differences:
+
+* `type` - One of `global_ipv4`, `public_ipv4`, `private_ipv4`, `public_ipv6`,or `vrf`

docs/data-sources/equinix_metal_virtual_circuit.md

@@ -7,6 +7,8 @@ subcategory: "Metal"
 Use this data source to retrieve a virtual circuit resource from
 [Equinix Fabric - software-defined interconnections](https://metal.equinix.com/developers/docs/networking/fabric/)
 
+~> VRF features are not generally available. The interfaces related to VRF resources may change ahead of general availability.
+
 ## Example Usage
 
 ```hcl
@@ -38,3 +40,13 @@ In addition to all arguments above, the following attributes are exported:
 * `description` - Description for the Virtual Circuit resource.
 * `tags` - Tags for the Virtual Circuit resource.
 * `speed` - Speed of the Virtual Circuit resource.
+* `vrf_id` - UUID of the VLAN to associate.
+* `peer_asn` - The BGP ASN of the peer. The same ASN may be the used across several VCs, but it cannot be the same as the local_asn of the VRF.
+* `subnet` - A subnet from one of the IP
+  blocks associated with the VRF that we will help create an IP reservation for. Can only be either a /30 or /31.
+  * For a /31 block, it will only have two IP addresses, which will be used for
+  the metal_ip and customer_ip.
+  * For a /30 block, it will have four IP addresses, but the first and last IP addresses are not usable. We will default to the first usable IP address for the metal_ip.
+* `metal_ip` - The IP address that’s set as “our” IP that is configured on the rack_local_vlan SVI. Will default to the first usable IP in the subnet.
+* `customer_ip` - The IP address set as the customer IP which the CSR switch will peer with. Will default to the other usable IP in the subnet.
+* `md5` - The password that can be set for the VRF BGP peer

docs/data-sources/equinix_metal_vrf.md

@@ -0,0 +1,34 @@
+---
+subcategory: "Metal"
+---
+
+# equinix_metal_virtual_circuit (Data Source)
+
+Use this data source to retrieve a VRF resource.
+
+~> VRF features are not generally available. The interfaces related to VRF resources may change ahead of general availability.
+
+## Example Usage
+
+```hcl
+data "equinix_metal_vrf" "example_vrf" {
+  vrf_id = "48630899-9ff2-4ce6-a93f-50ff4ebcdf6e"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `vrf_id` - (Required) ID of the VRF resource
+
+## Attributes Reference
+
+In addition to all arguments above, the following attributes are exported:
+
+* `name` - User-supplied name of the VRF, unique to the project
+* `metro` - Metro ID or Code where the VRF will be deployed.
+* `project_id` - Project ID where the VRF will be deployed.
+* `description` - Description of the VRF.
+* `local_asn` - The 4-byte ASN set on the VRF.
+* `ip_ranges` - All IPv4 and IPv6 Ranges that will be available to BGP Peers. IPv4 addresses must be /8 or smaller with a minimum size of /29. IPv6 must be /56 or smaller with a minimum size of /64. Ranges must not overlap other ranges within the VRF.

docs/guides/migration_guide_facilities_to_metros_devices.md

@@ -11,7 +11,7 @@ Before the introduction of metros, resources were deployed to a single `facility
 
 ## Changing your Terraform templates to use metros instead of facilities
 
-To take advantage of some of the features of the metro, you might want to change the configuration of your Terraform templates so that the devices have `metro` specified instead of `facilities`. As both of the `metro` and `facilities` are ForceNew parameters (a change will trigger re-creation of the resource), you should be cautious if you don't want to have the device destroyed. 
+To take advantage of some of the features of the metro, you might want to change the configuration of your Terraform templates so that the devices have `metro` specified instead of `facilities`. As both of the `metro` and `facilities` are ForceNew parameters (a change will trigger re-creation of the resource), you should be cautious if you don't want to have the device destroyed.
 
 We updated the `equinix_metal_device` resource so that the change should be seamless, but please proceed with care. The `metro` parameter is also a computed attribute, and if you use newer provider version than 3.2.1, the `metro` attribute is actually present in your resource. You then only need to add it explicitly to your configuration.
 

docs/resources/equinix_metal_gateway.md

@@ -6,6 +6,8 @@ subcategory: "Metal"
 
 Use this resource to create Metal Gateway resources in Equinix Metal.
 
+~> VRF features are not generally available. The interfaces related to VRF resources may change ahead of general availability.
+
 ## Example Usage
 
