promote security policy args to ga (#6258)

* promote sec policy args to ga

* update `adaptive_protection_config`

* add enum to `type`

* enum enforce_on_key

* redundent

mmv1/third_party/terraform/resources/resource_compute_security_policy.go.erb

@@ -63,6 +63,7 @@ func resourceComputeSecurityPolicy() *schema.Resource {
 				Optional:    true,
 				Computed:    true,
 				Description: `The type indicates the intended use of the security policy. CLOUD_ARMOR - Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services. They filter requests before they hit the origin servers. CLOUD_ARMOR_EDGE - Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage). They filter requests before the request is served from Google's cache.`,
+				ValidateFunc: validation.StringInSlice([]string{"CLOUD_ARMOR", "CLOUD_ARMOR_EDGE", "CLOUD_ARMOR_INTERNAL_SERVICE"}, false),
 			},
 
 			"rule": {
@@ -163,7 +164,6 @@ func resourceComputeSecurityPolicy() *schema.Resource {
 							Description: `When set to true, the action specified above is not enforced. Stackdriver logs for requests that trigger a preview action are annotated as such.`,
 						},
 
-					<% unless version == 'ga' -%>
 						"rate_limit_options": {
 							Type:        schema.TypeList,
 							Optional:    true,
@@ -212,6 +212,7 @@ func resourceComputeSecurityPolicy() *schema.Resource {
 										Optional:     true,
 										Default:      "ALL",
 										Description:  `Determines the key to enforce the rateLimitThreshold on`,
+										ValidateFunc: validation.StringInSlice([]string{"ALL", "IP", "HTTP_HEADER", "XFF_IP", "HTTP_COOKIE"}, false),
 									},
 
 									"enforce_on_key_name": {
@@ -296,7 +297,6 @@ func resourceComputeSecurityPolicy() *schema.Resource {
 							},
 							Description: `Parameters defining the redirect action. Cannot be specified for any other actions.`,
 						},
-					<% end -%>
 					},
 				},
 				Description: `The set of rules that belong to this policy. There must always be a default rule (rule with priority 2147483647 and match "*"). If no rules are provided when creating a security policy, a default rule with action "allow" will be added.`,
@@ -340,7 +340,6 @@ func resourceComputeSecurityPolicy() *schema.Resource {
 				},
 			},
 
-		<%- unless version == 'ga' -%>
 			"adaptive_protection_config": {
 				Type: schema.TypeList,
 				Optional: true,
@@ -373,7 +372,6 @@ func resourceComputeSecurityPolicy() *schema.Resource {
 					},
 				},
 			},
-	<% end -%>
 		},
 
 		UseJSONNumber: true,
@@ -426,19 +424,13 @@ func resourceComputeSecurityPolicyCreate(d *schema.ResourceData, meta interface{
 		securityPolicy.AdvancedOptionsConfig = expandSecurityPolicyAdvancedOptionsConfig(v.([]interface{}))
 	}
 
-<% unless version == 'ga' -%>
 	if v, ok := d.GetOk("adaptive_protection_config"); ok{
 		securityPolicy.AdaptiveProtectionConfig = expandSecurityPolicyAdaptiveProtectionConfig(v.([]interface{}))
 	}
-<% end -%>
 
 	log.Printf("[DEBUG] SecurityPolicy insert request: %#v", securityPolicy)
 
-<% if version == 'ga' -%>
 	client := config.NewComputeClient(userAgent)
-<% else -%>
-	client := config.NewComputeClient(userAgent)
-<% end -%>
 
 	op, err := client.SecurityPolicies.Insert(project, securityPolicy).Do()
 
@@ -474,11 +466,7 @@ func resourceComputeSecurityPolicyRead(d *schema.ResourceData, meta interface{})
 
 	sp := d.Get("name").(string)
 
-<% if version == 'ga' -%>
-	client := config.NewComputeClient(userAgent)
-<% else -%>
 	client := config.NewComputeClient(userAgent)
-<% end -%>
 
 	securityPolicy, err := client.SecurityPolicies.Get(project, sp).Do()
 	if err != nil {
@@ -510,11 +498,9 @@ func resourceComputeSecurityPolicyRead(d *schema.ResourceData, meta interface{})
 		return fmt.Errorf("Error setting advanced_options_config: %s", err)
 	}
 
-<% unless version == 'ga' -%>
 	if err := d.Set("adaptive_protection_config", flattenSecurityPolicyAdaptiveProtectionConfig(securityPolicy.AdaptiveProtectionConfig)); err != nil {
 		return fmt.Errorf("Error setting adaptive_protection_config: %s", err)
 	}
-<% end -%>
 
 	return nil
 }
@@ -553,6 +539,11 @@ func resourceComputeSecurityPolicyUpdate(d *schema.ResourceData, meta interface{
 		securityPolicy.ForceSendFields = append(securityPolicy.ForceSendFields, "AdvancedOptionsConfig", "advancedOptionsConfig.jsonParsing", "advancedOptionsConfig.logLevel")
 	}
 
+	if d.HasChange("adaptive_protection_config") {
+		securityPolicy.AdaptiveProtectionConfig = expandSecurityPolicyAdaptiveProtectionConfig(d.Get("adaptive_protection_config").([]interface{}))
+		securityPolicy.ForceSendFields = append(securityPolicy.ForceSendFields, "AdaptiveProtectionConfig", "adaptiveProtectionConfig.layer7DdosDefenseConfig.enable", "adaptiveProtectionConfig.layer7DdosDefenseConfig.ruleVisibility")
+	}
+
 	if len(securityPolicy.ForceSendFields) > 0 {
 		client := config.NewComputeClient(userAgent)
 
@@ -661,11 +652,7 @@ func resourceComputeSecurityPolicyDelete(d *schema.ResourceData, meta interface{
 		return err
 	}
 
-<% if version == 'ga' -%>
 	client := config.NewComputeClient(userAgent)
-<% else -%>
-	client := config.NewComputeClient(userAgent)
-<% end -%>
 
 	// Delete the SecurityPolicy
 	op, err := client.SecurityPolicies.Delete(project, d.Get("name").(string)).Do()
@@ -698,10 +685,8 @@ func expandSecurityPolicyRule(raw interface{}) *compute.SecurityPolicyRule {
 		Action:          	data["action"].(string),
 		Preview:         	data["preview"].(bool),
 		Match:           	expandSecurityPolicyMatch(data["match"].([]interface{})),
-	<% unless version == 'ga' -%>
 		RateLimitOptions:	expandSecurityPolicyRuleRateLimitOptions(data["rate_limit_options"].([]interface{})),
 		RedirectOptions:        expandSecurityPolicyRuleRedirectOptions(data["redirect_options"].([]interface{})),
-	<% end -%>
 		ForceSendFields: 	[]string{"Description", "Preview"},
 	}
 }
@@ -754,10 +739,8 @@ func flattenSecurityPolicyRules(rules []*compute.SecurityPolicyRule) []map[strin
 			"action":      		rule.Action,
 			"preview":     		rule.Preview,
 			"match":       		flattenMatch(rule.Match),
-		<% unless version == 'ga' -%>
 			"rate_limit_options":	flattenSecurityPolicyRuleRateLimitOptions(rule.RateLimitOptions),
 			"redirect_options":     flattenSecurityPolicyRedirectOptions(rule.RedirectOptions),
-		<% end -%>
 		}
 
 		rulesSchema = append(rulesSchema, data)
@@ -832,7 +815,6 @@ func flattenSecurityPolicyAdvancedOptionsConfig(conf *compute.SecurityPolicyAdva
 	return []map[string]interface{}{data}
 }
 
-<% unless version == 'ga' -%>
 func expandSecurityPolicyAdaptiveProtectionConfig(configured []interface{}) *compute.SecurityPolicyAdaptiveProtectionConfig {
 	if len(configured) == 0 || configured[0] == nil {
 		return nil
@@ -880,9 +862,7 @@ func flattenLayer7DdosDefenseConfig(conf *compute.SecurityPolicyAdaptiveProtecti
 
 	return []map[string]interface{}{data}
 }
-<% end -%>
 
-<% unless version == 'ga' -%>
 func expandSecurityPolicyRuleRateLimitOptions(configured []interface{}) *compute.SecurityPolicyRuleRateLimitOptions {
 	if len(configured) == 0 || configured[0] == nil {
 		return nil
@@ -969,7 +949,6 @@ func flattenSecurityPolicyRedirectOptions(conf *compute.SecurityPolicyRuleRedire
 
 	return []map[string]interface{}{data}
 }
-<% end -%>
 
 func resourceSecurityPolicyStateImporter(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) {
 	config := meta.(*Config)

mmv1/third_party/terraform/tests/resource_compute_security_policy_test.go.erb

@@ -54,7 +54,6 @@ func TestAccComputeSecurityPolicy_withRule(t *testing.T) {
 	})
 }
 
-<% unless version == 'ga' -%>
 func TestAccComputeSecurityPolicy_withRuleExpr(t *testing.T) {
 	t.Parallel()
 
@@ -76,7 +75,6 @@ func TestAccComputeSecurityPolicy_withRuleExpr(t *testing.T) {
 		},
 	})
 }
-<% end -%>
 
 func TestAccComputeSecurityPolicy_update(t *testing.T) {
 	t.Parallel()
@@ -162,7 +160,6 @@ func TestAccComputeSecurityPolicy_withAdvancedOptionsConfig(t *testing.T) {
 	})
 }
 
-<% unless version == 'ga' -%>
 func TestAccComputeSecurityPolicy_withAdaptiveProtection(t *testing.T) {
 	t.Parallel()
 
@@ -184,9 +181,7 @@ func TestAccComputeSecurityPolicy_withAdaptiveProtection(t *testing.T) {
 		},
 	})
 }
-<% end -%>
 
