Add support for ssl_policy to google_target_https_proxy (#1466)

2024-10-01 16:21:06 +00:00 · 2018-05-09 15:55:17 -07:00 · 2018-05-09 15:55:17 -07:00 · da0b6f9d48
commit da0b6f9d48
parent 560e180693
3 changed files with 78 additions and 2 deletions
--- a/google/resource_compute_target_https_proxy.go
+++ b/google/resource_compute_target_https_proxy.go
@ -65,6 +65,11 @@ func resourceComputeTargetHttpsProxy() *schema.Resource {
 				Optional: true,
 				ForceNew: true,
 			},
+			"ssl_policy": {
+				Type:             schema.TypeString,
+				Optional:         true,
+				DiffSuppressFunc: compareSelfLinkOrResourceName,
+			},
 			"creation_timestamp": {
 				Type:     schema.TypeString,
 				Computed: true,
@ -111,12 +116,17 @@ func resourceComputeTargetHttpsProxyCreate(d *schema.ResourceData, meta interfac
 	if err != nil {
 		return err
 	}
+	sslPolicyProp, err := expandComputeTargetHttpsProxySslPolicy(d.Get("ssl_policy"), d, config)
+	if err != nil {
+		return err
+	}

 	obj := map[string]interface{}{
 		"description":     descriptionProp,
 		"name":            nameProp,
 		"sslCertificates": sslCertificatesProp,
 		"urlMap":          urlMapProp,
+		"sslPolicy":       sslPolicyProp,
 	}

 	url, err := replaceVars(d, config, "https://www.googleapis.com/compute/v1/projects/{{project}}/global/targetHttpsProxies")
@ -191,6 +201,9 @@ func resourceComputeTargetHttpsProxyRead(d *schema.ResourceData, meta interface{
 	if err := d.Set("url_map", flattenComputeTargetHttpsProxyUrlMap(res["urlMap"])); err != nil {
 		return fmt.Errorf("Error reading TargetHttpsProxy: %s", err)
 	}
+	if err := d.Set("ssl_policy", flattenComputeTargetHttpsProxySslPolicy(res["sslPolicy"])); err != nil {
+		return fmt.Errorf("Error reading TargetHttpsProxy: %s", err)
+	}
 	if err := d.Set("self_link", res["selfLink"]); err != nil {
 		return fmt.Errorf("Error reading TargetHttpsProxy: %s", err)
 	}
@ -281,6 +294,39 @@ func resourceComputeTargetHttpsProxyUpdate(d *schema.ResourceData, meta interfac

 		d.SetPartial("url_map")
 	}
+	if d.HasChange("ssl_policy") {
+		sslPolicyProp, err := expandComputeTargetHttpsProxySslPolicy(d.Get("ssl_policy"), d, config)
+		if err != nil {
+			return err
+		}
+
+		obj := map[string]interface{}{
+			"sslPolicy": sslPolicyProp,
+		}
+		url, err = replaceVars(d, config, "https://www.googleapis.com/compute/v1/projects/{{project}}/global/targetHttpsProxies/{{name}}/setSslPolicy")
+		if err != nil {
+			return err
+		}
+		res, err = sendRequest(config, "POST", url, obj)
+		if err != nil {
+			return fmt.Errorf("Error updating TargetHttpsProxy %q: %s", d.Id(), err)
+		}
+
+		err = Convert(res, op)
+		if err != nil {
+			return err
+		}
+
+		err = computeOperationWaitTime(
+			config.clientCompute, op, project, "Updating TargetHttpsProxy",
+			int(d.Timeout(schema.TimeoutUpdate).Minutes()))
+
+		if err != nil {
+			return err
+		}
+
+		d.SetPartial("ssl_policy")
+	}

 	d.Partial(false)

@ -367,6 +413,10 @@ func flattenComputeTargetHttpsProxyUrlMap(v interface{}) interface{} {
 	return v
 }

+func flattenComputeTargetHttpsProxySslPolicy(v interface{}) interface{} {
+	return v
+}
+
 func expandComputeTargetHttpsProxyDescription(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) {
 	return v, nil
 }
@ -395,3 +445,11 @@ func expandComputeTargetHttpsProxyUrlMap(v interface{}, d *schema.ResourceData,
 	}
 	return f.RelativeLink(), nil
 }
+
+func expandComputeTargetHttpsProxySslPolicy(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) {
+	f, err := parseGlobalFieldValue("sslPolicies", v.(string), "project", d, config, true)
+	if err != nil {
+		return nil, fmt.Errorf("Invalid value for ssl_policy: %s", err)
+	}
+	return f.RelativeLink(), nil
+}
--- a/google/resource_compute_target_https_proxy_test.go
+++ b/google/resource_compute_target_https_proxy_test.go
@ -156,6 +156,7 @@ resource "google_compute_target_https_proxy" "foobar" {
 	name = "httpsproxy-test-%s"
 	url_map = "${google_compute_url_map.foobar.self_link}"
 	ssl_certificates = ["${google_compute_ssl_certificate.foobar1.self_link}"]
+	ssl_policy = "${google_compute_ssl_policy.foobar.self_link}"
 }

 resource "google_compute_backend_service" "foobar" {
@ -192,6 +193,13 @@ resource "google_compute_url_map" "foobar" {
 	}
 }

+resource "google_compute_ssl_policy" "foobar" {
+	name            = "sslproxy-test-%s"
+	description     = "my-description"
+	min_tls_version = "TLS_1_2"
+	profile         = "MODERN"
+}
+
 resource "google_compute_ssl_certificate" "foobar1" {
 	name = "httpsproxy-test-cert1-%s"
 	description = "very descriptive"
@ -205,7 +213,7 @@ resource "google_compute_ssl_certificate" "foobar2" {
 	private_key = "${file("test-fixtures/ssl_cert/test.key")}"
 	certificate = "${file("test-fixtures/ssl_cert/test.crt")}"
 }
-`, id, id, id, id, id, id)
+`, id, id, id, id, id, id, id)
 }

 func testAccComputeTargetHttpsProxy_basic2(id string) string {
@ -254,6 +262,13 @@ resource "google_compute_url_map" "foobar" {
 	}
 }

+resource "google_compute_ssl_policy" "foobar" {
+	name            = "sslproxy-test-%s"
+	description     = "my-description"
+	min_tls_version = "TLS_1_2"
+	profile         = "MODERN"
+}
+
 resource "google_compute_ssl_certificate" "foobar1" {
 	name = "httpsproxy-test-cert1-%s"
 	description = "very descriptive"
@ -267,5 +282,5 @@ resource "google_compute_ssl_certificate" "foobar2" {
 	private_key = "${file("test-fixtures/ssl_cert/test.key")}"
 	certificate = "${file("test-fixtures/ssl_cert/test.crt")}"
 }
-`, id, id, id, id, id, id)
+`, id, id, id, id, id, id, id)
 }
--- a/website/docs/r/compute_target_https_proxy.html.markdown
+++ b/website/docs/r/compute_target_https_proxy.html.markdown
@ -115,6 +115,9 @@ one SSL certificate must be specified.
 * `description` -
  (Optional)
  An optional description of this resource.
+* `ssl_policy` -
+  (Optional)
+  A reference to SslPolicy resource
 * `project` (Optional) The ID of the project in which the resource belongs.
    If it is not provided, the provider project is used.