ADD: add ssl policy support in google app engine application (#15445)

Author: victorsantos-cit

mmv1/third_party/terraform/services/appengine/resource_app_engine_application.go

@@ -68,6 +68,17 @@ func ResourceAppEngineApplication() *schema.Resource {
 				Computed:    true,
 				Description: `The serving status of the app.`,
 			},
+			"ssl_policy": {
+				Type:     schema.TypeString,
+				Optional: true,
+				ValidateFunc: validation.StringInSlice([]string{
+					"SSL_POLICY_UNSPECIFIED",
+					"DEFAULT",
+					"MODERN",
+				}, false),
+				Computed:    true,
+				Description: `The SSL policy that will be applied to the application. If set to Modern it will restrict traffic with TLS \u003c 1.2 and allow only Modern Ciphers suite`,
+			},
 			"database_type": {
 				Type:     schema.TypeString,
 				Optional: true,
@@ -280,6 +291,9 @@ func resourceAppEngineApplicationRead(d *schema.ResourceData, meta interface{})
 	if err := d.Set("serving_status", app.ServingStatus); err != nil {
 		return fmt.Errorf("Error setting serving_status: %s", err)
 	}
+	if err := d.Set("ssl_policy", app.SslPolicy); err != nil {
+		return fmt.Errorf("Error setting ssl_policy: %s", err)
+	}
 	if err := d.Set("gcr_domain", app.GcrDomain); err != nil {
 		return fmt.Errorf("Error setting gcr_domain: %s", err)
 	}
@@ -364,6 +378,7 @@ func expandAppEngineApplication(d *schema.ResourceData, project string) (*appeng
 		GcrDomain:     d.Get("gcr_domain").(string),
 		DatabaseType:  d.Get("database_type").(string),
 		ServingStatus: d.Get("serving_status").(string),
+		SslPolicy:     d.Get("ssl_policy").(string),
 	}
 	featureSettings, err := expandAppEngineApplicationFeatureSettings(d)
 	if err != nil {

mmv1/third_party/terraform/services/appengine/resource_app_engine_application_meta.yaml.tmpl

@@ -25,6 +25,7 @@ fields:
   - api_field: 'name'
   - field: 'project'
   - api_field: 'servingStatus'
+  - api_field: 'ssl_policy'
   - field: 'url_dispatch_rule.domain'
   - field: 'url_dispatch_rule.path'
   - field: 'url_dispatch_rule.service'

mmv1/third_party/terraform/services/appengine/resource_app_engine_application_test.go

@@ -71,12 +71,39 @@ func TestAccAppEngineApplication_withIAP(t *testing.T) {
 	})
 }
 
+func TestAccAppEngineApplication_withSSLPolicy(t *testing.T) {
+	t.Parallel()
+
+	org := envvar.GetTestOrgFromEnv(t)
+	pid := fmt.Sprintf("tf-test-%d", acctest.RandInt(t))
+	billingAccount := envvar.GetTestBillingAccountFromEnv(t)
+
+	acctest.VcrTest(t, resource.TestCase{
+		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
+		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAppEngineApplication_withSSLPolicy(pid, org, billingAccount),
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr("google_app_engine_application.acceptance", "ssl_policy", "MODERN"),
+					resource.TestCheckResourceAttr("google_app_engine_application.acceptance", "location_id", "us-central"),
+				),
+			},
+			{
+				ResourceName:      "google_app_engine_application.acceptance",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
 func testAccAppEngineApplication_withIAP(pid, org, billingAccount string) string {
 	return fmt.Sprintf(`
 resource "google_project" "acceptance" {
-  project_id = "%s"
-  name       = "%s"
-  org_id     = "%s"
+  project_id      = "%s"
+  name            = "%s"
+  org_id          = "%s"
   billing_account = "%s"
   deletion_policy = "DELETE"
 }
@@ -99,9 +126,9 @@ resource "google_app_engine_application" "acceptance" {
 func testAccAppEngineApplication_basic(pid, org, billingAccount string) string {
 	return fmt.Sprintf(`
 resource "google_project" "acceptance" {
-  project_id = "%s"
-  name       = "%s"
-  org_id     = "%s"
+  project_id      = "%s"
+  name            = "%s"
+  org_id          = "%s"
   billing_account = "%s"
   deletion_policy = "DELETE"
 }
@@ -119,9 +146,9 @@ resource "google_app_engine_application" "acceptance" {
 func testAccAppEngineApplication_update(pid, org, billingAccount string) string {
 	return fmt.Sprintf(`
 resource "google_project" "acceptance" {
-  project_id = "%s"
-  name       = "%s"
-  org_id     = "%s"
+  project_id      = "%s"
+  name            = "%s"
+  org_id          = "%s"
   billing_account = "%s"
   deletion_policy = "DELETE"
 }
@@ -135,3 +162,21 @@ resource "google_app_engine_application" "acceptance" {
 }
 `, pid, pid, org, billingAccount)
 }
+
+func testAccAppEngineApplication_withSSLPolicy(pid, org, billingAccount string) string {
+	return fmt.Sprintf(`
+resource "google_project" "acceptance" {
+  project_id      = "%s"
+  name            = "%s"
+  org_id          = "%s"
+  billing_account = "%s"
+  deletion_policy = "DELETE"
+}
+
+resource "google_app_engine_application" "acceptance" {
+  project     = google_project.acceptance.project_id
+  location_id = "us-central"
+  ssl_policy  = "MODERN"
+}
+`, pid, pid, org, billingAccount)
+}

mmv1/third_party/terraform/website/docs/r/app_engine_application.html.markdown

@@ -53,6 +53,8 @@ The following arguments are supported:
 
 * `serving_status` - (Optional) The serving status of the app.
 
+* `ssl_policy` - (Optional) A list of the SSL policy that will be applied. Each block has a `SSL_POLICY_UNSPECIFIED`, `DEFAULT`, and `MODERN` field.
+
 * `feature_settings` - (Optional) A block of optional settings to configure specific App Engine features:
 
   * `split_health_checks` - (Required) Set to false to use the legacy health check instead of the readiness
@@ -120,4 +122,4 @@ When using the [`terraform import` command](https://developer.hashicorp.com/terr
 
 ```
 $ terraform import google_app_engine_application.default {{project-id}}
-```
+```