 ```hcl
@@ -52,7 +54,7 @@ The following arguments are supported:
 
 * `project_id` - (Required) UUID of the project where the gateway is scoped to.
 * `vlan_id` - (Required) UUID of the VLAN where the gateway is scoped to.
-* `ip_reservation_id` - (Optional) UUID of IP reservation block to bind to the gateway, the
+* `ip_reservation_id` - (Optional) UUID of Public or VRF IP Reservation to associate with the gateway, the
 reservation must be in the same metro as the VLAN, conflicts with `private_ipv4_subnet_size`.
 * `private_ipv4_subnet_size` - (Optional) Size of the private IPv4 subnet to create for this metal
 gateway, must be one of `8`, `16`, `32`, `64`, `128`. Conflicts with `ip_reservation_id`.
@@ -62,3 +64,4 @@ gateway, must be one of `8`, `16`, `32`, `64`, `128`. Conflicts with `ip_reserva
 In addition to all arguments above, the following attributes are exported:
 
 * `state` - Status of the gateway resource.
+* `vrf_id` - UUID of the VRF associated with the IP Reservation

docs/resources/equinix_metal_reserved_ip_block.md

@@ -11,12 +11,14 @@ The new device then gets IPv6 and private IPv4 addresses from those block. It al
 Every new device in the project and facility will automatically get IPv6 and private IPv4 addresses from these pre-allocated blocks.
 The IPv6 and private IPv4 blocks can't be created, only imported. With this resource, it's possible to create either public IPv4 blocks or global IPv4 blocks.
 
-Public blocks are allocated in a facility. Addresses from public blocks can only be assigned to devices in the facility. Public blocks can have mask from /24 (256 addresses) to /32 (1 address). If you create public block with this resource, you must fill the facility argmument.
+Public blocks are allocated in a facility. Addresses from public blocks can only be assigned to devices in the facility. Public blocks can have mask from /24 (256 addresses) to /32 (1 address). If you create public block with this resource, you must fill the facility argument.
 
 Addresses from global blocks can be assigned in any facility. Global blocks can have mask from /30 (4 addresses), to /32 (1 address). If you create global block with this resource, you must specify type = "global_ipv4" and you must omit the facility argument.
 
 Once IP block is allocated or imported, an address from it can be assigned to device with the `equinix_metal_ip_attachment` resource.
 
+~> VRF features are not generally available. The interfaces related to VRF resources may change ahead of general availability.
+
 ## Example Usage
 
 Allocate reserved IP blocks:
@@ -85,15 +87,18 @@ resource "equinix_metal_device" "nodes" {
 The following arguments are supported:
 
 * `project_id` - (Required) The metal project ID where to allocate the address block.
-* `quantity` - (Required) The number of allocated `/32` addresses, a power of 2.
-* `type` - (Optional) One of `global_ipv4` or `public_ipv4`. Defaults to `public_ipv4` for backward
+* `quantity` - (Optional) The number of allocated `/32` addresses, a power of 2. Required when `type` is not `vrf`.
+* `type` - (Optional) One of `global_ipv4`, `public_ipv4`, or `vrf`. Defaults to `public_ipv4` for backward
 compatibility.
 * `facility` - (Optional) Facility where to allocate the public IP address block, makes sense only
 if type is `public_ipv4` and must be empty if type is `global_ipv4`. Conflicts with `metro`.
 * `metro` - (Optional) Metro where to allocate the public IP address block, makes sense only
 if type is `public_ipv4` and must be empty if type is `global_ipv4`. Conflicts with `facility`.
 * `description` - (Optional) Arbitrary description.
 * `tags` - (Optional) String list of tags.
+* `vrf_id` - (Optional) Only valid and required when `type` is `vrf`. VRF ID for type=vrf reservations.
+* `network` - (Optional) Only valid as an argument and required when `type` is `vrf`. An unreserved network address from an existing `ip_range` in the specified VRF.
+* `cidr` - (Optional) Only valid as an argument and required when `type` is `vrf`. The size of the network to reserve from an existing VRF ip_range. `cidr` can only be specified with `vrf_id`. Range is 22-31. Virtual Circuits require 30-31. Other VRF resources must use a CIDR in the 22-29 range.
 
