Add support for cacheKeyPolicy in BackendBuckets (#6043) (#4349)

* Add support for cacheKeyPolicy in BackendBuckets

* Add an example of include_http_headers

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/6043.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+compute: added `cache_key_policy` field to `google_compute_backend_bucket` resource
+```

google-beta/resource_compute_backend_bucket.go

@@ -68,6 +68,37 @@ last character, which cannot be a dash.`,
 				MaxItems:    1,
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
+						"cache_key_policy": {
+							Type:        schema.TypeList,
+							Optional:    true,
+							Description: `The CacheKeyPolicy for this CdnPolicy.`,
+							MaxItems:    1,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"include_http_headers": {
+										Type:     schema.TypeList,
+										Optional: true,
+										Description: `Allows HTTP request headers (by name) to be used in the
+cache key.`,
+										Elem: &schema.Schema{
+											Type: schema.TypeString,
+										},
+										AtLeastOneOf: []string{"cdn_policy.0.cache_key_policy.0.query_string_whitelist", "cdn_policy.0.cache_key_policy.0.include_http_headers"},
+									},
+									"query_string_whitelist": {
+										Type:     schema.TypeList,
+										Optional: true,
+										Description: `Names of query string parameters to include in cache keys.
+Default parameters are always included. '&' and '=' will
+be percent encoded and not treated as delimiters.`,
+										Elem: &schema.Schema{
+											Type: schema.TypeString,
+										},
+										AtLeastOneOf: []string{"cdn_policy.0.cache_key_policy.0.query_string_whitelist", "cdn_policy.0.cache_key_policy.0.include_http_headers"},
+									},
+								},
+							},
+						},
 						"cache_mode": {
 							Type:         schema.TypeString,
 							Computed:     true,
@@ -558,6 +589,8 @@ func flattenComputeBackendBucketCdnPolicy(v interface{}, d *schema.ResourceData,
 		return nil
 	}
 	transformed := make(map[string]interface{})
+	transformed["cache_key_policy"] =
+		flattenComputeBackendBucketCdnPolicyCacheKeyPolicy(original["cacheKeyPolicy"], d, config)
 	transformed["signed_url_cache_max_age_sec"] =
 		flattenComputeBackendBucketCdnPolicySignedUrlCacheMaxAgeSec(original["signedUrlCacheMaxAgeSec"], d, config)
 	transformed["default_ttl"] =
@@ -576,6 +609,29 @@ func flattenComputeBackendBucketCdnPolicy(v interface{}, d *schema.ResourceData,
 		flattenComputeBackendBucketCdnPolicyServeWhileStale(original["serveWhileStale"], d, config)
 	return []interface{}{transformed}
 }
+func flattenComputeBackendBucketCdnPolicyCacheKeyPolicy(v interface{}, d *schema.ResourceData, config *Config) interface{} {
+	if v == nil {
+		return nil
+	}
+	original := v.(map[string]interface{})
+	if len(original) == 0 {
+		return nil
+	}
+	transformed := make(map[string]interface{})
+	transformed["query_string_whitelist"] =
+		flattenComputeBackendBucketCdnPolicyCacheKeyPolicyQueryStringWhitelist(original["queryStringWhitelist"], d, config)
+	transformed["include_http_headers"] =
+		flattenComputeBackendBucketCdnPolicyCacheKeyPolicyIncludeHttpHeaders(original["includeHttpHeaders"], d, config)
+	return []interface{}{transformed}
+}
+func flattenComputeBackendBucketCdnPolicyCacheKeyPolicyQueryStringWhitelist(v interface{}, d *schema.ResourceData, config *Config) interface{} {
+	return v
+}
+
+func flattenComputeBackendBucketCdnPolicyCacheKeyPolicyIncludeHttpHeaders(v interface{}, d *schema.ResourceData, config *Config) interface{} {
+	return v
+}
+
 func flattenComputeBackendBucketCdnPolicySignedUrlCacheMaxAgeSec(v interface{}, d *schema.ResourceData, config *Config) interface{} {
 	// Handles the string fixed64 format
 	if strVal, ok := v.(string); ok {
@@ -759,6 +815,13 @@ func expandComputeBackendBucketCdnPolicy(v interface{}, d TerraformResourceData,
 	original := raw.(map[string]interface{})
 	transformed := make(map[string]interface{})
 
