hashicorp · rosbo · May 30, 2018 · May 30, 2018
diff --git a/google/resource_compute_target_ssl_proxy.go b/google/resource_compute_target_ssl_proxy.go
@@ -73,6 +73,11 @@ func resourceComputeTargetSslProxy() *schema.Resource {
 				ValidateFunc: validation.StringInSlice([]string{"NONE", "PROXY_V1", ""}, false),
 				Default:      "NONE",
 			},
+			"ssl_policy": {
+				Type:             schema.TypeString,
+				Optional:         true,
+				DiffSuppressFunc: compareSelfLinkOrResourceName,
+			},
 			"creation_timestamp": {
 				Type:     schema.TypeString,
 				Computed: true,
@@ -123,13 +128,18 @@ func resourceComputeTargetSslProxyCreate(d *schema.ResourceData, meta interface{
 	if err != nil {
 		return err
 	}
+	sslPolicyProp, err := expandComputeTargetSslProxySslPolicy(d.Get("ssl_policy"), d, config)
+	if err != nil {
+		return err
+	}
 
 	obj := map[string]interface{}{
 		"description":     descriptionProp,
 		"name":            nameProp,
 		"proxyHeader":     proxyHeaderProp,
 		"service":         serviceProp,
 		"sslCertificates": sslCertificatesProp,
+		"sslPolicy":       sslPolicyProp,
 	}
 
 	url, err := replaceVars(d, config, "https://www.googleapis.com/compute/v1/projects/{{project}}/global/targetSslProxies")
@@ -210,6 +220,9 @@ func resourceComputeTargetSslProxyRead(d *schema.ResourceData, meta interface{})
 	if err := d.Set("ssl_certificates", flattenComputeTargetSslProxySslCertificates(res["sslCertificates"])); err != nil {
 		return fmt.Errorf("Error reading TargetSslProxy: %s", err)
 	}
+	if err := d.Set("ssl_policy", flattenComputeTargetSslProxySslPolicy(res["sslPolicy"])); err != nil {
+		return fmt.Errorf("Error reading TargetSslProxy: %s", err)
+	}
 	if err := d.Set("self_link", res["selfLink"]); err != nil {
 		return fmt.Errorf("Error reading TargetSslProxy: %s", err)
 	}
@@ -334,6 +347,39 @@ func resourceComputeTargetSslProxyUpdate(d *schema.ResourceData, meta interface{
 
 		d.SetPartial("ssl_certificates")
 	}
+	if d.HasChange("ssl_policy") {
+		sslPolicyProp, err := expandComputeTargetSslProxySslPolicy(d.Get("ssl_policy"), d, config)
+		if err != nil {
+			return err
+		}
+
+		obj = map[string]interface{}{
+			"sslPolicy": sslPolicyProp,
+		}
+		url, err = replaceVars(d, config, "https://www.googleapis.com/compute/v1/projects/{{project}}/global/targetSslProxies/{{name}}/setSslPolicy")
+		if err != nil {
+			return err
+		}
+		res, err = sendRequest(config, "POST", url, obj)
+		if err != nil {
+			return fmt.Errorf("Error updating TargetSslProxy %q: %s", d.Id(), err)
+		}
+
+		err = Convert(res, op)
+		if err != nil {
+			return err
+		}
+
+		err = computeOperationWaitTime(
+			config.clientCompute, op, project, "Updating TargetSslProxy",
+			int(d.Timeout(schema.TimeoutUpdate).Minutes()))
+
+		if err != nil {
+			return err
+		}
+
+		d.SetPartial("ssl_policy")
+	}
 
 	d.Partial(false)
 
@@ -425,6 +471,10 @@ func flattenComputeTargetSslProxySslCertificates(v interface{}) interface{} {
 	return v
 }
 
+func flattenComputeTargetSslProxySslPolicy(v interface{}) interface{} {
+	return v
+}
+
 func expandComputeTargetSslProxyDescription(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) {
 	return v, nil
 }
@@ -457,3 +507,11 @@ func expandComputeTargetSslProxySslCertificates(v interface{}, d *schema.Resourc
 	}
 	return req, nil
 }
+
+func expandComputeTargetSslProxySslPolicy(v interface{}, d *schema.ResourceData, config *Config) (interface{}, error) {
+	f, err := parseGlobalFieldValue("sslPolicies", v.(string), "project", d, config, true)
+	if err != nil {
+		return nil, fmt.Errorf("Invalid value for ssl_policy: %s", err)
+	}
+	return f.RelativeLink(), nil
+}
diff --git a/google/resource_compute_target_ssl_proxy_test.go b/google/resource_compute_target_ssl_proxy_test.go
@@ -11,6 +11,7 @@ import (
 
 func TestAccComputeTargetSslProxy_basic(t *testing.T) {
 	target := fmt.Sprintf("tssl-test-%s", acctest.RandString(10))
+	sslPolicy := fmt.Sprintf("tssl-test-%s", acctest.RandString(10))
 	cert := fmt.Sprintf("tssl-test-%s", acctest.RandString(10))
 	backend := fmt.Sprintf("tssl-test-%s", acctest.RandString(10))
 	hc := fmt.Sprintf("tssl-test-%s", acctest.RandString(10))
@@ -21,7 +22,7 @@ func TestAccComputeTargetSslProxy_basic(t *testing.T) {
 		CheckDestroy: testAccCheckComputeTargetSslProxyDestroy,
 		Steps: []resource.TestStep{
 			resource.TestStep{
-				Config: testAccComputeTargetSslProxy_basic1(target, cert, backend, hc),
+				Config: testAccComputeTargetSslProxy_basic1(target, sslPolicy, cert, backend, hc),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckComputeTargetSslProxy(
 						"google_compute_target_ssl_proxy.foobar", "NONE", cert),
@@ -38,6 +39,7 @@ func TestAccComputeTargetSslProxy_basic(t *testing.T) {
 
