mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-06-29 06:42:36 +00:00
New resource/datasource: SSL Policy (#1247)
* Add SSL Policy to provider * Add resource for SSL Policy * Add SSL Policy data source * Add tests for SSL Policy resource * Add documentation for SSL Policy resource * Add SSL Policy datasource docs * Add test for SSL Policy datasource * Update SSL Policy datasource docs * Make full update for SSL Policy resource * SSL Policy resource test multi-attrib update * Clean up SSL Policy datasource * Set-ify custom_features in SSL Policy resource * Document description ForceNew rationale * Remove refs to TLS_1_3 * Update docs: plural -> singular * Remove extraneous attrs from datasource * Fix update logic for custom_features and add enabled_features * Update docs to include enabled_features * Add test for updating to/from custom_features * Add TLS 1.3 bug link * Add import between multi-step test configs * Move Profile and minTlsVersion back into sslPolicy struct
This commit is contained in:
parent
a608554a0b
commit
72efdb1d92
29
google/data_source_google_compute_ssl_policy.go
Normal file
29
google/data_source_google_compute_ssl_policy.go
Normal file
|
@ -0,0 +1,29 @@
|
|||
package google
|
||||
|
||||
import (
|
||||
"github.com/hashicorp/terraform/helper/schema"
|
||||
)
|
||||
|
||||
func dataSourceGoogleComputeSslPolicy() *schema.Resource {
|
||||
// Generate datasource schema from resource
|
||||
dsSchema := datasourceSchemaFromResourceSchema(resourceComputeSslPolicy().Schema)
|
||||
|
||||
// Set 'Required' schema elements
|
||||
addRequiredFieldsToSchema(dsSchema, "name")
|
||||
|
||||
// Set 'Optional' schema elements
|
||||
addOptionalFieldsToSchema(dsSchema, "project")
|
||||
|
||||
return &schema.Resource{
|
||||
Read: datasourceComputeSslPolicyRead,
|
||||
Schema: dsSchema,
|
||||
}
|
||||
}
|
||||
|
||||
func datasourceComputeSslPolicyRead(d *schema.ResourceData, meta interface{}) error {
|
||||
policyName := d.Get("name").(string)
|
||||
|
||||
d.SetId(policyName)
|
||||
|
||||
return resourceComputeSslPolicyRead(d, meta)
|
||||
}
|
83
google/data_source_google_compute_ssl_policy_test.go
Normal file
83
google/data_source_google_compute_ssl_policy_test.go
Normal file
|
@ -0,0 +1,83 @@
|
|||
package google
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"testing"
|
||||
|
||||
"github.com/hashicorp/terraform/helper/acctest"
|
||||
"github.com/hashicorp/terraform/helper/resource"
|
||||
"github.com/hashicorp/terraform/terraform"
|
||||
)
|
||||
|
||||
func TestAccDataSourceGoogleSslPolicy(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
resource.Test(t, resource.TestCase{
|
||||
PreCheck: func() { testAccPreCheck(t) },
|
||||
Providers: testAccProviders,
|
||||
Steps: []resource.TestStep{
|
||||
resource.TestStep{
|
||||
Config: testAccDataSourceGoogleSslPolicy(),
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccDataSourceGoogleSslPolicyCheck("data.google_compute_ssl_policy.ssl_policy", "google_compute_ssl_policy.foobar"),
|
||||
),
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func testAccDataSourceGoogleSslPolicyCheck(data_source_name string, resource_name string) resource.TestCheckFunc {
|
||||
return func(s *terraform.State) error {
|
||||
ds, ok := s.RootModule().Resources[data_source_name]
|
||||
if !ok {
|
||||
return fmt.Errorf("root module has no resource called %s", data_source_name)
|
||||
}
|
||||
|
||||
rs, ok := s.RootModule().Resources[resource_name]
|
||||
if !ok {
|
||||
return fmt.Errorf("can't find %s in state", resource_name)
|
||||
}
|
||||
|
||||
ds_attr := ds.Primary.Attributes
|
||||
rs_attr := rs.Primary.Attributes
|
||||
|
||||
ssl_policy_attrs_to_test := []string{
|
||||
"id",
|
||||
"self_link",
|
||||
"name",
|
||||
"description",
|
||||
"min_tls_version",
|
||||
"profile",
|
||||
"custom_features",
|
||||
}
|
||||
|
||||
for _, attr_to_check := range ssl_policy_attrs_to_test {
|
||||
if ds_attr[attr_to_check] != rs_attr[attr_to_check] {
|
||||
return fmt.Errorf(
|
||||
"%s is %s; want %s",
|
||||
attr_to_check,
|
||||
ds_attr[attr_to_check],
|
||||
rs_attr[attr_to_check],
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
func testAccDataSourceGoogleSslPolicy() string {
|
||||
return fmt.Sprintf(`
|
||||
|
||||
resource "google_compute_ssl_policy" "foobar" {
|
||||
name = "%s"
|
||||
description = "my-description"
|
||||
min_tls_version = "TLS_1_2"
|
||||
profile = "MODERN"
|
||||
}
|
||||
|
||||
data "google_compute_ssl_policy" "ssl_policy" {
|
||||
name = "${google_compute_ssl_policy.foobar.name}"
|
||||
}
|
||||
`, acctest.RandomWithPrefix("test-ssl-policy"))
|
||||
}
|
|
@ -78,6 +78,7 @@ func Provider() terraform.ResourceProvider {
|
|||
"google_compute_region_instance_group": dataSourceGoogleComputeRegionInstanceGroup(),
|
||||
"google_compute_vpn_gateway": dataSourceGoogleComputeVpnGateway(),
|
||||
"google_compute_forwarding_rule": dataSourceGoogleComputeForwardingRule(),
|
||||
"google_compute_ssl_policy": dataSourceGoogleComputeSslPolicy(),
|
||||
"google_container_cluster": dataSourceGoogleContainerCluster(),
|
||||
"google_container_engine_versions": dataSourceGoogleContainerEngineVersions(),
|
||||
"google_container_registry_repository": dataSourceGoogleContainerRepo(),
|
||||
|
@ -130,6 +131,7 @@ func Provider() terraform.ResourceProvider {
|
|||
"google_compute_shared_vpc_host_project": resourceComputeSharedVpcHostProject(),
|
||||
"google_compute_shared_vpc_service_project": resourceComputeSharedVpcServiceProject(),
|
||||
"google_compute_ssl_certificate": resourceComputeSslCertificate(),
|
||||
"google_compute_ssl_policy": resourceComputeSslPolicy(),
|
||||
"google_compute_subnetwork": resourceComputeSubnetwork(),
|
||||
"google_compute_target_http_proxy": resourceComputeTargetHttpProxy(),
|
||||
"google_compute_target_https_proxy": resourceComputeTargetHttpsProxy(),
|
||||
|
|
239
google/resource_compute_ssl_policy.go
Normal file
239
google/resource_compute_ssl_policy.go
Normal file
|
@ -0,0 +1,239 @@
|
|||
package google
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
"github.com/hashicorp/terraform/helper/schema"
|
||||
"github.com/hashicorp/terraform/helper/validation"
|
||||
computeBeta "google.golang.org/api/compute/v0.beta"
|
||||
)
|
||||
|
||||
func resourceComputeSslPolicy() *schema.Resource {
|
||||
return &schema.Resource{
|
||||
Create: resourceComputeSslPolicyCreate,
|
||||
Read: resourceComputeSslPolicyRead,
|
||||
Update: resourceComputeSslPolicyUpdate,
|
||||
Delete: resourceComputeSslPolicyDelete,
|
||||
|
||||
Importer: &schema.ResourceImporter{
|
||||
State: schema.ImportStatePassthrough,
|
||||
},
|
||||
|
||||
Timeouts: &schema.ResourceTimeout{
|
||||
Create: schema.DefaultTimeout(2 * time.Minute),
|
||||
Update: schema.DefaultTimeout(2 * time.Minute),
|
||||
Delete: schema.DefaultTimeout(2 * time.Minute),
|
||||
},
|
||||
|
||||
Schema: map[string]*schema.Schema{
|
||||
|
||||
"name": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Required: true,
|
||||
ForceNew: true,
|
||||
},
|
||||
|
||||
"custom_features": &schema.Schema{
|
||||
Type: schema.TypeSet,
|
||||
Optional: true,
|
||||
Elem: &schema.Schema{Type: schema.TypeString},
|
||||
Set: schema.HashString,
|
||||
},
|
||||
|
||||
"description": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
ForceNew: true, // currently, the beta patch API call does not allow updating the description
|
||||
},
|
||||
|
||||
"min_tls_version": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
Default: "TLS_1_0",
|
||||
// Although compute-gen.go says that TLS_1_3 is a valid value, the API currently (26 Mar 2018)
|
||||
// responds with an HTTP 200 but doesn't actually create/update the policy. Open bug for this:
|
||||
// https://issuetracker.google.com/issues/76433946
|
||||
ValidateFunc: validation.StringInSlice([]string{"TLS_1_0", "TLS_1_1", "TLS_1_2"}, false),
|
||||
},
|
||||
|
||||
"profile": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
Default: "COMPATIBLE",
|
||||
ValidateFunc: validation.StringInSlice([]string{"COMPATIBLE", "MODERN", "RESTRICTED", "CUSTOM"}, false),
|
||||
},
|
||||
|
||||
"project": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Optional: true,
|
||||
Computed: true,
|
||||
ForceNew: true,
|
||||
},
|
||||
|
||||
"enabled_features": &schema.Schema{
|
||||
Type: schema.TypeSet,
|
||||
Computed: true,
|
||||
Elem: &schema.Schema{Type: schema.TypeString},
|
||||
Set: schema.HashString,
|
||||
},
|
||||
|
||||
"fingerprint": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Computed: true,
