[ELB] Add SSL passthrough for lbv2 listener

Add `transparent_client_ip_enable` to `r/lb_listener_v2`
opentelekomcloud · Mar 10, 2022 · bcf9043 · bcf9043
1 parent e347c4c
commit bcf9043
Show file tree

Hide file tree

Showing 3 changed files with 144 additions and 2 deletions.
diff --git a/opentelekomcloud/acceptance/elb/v2/resource_opentelekomcloud_lb_listener_v2_test.go b/opentelekomcloud/acceptance/elb/v2/resource_opentelekomcloud_lb_listener_v2_test.go
@@ -128,6 +128,40 @@ func TestAccLBV2ListenerSni(t *testing.T) {
 	})
 }
 
+func TestAccLBV2Listener_SSLPassthrough(t *testing.T) {
+	var listener listeners.Listener
+	resourceName := "opentelekomcloud_lb_listener_v2.listener_1"
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck: func() {
+			common.TestAccPreCheck(t)
+			qts := quotas.MultipleQuotas{
+				{Q: quotas.LoadBalancer, Count: 1},
+				{Q: quotas.LbListener, Count: 1},
+			}
+			quotas.BookMany(t, qts)
+		},
+		ProviderFactories: common.TestAccProviderFactories,
+		CheckDestroy:      testAccCheckLBV2ListenerDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccLBV2ListenerConfigSSLPassthrough,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckLBV2ListenerExists(resourceName, &listener),
+					resource.TestCheckResourceAttr(resourceName, "transparent_client_ip_enable", "true"),
+				),
+			},
+			{
+				Config: testAccLBV2ListenerConfigSSLPassthroughUpdate,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttr(resourceName, "name", "listener_1_updated"),
+					resource.TestCheckResourceAttr(resourceName, "transparent_client_ip_enable", "false"),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckLBV2ListenerDestroy(s *terraform.State) error {
 	config := common.TestAccProvider.Meta().(*cfg.Config)
 	networkingClient, err := config.ElbV2Client(env.OS_REGION_NAME)
@@ -480,6 +514,42 @@ resource "opentelekomcloud_lb_listener_v2" "listener_tls" {
     delete = "5m"
   }
 }
+`, common.DataSourceSubnet)
+
+	testAccLBV2ListenerConfigSSLPassthrough = fmt.Sprintf(`
+%s
+
+resource "opentelekomcloud_lb_loadbalancer_v2" "loadbalancer_1" {
+  name = "loadbalancer_1"
+  vip_subnet_id = data.opentelekomcloud_vpc_subnet_v1.shared_subnet.subnet_id
+}
+
+resource "opentelekomcloud_lb_listener_v2" "listener_1" {
+  name            = "listener_1"
+  protocol        = "TCP"
+  protocol_port   = 8080
+  loadbalancer_id = opentelekomcloud_lb_loadbalancer_v2.loadbalancer_1.id
+
+  transparent_client_ip_enable = true
+}
+`, common.DataSourceSubnet)
+
+	testAccLBV2ListenerConfigSSLPassthroughUpdate = fmt.Sprintf(`
+%s
+
+resource "opentelekomcloud_lb_loadbalancer_v2" "loadbalancer_1" {
+  name = "loadbalancer_1"
+  vip_subnet_id = data.opentelekomcloud_vpc_subnet_v1.shared_subnet.subnet_id
+}
+
+resource "opentelekomcloud_lb_listener_v2" "listener_1" {
+  name            = "listener_1_updated"
+  protocol        = "TCP"
+  protocol_port   = 8080
+  loadbalancer_id = opentelekomcloud_lb_loadbalancer_v2.loadbalancer_1.id
+
+  transparent_client_ip_enable = false
+}
 `, common.DataSourceSubnet)
 )
 

diff --git a/opentelekomcloud/services/elb/v2/resource_opentelekomcloud_lb_listener_v2.go b/opentelekomcloud/services/elb/v2/resource_opentelekomcloud_lb_listener_v2.go
@@ -2,21 +2,24 @@ package v2
 
 import (
 	"context"
+	"fmt"
 	"log"
+	"strings"
 	"time"
 
