Add update support to serverTlsPolicy field in region_target_https_proxy

mmv1/products/compute/RegionTargetHttpsProxy.yaml

@@ -204,3 +204,8 @@ properties:
       INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED
       loadBalancingScheme consult ServerTlsPolicy documentation.
       If left blank, communications are not encrypted.
+    update_id: 'serverTlsPolicy'
+    fingerprint_name: 'fingerprint'
+    update_verb: :PATCH
+    update_url:
+      'projects/{{project}}/regions/{{region}}/targetHttpsProxies/{{name}}'

mmv1/products/networksecurity/ServerTlsPolicy.yaml

@@ -20,6 +20,8 @@ update_verb: :PATCH
 update_mask: true
 description: |
   ClientTlsPolicy is a resource that specifies how a client should authenticate connections to backends of a service. This resource itself does not affect configuration unless it is attached to a backend service resource.
+
+  Recreating a server TLS policy that's in use by another resource will give a `resourceInUseByAnotherResource` error. Use `lifecycle.create_before_destroy` to avoid this type of error.
 references: !ruby/object:Api::Resource::ReferenceLinks
   api: 'https://cloud.google.com/traffic-director/docs/reference/network-security/rest/v1beta1/projects.locations.serverTlsPolicies'
 async: !ruby/object:Api::OpAsync

mmv1/templates/terraform/encoders/compute_region_target_https_proxy.go.erb

@@ -7,4 +7,12 @@ if _, ok := obj["certificateManagerCertificates"]; ok {
 	obj["sslCertificates"] = obj["certificateManagerCertificates"]
 	delete(obj, "certificateManagerCertificates")
 }
-return obj, nil
+
+// Send null if serverTlsPolicy is not set. Without this, Terraform would not send any value for `serverTlsPolicy`
+// in the "PATCH" payload so if you were to remove a server TLS policy from a target HTTPS proxy, it would NOT remove
+// the association.
+if _, ok := obj["serverTlsPolicy"]; !ok {
+	obj["serverTlsPolicy"] = nil
+}
+
+return obj, nil

mmv1/templates/terraform/examples/go/network_security_server_tls_policy_mtls.tf.tmpl

@@ -1,3 +1,15 @@
+// Using with Target HTTPS Proxies
+//
+// If you need to rename or delete the "google_network_security_server_tls_policy" resource,
+// Terraform will try to destroy it first then perform the update to the
+// "google_compute_region_target_https_proxy" resource that references the server TLS policy.
+// This might happen in a situation where you want to disable mTLS on a target HTTPS proxy.
+// This will NOT work and will yield a "resourceInUseByAnotherResource" error as the target
+// HTTPS proxy is still referencing the server TLS policy that Terraform is trying to destroy.
+// It is recommended to specify "create_before_destroy = true" in a lifecycle block for the
+// "google_network_security_server_tls_policy" resource so that any create/update operations take
+// place _before_ the destroy.
+
 data "google_project" "project" {
   provider = google-beta
 }

mmv1/templates/terraform/examples/network_security_server_tls_policy_mtls.tf.erb

@@ -1,3 +1,15 @@
+// Using with Target HTTPS Proxies
+//
+// If you need to rename or delete the "google_network_security_server_tls_policy" resource,
+// Terraform will try to destroy it first then perform the update to the
+// "google_compute_region_target_https_proxy" resource that references the server TLS policy.
+// This might happen in a situation where you want to disable mTLS on a target HTTPS proxy.
+// This will NOT work and will yield a "resourceInUseByAnotherResource" error as the target
+// HTTPS proxy is still referencing the server TLS policy that Terraform is trying to destroy.
+// It is recommended to specify "create_before_destroy = true" in a lifecycle block for the
+// "google_network_security_server_tls_policy" resource so that any create/update operations take
+// place _before_ the destroy.
+
 data "google_project" "project" {
   provider = google-beta
 }