diff --git a/mmv1/third_party/terraform/resources/resource_cloudfunctions_function.go b/mmv1/third_party/terraform/resources/resource_cloudfunctions_function.go index 8bb860275d52..ca7baa1a296f 100644 --- a/mmv1/third_party/terraform/resources/resource_cloudfunctions_function.go +++ b/mmv1/third_party/terraform/resources/resource_cloudfunctions_function.go @@ -297,6 +297,13 @@ func resourceCloudFunctionsFunction() *schema.Resource { Description: `URL which triggers function execution. Returned only if trigger_http is used.`, }, + "https_trigger_security_level": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: `The security level for the function. Defaults to SECURE_OPTIONAL. Valid only if trigger_http is used.`, + }, + "max_instances": { Type: schema.TypeInt, Optional: true, @@ -481,6 +488,7 @@ func resourceCloudFunctionsCreate(d *schema.ResourceData, meta interface{}) erro function.EventTrigger = expandEventTrigger(v.([]interface{}), project) } else if v, ok := d.GetOk("trigger_http"); ok && v.(bool) { function.HttpsTrigger = &cloudfunctions.HttpsTrigger{} + function.HttpsTrigger.SecurityLevel = d.Get("https_trigger_security_level").(string) } else { return fmt.Errorf("One of `event_trigger` or `trigger_http` is required: " + "You must specify a trigger when deploying a new function.") @@ -644,6 +652,9 @@ func resourceCloudFunctionsRead(d *schema.ResourceData, meta interface{}) error if err := d.Set("https_trigger_url", function.HttpsTrigger.Url); err != nil { return fmt.Errorf("Error setting https_trigger_url: %s", err) } + if err := d.Set("https_trigger_security_level", function.HttpsTrigger.SecurityLevel); err != nil { + return fmt.Errorf("Error setting https_trigger_security_level: %s", err) + } } if err := d.Set("event_trigger", flattenEventTrigger(function.EventTrigger)); err != nil { @@ -780,6 +791,11 @@ func resourceCloudFunctionsUpdate(d *schema.ResourceData, meta interface{}) erro updateMaskArr = append(updateMaskArr, "eventTrigger", "eventTrigger.failurePolicy.retry") } + if d.HasChange("https_trigger_security_level") { + function.HttpsTrigger.SecurityLevel = d.Get("https_trigger_security_level").(string) + updateMaskArr = append(updateMaskArr, "httpsTrigger", "httpsTrigger.securityLevel") + } + if d.HasChange("docker_repository") { function.Runtime = d.Get("docker_repository").(string) updateMaskArr = append(updateMaskArr, "dockerRepository") diff --git a/mmv1/third_party/terraform/tests/resource_cloudfunctions_function_test.go.erb b/mmv1/third_party/terraform/tests/resource_cloudfunctions_function_test.go.erb index c9626175a7bf..604be2186ba5 100644 --- a/mmv1/third_party/terraform/tests/resource_cloudfunctions_function_test.go.erb +++ b/mmv1/third_party/terraform/tests/resource_cloudfunctions_function_test.go.erb @@ -791,16 +791,17 @@ resource "google_storage_bucket_object" "archive" { } resource "google_cloudfunctions_function" "function" { - name = "%s" - description = "test function updated" - available_memory_mb = 256 - source_archive_bucket = google_storage_bucket.bucket.name - source_archive_object = google_storage_bucket_object.archive.name - trigger_http = true - runtime = "nodejs10" - timeout = 91 - entry_point = "helloGET" - ingress_settings = "ALLOW_ALL" + name = "%s" + description = "test function updated" + available_memory_mb = 256 + source_archive_bucket = google_storage_bucket.bucket.name + source_archive_object = google_storage_bucket_object.archive.name + trigger_http = true + https_trigger_security_level = "SECURE_ALWAYS" + runtime = "nodejs10" + timeout = 91 + entry_point = "helloGET" + ingress_settings = "ALLOW_ALL" labels = { my-label = "my-updated-label-value" a-new-label = "a-new-label-value"