Add advanced_options_config to regional security policies. (#14726) (#23914)

[upstream:faa4bee71581156f098912ac874b06aa6dd0a8f7]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/14726.txt

@@ -0,0 +1,3 @@
+```release-note:enhancement
+compute: added `advanced_options_config` field to `google_compute_region_security_policy` resource
+```

google/services/compute/resource_compute_region_security_policy.go

@@ -93,6 +93,56 @@ func ResourceComputeRegionSecurityPolicy() *schema.Resource {
 				Description: `Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035.
 Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.`,
 			},
+			"advanced_options_config": {
+				Type:        schema.TypeList,
+				Optional:    true,
+				Description: `Advanced Options Config of this security policy.`,
+				MaxItems:    1,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"json_custom_config": {
+							Type:        schema.TypeList,
+							Optional:    true,
+							Description: `Custom configuration to apply the JSON parsing. Only applicable when JSON parsing is set to STANDARD.`,
+							MaxItems:    1,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"content_types": {
+										Type:        schema.TypeSet,
+										Required:    true,
+										Description: `A list of custom Content-Type header values to apply the JSON parsing.`,
+										Elem: &schema.Schema{
+											Type: schema.TypeString,
+										},
+										Set: schema.HashString,
+									},
+								},
+							},
+						},
+						"json_parsing": {
+							Type:         schema.TypeString,
+							Optional:     true,
+							ValidateFunc: verify.ValidateEnum([]string{"DISABLED", "STANDARD", "STANDARD_WITH_GRAPHQL", ""}),
+							Description:  `JSON body parsing. Supported values include: "DISABLED", "STANDARD", "STANDARD_WITH_GRAPHQL". Possible values: ["DISABLED", "STANDARD", "STANDARD_WITH_GRAPHQL"]`,
+						},
+						"log_level": {
+							Type:         schema.TypeString,
+							Optional:     true,
+							ValidateFunc: verify.ValidateEnum([]string{"NORMAL", "VERBOSE", ""}),
+							Description:  `Logging level. Supported values include: "NORMAL", "VERBOSE". Possible values: ["NORMAL", "VERBOSE"]`,
+						},
+						"user_ip_request_headers": {
+							Type:        schema.TypeSet,
+							Optional:    true,
+							Description: `An optional list of case-insensitive request header names to use for resolving the callers client IP address.`,
+							Elem: &schema.Schema{
+								Type: schema.TypeString,
+							},
+							Set: schema.HashString,
+						},
+					},
+				},
+			},
 			"ddos_protection_config": {
 				Type:        schema.TypeList,
 				Optional:    true,
@@ -713,6 +763,12 @@ func resourceComputeRegionSecurityPolicyCreate(d *schema.ResourceData, meta inte
 	} else if v, ok := d.GetOkExists("ddos_protection_config"); !tpgresource.IsEmptyValue(reflect.ValueOf(ddosProtectionConfigProp)) && (ok || !reflect.DeepEqual(v, ddosProtectionConfigProp)) {
 		obj["ddosProtectionConfig"] = ddosProtectionConfigProp
 	}
+	advancedOptionsConfigProp, err := expandComputeRegionSecurityPolicyAdvancedOptionsConfig(d.Get("advanced_options_config"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("advanced_options_config"); !tpgresource.IsEmptyValue(reflect.ValueOf(advancedOptionsConfigProp)) && (ok || !reflect.DeepEqual(v, advancedOptionsConfigProp)) {
+		obj["advancedOptionsConfig"] = advancedOptionsConfigProp
+	}
 	userDefinedFieldsProp, err := expandComputeRegionSecurityPolicyUserDefinedFields(d.Get("user_defined_fields"), d, config)
 	if err != nil {
 		return err
@@ -848,6 +904,9 @@ func resourceComputeRegionSecurityPolicyRead(d *schema.ResourceData, meta interf
 	if err := d.Set("ddos_protection_config", flattenComputeRegionSecurityPolicyDdosProtectionConfig(res["ddosProtectionConfig"], d, config)); err != nil {
 		return fmt.Errorf("Error reading RegionSecurityPolicy: %s", err)
 	}
+	if err := d.Set("advanced_options_config", flattenComputeRegionSecurityPolicyAdvancedOptionsConfig(res["advancedOptionsConfig"], d, config)); err != nil {
+		return fmt.Errorf("Error reading RegionSecurityPolicy: %s", err)
+	}
 	if err := d.Set("self_link", flattenComputeRegionSecurityPolicySelfLink(res["selfLink"], d, config)); err != nil {
 		return fmt.Errorf("Error reading RegionSecurityPolicy: %s", err)
 	}
@@ -901,6 +960,12 @@ func resourceComputeRegionSecurityPolicyUpdate(d *schema.ResourceData, meta inte
 	} else if v, ok := d.GetOkExists("ddos_protection_config"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, ddosProtectionConfigProp)) {
 		obj["ddosProtectionConfig"] = ddosProtectionConfigProp
 	}
+	advancedOptionsConfigProp, err := expandComputeRegionSecurityPolicyAdvancedOptionsConfig(d.Get("advanced_options_config"), d, config)
+	if err != nil {
+		return err
+	} else if v, ok := d.GetOkExists("advanced_options_config"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, advancedOptionsConfigProp)) {
+		obj["advancedOptionsConfig"] = advancedOptionsConfigProp
+	}
 	userDefinedFieldsProp, err := expandComputeRegionSecurityPolicyUserDefinedFields(d.Get("user_defined_fields"), d, config)
 	if err != nil {
 		return err
@@ -935,6 +1000,10 @@ func resourceComputeRegionSecurityPolicyUpdate(d *schema.ResourceData, meta inte
 		updateMask = append(updateMask, "ddosProtectionConfig")
 	}
 
