Added cipher_suite to VpnTunnel (#14248) (#23253)

[upstream:9335fd811c4c900701f70aa000d0e3b4192cee69]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/14248.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+compute: added `cipher_suite` block with phase1 and phase2 encryption configurations to `google_compute_vpn_tunnel` resource.
+```

website/docs/r/compute_vpn_tunnel.html.markdown

@@ -107,6 +107,100 @@ resource "google_compute_route" "route1" {
   next_hop_vpn_tunnel = google_compute_vpn_tunnel.tunnel1.id
 }
 ```
+<div class = "oics-button" style="float: right; margin: 0 0 -15px">
+  <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_image=gcr.io%2Fcloudshell-images%2Fcloudshell%3Alatest&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md&cloudshell_working_dir=vpn_tunnel_cipher_suite&open_in_editor=main.tf" target="_blank">
+    <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
+  </a>
+</div>
+## Example Usage - Vpn Tunnel Cipher Suite
+
+
+```hcl
+resource "google_compute_vpn_tunnel" "tunnel1" {
+  provider = google-beta
+  name          = "tunnel-cipher"
+  peer_ip       = "15.0.0.120"
+  shared_secret = "a secret message"
+
+  target_vpn_gateway = google_compute_vpn_gateway.target_gateway.id
+
+  cipher_suite {
+    phase1 {
+      encryption = ["AES-CBC-256"]
+      integrity  = ["HMAC-SHA2-256-128"]
+      prf        = ["PRF-HMAC-SHA2-256"]
+      dh         = ["Group-14"]
+    }
+    phase2 {
+      encryption = ["AES-CBC-128"]
+      integrity  = ["HMAC-SHA2-256-128"]
+      pfs        = ["Group-14"]
+    }
+  }
+
+  depends_on = [
+    google_compute_forwarding_rule.fr_esp,
+    google_compute_forwarding_rule.fr_udp500,
+    google_compute_forwarding_rule.fr_udp4500,
+  ]
+
+  labels = {
+    foo = "bar"
+  }
+}
+
+resource "google_compute_vpn_gateway" "target_gateway" {
+  provider = google-beta
+  name    = "vpn-1"
+  network = google_compute_network.network1.id
+}
+
+resource "google_compute_network" "network1" {
+  provider = google-beta
+  name = "network-1"
+}
+
+resource "google_compute_address" "vpn_static_ip" {
+  provider = google-beta
+  name = "vpn-static-ip"
+}
+
+resource "google_compute_forwarding_rule" "fr_esp" {
+  provider = google-beta
+  name        = "fr-esp"
+  ip_protocol = "ESP"
+  ip_address  = google_compute_address.vpn_static_ip.address
+  target      = google_compute_vpn_gateway.target_gateway.id
+}
+
+resource "google_compute_forwarding_rule" "fr_udp500" {
+  provider = google-beta
+  name        = "fr-udp500"
+  ip_protocol = "UDP"
+  port_range  = "500"
+  ip_address  = google_compute_address.vpn_static_ip.address
+  target      = google_compute_vpn_gateway.target_gateway.id
+}
+
+resource "google_compute_forwarding_rule" "fr_udp4500" {
+  provider = google-beta
+  name        = "fr-udp4500"
+  ip_protocol = "UDP"
+  port_range  = "4500"
+  ip_address  = google_compute_address.vpn_static_ip.address
+  target      = google_compute_vpn_gateway.target_gateway.id
+}
+
+resource "google_compute_route" "route1" {
+  provider = google-beta
+  name       = "route1"
+  network    = google_compute_network.network1.name
+  dest_range = "15.0.0.0/24"
+  priority   = 1000
+
+  next_hop_vpn_tunnel = google_compute_vpn_tunnel.tunnel1.id
+}
+```
 
 ## Argument Reference
 
@@ -201,6 +295,11 @@ The following arguments are supported:
   **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
   Please refer to the field `effective_labels` for all of the labels present on the resource.
 
+* `cipher_suite` -
+  (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
+  User specified list of ciphers to use for the phase 1 and phase 2 of the IKE protocol.
+  Structure is [documented below](#nested_cipher_suite).
+
 * `region` -
   (Optional)
   The region where the tunnel is located. If unset, is set to the region of `target_vpn_gateway`.
@@ -209,6 +308,51 @@ The following arguments are supported:
     If it is not provided, the provider project is used.
 
 
+<a name="nested_cipher_suite"></a>The `cipher_suite` block supports:
+
+* `phase1` -
+  (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
+  Cipher configuration for phase 1 of the IKE protocol.
+  Structure is [documented below](#nested_cipher_suite_phase1).
+
+* `phase2` -
+  (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
+  Cipher configuration for phase 2 of the IKE protocol.
+  Structure is [documented below](#nested_cipher_suite_phase2).
+
+
+<a name="nested_cipher_suite_phase1"></a>The `phase1` block supports:
+
+* `encryption` -
+  (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
+  Encryption algorithms.
+
+* `integrity` -
+  (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
+  Integrity algorithms.
+
+* `prf` -
+  (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
+  Pseudo-random functions.
+
+* `dh` -
+  (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
+  Diffie-Hellman groups.
+
+<a name="nested_cipher_suite_phase2"></a>The `phase2` block supports:
+
+* `encryption` -
+  (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
+  Encryption algorithms.
+
+* `integrity` -
+  (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
+  Integrity algorithms.
+
+* `pfs` -
+  (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
+  Perfect forward secrecy groups.
+
 ## Attributes Reference
 
 In addition to the arguments listed above, the following computed attributes are exported: