mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-10-03 01:01:06 +00:00
Add support for SSL policy to google_compute_target_ssl_proxy (#1568)
This commit is contained in:
parent
5c292c1fa9
commit
6240cf2ab4
@ -73,6 +73,11 @@ func resourceComputeTargetSslProxy() *schema.Resource {
|
||||
ValidateFunc: validation.StringInSlice([]string{"NONE", "PROXY_V1", ""}, false),
|
||||
Default: "NONE",
|
||||
},
|
||||
"ssl_policy": {
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
DiffSuppressFunc: compareSelfLinkOrResourceName,
|
||||
},
|
||||
"creation_timestamp": {
|
||||
Type: schema.TypeString,
|
||||
Computed: true,
|
||||
@ -123,6 +128,10 @@ func resourceComputeTargetSslProxyCreate(d *schema.ResourceData, meta interface{
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
sslPolicyProp, err := expandComputeTargetSslProxySslPolicy(d.Get("ssl_policy"), d, config)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
obj := map[string]interface{}{
|
||||
"description": descriptionProp,
|
||||
@ -130,6 +139,7 @@ func resourceComputeTargetSslProxyCreate(d *schema.ResourceData, meta interface{
|
||||
"proxyHeader": proxyHeaderProp,
|
||||
"service": serviceProp,
|
||||
"sslCertificates": sslCertificatesProp,
|
||||
"sslPolicy": sslPolicyProp,
|
||||
}
|
||||
|
||||
url, err := replaceVars(d, config, "https://www.googleapis.com/compute/v1/projects/{{project}}/global/targetSslProxies")
|
||||
@ -210,6 +220,9 @@ func resourceComputeTargetSslProxyRead(d *schema.ResourceData, meta interface{})
|
||||
if err := d.Set("ssl_certificates", flattenComputeTargetSslProxySslCertificates(res["sslCertificates"])); err != nil {
|
||||
return fmt.Errorf("Error reading TargetSslProxy: %s", err)
|
||||
}
|
||||
if err := d.Set("ssl_policy", flattenComputeTargetSslProxySslPolicy(res["sslPolicy"])); err != nil {
|
||||
return fmt.Errorf("Error reading TargetSslProxy: %s", err)
|
||||
}
|
||||
if err := d.Set("self_link", res["selfLink"]); err != nil {
|
||||
return fmt.Errorf("Error reading TargetSslProxy: %s", err)
|
||||
}
|
||||
@ -334,6 +347,39 @@ func resourceComputeTargetSslProxyUpdate(d *schema.ResourceData, meta interface{
|
||||
|
||||
d.SetPartial("ssl_certificates")
|
||||
}
|
||||
if d.HasChange("ssl_policy") {
|
||||
sslPolicyProp, err := expandComputeTargetSslProxySslPolicy(d.Get("ssl_policy"), d, config)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
obj = map[string]interface{}{
|
||||
"sslPolicy": sslPolicyProp,
|
||||
}
|
||||
url, err = replaceVars(d, config, "https://www.googleapis.com/compute/v1/projects/{{project}}/global/targetSslProxies/{{name}}/setSslPolicy")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
res, err = sendRequest(config, "POST", url, obj)
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error updating TargetSslProxy %q: %s", d.Id(), err)
|
||||
}
|
||||
|
||||
err = Convert(res, op)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
err = computeOperationWaitTime(
|
||||
config.clientCompute, op, project, "Updating TargetSslProxy",
|
||||
int(d.Timeout(schema.TimeoutUpdate).Minutes()))
|
||||
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
d.SetPartial("ssl_policy")
|
||||
}
|
||||
|
||||
d.Partial(false)
|
||||
|
||||
@ -425,6 +471,10 @@ func flattenComputeTargetSslProxySslCertificates(v interface{}) interface{} {
|
||||
return v
|
||||
}
|
||||
|
||||
func flattenComputeTargetSslProxySslPolicy(v interface{}) interface{} {
|
||||
return v
|
||||
}
|
||||
|
||||
func expandComputeTargetSslProxyDescription(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) {
|
||||
return v, nil
|
||||
}
|
||||
@ -457,3 +507,11 @@ func expandComputeTargetSslProxySslCertificates(v interface{}, d *schema.Resourc
|
||||
}
|
||||
return req, nil
|
||||
}
|
||||
|
||||
func expandComputeTargetSslProxySslPolicy(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) {
|
||||
f, err := parseGlobalFieldValue("sslPolicies", v.(string), "project", d, config, true)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("Invalid value for ssl_policy: %s", err)
|
||||
}
|
||||
return f.RelativeLink(), nil
|
||||
}
|
||||
|
@ -11,6 +11,7 @@ import (
|
||||
|
||||
func TestAccComputeTargetSslProxy_basic(t *testing.T) {
|
||||
target := fmt.Sprintf("tssl-test-%s", acctest.RandString(10))
|
||||
sslPolicy := fmt.Sprintf("tssl-test-%s", acctest.RandString(10))
|
||||
cert := fmt.Sprintf("tssl-test-%s", acctest.RandString(10))
|
||||
backend := fmt.Sprintf("tssl-test-%s", acctest.RandString(10))
|
||||
hc := fmt.Sprintf("tssl-test-%s", acctest.RandString(10))
|
||||
@ -21,7 +22,7 @@ func TestAccComputeTargetSslProxy_basic(t *testing.T) {
|
||||
CheckDestroy: testAccCheckComputeTargetSslProxyDestroy,
|
||||
Steps: []resource.TestStep{
|
||||
resource.TestStep{
|
||||
Config: testAccComputeTargetSslProxy_basic1(target, cert, backend, hc),
