feat(lb-frontend): add multi-certificates to resource

scaleway · Mar 25, 2022 · ac1137a · ac1137a
1 parent 3dc6acc
commit ac1137a
Show file tree

Hide file tree

Showing 5 changed files with 1,821 additions and 26 deletions.
diff --git a/docs/resources/lb_frontend.md b/docs/resources/lb_frontend.md
@@ -8,7 +8,7 @@ description: |-
 
 Creates and manages Scaleway Load-Balancer Frontends. For more information, see [the documentation](https://developers.scaleway.com/en/products/lb/zoned_api).
 
-## Examples
+## Examples Usage
 
 ### Basic
 
@@ -21,6 +21,40 @@ resource "scaleway_lb_frontend" "frontend01" {
 }
 ```
 
+## With Certificate
+
+```hcl
+resource scaleway_lb_ip ip01 {}
+
+resource scaleway_lb lb01 {
+    ip_id = scaleway_lb_ip.ip01.id
+    name = "test-lb"
+    type = "lb-s"
+}
+
+resource scaleway_lb_backend bkd01 {
+    lb_id = scaleway_lb.lb01.id
+    forward_protocol = "tcp"
+    forward_port = 443
+    proxy_protocol = "none"
+}
+
+resource scaleway_lb_certificate cert01 {
+    lb_id = scaleway_lb.lb01.id
+    name = "test-cert-front-end"
+    letsencrypt {
+        common_name = "${replace(scaleway_lb_ip.ip01.ip_address,".", "-")}.lb.${scaleway_lb.lb01.region}.scw.cloud"
+    }
+}
+
+resource scaleway_lb_frontend frt01 {
+    lb_id = scaleway_lb.lb01.id
+    backend_id = scaleway_lb_backend.bkd01.id
+    inbound_port = 443
+    certificate_ids = [scaleway_lb_certificate.cert01.id]
+}
+```
+
 ## With ACLs
 
 ```hcl
@@ -94,8 +128,6 @@ The following arguments are supported:
 
 - `timeout_client` - (Optional) Maximum inactivity time on the client side. (e.g.: `1s`)
 
-- `certificate_id` - (Deprecated) Certificate ID that should be used by the frontend.
-
 - `certificate_ids` - (Optional) Collection of Certificate IDs that should be used by the frontend.
 
 - `acl` - (Optional) A list of ACL rules to apply to the load-balancer frontend.  Defined below.
@@ -125,6 +157,8 @@ The following arguments are supported:
 In addition to all arguments above, the following attributes are exported:
 
 - `id` - The ID of the load-balancer frontend.
+- `certificate_id` - (Deprecated) first certificate ID used by the frontend.
+
 
 ## Import
 

diff --git a/scaleway/helpers.go b/scaleway/helpers.go
@@ -451,13 +451,12 @@ func flattenSliceStringPtr(s []*string) interface{} {
 	return res
 }
 
-func flattenSliceIDsWithKey(certificates []string, key string, zone scw.Zone) interface{} {
-	res := []map[string]interface{}(nil)
+func flattenSliceIDs(certificates []string, zone scw.Zone) interface{} {
+	res := []interface{}(nil)
 	for _, certificateID := range certificates {
-		res = append(res, map[string]interface{}{
-			key:      newZonedIDString(zone, certificateID),
-		})
+		res = append(res, newZonedIDString(zone, certificateID))
 	}
+
 	return res
 }
 

diff --git a/scaleway/resource_lb_frontend.go b/scaleway/resource_lb_frontend.go
@@ -64,26 +64,19 @@ func resourceScalewayLbFrontend() *schema.Resource {
 				Description:      "Set the maximum inactivity time on the client side",
 			},
 			"certificate_id": {
-				Type:         schema.TypeString,
-				Optional:     true,
-				ValidateFunc: validationUUIDorUUIDWithLocality(),
-				Description:  "Certificate ID",
-				Deprecated: "This field will no be longer supported. Please use certificate_ids",
+				Type:        schema.TypeString,
+				Computed:    true,
+				Description: "Certificate ID",
+				Deprecated:  "Please use certificate_ids",
 			},
 			"certificate_ids": {
-				Type:         schema.TypeSet,
-				Optional:     true,
-				Description:  "Collection of Certificate IDs",
-				Elem: &schema.Resource{
-					Schema: map[string]*schema.Schema{
-						"certificate_id": {
-							Type:         schema.TypeString,
-							ValidateFunc: validationUUID(),
-							Required:     true,
-							Description:  "Certificate ID",
-						},
-					},
+				Type:     schema.TypeList,
+				Optional: true,
+				Elem: &schema.Schema{
+					Type:         schema.TypeString,
+					ValidateFunc: validationUUIDorUUIDWithLocality(),
 				},
+				Description: "Collection of Certificate IDs related to the load balancer and domain",
 			},
 			"acl": {
 				Type:        schema.TypeList,
@@ -259,7 +252,7 @@ func resourceScalewayLbFrontendRead(ctx context.Context, d *schema.ResourceData,
 	}
 