+	transformedCacheKeyPolicy, err := expandComputeBackendBucketCdnPolicyCacheKeyPolicy(original["cache_key_policy"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedCacheKeyPolicy); val.IsValid() && !isEmptyValue(val) {
+		transformed["cacheKeyPolicy"] = transformedCacheKeyPolicy
+	}
+
 	transformedSignedUrlCacheMaxAgeSec, err := expandComputeBackendBucketCdnPolicySignedUrlCacheMaxAgeSec(original["signed_url_cache_max_age_sec"], d, config)
 	if err != nil {
 		return nil, err
@@ -818,6 +881,40 @@ func expandComputeBackendBucketCdnPolicy(v interface{}, d TerraformResourceData,
 	return transformed, nil
 }
 
+func expandComputeBackendBucketCdnPolicyCacheKeyPolicy(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
+	l := v.([]interface{})
+	if len(l) == 0 || l[0] == nil {
+		return nil, nil
+	}
+	raw := l[0]
+	original := raw.(map[string]interface{})
+	transformed := make(map[string]interface{})
+
+	transformedQueryStringWhitelist, err := expandComputeBackendBucketCdnPolicyCacheKeyPolicyQueryStringWhitelist(original["query_string_whitelist"], d, config)
+	if err != nil {
+		return nil, err
+	} else {
+		transformed["queryStringWhitelist"] = transformedQueryStringWhitelist
+	}
+
+	transformedIncludeHttpHeaders, err := expandComputeBackendBucketCdnPolicyCacheKeyPolicyIncludeHttpHeaders(original["include_http_headers"], d, config)
+	if err != nil {
+		return nil, err
+	} else {
+		transformed["includeHttpHeaders"] = transformedIncludeHttpHeaders
+	}
+
+	return transformed, nil
+}
+
+func expandComputeBackendBucketCdnPolicyCacheKeyPolicyQueryStringWhitelist(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
+	return v, nil
+}
+
+func expandComputeBackendBucketCdnPolicyCacheKeyPolicyIncludeHttpHeaders(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandComputeBackendBucketCdnPolicySignedUrlCacheMaxAgeSec(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) {
 	return v, nil
 }

google-beta/resource_compute_backend_bucket_generated_test.go

@@ -161,6 +161,96 @@ resource "google_compute_security_policy" "policy" {
 `, context)
 }
 
+func TestAccComputeBackendBucket_backendBucketQueryStringWhitelistExample(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": randString(t, 10),
+	}
+
+	vcrTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckComputeBackendBucketDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccComputeBackendBucket_backendBucketQueryStringWhitelistExample(context),
+			},
+			{
+				ResourceName:      "google_compute_backend_bucket.image_backend",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func testAccComputeBackendBucket_backendBucketQueryStringWhitelistExample(context map[string]interface{}) string {
+	return Nprintf(`
+resource "google_compute_backend_bucket" "image_backend" {
+  name        = "tf-test-image-backend-bucket%{random_suffix}"
+  description = "Contains beautiful images"
+  bucket_name = google_storage_bucket.image_bucket.name
+  enable_cdn  = true
+  cdn_policy {
+    cache_key_policy {
+        query_string_whitelist = ["image-version"]
+    }
+  }
+}
+
+resource "google_storage_bucket" "image_bucket" {
+  name     = "tf-test-image-backend-bucket%{random_suffix}"
+  location = "EU"
+}
+`, context)
+}
+
+func TestAccComputeBackendBucket_backendBucketIncludeHttpHeadersExample(t *testing.T) {
+	t.Parallel()
+
+	context := map[string]interface{}{
+		"random_suffix": randString(t, 10),
+	}
+
+	vcrTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckComputeBackendBucketDestroyProducer(t),
+		Steps: []resource.TestStep{
+			{
+				Config: testAccComputeBackendBucket_backendBucketIncludeHttpHeadersExample(context),
+			},
+			{
+				ResourceName:      "google_compute_backend_bucket.image_backend",
+				ImportState:       true,
+				ImportStateVerify: true,
+			},
+		},
+	})
+}
+
+func testAccComputeBackendBucket_backendBucketIncludeHttpHeadersExample(context map[string]interface{}) string {
+	return Nprintf(`
+resource "google_compute_backend_bucket" "image_backend" {
+  name        = "tf-test-image-backend-bucket%{random_suffix}"
+  description = "Contains beautiful images"
+  bucket_name = google_storage_bucket.image_bucket.name
+  enable_cdn  = true
+  cdn_policy {
+    cache_key_policy {
+        include_http_headers = ["X-My-Header-Field"]
+    }
+  }
+}
+
+resource "google_storage_bucket" "image_bucket" {
+  name     = "tf-test-image-backend-bucket%{random_suffix}"
+  location = "EU"
+}
+`, context)
+}
+
 func testAccCheckComputeBackendBucketDestroyProducer(t *testing.T) func(s *terraform.State) error {
 	return func(s *terraform.State) error {
 		for name, rs := range s.RootModule().Resources {

