feat: support for the enforce attribute in the s_sl_info block for the google_apigee_target_server (#13841) (#22594)

modular-magician · web-flow · commit 9311a7af39d4 · 2025-05-02T11:18:59.000-07:00
[upstream:c0448273f2dc38937084e7f3fa2e6f573b6f7b88]

Signed-off-by: Modular Magician &lt;magic-modules@google.com&gt;
diff --git a/.changelog/13841.txt b/.changelog/13841.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+apigee: added `s_sl_info.enforce` field in `google_apigee_target_server` resource
+```
diff --git a/google/services/apigee/resource_apigee_target_server.go b/google/services/apigee/resource_apigee_target_server.go
@@ -138,6 +138,11 @@ in the format 'organizations/{{org_name}}/environments/{{env_name}}'.`,
 								},
 							},
 						},
+						"enforce": {
+							Type:        schema.TypeBool,
+							Optional:    true,
+							Description: `If true, TLS is strictly enforced.`,
+						},
 						"ignore_validation_errors": {
 							Type:        schema.TypeBool,
 							Optional:    true,
@@ -531,6 +536,8 @@ func flattenApigeeTargetServerSSLInfo(v interface{}, d *schema.ResourceData, con
 		flattenApigeeTargetServerSSLInfoCiphers(original["ciphers"], d, config)
 	transformed["common_name"] =
 		flattenApigeeTargetServerSSLInfoCommonName(original["commonName"], d, config)
+	transformed["enforce"] =
+		flattenApigeeTargetServerSSLInfoEnforce(original["enforce"], d, config)
 	return []interface{}{transformed}
 }
 func flattenApigeeTargetServerSSLInfoEnabled(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
@@ -588,6 +595,10 @@ func flattenApigeeTargetServerSSLInfoCommonNameWildcardMatch(v interface{}, d *s
 	return v
 }
 
+func flattenApigeeTargetServerSSLInfoEnforce(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
+	return v
+}
+
 func flattenApigeeTargetServerProtocol(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
 	return v
 }
@@ -684,6 +695,13 @@ func expandApigeeTargetServerSSLInfo(v interface{}, d tpgresource.TerraformResou
 		transformed["commonName"] = transformedCommonName
 	}
 
+	transformedEnforce, err := expandApigeeTargetServerSSLInfoEnforce(original["enforce"], d, config)
+	if err != nil {
+		return nil, err
+	} else if val := reflect.ValueOf(transformedEnforce); val.IsValid() && !tpgresource.IsEmptyValue(val) {
+		transformed["enforce"] = transformedEnforce
+	}
+
 	return transformed, nil
 }
 
@@ -753,6 +771,10 @@ func expandApigeeTargetServerSSLInfoCommonNameWildcardMatch(v interface{}, d tpg
 	return v, nil
 }
 
+func expandApigeeTargetServerSSLInfoEnforce(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
+	return v, nil
+}
+
 func expandApigeeTargetServerProtocol(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	return v, nil
 }
diff --git a/google/services/apigee/resource_apigee_target_server_generated_meta.yaml b/google/services/apigee/resource_apigee_target_server_generated_meta.yaml
@@ -18,6 +18,7 @@ fields:
   - field: 's_sl_info.common_name.value'
   - field: 's_sl_info.common_name.wildcard_match'
   - field: 's_sl_info.enabled'
+  - field: 's_sl_info.enforce'
   - field: 's_sl_info.ignore_validation_errors'
   - field: 's_sl_info.key_alias'
   - field: 's_sl_info.key_store'
diff --git a/google/services/apigee/resource_apigee_target_server_test.go b/google/services/apigee/resource_apigee_target_server_test.go
@@ -355,6 +355,7 @@ resource "google_apigee_target_server" "apigee_target_server"{
 	 key_store                = google_apigee_env_keystore.apigee_environment_keystore.name
 	 protocols                = ["TLSv1.1"]
 	 trust_store              = google_apigee_env_keystore.apigee_environment_keystore.name
+     enforce                  = false
    common_name{
     value                   = "testCn"
     wildcard_match          = true
@@ -470,6 +471,7 @@ resource "google_apigee_target_server" "apigee_target_server"{
 	  key_store                = google_apigee_env_keystore.apigee_environment_keystore2.name
 	  protocols                = ["TLSv1.2", "TLSv1.1"]
 	  trust_store              = google_apigee_env_keystore.apigee_environment_keystore2.name
+      enforce                  = true
 	}
 	depends_on                 = [ 
     google_apigee_env_keystore.apigee_environment_keystore2,
diff --git a/website/docs/r/apigee_target_server.html.markdown b/website/docs/r/apigee_target_server.html.markdown
@@ -192,6 +192,10 @@ The following arguments are supported:
   The TLS Common Name of the certificate.
   Structure is [documented below](#nested_s_sl_info_common_name).
 
+* `enforce` -
+  (Optional)
+  If true, TLS is strictly enforced.
+
 
 <a name="nested_s_sl_info_common_name"></a>The `common_name` block supports:
 

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	+```release-note:enhancement
	`2`	+apigee: added `s_sl_info.enforce` field in `google_apigee_target_server` resource
	`3`	+```