public/terraform-provider-google
0
0
Fork 0
mirror of https://github.com/letic/terraform-provider-google.git synced 2024-10-01 16:21:06 +00:00
Code Issues Projects Releases Wiki Activity

Release generated SSLPolicy (#1478)

Browse Source
This commit is contained in:
The Magician 2018-05-14 09:52:33 -07:00 committed by Vincent Roseberry
parent 6a01bb8cff
commit 5e0d39225f
3 changed files with 411 additions and 160 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
google/provider_compute_gen.go
View File

@ -21,6 +21,7 @@ var GeneratedComputeResourcesMap = map[string]*schema.Resource{
"google_compute_global_address": resourceComputeGlobalAddress(),
"google_compute_http_health_check": resourceComputeHttpHealthCheck(),
"google_compute_https_health_check": resourceComputeHttpsHealthCheck(),
"google_compute_ssl_policy": resourceComputeSslPolicy(),
"google_compute_target_http_proxy": resourceComputeTargetHttpProxy(),
"google_compute_target_https_proxy": resourceComputeTargetHttpsProxy(),
"google_compute_target_ssl_proxy": resourceComputeTargetSslProxy(),

450
google/resource_compute_ssl_policy.go
View File

@ -1,7 +1,22 @@
// ----------------------------------------------------------------------------
//
// *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
//
// ----------------------------------------------------------------------------
//
// This file is automatically generated by Magic Modules and manual
// changes will be clobbered when the file is regenerated.
//
// Please read more about how to change this file in
// .github/CONTRIBUTING.md.
//
// ----------------------------------------------------------------------------
package google
import (
"fmt"
"log"
"time"
"github.com/hashicorp/terraform/helper/schema"
@ -9,6 +24,27 @@ import (
compute "google.golang.org/api/compute/v1"
)
func sslPolicyCustomizeDiff(diff *schema.ResourceDiff, v interface{}) error {
profile := diff.Get("profile")
customFeaturesCount := diff.Get("custom_features.#")
// Validate that policy configs aren't incompatible during all phases
// CUSTOM profile demands non-zero custom_features, and other profiles (i.e., not CUSTOM) demand zero custom_features
if diff.HasChange("profile") || diff.HasChange("custom_features") {
if profile.(string) == "CUSTOM" {
if customFeaturesCount.(int) == 0 {
return fmt.Errorf("Error in SSL Policy %s: the profile is set to %s but no custom_features are set.", diff.Get("name"), profile.(string))
}
} else {
if customFeaturesCount != 0 {
return fmt.Errorf("Error in SSL Policy %s: the profile is set to %s but using custom_features requires the profile to be CUSTOM.", diff.Get("name"), profile.(string))
}
}
return nil
}
return nil
}
func resourceComputeSslPolicy() *schema.Resource {
return &schema.Resource{
Create: resourceComputeSslPolicyCreate,
@ -17,97 +53,73 @@ func resourceComputeSslPolicy() *schema.Resource {
Delete: resourceComputeSslPolicyDelete,
Importer: &schema.ResourceImporter{
State: schema.ImportStatePassthrough,
State: resourceComputeSslPolicyImport,
},
Timeouts: &schema.ResourceTimeout{
Create: schema.DefaultTimeout(2 * time.Minute),
Update: schema.DefaultTimeout(2 * time.Minute),
Delete: schema.DefaultTimeout(2 * time.Minute),
Create: schema.DefaultTimeout(240 * time.Second),
Update: schema.DefaultTimeout(240 * time.Second),
Delete: schema.DefaultTimeout(240 * time.Second),
},
CustomizeDiff: sslPolicyCustomizeDiff,
Schema: map[string]*schema.Schema{
"name": &schema.Schema{
"name": {
Type: schema.TypeString,
Required: true,
ForceNew: true,
},
"custom_features": &schema.Schema{
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Schema{Type: schema.TypeString},
Set: schema.HashString,
},
"description": &schema.Schema{
"description": {
Type: schema.TypeString,
Optional: true,
ForceNew: true, // currently, the beta patch API call does not allow updating the description
ForceNew: true,
},
"min_tls_version": &schema.Schema{
Type: schema.TypeString,
Optional: true,
Default: "TLS_1_0",
// Although compute-gen.go says that TLS_1_3 is a valid value, the API currently (26 Mar 2018)
// responds with an HTTP 200 but doesn't actually create/update the policy. Open bug for this:
// https://issuetracker.google.com/issues/76433946
ValidateFunc: validation.StringInSlice([]string{"TLS_1_0", "TLS_1_1", "TLS_1_2"}, false),
},
"profile": &schema.Schema{
"profile": {
Type: schema.TypeString,
Optional: true,
ValidateFunc: validation.StringInSlice([]string{"COMPATIBLE", "MODERN", "RESTRICTED", "CUSTOM", ""}, false),
Default: "COMPATIBLE",
ValidateFunc: validation.StringInSlice([]string{"COMPATIBLE", "MODERN", "RESTRICTED", "CUSTOM"}, false),
},
"project": &schema.Schema{
"min_tls_version": {
Type: schema.TypeString,
Optional: true,
ValidateFunc: validation.StringInSlice([]string{"TLS_1_0", "TLS_1_1", "TLS_1_2", ""}, false),
Default: "TLS_1_0",
},
"custom_features": {
Type: schema.TypeSet,
Optional: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
Set: schema.HashString,
},
"creation_timestamp": {
Type: schema.TypeString,
Computed: true,
},
"enabled_features": {
Type: schema.TypeSet,
Computed: true,
Elem: &schema.Schema{
Type: schema.TypeString,
},
Set: schema.HashString,
},
"fingerprint": {
Type: schema.TypeString,
Computed: true,
},
"project": {
Type: schema.TypeString,
Optional: true,
Computed: true,
ForceNew: true,
},
"enabled_features": &schema.Schema{
Type: schema.TypeSet,
Computed: true,
Elem: &schema.Schema{Type: schema.TypeString},
Set: schema.HashString,
},
"fingerprint": &schema.Schema{
"self_link": {
Type: schema.TypeString,
Computed: true,
},
"self_link": &schema.Schema{
Type: schema.TypeString,
Computed: true,
},
},
CustomizeDiff: func(diff *schema.ResourceDiff, v interface{}) error {
profile := diff.Get("profile")
customFeaturesCount := diff.Get("custom_features.#")
// Validate that policy configs aren't incompatible during all phases
// CUSTOM profile demands non-zero custom_features, and other profiles (i.e., not CUSTOM) demand zero custom_features
if diff.HasChange("profile") || diff.HasChange("custom_features") {
if profile.(string) == "CUSTOM" {
if customFeaturesCount.(int) == 0 {
return fmt.Errorf("Error in SSL Policy %s: the profile is set to %s but no custom_features are set.", diff.Get("name"), profile.(string))
}
} else {
if customFeaturesCount != 0 {
return fmt.Errorf("Error in SSL Policy %s: the profile is set to %s but using custom_features requires the profile to be CUSTOM.", diff.Get("name"), profile.(string))
}
}
return nil
}
return nil
},
}
}
@ -120,26 +132,68 @@ func resourceComputeSslPolicyCreate(d *schema.ResourceData, meta interface{}) er
return err
}
sslPolicy := &compute.SslPolicy{
Name: d.Get("name").(string),
Description: d.Get("description").(string),
Profile: d.Get("profile").(string),
MinTlsVersion: d.Get("min_tls_version").(string),
CustomFeatures: convertStringSet(d.Get("custom_features").(*schema.Set)),
}
op, err := config.clientCompute.SslPolicies.Insert(project, sslPolicy).Do()
descriptionProp, err := expandComputeSslPolicyDescription(d.Get("description"), d, config)
if err != nil {
return fmt.Errorf("Error creating SSL Policy: %s", err)
}
d.SetId(sslPolicy.Name)
err = computeSharedOperationWaitTime(config.clientCompute, op, project, int(d.Timeout(schema.TimeoutCreate).Minutes()), "Creating SSL Policy")
if err != nil {
d.SetId("") // if insert fails, remove from state
return err
}
nameProp, err := expandComputeSslPolicyName(d.Get("name"), d, config)
if err != nil {
return err
}
profileProp, err := expandComputeSslPolicyProfile(d.Get("profile"), d, config)
if err != nil {
return err
}
minTlsVersionProp, err := expandComputeSslPolicyMinTlsVersion(d.Get("min_tls_version"), d, config)
if err != nil {
return err
}
customFeaturesProp, err := expandComputeSslPolicyCustomFeatures(d.Get("custom_features"), d, config)
if err != nil {
return err
}
obj := map[string]interface{}{
"description": descriptionProp,
"name": nameProp,
"profile": profileProp,
"minTlsVersion": minTlsVersionProp,
"customFeatures": customFeaturesProp,
}
url, err := replaceVars(d, config, "https://www.googleapis.com/compute/v1/projects/{{project}}/global/sslPolicies")
if err != nil {
return err
}
log.Printf("[DEBUG] Creating new SslPolicy: %#v", obj)
res, err := Post(config, url, obj)
if err != nil {
return fmt.Errorf("Error creating SslPolicy: %s", err)
}
// Store the ID now
id, err := replaceVars(d, config, "{{name}}")
if err != nil {
return fmt.Errorf("Error constructing id: %s", err)
}
d.SetId(id)
op := &compute.Operation{}
err = Convert(res, op)
if err != nil {
return err
}
waitErr := computeOperationWaitTime(
config.clientCompute, op, project, "Creating SslPolicy",
int(d.Timeout(schema.TimeoutCreate).Minutes()))
if waitErr != nil {
// The resource didn't actually create
d.SetId("")
return fmt.Errorf("Error waiting to create SslPolicy: %s", waitErr)
}
return resourceComputeSslPolicyRead(d, meta)
}
@ -152,30 +206,50 @@ func resourceComputeSslPolicyRead(d *schema.ResourceData, meta interface{}) erro
return err
}
name := d.Id()
sslPolicy, err := config.clientCompute.SslPolicies.Get(project, name).Do()
url, err := replaceVars(d, config, "https://www.googleapis.com/compute/v1/projects/{{project}}/global/sslPolicies/{{name}}")
if err != nil {
return handleNotFoundError(err, d, fmt.Sprintf("SSL Policy %q", name))
return err
}
d.Set("name", sslPolicy.Name)
d.Set("description", sslPolicy.Description)
d.Set("min_tls_version", sslPolicy.MinTlsVersion)
d.Set("profile", sslPolicy.Profile)
d.Set("fingerprint", sslPolicy.Fingerprint)
d.Set("project", project)
d.Set("self_link", ConvertSelfLinkToV1(sslPolicy.SelfLink))
d.Set("enabled_features", convertStringArrToInterface(sslPolicy.EnabledFeatures))
d.Set("custom_features", convertStringArrToInterface(sslPolicy.CustomFeatures))
d.SetId(sslPolicy.Name)
res, err := Get(config, url)
if err != nil {
return handleNotFoundError(err, d, fmt.Sprintf("ComputeSslPolicy %q", d.Id()))
}
if err := d.Set("creation_timestamp", flattenComputeSslPolicyCreationTimestamp(res["creationTimestamp"])); err != nil {
return fmt.Errorf("Error reading SslPolicy: %s", err)
}
if err := d.Set("description", flattenComputeSslPolicyDescription(res["description"])); err != nil {
return fmt.Errorf("Error reading SslPolicy: %s", err)
}
if err := d.Set("name", flattenComputeSslPolicyName(res["name"])); err != nil {
return fmt.Errorf("Error reading SslPolicy: %s", err)
}
if err := d.Set("profile", flattenComputeSslPolicyProfile(res["profile"])); err != nil {
return fmt.Errorf("Error reading SslPolicy: %s", err)
}
if err := d.Set("min_tls_version", flattenComputeSslPolicyMinTlsVersion(res["minTlsVersion"])); err != nil {
return fmt.Errorf("Error reading SslPolicy: %s", err)
}
if err := d.Set("enabled_features", flattenComputeSslPolicyEnabledFeatures(res["enabledFeatures"])); err != nil {
return fmt.Errorf("Error reading SslPolicy: %s", err)
}
if err := d.Set("custom_features", flattenComputeSslPolicyCustomFeatures(res["customFeatures"])); err != nil {
return fmt.Errorf("Error reading SslPolicy: %s", err)
}
if err := d.Set("fingerprint", flattenComputeSslPolicyFingerprint(res["fingerprint"])); err != nil {
return fmt.Errorf("Error reading SslPolicy: %s", err)
}
if err := d.Set("self_link", res["selfLink"]); err != nil {
return fmt.Errorf("Error reading SslPolicy: %s", err)
}
if err := d.Set("project", project); err != nil {
return fmt.Errorf("Error reading SslPolicy: %s", err)
}
return nil
}
func resourceComputeSslPolicyUpdate(d *schema.ResourceData, meta interface{}) error {
config := meta.(*Config)
project, err := getProject(d, config)
@ -183,28 +257,58 @@ func resourceComputeSslPolicyUpdate(d *schema.ResourceData, meta interface{}) er
return err
}
name := d.Get("name").(string)
sslPolicy := &compute.SslPolicy{
Fingerprint: d.Get("fingerprint").(string),
Profile: d.Get("profile").(string),
MinTlsVersion: d.Get("min_tls_version").(string),
}
if v, ok := d.Get("custom_features").(*schema.Set); ok {
if v.Len() > 0 {
sslPolicy.CustomFeatures = convertStringSet(v)
} else {
sslPolicy.NullFields = append(sslPolicy.NullFields, "CustomFeatures")
}
}
op, err := config.clientCompute.SslPolicies.Patch(project, name, sslPolicy).Do()
descriptionProp, err := expandComputeSslPolicyDescription(d.Get("description"), d, config)
if err != nil {
return fmt.Errorf("Error updating SSL Policy: %s", err)
return err
}
nameProp, err := expandComputeSslPolicyName(d.Get("name"), d, config)
if err != nil {
return err
}
profileProp, err := expandComputeSslPolicyProfile(d.Get("profile"), d, config)
if err != nil {
return err
}
minTlsVersionProp, err := expandComputeSslPolicyMinTlsVersion(d.Get("min_tls_version"), d, config)
if err != nil {
return err
}
customFeaturesProp, err := expandComputeSslPolicyCustomFeatures(d.Get("custom_features"), d, config)
if err != nil {
return err
}
err = computeSharedOperationWaitTime(config.clientCompute, op, project, int(d.Timeout(schema.TimeoutUpdate).Minutes()), "Updating SSL Policy")
obj := map[string]interface{}{
"description": descriptionProp,
"name": nameProp,
"profile": profileProp,
"minTlsVersion": minTlsVersionProp,
"customFeatures": customFeaturesProp,
}
obj, err = resourceComputeSslPolicyUpdateEncoder(d, meta, obj)
url, err := replaceVars(d, config, "https://www.googleapis.com/compute/v1/projects/{{project}}/global/sslPolicies/{{name}}")
if err != nil {
return err
}
log.Printf("[DEBUG] Updating SslPolicy %q: %#v", d.Id(), obj)
res, err := sendRequest(config, "PATCH", url, obj)
if err != nil {
return fmt.Errorf("Error updating SslPolicy %q: %s", d.Id(), err)
}
op := &compute.Operation{}
err = Convert(res, op)
if err != nil {
return err
}
err = computeOperationWaitTime(
config.clientCompute, op, project, "Updating SslPolicy",
int(d.Timeout(schema.TimeoutUpdate).Minutes()))
if err != nil {
return err
}
@ -213,7 +317,6 @@ func resourceComputeSslPolicyUpdate(d *schema.ResourceData, meta interface{}) er
}
func resourceComputeSslPolicyDelete(d *schema.ResourceData, meta interface{}) error {
config := meta.(*Config)
project, err := getProject(d, config)
@ -221,19 +324,110 @@ func resourceComputeSslPolicyDelete(d *schema.ResourceData, meta interface{}) er
return err
}
name := d.Get("name").(string)
op, err := config.clientCompute.SslPolicies.Delete(project, name).Do()
if err != nil {
return fmt.Errorf("Error deleting SSL Policy: %s", err)
}
err = computeSharedOperationWaitTime(config.clientCompute, op, project, int(d.Timeout(schema.TimeoutDelete).Minutes()), "Deleting Subnetwork")
url, err := replaceVars(d, config, "https://www.googleapis.com/compute/v1/projects/{{project}}/global/sslPolicies/{{name}}")
if err != nil {
return err
}
d.SetId("")
log.Printf("[DEBUG] Deleting SslPolicy %q", d.Id())
res, err := Delete(config, url)
if err != nil {
return fmt.Errorf("Error deleting SslPolicy %q: %s", d.Id(), err)
}
op := &compute.Operation{}
err = Convert(res, op)
if err != nil {
return err
}