website/docs/r/compute_backend_bucket.html.markdown

@@ -87,6 +87,58 @@ resource "google_compute_security_policy" "policy" {
 	type = "CLOUD_ARMOR_EDGE"
 }
 ```
+<div class = "oics-button" style="float: right; margin: 0 0 -15px">
+  <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=backend_bucket_query_string_whitelist&cloudshell_image=gcr.io%2Fgraphite-cloud-shell-images%2Fterraform%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
+    <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
+  </a>
+</div>
+## Example Usage - Backend Bucket Query String Whitelist
+
+
+```hcl
+resource "google_compute_backend_bucket" "image_backend" {
+  name        = "image-backend-bucket"
+  description = "Contains beautiful images"
+  bucket_name = google_storage_bucket.image_bucket.name
+  enable_cdn  = true
+  cdn_policy {
+    cache_key_policy {
+        query_string_whitelist = ["image-version"]
+    }
+  }
+}
+
+resource "google_storage_bucket" "image_bucket" {
+  name     = "image-backend-bucket"
+  location = "EU"
+}
+```
+<div class = "oics-button" style="float: right; margin: 0 0 -15px">
+  <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=backend_bucket_include_http_headers&cloudshell_image=gcr.io%2Fgraphite-cloud-shell-images%2Fterraform%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
+    <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
+  </a>
+</div>
+## Example Usage - Backend Bucket Include Http Headers
+
+
+```hcl
+resource "google_compute_backend_bucket" "image_backend" {
+  name        = "image-backend-bucket"
+  description = "Contains beautiful images"
+  bucket_name = google_storage_bucket.image_bucket.name
+  enable_cdn  = true
+  cdn_policy {
+    cache_key_policy {
+        include_http_headers = ["X-My-Header-Field"]
+    }
+  }
+}
+
+resource "google_storage_bucket" "image_bucket" {
+  name     = "image-backend-bucket"
+  location = "EU"
+}
+```
 
 ## Argument Reference
 
@@ -139,6 +191,11 @@ The following arguments are supported:
 
 <a name="nested_cdn_policy"></a>The `cdn_policy` block supports:
 
+* `cache_key_policy` -
+  (Optional)
+  The CacheKeyPolicy for this CdnPolicy.
+  Structure is [documented below](#nested_cache_key_policy).
+
 * `signed_url_cache_max_age_sec` -
   (Optional)
   Maximum number of seconds the response to a signed URL request will
@@ -184,6 +241,19 @@ The following arguments are supported:
   Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache.
 
 
+<a name="nested_cache_key_policy"></a>The `cache_key_policy` block supports:
+
+* `query_string_whitelist` -
+  (Optional)
+  Names of query string parameters to include in cache keys.
+  Default parameters are always included. '&' and '=' will
+  be percent encoded and not treated as delimiters.
+
+* `include_http_headers` -
+  (Optional)
+  Allows HTTP request headers (by name) to be used in the
+  cache key.
+
 <a name="nested_negative_caching_policy"></a>The `negative_caching_policy` block supports:
 
 * `code` -