Update EdgeCacheOrigin resources to reflect current API (#5776) (#4122)

modular-magician · web-flow · commit 9d055ef18f0b · 2022-03-15T11:13:05.000-05:00
Signed-off-by: Modular Magician &lt;magic-modules@google.com&gt;
diff --git a/.changelog/5776.txt b/.changelog/5776.txt
@@ -0,0 +1,6 @@
+```release-note:enhancement
+networkservices: updated EdgeCacheOrigin to retry_conditions to include `FORBIDDEN`
+```
+```release-note:enhancement
+networkservices: updated EdgeCacheOrigin resource to read and write the `timeout` property, including a new `read_timeout` field.
+```
diff --git a/google-beta/resource_network_services_edge_cache_origin.go b/google-beta/resource_network_services_edge_cache_origin.go
@@ -56,9 +56,9 @@ and all following characters must be a dash, underscore, letter or digit.`,
 				Required: true,
 				Description: `A fully qualified domain name (FQDN) or IP address reachable over the public Internet, or the address of a Google Cloud Storage bucket.
 
-This address will be used as the origin for cache requests - e.g. FQDN: media-backend.example.com IPv4:35.218.1.1 IPv6:[2607:f8b0:4012:809::200e] Cloud Storage: gs://bucketname
+This address will be used as the origin for cache requests - e.g. FQDN: media-backend.example.com, IPv4: 35.218.1.1, IPv6: 2607:f8b0:4012:809::200e, Cloud Storage: gs://bucketname
 
-When providing an FQDN (hostname), it must be publicly resolvable (e.g. via Google public DNS) and IP addresses must be publicly routable.
+When providing an FQDN (hostname), it must be publicly resolvable (e.g. via Google public DNS) and IP addresses must be publicly routable.  It must not contain a protocol (e.g., https://) and it must not contain any slashes.
 If a Cloud Storage bucket is provided, it must be in the canonical "gs://bucketname" format. Other forms, such as "storage.googleapis.com", will be rejected.`,
 			},
 			"description": {
@@ -94,8 +94,8 @@ retryConditions and failoverOrigin to control its own cache fill failures.
 The total number of allowed attempts to cache fill across this and failover origins is limited to four.
 The total time allowed for cache fill attempts across this and failover origins can be controlled with maxAttemptsTimeout.
 
-The last valid response from an origin will be returned to the client.
-If no origin returns a valid response, an HTTP 503 will be returned to the client.
+The last valid, non-retried response from all origins will be returned to the client.
+If no origin returns a valid response, an HTTP 502 will be returned to the client.
 
 Defaults to 1. Must be a value greater than 0 and less than 4.`,
 			},
@@ -135,10 +135,11 @@ Valid values are:
 - HTTP_5XX: Retry if the origin responds with any 5xx response code, or if the origin does not respond at all, example: disconnects, reset, read timeout, connection failure, and refused streams.
 - GATEWAY_ERROR: Similar to 5xx, but only applies to response codes 502, 503 or 504.
 - RETRIABLE_4XX: Retry for retriable 4xx response codes, which include HTTP 409 (Conflict) and HTTP 429 (Too Many Requests)
-- NOT_FOUND: Retry if the origin returns a HTTP 404 (Not Found). This can be useful when generating video content, and the segment is not available yet. Possible values: ["CONNECT_FAILURE", "HTTP_5XX", "GATEWAY_ERROR", "RETRIABLE_4XX", "NOT_FOUND"]`,
+- NOT_FOUND: Retry if the origin returns a HTTP 404 (Not Found). This can be useful when generating video content, and the segment is not available yet.
+- FORBIDDEN: Retry if the origin returns a HTTP 403 (Forbidden). Possible values: ["CONNECT_FAILURE", "HTTP_5XX", "GATEWAY_ERROR", "RETRIABLE_4XX", "NOT_FOUND", "FORBIDDEN"]`,
 				Elem: &schema.Schema{
 					Type:         schema.TypeString,
-					ValidateFunc: validateEnum([]string{"CONNECT_FAILURE", "HTTP_5XX", "GATEWAY_ERROR", "RETRIABLE_4XX", "NOT_FOUND"}),
+					ValidateFunc: validateEnum([]string{"CONNECT_FAILURE", "HTTP_5XX", "GATEWAY_ERROR", "RETRIABLE_4XX", "NOT_FOUND", "FORBIDDEN"}),
 				},
 			},
 			"timeout": {
@@ -151,26 +152,48 @@ Valid values are:
 						"connect_timeout": {
 							Type:     schema.TypeString,
 							Optional: true,
-							Description: `The maximum duration to wait for the origin connection to be established, including DNS lookup, TLS handshake and TCP/QUIC connection establishment.
+							Description: `The maximum duration to wait for a single origin connection to be established, including DNS lookup, TLS handshake and TCP/QUIC connection establishment.
 
-Defaults to 5 seconds. The timeout must be a value between 1s and 15s.`,
-							AtLeastOneOf: []string{"timeout.0.connect_timeout", "timeout.0.max_attempts_timeout", "timeout.0.response_timeout"},
+Defaults to 5 seconds. The timeout must be a value between 1s and 15s.
+
+The connectTimeout capped by the deadline set by the request's maxAttemptsTimeout.  The last connection attempt may have a smaller connectTimeout in order to adhere to the overall maxAttemptsTimeout.`,
+							AtLeastOneOf: []string{"timeout.0.connect_timeout", "timeout.0.max_attempts_timeout", "timeout.0.response_timeout", "timeout.0.read_timeout"},
 						},
 						"max_attempts_timeout": {
 							Type:     schema.TypeString,
 							Optional: true,
-							Description: `The maximum time across all connection attempts to the origin, including failover origins, before returning an error to the client. A HTTP 503 will be returned if the timeout is reached before a response is returned.
+							Description: `The maximum time across all connection attempts to the origin, including failover origins, before returning an error to the client. A HTTP 504 will be returned if the timeout is reached before a response is returned.
+
+Defaults to 15 seconds. The timeout must be a value between 1s and 30s.
+
+If a failoverOrigin is specified, the maxAttemptsTimeout of the first configured origin sets the deadline for all connection attempts across all failoverOrigins.`,
+							AtLeastOneOf: []string{"timeout.0.connect_timeout", "timeout.0.max_attempts_timeout", "timeout.0.response_timeout", "timeout.0.read_timeout"},
+						},
+						"read_timeout": {
+							Type:     schema.TypeString,
+							Optional: true,
+							Description: `The maximum duration to wait between reads of a single HTTP connection/stream.
+
+Defaults to 15 seconds.  The timeout must be a value between 1s and 30s.
+
+The readTimeout is capped by the responseTimeout.  All reads of the HTTP connection/stream must be completed by the deadline set by the responseTimeout.
 
-Defaults to 5 seconds. The timeout must be a value between 1s and 15s.`,
-							AtLeastOneOf: []string{"timeout.0.connect_timeout", "timeout.0.max_attempts_timeout", "timeout.0.response_timeout"},
+If the response headers have already been written to the connection, the response will be truncated and logged.`,
+							AtLeastOneOf: []string{"timeout.0.connect_timeout", "timeout.0.max_attempts_timeout", "timeout.0.response_timeout", "timeout.0.read_timeout"},
 						},
 						"response_timeout": {
 							Type:     schema.TypeString,
 							Optional: true,
-							Description: `The maximum duration to wait for data to arrive when reading from the HTTP connection/stream.
+							Description: `The maximum duration to wait for the last byte of a response to arrive when reading from the HTTP connection/stream.
 
