Add SSLPolicy resource and support for it in TargetHttpsProxy. Enable only in Terraform

products/compute/api.yaml

@@ -2504,6 +2504,104 @@ objects:
         name: 'privateKey'
         description: 'The private key in PEM format.'
         input: true
+  - !ruby/object:Api::Resource
+    name: 'SslPolicy'
+    # TODO(https://github.com/GoogleCloudPlatform/magic-modules/issues/173): Enable
+    exclude: true
+    kind: 'compute#sslPolicy'
+    base_url: projects/{project}/global/sslPolicies
+    exports:
+      - !ruby/object:Api::Type::SelfLink
+        name: 'selfLink'
+    description: |
+      Represents a SSL policy. SSL policies give you the ability to control the
+      features of SSL that your SSL proxy or HTTPS load balancer negotiates.
+    references: !ruby/object:Api::Resource::ReferenceLinks
+          guides:
+            'Using SSL Policies': 'https://cloud.google.com/compute/docs/load-balancing/ssl-policies'
+          api: 'https://cloud.google.com/compute/docs/reference/rest/v1/sslPolicies'
+<%= indent(compile_file({}, 'templates/global_async.yaml.erb'), 4) %>
+    properties:
+      - !ruby/object:Api::Type::Time
+        name: 'creationTimestamp'
+        description: 'Creation timestamp in RFC3339 text format.'
+        output: true
+      - !ruby/object:Api::Type::String
+        name: 'description'
+        description: 'An optional description of this resource.'
+      - !ruby/object:Api::Type::Integer
+        name: 'id'
+        description: 'The unique identifier for the resource.'
+        output: true
+      - !ruby/object:Api::Type::String
+        name: 'name'
+        description: |
+          Name of the resource. Provided by the client when the resource is
+          created. The name must be 1-63 characters long, and comply with
+          RFC1035. Specifically, the name must be 1-63 characters long and match
+          the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the
+          first character must be a lowercase letter, and all following
+          characters must be a dash, lowercase letter, or digit, except the last
+          character, which cannot be a dash.
+        required: true
+        # TODO: profile, minTlsVersion, enabledFeatures, customFeatures, fingerprint, warnings, kind
+      - !ruby/object:Api::Type::Enum
+        name: 'profile'
+        description: |
+          Profile specifies the set of SSL features that can be used by the
+          load balancer when negotiating SSL with clients. This can be one of
+          COMPATIBLE, MODERN, RESTRICTED, or CUSTOM. If using CUSTOM, the set
+          of SSL features to enable must be specified in the customFeatures
+          field.
+        values:
+          - :COMPATIBLE
+          - :MODERN
+          - :RESTRICTED
+          - :CUSTOM
+      - !ruby/object:Api::Type::Enum
+        name: 'minTlsVersion'
+        description: |
+          The minimum version of SSL protocol that can be used by the clients
+          to establish a connection with the load balancer. This can be one of
+          TLS_1_0, TLS_1_1, TLS_1_2.
+        values:
+          - :TLS_1_0
+          - :TLS_1_1
+          - :TLS_1_2
+      - !ruby/object:Api::Type::Array
+        name: 'enabledFeatures'
+        description: 'The list of features enabled in the SSL policy.'
+        output: true
+        item_type: Api::Type::String
+      - !ruby/object:Api::Type::Array
+        name: 'customFeatures'
+        description: |
+          A list of features enabled when the selected profile is CUSTOM. The
+          method returns the set of features that can be specified in this
+          list. This field must be empty if the profile is not CUSTOM.
+        item_type: Api::Type::String
+      - !ruby/object:Api::Type::String
+        name: 'fingerprint'
+        description: |
+          Fingerprint of this resource. A hash of the contents stored in this
+          object. This field is used in optimistic locking.
+        output: true
+      - !ruby/object:Api::Type::Array
+        name: 'warnings'
+        description: |
+          If potential misconfigurations are detected for this SSL policy, this
+          field will be populated with warning messages.
+        output: true
+        item_type: !ruby/object:Api::Type::NestedObject
+          properties:
+            - !ruby/object:Api::Type::String
+              name: 'code'
+              description: 'A warning code, if applicable.'
+              output: true
+            - !ruby/object:Api::Type::String
+              name: 'message'
+              description: 'A human-readable description of the warning code.'
+              output: true
   - !ruby/object:Api::Resource
     name: 'Subnetwork'
     kind: 'compute#subnetwork'
@@ -2723,6 +2821,19 @@ objects:
         required: true
         update_verb: :POST
         update_url: 'projects/{{project}}/targetHttpsProxies/{{name}}/setUrlMap'
+      - !ruby/object:Api::Type::ResourceRef
+        name: 'sslPolicy'
+        # TODO(https://github.com/GoogleCloudPlatform/magic-modules/issues/173): Enable
+        exclude: true
+        resource: 'SslPolicy'
+        imports: 'selfLink'
+        description: |
+          A reference to the SslPolicy resource that will be associated with
+          the TargetHttpsProxy resource. If not set, the TargetHttpsProxy
+          resource will not have any SSL policy configured.
+        update_verb: :POST
+        update_url:
+          'projects/{{project}}/global/targetHttpsProxies/{{name}}/setSslPolicy'
   - !ruby/object:Api::Resource
     name: 'TargetPool'
     kind: 'compute#targetPool'

products/compute/terraform.yaml

@@ -317,6 +317,8 @@ overrides: !ruby/object:Provider::ResourceOverrides
     properties:
       id: !ruby/object:Provider::Terraform::PropertyOverride
         name: proxyId
+      sslPolicy: !ruby/object:Provider::Terraform::PropertyOverride
+        exclude: false
   TargetPool: !ruby/object:Provider::Terraform::ResourceOverride
     exclude: true
   TargetSslProxy: !ruby/object:Provider::Terraform::ResourceOverride

templates/terraform/tests/resource_compute_target_https_proxy_test.go

@@ -156,6 +156,7 @@ resource "google_compute_target_https_proxy" "foobar" {
 	name = "httpsproxy-test-%s"
 	url_map = "${google_compute_url_map.foobar.self_link}"
 	ssl_certificates = ["${google_compute_ssl_certificate.foobar1.self_link}"]
+	ssl_policy = "${google_compute_ssl_policy.foobar.self_link}"
 }
 
 resource "google_compute_backend_service" "foobar" {
@@ -192,6 +193,13 @@ resource "google_compute_url_map" "foobar" {
 	}
 }
 
+resource "google_compute_ssl_policy" "foobar" {
+	name            = "sslproxy-test-%s"
+	description     = "my-description"
+	min_tls_version = "TLS_1_2"
+	profile         = "MODERN"
+}
+
 resource "google_compute_ssl_certificate" "foobar1" {
 	name = "httpsproxy-test-cert1-%s"
 	description = "very descriptive"
@@ -205,7 +213,7 @@ resource "google_compute_ssl_certificate" "foobar2" {
 	private_key = "${file("test-fixtures/ssl_cert/test.key")}"
 	certificate = "${file("test-fixtures/ssl_cert/test.crt")}"
 }
-`, id, id, id, id, id, id)
+`, id, id, id, id, id, id, id)
 }
 
 func testAccComputeTargetHttpsProxy_basic2(id string) string {
@@ -254,6 +262,13 @@ resource "google_compute_url_map" "foobar" {
 	}
 }
 
+resource "google_compute_ssl_policy" "foobar" {
+	name            = "sslproxy-test-%s"
+	description     = "my-description"
+	min_tls_version = "TLS_1_2"
+	profile         = "MODERN"
+}
+
 resource "google_compute_ssl_certificate" "foobar1" {
 	name = "httpsproxy-test-cert1-%s"
 	description = "very descriptive"
@@ -267,5 +282,5 @@ resource "google_compute_ssl_certificate" "foobar2" {
 	private_key = "${file("test-fixtures/ssl_cert/test.key")}"
 	certificate = "${file("test-fixtures/ssl_cert/test.crt")}"
 }
-`, id, id, id, id, id, id)
+`, id, id, id, id, id, id, id)
 }