diff --git a/docs/resources/edge_services_cache_stage.md b/docs/resources/edge_services_cache_stage.md index 3aee5f9561..a44a7cb356 100644 --- a/docs/resources/edge_services_cache_stage.md +++ b/docs/resources/edge_services_cache_stage.md @@ -35,7 +35,9 @@ resource "scaleway_edge_services_cache_stage" "main" { ## Argument Reference - `pipeline_id` - (Required) The ID of the pipeline. -- `backend_stage_id` - (Optional) The backend stage ID the cache stage will be linked to. +- `backend_stage_id` - (Optional) The backend stage ID the cache stage will be linked to. Only one of `backend_stage_id`, `route_stage_id` and `waf_stage_id` should be specified. +- `route_stage_id` - (Optional) The route stage ID the cache stage will be linked to. Only one of `backend_stage_id`, `route_stage_id` and `waf_stage_id` should be specified. +- `waf_stage_id` - (Optional) The WAF stage ID the cache stage will be linked to. Only one of `backend_stage_id`, `route_stage_id` and `waf_stage_id` should be specified. - `fallback_ttl` - (Optional) The Time To Live (TTL) in seconds. Defines how long content is cached. - `refresh_cache` - (Optional) Trigger a refresh of the cache by changing this field's value. - `purge_requests` - (Optional) The Scaleway Object Storage origin bucket (S3) linked to the backend stage. diff --git a/docs/resources/edge_services_dns_stage.md b/docs/resources/edge_services_dns_stage.md index 213ff75f5b..bda3143fbe 100644 --- a/docs/resources/edge_services_dns_stage.md +++ b/docs/resources/edge_services_dns_stage.md @@ -21,9 +21,9 @@ resource "scaleway_edge_services_dns_stage" "main" { ## Argument Reference - `pipeline_id` - (Required) The ID of the pipeline. -- `backend_stage_id` - (Optional) The backend stage ID the DNS stage will be linked to. -- `tls_stage_id` - (Optional) The TLS stage ID the DNS stage will be linked to. -- `cache_stage_id` - (Optional) The cache stage ID the DNS stage will be linked to. +- `backend_stage_id` - (Optional) The backend stage ID the DNS stage will be linked to. Only one of `backend_stage_id`, `cache_stage_id` and `tls_stage_id` should be specified. +- `tls_stage_id` - (Optional) The TLS stage ID the DNS stage will be linked to. Only one of `backend_stage_id`, `cache_stage_id` and `tls_stage_id` should be specified. +- `cache_stage_id` - (Optional) The cache stage ID the DNS stage will be linked to. Only one of `backend_stage_id`, `cache_stage_id` and `tls_stage_id` should be specified. - `fqdns` - (Optional) Fully Qualified Domain Name (in the format subdomain.example.com) to attach to the stage. - `project_id` - (Defaults to [provider](../index.md#project_id) `project_id`) The ID of the project the DNS stage is associated with. diff --git a/docs/resources/edge_services_pipeline.md b/docs/resources/edge_services_pipeline.md index 79a589d092..82b666fd6f 100644 --- a/docs/resources/edge_services_pipeline.md +++ b/docs/resources/edge_services_pipeline.md @@ -26,12 +26,10 @@ resource "scaleway_edge_services_pipeline" "main" { description = "pipeline description" } -resource "scaleway_edge_services_backend_stage" "main" { - pipeline_id = scaleway_edge_services_pipeline.main.id - s3_backend_config { - bucket_name = "my-bucket-name" - bucket_region = "fr-par" - } +resource "scaleway_edge_services_dns_stage" "main" { + pipeline_id = scaleway_edge_services_pipeline.main.id + tls_stage_id = scaleway_edge_services_tls_stage.main.id + fqdns = ["subdomain.example.com"] } resource "scaleway_edge_services_tls_stage" "main" { @@ -40,20 +38,45 @@ resource "scaleway_edge_services_tls_stage" "main" { managed_certificate = true } -resource "scaleway_edge_services_dns_stage" "main" { - pipeline_id = scaleway_edge_services_pipeline.main.id - tls_stage_id = scaleway_edge_services_tls_stage.main.id - fqdns = ["subdomain.example.com"] +resource "scaleway_edge_services_cache_stage" "main" { + pipeline_id = scaleway_edge_services_pipeline.main.id + route_stage_id = scaleway_edge_services_route_stage.main.id } -resource "scaleway_edge_services_head_stage" "main" { +resource "scaleway_edge_services_route_stage" "main" { pipeline_id = scaleway_edge_services_pipeline.main.id - head_stage_id = scaleway_edge_services_dns_stage.main.id + waf_stage_id = scaleway_edge_services_waf_stage.main.id + + rule { + backend_stage_id = scaleway_edge_services_backend_stage.main.id + rule_http_match { + method_filters = ["get", "post"] + path_filter { + path_filter_type = "regex" + value = ".