|
||||
},
|
||||
|
||||
"self_link": &schema.Schema{
|
||||
Type: schema.TypeString,
|
||||
Computed: true,
|
||||
},
|
||||
},
|
||||
|
||||
CustomizeDiff: func(diff *schema.ResourceDiff, v interface{}) error {
|
||||
profile := diff.Get("profile")
|
||||
customFeaturesCount := diff.Get("custom_features.#")
|
||||
|
||||
// Validate that policy configs aren't incompatible during all phases
|
||||
// CUSTOM profile demands non-zero custom_features, and other profiles (i.e., not CUSTOM) demand zero custom_features
|
||||
if diff.HasChange("profile") || diff.HasChange("custom_features") {
|
||||
if profile.(string) == "CUSTOM" {
|
||||
if customFeaturesCount.(int) == 0 {
|
||||
return fmt.Errorf("Error in SSL Policy %s: the profile is set to %s but no custom_features are set.", diff.Get("name"), profile.(string))
|
||||
}
|
||||
} else {
|
||||
if customFeaturesCount != 0 {
|
||||
return fmt.Errorf("Error in SSL Policy %s: the profile is set to %s but using custom_features requires the profile to be CUSTOM.", diff.Get("name"), profile.(string))
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
return nil
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func resourceComputeSslPolicyCreate(d *schema.ResourceData, meta interface{}) error {
|
||||
config := meta.(*Config)
|
||||
|
||||
project, err := getProject(d, config)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
sslPolicy := &computeBeta.SslPolicy{
|
||||
Name: d.Get("name").(string),
|
||||
Description: d.Get("description").(string),
|
||||
Profile: d.Get("profile").(string),
|
||||
MinTlsVersion: d.Get("min_tls_version").(string),
|
||||
CustomFeatures: convertStringSet(d.Get("custom_features").(*schema.Set)),
|
||||
}
|
||||
|
||||
op, err := config.clientComputeBeta.SslPolicies.Insert(project, sslPolicy).Do()
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error creating SSL Policy: %s", err)
|
||||
}
|
||||
|
||||
d.SetId(sslPolicy.Name)
|
||||
|
||||
err = computeSharedOperationWaitTime(config.clientCompute, op, project, int(d.Timeout(schema.TimeoutCreate).Minutes()), "Creating SSL Policy")
|
||||
if err != nil {
|
||||
d.SetId("") // if insert fails, remove from state
|
||||
return err
|
||||
}
|
||||
|
||||
return resourceComputeSslPolicyRead(d, meta)
|
||||
}
|
||||
|
||||
func resourceComputeSslPolicyRead(d *schema.ResourceData, meta interface{}) error {
|
||||
config := meta.(*Config)
|
||||
|
||||
project, err := getProject(d, config)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
name := d.Id()
|
||||
|
||||
sslPolicy, err := config.clientComputeBeta.SslPolicies.Get(project, name).Do()
|
||||
if err != nil {
|
||||
return handleNotFoundError(err, d, fmt.Sprintf("SSL Policy %q", name))
|
||||
}
|
||||
|
||||
d.Set("name", sslPolicy.Name)
|
||||
d.Set("description", sslPolicy.Description)
|
||||
d.Set("min_tls_version", sslPolicy.MinTlsVersion)
|
||||
d.Set("profile", sslPolicy.Profile)
|
||||
d.Set("fingerprint", sslPolicy.Fingerprint)
|
||||
d.Set("project", project)
|
||||
d.Set("self_link", ConvertSelfLinkToV1(sslPolicy.SelfLink))
|
||||
d.Set("enabled_features", convertStringArrToInterface(sslPolicy.EnabledFeatures))
|
||||
d.Set("custom_features", convertStringArrToInterface(sslPolicy.CustomFeatures))
|
||||
|
||||
d.SetId(sslPolicy.Name)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func resourceComputeSslPolicyUpdate(d *schema.ResourceData, meta interface{}) error {
|
||||
|
||||
config := meta.(*Config)
|
||||
|
||||
project, err := getProject(d, config)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
name := d.Get("name").(string)
|
||||
|
||||
sslPolicy := &computeBeta.SslPolicy{
|
||||
Fingerprint: d.Get("fingerprint").(string),
|
||||
Profile: d.Get("profile").(string),
|
||||
MinTlsVersion: d.Get("min_tls_version").(string),
|
||||
}
|
||||
|
||||
if v, ok := d.Get("custom_features").(*schema.Set); ok {
|
||||
if v.Len() > 0 {
|
||||
sslPolicy.CustomFeatures = convertStringSet(v)
|
||||
} else {
|
||||
sslPolicy.NullFields = append(sslPolicy.NullFields, "CustomFeatures")
|
||||
}
|
||||
}
|
||||
|
||||
op, err := config.clientComputeBeta.SslPolicies.Patch(project, name, sslPolicy).Do()
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error updating SSL Policy: %s", err)
|
||||
}