-<% unless version == 'ga' -%>
 func TestAccComputeSecurityPolicy_withRateLimitOptions(t *testing.T) {
 	t.Parallel()
 
@@ -230,7 +225,6 @@ func TestAccComputeSecurityPolicy_withRateLimitWithRedirectOptions(t *testing.T)
 		},
 	})
 }
-<% end -%>
 
 func testAccCheckComputeSecurityPolicyDestroyProducer(t *testing.T) func(s *terraform.State) error {
 	return func(s *terraform.State) error {
@@ -389,7 +383,6 @@ resource "google_compute_security_policy" "policy" {
 `, spName)
 }
 
-<% unless version == 'ga' -%>
 func testAccComputeSecurityPolicy_withRuleExpr(spName string) string {
 	return fmt.Sprintf(`
 resource "google_compute_security_policy" "policy" {
@@ -423,7 +416,6 @@ resource "google_compute_security_policy" "policy" {
 }
 `, spName)
 }
-<% end -%>
 
 func testAccComputeSecurityPolicy_withAdvancedOptionsConfig(spName string) string {
 	return fmt.Sprintf(`
@@ -439,7 +431,6 @@ resource "google_compute_security_policy" "policy" {
 `, spName)
 }
 
-<% unless version == 'ga' -%>
 func testAccComputeSecurityPolicy_withAdaptiveProtection(spName string) string {
 	return fmt.Sprintf(`
 resource "google_compute_security_policy" "policy" {
@@ -455,9 +446,7 @@ resource "google_compute_security_policy" "policy" {
 }
 `, spName)
 }
-<% end -%>
 
-<% unless version == 'ga' -%>
 func testAccComputeSecurityPolicy_withRateLimitOptions(spName string) string {
 	return fmt.Sprintf(`
 resource "google_compute_security_policy" "policy" {
@@ -548,9 +537,7 @@ resource "google_compute_security_policy" "policy" {
 `, spName)
 }
 
-<% end -%>
 
-<% unless version == 'ga' -%>
 func TestAccComputeSecurityPolicy_withRedirectOptionsRecaptcha(t *testing.T) {
 	t.Parallel()
 
@@ -671,4 +658,3 @@ resource "google_compute_security_policy" "policy" {
 }
 `, spName)
 }
-<% end -%>

mmv1/third_party/terraform/website/docs/r/compute_security_policy.html.markdown

@@ -76,7 +76,7 @@ The following arguments are supported:
   * NORMAL - Normal log level.
   * VERBOSE - Verbose log level.
 
-* `adaptive_protection_config` - (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html)) Configuration for [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview?hl=en). Structure is [documented below](#nested_adaptive_protection_config).
+* `adaptive_protection_config` - (Optional) Configuration for [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview?hl=en). Structure is [documented below](#nested_adaptive_protection_config).
 
 * `type` - The type indicates the intended use of the security policy.
   * CLOUD_ARMOR - Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services.
@@ -105,10 +105,10 @@ The following arguments are supported:
 * `preview` - (Optional) When set to true, the `action` specified above is not enforced.
     Stackdriver logs for requests that trigger a preview action are annotated as such.
 
-* `rate_limit_options` - (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
+* `rate_limit_options` - (Optional)
     Must be specified if the `action` is "rate_based_bad" or "throttle". Cannot be specified for other actions. Structure is [documented below](#nested_rate_limit_options).
 
-* `redirect_options` - (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
+* `redirect_options` - (Optional)
     Can be specified if the `action` is "redirect". Cannot be specified for other actions. Structure is [documented below](#nested_redirect_options).
 
 <a name="nested_match"></a>The `match` block supports:
@@ -179,13 +179,13 @@ The following arguments are supported:
 
 <a name="nested_adaptive_protection_config"></a>The `adaptive_protection_config` block supports:
 
-* `layer_7_ddos_defense_config` - (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html)) Configuration for [Google Cloud Armor Adaptive Protection Layer 7 DDoS Defense](https://cloud.google.com/armor/docs/adaptive-protection-overview?hl=en). Structure is [documented below](#nested_layer_7_ddos_defense_config).
+* `layer_7_ddos_defense_config` - (Optional) Configuration for [Google Cloud Armor Adaptive Protection Layer 7 DDoS Defense](https://cloud.google.com/armor/docs/adaptive-protection-overview?hl=en). Structure is [documented below](#nested_layer_7_ddos_defense_config).
 
 <a name="nested_layer_7_ddos_defense_config"></a>The `layer_7_ddos_defense_config` block supports:
 
-* `enable` - (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html)) If set to true, enables CAAP for L7 DDoS detection.
+* `enable` - (Optional) If set to true, enables CAAP for L7 DDoS detection.
 
-* `rule_visibility` - (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html)) Rule visibility can be one of the following: STANDARD - opaque rules. (default) PREMIUM - transparent rules.
+* `rule_visibility` - (Optional) Rule visibility can be one of the following: STANDARD - opaque rules. (default) PREMIUM - transparent rules.
 
 ## Attributes Reference