 ## Attributes Reference
 
@@ -108,6 +113,7 @@ In addition to all arguments above, the following attributes are exported:
 * `public` - Boolean flag whether addresses from a block are public.
 * `global` - Boolean flag whether addresses from a block are global (i.e. can be assigned in any
 facility).
+* `vrf_id` - VRF ID of the block when type=vrf
 
 -> **NOTE:** Idempotent reference to a first `/32` address from a reserved block might look
 like `join("/", [cidrhost(metal_reserved_ip_block.myblock.cidr_notation,0), "32"])`.

docs/resources/equinix_metal_virtual_circuit.md

@@ -7,6 +7,8 @@ subcategory: "Metal"
 Use this resource to associate VLAN with a Dedicated Port from
 [Equinix Fabric - software-defined interconnections](https://metal.equinix.com/developers/docs/networking/fabric/#associating-a-vlan-with-a-dedicated-port).
 
+~> VRF features are not generally available. The interfaces related to VRF resources may change ahead of general availability.
+
 ## Example Usage
 
 Pick an existing Project and Connection, create a VLAN and use `equinix_metal_virtual_circuit`
@@ -50,6 +52,16 @@ The following arguments are supported:
 * `description` - (Optional) Description for the Virtual Circuit resource.
 * `tags` - (Optional) Tags for the Virtual Circuit resource.
 * `speed` - (Optional) Speed of the Virtual Circuit resource.
+* `vrf_id` - (Optional) UUID of the VLAN to associate.
+* `peer_asn` - (Optional, required with `vrf_id`) The BGP ASN of the peer. The same ASN may be the used across several VCs, but it cannot be the same as the local_asn of the VRF.
+* `subnet` - (Optional, required with `vrf_id`) A subnet from one of the IP
+  blocks associated with the VRF that we will help create an IP reservation for. Can only be either a /30 or /31.
+  * For a /31 block, it will only have two IP addresses, which will be used for
+  the metal_ip and customer_ip.
+  * For a /30 block, it will have four IP addresses, but the first and last IP addresses are not usable. We will default to the first usable IP address for the metal_ip.
+* `metal_ip` - (Optional, required with `vrf_id`) The IP address that’s set as “our” IP that is configured on the rack_local_vlan SVI. Will default to the first usable IP in the subnet.
+* `customer_ip` - (Optional, required with `vrf_id`) The IP address set as the customer IP which the CSR switch will peer with. Will default to the other usable IP in the subnet.
+* `md5` - (Optional, only valid with `vrf_id`) The password that can be set for the VRF BGP peer
 
