Merge pull request #231 from kingsoftcloud/trunk

Trunk
kingsoftcloud · Oct 21, 2024 · b196863 · b196863
2 parents b850c13 + 44a7db6
commit b196863
Show file tree

Hide file tree

Showing 8 changed files with 197 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,11 @@
+## 1.17.1 (Oct 21, 2024)
+
+IMPROVEMENTS:
+
+- `ksyun_alb`: 新增`enable_hpa`字段，支持开启HPA、`delete_protection`字段，支持开启删除保护、`modification_protection`字段，支持开启修改保护、`enabled_quic`字段，支持开启QUIC.
+- `ksyun_alb`: 支持创建中阶版
+- `ksyun_alb_listener`: 新增`ca_enabled` `ca_certificate_id`开启双向验证，`enable_quic_upgrade`开启QUIC升级, `quic_listener_id` QUIC监听器ID
+
 ## 1.17.0(Oct 08, 2024)
 
 FEATURES:

diff --git a/go.mod b/go.mod
@@ -3,7 +3,7 @@ module github.com/terraform-providers/terraform-provider-ksyun
 go 1.17
 
 require (
-	github.com/KscSDK/ksc-sdk-go v0.5.0
+	github.com/KscSDK/ksc-sdk-go v0.6.0
 	github.com/aws/aws-sdk-go v1.25.3
 	github.com/client9/misspell v0.3.4
 	github.com/fatih/color v1.7.0

diff --git a/ksyun/resource_ksyun_alb.go b/ksyun/resource_ksyun_alb.go
@@ -81,8 +81,8 @@ func resourceKsyunAlb() *schema.Resource {
 				// Computed:     true,
 				Required:     true,
 				ForceNew:     true,
-				ValidateFunc: validation.StringInSlice([]string{"standard", "advanced"}, false),
-				Description:  "The version of the ALB. valid values:'standard', 'advanced'.",
+				ValidateFunc: validation.StringInSlice([]string{"standard", "medium", "advanced"}, false),
+				Description:  "The version of the ALB. valid values:'standard', 'medium', 'advanced'.",
 			},
 			"alb_type": {
 				Type: schema.TypeString,
@@ -139,6 +139,35 @@ func resourceKsyunAlb() *schema.Resource {
 				DiffSuppressFunc: albInternalDiffSuppressFunc,
 				Description:      "The private ip address. It not be empty, when 'alb_type' as '**internal**'.",
 			},
+			"enabled_quic": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				ForceNew:    true,
+				Description: "Enable quic.",
+			},
+
+			"enable_hpa": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Computed:    true,
+				Description: "Enable hpa.",
+			},
+
+			"delete_protection": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				Computed:     true,
+				ValidateFunc: validation.StringInSlice([]string{"off", "on"}, false),
+				Description:  "Whether delete protection is enabled or not. Values: `off` or `on`.",
+			},
+
+			"modification_protection": {
+				Type:         schema.TypeString,
+				Optional:     true,
+				Computed:     true,
+				ValidateFunc: validation.StringInSlice([]string{"off", "on"}, false),
+				Description:  "Whether modification protection is enabled or not. Values: `off` or `on`.",
+			},
 
 			"state": {
 				Type:        schema.TypeString,
@@ -217,6 +246,7 @@ func resourceKsyunAlbCreate(d *schema.ResourceData, meta interface{}) (err error
 	}
 	return resourceKsyunAlbRead(d, meta)
 }
+
 func resourceKsyunAlbRead(d *schema.ResourceData, meta interface{}) (err error) {
 	s := AlbService{meta.(*KsyunClient)}
 	err = s.ReadAndSetAlb(d, resourceKsyunAlb())
@@ -225,6 +255,7 @@ func resourceKsyunAlbRead(d *schema.ResourceData, meta interface{}) (err error)
 	}
 	return
 }
+
 func resourceKsyunAlbUpdate(d *schema.ResourceData, meta interface{}) (err error) {
 	s := AlbService{meta.(*KsyunClient)}
 	err = s.ModifyAlb(d, resourceKsyunAlb())
@@ -233,8 +264,12 @@ func resourceKsyunAlbUpdate(d *schema.ResourceData, meta interface{}) (err error
 	}
 	return resourceKsyunAlbRead(d, meta)
 }
+
 func resourceKsyunAlbDelete(d *schema.ResourceData, meta interface{}) (err error) {
 	s := AlbService{meta.(*KsyunClient)}
+	if d.Get("delete_protection") == "on" {
+		return fmt.Errorf("ALB %q is protected from deletion, if you want to delete it to set `delete_protection` as off", d.Id())
+	}
 	err = s.RemoveAlb(d)
 	if err != nil {
 		return fmt.Errorf("error on deleting ALB %q, %s", d.Id(), err)

diff --git a/ksyun/resource_ksyun_alb_listener.go b/ksyun/resource_ksyun_alb_listener.go
@@ -313,6 +313,31 @@ func resourceKsyunAlbListener() *schema.Resource {
 				Description: "The custom configure for listener. [The details](https://docs.ksyun.com/documents/42615?type=3).",
 			},
 
+			"ca_certificate_id": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Description: "The ID of Client's CA certificate.",
+			},
+
+			"ca_enabled": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Description: "Whether enable to CA certificate.",
+			},
+
+			"quic_listener_id": {
+				Type:        schema.TypeString,
+				Optional:    true,
+				Computed:    true,
+				Description: "The ID of QUIC listener.",
+			},
+
+			"enable_quic_upgrade": {
+				Type:        schema.TypeBool,
+				Optional:    true,
+				Description: "Whether enable to QUIC upgrade.",
+			},
+
 			// computed values
 			"alb_listener_id": {
 				Type:        schema.TypeString,

diff --git a/ksyun/service_ksyun_alb.go b/ksyun/service_ksyun_alb.go
@@ -176,6 +176,50 @@ func (alb *AlbService) modifyAccessLogCall(d *schema.ResourceData, r *schema.Res
 	return callback, err
 }
 
+func (alb *AlbService) setAlbDeleteProtectionCall(d *schema.ResourceData, r *schema.Resource) (callback ApiCall, err error) {
+	req := map[string]interface{}{}
+
+	callback = ApiCall{
+		param:  &req,
+		action: "SetAlbDeleteProtection",
+		executeCall: func(d *schema.ResourceData, client *KsyunClient, call ApiCall) (resp *map[string]interface{}, err error) {
+			req["AlbId"] = d.Id()
+			req["DeleteProtection"] = d.Get("delete_protection")
+			conn := client.slbconn
+			logger.Debug(logger.RespFormat, call.action, *(call.param))
+			resp, err = conn.SetAlbDeleteProtection(call.param)
+			return resp, err
+		},
+		afterCall: func(d *schema.ResourceData, client *KsyunClient, resp *map[string]interface{}, call ApiCall) (err error) {
+			logger.Debug(logger.RespFormat, call.action, *(call.param), *resp)
+			return err
+		},
+	}
+	return callback, err
+}
+
+func (alb *AlbService) setAlbModificationProtectionCall(d *schema.ResourceData, r *schema.Resource) (callback ApiCall, err error) {
+	req := map[string]interface{}{}
+
+	callback = ApiCall{
+		param:  &req,
+		action: "SetAlbModificationProtection",
+		executeCall: func(d *schema.ResourceData, client *KsyunClient, call ApiCall) (resp *map[string]interface{}, err error) {
+			req["AlbId"] = d.Id()
+			req["ModificationProtection"] = d.Get("modification_protection")
+			conn := client.slbconn
+			logger.Debug(logger.RespFormat, call.action, *(call.param))
+			resp, err = conn.SetAlbModificationProtection(call.param)
+			return resp, err
+		},
+		afterCall: func(d *schema.ResourceData, client *KsyunClient, resp *map[string]interface{}, call ApiCall) (err error) {
+			logger.Debug(logger.RespFormat, call.action, *(call.param), *resp)
+			return err
+		},
+	}
+	return callback, err
+}
+
 func (alb *AlbService) modifyAccessLogInfo(d *schema.ResourceData, r *schema.Resource) (callback ApiCall, err error) {
 	req := map[string]interface{}{}
 
