public/terraform-provider-google
0
0
Fork 0
mirror of https://github.com/letic/terraform-provider-google.git synced 2024-07-21 17:25:56 +00:00
Code Issues Projects Releases Wiki Activity
f78de6b76e
terraform-provider-google/website/docs/r/compute_ssl_policy.html.markdown
Nick Jacques 72efdb1d92 New resource/datasource: SSL Policy (#1247) 
* Add SSL Policy to provider

* Add resource for SSL Policy

* Add SSL Policy data source

* Add tests for SSL Policy resource

* Add documentation for SSL Policy resource

* Add SSL Policy datasource docs

* Add test for SSL Policy datasource

* Update SSL Policy datasource docs

* Make full update for SSL Policy resource

* SSL Policy resource test multi-attrib update

* Clean up SSL Policy datasource

* Set-ify custom_features in SSL Policy resource

* Document description ForceNew rationale

* Remove refs to TLS_1_3

* Update docs: plural -> singular

* Remove extraneous attrs from datasource

* Fix update logic for custom_features and add enabled_features

* Update docs to include enabled_features

* Add test for updating to/from custom_features

* Add TLS 1.3 bug link

* Add import between multi-step test configs

* Move Profile and minTlsVersion back into sslPolicy struct
2018-03-26 16:53:35 -07:00

3.1 KiB
Raw Blame History

layout page_title sidebar_current description
google Google: google_compute_ssl_policy docs-google-compute-ssl-policy Manages an SSL Policy within GCE, for use with Target HTTPS and Target SSL Proxies.

google_compute_ssl_policy

Manages an SSL Policy within GCE, for use with Target HTTPS and Target SSL Proxies. For more information see the official documentation and API.

Example Usage

resource "google_compute_ssl_policy" "prod-ssl-policy" {
  name    = "production-ssl-policy"
  profile = "MODERN"
}

resource "google_compute_ssl_policy" "nonprod-ssl-policy" {
  name            = "nonprod-ssl-policy"
  profile         = "MODERN"
  min_tls_version = "TLS_1_2"
}

resource "google_compute_ssl_policy" "custom-ssl-policy" {
  name            = "custom-ssl-policy"
  min_tls_version = "TLS_1_2"
  profile         = "CUSTOM"
  custom_features = ["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"]
}

Argument Reference

The following arguments are supported:

  • name - (Required) A unique name for the resource, required by GCE. Changing this forces a new resource to be created.

  • description - (Optional) Description of this subnetwork. Changing this forces a new resource to be created.

  • project - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

  • min_tls_version - (Optional) The minimum TLS version to support. Must be one of TLS_1_0, TLS_1_1, or TLS_1_2. Default is TLS_1_0.

  • profile - (Optional) The Google-curated SSL profile to use. Must be one of COMPATIBLE, MODERN, RESTRICTED, or CUSTOM. See the official documentation for information on what cipher suites each profile provides. If CUSTOM is used, the custom_features attribute must be set. Default is COMPATIBLE.

  • custom_features - (Required with CUSTOM profile) The specific encryption ciphers to use. See the official documentation for which ciphers are available to use. Note: this argument must be present when using the CUSTOM profile. This argument must not be present when using any other profile.

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • enabled_features - The set of enabled encryption ciphers as a result of the policy config

  • fingerprint - Fingerprint of this resource.

  • self_link - The URI of the created resource.

Import

SSL Policies can be imported using the GCP canonical name of the Policy. For example, an SSL Policy named production-ssl-policy would be imported by running:

$ terraform import google_compute_ssl_policy.my-policy production-ssl-policy