hashicorp · danawillow · Mar 16, 2018 · Mar 16, 2018 · Mar 16, 2018 · Mar 16, 2018
diff --git a/google/resource_compute_backend_service.go b/google/resource_compute_backend_service.go
@@ -105,6 +105,49 @@ func resourceComputeBackendService() *schema.Resource {
 				},
 			},
 
+			"cdn_policy": &schema.Schema{
+				Type:     schema.TypeList,
+				Optional: true,
+				MaxItems: 1,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"cache_key_policy": &schema.Schema{
+							Type:     schema.TypeList,
+							Optional: true,
+							MaxItems: 1,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"include_host": &schema.Schema{
+										Type:     schema.TypeBool,
+										Optional: true,
+									},
+									"include_protocol": &schema.Schema{
+										Type:     schema.TypeBool,
+										Optional: true,
+									},
+									"include_query_string": &schema.Schema{
+										Type:     schema.TypeBool,
+										Optional: true,
+									},
+									"query_string_blacklist": &schema.Schema{
+										Type:          schema.TypeSet,
+										Optional:      true,
+										Elem:          &schema.Schema{Type: schema.TypeString},
+										ConflictsWith: []string{"cdn_policy.0.cache_key_policy.query_string_whitelist"},
+									},
+									"query_string_whitelist": &schema.Schema{
+										Type:          schema.TypeSet,
+										Optional:      true,
+										Elem:          &schema.Schema{Type: schema.TypeString},
+										ConflictsWith: []string{"cdn_policy.0.cache_key_policy.query_string_blacklist"},
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+
 			"description": &schema.Schema{
 				Type:     schema.TypeString,
 				Optional: true,
@@ -237,6 +280,9 @@ func resourceComputeBackendServiceRead(d *schema.ResourceData, meta interface{})
 	d.Set("iap", flattenIap(service.Iap))
 	d.Set("project", project)
 	d.Set("health_checks", service.HealthChecks)
+	if err := d.Set("cdn_policy", flattenCdnPolicy(service.CdnPolicy)); err != nil {
+		return err
+	}
 
 	return nil
 }
@@ -409,6 +455,11 @@ func expandBackendService(d *schema.ResourceData) (*compute.BackendService, erro
 		Iap: &compute.BackendServiceIAP{
 			ForceSendFields: []string{"Enabled", "Oauth2ClientId", "Oauth2ClientSecret"},
 		},
+		CdnPolicy: &compute.BackendServiceCdnPolicy{
+			CacheKeyPolicy: &compute.CacheKeyPolicy{
+				ForceSendFields: []string{"IncludeProtocol", "IncludeHost", "IncludeQueryString", "QueryStringWhitelist", "QueryStringBlacklist"},
+			},
+		},
 	}
 
 	if v, ok := d.GetOk("iap"); ok {
@@ -454,5 +505,55 @@ func expandBackendService(d *schema.ResourceData) (*compute.BackendService, erro
 
 	service.ConnectionDraining = connectionDraining
 
+	if v, ok := d.GetOk("cdn_policy"); ok {
+		c := expandCdnPolicy(v.([]interface{}))
+		if c != nil {
+			service.CdnPolicy = c
+		}
+	}
+
 	return service, nil
 }
+
+func expandCdnPolicy(configured []interface{}) *compute.BackendServiceCdnPolicy {
+	if len(configured) == 0 {
+		return nil
+	}
+	data := configured[0].(map[string]interface{})
+
+	ckp := data["cache_key_policy"].([]interface{})
+	if len(ckp) == 0 {
+		return nil
+	}
+	ckpData := ckp[0].(map[string]interface{})
+
+	return &compute.BackendServiceCdnPolicy{
+		CacheKeyPolicy: &compute.CacheKeyPolicy{
+			IncludeHost:          ckpData["include_host"].(bool),
+			IncludeProtocol:      ckpData["include_protocol"].(bool),
+			IncludeQueryString:   ckpData["include_query_string"].(bool),
+			QueryStringBlacklist: convertStringSet(ckpData["query_string_blacklist"].(*schema.Set)),
+			QueryStringWhitelist: convertStringSet(ckpData["query_string_whitelist"].(*schema.Set)),
+			ForceSendFields:      []string{"IncludeProtocol", "IncludeHost", "IncludeQueryString", "QueryStringWhitelist", "QueryStringBlacklist"},
+		},
+	}
+}
+
+func flattenCdnPolicy(pol *compute.BackendServiceCdnPolicy) []map[string]interface{} {
+	result := []map[string]interface{}{}
+	if pol == nil || pol.CacheKeyPolicy == nil {
+		return result
+	}
+
+	return append(result, map[string]interface{}{
+		"cache_key_policy": []map[string]interface{}{
+			{
+				"include_host":           pol.CacheKeyPolicy.IncludeHost,
+				"include_protocol":       pol.CacheKeyPolicy.IncludeProtocol,
+				"include_query_string":   pol.CacheKeyPolicy.IncludeQueryString,
+				"query_string_blacklist": schema.NewSet(schema.HashString, convertStringArrToInterface(pol.CacheKeyPolicy.QueryStringBlacklist)),
+				"query_string_whitelist": schema.NewSet(schema.HashString, convertStringArrToInterface(pol.CacheKeyPolicy.QueryStringWhitelist)),
+			},
+		},
+	})
+}
diff --git a/google/resource_compute_backend_service_test.go b/google/resource_compute_backend_service_test.go
@@ -272,6 +272,34 @@ func TestAccComputeBackendService_withHttpsHealthCheck(t *testing.T) {
 	})
 }
 
