Revert "Add bac to backend service" (#13378) (#21895)

[upstream:c85d0cebdd541ae553de2e90d4535cd863cbf855]

Signed-off-by: Modular Magician <[email protected]>

Author: modular-magician

.changelog/13378.txt

@@ -0,0 +1,3 @@
+```release-note:breaking-change
+compute: remove tlsSettings from `google_compute_backend_service` (revert)
+```

google/services/compute/resource_compute_backend_service.go

@@ -1204,56 +1204,6 @@ For more information see, [Backend service settings](https://cloud.google.com/co
 The default is 30 seconds.
 The full range of timeout values allowed goes from 1 through 2,147,483,647 seconds.`,
 			},
-			"tls_settings": {
-				Type:        schema.TypeList,
-				Optional:    true,
-				Description: `Configuration for Backend Authenticated TLS and mTLS. May only be specified when the backend protocol is SSL, HTTPS or HTTP2.`,
-				MaxItems:    1,
-				Elem: &schema.Resource{
-					Schema: map[string]*schema.Schema{
-						"authentication_config": {
-							Type:     schema.TypeString,
-							Optional: true,
-							Description: `Reference to the BackendAuthenticationConfig resource from the networksecurity.googleapis.com namespace.
-Can be used in authenticating TLS connections to the backend, as specified by the authenticationMode field.
-Can only be specified if authenticationMode is not NONE.`,
-						},
-						"sni": {
-							Type:     schema.TypeString,
-							Optional: true,
-							Description: `Server Name Indication - see RFC3546 section 3.1. If set, the load balancer sends this string as the SNI hostname in the
-TLS connection to the backend, and requires that this string match a Subject Alternative Name (SAN) in the backend's
-server certificate. With a Regional Internet NEG backend, if the SNI is specified here, the load balancer uses it
-regardless of whether the Regional Internet NEG is specified with FQDN or IP address and port.`,
-						},
-						"subject_alt_names": {
-							Type:     schema.TypeList,
-							Optional: true,
-							Description: `A list of Subject Alternative Names (SANs) that the Load Balancer verifies during a TLS handshake with the backend.
-When the server presents its X.509 certificate to the Load Balancer, the Load Balancer inspects the certificate's SAN field,
-and requires that at least one SAN match one of the subjectAltNames in the list. This field is limited to 5 entries.
-When both sni and subjectAltNames are specified, the load balancer matches the backend certificate's SAN only to
-subjectAltNames.`,
-							Elem: &schema.Resource{
-								Schema: map[string]*schema.Schema{
-									"dns_name": {
-										Type:         schema.TypeString,
-										Optional:     true,
-										Description:  `The SAN specified as a DNS Name.`,
-										ExactlyOneOf: []string{},
-									},
-									"uniform_resource_identifier": {
-										Type:         schema.TypeString,
-										Optional:     true,
-										Description:  `The SAN specified as a URI.`,
-										ExactlyOneOf: []string{},
-									},
-								},
-							},
-						},
-					},
-				},
-			},
 			"creation_timestamp": {
 				Type:        schema.TypeString,
 				Computed:    true,
@@ -1646,12 +1596,6 @@ func resourceComputeBackendServiceCreate(d *schema.ResourceData, meta interface{
 	} else if v, ok := d.GetOkExists("service_lb_policy"); !tpgresource.IsEmptyValue(reflect.ValueOf(serviceLbPolicyProp)) && (ok || !reflect.DeepEqual(v, serviceLbPolicyProp)) {
 		obj["serviceLbPolicy"] = serviceLbPolicyProp
 	}
-	tlsSettingsProp, err := expandComputeBackendServiceTlsSettings(d.Get("tls_settings"), d, config)
-	if err != nil {
-		return err
-	} else if v, ok := d.GetOkExists("tls_settings"); !tpgresource.IsEmptyValue(reflect.ValueOf(tlsSettingsProp)) && (ok || !reflect.DeepEqual(v, tlsSettingsProp)) {
-		obj["tlsSettings"] = tlsSettingsProp
-	}
 
 	obj, err = resourceComputeBackendServiceEncoder(d, meta, obj)
 	if err != nil {
@@ -1918,9 +1862,6 @@ func resourceComputeBackendServiceRead(d *schema.ResourceData, meta interface{})
 	if err := d.Set("service_lb_policy", flattenComputeBackendServiceServiceLbPolicy(res["serviceLbPolicy"], d, config)); err != nil {
 		return fmt.Errorf("Error reading BackendService: %s", err)
 	}
-	if err := d.Set("tls_settings", flattenComputeBackendServiceTlsSettings(res["tlsSettings"], d, config)); err != nil {
-		return fmt.Errorf("Error reading BackendService: %s", err)
-	}
 	if err := d.Set("self_link", tpgresource.ConvertSelfLinkToV1(res["selfLink"].(string))); err != nil {
 		return fmt.Errorf("Error reading BackendService: %s", err)
 	}
@@ -2130,12 +2071,6 @@ func resourceComputeBackendServiceUpdate(d *schema.ResourceData, meta interface{
 	} else if v, ok := d.GetOkExists("service_lb_policy"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, serviceLbPolicyProp)) {
 		obj["serviceLbPolicy"] = serviceLbPolicyProp
 	}
-	tlsSettingsProp, err := expandComputeBackendServiceTlsSettings(d.Get("tls_settings"), d, config)
-	if err != nil {
-		return err
-	} else if v, ok := d.GetOkExists("tls_settings"); !tpgresource.IsEmptyValue(reflect.ValueOf(v)) && (ok || !reflect.DeepEqual(v, tlsSettingsProp)) {
-		obj["tlsSettings"] = tlsSettingsProp
-	}
 