+	if d.HasChange("advanced_options_config") {
+		updateMask = append(updateMask, "advancedOptionsConfig")
+	}
+
 	if d.HasChange("user_defined_fields") {
 		updateMask = append(updateMask, "userDefinedFields")
 	}
@@ -1099,6 +1168,60 @@ func flattenComputeRegionSecurityPolicyDdosProtectionConfigDdosProtection(v inte
 	return v
 }
 
+func flattenComputeRegionSecurityPolicyAdvancedOptionsConfig(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	if v == nil {
+		return nil
+	}
+	original := v.(map[string]interface{})
+	if len(original) == 0 {
+		return nil
+	}
+	transformed := make(map[string]interface{})
+	transformed["json_parsing"] =
+		flattenComputeRegionSecurityPolicyAdvancedOptionsConfigJsonParsing(original["jsonParsing"], d, config)
+	transformed["json_custom_config"] =
+		flattenComputeRegionSecurityPolicyAdvancedOptionsConfigJsonCustomConfig(original["jsonCustomConfig"], d, config)
+	transformed["log_level"] =
+		flattenComputeRegionSecurityPolicyAdvancedOptionsConfigLogLevel(original["logLevel"], d, config)
+	transformed["user_ip_request_headers"] =
+		flattenComputeRegionSecurityPolicyAdvancedOptionsConfigUserIpRequestHeaders(original["userIpRequestHeaders"], d, config)
+	return []interface{}{transformed}
+}
+func flattenComputeRegionSecurityPolicyAdvancedOptionsConfigJsonParsing(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
+func flattenComputeRegionSecurityPolicyAdvancedOptionsConfigJsonCustomConfig(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	if v == nil {
+		return nil
+	}
+	original := v.(map[string]interface{})
+	if len(original) == 0 {
+		return nil
+	}
+	transformed := make(map[string]interface{})
+	transformed["content_types"] =
+		flattenComputeRegionSecurityPolicyAdvancedOptionsConfigJsonCustomConfigContentTypes(original["contentTypes"], d, config)
+	return []interface{}{transformed}
+}
+func flattenComputeRegionSecurityPolicyAdvancedOptionsConfigJsonCustomConfigContentTypes(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	if v == nil {
+		return v
+	}
+	return schema.NewSet(schema.HashString, v.([]interface{}))
+}
+
+func flattenComputeRegionSecurityPolicyAdvancedOptionsConfigLogLevel(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
+func flattenComputeRegionSecurityPolicyAdvancedOptionsConfigUserIpRequestHeaders(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	if v == nil {
+		return v
+	}
+	return schema.NewSet(schema.HashString, v.([]interface{}))
+}
+
 func flattenComputeRegionSecurityPolicySelfLink(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
 	return v
 }
@@ -1749,6 +1872,83 @@ func expandComputeRegionSecurityPolicyDdosProtectionConfigDdosProtection(v inter
 	return v, nil
 }
 