@@ -238,6 +282,30 @@ func (alb *AlbService) ModifyAlb(d *schema.ResourceData, r *schema.Resource) (er
 		calls = append(calls, modifyEnabledLogCall)
 	}
 
+	if d.HasChange("delete_protection") {
+		modifyDeleteProtectionCall, err := alb.setAlbDeleteProtectionCall(d, r)
+		if err != nil {
+			return err
+		}
+		calls = append(calls, modifyDeleteProtectionCall)
+	}
+
+	if d.HasChange("modification_protection") {
+		modifyModificationProtectionCall, err := alb.setAlbModificationProtectionCall(d, r)
+		if err != nil {
+			return err
+		}
+		calls = append(calls, modifyModificationProtectionCall)
+	}
+
+	if d.HasChanges("alb_version", "enable_hpa") {
+		modifyAlbCall, err := alb.modifyAlbCall(d, r)
+		if err != nil {
+			return err
+		}
+		calls = append(calls, modifyAlbCall)
+	}
+
 	// tagService := TagService{s.client}
 	// tagCall, err := tagService.ReplaceResourcesTagsWithResourceCall(d, r, "eip", true, false)
 	// if err != nil {
@@ -366,7 +434,11 @@ func (alb *AlbService) ReadAndSetAlb(d *schema.ResourceData, r *schema.Resource)
 				return resource.NonRetryableError(fmt.Errorf("error on reading ALB %q, %s", d.Id(), callErr))
 			}
 		} else {
-			SdkResponseAutoResourceData(d, r, data, chargeExtraForVpc(data))
+			extra := chargeExtraForVpc(data)
+			extra["ModifyProtection"] = SdkResponseMapping{
+				Field: "modification_protection",
+			}
+			SdkResponseAutoResourceData(d, r, data, extra)
 			return nil
 		}
 	})
@@ -466,6 +538,39 @@ func (alb *AlbService) CreateAlb(d *schema.ResourceData, r *schema.Resource) (er
 	return ksyunApiCallNew(calls, d, alb.client, true)
 }
 
+func (alb *AlbService) modifyAlbCall(d *schema.ResourceData, r *schema.Resource) (callback ApiCall, err error) {
+	transform := map[string]SdkReqTransform{
+		"alb_version": {},
+		"enable_hpa":  {},
+	}
+	req, err := SdkRequestAutoMapping(d, r, false, transform, nil, SdkReqParameter{
+		onlyTransform: true,
+	})
+	if err != nil {
+		return callback, err
+	}
+	if len(req) > 0 {
+		req["AlbId"] = d.Id()
+
+		callback = ApiCall{
+			param:  &req,
+			action: "ModifyAlb",
+			executeCall: func(d *schema.ResourceData, client *KsyunClient, call ApiCall) (resp *map[string]interface{}, err error) {
+				conn := client.slbconn
+				logger.Debug(logger.RespFormat, call.action, *(call.param))
+
+				resp, err = conn.ModifyAlb(call.param)
+				return resp, err
+			},
+			afterCall: func(d *schema.ResourceData, client *KsyunClient, resp *map[string]interface{}, call ApiCall) (err error) {
+				logger.Debug(logger.RespFormat, call.action, *(call.param), *resp)
+				return
+			},
+		}
+	}
+	return
+}
+
 func (alb *AlbService) CreateAlbBackendServerGroup(d *schema.ResourceData, r *schema.Resource) error {
 	apiProcess := NewApiProcess(context.Background(), d, alb.client, true)
 

diff --git a/ksyun/service_ksyun_alb_listener.go b/ksyun/service_ksyun_alb_listener.go
@@ -264,6 +264,17 @@ func (s *AlbListenerService) modifyListenerCall(d *schema.ResourceData, r *schem
 			Ignore: true,
 		},
 	}
+	if d.HasChange("ca_enabled") {
+		transform["ca_certificate_id"] = SdkReqTransform{
+			mapping:          "CaCertificateId",
+			forceUpdateParam: true,
+		}
+	}
+	if d.HasChange("enable_quic_upgrade") {
+		transform["quic_listener_id"] = SdkReqTransform{
+			forceUpdateParam: true,
+		}
+	}
 	req, err := SdkRequestAutoMapping(d, r, true, transform, nil, SdkReqParameter{
 		onlyTransform: false,
 	})

diff --git a/website/docs/r/alb.html.markdown b/website/docs/r/alb.html.markdown
@@ -56,13 +56,17 @@ resource "ksyun_eip_associate" "eip_bind" {
 The following arguments are supported:
 
