mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-10-01 16:21:06 +00:00
Release generated SSLPolicy (#1478)
This commit is contained in:
parent
6a01bb8cff
commit
5e0d39225f
@ -21,6 +21,7 @@ var GeneratedComputeResourcesMap = map[string]*schema.Resource{
|
||||
"google_compute_global_address": resourceComputeGlobalAddress(),
|
||||
"google_compute_http_health_check": resourceComputeHttpHealthCheck(),
|
||||
"google_compute_https_health_check": resourceComputeHttpsHealthCheck(),
|
||||
"google_compute_ssl_policy": resourceComputeSslPolicy(),
|
||||
"google_compute_target_http_proxy": resourceComputeTargetHttpProxy(),
|
||||
"google_compute_target_https_proxy": resourceComputeTargetHttpsProxy(),
|
||||
"google_compute_target_ssl_proxy": resourceComputeTargetSslProxy(),
|
||||
|
@ -1,7 +1,22 @@
|
||||
// ----------------------------------------------------------------------------
|
||||
//
|
||||
// *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
|
||||
//
|
||||
// ----------------------------------------------------------------------------
|
||||
//
|
||||
// This file is automatically generated by Magic Modules and manual
|
||||
// changes will be clobbered when the file is regenerated.
|
||||
//
|
||||
// Please read more about how to change this file in
|
||||
// .github/CONTRIBUTING.md.
|
||||
//
|
||||
// ----------------------------------------------------------------------------
|
||||
|
||||
package google
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"log"
|
||||
"time"
|
||||
|
||||
"github.com/hashicorp/terraform/helper/schema"
|
||||
@ -9,6 +24,27 @@ import (
|
||||
compute "google.golang.org/api/compute/v1"
|
||||
)
|
||||
|
||||
func sslPolicyCustomizeDiff(diff *schema.ResourceDiff, v interface{}) error {
|
||||
profile := diff.Get("profile")
|
||||
customFeaturesCount := diff.Get("custom_features.#")
|
||||
|
||||
// Validate that policy configs aren't incompatible during all phases
|
||||
// CUSTOM profile demands non-zero custom_features, and other profiles (i.e., not CUSTOM) demand zero custom_features
|
||||
if diff.HasChange("profile") || diff.HasChange("custom_features") {
|
||||
if profile.(string) == "CUSTOM" {
|
||||
if customFeaturesCount.(int) == 0 {
|
||||
return fmt.Errorf("Error in SSL Policy %s: the profile is set to %s but no custom_features are set.", diff.Get("name"), profile.(string))
|
||||
}
|
||||
} else {
|
||||
if customFeaturesCount != 0 {
|
||||
return fmt.Errorf("Error in SSL Policy %s: the profile is set to %s but using custom_features requires the profile to be CUSTOM.", diff.Get("name"), profile.(string))
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func resourceComputeSslPolicy() *schema.Resource {
|
||||
return &schema.Resource{
|
||||
Create: resourceComputeSslPolicyCreate,
|
||||
@ -17,97 +53,73 @@ func resourceComputeSslPolicy() *schema.Resource {
|
||||
Delete: resourceComputeSslPolicyDelete,
|
||||
|
||||
Importer: &schema.ResourceImporter{
|
||||
State: schema.ImportStatePassthrough,
|
||||
State: resourceComputeSslPolicyImport,
|
||||
},
|
||||
|
||||
Timeouts: &schema.ResourceTimeout{
|
||||
Create: schema.DefaultTimeout(2 * time.Minute),
|
||||
Update: schema.DefaultTimeout(2 * time.Minute),
|
||||
Delete: schema.DefaultTimeout(2 * time.Minute),
|
||||
Create: schema.DefaultTimeout(240 * time.Second),
|
||||
Update: schema.DefaultTimeout(240 * time.Second),
|
||||
Delete: schema.DefaultTimeout(240 * time.Second),
|
||||
},
|
||||
CustomizeDiff: sslPolicyCustomizeDiff,
|
||||
|
||||
Schema: map[string]*schema.Schema{
|
||||
|
||||
"name": &schema.Schema{
|
||||
"name": {
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
ForceNew: true,
|
||||
},
|
||||
|
||||
"custom_features": &schema.Schema{
|
||||
Type: schema.TypeSet,
|
||||
Optional: true,
|
||||
Elem: &schema.Schema{Type: schema.TypeString},
|
||||
Set: schema.HashString,
|
||||
},
|
||||
|
||||
"description": &schema.Schema{
|
||||
"description": {
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
ForceNew: true, // currently, the beta patch API call does not allow updating the description
|
||||
ForceNew: true,
|
||||
},
|
||||
|
||||
"min_tls_version": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
Default: "TLS_1_0",
|
||||
// Although compute-gen.go says that TLS_1_3 is a valid value, the API currently (26 Mar 2018)
|
||||
// responds with an HTTP 200 but doesn't actually create/update the policy. Open bug for this:
|
||||
// https://issuetracker.google.com/issues/76433946
|
||||
ValidateFunc: validation.StringInSlice([]string{"TLS_1_0", "TLS_1_1", "TLS_1_2"}, false),
|
||||
},
|
||||
|
||||
"profile": &schema.Schema{
|
||||
"profile": {
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
ValidateFunc: validation.StringInSlice([]string{"COMPATIBLE", "MODERN", "RESTRICTED", "CUSTOM", ""}, false),
|
||||
Default: "COMPATIBLE",
|
||||
ValidateFunc: validation.StringInSlice([]string{"COMPATIBLE", "MODERN", "RESTRICTED", "CUSTOM"}, false),
|
||||
},
|
||||
|
||||
"project": &schema.Schema{
|
||||
"min_tls_version": {
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
ValidateFunc: validation.StringInSlice([]string{"TLS_1_0", "TLS_1_1", "TLS_1_2", ""}, false),
|
||||
Default: "TLS_1_0",
|
||||
},
|
||||
"custom_features": {
|
||||
Type: schema.TypeSet,
|
||||
Optional: true,
|
||||
Elem: &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
},
|
||||
Set: schema.HashString,
|
||||
},
|
||||
"creation_timestamp": {
|
||||
Type: schema.TypeString,
|
||||
Computed: true,
|
||||
},
|
||||
"enabled_features": {
|
||||
Type: schema.TypeSet,
|
||||
Computed: true,
|
||||
Elem: &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
},
|
||||
Set: schema.HashString,
|
||||
},
|
||||
"fingerprint": {
|
||||
Type: schema.TypeString,
|
||||
Computed: true,
|
||||
},
|
||||
"project": {
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
Computed: true,
|
||||
ForceNew: true,
|
||||
},
|
||||
|
||||
"enabled_features": &schema.Schema{
|
||||
Type: schema.TypeSet,
|
||||
Computed: true,
|
||||
Elem: &schema.Schema{Type: schema.TypeString},
|
||||
Set: schema.HashString,
|
||||
},
|
||||
|
||||
"fingerprint": &schema.Schema{
|
||||
"self_link": {
|
||||
Type: schema.TypeString,
|
||||
Computed: true,
|
||||
},
|
||||
|
||||
"self_link": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Computed: true,
|
||||
},
|
||||
},
|
||||
|
||||
CustomizeDiff: func(diff *schema.ResourceDiff, v interface{}) error {
|
||||
profile := diff.Get("profile")
|
||||
customFeaturesCount := diff.Get("custom_features.#")
|
||||
|
||||
// Validate that policy configs aren't incompatible during all phases
|
||||
// CUSTOM profile demands non-zero custom_features, and other profiles (i.e., not CUSTOM) demand zero custom_features
|
||||
if diff.HasChange("profile") || diff.HasChange("custom_features") {