err = computeOperationWaitTime(
config.clientCompute, op, project, "Deleting SslPolicy",
int(d.Timeout(schema.TimeoutDelete).Minutes()))
if err != nil {
return err
}
return nil
}
func resourceComputeSslPolicyImport(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
config := meta.(*Config)
parseImportId([]string{"projects/(?P<project>[^/]+)/global/sslPolicies/(?P<name>[^/]+)", "(?P<project>[^/]+)/(?P<name>[^/]+)", "(?P<name>[^/]+)"}, d, config)
// Replace import id for the resource id
id, err := replaceVars(d, config, "{{name}}")
if err != nil {
return nil, fmt.Errorf("Error constructing id: %s", err)
}
d.SetId(id)
return []*schema.ResourceData{d}, nil
}
func flattenComputeSslPolicyCreationTimestamp(v interface{}) interface{} {
return v
}
func flattenComputeSslPolicyDescription(v interface{}) interface{} {
return v
}
func flattenComputeSslPolicyName(v interface{}) interface{} {
return v
}
func flattenComputeSslPolicyProfile(v interface{}) interface{} {
return v
}
func flattenComputeSslPolicyMinTlsVersion(v interface{}) interface{} {
return v
}
func flattenComputeSslPolicyEnabledFeatures(v interface{}) interface{} {
return v
}
func flattenComputeSslPolicyCustomFeatures(v interface{}) interface{} {
return v
}
func flattenComputeSslPolicyFingerprint(v interface{}) interface{} {
return v
}
func expandComputeSslPolicyDescription(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) {
return v, nil
}
func expandComputeSslPolicyName(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) {
return v, nil
}
func expandComputeSslPolicyProfile(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) {
return v, nil
}
func expandComputeSslPolicyMinTlsVersion(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) {
return v, nil
}
func expandComputeSslPolicyCustomFeatures(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) {
v = v.(*schema.Set).List()
return v, nil
}
func resourceComputeSslPolicyUpdateEncoder(d *schema.ResourceData, meta interface{}, obj map[string]interface{}) (map[string]interface{}, error) {
// TODO(https://github.com/GoogleCloudPlatform/magic-modules/issues/184): Handle fingerprint consistently
obj["fingerprint"] = d.Get("fingerprint")
// TODO(https://github.com/GoogleCloudPlatform/magic-modules/issues/183): Can we generalize this
// Send a null fields if customFeatures is empty.
if v, ok := obj["customFeatures"]; ok && len(v.([]interface{})) == 0 {
obj["customFeatures"] = nil
}
return obj, nil
}

120
website/docs/r/compute_ssl_policy.html.markdown
View File

@ -1,17 +1,34 @@
---
# ----------------------------------------------------------------------------
#
# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
#
# ----------------------------------------------------------------------------
#
# This file is automatically generated by Magic Modules and manual
# changes will be clobbered when the file is regenerated.
#
# Please read more about how to change this file in
# .github/CONTRIBUTING.md.
#
# ----------------------------------------------------------------------------
layout: "google"
page_title: "Google: google_compute_ssl_policy"
sidebar_current: "docs-google-compute-ssl-policy"
description: |-
Manages an SSL Policy within GCE, for use with Target HTTPS and Target SSL Proxies.
Represents a SSL policy.
---
# google\_compute\_ssl\_policy
Manages an SSL Policy within GCE, for use with Target HTTPS and Target SSL Proxies. For more information see
[the official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies)
and
[API](https://cloud.google.com/compute/docs/reference/rest/beta/sslPolicies).
Represents a SSL policy. SSL policies give you the ability to control the
features of SSL that your SSL proxy or HTTPS load balancer negotiates.
To get more information about SslPolicy, see:
* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/sslPolicies)
* How-to Guides
* [Using SSL Policies](https://cloud.google.com/compute/docs/load-balancing/ssl-policies)
## Example Usage
@ -39,46 +56,85 @@ resource "google_compute_ssl_policy" "custom-ssl-policy" {
The following arguments are supported:
* `name` - (Required) A unique name for the resource, required by GCE.
Changing this forces a new resource to be created.
* `name` -
(Required)
Name of the resource. Provided by the client when the resource is
created. The name must be 1-63 characters long, and comply with
RFC1035. Specifically, the name must be 1-63 characters long and match
the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the
first character must be a lowercase letter, and all following
characters must be a dash, lowercase letter, or digit, except the last
character, which cannot be a dash.
- - -
* `description` - (Optional) Description of this subnetwork. Changing this forces a new resource to be created.
* `description` -
(Optional)
An optional description of this resource.
* `profile` -
(Optional)
Profile specifies the set of SSL features that can be used by the
load balancer when negotiating SSL with clients. This can be one of
`COMPATIBLE`, `MODERN`, `RESTRICTED`, or `CUSTOM`. If using `CUSTOM`,
the set of SSL features to enable must be specified in the
`customFeatures` field.
* `project` - (Optional) The ID of the project in which the resource belongs. If it
is not provided, the provider project is used.
See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)
for information on what cipher suites each profile provides. If
`CUSTOM` is used, the `custom_features` attribute **must be set**.
Default is `COMPATIBLE`.
* `min_tls_version` -
(Optional)
The minimum version of SSL protocol that can be used by the clients
to establish a connection with the load balancer. This can be one of
`TLS_1_0`, `TLS_1_1`, `TLS_1_2`.
Default is `TLS_1_0`.
* `custom_features` -
(Optional)
Profile specifies the set of SSL features that can be used by the
load balancer when negotiating SSL with clients. This can be one of
`COMPATIBLE`, `MODERN`, `RESTRICTED`, or `CUSTOM`. If using `CUSTOM`,
the set of SSL features to enable must be specified in the
`customFeatures` field.
* `min_tls_version` - (Optional) The minimum TLS version to support. Must be one of `TLS_1_0`, `TLS_1_1`, or `TLS_1_2`.
Default is `TLS_1_0`.
See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)
for which ciphers are available to use. **Note**: this argument
*must* be present when using the `CUSTOM` profile. This argument
*must not* be present when using any other profile.
* `project` (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
* `profile` - (Optional) The Google-curated SSL profile to use. Must be one of `COMPATIBLE`, `MODERN`,
`RESTRICTED`, or `CUSTOM`. See the
[official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)
for information on what cipher suites each profile provides. If `CUSTOM` is used, the `custom_features` attribute
**must be set**. Default is `COMPATIBLE`.
* `custom_features` - (Required with `CUSTOM` profile) The specific encryption ciphers to use. See the
[official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)
for which ciphers are available to use. **Note**: this argument *must* be present when using the `CUSTOM` profile.
This argument *must not* be present when using any other profile.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `enabled_features` - The set of enabled encryption ciphers as a result of the policy config
* `fingerprint` - Fingerprint of this resource.
In addition to the arguments listed above, the following computed attributes are exported:
* `creation_timestamp` -
Creation timestamp in RFC3339 text format.
* `enabled_features` -
The list of features enabled in the SSL policy.
* `fingerprint` -
Fingerprint of this resource. A hash of the contents stored in this
object. This field is used in optimistic locking.
* `self_link` - The URI of the created resource.
## Timeouts
This resource provides the following
[Timeouts](/docs/configuration/resources.html#timeouts) configuration options:
- `create` - Default is 4 minutes.
- `update` - Default is 4 minutes.
- `delete` - Default is 4 minutes.
## Import
SSL Policies can be imported using the GCP canonical `name` of the Policy. For example, an SSL Policy named `production-ssl-policy`
would be imported by running:
SslPolicy can be imported using any of these accepted formats:
```bash
$ terraform import google_compute_ssl_policy.my-policy production-ssl-policy
```
$ terraform import google_compute_ssl_policy.default projects/{{project}}/global/sslPolicies/{{name}}
$ terraform import google_compute_ssl_policy.default {{project}}/{{name}}
$ terraform import google_compute_ssl_policy.default {{name}}
```