 	obj, err = resourceComputeBackendServiceEncoder(d, meta, obj)
 	if err != nil {
@@ -3660,58 +3595,6 @@ func flattenComputeBackendServiceServiceLbPolicy(v interface{}, d *schema.Resour
 	return v
 }
 
-func flattenComputeBackendServiceTlsSettings(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
-	if v == nil {
-		return nil
-	}
-	original := v.(map[string]interface{})
-	if len(original) == 0 {
-		return nil
-	}
-	transformed := make(map[string]interface{})
-	transformed["sni"] =
-		flattenComputeBackendServiceTlsSettingsSni(original["sni"], d, config)
-	transformed["subject_alt_names"] =
-		flattenComputeBackendServiceTlsSettingsSubjectAltNames(original["subjectAltNames"], d, config)
-	transformed["authentication_config"] =
-		flattenComputeBackendServiceTlsSettingsAuthenticationConfig(original["authenticationConfig"], d, config)
-	return []interface{}{transformed}
-}
-func flattenComputeBackendServiceTlsSettingsSni(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
-	return v
-}
-
-func flattenComputeBackendServiceTlsSettingsSubjectAltNames(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
-	if v == nil {
-		return v
-	}
-	l := v.([]interface{})
-	transformed := make([]interface{}, 0, len(l))
-	for _, raw := range l {
-		original := raw.(map[string]interface{})
-		if len(original) < 1 {
-			// Do not include empty json objects coming back from the api
-			continue
-		}
-		transformed = append(transformed, map[string]interface{}{
-			"dns_name":                    flattenComputeBackendServiceTlsSettingsSubjectAltNamesDnsName(original["dnsName"], d, config),
-			"uniform_resource_identifier": flattenComputeBackendServiceTlsSettingsSubjectAltNamesUniformResourceIdentifier(original["uniformResourceIdentifier"], d, config),
-		})
-	}
-	return transformed
-}
-func flattenComputeBackendServiceTlsSettingsSubjectAltNamesDnsName(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
-	return v
-}
-
-func flattenComputeBackendServiceTlsSettingsSubjectAltNamesUniformResourceIdentifier(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
-	return v
-}
-
-func flattenComputeBackendServiceTlsSettingsAuthenticationConfig(v interface{}, d *schema.ResourceData, config *transport_tpg.Config) interface{} {
-	return v
-}
-
 func expandComputeBackendServiceAffinityCookieTtlSec(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
 	return v, nil
 }
@@ -5024,84 +4907,6 @@ func expandComputeBackendServiceServiceLbPolicy(v interface{}, d tpgresource.Ter
 	return v, nil
 }
 