|
||||
if profile.(string) == "CUSTOM" {
|
||||
if customFeaturesCount.(int) == 0 {
|
||||
return fmt.Errorf("Error in SSL Policy %s: the profile is set to %s but no custom_features are set.", diff.Get("name"), profile.(string))
|
||||
}
|
||||
} else {
|
||||
if customFeaturesCount != 0 {
|
||||
return fmt.Errorf("Error in SSL Policy %s: the profile is set to %s but using custom_features requires the profile to be CUSTOM.", diff.Get("name"), profile.(string))
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
return nil
|
||||
},
|
||||
}
|
||||
}
|
||||
@ -120,26 +132,68 @@ func resourceComputeSslPolicyCreate(d *schema.ResourceData, meta interface{}) er
|
||||
return err
|
||||
}
|
||||
|
||||
sslPolicy := &compute.SslPolicy{
|
||||
Name: d.Get("name").(string),
|
||||
Description: d.Get("description").(string),
|
||||
Profile: d.Get("profile").(string),
|
||||
MinTlsVersion: d.Get("min_tls_version").(string),
|
||||
CustomFeatures: convertStringSet(d.Get("custom_features").(*schema.Set)),
|
||||
}
|
||||
|
||||
op, err := config.clientCompute.SslPolicies.Insert(project, sslPolicy).Do()
|
||||
descriptionProp, err := expandComputeSslPolicyDescription(d.Get("description"), d, config)
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error creating SSL Policy: %s", err)
|
||||
}
|
||||
|
||||
d.SetId(sslPolicy.Name)
|
||||
|
||||
err = computeSharedOperationWaitTime(config.clientCompute, op, project, int(d.Timeout(schema.TimeoutCreate).Minutes()), "Creating SSL Policy")
|
||||
if err != nil {
|
||||
d.SetId("") // if insert fails, remove from state
|
||||
return err
|
||||
}
|
||||
nameProp, err := expandComputeSslPolicyName(d.Get("name"), d, config)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
profileProp, err := expandComputeSslPolicyProfile(d.Get("profile"), d, config)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
minTlsVersionProp, err := expandComputeSslPolicyMinTlsVersion(d.Get("min_tls_version"), d, config)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
customFeaturesProp, err := expandComputeSslPolicyCustomFeatures(d.Get("custom_features"), d, config)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
obj := map[string]interface{}{
|
||||
"description": descriptionProp,
|
||||
"name": nameProp,
|
||||
"profile": profileProp,
|
||||
"minTlsVersion": minTlsVersionProp,
|
||||
"customFeatures": customFeaturesProp,
|
||||
}
|
||||
|
||||
url, err := replaceVars(d, config, "https://www.googleapis.com/compute/v1/projects/{{project}}/global/sslPolicies")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
log.Printf("[DEBUG] Creating new SslPolicy: %#v", obj)
|
||||
res, err := Post(config, url, obj)
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error creating SslPolicy: %s", err)
|
||||
}
|
||||
|
||||
// Store the ID now
|
||||
id, err := replaceVars(d, config, "{{name}}")
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error constructing id: %s", err)
|
||||
}
|
||||
d.SetId(id)
|
||||
|
||||
op := &compute.Operation{}
|
||||
err = Convert(res, op)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
waitErr := computeOperationWaitTime(
|
||||
config.clientCompute, op, project, "Creating SslPolicy",
|
||||
int(d.Timeout(schema.TimeoutCreate).Minutes()))
|
||||
|
||||
if waitErr != nil {
|
||||
// The resource didn't actually create
|
||||
d.SetId("")
|
||||
