feat(lb): add ssl compatibility (#1439)

Author: yfodil

docs/resources/lb.md

@@ -110,10 +110,14 @@ The following arguments are supported:
 
 - `name` - (Optional) The name of the load-balancer.
 
+- `description` - (Optional) The description of the load-balancer.
+
 - `tags` - (Optional) The tags associated with the load-balancers.
 
 - `release_ip` - (Defaults to false) The release_ip allow release the ip address associated with the load-balancers.
 
+- `ssl_compatibility_level` - (Optional) Enforces minimal SSL version (in SSL/TLS offloading context). Please check [possible values](https://developers.scaleway.com/en/products/lb/zoned_api/#ssl-compatibility-level-442f99).
+
 - `zone` - (Defaults to [provider](../index.md#zone) `zone`) The [zone](../guides/regions_and_zones.md#zones) in which the IP should be reserved.
 
 - `project_id` - (Defaults to [provider](../index.md#project_id) `project_id`) The ID of the project the load-balancer is associated with.

scaleway/resource_lb.go

@@ -45,6 +45,11 @@ func resourceScalewayLb() *schema.Resource {
 				Computed:    true,
 				Description: "Name of the lb",
 			},
+			"description": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "The description of the lb",
+			},
 			"type": {
 				Type:             schema.TypeString,
 				Required:         true,
@@ -115,6 +120,18 @@ func resourceScalewayLb() *schema.Resource {
 					},
 				},
 			},
+			"ssl_compatibility_level": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "Enforces minimal SSL version (in SSL/TLS offloading context)",
+				Default:     lbSDK.SSLCompatibilityLevelSslCompatibilityLevelIntermediate.String(),
+				ValidateFunc: validation.StringInSlice([]string{
+					lbSDK.SSLCompatibilityLevelSslCompatibilityLevelUnknown.String(),
+					lbSDK.SSLCompatibilityLevelSslCompatibilityLevelIntermediate.String(),
+					lbSDK.SSLCompatibilityLevelSslCompatibilityLevelModern.String(),
+					lbSDK.SSLCompatibilityLevelSslCompatibilityLevelOld.String(),
+				}, false),
+			},
 			"region":          regionComputedSchema(),
 			"zone":            zoneSchema(),
 			"organization_id": organizationIDSchema(),
@@ -130,11 +147,13 @@ func resourceScalewayLbCreate(ctx context.Context, d *schema.ResourceData, meta
 	}
 
 	createReq := &lbSDK.ZonedAPICreateLBRequest{
-		Zone:      zone,
-		IPID:      expandStringPtr(expandID(d.Get("ip_id"))),
-		ProjectID: expandStringPtr(d.Get("project_id")),
-		Name:      expandOrGenerateString(d.Get("name"), "lb"),
-		Type:      d.Get("type").(string),
+		Zone:                  zone,
+		IPID:                  expandStringPtr(expandID(d.Get("ip_id"))),
+		ProjectID:             expandStringPtr(d.Get("project_id")),
+		Name:                  expandOrGenerateString(d.Get("name"), "lb"),
+		Description:           d.Get("description").(string),
+		Type:                  d.Get("type").(string),
+		SslCompatibilityLevel: lbSDK.SSLCompatibilityLevel(*expandStringPtr(d.Get("ssl_compatibility_level"))),
 	}
 
 	if raw, ok := d.GetOk("tags"); ok {
@@ -199,6 +218,7 @@ func resourceScalewayLbRead(ctx context.Context, d *schema.ResourceData, meta in
 
 	_ = d.Set("release_ip", false)
 	_ = d.Set("name", lb.Name)
+	_ = d.Set("description", lb.Description)
 	_ = d.Set("zone", lb.Zone.String())
 	_ = d.Set("region", region.String())
 	_ = d.Set("organization_id", lb.OrganizationID)
@@ -208,6 +228,7 @@ func resourceScalewayLbRead(ctx context.Context, d *schema.ResourceData, meta in
 	_ = d.Set("type", strings.ToUpper(lb.Type))
 	_ = d.Set("ip_id", newZonedIDString(zone, lb.IP[0].ID))
 	_ = d.Set("ip_address", lb.IP[0].IPAddress)
+	_ = d.Set("ssl_compatibility_level", lb.SslCompatibilityLevel.String())
 
 	// retrieve attached private networks
 	privateNetworks, err := waitForLBPN(ctx, lbAPI, zone, ID, d.Timeout(schema.TimeoutRead))
@@ -229,6 +250,41 @@ func resourceScalewayLbUpdate(ctx context.Context, d *schema.ResourceData, meta
 		return diag.FromErr(err)
 	}
 
