feat(SNI): Server Name Indicator (SNI) routing for ALB

Author: shreyasms07

go.mod

@@ -43,7 +43,7 @@ require (
 	github.com/IBM/secrets-manager-go-sdk/v2 v2.0.10
 	github.com/IBM/vmware-go-sdk v0.1.3
 	github.com/IBM/vpc-beta-go-sdk v0.8.0
-	github.com/IBM/vpc-go-sdk v0.66.0
+	github.com/IBM/vpc-go-sdk v0.67.0
 	github.com/ScaleFT/sshkeys v0.0.0-20200327173127-6142f742bca5
 	github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2
 	github.com/akamai/AkamaiOPEN-edgegrid-golang/v5 v5.0.0

go.sum

@@ -180,6 +180,8 @@ github.com/IBM/vpc-beta-go-sdk v0.8.0 h1:cEPpv4iw3Ba5W2d0AWg3TIbKeJ8y1nPuUuibR5J
 github.com/IBM/vpc-beta-go-sdk v0.8.0/go.mod h1:hORgIyTFRzXrZIK9IohaWmCRBBlYiDRagsufi7M6akE=
 github.com/IBM/vpc-go-sdk v0.66.0 h1:S0HW+f6Qf6OLSGESQ7WRgWLq1bDgvs+vvOJ7AWgUMbw=
 github.com/IBM/vpc-go-sdk v0.66.0/go.mod h1:VL7sy61ybg6tvA60SepoQx7TFe20m7JyNUt+se2tHP4=
+github.com/IBM/vpc-go-sdk v0.67.0 h1:p8G5bqTUyVheBrJpT+pLpoZoA/Yu1R2xX4xJLM4tT9w=
+github.com/IBM/vpc-go-sdk v0.67.0/go.mod h1:VL7sy61ybg6tvA60SepoQx7TFe20m7JyNUt+se2tHP4=
 github.com/Logicalis/asn1 v0.0.0-20190312173541-d60463189a56 h1:vuquMR410psHNax14XKNWa0Ae/kYgWJcXi0IFuX60N0=
 github.com/Logicalis/asn1 v0.0.0-20190312173541-d60463189a56/go.mod h1:Zb3OT4l0mf7P/GOs2w2Ilj5sdm5Whoq3pa24dAEBHFc=
 github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0=

ibm/service/vpc/data_source_ibm_is_lb_listener_policy.go

@@ -101,7 +101,7 @@ func DataSourceIBMISLBListenerPolicy() *schema.Resource {
 			"target": &schema.Schema{
 				Type:        schema.TypeList,
 				Computed:    true,
-				Description: "- If `action` is `forward`, the response is a `LoadBalancerPoolReference`- If `action` is `redirect`, the response is a `LoadBalancerListenerPolicyRedirectURL`- If `action` is `https_redirect`, the response is a `LoadBalancerListenerHTTPSRedirect`.",
+				Description: "- If `action` is `forward` or `forward_to_pool`, the response is a `LoadBalancerPoolReference`- If `action` is `forward_to_listener`, specify a `LoadBalancerListenerIdentity` in this load balancer to forward to. -  If `action` is `redirect`, the response is a `LoadBalancerListenerPolicyRedirectURL`- If `action` is `https_redirect`, the response is a `LoadBalancerListenerHTTPSRedirect`.",
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"deleted": &schema.Schema{
@@ -126,12 +126,12 @@ func DataSourceIBMISLBListenerPolicy() *schema.Resource {
 						"id": &schema.Schema{
 							Type:        schema.TypeString,
 							Computed:    true,
-							Description: "The unique identifier for this load balancer pool.",
+							Description: "The unique identifier for this load balancer pool or load balancer listener",
 						},
 						"name": &schema.Schema{
 							Type:        schema.TypeString,
 							Computed:    true,
-							Description: "The user-defined name for this load balancer pool.",
+							Description: "The user-defined name for this load balancer pool or load balancer listener.",
 						},
 						"http_status_code": &schema.Schema{
 							Type:        schema.TypeInt,

ibm/service/vpc/resource_ibm_is_lb_listener_policy.go

@@ -133,6 +133,13 @@ func ResourceIBMISLBListenerPolicy() *schema.Resource {
 				ForceNew:     true,
 				ValidateFunc: validate.InvokeValidator("ibm_is_lb_listener_policy", isLBListenerPolicyAction),
 				Description:  "Policy Action",
+				DiffSuppressFunc: func(k, old, new string, d *schema.ResourceData) bool {
+					// Suppress the change if the old value is 'forward' and new value is 'forward_to_pool'
+					if old == "forward" && new == "forward_to_pool" {
+						return true
+					}
+					return false
+				},
 			},
 
 			isLBListenerPolicyPriority: {
@@ -360,7 +367,7 @@ func ResourceIBMISLBListenerPolicy() *schema.Resource {
 func ResourceIBMISLBListenerPolicyValidator() *validate.ResourceValidator {
 
 	validateSchema := make([]validate.ValidateSchema, 0)
-	action := "forward, redirect, reject, https_redirect"
+	action := "forward,forward_to_pool,forward_to_listener,redirect,reject,https_redirect"
 	validateSchema = append(validateSchema,
 		validate.ValidateSchema{
 			Identifier:                 isLBListenerPolicyName,
@@ -464,20 +471,32 @@ func lbListenerPolicyCreate(d *schema.ResourceData, meta interface{}, lbID, list
 		}
 
 	} else {
-		if actionChk.(string) == "forward" {
+		if actionChk.(string) == "forward" || actionChk.(string) == "forward_to_pool" {
 			if targetIDSet {
 
 				//User can set the poolId as combination of lbID/poolID, if so parse the string & get the poolID
 				id, err := getPoolID(tID.(string))
 				if err != nil {
 					return diag.FromErr(err)
 				}
-
 				target = &vpcv1.LoadBalancerListenerPolicyTargetPrototypeLoadBalancerPoolIdentity{
 					ID: &id,
 				}
 			} else {
-				return diag.FromErr(fmt.Errorf("When action is forward please specify target_id"))
+				return diag.FromErr(fmt.Errorf("when action is forward or forward_to_pool please specify target_id"))
+			}
+		} else if actionChk.(string) == "forward_to_listener" {
+			if targetIDSet {
+				//User can set listener id as combination of lbID/listenerID, parse and get the listenerID
+				listenerID, err := getListenerID(d.Get(isLBListenerPolicyListenerID).(string))
+				if err != nil {
+					return diag.FromErr(err)
+				}
+				target = &vpcv1.LoadBalancerListenerPolicyTargetPrototypeLoadBalancerListenerIdentity{
+					ID: &listenerID,
+				}
+			} else {
+				return diag.FromErr(fmt.Errorf("when action is  forward_to_listener please specify listener id"))
 			}
 		} else if actionChk.(string) == "redirect" {
 
@@ -794,9 +813,9 @@ func lbListenerPolicyUpdate(d *schema.ResourceData, meta interface{}, lbID, list
 		hasChanged = true
 
 	} else {
-
+		actionChk := (d.Get(isLBListenerPolicyAction).(string))
 		//If Action is forward and TargetID is changed, set the target to pool ID
-		if d.Get(isLBListenerPolicyAction).(string) == "forward" && d.HasChange(isLBListenerPolicyTargetID) {
+		if (actionChk == "forward" || actionChk == "forward_to_pool") && d.HasChange(isLBListenerPolicyTargetID) {
 
 			//User can set the poolId as combination of lbID/poolID, if so parse the string & get the poolID
 			id, err := getPoolID(d.Get(isLBListenerPolicyTargetID).(string))
@@ -809,6 +828,15 @@ func lbListenerPolicyUpdate(d *schema.ResourceData, meta interface{}, lbID, list
 
 			loadBalancerListenerPolicyPatchModel.Target = target
 			hasChanged = true
+		} else if actionChk == "forward_to_listener" && d.HasChange(isLBListenerPolicyTargetID) {
+			//User can set listener id as combination of lbID/listenerID, parse and get the listenerID
+			listenerID, err := getListenerID(d.Get(isLBListenerPolicyListenerID).(string))
+			if err != nil {
+				return diag.FromErr(err)
+			}
+			target = &vpcv1.LoadBalancerListenerPolicyTargetPatchLoadBalancerListenerIdentity{
+				ID: &listenerID,
+			}
 		} else if d.Get(isLBListenerPolicyAction).(string) == "redirect" {
 			//if Action is redirect and either status code or URL chnaged, set accordingly
 			//LoadBalancerListenerPolicyPatchTargetLoadBalancerListenerPolicyRedirectURLPatch
@@ -1104,12 +1132,19 @@ func lbListenerPolicyGet(d *schema.ResourceData, meta interface{}, lbID, listene
 				return diag.FromErr(fmt.Errorf("Error setting target: %s", err))
 			}
 		} else {
-			if *(policy.Action) == "forward" {
+			if *(policy.Action) == "forward" || *(policy.Action) == "forward_to_pool" {
 				if reflect.TypeOf(policy.Target).String() == "*vpcv1.LoadBalancerListenerPolicyTargetLoadBalancerPoolReference" {
 					target, ok := policy.Target.(*vpcv1.LoadBalancerListenerPolicyTargetLoadBalancerPoolReference)
 					if ok {
 						d.Set(isLBListenerPolicyTargetID, target.ID)
 					}
+				} else if *(policy.Action) == "forward_to_listener" {
+					if reflect.TypeOf(policy.Target).String() == "*vpcv1.LoadBalancerListenerPolicyTargetLoadBalancerListenerReference" {
+						target, ok := policy.Target.(*vpcv1.LoadBalancerListenerPolicyTargetLoadBalancerListenerReference)
+						if ok {
+							d.Set(isLBListenerPolicyTargetID, target.ID)
+						}
+					}
 				}
 
 			} else if *(policy.Action) == "redirect" {

ibm/service/vpc/resource_ibm_is_lb_listener_policy_rule.go

@@ -163,7 +163,7 @@ func ResourceIBMISLBListenerPolicyRuleValidator() *validate.ResourceValidator {
 
 	validateSchema := make([]validate.ValidateSchema, 0)
 	condition := "contains, equals, matches_regex"
-	ruletype := "header, hostname, path, body, query"
+	ruletype := "header, hostname, path, body, query, sni_hostname"
 	validateSchema = append(validateSchema,
 		validate.ValidateSchema{
 			Identifier:                 isLBListenerPolicyRulecondition,

ibm/service/vpc/resource_ibm_is_lb_listener_policy_rule_test.go

@@ -27,8 +27,10 @@ func TestAccIBMISLBListenerPolicyRule_basic(t *testing.T) {
 	//lblistenerpolicyname2 := fmt.Sprintf("tflblisuat-listener-policy-%d", acctest.RandIntRange(10, 100))
 	lblistenerpolicyRuleField1 := fmt.Sprintf("tflblipolicy-rule-field-%d", acctest.RandIntRange(10, 100))
 	lblistenerpolicyRuleField2 := fmt.Sprintf("tflblipolicy-rule-field-%d", acctest.RandIntRange(10, 100))
+	lblistenerpolicyRuleField3 := fmt.Sprintf("tflblipolicy-rule-field-%d", acctest.RandIntRange(10, 100))
 	lblistenerpolicyRuleValue1 := fmt.Sprintf("tflblipolicy-rule-value-%d", acctest.RandIntRange(10, 100))
 	lblistenerpolicyRuleValue2 := fmt.Sprintf("tflblipolicy-rule-value-%d", acctest.RandIntRange(10, 100))
+	lblistenerpolicyRuleValue3 := fmt.Sprintf("tflblipolicy-rule-value-%d", acctest.RandIntRange(10, 100))
 
 	priority := "1"
 	protocol := "http"
@@ -38,6 +40,7 @@ func TestAccIBMISLBListenerPolicyRule_basic(t *testing.T) {
 	condition := "equals"
 	typeh := "header"
 	typeb := "body"
+	typeSni := "sni_hostname"
 
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { acc.TestAccPreCheck(t) },
@@ -57,6 +60,19 @@ func TestAccIBMISLBListenerPolicyRule_basic(t *testing.T) {
 				),
 			},
 
+			{
+				Config: testAccCheckIBMISLBListenerPolicyRuleConfig(vpcname, subnetname, acc.ISZoneName, acc.ISCIDR, lbname, port, protocol, lblistenerpolicyname, action, priority, condition, typeSni, lblistenerpolicyRuleField1, lblistenerpolicyRuleValue1),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckIBMISLBListenerPolicyRuleExists("ibm_is_lb_listener_policy_rule.testacc_lb_listener_policy_rule", ruleID),
+					resource.TestCheckResourceAttr(
+						"ibm_is_lb.testacc_LB", "name", lbname),
+					resource.TestCheckResourceAttr(
+						"ibm_is_lb_listener_policy_rule.testacc_lb_listener_policy_rule", "field", lblistenerpolicyRuleField3),
+					resource.TestCheckResourceAttr(
+						"ibm_is_lb_listener_policy_rule.testacc_lb_listener_policy_rule", "value", lblistenerpolicyRuleValue3),
+				),
+			},
+
 			{
 				Config: testAccCheckIBMISLBListenerPolicyRuleConfigUpdate(vpcname, subnetname, acc.ISZoneName, acc.ISCIDR, lbname, port, protocol, lblistenerpolicyname, priority, condition, typeb, lblistenerpolicyRuleField2, lblistenerpolicyRuleValue2),
 				Check: resource.ComposeTestCheckFunc(

ibm/service/vpc/resource_ibm_is_lb_listener_policy_test.go

@@ -31,6 +31,8 @@ func TestAccIBMISLBListenerPolicy_basic(t *testing.T) {
 	port := "8080"
 	action := "forward"
 	priority2 := "2"
+	actionPool := "forward_to_pool"
+	actionListener := "forward_to_listener"
 
 	resource.Test(t, resource.TestCase{
 		PreCheck:     func() { acc.TestAccPreCheck(t) },
@@ -50,6 +52,32 @@ func TestAccIBMISLBListenerPolicy_basic(t *testing.T) {
 						"ibm_is_lb_listener_policy.testacc_lb_listener_policy", "priority", priority1),
 				),
 			},
+			{
+				Config: testAccCheckIBMISLBListenerPolicyConfig(vpcname, subnetname, acc.ISZoneName, acc.ISCIDR, lbname, port, protocol, lblistenerpolicyname1, actionPool, priority1),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckIBMISLBListenerPolicyExists("ibm_is_lb_listener_policy.testacc_lb_listener_policy", policyID),
+					resource.TestCheckResourceAttr(
+						"ibm_is_lb.testacc_LB", "name", lbname),
+					resource.TestCheckResourceAttr(
+						"ibm_is_lb_listener_policy.testacc_lb_listener_policy", "name", lblistenerpolicyname1),
+
+					resource.TestCheckResourceAttr(
+						"ibm_is_lb_listener_policy.testacc_lb_listener_policy", "priority", priority1),
+				),
+			},
+			{
+				Config: testAccCheckIBMISLBListenerPolicyConfig(vpcname, subnetname, acc.ISZoneName, acc.ISCIDR, lbname, port, protocol, lblistenerpolicyname1, actionListener, priority1),
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckIBMISLBListenerPolicyExists("ibm_is_lb_listener_policy.testacc_lb_listener_policy", policyID),
+					resource.TestCheckResourceAttr(
+						"ibm_is_lb.testacc_LB", "name", lbname),
+					resource.TestCheckResourceAttr(
+						"ibm_is_lb_listener_policy.testacc_lb_listener_policy", "name", lblistenerpolicyname1),
+
+					resource.TestCheckResourceAttr(
+						"ibm_is_lb_listener_policy.testacc_lb_listener_policy", "priority", priority1),
+				),
+			},
 