 	"github.com/hashicorp/go-multierror"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
+	golangsdk "github.com/opentelekomcloud/gophertelekomcloud"
 	"github.com/opentelekomcloud/gophertelekomcloud/openstack/common/tags"
-
+	v3listeners "github.com/opentelekomcloud/gophertelekomcloud/openstack/elb/v3/listeners"
 	"github.com/opentelekomcloud/gophertelekomcloud/openstack/networking/v2/extensions/lbaas_v2/listeners"
-
 	"github.com/opentelekomcloud/terraform-provider-opentelekomcloud/opentelekomcloud/common"
 	"github.com/opentelekomcloud/terraform-provider-opentelekomcloud/opentelekomcloud/common/cfg"
 	"github.com/opentelekomcloud/terraform-provider-opentelekomcloud/opentelekomcloud/common/fmterr"
+	v3 "github.com/opentelekomcloud/terraform-provider-opentelekomcloud/opentelekomcloud/services/elb/v3"
 )
 
 func ResourceListenerV2() *schema.Resource {
@@ -105,6 +108,11 @@ func ResourceListenerV2() *schema.Resource {
 				ValidateFunc: validation.StringInSlice([]string{
 					"tls-1-0", "tls-1-1", "tls-1-2", "tls-1-2-strict"}, false),
 			},
+			"transparent_client_ip_enable": {
+				Type:     schema.TypeBool,
+				Optional: true,
+				Computed: true,
+			},
 			"admin_state_up": {
 				Type:     schema.TypeBool,
 				Default:  true,
@@ -184,6 +192,11 @@ func resourceListenerV2Create(ctx context.Context, d *schema.ResourceData, meta
 
 	d.SetId(listener.ID)
 
+	// using v3 API
+	if err := updateTransparentIPEnable(d, config); err != nil {
+		return fmterr.Errorf("error updating ELB v2 Listener `transparent_client_ip_enable`: %w", err)
+	}
+
 	return resourceListenerV2Read(ctx, d, meta)
 }
 
@@ -215,6 +228,9 @@ func resourceListenerV2Read(_ context.Context, d *schema.ResourceData, meta inte
 		d.Set("sni_container_refs", listener.SniContainerRefs),
 		d.Set("tls_ciphers_policy", listener.TlsCiphersPolicy),
 		d.Set("admin_state_up", listener.AdminStateUp),
+
+		// done using v3 API
+		readTransparentIPEnable(d, config),
 	)
 
 	if mErr.ErrorOrNil() != nil {
@@ -241,6 +257,12 @@ func resourceListenerV2Update(ctx context.Context, d *schema.ResourceData, meta
 		return fmterr.Errorf(ErrCreationV2Client, err)
 	}
 
+	if d.HasChange("transparent_client_ip_enable") {
+		if err := updateTransparentIPEnable(d, config); err != nil {
+			return fmterr.Errorf("error updating ELB v2 `transparent_client_ip_enable`: %w", err)
+		}
+	}
+
 	var updateOpts listeners.UpdateOpts
 	if d.HasChange("name") {
 		updateOpts.Name = d.Get("name").(string)
@@ -348,3 +370,48 @@ func resourceListenerV2Delete(ctx context.Context, d *schema.ResourceData, meta
 
 	return nil
 }
+
+// elbV3Client user as temporary stub for missing in service catalog for eu-de, but working endpoint
+func elbV3Client(config *cfg.Config, region string) (*golangsdk.ServiceClient, error) {
+	v3Client, err := config.ElbV3Client(region)
+	if err == nil { // for eu-nl
+		return v3Client, nil
+	}
+	client, err := config.ElbV1Client(region)
+	if err != nil {
+		return nil, fmt.Errorf("both v1 and v3 clients are not available for %s region: %w", region, err)
+	}
+	client.Endpoint = strings.Replace(client.Endpoint, "v1.0/", "v3/", 1)
+	client.ResourceBase = client.Endpoint + "elb/"
+
+	return client, nil
+}
+
+func readTransparentIPEnable(d *schema.ResourceData, config *cfg.Config) error {
+	client, err := elbV3Client(config, config.GetRegion(d))
+	if err != nil {
+		return fmt.Errorf(v3.ErrCreateClient, err)
+	}
+	listener, err := v3listeners.Get(client, d.Id()).Extract()
+	if err != nil {
+		return err
+	}
+	return d.Set("transparent_client_ip_enable", listener.TransparentClientIP)
+}
+
+func updateTransparentIPEnable(d *schema.ResourceData, config *cfg.Config) error {
+	v, ok := d.GetOkExists("transparent_client_ip_enable")
+	if !ok {
+		return nil
+	}
+	enable := v.(bool)
+
+	client, err := elbV3Client(config, config.GetRegion(d))
+	if err != nil {
+		return fmt.Errorf(v3.ErrCreateClient, err)
+	}
+
+	opts := v3listeners.UpdateOpts{TransparentClientIP: &enable}
+	_, err = v3listeners.Update(client, d.Id(), opts).Extract()
+	return err
+}
diff --git a/releasenotes/notes/elb-ssl-passthrough-5efe3c1d2d993b9c.yaml b/releasenotes/notes/elb-ssl-passthrough-5efe3c1d2d993b9c.yaml
@@ -0,0 +1,5 @@
+---
+enhancements:
+  - |
+    **[ELB]** Add ``transparent_client_ip_enable`` argument to ``response/opentelekomcloud_lb_listener_v2``
+    (`#1648 <https://github.com/opentelekomcloud/terraform-provider-opentelekomcloud/pull/1648>`_)