|
||||
Config: testAccComputeTargetSslProxy_basic1(target, sslPolicy, cert, backend, hc),
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckComputeTargetSslProxy(
|
||||
"google_compute_target_ssl_proxy.foobar", "NONE", cert),
|
||||
@ -38,6 +39,7 @@ func TestAccComputeTargetSslProxy_basic(t *testing.T) {
|
||||
|
||||
func TestAccComputeTargetSslProxy_update(t *testing.T) {
|
||||
target := fmt.Sprintf("tssl-test-%s", acctest.RandString(10))
|
||||
sslPolicy := fmt.Sprintf("tssl-test-%s", acctest.RandString(10))
|
||||
cert1 := fmt.Sprintf("tssl-test-%s", acctest.RandString(10))
|
||||
cert2 := fmt.Sprintf("tssl-test-%s", acctest.RandString(10))
|
||||
backend1 := fmt.Sprintf("tssl-test-%s", acctest.RandString(10))
|
||||
@ -50,14 +52,14 @@ func TestAccComputeTargetSslProxy_update(t *testing.T) {
|
||||
CheckDestroy: testAccCheckComputeTargetSslProxyDestroy,
|
||||
Steps: []resource.TestStep{
|
||||
resource.TestStep{
|
||||
Config: testAccComputeTargetSslProxy_basic1(target, cert1, backend1, hc),
|
||||
Config: testAccComputeTargetSslProxy_basic1(target, sslPolicy, cert1, backend1, hc),
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckComputeTargetSslProxy(
|
||||
"google_compute_target_ssl_proxy.foobar", "NONE", cert1),
|
||||
),
|
||||
},
|
||||
resource.TestStep{
|
||||
Config: testAccComputeTargetSslProxy_basic2(target, cert1, cert2, backend1, backend2, hc),
|
||||
Config: testAccComputeTargetSslProxy_basic2(target, sslPolicy, cert1, cert2, backend1, backend2, hc),
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckComputeTargetSslProxy(
|
||||
"google_compute_target_ssl_proxy.foobar", "PROXY_V1", cert2),
|
||||
@ -121,7 +123,7 @@ func testAccCheckComputeTargetSslProxy(n, proxyHeader, sslCert string) resource.
|
||||
}
|
||||
}
|
||||
|
||||
func testAccComputeTargetSslProxy_basic1(target, sslCert, backend, hc string) string {
|
||||
func testAccComputeTargetSslProxy_basic1(target, sslPolicy, sslCert, backend, hc string) string {
|
||||
return fmt.Sprintf(`
|
||||
resource "google_compute_target_ssl_proxy" "foobar" {
|
||||
description = "Resource created for Terraform acceptance testing"
|
||||
@ -129,6 +131,14 @@ resource "google_compute_target_ssl_proxy" "foobar" {
|
||||
backend_service = "${google_compute_backend_service.foo.self_link}"
|
||||
ssl_certificates = ["${google_compute_ssl_certificate.foo.self_link}"]
|
||||
proxy_header = "NONE"
|
||||
ssl_policy = "${google_compute_ssl_policy.foo.self_link}"
|
||||
}
|
||||
|
||||
resource "google_compute_ssl_policy" "foo" {
|
||||
name = "%s"
|
||||
description = "Resource created for Terraform acceptance testing"
|
||||
min_tls_version = "TLS_1_2"
|
||||
profile = "MODERN"
|
||||
}
|
||||
|
||||
resource "google_compute_ssl_certificate" "foo" {
|
||||
@ -151,10 +161,10 @@ resource "google_compute_health_check" "zero" {
|
||||
port = "443"
|
||||
}
|
||||
}
|
||||
`, target, sslCert, backend, hc)
|
||||
`, target, sslPolicy, sslCert, backend, hc)
|
||||
}
|
||||
|
||||
func testAccComputeTargetSslProxy_basic2(target, sslCert1, sslCert2, backend1, backend2, hc string) string {
|
||||
func testAccComputeTargetSslProxy_basic2(target, sslPolicy, sslCert1, sslCert2, backend1, backend2, hc string) string {
|
||||
return fmt.Sprintf(`
|
||||
resource "google_compute_target_ssl_proxy" "foobar" {
|
||||
description = "Resource created for Terraform acceptance testing"
|
||||
@ -164,6 +174,13 @@ resource "google_compute_target_ssl_proxy" "foobar" {
|
||||
proxy_header = "PROXY_V1"
|
||||
}
|
||||
|
||||
resource "google_compute_ssl_policy" "foo" {
|
||||
name = "%s"
|
||||
description = "Resource created for Terraform acceptance testing"
|
||||
min_tls_version = "TLS_1_2"
|
||||
profile = "MODERN"
|
||||
}
|
||||
|
||||
resource "google_compute_ssl_certificate" "foo" {
|
||||
name = "%s"
|
||||
private_key = "${file("test-fixtures/ssl_cert/test.key")}"
|
||||
@ -196,5 +213,5 @@ resource "google_compute_health_check" "zero" {
|
||||
port = "443"
|
||||
}
|
||||
}
|
||||
`, target, sslCert1, sslCert2, backend1, backend2, hc)
|
||||
`, target, sslPolicy, sslCert1, sslCert2, backend1, backend2, hc)
|
||||
}
|
||||
|
@ -96,6 +96,11 @@ The following arguments are supported:
|
||||
(Optional)
|
||||
Specifies the type of proxy header to append before sending data to
|
||||
the backend, either NONE or PROXY_V1. The default is NONE.
|
||||
* `ssl_policy` -
|
||||
(Optional)
|
||||
A reference to the SslPolicy resource that will be associated with
|
||||
the TargetSslProxy resource. If not set, the TargetSslProxy
|
||||
resource will not have any SSL policy configured.
|
||||
* `project` (Optional) The ID of the project in which the resource belongs.
|
||||
If it is not provided, the provider project is used.
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user