 			{
 				Config: testAccCheckIBMISLBListenerPolicyConfigUpdate(vpcname, subnetname, acc.ISZoneName, acc.ISCIDR, lbname, port, protocol, lblistenerpolicyname2, priority2, action),

website/docs/d/is_lb_listener_policy.html.markdown

@@ -52,7 +52,7 @@ Nested scheme for `rules`:
 	- `href` - (String) The rule's canonical URL.
 	- `id` - (String) The rule's unique identifier.
 
-- `target` - (List) - If `action` is `forward`, the response is a `LoadBalancerPoolReference`- If `action` is `redirect`, the response is a `LoadBalancerListenerPolicyRedirectURL`- If `action` is `https_redirect`, the response is a `LoadBalancerListenerHTTPSRedirect`.
+- `target` - (List) - If `action` is `forward`, the response is a `LoadBalancerPoolReference`-If `action` is `forward_to_pool`, the response is a `LoadBalancerPoolReference`-If `action` is `forward_to_listener`, specify a `LoadBalancerListenerIdentity` in this load balancer to forward to.`- If `action` is `redirect`, the response is a `LoadBalancerListenerPolicyRedirectURL`- If `action` is `https_redirect`, the response is a `LoadBalancerListenerHTTPSRedirect`.
 Nested scheme for `target`:
 	- `deleted` - (List) If present, this property indicates the referenced resource has been deleted and provides some supplementary information.
 	Nested scheme for `deleted`:

website/docs/d/is_lb_listener_policy_rule.html.markdown

@@ -38,7 +38,7 @@ In addition to all argument references listed, you can access the following attr
 
 - `created_at` - (String) The date and time that this rule was created.
 
-- `field` - (String) The field. This is applicable to `header`, `query`, and `body` rule types.If the rule type is `header`, this property is required.If the rule type is `query`, this is optional. If specified and the rule condition is not`matches_regex`, the value must be percent-encoded.If the rule type is `body`, this is optional.
+- `field` - (String) The field. This is applicable to `header`, `query`,`body` and `sni_hostname` rule types.If the rule type is `header`, this property is required.If the rule type is `query`, this is optional. If specified and the rule condition is not`matches_regex`, the value must be percent-encoded.If the rule type is `body`, this is optional.
 
 - `href` - (String) The rule's canonical URL.
 

website/docs/r/is_lb_listener_policy.html.markdown

@@ -167,7 +167,7 @@ The `ibm_is_lb_listener_policy` resource provides the following [Timeouts](https
 ## Argument reference
 Review the argument references that you can specify for your resource. 
 
-- `action` - (Required, Forces new resource, String) The action that you want to specify for your policy. Supported values are `forward`, `redirect`, `reject`, and `https_redirect`.
+- `action` - (Required, Forces new resource, String) The action that you want to specify for your policy. Supported values are `forward_to_pool`,`forward_to_listener`, `redirect`, `reject`, and `https_redirect`.
 - `lb` - (Required, Forces new resource, String) The ID of the load balancer for which you want to create a load balancer listener policy. 
 - `listener` - (Required, Forces new resource, String) The ID of the load balancer listener.
 - `name` - (Optional, String) The name for the load balancer policy. Names must be unique within a load balancer listener.