-func expandComputeBackendServiceTlsSettings(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
-	l := v.([]interface{})
-	if len(l) == 0 || l[0] == nil {
-		return nil, nil
-	}
-	raw := l[0]
-	original := raw.(map[string]interface{})
-	transformed := make(map[string]interface{})
-
-	transformedSni, err := expandComputeBackendServiceTlsSettingsSni(original["sni"], d, config)
-	if err != nil {
-		return nil, err
-	} else if val := reflect.ValueOf(transformedSni); val.IsValid() && !tpgresource.IsEmptyValue(val) {
-		transformed["sni"] = transformedSni
-	}
-
-	transformedSubjectAltNames, err := expandComputeBackendServiceTlsSettingsSubjectAltNames(original["subject_alt_names"], d, config)
-	if err != nil {
-		return nil, err
-	} else if val := reflect.ValueOf(transformedSubjectAltNames); val.IsValid() && !tpgresource.IsEmptyValue(val) {
-		transformed["subjectAltNames"] = transformedSubjectAltNames
-	}
-
-	transformedAuthenticationConfig, err := expandComputeBackendServiceTlsSettingsAuthenticationConfig(original["authentication_config"], d, config)
-	if err != nil {
-		return nil, err
-	} else if val := reflect.ValueOf(transformedAuthenticationConfig); val.IsValid() && !tpgresource.IsEmptyValue(val) {
-		transformed["authenticationConfig"] = transformedAuthenticationConfig
-	}
-
-	return transformed, nil
-}
-
-func expandComputeBackendServiceTlsSettingsSni(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
-	return v, nil
-}
-
-func expandComputeBackendServiceTlsSettingsSubjectAltNames(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
-	l := v.([]interface{})
-	req := make([]interface{}, 0, len(l))
-	for _, raw := range l {
-		if raw == nil {
-			continue
-		}
-		original := raw.(map[string]interface{})
-		transformed := make(map[string]interface{})
-
-		transformedDnsName, err := expandComputeBackendServiceTlsSettingsSubjectAltNamesDnsName(original["dns_name"], d, config)
-		if err != nil {
-			return nil, err
-		} else if val := reflect.ValueOf(transformedDnsName); val.IsValid() && !tpgresource.IsEmptyValue(val) {
-			transformed["dnsName"] = transformedDnsName
-		}
-
-		transformedUniformResourceIdentifier, err := expandComputeBackendServiceTlsSettingsSubjectAltNamesUniformResourceIdentifier(original["uniform_resource_identifier"], d, config)
-		if err != nil {
-			return nil, err
-		} else if val := reflect.ValueOf(transformedUniformResourceIdentifier); val.IsValid() && !tpgresource.IsEmptyValue(val) {
-			transformed["uniformResourceIdentifier"] = transformedUniformResourceIdentifier
-		}
-
-		req = append(req, transformed)
-	}
-	return req, nil
-}
-
-func expandComputeBackendServiceTlsSettingsSubjectAltNamesDnsName(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
-	return v, nil
-}
-
-func expandComputeBackendServiceTlsSettingsSubjectAltNamesUniformResourceIdentifier(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
-	return v, nil
-}
-
-func expandComputeBackendServiceTlsSettingsAuthenticationConfig(v interface{}, d tpgresource.TerraformResourceData, config *transport_tpg.Config) (interface{}, error) {
-	return v, nil
-}
-
 func resourceComputeBackendServiceEncoder(d *schema.ResourceData, meta interface{}, obj map[string]interface{}) (map[string]interface{}, error) {
 	backendsRaw, ok := obj["backends"]
 	if !ok {

google/services/compute/resource_compute_backend_service_generated_meta.yaml

@@ -119,7 +119,3 @@ fields:
   - field: 'strong_session_affinity_cookie.ttl.nanos'
   - field: 'strong_session_affinity_cookie.ttl.seconds'
   - field: 'timeout_sec'
-  - field: 'tls_settings.authentication_config'
-  - field: 'tls_settings.sni'
-  - field: 'tls_settings.subject_alt_names.dns_name'
-  - field: 'tls_settings.subject_alt_names.uniform_resource_identifier'

google/services/compute/resource_compute_backend_service_generated_test.go

@@ -510,66 +510,6 @@ resource "google_compute_health_check" "default" {
 `, context)
 }
 
-func TestAccComputeBackendService_backendServiceTlsSettingsExample(t *testing.T) {
-	t.Parallel()
-
-	context := map[string]interface{}{
-		"random_suffix": acctest.RandString(t, 10),
-	}
-
-	acctest.VcrTest(t, resource.TestCase{
-		PreCheck:                 func() { acctest.AccTestPreCheck(t) },
-		ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories(t),
-		CheckDestroy:             testAccCheckComputeBackendServiceDestroyProducer(t),
-		Steps: []resource.TestStep{
-			{
-				Config: testAccComputeBackendService_backendServiceTlsSettingsExample(context),
-			},
-			{
-				ResourceName:            "google_compute_backend_service.default",
-				ImportState:             true,
-				ImportStateVerify:       true,
-				ImportStateVerifyIgnore: []string{"iap.0.oauth2_client_secret", "security_settings.0.aws_v4_authentication.0.access_key"},
-			},
-		},
-	})
-}
-
-func testAccComputeBackendService_backendServiceTlsSettingsExample(context map[string]interface{}) string {
-	return acctest.Nprintf(`
-resource "google_compute_backend_service" "default" {
-  name          = "tf-test-backend-service%{random_suffix}"
-  health_checks = [google_compute_health_check.default.id]
-  load_balancing_scheme = "EXTERNAL_MANAGED"
-  protocol = "HTTPS"
-  tls_settings {
-    sni = "example.com"
-    subjectAltNames = [
-      {
-        dns_name = "example.com"
-      },
-      {
-        uniform_resource_identifier = "https://example.com"
-      }
-    ]
-    authentication_config = [google_network_security_backend_authentication_config.default.id]
-  }
-}
-
-resource "google_compute_health_check" "default" {
-  name = "tf-test-health-check%{random_suffix}"
-  http_health_check {
-    port = 80
-  }
-}
-
-resource "google_network_security_backend_authentication_config" "default" {
-  name             = "authentication%{random_suffix}"
-  well_known_roots = "PUBLIC_ROOTS"
-}
-`, context)
-}
-
 func testAccCheckComputeBackendServiceDestroyProducer(t *testing.T) func(s *terraform.State) error {
 	return func(s *terraform.State) error {
 		for name, rs := range s.RootModule().Resources {