-Defaults to 5 seconds. The timeout must be a value between 1s and 30s.`,
-							AtLeastOneOf: []string{"timeout.0.connect_timeout", "timeout.0.max_attempts_timeout", "timeout.0.response_timeout"},
+Defaults to 30 seconds. The timeout must be a value between 1s and 120s.
+
+The responseTimeout starts after the connection has been established.
+
+This also applies to HTTP Chunked Transfer Encoding responses, and/or when an open-ended Range request is made to the origin. Origins that take longer to write additional bytes to the response than the configured responseTimeout will result in an error being returned to the client.
+
+If the response headers have already been written to the connection, the response will be truncated and logged.`,
+							AtLeastOneOf: []string{"timeout.0.connect_timeout", "timeout.0.max_attempts_timeout", "timeout.0.response_timeout", "timeout.0.read_timeout"},
 						},
 					},
 				},
@@ -353,6 +376,9 @@ func resourceNetworkServicesEdgeCacheOriginRead(d *schema.ResourceData, meta int
 	if err := d.Set("retry_conditions", flattenNetworkServicesEdgeCacheOriginRetryConditions(res["retryConditions"], d, config)); err != nil {
 		return fmt.Errorf("Error reading EdgeCacheOrigin: %s", err)
 	}
+	if err := d.Set("timeout", flattenNetworkServicesEdgeCacheOriginTimeout(res["timeout"], d, config)); err != nil {
+		return fmt.Errorf("Error reading EdgeCacheOrigin: %s", err)
+	}
 
 	return nil
 }
@@ -625,6 +651,30 @@ func flattenNetworkServicesEdgeCacheOriginRetryConditions(v interface{}, d *sche
 	return v
 }
 
+func flattenNetworkServicesEdgeCacheOriginTimeout(v interface{}, d *schema.ResourceData, config *Config) interface{} {
+	out := make(map[string]string)
+
+	if v == nil {
+		return nil
+	}
+
+	in := v.(map[string]interface{})
+	if e, ok := in["connectTimeout"]; ok {
+		out["connect_timeout"] = e.(string)
+	}
+	if e, ok := in["maxAttemptsTimeout"]; ok {
+		out["max_attempts_timeout"] = e.(string)
+	}
+	if e, ok := in["responseTimeout"]; ok {
+		out["response_timeout"] = e.(string)
+	}
+	if e, ok := in["readTimeout"]; ok {
+		out["read_timeout"] = e.(string)
+	}
+
+	return []interface{}{out}
+}
+
 func expandNetworkServicesEdgeCacheOriginDescription(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
 	return v, nil
 }
@@ -694,6 +744,13 @@ func expandNetworkServicesEdgeCacheOriginTimeout(v interface{}, d TerraformResou
 		transformed["responseTimeout"] = transformedResponseTimeout
 	}
 
+	transformedReadTimeout, err := expandNetworkServicesEdgeCacheOriginTimeoutReadTimeout(original["read_timeout"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedReadTimeout); val.IsValid() && !isEmptyValue(val) {
+		transformed["readTimeout"] = transformedReadTimeout
+	}
+
 	return transformed, nil
 }
 
@@ -708,3 +765,7 @@ func expandNetworkServicesEdgeCacheOriginTimeoutMaxAttemptsTimeout(v interface{}
 func expandNetworkServicesEdgeCacheOriginTimeoutResponseTimeout(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
 	return v, nil
 }
+
+func expandNetworkServicesEdgeCacheOriginTimeoutReadTimeout(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
+	return v, nil
+}
diff --git a/google-beta/resource_network_services_edge_cache_origin_generated_test.go b/google-beta/resource_network_services_edge_cache_origin_generated_test.go
@@ -42,7 +42,7 @@ func TestAccNetworkServicesEdgeCacheOrigin_networkServicesEdgeCacheOriginBasicEx
 				ResourceName:            "google_network_services_edge_cache_origin.default",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"timeout", "name", "timeout"},
+				ImportStateVerifyIgnore: []string{"name", "timeout"},
 			},
 		},
 	})
@@ -77,7 +77,7 @@ func TestAccNetworkServicesEdgeCacheOrigin_networkServicesEdgeCacheOriginAdvance
 				ResourceName:            "google_network_services_edge_cache_origin.default",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"timeout", "name", "timeout"},
+				ImportStateVerifyIgnore: []string{"name", "timeout"},
 			},
 		},
 	})
@@ -97,12 +97,14 @@ resource "google_network_services_edge_cache_origin" "fallback" {
   retry_conditions = [
     "CONNECT_FAILURE",
     "NOT_FOUND",
-    "HTTP_5XX"
+    "HTTP_5XX",
+    "FORBIDDEN",
   ]
   timeout {
     connect_timeout = "10s"
-    max_attempts_timeout = "10s"
-    response_timeout = "10s"
+    max_attempts_timeout = "20s"
+    response_timeout = "60s"
+    read_timeout = "5s"
   }
 }
 