return fmt.Errorf("Error waiting to create SslPolicy: %s", waitErr)
|
||||
}
|
||||
|
||||
return resourceComputeSslPolicyRead(d, meta)
|
||||
}
|
||||
@ -152,30 +206,50 @@ func resourceComputeSslPolicyRead(d *schema.ResourceData, meta interface{}) erro
|
||||
return err
|
||||
}
|
||||
|
||||
name := d.Id()
|
||||
|
||||
sslPolicy, err := config.clientCompute.SslPolicies.Get(project, name).Do()
|
||||
url, err := replaceVars(d, config, "https://www.googleapis.com/compute/v1/projects/{{project}}/global/sslPolicies/{{name}}")
|
||||
if err != nil {
|
||||
return handleNotFoundError(err, d, fmt.Sprintf("SSL Policy %q", name))
|
||||
return err
|
||||
}
|
||||
|
||||
d.Set("name", sslPolicy.Name)
|
||||
d.Set("description", sslPolicy.Description)
|
||||
d.Set("min_tls_version", sslPolicy.MinTlsVersion)
|
||||
d.Set("profile", sslPolicy.Profile)
|
||||
d.Set("fingerprint", sslPolicy.Fingerprint)
|
||||
d.Set("project", project)
|
||||
d.Set("self_link", ConvertSelfLinkToV1(sslPolicy.SelfLink))
|
||||
d.Set("enabled_features", convertStringArrToInterface(sslPolicy.EnabledFeatures))
|
||||
d.Set("custom_features", convertStringArrToInterface(sslPolicy.CustomFeatures))
|
||||
|
||||
d.SetId(sslPolicy.Name)
|
||||
res, err := Get(config, url)
|
||||
if err != nil {
|
||||
return handleNotFoundError(err, d, fmt.Sprintf("ComputeSslPolicy %q", d.Id()))
|
||||
}
|
||||
if err := d.Set("creation_timestamp", flattenComputeSslPolicyCreationTimestamp(res["creationTimestamp"])); err != nil {
|
||||
return fmt.Errorf("Error reading SslPolicy: %s", err)
|
||||
}
|
||||
if err := d.Set("description", flattenComputeSslPolicyDescription(res["description"])); err != nil {
|
||||
return fmt.Errorf("Error reading SslPolicy: %s", err)
|
||||
}
|
||||
if err := d.Set("name", flattenComputeSslPolicyName(res["name"])); err != nil {
|
||||
return fmt.Errorf("Error reading SslPolicy: %s", err)
|
||||
}
|
||||
if err := d.Set("profile", flattenComputeSslPolicyProfile(res["profile"])); err != nil {
|
||||
return fmt.Errorf("Error reading SslPolicy: %s", err)
|
||||
}
|
||||
if err := d.Set("min_tls_version", flattenComputeSslPolicyMinTlsVersion(res["minTlsVersion"])); err != nil {
|
||||
return fmt.Errorf("Error reading SslPolicy: %s", err)
|
||||
}
|
||||
if err := d.Set("enabled_features", flattenComputeSslPolicyEnabledFeatures(res["enabledFeatures"])); err != nil {
|
||||
return fmt.Errorf("Error reading SslPolicy: %s", err)
|
||||
}
|
||||
if err := d.Set("custom_features", flattenComputeSslPolicyCustomFeatures(res["customFeatures"])); err != nil {
|
||||
return fmt.Errorf("Error reading SslPolicy: %s", err)
|
||||
}
|
||||
if err := d.Set("fingerprint", flattenComputeSslPolicyFingerprint(res["fingerprint"])); err != nil {
|
||||
return fmt.Errorf("Error reading SslPolicy: %s", err)
|
||||
}
|
||||
if err := d.Set("self_link", res["selfLink"]); err != nil {
|
||||
return fmt.Errorf("Error reading SslPolicy: %s", err)
|
||||
}
|
||||
if err := d.Set("project", project); err != nil {
|
||||
return fmt.Errorf("Error reading SslPolicy: %s", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func resourceComputeSslPolicyUpdate(d *schema.ResourceData, meta interface{}) error {
|
||||
|
||||
config := meta.(*Config)
|
||||
|
||||
project, err := getProject(d, config)
|
||||
@ -183,28 +257,58 @@ func resourceComputeSslPolicyUpdate(d *schema.ResourceData, meta interface{}) er
|
||||
return err
|
||||