 * `alb_type` - (Required, ForceNew) The type of the ALB, valid values:'public', 'internal'.
-* `alb_version` - (Required, ForceNew) The version of the ALB. valid values:'standard', 'advanced'.
+* `alb_version` - (Required, ForceNew) The version of the ALB. valid values:'standard', 'medium', 'advanced'.
 * `charge_type` - (Required, ForceNew) The charge type, valid values: 'PrePaidByHourUsage'.
 * `vpc_id` - (Required, ForceNew) The ID of the VPC.
 * `alb_name` - (Optional) The name of the ALB.
+* `delete_protection` - (Optional) Whether delete protection is enabled or not. Values: `off` or `on`.
+* `enable_hpa` - (Optional) Enable hpa.
 * `enabled_log` - (Optional) Whether log is enabled or not. Specific `klog_info` field when `enabled_log` is true.
+* `enabled_quic` - (Optional, ForceNew) Enable quic.
 * `ip_version` - (Optional, ForceNew) IP version, 'ipv4' or 'ipv6'.
 * `klog_info` - (Optional) Indicate klog info, including log-project-name and log-pool-name, that use to bind log service for this alb process.
+* `modification_protection` - (Optional) Whether modification protection is enabled or not. Values: `off` or `on`.
 * `private_ip_address` - (Optional, ForceNew) The private ip address. It not be empty, when 'alb_type' as '**internal**'.
 * `project_id` - (Optional) The ID of the project.
 * `state` - (Optional) The state of the ALB, Valid Values:'start', 'stop'.

diff --git a/website/docs/r/alb_listener.html.markdown b/website/docs/r/alb_listener.html.markdown
@@ -101,12 +101,16 @@ The following arguments are supported:
 * `protocol` - (Required, ForceNew) The protocol of listener. Valid Values: 'HTTP', 'HTTPS'.
 * `alb_listener_name` - (Optional) The name of the listener.
 * `alb_listener_state` - (Optional) The state of listener.Valid Values:'start', 'stop'.
+* `ca_certificate_id` - (Optional) The ID of Client's CA certificate.
+* `ca_enabled` - (Optional) Whether enable to CA certificate.
 * `certificate_id` - (Optional) The ID of certificate.
 * `config_content` - (Optional) The custom configure for listener. [The details](https://docs.ksyun.com/documents/42615?type=3).
 * `default_forward_rule` - (Optional) The default forward rule group.
 * `enable_http2` - (Optional) whether enable to HTTP2.
+* `enable_quic_upgrade` - (Optional) Whether enable to QUIC upgrade.
 * `http_protocol` - (Optional, **Deprecated**) This field will be removed soon. Please use 'enable_http2' instead to choose a protocol. Backend Protocol, valid values:'HTTP1.0','HTTP1.1'.
 * `method` - (Optional) Forwarding mode of listener. Valid Values:'RoundRobin', 'LeastConnections'.
+* `quic_listener_id` - (Optional) The ID of QUIC listener.
 * `redirect_alb_listener_id` - (Optional, **Deprecated**) This parameter is moved to 'default_forward_rule' block. The ID of the redirect ALB listener.
 * `session` - (Optional) Whether keeps session. Specific `session` block, if keeps session.
 * `tls_cipher_policy` - (Optional) TLS cipher policy, valid values:'TlsCipherPolicy1.0','TlsCipherPolicy1.1','TlsCipherPolicy1.2','TlsCipherPolicy1.2-strict','TlsCipherPolicy1.2-most-strict-with1.3'.