 	if len(res.CertificateIDs) > 0 {
-		_ = d.Set("certificate_ids", flattenSliceIDsWithKey(res.CertificateIDs, "certificate_id", zone))
+		_ = d.Set("certificate_ids", flattenSliceIDs(res.CertificateIDs, zone))
 	}
 
 	//read related acls.

diff --git a/scaleway/resource_lb_frontend_test.go b/scaleway/resource_lb_frontend_test.go
@@ -78,6 +78,91 @@ func TestAccScalewayLbFrontend_Basic(t *testing.T) {
 	})
 }
 
+func TestAccScalewayLbFrontend_Certificate(t *testing.T) {
+	tt := NewTestTools(t)
+	defer tt.Cleanup()
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t) },
+		ProviderFactories: tt.ProviderFactories,
+		CheckDestroy:      testAccCheckScalewayLbFrontendDestroy(tt),
+		Steps: []resource.TestStep{
+			{
+				Config: `
+					resource scaleway_lb_ip ip01 {}
+
+					resource scaleway_lb lb01 {
+						ip_id = scaleway_lb_ip.ip01.id
+						name = "test-lb"
+						type = "lb-s"
+					}
+
+					resource scaleway_lb_backend bkd01 {
+						lb_id = scaleway_lb.lb01.id
+						forward_protocol = "tcp"
+						forward_port = 443
+						proxy_protocol = "none"
+					}
+
+					resource scaleway_lb_certificate cert01 {
+						lb_id = scaleway_lb.lb01.id
+						name = "test-cert-front-end"
+					  	letsencrypt {
+							common_name = "${replace(scaleway_lb_ip.ip01.ip_address,".", "-")}.lb.${scaleway_lb.lb01.region}.scw.cloud"
+					  	}
+					}
+
+					resource scaleway_lb_frontend frt01 {
+						lb_id = scaleway_lb.lb01.id
+						backend_id = scaleway_lb_backend.bkd01.id
+						inbound_port = 443
+						certificate_ids = [scaleway_lb_certificate.cert01.id]
+					}
+				`,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckScalewayLbFrontendExists(tt, "scaleway_lb_frontend.frt01"),
+					testAccCheckScalewayFrontendCertificateExist(tt, "scaleway_lb_frontend.frt01", "scaleway_lb_certificate.cert01"),
+					resource.TestCheckResourceAttr("scaleway_lb_frontend.frt01",
+						"certificate_ids.#", "1"),
+				),
+			},
+		},
+	})
+}
+func testAccCheckScalewayFrontendCertificateExist(tt *TestTools, f, c string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+		rs, ok := s.RootModule().Resources[f]
+		if !ok {
+			return fmt.Errorf("resource not found: %s", f)
+		}
+
+		cs, ok := s.RootModule().Resources[c]
+		if !ok {
+			return fmt.Errorf("resource not found: %s", c)
+		}
+
+		lbAPI, zone, ID, err := lbAPIWithZoneAndID(tt.Meta, rs.Primary.ID)
+		if err != nil {
+			return err
+		}
+
+		frEnd, err := lbAPI.GetFrontend(&lb.ZonedAPIGetFrontendRequest{
+			FrontendID: ID,
+			Zone:       zone,
+		})
+		if err != nil {
+			return err
+		}
+
+		for _, id := range frEnd.CertificateIDs {
+			if expandID(cs.Primary.ID) == id {
+				return nil
+			}
+		}
+
+		return fmt.Errorf("certificate not found: %s", c)
+	}
+}
+
 func testAccCheckScalewayLbFrontendExists(tt *TestTools, n string) resource.TestCheckFunc {
 	return func(s *terraform.State) error {
 		rs, ok := s.RootModule().Resources[n]