+	req := &lbSDK.ZonedAPIUpdateLBRequest{
+		Zone: zone,
+		LBID: ID,
+	}
+
+	hasChanged := false
+
+	if d.HasChanges("name", "tags") {
+		req.Name = d.Get("name").(string)
+		req.Tags = expandStrings(d.Get("tags"))
+		hasChanged = true
+	}
+
+	if d.HasChange("description") {
+		req.Description = d.Get("description").(string)
+		hasChanged = true
+	}
+
+	if d.HasChange("ssl_compatibility_level") {
+		req.SslCompatibilityLevel = lbSDK.SSLCompatibilityLevel(*expandStringPtr(d.Get("ssl_compatibility_level")))
+		hasChanged = true
+	}
+
+	if hasChanged {
+		_, err = lbAPI.UpdateLB(req, scw.WithContext(ctx))
+		if err != nil && !is404Error(err) {
+			return diag.FromErr(err)
+		}
+
+		_, err = waitForLB(ctx, lbAPI, zone, ID, d.Timeout(schema.TimeoutUpdate))
+		if err != nil && !is404Error(err) {
+			return diag.FromErr(err)
+		}
+	}
+
 	if d.HasChange("type") {
 		lbType := d.Get("type").(string)
 		migrateReq := &lbSDK.ZonedAPIMigrateLBRequest{
@@ -248,28 +304,16 @@ func resourceScalewayLbUpdate(ctx context.Context, d *schema.ResourceData, meta
 		}
 	}
 
-	if d.HasChanges("name", "tags") {
-		req := &lbSDK.ZonedAPIUpdateLBRequest{
-			Zone: zone,
-			LBID: ID,
-			Name: d.Get("name").(string),
-			Tags: expandStrings(d.Get("tags")),
-		}
-
-		_, err = waitForLB(ctx, lbAPI, zone, ID, d.Timeout(schema.TimeoutUpdate))
-		if err != nil && !is404Error(err) {
-			return diag.FromErr(err)
-		}
-
-		_, err = lbAPI.UpdateLB(req, scw.WithContext(ctx))
-		if err != nil && !is404Error(err) {
-			return diag.FromErr(err)
-		}
-	}
 	////
 	// Attach / Detach Private Networks
 	////
 	if d.HasChange("private_network") {
+		// check current lb stability state
+		_, err = waitForLB(ctx, lbAPI, zone, ID, d.Timeout(schema.TimeoutUpdate))
+		if err != nil {
+			return diag.FromErr(err)
+		}
+
 		// check that pns are in a stable state
 		pns, err := waitForLBPN(ctx, lbAPI, zone, ID, d.Timeout(schema.TimeoutUpdate))
 		if err != nil && !is404Error(err) {

scaleway/resource_lb_test.go

@@ -61,6 +61,64 @@ func testSweepLB(_ string) error {
 	})
 }
 
+func TestAccScalewayLbLb_Basic(t *testing.T) {
+	tt := NewTestTools(t)
+	defer tt.Cleanup()
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:          func() { testAccPreCheck(t) },
+		ProviderFactories: tt.ProviderFactories,
+		CheckDestroy:      testAccCheckScalewayLbDestroy(tt),
+		Steps: []resource.TestStep{
+			{
+				Config: `
+					resource scaleway_lb_ip main {
+					}
+
+					resource scaleway_lb main {
+						ip_id = scaleway_lb_ip.main.id
+						name = "test-lb-basic"
+						description = "a description"
+						type = "LB-S"
+						tags = ["basic"]
+					}
+				`,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckScalewayLbExists(tt, "scaleway_lb.main"),
+					testCheckResourceAttrUUID("scaleway_lb.main", "id"),
+					resource.TestCheckResourceAttr("scaleway_lb.main", "name", "test-lb-basic"),
+					resource.TestCheckResourceAttr("scaleway_lb.main", "type", "LB-S"),
+					resource.TestCheckResourceAttr("scaleway_lb.main", "tags.#", "1"),
+					resource.TestCheckResourceAttr("scaleway_lb.main", "description", "a description"),
+					resource.TestCheckResourceAttr("scaleway_lb.main", "ssl_compatibility_level", lbSDK.SSLCompatibilityLevelSslCompatibilityLevelIntermediate.String()),
+				),
+			},
+			{
+				Config: `
+					resource scaleway_lb_ip main {
+					}
+
+					resource scaleway_lb main {
+						ip_id = scaleway_lb_ip.main.id
+						name = "test-lb-rename"
+						description = "another description"
+						type = "LB-S"
+						tags = ["basic", "tag2"]
+						ssl_compatibility_level = "ssl_compatibility_level_modern"
+					}
+				`,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckScalewayLbExists(tt, "scaleway_lb.main"),
+					testCheckResourceAttrUUID("scaleway_lb.main", "id"),
+					resource.TestCheckResourceAttr("scaleway_lb.main", "name", "test-lb-rename"),
+					resource.TestCheckResourceAttr("scaleway_lb.main", "tags.#", "2"),
+					resource.TestCheckResourceAttr("scaleway_lb.main", "description", "another description"),
+					resource.TestCheckResourceAttr("scaleway_lb.main", "ssl_compatibility_level", lbSDK.SSLCompatibilityLevelSslCompatibilityLevelModern.String()),
+				),
+			},
+		},
+	})
+}
+
 func TestAccScalewayLbLb_Migrate(t *testing.T) {
 	tt := NewTestTools(t)
 	defer tt.Cleanup()