}
|
||||
|
||||
name := d.Get("name").(string)
|
||||
|
||||
sslPolicy := &compute.SslPolicy{
|
||||
Fingerprint: d.Get("fingerprint").(string),
|
||||
Profile: d.Get("profile").(string),
|
||||
MinTlsVersion: d.Get("min_tls_version").(string),
|
||||
}
|
||||
|
||||
if v, ok := d.Get("custom_features").(*schema.Set); ok {
|
||||
if v.Len() > 0 {
|
||||
sslPolicy.CustomFeatures = convertStringSet(v)
|
||||
} else {
|
||||
sslPolicy.NullFields = append(sslPolicy.NullFields, "CustomFeatures")
|
||||
}
|
||||
}
|
||||
|
||||
op, err := config.clientCompute.SslPolicies.Patch(project, name, sslPolicy).Do()
|
||||
descriptionProp, err := expandComputeSslPolicyDescription(d.Get("description"), d, config)
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error updating SSL Policy: %s", err)
|
||||
return err
|
||||
}
|
||||
nameProp, err := expandComputeSslPolicyName(d.Get("name"), d, config)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
profileProp, err := expandComputeSslPolicyProfile(d.Get("profile"), d, config)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
minTlsVersionProp, err := expandComputeSslPolicyMinTlsVersion(d.Get("min_tls_version"), d, config)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
customFeaturesProp, err := expandComputeSslPolicyCustomFeatures(d.Get("custom_features"), d, config)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
err = computeSharedOperationWaitTime(config.clientCompute, op, project, int(d.Timeout(schema.TimeoutUpdate).Minutes()), "Updating SSL Policy")
|
||||
obj := map[string]interface{}{
|
||||
"description": descriptionProp,
|
||||
"name": nameProp,
|
||||
"profile": profileProp,
|
||||
"minTlsVersion": minTlsVersionProp,
|
||||
"customFeatures": customFeaturesProp,
|
||||
}
|
||||
|
||||
obj, err = resourceComputeSslPolicyUpdateEncoder(d, meta, obj)
|
||||
url, err := replaceVars(d, config, "https://www.googleapis.com/compute/v1/projects/{{project}}/global/sslPolicies/{{name}}")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
log.Printf("[DEBUG] Updating SslPolicy %q: %#v", d.Id(), obj)
|
||||
res, err := sendRequest(config, "PATCH", url, obj)
|
||||
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error updating SslPolicy %q: %s", d.Id(), err)
|
||||
}
|
||||
|
||||
op := &compute.Operation{}
|
||||
err = Convert(res, op)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
err = computeOperationWaitTime(
|
||||
config.clientCompute, op, project, "Updating SslPolicy",
|
||||
int(d.Timeout(schema.TimeoutUpdate).Minutes()))
|
||||
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@ -213,7 +317,6 @@ func resourceComputeSslPolicyUpdate(d *schema.ResourceData, meta interface{}) er
|
||||
}
|
||||
|
||||
func resourceComputeSslPolicyDelete(d *schema.ResourceData, meta interface{}) error {
|
||||
|
||||
config := meta.(*Config)
|
||||
|
||||
project, err := getProject(d, config)
|
||||
@ -221,19 +324,110 @@ func resourceComputeSslPolicyDelete(d *schema.ResourceData, meta interface{}) er
|
||||
return err
|
||||
}
|
||||
|
||||
name := d.Get("name").(string)
|
||||
|
||||
op, err := config.clientCompute.SslPolicies.Delete(project, name).Do()
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error deleting SSL Policy: %s", err)
|
||||
}
|
||||
|
||||
err = computeSharedOperationWaitTime(config.clientCompute, op, project, int(d.Timeout(schema.TimeoutDelete).Minutes()), "Deleting Subnetwork")