 ## Attributes Reference
 

docs/resources/equinix_metal_vrf.md

@@ -0,0 +1,100 @@
+---
+subcategory: "Metal"
+---
+
+# equinix_metal_vrf (Resource)
+
+Use this resource to manage a VRF.
+
+~> VRF features are not generally available. The interfaces related to VRF resources may change ahead of general availability.
+
+## Example Usage
+
+Create a VRF in your desired metro and project with any IP ranges that you want the VRF to route and forward.
+
+```hcl
+resource "equinix_metal_project" "example" {
+    name = "example"
+}
+
+resource "equinix_metal_vrf" "example" {
+	description = "VRF with ASN 65000 and a pool of address space that includes 192.168.100.0/25"
+	name = "example-vrf"
+	metro = "da"
+	local_asn = "65000"
+	ip_ranges = ["192.168.100.0/25", "192.168.200.0/25"]
+	project_id = equinix_metal_project.example.id
+}
+```
+
+Create IP reservations and assign them to a Metal Gateway resources. The Gateway will be assigned the first address in the block.
+
+```hcl
+resource "equinix_metal_reserved_ip_block" "example" {
+	description = "Reserved IP block (192.168.100.0/29) taken from on of the ranges in the VRF's pool of address space."
+    project_id = equinix_metal_project.example.id
+	metro = equinix_metal_vrf.example.metro
+	type = "vrf"
+	vrf_id = equinix_metal_vrf.example.id
+	cidr = 29
+    network = "192.168.100.0"
+}
+
+resource "equinix_metal_vlan" "example" {
+	description = "A VLAN for Layer2 and Hybrid Metal devices"
+	metro       = equinix_metal_vrf.example.metro
+	project_id  = equinix_metal_project.example.id
+}
+
+resource "equinix_metal_gateway" "example" {
+    description       = "A Gateway on the VRF192.168.100.0/29
+    project_id        = equinix_metal_project.example.id
+    vlan_id           = equinix_metal_vlan.example.id
+    ip_reservation_id = equinix_metal_reserved_ip_block.example.id
+}
+```
+
+Attach a Virtual Circuit from a Dedicated Metal Connection to the Metal Gateway.
+
+```hcl
+data "equinix_metal_connection" "example" {
+    connection_id = var.metal_dedicated_connection_id
+}
+
+resource "equinix_metal_virtual_circuit" "example" {
+    name = "example-vc"
+    description = "Virtual Circuit"
+    connection_id = data.equinix_metal_connection.example.id
+    project_id = equinix_metal_project.example.id
+    port_id = data.equinix_metal_connection.example.ports[0].id
+    nni_vlan = 1024
+    vrf_id = equinix_metal_vrf.example.id
+    peer_asn = 65530
+    subnet = "192.168.100.16/31"
+    metal_ip = "192.168.100.16"
+    customer_ip = "192.168.100.17"
+}
+```
+
+## Argument Reference
+
+The following arguments are supported:
+
+* `name` - (Required) User-supplied name of the VRF, unique to the project
+* `metro` - (Required) Metro ID or Code where the VRF will be deployed.
+* `project_id` - (Required) Project ID where the VRF will be deployed.
+* `description` - (Optional) Description of the VRF.
+* `local_asn` - (Optional) The 4-byte ASN set on the VRF.
+* `ip_ranges` - (Optional) All IPv4 and IPv6 Ranges that will be available to BGP Peers. IPv4 addresses must be /8 or smaller with a minimum size of /29. IPv6 must be /56 or smaller with a minimum size of /64. Ranges must not overlap other ranges within the VRF.
+
+## Attributes Reference
+
+No additional attributes are exported.
+
+## Import
+
+This resource can be imported using an existing VRF ID:
+
+```sh
+terraform import equinix_metal_vrf {existing_id}
+```

equinix/resource_metal_virtual_circuit.go

@@ -87,10 +87,8 @@ func resourceMetalVirtualCircuit() *schema.Resource {
 				Type:         schema.TypeInt,
 				Optional:     true,
 				RequiredWith: []string{"vrf_id"},
-				Description: `A subnet from one of the IP blocks associated with the VRF that we will help create an IP reservation for. Can only be either a /30 or /31.
-				 * For a /31 block, it will only have two IP addresses, which will be used for the metal_ip and customer_ip.
-				 * For a /30 block, it will have four IP addresses, but the first and last IP addresses are not usable. We will default to the first usable IP address for the metal_ip`,
-				ForceNew: true,
+				Description:  "The BGP ASN of the peer. The same ASN may be the used across several VCs, but it cannot be the same as the local_asn of the VRF.",
+				ForceNew:     true,
 			},
 			"subnet": {
 				Type:         schema.TypeString,