diff --git a/google-beta/resource_network_services_edge_cache_origin_test.go b/google-beta/resource_network_services_edge_cache_origin_test.go
@@ -22,7 +22,7 @@ func TestAccNetworkServicesEdgeCacheOrigin_updateAndImport(t *testing.T) {
 				ResourceName:            "google_network_services_edge_cache_origin.instance",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"name", "timeout"},
+				ImportStateVerifyIgnore: []string{"name"},
 			},
 			{
 				Config: testAccNetworkServicesEdgeCacheOrigin_update_1(name),
@@ -31,7 +31,7 @@ func TestAccNetworkServicesEdgeCacheOrigin_updateAndImport(t *testing.T) {
 				ResourceName:            "google_network_services_edge_cache_origin.instance",
 				ImportState:             true,
 				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"name", "timeout"},
+				ImportStateVerifyIgnore: []string{"name"},
 			},
 		},
 	})
@@ -46,6 +46,7 @@ func testAccNetworkServicesEdgeCacheOrigin_update_0(name string) string {
 		labels = {
 			a = "b"
 		}
+		retry_conditions = ["NOT_FOUND"]
 		timeout {
 			connect_timeout = "10s"
 		}
@@ -59,8 +60,12 @@ func testAccNetworkServicesEdgeCacheOrigin_update_1(name string) string {
 		origin_address       = "gs://media-edge-fallback"
 		description          = "The default bucket for media edge test"
 		max_attempts         = 3
+		retry_conditions     = ["FORBIDDEN"]
 		timeout {
 			connect_timeout = "9s"
+			max_attempts_timeout = "14s"
+			response_timeout = "29s"
+			read_timeout = "13s"
 		}
 	}
 `, name)
diff --git a/website/docs/r/network_services_edge_cache_origin.html.markdown b/website/docs/r/network_services_edge_cache_origin.html.markdown
@@ -62,12 +62,14 @@ resource "google_network_services_edge_cache_origin" "fallback" {
   retry_conditions = [
     "CONNECT_FAILURE",
     "NOT_FOUND",
-    "HTTP_5XX"
+    "HTTP_5XX",
+    "FORBIDDEN",
   ]
   timeout {
     connect_timeout = "10s"
-    max_attempts_timeout = "10s"
-    response_timeout = "10s"
+    max_attempts_timeout = "20s"
+    response_timeout = "60s"
+    read_timeout = "5s"
   }
 }
 
@@ -95,8 +97,8 @@ The following arguments are supported:
 * `origin_address` -
   (Required)
   A fully qualified domain name (FQDN) or IP address reachable over the public Internet, or the address of a Google Cloud Storage bucket.
-  This address will be used as the origin for cache requests - e.g. FQDN: media-backend.example.com IPv4:35.218.1.1 IPv6:[2607:f8b0:4012:809::200e] Cloud Storage: gs://bucketname
-  When providing an FQDN (hostname), it must be publicly resolvable (e.g. via Google public DNS) and IP addresses must be publicly routable.
+  This address will be used as the origin for cache requests - e.g. FQDN: media-backend.example.com, IPv4: 35.218.1.1, IPv6: 2607:f8b0:4012:809::200e, Cloud Storage: gs://bucketname
+  When providing an FQDN (hostname), it must be publicly resolvable (e.g. via Google public DNS) and IP addresses must be publicly routable.  It must not contain a protocol (e.g., https://) and it must not contain any slashes.
   If a Cloud Storage bucket is provided, it must be in the canonical "gs://bucketname" format. Other forms, such as "storage.googleapis.com", will be rejected.
 
 * `name` -
@@ -135,8 +137,8 @@ The following arguments are supported:
   retryConditions and failoverOrigin to control its own cache fill failures.
   The total number of allowed attempts to cache fill across this and failover origins is limited to four.
   The total time allowed for cache fill attempts across this and failover origins can be controlled with maxAttemptsTimeout.
-  The last valid response from an origin will be returned to the client.
-  If no origin returns a valid response, an HTTP 503 will be returned to the client.
+  The last valid, non-retried response from all origins will be returned to the client.
+  If no origin returns a valid response, an HTTP 502 will be returned to the client.
   Defaults to 1. Must be a value greater than 0 and less than 4.
 
 * `failover_origin` -
@@ -160,7 +162,8 @@ The following arguments are supported:
   - GATEWAY_ERROR: Similar to 5xx, but only applies to response codes 502, 503 or 504.
   - RETRIABLE_4XX: Retry for retriable 4xx response codes, which include HTTP 409 (Conflict) and HTTP 429 (Too Many Requests)
   - NOT_FOUND: Retry if the origin returns a HTTP 404 (Not Found). This can be useful when generating video content, and the segment is not available yet.
-  Each value may be one of `CONNECT_FAILURE`, `HTTP_5XX`, `GATEWAY_ERROR`, `RETRIABLE_4XX`, and `NOT_FOUND`.
+  - FORBIDDEN: Retry if the origin returns a HTTP 403 (Forbidden).
+  Each value may be one of `CONNECT_FAILURE`, `HTTP_5XX`, `GATEWAY_ERROR`, `RETRIABLE_4XX`, `NOT_FOUND`, and `FORBIDDEN`.
 
 * `timeout` -
   (Optional)
@@ -175,18 +178,30 @@ The following arguments are supported:
 
 * `connect_timeout` -
   (Optional)
-  The maximum duration to wait for the origin connection to be established, including DNS lookup, TLS handshake and TCP/QUIC connection establishment.
+  The maximum duration to wait for a single origin connection to be established, including DNS lookup, TLS handshake and TCP/QUIC connection establishment.
   Defaults to 5 seconds. The timeout must be a value between 1s and 15s.
+  The connectTimeout capped by the deadline set by the request's maxAttemptsTimeout.  The last connection attempt may have a smaller connectTimeout in order to adhere to the overall maxAttemptsTimeout.
 
 * `max_attempts_timeout` -
   (Optional)
-  The maximum time across all connection attempts to the origin, including failover origins, before returning an error to the client. A HTTP 503 will be returned if the timeout is reached before a response is returned.
-  Defaults to 5 seconds. The timeout must be a value between 1s and 15s.
+  The maximum time across all connection attempts to the origin, including failover origins, before returning an error to the client. A HTTP 504 will be returned if the timeout is reached before a response is returned.
+  Defaults to 15 seconds. The timeout must be a value between 1s and 30s.
+  If a failoverOrigin is specified, the maxAttemptsTimeout of the first configured origin sets the deadline for all connection attempts across all failoverOrigins.
 
 * `response_timeout` -
   (Optional)
-  The maximum duration to wait for data to arrive when reading from the HTTP connection/stream.
-  Defaults to 5 seconds. The timeout must be a value between 1s and 30s.
+  The maximum duration to wait for the last byte of a response to arrive when reading from the HTTP connection/stream.
+  Defaults to 30 seconds. The timeout must be a value between 1s and 120s.
+  The responseTimeout starts after the connection has been established.
+  This also applies to HTTP Chunked Transfer Encoding responses, and/or when an open-ended Range request is made to the origin. Origins that take longer to write additional bytes to the response than the configured responseTimeout will result in an error being returned to the client.
+  If the response headers have already been written to the connection, the response will be truncated and logged.
+
+* `read_timeout` -
+  (Optional)
+  The maximum duration to wait between reads of a single HTTP connection/stream.
+  Defaults to 15 seconds.  The timeout must be a value between 1s and 30s.
+  The readTimeout is capped by the responseTimeout.  All reads of the HTTP connection/stream must be completed by the deadline set by the responseTimeout.
+  If the response headers have already been written to the connection, the response will be truncated and logged.
 
 ## Attributes Reference
 
