added server tls policy example configuration for mtls (#9104) (#6434)

[upstream:74f3808bbf499a1324c61835429993fd59cea515] Signed-off-by: Modular Magician <[email protected]>
hashicorp · Oct 3, 2023 · 758925d · 758925d
1 parent d8d5732
commit 758925d
Show file tree

Hide file tree

Showing 5 changed files with 149 additions and 0 deletions.
diff --git a/.changelog/9104.txt b/.changelog/9104.txt
@@ -0,0 +1,3 @@
+```release-note:none
+google_network_security_server_tls_policy
+```
diff --git a/.teamcity/components/generated/packages.kt b/.teamcity/components/generated/packages.kt
@@ -12,6 +12,11 @@ var packages = mapOf(
         "displayName" to "Environment Variables",
         "path" to "./google-beta/envvar"
     ),
+    "fwmodels" to mapOf(
+        "name" to "fwmodels",
+        "displayName" to "Framework Models",
+        "path" to "./google-beta/fwmodels"
+    ),
     "fwprovider" to mapOf(
         "name" to "fwprovider",
         "displayName" to "Framework Provider",

diff --git a/...ta/services/networksecurity/resource_network_security_server_tls_policy_generated_test.go b/...ta/services/networksecurity/resource_network_security_server_tls_policy_generated_test.go
@@ -179,6 +179,77 @@ resource "google_network_security_server_tls_policy" "default" {
 `, context)
 }
 
+func TestAccNetworkSecurityServerTlsPolicy_networkSecurityServerTlsPolicyMtlsExample(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": acctest.RandString(t, 10),
+	}
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderBetaFactories(t),
+		CheckDestroy:             testAccCheckNetworkSecurityServerTlsPolicyDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccNetworkSecurityServerTlsPolicy_networkSecurityServerTlsPolicyMtlsExample(context),
+			},
+			{
+				ResourceName:            "google_network_security_server_tls_policy.default",
+				ImportState:             true,
+				ImportStateVerify:       true,
+				ImportStateVerifyIgnore: []string{"name", "location", "labels", "terraform_labels"},
+			},
+		},
+	})
+}
+
+func testAccNetworkSecurityServerTlsPolicy_networkSecurityServerTlsPolicyMtlsExample(context map[string]interface{}) string {
+	return acctest.Nprintf(`
+data "google_project" "project" {
+  provider = google-beta
+}
+
+resource "google_network_security_server_tls_policy" "default" {
+  provider = google-beta
+  name     = "tf-test-my-server-tls-policy%{random_suffix}"
+
+  description = "my description"
+  location    = "global"
+  allow_open  = "false"
+
+  mtls_policy {
+    client_validation_mode         = "REJECT_INVALID"
+    client_validation_trust_config = "projects/${data.google_project.project.number}/locations/global/trustConfigs/${google_certificate_manager_trust_config.default.name}"
+  }
+
+  labels = {
+    foo = "bar"
+  }
+}
+
+resource "google_certificate_manager_trust_config" "default" {
+  provider    = google-beta
+  name        = "tf-test-my-trust-config%{random_suffix}"
+  description = "sample trust config description"
+  location    = "global"
+
+  trust_stores {
+    trust_anchors {
+      pem_certificate = file("test-fixtures/ca_cert.pem")
+    }
+    intermediate_cas {
+      pem_certificate = file("test-fixtures/ca_cert.pem")
+    }
+  }
+
+  labels = {
+    foo = "bar"
+  }
+}
+`, context)
+}
+
 func testAccCheckNetworkSecurityServerTlsPolicyDestroyProducer(t *testing.T) func(s *terraform.State) error {
 	return func(s *terraform.State) error {
 		for name, rs := range s.RootModule().Resources {