|
||||
|
||||
err = computeSharedOperationWaitTime(config.clientCompute, op, project, int(d.Timeout(schema.TimeoutUpdate).Minutes()), "Updating SSL Policy")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return resourceComputeSslPolicyRead(d, meta)
|
||||
}
|
||||
|
||||
func resourceComputeSslPolicyDelete(d *schema.ResourceData, meta interface{}) error {
|
||||
|
||||
config := meta.(*Config)
|
||||
|
||||
project, err := getProject(d, config)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
name := d.Get("name").(string)
|
||||
|
||||
op, err := config.clientComputeBeta.SslPolicies.Delete(project, name).Do()
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error deleting SSL Policy: %s", err)
|
||||
}
|
||||
|
||||
err = computeSharedOperationWaitTime(config.clientCompute, op, project, int(d.Timeout(schema.TimeoutDelete).Minutes()), "Deleting Subnetwork")
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
d.SetId("")
|
||||
|
||||
return nil
|
||||
}
|
402
google/resource_compute_ssl_policy_test.go
Normal file
402
google/resource_compute_ssl_policy_test.go
Normal file
|
@ -0,0 +1,402 @@
|
|||
package google
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"testing"
|
||||
|
||||
"github.com/hashicorp/terraform/helper/acctest"
|
||||
"github.com/hashicorp/terraform/helper/resource"
|
||||
"github.com/hashicorp/terraform/terraform"
|
||||
computeBeta "google.golang.org/api/compute/v0.beta"
|
||||
)
|
||||
|
||||
func TestAccComputeSslPolicy_basic(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
var sslPolicy computeBeta.SslPolicy
|
||||
sslPolicyName := fmt.Sprintf("test-ssl-policy-%s", acctest.RandString(10))
|
||||
|
||||
resource.Test(t, resource.TestCase{
|
||||
PreCheck: func() { testAccPreCheck(t) },
|
||||
Providers: testAccProviders,
|
||||
CheckDestroy: testAccCheckComputeSslPolicyDestroy,
|
||||
Steps: []resource.TestStep{
|
||||
resource.TestStep{
|
||||
Config: testAccComputeSslPolicyBasic(sslPolicyName),
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckComputeSslPolicyExists(
|
||||
"google_compute_ssl_policy.basic", &sslPolicy),
|
||||
// test attribute default values
|
||||
resource.TestCheckResourceAttr(
|
||||
"google_compute_ssl_policy.basic", "profile", "COMPATIBLE"),
|
||||
resource.TestCheckResourceAttr(
|
||||
"google_compute_ssl_policy.basic", "min_tls_version", "TLS_1_0"),
|
||||
),
|
||||
},
|
||||
resource.TestStep{
|
||||
ResourceName: "google_compute_ssl_policy.basic",
|
||||
ImportState: true,
|
||||
ImportStateVerify: true,
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func TestAccComputeSslPolicy_profile(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
var sslPolicy computeBeta.SslPolicy
|
||||
sslPolicyName := fmt.Sprintf("test-ssl-policy-%s", acctest.RandString(10))
|
||||
|
||||
resource.Test(t, resource.TestCase{
|
||||
PreCheck: func() { testAccPreCheck(t) },
|
||||
Providers: testAccProviders,
|
||||
CheckDestroy: testAccCheckComputeSslPolicyDestroy,
|
||||
Steps: []resource.TestStep{
|
||||
resource.TestStep{
|
||||
Config: testAccComputeSslPolicyProfile(sslPolicyName),
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckComputeSslPolicyExists(
|
||||
"google_compute_ssl_policy.profile", &sslPolicy),
|
||||
resource.TestCheckResourceAttr(
|
||||
"google_compute_ssl_policy.profile", "profile", "MODERN"),
|
||||
),
|
||||
},
|
||||
resource.TestStep{
|
||||
ResourceName: "google_compute_ssl_policy.profile",
|
||||
ImportState: true,
|
||||
ImportStateVerify: true,
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func TestAccComputeSslPolicy_update(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
var sslPolicy computeBeta.SslPolicy
|
||||
sslPolicyName := fmt.Sprintf("test-ssl-policy-%s", acctest.RandString(10))
|
||||
|
||||
resource.Test(t, resource.TestCase{
|
||||
PreCheck: func() { testAccPreCheck(t) },
|
||||
Providers: testAccProviders,
|
||||
CheckDestroy: testAccCheckComputeSslPolicyDestroy,
|
||||
Steps: []resource.TestStep{
|
||||
resource.TestStep{
|
||||
Config: testAccComputeSslUpdate1(sslPolicyName),
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckComputeSslPolicyExists(
|
||||
"google_compute_ssl_policy.update", &sslPolicy),
|
||||
resource.TestCheckResourceAttr(
|
||||
"google_compute_ssl_policy.update", "profile", "MODERN"),
|
||||
resource.TestCheckResourceAttr(
|
||||
"google_compute_ssl_policy.update", "min_tls_version", "TLS_1_0"),
|
||||
),
|
||||
},
|
||||
resource.TestStep{
|
||||
ResourceName: "google_compute_ssl_policy.update",
|
||||
ImportState: true,
|
||||
ImportStateVerify: true,
|
||||
},
|
||||
resource.TestStep{
|
||||
Config: testAccComputeSslUpdate2(sslPolicyName),
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckComputeSslPolicyExists(
|
||||
"google_compute_ssl_policy.update", &sslPolicy),
|
||||
resource.TestCheckResourceAttr(
|
||||
"google_compute_ssl_policy.update", "profile", "RESTRICTED"),
|
||||
resource.TestCheckResourceAttr(
|
||||
"google_compute_ssl_policy.update", "min_tls_version", "TLS_1_2"),
|
||||
),
|
||||
},
|
||||
resource.TestStep{
|
||||
ResourceName: "google_compute_ssl_policy.update",
|
||||
ImportState: true,
|
||||
ImportStateVerify: true,
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func TestAccComputeSslPolicy_tls_version(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
var sslPolicy computeBeta.SslPolicy
|
||||
sslPolicyName := fmt.Sprintf("test-ssl-policy-%s", acctest.RandString(10))
|
||||
|
||||
resource.Test(t, resource.TestCase{
|
||||
PreCheck: func() { testAccPreCheck(t) },
|
||||
Providers: testAccProviders,
|
||||
CheckDestroy: testAccCheckComputeSslPolicyDestroy,
|
||||
Steps: []resource.TestStep{
|
||||
resource.TestStep{
|
||||
Config: testAccComputeSslPolicyTlsVersion(sslPolicyName),
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckComputeSslPolicyExists(
|
||||
"google_compute_ssl_policy.tlsversion", &sslPolicy),
|
||||
resource.TestCheckResourceAttr(
|
||||
"google_compute_ssl_policy.tlsversion", "min_tls_version", "TLS_1_2"),
|
||||
),
|
||||
},
|
||||
resource.TestStep{
|
||||
ResourceName: "google_compute_ssl_policy.tlsversion",
|
||||
ImportState: true,
|
||||
ImportStateVerify: true,
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func TestAccComputeSslPolicy_custom(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
var sslPolicy computeBeta.SslPolicy
|
||||
sslPolicyName := fmt.Sprintf("test-ssl-policy-%s", acctest.RandString(10))
|
||||
|
||||
resource.Test(t, resource.TestCase{
|
||||
PreCheck: func() { testAccPreCheck(t) },
|
||||
Providers: testAccProviders,
|
||||
CheckDestroy: testAccCheckComputeSslPolicyDestroy,
|
||||
Steps: []resource.TestStep{
|
||||
resource.TestStep{
|
||||
Config: testAccComputeSslPolicyCustom(sslPolicyName),
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckComputeSslPolicyExists(
|
||||
"google_compute_ssl_policy.custom", &sslPolicy),
|
||||
resource.TestCheckResourceAttr(
|
||||
"google_compute_ssl_policy.custom", "min_tls_version", "TLS_1_2"),
|
||||
resource.TestCheckResourceAttr(
|
||||
"google_compute_ssl_policy.custom", "profile", "CUSTOM"),
|
||||
),
|
||||
},
|
||||
resource.TestStep{
|
||||
ResourceName: "google_compute_ssl_policy.custom",
|
||||
ImportState: true,
|
||||
ImportStateVerify: true,
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func TestAccComputeSslPolicy_update_to_custom(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
var sslPolicy computeBeta.SslPolicy
|
||||
sslPolicyName := fmt.Sprintf("test-ssl-policy-%s", acctest.RandString(10))
|
||||
|
||||
resource.Test(t, resource.TestCase{
|
||||
PreCheck: func() { testAccPreCheck(t) },
|
||||
Providers: testAccProviders,
|
||||
CheckDestroy: testAccCheckComputeSslPolicyDestroy,
|
||||
Steps: []resource.TestStep{
|
||||
resource.TestStep{
|
||||
Config: testAccComputeSslUpdate1(sslPolicyName),
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckComputeSslPolicyExists(
|
||||
"google_compute_ssl_policy.update", &sslPolicy),
|
||||
resource.TestCheckResourceAttr(
|
||||
"google_compute_ssl_policy.update", "profile", "MODERN"),
|
||||
resource.TestCheckResourceAttr(
|
||||
"google_compute_ssl_policy.update", "min_tls_version", "TLS_1_0"),
|
||||
),
|
||||
},
|
||||
resource.TestStep{
|
||||
ResourceName: "google_compute_ssl_policy.update",
|
||||
ImportState: true,
|
||||
ImportStateVerify: true,
|
||||
},
|
||||
resource.TestStep{
|
||||
Config: testAccComputeSslUpdate3(sslPolicyName),
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckComputeSslPolicyExists(
