diff --git a/mmv1/third_party/terraform/resources/resource_compute_security_policy.go.erb b/mmv1/third_party/terraform/resources/resource_compute_security_policy.go.erb index fe8df133610e..9b784ee68e47 100644 --- a/mmv1/third_party/terraform/resources/resource_compute_security_policy.go.erb +++ b/mmv1/third_party/terraform/resources/resource_compute_security_policy.go.erb @@ -173,7 +173,7 @@ func ResourceComputeSecurityPolicy() *schema.Resource { "request_uri": resourceComputeSecurityPolicyRulePreconfiguredWafConfigExclusionFieldParamsSchema( `Request URI from the request line to be excluded from inspection during preconfigured WAF evaluation. When specifying this field, the query or fragment part should be excluded.`, ), - + "request_query_param": resourceComputeSecurityPolicyRulePreconfiguredWafConfigExclusionFieldParamsSchema( `Request query parameter whose value will be excluded from inspection during preconfigured WAF evaluation. Note that the parameter can be in the query string or in the POST body.`, ), @@ -1159,7 +1159,7 @@ func expandSecurityPolicyAdaptiveProtectionConfig(configured []interface{}) *com <% unless version == 'ga' -%> AutoDeployConfig: expandAutoDeployConfig(data["auto_deploy_config"].([]interface{})), <% end -%> - + } } @@ -1255,6 +1255,11 @@ func expandSecurityPolicyRuleRateLimitOptions(configured []interface{}) *compute <% end -%> BanDurationSec: int64(data["ban_duration_sec"].(int)), ExceedRedirectOptions: expandSecurityPolicyRuleRedirectOptions(data["exceed_redirect_options"].([]interface{})), + <% if version == 'ga' -%> + ForceSendFields: []string{"EnforceOnKey", "EnforceOnKeyName"}, + <% else -%> + ForceSendFields: []string{"EnforceOnKey", "EnforceOnKeyName", "EnforceOnKeyConfigs"}, + <% end -%> } } @@ -1273,7 +1278,7 @@ func expandThreshold(configured []interface{}) *compute.SecurityPolicyRuleRateLi <% unless version == 'ga' -%> func expandSecurityPolicyEnforceOnKeyConfigs(configured []interface{}) []*compute.SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfig { params := make([]*compute.SecurityPolicyRuleRateLimitOptionsEnforceOnKeyConfig, 0, len(configured)) - + for _, raw := range configured { params = append(params, expandSecurityPolicyEnforceOnKeyConfigsFields(raw)) } @@ -1305,7 +1310,7 @@ func flattenSecurityPolicyRuleRateLimitOptions(conf *compute.SecurityPolicyRuleR "enforce_on_key_name": conf.EnforceOnKeyName, <% unless version == 'ga' -%> "enforce_on_key_configs": flattenSecurityPolicyEnforceOnKeyConfigs(conf.EnforceOnKeyConfigs), - <% end -%> + <% end -%> "ban_duration_sec": conf.BanDurationSec, "exceed_redirect_options": flattenSecurityPolicyRedirectOptions(conf.ExceedRedirectOptions), } diff --git a/mmv1/third_party/terraform/tests/resource_compute_security_policy_test.go.erb b/mmv1/third_party/terraform/tests/resource_compute_security_policy_test.go.erb index 90a7132665c4..6857d03e908b 100644 --- a/mmv1/third_party/terraform/tests/resource_compute_security_policy_test.go.erb +++ b/mmv1/third_party/terraform/tests/resource_compute_security_policy_test.go.erb @@ -351,6 +351,53 @@ func TestAccComputeSecurityPolicy_withRateLimitOption_withMultipleEnforceOnKeyCo }) } + +func TestAccComputeSecurityPolicy_EnforceOnKeyUpdates(t *testing.T) { + t.Parallel() + + spName := fmt.Sprintf("tf-test-%s", RandString(t, 10)) + + VcrTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: TestAccProviders, + CheckDestroy: testAccCheckComputeSecurityPolicyDestroyProducer(t), + Steps: []resource.TestStep{ + { + Config: testAccComputeSecurityPolicy_withRateLimitOptions_withEnforceOnKeyName(spName), + }, + { + ResourceName: "google_compute_security_policy.policy", + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccComputeSecurityPolicy_withRateLimitOptions_withEnforceOnKey(spName), + }, + { + ResourceName: "google_compute_security_policy.policy", + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccComputeSecurityPolicy_withRateLimitOptions_withEnforceOnKeyConfigs(spName), + }, + { + ResourceName: "google_compute_security_policy.policy", + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccComputeSecurityPolicy_withRateLimitOptions_withEnforceOnKey(spName), + }, + { + ResourceName: "google_compute_security_policy.policy", + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + <% end -%> func TestAccComputeSecurityPolicy_withRecaptchaOptionsConfig(t *testing.T) { @@ -1180,12 +1227,89 @@ resource "google_compute_security_policy" "policy" { } <% unless version == 'ga' -%> +func testAccComputeSecurityPolicy_withRateLimitOptions_withEnforceOnKey(spName string) string { + return fmt.Sprintf(` +resource "google_compute_security_policy" "policy" { + name = "%s" + description = "throttle rule with enforce_on_key_configs" + + rule { + action = "throttle" + priority = "2147483647" + match { + versioned_expr = "SRC_IPS_V1" + config { + src_ip_ranges = ["*"] + } + } + description = "default rule" + + rate_limit_options { + conform_action = "allow" + exceed_action = "redirect" + + enforce_on_key = "IP" + + exceed_redirect_options { + type = "EXTERNAL_302" + target = "https://www.example.com" + } + + rate_limit_threshold { + count = 10 + interval_sec = 60 + } + } + } +} +`, spName) +} + +func testAccComputeSecurityPolicy_withRateLimitOptions_withEnforceOnKeyName(spName string) string { + return fmt.Sprintf(` +resource "google_compute_security_policy" "policy" { + name = "%s" + description = "throttle rule with enforce_on_key_configs" + + rule { + action = "throttle" + priority = "2147483647" + match { + versioned_expr = "SRC_IPS_V1" + config { + src_ip_ranges = ["*"] + } + } + description = "default rule" + + rate_limit_options { + conform_action = "allow" + exceed_action = "redirect" + + enforce_on_key = "HTTP_HEADER" + enforce_on_key_name = "user-agent" + + exceed_redirect_options { + type = "EXTERNAL_302" + target = "https://www.example.com" + } + + rate_limit_threshold { + count = 10 + interval_sec = 60 + } + } + } +} +`, spName) +} + func testAccComputeSecurityPolicy_withRateLimitOptions_withEnforceOnKeyConfigs(spName string) string { return fmt.Sprintf(` resource "google_compute_security_policy" "policy" { name = "%s" description = "throttle rule with enforce_on_key_configs" - + rule { action = "throttle" priority = "2147483647" @@ -1226,7 +1350,7 @@ func testAccComputeSecurityPolicy_withRateLimitOption_withMultipleEnforceOnKeyCo resource "google_compute_security_policy" "policy" { name = "%s" description = "throttle rule with enforce_on_key_configs" - + rule { action = "throttle" priority = "2147483647"