Add certificate_map to compute_target_https_proxy (GoogleCloudPlatfor…

…m#5991) * Add certificate_map to compute_target_https_proxy * ENH rename s/certificateMaps/certificateMap since we only set one map ENH improve description by adding the specific required format ENH: use exactly_one_of instead of at_least_one_of BF fix missing correctly /global path in the update_url * Adding example and test for certificate_map * Remove 'beta' flag from certificateMap Improve certificate manager tests * Splitting target https proxy update and certificate tests into separate tests Fix typo in certificate manager certificate map entry full test * Revert certificate manager certificate map entry full test Add correct prefix to certificate_map within compute target https proxy test
hao-nan-li · Aug 31, 2022 · e266b8a · e266b8a
1 parent eaf7142
commit e266b8a
Show file tree

Hide file tree

Showing 2 changed files with 111 additions and 1 deletion.
diff --git a/mmv1/products/compute/api.yaml b/mmv1/products/compute/api.yaml
@@ -15371,7 +15371,9 @@ objects:
           A list of SslCertificate resources that are used to authenticate
           connections between users and the load balancer. At least one SSL
           certificate must be specified.
-        required: true
+        exactly_one_of:
+          - sslCertificates
+          - certificateMap
         update_verb: :POST
         update_url:
           'projects/{{project}}/targetHttpsProxies/{{name}}/setSslCertificates'
@@ -15380,6 +15382,18 @@ objects:
           resource: 'SslCertificate'
           imports: 'selfLink'
           description: 'The SSL certificates used by this TargetHttpsProxy'
+      - !ruby/object:Api::Type::String
+        name: 'certificateMap'
+        description: |
+          A reference to the CertificateMap resource uri that identifies a certificate map 
+          associated with the given target proxy. This field can only be set for global target proxies.
+          Accepted format is `//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificateMaps/{resourceName}`.
+        exactly_one_of:
+          - sslCertificates
+          - certificateMap
+        update_verb: :POST
+        update_url:
+          'projects/{{project}}/global/targetHttpsProxies/{{name}}/setCertificateMap'
       - !ruby/object:Api::Type::ResourceRef
         name: 'sslPolicy'
         resource: 'SslPolicy'

diff --git a/mmv1/third_party/terraform/tests/resource_compute_target_https_proxy_test.go.erb b/mmv1/third_party/terraform/tests/resource_compute_target_https_proxy_test.go.erb
@@ -16,6 +16,7 @@ import (
 
 const (
 	canonicalSslCertificateTemplate = "https://www.googleapis.com/compute/v1/projects/%s/global/sslCertificates/%s"
+	canonicalCertificateMapTemplate = "//certificatemanager.googleapis.com/projects/%s/locations/global/certificateMaps/%s"
 )
 
 func TestAccComputeTargetHttpsProxy_update(t *testing.T) {
@@ -53,6 +54,30 @@ func TestAccComputeTargetHttpsProxy_update(t *testing.T) {
 	})
 }
 
+func TestAccComputeTargetHttpsProxy_certificateMap(t *testing.T) {
+	t.Parallel()
+
+	var proxy compute.TargetHttpsProxy
+	resourceSuffix := randString(t, 10)
+
+    vcrTest(t, resource.TestCase{
+        PreCheck:     func() { testAccPreCheck(t) },
+        Providers:    testAccProviders,
+        CheckDestroy: testAccCheckComputeTargetHttpsProxyDestroyProducer(t),
+        Steps: []resource.TestStep{
+            {
+                Config: testAccComputeTargetHttpsProxy_certificateMap(resourceSuffix),
+                Check: resource.ComposeTestCheckFunc(
+                    testAccCheckComputeTargetHttpsProxyExists(
+                        t, "google_compute_target_https_proxy.foobar", &proxy),
+                    testAccComputeTargetHttpsProxyDescription("Resource created for Terraform acceptance testing", &proxy),
+                    testAccComputeTargetHttpsProxyHasCertificateMap(t, "certificatemap-test-"+resourceSuffix, &proxy),
+                ),
+            },
+        },
+    })
+}
+
 func testAccCheckComputeTargetHttpsProxyExists(t *testing.T, n string, proxy *compute.TargetHttpsProxy) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[n]
@@ -107,6 +132,19 @@ func testAccComputeTargetHttpsProxyHasSslCertificate(t *testing.T, cert string,
 	}
 }
 
+func testAccComputeTargetHttpsProxyHasCertificateMap(t *testing.T, certificateMap string, proxy *compute.TargetHttpsProxy) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		config := googleProviderConfig(t)
+		certificateMapUrl := fmt.Sprintf(canonicalCertificateMapTemplate, config.Project, certificateMap)
+
+		if ConvertSelfLinkToV1(proxy.CertificateMap) == certificateMapUrl {
+			return nil
+		}
+
+		return fmt.Errorf("certificate map not found: expected'%s'", certificateMapUrl)
+	}
+}
+
 func testAccComputeTargetHttpsProxy_basic1(id string) string {
 	return fmt.Sprintf(`
 resource "google_compute_target_https_proxy" "foobar" {
@@ -243,3 +281,61 @@ resource "google_compute_ssl_certificate" "foobar2" {
 }
 `, id, id, id, id, id, id, id)
 }
+
+func testAccComputeTargetHttpsProxy_certificateMap(id string) string {
+	return fmt.Sprintf(`
+resource "google_compute_target_https_proxy" "foobar" {
+  description      = "Resource created for Terraform acceptance testing"
+  name             = "httpsproxy-test-%s"
+  url_map          = google_compute_url_map.foobar.self_link
+  certificate_map = "//certificatemanager.googleapis.com/${google_certificate_manager_certificate_map.map.id}"
+}
+
+resource "google_compute_backend_service" "foobar" {
+  name          = "httpsproxy-test-backend-%s"
+  health_checks = [google_compute_http_health_check.zero.self_link]
+}
+
+resource "google_compute_http_health_check" "zero" {
+  name               = "httpsproxy-test-health-check-%s"
+  request_path       = "/"
+  check_interval_sec = 1
+  timeout_sec        = 1
+}
+
+resource "google_compute_url_map" "foobar" {
+  name            = "httpsproxy-test-url-map-%s"
+  default_service = google_compute_backend_service.foobar.self_link
+}
+
+resource "google_certificate_manager_certificate_map" "map" {
+  name = "certificatemap-test-%s"
+}
+
+resource "google_certificate_manager_certificate_map_entry" "map_entry" {
+  name         = "certificatemapentry-test-%s"
+  map          = google_certificate_manager_certificate_map.map.name
+  certificates = [google_certificate_manager_certificate.certificate.id]
+  matcher      = "PRIMARY"
+}
+
+resource "google_certificate_manager_certificate" "certificate" {
+  name        = "certificate-test-%s"
+  scope       = "DEFAULT"
+  managed {
+    domains = [
+      google_certificate_manager_dns_authorization.instance.domain,
+    ]
+    dns_authorizations = [
+      google_certificate_manager_dns_authorization.instance.id,
+    ]
+  }
+}
+
+resource "google_certificate_manager_dns_authorization" "instance" {
+  name   = "dnsauthorization-test-%s"
+  domain = "mysite.com"
+}
+
+`, id, id, id, id, id, id, id, id)
+}