From d11524682aa244f492f857a1c4ef5927fd478d28 Mon Sep 17 00:00:00 2001 From: Lars Wander Date: Mon, 2 Nov 2015 14:32:07 -0500 Subject: [PATCH] provider/google: Target HTTPS proxy resource + tests & documentation --- builtin/providers/google/provider.go | 1 + .../resource_compute_ssl_certificate.go | 4 +- .../resource_compute_target_https_proxy.go | 240 ++++++++++++++++++ ...esource_compute_target_https_proxy_test.go | 212 ++++++++++++++++ .../compute_target_https_proxy.html.markdown | 91 +++++++ website/source/layouts/google.erb | 4 + 6 files changed, 550 insertions(+), 2 deletions(-) create mode 100644 builtin/providers/google/resource_compute_target_https_proxy.go create mode 100644 builtin/providers/google/resource_compute_target_https_proxy_test.go create mode 100644 website/source/docs/providers/google/r/compute_target_https_proxy.html.markdown diff --git a/builtin/providers/google/provider.go b/builtin/providers/google/provider.go index 6b9b88639965..6f9bdd8eee17 100644 --- a/builtin/providers/google/provider.go +++ b/builtin/providers/google/provider.go @@ -50,6 +50,7 @@ func Provider() terraform.ResourceProvider { "google_compute_route": resourceComputeRoute(), "google_compute_ssl_certificate": resourceComputeSslCertificate(), "google_compute_target_http_proxy": resourceComputeTargetHttpProxy(), + "google_compute_target_https_proxy": resourceComputeTargetHttpsProxy(), "google_compute_target_pool": resourceComputeTargetPool(), "google_compute_url_map": resourceComputeUrlMap(), "google_compute_vpn_gateway": resourceComputeVpnGateway(), diff --git a/builtin/providers/google/resource_compute_ssl_certificate.go b/builtin/providers/google/resource_compute_ssl_certificate.go index 563407cdd5c1..05de350fac53 100644 --- a/builtin/providers/google/resource_compute_ssl_certificate.go +++ b/builtin/providers/google/resource_compute_ssl_certificate.go @@ -58,9 +58,9 @@ func resourceComputeSslCertificateCreate(d *schema.ResourceData, meta interface{ // Build the certificate parameter cert := &compute.SslCertificate{ - Name: d.Get("name").(string), + Name: d.Get("name").(string), Certificate: d.Get("certificate").(string), - PrivateKey: d.Get("private_key").(string), + PrivateKey: d.Get("private_key").(string), } if v, ok := d.GetOk("description"); ok { diff --git a/builtin/providers/google/resource_compute_target_https_proxy.go b/builtin/providers/google/resource_compute_target_https_proxy.go new file mode 100644 index 000000000000..1ea8444414eb --- /dev/null +++ b/builtin/providers/google/resource_compute_target_https_proxy.go @@ -0,0 +1,240 @@ +package google + +import ( + "fmt" + "log" + "strconv" + + "github.com/hashicorp/terraform/helper/schema" + "google.golang.org/api/compute/v1" + "google.golang.org/api/googleapi" +) + +func resourceComputeTargetHttpsProxy() *schema.Resource { + return &schema.Resource{ + Create: resourceComputeTargetHttpsProxyCreate, + Read: resourceComputeTargetHttpsProxyRead, + Delete: resourceComputeTargetHttpsProxyDelete, + Update: resourceComputeTargetHttpsProxyUpdate, + + Schema: map[string]*schema.Schema{ + "name": &schema.Schema{ + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + + "description": &schema.Schema{ + Type: schema.TypeString, + Optional: true, + ForceNew: true, + }, + + "self_link": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, + + "id": &schema.Schema{ + Type: schema.TypeString, + Computed: true, + }, + + "url_map": &schema.Schema{ + Type: schema.TypeString, + Required: true, + }, + + "ssl_certificates": &schema.Schema{ + Type: schema.TypeList, + Required: true, + Elem: &schema.Schema{Type: schema.TypeString}, + }, + }, + } +} + +func resourceComputeTargetHttpsProxyCreate(d *schema.ResourceData, meta interface{}) error { + config := meta.(*Config) + + _sslCertificates := d.Get("ssl_certificates").([]interface{}) + sslCertificates := make([]string, len(_sslCertificates)) + + for i, v := range _sslCertificates { + sslCertificates[i] = v.(string) + } + + proxy := &compute.TargetHttpsProxy{ + Name: d.Get("name").(string), + UrlMap: d.Get("url_map").(string), + SslCertificates: sslCertificates, + } + + if v, ok := d.GetOk("description"); ok { + proxy.Description = v.(string) + } + + log.Printf("[DEBUG] TargetHttpsProxy insert request: %#v", proxy) + op, err := config.clientCompute.TargetHttpsProxies.Insert( + config.Project, proxy).Do() + if err != nil { + return fmt.Errorf("Error creating TargetHttpsProxy: %s", err) + } + + err = computeOperationWaitGlobal(config, op, "Creating Target Https Proxy") + if err != nil { + return err + } + + d.SetId(proxy.Name) + + return resourceComputeTargetHttpsProxyRead(d, meta) +} + +func resourceComputeTargetHttpsProxyUpdate(d *schema.ResourceData, meta interface{}) error { + config := meta.(*Config) + + d.Partial(true) + + if d.HasChange("url_map") { + url_map := d.Get("url_map").(string) + url_map_ref := &compute.UrlMapReference{UrlMap: url_map} + op, err := config.clientCompute.TargetHttpsProxies.SetUrlMap( + config.Project, d.Id(), url_map_ref).Do() + if err != nil { + return fmt.Errorf("Error updating Target HTTPS proxy URL map: %s", err) + } + + err = computeOperationWaitGlobal(config, op, "Updating Target Https Proxy URL Map") + if err != nil { + return err + } + + d.SetPartial("url_map") + } + + if d.HasChange("ssl_certificates") { + proxy, err := config.clientCompute.TargetHttpsProxies.Get( + config.Project, d.Id()).Do() + + _old, _new := d.GetChange("ssl_certificates") + _oldCerts := _old.([]interface{}) + _newCerts := _new.([]interface{}) + current := proxy.SslCertificates + + _oldMap := make(map[string]bool) + _newMap := make(map[string]bool) + + for _, v := range _oldCerts { + _oldMap[v.(string)] = true + } + + for _, v := range _newCerts { + _newMap[v.(string)] = true + } + + sslCertificates := make([]string, 0) + // Only modify certificates in one of our old or new states + for _, v := range current { + _, okOld := _oldMap[v] + _, okNew := _newMap[v] + + // we deleted the certificate + if okOld && !okNew { + continue + } + + sslCertificates = append(sslCertificates, v) + + // Keep track of the fact that we have added this certificate + if okNew { + delete(_newMap, v) + } + } + + // Add fresh certificates + for k, _ := range _newMap { + sslCertificates = append(sslCertificates, k) + } + + cert_ref := &compute.TargetHttpsProxiesSetSslCertificatesRequest{ + SslCertificates: sslCertificates, + } + op, err := config.clientCompute.TargetHttpsProxies.SetSslCertificates( + config.Project, d.Id(), cert_ref).Do() + if err != nil { + return fmt.Errorf("Error updating Target Https Proxy SSL Certificates: %s", err) + } + + err = computeOperationWaitGlobal(config, op, "Updating Target Https Proxy SSL certificates") + if err != nil { + return err + } + + d.SetPartial("ssl_certificate") + } + + d.Partial(false) + + return resourceComputeTargetHttpsProxyRead(d, meta) +} + +func resourceComputeTargetHttpsProxyRead(d *schema.ResourceData, meta interface{}) error { + config := meta.(*Config) + + proxy, err := config.clientCompute.TargetHttpsProxies.Get( + config.Project, d.Id()).Do() + if err != nil { + if gerr, ok := err.(*googleapi.Error); ok && gerr.Code == 404 { + // The resource doesn't exist anymore + d.SetId("") + + return nil + } + + return fmt.Errorf("Error reading TargetHttpsProxy: %s", err) + } + + _certs := d.Get("ssl_certificates").([]interface{}) + current := proxy.SslCertificates + + _certMap := make(map[string]bool) + _newCerts := make([]interface{}, 0) + + for _, v := range _certs { + _certMap[v.(string)] = true + } + + // Store intersection of server certificates and user defined certificates + for _, v := range current { + if _, ok := _certMap[v]; ok { + _newCerts = append(_newCerts, v) + } + } + + d.Set("ssl_certificates", _newCerts) + d.Set("self_link", proxy.SelfLink) + d.Set("id", strconv.FormatUint(proxy.Id, 10)) + + return nil +} + +func resourceComputeTargetHttpsProxyDelete(d *schema.ResourceData, meta interface{}) error { + config := meta.(*Config) + + // Delete the TargetHttpsProxy + log.Printf("[DEBUG] TargetHttpsProxy delete request") + op, err := config.clientCompute.TargetHttpsProxies.Delete( + config.Project, d.Id()).Do() + if err != nil { + return fmt.Errorf("Error deleting TargetHttpsProxy: %s", err) + } + + err = computeOperationWaitGlobal(config, op, "Deleting Target Https Proxy") + if err != nil { + return err + } + + d.SetId("") + return nil +} diff --git a/builtin/providers/google/resource_compute_target_https_proxy_test.go b/builtin/providers/google/resource_compute_target_https_proxy_test.go new file mode 100644 index 000000000000..14ae8b30b25c --- /dev/null +++ b/builtin/providers/google/resource_compute_target_https_proxy_test.go @@ -0,0 +1,212 @@ +package google + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform/helper/resource" + "github.com/hashicorp/terraform/terraform" +) + +func TestAccComputeTargetHttpsProxy_basic(t *testing.T) { + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckComputeTargetHttpsProxyDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccComputeTargetHttpsProxy_basic1, + Check: resource.ComposeTestCheckFunc( + testAccCheckComputeTargetHttpsProxyExists( + "google_compute_target_https_proxy.foobar"), + ), + }, + }, + }) +} + +func TestAccComputeTargetHttpsProxy_update(t *testing.T) { + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckComputeTargetHttpsProxyDestroy, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: testAccComputeTargetHttpsProxy_basic1, + Check: resource.ComposeTestCheckFunc( + testAccCheckComputeTargetHttpsProxyExists( + "google_compute_target_https_proxy.foobar"), + ), + }, + + resource.TestStep{ + Config: testAccComputeTargetHttpsProxy_basic2, + Check: resource.ComposeTestCheckFunc( + testAccCheckComputeTargetHttpsProxyExists( + "google_compute_target_https_proxy.foobar"), + ), + }, + }, + }) +} + +func testAccCheckComputeTargetHttpsProxyDestroy(s *terraform.State) error { + config := testAccProvider.Meta().(*Config) + + for _, rs := range s.RootModule().Resources { + if rs.Type != "google_compute_target_https_proxy" { + continue + } + + _, err := config.clientCompute.TargetHttpsProxies.Get( + config.Project, rs.Primary.ID).Do() + if err == nil { + return fmt.Errorf("TargetHttpsProxy still exists") + } + } + + return nil +} + +func testAccCheckComputeTargetHttpsProxyExists(n string) resource.TestCheckFunc { + return func(s *terraform.State) error { + rs, ok := s.RootModule().Resources[n] + if !ok { + return fmt.Errorf("Not found: %s", n) + } + + if rs.Primary.ID == "" { + return fmt.Errorf("No ID is set") + } + + config := testAccProvider.Meta().(*Config) + + found, err := config.clientCompute.TargetHttpsProxies.Get( + config.Project, rs.Primary.ID).Do() + if err != nil { + return err + } + + if found.Name != rs.Primary.ID { + return fmt.Errorf("TargetHttpsProxy not found") + } + + return nil + } +} + +const testAccComputeTargetHttpsProxy_basic1 = ` +resource "google_compute_target_https_proxy" "foobar" { + description = "Resource created for Terraform acceptance testing" + name = "terraform-test" + url_map = "${google_compute_url_map.foobar.self_link}" + ssl_certificates = ["${google_compute_ssl_certificate.foobar1.self_link}"] +} + +resource "google_compute_backend_service" "foobar" { + name = "service" + health_checks = ["${google_compute_http_health_check.zero.self_link}"] +} + +resource "google_compute_http_health_check" "zero" { + name = "tf-test-zero" + request_path = "/" + check_interval_sec = 1 + timeout_sec = 1 +} + +resource "google_compute_url_map" "foobar" { + name = "myurlmap" + default_service = "${google_compute_backend_service.foobar.self_link}" + host_rule { + hosts = ["mysite.com", "myothersite.com"] + path_matcher = "boop" + } + path_matcher { + default_service = "${google_compute_backend_service.foobar.self_link}" + name = "boop" + path_rule { + paths = ["/*"] + service = "${google_compute_backend_service.foobar.self_link}" + } + } + test { + host = "mysite.com" + path = "/*" + service = "${google_compute_backend_service.foobar.self_link}" + } +} + +resource "google_compute_ssl_certificate" "foobar1" { + name = "terraform-test1" + description = "very descriptive" + private_key = "${file("~/cert/example.key")}" + certificate = "${file("~/cert/example.crt")}" +} + +resource "google_compute_ssl_certificate" "foobar2" { + name = "terraform-test2" + description = "very descriptive" + private_key = "${file("~/cert/example.key")}" + certificate = "${file("~/cert/example.crt")}" +} +` + +const testAccComputeTargetHttpsProxy_basic2 = ` +resource "google_compute_target_https_proxy" "foobar" { + description = "Resource created for Terraform acceptance testing" + name = "terraform-test" + url_map = "${google_compute_url_map.foobar.self_link}" + ssl_certificates = ["${google_compute_ssl_certificate.foobar1.self_link}"] +} + +resource "google_compute_backend_service" "foobar" { + name = "service" + health_checks = ["${google_compute_http_health_check.zero.self_link}"] +} + +resource "google_compute_http_health_check" "zero" { + name = "tf-test-zero" + request_path = "/" + check_interval_sec = 1 + timeout_sec = 1 +} + +resource "google_compute_url_map" "foobar" { + name = "myurlmap" + default_service = "${google_compute_backend_service.foobar.self_link}" + host_rule { + hosts = ["mysite.com", "myothersite.com"] + path_matcher = "boop" + } + path_matcher { + default_service = "${google_compute_backend_service.foobar.self_link}" + name = "boop" + path_rule { + paths = ["/*"] + service = "${google_compute_backend_service.foobar.self_link}" + } + } + test { + host = "mysite.com" + path = "/*" + service = "${google_compute_backend_service.foobar.self_link}" + } +} + +resource "google_compute_ssl_certificate" "foobar1" { + name = "terraform-test1" + description = "very descriptive" + private_key = "${file("~/cert/example.key")}" + certificate = "${file("~/cert/example.crt")}" +} + +resource "google_compute_ssl_certificate" "foobar2" { + name = "terraform-test2" + description = "very descriptive" + private_key = "${file("~/cert/example.key")}" + certificate = "${file("~/cert/example.crt")}" +} +` diff --git a/website/source/docs/providers/google/r/compute_target_https_proxy.html.markdown b/website/source/docs/providers/google/r/compute_target_https_proxy.html.markdown new file mode 100644 index 000000000000..d678242d5b0c --- /dev/null +++ b/website/source/docs/providers/google/r/compute_target_https_proxy.html.markdown @@ -0,0 +1,91 @@ +--- +layout: "google" +page_title: "Google: google_compute_target_https_proxy" +sidebar_current: "docs-google-compute-target-https-proxy" +description: |- + Creates a Target HTTPS Proxy resource in GCE. +--- + +# google\_compute\_target\_https\_proxy + +Creates a target HTTPS proxy resource in GCE. For more information see +[the official +documentation](https://cloud.google.com/compute/docs/load-balancing/http/target-proxies) and +[API](https://cloud.google.com/compute/docs/reference/latest/targetHttpsProxies). + + +## Example Usage + +``` +resource "google_compute_target_https_proxy" "default" { + name = "test-proxy" + description = "a description" + url_map = "${google_compute_url_map.default.self_link}" + ssl_certificates = ["${google_compute_ssl_certificate.default.self_link}"] +} + +resource "google_compute_ssl_certificate" "default" { + name = "my-certificate" + description = "a description" + private_key = "${file("path/to/private.key")}" + certificate = "${file("path/to/certificate.crt")}" +} + +resource "google_compute_url_map" "default" { + name = "url-map" + description = "a description" + default_service = "${google_compute_backend_service.default.self_link}" + + host_rule { + hosts = ["mysite.com"] + path_matcher = "allpaths" + } + + path_matcher { + default_service = "${google_compute_backend_service.default.self_link}" + name = "allpaths" + path_rule { + paths = ["/*"] + service = "${google_compute_backend_service.default.self_link}" + } + } +} + +resource "google_compute_backend_service" "default" { + name = "default-backend" + port_name = "http" + protocol = "HTTP" + timeout_sec = 10 + region = "us-central1" + + health_checks = ["${google_compute_http_health_check.default.self_link}"] +} + +resource "google_compute_http_health_check" "default" { + name = "test" + request_path = "/" + check_interval_sec = 1 + timeout_sec = 1 +} +``` + +## Argument Reference + +The following arguments are supported: + +* `name` - (Required) A unique name for the resource, required by GCE. + Changing this forces a new resource to be created. +* `description` - (Optional) A description of this resource. + Changing this forces a new resource to be created. +* `url_map` - (Required) The URL of a URL Map resource that defines the + mapping from the URL to the BackendService. +* `ssl_certificates` - (Required) The URLs of the SSL Certificate resources + that authenticate connections between users and load balancing. Currently + exactly one must be specified. + +## Attributes Reference + +The following attributes are exported: + +* `self_link` - The URI of the created resource. +* `id` - A unique ID assigned by GCE. diff --git a/website/source/layouts/google.erb b/website/source/layouts/google.erb index 0a917dd22125..8362dec72bbb 100644 --- a/website/source/layouts/google.erb +++ b/website/source/layouts/google.erb @@ -77,6 +77,10 @@ google_compute_target_http_proxy + > + google_compute_target_https_proxy + + > google_compute_target_pool