hashicorp · modular-magician · Jun 12, 2024 · Jun 12, 2024
@@ -0,0 +1,6 @@
+```release-note:enhancement
+compute: added 'action_token_site_keys' and 'session_token_site_keys' fields to 'google_compute_security_policy' resource;
+```
+```release-note:enhancement
+compute: added 'action_token_site_keys' and 'session_token_site_keys' fields to 'google_compute_security_policy_rule' resource;
+```
@@ -152,6 +152,45 @@ func ResourceComputeSecurityPolicy() *schema.Resource {
 										},
 										Description: `User defined CEVAL expression. A CEVAL expression is used to specify match criteria such as origin.ip, source.region_code and contents in the request header.`,
 									},
+
+									"expr_options": {
+										Type:        schema.TypeList,
+										Optional:    true,
+										MaxItems:    1,
+										Description: `The configuration options available when specifying a user defined CEVAL expression (i.e., 'expr').`,
+										Elem: &schema.Resource{
+											Schema: map[string]*schema.Schema{
+												"recaptcha_options": {
+													Type:        schema.TypeList,
+													Required:    true,
+													MaxItems:    1,
+													Description: `reCAPTCHA configuration options to be applied for the rule. If the rule does not evaluate reCAPTCHA tokens, this field has no effect.`,
+													Elem: &schema.Resource{
+														Schema: map[string]*schema.Schema{
+															"action_token_site_keys": {
+																Type:        schema.TypeList,
+																Optional:    true,
+																Description: `A list of site keys to be used during the validation of reCAPTCHA action-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created`,
+																MinItems:    1,
+																Elem: &schema.Schema{
+																	Type: schema.TypeString,
+																},
+															},
+															"session_token_site_keys": {
+																Type:        schema.TypeList,
+																Optional:    true,
+																Description: `A list of site keys to be used during the validation of reCAPTCHA session-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created.`,
+																MinItems:    1,
+																Elem: &schema.Schema{
+																	Type: schema.TypeString,
+																},
+															},
+														},
+													},
+												},
+											},
+										},
+									},
 								},
 							},
 							Description: `A match condition that incoming traffic is evaluated against. If it evaluates to true, the corresponding action is enforced.`,
@@ -780,6 +819,7 @@ func expandSecurityPolicyMatch(configured []interface{}) *compute.SecurityPolicy
 		VersionedExpr: data["versioned_expr"].(string),
 		Config:        expandSecurityPolicyMatchConfig(data["config"].([]interface{})),
 		Expr:          expandSecurityPolicyMatchExpr(data["expr"].([]interface{})),
+		ExprOptions:   expandSecurityPolicyMatchExprOptions(data["expr_options"].([]interface{})),
 	}
 }
 
@@ -809,6 +849,42 @@ func expandSecurityPolicyMatchExpr(expr []interface{}) *compute.Expr {
 	}
 }
 
+func expandSecurityPolicyMatchExprOptions(exprOptions []interface{}) *compute.SecurityPolicyRuleMatcherExprOptions {
+	if len(exprOptions) == 0 || exprOptions[0] == nil {
+		return nil
+	}
+
+	data := exprOptions[0].(map[string]interface{})
+	return &compute.SecurityPolicyRuleMatcherExprOptions{
+		RecaptchaOptions: expandSecurityPolicyMatchExprOptionsRecaptchaOptions(data["recaptcha_options"].([]interface{})),
+	}
+}
+
+func expandSecurityPolicyMatchExprOptionsRecaptchaOptions(recaptchaOptions []interface{}) *compute.SecurityPolicyRuleMatcherExprOptionsRecaptchaOptions {
+	if len(recaptchaOptions) == 0 || recaptchaOptions[0] == nil {
+		return nil
+	}
+
+	data := recaptchaOptions[0].(map[string]interface{})
+
+	actionTokenKeysInterface := data["action_token_site_keys"].([]interface{})
+	actionTokenKeys := make([]string, len(actionTokenKeysInterface))
+	for i, v := range actionTokenKeysInterface {
+		actionTokenKeys[i] = v.(string)
+	}
+
+	sessionTokenKeysInterface := data["session_token_site_keys"].([]interface{})
+	sessionTokenKeys := make([]string, len(sessionTokenKeysInterface))
+	for i, v := range sessionTokenKeysInterface {
+		sessionTokenKeys[i] = v.(string)
+	}
+
+	return &compute.SecurityPolicyRuleMatcherExprOptionsRecaptchaOptions{
+		ActionTokenSiteKeys:  actionTokenKeys,
+		SessionTokenSiteKeys: sessionTokenKeys,
+	}
+}
+
 func flattenSecurityPolicyRules(rules []*compute.SecurityPolicyRule) []map[string]interface{} {
 	rulesSchema := make([]map[string]interface{}, 0, len(rules))
 	for _, rule := range rules {
@@ -836,6 +912,7 @@ func flattenMatch(match *compute.SecurityPolicyRuleMatcher) []map[string]interfa
 		"versioned_expr": match.VersionedExpr,
 		"config":         flattenMatchConfig(match.Config),
 		"expr":           flattenMatchExpr(match),
+		"expr_options":   flattenMatchExprOptions(match.ExprOptions),
 	}
 
 	return []map[string]interface{}{data}
@@ -853,6 +930,31 @@ func flattenMatchConfig(conf *compute.SecurityPolicyRuleMatcherConfig) []map[str
 	return []map[string]interface{}{data}
 }
 
+func flattenMatchExprOptions(exprOptions *compute.SecurityPolicyRuleMatcherExprOptions) []map[string]interface{} {
+	if exprOptions == nil {
+		return nil
+	}
+
+	data := map[string]interface{}{
+		"recaptcha_options": flattenMatchExprOptionsRecaptchaOptions(exprOptions.RecaptchaOptions),
+	}
+
+	return []map[string]interface{}{data}
+}
+
+func flattenMatchExprOptionsRecaptchaOptions(recaptchaOptions *compute.SecurityPolicyRuleMatcherExprOptionsRecaptchaOptions) []map[string]interface{} {
+	if recaptchaOptions == nil {
+		return nil
+	}
+
+	data := map[string]interface{}{
+		"action_token_site_keys":  recaptchaOptions.ActionTokenSiteKeys,
+		"session_token_site_keys": recaptchaOptions.SessionTokenSiteKeys,
+	}
+
+	return []map[string]interface{}{data}
+}
+
 func flattenMatchExpr(match *compute.SecurityPolicyRuleMatcher) []map[string]interface{} {
 	if match.Expr == nil {
 		return nil

@@ -132,6 +132,42 @@ This field must be specified if versionedExpr is specified and cannot be specifi
 								},
 							},
 						},
+						"expr_options": {
+							Type:        schema.TypeList,
+							Optional:    true,
+							Description: `The configuration options available when specifying a user defined CEVAL expression (i.e., 'expr').`,
+							MaxItems:    1,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"recaptcha_options": {
+										Type:        schema.TypeList,
+										Required:    true,
+										Description: `reCAPTCHA configuration options to be applied for the rule. If the rule does not evaluate reCAPTCHA tokens, this field has no effect.`,
+										MaxItems:    1,
+										Elem: &schema.Resource{
+											Schema: map[string]*schema.Schema{
+												"action_token_site_keys": {
+													Type:        schema.TypeList,
+													Optional:    true,
+													Description: `A list of site keys to be used during the validation of reCAPTCHA action-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created.`,
+													Elem: &schema.Schema{
+														Type: schema.TypeString,
+													},
+												},
+												"session_token_site_keys": {
+													Type:        schema.TypeList,
+													Optional:    true,
+													Description: `A list of site keys to be used during the validation of reCAPTCHA session-tokens. The provided site keys need to be created from reCAPTCHA API under the same project where the security policy is created.`,
+													Elem: &schema.Schema{
+														Type: schema.TypeString,
+													},
+												},
+											},
+										},
+									},
+								},
+							},
+						},
 						"versioned_expr": {
 							Type:         schema.TypeString,
 							Optional:     true,
@@ -878,6 +914,8 @@ func flattenComputeSecurityPolicyRuleMatch(v interface{}, d *schema.ResourceData
 		flattenComputeSecurityPolicyRuleMatchVersionedExpr(original["versionedExpr"], d, config)
 	transformed["expr"] =
 		flattenComputeSecurityPolicyRuleMatchExpr(original["expr"], d, config)
+	transformed["expr_options"] =
+		flattenComputeSecurityPolicyRuleMatchExprOptions(original["exprOptions"], d, config)
 	transformed["config"] =
 		flattenComputeSecurityPolicyRuleMatchConfig(original["config"], d, config)
 	return []interface{}{transformed}
@@ -903,6 +941,42 @@ func flattenComputeSecurityPolicyRuleMatchExprExpression(v interface{}, d *schem
 	return v
 }
 
