Promote user_ip_request_headers field on google_compute_security_policy resource to GA

.changelog/9872.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+compute: promoted `user_ip_request_headers` field on `google_compute_security_policy` resource to GA
+```

google/services/compute/resource_compute_security_policy.go

@@ -6,6 +6,7 @@ import (
 	"context"
 	"fmt"
 	"log"
+	"strings"
 
 	"time"
 
@@ -387,6 +388,12 @@ func ResourceComputeSecurityPolicy() *schema.Resource {
 							ValidateFunc: validation.StringInSlice([]string{"NORMAL", "VERBOSE"}, false),
 							Description:  `Logging level. Supported values include: "NORMAL", "VERBOSE".`,
 						},
+						"user_ip_request_headers": {
+							Type:        schema.TypeSet,
+							Optional:    true,
+							Description: `An optional list of case-insensitive request header names to use for resolving the callers client IP address.`,
+							Elem:        &schema.Schema{Type: schema.TypeString},
+						},
 					},
 				},
 			},
@@ -597,6 +604,8 @@ func resourceComputeSecurityPolicyUpdate(d *schema.ResourceData, meta interface{
 		Fingerprint: d.Get("fingerprint").(string),
 	}
 
+	updateMask := []string{}
+
 	if d.HasChange("type") {
 		securityPolicy.Type = d.Get("type").(string)
 		securityPolicy.ForceSendFields = append(securityPolicy.ForceSendFields, "Type")
@@ -610,6 +619,11 @@ func resourceComputeSecurityPolicyUpdate(d *schema.ResourceData, meta interface{
 	if d.HasChange("advanced_options_config") {
 		securityPolicy.AdvancedOptionsConfig = expandSecurityPolicyAdvancedOptionsConfig(d.Get("advanced_options_config").([]interface{}))
 		securityPolicy.ForceSendFields = append(securityPolicy.ForceSendFields, "AdvancedOptionsConfig", "advancedOptionsConfig.jsonParsing", "advancedOptionsConfig.jsonCustomConfig", "advancedOptionsConfig.logLevel")
+		securityPolicy.ForceSendFields = append(securityPolicy.ForceSendFields, "advanceOptionConfig.userIpRequestHeaders")
+		if len(securityPolicy.AdvancedOptionsConfig.UserIpRequestHeaders) == 0 {
+			// to clean this list we must send the updateMask of this field on the request.
+			updateMask = append(updateMask, "advanced_options_config.user_ip_request_headers")
+		}
 	}
 
 	if d.HasChange("adaptive_protection_config") {
@@ -625,7 +639,7 @@ func resourceComputeSecurityPolicyUpdate(d *schema.ResourceData, meta interface{
 	if len(securityPolicy.ForceSendFields) > 0 {
 		client := config.NewComputeClient(userAgent)
 
-		op, err := client.SecurityPolicies.Patch(project, sp, securityPolicy).Do()
+		op, err := client.SecurityPolicies.Patch(project, sp, securityPolicy).UpdateMask(strings.Join(updateMask, ",")).Do()
 
 		if err != nil {
 			return errwrap.Wrapf(fmt.Sprintf("Error updating SecurityPolicy %q: {{err}}", sp), err)
@@ -862,9 +876,10 @@ func expandSecurityPolicyAdvancedOptionsConfig(configured []interface{}) *comput
 
 	data := configured[0].(map[string]interface{})
 	return &compute.SecurityPolicyAdvancedOptionsConfig{
-		JsonParsing:      data["json_parsing"].(string),
-		JsonCustomConfig: expandSecurityPolicyAdvancedOptionsConfigJsonCustomConfig(data["json_custom_config"].([]interface{})),
-		LogLevel:         data["log_level"].(string),
+		JsonParsing:          data["json_parsing"].(string),
+		JsonCustomConfig:     expandSecurityPolicyAdvancedOptionsConfigJsonCustomConfig(data["json_custom_config"].([]interface{})),
+		LogLevel:             data["log_level"].(string),
+		UserIpRequestHeaders: tpgresource.ConvertStringArr(data["user_ip_request_headers"].(*schema.Set).List()),
 	}
 }
 