*" + } + } + } } -resource "scaleway_edge_services_cache_stage" "main" { +resource "scaleway_edge_services_waf_stage" "main" { pipeline_id = scaleway_edge_services_pipeline.main.id backend_stage_id = scaleway_edge_services_backend_stage.main.id + mode = "enable" + paranoia_level = 3 +} + +resource "scaleway_edge_services_backend_stage" "main" { + pipeline_id = scaleway_edge_services_pipeline.main.id + s3_backend_config { + bucket_name = "my-bucket-name" + bucket_region = "fr-par" + } +} + +resource "scaleway_edge_services_head_stage" "main" { + pipeline_id = scaleway_edge_services_pipeline.main.id + head_stage_id = scaleway_edge_services_dns_stage.main.id } ``` diff --git a/docs/resources/edge_services_tls_stage.md b/docs/resources/edge_services_tls_stage.md index 32d0d4d560..3eddbb92de 100644 --- a/docs/resources/edge_services_tls_stage.md +++ b/docs/resources/edge_services_tls_stage.md @@ -33,8 +33,10 @@ resource "scaleway_edge_services_tls_stage" "main" { ## Argument Reference - `pipeline_id` - (Required) The ID of the pipeline. -- `backend_stage_id` - (Optional) The backend stage ID the TLS stage will be linked to. -- `cache_stage_id` - (Optional) The cache stage ID the TLS stage will be linked to. +- `backend_stage_id` - (Optional) The backend stage ID the TLS stage will be linked to. Only one of `backend_stage_id`, `cache_stage_id`, `route_stage_id` and `waf_stage_id` should be specified. +- `cache_stage_id` - (Optional) The cache stage ID the TLS stage will be linked to. Only one of `backend_stage_id`, `cache_stage_id`, `route_stage_id` and `waf_stage_id` should be specified. +- `route_stage_id` - (Optional) The route stage ID the TLS stage will be linked to. Only one of `backend_stage_id`, `cache_stage_id`, `route_stage_id` and `waf_stage_id` should be specified. +- `waf_stage_id` - (Optional) The WAF stage ID the TLS stage will be linked to. Only one of `backend_stage_id`, `cache_stage_id`, `route_stage_id` and `waf_stage_id` should be specified. - `managed_certificate` - (Optional) Set to true when Scaleway generates and manages a Let's Encrypt certificate for the TLS stage/custom endpoint. - `secrets` - (Optional) The TLS secrets. - `bucket_name` - The ID of the secret. diff --git a/internal/services/container/container_test.go b/internal/services/container/container_test.go index 3fb1cdaadd..5436f6d168 100644 --- a/internal/services/container/container_test.go +++ b/internal/services/container/container_test.go @@ -575,7 +575,7 @@ func isContainerPresent(tt *acctest.TestTools, n string) resource.TestCheckFunc func isContainerDestroyed(tt *acctest.TestTools) resource.TestCheckFunc { return func(state *terraform.State) error { for _, rs := range state.RootModule().Resources { - if rs.Type != "scaleway_container_namespace" { //nolint:goconst + if rs.Type != containerNamespaceResource { continue } diff --git a/internal/services/container/namespace_test.go b/internal/services/container/namespace_test.go index f9d052ac9f..bb8e099c38 100644 --- a/internal/services/container/namespace_test.go +++ b/internal/services/container/namespace_test.go @@ -14,6 +14,8 @@ import ( "github.com/scaleway/terraform-provider-scaleway/v2/internal/services/registry" ) +const containerNamespaceResource = "scaleway_container_namespace" + func TestAccNamespace_Basic(t *testing.T) { tt := acctest.NewTestTools(t) defer tt.Cleanup() @@ -313,7 +315,7 @@ func isNamespacePresent(tt *acctest.TestTools, n string) resource.TestCheckFunc func isNamespaceDestroyed(tt *acctest.TestTools) resource.TestCheckFunc { return func(state *terraform.State) error { for _, rs := range state.RootModule().Resources { - if rs.Type != "scaleway_container_namespace" { + if rs.Type != containerNamespaceResource { continue } @@ -343,7 +345,7 @@ func isNamespaceDestroyed(tt *acctest.TestTools) resource.TestCheckFunc { func isRegistryDestroyed(tt *acctest.TestTools) resource.TestCheckFunc { return func(state *terraform.State) error { for _, rs := range state.RootModule().Resources { - if rs.Type != "scaleway_container_namespace" { + if rs.Type != containerNamespaceResource { continue } diff --git a/internal/services/edgeservices/cache_stage.go b/internal/services/edgeservices/cache_stage.go index 3a461539ad..14c90137a8 100644 --- a/internal/services/edgeservices/cache_stage.go +++ b/internal/services/edgeservices/cache_stage.go @@ -29,10 +29,25 @@ func ResourceCacheStage() *schema.Resource { Description: "The ID of the pipeline", }, "backend_stage_id": { - Type: schema.TypeString, - Optional: true, - Computed: true, - Description: "The backend stage ID the cache stage will be linked to", + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "The backend stage ID the cache stage will be linked to", + ConflictsWith: []string{"waf_stage_id", "route_stage_id"}, + }, + "waf_stage_id": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "The WAF stage ID the cache stage will be linked to", + ConflictsWith: []string{"backend_stage_id", "route_stage_id"}, + }, + "route_stage_id": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "The route stage ID the cache stage will be linked to", + ConflictsWith: []string{"backend_stage_id", "waf_stage_id"}, }, "fallback_ttl": { Type: schema.TypeInt, @@ -92,6 +107,8 @@ func ResourceCacheStageCreate(ctx context.Context, d *schema.ResourceData, m int cacheStage, err := api.CreateCacheStage(&edgeservices.CreateCacheStageRequest{ PipelineID: d.Get("pipeline_id").(string), BackendStageID: types.ExpandStringPtr(d.Get("backend_stage_id").(string)), + RouteStageID: types.ExpandStringPtr(d.Get("route_stage_id").(string)), + WafStageID: types.ExpandStringPtr(d.Get("waf_stage_id").(string)), FallbackTTL: &scw.Duration{Seconds: int64(d.Get("fallback_ttl").(int))}, }, scw.WithContext(ctx)) if err != nil { @@ -123,6 +140,8 @@ func ResourceCacheStageRead(ctx context.Context, d *schema.ResourceData, m inter _ = d.Set("created_at", types.FlattenTime(cacheStage.CreatedAt)) _ = d.Set("updated_at", types.FlattenTime(cacheStage.UpdatedAt)) _ = d.Set("backend_stage_id", types.FlattenStringPtr(cacheStage.BackendStageID)) + _ = d.Set("route_stage_id", types.FlattenStringPtr(cacheStage.RouteStageID)) + _ = d.Set("waf_stage_id", types.FlattenStringPtr(cacheStage.WafStageID)) _ = d.Set("fallback_ttl", cacheStage.FallbackTTL.Seconds) return nil @@ -142,6 +161,16 @@ func ResourceCacheStageUpdate(ctx context.Context, d *schema.ResourceData, m int hasChanged = true } + if d.HasChange("route_stage_id") { + updateRequest.RouteStageID = types.ExpandUpdatedStringPtr(d.Get("route_stage_id")) + hasChanged = true + } + + if d.HasChange("waf_stage_id") { + updateRequest.WafStageID = types.ExpandUpdatedStringPtr(d.Get("waf_stage_id")) + hasChanged = true + } + if d.HasChange("fallback_ttl") { updateRequest.FallbackTTL = &scw.Duration{Seconds: int64(d.Get("fallback_ttl").(int))} hasChanged = true diff --git a/internal/services/edgeservices/dns_stage.go b/internal/services/edgeservices/dns_stage.go index 109d2629bf..b3017837ba 100644 --- a/internal/services/edgeservices/dns_stage.go +++ b/internal/services/edgeservices/dns_stage.go @@ -29,22 +29,25 @@ func ResourceDNSStage() *schema.Resource { Description: "The ID of the pipeline", }, "backend_stage_id": { - Type: schema.TypeString, - Optional: true, - Computed: true, - Description: "The backend stage ID the DNS stage will be linked to", + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "The backend stage ID the DNS stage will be linked to", + ConflictsWith: []string{"cache_stage_id", "tls_stage_id"}, }, "tls_stage_id": { - Type: schema.TypeString, - Optional: true, - Computed: true, - Description: "The TLS stage ID the DNS stage will be linked to", + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "The TLS stage ID the DNS stage will be linked to", + ConflictsWith: []string{"cache_stage_id", "backend_stage_id"}, }, "cache_stage_id": { - Type: schema.TypeString, - Optional: true, - Computed: true, - Description: "The cache stage ID the DNS stage will be linked to", + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "The cache stage ID the DNS stage will be linked to", + ConflictsWith: []string{"backend_stage_id", "tls_stage_id"}, }, "fqdns": { Type: schema.TypeList, diff --git a/internal/services/edgeservices/tls_stage.go b/internal/services/edgeservices/tls_stage.go index c25cfe2fe1..c317263b13 100644 --- a/internal/services/edgeservices/tls_stage.go +++ b/internal/services/edgeservices/tls_stage.go @@ -30,16 +30,32 @@ func ResourceTLSStage() *schema.Resource { Description: "The ID of the pipeline", }, "backend_stage_id": { - Type: schema.TypeString, - Optional: true, - Computed: true, - Description: "The backend stage ID the TLS stage will be linked to", + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "The backend stage ID the TLS stage will be linked to", + ConflictsWith: []string{"cache_stage_id", "route_stage_id", "waf_stage_id"}, }, "cache_stage_id": { - Type: schema.TypeString, - Optional: true, - Computed: true, - Description: "The cache stage ID the TLS stage will be linked to", + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "The cache stage ID the TLS stage will be linked to", + ConflictsWith: []string{"backend_stage_id", "route_stage_id", "waf_stage_id"}, + }, + "waf_stage_id": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "The WAF stage ID the TLS stage will be linked to", + ConflictsWith: []string{"backend_stage_id", "cache_stage_id", "route_stage_id"}, + }, + "route_stage_id": { + Type: schema.TypeString, + Optional: true, + Computed: true, + Description: "The route stage ID the TLS stage will be linked to", + ConflictsWith: []string{"backend_stage_id", "cache_stage_id", "waf_stage_id"}, }, "managed_certificate": { Type: schema.TypeBool, @@ -94,6 +110,8 @@ func ResourceTLSStageCreate(ctx context.Context, d *schema.ResourceData, m inter PipelineID: d.Get("pipeline_id").(string), BackendStageID: types.ExpandStringPtr(d.Get("backend_stage_id").(string)), CacheStageID: types.ExpandStringPtr(d.Get("cache_stage_id").(string)), + RouteStageID: types.ExpandStringPtr(d.Get("route_stage_id").(string)), + WafStageID: types.ExpandStringPtr(d.Get("waf_stage_id").(string)), ManagedCertificate: types.ExpandBoolPtr(d.Get("managed_certificate").(bool)), Secrets: expandTLSSecrets(d.Get("secrets"), region), }, scw.WithContext(ctx)) @@ -124,6 +142,8 @@ func ResourceTLSStageRead(ctx context.Context, d *schema.ResourceData, m interfa _ = d.Set("backend_stage_id", types.FlattenStringPtr(tlsStage.BackendStageID)) _ = d.Set("cache_stage_id", types.FlattenStringPtr(tlsStage.CacheStageID)) + _ = d.Set("route_stage_id", types.FlattenStringPtr(tlsStage.RouteStageID)) + _ = d.Set("waf_stage_id", types.FlattenStringPtr(tlsStage.WafStageID)) _ = d.Set("pipeline_id", tlsStage.PipelineID) _ = d.Set("managed_certificate", tlsStage.ManagedCertificate) _ = d.Set("secrets", flattenTLSSecrets(tlsStage.Secrets)) @@ -156,6 +176,16 @@ func ResourceTLSStageUpdate(ctx context.Context, d *schema.ResourceData, m inter hasChanged = true } + if d.HasChange("route_stage_id") { + updateRequest.RouteStageID = types.ExpandUpdatedStringPtr(d.Get("route_stage_id")) + hasChanged = true + } + + if d.HasChange("waf_stage_id") { + updateRequest.WafStageID = types.ExpandUpdatedStringPtr(d.Get("waf_stage_id")) + hasChanged = true + } + if d.HasChange("managed_certificate") { updateRequest.ManagedCertificate = types.ExpandBoolPtr(d.Get("managed_certificate")) hasChanged = true