+func flattenComputeSecurityPolicyRuleMatchExprOptions(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	if v == nil {
+		return nil
+	}
+	original := v.(map[string]interface{})
+	if len(original) == 0 {
+		return nil
+	}
+	transformed := make(map[string]interface{})
+	transformed["recaptcha_options"] =
+		flattenComputeSecurityPolicyRuleMatchExprOptionsRecaptchaOptions(original["recaptchaOptions"], d, config)
+	return []interface{}{transformed}
+}
+func flattenComputeSecurityPolicyRuleMatchExprOptionsRecaptchaOptions(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	if v == nil {
+		return nil
+	}
+	original := v.(map[string]interface{})
+	if len(original) == 0 {
+		return nil
+	}
+	transformed := make(map[string]interface{})
+	transformed["action_token_site_keys"] =
+		flattenComputeSecurityPolicyRuleMatchExprOptionsRecaptchaOptionsActionTokenSiteKeys(original["actionTokenSiteKeys"], d, config)
+	transformed["session_token_site_keys"] =
+		flattenComputeSecurityPolicyRuleMatchExprOptionsRecaptchaOptionsSessionTokenSiteKeys(original["sessionTokenSiteKeys"], d, config)
+	return []interface{}{transformed}
+}
+func flattenComputeSecurityPolicyRuleMatchExprOptionsRecaptchaOptionsActionTokenSiteKeys(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
+func flattenComputeSecurityPolicyRuleMatchExprOptionsRecaptchaOptionsSessionTokenSiteKeys(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
 func flattenComputeSecurityPolicyRuleMatchConfig(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
 	if v == nil {
 		return nil
@@ -1321,6 +1395,13 @@ func expandComputeSecurityPolicyRuleMatch(v interface{}, d tpgresource.Terraform
 		transformed["expr"] = transformedExpr
 	}
 
+	transformedExprOptions, err := expandComputeSecurityPolicyRuleMatchExprOptions(original["expr_options"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedExprOptions); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["exprOptions"] = transformedExprOptions
+	}
+
 	transformedConfig, err := expandComputeSecurityPolicyRuleMatchConfig(original["config"], d, config)
 	if err != nil {
 		return nil, err
@@ -1358,6 +1439,59 @@ func expandComputeSecurityPolicyRuleMatchExprExpression(v interface{}, d tpgreso
 	return v, nil
 }
 
+func expandComputeSecurityPolicyRuleMatchExprOptions(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	l := v.([]interface{})
+	if len(l) == 0 || l[0] == nil {
+		return nil, nil
+	}
+	raw := l[0]
+	original := raw.(map[string]interface{})
+	transformed := make(map[string]interface{})
+
+	transformedRecaptchaOptions, err := expandComputeSecurityPolicyRuleMatchExprOptionsRecaptchaOptions(original["recaptcha_options"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedRecaptchaOptions); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["recaptchaOptions"] = transformedRecaptchaOptions
+	}
+
+	return transformed, nil
+}
+
+func expandComputeSecurityPolicyRuleMatchExprOptionsRecaptchaOptions(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	l := v.([]interface{})
+	if len(l) == 0 || l[0] == nil {
+		return nil, nil
+	}
+	raw := l[0]
+	original := raw.(map[string]interface{})
+	transformed := make(map[string]interface{})
+
+	transformedActionTokenSiteKeys, err := expandComputeSecurityPolicyRuleMatchExprOptionsRecaptchaOptionsActionTokenSiteKeys(original["action_token_site_keys"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedActionTokenSiteKeys); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["actionTokenSiteKeys"] = transformedActionTokenSiteKeys
+	}
+
+	transformedSessionTokenSiteKeys, err := expandComputeSecurityPolicyRuleMatchExprOptionsRecaptchaOptionsSessionTokenSiteKeys(original["session_token_site_keys"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedSessionTokenSiteKeys); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["sessionTokenSiteKeys"] = transformedSessionTokenSiteKeys
+	}
+
+	return transformed, nil
+}
+
+func expandComputeSecurityPolicyRuleMatchExprOptionsRecaptchaOptionsActionTokenSiteKeys(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
+func expandComputeSecurityPolicyRuleMatchExprOptionsRecaptchaOptionsSessionTokenSiteKeys(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandComputeSecurityPolicyRuleMatchConfig(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	l := v.([]interface{})
 	if len(l) == 0 || l[0] == nil {