Move regional SSL policies to GA (#8443) (#15299)

Signed-off-by: Modular Magician <[email protected]>
hashicorp · Jul 26, 2023 · 9a9e5ea · 9a9e5ea
1 parent 6dc7f0d
commit 9a9e5ea
Show file tree

Hide file tree

Showing 6 changed files with 953 additions and 5 deletions.
diff --git a/.changelog/8443.txt b/.changelog/8443.txt
@@ -0,0 +1,4 @@
+```release-note:new-resource
+`google_compute_region_ssl_policy` (GA)
+
+```
diff --git a/google/provider/provider.go b/google/provider/provider.go
@@ -947,9 +947,9 @@ func DatasourceMapWithErrors() (map[string]*schema.Resource, error) {
 		})
 }
 
-// Generated resources: 302
+// Generated resources: 303
 // Generated IAM resources: 204
-// Total generated resources: 506
+// Total generated resources: 507
 func ResourceMap() map[string]*schema.Resource {
 	resourceMap, _ := ResourceMapWithErrors()
 	return resourceMap
@@ -1146,6 +1146,7 @@ func ResourceMapWithErrors() (map[string]*schema.Resource, error) {
 			"google_compute_region_network_endpoint_group":                   compute.ResourceComputeRegionNetworkEndpointGroup(),
 			"google_compute_region_per_instance_config":                      compute.ResourceComputeRegionPerInstanceConfig(),
 			"google_compute_region_ssl_certificate":                          compute.ResourceComputeRegionSslCertificate(),
+			"google_compute_region_ssl_policy":                               compute.ResourceComputeRegionSslPolicy(),
 			"google_compute_region_target_http_proxy":                        compute.ResourceComputeRegionTargetHttpProxy(),
 			"google_compute_region_target_https_proxy":                       compute.ResourceComputeRegionTargetHttpsProxy(),
 			"google_compute_region_target_tcp_proxy":                         compute.ResourceComputeRegionTargetTcpProxy(),

