Secure Web Proxy fields gatewaySecurityPolicy and certificateUrls sup…

…ports updates. (#10549) (#18082) [upstream:d16b7fd40d0fada9316e55aa5ae0d53477b74457] Signed-off-by: Modular Magician <magic-modules@google.com>
hashicorp · May 10, 2024 · 623b4f3 · 623b4f3
1 parent e72645e
commit 623b4f3
Show file tree

Hide file tree

Showing 2 changed files with 237 additions and 219 deletions.
diff --git a/google/services/networkservices/resource_network_services_gateway.go b/google/services/networkservices/resource_network_services_gateway.go
@@ -209,7 +209,6 @@ Gateways of type 'OPEN_MESH' listen on 0.0.0.0.`,
 			"certificate_urls": {
 				Type:     schema.TypeList,
 				Optional: true,
-				ForceNew: true,
 				Description: `A fully-qualified Certificates URL reference. The proxy presents a Certificate (selected based on SNI) when establishing a TLS connection.
 This feature only applies to gateways of type 'SECURE_WEB_GATEWAY'.`,
 				Elem: &schema.Schema{
@@ -224,7 +223,6 @@ This feature only applies to gateways of type 'SECURE_WEB_GATEWAY'.`,
 			"gateway_security_policy": {
 				Type:     schema.TypeString,
 				Optional: true,
-				ForceNew: true,
 				Description: `A fully-qualified GatewaySecurityPolicy URL reference. Defines how a server should apply security policy to inbound (VM to Proxy) initiated connections.
 For example: 'projects/*/locations/*/gatewaySecurityPolicies/swg-policy'.
 This policy is specific to gateways of type 'SECURE_WEB_GATEWAY'.`,
@@ -581,6 +579,18 @@ func resourceNetworkServicesGatewayUpdate(d *schema.ResourceData, meta interface
 	} else if v, ok := d.GetOkExists("server_tls_policy"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, serverTlsPolicyProp)) {
 		obj["serverTlsPolicy"] = serverTlsPolicyProp
 	}
+	gatewaySecurityPolicyProp, err := expandNetworkServicesGatewayGatewaySecurityPolicy(d.Get("gateway_security_policy"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("gateway_security_policy"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, gatewaySecurityPolicyProp)) {
+		obj["gatewaySecurityPolicy"] = gatewaySecurityPolicyProp
+	}
+	certificateUrlsProp, err := expandNetworkServicesGatewayCertificateUrls(d.Get("certificate_urls"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("certificate_urls"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, certificateUrlsProp)) {
+		obj["certificateUrls"] = certificateUrlsProp
+	}
 	labelsProp, err := expandNetworkServicesGatewayEffectiveLabels(d.Get("effective_labels"), d, config)
 	if err != nil {
 		return err
@@ -605,6 +615,14 @@ func resourceNetworkServicesGatewayUpdate(d *schema.ResourceData, meta interface
 		updateMask = append(updateMask, "serverTlsPolicy")
 	}
 
+	if d.HasChange("gateway_security_policy") {
+		updateMask = append(updateMask, "gatewaySecurityPolicy")
+	}
+
+	if d.HasChange("certificate_urls") {
+		updateMask = append(updateMask, "certificateUrls")
+	}
+
 	if d.HasChange("effective_labels") {
 		updateMask = append(updateMask, "labels")
 	}
@@ -614,6 +632,10 @@ func resourceNetworkServicesGatewayUpdate(d *schema.ResourceData, meta interface
 	if err != nil {
 		return err
 	}
+	if d.Get("type") == "SECURE_WEB_GATEWAY" {
+		obj["name"] = d.Get("name")
+		obj["type"] = d.Get("type")
+	}
 
 	// err == nil indicates that the billing_project value was found
 	if bp, err := tpgresource.GetBillingProject(d, config); err == nil {