Skip to content

Commit 8335d5d

Browse files
modular-magicianmodular-magician
authored
Added cipher_suite to VpnTunnel (#14248) (#10188)
[upstream:9335fd811c4c900701f70aa000d0e3b4192cee69] Signed-off-by: Modular Magician <[email protected]>
1 parent cb6b498 commit 8335d5d

File tree

5 files changed

+614
-0
lines changed

5 files changed

+614
-0
lines changed

.changelog/14248.txt

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
```release-note:enhancement
2+
compute: added `cipher_suite` block with phase1 and phase2 encryption configurations to `google_compute_vpn_tunnel` resource.
3+
```

google-beta/services/compute/resource_compute_vpn_tunnel.go

Lines changed: 346 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -180,6 +180,109 @@ except the last character, which cannot be a dash.`,
180180
gateway and the peer VPN gateway.`,
181181
Sensitive: true,
182182
},
183+
"cipher_suite": {
184+
Type: schema.TypeList,
185+
Optional: true,
186+
ForceNew: true,
187+
Description: `User specified list of ciphers to use for the phase 1 and phase 2 of the IKE protocol.`,
188+
MaxItems: 1,
189+
Elem: &schema.Resource{
190+
Schema: map[string]*schema.Schema{
191+
"phase1": {
192+
Type: schema.TypeList,
193+
Optional: true,
194+
ForceNew: true,
195+
Description: `Cipher configuration for phase 1 of the IKE protocol.`,
196+
MaxItems: 1,
197+
Elem: &schema.Resource{
198+
Schema: map[string]*schema.Schema{
199+
"dh": {
200+
Type: schema.TypeSet,
201+
Optional: true,
202+
ForceNew: true,
203+
Description: `Diffie-Hellman groups.`,
204+
Elem: &schema.Schema{
205+
Type: schema.TypeString,
206+
},
207+
Set: schema.HashString,
208+
},
209+
"encryption": {
210+
Type: schema.TypeSet,
211+
Optional: true,
212+
ForceNew: true,
213+
Description: `Encryption algorithms.`,
214+
Elem: &schema.Schema{
215+
Type: schema.TypeString,
216+
},
217+
Set: schema.HashString,
218+
},
219+
"integrity": {
220+
Type: schema.TypeSet,
221+
Optional: true,
222+
ForceNew: true,
223+
Description: `Integrity algorithms.`,
224+
Elem: &schema.Schema{
225+
Type: schema.TypeString,
226+
},
227+
Set: schema.HashString,
228+
},
229+
"prf": {
230+
Type: schema.TypeSet,
231+
Optional: true,
232+
ForceNew: true,
233+
Description: `Pseudo-random functions.`,
234+
Elem: &schema.Schema{
235+
Type: schema.TypeString,
236+
},
237+
Set: schema.HashString,
238+
},
239+
},
240+
},
241+
},
242+
"phase2": {
243+
Type: schema.TypeList,
244+
Optional: true,
245+
ForceNew: true,
246+
Description: `Cipher configuration for phase 2 of the IKE protocol.`,
247+
MaxItems: 1,
248+
Elem: &schema.Resource{
249+
Schema: map[string]*schema.Schema{
250+
"encryption": {
251+
Type: schema.TypeSet,
252+
Optional: true,
253+
ForceNew: true,
254+
Description: `Encryption algorithms.`,
255+
Elem: &schema.Schema{
256+
Type: schema.TypeString,
257+
},
258+
Set: schema.HashString,
259+
},
260+
"integrity": {
261+
Type: schema.TypeSet,
262+
Optional: true,
263+
ForceNew: true,
264+
Description: `Integrity algorithms.`,
265+
Elem: &schema.Schema{
266+
Type: schema.TypeString,
267+
},
268+
Set: schema.HashString,
269+
},
270+
"pfs": {
271+
Type: schema.TypeSet,
272+
Optional: true,
273+
ForceNew: true,
274+
Description: `Perfect forward secrecy groups.`,
275+
Elem: &schema.Schema{
276+
Type: schema.TypeString,
277+
},
278+
Set: schema.HashString,
279+
},
280+
},
281+
},
282+
},
283+
},
284+
},
285+
},
183286
"description": {
184287
Type: schema.TypeString,
185288
Optional: true,
@@ -455,6 +558,12 @@ func resourceComputeVpnTunnelCreate(d *schema.ResourceData, meta interface{}) er
455558
} else if v, ok := d.GetOkExists("label_fingerprint"); !tpgresource.IsEmptyValue(reflect.ValueOf(labelFingerprintProp)) && (ok || !reflect.DeepEqual(v, labelFingerprintProp)) {
456559
obj["labelFingerprint"] = labelFingerprintProp
457560
}
561+
cipherSuiteProp, err := expandComputeVpnTunnelCipherSuite(d.Get("cipher_suite"), d, config)
562+
if err != nil {
563+
return err
564+
} else if v, ok := d.GetOkExists("cipher_suite"); !tpgresource.IsEmptyValue(reflect.ValueOf(cipherSuiteProp)) && (ok || !reflect.DeepEqual(v, cipherSuiteProp)) {
565+
obj["cipherSuite"] = cipherSuiteProp
566+
}
458567
labelsProp, err := expandComputeVpnTunnelEffectiveLabels(d.Get("effective_labels"), d, config)
459568
if err != nil {
460569
return err
@@ -688,6 +797,9 @@ func resourceComputeVpnTunnelRead(d *schema.ResourceData, meta interface{}) erro
688797
if err := d.Set("detailed_status", flattenComputeVpnTunnelDetailedStatus(res["detailedStatus"], d, config)); err != nil {
689798
return fmt.Errorf("Error reading VpnTunnel: %s", err)
690799
}
800+
if err := d.Set("cipher_suite", flattenComputeVpnTunnelCipherSuite(res["cipherSuite"], d, config)); err != nil {
801+
return fmt.Errorf("Error reading VpnTunnel: %s", err)
802+
}
691803
if err := d.Set("terraform_labels", flattenComputeVpnTunnelTerraformLabels(res["labels"], d, config)); err != nil {
692804
return fmt.Errorf("Error reading VpnTunnel: %s", err)
693805
}
@@ -1002,6 +1114,106 @@ func flattenComputeVpnTunnelDetailedStatus(v interface{}, d *schema.ResourceData
10021114
return v
10031115
}
10041116

1117+
func flattenComputeVpnTunnelCipherSuite(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
1118+
if v == nil {
1119+
return nil
1120+
}
1121+
original := v.(map[string]interface{})
1122+
if len(original) == 0 {
1123+
return nil
1124+
}
1125+
transformed := make(map[string]interface{})
1126+
transformed["phase1"] =
1127+
flattenComputeVpnTunnelCipherSuitePhase1(original["phase1"], d, config)
1128+
transformed["phase2"] =
1129+
flattenComputeVpnTunnelCipherSuitePhase2(original["phase2"], d, config)
1130+
return []interface{}{transformed}
1131+
}
1132+
func flattenComputeVpnTunnelCipherSuitePhase1(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
1133+
if v == nil {
1134+
return nil
1135+
}
1136+
original := v.(map[string]interface{})
1137+
if len(original) == 0 {
1138+
return nil
1139+
}
1140+
transformed := make(map[string]interface{})
1141+
transformed["encryption"] =
1142+
flattenComputeVpnTunnelCipherSuitePhase1Encryption(original["encryption"], d, config)
1143+
transformed["integrity"] =
1144+
flattenComputeVpnTunnelCipherSuitePhase1Integrity(original["integrity"], d, config)
1145+
transformed["prf"] =
1146+
flattenComputeVpnTunnelCipherSuitePhase1Prf(original["prf"], d, config)
1147+
transformed["dh"] =
1148+
flattenComputeVpnTunnelCipherSuitePhase1Dh(original["dh"], d, config)
1149+
return []interface{}{transformed}
1150+
}
1151+
func flattenComputeVpnTunnelCipherSuitePhase1Encryption(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
1152+
if v == nil {
1153+
return v
1154+
}
1155+
return schema.NewSet(schema.HashString, v.([]interface{}))
1156+
}
1157+
1158+
func flattenComputeVpnTunnelCipherSuitePhase1Integrity(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
1159+
if v == nil {
1160+
return v
1161+
}
1162+
return schema.NewSet(schema.HashString, v.([]interface{}))
1163+
}
1164+
1165+
func flattenComputeVpnTunnelCipherSuitePhase1Prf(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
1166+
if v == nil {
1167+
return v
1168+
}
1169+
return schema.NewSet(schema.HashString, v.([]interface{}))
1170+
}
1171+
1172+
func flattenComputeVpnTunnelCipherSuitePhase1Dh(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
1173+
if v == nil {
1174+
return v
1175+
}
1176+
return schema.NewSet(schema.HashString, v.([]interface{}))
1177+
}
1178+
1179+
func flattenComputeVpnTunnelCipherSuitePhase2(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
1180+
if v == nil {
1181+
return nil
1182+
}
1183+
original := v.(map[string]interface{})
1184+
if len(original) == 0 {
1185+
return nil
1186+
}
1187+
transformed := make(map[string]interface{})
1188+
transformed["encryption"] =
1189+
flattenComputeVpnTunnelCipherSuitePhase2Encryption(original["encryption"], d, config)
1190+
transformed["integrity"] =
1191+
flattenComputeVpnTunnelCipherSuitePhase2Integrity(original["integrity"], d, config)
1192+
transformed["pfs"] =
1193+
flattenComputeVpnTunnelCipherSuitePhase2Pfs(original["pfs"], d, config)
1194+
return []interface{}{transformed}
1195+
}
1196+
func flattenComputeVpnTunnelCipherSuitePhase2Encryption(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
1197+
if v == nil {
1198+
return v
1199+
}
1200+
return schema.NewSet(schema.HashString, v.([]interface{}))
1201+
}
1202+
1203+
func flattenComputeVpnTunnelCipherSuitePhase2Integrity(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
1204+
if v == nil {
1205+
return v
1206+
}
1207+
return schema.NewSet(schema.HashString, v.([]interface{}))
1208+
}
1209+
1210+
func flattenComputeVpnTunnelCipherSuitePhase2Pfs(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
1211+
if v == nil {
1212+
return v
1213+
}
1214+
return schema.NewSet(schema.HashString, v.([]interface{}))
1215+
}
1216+
10051217
func flattenComputeVpnTunnelTerraformLabels(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
10061218
if v == nil {
10071219
return v
@@ -1119,6 +1331,140 @@ func expandComputeVpnTunnelLabelFingerprint(v interface{}, d tpgresource.Terrafo
11191331
return v, nil
11201332
}
11211333

1334+
func expandComputeVpnTunnelCipherSuite(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
1335+
l := v.([]interface{})
1336+
if len(l) == 0 || l[0] == nil {
1337+
return nil, nil
1338+
}
1339+
raw := l[0]
1340+
original := raw.(map[string]interface{})
1341+
transformed := make(map[string]interface{})
1342+
1343+
transformedPhase1, err := expandComputeVpnTunnelCipherSuitePhase1(original["phase1"], d, config)
1344+
if err != nil {
1345+
return nil, err
1346+
} else if val := reflect.ValueOf(transformedPhase1); val.IsValid() && !tpgresource.IsEmptyValue(val) {
1347+
transformed["phase1"] = transformedPhase1
1348+
}
1349+
1350+
transformedPhase2, err := expandComputeVpnTunnelCipherSuitePhase2(original["phase2"], d, config)
1351+
if err != nil {
1352+
return nil, err
1353+
} else if val := reflect.ValueOf(transformedPhase2); val.IsValid() && !tpgresource.IsEmptyValue(val) {
1354+
transformed["phase2"] = transformedPhase2
1355+
}
1356+
1357+
return transformed, nil
1358+
}
1359+
1360+
func expandComputeVpnTunnelCipherSuitePhase1(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
1361+
l := v.([]interface{})
1362+
if len(l) == 0 || l[0] == nil {
1363+
return nil, nil
1364+
}
1365+
raw := l[0]
1366+
original := raw.(map[string]interface{})
1367+
transformed := make(map[string]interface{})
1368+
1369+
transformedEncryption, err := expandComputeVpnTunnelCipherSuitePhase1Encryption(original["encryption"], d, config)
1370+
if err != nil {
1371+
return nil, err
1372+
} else if val := reflect.ValueOf(transformedEncryption); val.IsValid() && !tpgresource.IsEmptyValue(val) {
1373+
transformed["encryption"] = transformedEncryption
1374+
}
1375+
1376+
transformedIntegrity, err := expandComputeVpnTunnelCipherSuitePhase1Integrity(original["integrity"], d, config)
1377+
if err != nil {
1378+
return nil, err
1379+
} else if val := reflect.ValueOf(transformedIntegrity); val.IsValid() && !tpgresource.IsEmptyValue(val) {
1380+
transformed["integrity"] = transformedIntegrity
1381+
}
1382+
1383+
transformedPrf, err := expandComputeVpnTunnelCipherSuitePhase1Prf(original["prf"], d, config)
1384+
if err != nil {
1385+
return nil, err
1386+
} else if val := reflect.ValueOf(transformedPrf); val.IsValid() && !tpgresource.IsEmptyValue(val) {
1387+
transformed["prf"] = transformedPrf
1388+
}
1389+
1390+
transformedDh, err := expandComputeVpnTunnelCipherSuitePhase1Dh(original["dh"], d, config)
1391+
if err != nil {
1392+
return nil, err
1393+
} else if val := reflect.ValueOf(transformedDh); val.IsValid() && !tpgresource.IsEmptyValue(val) {
1394+
transformed["dh"] = transformedDh
1395+
}
1396+
1397+
return transformed, nil
1398+
}
1399+
1400+
func expandComputeVpnTunnelCipherSuitePhase1Encryption(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
1401+
v = v.(*schema.Set).List()
1402+
return v, nil
1403+
}
1404+
1405+
func expandComputeVpnTunnelCipherSuitePhase1Integrity(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
1406+
v = v.(*schema.Set).List()
1407+
return v, nil
1408+
}
1409+
1410+
func expandComputeVpnTunnelCipherSuitePhase1Prf(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
1411+
v = v.(*schema.Set).List()
1412+
return v, nil
1413+
}
1414+
1415+
func expandComputeVpnTunnelCipherSuitePhase1Dh(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
1416+
v = v.(*schema.Set).List()
1417+
return v, nil
1418+
}
1419+
1420+
func expandComputeVpnTunnelCipherSuitePhase2(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
1421+
l := v.([]interface{})
1422+
if len(l) == 0 || l[0] == nil {
1423+
return nil, nil
1424+
}
1425+
raw := l[0]
1426+
original := raw.(map[string]interface{})
1427+
transformed := make(map[string]interface{})
1428+
1429+
transformedEncryption, err := expandComputeVpnTunnelCipherSuitePhase2Encryption(original["encryption"], d, config)
1430+
if err != nil {
1431+
return nil, err
1432+
} else if val := reflect.ValueOf(transformedEncryption); val.IsValid() && !tpgresource.IsEmptyValue(val) {
1433+
transformed["encryption"] = transformedEncryption
1434+
}
1435+
1436+
transformedIntegrity, err := expandComputeVpnTunnelCipherSuitePhase2Integrity(original["integrity"], d, config)
1437+
if err != nil {
1438+
return nil, err
1439+
} else if val := reflect.ValueOf(transformedIntegrity); val.IsValid() && !tpgresource.IsEmptyValue(val) {
1440+
transformed["integrity"] = transformedIntegrity
1441+
}
1442+
1443+
transformedPfs, err := expandComputeVpnTunnelCipherSuitePhase2Pfs(original["pfs"], d, config)
1444+
if err != nil {
1445+
return nil, err
1446+
} else if val := reflect.ValueOf(transformedPfs); val.IsValid() && !tpgresource.IsEmptyValue(val) {
1447+
transformed["pfs"] = transformedPfs
1448+
}
1449+
1450+
return transformed, nil
1451+
}
1452+
1453+
func expandComputeVpnTunnelCipherSuitePhase2Encryption(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
1454+
v = v.(*schema.Set).List()
1455+
return v, nil
1456+
}
1457+
1458+
func expandComputeVpnTunnelCipherSuitePhase2Integrity(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
1459+
v = v.(*schema.Set).List()
1460+
return v, nil
1461+
}
1462+
1463+
func expandComputeVpnTunnelCipherSuitePhase2Pfs(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
1464+
v = v.(*schema.Set).List()
1465+
return v, nil
1466+
}
1467+
11221468
func expandComputeVpnTunnelEffectiveLabels(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (map[string]string, error) {
11231469
if v == nil {
11241470
return map[string]string{}, nil

google-beta/services/compute/resource_compute_vpn_tunnel_generated_meta.yaml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,13 @@ api_service_name: 'compute.googleapis.com'
55
api_version: 'beta'
66
api_resource_type_kind: 'VpnTunnel'
77
fields:
8+
- field: 'cipher_suite.phase1.dh'
9+
- field: 'cipher_suite.phase1.encryption'
10+
- field: 'cipher_suite.phase1.integrity'
11+
- field: 'cipher_suite.phase1.prf'
12+
- field: 'cipher_suite.phase2.encryption'
13+
- field: 'cipher_suite.phase2.integrity'
14+
- field: 'cipher_suite.phase2.pfs'
815
- field: 'creation_timestamp'
916
- field: 'description'
1017
- field: 'detailed_status'

0 commit comments

Comments
 (0)