+func TestAccComputeBackendService_withCdnPolicy(t *testing.T) {
+	t.Parallel()
+
+	serviceName := fmt.Sprintf("tf-test-%s", acctest.RandString(10))
+	checkName := fmt.Sprintf("tf-test-%s", acctest.RandString(10))
+	var svc compute.BackendService
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckComputeBackendServiceDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccComputeBackendService_withCdnPolicy(serviceName, checkName),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckComputeBackendServiceExists(
+						"google_compute_backend_service.foobar", &svc),
+				),
+			},
+			resource.TestStep{
+				ResourceName:      "google_compute_backend_service.foobar",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
 func testAccCheckComputeBackendServiceDestroy(s *terraform.State) error {
 	config := testAccProvider.Meta().(*Config)
 
@@ -662,3 +690,28 @@ resource "google_compute_https_health_check" "zero" {
 }
 `, serviceName, checkName)
 }
+
+func testAccComputeBackendService_withCdnPolicy(serviceName, checkName string) string {
+	return fmt.Sprintf(`
+resource "google_compute_backend_service" "foobar" {
+  name          = "%s"
+  health_checks = ["${google_compute_http_health_check.zero.self_link}"]
+
+  cdn_policy {
+    cache_key_policy {
+      include_protocol       = true
+      include_host           = true
+      include_query_string   = true
+      query_string_whitelist = ["foo", "bar"]
+    }
+  }
+}
+
+resource "google_compute_http_health_check" "zero" {
+  name               = "%s"
+  request_path       = "/"
+  check_interval_sec = 1
+  timeout_sec        = 1
+}
+`, serviceName, checkName)
+}
diff --git a/website/docs/r/compute_backend_service.html.markdown b/website/docs/r/compute_backend_service.html.markdown
@@ -79,6 +79,8 @@ The following arguments are supported:
 
 * `iap` - (Optional) Specification for the Identity-Aware proxy. Disabled if not specified. Structure is documented below.
 
+* `cdn_policy` - (Optional) Cloud CDN configuration for this BackendService. Structure is documented below.
+
 * `description` - (Optional) The textual description for the backend service.
 
 * `enable_cdn` - (Optional) Whether or not to enable the Cloud CDN on the backend service.
@@ -128,6 +130,29 @@ The `backend` block supports:
     float in the range [0.0, 1.0]. This flag can only be provided when the
     balancing mode is `UTILIZATION`. Defaults to `0.8`.
 
+The `cdn_policy` block supports:
+
+* `cache_key_policy` - (Optional) The CacheKeyPolicy for this CdnPolicy.
+    Structure is documented below.
+
+The `cache_key_policy` block supports:
+
+* `include_host` - (Optional) If true, requests to different hosts will be cached separately.
+
+* `include_protocol` - (Optional) If true, http and https requests will be cached separately.
+
+* `include_query_string` - (Optional) If true, include query string parameters in the cache key
+    according to `query_string_whitelist` and `query_string_blacklist`. If neither is set, the entire
+    query string will be included. If false, the query string will be excluded from the cache key entirely.
+
+* `query_string_blacklist` - (Optional) Names of query string parameters to exclude in cache keys.
+    All other parameters will be included. Either specify `query_string_whitelist` or
+    `query_string_blacklist`, not both. '&' and '=' will be percent encoded and not treated as delimiters.
+
+* `query_string_whitelist` - (Optional) Names of query string parameters to include in cache keys.
+    All other parameters will be excluded. Either specify `query_string_whitelist` or
+    `query_string_blacklist`, not both. '&' and '=' will be percent encoded and not treated as delimiters.
+
 The `iap` block supports:
 
 * `oauth2_client_id` - (Required) The client ID for use with OAuth 2.0.