Added session resumption support for LB

Terraform Team Automation · Nishtha Goel · commit eb2776eaa9ed · 2024-05-14T12:09:32.000+05:30
diff --git a/examples/load_balancer/lb_full/lb_full.tf b/examples/load_balancer/lb_full/lb_full.tf
@@ -461,6 +461,7 @@ resource "oci_load_balancer_listener" "lb-listener2" {
     protocols               = ["TLSv1.1", "TLSv1.2"]
     server_order_preference = "ENABLED"
     cipher_suite_name       = oci_load_balancer_ssl_cipher_suite.test_ssl_cipher_suite.name
+    has_session_resumption  = true
   }
 }
 
@@ -492,6 +493,7 @@ resource "oci_load_balancer_listener" "lb-listener4" {
     protocols                          = ["TLSv1.1", "TLSv1.2"]
     server_order_preference            = "ENABLED"
     cipher_suite_name                  = oci_load_balancer_ssl_cipher_suite.test_ssl_cipher_suite3.name
+    has_session_resumption             = true
   }
 }
 
diff --git a/internal/integrationtest/load_balancer_listener_test.go b/internal/integrationtest/load_balancer_listener_test.go
@@ -43,9 +43,11 @@ var (
 	listenerConnectionConfigurationRepresentation = map[string]interface{}{
 		"idle_timeout_in_seconds": acctest.Representation{RepType: acctest.Required, Create: `10`, Update: `11`},
 	}
+
 	listenerSslConfigurationRepresentationOciCerts = map[string]interface{}{
 		// note: cannot specify certificate_name along with trusted_certificate_authority_ids
 		"certificate_ids":                   acctest.Representation{RepType: acctest.Optional, Create: []string{certificateIds}, Update: []string{certificateIds2}},
+		"has_session_resumption":            acctest.Representation{RepType: acctest.Optional, Create: `false`, Update: `true`},
 		"cipher_suite_name":                 acctest.Representation{RepType: acctest.Optional, Create: `oci-default-ssl-cipher-suite-v1`, Update: `oci-default-ssl-cipher-suite-v1`},
 		"protocols":                         acctest.Representation{RepType: acctest.Optional, Create: []string{`TLSv1.2`}, Update: []string{`TLSv1.2`}},
 		"server_order_preference":           acctest.Representation{RepType: acctest.Optional, Create: `ENABLED`, Update: `DISABLED`},
@@ -297,6 +299,7 @@ func TestLoadBalancerListenerResourceLBCert_basic(t *testing.T) {
 				resource.TestCheckResourceAttrSet(resourceName, "routing_policy_name"),
 				resource.TestCheckResourceAttr(resourceName, "rule_set_names.#", "1"),
 				resource.TestCheckResourceAttr(resourceName, "ssl_configuration.#", "1"),
+				resource.TestCheckResourceAttr(resourceName, "ssl_configuration.0.has_session_resumption", "false"),
 				resource.TestCheckResourceAttr(resourceName, "ssl_configuration.0.certificate_name", "example_certificate_bundle"),
 				resource.TestCheckResourceAttr(resourceName, "ssl_configuration.0.cipher_suite_name", "oci-default-ssl-cipher-suite-v1"),
 				resource.TestCheckResourceAttr(resourceName, "ssl_configuration.0.protocols.#", "1"),
@@ -432,6 +435,7 @@ func TestLoadBalancerListenerResourceLBCertToOciCerts_combo(t *testing.T) {
 				resource.TestCheckResourceAttrSet(resourceName, "routing_policy_name"),
 				resource.TestCheckResourceAttr(resourceName, "rule_set_names.#", "1"),
 				resource.TestCheckResourceAttr(resourceName, "ssl_configuration.#", "1"),
+				resource.TestCheckResourceAttr(resourceName, "ssl_configuration.0.has_session_resumption", "true"),
 				resource.TestCheckResourceAttr(resourceName, "ssl_configuration.0.certificate_name.#", "0"),
 				resource.TestCheckResourceAttr(resourceName, "ssl_configuration.0.cipher_suite_name", "oci-default-ssl-cipher-suite-v1"),
 				resource.TestCheckResourceAttr(resourceName, "ssl_configuration.0.protocols.#", "1"),
diff --git a/internal/service/load_balancer/load_balancer_backend_set_resource.go b/internal/service/load_balancer/load_balancer_backend_set_resource.go
@@ -1122,6 +1122,10 @@ func SSLConfigurationToMap(obj *oci_load_balancer.SslConfiguration) map[string]i
 
 	result["server_order_preference"] = string(obj.ServerOrderPreference)
 
+	if obj.HasSessionResumption != nil {
+		result["has_session_resumption"] = bool(*obj.HasSessionResumption)
+	}
+
 	if obj.TrustedCertificateAuthorityIds != nil {
 		result["trusted_certificate_authority_ids"] = obj.TrustedCertificateAuthorityIds
 	}
diff --git a/internal/service/load_balancer/load_balancer_listener_resource.go b/internal/service/load_balancer/load_balancer_listener_resource.go
@@ -132,6 +132,11 @@ func LoadBalancerListenerResource() *schema.Resource {
 							Optional: true,
 							Computed: true,
 						},
+						"has_session_resumption": {
+							Type:     schema.TypeBool,
+							Optional: true,
+							Computed: true,
+						},
 						"protocols": {
 							Type:     schema.TypeList,
 							Optional: true,
@@ -715,6 +720,11 @@ func (s *LoadBalancerListenerResourceCrud) mapToSSLConfigurationDetails(fieldKey
 		result.ServerOrderPreference = oci_load_balancer.SslConfigurationDetailsServerOrderPreferenceEnum(serverOrderPreference.(string))
 	}
 
+	if hasSessionResumption, ok := s.D.GetOkExists(fmt.Sprintf(fieldKeyFormat, "has_session_resumption")); ok {
+		tmp := hasSessionResumption.(bool)
+		result.HasSessionResumption = &tmp
+	}
+
 	if trustedCertificateAuthorityIds, ok := s.D.GetOkExists(fmt.Sprintf(fieldKeyFormat, "trusted_certificate_authority_ids")); ok {
 		interfaces := trustedCertificateAuthorityIds.([]interface{})
 		tmp := make([]string, len(interfaces))
diff --git a/website/docs/r/load_balancer_listener.html.markdown b/website/docs/r/load_balancer_listener.html.markdown
@@ -38,6 +38,7 @@ resource "oci_load_balancer_listener" "test_listener" {
 	ssl_configuration {
         #Optional
 		certificate_name = oci_load_balancer_certificate.test_certificate.name
+		has_session_resumption = var.listener_ssl_configuration_has_session_resumption
 		certificate_ids = var.listener_ssl_configuration_certificate_ids
 		cipher_suite_name = var.listener_ssl_configuration_cipher_suite_name
 		protocols = var.listener_ssl_configuration_protocols
@@ -78,6 +79,7 @@ The following arguments are supported:
 	**Warning:** Oracle recommends that you avoid using any confidential information when you supply string values using the API. 
 	* `certificate_ids` - (Optional) (Updatable) Ids for Oracle Cloud Infrastructure certificates service certificates. Currently only a single Id may be passed.  Example: `[ocid1.certificate.oc1.us-ashburn-1.amaaaaaaav3bgsaa5o2q7rh5nfmkkukfkogasqhk6af2opufhjlqg7m6jqzq]` 
 	* `certificate_name` - (Optional) (Updatable) A friendly name for the certificate bundle. It must be unique and it cannot be changed. Valid certificate bundle names include only alphanumeric characters, dashes, and underscores. Certificate bundle names cannot contain spaces. Avoid entering confidential information.  Example: `example_certificate_bundle` 
+	* `has_session_resumption` - (Optional) (Updatable) Whether the load balancer listener should resume an encrypted session by reusing the cryptographic parameters of a previous TLS session, without having to perform a full handshake again. If "true", the service resumes the previous TLS encrypted session. If "false", the service starts a new TLS encrypted session. Enabling session resumption improves performance but provides a lower level of security. Disabling session resumption improves security but reduces performance.  Example: `true` 
 	* `cipher_suite_name` - (Optional) (Updatable) The name of the cipher suite to use for HTTPS or SSL connections.
 
 		If this field is not specified, the default is `oci-default-ssl-cipher-suite-v1`.

Original file line number	Diff line number	Diff line change
`@@ -461,6 +461,7 @@ resource "oci_load_balancer_listener" "lb-listener2" {`
`461`	`461`	`protocols = ["TLSv1.1", "TLSv1.2"]`
`462`	`462`	`server_order_preference = "ENABLED"`
`463`	`463`	`cipher_suite_name = oci_load_balancer_ssl_cipher_suite.test_ssl_cipher_suite.name`
	`464`	`+ has_session_resumption = true`
`464`	`465`	`}`
`465`	`466`	`}`
`466`	`467`
`@@ -492,6 +493,7 @@ resource "oci_load_balancer_listener" "lb-listener4" {`
`492`	`493`	`protocols = ["TLSv1.1", "TLSv1.2"]`
`493`	`494`	`server_order_preference = "ENABLED"`
`494`	`495`	`cipher_suite_name = oci_load_balancer_ssl_cipher_suite.test_ssl_cipher_suite3.name`
	`496`	`+ has_session_resumption = true`
`495`	`497`	`}`
`496`	`498`	`}`
`497`	`499`
Original file line number	Diff line number	Diff line change
`@@ -1122,6 +1122,10 @@ func SSLConfigurationToMap(obj *oci_load_balancer.SslConfiguration) map[string]i`
`1122`	`1122`
`1123`	`1123`	`result["server_order_preference"] = string(obj.ServerOrderPreference)`
`1124`	`1124`
	`1125`	`+ if obj.HasSessionResumption != nil {`
	`1126`	`+ result["has_session_resumption"] = bool(*obj.HasSessionResumption)`
	`1127`	`+ }`
	`1128`	`+`
`1125`	`1129`	`if obj.TrustedCertificateAuthorityIds != nil {`
`1126`	`1130`	`result["trusted_certificate_authority_ids"] = obj.TrustedCertificateAuthorityIds`
`1127`	`1131`	`}`