hashicorp · modular-magician · Jun 21, 2024 · Jun 21, 2024
diff --git a/.changelog/10954.txt b/.changelog/10954.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+compute: added `tlsEarlyData` field to `google_compute_target_https_proxy` resource
+```
diff --git a/google/services/compute/resource_compute_target_https_proxy.go b/google/services/compute/resource_compute_target_https_proxy.go
@@ -166,6 +166,17 @@ sslCertificates and certificateManagerCertificates can not be defined together.`
 				Description: `A reference to the SslPolicy resource that will be associated with
 the TargetHttpsProxy resource. If not set, the TargetHttpsProxy
 resource will not have any SSL policy configured.`,
+			},
+			"tls_early_data": {
+				Type:         schema.TypeString,
+				Computed:     true,
+				Optional:     true,
+				ForceNew:     true,
+				ValidateFunc: verify.ValidateEnum([]string{"STRICT", "PERMISSIVE", "DISABLED", ""}),
+				Description: `Specifies whether TLS 1.3 0-RTT Data (“Early Data”) should be accepted for this service.
+Early Data allows a TLS resumption handshake to include the initial application payload
+(a HTTP request) alongside the handshake, reducing the effective round trips to “zero”.
+This applies to TLS 1.3 connections over TCP (HTTP/2) as well as over UDP (QUIC/h3). Possible values: ["STRICT", "PERMISSIVE", "DISABLED"]`,
 			},
 			"creation_timestamp": {
 				Type:        schema.TypeString,
@@ -218,6 +229,12 @@ func resourceComputeTargetHttpsProxyCreate(d *schema.ResourceData, meta interfac
 	} else if v, ok := d.GetOkExists("quic_override"); !tpgresource.IsEmptyValue(reflect.ValueOf(quicOverrideProp)) && (ok || !reflect.DeepEqual(v, quicOverrideProp)) {
 		obj["quicOverride"] = quicOverrideProp
 	}
+	tlsEarlyDataProp, err := expandComputeTargetHttpsProxyTlsEarlyData(d.Get("tls_early_data"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("tls_early_data"); !tpgresource.IsEmptyValue(reflect.ValueOf(tlsEarlyDataProp)) && (ok || !reflect.DeepEqual(v, tlsEarlyDataProp)) {
+		obj["tlsEarlyData"] = tlsEarlyDataProp
+	}
 	certificateManagerCertificatesProp, err := expandComputeTargetHttpsProxyCertificateManagerCertificates(d.Get("certificate_manager_certificates"), d, config)
 	if err != nil {
 		return err
@@ -397,6 +414,9 @@ func resourceComputeTargetHttpsProxyRead(d *schema.ResourceData, meta interface{
 	if err := d.Set("quic_override", flattenComputeTargetHttpsProxyQuicOverride(res["quicOverride"], d, config)); err != nil {
 		return fmt.Errorf("Error reading TargetHttpsProxy: %s", err)
 	}
+	if err := d.Set("tls_early_data", flattenComputeTargetHttpsProxyTlsEarlyData(res["tlsEarlyData"], d, config)); err != nil {
+		return fmt.Errorf("Error reading TargetHttpsProxy: %s", err)
+	}
 	if err := d.Set("certificate_manager_certificates", flattenComputeTargetHttpsProxyCertificateManagerCertificates(res["certificateManagerCertificates"], d, config)); err != nil {
 		return fmt.Errorf("Error reading TargetHttpsProxy: %s", err)
 	}
@@ -820,6 +840,10 @@ func flattenComputeTargetHttpsProxyQuicOverride(v interface{}, d *schema.Resourc
 	return v
 }
 
+func flattenComputeTargetHttpsProxyTlsEarlyData(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
 func flattenComputeTargetHttpsProxyCertificateManagerCertificates(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
 	return v
 }
@@ -889,6 +913,10 @@ func expandComputeTargetHttpsProxyQuicOverride(v interface{}, d tpgresource.Terr
 	return v, nil
 }
 
+func expandComputeTargetHttpsProxyTlsEarlyData(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandComputeTargetHttpsProxyCertificateManagerCertificates(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	if v == nil {
 		return nil, nil

diff --git a/google/services/compute/resource_compute_target_https_proxy_test.go b/google/services/compute/resource_compute_target_https_proxy_test.go
@@ -223,6 +223,7 @@ resource "google_compute_target_https_proxy" "foobar" {
     google_compute_ssl_certificate.foobar2.self_link,
   ]
   quic_override = "ENABLE"
+  tls_early_data = "STRICT"
 }
 
 resource "google_compute_backend_service" "foobar" {

diff --git a/website/docs/r/compute_target_https_proxy.html.markdown b/website/docs/r/compute_target_https_proxy.html.markdown
@@ -344,6 +344,14 @@ The following arguments are supported:
   Default value is `NONE`.
   Possible values are: `NONE`, `ENABLE`, `DISABLE`.
 
+* `tls_early_data` -
+  (Optional)
+  Specifies whether TLS 1.3 0-RTT Data (“Early Data”) should be accepted for this service.
+  Early Data allows a TLS resumption handshake to include the initial application payload
+  (a HTTP request) alongside the handshake, reducing the effective round trips to “zero”.
+  This applies to TLS 1.3 connections over TCP (HTTP/2) as well as over UDP (QUIC/h3).
+  Possible values are: `STRICT`, `PERMISSIVE`, `DISABLED`.
+
 * `certificate_manager_certificates` -
   (Optional)
   URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer.