add https_trigger_security_level to cloudfunction_function (#6007) (#11672)

modular-magician · web-flow · commit 8fa4d0199940 · 2022-05-09T12:36:07.000-07:00
* add https_trigger_security_level to cloudfunction_function

* remove default, make O+C

Signed-off-by: Modular Magician &lt;magic-modules@google.com&gt;
diff --git a/.changelog/6007.txt b/.changelog/6007.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+cloudfunctions: added `https_trigger_security_level` to `google_cloudfunctions_function`
+```
diff --git a/google/resource_clouddeploy_target_generated_test.go b/google/resource_clouddeploy_target_generated_test.go
@@ -267,9 +267,9 @@ resource "google_clouddeploy_target" "primary" {
   }
 
   labels = {
-    my_second_label = "updated-example-label-2"
-
     my_third_label = "example-label-3"
+
+    my_second_label = "updated-example-label-2"
   }
 
   project          = "%{project_name}"
diff --git a/google/resource_cloudfunctions_function.go b/google/resource_cloudfunctions_function.go
@@ -297,6 +297,13 @@ func resourceCloudFunctionsFunction() *schema.Resource {
 				Description: `URL which triggers function execution. Returned only if trigger_http is used.`,
 			},
 
+			"https_trigger_security_level": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Computed:    true,
+				Description: `The security level for the function. Defaults to SECURE_OPTIONAL. Valid only if trigger_http is used.`,
+			},
+
 			"max_instances": {
 				Type:         schema.TypeInt,
 				Optional:     true,
@@ -481,6 +488,7 @@ func resourceCloudFunctionsCreate(d *schema.ResourceData, meta interface{}) erro
 		function.EventTrigger = expandEventTrigger(v.([]interface{}), project)
 	} else if v, ok := d.GetOk("trigger_http"); ok && v.(bool) {
 		function.HttpsTrigger = &cloudfunctions.HttpsTrigger{}
+		function.HttpsTrigger.SecurityLevel = d.Get("https_trigger_security_level").(string)
 	} else {
 		return fmt.Errorf("One of `event_trigger` or `trigger_http` is required: " +
 			"You must specify a trigger when deploying a new function.")
@@ -644,6 +652,9 @@ func resourceCloudFunctionsRead(d *schema.ResourceData, meta interface{}) error
 		if err := d.Set("https_trigger_url", function.HttpsTrigger.Url); err != nil {
 			return fmt.Errorf("Error setting https_trigger_url: %s", err)
 		}
+		if err := d.Set("https_trigger_security_level", function.HttpsTrigger.SecurityLevel); err != nil {
+			return fmt.Errorf("Error setting https_trigger_security_level: %s", err)
+		}
 	}
 
 	if err := d.Set("event_trigger", flattenEventTrigger(function.EventTrigger)); err != nil {
@@ -780,6 +791,11 @@ func resourceCloudFunctionsUpdate(d *schema.ResourceData, meta interface{}) erro
 		updateMaskArr = append(updateMaskArr, "eventTrigger", "eventTrigger.failurePolicy.retry")
 	}
 
+	if d.HasChange("https_trigger_security_level") {
+		function.HttpsTrigger.SecurityLevel = d.Get("https_trigger_security_level").(string)
+		updateMaskArr = append(updateMaskArr, "httpsTrigger", "httpsTrigger.securityLevel")
+	}
+
 	if d.HasChange("docker_repository") {
 		function.Runtime = d.Get("docker_repository").(string)
 		updateMaskArr = append(updateMaskArr, "dockerRepository")
diff --git a/google/resource_cloudfunctions_function_test.go b/google/resource_cloudfunctions_function_test.go
@@ -731,16 +731,17 @@ resource "google_storage_bucket_object" "archive" {
 }
 
 resource "google_cloudfunctions_function" "function" {
-  name                  = "%s"
-  description           = "test function updated"
-  available_memory_mb   = 256
-  source_archive_bucket = google_storage_bucket.bucket.name
-  source_archive_object = google_storage_bucket_object.archive.name
-  trigger_http          = true
-  runtime               = "nodejs10"
-  timeout               = 91
-  entry_point           = "helloGET"
-  ingress_settings      = "ALLOW_ALL"
+  name                         = "%s"
+  description                  = "test function updated"
+  available_memory_mb          = 256
+  source_archive_bucket        = google_storage_bucket.bucket.name
+  source_archive_object        = google_storage_bucket_object.archive.name
+  trigger_http                 = true
+  https_trigger_security_level = "SECURE_ALWAYS"
+  runtime                      = "nodejs10"
+  timeout                      = 91
+  entry_point                  = "helloGET"
+  ingress_settings             = "ALLOW_ALL"
   labels = {
     my-label    = "my-updated-label-value"
     a-new-label = "a-new-label-value"
diff --git a/website/docs/r/clouddeploy_delivery_pipeline.html.markdown b/website/docs/r/clouddeploy_delivery_pipeline.html.markdown
@@ -41,9 +41,9 @@ resource "google_clouddeploy_delivery_pipeline" "primary" {
   description = "basic description"
 
   labels = {
-    my_second_label = "example-label-2"
-
     my_first_label = "example-label-1"
+
+    my_second_label = "example-label-2"
   }
 
   project = "my-project-name"

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	+```release-note:enhancement
	`2`	+cloudfunctions: added `https_trigger_security_level` to `google_cloudfunctions_function`
	`3`	+```
Original file line number	Diff line number	Diff line change
`@@ -267,9 +267,9 @@ resource "google_clouddeploy_target" "primary" {`
`267`	`267`	`}`
`268`	`268`
`269`	`269`	`labels = {`
`270`		`- my_second_label = "updated-example-label-2"`
`271`		`-`
`272`	`270`	`my_third_label = "example-label-3"`
	`271`	`+`
	`272`	`+ my_second_label = "updated-example-label-2"`
`273`	`273`	`}`
`274`	`274`
`275`	`275`	`project = "%{project_name}"`