# Copyright 2024 Google Inc. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. --- name: 'RegionTargetHttpsProxy' api_resource_type_kind: TargetHttpsProxy description: | Represents a RegionTargetHttpsProxy resource, which is used by one or more forwarding rules to route incoming HTTPS requests to a URL map. references: guides: 'Official Documentation': 'https://cloud.google.com/compute/docs/load-balancing/http/target-proxies' api: 'https://cloud.google.com/compute/docs/reference/rest/v1/regionTargetHttpsProxies' docs: base_url: 'projects/{{project}}/regions/{{region}}/targetHttpsProxies' has_self_link: true immutable: true timeouts: insert_minutes: 20 update_minutes: 20 delete_minutes: 20 async: actions: ['create', 'delete', 'update'] type: 'OpAsync' operation: base_url: '{{op_id}}' result: resource_inside_response: false custom_code: encoder: 'templates/terraform/encoders/compute_region_target_https_proxy.go.tmpl' # update_encoder is usually the same as encoder by default. This resource is an uncommon case where the whole resource # is marked to be immutable, but we have a field specific update that overrides it (e.g certifiacteManagerCertificates). # This causes the encoder logic to not be applied during update. update_encoder: 'templates/terraform/encoders/compute_region_target_https_proxy.go.tmpl' decoder: 'templates/terraform/decoders/compute_region_target_https_proxy.go.tmpl' examples: - name: 'region_target_https_proxy_basic' primary_resource_id: 'default' vars: region_target_https_proxy_name: 'test-proxy' region_ssl_certificate_name: 'my-certificate' region_url_map_name: 'url-map' region_backend_service_name: 'backend-service' region_health_check_name: 'http-health-check' - name: 'region_target_https_proxy_http_keep_alive_timeout' primary_resource_id: 'default' vars: region_target_https_proxy_name: 'test-http-keep-alive-timeout-proxy' region_ssl_certificate_name: 'my-certificate' region_url_map_name: 'url-map' region_backend_service_name: 'backend-service' region_health_check_name: 'http-health-check' - name: 'region_target_https_proxy_mtls' primary_resource_id: 'default' min_version: 'beta' vars: target_https_proxy_name: 'test-mtls-proxy' ssl_certificate_name: 'my-certificate' url_map_name: 'url-map' backend_service_name: 'backend-service' http_health_check_name: 'http-health-check' server_tls_policy_name: 'my-tls-policy' trust_config_name: 'my-trust-config' - name: 'region_target_https_proxy_certificate_manager_certificate' primary_resource_id: 'default' vars: region_target_https_proxy_name: 'target-http-proxy' certificate_manager_certificate_name: 'my-certificate' region_url_map_name: 'url-map' region_backend_service_name: 'backend-service' parameters: - name: 'region' type: ResourceRef description: | The Region in which the created target https proxy should reside. If it is not provided, the provider region is used. required: false immutable: true default_from_api: true custom_flatten: 'templates/terraform/custom_flatten/name_from_self_link.tmpl' custom_expand: 'templates/terraform/custom_expand/resourceref_with_validation.go.tmpl' resource: 'Region' imports: 'name' properties: - name: 'creationTimestamp' type: Time description: 'Creation timestamp in RFC3339 text format.' output: true - name: 'description' type: String description: 'An optional description of this resource.' immutable: true - name: 'proxyId' type: Integer description: 'The unique identifier for the resource.' api_name: id output: true - name: 'name' type: String description: | Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. required: true immutable: true # This field is present in the schema but as of 2019 Sep 23 attempting to set it fails with # a 400 "QUIC override is supported only with global TargetHttpsProxy". jamessynge@ said in an # email sent on 2019 Sep 20 that support for this "is probably far in the future." # name: 'quicOverride' # type: Enum # description: | # Specifies the QUIC override policy for this resource. This determines # whether the load balancer will attempt to negotiate QUIC with clients # or not. Can specify one of NONE, ENABLE, or DISABLE. If NONE is # specified, uses the QUIC policy with no user overrides, which is # equivalent to DISABLE. Not specifying this field is equivalent to # specifying NONE. # enum_values: # - 'NONE' # - 'ENABLE' # - 'DISABLE' # update_verb: :POST # update_url: # 'projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}}/setQuicOverride' - name: 'certificateManagerCertificates' type: Array description: | URLs to certificate manager certificate resources that are used to authenticate connections between users and the load balancer. sslCertificates and certificateManagerCertificates can't be defined together. Accepted format is `//certificatemanager.googleapis.com/projects/{project}/locations/{location}/certificates/{resourceName}` or just the self_link `projects/{project}/locations/{location}/certificates/{resourceName}` update_url: 'projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}}/setSslCertificates' update_verb: 'POST' conflicts: - ssl_certificates diff_suppress_func: 'tpgresource.CompareResourceNames' custom_expand: 'templates/terraform/custom_expand/certificate_manager_certificate_construct_full_url.go.tmpl' item_type: type: String - name: 'sslCertificates' type: Array description: | URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. At least one SSL certificate must be specified. Currently, you may specify up to 15 SSL certificates. sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED. update_url: 'projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}}/setSslCertificates' update_verb: 'POST' conflicts: - certificate_manager_certificates custom_expand: 'templates/terraform/custom_expand/array_resourceref_with_validation.go.tmpl' item_type: name: 'sslCertificate' type: ResourceRef description: 'The SSL certificates used by this TargetHttpsProxy' resource: 'RegionSslCertificate' imports: 'selfLink' - name: 'sslPolicy' type: ResourceRef description: | A reference to the Region SslPolicy resource that will be associated with the TargetHttpsProxy resource. If not set, the TargetHttpsProxy resource will not have any SSL policy configured. update_url: 'projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}}' update_verb: 'PATCH' update_id: 'sslPolicy' fingerprint_name: 'fingerprint' custom_expand: 'templates/terraform/custom_expand/resourceref_with_validation.go.tmpl' resource: 'RegionSslPolicy' imports: 'selfLink' - name: 'urlMap' type: ResourceRef description: | A reference to the RegionUrlMap resource that defines the mapping from URL to the RegionBackendService. required: true update_url: 'projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}}/setUrlMap' update_verb: 'POST' custom_expand: 'templates/terraform/custom_expand/resourceref_with_validation.go.tmpl' resource: 'RegionUrlMap' imports: 'selfLink' - name: 'httpKeepAliveTimeoutSec' type: Integer description: | Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). If an HTTP keepalive is not specified, a default value (600 seconds) will be used. For Regioanl HTTP(S) load balancer, the minimum allowed value is 5 seconds and the maximum allowed value is 600 seconds. - name: 'serverTlsPolicy' type: ResourceRef description: | A URL referring to a networksecurity.ServerTlsPolicy resource that describes how the proxy should authenticate inbound traffic. serverTlsPolicy only applies to a global TargetHttpsProxy attached to globalForwardingRules with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. For details which ServerTlsPolicy resources are accepted with INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED loadBalancingScheme consult ServerTlsPolicy documentation. If left blank, communications are not encrypted. If you remove this field from your configuration at the same time as deleting or recreating a referenced ServerTlsPolicy resource, you will receive a resourceInUseByAnotherResource error. Use lifecycle.create_before_destroy within the ServerTlsPolicy resource to avoid this. update_url: 'projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}}' update_verb: 'PATCH' update_id: 'serverTlsPolicy' fingerprint_name: 'fingerprint' resource: 'SslPolicy' imports: 'selfLink'