|
||||
"google_compute_ssl_policy.update", &sslPolicy),
|
||||
resource.TestCheckResourceAttr(
|
||||
"google_compute_ssl_policy.update", "profile", "CUSTOM"),
|
||||
resource.TestCheckResourceAttr(
|
||||
"google_compute_ssl_policy.update", "min_tls_version", "TLS_1_1"),
|
||||
),
|
||||
},
|
||||
resource.TestStep{
|
||||
ResourceName: "google_compute_ssl_policy.update",
|
||||
ImportState: true,
|
||||
ImportStateVerify: true,
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func TestAccComputeSslPolicy_update_from_custom(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
var sslPolicy computeBeta.SslPolicy
|
||||
sslPolicyName := fmt.Sprintf("test-ssl-policy-%s", acctest.RandString(10))
|
||||
|
||||
resource.Test(t, resource.TestCase{
|
||||
PreCheck: func() { testAccPreCheck(t) },
|
||||
Providers: testAccProviders,
|
||||
CheckDestroy: testAccCheckComputeSslPolicyDestroy,
|
||||
Steps: []resource.TestStep{
|
||||
resource.TestStep{
|
||||
Config: testAccComputeSslUpdate3(sslPolicyName),
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckComputeSslPolicyExists(
|
||||
"google_compute_ssl_policy.update", &sslPolicy),
|
||||
resource.TestCheckResourceAttr(
|
||||
"google_compute_ssl_policy.update", "profile", "CUSTOM"),
|
||||
resource.TestCheckResourceAttr(
|
||||
"google_compute_ssl_policy.update", "min_tls_version", "TLS_1_1"),
|
||||
),
|
||||
},
|
||||
resource.TestStep{
|
||||
ResourceName: "google_compute_ssl_policy.update",
|
||||
ImportState: true,
|
||||
ImportStateVerify: true,
|
||||
},
|
||||
resource.TestStep{
|
||||
Config: testAccComputeSslUpdate1(sslPolicyName),
|
||||
Check: resource.ComposeTestCheckFunc(
|
||||
testAccCheckComputeSslPolicyExists(
|
||||
"google_compute_ssl_policy.update", &sslPolicy),
|
||||
resource.TestCheckResourceAttr(
|
||||
"google_compute_ssl_policy.update", "profile", "MODERN"),
|
||||
resource.TestCheckResourceAttr(
|
||||
"google_compute_ssl_policy.update", "min_tls_version", "TLS_1_0"),
|
||||
),
|
||||
},
|
||||
resource.TestStep{
|
||||
ResourceName: "google_compute_ssl_policy.update",
|
||||
ImportState: true,
|
||||
ImportStateVerify: true,
|
||||
},
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func testAccCheckComputeSslPolicyExists(n string, sslPolicy *computeBeta.SslPolicy) resource.TestCheckFunc {
|
||||
return func(s *terraform.State) error {
|
||||
rs, ok := s.RootModule().Resources[n]
|
||||
if !ok {
|
||||
return fmt.Errorf("Not found: %s", n)
|
||||
}
|
||||
|
||||
if rs.Primary.ID == "" {
|
||||
return fmt.Errorf("No ID is set")
|
||||
}
|
||||
|
||||
config := testAccProvider.Meta().(*Config)
|
||||
|
||||
project, err := getTestProject(rs.Primary, config)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
name := rs.Primary.Attributes["name"]
|
||||
|
||||
found, err := config.clientComputeBeta.SslPolicies.Get(
|
||||
project, name).Do()
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error Reading SSL Policy %s: %s", name, err)
|
||||
}
|
||||
|
||||
if found.Name != rs.Primary.ID {
|
||||
return fmt.Errorf("SSL Policy not found")
|
||||
}
|
||||
|
||||
*sslPolicy = *found
|
||||
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
func testAccCheckComputeSslPolicyDestroy(s *terraform.State) error {
|
||||
config := testAccProvider.Meta().(*Config)
|
||||
|
||||
for _, rs := range s.RootModule().Resources {
|
||||
if rs.Type != "google_compute_ssl_policy" {
|
||||
continue
|
||||
}
|
||||
|
||||
_, err := config.clientComputeBeta.SslPolicies.Get(
|
||||
config.Project, rs.Primary.ID).Do()
|
||||
if err == nil {
|
||||
return fmt.Errorf("SSL Policy still exists")
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func testAccComputeSslPolicyBasic(resourceName string) string {
|
||||
return fmt.Sprintf(`
|
||||
resource "google_compute_ssl_policy" "basic" {
|
||||
name = "%s"
|
||||
description = "Generated by TF provider acceptance test"
|
||||
}
|
||||
`, resourceName)
|
||||
}
|
||||
|
||||
func testAccComputeSslPolicyProfile(resourceName string) string {
|
||||
return fmt.Sprintf(`
|
||||
resource "google_compute_ssl_policy" "profile" {
|
||||
name = "%s"
|
||||
description = "Generated by TF provider acceptance test"
|
||||
profile = "MODERN"
|
||||
}
|
||||
`, resourceName)
|
||||
}
|
||||
|
||||