diff --git a/google/resource_compute_region_ssl_policy_test.go b/google/resource_compute_region_ssl_policy_test.go
@@ -1,3 +1,228 @@
 // Copyright (c) HashiCorp, Inc.
 // SPDX-License-Identifier: MPL-2.0
 package google
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/terraform"
+	"github.com/hashicorp/terraform-provider-google/google/acctest"
+
+	"google.golang.org/api/compute/v1"
+)
+
+func TestAccComputeRegionSslPolicy_update(t *testing.T) {
+	t.Parallel()
+
+	var sslPolicy compute.SslPolicy
+	sslPolicyName := fmt.Sprintf("test-ssl-policy-%s", acctest.RandString(t, 10))
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckComputeSslPolicyDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccComputeRegionSslUpdate1(sslPolicyName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckComputeRegionSslPolicyExists(
+						t, "google_compute_region_ssl_policy.update", &sslPolicy),
+					resource.TestCheckResourceAttr(
+						"google_compute_region_ssl_policy.update", "profile", "MODERN"),
+					resource.TestCheckResourceAttr(
+						"google_compute_region_ssl_policy.update", "min_tls_version", "TLS_1_0"),
+				),
+			},
+			{
+				ResourceName:      "google_compute_region_ssl_policy.update",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccComputeRegionSslUpdate2(sslPolicyName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckComputeRegionSslPolicyExists(
+						t, "google_compute_region_ssl_policy.update", &sslPolicy),
+					resource.TestCheckResourceAttr(
+						"google_compute_region_ssl_policy.update", "profile", "RESTRICTED"),
+					resource.TestCheckResourceAttr(
+						"google_compute_region_ssl_policy.update", "min_tls_version", "TLS_1_2"),
+				),
+			},
+			{
+				ResourceName:      "google_compute_region_ssl_policy.update",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func TestAccComputeRegionSslPolicy_update_to_custom(t *testing.T) {
+	t.Parallel()
+
+	var sslPolicy compute.SslPolicy
+	sslPolicyName := fmt.Sprintf("test-ssl-policy-%s", acctest.RandString(t, 10))
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckComputeSslPolicyDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccComputeRegionSslUpdate1(sslPolicyName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckComputeRegionSslPolicyExists(
+						t, "google_compute_region_ssl_policy.update", &sslPolicy),
+					resource.TestCheckResourceAttr(
+						"google_compute_region_ssl_policy.update", "profile", "MODERN"),
+					resource.TestCheckResourceAttr(
+						"google_compute_region_ssl_policy.update", "min_tls_version", "TLS_1_0"),
+				),
+			},
+			{
+				ResourceName:      "google_compute_region_ssl_policy.update",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccComputeRegionSslUpdate3(sslPolicyName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckComputeRegionSslPolicyExists(
+						t, "google_compute_region_ssl_policy.update", &sslPolicy),
+					resource.TestCheckResourceAttr(
+						"google_compute_region_ssl_policy.update", "profile", "CUSTOM"),
+					resource.TestCheckResourceAttr(
+						"google_compute_region_ssl_policy.update", "min_tls_version", "TLS_1_1"),
+				),
+			},
+			{
+				ResourceName:      "google_compute_region_ssl_policy.update",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func TestAccComputeRegionSslPolicy_update_from_custom(t *testing.T) {
+	t.Parallel()
+
+	var sslPolicy compute.SslPolicy
+	sslPolicyName := fmt.Sprintf("test-ssl-policy-%s", acctest.RandString(t, 10))
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		CheckDestroy:             testAccCheckComputeSslPolicyDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccComputeRegionSslUpdate3(sslPolicyName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckComputeRegionSslPolicyExists(
+						t, "google_compute_region_ssl_policy.update", &sslPolicy),
+					resource.TestCheckResourceAttr(
+						"google_compute_region_ssl_policy.update", "profile", "CUSTOM"),
+					resource.TestCheckResourceAttr(
+						"google_compute_region_ssl_policy.update", "min_tls_version", "TLS_1_1"),
+				),
+			},
+			{
+				ResourceName:      "google_compute_region_ssl_policy.update",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			{
+				Config: testAccComputeRegionSslUpdate1(sslPolicyName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckComputeRegionSslPolicyExists(
+						t, "google_compute_region_ssl_policy.update", &sslPolicy),
+					resource.TestCheckResourceAttr(
+						"google_compute_region_ssl_policy.update", "profile", "MODERN"),
+					resource.TestCheckResourceAttr(
+						"google_compute_region_ssl_policy.update", "min_tls_version", "TLS_1_0"),
+				),
+			},
+			{
+				ResourceName:      "google_compute_region_ssl_policy.update",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func testAccCheckComputeRegionSslPolicyExists(t *testing.T, n string, sslPolicy *compute.SslPolicy) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[n]
+		if !ok {
+			return fmt.Errorf("Not found: %s", n)
+		}
+
+		if rs.Primary.ID == "" {
+			return fmt.Errorf("No ID is set")
+		}
+
+		config := acctest.GoogleProviderConfig(t)
+
+		project, err := acctest.GetTestProject(rs.Primary, config)
+		if err != nil {
+			return err
+		}
+
+		name := rs.Primary.Attributes["name"]
+
+		found, err := config.NewComputeClient(config.UserAgent).RegionSslPolicies.Get(
+			project, "us-central1", name).Do()
+		if err != nil {
+			return fmt.Errorf("Error Reading SSL Policy %s: %s", name, err)
+		}
+
+		if found.Name != name {
+			return fmt.Errorf("SSL Policy not found")
+		}
+
+		*sslPolicy = *found
+
+		return nil
+	}
+}
+
+func testAccComputeRegionSslUpdate1(resourceName string) string {
+	return fmt.Sprintf(`
+resource "google_compute_region_ssl_policy" "update" {
+  name            = "%s"
+  description     = "Generated by TF provider acceptance test"
+  min_tls_version = "TLS_1_0"
+  profile         = "MODERN"
+  region          = "us-central1"
+}
+`, resourceName)
+}
+
+func testAccComputeRegionSslUpdate2(resourceName string) string {
+	return fmt.Sprintf(`
+resource "google_compute_region_ssl_policy" "update" {
+  name            = "%s"
+  description     = "Generated by TF provider acceptance test"
+  min_tls_version = "TLS_1_2"
+  profile         = "RESTRICTED"
+  region          = "us-central1"
+}
+`, resourceName)
+}
+
+func testAccComputeRegionSslUpdate3(resourceName string) string {
+	return fmt.Sprintf(`
+resource "google_compute_region_ssl_policy" "update" {
+  name            = "%s"
+  description     = "Generated by TF provider acceptance test"
+  min_tls_version = "TLS_1_1"
+  profile         = "CUSTOM"
+  region          = "us-central1"
+  custom_features = ["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"]
+}
+`, resourceName)
+}