diff --git a/google-beta/services/networksecurity/test-fixtures/ca_cert.pem b/google-beta/services/networksecurity/test-fixtures/ca_cert.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDDzCCAfegAwIBAgIUDOiCLH9QNMMYnjPZVf4VwO9blsEwDQYJKoZIhvcNAQEL
+BQAwFjEUMBIGA1UEAwwLZXhhbXBsZS5jb20wIBcNMjIwODI0MDg0MDUxWhgPMzAy
+MTEyMjUwODQwNTFaMBYxFDASBgNVBAMMC2V4YW1wbGUuY29tMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOT925GG4lKV9HvAHsbecMhGPAqjhVRC26iZ
+UJC8oSWOu95lWJSX5ZhbiF6Nz192wDGV/VAh3Lxj8RYtcn75eDxQKTcKouDld+To
+CGIStPFWbR6rbysLuZqFVEXVOTvp2QIegInfrvnGC4j7Qpic7zrFB9HzJx+0HpeE
+yO4gkdzJfEK/gMmolUgJrKX59o+0+Rj+Jq3EtcQxL1fVBVJSx0NvpoR1eYpnHMr/
+rJKZkUUZ2xE86hrtpiP6OEYQTi00rmf4GnZF5QfGGD0xuoQXtR7Tu+XhKibXIhxc
+D4RzPLX1QS040PXvmMPLDb4YlUQ6V3Rs42JDvkkDwIMXZvn8awIDAQABo1MwUTAd
+BgNVHQ4EFgQURuo1CCZZAUv7xi02f2nC5tRbf18wHwYDVR0jBBgwFoAURuo1CCZZ
+AUv7xi02f2nC5tRbf18wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
+AQEAqx3tDxurnYr9EUPhF5/LlDPYM+VI7EgrKdRnuIqUlZI0tm3vOGME0te6dBTC
+YLNaHLW3m/4Tm4M2eg0Kpz6CxJfn3109G31dCi0xwzSDHf5TPUWvqIVhq5WRgMIf
+n8KYBlQSmqdJBRztUIQH/UPFnSbxymlS4s5qwDgTH5ag9EEBcnWsQ2LZjKi0eqve
+MaqAvvB+j8RGZzYY4re94bSJI42zIZ6nMWPtXwRuDc30xl/u+E0jWIgWbPwSd6Km
+3wnJnGiU2ezPGq3zEU+Rc39VVIFKQpciNeYuF3neHPJvYOf58qW2Z8s0VH0MR1x3
+3DoO/e30FIr9j+PRD+s5BPKF2A==
+-----END CERTIFICATE-----
diff --git a/website/docs/r/network_security_server_tls_policy.html.markdown b/website/docs/r/network_security_server_tls_policy.html.markdown
@@ -117,6 +117,57 @@ resource "google_network_security_server_tls_policy" "default" {
   }
 }
 ```
+<div class = "oics-button" style="float: right; margin: 0 0 -15px">
+  <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=network_security_server_tls_policy_mtls&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
+    <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
+  </a>
+</div>
+## Example Usage - Network Security Server Tls Policy Mtls
+
+
+```hcl
+data "google_project" "project" {
+  provider = google-beta
+}
+
+resource "google_network_security_server_tls_policy" "default" {
+  provider = google-beta
+  name     = "my-server-tls-policy"
+
+  description = "my description"
+  location    = "global"
+  allow_open  = "false"
+
+  mtls_policy {
+    client_validation_mode         = "REJECT_INVALID"
+    client_validation_trust_config = "projects/${data.google_project.project.number}/locations/global/trustConfigs/${google_certificate_manager_trust_config.default.name}"
+  }
+
+  labels = {
+    foo = "bar"
+  }
+}
+
+resource "google_certificate_manager_trust_config" "default" {
+  provider    = google-beta
+  name        = "my-trust-config"
+  description = "sample trust config description"
+  location    = "global"
+
+  trust_stores {
+    trust_anchors {
+      pem_certificate = file("test-fixtures/ca_cert.pem")
+    }
+    intermediate_cas {
+      pem_certificate = file("test-fixtures/ca_cert.pem")
+    }
+  }
+
+  labels = {
+    foo = "bar"
+  }
+}
+```
 
 ## Argument Reference