func testAccComputeSslUpdate1(resourceName string) string {
|
||||
return fmt.Sprintf(`
|
||||
resource "google_compute_ssl_policy" "update" {
|
||||
name = "%s"
|
||||
description = "Generated by TF provider acceptance test"
|
||||
min_tls_version = "TLS_1_0"
|
||||
profile = "MODERN"
|
||||
}
|
||||
`, resourceName)
|
||||
}
|
||||
|
||||
func testAccComputeSslUpdate2(resourceName string) string {
|
||||
return fmt.Sprintf(`
|
||||
resource "google_compute_ssl_policy" "update" {
|
||||
name = "%s"
|
||||
description = "Generated by TF provider acceptance test"
|
||||
min_tls_version = "TLS_1_2"
|
||||
profile = "RESTRICTED"
|
||||
}
|
||||
`, resourceName)
|
||||
}
|
||||
|
||||
func testAccComputeSslUpdate3(resourceName string) string {
|
||||
return fmt.Sprintf(`
|
||||
resource "google_compute_ssl_policy" "update" {
|
||||
name = "%s"
|
||||
description = "Generated by TF provider acceptance test"
|
||||
min_tls_version = "TLS_1_1"
|
||||
profile = "CUSTOM"
|
||||
custom_features = ["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"]
|
||||
}
|
||||
`, resourceName)
|
||||
}
|
||||
|
||||
func testAccComputeSslPolicyTlsVersion(resourceName string) string {
|
||||
return fmt.Sprintf(`
|
||||
resource "google_compute_ssl_policy" "tlsversion" {
|
||||
name = "%s"
|
||||
description = "Generated by TF provider acceptance test"
|
||||
min_tls_version = "TLS_1_2"
|
||||
}
|
||||
`, resourceName)
|
||||
}
|
||||
|
||||
func testAccComputeSslPolicyCustom(resourceName string) string {
|
||||
return fmt.Sprintf(`
|
||||
resource "google_compute_ssl_policy" "custom" {
|
||||
name = "%s"
|
||||
description = "Generated by TF provider acceptance test"
|
||||
min_tls_version = "TLS_1_2"
|
||||
profile = "CUSTOM"
|
||||
custom_features = ["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"]
|
||||
}
|
||||
`, resourceName)
|
||||
}
|
51
website/docs/d/datasource_compute_ssl_policy.html.markdown
Normal file
51
website/docs/d/datasource_compute_ssl_policy.html.markdown
Normal file
|
@ -0,0 +1,51 @@
|
|||
---
|
||||
layout: "google"
|
||||
page_title: "Google: google_compute_ssl_policy"
|
||||
sidebar_current: "docs-google-datasource-compute-ssl-policy"
|
||||
description: |-
|
||||
Gets an SSL Policy within GCE, for use with Target HTTPS and Target SSL Proxies.
|
||||
---
|
||||
|
||||
# google\_compute\_ssl\_policy
|
||||
|
||||
Gets an SSL Policy within GCE from its name, for use with Target HTTPS and Target SSL Proxies.
|
||||
For more information see [the official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies).
|
||||
|
||||
## Example Usage
|
||||
|
||||
```tf
|
||||
data "google_compute_ssl_policy" "my-ssl-policy" {
|
||||
name = "production-ssl-policy"
|
||||
}
|
||||
```
|
||||
|
||||
## Argument Reference
|
||||
|
||||
The following arguments are supported:
|
||||
|
||||
* `name` - (Required) The name of the SSL Policy.
|
||||
|
||||
- - -
|
||||
|
||||
* `project` - (Optional) The ID of the project in which the resource belongs. If it
|
||||
is not provided, the provider project is used.
|
||||
|
||||
## Attributes Reference
|
||||
|
||||
In addition to the arguments listed above, the following attributes are exported:
|
||||
|
||||
* `enabled_features` - The set of enabled encryption ciphers as a result of the policy config
|
||||
|
||||
* `description` - Description of this SSL Policy.
|
||||
|
||||
* `min_tls_version` - The minimum supported TLS version of this policy.
|
||||
|
||||
* `profile` - The Google-curated or custom profile used by this policy.
|
||||
|
||||
* `custom_features` - If the `profile` is `CUSTOM`, these are the custom encryption
|
||||
ciphers supported by the profile. If the `profile` is *not* `CUSTOM`, this
|
||||
attribute will be empty.
|
||||
|
||||
* `fingerprint` - Fingerprint of this resource.
|
||||
|
||||
* `self_link` - The URI of the created resource.
|
84
website/docs/r/compute_ssl_policy.html.markdown
Normal file
84
website/docs/r/compute_ssl_policy.html.markdown
Normal file
|
@ -0,0 +1,84 @@
|
|||
---
|
||||
layout: "google"
|
||||
page_title: "Google: google_compute_ssl_policy"
|
||||
sidebar_current: "docs-google-compute-ssl-policy"
|
||||
description: |-
|
||||
Manages an SSL Policy within GCE, for use with Target HTTPS and Target SSL Proxies.
|
||||
---
|
||||
|
||||
# google\_compute\_ssl\_policy
|
||||
|
||||
Manages an SSL Policy within GCE, for use with Target HTTPS and Target SSL Proxies. For more information see
|
||||
[the official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies)
|
||||
and
|
||||
[API](https://cloud.google.com/compute/docs/reference/rest/beta/sslPolicies).
|
||||
|
||||
## Example Usage
|
||||
|
||||
```hcl
|
||||
resource "google_compute_ssl_policy" "prod-ssl-policy" {
|
||||
name = "production-ssl-policy"
|
||||
profile = "MODERN"
|
||||
}
|
||||
|
||||
resource "google_compute_ssl_policy" "nonprod-ssl-policy" {
|
||||
name = "nonprod-ssl-policy"
|
||||
profile = "MODERN"
|
||||
min_tls_version = "TLS_1_2"
|
||||
}
|
||||
|
||||
resource "google_compute_ssl_policy" "custom-ssl-policy" {
|
||||
name = "custom-ssl-policy"
|
||||
min_tls_version = "TLS_1_2"
|
||||
profile = "CUSTOM"
|
||||
custom_features = ["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"]
|
||||
}
|
||||
```
|
||||
|
||||
## Argument Reference
|
||||
|
||||
The following arguments are supported:
|
||||
|
||||
* `name` - (Required) A unique name for the resource, required by GCE.
|
||||
Changing this forces a new resource to be created.
|
||||
|
||||
- - -
|
||||
|
||||
* `description` - (Optional) Description of this subnetwork. Changing this forces a new resource to be created.
|
||||
|
||||
* `project` - (Optional) The ID of the project in which the resource belongs. If it
|
||||
is not provided, the provider project is used.
|
||||
|
||||
* `min_tls_version` - (Optional) The minimum TLS version to support. Must be one of `TLS_1_0`, `TLS_1_1`, or `TLS_1_2`.
|
||||
Default is `TLS_1_0`.
|
||||
|
||||
* `profile` - (Optional) The Google-curated SSL profile to use. Must be one of `COMPATIBLE`, `MODERN`,
|
||||
`RESTRICTED`, or `CUSTOM`. See the
|
||||
[official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)
|
||||
for information on what cipher suites each profile provides. If `CUSTOM` is used, the `custom_features` attribute
|
||||
**must be set**. Default is `COMPATIBLE`.
|
||||
|
||||
* `custom_features` - (Required with `CUSTOM` profile) The specific encryption ciphers to use. See the
|
||||
[official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)
|
||||
for which ciphers are available to use. **Note**: this argument *must* be present when using the `CUSTOM` profile.
|
||||
This argument *must not* be present when using any other profile.
|
||||
|
||||
## Attributes Reference
|
||||
|
||||
In addition to the arguments listed above, the following computed attributes are
|
||||
exported:
|
||||
|
||||
* `enabled_features` - The set of enabled encryption ciphers as a result of the policy config
|
||||
|
||||
* `fingerprint` - Fingerprint of this resource.
|
||||
|
||||
* `self_link` - The URI of the created resource.
|
||||
|
||||
## Import
|
||||
|
||||
SSL Policies can be imported using the GCP canonical `name` of the Policy. For example, an SSL Policy named `production-ssl-policy`
|
||||
would be imported by running:
|
||||
|
||||
```bash
|
||||
$ terraform import google_compute_ssl_policy.my-policy production-ssl-policy
|
||||
```
|
|
@ -44,6 +44,9 @@
|
|||
<li<%= sidebar_current("docs-google-datasource-project") %>>
|
||||
<a href="/docs/providers/google/d/google_project.html">google_project</a>
|
||||
</li>
|
||||
<li<%= sidebar_current("docs-google-datasource-compute-ssl-policy") %>>
|
||||
<a href="/docs/providers/google/d/datasource_compute_ssl_policy.html">google_compute_ssl_policy</a>
|
||||
</li>
|
||||
<li<%= sidebar_current("docs-google-datasource-compute-subnetwork") %>>
|
||||
<a href="/docs/providers/google/d/datasource_compute_subnetwork.html">google_compute_subnetwork</a>
|
||||
</li>
|
||||
|
@ -346,6 +349,10 @@
|
|||
<a href="/docs/providers/google/r/compute_ssl_certificate.html">google_compute_ssl_certificate</a>
|
||||
</li>
|
||||
|
||||
<li<%= sidebar_current("docs-google-compute-ssl-policy") %>>
|
||||
<a href="/docs/providers/google/r/compute_ssl_policy.html">google_compute_ssl_policy</a>
|
||||
</li>
|
||||
|
||||
<li<%= sidebar_current("docs-google-compute-subnetwork") %>>
|
||||
<a href="/docs/providers/google/r/compute_subnetwork.html">google_compute_subnetwork</a>
|
||||
</li>
|
||||
|
|
Loading…
Reference in New Issue
Block a user