+func expandComputeRegionSecurityPolicyAdvancedOptionsConfig(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	l := v.([]interface{})
+	if len(l) == 0 || l[0] == nil {
+		return nil, nil
+	}
+	raw := l[0]
+	original := raw.(map[string]interface{})
+	transformed := make(map[string]interface{})
+
+	transformedJsonParsing, err := expandComputeRegionSecurityPolicyAdvancedOptionsConfigJsonParsing(original["json_parsing"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedJsonParsing); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["jsonParsing"] = transformedJsonParsing
+	}
+
+	transformedJsonCustomConfig, err := expandComputeRegionSecurityPolicyAdvancedOptionsConfigJsonCustomConfig(original["json_custom_config"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedJsonCustomConfig); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["jsonCustomConfig"] = transformedJsonCustomConfig
+	}
+
+	transformedLogLevel, err := expandComputeRegionSecurityPolicyAdvancedOptionsConfigLogLevel(original["log_level"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedLogLevel); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["logLevel"] = transformedLogLevel
+	}
+
+	transformedUserIpRequestHeaders, err := expandComputeRegionSecurityPolicyAdvancedOptionsConfigUserIpRequestHeaders(original["user_ip_request_headers"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedUserIpRequestHeaders); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["userIpRequestHeaders"] = transformedUserIpRequestHeaders
+	}
+
+	return transformed, nil
+}
+
+func expandComputeRegionSecurityPolicyAdvancedOptionsConfigJsonParsing(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
+func expandComputeRegionSecurityPolicyAdvancedOptionsConfigJsonCustomConfig(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	l := v.([]interface{})
+	if len(l) == 0 || l[0] == nil {
+		return nil, nil
+	}
+	raw := l[0]
+	original := raw.(map[string]interface{})
+	transformed := make(map[string]interface{})
+
+	transformedContentTypes, err := expandComputeRegionSecurityPolicyAdvancedOptionsConfigJsonCustomConfigContentTypes(original["content_types"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedContentTypes); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["contentTypes"] = transformedContentTypes
+	}
+
+	return transformed, nil
+}
+
+func expandComputeRegionSecurityPolicyAdvancedOptionsConfigJsonCustomConfigContentTypes(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	v = v.(*schema.Set).List()
+	return v, nil
+}
+
+func expandComputeRegionSecurityPolicyAdvancedOptionsConfigLogLevel(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
+func expandComputeRegionSecurityPolicyAdvancedOptionsConfigUserIpRequestHeaders(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	v = v.(*schema.Set).List()
+	return v, nil
+}
+
 func expandComputeRegionSecurityPolicyUserDefinedFields(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	l := v.([]interface{})
 	req := make([]interface{}, 0, len(l))

google/services/compute/resource_compute_region_security_policy_generated_meta.yaml

@@ -5,6 +5,10 @@ api_service_name: 'compute.googleapis.com'
 api_version: 'v1'
 api_resource_type_kind: 'SecurityPolicy'
 fields:
+  - field: 'advanced_options_config.json_custom_config.content_types'
+  - field: 'advanced_options_config.json_parsing'
+  - field: 'advanced_options_config.log_level'
+  - field: 'advanced_options_config.user_ip_request_headers'
   - field: 'ddos_protection_config.ddos_protection'
   - field: 'description'
   - field: 'fingerprint'

website/docs/r/compute_region_security_policy.html.markdown

@@ -160,6 +160,11 @@ The following arguments are supported:
   Configuration for Google Cloud Armor DDOS Proctection Config.
   Structure is [documented below](#nested_ddos_protection_config).
 
+* `advanced_options_config` -
+  (Optional)
+  Advanced Options Config of this security policy.
+  Structure is [documented below](#nested_advanced_options_config).
+
 * `user_defined_fields` -
   (Optional)
   Definitions of user-defined fields for CLOUD_ARMOR_NETWORK policies.
@@ -192,6 +197,40 @@ The following arguments are supported:
   - ADVANCED_PREVIEW: flag to enable the security policy in preview mode.
   Possible values are: `ADVANCED`, `ADVANCED_PREVIEW`, `STANDARD`.
 
+<a name="nested_advanced_options_config"></a>The `advanced_options_config` block supports:
+
+* `json_parsing` -
+  (Optional)
+  JSON body parsing. Supported values include: "DISABLED", "STANDARD", "STANDARD_WITH_GRAPHQL".
+  Possible values are: `DISABLED`, `STANDARD`, `STANDARD_WITH_GRAPHQL`.
+
+* `json_custom_config` -
+  (Optional)
+  Custom configuration to apply the JSON parsing. Only applicable when JSON parsing is set to STANDARD.
+  Structure is [documented below](#nested_advanced_options_config_json_custom_config).
+
+* `log_level` -
+  (Optional)
+  Logging level. Supported values include: "NORMAL", "VERBOSE".
+  Possible values are: `NORMAL`, `VERBOSE`.
+
+* `user_ip_request_headers` -
+  (Optional)
+  An optional list of case-insensitive request header names to use for resolving the callers client IP address.
+
+* `request_body_inspection_size` -
+  (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
+  The maximum request size chosen by the customer with Waf enabled. Values supported are "8KB", "16KB, "32KB", "48KB" and "64KB".
+  Values are case insensitive.
+  Possible values are: `8KB`, `16KB`, `32KB`, `48KB`, `64KB`.
+
+
+<a name="nested_advanced_options_config_json_custom_config"></a>The `json_custom_config` block supports:
+
+* `content_types` -
+  (Required)
+  A list of custom Content-Type header values to apply the JSON parsing.
+
 <a name="nested_user_defined_fields"></a>The `user_defined_fields` block supports:
 
 * `name` -