hashicorp · modular-magician · Sep 20, 2022 · Sep 20, 2022
@@ -0,0 +1,3 @@
+```release-note:enhancement
+compute: added `json_custom_config` field to `google_compute_security_policy` resource
+```
@@ -324,6 +324,23 @@ func resourceComputeSecurityPolicy() *schema.Resource {
 							ValidateFunc: validation.StringInSlice([]string{"DISABLED", "STANDARD"}, false),
 							Description:  `JSON body parsing. Supported values include: "DISABLED", "STANDARD".`,
 						},
+						"json_custom_config": {
+							Type:        schema.TypeList,
+							Optional:    true,
+							Computed:    true,
+							Description: `Custom configuration to apply the JSON parsing. Only applicable when JSON parsing is set to STANDARD.`,
+							MaxItems:    1,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"content_types": {
+										Type:        schema.TypeSet,
+										Required:    true,
+										Elem:        &schema.Schema{Type: schema.TypeString},
+										Description: `A list of custom Content-Type header values to apply the JSON parsing.`,
+									},
+								},
+							},
+						},
 						"log_level": {
 							Type:         schema.TypeString,
 							Optional:     true,
@@ -530,7 +547,7 @@ func resourceComputeSecurityPolicyUpdate(d *schema.ResourceData, meta interface{
 
 	if d.HasChange("advanced_options_config") {
 		securityPolicy.AdvancedOptionsConfig = expandSecurityPolicyAdvancedOptionsConfig(d.Get("advanced_options_config").([]interface{}))
-		securityPolicy.ForceSendFields = append(securityPolicy.ForceSendFields, "AdvancedOptionsConfig", "advancedOptionsConfig.jsonParsing", "advancedOptionsConfig.logLevel")
+		securityPolicy.ForceSendFields = append(securityPolicy.ForceSendFields, "AdvancedOptionsConfig", "advancedOptionsConfig.jsonParsing", "advancedOptionsConfig.jsonCustomConfig", "advancedOptionsConfig.logLevel")
 	}
 
 	if d.HasChange("adaptive_protection_config") {
@@ -778,8 +795,9 @@ func expandSecurityPolicyAdvancedOptionsConfig(configured []interface{}) *comput
 
 	data := configured[0].(map[string]interface{})
 	return &compute.SecurityPolicyAdvancedOptionsConfig{
-		JsonParsing: data["json_parsing"].(string),
-		LogLevel:    data["log_level"].(string),
+		JsonParsing:      data["json_parsing"].(string),
+		JsonCustomConfig: expandSecurityPolicyAdvancedOptionsConfigJsonCustomConfig(data["json_custom_config"].([]interface{})),
+		LogLevel:         data["log_level"].(string),
 	}
 }
 
@@ -789,8 +807,33 @@ func flattenSecurityPolicyAdvancedOptionsConfig(conf *compute.SecurityPolicyAdva
 	}
 
 	data := map[string]interface{}{
-		"json_parsing": conf.JsonParsing,
-		"log_level":    conf.LogLevel,
+		"json_parsing":       conf.JsonParsing,
+		"json_custom_config": flattenSecurityPolicyAdvancedOptionsConfigJsonCustomConfig(conf.JsonCustomConfig),
+		"log_level":          conf.LogLevel,
+	}
+
+	return []map[string]interface{}{data}
+}
+
+func expandSecurityPolicyAdvancedOptionsConfigJsonCustomConfig(configured []interface{}) *compute.SecurityPolicyAdvancedOptionsConfigJsonCustomConfig {
+	if len(configured) == 0 || configured[0] == nil {
+		// If configuration is unset, return an empty JsonCustomConfig; this ensures the ContentTypes list can be cleared
+		return &compute.SecurityPolicyAdvancedOptionsConfigJsonCustomConfig{}
+	}
+
+	data := configured[0].(map[string]interface{})
+	return &compute.SecurityPolicyAdvancedOptionsConfigJsonCustomConfig{
+		ContentTypes: convertStringArr(data["content_types"].(*schema.Set).List()),
+	}
+}
+
+func flattenSecurityPolicyAdvancedOptionsConfigJsonCustomConfig(conf *compute.SecurityPolicyAdvancedOptionsConfigJsonCustomConfig) []map[string]interface{} {
+	if conf == nil {
+		return nil
+	}
+
+	data := map[string]interface{}{
+		"content_types": schema.NewSet(schema.HashString, convertStringArrToInterface(conf.ContentTypes)),
 	}
 
 	return []map[string]interface{}{data}

@@ -423,6 +423,14 @@ resource "google_compute_security_policy" "policy" {
 
   advanced_options_config {
     json_parsing = "STANDARD"
+    json_custom_config {
+      content_types = [
+        "application/json",
+        "application/vnd.api+json",
+        "application/vnd.collection+json",
+        "application/vnd.hyper+json"
+      ]
+    }
     log_level    = "VERBOSE"
   }
 }

@@ -63,25 +63,36 @@ The following arguments are supported:
     security policy, a default rule with action "allow" will be added. Structure is [documented below](#nested_rule).
 
 * `advanced_options_config` - (Optional) [Advanced Configuration Options](https://cloud.google.com/armor/docs/security-policy-overview#json-parsing).
+    Structure is [documented below](#nested_advanced_options_config).
+
+* `adaptive_protection_config` - (Optional) Configuration for [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview?hl=en). Structure is [documented below](#nested_adaptive_protection_config).
+
+* `type` - The type indicates the intended use of the security policy.
+  * CLOUD_ARMOR - Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services.
+    They filter requests before they hit the origin servers.
+  * CLOUD_ARMOR_EDGE - Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services
+    (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage).
+    They filter requests before the request is served from Google's cache.
 
 <a name="nested_advanced_options_config"></a>The `advanced_options_config` block supports:
 
 * `json_parsing` - Whether or not to JSON parse the payload body. Defaults to `DISABLED`.
   * DISABLED - Don't parse JSON payloads in POST bodies.
   * STANDARD - Parse JSON payloads in POST bodies.
 
+* `json_custom_config` - Custom configuration to apply the JSON parsing. Only applicable when
+    `json_parsing` is set to `STANDARD`. Structure is [documented below](#nested_json_custom_config).
+
 * `log_level` - Log level to use. Defaults to `NORMAL`.
   * NORMAL - Normal log level.
   * VERBOSE - Verbose log level.
 
-* `adaptive_protection_config` - (Optional) Configuration for [Google Cloud Armor Adaptive Protection](https://cloud.google.com/armor/docs/adaptive-protection-overview?hl=en). Structure is [documented below](#nested_adaptive_protection_config).
+<a name="nested_json_custom_config"></a>The `json_custom_config` block supports:
 
-* `type` - The type indicates the intended use of the security policy.
-  * CLOUD_ARMOR - Cloud Armor backend security policies can be configured to filter incoming HTTP requests targeting backend services.
-    They filter requests before they hit the origin servers.
-  * CLOUD_ARMOR_EDGE - Cloud Armor edge security policies can be configured to filter incoming HTTP requests targeting backend services
-    (including Cloud CDN-enabled) as well as backend buckets (Cloud Storage).
-    They filter requests before the request is served from Google's cache.
+* `content_types` - A list of custom Content-Type header values to apply the JSON parsing. The
+    format of the Content-Type header values is defined in
+    [RFC 1341](https://www.ietf.org/rfc/rfc1341.txt). When configuring a custom Content-Type header
+    value, only the type/subtype needs to be specified, and the parameters should be excluded.
 
 <a name="nested_rule"></a>The `rule` block supports: