terraform-provider-google
terraform-provider-google copied to clipboard
hashicorp
implement serverTlsPolicy for https_proxy resources
Community Note
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment. If the issue is assigned to the "modular-magician" user, it is either in the process of being autogenerated, or is planned to be autogenerated soon. If the issue is assigned to a user, that user is claiming responsibility for the issue. If the issue is assigned to "hashibot", a community member has claimed the issue already.
Description
Please implement serverTlsPolicy as an argument for these resources as outlined in Google's Documents so that we can make use of google_network_security_server_tls_policy resource introduced in google-beta provider v4.66.0
New or Affected Resource(s)
- google_compute_target_https_proxy
- google_compute_region_target_https_proxy
Potential Terraform Configuration
# Propose what you think the configuration to take advantage of this feature should look like.
# We may not use it verbatim, but it's helpful in understanding your intent.
resource "google_network_security_server_tls_policy" "default" {
provider = google-beta
name = "my-tls-policy"
location = "global"
description = "TLS Policy for mTLS"
#server_certificate = google_compute_ssl_certificate.default[0].self_link
mtls_policy {
client_validation_trust_config = "projects/${var.project_number}/locations/global/trustConfigs/my-trust-config-created-in-cli"
client_validation_mode = "ALLOW_INVALID_OR_MISSING_CLIENT_CERT"
}
}
resource "google_compute_target_https_proxy" "default" {
name = "test-proxy"
url_map = google_compute_url_map.default.id
ssl_certificates = [google_compute_ssl_certificate.default.id]
server_tls_policy = google_network_security_server_tls_policy.default.id
}
References
- #14686
- GoogleCloudPlatform/magic-modules#7822
- hashicorp/terraform-provider-google-beta#5619
- https://github.com/hashicorp/terraform-provider-google-beta/releases/tag/v4.66.0
b/290613151
It looks like this was fixed for google_compute_target_https_proxy but not for google_compute_region_target_https_proxy.
Hello @melinath, I started working on enhancing google_compute_region_target_https_proxy considering the Server TLS policies
Hello @melinath I had a small talk with Babi Seal and he confirmed that currently there is no plan to deliver the regional scenario. I believe that we can close this issue.
@maxi-cit What do you mean "no plan to deliver the regional scenario"? The API currently supports it afaik. It's definitely implemented from gcloud CLI, as that's currently my only option for provisioning this. I've been waiting 5 months for this to be added. Why would you suggest closing it?
Hello @jogoldberg, I opened a PR implementing the regional scenario but the tests failed due to some restriction in the API. Please check this PR and following error.:
Error 400: project XXXX not allowed to access regional ServerTlsPolicy
Tag me if there is something I might have missed
Hello folks, I had a recent communication from some Google people that this feature is currently work in progress. So, we will need to wait for a time for it become available.
Hey! Just checking in to see if there's been any progress on the issue I mentioned before. Having the same problem here currently.
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}