* Add SSL Policy to provider * Add resource for SSL Policy * Add SSL Policy data source * Add tests for SSL Policy resource * Add documentation for SSL Policy resource * Add SSL Policy datasource docs * Add test for SSL Policy datasource * Update SSL Policy datasource docs * Make full update for SSL Policy resource * SSL Policy resource test multi-attrib update * Clean up SSL Policy datasource * Set-ify custom_features in SSL Policy resource * Document description ForceNew rationale * Remove refs to TLS_1_3 * Update docs: plural -> singular * Remove extraneous attrs from datasource * Fix update logic for custom_features and add enabled_features * Update docs to include enabled_features * Add test for updating to/from custom_features * Add TLS 1.3 bug link * Add import between multi-step test configs * Move Profile and minTlsVersion back into sslPolicy struct
3.1 KiB
layout | page_title | sidebar_current | description |
---|---|---|---|
Google: google_compute_ssl_policy | docs-google-compute-ssl-policy | Manages an SSL Policy within GCE, for use with Target HTTPS and Target SSL Proxies. |
google_compute_ssl_policy
Manages an SSL Policy within GCE, for use with Target HTTPS and Target SSL Proxies. For more information see the official documentation and API.
Example Usage
resource "google_compute_ssl_policy" "prod-ssl-policy" {
name = "production-ssl-policy"
profile = "MODERN"
}
resource "google_compute_ssl_policy" "nonprod-ssl-policy" {
name = "nonprod-ssl-policy"
profile = "MODERN"
min_tls_version = "TLS_1_2"
}
resource "google_compute_ssl_policy" "custom-ssl-policy" {
name = "custom-ssl-policy"
min_tls_version = "TLS_1_2"
profile = "CUSTOM"
custom_features = ["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"]
}
Argument Reference
The following arguments are supported:
name
- (Required) A unique name for the resource, required by GCE. Changing this forces a new resource to be created.
-
description
- (Optional) Description of this subnetwork. Changing this forces a new resource to be created. -
project
- (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. -
min_tls_version
- (Optional) The minimum TLS version to support. Must be one ofTLS_1_0
,TLS_1_1
, orTLS_1_2
. Default isTLS_1_0
. -
profile
- (Optional) The Google-curated SSL profile to use. Must be one ofCOMPATIBLE
,MODERN
,RESTRICTED
, orCUSTOM
. See the official documentation for information on what cipher suites each profile provides. IfCUSTOM
is used, thecustom_features
attribute must be set. Default isCOMPATIBLE
. -
custom_features
- (Required withCUSTOM
profile) The specific encryption ciphers to use. See the official documentation for which ciphers are available to use. Note: this argument must be present when using theCUSTOM
profile. This argument must not be present when using any other profile.
Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
-
enabled_features
- The set of enabled encryption ciphers as a result of the policy config -
fingerprint
- Fingerprint of this resource. -
self_link
- The URI of the created resource.
Import
SSL Policies can be imported using the GCP canonical name
of the Policy. For example, an SSL Policy named production-ssl-policy
would be imported by running:
$ terraform import google_compute_ssl_policy.my-policy production-ssl-policy