 func TestAccComputeTargetSslProxy_update(t *testing.T) {
 	target := fmt.Sprintf("tssl-test-%s", acctest.RandString(10))
+	sslPolicy := fmt.Sprintf("tssl-test-%s", acctest.RandString(10))
 	cert1 := fmt.Sprintf("tssl-test-%s", acctest.RandString(10))
 	cert2 := fmt.Sprintf("tssl-test-%s", acctest.RandString(10))
 	backend1 := fmt.Sprintf("tssl-test-%s", acctest.RandString(10))
@@ -50,14 +52,14 @@ func TestAccComputeTargetSslProxy_update(t *testing.T) {
 		CheckDestroy: testAccCheckComputeTargetSslProxyDestroy,
 		Steps: []resource.TestStep{
 			resource.TestStep{
-				Config: testAccComputeTargetSslProxy_basic1(target, cert1, backend1, hc),
+				Config: testAccComputeTargetSslProxy_basic1(target, sslPolicy, cert1, backend1, hc),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckComputeTargetSslProxy(
 						"google_compute_target_ssl_proxy.foobar", "NONE", cert1),
 				),
 			},
 			resource.TestStep{
-				Config: testAccComputeTargetSslProxy_basic2(target, cert1, cert2, backend1, backend2, hc),
+				Config: testAccComputeTargetSslProxy_basic2(target, sslPolicy, cert1, cert2, backend1, backend2, hc),
 				Check: resource.ComposeTestCheckFunc(
 					testAccCheckComputeTargetSslProxy(
 						"google_compute_target_ssl_proxy.foobar", "PROXY_V1", cert2),
@@ -121,14 +123,22 @@ func testAccCheckComputeTargetSslProxy(n, proxyHeader, sslCert string) resource.
 	}
 }
 
-func testAccComputeTargetSslProxy_basic1(target, sslCert, backend, hc string) string {
+func testAccComputeTargetSslProxy_basic1(target, sslPolicy, sslCert, backend, hc string) string {
 	return fmt.Sprintf(`
 resource "google_compute_target_ssl_proxy" "foobar" {
 	description = "Resource created for Terraform acceptance testing"
 	name = "%s"
 	backend_service = "${google_compute_backend_service.foo.self_link}"
 	ssl_certificates = ["${google_compute_ssl_certificate.foo.self_link}"]
 	proxy_header = "NONE"
+	ssl_policy = "${google_compute_ssl_policy.foo.self_link}"
+}
+
+resource "google_compute_ssl_policy" "foo" {
+	name            = "%s"
+	description     = "Resource created for Terraform acceptance testing"
+	min_tls_version = "TLS_1_2"
+	profile         = "MODERN"
 }
 
 resource "google_compute_ssl_certificate" "foo" {
@@ -151,10 +161,10 @@ resource "google_compute_health_check" "zero" {
 		port = "443"
 	}
 }
-`, target, sslCert, backend, hc)
+`, target, sslPolicy, sslCert, backend, hc)
 }
 
-func testAccComputeTargetSslProxy_basic2(target, sslCert1, sslCert2, backend1, backend2, hc string) string {
+func testAccComputeTargetSslProxy_basic2(target, sslPolicy, sslCert1, sslCert2, backend1, backend2, hc string) string {
 	return fmt.Sprintf(`
 resource "google_compute_target_ssl_proxy" "foobar" {
 	description = "Resource created for Terraform acceptance testing"
@@ -164,6 +174,13 @@ resource "google_compute_target_ssl_proxy" "foobar" {
 	proxy_header = "PROXY_V1"
 }
 
+resource "google_compute_ssl_policy" "foo" {
+	name            = "%s"
+	description     = "Resource created for Terraform acceptance testing"
+	min_tls_version = "TLS_1_2"
+	profile         = "MODERN"
+}
+
 resource "google_compute_ssl_certificate" "foo" {
 	name = "%s"
 	private_key = "${file("test-fixtures/ssl_cert/test.key")}"
@@ -196,5 +213,5 @@ resource "google_compute_health_check" "zero" {
 		port = "443"
 	}
 }
-`, target, sslCert1, sslCert2, backend1, backend2, hc)
+`, target, sslPolicy, sslCert1, sslCert2, backend1, backend2, hc)
 }
diff --git a/website/docs/r/compute_target_ssl_proxy.html.markdown b/website/docs/r/compute_target_ssl_proxy.html.markdown
@@ -96,6 +96,11 @@ The following arguments are supported:
   (Optional)
   Specifies the type of proxy header to append before sending data to
   the backend, either NONE or PROXY_V1. The default is NONE.
+* `ssl_policy` -
+  (Optional)
+  A reference to the SslPolicy resource that will be associated with
+  the TargetSslProxy resource. If not set, the TargetSslProxy
+  resource will not have any SSL policy configured.
 * `project` (Optional) The ID of the project in which the resource belongs.
     If it is not provided, the provider project is used.