|
||||
url, err := replaceVars(d, config, "https://www.googleapis.com/compute/v1/projects/{{project}}/global/sslPolicies/{{name}}")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
d.SetId("")
|
||||
log.Printf("[DEBUG] Deleting SslPolicy %q", d.Id())
|
||||
res, err := Delete(config, url)
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error deleting SslPolicy %q: %s", d.Id(), err)
|
||||
}
|
||||
|
||||
op := &compute.Operation{}
|
||||
err = Convert(res, op)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
err = computeOperationWaitTime(
|
||||
config.clientCompute, op, project, "Deleting SslPolicy",
|
||||
int(d.Timeout(schema.TimeoutDelete).Minutes()))
|
||||
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func resourceComputeSslPolicyImport(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
|
||||
config := meta.(*Config)
|
||||
parseImportId([]string{"projects/(?P<project>[^/]+)/global/sslPolicies/(?P<name>[^/]+)", "(?P<project>[^/]+)/(?P<name>[^/]+)", "(?P<name>[^/]+)"}, d, config)
|
||||
|
||||
// Replace import id for the resource id
|
||||
id, err := replaceVars(d, config, "{{name}}")
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Error constructing id: %s", err)
|
||||
}
|
||||
d.SetId(id)
|
||||
|
||||
return []*schema.ResourceData{d}, nil
|
||||
}
|
||||
|
||||
func flattenComputeSslPolicyCreationTimestamp(v interface{}) interface{} {
|
||||
return v
|
||||
}
|
||||
|
||||
func flattenComputeSslPolicyDescription(v interface{}) interface{} {
|
||||
return v
|
||||
}
|
||||
|
||||
func flattenComputeSslPolicyName(v interface{}) interface{} {
|
||||
return v
|
||||
}
|
||||
|
||||
func flattenComputeSslPolicyProfile(v interface{}) interface{} {
|
||||
return v
|
||||
}
|
||||
|
||||
func flattenComputeSslPolicyMinTlsVersion(v interface{}) interface{} {
|
||||
return v
|
||||
}
|
||||
|
||||
func flattenComputeSslPolicyEnabledFeatures(v interface{}) interface{} {
|
||||
return v
|
||||
}
|
||||
|
||||
func flattenComputeSslPolicyCustomFeatures(v interface{}) interface{} {
|
||||
return v
|
||||
}
|
||||
|
||||
func flattenComputeSslPolicyFingerprint(v interface{}) interface{} {
|
||||
return v
|
||||
}
|
||||
|
||||
func expandComputeSslPolicyDescription(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) {
|
||||
return v, nil
|
||||
}
|
||||
|
||||
func expandComputeSslPolicyName(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) {
|
||||
return v, nil
|
||||
}
|
||||
|
||||
func expandComputeSslPolicyProfile(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) {
|
||||
return v, nil
|
||||
}
|
||||
|
||||
func expandComputeSslPolicyMinTlsVersion(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) {
|
||||
return v, nil
|
||||
}
|
||||
|
||||
func expandComputeSslPolicyCustomFeatures(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) {
|
||||
v = v.(*schema.Set).List()
|
||||
return v, nil
|
||||
}
|
||||
|
||||
func resourceComputeSslPolicyUpdateEncoder(d *schema.ResourceData, meta interface{}, obj map[string]interface{}) (map[string]interface{}, error) {
|
||||
// TODO(https://github.com/GoogleCloudPlatform/magic-modules/issues/184): Handle fingerprint consistently
|
||||
obj["fingerprint"] = d.Get("fingerprint")
|
||||
|
||||
// TODO(https://github.com/GoogleCloudPlatform/magic-modules/issues/183): Can we generalize this
|
||||
// Send a null fields if customFeatures is empty.
|
||||
if v, ok := obj["customFeatures"]; ok && len(v.([]interface{})) == 0 {
|
||||
obj["customFeatures"] = nil
|
||||
}
|
||||
|
||||
return obj, nil
|
||||
}
|
||||
|
@ -1,17 +1,34 @@
|
||||
---
|
||||
# ----------------------------------------------------------------------------
|
||||
#
|
||||
# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
|
||||
#
|
||||
# ----------------------------------------------------------------------------
|
||||
#
|
||||
# This file is automatically generated by Magic Modules and manual
|
||||
# changes will be clobbered when the file is regenerated.
|
||||
#
|
||||
# Please read more about how to change this file in
|
||||
# .github/CONTRIBUTING.md.
|
||||
#
|
||||
# ----------------------------------------------------------------------------
|
||||
layout: "google"
|
||||
page_title: "Google: google_compute_ssl_policy"
|
||||
sidebar_current: "docs-google-compute-ssl-policy"
|
||||
description: |-
|
||||
Manages an SSL Policy within GCE, for use with Target HTTPS and Target SSL Proxies.
|
||||
Represents a SSL policy.
|
||||
---
|
||||
|
||||
# google\_compute\_ssl\_policy
|
||||
|
||||
Manages an SSL Policy within GCE, for use with Target HTTPS and Target SSL Proxies. For more information see
|
||||
[the official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies)
|
||||
and
|
||||
[API](https://cloud.google.com/compute/docs/reference/rest/beta/sslPolicies).
|
||||
Represents a SSL policy. SSL policies give you the ability to control the
|
||||
features of SSL that your SSL proxy or HTTPS load balancer negotiates.
|
||||
|
||||
To get more information about SslPolicy, see:
|
||||
|
||||
* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/sslPolicies)
|
||||
* How-to Guides
|
||||
* [Using SSL Policies](https://cloud.google.com/compute/docs/load-balancing/ssl-policies)
|
||||
|
||||
## Example Usage
|
||||
|
||||
@ -39,46 +56,85 @@ resource "google_compute_ssl_policy" "custom-ssl-policy" {
|
||||
|
||||
The following arguments are supported:
|
||||
|
||||
* `name` - (Required) A unique name for the resource, required by GCE.
|
||||
Changing this forces a new resource to be created.
|
||||
* `name` -
|
||||
(Required)
|
||||
Name of the resource. Provided by the client when the resource is
|
||||
created. The name must be 1-63 characters long, and comply with
|
||||
RFC1035. Specifically, the name must be 1-63 characters long and match
|
||||
the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the
|
||||
first character must be a lowercase letter, and all following
|
||||
characters must be a dash, lowercase letter, or digit, except the last
|
||||
character, which cannot be a dash.
|
||||
|
||||
|
||||
- - -
|
||||
|
||||
* `description` - (Optional) Description of this subnetwork. Changing this forces a new resource to be created.
|
||||
* `description` -
|
||||
(Optional)
|
||||
An optional description of this resource.
|
||||
* `profile` -
|
||||
(Optional)
|
||||
Profile specifies the set of SSL features that can be used by the
|
||||
load balancer when negotiating SSL with clients. This can be one of
|
||||
`COMPATIBLE`, `MODERN`, `RESTRICTED`, or `CUSTOM`. If using `CUSTOM`,
|
||||
the set of SSL features to enable must be specified in the
|
||||
`customFeatures` field.
|
||||
|
||||
* `project` - (Optional) The ID of the project in which the resource belongs. If it
|
||||
is not provided, the provider project is used.
|
||||
See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)
|
||||
for information on what cipher suites each profile provides. If
|
||||
`CUSTOM` is used, the `custom_features` attribute **must be set**.
|
||||
Default is `COMPATIBLE`.
|
||||
* `min_tls_version` -
|
||||
(Optional)
|
||||
The minimum version of SSL protocol that can be used by the clients
|
||||
to establish a connection with the load balancer. This can be one of
|
||||
`TLS_1_0`, `TLS_1_1`, `TLS_1_2`.
|
||||
Default is `TLS_1_0`.
|
||||
* `custom_features` -
|
||||
(Optional)
|
||||
Profile specifies the set of SSL features that can be used by the
|
||||
load balancer when negotiating SSL with clients. This can be one of
|
||||
`COMPATIBLE`, `MODERN`, `RESTRICTED`, or `CUSTOM`. If using `CUSTOM`,
|
||||
the set of SSL features to enable must be specified in the
|
||||
`customFeatures` field.
|
||||
|
||||
* `min_tls_version` - (Optional) The minimum TLS version to support. Must be one of `TLS_1_0`, `TLS_1_1`, or `TLS_1_2`.
|
||||
Default is `TLS_1_0`.
|
||||
See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)
|
||||
for which ciphers are available to use. **Note**: this argument
|
||||
*must* be present when using the `CUSTOM` profile. This argument
|
||||
*must not* be present when using any other profile.
|
||||
* `project` (Optional) The ID of the project in which the resource belongs.
|
||||
If it is not provided, the provider project is used.
|
||||
|
||||
* `profile` - (Optional) The Google-curated SSL profile to use. Must be one of `COMPATIBLE`, `MODERN`,
|
||||
`RESTRICTED`, or `CUSTOM`. See the
|
||||
[official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)
|
||||
for information on what cipher suites each profile provides. If `CUSTOM` is used, the `custom_features` attribute
|
||||
**must be set**. Default is `COMPATIBLE`.
|
||||
|
||||
* `custom_features` - (Required with `CUSTOM` profile) The specific encryption ciphers to use. See the
|
||||
[official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)
|
||||
for which ciphers are available to use. **Note**: this argument *must* be present when using the `CUSTOM` profile.
|
||||
This argument *must not* be present when using any other profile.
|
||||
|
||||
## Attributes Reference
|
||||
|
||||
In addition to the arguments listed above, the following computed attributes are
|
||||
exported:
|
||||
|
||||
* `enabled_features` - The set of enabled encryption ciphers as a result of the policy config
|
||||
|
||||
* `fingerprint` - Fingerprint of this resource.
|
||||
In addition to the arguments listed above, the following computed attributes are exported:
|
||||
|
||||
* `creation_timestamp` -
|
||||
Creation timestamp in RFC3339 text format.
|
||||
* `enabled_features` -
|
||||
The list of features enabled in the SSL policy.
|
||||
* `fingerprint` -
|
||||
Fingerprint of this resource. A hash of the contents stored in this
|
||||
object. This field is used in optimistic locking.
|
||||
* `self_link` - The URI of the created resource.
|
||||
|
||||
|
||||
## Timeouts
|
||||
|
||||
This resource provides the following
|
||||
[Timeouts](/docs/configuration/resources.html#timeouts) configuration options:
|
||||
|
||||
- `create` - Default is 4 minutes.
|
||||
- `update` - Default is 4 minutes.
|
||||
- `delete` - Default is 4 minutes.
|
||||
|
||||
## Import
|
||||
|
||||
SSL Policies can be imported using the GCP canonical `name` of the Policy. For example, an SSL Policy named `production-ssl-policy`
|
||||
would be imported by running:
|
||||
SslPolicy can be imported using any of these accepted formats:
|
||||
|
||||
```bash
|
||||
$ terraform import google_compute_ssl_policy.my-policy production-ssl-policy
|
||||
```
|
||||
$ terraform import google_compute_ssl_policy.default projects/{{project}}/global/sslPolicies/{{name}}
|
||||
$ terraform import google_compute_ssl_policy.default {{project}}/{{name}}
|
||||
$ terraform import google_compute_ssl_policy.default {{name}}
|
||||
```
|
||||
|
Loading…
Reference in New Issue
Block a user