@@ -874,9 +889,10 @@ func flattenSecurityPolicyAdvancedOptionsConfig(conf *compute.SecurityPolicyAdva
 	}
 
 	data := map[string]interface{}{
-		"json_parsing":       conf.JsonParsing,
-		"json_custom_config": flattenSecurityPolicyAdvancedOptionsConfigJsonCustomConfig(conf.JsonCustomConfig),
-		"log_level":          conf.LogLevel,
+		"json_parsing":            conf.JsonParsing,
+		"json_custom_config":      flattenSecurityPolicyAdvancedOptionsConfigJsonCustomConfig(conf.JsonCustomConfig),
+		"log_level":               conf.LogLevel,
+		"user_ip_request_headers": schema.NewSet(schema.HashString, tpgresource.ConvertStringArrToInterface(conf.UserIpRequestHeaders)),
 	}
 
 	return []map[string]interface{}{data}

google/services/compute/resource_compute_security_policy_test.go

@@ -150,6 +150,32 @@ func TestAccComputeSecurityPolicy_withAdvancedOptionsConfig(t *testing.T) {
 				ImportState:       true,
 				ImportStateVerify: true,
 			},
+			{
+				Config: testAccComputeSecurityPolicy_withAdvancedOptionsConfig_update(spName),
+			},
+			{
+				ResourceName:      "google_compute_security_policy.policy",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			// change all AdvancedOptionConfig values.
+			{
+				Config: testAccComputeSecurityPolicy_withAdvancedOptionsConfig_update2(spName),
+			},
+			{
+				ResourceName:      "google_compute_security_policy.policy",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+			// Swap to json_parsing = STANDARD_WITH_GRAPHQL
+			{
+				Config: testAccComputeSecurityPolicy_withAdvancedOptionsConfig_update3(spName),
+			},
+			{
+				ResourceName:      "google_compute_security_policy.policy",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
 			{
 				Config: testAccComputeSecurityPolicy_basic(spName),
 			},
@@ -736,7 +762,79 @@ resource "google_compute_security_policy" "policy" {
       ]
     }
     log_level    = "VERBOSE"
-
+    user_ip_request_headers = [
+      "True-Client-IP", 
+      "x-custom-ip"
+    ]
+  }
+}
+`, spName)
+}
+
+func testAccComputeSecurityPolicy_withAdvancedOptionsConfig_update(spName string) string {
+	return fmt.Sprintf(`
+resource "google_compute_security_policy" "policy" {
+  name        = "%s"
+  description = "updated description changing the user_ip"
+
+  advanced_options_config {
+    json_parsing = "STANDARD"
+    json_custom_config {
+      content_types = [
+        "application/json",
+        "application/vnd.api+json",
+        "application/vnd.collection+json",
+        "application/vnd.hyper+json"
+      ]
+    }
+    log_level    = "VERBOSE"
+    user_ip_request_headers = [
+      "x-custom-ip",
+    ]
+  }
+}
+`, spName)
+}
+
+func testAccComputeSecurityPolicy_withAdvancedOptionsConfig_update2(spName string) string {
+	return fmt.Sprintf(`
+resource "google_compute_security_policy" "policy" {
+  name        = "%s"
+  description = "updated description changing all advancedOptionsConfig values"
+
+  advanced_options_config {
+    json_parsing = "DISABLED"
+    json_custom_config {
+      content_types = [
+        "application/json",
+        "application/vnd.hyper+json"
+      ]
+    }
+    log_level    = "NORMAL"
+    user_ip_request_headers = [
+    ]
+  }
+}
+`, spName)
+}
+
+func testAccComputeSecurityPolicy_withAdvancedOptionsConfig_update3(spName string) string {
+	return fmt.Sprintf(`
+resource "google_compute_security_policy" "policy" {
+  name        = "%s"
+  description = "updated description changing json_parsing to STANDARD_WITH_GRAPHQL"
+
+  advanced_options_config {
+    json_parsing = "STANDARD_WITH_GRAPHQL"
+    json_custom_config {
+      content_types = [
+        "application/json",
+        "application/vnd.hyper+json"
+      ]
+    }
+    log_level    = "NORMAL"
+    user_ip_request_headers = [
+    ]
   }
 }
 `, spName)

website/docs/r/compute_security_policy.html.markdown

@@ -204,7 +204,7 @@ The following arguments are supported:
   * `NORMAL` - Normal log level.
   * `VERBOSE` - Verbose log level.
 
-* `user_ip_request_headers` - (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html)) An optional list of case-insensitive request header names to use for resolving the callers client IP address.
+* `user_ip_request_headers` - (Optional) An optional list of case-insensitive request header names to use for resolving the callers client IP address.
 
 <a name="nested_json_custom_config"></a>The `json_custom_config` block supports: